[KEYCLOAK-16497] - AuthzClient.create() fails when env variables are used in auth-server-url

authz/client/src/main/java/org/keycloak/authorization/client/AuthzClient.java

@@ -23,6 +23,8 @@ import java.io.IOException;
 import java.io.InputStream;
 import java.util.Objects;
 
+import com.fasterxml.jackson.annotation.JsonInclude;
+import com.fasterxml.jackson.databind.ObjectMapper;
 import org.keycloak.authorization.client.representation.ServerConfiguration;
 import org.keycloak.authorization.client.resource.AuthorizationResource;
 import org.keycloak.authorization.client.resource.ProtectionResource;
@@ -30,7 +32,7 @@ import org.keycloak.authorization.client.util.Http;
 import org.keycloak.authorization.client.util.TokenCallable;
 import org.keycloak.common.util.KeycloakUriBuilder;
 import org.keycloak.representations.AccessTokenResponse;
-import org.keycloak.util.JsonSerialization;
+import org.keycloak.util.SystemPropertiesJsonParserFactory;
 
 /**
  * <p>This is class serves as an entry point for clients looking for access to Keycloak Authorization Services.
@@ -72,7 +74,11 @@ public class AuthzClient {
         }
 
         try {
-            return create(JsonSerialization.readValue(configStream, Configuration.class));
+            ObjectMapper mapper = new ObjectMapper(new SystemPropertiesJsonParserFactory());
+
+            mapper.setSerializationInclusion(JsonInclude.Include.NON_DEFAULT);
+
+            return create(mapper.readValue(configStream, Configuration.class));
         } catch (IOException e) {
             throw new RuntimeException("Could not parse configuration.", e);
         }

testsuite/integration-arquillian/tests/base/pom.xml

@@ -42,6 +42,7 @@
         <exclude.cluster>**/cluster/**/*Test.java</exclude.cluster>
         <exclude.crossdc>**/crossdc/**/*Test.java</exclude.crossdc>
         <mvel.version>2.4.0.Final</mvel.version>
+        <systemrules.version>1.19.0</systemrules.version>
     </properties>
     
     <dependencies>
@@ -135,6 +136,12 @@
             <artifactId>jandex</artifactId>
             <version>2.1.3.Final</version>
         </dependency>
+        <dependency>
+            <groupId>com.github.stefanbirkner</groupId>
+            <artifactId>system-rules</artifactId>
+            <version>${systemrules.version}</version>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
     
     <build>

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/AuthzClientTest.java

@@ -0,0 +1,43 @@
+package org.keycloak.testsuite.authz;
+
+import java.io.ByteArrayInputStream;
+
+import org.hamcrest.Matchers;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.contrib.java.lang.system.EnvironmentVariables;
+import org.junit.rules.ExpectedException;
+import org.keycloak.authorization.client.AuthzClient;
+
+public class AuthzClientTest {
+
+    @Rule
+    public final EnvironmentVariables envVars = new EnvironmentVariables();
+
+    @Rule
+    public ExpectedException expectedException = ExpectedException.none();
+
+    @Test
+    public void testCreateWithEnvVars() {
+        envVars.set("KEYCLOAK_REALM", "test");
+        envVars.set("KEYCLOAK_AUTH_SERVER", "http://test");
+
+        expectedException.expect(RuntimeException.class);
+        expectedException.expectMessage(Matchers.containsString("Could not obtain configuration from server"));
+
+        AuthzClient.create(new ByteArrayInputStream(("{\n"
+                + "  \"realm\": \"${env.KEYCLOAK_REALM}\",\n"
+                + "  \"auth-server-url\": \"${env.KEYCLOAK_AUTH_SERVER}\",\n"
+                + "  \"ssl-required\": \"external\",\n"
+                + "  \"enable-cors\": true,\n"
+                + "  \"resource\": \"my-server\",\n"
+                + "  \"credentials\": {\n"
+                + "    \"secret\": \"${env.KEYCLOAK_SECRET}\"\n"
+                + "  },\n"
+                + "  \"confidential-port\": 0,\n"
+                + "  \"policy-enforcer\": {\n"
+                + "    \"enforcement-mode\": \"ENFORCING\"\n"
+                + "  }\n"
+                + "}").getBytes()));
+    }
+}