libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

KEYCLOAK-7703 Documentation for HierarchicalPathBasedKeycloakConfigResolver

Browse source
This commit is contained in:
Hynek Mlnarik 2018-07-18 17:19:09 +02:00 committed by Hynek Mlnařík
parent d98e0a25b5
commit 3c187ab8e5
2 changed files with 30 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
securing_apps/topics/oidc/java/fuse7/camel.adoc
View file

@ -6,9 +6,8 @@ You can secure Apache Camel endpoints implemented with the http://camel.apache.o
Compared to the standard `undertow` component, `undertow-keycloak` component adds two new properties: Compared to the standard `undertow` component, `undertow-keycloak` component adds two new properties:
- `configResolver` is a bean that supplies {project_name} configuration file to: - `configResolver` is a resolver bean that supplies {project_name} adapter
- `org.keycloak.adapters.osgi.BundleBasedKeycloakConfigResolver`: the {project_name} adapter configuration will be looked up inside the bundle and should be stored in `WEB-INF/keycloak.json` file. configuration. Available resolvers are listed in <<_fuse7_config_external_adapter,Configuration Resolvers>> section.
- `org.keycloak.adapters.osgi.PathBasedKeycloakConfigResolver`: the {project_name} adapter configuration will be looked up as described in <<_fuse7_config_external_adapter,External adapter configuration>>.
- `allowedRoles` is a comma-separated list of roles. User accessing the service has to have at least one role to be permitted the access. - `allowedRoles` is a comma-separated list of roles. User accessing the service has to have at least one role to be permitted the access.
For example: For example:

35
securing_apps/topics/oidc/java/fuse7/classic-war.adoc
View file

@ -69,11 +69,12 @@ For example:
. Contrary to the Fuse 6 adapter, there are no special OSGi imports needed in MANIFEST.MF. . Contrary to the Fuse 6 adapter, there are no special OSGi imports needed in MANIFEST.MF.
[[_fuse7_config_external_adapter]] [[_fuse7_config_external_adapter]]
====== Configuring the External Adapter ====== Configuration Resolvers
If you do not want the `keycloak.json` adapter configuration file to be bundled inside your WAR application, but instead made available externally and loaded based on naming conventions, use this configuration method. The `keycloak.json` adapter configuration file can be stored inside a bundle,
which is default behaviour, or in a directory on a filesystem. To specify the
To enable the functionality, add this section to your `/WEB_INF/web.xml` file: actual source of the configuration file, set the `keycloak.config.resolver` deployment parameter to the desired configuration resolver class.
For example, in a classic WAR application, set the `keycloak.config.resolver` context parameter in `web.xml` file like this:
[source,xml] [source,xml]
---- ----
@ -83,8 +84,28 @@ To enable the functionality, add this section to your `/WEB_INF/web.xml` file:
</context-param> </context-param>
---- ----
That component uses `keycloak.config` or `karaf.etc` java properties to search for a base folder to locate the configuration. The following resolvers are available for `keycloak.config.resolver`:
Then inside one of those folders it searches for a file called `<your_web_context>-keycloak.json`.
So, for example, if your web application has context `my-portal`, then your adapter configuration is loaded from the `$FUSE_HOME/etc/my-portal-keycloak.json` file. org.keycloak.adapters.osgi.BundleBasedKeycloakConfigResolver::
This is the default resolver. The configuration file is expected inside
the OSGi bundle that is being secured. By default, it loads file named `WEB-INF/keycloak.json` but this file name can be configured via `configLocation` property.
org.keycloak.adapters.osgi.PathBasedKeycloakConfigResolver::
This resolver searches for a file called `<your_web_context>-keycloak.json` inside a folder
that is specified by `keycloak.config` system property. If `keycloak.config` is
not set, `karaf.etc` system property is used instead.
+
For example, if your web application is deployed into context `my-portal`, then
your adapter configuration would be loaded either from the
`${keycloak.config}/my-portal-keycloak.json` file, or from `${karaf.etc}/my-portal-keycloak.json`.
org.keycloak.adapters.osgi.HierarchicalPathBasedKeycloakConfigResolver::
This resolver is similar to `PathBasedKeycloakConfigResolver` above, where
for given URI path, configuration locations are checked from most to least specific.
+
For example, for `/my/web-app/context` URI, the following configuration locations are searched for existence until the first one exists:
* `${karaf.etc}/my-web-app-context-keycloak.json`
* `${karaf.etc}/my-web-app-keycloak.json`
* `${karaf.etc}/my-keycloak.json`
* `${karaf.etc}/keycloak.json`