8000 Optimized startup fails from `kc.spi-connections-http-client-default-expect-continue-enabled` passed at runtime · Issue #39063 · keycloak/keycloak · GitHub 10000
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
Optimized startup fails from kc.spi-connections-http-client-default-expect-continue-enabled passed at runtime #39063
New issue
New issue
Closed
Closed
Optimized startup fails from kc.spi-connections-http-client-default-expect-continue-enabled passed at runtime#39063
#40735 (+3)
Assignees
shawkins
Labels
area/dist/quarkuskind/bugCategorizes a PR related to a bugpriority/importantMust be worked on very soonrelease/26.3.0team/cloud-native
@kherock

Description

@kherock
kherock
opened on Apr 17, 2025

Before reporting an issue

  • I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

Area

core

Describe the bug

Upgrading from Keycloak 24 to 26.0.10 (Red Hat build), I notice that it no longer starts successfully with optimized startup, due to passing the expect-continue-enabled option.

Version

26.0.10

Regression

  • The issue is a regression

Expected behavior

Keycloak starts up successfully, and the DefaultHttpClientFactory determines the desired value for expect-continue-enabled at runtime.

Actual behavior

Keycloak starts up with an error:

The following build time options have values that differ from what is persisted - the new values will NOT be used until another build is run: kc.spi-connections-http-client-default-expect-continue-enabled

How to Reproduce?

  1. Create an optimized Keycloak image
  2. start the server in production mode, passing both --optimized and --spi-connections-http-client-default-expect-continue-enabled=true

Anything else?

I'm not familiar with how Keycloak determines build-time options to persist, but it seems strange to me that this is the only connections SPI option that is flagged, since there are others like socket-timeout-millis that I pass. I did notice that the option is absent in the factory's getConfigMetadata() method:

keycloak/services/src/main/java/org/keycloak/connections/httpclient/DefaultHttpClientFactory.java

Lines 261 to 344 in 4ae7d60

public List<ProviderConfigProperty> getConfigMetadata() {
return ProviderConfigurationBuilder.create()
.property()
.name("socket-timeout-millis")
.type("long")
.helpText("Socket inactivity timeout.")
.defaultValue(5000L)
.add()
.property()
.name("establish-connection-timeout-millis")
.type("long")
.helpText("When trying to make an initial socket connection, what is the timeout?")
.defaultValue(-1L)
.add()
.property()
.name("max-pooled-per-route")
.type("int")
.helpText("Assigns maximum connection per route value.")
.defaultValue(64)
.add()
.property()
.name("connection-pool-size")
.type("int")
.helpText("Assigns maximum total connection value.")
.add()
.property()
.name("connection-ttl-millis")
.type("long")
.helpText("Sets maximum time, in milliseconds, to live for persistent connections.")
.defaultValue(-1L)
.add()
.property()
.name("reuse-connections")
.type("boolean")
.helpText("If connections should be reused.")
.defaultValue(true)
.add()
.property()
.name("max-connection-idle-time-millis")
.type("long")
.helpText("Sets the time, in milliseconds, for evicting idle connections from the pool.")
.defaultValue(900000)
.add()
.property()
.name("disable-cookies")
.type("boolean")
.helpText("Disables state (cookie) management.")
.defaultValue(true)
.add()
.property()
.name("client-keystore")
.type("string")
.helpText("The file path of the key store from where the key material is going to be read from to set-up TLS connections.")
.add()
.property()
.name("client-keystore-password")
.type("string")
.helpText("The key store password.")
.add()
.property()
.name("client-key-password")
.type("string")
.helpText("The key password.")
.defaultValue(-1L)
.add()
.property()
.name("disable-trust-manager")
.type("boolean")
.helpText("Disable trust management and hostname verification. NOTE this is a security hole, so only set this option if you cannot or do not want to verify the identity of the host you are communicating with.")
.defaultValue(false)
.add()
.property()
.name("proxy-mappings")
.type("string")
.helpText("Denotes the combination of a regex based hostname pattern and a proxy-uri in the form of hostnamePattern;proxyUri.")
.add()
.property()
.name(MAX_CONSUMED_RESPONSE_SIZE)
.type("long")
.helpText("Maximum size of a response consumed by the client (to prevent denial of service)")
.defaultValue(HttpClientProvider.DEFAULT_MAX_CONSUMED_RESPONSE_SIZE)
.add()
.build();
}

Metadata

Metadata

Assignees

Labels

area/dist/quarkuskind/bugCategorizes a PR related to a bugpriority/importantMust be worked on very soonrelease/26.3.0team/cloud-native

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions
    0