[FGAP] Switch the feature from Experimental to Supported

Closes #38651 Signed-off-by: vramik <vramik@redhat.com>
2026-01-09 15:02:05 -03:30 · 2025-04-03 15:31:18 +02:00 · 2025-04-03 15:31:18 +02:00 · 602258d935
commit 602258d935
parent c33cc5c51e
30 changed files with 92 additions and 110 deletions
--- a/common/src/main/java/org/keycloak/common/Profile.java
+++ b/common/src/main/java/org/keycloak/common/Profile.java
@ -55,7 +55,7 @@ public class Profile {

        ADMIN_FINE_GRAINED_AUTHZ("Fine-Grained Admin Permissions", Type.PREVIEW, 1),

-        ADMIN_FINE_GRAINED_AUTHZ_V2("Fine-Grained Admin Permissions version 2", Type.EXPERIMENTAL, 2, Feature.AUTHORIZATION),
+        ADMIN_FINE_GRAINED_AUTHZ_V2("Fine-Grained Admin Permissions version 2", Type.DEFAULT, 2, Feature.AUTHORIZATION),

        ADMIN_API("Admin API", Type.DEFAULT),

--- a/common/src/test/java/org/keycloak/common/ProfileTest.java
+++ b/common/src/test/java/org/keycloak/common/ProfileTest.java
@ -27,7 +27,7 @@ import static org.junit.Assert.assertThrows;

 public class ProfileTest {

-    private static final Profile.Feature DEFAULT_FEATURE = Profile.Feature.AUTHORIZATION;
+    private static final Profile.Feature DEFAULT_FEATURE = Profile.Feature.CLIENT_POLICIES;
    private static final Profile.Feature DISABLED_BY_DEFAULT_FEATURE = Profile.Feature.DOCKER;
    private static final Profile.Feature PREVIEW_FEATURE = Profile.Feature.TOKEN_EXCHANGE;
    private static final Profile.Feature EXPERIMENTAL_FEATURE = Profile.Feature.DYNAMIC_SCOPES;
--- a/model/storage-private/src/main/java/org/keycloak/storage/UserStorageManager.java
+++ b/model/storage-private/src/main/java/org/keycloak/storage/UserStorageManager.java
@ -227,6 +227,7 @@ public class UserStorageManager extends AbstractStorageManager<UserStorageProvid
        runJobInTransaction(session.getKeycloakSessionFactory(), session -> {
            RealmModel realmModel = session.realms().getRealm(realm.getId());
            if (realmModel == null) return;
+            session.getContext().setRealm(realm);
            UserModel deletedUser = UserStoragePrivateUtil.userLocalStorage(session).getUserById(realmModel, userId);
            if (deletedUser != null) {
                try {
--- a/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/FeaturesDistTest.java
+++ b/quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/FeaturesDistTest.java
@ -17,6 +17,7 @@ import org.keycloak.quarkus.runtime.cli.command.Start;
 import org.keycloak.quarkus.runtime.cli.command.StartDev;

 import java.util.Arrays;
+import java.util.Set;
 import java.util.stream.Collectors;

 import static org.hamcrest.CoreMatchers.containsString;
@ -31,6 +32,11 @@ public class FeaturesDistTest {

    private static final String PREVIEW_FEATURES_EXPECTED_LOG = "Preview features enabled: " + Arrays.stream(Profile.Feature.values())
            .filter(feature -> feature.getType() == Profile.Feature.Type.PREVIEW)
+            .filter(feature -> {
+                Set<Profile.Feature> versions = Profile.getFeatureVersions(feature.getKey());
+                if (versions.size() == 1) return true;
+                return versions.iterator().next().getVersion() == feature.getVersion();
+            })
            .map(Profile.Feature::getVersionedKey)
            .sorted()
            .collect(Collectors.joining(", "));
--- a/test-framework/core/src/main/java/org/keycloak/testframework/server/EmbeddedKeycloakServer.java
+++ b/test-framework/core/src/main/java/org/keycloak/testframework/server/EmbeddedKeycloakServer.java
@ -66,6 +66,6 @@ public class EmbeddedKeycloakServer implements KeycloakServer {

    @Override
    public String getManagementBaseUrl() {
-        return "http://localhost:9000";
+        return "http://localhost:9001";
    }
 }
--- a/test-framework/core/src/main/java/org/keycloak/testframework/server/KeycloakServerConfigBuilder.java
+++ b/test-framework/core/src/main/java/org/keycloak/testframework/server/KeycloakServerConfigBuilder.java
@ -5,6 +5,7 @@ import io.quarkus.maven.dependency.DependencyBuilder;
 import io.smallrye.config.SmallRyeConfig;
 import org.eclipse.microprofile.config.spi.ConfigSource;
 import org.keycloak.common.Profile;
+import org.keycloak.common.Profile.Feature;

 import java.net.URISyntaxException;
 import java.nio.file.Path;
@ -206,7 +207,7 @@ public class KeycloakServerConfigBuilder {

    private Set<String> toFeatureStrings(Profile.Feature... features) {
        return Arrays.stream(features).map(f -> {
-            if (f.getVersion() > 1) {
+            if (Profile.getFeatureVersions(f.getKey()).size() > 1) {
                return f.getVersionedKey();
            }
            return f.name().toLowerCase().replace('_', '-');
--- a/tests/base/src/test/java/org/keycloak/tests/admin/FineGrainedPermissionsV1UsersTest.java
+++ b/tests/base/src/test/java/org/keycloak/tests/admin/FineGrainedPermissionsV1UsersTest.java
@ -41,8 +41,8 @@ import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.Matchers.equalTo;
 import static org.hamcrest.Matchers.hasSize;

-@KeycloakIntegrationTest(config = FineGrainedPermissionsUsersTest.ServerConfig.class)
-public class FineGrainedPermissionsUsersTest {
+@KeycloakIntegrationTest(config = FineGrainedPermissionsV1UsersTest.ServerConfig.class)
+public class FineGrainedPermissionsV1UsersTest {

    @InjectRealm(lifecycle = LifeCycle.METHOD)
    ManagedRealm realm;
--- a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/ClientResourceTypeEvaluationTest.java
+++ b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/ClientResourceTypeEvaluationTest.java
@ -70,7 +70,7 @@ import org.keycloak.testframework.annotations.InjectClient;
 import org.keycloak.testframework.annotations.KeycloakIntegrationTest;
 import org.keycloak.testframework.realm.ManagedClient;

-@KeycloakIntegrationTest(config = KeycloakAdminPermissionsServerConfig.class)
+@KeycloakIntegrationTest
 public class ClientResourceTypeEvaluationTest extends AbstractPermissionTest {

    @InjectAdminClient(mode = InjectAdminClient.Mode.MANAGED_REALM, client = "myclient", user = "myadmin")
--- a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/ClientResourceTypeFilteringTest.java
+++ b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/ClientResourceTypeFilteringTest.java
@ -42,7 +42,7 @@ import org.keycloak.representations.idm.authorization.UserPolicyRepresentation;
 import org.keycloak.testframework.annotations.InjectAdminClient;
 import org.keycloak.testframework.annotations.KeycloakIntegrationTest;

-@KeycloakIntegrationTest(config = KeycloakAdminPermissionsServerConfig.class)
+@KeycloakIntegrationTest
 public class ClientResourceTypeFilteringTest extends AbstractPermissionTest {

    @InjectAdminClient(mode = InjectAdminClient.Mode.MANAGED_REALM, client = "myclient", user = "myadmin")
--- a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/ClientResourceTypePermissionTest.java
+++ b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/ClientResourceTypePermissionTest.java
@ -31,7 +31,7 @@ import org.keycloak.testframework.annotations.KeycloakIntegrationTest;
 import org.keycloak.testframework.injection.LifeCycle;
 import org.keycloak.testframework.realm.ManagedClient;

-@KeycloakIntegrationTest(config = KeycloakAdminPermissionsServerConfig.class)
+@KeycloakIntegrationTest
 public class ClientResourceTypePermissionTest extends AbstractPermissionTest {

