Remove Oracle Database JDBC driver from the Keycloak distribution (#22577)

* Remove Oracle Database JDBC driver from the Keycloak distribution

Closes #22452

* Remove profile for proprietary Oracle JDBC driver

---------

Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
This commit is contained in:
Martin Bartoš 2023-08-21 17:13:49 +02:00 committed by GitHub
parent 760071bf35
commit fcf65389ea
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 87 additions and 1 deletions

View file

@ -14,4 +14,8 @@ the latest FAPI 2 draft specifications when communicating with your clients. Tha
Keycloak has preview for support for OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP). Thanks to Keycloak has preview for support for OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP). Thanks to
https://github.com/tnorimat[Takashi Norimatsu] and https://github.com/dteleguin[Dmitry Telegin] for their contributions. https://github.com/tnorimat[Takashi Norimatsu] and https://github.com/dteleguin[Dmitry Telegin] for their contributions.
= Oracle Database driver not part of the distribution
The Oracle Database JDBC driver is no longer part of the Keycloak distribution.
Administrators will need to install a version of the Oracle Driver matching their environment
as described in the configuring the database {section}.

View file

@ -30,3 +30,8 @@ Previous versions of Keycloak supported specifying the encoding in the first lin
Message properties files for themes are now read in UTF-8 encoding, with an automatic fallback to ISO-8859-1 encoding. Message properties files for themes are now read in UTF-8 encoding, with an automatic fallback to ISO-8859-1 encoding.
If you are using a different encoding, convert the files to UTF-8. If you are using a different encoding, convert the files to UTF-8.
= Oracle Database driver not part of the distribution
The Oracle Database JDBC driver is no longer part of the Keycloak distribution.
Administrators will need to install a version of the Oracle Driver matching their environment
as described in the configuring the database {section}.

View file

@ -28,6 +28,46 @@ The server has built-in support for different databases. You can query the avail
By default, the server uses the `dev-file` database. This is the default database that the server will use to persist data and By default, the server uses the `dev-file` database. This is the default database that the server will use to persist data and
only exists for development use-cases. The `dev-file` database is not suitable for production use-cases, and must be replaced before deploying to production. only exists for development use-cases. The `dev-file` database is not suitable for production use-cases, and must be replaced before deploying to production.
== Installing a database driver (Oracle)
Database drivers are shipped as part of Keycloak except for the Oracle Database driver which needs to be installed separately.
Install the Oracle Database driver if you want to connect to an Oracle Database, or skip this section if you want to connect to a different database.
To install the Oracle Database driver for Keycloak:
. Download the `ojdbc11` and `orai18n` JAR files from one of the following sources:
.. *Zipped JDBC driver and Companion Jars* version ${properties["oracle-jdbc.version"]} from the https://www.oracle.com/database/technologies/appdev/jdbc-downloads.html[Oracle driver download page].
.. Maven Central via `link:++https://repo1.maven.org/maven2/com/oracle/database/jdbc/ojdbc11/${properties["oracle-jdbc.version"]}/ojdbc11-${properties["oracle-jdbc.version"]}.jar++[ojdbc11]` and `link:++https://repo1.maven.org/maven2/com/oracle/database/nls/orai18n/${properties["oracle-jdbc.version"]}/orai18n-${properties["oracle-jdbc.version"]}.jar++[orai18n]`.
.. Installation media recommended by the database vendor for the specific database in use.
. When running the unzipped distribution: Place the `ojdbc11` and `orai18n` JAR files in Keycloak's `providers` folder
. When running containers: Build a custom Keycloak image and add the JARs in the `providers` folder. When building a custom image for the Keycloak Operator, those images need to be optimized images with all build-time options of Keycloak set.
+
A minimal Dockerfile to build an image which can be used with the Keycloak Operator and includes Oracle Database JDBC drivers downloaded from Maven Central looks like the following:
+
[source,dockerfile]
----
FROM quay.io/keycloak/keycloak:latest
ADD --chown=keycloak:keycloak https://repo1.maven.org/maven2/com/oracle/database/jdbc/ojdbc11/${properties["oracle-jdbc.version"]}/ojdbc11-${properties["oracle-jdbc.version"]}.jar /opt/keycloak/providers/ojdbc11.jar
ADD --chown=keycloak:keycloak https://repo1.maven.org/maven2/com/oracle/database/nls/orai18n/${properties["oracle-jdbc.version"]}/orai18n-${properties["oracle-jdbc.version"]}.jar /opt/keycloak/providers/orai18n.jar
# Setting the build parameter for the database:
ENV KC_DB=oracle
# Add all other build parameters needed, for example enable health and metrics:
ENV KC_HEALTH_ENABLED=true
ENV KC_METRICS_ENABLED=true
# To be able to use the image with the Keycloak Operator, it needs to be optimized, which requires Keycloak's build step:
RUN /opt/keycloak/bin/kc.sh build
----
+
See the <@links.server id="containers" /> {section} for details on how to build optimized images.
Then continue configuring the database as described in the next section.
== Configuring a database == Configuring a database
For each supported database, the server provides some opinionated defaults to simplify database configuration. You complete the configuration by providing some key settings such as the database host and credentials. For each supported database, the server provides some opinionated defaults to simplify database configuration. You complete the configuration by providing some key settings such as the database host and credentials.

