assert response.headers["WWW-Authenticate"] == 'Basic realm="simple"'


def test_security_http_basic_invalid_credentials():
    response = client.get(
        "/users/me", headers={"Authorization": "Basic notabase64token"}
    )
    assert response.status_code == 401, response.text
    assert response.headers["WWW-Authenticate"] == 'Basic realm="simple"'

    assert response.headers["WWW-Authenticate"] == 'Basic realm="simple"'


def test_security_http_basic_invalid_credentials():
    response = client.get(
        "/users/me", headers={"Authorization": "Basic notabase64token"}
    )
    assert response.status_code == 401, response.text
    assert response.headers["WWW-Authenticate"] == 'Basic realm="simple"'

  - Add this Role into compositive role named `default-roles-{realm}` - `{realm}` should be replaced with whatever realm you created from `prerequisites` section. This role is automatically trusted in the 'Service Accounts' tab.

- Check that `account` client_id has the role 'admin' assigned in the "Service Account Roles" tab.

After that, you will be able to obtain an id_token for the Admin REST API using client_id and client_secret:

            return realm;
        }

        public DependencyFilter getExtensionArtifactFilter() {
            return extensionArtifactFilter;
        }

        private final ClassRealm realm;

        private final DependencyFilter extensionArtifactFilter;

        CacheRecord(ClassRealm realm, DependencyFilter extensionArtifactFilter) {
            this.realm = realm;

    private final String key;

    private final XmlNode configuration;

    public CoreExtensionEntry(
            ClassRealm realm,
            Collection<String> artifacts,
            Collection<String> packages,
            String key,
            XmlNode configuration) {
        this.realm = realm;
        this.artifacts = Collections.unmodifiableSet(new HashSet<>(artifacts));

        .url("https://server/robots.txt")
        .build()
    val response =
      Response.Builder()
        .request(request)
        .code(401)
        .header("WWW-Authenticate", "Basic realm=\"User Visible Realm\"")
        .protocol(HTTP_2)
        .message("Unauthorized")
        .build()
    val authRequest = authenticator.authenticate(route, response)

    assertEquals(

public interface ClassRealmManager {

    /**
     * Gets the class realm hosting the Maven core.
     *
     * @return The class realm hosting the Maven core, never {@code null}.
     */
    ClassRealm getCoreRealm();

    /**
     * Gets the class realm exposing the Maven API. This is basically a restricted view on the Maven core realm.
     *
     * @return The class realm exposing the Maven API, never {@code null}.
     */

        /**
         * A class realm for a build extension.
         */
        Extension,

        /**
         * A class realm for a plugin.
         */
        Plugin,
    }

    /**
     * Gets the type of the class realm.
     *
     * @return The type of the class realm, never {@code null}.
     */
    RealmType getType();

    /**
     * Gets the parent class realm (if any).
     *

import java.util.Objects;
import java.util.concurrent.ConcurrentHashMap;

import org.codehaus.plexus.classworlds.realm.ClassRealm;
import org.codehaus.plexus.classworlds.realm.NoSuchRealmException;
import org.codehaus.plexus.personality.plexus.lifecycle.phase.Disposable;
import org.eclipse.aether.graph.DependencyFilter;

/**
 * Default project realm cache implementation. Assumes cached data does not change.
 */
@Named
@Singleton

func WithAdminURL(url string) Option {
	return func(p *KeycloakProvider) {
		p.adminURL = url
	}
}

// WithRealm provide realm configuration for Keycloak
func WithRealm(realm string) Option {
	return func(p *KeycloakProvider) {
		p.realm = realm
	}
}

// KeyCloak initializes a new keycloak provider
func KeyCloak(opts ...Option) (Provider, error) {
	p := &KeycloakProvider{}