Upgrade to Quarkus 3.17.8 (#36758)

Closes #36757
Closes #33475
Closes #34454

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

pom.xml

@@ -52,8 +52,8 @@
         <jboss.snapshots.repo.id>jboss-snapshots-repository</jboss.snapshots.repo.id>
         <jboss.snapshots.repo.url>https://s01.oss.sonatype.org/content/repositories/snapshots/</jboss.snapshots.repo.url>
 
-        <quarkus.version>3.15.2</quarkus.version>
-        <quarkus.build.version>3.15.2</quarkus.build.version>
+        <quarkus.version>3.17.8</quarkus.version>
+        <quarkus.build.version>3.17.8</quarkus.build.version>
 
         <project.build-time>${timestamp}</project.build-time>
 
@@ -111,7 +111,8 @@
         <jboss.spec.javax.xml.bind.jboss-jaxb-api_2.3_spec.version>2.0.1.Final</jboss.spec.javax.xml.bind.jboss-jaxb-api_2.3_spec.version>
         <jboss.spec.javax.servlet.jsp.jboss-jsp-api_2.3_spec.version>2.0.0.Final</jboss.spec.javax.servlet.jsp.jboss-jsp-api_2.3_spec.version>
         <log4j.version>1.2.17</log4j.version>
-        <resteasy.version>6.2.9.Final</resteasy.version>
+        <log4j2-api.version>2.24.3</log4j2-api.version> <!-- Odd name needs to align with Quarkus -->
+        <resteasy.version>6.2.11.Final</resteasy.version>
         <resteasy.undertow.version>${resteasy.version}</resteasy.undertow.version>
         <owasp.html.sanitizer.version>20240325.1</owasp.html.sanitizer.version>
         <slf4j.version>2.0.6</slf4j.version>
@@ -124,7 +125,7 @@
         <undertow.version>${undertow-legacy.version}</undertow.version>
         <undertow-legacy.version>2.2.24.Final</undertow-legacy.version>
         <undertow-jakarta.version>2.3.2.Final</undertow-jakarta.version>
-        <wildfly-elytron.version>2.5.2.Final</wildfly-elytron.version>
+        <wildfly-elytron.version>2.6.0.Final</wildfly-elytron.version>
         <elytron.undertow-server.version>1.9.0.Final</elytron.undertow-server.version>
         <woodstox.version>6.0.3</woodstox.version>
         <wildfly.common.quarkus.aligned.version>1.5.4.Final-format-001</wildfly.common.quarkus.aligned.version>
@@ -536,6 +537,16 @@
                 <artifactId>log4j</artifactId>
                 <version>${log4j.version}</version>
             </dependency>
+            <dependency>
+                <groupId>org.apache.logging.log4j</groupId>
+                <artifactId>log4j-core</artifactId>
+                <version>${log4j2-api.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.apache.logging.log4j</groupId>
+                <artifactId>log4j-api</artifactId>
+                <version>${log4j2-api.version}</version>
+            </dependency>
             <dependency>
                 <groupId>com.googlecode.owasp-java-html-sanitizer</groupId>
                 <artifactId>owasp-java-html-sanitizer</artifactId>

quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/cli/Picocli.java

@@ -586,7 +586,7 @@ public class Picocli {
             }
             ConfigValue value = Configuration.getNonPersistedConfigValue(name);
             if (value.getValue() == null || value.getConfigSourceName() == null
-                    || (quarkus && !value.getConfigSourceName().equals(QuarkusPropertiesConfigSource.NAME))) {
+                    || (quarkus && !value.getConfigSourceName().contains(QuarkusPropertiesConfigSource.NAME))) {
                 // only persist build options resolved from config sources and not default values
                 return;
             }

quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/configuration/Configuration.java

@@ -23,10 +23,10 @@ import java.util.Map;
 import java.util.Optional;
 import java.util.Properties;
 
+import io.quarkus.runtime.configuration.ConfigUtils;
 import io.smallrye.config.ConfigValue;
 import io.smallrye.config.SmallRyeConfig;
 
-import org.eclipse.microprofile.config.spi.ConfigProviderResolver;
 import org.keycloak.config.Option;
 import org.keycloak.quarkus.runtime.configuration.mappers.PropertyMapper;
 import org.keycloak.quarkus.runtime.configuration.mappers.PropertyMappers;
@@ -43,6 +43,8 @@ public final class Configuration {
     public static final String OPTION_PART_SEPARATOR = String.valueOf(OPTION_PART_SEPARATOR_CHAR);
     public static final String KC_OPTIMIZED = NS_KEYCLOAK_PREFIX + "optimized";
 
