Spring Boot 2.1 changed the default behavior for bean overriding to not allowed as seen in here:
With this, the context fails to create, because the Keycloak security config tries to override the httpSessionManager bean. To make this work, the bean overriding must be enabled (using the new property, which in turn calls DefaultListableBeanFactory.setAllowBeanDefinitionOverriding()). Of course, this is easy to do, but I understand the Spring team's rationale for avoiding this if possible.
This is a minimum working example for a bearer-only REST API. Maybe there is some error in my configuration that causes this, but it's pretty much in line with the official docs.
This results in the error: