Merge pull request #2952 from Rajpratik71/keycloak-19-upgrade

chore : Upgrade keycloak to 19.0.0

src/main/java/tech/jhipster/lite/generator/client/angular/security/oauth2/domain/AngularOauth2ModuleFactory.java

@@ -57,7 +57,7 @@ public class AngularOauth2ModuleFactory {
   private static final String KEYCLOAK_ENVIRONMENT =
     """
       keycloak: {
-        url: 'http://localhost:9080/auth',
+        url: 'http://localhost:9080',
         realm: 'jhipster',
         client_id: 'web_app'
       },

src/main/java/tech/jhipster/lite/generator/server/springboot/apidocumentation/springdoc/domain/SpringdocModuleFactory.java

@@ -69,15 +69,15 @@ public JHipsterModule buildModuleWithSecurityOAuth2ForMvc(JHipsterModuleProperti
         .set(propertyKey("springdoc.swagger-ui.oauth.realm"), propertyValue("jhipster"))
         .set(
           propertyKey("springdoc.oauth2.authorization-url"),
-          propertyValue("http://localhost:9080/auth/realms/jhipster/protocol/openid-connect/auth")
+          propertyValue("http://localhost:9080/realms/jhipster/protocol/openid-connect/auth")
         )
         .and()
       .springTestProperties()
         .set(propertyKey("springdoc.swagger-ui.oauth.client-id"), propertyValue("web_app"))
         .set(propertyKey("springdoc.swagger-ui.oauth.realm"), propertyValue("jhipster"))
         .set(
           propertyKey("springdoc.oauth2.authorization-url"),
-          propertyValue("http://localhost:9080/auth/realms/jhipster/protocol/openid-connect/auth")
+          propertyValue("http://localhost:9080/realms/jhipster/protocol/openid-connect/auth")
         )
         .and()
       .build();

src/main/java/tech/jhipster/lite/generator/server/springboot/mvc/security/oauth2/domain/OAuth2ModuleFactory.java

@@ -50,16 +50,15 @@ public JHipsterModule buildModule(JHipsterModuleProperties properties) {
   }
 
   private void appendKeycloak(JHipsterModuleBuilder builder) {
-    DockerImage keycloakImage = dockerImages.get("jboss/keycloak");
+    DockerImage keycloakImage = dockerImages.get("quay.io/keycloak/keycloak");
 
     builder.context().put("dockerKeycloakVersion", keycloakImage.version()).put("dockerKeycloakImage", keycloakImage.fullName());
 
     builder
       .files()
       .add(DOCKER_SOURCE.template("keycloak.yml"), DOCKER_DESTINATION.append("keycloak.yml"))
       .batch(DOCKER_SOURCE, DOCKER_DESTINATION.append("keycloak-realm-config"))
-      .addTemplate("jhipster-realm.json")
-      .addTemplate("jhipster-users-0.json");
+      .addTemplate("jhipster-realm.json");
   }
 
   private void appendJavaFiles(JHipsterModuleBuilder builder, JHipsterModuleProperties properties) {
@@ -106,10 +105,7 @@ private void appendDependencies(JHipsterModuleBuilder builder) {
   private void appendSpringProperties(JHipsterModuleBuilder builder) {
     builder
       .springMainProperties()
-      .set(
-        propertyKey("spring.security.oauth2.client.provider.oidc.issuer-uri"),
-        propertyValue("http://localhost:9080/auth/realms/jhipster")
-      )
+      .set(propertyKey("spring.security.oauth2.client.provider.oidc.issuer-uri"), propertyValue("http://localhost:9080/realms/jhipster"))
       .set(propertyKey("spring.security.oauth2.client.registration.oidc.client-id"), propertyValue("web_app"))
       .set(propertyKey("spring.security.oauth2.client.registration.oidc.client-secret"), propertyValue("web_app"))
       .set(propertyKey("spring.security.oauth2.client.registration.oidc.scope"), propertyValue("openid,profile,email"))
@@ -118,10 +114,7 @@ private void appendSpringProperties(JHipsterModuleBuilder builder) {
     builder
       .springTestProperties()
       .set(propertyKey("spring.main.allow-bean-definition-overriding"), propertyValue("true"))
-      .set(
-        propertyKey("spring.security.oauth2.client.provider.oidc.issuer-uri"),
-        propertyValue("http://DO_NOT_CALL:9080/auth/realms/jhipster")
-      );
+      .set(propertyKey("spring.security.oauth2.client.provider.oidc.issuer-uri"), propertyValue("http://DO_NOT_CALL:9080/realms/jhipster"));
   }
 
