quarkus: Neo4J Quarkus can't be configured for SSL

Describe the bug

Using a database URI with encryption makes the application startup fail:

Failed to start application (with profile dev): org.neo4j.driver.exceptions.ClientException: Scheme neo4j+s is not configurable with manual encryption and trust settings
	at org.neo4j.driver.internal.SecuritySettings.assertSecuritySettingsNotUserConfigured(SecuritySettings.java:87)
	at org.neo4j.driver.internal.SecuritySettings.createSecurityPlan(SecuritySettings.java:69)
	at org.neo4j.driver.GraphDatabase.driver(GraphDatabase.java:138)
	at org.neo4j.driver.GraphDatabase.driver(GraphDatabase.java:121)
	at io.quarkus.neo4j.runtime.Neo4jDriverRecorder.initializeDriver(Neo4jDriverRecorder.java:43)
	at io.quarkus.deployment.steps.Neo4jDriverProcessor$configureDriverProducer928533785.deploy_0(Neo4jDriverProcessor$configureDriverProducer928533785.zig:87)
	at io.quarkus.deployment.steps.Neo4jDriverProcessor$configureDriverProducer928533785.deploy(Neo4jDriverProcessor$configureDriverProducer928533785.zig:40)
	at io.quarkus.runner.ApplicationImpl.doStart(ApplicationImpl.zig:579)
	at io.quarkus.runtime.Application.start(Application.java:101)
	at io.quarkus.runtime.ApplicationLifecycleManager.run(ApplicationLifecycleManager.java:101)
	at io.quarkus.runtime.Quarkus.run(Quarkus.java:66)
	at io.quarkus.runtime.Quarkus.run(Quarkus.java:42)
	at io.quarkus.runtime.Quarkus.run(Quarkus.java:119)
	at io.quarkus.runner.GeneratedMain.main(GeneratedMain.zig:29)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:78)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:567)
	at io.quarkus.runner.bootstrap.StartupActionImpl$1.run(StartupActionImpl.java:98)
	at java.base/java.lang.Thread.run(Thread.java:853)

The issue is caused by a default “change” in the configuration in the quarkus-neo4j code in Neo4jDriverRecorder#configureSsl, which causes the code in org.neo4j.driver.internal.SecuritySettings to override the defaults, regardless of what we put into our Quarkus properties file.

Expected behavior

No response

Actual behavior

No response

How to Reproduce?

Start up Quarkus with any Neo4J instance that uses an encrypted connection, e.g. using Neo4J Aura Free and connect using the URI: neo4j+s://xxxxxx123.databases.neo4j.io

Output of uname -a or ver

No response

Output of java -version

16

GraalVM version (if different from Java)

No response

Quarkus version or git rev

2.1.2.Final

Build tool (ie. output of mvnw --version or gradlew --version)

No response

Additional information

This issue might be resolved by just removing lines 119-125 in Neo4jDriverRecorder. The default config should work correctly then.

About this issue

  • Original URL
  • State: closed
  • Created 3 years ago
  • Comments: 15 (12 by maintainers)

Commits related to this issue

Most upvoted comments

I added a fix for this, @sandronm . Thanks for pushing it, tbh I find it annoying myself.

+2
michael-simons on Oct 6, 2021

Hi @sandronm this is now mixing in OGM for good measures, right? Anyhow: If you pass in configured instance of org.neo4j.driver.Driver to OGM’s org.neo4j.ogm.drivers.bolt.driver.BoltDriver it will be used as is, we are not doing anything with it.

The message you receive does happen as

  • you used neo4j+s as protocol
  • Quarkus overrides this

-> Things fail.

Please use neo4j as protocol and configure encryption explicit.

This is how the config of the above mentioned app looks like:

image

+1
michael-simons on Oct 6, 2021
Read more comments on GitHub
← quarkus: NativeImageTest fails because the LauncherUtil is unable to determine the status of the running process
quarkus: No hot reload on bad configuration wich block the quarkus startup and when http.port is overridden  →