Merge pull request #24300 from geoand/#20505-2

Add first version of Keycloak admin client based on Reactive REST Client

bom/application/pom.xml

@@ -828,6 +828,16 @@
                 <artifactId>quarkus-keycloak-admin-client-deployment</artifactId>
                 <version>${project.version}</version>
             </dependency>
+            <dependency>
+                <groupId>io.quarkus</groupId>
+                <artifactId>quarkus-keycloak-admin-client-reactive</artifactId>
+                <version>${project.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>io.quarkus</groupId>
+                <artifactId>quarkus-keycloak-admin-client-reactive-deployment</artifactId>
+                <version>${project.version}</version>
+            </dependency>
             <dependency>
                 <groupId>io.quarkus</groupId>
                 <artifactId>quarkus-flyway</artifactId>

devtools/bom-descriptor-json/pom.xml

@@ -1072,6 +1072,19 @@
                         </exclusion>
                     </exclusions>
                 </dependency>
+                <dependency>
+                    <groupId>io.quarkus</groupId>
+                    <artifactId>quarkus-keycloak-admin-client-reactive</artifactId>
+                    <version>${project.version}</version>
+                    <type>pom</type>
+                    <scope>test</scope>
+                    <exclusions>
+                        <exclusion>
+                            <groupId>*</groupId>
+                            <artifactId>*</artifactId>
+                        </exclusion>
+                    </exclusions>
+                </dependency>
                 <dependency>
                     <groupId>io.quarkus</groupId>
                     <artifactId>quarkus-keycloak-authorization</artifactId>

docs/pom.xml

@@ -1032,6 +1032,19 @@
                 </exclusion>
             </exclusions>
         </dependency>
+        <dependency>
+            <groupId>io.quarkus</groupId>
+            <artifactId>quarkus-keycloak-admin-client-reactive-deployment</artifactId>
+            <version>${project.version}</version>
+            <type>pom</type>
+            <scope>test</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>*</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
         <dependency>
             <groupId>io.quarkus</groupId>
             <artifactId>quarkus-keycloak-authorization-deployment</artifactId>

docs/src/main/asciidoc/security-openid-connect.adoc

@@ -197,7 +197,7 @@ Log in as the `admin` user to access the Keycloak Administration Console. Userna
 Import the {quickstarts-tree-url}/security-openid-connect-quickstart/config/quarkus-realm.json[realm configuration file] to create a new realm. For more details, see the Keycloak documentation about how to https://www.keycloak.org/docs/latest/server_admin/index.html#_create-realm[create a new realm].
 
 NOTE: If you want to use the Keycloak Admin Client to configure your server from your application you need to include the
-`quarkus-keycloak-admin-client` extension.
+either `quarkus-keycloak-admin-client` or the `quarkus-keycloak-admin-client-reactive` (if the application uses `quarkus-rest-client-reactive`) extension.
 
 [[keycloak-dev-mode]]
 === Running the Application in Dev mode

docs/src/main/asciidoc/security.adoc

@@ -80,7 +80,7 @@ If you use Keycloak and Bearer tokens then also see the xref:security-keycloak-a
 
 [NOTE]
 ====
-If you need to configure Keycloak programmatically then consider using https://www.keycloak.org/docs/latest/server_development/#admin-rest-api[Keycloak Admin REST API] with the help of the `quarkus-keycloak-admin-client` extension.
+If you need to configure Keycloak programmatically then consider using https://www.keycloak.org/docs/latest/server_development/#admin-rest-api[Keycloak Admin REST API] with the help of the `quarkus-keycloak-admin-client` or `quarkus-keycloak-admin-client-reactive` (if the application uses `quarkus-rest-client-reactive`) extension.
 ====
 
 === OpenID Connect Client and Filters

extensions/keycloak-admin-client-reactive/deployment/pom.xml

@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <artifactId>quarkus-keycloak-admin-client-reactive-parent</artifactId>
+        <groupId>io.quarkus</groupId>
+        <version>999-SNAPSHOT</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>quarkus-keycloak-admin-client-reactive-deployment</artifactId>
+    <name>Quarkus - Keycloak Admin Client - Reactive - Deployment</name>
+
+    <dependencies>
+        <dependency>
+            <groupId>io.quarkus</groupId>
+            <artifactId>quarkus-keycloak-admin-client-reactive</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>io.quarkus</groupId>
+            <artifactId>quarkus-rest-client-reactive-jackson-deployment</artifactId>
+        </dependency>
+        <!-- Test dependencies -->
+        <dependency>
+            <groupId>io.quarkus</groupId>
+            <artifactId>quarkus-junit5-internal</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>io.rest-assured</groupId>
+            <artifactId>rest-assured</artifactId>
+            <scope>test</scope>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <configuration>
+                    <annotationProcessorPaths>
+                        <path>
+                            <groupId>io.quarkus</groupId>
+                            <artifactId>quarkus-extension-processor</artifactId>
+                            <version>${project.version}</version>
+                        </path>
+                    </annotationProcessorPaths>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+
+</project>

extensions/keycloak-admin-client-reactive/deployment/src/main/java/io/quarkus/keycloak/admin/client/reactive/KeycloakAdminClientReactiveProcessor.java

