Skip to content

fix: creating a cleaner module for use by java clients#47874

Merged
vmuzikar merged 3 commits intokeycloak:mainfrom
shawkins:iss47872
Apr 16, 2026
Merged

fix: creating a cleaner module for use by java clients#47874
vmuzikar merged 3 commits intokeycloak:mainfrom
shawkins:iss47872

Conversation

@shawkins
Copy link
Copy Markdown
Contributor

@shawkins shawkins commented Apr 9, 2026
edited
Loading

close: #48114

Rather than relying on dependency exclusion, we can refactor to have a cleaner layer for clients to use. Basically the representations, validation annotations, and rest interfaces are now in the "api" module, with everything else in "services".

@shawkins shawkins changed the title fix: creating a cleaner module for use by clients fix: creating a cleaner module for use by java clients Apr 9, 2026
@keycloak-github-bot keycloak-github-bot Bot mentioned this pull request Apr 9, 2026
Closed
keycloak-github-bot[bot]
keycloak-github-bot Bot reviewed Apr 9, 2026
View reviewed changes
Copy link
Copy Markdown

@keycloak-github-bot keycloak-github-bot Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unreported flaky test detected, please review

@keycloak-github-bot
Copy link
Copy Markdown

keycloak-github-bot Bot commented Apr 9, 2026

Unreported flaky test detected

If the flaky tests below are affected by the changes, please review and update the changes accordingly. Otherwise, a maintainer should report the flaky tests prior to merging the PR.

org.keycloak.testsuite.model.session.AuthenticationSessionTest#testConcurrentAuthenticationSessionsCreation

Keycloak CI - Store Model Tests

java.lang.AssertionError: 
threads didn't terminate in time: [main (RUNNABLE):
	at java.management@25.0.2/sun.management.ThreadImpl.dumpThreads0(Native Method)
	at java.management@25.0.2/sun.management.ThreadImpl.dumpAllThreads(ThreadImpl.java:505)
	at java.management@25.0.2/sun.management.ThreadImpl.dumpAllThreads(ThreadImpl.java:493)
...

Report flaky test

org.keycloak.testsuite.model.session.AuthenticationSessionTest#testConcurrentAuthenticationSessionsCreation

Keycloak CI - Store Model Tests

java.lang.AssertionError: 
threads didn't terminate in time: [main (RUNNABLE):
	at java.management@25.0.2/sun.management.ThreadImpl.dumpThreads0(Native Method)
	at java.management@25.0.2/sun.management.ThreadImpl.dumpAllThreads(ThreadImpl.java:505)
	at java.management@25.0.2/sun.management.ThreadImpl.dumpAllThreads(ThreadImpl.java:493)
...

Report flaky test

org.keycloak.testsuite.model.session.UserSessionProviderModelTest#testStreamsMarshalling

Keycloak CI - Store Model Tests

java.lang.AssertionError: 
threads didn't terminate in time: [main (RUNNABLE):
	at java.management@25.0.2/sun.management.ThreadImpl.dumpThreads0(Native Method)
	at java.management@25.0.2/sun.management.ThreadImpl.dumpAllThreads(ThreadImpl.java:505)
	at java.management@25.0.2/sun.management.ThreadImpl.dumpAllThreads(ThreadImpl.java:493)
...

Report flaky test

@shawkins shawkins mentioned this pull request Apr 9, 2026
Merged
@keycloak-github-bot keycloak-github-bot Bot mentioned this pull request Apr 9, 2026
Closed
keycloak-github-bot[bot]
keycloak-github-bot Bot reviewed Apr 9, 2026
View reviewed changes
Copy link
Copy Markdown

@keycloak-github-bot keycloak-github-bot Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unreported flaky test detected, please review

@keycloak-github-bot
Copy link
Copy Markdown

keycloak-github-bot Bot commented Apr 9, 2026

Unreported flaky test detected

If the flaky tests below are affected by the changes, please review and update the changes accordingly. Otherwise, a maintainer should report the flaky tests prior to merging the PR.

org.keycloak.testsuite.model.session.UserSessionProviderOfflineModelTest#testOfflineSessionLazyLoading

Keycloak CI - Store Model Tests

java.lang.AssertionError: 
threads didn't terminate in time: [main (RUNNABLE):
	at java.management@25.0.2/sun.management.ThreadImpl.dumpThreads0(Native Method)
	at java.management@25.0.2/sun.management.ThreadImpl.dumpAllThreads(ThreadImpl.java:505)
	at java.management@25.0.2/sun.management.ThreadImpl.dumpAllThreads(ThreadImpl.java:493)
...