    @InjectClient(ref = "testClient")
--- a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/FeatureDisabledTest.java
+++ b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/FeatureDisabledTest.java
@ -1,40 +0,0 @@
-/*
- * Copyright 2025 Red Hat, Inc. and/or its affiliates
- * and other contributors as indicated by the @author tags.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.keycloak.tests.admin.authz.fgap;
-
-import static org.hamcrest.MatcherAssert.assertThat;
-import static org.hamcrest.Matchers.notNullValue;
-import static org.hamcrest.Matchers.nullValue;
-import org.junit.jupiter.api.Test;
-import org.keycloak.representations.idm.authorization.ResourceServerRepresentation;
-import org.keycloak.testframework.annotations.InjectClient;
-import org.keycloak.testframework.annotations.KeycloakIntegrationTest;
-import org.keycloak.testframework.realm.ManagedClient;
-
-@KeycloakIntegrationTest
-public class FeatureDisabledTest {
-
-    @InjectClient(config = AuthzClientConfig.class)
-    private ManagedClient testClient;
-
-    @Test
-    public void schemaNotAvailableFeatureDisabled() {
-        ResourceServerRepresentation authorizationSettings = testClient.admin().authorization().getSettings();
-        assertThat(authorizationSettings, notNullValue());
-        assertThat(authorizationSettings.getAuthorizationSchema(), nullValue());
-    }
-}
--- a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/FeatureV2EnabledTest.java
+++ b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/FeatureV2EnabledTest.java
@ -34,7 +34,7 @@ import org.keycloak.testframework.annotations.KeycloakIntegrationTest;
 import org.keycloak.testframework.realm.ManagedClient;
 import org.keycloak.testframework.realm.ManagedRealm;

-@KeycloakIntegrationTest(config = KeycloakAdminPermissionsServerConfig.class)
+@KeycloakIntegrationTest
 public class FeatureV2EnabledTest {

    @InjectRealm
--- a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/GroupResourceTypeEvaluationTest.java
+++ b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/GroupResourceTypeEvaluationTest.java
@ -61,7 +61,7 @@ import org.keycloak.testframework.realm.ManagedUser;
 import org.keycloak.testframework.realm.UserConfigBuilder;
 import org.keycloak.testframework.util.ApiUtil;

-@KeycloakIntegrationTest(config = KeycloakAdminPermissionsServerConfig.class)
+@KeycloakIntegrationTest
 public class GroupResourceTypeEvaluationTest extends AbstractPermissionTest {

    @InjectUser(ref = "alice")
--- a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/GroupResourceTypeFilteringTest.java
+++ b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/GroupResourceTypeFilteringTest.java
@ -47,7 +47,7 @@ import org.keycloak.testframework.annotations.KeycloakIntegrationTest;
 import org.keycloak.testframework.realm.ManagedUser;
 import org.keycloak.testframework.util.ApiUtil;

-@KeycloakIntegrationTest(config = KeycloakAdminPermissionsServerConfig.class)
+@KeycloakIntegrationTest
 public class GroupResourceTypeFilteringTest extends AbstractPermissionTest {

    @InjectAdminClient(mode = InjectAdminClient.Mode.MANAGED_REALM, client = "myclient", user = "myadmin")
--- a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/GroupResourceTypePermissionTest.java
+++ b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/GroupResourceTypePermissionTest.java
@ -35,7 +35,7 @@ import org.keycloak.representations.idm.authorization.UserPolicyRepresentation;
 import org.keycloak.testframework.annotations.KeycloakIntegrationTest;
 import org.keycloak.testframework.util.ApiUtil;

-@KeycloakIntegrationTest(config = KeycloakAdminPermissionsServerConfig.class)
+@KeycloakIntegrationTest
 public class GroupResourceTypePermissionTest extends AbstractPermissionTest {

    @BeforeEach
--- a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/KeycloakAdminPermissionsServerConfig.java
+++ b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/KeycloakAdminPermissionsServerConfig.java
@ -1,30 +0,0 @@
-/*
- * Copyright 2024 Red Hat, Inc. and/or its affiliates
- * and other contributors as indicated by the @author tags.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.keycloak.tests.admin.authz.fgap;
-
-import org.keycloak.common.Profile.Feature;
-import org.keycloak.testframework.server.KeycloakServerConfig;
-import org.keycloak.testframework.server.KeycloakServerConfigBuilder;
-
-public class KeycloakAdminPermissionsServerConfig implements KeycloakServerConfig {
-
-    @Override
-    public KeycloakServerConfigBuilder configure(KeycloakServerConfigBuilder config) {
-        return config.features(Feature.ADMIN_FINE_GRAINED_AUTHZ_V2);
-    }
-}
--- a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/PermissionRESTTest.java
+++ b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/PermissionRESTTest.java
@ -38,7 +38,7 @@ import org.keycloak.testframework.annotations.InjectUser;
 import org.keycloak.testframework.annotations.KeycloakIntegrationTest;
 import org.keycloak.testframework.realm.ManagedUser;