@@ -0,0 +1,56 @@
+package io.quarkus.keycloak.admin.client.reactive;
+
+import org.jboss.jandex.DotName;
+import org.keycloak.admin.client.spi.ResteasyClientProvider;
+import org.keycloak.common.util.MultivaluedHashMap;
+import org.keycloak.json.StringListMapDeserializer;
+import org.keycloak.json.StringOrArrayDeserializer;
+import org.keycloak.json.StringOrArraySerializer;
+
+import io.quarkus.deployment.annotations.BuildProducer;
+import io.quarkus.deployment.annotations.BuildStep;
+import io.quarkus.deployment.annotations.ExecutionTime;
+import io.quarkus.deployment.annotations.Produce;
+import io.quarkus.deployment.annotations.Record;
+import io.quarkus.deployment.builditem.AdditionalApplicationArchiveMarkerBuildItem;
+import io.quarkus.deployment.builditem.ServiceStartBuildItem;
+import io.quarkus.deployment.builditem.nativeimage.ReflectiveClassBuildItem;
+import io.quarkus.deployment.builditem.nativeimage.ReflectiveHierarchyIgnoreWarningBuildItem;
+import io.quarkus.deployment.builditem.nativeimage.ServiceProviderBuildItem;
+import io.quarkus.keycloak.admin.client.reactive.runtime.ResteasyReactiveClientProvider;
+import io.quarkus.keycloak.admin.client.reactive.runtime.ResteasyReactiveKeycloakAdminClientRecorder;
+
+public class KeycloakAdminClientReactiveProcessor {
+
+    @BuildStep
+    void marker(BuildProducer<AdditionalApplicationArchiveMarkerBuildItem> producer) {
+        producer.produce(new AdditionalApplicationArchiveMarkerBuildItem("org/keycloak/admin/client/"));
+        producer.produce(new AdditionalApplicationArchiveMarkerBuildItem("org/keycloak/representations"));
+    }
+
+    @BuildStep
+    public void nativeImage(BuildProducer<ServiceProviderBuildItem> serviceProviderProducer,
+            BuildProducer<ReflectiveClassBuildItem> reflectiveClassProducer,
+            BuildProducer<ReflectiveHierarchyIgnoreWarningBuildItem> reflectiveHierarchyProducer) {
+        serviceProviderProducer.produce(new ServiceProviderBuildItem(ResteasyClientProvider.class.getName(),
+                ResteasyReactiveClientProvider.class.getName()));
+        reflectiveClassProducer.produce(ReflectiveClassBuildItem.builder(
+                StringListMapDeserializer.class,
+                StringOrArrayDeserializer.class,
+                StringOrArraySerializer.class)
+                .constructors(true)
+                .methods(true)
+                .build());
+        reflectiveHierarchyProducer.produce(
+                new ReflectiveHierarchyIgnoreWarningBuildItem(new ReflectiveHierarchyIgnoreWarningBuildItem.DotNameExclusion(
+                        DotName.createSimple(MultivaluedHashMap.class.getName()))));
+    }
+
+    @Record(ExecutionTime.STATIC_INIT)
+    @Produce(ServiceStartBuildItem.class)
+    @BuildStep
+    public void integrate(ResteasyReactiveKeycloakAdminClientRecorder recorder) {
+        recorder.setClientProvider();
+    }
+
+}

extensions/keycloak-admin-client-reactive/pom.xml

@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <artifactId>quarkus-extensions-parent</artifactId>
+        <groupId>io.quarkus</groupId>
+        <version>999-SNAPSHOT</version>
+        <relativePath>../pom.xml</relativePath>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>quarkus-keycloak-admin-client-reactive-parent</artifactId>
+    <name>Quarkus - Keycloak Admin Client - Reactive</name>
+    <packaging>pom</packaging>
+    <modules>
+        <module>deployment</module>
+        <module>runtime</module>
+    </modules>
+</project>

extensions/keycloak-admin-client-reactive/runtime/pom.xml

@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <artifactId>quarkus-keycloak-admin-client-reactive-parent</artifactId>
+        <groupId>io.quarkus</groupId>
+        <version>999-SNAPSHOT</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>quarkus-keycloak-admin-client-reactive</artifactId>
+    <name>Quarkus - Keycloak Admin Client - Reactive - Runtime</name>
+    <description>Administer a Keycloak Instance</description>
+
+    <dependencies>
+        <dependency>
+            <groupId>io.quarkus</groupId>
+            <artifactId>quarkus-rest-client-reactive-jackson</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-core</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-admin-client</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.jboss.resteasy</groupId>
+                    <artifactId>resteasy-client</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.jboss.resteasy</groupId>
+                    <artifactId>resteasy-multipart-provider</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.jboss.resteasy</groupId>
+                    <artifactId>resteasy-jackson2-provider</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.jboss.resteasy</groupId>
+                    <artifactId>resteasy-jaxb-provider</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>commons-logging</groupId>
+                    <artifactId>commons-logging</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.jboss.logging</groupId>
+            <artifactId>commons-logging-jboss-logging</artifactId>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>io.quarkus</groupId>
+                <artifactId>quarkus-bootstrap-maven-plugin</artifactId>
+            </plugin>
+            <plugin>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <configuration>
+                    <annotationProcessorPaths>
+                        <path>
+                            <groupId>io.quarkus</groupId>
+                            <artifactId>quarkus-extension-processor</artifactId>
+                            <version>${project.version}</version>
+                        </path>
+                    </annotationProcessorPaths>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+</project>

extensions/keycloak-admin-client-reactive/runtime/src/main/java/io/quarkus/keycloak/admin/client/reactive/runtime/ResteasyReactiveClientProvider.java

