Keycloak - Spring Security on Java 14/15 by switching to Undertow.

If you’ve attempted to upgrade your existing Keycloak - Spring Security setup from a Java version before Java 14 to versions 14 or 15, you might encounter this exception on a request: java.lang.NoClassDefFoundError: java/security/acl/Group. These classes (and others) were deprecated in Java 9 and removed in Java 14. A bug has been logged for this issue (KEYCLOAK-13633), but the current Keycloak versions (the latest version as of now is 11.0.3) do not officially support Java 14 yet. Although a fix is underway, the fix version has been pushed back to at least 13.0.0, and Keycloak 12 is not even released.

If you are using preview features in Java 13, this could put you in a pickle, as IntelliJ IDEA does not support preview features for Java 13 anymore (only for versions 14 and 15 at the moment), which can be quite annoying.

However, there’s a workaround, as the exception occurs in the Keycloak Tomcat adapter. By switching your embedded servlet container to Undertow, we can get our setup working again in Java 14 and 15.

To do this, add the Undertow Spring Boot starter dependency:

implementation "org.springframework.boot:spring-boot-starter-undertow"

And explicitly exclude the Tomcat dependencies:

    implementation("org.springframework.boot:spring-boot-starter-web"){
        exclude module: "spring-boot-starter-tomcat"
    }
    implementation ('org.keycloak:keycloak-spring-boot-starter'){
        exclude module: "spring-boot-starter-tomcat"
    }

You might have other dependencies where it is included. Once it is excluded everywhere, your setup will work again on Java 14/15.