-@KeycloakIntegrationTest(config = KeycloakAdminPermissionsServerConfig.class)
+@KeycloakIntegrationTest
 public class PermissionRESTTest extends AbstractPermissionTest {

    @InjectUser(ref = "alice")
--- a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/RoleResourceTypeEvaluationTest.java
+++ b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/RoleResourceTypeEvaluationTest.java
@ -49,7 +49,7 @@ import static org.keycloak.authorization.AdminPermissionsSchema.MAP_ROLE_CLIENT_
 import static org.keycloak.authorization.AdminPermissionsSchema.MAP_ROLE_COMPOSITE;
 import static org.keycloak.authorization.AdminPermissionsSchema.VIEW;

-@KeycloakIntegrationTest(config = KeycloakAdminPermissionsServerConfig.class)
+@KeycloakIntegrationTest
 public class RoleResourceTypeEvaluationTest extends AbstractPermissionTest {

    @InjectAdminClient(mode = InjectAdminClient.Mode.MANAGED_REALM, client = "myclient", user = "myadmin")
--- a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/RoleResourceTypePermissionTest.java
+++ b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/RoleResourceTypePermissionTest.java
@ -35,7 +35,7 @@ import org.keycloak.testframework.annotations.InjectClient;
 import org.keycloak.testframework.annotations.KeycloakIntegrationTest;
 import org.keycloak.testframework.realm.ManagedClient;

-@KeycloakIntegrationTest(config = KeycloakAdminPermissionsServerConfig.class)
+@KeycloakIntegrationTest
 public class RoleResourceTypePermissionTest extends AbstractPermissionTest {

    @InjectClient(ref = "testClient")
--- a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/UserResourceTypeEvaluationSpecTest.java
+++ b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/UserResourceTypeEvaluationSpecTest.java
@ -61,7 +61,7 @@ import org.keycloak.testframework.annotations.InjectUser;
 import org.keycloak.testframework.annotations.KeycloakIntegrationTest;
 import org.keycloak.testframework.realm.ManagedUser;

-@KeycloakIntegrationTest(config = KeycloakAdminPermissionsServerConfig.class)
+@KeycloakIntegrationTest
 public class UserResourceTypeEvaluationSpecTest extends AbstractPermissionTest {

    @InjectUser(ref = "alice")
--- a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/UserResourceTypeEvaluationTest.java
+++ b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/UserResourceTypeEvaluationTest.java
@ -55,7 +55,7 @@ import org.keycloak.testframework.realm.ManagedUser;
 import org.keycloak.testframework.realm.UserConfigBuilder;
 import org.keycloak.testframework.util.ApiUtil;

-@KeycloakIntegrationTest(config = KeycloakAdminPermissionsServerConfig.class)
+@KeycloakIntegrationTest
 public class UserResourceTypeEvaluationTest extends AbstractPermissionTest {

    @InjectUser(ref = "alice")
--- a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/UserResourceTypeFilteringTest.java
+++ b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/UserResourceTypeFilteringTest.java
@ -60,7 +60,7 @@ import org.keycloak.testframework.annotations.KeycloakIntegrationTest;
 import org.keycloak.testframework.realm.UserConfigBuilder;
 import org.keycloak.testframework.util.ApiUtil;

-@KeycloakIntegrationTest(config = KeycloakAdminPermissionsServerConfig.class)
+@KeycloakIntegrationTest
 public class UserResourceTypeFilteringTest extends AbstractPermissionTest {

    @InjectAdminClient(mode = InjectAdminClient.Mode.MANAGED_REALM, client = "myclient", user = "myadmin")
--- a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/UserResourceTypePermissionTest.java
+++ b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/UserResourceTypePermissionTest.java
@ -53,7 +53,7 @@ import org.keycloak.testframework.annotations.KeycloakIntegrationTest;
 import org.keycloak.testframework.injection.LifeCycle;
 import org.keycloak.testframework.realm.ManagedUser;

-@KeycloakIntegrationTest(config = KeycloakAdminPermissionsServerConfig.class)
+@KeycloakIntegrationTest
 public class UserResourceTypePermissionTest extends AbstractPermissionTest {

    @InjectUser(ref = "alice", lifecycle = LifeCycle.METHOD)
--- a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/TestingResourceProvider.java
+++ b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/TestingResourceProvider.java
@ -889,11 +889,10 @@ public class TestingResourceProvider implements RealmResourceProvider {
    @Consumes(MediaType.APPLICATION_JSON)
    public void resetFeature(@PathParam("feature") String featureKey) {

