Before reporting an issue

[x] I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

Area

dist/quarkus

Describe the bug

When processing URLs, Keycloak normalizes URLs based on the Quarkus logic.

This includes collapsing a double slash //, as well as evaluating .. in the path.

While this is a convenience feature also partly an RFC3986 as well, it makes URL filtering for Keycloak unnecessarily hard and difficult to document. Also Quarkus adds another normalization by removing the double slash.

Version

main

Regression

[ ] The issue is a regression

Expected behavior

Allow simple URL filtering for Keycloak rules.

Actual behavior

Keycloak normalizes URLs, thereby making it hard to filter them.

How to Reproduce?

Use curl --path-as-is ... and use an URL with .. in it.

Anything else?

I'll prepare a PR.