keycloak-scim/securing_apps/topics/oidc/java/multi-tenancy.adoc


==== Multi Tenancy

Multi Tenancy, in our context, means that a single target application (WAR) can be secured with multiple {project_name} realms. The realms can be located
one the same {project_name} instance or on different instances.

In practice, this means that the application needs to have multiple `keycloak.json` adapter configuration files.

You could have multiple instances of your WAR with different adapter configuration files deployed to different context-paths. However, this may be inconvenient
and you may also want to select the realm based on something else than context-path.

{project_name} makes it possible to have a custom config resolver so you can choose what adapter config is used for each request.

To achieve this first you need to create an implementation of `org.keycloak.adapters.KeycloakConfigResolver`. For example:

[source,java]
----
package example;

import org.keycloak.adapters.KeycloakConfigResolver;
import org.keycloak.adapters.KeycloakDeployment;
import org.keycloak.adapters.KeycloakDeploymentBuilder;

public class PathBasedKeycloakConfigResolver implements KeycloakConfigResolver {

    @Override
    public KeycloakDeployment resolve(OIDCHttpFacade.Request request) {
        if (path.startsWith("alternative")) {
            KeycloakDeployment deployment = cache.get(realm);
            if (null == deployment) {
                InputStream is = getClass().getResourceAsStream("/tenant1-keycloak.json");
                return KeycloakDeploymentBuilder.build(is);
            }
        } else {
            InputStream is = getClass().getResourceAsStream("/default-keycloak.json");
            return KeycloakDeploymentBuilder.build(is);
        }
    }

}
----

You also need to configure which `KeycloakConfigResolver` implementation to use with the `keycloak.config.resolver` context-param in your `web.xml`:

[source,xml]
----
<web-app>
    ...
    <context-param>
        <param-name>keycloak.config.resolver</param-name>
        <param-value>example.PathBasedKeycloakConfigResolver</param-value>
    </context-param>
</web-app>
----
initial import 2016-04-18 19:10:32 +00:00
Fix headers in oidc chapter 2016-06-09 13:12:10 +00:00			`==== Multi Tenancy`
initial import 2016-04-18 19:10:32 +00:00
Convert documentation to AsciiDoctor 2017-08-28 12:50:14 +00:00			`Multi Tenancy, in our context, means that a single target application (WAR) can be secured with multiple {project_name} realms. The realms can be located`
			`one the same {project_name} instance or on different instances.`
Complete Java chapters 2016-06-03 10:35:36 +00:00
			In practice, this means that the application needs to have multiple `keycloak.json` adapter configuration files.

			`You could have multiple instances of your WAR with different adapter configuration files deployed to different context-paths. However, this may be inconvenient`
			`and you may also want to select the realm based on something else than context-path.`

Convert documentation to AsciiDoctor 2017-08-28 12:50:14 +00:00			`{project_name} makes it possible to have a custom config resolver so you can choose what adapter config is used for each request.`
Complete Java chapters 2016-06-03 10:35:36 +00:00
			To achieve this first you need to create an implementation of `org.keycloak.adapters.KeycloakConfigResolver`. For example:

			`[source,java]`
			`----`
			`package example;`

			`import org.keycloak.adapters.KeycloakConfigResolver;`
			`import org.keycloak.adapters.KeycloakDeployment;`
			`import org.keycloak.adapters.KeycloakDeploymentBuilder;`

			`public class PathBasedKeycloakConfigResolver implements KeycloakConfigResolver {`

			`@Override`
			`public KeycloakDeployment resolve(OIDCHttpFacade.Request request) {`
			`if (path.startsWith("alternative")) {`
			`KeycloakDeployment deployment = cache.get(realm);`
			`if (null == deployment) {`
			`InputStream is = getClass().getResourceAsStream("/tenant1-keycloak.json");`
			`return KeycloakDeploymentBuilder.build(is);`
			`}`
			`} else {`
			`InputStream is = getClass().getResourceAsStream("/default-keycloak.json");`
			`return KeycloakDeploymentBuilder.build(is);`
			`}`
			`}`

			`}`
			`----`

			You also need to configure which `KeycloakConfigResolver` implementation to use with the `keycloak.config.resolver` context-param in your `web.xml`:

			`[source,xml]`
			`----`
			`<web-app>`
			`...`
			`<context-param>`
			`<param-name>keycloak.config.resolver</param-name>`
			`<param-value>example.PathBasedKeycloakConfigResolver</param-value>`
			`</context-param>`
			`</web-app>`
			`----`