-        Profile.Feature feature;
+        featureKey = featureKey.contains(":") ? featureKey.split(":")[0] : featureKey;
+        Profile.Feature feature = Profile.getFeatureVersions(featureKey).iterator().next();

-        try {
-            feature = Profile.Feature.valueOf(featureKey);
-        } catch (IllegalArgumentException e) {
+        if (feature == null) {
            System.err.printf("Feature '%s' doesn't exist!!\n", featureKey);
            throw new BadRequestException();
        }
@ -911,16 +910,18 @@ public class TestingResourceProvider implements RealmResourceProvider {
    private Set<Profile.Feature> updateFeature(String featureKey, boolean shouldEnable) {
        Collection<Profile.Feature> features = null;

-        try {
-            features = Arrays.asList(Profile.Feature.valueOf(featureKey));
-        } catch (IllegalArgumentException e) {
-            Set<Feature> featureVersions = Profile.getFeatureVersions(featureKey);
-            if (!shouldEnable) {
-                features = featureVersions;
-            } else if (!featureVersions.isEmpty()) {
-                // the set is ordered by preferred feature
-                features = Arrays.asList(featureVersions.iterator().next());
+        if (featureKey.contains(":")) {
+            String unversionedKey = featureKey.split(":")[0];
+            int version = Integer.parseInt(featureKey.split(":")[1].replace("v", ""));
+
+            for (Feature versionedFeature : Profile.getFeatureVersions(unversionedKey)) {
+                if (versionedFeature.getVersion() == version) {
+                    features = Set.of(versionedFeature);
+                    break;
+                }
            }
+        } else {
+            features = Profile.getFeatureVersions(featureKey);
        }

        if (features == null || features.isEmpty()) {
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/KeycloakTestingClient.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/KeycloakTestingClient.java
@ -85,13 +85,25 @@ public class KeycloakTestingClient implements AutoCloseable {
    }

    public void enableFeature(Profile.Feature feature) {
-        Set<Profile.Feature> disabledFeatures = testing().enableFeature(feature.toString());
+        String featureString;
+        if (Profile.getFeatureVersions(feature.getUnversionedKey()).size() > 1) {
+            featureString = feature.getVersionedKey();
+        } else {
+            featureString = feature.getKey();
+        }
+        Set<Profile.Feature> disabledFeatures = testing().enableFeature(featureString);
        Assert.assertFalse(disabledFeatures.contains(feature));
        ProfileAssume.updateDisabledFeatures(disabledFeatures);
    }

    public void disableFeature(Profile.Feature feature) {
-        Set<Profile.Feature> disabledFeatures = testing().disableFeature(feature.toString());
+        String featureString;
+        if (Profile.getFeatureVersions(feature.getUnversionedKey()).size() > 1) {
+            featureString = feature.getVersionedKey();
+        } else {
+            featureString = feature.getKey();
+        }
+        Set<Profile.Feature> disabledFeatures = testing().disableFeature(featureString);
        Assert.assertTrue(disabledFeatures.contains(feature));
        ProfileAssume.updateDisabledFeatures(disabledFeatures);
    }
@ -102,7 +114,17 @@ public class KeycloakTestingClient implements AutoCloseable {
     * @param feature
     */
    public void resetFeature(Profile.Feature feature) {
-        testing().resetFeature(feature.toString());
+        String featureString;
+        if (Profile.getFeatureVersions(feature.getUnversionedKey()).size() > 1) {
+            featureString = feature.getVersionedKey();
+            Profile.Feature featureVersionHighestPriority = Profile.getFeatureVersions(feature.getKey()).iterator().next();
+            if (featureVersionHighestPriority.getType().equals(Profile.Feature.Type.DEFAULT)) {
+                enableFeature(featureVersionHighestPriority);
+            }
+        } else {
+            featureString = feature.getKey();
+        }
+        testing().resetFeature(featureString);
    }

    public TestApplicationResource testApp() { return target.proxy(TestApplicationResource.class); }
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/admin/permissions/ExportImportTestWithFGAPV2Enabled.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/admin/permissions/ExportImportTestWithFGAPV2Enabled.java
@ -26,15 +26,12 @@ import static org.junit.Assert.assertTrue;
 import java.util.List;
 import org.junit.After;
 import org.junit.Test;
-import org.keycloak.common.Profile;
 import org.keycloak.representations.idm.ClientRepresentation;
 import org.keycloak.representations.idm.RealmRepresentation;
 import org.keycloak.representations.idm.authorization.ResourceServerRepresentation;
-import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
 import org.keycloak.testsuite.exportimport.ExportImportTest;

