Update to Java 17

Author: pbernet

README.md

@@ -46,9 +46,7 @@ Other noteworthy examples:
 
 Remarks:
 
-* Java 11 language level is kept, hence run with a late JDK 11
-  because [caffeine 3.x](https://github.com/ben-manes/caffeine/releases) requires it as well
-  as [ZipCryptoEcho](src/main/scala/alpakka/file/ZipCryptoEcho.scala). To speed things
+* Java 17 language level is kept, hence run with a late JDK 17 or higher. To speed things
   up [graalvm-jdk-21](https://www.graalvm.org/downloads) works best.
 * Most examples are throttled, so you can see from the console output what is happening
 * Some examples deliberately throw `RuntimeException`, so you can observe recovery behaviour

build.sbt

@@ -15,7 +15,7 @@ val kafkaVersion = "3.6.1"
 val activemqVersion = "5.18.4"
 val artemisVersion = "2.33.0"
 val testContainersVersion = "1.19.8"
-val keycloakVersion = "21.1.2" // stay with 21.x because of Java 11 compatibility
+val keycloakVersion = "24.0.4"
 val sttpVersion = "3.9.0"
 val influxdbVersion = "6.10.0"
 val awsClientVersion = "2.25.32"
@@ -131,7 +131,7 @@ libraryDependencies ++= Seq(
   "com.crobox.clickhouse" %% "client" % "1.1.4",
 
   "org.opensearch" % "opensearch-testcontainers" % "2.0.1",
-  "com.github.dasniko" % "testcontainers-keycloak" % "2.5.0",
+  "com.github.dasniko" % "testcontainers-keycloak" % "3.3.1",
   "eu.rekawek.toxiproxy" % "toxiproxy-java" % "2.1.7",
   "org.testcontainers" % "junit-jupiter" % testContainersVersion % Test,
   "org.junit.jupiter" % "junit-jupiter-engine" % "5.9.2" % Test,

src/main/resources/KeycloakClient.html

@@ -1,6 +1,6 @@
 <!--
-  Stolen from:
-  https://github.com/keycloak/keycloak/tree/main/examples/js-console
+  HTML5 client, updated according to:
+  https://www.keycloak.org/docs/24.0.4/securing_apps
   -->
 
 <html>
@@ -23,7 +23,7 @@
     <button onclick="refreshToken(9999)">Refresh Token</button>
     <button onclick="refreshToken(30)">Refresh Token (if <30s validity)</button>
     <button onclick="loadProfile()">Get Profile</button>
-    <button onclick="updateProfile()">Update profile</button>
+    <button onclick="updateProfile()">(Update profile)</button>
     <button onclick="loadUserInfo()">Get User Info</button>
     <button onclick="output(keycloak.tokenParsed)">Show Token</button>
     <button onclick="output(keycloak.refreshTokenParsed)">Show Refresh Token</button>
@@ -68,12 +68,13 @@ <h2>Events</h2>
         req.send();
     }
 
-    function loadProfile() {
-        keycloak.loadUserProfile().success(function(profile) {
+    async function loadProfile() {
+        try {
+            const profile = await keycloak.loadUserProfile();
             output(profile);
-        }).error(function() {
-            output('Failed to load profile');
-        });
+        } catch (error) {
+            output('Failed to load user profile');
+        }
     }
 
     function updateProfile() {
@@ -93,16 +94,17 @@ <h2>Events</h2>
                 }
             }
         }
-
-        req.send('{"email":"myemail@foo.bar","firstName":"test","lastName":"bar"}');
+        <!-- For now: hardcoded values -->
+        req.send('{"email":"myemail@foo.bar","firstName":"foo","lastName":"bar","username":"test"}');
     }
 
-    function loadUserInfo() {
-        keycloak.loadUserInfo().success(function(userInfo) {
+    async function loadUserInfo() {
+        try {
+            const userInfo = await keycloak.loadUserInfo();
             output(userInfo);
-        }).error(function() {
+        } catch (error) {
             output('Failed to load user info');
-        });
+        }
     }
 
     function refreshToken(minValidity) {

src/main/scala/akkahttp/oidc/OIDCKeycloak.scala

@@ -12,7 +12,7 @@ import org.apache.pekko.http.scaladsl.server.{AuthenticationFailedRejection, Dir
 import org.apache.pekko.http.scaladsl.unmarshalling.Unmarshal
 import org.keycloak.TokenVerifier
 import org.keycloak.adapters.KeycloakDeploymentBuilder
-import org.keycloak.admin.client.{CreatedResponseUtil, Keycloak, KeycloakBuilder}
+import org.keycloak.admin.client.{CreatedResponseUtil, Keycloak}
 import org.keycloak.jose.jws.AlgorithmType
 import org.keycloak.representations.AccessToken
 import org.keycloak.representations.adapters.config.AdapterConfig
@@ -33,13 +33,13 @@ import scala.util.{Failure, Success}
 
 
 /**
-  * A "one-click" Keycloak OIDC server with pekko-http frontend
+  * A "one-click" Keycloak OIDC server with pekko-http frontend.
+  * The pekko-http endpoint /users loads all users from the Keycloak server.
   *
   * Inspired by:
   * https://scalac.io/blog/user-authentication-keycloak-1
   *
-  * Uses a HTML5 client:
-  * https://github.com/keycloak/keycloak/tree/main/examples/js-console
+  * Uses a HTML5 client: src/main/resources/KeycloakClient.html
   * instead of the separate React client
   *
   * Runs with:
@@ -48,8 +48,7 @@ import scala.util.{Failure, Success}
   *
   * Doc:
   * https://www.keycloak.org/docs/latest/securing_apps/#_javascript_adapter
-  * https://doc.akka.io/docs/akka-http/current/routing-dsl/directives/security-directives/index.html
-  *
+  * https://pekko.apache.org/docs/pekko-http/1.0/routing-dsl/directives/security-directives/index.html
   */
 object OIDCKeycloak extends App with CORSHandler with JsonSupport {
   val logger: Logger = LoggerFactory.getLogger(this.getClass)
@@ -59,7 +58,7 @@ object OIDCKeycloak extends App with CORSHandler with JsonSupport {
 
   def runKeycloak() = {
     // Pin to same version as "keycloakVersion" in build.sbt
-    val keycloak = new KeycloakContainer("quay.io/keycloak/keycloak:21.1.2")
+    val keycloak = new KeycloakContainer("quay.io/keycloak/keycloak:24.0.4")
       // Keycloak config taken from:
       // https://github.com/keycloak/keycloak/blob/main/examples/js-console/example-realm.json
       .withRealmImportFile("keycloak_realm_config.json")
@@ -74,14 +73,8 @@ object OIDCKeycloak extends App with CORSHandler with JsonSupport {
     val adminClientId = "admin-cli"
 
     def initAdminClient() = {
-      val keycloakAdminClient = KeycloakBuilder.builder()
-        .serverUrl(keycloak.getAuthServerUrl)
-        .realm("master")
-        .clientId(adminClientId)
-        .username(keycloak.getAdminUsername)
-        .password(keycloak.getAdminPassword)
-        .build()
-      logger.info("Connected to Keycloak server version: " + keycloakAdminClient.serverInfo().getInfo.getSystemInfo.getVersion)
+      val keycloakAdminClient = keycloak.getKeycloakAdminClient()
+      logger.info("Connected to Keycloak server version: {}", keycloakAdminClient.serverInfo().getInfo.getSystemInfo.getVersion)
       keycloakAdminClient
     }