+    private static SmallRyeConfig config;
+
     private Configuration() {
 
     }
@@ -74,7 +76,14 @@ public final class Configuration {
     }
 
     public static synchronized SmallRyeConfig getConfig() {
-        return (SmallRyeConfig) ConfigProviderResolver.instance().getConfig();
+        if (config == null) {
+            config = ConfigUtils.emptyConfigBuilder().addDiscoveredSources().build();
+        }
+        return config;
+    }
+
+    public static void resetConfig() {
+        config = null;
     }
 
     /**

quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/configuration/KcEnvConfigSource.java

@@ -70,10 +70,4 @@ public class KcEnvConfigSource extends PropertiesConfigSource {
 
         return properties;
     }
-
-    @Override
-    // a workaround for https://github.com/smallrye/smallrye-config/issues/1207
-    public String getName() {
-        return NAME;
-    }
 }

quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/configuration/KeycloakConfigSourceProvider.java

@@ -91,6 +91,10 @@ public class KeycloakConfigSourceProvider implements ConfigSourceProvider, Confi
         return CONFIG_SOURCES;
     }
 
+    public static List<ConfigSource> getConfigSources() {
+        return CONFIG_SOURCES;
+    }
+
     @Override
     public SmallRyeConfigBuilder configBuilder(SmallRyeConfigBuilder builder) {
         return builder.withSources(CONFIG_SOURCES);

quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/configuration/KeycloakPropertiesConfigSource.java

@@ -64,21 +64,7 @@ public class KeycloakPropertiesConfigSource extends AbstractLocationConfigSource
 
     @Override
     protected ConfigSource loadConfigSource(URL url, int ordinal) throws IOException {
-        // a workaround for https://github.com/smallrye/smallrye-config/issues/1207
-        // replace by the following line when fixed:
-        // return new PropertiesConfigSource(transform(ConfigSourceUtil.urlToMap(url)), url.toString(), ordinal);
-        var cs = new PropertiesConfigSource(transform(ConfigSourceUtil.urlToMap(url)), url.toString(), ordinal) {
-            private String name;
-            @Override
-            public String getName() {
-                return name;
-            }
-            public void setName(String name) {
-                this.name = name;
-            }
-        };
-        cs.setName(url.toString());
-        return cs;
+        return new PropertiesConfigSource(transform(ConfigSourceUtil.urlToMap(url)), url.toString(), ordinal);
     }
 
     public static class InClassPath extends KeycloakPropertiesConfigSource implements ConfigSourceProvider {

quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/configuration/PersistedConfigSource.java

@@ -67,11 +67,6 @@ public final class PersistedConfigSource extends PropertiesConfigSource {
         return INSTANCE;
     }
 
-    @Override
-    public String getName() {
-        return NAME;
-    }
-
     @Override
     public ConfigValue getConfigValue(String propertyName) {
         if (isEnabled()) {

quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/configuration/QuarkusPropertiesConfigSource.java

@@ -43,7 +43,7 @@ import io.smallrye.config.common.utils.ConfigSourceUtil;
 public final class QuarkusPropertiesConfigSource extends AbstractLocationConfigSourceLoader implements ConfigSourceProvider {
 
     private static final String FILE_NAME = "quarkus.properties";
-    public static final String NAME = "QuarkusProperties";
+    public static final String NAME = "KcQuarkusPropertiesConfigSource";
 
     public static Path getConfigurationFile() {
         String homeDir = Environment.getHomeDir();
@@ -70,11 +70,6 @@ public final class QuarkusPropertiesConfigSource extends AbstractLocationConfigS
     protected ConfigSource loadConfigSource(URL url, int ordinal) throws IOException {
         String name = loadingFile ? NAME : (NAME + " " + url);
         return new PropertiesConfigSource(ConfigSourceUtil.urlToMap(url), name, ordinal) {
-            @Override
-            public String getName() {
-                return name;
-            }
-
             @Override
             public String getValue(String propertyName) {
                 if (propertyName.startsWith(NS_QUARKUS)) {

quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/configuration/mappers/PropertyMapper.java

