Crucial APIs needed by Pax Web. "Canonical" jakarta.* bundles are used and Pax Web specific fragments are adding osgi.contract headers. This feature should be used if the custom Karaf distribution doesn't provide relevant APIs from system bundle (org.osgi.framework.system.packages[.extra])

mvn:jakarta.annotation/jakarta.annotation-api/1.3.5 mvn:org.ops4j.pax.web/pax-web-compatibility-annotation13/8.0.26 mvn:jakarta.el/jakarta.el-api/3.0.3 mvn:org.ops4j.pax.web/pax-web-compatibility-el2/8.0.26 mvn:jakarta.servlet/jakarta.servlet-api/4.0.4 mvn:org.ops4j.pax.web/pax-web-compatibility-servlet31/8.0.26

Pax Web API/SPI bundles without any active components (blueprints, scrs, services, activators) This feature is needed when integrating with Pax Web (e.g., registering Pax Web specific listeners)

mvn:jakarta.servlet/jakarta.servlet-api/4.0.4 mvn:org.ops4j.pax.web/pax-web-compatibility-servlet31/8.0.26 mvn:org.ops4j.pax.web/pax-web-api/8.0.26 mvn:org.ops4j.pax.web/pax-web-spi/8.0.26 pax-web-core mvn:jakarta.websocket/jakarta.websocket-api/1.1.2 mvn:org.ops4j.pax.web/pax-web-websocket/8.0.26 mvn:jakarta.servlet/jakarta.servlet-api/4.0.4 mvn:org.ops4j.pax.web/pax-web-compatibility-servlet31/8.0.26 mvn:org.eclipse.jetty/jetty-client/9.4.54.v20240208 mvn:org.eclipse.jetty/jetty-util/9.4.54.v20240208 mvn:org.eclipse.jetty/jetty-util-ajax/9.4.54.v20240208 mvn:org.eclipse.jetty/jetty-io/9.4.54.v20240208 mvn:org.eclipse.jetty/jetty-http/9.4.54.v20240208 mvn:org.eclipse.jetty/jetty-xml/9.4.54.v20240208 mvn:org.eclipse.jetty/jetty-server/9.4.54.v20240208 mvn:org.eclipse.jetty/jetty-servlet/9.4.54.v20240208 mvn:org.eclipse.jetty/jetty-servlets/9.4.54.v20240208 mvn:org.eclipse.jetty/jetty-security/9.4.54.v20240208 mvn:org.eclipse.jetty/jetty-continuation/9.4.54.v20240208 mvn:org.eclipse.jetty/jetty-jmx/9.4.54.v20240208 mvn:org.eclipse.jetty/jetty-jaas/9.4.54.v20240208 pax-web-jetty spifly mvn:org.eclipse.jetty/jetty-rewrite/9.4.54.v20240208 mvn:org.eclipse.jetty/jetty-openid/9.4.54.v20240208 mvn:org.eclipse.jetty/jetty-proxy/9.4.54.v20240208 pax-web-websockets pax-web-jetty mvn:org.eclipse.jetty/jetty-client/9.4.54.v20240208 mvn:org.eclipse.jetty.websocket/javax-websocket-client-impl/9.4.54.v20240208 mvn:org.eclipse.jetty.websocket/javax-websocket-server-impl/9.4.54.v20240208 mvn:org.eclipse.jetty.websocket/websocket-api/9.4.54.v20240208 mvn:org.eclipse.jetty.websocket/websocket-common/9.4.54.v20240208 mvn:org.eclipse.jetty.websocket/websocket-client/9.4.54.v20240208 mvn:org.eclipse.jetty.websocket/websocket-server/9.4.54.v20240208 mvn:org.eclipse.jetty.websocket/websocket-servlet/9.4.54.v20240208

Before JDK 8u252 org.eclipse.jetty.alpn.ALPN from org.eclipse.jetty.alpn:alpn-api:1.1.3.v20160715 had to be present on boot classpath. It's no longer needed and on newer JDK 8 versions it's enough to have org.eclipse.jetty:jetty-alpn-openjdk8-server bundle installed. On JDK9+, have org.eclipse.jetty:jetty-alpn-java-server bundle has to be installed. So without direct dependency, if pax-web-jetty-http2 feature is installed, additional feature has to be installed depending on JDK used: - JDK8: pax-web-jetty-http2-jdk8 - JDK9 and later: pax-web-jetty-http2-jdk9

