Merge pull request #31525 from sberyozkin/keycloak_21.0.0

Bump Keycloak version to 21.0.1
quarkusio · Mar 29, 2023 · 5d24150 · 5d24150
2 parents 34da513 + f964a49
commit 5d24150
Show file tree

Hide file tree

Showing 9 changed files with 65 additions and 12 deletions.
diff --git a/bom/application/pom.xml b/bom/application/pom.xml
@@ -187,7 +187,7 @@
         <jna.version>5.8.0</jna.version><!-- should satisfy both testcontainers and mongodb -->
         <antlr.version>4.10.1</antlr.version><!-- needs to align with same property in build-parent/pom.xml -->
         <quarkus-security.version>2.0.2.Final</quarkus-security.version>
-        <keycloak.version>20.0.3</keycloak.version>
+        <keycloak.version>21.0.1</keycloak.version>
         <logstash-gelf.version>1.15.0</logstash-gelf.version>
         <checker-qual.version>3.32.0</checker-qual.version>
         <error-prone-annotations.version>2.18.0</error-prone-annotations.version>

diff --git a/build-parent/pom.xml b/build-parent/pom.xml
@@ -102,7 +102,7 @@
 
         <!-- The image to use for tests that run Keycloak -->
         <!-- IMPORTANT: If this is changed you must also update bom/application/pom.xml and KeycloakBuildTimeConfig/DevServicesConfig in quarkus-oidc/deployment to match the version -->
-        <keycloak.version>20.0.3</keycloak.version>
+        <keycloak.version>21.0.1</keycloak.version>
         <keycloak.wildfly.version>19.0.3</keycloak.wildfly.version>
         <keycloak.docker.image>quay.io/keycloak/keycloak:${keycloak.version}</keycloak.docker.image>
         <keycloak.docker.legacy.image>quay.io/keycloak/keycloak:${keycloak.wildfly.version}-legacy</keycloak.docker.legacy.image>

diff --git a/docs/src/main/asciidoc/security-openid-connect-dev-services.adoc b/docs/src/main/asciidoc/security-openid-connect-dev-services.adoc
@@ -217,7 +217,7 @@ For more information, see xref:security-oidc-bearer-authentication-concept.adoc#
 [[keycloak-initialization]]
 === Keycloak Initialization
 
-The `quay.io/keycloak/keycloak:20.0.3` image which contains a Keycloak distribution powered by Quarkus is used to start a container by default.
+The `quay.io/keycloak/keycloak:21.0.1` image which contains a Keycloak distribution powered by Quarkus is used to start a container by default.
 `quarkus.keycloak.devservices.image-name` can be used to change the Keycloak image name. For example, set it to `quay.io/keycloak/keycloak:19.0.3-legacy` to use a Keycloak distribution powered by WildFly.
 Note that only a Quarkus based Keycloak distribution is available starting from Keycloak `20.0.0`.
 

diff --git a/...loyment/src/main/java/io/quarkus/keycloak/pep/deployment/KeycloakReflectionBuildStep.java b/...loyment/src/main/java/io/quarkus/keycloak/pep/deployment/KeycloakReflectionBuildStep.java
@@ -9,6 +9,8 @@
 import org.keycloak.adapters.authorization.cip.HttpClaimInformationPointProviderFactory;
 import org.keycloak.authorization.client.representation.ServerConfiguration;
 import org.keycloak.authorization.client.representation.TokenIntrospectionResponse;
+import org.keycloak.common.crypto.CryptoProvider;
+import org.keycloak.crypto.def.DefaultCryptoProvider;
 import org.keycloak.jose.jwk.JSONWebKeySet;
 import org.keycloak.jose.jwk.JWK;
 import org.keycloak.jose.jws.JWSHeader;
@@ -78,7 +80,8 @@ public void registerServiceProviders(BuildProducer<ServiceProviderBuildItem> ser
         serviceProvider.produce(new ServiceProviderBuildItem(ClaimInformationPointProviderFactory.class.getName(),
                 HttpClaimInformationPointProviderFactory.class.getName(),
                 ClaimsInformationPointProviderFactory.class.getName()));
-
+        serviceProvider.produce(new ServiceProviderBuildItem(CryptoProvider.class.getName(),
+                DefaultCryptoProvider.class.getName()));
     }
 
     @BuildStep

diff --git a/...ment/src/main/java/io/quarkus/oidc/deployment/devservices/keycloak/DevServicesConfig.java b/...ment/src/main/java/io/quarkus/oidc/deployment/devservices/keycloak/DevServicesConfig.java
@@ -35,7 +35,7 @@ public class DevServicesConfig {
      * string.
      * Set 'quarkus.keycloak.devservices.keycloak-x-image' to override this check.
      */
-    @ConfigItem(defaultValue = "quay.io/keycloak/keycloak:20.0.3")
+    @ConfigItem(defaultValue = "quay.io/keycloak/keycloak:21.0.1")
     public String imageName;
 
     /**

diff --git a/integration-tests/keycloak-authorization/pom.xml b/integration-tests/keycloak-authorization/pom.xml
@@ -15,6 +15,7 @@
 
     <properties>
         <keycloak.url>http://localhost:8180/auth</keycloak.url>
+        <nashorn-core.version>15.3</nashorn-core.version>
     </properties>
 