   private void appendIntegrationTestAnnotationUpdates(JHipsterModuleBuilder builder, JHipsterModuleProperties properties) {

src/main/resources/generator/dependencies/Dockerfile

@@ -2,7 +2,7 @@ FROM sonarqube:9.4.0-community
 FROM consul:1.12.3
 FROM jhipster/consul-config-loader:v0.4.1
 FROM jhipster/jhipster-registry:v7.3.0
-FROM jboss/keycloak:16.1.1
+FROM quay.io/keycloak/keycloak:19.0.0
 FROM mariadb:10.8.3
 FROM mongo:5.0.10
 FROM mysql:8.0.30

src/main/resources/generator/server/springboot/mvc/security/oauth2/docker/jhipster-realm.json.mustache

@@ -2250,5 +2250,63 @@
   },
   "clientPolicies": {
     "policies": []
-  }
+  },
+  "users": [
+    {
+      "id": "4c973896-5761-41fc-8217-07c5d13a004b",
+      "createdTimestamp": 1505479415590,
+      "username": "admin",
+      "enabled": true,
+      "totp": false,
+      "emailVerified": true,
+      "firstName": "Admin",
+      "lastName": "Administrator",
+      "email": "admin@localhost",
+      "credentials": [
+        {
+          "id": "b860462b-9b02-48ba-9523-d3a8926a917b",
+          "type": "password",
+          "createdDate": 1505479429154,
+          "secretData": "{\"value\":\"4pf9K2jWSCcHC+CwsZP/qidN5pSmDUe6AX6wBerSGdBVKkExay8MWKx+EKmaaObZW6FVsD8vdW/ZsyUFD9gJ1Q==\",\"salt\":\"1/qNkZ5kr77jOMOBPBogGw==\"}",
+          "credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\"}"
+        }
+      ],
+      "disableableCredentialTypes": [],
+      "requiredActions": [],
+      "realmRoles": ["offline_access", "uma_authorization"],
+      "clientRoles": {
+        "account": ["view-profile", "manage-account"]
+      },
+      "notBefore": 0,
+      "groups": ["/Admins", "/Users"]
+    },
+    {
+      "id": "c4af4e2f-b432-4c3b-8405-cca86cd5b97b",
+      "createdTimestamp": 1505479373742,
+      "username": "user",
+      "enabled": true,
+      "totp": false,
+      "emailVerified": true,
+      "firstName": "",
+      "lastName": "User",
+      "email": "user@localhost",
+      "credentials": [
+        {
+          "id": "7821832b-1e82-45a2-b8d3-f1a6ad909e64",
+          "type": "password",
+          "createdDate": 1505479392766,
+          "secretData": "{\"value\":\"MbKsMgWPnZyImih8s4SaoCSCq+XIY/c6S9F93sXEidHF1TjPWxCqMkec0+o3860CMLXHt3az61cIJOWI0FW9aw==\",\"salt\":\"fmpBI1r8R1u75hDLMUlwBw==\"}",
+          "credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\"}"
+        }
+      ],
+      "disableableCredentialTypes": [],
+      "requiredActions": [],
+      "realmRoles": ["offline_access", "uma_authorization"],
+      "clientRoles": {
+        "account": ["view-profile", "manage-account"]
+      },
+      "notBefore": 0,
+      "groups": ["/Users"]
+    }
+  ]  
 }

src/main/resources/generator/server/springboot/mvc/security/oauth2/docker/keycloak.yml.mustache

@@ -3,26 +3,18 @@ version: '3.8'
 services:
   keycloak:
     image: {{dockerKeycloakImage}}
-    command:
-      [
-        '-b',
-        '0.0.0.0',
-        '-Dkeycloak.migration.action=import',
-        '-Dkeycloak.migration.provider=dir',
-        '-Dkeycloak.migration.dir=/opt/jboss/keycloak/realm-config',
-        '-Dkeycloak.migration.strategy=OVERWRITE_EXISTING',
-        '-Djboss.socket.binding.port-offset=1000',
-        '-Dkeycloak.profile.feature.upload_scripts=enabled',
-      ]
+    command: [ 'start-dev --import-realm' ]
     volumes:
-      - ./keycloak-realm-config:/opt/jboss/keycloak/realm-config
+      - ./keycloak-realm-config:/opt/keycloak/data/import
     environment:
-      - KEYCLOAK_USER=admin
-      - KEYCLOAK_PASSWORD=admin
-      - DB_VENDOR=h2
+      - KC_DB=dev-file
+      - KEYCLOAK_ADMIN=admin
+      - KEYCLOAK_ADMIN_PASSWORD=admin
+      - KC_FEATURES=scripts
+      - KC_HTTP_PORT=9080
+      - KC_HTTPS_PORT=9443
     # If you want to expose these ports outside your dev PC,
     # remove the "127.0.0.1:" prefix
     ports:
       - 127.0.0.1:9080:9080
-      - 127.0.0.1:9443:9443
-      - 127.0.0.1:10990:10990
+      - 127.0.0.1:9443:9443

src/main/resources/generator/server/springboot/mvc/security/oauth2/test/infrastructure/primary/SecurityConfigurationTest.java.mustache

@@ -53,7 +53,7 @@ class SecurityConfigurationTest {
     try (MockedStatic<JwtDecoders> jwtDecoders = Mockito.mockStatic(JwtDecoders.class)) {
       NimbusJwtDecoder jwtDecoder = new NimbusJwtDecoder(withoutSigning());
       jwtDecoders.when(JwtDecoders.fromOidcIssuerLocation(anyString())).thenReturn(jwtDecoder);
-      ReflectionTestUtils.setField(securityConfiguration, "issuerUri", "http://DO_NOT_CALL:9080/auth/realms/jhipster");
+      ReflectionTestUtils.setField(securityConfiguration, "issuerUri", "http://DO_NOT_CALL:9080/realms/jhipster");
 
       ApplicationSecurityProperties.OAuth2 oauth2 = new ApplicationSecurityProperties.OAuth2();
       oauth2.setAudience(List.of("account", "api://default"));

src/test/java/tech/jhipster/lite/generator/client/angular/security/oauth2/domain/AngularOauth2ModuleFactoryTest.java

@@ -101,7 +101,7 @@ private static ModuleAsserter assertAngularOAuthModule(ModuleFile moduleFile, Mo
       .containing(
         """
                   keycloak: {
-                    url: 'http://localhost:9080/auth',
+                    url: 'http://localhost:9080',
                     realm: 'jhipster',
                     client_id: 'web_app'
                   },
@@ -112,7 +112,7 @@ private static ModuleAsserter assertAngularOAuthModule(ModuleFile moduleFile, Mo
       .containing(
         """
                   keycloak: {
-                    url: 'http://localhost:9080/auth',
+                    url: 'http://localhost:9080',
                     realm: 'jhipster',
                     client_id: 'web_app'
                   },

src/test/java/tech/jhipster/lite/generator/server/springboot/apidocumentation/springdoc/domain/SpringdocModuleFactoryTest.java