pax-web-jetty mvn:org.eclipse.jetty.http2/http2-hpack/9.4.54.v20240208 mvn:org.eclipse.jetty.http2/http2-common/9.4.54.v20240208 mvn:org.eclipse.jetty.http2/http2-server/9.4.54.v20240208 pax-web-jetty mvn:org.eclipse.jetty/jetty-alpn-client/9.4.54.v20240208 mvn:org.eclipse.jetty.http2/http2-hpack/9.4.54.v20240208 mvn:org.eclipse.jetty.http2/http2-common/9.4.54.v20240208 mvn:org.eclipse.jetty.http2/http2-client/9.4.54.v20240208 mvn:org.eclipse.jetty.http2/http2-http-client-transport/9.4.54.v20240208 pax-web-jetty mvn:org.eclipse.jetty.alpn/alpn-api/1.1.3.v20160715 mvn:org.eclipse.jetty/jetty-alpn-client/9.4.54.v20240208 mvn:org.eclipse.jetty/jetty-alpn-server/9.4.54.v20240208 mvn:org.eclipse.jetty/jetty-alpn-openjdk8-client/9.4.54.v20240208 mvn:org.eclipse.jetty/jetty-alpn-openjdk8-server/9.4.54.v20240208 pax-web-jetty mvn:org.eclipse.jetty.alpn/alpn-api/1.1.3.v20160715 mvn:org.eclipse.jetty/jetty-alpn-client/9.4.54.v20240208 mvn:org.eclipse.jetty/jetty-alpn-server/9.4.54.v20240208 mvn:org.eclipse.jetty/jetty-alpn-java-client/9.4.54.v20240208 mvn:org.eclipse.jetty/jetty-alpn-java-server/9.4.54.v20240208 pax-web-core pax-web-jetty mvn:org.ops4j.pax.web/pax-web-runtime/8.0.26 mvn:org.ops4j.pax.web/pax-web-jetty/8.0.26 mvn:org.ops4j.pax.web/pax-web-tomcat-common/8.0.26 pax.web.http.provider;provider:=jetty # non secure connector configuration org.osgi.service.http.enabled = true org.osgi.service.http.port = 8181 # secure connector configuration org.osgi.service.http.secure.enabled = false #org.osgi.service.http.port.secure = 8443 #org.ops4j.pax.web.ssl.truststore = ${karaf.etc}/server.keystore #org.ops4j.pax.web.ssl.truststore.password = passw0rd #org.ops4j.pax.web.ssl.truststore.type = JKS #org.ops4j.pax.web.ssl.keystore = ${karaf.etc}/server.keystore #org.ops4j.pax.web.ssl.keystore.password = passw0rd #org.ops4j.pax.web.ssl.keystore.type = JKS #org.ops4j.pax.web.ssl.key.password = passw0rd #org.ops4j.pax.web.ssl.key.alias = server #org.ops4j.pax.web.ssl.clientauth.needed = false #org.ops4j.pax.web.ssl.protocols.included = TLSv1.3 #org.ops4j.pax.web.ssl.protocol = TLSv1.3 #org.ops4j.pax.web.ssl.protocols.included = TLSv1.2 TLSv1.3 #org.ops4j.pax.web.ssl.ciphersuites.included = TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384 #org.ops4j.pax.web.ssl.secureRandom.algorithm = NativePRNGNonBlocking #org.ops4j.pax.web.ssl.renegotiationAllowed = true #org.ops4j.pax.web.ssl.session.enabled = true # external Jetty configuration file where Jetty-specific beans may be declared #org.ops4j.pax.web.config.file = ${karaf.etc}/jetty.xml # optional Jetty context configuration file applied to all web contexts # see https://www.eclipse.org/jetty/documentation/jetty-9/index.html#using-basic-descriptor-files #org.ops4j.pax.web.context.file = ${karaf.etc}/jetty-web.xml # SameSite attribute configuration for session cookie (possible values: none, lax, strict) # Important: when using OpenID Connect / Oauth2 (e.g., Keycloak) SameSite=strict won't work, because # the Keycloak redirected response after authentication should contain JSESSIONID cookie #org.ops4j.pax.web.session.cookie.sameSite = strict # this is a root directory for all the context-specific directories managed by Pax Web javax.servlet.context.tempdir = ${karaf.data}/pax-web/tmp mvn:org.ops4j.pax.web/pax-web-features/8.0.26/xml/config-jetty mvn:org.ops4j.pax.web/pax-web-features/8.0.26/xml/context-jetty keycloak-adapter-core pax-web-core pax-web-http-jetty mvn:org.keycloak/keycloak-osgi-adapter/18.0.2 mvn:org.ops4j.pax.web/pax-web-jetty-keycloak18/8.0.26 keycloak-adapter-core pax-web-core pax-web-http-jetty mvn:org.ops4j.pax.web/pax-web-jetty-keycloak/8.0.26

