This is an automated email from the ASF dual-hosted git repository. jamesnetherton pushed a commit to branch quarkus-main in repository https://gitbox.apache.org/repos/asf/camel-quarkus.git
commit e3dfdebe25b588b5820356e25b696db233580d99 Author: James Netherton <[email protected]> AuthorDate: Fri May 22 11:23:24 2026 +0100 Upgrade Quarkus to 3.37.0.CR1 --- .../keycloak/it/KeycloakSecurityPolicyTest.java | 22 +++++++++++++++++++++- pom.xml | 4 ++-- 2 files changed, 23 insertions(+), 3 deletions(-) diff --git a/integration-tests/keycloak/src/test/java/org/apache/camel/quarkus/component/keycloak/it/KeycloakSecurityPolicyTest.java b/integration-tests/keycloak/src/test/java/org/apache/camel/quarkus/component/keycloak/it/KeycloakSecurityPolicyTest.java index 6f584b4d35..406afe22ab 100644 --- a/integration-tests/keycloak/src/test/java/org/apache/camel/quarkus/component/keycloak/it/KeycloakSecurityPolicyTest.java +++ b/integration-tests/keycloak/src/test/java/org/apache/camel/quarkus/component/keycloak/it/KeycloakSecurityPolicyTest.java @@ -16,7 +16,9 @@ */ package org.apache.camel.quarkus.component.keycloak.it; +import java.util.HashMap; import java.util.List; +import java.util.Map; import io.quarkus.test.common.QuarkusTestResource; import io.quarkus.test.junit.QuarkusTest; @@ -26,6 +28,7 @@ import org.junit.jupiter.api.Order; import org.junit.jupiter.api.Test; import org.junit.jupiter.api.TestMethodOrder; import org.keycloak.representations.idm.ClientRepresentation; +import org.keycloak.representations.idm.ProtocolMapperRepresentation; import org.keycloak.representations.idm.UserRepresentation; import static io.restassured.RestAssured.given; @@ -369,13 +372,30 @@ public class KeycloakSecurityPolicyTest extends KeycloakSecurityPolicyTestBase { } protected void createClient() { + String clientId = config("test.client.id"); + ClientRepresentation client = new ClientRepresentation(); - client.setClientId(config("test.client.id")); + client.setClientId(clientId); client.setSecret(TEST_CLIENT_SECRET); client.setPublicClient(false); + client.setClientAuthenticatorType("client-secret"); client.setDirectAccessGrantsEnabled(true); client.setStandardFlowEnabled(true); client.setFullScopeAllowed(true); + client.setServiceAccountsEnabled(true); + + // Add audience protocol mapper to include this client in the token's audience claim + // This is required for Keycloak 26.6.2+ which enforces audience validation for introspection (CVE-2026-37979) + ProtocolMapperRepresentation audienceMapper = new ProtocolMapperRepresentation(); + audienceMapper.setName("audience-mapper"); + audienceMapper.setProtocol("openid-connect"); + audienceMapper.setProtocolMapper("oidc-audience-mapper"); + Map<String, String> mapperConfig = new HashMap<>(); + mapperConfig.put("included.client.audience", clientId); + mapperConfig.put("id.token.claim", "false"); + mapperConfig.put("access.token.claim", "true"); + audienceMapper.setConfig(mapperConfig); + client.setProtocolMappers(List.of(audienceMapper)); given() .contentType(ContentType.JSON) diff --git a/pom.xml b/pom.xml index a84c07f502..3e68f9d5ca 100644 --- a/pom.xml +++ b/pom.xml @@ -64,7 +64,7 @@ <quarkiverse-minio.version>3.8.6</quarkiverse-minio.version><!-- https://repo1.maven.org/maven2/io/quarkiverse/minio/quarkus-minio-parent/ --> <quarkiverse-mybatis.version>2.4.2</quarkiverse-mybatis.version><!-- https://repo1.maven.org/maven2/io/quarkiverse/mybatis/quarkus-mybatis-parent/ --> <quarkiverse-pooled-jms.version>2.12.0</quarkiverse-pooled-jms.version><!-- https://repo1.maven.org/maven2/io/quarkiverse/messaginghub/quarkus-pooled-jms-parent/ --> - <quarkus.version>3.36.1</quarkus.version><!-- https://repo1.maven.org/maven2/io/quarkus/quarkus-bom/ --> + <quarkus.version>999-SNAPSHOT</quarkus.version><!-- https://repo1.maven.org/maven2/io/quarkus/quarkus-bom/ --> <quarkus-hazelcast-client.version>4.1.0</quarkus-hazelcast-client.version><!-- https://repo1.maven.org/maven2/com/hazelcast/quarkus-hazelcast-client-bom/ --> <quarkus-qpid-jms.version>2.12.0</quarkus-qpid-jms.version><!-- This should be in sync with quarkus-platform https://repo1.maven.org/maven2/org/amqphub/quarkus/quarkus-qpid-jms-bom/ --> @@ -140,7 +140,7 @@ <json-smart.version>${json-smart-version}</json-smart.version> <jxmpp.version>1.1.0</jxmpp.version><!-- @sync org.apache.camel:camel-xmpp:${camel.version} dep:org.jxmpp:jxmpp-jid --> <kafka.version>4.2.0</kafka.version><!-- @sync io.quarkus:quarkus-bom:${quarkus.version} dep:org.apache.kafka:kafka-clients --> - <keycloak.version>26.6.1</keycloak.version><!-- @sync io.quarkus:quarkus-build-parent:${quarkus.version} prop:keycloak.server.version --> + <keycloak.version>26.6.2</keycloak.version><!-- @sync io.quarkus:quarkus-build-parent:${quarkus.version} prop:keycloak.server.version --> <kudu.version>${kudu-version}</kudu.version> <kotlin.version>2.3.21</kotlin.version><!-- @sync io.quarkus:quarkus-bom:${quarkus.version} dep:org.jetbrains.kotlin:kotlin-stdlib --> <kotlinx.version>1.4.0</kotlinx.version><!--Used by com.squareup.wire:wire-compiler referenced from aws2:kinesis -->