Report flaky test

org.keycloak.testsuite.model.session.UserSessionProviderModelTest#testStreamsMarshalling

Keycloak CI - Store Model Tests

java.lang.AssertionError: 
threads didn't terminate in time: [main (RUNNABLE):
	at java.management@25.0.2/sun.management.ThreadImpl.dumpThreads0(Native Method)
	at java.management@25.0.2/sun.management.ThreadImpl.dumpAllThreads(ThreadImpl.java:505)
	at java.management@25.0.2/sun.management.ThreadImpl.dumpAllThreads(ThreadImpl.java:493)
...

Report flaky test

@shawkins shawkins force-pushed the iss47872 branch 2 times, most recently from c331a54 to c7e4a10 Compare April 9, 2026 14:50
michalvavrik
michalvavrik reviewed Apr 9, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@michalvavrik michalvavrik left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1 for extracting API. It feels like I shouldn't be the making this call as I am not yet familiar with all customs here, so I'll skip this one.

@shawkins shawkins force-pushed the iss47872 branch 2 times, most recently from 537803d to be4f71c Compare April 9, 2026 16:02
@shawkins shawkins mentioned this pull request Apr 9, 2026
Merged
@shawkins
Copy link
Copy Markdown
Contributor Author

shawkins commented Apr 9, 2026

Everything else was moved to the api module as I didn't yet want to introduce a third module.

With two modules the ValidationContext is used to isolate the "rest" module from keycloak-server-spi.

Alternatives:

  • If we added a third module we can have things even more factored:

    • "api or rest" - just rest interfaces and representations, has a provided dependencies on "validations" and hibernate validator. This would be the only module needed by the admin client.
    • "validations" - May directly use keycloak-server-spi, so the ValidationContext can go back to directly referencing the session and realm.
    • "services" - everything else.

  • Allow a provided dependency to keycloak-server-spi, but ensure we only use those classes in the validation logic. If it inadvertantly makes it into the representations, or rest interfaces we risk either pulling in unintended dependencies or making the creation of the admin client more complicated.

  • Just rely on fix: remove extra dependencies from the operator #47902 and let the admin client creation logic look across multiple modules, selectively copy classes, etc.

@keycloak-github-bot keycloak-github-bot Bot mentioned this pull request Apr 9, 2026
Closed
@keycloak-github-bot
Copy link
Copy Markdown

keycloak-github-bot Bot commented Apr 9, 2026

Unreported flaky test detected

If the flaky tests below are affected by the changes, please review and update the changes accordingly. Otherwise, a maintainer should report the flaky tests prior to merging the PR.

org.keycloak.testsuite.model.session.UserSessionProviderModelTest#testCreateUserSessionsParallel

Keycloak CI - Store Model Tests

java.lang.AssertionError: 
threads didn't terminate in time: [main (RUNNABLE):
	at java.management@25.0.2/sun.management.ThreadImpl.dumpThreads0(Native Method)
	at java.management@25.0.2/sun.management.ThreadImpl.dumpAllThreads(ThreadImpl.java:505)
	at java.management@25.0.2/sun.management.ThreadImpl.dumpAllThreads(ThreadImpl.java:493)
...

Report flaky test

org.keycloak.testsuite.model.session.UserSessionProviderModelTest#testStreamsMarshalling

Keycloak CI - Store Model Tests

java.lang.AssertionError: 
threads didn't terminate in time: [main (RUNNABLE):
	at java.management@25.0.2/sun.management.ThreadImpl.dumpThreads0(Native Method)
	at java.management@25.0.2/sun.management.ThreadImpl.dumpAllThreads(ThreadImpl.java:505)
	at java.management@25.0.2/sun.management.ThreadImpl.dumpAllThreads(ThreadImpl.java:493)
...

Report flaky test

org.keycloak.testsuite.model.session.AuthenticationSessionTest#testConcurrentAuthenticationSessionsCreation

Keycloak CI - Store Model Tests

java.lang.AssertionError: 
threads didn't terminate in time: [main (RUNNABLE):
	at java.management@25.0.2/sun.management.ThreadImpl.dumpThreads0(Native Method)
	at java.management@25.0.2/sun.management.ThreadImpl.dumpAllThreads(ThreadImpl.java:505)
	at java.management@25.0.2/sun.management.ThreadImpl.dumpAllThreads(ThreadImpl.java:493)
...

org.infinispan.remoting.RemoteException: ISPN000217: Received exception from node-5, see cause for remote stack trace
	at org.infinispan.remoting.transport.ResponseCollectors.wrapRemoteException(ResponseCollectors.java:26)
	at org.infinispan.remoting.transport.ValidSingleResponseCollector.withException(ValidSingleResponseCollector.java:37)
	at org.infinispan.remoting.transport.ValidSingleResponseCollector.addResponse(ValidSingleResponseCollector.java:21)
	at org.infinispan.remoting.transport.impl.SingleTargetRequest.addResponse(SingleTargetRequest.java:69)
...

Report flaky test

keycloak-github-bot[bot]
keycloak-github-bot Bot reviewed Apr 9, 2026
View reviewed changes
Copy link
Copy Markdown

@keycloak-github-bot keycloak-github-bot Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unreported flaky test detected, please review

@shawkins shawkins mentioned this pull request Apr 9, 2026
Closed
@keycloak-github-bot keycloak-github-bot Bot mentioned this pull request Apr 9, 2026
Closed
@keycloak-github-bot
Copy link
Copy Markdown

keycloak-github-bot Bot commented Apr 9, 2026

Unreported flaky test detected

If the flaky tests below are affected by the changes, please review and update the changes accordingly. Otherwise, a maintainer should report the flaky tests prior to merging the PR.

org.keycloak.testsuite.model.session.UserSessionInitializerTest#testUserSessionPropagationBetweenSites

Keycloak CI - Store Model Tests

java.lang.AssertionError: 
threads didn't terminate in time: [main (RUNNABLE):
	at java.management@25.0.2/sun.management.ThreadImpl.dumpThreads0(Native Method)
	at java.management@25.0.2/sun.management.ThreadImpl.dumpAllThreads(ThreadImpl.java:505)
	at java.management@25.0.2/sun.management.ThreadImpl.dumpAllThreads(ThreadImpl.java:493)
...

Report flaky test

org.keycloak.testsuite.model.session.OfflineSessionPersistenceTest#testLazyOfflineUserSessionFetching

Keycloak CI - Store Model Tests

org.infinispan.remoting.RemoteException: ISPN000217: Received exception from node-29, see cause for remote stack trace
	at org.infinispan.remoting.transport.ResponseCollectors.wrapRemoteException(ResponseCollectors.java:26)
	at org.infinispan.remoting.transport.ValidSingleResponseCollector.withException(ValidSingleResponseCollector.java:37)
	at org.infinispan.remoting.transport.ValidSingleResponseCollector.addResponse(ValidSingleResponseCollector.java:21)
	at org.infinispan.remoting.transport.impl.SingleTargetRequest.addResponse(SingleTargetRequest.java:69)
...

Report flaky test

org.keycloak.testsuite.model.session.UserSessionProviderModelTest#testStreamsMarshalling

Keycloak CI - Store Model Tests

java.lang.AssertionError: 
threads didn't terminate in time: [main (RUNNABLE):
	at java.management@25.0.2/sun.management.ThreadImpl.dumpThreads0(Native Method)
	at java.management@25.0.2/sun.management.ThreadImpl.dumpAllThreads(ThreadImpl.java:505)
	at java.management@25.0.2/sun.management.ThreadImpl.dumpAllThreads(ThreadImpl.java:493)
...

Report flaky test

org.keycloak.testsuite.model.session.UserSessionProviderOfflineModelTest#testOfflineSessionLazyLoading

Keycloak CI - Store Model Tests

java.lang.AssertionError: 
threads didn't terminate in time: [main (RUNNABLE):
	at java.management@25.0.2/sun.management.ThreadImpl.dumpThreads0(Native Method)
	at java.management@25.0.2/sun.management.ThreadImpl.dumpAllThreads(ThreadImpl.java:505)
	at java.management@25.0.2/sun.management.ThreadImpl.dumpAllThreads(ThreadImpl.java:493)
...

Report flaky test

keycloak-github-bot[bot]
keycloak-github-bot Bot reviewed Apr 9, 2026
View reviewed changes
Copy link
Copy Markdown

@keycloak-github-bot keycloak-github-bot Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unreported flaky test detected, please review

@vmuzikar
Copy link
Copy Markdown
Contributor

vmuzikar commented Apr 13, 2026

If we added a third module we can have things even more factored

As discussed offline, let's try the 3 module structure: api, validations, services.

@keycloak-github-bot keycloak-github-bot Bot mentioned this pull request Apr 14, 2026
Closed
keycloak-github-bot[bot]
keycloak-github-bot Bot reviewed Apr 14, 2026
View reviewed changes
Copy link
Copy Markdown

@keycloak-github-bot keycloak-github-bot Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unreported flaky test detected, please review

@keycloak-github-bot
Copy link
Copy Markdown

keycloak-github-bot Bot commented Apr 14, 2026

Unreported flaky test detected

If the flaky tests below are affected by the changes, please review and update the changes accordingly. Otherwise, a maintainer should report the flaky tests prior to merging the PR.

org.keycloak.testsuite.model.session.UserSessionProviderModelTest#testCreateUserSessionsParallel

Keycloak CI - Store Model Tests

java.lang.AssertionError: 
threads didn't terminate in time: [main (RUNNABLE):
	at java.management@25.0.2/sun.management.ThreadImpl.dumpThreads0(Native Method)
	at java.management@25.0.2/sun.management.ThreadImpl.dumpAllThreads(ThreadImpl.java:505)
	at java.management@25.0.2/sun.management.ThreadImpl.dumpAllThreads(ThreadImpl.java:493)
...

Report flaky test

@shawkins
fix: minimizing the dependencies for the rest module
74ed7d5 
closes: keycloak#48114

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
@shawkins shawkins force-pushed the iss47872 branch 2 times, most recently from 225746f to 29df2ac Compare April 15, 2026 19:17
@shawkins
renaming the modules
e7ed9c7 
also remove jsonnode logic from the oas filter and the databind
dependency

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
@shawkins shawkins marked this pull request as ready for review April 15, 2026 21:57
@shawkins shawkins requested review from a team as code owners April 15, 2026 21:57
@shawkins
Copy link
Copy Markdown
Contributor Author

shawkins commented Apr 15, 2026

@vmuzikar @Pepo48 updated based upon the direction from our meeting. Should be ready for more review.

michalvavrik
michalvavrik reviewed Apr 16, 2026
View reviewed changes
Comment thread .../src/main/java/org/keycloak/representations/admin/v2/validators/UuidUnmodifiedValidator.java Outdated
if (type == BaseClientRepresentation.class) {
uuidProvider = new ClientUuidProvider();
} else {
throw new AssertionError("Not Uuid Provider defined for " + type);
Copy link
Copy Markdown
Member

@michalvavrik michalvavrik Apr 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
throw new AssertionError("Not Uuid Provider defined for " + type);
throw new AssertionError("No Uuid Provider defined for " + type);

michalvavrik
michalvavrik reviewed Apr 16, 2026
View reviewed changes
Comment thread quarkus/runtime/pom.xml Outdated
</exclusions>
</dependency>

Copy link
Copy Markdown
Member

@michalvavrik michalvavrik Apr 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

let's drop the trailing white space (in case it was intentional, I'd like to learn about it so that I understand in the future as well)