View file

@ -78,6 +78,16 @@
<dependency> <dependency>
<groupId>io.quarkus</groupId> <groupId>io.quarkus</groupId>
<artifactId>quarkus-jdbc-oracle</artifactId> <artifactId>quarkus-jdbc-oracle</artifactId>
<exclusions>
<exclusion>
<groupId>com.oracle.database.jdbc</groupId>
<artifactId>ojdbc11</artifactId>
</exclusion>
<exclusion>
<groupId>com.oracle.database.nls</groupId>
<artifactId>orai18n</artifactId>
</exclusion>
</exclusions>
</dependency> </dependency>
<dependency> <dependency>
<groupId>io.quarkus</groupId> <groupId>io.quarkus</groupId>
@ -726,5 +736,4 @@
</plugin> </plugin>
</plugins> </plugins>
</build> </build>
</project> </project>

View file

@ -44,6 +44,9 @@ quarkus.log.category."io.quarkus.config".level=off
quarkus.log.category."io.quarkus.arc.processor.BeanArchives".level=off quarkus.log.category."io.quarkus.arc.processor.BeanArchives".level=off
quarkus.log.category."io.quarkus.arc.processor.IndexClassLookupUtils".level=off quarkus.log.category."io.quarkus.arc.processor.IndexClassLookupUtils".level=off
quarkus.log.category."io.quarkus.hibernate.orm.deployment.HibernateOrmProcessor".level=warn quarkus.log.category."io.quarkus.hibernate.orm.deployment.HibernateOrmProcessor".level=warn
# When excluding the Oracle JDBC driver, this avoids the warning
# "Could not remove configured resources from the following artifacts as they were not found in the model:..."
quarkus.log.category."io.quarkus.deployment.steps.ClassTransformingBuildStep".level=error
# Set default directory name for the location of the transaction logs # Set default directory name for the location of the transaction logs
quarkus.transaction-manager.object-store.directory=${kc.home.dir:default}${file.separator}data${file.separator}transaction-logs quarkus.transaction-manager.object-store.directory=${kc.home.dir:default}${file.separator}data${file.separator}transaction-logs

View file

@ -186,6 +186,31 @@
</artifactItems> </artifactItems>
</configuration> </configuration>
</execution> </execution>
<execution>
<id>includeProprietaryDependencies</id>
<phase>generate-resources</phase>
<goals>
<goal>copy</goal>
</goals>
<configuration>
<artifactItems>
<artifactItem>
<groupId>com.oracle.database.jdbc</groupId>
<artifactId>ojdbc11</artifactId>
<version>${oracle-jdbc.version}</version>
<type>jar</type>
<outputDirectory>${auth.server.home}/providers</outputDirectory>
</artifactItem>
<artifactItem>
<groupId>com.oracle.database.nls</groupId>
<artifactId>orai18n</artifactId>
<version>${oracle-jdbc.version}</version>
<type>jar</type>
<outputDirectory>${auth.server.home}/providers</outputDirectory>
</artifactItem>
</artifactItems>
</configuration>
</execution>
<execution> <execution>
<id>copy-testsuite-providers</id> <id>copy-testsuite-providers</id>
<phase>generate-resources</phase> <phase>generate-resources</phase>