oscerd opened a new pull request, #23981: URL: https://github.com/apache/camel/pull/23981
## Backport of #23958 Cherry-pick of #23958 onto `camel-4.18.x` (fix ships in 4.18.3). **Original PR:** #23958 — CAMEL-23738: camel-keycloak - always verify access token even without required roles/permissions **Original author:** @oscerd **Target branch:** `camel-4.18.x` `KeycloakSecurityProcessor.beforeProcess()` now authenticates a present access token even when no roles/permissions are configured (previously the token was only verified when roles or permissions were required), so an invalid/unverifiable token is rejected. Includes regression tests (local JWT & introspection) and a component-doc note. ### Backport notes - The upgrade-guide entry was placed in `camel-4x-upgrade-guide-4_18.adoc` (under *Upgrading 4.18.2 → 4.18.3*) instead of the `4_21` guide, which doesn't exist on this branch. - :warning: CI on this branch currently fails the `docs` `xref-check` on a **pre-existing, unrelated** broken xref (`java-xml-io-dsl.adoc:114` → `camel-jbang-beans.adoc`, which does not exist on `camel-4.18.x`). It affects all 4.18.x PRs and is not introduced by this backport; `camel-keycloak` builds cleanly. _Claude Code on behalf of Andrea Cosentino_ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