Copy link
Copy Markdown
Contributor Author

@shawkins shawkins Apr 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's not intentional, just my ide seems to not be set to remove trailing from all file types.

michalvavrik
michalvavrik reviewed Apr 16, 2026
View reviewed changes
Comment thread rest/admin-v2/services/pom.xml Outdated
</dependency>
</dependencies>

Copy link
Copy Markdown
Member

@michalvavrik michalvavrik Apr 16, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change

(trailing white space, the new line is fine)

michalvavrik
michalvavrik reviewed Apr 16, 2026
View reviewed changes
Comment thread .../src/main/java/org/keycloak/representations/admin/v2/validators/UuidUnmodifiedValidator.java Outdated
uuidProvider = constraintAnnotation.uuidProvider().getDeclaredConstructor().newInstance();
} catch (ReflectiveOperationException e) {
throw new RuntimeException("Failed to instantiate UUID provider: " + constraintAnnotation.uuidProvider().getName(), e);
Class<?> type = constraintAnnotation.type();
Copy link
Copy Markdown
Member

@michalvavrik michalvavrik Apr 16, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This requires no changes if you want to make it explicit. I just meant to note you could avoid type (drop the annotation attribute) as you already know the type in isValid anyway, so you could initialize uuidProvider there lazily into volatile prop. It is just matter of preference and yours is fine with me.

Copy link
Copy Markdown
Contributor Author

@shawkins shawkins Apr 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for this simplification. Updated to remove the type attribute and addressed the other review comments.

@shawkins
addressing review comments
195f9c7 
Signed-off-by: Steve Hawkins <shawkins@redhat.com>
vmuzikar
vmuzikar approved these changes Apr 16, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@vmuzikar vmuzikar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks.

Comment thread .../src/main/java/org/keycloak/representations/admin/v2/validators/UuidUnmodifiedValidator.java
Comment on lines +28 to +32
if (BaseClientRepresentation.class.isAssignableFrom(type)) {
uuidProvider = new ClientUuidProvider();
} else {
throw new AssertionError("No UuidProvider defined for " + type);
}
Copy link
Copy Markdown
Contributor

@vmuzikar vmuzikar Apr 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is not ideal, it's shifting the dependency for providing the UUID from the representation to the validator that should not be concerned with representation specific details like how to get the UUID. That said, it's ok from my perspective for now and we will revisit later in #44162 and #47451.

@vmuzikar
Copy link
Copy Markdown
Contributor

vmuzikar commented Apr 16, 2026

Build seems to be failing, though.

@shawkins
Copy link
Copy Markdown
Contributor Author

shawkins commented Apr 16, 2026

Build seems to be failing, though.

Should just be some npm flakiness.

michalvavrik
michalvavrik approved these changes Apr 16, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@michalvavrik michalvavrik left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@keycloak-github-bot keycloak-github-bot Bot mentioned this pull request Apr 16, 2026
Closed
@vmuzikar vmuzikar merged commit e9f5930 into keycloak:main Apr 16, 2026
98 of 100 checks passed
@vmuzikar vmuzikar mentioned this pull request Apr 16, 2026
Merged
msdaly200 pushed a commit to msdaly200/keycloak that referenced this pull request Apr 22, 2026
@shawkins @msdaly200
fix: creating a cleaner module for use by java clients (keycloak#47874)
f0095f0 
* fix: minimizing the dependencies for the rest module

closes: keycloak#48114

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* renaming the modules

also remove jsonnode logic from the oas filter and the databind
dependency

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* addressing review comments

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vmuzikar vmuzikar vmuzikar approved these changes

@Pepo48 Pepo48 Awaiting requested review from Pepo48

+2 more reviewers

@keycloak-github-bot keycloak-github-bot[bot] keycloak-github-bot[bot] left review comments

@michalvavrik michalvavrik michalvavrik approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

flaky-test team/cloud-native team/ui

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Restructor the client admin api v2 logic

3 participants

@shawkins @vmuzikar @michalvavrik