     <dependencies>
@@ -110,20 +111,37 @@
             <artifactId>htmlunit</artifactId>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>org.openjdk.nashorn</groupId>
+            <artifactId>nashorn-core</artifactId>
+            <version>${nashorn-core.version}</version>
+        </dependency>
     </dependencies>
 
     <build>
+        <testResources>
+            <testResource>
+                <directory>src/test/resources</directory>
+                <filtering>true</filtering>
+            </testResource>
+        </testResources>
         <plugins>
             <plugin>
                 <artifactId>maven-surefire-plugin</artifactId>
                 <configuration>
                     <skip>true</skip>
+                    <systemPropertyVariables>
+                        <keycloak.image.version>${keycloak.image.version}</keycloak.image.version>
+                    </systemPropertyVariables>
                 </configuration>
             </plugin>
             <plugin>
                 <artifactId>maven-failsafe-plugin</artifactId>
                 <configuration>
                     <skip>true</skip>
+                    <systemPropertyVariables>
+                        <keycloak.image.version>${keycloak.image.version}</keycloak.image.version>
+                    </systemPropertyVariables>
                 </configuration>
             </plugin>
             <plugin>
@@ -137,6 +155,23 @@
                     </execution>
                 </executions>
             </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-dependency-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>copy-dependencies-quarkus</id>
+                        <phase>process-test-resources</phase>
+                        <goals>
+                            <goal>copy-dependencies</goal>
+                        </goals>
+                        <configuration>
+                            <outputDirectory>${project.build.testOutputDirectory}</outputDirectory>
+                            <includeArtifactIds>nashorn-core,asm,asm-util,asm-commons</includeArtifactIds>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
         </plugins>
     </build>
 

diff --git a/...keycloak-authorization/src/test/java/io/quarkus/it/keycloak/KeycloakLifecycleManager.java b/...keycloak-authorization/src/test/java/io/quarkus/it/keycloak/KeycloakLifecycleManager.java
@@ -31,6 +31,7 @@
 import org.keycloak.util.JsonSerialization;
 import org.testcontainers.containers.GenericContainer;
 import org.testcontainers.containers.wait.strategy.Wait;
+import org.testcontainers.images.builder.ImageFromDockerfile;
 import org.testcontainers.images.builder.Transferable;
 
 import io.quarkus.test.common.QuarkusTestResourceLifecycleManager;
@@ -44,16 +45,22 @@ public class KeycloakLifecycleManager implements QuarkusTestResourceLifecycleMan
     protected static String KEYCLOAK_SERVER_URL;
     private static final String KEYCLOAK_REALM = "quarkus";
     private static final String KEYCLOAK_SERVICE_CLIENT = "quarkus-service-app";
-    private static final String KEYCLOAK_VERSION = System.getProperty("keycloak.version");
+    private static final String KEYCLOAK_IMAGE = System.getProperty("keycloak.docker.image");
 
     @SuppressWarnings("resource")
     @Override
     public Map<String, String> start() {
-        keycloak = new GenericContainer<>("quay.io/keycloak/keycloak:" + KEYCLOAK_VERSION)
-                .withExposedPorts(8080)
-                .withEnv("KEYCLOAK_ADMIN", "admin")
-                .withEnv("KEYCLOAK_ADMIN_PASSWORD", "admin")
-                .waitingFor(Wait.forLogMessage(".*Keycloak.*started.*", 1));
+        try {
+            keycloak = new GenericContainer<>(
+                    new ImageFromDockerfile().withDockerfile(Paths.get(getClass().getResource("/Dockerfile").toURI()))
+                            .withBuildArg("KEYCLOAK_IMAGE", KEYCLOAK_IMAGE))
+                    .withExposedPorts(8080)
+                    .withEnv("KEYCLOAK_ADMIN", "admin")
+                    .withEnv("KEYCLOAK_ADMIN_PASSWORD", "admin")
+                    .waitingFor(Wait.forLogMessage(".*Keycloak.*started.*", 1));
+        } catch (URISyntaxException e) {
+            throw new RuntimeException(e);
+        }
 
         keycloak = keycloak
                 .withCopyToContainer(Transferable.of(createPoliciesJar().toByteArray()), "/opt/keycloak/providers/policies.jar")

diff --git a/integration-tests/keycloak-authorization/src/test/resources/Dockerfile b/integration-tests/keycloak-authorization/src/test/resources/Dockerfile
@@ -0,0 +1,8 @@
+FROM ${keycloak.docker.image} as builder
+
+COPY ./*.jar /opt/keycloak/providers/
+
+FROM ${keycloak.docker.image}
+COPY --from=builder /opt/keycloak/ /opt/keycloak/
+
+ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]
diff --git a/...oidc-token-propagation/src/test/java/io/quarkus/it/keycloak/OidcTokenPropagationTest.java b/...oidc-token-propagation/src/test/java/io/quarkus/it/keycloak/OidcTokenPropagationTest.java
@@ -53,7 +53,7 @@ public void testGetUserNameWithAccessTokenPropagation() {
                 //.statusCode(200)
                 //.body(equalTo("alice"));
                 .statusCode(500)
-                .body(containsString("Client not allowed to exchange"));
+                .body(containsString("Feature not enabled"));
     }
 
     @Test