thomasdarimont

FROM quay.io/keycloak/keycloak:18.0.0 as builder

USER 0

RUN microdnf remove -y java-11-openjdk-headless && \
    microdnf install -y java-17-openjdk-headless && \
    microdnf clean all && \
    rm -rf /var/cache/yum/* && \
    alternatives --set java $(alternatives --list | grep jre_17_openjdk | cut -d$'\t' -f3) || echo "ignore bad exit code"

thomasdarimont

package com.github.thomasdarimont.keycloakx.custom.security;

import io.netty.handler.ipfilter.IpFilterRuleType;
import io.netty.handler.ipfilter.IpSubnetFilterRule;
import io.vertx.core.http.HttpServerRequest;
import lombok.Data;
import lombok.extern.jbosslog.JBossLog;
import org.keycloak.quarkus.runtime.configuration.Configuration;

import javax.ws.rs.ForbiddenException;

thomasdarimont

package com.github.thomasdarimont.keycloak.hostname;

import com.google.auto.service.AutoService;
import org.keycloak.Config;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.quarkus.runtime.hostname.DefaultHostnameProvider;
import org.keycloak.urls.HostnameProvider;
import org.keycloak.urls.HostnameProviderFactory;
import org.keycloak.urls.UrlType;

thomasdarimont

# See https://github.com/bitnami/charts/tree/master/bitnami/postgresql
global:
  postgresql:
    auth:
      username: dbusername
      password: dbpassword
      database: keycloak

thomasdarimont

$ docker scan thomasdarimont/custom-keycloakx:1.0.0-SNAPSHOT

Testing thomasdarimont/custom-keycloakx:1.0.0-SNAPSHOT...

Package manager:   apk
Project name:      docker-image|thomasdarimont/custom-keycloakx
Docker image:      thomasdarimont/custom-keycloakx:1.0.0-SNAPSHOT
Platform:          linux/amd64
Base image:        alpine:3.15.4

thomasdarimont

docker run --privileged --rm -v /home/tom/.trivy/cache:/root/.cache/ -v /var/run/docker.sock:/var/run/docker.sock:z aquasec/trivy:0.27.1 image thomasdarimont/custom-keycloakx:1.0.0-SNAPSHOT

docker run --privileged --rm -v /home/tom/.trivy/cache:/root/.cache/ -v /var/run/docker.sock:/var/run/docker.sock:z aquasec/trivy:0.27.1 image thomasdarimont/custom-keycloakx:1.0.0-SNAPSHOT
2022-05-07T11:40:04.324Z	INFO	Detected OS: redhat
2022-05-07T11:40:04.324Z	INFO	Detecting RHEL/CentOS vulnerabilities...
2022-05-07T11:40:04.356Z	INFO	Number of language-specific files: 1
2022-05-07T11:40:04.356Z	INFO	Detecting jar vulnerabilities...

thomasdarimont/custom-keycloakx:1.0.0-SNAPSHOT (redhat 8.5)
===========================================================

thomasdarimont

package demo;

import io.quarkus.bootstrap.app.AdditionalDependency;
import io.quarkus.bootstrap.app.CuratedApplication;
import io.quarkus.bootstrap.app.QuarkusBootstrap;
import io.quarkus.bootstrap.model.AppArtifactKey;
import io.quarkus.bootstrap.model.AppModel;
import io.quarkus.bootstrap.model.ApplicationModel;
import io.quarkus.bootstrap.model.DefaultApplicationModel;
import io.quarkus.bootstrap.model.MutableJarApplicationModel;

thomasdarimont

mvn  dependency:tree --also-make-dependents --projects quarkus/deployment,quarkus/dist,quarkus/runtime,quarkus/server

[INFO] Scanning for projects...
[WARNING] 
[WARNING] Some problems were encountered while building the effective model for org.keycloak:keycloak-model-map-jpa:jar:999-SNAPSHOT
[WARNING] 'dependencies.dependency.(groupId:artifactId:type:classifier)' must be unique: jakarta.persistence:jakarta.persistence-api:jar -> duplicate declaration of version (?) @ line 54, column 21
[WARNING] 

thomasdarimont

docker run \
-it \
--rm
--name kcx
-e KEYCLOAK_ADMIN=admin
-e KEYCLOAK_ADMIN_PASSWORD=admin
-e KC_HTTP_RELATIVE_PATH=auth
-p 8080:8080
quay.io/keycloak/keycloak:18.0.0
start-dev

thomasdarimont

docker run -it --rm  mcr.microsoft.com/restlerfuzzer/restler:v7.4.0 dotnet /RESTler/restler/Restler.dll 

See also: microsoft/restler-fuzzer#371