@@ -141,12 +141,12 @@ private void assertAddedPropertiesWithOAuth2(ModuleAsserter moduleFileAsserter)
       .createFile("src/main/resources/config/application.properties")
         .containing("springdoc.swagger-ui.oauth.client-id=web_app")
         .containing("springdoc.swagger-ui.oauth.realm=jhipster")
-        .containing("springdoc.oauth2.authorization-url=http://localhost:9080/auth/realms/jhipster/protocol/openid-connect/auth")
+        .containing("springdoc.oauth2.authorization-url=http://localhost:9080/realms/jhipster/protocol/openid-connect/auth")
         .and()
       .createFile("src/test/resources/config/application.properties")
         .containing("springdoc.swagger-ui.oauth.client-id=web_app")
         .containing("springdoc.swagger-ui.oauth.realm=jhipster")
-        .containing("springdoc.oauth2.authorization-url=http://localhost:9080/auth/realms/jhipster/protocol/openid-connect/auth");
+        .containing("springdoc.oauth2.authorization-url=http://localhost:9080/realms/jhipster/protocol/openid-connect/auth");
     //@formatter:on
   }
 }

src/test/java/tech/jhipster/lite/generator/server/springboot/mvc/security/oauth2/domain/OAuth2ModuleFactoryTest.java

@@ -34,7 +34,7 @@ void shouldCreateOAuth2Module() {
       .projectBaseName("myapp")
       .build();
 
-    when(dockerImages.get("jboss/keycloak")).thenReturn(new DockerImage("jboss/keycloak", "1.1.1"));
+    when(dockerImages.get("quay.io/keycloak/keycloak")).thenReturn(new DockerImage("quay.io/keycloak/keycloak", "1.1.1"));
 
     JHipsterModule module = factory.buildModule(properties);
 
@@ -73,13 +73,11 @@ void shouldCreateOAuth2Module() {
         "WithUnauthenticatedMockUser.java"
       )
       .createFile("src/main/docker/keycloak.yml")
-      .containing("jboss/keycloak:1.1.1")
+      .containing("quay.io/keycloak/keycloak:1.1.1")
       .and()
       .createFile("src/main/docker/keycloak-realm-config/jhipster-realm.json")
       .containing("1.1.1")
       .and()
-      .createFile("src/main/docker/keycloak-realm-config/jhipster-users-0.json")
-      .and()
       .createFile("src/main/java/com/jhipster/test/authentication/package-info.java")
       .and()
       .createFile("pom.xml")
@@ -89,15 +87,15 @@ void shouldCreateOAuth2Module() {
       .containing("spring-boot-starter-oauth2-resource-server")
       .and()
       .createFile("src/main/resources/config/application.properties")
-      .containing("spring.security.oauth2.client.provider.oidc.issuer-uri=http://localhost:9080/auth/realms/jhipster")
+      .containing("spring.security.oauth2.client.provider.oidc.issuer-uri=http://localhost:9080/realms/jhipster")
       .containing("spring.security.oauth2.client.registration.oidc.client-id=web_app")
       .containing("spring.security.oauth2.client.registration.oidc.client-secret=web_app")
       .containing("spring.security.oauth2.client.registration.oidc.scope=openid,profile,email")
       .containing("application.security.oauth2.audience=account,api://default")
       .and()
       .createFile("src/test/resources/config/application.properties")
       .containing("spring.main.allow-bean-definition-overriding=true")
-      .containing("spring.security.oauth2.client.provider.oidc.issuer-uri=http://DO_NOT_CALL:9080/auth/realms/jhipster")
+      .containing("spring.security.oauth2.client.provider.oidc.issuer-uri=http://DO_NOT_CALL:9080/realms/jhipster")
       .and()
       .createFile("src/test/java/com/jhipster/test/IntegrationTest.java")
       .containing("@SpringBootTest(classes = { MyappApp.class, TestSecurityConfiguration.class })")

src/test/resources/generator/dependencies/Dockerfile

@@ -2,7 +2,7 @@ FROM sonarqube:9.3.0-community
 FROM consul:1.11.4
 FROM jhipster/consul-config-loader:v0.4.1
 FROM jhipster/jhipster-registry:v7.3.0
-FROM jboss/keycloak:16.1.1
+FROM quay.io/keycloak/keycloak:19.0.0
 FROM mariadb:10.8.2
 FROM mongo:5.0.8
 FROM mysql:8.0.29