@@ -23,6 +23,7 @@ import static org.keycloak.quarkus.runtime.configuration.Configuration.OPTION_PA
 import static org.keycloak.quarkus.runtime.configuration.Configuration.OPTION_PART_SEPARATOR_CHAR;
 import static org.keycloak.quarkus.runtime.configuration.Configuration.toCliFormat;
 import static org.keycloak.quarkus.runtime.configuration.Configuration.toEnvVarFormat;
+import static org.keycloak.quarkus.runtime.configuration.MicroProfileConfigProvider.NS_KEYCLOAK_PREFIX;
 
 import java.util.Iterator;
 import java.util.List;
@@ -85,7 +86,7 @@ public class PropertyMapper<T> {
                    String paramLabel, boolean mask, BiConsumer<PropertyMapper<T>, ConfigValue> validator,
                    String description, BooleanSupplier required, String requiredWhen, String from) {
         this.option = option;
-        this.from = from == null ? MicroProfileConfigProvider.NS_KEYCLOAK_PREFIX + this.option.getKey() : from;
+        this.from = from == null ? NS_KEYCLOAK_PREFIX + this.option.getKey() : from;
         this.to = to == null ? getFrom() : to;
         this.enabled = enabled;
         this.enabledWhen = enabledWhen;
@@ -114,18 +115,15 @@ public class PropertyMapper<T> {
             from = name.replace(to.substring(0, to.lastIndexOf('.')), from.substring(0, from.lastIndexOf(OPTION_PART_SEPARATOR_CHAR)));
         }
 
-        if ((isRebuild() || Environment.isRebuildCheck()) && isRunTime()) {
-            // during re-aug do not resolve the server runtime properties and avoid they included by quarkus in the default value config source
-            return ConfigValue.builder().withName(name).build();
-        }
-
         // try to obtain the value for the property we want to map first
         ConfigValue config = convertValue(context.proceed(from));
 
         boolean parentValue = false;
         if (mapFrom != null && (config == null || config.getValue() == null)) {
             // if the property we want to map depends on another one, we use the value from the other property to call the mapper
-            config = Configuration.getKcConfigValue(mapFrom);
+            // not getting the value directly from SmallRye Config to avoid the risk of infinite recursion when Config is initializing
+            String mapFromWithPrefix = NS_KEYCLOAK_PREFIX + mapFrom;
+            config = PropertyMappers.getMapper(mapFromWithPrefix).getConfigValue(mapFromWithPrefix, context);
             parentValue = true;
         }
 

quarkus/runtime/src/main/java/org/keycloak/quarkus/runtime/configuration/mappers/PropertyMappers.java

@@ -76,11 +76,18 @@ public final class PropertyMappers {
     }
 
     public static ConfigValue getValue(ConfigSourceInterceptorContext context, String name) {
+        name = removeProfilePrefixIfNeeded(name);
         PropertyMapper<?> mapper = getMapper(name);
-        // during re-aug do not resolve the server runtime properties and avoid they included by quarkus in the default value config source
-        if ((isRebuild() || Environment.isRebuildCheck()) && isKeycloakRuntime(name, mapper)) {
+
+        // During re-aug do not resolve the server runtime properties and avoid they included by quarkus in the default value config source.
+        //
+        // The special handling of log properties is because some logging runtime properties are requested during build time
+        // and we need to resolve them. That should be fine as they are generally not considered security sensitive.
+        // See https://github.com/quarkusio/quarkus/pull/42157
+        if ((isRebuild() || Environment.isRebuildCheck()) && isKeycloakRuntime(name, mapper) && !name.startsWith("quarkus.log.")) {
             return ConfigValue.builder().withName(name).build();
         }
+
         if (mapper == null) {
             return context.proceed(name);
         }

quarkus/runtime/src/test/java/org/keycloak/quarkus/runtime/configuration/test/AbstractConfigurationTest.java

@@ -115,12 +115,11 @@ public abstract class AbstractConfigurationTest {
             }
         });
 
-        SmallRyeConfigProviderResolver.class.cast(ConfigProviderResolver.instance()).releaseConfig(ConfigProvider.getConfig());
         PropertyMappers.reset();
         ConfigArgsConfigSource.setCliArgs();
         PersistedConfigSource.getInstance().getConfigValueProperties().clear();
         Profile.reset();
-        ConfigProviderResolver.setInstance(null);
+        Configuration.resetConfig();
     }
 
