Update Keycloak to 24.0.3

deployments/local/dev/docker-compose-keycloakx.yml

@@ -44,7 +44,11 @@ services:
       # Allow access via visualvm and jmc (remote jmx connection to localhost 8790 without ssl)
       # see https://docs.oracle.com/en/java/javase/11/management/monitoring-and-management-using-jmx-technology.html#GUID-D4CBA2D6-2E24-4856-A7D8-62B3DFFB76EA
       # JAVA_TOOL_OPTIONS: "-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=8790 -Dcom.sun.management.jmxremote.local.only=false -Dcom.sun.management.jmxremote.authenticate=true -Dcom.sun.management.jmxremote.password.file=/opt/keycloak/conf/jmxremote.password -Dcom.sun.management.jmxremote.ssl=false -XX:FlightRecorderOptions=stackdepth=256"
-      JAVA_TOOL_OPTIONS: "-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=8790 -Dcom.sun.management.jmxremote.local.only=false -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -XX:FlightRecorderOptions=stackdepth=256"
+      #JAVA_TOOL_OPTIONS: "-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=8790 -Dcom.sun.management.jmxremote.local.only=false -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -XX:FlightRecorderOptions=stackdepth=256"
+
+      # JAVA_TOOL_OPTIONS="" jcmd 1 JFR.start duration=1m settings=profile name=debug filename=/opt/keycloak/perf/debug.jfr
+      # JAVA_TOOL_OPTIONS="" jcmd 1 JFR.dump name=debug filename=/opt/keycloak/perf/debug.jfr
+      JAVA_TOOL_OPTIONS: "-XX:FlightRecorderOptions=stackdepth=256 -XX:+FlightRecorder -XX:StartFlightRecording=duration=200s,filename=/opt/keycloak/perf/debug.jfr,name=debug"
     mem_limit: 2048m
     mem_reservation: 2048m
     cpus: 4
@@ -80,6 +84,7 @@ services:
 # Workaround to allow logouts via old Keycloak Admin-Console
 # see: org.keycloak.protocol.oidc.endpoints.LogoutEndpoint.logout(java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String)
       - "--spi-login-protocol-openid-connect-legacy-logout-redirect-uri=false"
+#      - "--log-level=info,io.quarkus.vertx:debug,io.netty:debug,io.vertx:debug"
 #      - "--log-level=info,org.keycloak.models.sessions.infinispan.InfinispanUserSessionProvider:debug"
 #      - "--log-level=info,org.hibernate:debug"
 #      - "--log-level=info,org.hibernate.SQL:debug"

deployments/local/dev/keycloakx/Dockerfile

@@ -1,5 +1,5 @@
 #see https://www.keycloak.org/server/containers
-ARG KEYCLOAK_VERSION=24.0.2
+ARG KEYCLOAK_VERSION=24.0.3
 FROM quay.io/keycloak/keycloak:$KEYCLOAK_VERSION
 #FROM thomasdarimont/keycloak:21.0.999.1
 USER root

deployments/local/dev/keycloakx/Dockerfile-ci

@@ -1,5 +1,5 @@
 #see https://www.keycloak.org/server/containers
-ARG KEYCLOAK_VERSION=24.0.2
+ARG KEYCLOAK_VERSION=24.0.3
 FROM quay.io/keycloak/keycloak:$KEYCLOAK_VERSION
 USER root
 

deployments/local/standalone/keycloak/Dockerfile

@@ -1,5 +1,5 @@
 #see https://www.keycloak.org/server/containers
-ARG KEYCLOAK_VERSION=24.0.2
+ARG KEYCLOAK_VERSION=24.0.3
 FROM quay.io/keycloak/keycloak:$KEYCLOAK_VERSION
 
 USER root

keycloak.env

@@ -1,5 +1,5 @@
 # Global configuration for Keycloak environment
-KEYCLOAK_VERSION=24.0.2
+KEYCLOAK_VERSION=24.0.3
 KEYCLOAK_CONFIG_FILE=standalone.xml
 USER=1000
 GROUP=1000

keycloak/docker/src/main/docker/keycloakx/Dockerfile.ci.plain

@@ -1,4 +1,4 @@
-ARG KEYCLOAK_VERSION=24.0.2
+ARG KEYCLOAK_VERSION=24.0.3
 FROM quay.io/keycloak/keycloak:$KEYCLOAK_VERSION
 
 ENV KC_FEATURES=preview

keycloak/docker/src/main/docker/keycloakx/Dockerfile.plain

@@ -1,4 +1,4 @@
-ARG KEYCLOAK_VERSION=24.0.2
+ARG KEYCLOAK_VERSION=24.0.3
 FROM quay.io/keycloak/keycloak:$KEYCLOAK_VERSION
 