-@EnableFeature(Profile.Feature.ADMIN_FINE_GRAINED_AUTHZ_V2)
-public class ExportImportTestWithFGAPV2Enabled extends ExportImportTest {
+public class ExportImportTestFGAPV2 extends ExportImportTest {

    private final String REALM_NAME = "fgap";
    private final String CUSTOM_CLIENT_ID = "imported-permission-client";
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPProvidersIntegrationTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPProvidersIntegrationTest.java
@ -106,6 +106,7 @@ public class LDAPProvidersIntegrationTest extends AbstractLDAPTest {
        testingClient.server().run(session -> {
            LDAPTestContext ctx = LDAPTestContext.init(session);
            RealmModel appRealm = ctx.getRealm();
+            session.getContext().setRealm(appRealm);

            LDAPTestUtils.addLocalUser(session, appRealm, "marykeycloak", "mary@test.com", "password-app");

@ -1093,6 +1094,7 @@ public class LDAPProvidersIntegrationTest extends AbstractLDAPTest {
        testingClient.server().run(session -> {
            LDAPTestContext ctx = LDAPTestContext.init(session);
            RealmModel appRealm = ctx.getRealm();
+            session.getContext().setRealm(appRealm);

            ctx.getLdapModel().getConfig().putSingle(LDAPConstants.CUSTOM_USER_SEARCH_FILTER, "(|(mail=user5@email.org)(mail=user6@email.org))");
            appRealm.updateComponent(ctx.getLdapModel());
@ -1101,6 +1103,7 @@ public class LDAPProvidersIntegrationTest extends AbstractLDAPTest {
        testingClient.server().run(session -> {
            LDAPTestContext ctx = LDAPTestContext.init(session);
            RealmModel appRealm = ctx.getRealm();
+            session.getContext().setRealm(appRealm);

            LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), appRealm, "username5", "John5", "Doel5", "user5@email.org", null, "125");
            LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), appRealm, "username6", "John6", "Doel6", "user6@email.org", null, "126");
@ -1141,6 +1144,7 @@ public class LDAPProvidersIntegrationTest extends AbstractLDAPTest {
        testingClient.server().run(session -> {
            LDAPTestContext ctx = LDAPTestContext.init(session);
            RealmModel appRealm = ctx.getRealm();
+            session.getContext().setRealm(appRealm);
            UserStorageUtil.userCache(session).clear();
            // Add custom filter again
            ctx.getLdapModel().getConfig().putSingle(LDAPConstants.CUSTOM_USER_SEARCH_FILTER, "(|(mail=user5@email.org)(mail=user6@email.org))");
@ -1151,6 +1155,7 @@ public class LDAPProvidersIntegrationTest extends AbstractLDAPTest {
        testingClient.server().run(session -> {
            LDAPTestContext ctx = LDAPTestContext.init(session);
            RealmModel appRealm = ctx.getRealm();
+            session.getContext().setRealm(appRealm);
            UserStorageUtil.userCache(session).clear();

            // search by id using custom filter. Must return the user
@ -1172,6 +1177,7 @@ public class LDAPProvidersIntegrationTest extends AbstractLDAPTest {
        testingClient.server().run(session -> {
            LDAPTestContext ctx = LDAPTestContext.init(session);
            RealmModel appRealm = ctx.getRealm();
+            session.getContext().setRealm(appRealm);

            UserStorageProviderModel model = new UserStorageProviderModel(ctx.getLdapModel());
            model.getConfig().putSingle(LDAPConstants.EDIT_MODE, UserStorageProvider.EditMode.UNSYNCED.toString());
@ -1181,6 +1187,7 @@ public class LDAPProvidersIntegrationTest extends AbstractLDAPTest {
        testingClient.server().run(session -> {
            LDAPTestContext ctx = LDAPTestContext.init(session);
            RealmModel appRealm = ctx.getRealm();
+            session.getContext().setRealm(appRealm);