     @After
@@ -134,14 +133,9 @@ public abstract class AbstractConfigurationTest {
     }
 
     static protected SmallRyeConfig createConfig() {
+        Configuration.resetConfig();
         KeycloakConfigSourceProvider.reload();
-        // older versions of quarkus implicitly picked up this config, now we
-        // must set it manually
-        SmallRyeConfig config = ConfigUtils.configBuilder(true, LaunchMode.NORMAL).build();
-        SmallRyeConfigProviderResolver resolver = new SmallRyeConfigProviderResolver();
-        resolver.registerConfig(config, Thread.currentThread().getContextClassLoader());
-        ConfigProviderResolver.setInstance(resolver);
-        return config;
+        return Configuration.getConfig();
     }
 
     protected void assertConfig(String key, String expectedValue, boolean isExternal) {

quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/OptionsDistTest.java

@@ -76,13 +76,11 @@ public class OptionsDistTest {
 
     @Test
     @Order(5)
-    @WithEnvVars({"KC_LOG", "console", "KC_LOG_CONSOLE_COLOR", "true", "KC_LOG_FILE", "something-env", "KC_HTTP_ENABLED", "true", "KC_HOSTNAME_STRICT", "false"})
+    @WithEnvVars({"KC_LOG", "console", "KC_LOG_FILE", "something-env", "KC_HTTP_ENABLED", "true", "KC_HOSTNAME_STRICT", "false"})
     @Launch({"start", "--db=dev-file"})
     public void testSettingEnvVars(CLIResult cliResult) {
         cliResult.assertMessage("The following used run time options are UNAVAILABLE and will be ignored during build time:");
         cliResult.assertMessage("- log-file: Available only when File log handler is activated.");
-        cliResult.assertMessage("quarkus.log.console.color");
-        cliResult.assertMessage("config property is deprecated and should not be used anymore");
     }
 
     @DryRun

quarkus/tests/integration/src/test/java/org/keycloak/it/cli/dist/ShowConfigCommandDistTest.java

@@ -93,4 +93,23 @@ public class ShowConfigCommandDistTest {
         assertThat(output, not(containsString("kc.db.password")));
         assertThat(output, not(containsString("secret-pass")));
     }
+
+    @Test
+    @RawDistOnly(reason = "Containers are immutable")
+    void testConfigSourceNames(KeycloakDistribution distribution) {
+        CLIResult result = distribution.run("build");
+        result.assertBuild();
+
+        distribution.setEnvVar("KC_LOG", "file");
+
+        result = distribution.run(String.format("%s=%s", CONFIG_FILE_LONG_NAME, Paths.get("src/test/resources/ShowConfigCommandTest/keycloak-keystore.conf").toAbsolutePath().normalize()), ShowConfig.NAME, "all");
+
+        result.assertMessage("(CLI)");
+        result.assertMessage("(ENV)");
+        result.assertMessage("(quarkus.properties)");
+        result.assertMessage("(Persisted)");
+        result.assertMessage("(config-keystore)");
+        result.assertMessage("(classpath keycloak.conf)");
+        result.assertMessage("(keycloak-keystore.conf)");
+    }
 }

test-framework/core/src/main/java/org/keycloak/testframework/config/Config.java

@@ -61,7 +61,7 @@ public class Config {
             } else {
                 testConfig = Thread.currentThread().getContextClassLoader().getResource("keycloak-test.properties");
             }
-            return testConfig != null ? new PropertiesConfigSource(testConfig, "KeycloakTestConfig", 280) : null;
+            return testConfig != null ? new PropertiesConfigSource(testConfig, 280) : null;
         } catch (Exception e) {
             throw new RuntimeException(e);
         }

testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/KeycloakTestingClient.java

@@ -56,7 +56,7 @@ public class KeycloakTestingClient implements AutoCloseable {
     public static ResteasyClientBuilder getRestEasyClientBuilder(String serverUrl) {
         ResteasyClientBuilder resteasyClientBuilder = (ResteasyClientBuilder) ResteasyClientBuilder.newBuilder();
         resteasyClientBuilder.connectionPoolSize(10);
-        if (serverUrl.startsWith("https")) {
+        if ((serverUrl != null && serverUrl.startsWith("https")) || "true".equals(System.getProperty("auth.server.ssl.required"))) {
             // Disable PKIX path validation errors when running tests using SSL
             resteasyClientBuilder.disableTrustManager().hostnameVerification(ResteasyClientBuilder.HostnameVerificationPolicy.ANY);
         }
@@ -64,6 +64,10 @@ public class KeycloakTestingClient implements AutoCloseable {
         return resteasyClientBuilder;
     }
 
+    public static ResteasyClientBuilder getRestEasyClientBuilder() {
+        return getRestEasyClientBuilder(null);
+    }
+
     public static KeycloakTestingClient getInstance(String serverUrl) {
         return new KeycloakTestingClient(serverUrl, null);
     }

testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/AdminClientUtil.java

@@ -137,12 +137,7 @@ public class AdminClientUtil {
     public static ResteasyClient createResteasyClient(boolean ignoreUnknownProperties, Boolean followRedirects) throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException, KeyManagementException {
         ResteasyClientBuilder resteasyClientBuilder = (ResteasyClientBuilder) ResteasyClientBuilder.newBuilder();
 
-        if ("true".equals(System.getProperty("auth.server.ssl.required"))) {
-            File truststore = new File(PROJECT_BUILD_DIRECTORY, "dependency/keystore/keycloak.truststore");
-            resteasyClientBuilder.sslContext(getSSLContextWithTruststore(truststore, "secret"));
-
-            System.setProperty("javax.net.ssl.trustStore", truststore.getAbsolutePath());
-        }
+        resteasyClientBuilder.sslContext(getSSLContextWithTruststore());
 
         // We need to ignore unknown JSON properties e.g. in the adapter configuration representation
         // during adapter backward compatibility testing
@@ -199,6 +194,19 @@ public class AdminClientUtil {
         return theContext;
     }
 
+    public static SSLContext getSSLContextWithTruststore() {
+        try {
+            if ("true".equals(System.getProperty("auth.server.ssl.required"))) {
+                File truststore = new File(PROJECT_BUILD_DIRECTORY, "dependency/keystore/keycloak.truststore");
+                System.setProperty("javax.net.ssl.trustStore", truststore.getAbsolutePath());
+                return getSSLContextWithTruststore(truststore, "secret");
+            }
+        } catch (Exception e) {
+            throw new RuntimeException(e);
+        }
+        return null;
+    }
+
     private static SSLContext getSSLContextWithTruststoreAndKeystore(
         File trustStore, String truststorePassword, File keystore, String keystorePassword)
         throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException, KeyManagementException, UnrecoverableKeyException {

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/SAMLServletAdapterTest.java

@@ -1976,7 +1976,7 @@ public class SAMLServletAdapterTest extends AbstractSAMLServletAdapterTest {
         BasicCookieStore cookieStore = new BasicCookieStore();
         try (Keycloak client = KeycloakBuilder.builder().serverUrl(loginPage.getAuthRoot()).realm(SAMLSERVLETDEMO)
                 .username(admin).password(adminPassword).clientId(Constants.ADMIN_CLI_CLIENT_ID)
-                .resteasyClient(ResteasyClientBuilder.newBuilder().build()).build();
+                .resteasyClient(AdminClientUtil.createResteasyClient()).build();
                 CloseableHttpClient httpClient = HttpClientBuilder.create().setDefaultCookieStore(cookieStore).build()) {
             HttpUriRequest req = RequestBuilder.post()
                     .setUri(loginPage.getAuthRoot() + "/admin/realms/" + SAMLSERVLETDEMO + "/users/" + userId + "/impersonation")

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ImpersonationTest.java

@@ -17,6 +17,9 @@
 
 package org.keycloak.testsuite.admin;
 