@@ -0,0 +1,71 @@
+package io.quarkus.keycloak.admin.client.reactive.runtime;
+
+import javax.net.ssl.SSLContext;
+import javax.ws.rs.client.Client;
+import javax.ws.rs.client.WebTarget;
+
+import org.jboss.resteasy.reactive.client.impl.ClientBuilderImpl;
+import org.jboss.resteasy.reactive.client.impl.WebTargetImpl;
+import org.jboss.resteasy.reactive.server.jackson.JacksonBasicMessageBodyReader;
+import org.keycloak.admin.client.spi.ResteasyClientProvider;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+
+import io.quarkus.arc.Arc;
+import io.quarkus.arc.ArcContainer;
+import io.quarkus.arc.InstanceHandle;
+import io.quarkus.rest.client.reactive.jackson.runtime.serialisers.ClientJacksonMessageBodyWriter;
+
+public class ResteasyReactiveClientProvider implements ResteasyClientProvider {
+
+    @Override
+    public Client newRestEasyClient(Object messageHandler, SSLContext sslContext, boolean disableTrustManager) {
+        ClientBuilderImpl clientBuilder = new ClientBuilderImpl();
+        return registerJacksonProviders(clientBuilder).build();
+    }
+
+    // this code is much more complicated than expected because it needs to handle various permutations
+    // where beans may or may not exist
+    private ClientBuilderImpl registerJacksonProviders(ClientBuilderImpl clientBuilder) {
+        ArcContainer arcContainer = Arc.container();
+        if (arcContainer == null) {
+            throw new IllegalStateException(this.getClass().getName() + " should only be used in a Quarkus application");
+        } else {
+            InstanceHandle<ObjectMapper> objectMapperInstance = arcContainer.instance(ObjectMapper.class);
+            ObjectMapper objectMapper = null;
+
+            InstanceHandle<JacksonBasicMessageBodyReader> readerInstance = arcContainer
+                    .instance(JacksonBasicMessageBodyReader.class);
+            if (readerInstance.isAvailable()) {
+                clientBuilder = clientBuilder.register(readerInstance.get());
+            } else {
+                objectMapper = getObjectMapper(objectMapper, objectMapperInstance);
+                clientBuilder = clientBuilder.register(new JacksonBasicMessageBodyReader(objectMapper));
+            }
+
+            InstanceHandle<ClientJacksonMessageBodyWriter> writerInstance = arcContainer
+                    .instance(ClientJacksonMessageBodyWriter.class);
+            if (writerInstance.isAvailable()) {
+                clientBuilder = clientBuilder.register(writerInstance.get());
+            } else {
+                objectMapper = getObjectMapper(objectMapper, objectMapperInstance);
+                clientBuilder = clientBuilder.register(new ClientJacksonMessageBodyWriter(objectMapper));
+            }
+        }
+        return clientBuilder;
+    }
+
+    // the whole idea here is to reuse the ObjectMapper instance
+    private ObjectMapper getObjectMapper(ObjectMapper value,
+            InstanceHandle<ObjectMapper> objectMapperInstance) {
+        if (value == null) {
+            return objectMapperInstance.isAvailable() ? objectMapperInstance.get() : new ObjectMapper();
+        }
+        return value;
+    }
+
+    @Override
+    public <R> R targetProxy(WebTarget target, Class<R> targetClass) {
+        return ((WebTargetImpl) target).proxy(targetClass);
+    }
+}

extensions/keycloak-admin-client-reactive/runtime/src/main/java/io/quarkus/keycloak/admin/client/reactive/runtime/ResteasyReactiveKeycloakAdminClientRecorder.java

@@ -0,0 +1,13 @@
+package io.quarkus.keycloak.admin.client.reactive.runtime;
+
+import org.keycloak.admin.client.Keycloak;
+
+import io.quarkus.runtime.annotations.Recorder;
+
+@Recorder
+public class ResteasyReactiveKeycloakAdminClientRecorder {
+
+    public void setClientProvider() {
+        Keycloak.setClientProvider(new ResteasyReactiveClientProvider());
+    }
+}

extensions/pom.xml

@@ -133,6 +133,7 @@
         <module>oidc-token-propagation-reactive</module>
         <module>keycloak-authorization</module>
         <module>keycloak-admin-client</module>
+        <module>keycloak-admin-client-reactive</module>
         <module>credentials</module>
 
         <!-- Infinispan -->