From 1a8fb3194fda1bacd4ad516ede0060a90b0c96e5 Mon Sep 17 00:00:00 2001 From: Stan Silvert Date: Thu, 1 Sep 2016 01:04:26 -0400 Subject: [PATCH] KEYCLOAK-3196: Use WildFly management model for server configuration (#11) --- book-product.json | 4 ++ book.json | 4 ++ topics/providers.adoc | 102 +++++++++++++++++++++--------------------- topics/themes.adoc | 51 +++++++++++---------- 4 files changed, 87 insertions(+), 74 deletions(-) diff --git a/book-product.json b/book-product.json index f4ed9ee6fe..0f0291a9a3 100755 --- a/book-product.json +++ b/book-product.json @@ -25,6 +25,10 @@ "link": "https://access.redhat.com/documentation/en/red-hat-single-sign-on/7.0/securing-applications-and-services-guide/" }, + "installguide": { + "name": "Server Installation and Configuration Guide", + "link": "https://keycloak.gitbooks.io/server-installation-and-configuration/content/" + }, "apidocs": { "name": "API Documentation", "link": "https://access.redhat.com/documentation/en/red-hat-single-sign-on/7.0/api-documentation/" diff --git a/book.json b/book.json index d3d25239a1..8368aafb8e 100755 --- a/book.json +++ b/book.json @@ -25,6 +25,10 @@ "link": "https://keycloak.gitbooks.io/securing-client-applications-guide/content/" }, + "installguide": { + "name": "Server Installation and Configuration Guide", + "link": "https://keycloak.gitbooks.io/server-installation-and-configuration/content/" + }, "apidocs": { "name": "API Documentation", "link": "http://keycloak.org/docs" diff --git a/topics/providers.adoc b/topics/providers.adoc index 9053dfb2bf..619f67bf7c 100755 --- a/topics/providers.adoc +++ b/topics/providers.adoc @@ -87,16 +87,22 @@ Example service configuration file (`META-INF/services/org.keycloak.events.Event org.acme.provider.MyEventListenerProviderFactory ---- -You can configure your provider through `keycloak-server.json`. For example by adding the following to `keycloak-server.json`: +You can configure your provider through `standalone.xml`, `standalone-ha.xml`, or `domain.xml`. +See the link:{{book.installguide.link}}[{{book.installguide.name}}] for more details on +where the `standalone.xml`, `standalone-ha.xml`, or `domain.xml` file lives. -[source] +For example by adding the following to `standalone.xml`: + +[source,xml] ---- -"eventsListener": { - "my-event-listener" { - "aNumber": 10, - "aString": "Foo" - } -} + + + + + + + + ---- Then you can retrieve the config in the `ProviderFactory` init method: @@ -202,16 +208,17 @@ Then copy `event-listener-sysout-example.jar` to this folder and create `module. ---- Once you've created the module you need to register this module with Keycloak. -This is done by editing keycloak-server.json and adding it to the providers: +This is done by editing the keycloak-server subsystem section of +`standalone.xml`, `standalone-ha.xml`, or `domain.xml`, and adding it to the providers: -[source] +[source,xml] ---- -{ - "providers": [ - ... - "module:org.keycloak.examples.event-sysout" - ] -} + + auth + + module:org.keycloak.examples.event-sysout + + ... ---- ==== Register a provider using file-system @@ -219,62 +226,55 @@ This is done by editing keycloak-server.json and adding it to the providers: To register your provider simply copy the JAR including the ProviderFactory and Provider classes and the provider configuration file to server's root `providers` directory. You can also define multiple provider class-path if you want to create isolated class-loaders. -To do this edit keycloak-server.json and add more classpath entries to the providers array. +To do this edit `standalone.xml`, `standalone-ha.xml`, or `domain.xml` and add more classpath entries to the providers element. For example: -[source] +[source,xml] ---- -{ - "providers": [ - "classpath:provider1.jar;lib-v1.jar", - "classpath:provider2.jar;lib-v2.jar" - ] -} + + classpath:provider1.jar;lib-v1.jar + classpath:provider2.jar;lib-v2.jar + ---- The above example will create two separate class-loaders for providers. The classpath entries follow the same syntax as Java classpath, with ';' separating multiple-entries. Wildcard is also supported allowing loading all jars (files with .jar or .JAR extension) in a folder, for example: -[source] +[source,xml] ---- -{ - "providers": [ - "classpath:/home/user/providers/*" - ] -} + + classpath:/home/user/providers/* + ---- ==== Configuring a provider -You can pass configuration options to your provider by setting them in `keycloak-server.json`. +You can pass configuration options to your provider by setting them in `standalone.xml`, `standalone-ha.xml`, or `domain.xml`. For example to set the max value for `my-event-listener` add: -[source] +[source.xml] ---- -{ - "eventsListener": { - "my-event-listener": { - "max": 100 - } - } -} + + + + + + + ---- ==== Disabling a provider -You can disable a provider by setting the enabled field for the provider to false in `keycloak-server.json`. +You can disable a provider by setting the enabled attribute for the provider to false +in `standalone.xml`, `standalone-ha.xml`, or `domain.xml`. For example to disable the Infinispan user cache provider add: -[source] +[source,xml] ---- -{ -"userCache": { - "infinispan" : { - "enabled": false - } -} -} + + + ---- === Available SPIs @@ -286,9 +286,9 @@ If you want to see list of all available SPIs at runtime, you can check `Server |=== |SPI|Description -|Connections Infinispan|Loads and configures Infinispan connections. The default implementation can load connections from the Infinispan subsystem, or alternatively can be manually configured in keycloak-server.json -|Connections Jpa|Loads and configures Jpa connections. The default implementation can load datasources from WildFly/EAP, or alternatively can be manually configured in keycloak-server.json -|Connections Mongo|Loads and configures MongoDB connections. The default implementation is configured in keycloak-server.json +|Connections Infinispan|Loads and configures Infinispan connections. The default implementation can load connections from the Infinispan subsystem, or alternatively can be manually configured in standalone.xml +|Connections Jpa|Loads and configures Jpa connections. The default implementation can load datasources from WildFly/EAP, or alternatively can be manually configured in standalone.xml +|Connections Mongo|Loads and configures MongoDB connections. The default implementation is configured in standalone.xml |Email Sender|Sends email. The default implementation uses JavaMail |Email Template|Format email and uses Email Sender to send the email. The default implementation uses FreeMarker templates |Events Listener|Listen to user related events for example user login success and failures. Keycloak provides two implementations out of box. One that logs events to the server log and another that can send email notifications to users on certain events diff --git a/topics/themes.adoc b/topics/themes.adoc index a6fe55706c..7dcaa28359 100644 --- a/topics/themes.adoc +++ b/topics/themes.adoc @@ -24,15 +24,19 @@ your realm from the drop-down box in the top left corner. Under `Realm Settings` NOTE: To set the theme for the `master` admin console you need to set the admin console theme for the `master` realm. To see the changes to the admin console refresh the page. -To change the welcome theme you need to edit `keycloak-server.json` (in `standalone/configuration` or `domain/servers/{server name}/configuration`) and add `welcomeTheme` to the theme element, for example: +To change the welcome theme you need to edit `standalone.xml`, `standalone-ha.xml`, or `domain.xml`. +See the link:{{book.installguide.link}}[{{book.installguide.name}}] for more details on +where the `standalone.xml`, `standalone-ha.xml`, or `domain.xml` file lives. -[source,json] +Add `welcomeTheme` to the theme element, for example: + +[source,xml] ---- -"theme": { + ... - "welcomeTheme": "custom-theme", + custom-theme ... -} + ---- If the server is running you need to restart the server for the changes to the welcome theme to take effect. @@ -61,18 +65,17 @@ When extending a theme you can override individual resources (templates, stylesh need to update your custom template when upgrading to a new release. While creating a theme it's a good idea to disable caching as this makes it possible to edit theme resources directly from the `themes` directory without -restarting {{book.project.name}}. To do this edit `standalone/configuration/keycloak-server.json` for `theme` set `staticMaxAge` to `-1` and both +restarting {{book.project.name}}. To do this edit `standalone.xml`. For `theme` set `staticMaxAge` to `-1` and both `cacheTemplates` and `cacheThemes` to `false`: -[source,json] +[source,xml] ---- -"theme": { + + -1 + false + false ... - "staticMaxAge": -1, - "cacheTemplates": false, - "cacheThemes": false, - ... -} + ---- Remember to re-enable caching in production as it will significantly impact performance. @@ -352,21 +355,23 @@ To manually create the module create the directory `modules/org/keycloak/example ---- -You also need to register the module with {{book.project.name}}. This is done by editing `keycloak-server.json` (in `standalone/configuration` or `domain/servers/{server name}/configuration`) and adding the module -to `theme/module/modules`. For example: +You also need to register the module with {{book.project.name}}. This is done by editing `standalone.xml`, `standalone-ha.xml`, or `domain.xml`. +See the link:{{book.installguide.link}}[{{book.installguide.name}}] for more details on +where the `standalone.xml`, `standalone-ha.xml`, or `domain.xml` file lives. -[source] +Then and add the module to `theme/module/modules`. For example: + +[source,xml] ---- -[ -"theme": { + ... - "module": { - "modules": [ "org.example.mytheme" ] - } -} + + org.example.mytheme + + ---- -If the server is running you need to restart the server after changing `keycloak-server.json`. +If the server is running you need to restart the server after changing `standalone.xml`, `standalone-ha.xml`, or `domain.xml`. [NOTE] ====