+import jakarta.ws.rs.ClientErrorException;
+import jakarta.ws.rs.core.HttpHeaders;
+import jakarta.ws.rs.core.Response;
 import org.apache.http.HttpResponse;
 import org.apache.http.client.methods.HttpUriRequest;
 import org.apache.http.client.methods.RequestBuilder;
@@ -27,7 +30,6 @@ import org.apache.http.util.EntityUtils;
 import org.hamcrest.MatcherAssert;
 import org.jboss.arquillian.graphene.page.Page;
 import org.jboss.resteasy.client.jaxrs.ResteasyClient;
-import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder;
 import org.junit.Assert;
 import org.junit.Assume;
 import org.junit.Before;
@@ -52,23 +54,39 @@ import org.keycloak.models.RealmModel;
 import org.keycloak.models.UserModel;
 import org.keycloak.models.UserSessionModel;
 import org.keycloak.models.utils.KeycloakModelUtils;
-import org.keycloak.representations.idm.*;
+import org.keycloak.representations.idm.ClientRepresentation;
+import org.keycloak.representations.idm.ErrorRepresentation;
+import org.keycloak.representations.idm.EventRepresentation;
+import org.keycloak.representations.idm.RealmRepresentation;
+import org.keycloak.representations.idm.RoleRepresentation;
+import org.keycloak.representations.idm.UserRepresentation;
 import org.keycloak.testsuite.AbstractKeycloakTest;
 import org.keycloak.testsuite.AssertEvents;
 import org.keycloak.testsuite.auth.page.AuthRealm;
 import org.keycloak.testsuite.pages.AppPage;
-import org.keycloak.testsuite.util.*;
+import org.keycloak.testsuite.util.AdminClientUtil;
+import org.keycloak.testsuite.util.ClientBuilder;
+import org.keycloak.testsuite.util.ClientManager;
+import org.keycloak.testsuite.util.CredentialBuilder;
+import org.keycloak.testsuite.util.DroneUtils;
+import org.keycloak.testsuite.util.OAuthClient;
+import org.keycloak.testsuite.util.RealmBuilder;
+import org.keycloak.testsuite.util.UserBuilder;
 import org.openqa.selenium.Cookie;
 
-import jakarta.ws.rs.ClientErrorException;
-import jakarta.ws.rs.core.HttpHeaders;
-import jakarta.ws.rs.core.Response;
 import java.io.IOException;
 import java.net.URL;
-import java.util.*;
+import java.util.HashMap;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
 import java.util.stream.Collectors;
 
-import static org.hamcrest.Matchers.*;
+import static org.hamcrest.Matchers.containsString;
+import static org.hamcrest.Matchers.empty;
+import static org.hamcrest.Matchers.is;
+import static org.hamcrest.Matchers.not;
 import static org.keycloak.testsuite.util.OAuthClient.AUTH_SERVER_ROOT;
 import static org.keycloak.testsuite.util.ServerURLs.getAuthServerContextRoot;
 
@@ -291,10 +309,7 @@ public class ImpersonationTest extends AbstractKeycloakTest {
 
     // Return the SSO cookie from the impersonated session
     protected Set<Cookie> testSuccessfulImpersonation(String admin, String adminRealm) {
-        ResteasyClientBuilder resteasyClientBuilder = (ResteasyClientBuilder) ResteasyClientBuilder.newBuilder();
-        resteasyClientBuilder.connectionPoolSize(10);
-        resteasyClientBuilder.httpEngine(AdminClientUtil.getCustomClientHttpEngine(resteasyClientBuilder, 10, null));
-        ResteasyClient resteasyClient = resteasyClientBuilder.build();
+        ResteasyClient resteasyClient = AdminClientUtil.createResteasyClient();
 
         // Login adminClient
         try (Keycloak client = login(admin, adminRealm, resteasyClient)) {
@@ -387,6 +402,10 @@ public class ImpersonationTest extends AbstractKeycloakTest {
             password = username.equals("admin") ? "admin" : "password";
         }
 
+        if (resteasyClient == null) {
+            resteasyClient = AdminClientUtil.createResteasyClient();
+        }
+
         return KeycloakBuilder.builder().serverUrl(getAuthServerContextRoot() + "/auth")
                 .realm(realm)
                 .username(username)
@@ -415,10 +434,7 @@ public class ImpersonationTest extends AbstractKeycloakTest {
 
     // Return the SSO cookie from the impersonated session
     protected Set<Cookie> testSuccessfulServiceAccountImpersonation(UserRepresentation serviceAccount, String serviceAccountRealm) {
-        ResteasyClientBuilder resteasyClientBuilder = (ResteasyClientBuilder) ResteasyClientBuilder.newBuilder();
-        resteasyClientBuilder.connectionPoolSize(10);
-        resteasyClientBuilder.httpEngine(AdminClientUtil.getCustomClientHttpEngine(resteasyClientBuilder, 10, null));
-        ResteasyClient resteasyClient = resteasyClientBuilder.build();
+        ResteasyClient resteasyClient = AdminClientUtil.createResteasyClient();
 
         // Login adminClient
         try (Keycloak client = loginServiceAccount(serviceAccount, serviceAccountRealm, resteasyClient)) {