Tomcat libraries are repackaged in pax-web-tomcat bundle based on tomcat-embed-core

pax-web-core mvn:jakarta.el/jakarta.el-api/3.0.3 mvn:jakarta.annotation/jakarta.annotation-api/1.3.5 mvn:jakarta.servlet/jakarta.servlet-api/4.0.4 mvn:jakarta.security.auth.message/jakarta.security.auth.message-api/1.1.3 mvn:org.ops4j.pax.web/pax-web-tomcat-common/8.0.26 mvn:org.ops4j.pax.web/pax-web-tomcat/8.0.26 pax-web-websockets pax-web-tomcat mvn:org.ops4j.pax.web/pax-web-tomcat-websocket/8.0.26 pax-web-tomcat mvn:org.ops4j.pax.web/pax-web-runtime/8.0.26 pax.web.http.provider;provider:=tomcat # non secure connector configuration org.osgi.service.http.enabled = true org.osgi.service.http.port = 8181 # secure connector configuration org.osgi.service.http.secure.enabled = false #org.osgi.service.http.port.secure = 8443 #org.ops4j.pax.web.ssl.truststore = ${karaf.etc}/server.keystore #org.ops4j.pax.web.ssl.truststore.password = passw0rd #org.ops4j.pax.web.ssl.truststore.type = JKS #org.ops4j.pax.web.ssl.keystore = ${karaf.etc}/server.keystore #org.ops4j.pax.web.ssl.keystore.password = passw0rd #org.ops4j.pax.web.ssl.keystore.type = JKS #org.ops4j.pax.web.ssl.key.password = passw0rd #org.ops4j.pax.web.ssl.key.alias = server #org.ops4j.pax.web.ssl.clientauth.needed = false #org.ops4j.pax.web.ssl.protocol = TLSv1.3 #org.ops4j.pax.web.ssl.protocols.included = TLSv1.2 TLSv1.3 #org.ops4j.pax.web.ssl.ciphersuites.included = TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384 #org.ops4j.pax.web.ssl.secureRandom.algorithm = NativePRNGNonBlocking #org.ops4j.pax.web.ssl.renegotiationAllowed = true #org.ops4j.pax.web.ssl.session.enabled = true # external Tomcat configuration file where Tomcat-specific beans may be declared #org.ops4j.pax.web.config.file = ${karaf.etc}/tomcat-server.xml # optional Tomcat context configuration file applied to all web contexts # see https://tomcat.apache.org/tomcat-9.0-doc/config/context.html #org.ops4j.pax.web.context.file = ${karaf.etc}/tomcat-context.xml # SameSite attribute configuration for session cookie (possible values: none, lax, strict) # Important: when using OpenID Connect / Oauth2 (e.g., Keycloak) SameSite=strict won't work, because # the Keycloak redirected response after authentication should contain JSESSIONID cookie #org.ops4j.pax.web.session.cookie.sameSite = strict # this is a root directory for all the context-specific directories managed by Pax Web javax.servlet.context.tempdir = ${karaf.data}/pax-web/tmp mvn:org.ops4j.pax.web/pax-web-features/8.0.26/xml/config-tomcat mvn:org.ops4j.pax.web/pax-web-features/8.0.26/xml/context-tomcat keycloak-adapter-core pax-web-core pax-web-http-tomcat mvn:org.keycloak/keycloak-osgi-adapter/18.0.2 mvn:org.ops4j.pax.web/pax-web-tomcat-keycloak18/8.0.26 keycloak-adapter-core pax-web-core pax-web-http-tomcat mvn:org.ops4j.pax.web/pax-web-tomcat-keycloak/8.0.26

Undertow libraries are proper OSGi bundles, but pax-web-undertow exports required Wildfly packages