 USER root

keycloak/extensions/src/main/java/com/github/thomasdarimont/keycloak/custom/endpoints/CustomResource.java

@@ -9,6 +9,7 @@
 import com.github.thomasdarimont.keycloak.custom.endpoints.migration.UserImportMigrationResource;
 import com.github.thomasdarimont.keycloak.custom.endpoints.offline.OfflineSessionPropagationResource;
 import com.github.thomasdarimont.keycloak.custom.endpoints.profile.UserProfileResource;
+import com.github.thomasdarimont.keycloak.custom.endpoints.provisioning.BulkUserImportResource;
 import com.github.thomasdarimont.keycloak.custom.endpoints.settings.UserSettingsResource;
 import jakarta.ws.rs.GET;
 import jakarta.ws.rs.Path;
@@ -126,4 +127,9 @@ public UserImportMigrationResource userMigration() {
         return new UserImportMigrationResource(session, token);
     }
 
+    @Path("admin/userimport")
+    public BulkUserImportResource bulkUserImport() {
+        return new BulkUserImportResource(session);
+    }
+
 }

keycloak/extensions/src/main/java/com/github/thomasdarimont/keycloak/custom/endpoints/CustomResourceProvider.java

@@ -1,5 +1,6 @@
 package com.github.thomasdarimont.keycloak.custom.endpoints;
 
+import com.github.thomasdarimont.keycloak.custom.support.AuthUtils;
 import com.github.thomasdarimont.keycloak.custom.support.KeycloakSessionLookup;
 import com.google.auto.service.AutoService;
 import lombok.RequiredArgsConstructor;
@@ -56,16 +57,10 @@ public Object getResource() {
     }
 
     AdminPermissionEvaluator getAuth(KeycloakSession session) {
-        AdminAuth adminAuth = getAdminAuth(session);
+        AdminAuth adminAuth = AuthUtils.getAdminAuth(session);
         return AdminPermissions.evaluator(session, session.getContext().getRealm(), adminAuth);
     }
 
-    private static AdminAuth getAdminAuth(KeycloakSession session) {
-        AuthenticationManager.AuthResult authResult = new AppAuthManager.BearerTokenAuthenticator(session).authenticate();
-        return new AdminAuth(session.getContext().getRealm(), authResult.getToken(), authResult.getUser(), authResult.getClient());
-    }
-
-
     @Override
     public void close() {
         // NOOP

keycloak/extensions/src/main/java/com/github/thomasdarimont/keycloak/custom/support/AuthUtils.java

@@ -1,6 +1,8 @@
 package com.github.thomasdarimont.keycloak.custom.support;
 
+import jakarta.ws.rs.core.Response;
 import org.keycloak.models.KeycloakSession;
+import org.keycloak.services.ErrorResponse;
 import org.keycloak.services.managers.AppAuthManager;
 import org.keycloak.services.managers.AuthenticationManager;
 import org.keycloak.services.resources.admin.AdminAuth;
@@ -15,6 +17,9 @@ public static AdminPermissionEvaluator getAdminPermissionEvaluator(KeycloakSessi
 
     public static AdminAuth getAdminAuth(KeycloakSession session) {
         AuthenticationManager.AuthResult authResult = new AppAuthManager.BearerTokenAuthenticator(session).authenticate();
+        if (authResult == null) {
+            throw ErrorResponse.error("invalid_token", Response.Status.UNAUTHORIZED);
+        }
         return new AdminAuth(session.getContext().getRealm(), authResult.getToken(), authResult.getUser(), authResult.getClient());
     }
 }

keycloak/extensions/src/test/java/com/github/thomasdarimont/keycloak/custom/KeycloakTestSupport.java

@@ -40,7 +40,7 @@ public static KeycloakContainer createKeycloakContainer() {
     }
 
     public static KeycloakContainer createKeycloakContainer(String realmImportFileName) {
-        return createKeycloakContainer("quay.io/keycloak/keycloak:24.0.2", realmImportFileName);
+        return createKeycloakContainer("quay.io/keycloak/keycloak:24.0.3", realmImportFileName);
     }
 
     public static KeycloakContainer createKeycloakContainer(String imageName, String realmImportFileName) {

pom.xml

@@ -46,7 +46,7 @@
         <docker.file>keycloakx/Dockerfile.plain</docker.file>
 
         <!-- Keycloak -->
-        <keycloak.version>24.0.2</keycloak.version>
+        <keycloak.version>24.0.3</keycloak.version>
 
         <!-- Parameterizable Project Versions -->
         <revision>1.0.0</revision>