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractAdvancedBrokerTest.java

@@ -20,13 +20,13 @@ import org.keycloak.services.Urls;
 import org.keycloak.storage.UserStorageProvider;
 import org.keycloak.testsuite.Assert;
 import org.keycloak.testsuite.AssertEvents;
+import org.keycloak.testsuite.client.KeycloakTestingClient;
 import org.keycloak.testsuite.federation.DummyUserFederationProviderFactory;
 import org.keycloak.testsuite.util.AccountHelper;
 import org.keycloak.testsuite.util.ClientBuilder;
 import org.keycloak.testsuite.util.OAuthClient;
 import org.keycloak.testsuite.util.RealmBuilder;
 import org.keycloak.testsuite.util.TestAppHelper;
-import org.keycloak.testsuite.util.WaitUtils;
 import org.openqa.selenium.TimeoutException;
 
 import jakarta.ws.rs.client.Client;
@@ -37,7 +37,6 @@ import jakarta.ws.rs.core.Response;
 import java.net.URI;
 import java.util.Arrays;
 import java.util.Collections;
-import java.util.Map;
 import java.util.Set;
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.atomic.AtomicReference;
@@ -201,7 +200,7 @@ public abstract class AbstractAdvancedBrokerTest extends AbstractBrokerTest {
 
         OAuthClient.AccessTokenResponse accessTokenResponse = oauth.realm(bc.consumerRealmName()).clientId("broker-app").doGrantAccessTokenRequest("broker-app-secret", bc.getUserLogin(), bc.getUserPassword());
         AtomicReference<String> accessToken = (AtomicReference<String>) new AtomicReference<>(accessTokenResponse.getAccessToken());
-        Client client = jakarta.ws.rs.client.ClientBuilder.newBuilder().register((ClientRequestFilter) request -> request.getHeaders().add(HttpHeaders.AUTHORIZATION, "Bearer " + accessToken.get())).build();
+        Client client = KeycloakTestingClient.getRestEasyClientBuilder().register((ClientRequestFilter) request -> request.getHeaders().add(HttpHeaders.AUTHORIZATION, "Bearer " + accessToken.get())).build();
 
         try {
             WebTarget target = client.target(Urls.identityProviderRetrieveToken(URI.create(getConsumerRoot() + "/auth"), bc.getIDPAlias(), bc.consumerRealmName()));

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/TokenRevocationTest.java

@@ -391,7 +391,7 @@ public class TokenRevocationTest extends AbstractKeycloakTest {
         assertEquals(Status.UNAUTHORIZED.getStatusCode(), accountRequest.asStatus());
 
         // Test admin REST not possible
-        try (Keycloak adminClient = Keycloak.getInstance(OAuthClient.AUTH_SERVER_ROOT, "test", "test-app", accessTokenString)) {
+        try (Keycloak adminClient = Keycloak.getInstance(OAuthClient.AUTH_SERVER_ROOT, "test", "test-app", accessTokenString, AdminClientUtil.getSSLContextWithTruststore())) {
             try {
                 adminClient.realms().realm("test").toRepresentation();
                 Assert.fail("Not expected to obtain realm");

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/hok/HoKTest.java

@@ -63,6 +63,7 @@ import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
 import org.keycloak.testsuite.Assert;
 import org.keycloak.testsuite.AssertEvents;
 import org.keycloak.testsuite.admin.ApiUtil;
+import org.keycloak.testsuite.client.KeycloakTestingClient;
 import org.keycloak.testsuite.drone.Different;
 import org.keycloak.testsuite.oauth.RefreshTokenTest;
 import org.keycloak.testsuite.util.ClientManager;
@@ -497,8 +498,7 @@ public class HoKTest extends AbstractTestRealmKeycloakTest {
         events.expectCodeToToken(codeId, sessionId).assertEvent();
 
         // execute the access token to get UserInfo without token binded client certificate in mutual authentication TLS
-        ClientBuilder clientBuilder = ClientBuilder.newBuilder();
-        Client client = clientBuilder.build();
+        Client client = KeycloakTestingClient.getRestEasyClientBuilder().build();
         WebTarget userInfoTarget = null;
         Response response = null;
         try {
@@ -506,7 +506,7 @@ public class HoKTest extends AbstractTestRealmKeycloakTest {
             response = userInfoTarget.request().header(HttpHeaders.AUTHORIZATION, "Bearer " + tokenResponse.getAccessToken()).get();
             assertEquals(401, response.getStatus());
         } finally {
-            response.close();
+            if (response != null) response.close();
             client.close();
         }