pax-web-core mvn:jakarta.annotation/jakarta.annotation-api/1.3.5 mvn:com.sun.activation/javax.activation/1.2.0 mvn:jakarta.servlet/jakarta.servlet-api/4.0.4 mvn:jakarta.xml.bind/jakarta.xml.bind-api/2.3.3 mvn:org.jboss.xnio/xnio-api/3.8.11.Final mvn:org.jboss.xnio/xnio-nio/3.8.11.Final mvn:io.undertow/undertow-core/2.2.30.Final mvn:io.undertow/undertow-servlet/2.2.30.Final mvn:org.ops4j.pax.web/pax-web-undertow/8.0.26 pax-web-websockets pax-web-undertow mvn:io.undertow/undertow-websockets-jsr/2.2.30.Final mvn:org.ops4j.pax.web/pax-web-undertow-websocket/8.0.26 pax-web-core pax-web-undertow mvn:org.ops4j.pax.web/pax-web-runtime/8.0.26 mvn:org.ops4j.pax.web/pax-web-tomcat-common/8.0.26 pax.web.http.provider;provider:=undertow # non secure connector configuration org.osgi.service.http.enabled = true org.osgi.service.http.port = 8181 # secure connector configuration org.osgi.service.http.secure.enabled = false #org.osgi.service.http.port.secure = 8443 #org.ops4j.pax.web.ssl.truststore = ${karaf.etc}/server.keystore #org.ops4j.pax.web.ssl.truststore.password = passw0rd #org.ops4j.pax.web.ssl.truststore.type = JKS #org.ops4j.pax.web.ssl.keystore = ${karaf.etc}/server.keystore #org.ops4j.pax.web.ssl.keystore.password = passw0rd #org.ops4j.pax.web.ssl.keystore.type = JKS #org.ops4j.pax.web.ssl.key.password = passw0rd #org.ops4j.pax.web.ssl.key.alias = server #org.ops4j.pax.web.ssl.clientauth.needed = false #org.ops4j.pax.web.ssl.protocol = TLSv1.3 #org.ops4j.pax.web.ssl.protocols.included = TLSv1.2 TLSv1.3 #org.ops4j.pax.web.ssl.ciphersuites.included = TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384 #org.ops4j.pax.web.ssl.secureRandom.algorithm = NativePRNGNonBlocking #org.ops4j.pax.web.ssl.renegotiationAllowed = true #org.ops4j.pax.web.ssl.session.enabled = true # external Undertow configuration file where Undertow-specific beans may be declared #org.ops4j.pax.web.config.file = ${karaf.etc}/undertow.xml # SameSite attribute configuration for session cookie (possible values: none, lax, strict) # Important: when using OpenID Connect / Oauth2 (e.g., Keycloak) SameSite=strict won't work, because # the Keycloak redirected response after authentication should contain JSESSIONID cookie #org.ops4j.pax.web.session.cookie.sameSite = strict # this is a root directory for all the context-specific directories managed by Pax Web javax.servlet.context.tempdir = ${karaf.data}/pax-web/tmp mvn:org.ops4j.pax.web/pax-web-features/8.0.26/xml/config-undertow keycloak-adapter-core pax-web-core pax-web-http-undertow mvn:org.keycloak/keycloak-osgi-adapter/18.0.2 mvn:org.keycloak/keycloak-undertow-adapter-spi/18.0.2 mvn:org.keycloak/keycloak-undertow-adapter/18.0.2 mvn:org.keycloak/keycloak-pax-web-undertow/18.0.2 keycloak-adapter-core pax-web-core pax-web-http-undertow mvn:org.ops4j.pax.web/pax-web-undertow-keycloak/8.0.26 pax-web-core mvn:jakarta.el/jakarta.el-api/3.0.3 mvn:org.ops4j.pax.web/pax-web-compatibility-el2/8.0.26 mvn:jakarta.annotation/jakarta.annotation-api/1.3.5 mvn:org.eclipse.jdt/ecj/3.26.0 mvn:org.ops4j.pax.web/pax-web-tomcat-common/8.0.26 mvn:org.ops4j.pax.web/pax-web-jsp/8.0.26 pax-web-core mvn:org.ops4j.pax.web/pax-web-extender-whiteboard/8.0.26 pax-web-core mvn:org.ops4j.pax.web/pax-web-tomcat-common/8.0.26 mvn:org.ops4j.pax.web/pax-web-extender-war/8.0.26 mvn:jakarta.annotation/jakarta.annotation-api/1.3.5 mvn:org.osgi/org.osgi.util.promise/1.3.0 mvn:org.osgi/org.osgi.util.function/1.2.0 mvn:org.ops4j.pax.url/pax-url-war/2.6.14/jar/uber pax-web-core shell mvn:org.ops4j.pax.web/pax-web-deployer/8.0.26 mvn:org.ops4j.pax.web/pax-web-karaf/8.0.26

This feature replaces a feature that was available in Keycloak 18 and earlier

mvn:org.ops4j.pax.web/keycloak-common/8.0.26 mvn:org.ops4j.pax.web/keycloak-osgi-adapter/8.0.26 mvn:org.apache.httpcomponents/httpcore-osgi/4.4.16 mvn:org.apache.httpcomponents/httpclient-osgi/4.5.14 mvn:com.fasterxml.jackson.core/jackson-annotations/2.15.3 mvn:com.fasterxml.jackson.core/jackson-core/2.15.3 mvn:com.fasterxml.jackson.core/jackson-databind/2.15.3 mvn:org.bouncycastle/bcprov-jdk18on/1.76 mvn:org.bouncycastle/bcpkix-jdk18on/1.76 mvn:org.bouncycastle/bcutil-jdk18on/1.76