            UserModel user = session.users().getUserByUsername(appRealm, "johnkeycloak");
            Assert.assertNotNull(user);
@ -1234,6 +1241,7 @@ public class LDAPProvidersIntegrationTest extends AbstractLDAPTest {
        testingClient.server().run(session -> {
            LDAPTestContext ctx = LDAPTestContext.init(session);
            RealmModel appRealm = ctx.getRealm();
+            session.getContext().setRealm(appRealm);
            UserModel user = session.users().getUserByUsername(appRealm, "johnkeycloak");

            // change username locally
@ -1252,6 +1260,7 @@ public class LDAPProvidersIntegrationTest extends AbstractLDAPTest {
        testingClient.server().run(session -> {
            LDAPTestContext ctx = LDAPTestContext.init(session);
            RealmModel appRealm = ctx.getRealm();
+            session.getContext().setRealm(appRealm);

            ctx.getLdapModel().getConfig().putSingle(LDAPConstants.EDIT_MODE, UserStorageProvider.EditMode.WRITABLE.toString());

@ -1270,6 +1279,7 @@ public class LDAPProvidersIntegrationTest extends AbstractLDAPTest {

            LDAPTestContext ctx = LDAPTestContext.init(session);
            RealmModel appRealm = ctx.getRealm();
+            session.getContext().setRealm(appRealm);

            LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), appRealm, "username8", "John8", "Doel8", "user8@email.org", null, ATTRIBUTE_VALUE);
            LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), appRealm, "username9", "John9", "Doel9", "user9@email.org", null, ATTRIBUTE_VALUE);
@ -1338,6 +1348,7 @@ public class LDAPProvidersIntegrationTest extends AbstractLDAPTest {
        testingClient.server().run(session -> {
            LDAPTestContext ctx = LDAPTestContext.init(session);
            RealmModel appRealm = ctx.getRealm();
+            session.getContext().setRealm(appRealm);

            LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel());
            LDAPTestUtils.addLDAPUser(ldapProvider, appRealm, "johndirect", "John", "Direct", "johndirect@email.org", null, "1234");
@ -1354,6 +1365,7 @@ public class LDAPProvidersIntegrationTest extends AbstractLDAPTest {

        testingClient.server().run(session -> {
            RealmModel appRealm = new RealmManager(session).getRealmByName("test");
+            session.getContext().setRealm(appRealm);
            CachedUserModel user = (CachedUserModel) session.users().getUserByUsername(appRealm, "johndirect");
            String postalCode = user.getFirstAttribute("postal_code");
            String email = user.getEmail();
@ -1365,6 +1377,7 @@ public class LDAPProvidersIntegrationTest extends AbstractLDAPTest {

        testingClient.server().run(session -> {
            RealmModel appRealm = new RealmManager(session).getRealmByName("test");
+            session.getContext().setRealm(appRealm);
            UserModel user = session.users().getUserByUsername(appRealm, "johndirect");
            Assert.assertNull(user);
        });
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/model/AuthenticationSessionProviderTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/model/AuthenticationSessionProviderTest.java
@ -301,6 +301,7 @@ public class AuthenticationSessionProviderTest extends AbstractTestRealmKeycloak
        KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sesRealmRemoved1) -> {
            KeycloakSession currentSession = sesRealmRemoved1;
            RealmModel realm = currentSession.realms().getRealm(realmId);
+            currentSession.getContext().setRealm(realm);

            authSessionID.set(currentSession.authenticationSessions().createRootAuthenticationSession(realm).getId());

@ -316,6 +317,7 @@ public class AuthenticationSessionProviderTest extends AbstractTestRealmKeycloak
        KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sesRealmRemoved1) -> {
            KeycloakSession currentSession = sesRealmRemoved1;
            RealmModel realm = currentSession.realms().getRealm(realmId);
+            currentSession.getContext().setRealm(realm);

            RootAuthenticationSessionModel rootAuthSession = currentSession.authenticationSessions().getRootAuthenticationSession(realm, authSessionID.get());

@ -329,6 +331,7 @@ public class AuthenticationSessionProviderTest extends AbstractTestRealmKeycloak
        KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sesRealmRemoved1) -> {
            KeycloakSession currentSession = sesRealmRemoved1;
            RealmModel realm = currentSession.realms().getRealm(realmId);
+            currentSession.getContext().setRealm(realm);
            RootAuthenticationSessionModel rootAuthSession = currentSession.authenticationSessions().getRootAuthenticationSession(realm, authSessionID.get());

            assertThat(rootAuthSession.getAuthenticationSession(realm.getClientByClientId("test-app"), tab1ID.get()).getAuthNote("foo"), is("bar"));
--- a/testsuite/model/src/test/java/org/keycloak/testsuite/model/client/ClientModelTest.java
+++ b/testsuite/model/src/test/java/org/keycloak/testsuite/model/client/ClientModelTest.java
@ -153,6 +153,7 @@ public class ClientModelTest extends KeycloakModelTest {
        // create two clients, one realm role and one client role and assign both to one of the clients
        inComittedTransaction(1, (session , i) -> {
            final RealmModel realm = session.realms().getRealm(realmId);
+            session.getContext().setRealm(realm);
            ClientModel client1 = session.clients().addClient(realm, "client1");
            ClientModel client2 = session.clients().addClient(realm, "client2");
            RoleModel realmRole = session.roles().addRealmRole(realm, "realm-role");
@ -165,6 +166,7 @@ public class ClientModelTest extends KeycloakModelTest {
        // check everything is OK
        inComittedTransaction(1, (session, i) -> {
            final RealmModel realm = session.realms().getRealm(realmId);
+            session.getContext().setRealm(realm);
            final ClientModel client1 = session.clients().getClientByClientId(realm, "client1");
            assertThat(client1.getScopeMappingsStream().count(), is(2L));
            assertThat(client1.getScopeMappingsStream().filter(r -> r.getName().equals("realm-role")).count(), is(1L));
@ -175,6 +177,7 @@ public class ClientModelTest extends KeycloakModelTest {
        // remove the realm role
        inComittedTransaction(1, (session, i) -> {
            final RealmModel realm = session.realms().getRealm(realmId);
+            session.getContext().setRealm(realm);
            final RoleModel role = session.roles().getRealmRole(realm, "realm-role");
            session.roles().removeRole(role);
            return null;
@ -183,6 +186,7 @@ public class ClientModelTest extends KeycloakModelTest {
        // check it is removed
        inComittedTransaction(1, (session, i) -> {
            final RealmModel realm = session.realms().getRealm(realmId);
+            session.getContext().setRealm(realm);
            final ClientModel client1 = session.clients().getClientByClientId(realm, "client1");
            assertThat(client1.getScopeMappingsStream().count(), is(1L));
            assertThat(client1.getScopeMappingsStream().filter(r -> r.getName().equals("client2-role")).count(), is(1L));
@ -192,6 +196,7 @@ public class ClientModelTest extends KeycloakModelTest {
        // remove client role
        inComittedTransaction(1, (session, i) -> {
            final RealmModel realm = session.realms().getRealm(realmId);
+            session.getContext().setRealm(realm);
            final ClientModel client2 = session.clients().getClientByClientId(realm, "client2");
            final RoleModel role = session.roles().getClientRole(client2, "client2-role");
            session.roles().removeRole(role);
@ -201,6 +206,7 @@ public class ClientModelTest extends KeycloakModelTest {
        // check both clients are removed
        inComittedTransaction(1, (session, i) -> {
            final RealmModel realm = session.realms().getRealm(realmId);
+            session.getContext().setRealm(realm);
            final ClientModel client1 = session.clients().getClientByClientId(realm, "client1");
            assertThat(client1.getScopeMappingsStream().count(), is(0L));
            return null;
@ -209,6 +215,7 @@ public class ClientModelTest extends KeycloakModelTest {
        // remove clients
        inComittedTransaction(1, (session , i) -> {
            final RealmModel realm = session.realms().getRealm(realmId);
+            session.getContext().setRealm(realm);
            final ClientModel client1 = session.clients().getClientByClientId(realm, "client1");
            final ClientModel client2 = session.clients().getClientByClientId(realm, "client2");
            session.clients().removeClient(realm, client1.getId());
--- a/testsuite/model/src/test/java/org/keycloak/testsuite/model/session/UserSessionInitializerTest.java
+++ b/testsuite/model/src/test/java/org/keycloak/testsuite/model/session/UserSessionInitializerTest.java
@ -133,6 +133,7 @@ public class UserSessionInitializerTest extends KeycloakModelTest {

        inComittedTransaction(session -> {
            RealmModel realm = session.realms().getRealm(realmId);
+            session.getContext().setRealm(realm);

            // Delete one of the clients now
            ClientModel testApp = realm.getClientByClientId("test-app");