diff --git a/admin-ui/src/main/resources/META-INF/resources/admin/js/controllers/realm.js b/admin-ui/src/main/resources/META-INF/resources/admin/js/controllers/realm.js
index aa6199320d..b7b113accc 100755
--- a/admin-ui/src/main/resources/META-INF/resources/admin/js/controllers/realm.js
+++ b/admin-ui/src/main/resources/META-INF/resources/admin/js/controllers/realm.js
@@ -117,6 +117,8 @@ module.controller('RealmCreateCtrl', function($scope, Current, Realm, $upload, $
 
     $scope.save = function() {
         var realmCopy = angular.copy($scope.realm);
+        var ssl = window.location.protocol == 'https:';
+        realmCopy.sslNotRequired = !ssl;
         console.log('creating new realm **');
         Realm.create(realmCopy, function(data, headers) {
             var data = Realm.query(function() {
@@ -438,6 +440,12 @@ module.controller('RealmDefaultRolesCtrl', function ($scope, Realm, realm, appli
     $scope.selectedRealmDefRoles = [];
 
     $scope.applications = angular.copy(applications);
+    for (var i = 0; i < applications.length; i++) {
+        if (applications[i].name == 'account') {
+            $scope.application = $scope.applications[i];
+            break;
+        }
+    }
 
     $scope.availableAppRoles = [];
     $scope.selectedAppRoles = [];
diff --git a/docbook/reference/en/en-US/modules/eap6-adapter.xml b/docbook/reference/en/en-US/modules/eap6-adapter.xml
index 88ec08025a..391a27793a 100755
--- a/docbook/reference/en/en-US/modules/eap6-adapter.xml
+++ b/docbook/reference/en/en-US/modules/eap6-adapter.xml
@@ -45,7 +45,20 @@
             the adapter's dependencies may conflict with your application's.
         </para>
         <para>
-            After creating the <literal>jboss-deployment-structure.xml</literal> configuration file, you must create
+            Next thing you have to do is turn on the Keycloak adapter for this deployment.  To do this you must
+            create a <literal>WEB-INF/jboss-web.xml</literal> file and specify a a Keycloak valve.  This will override
+            any <literal>login-config</literal> setting you have defined with <literal>web.xml</literal>
+        </para>
+        <para>
+<programlisting><![CDATA[<jboss-web>
+    <valve>
+        <class-name>org.keycloak.adapters.as7.KeycloakAuthenticatorValve</class-name>
+    </valve>
+</jboss-web>]]>
+</programlisting>
+        </para>
+        <para>
+            After creating the <literal>jboss-web.xml</literal> configuration file, you must create
             a <literal>keycloak.json</literal> adapter config file within the <literal>WEB-INF</literal> directory
             of your WAR.  The format of this config file is describe in the <link linkend='adapter-config'>general adapter configuration</link>
             section.
diff --git a/examples/demo-template/customer-app/src/main/webapp/WEB-INF/jboss-web.xml b/examples/demo-template/customer-app/src/main/webapp/WEB-INF/jboss-web.xml
index a28a2651c9..42df73f16c 100755
--- a/examples/demo-template/customer-app/src/main/webapp/WEB-INF/jboss-web.xml
+++ b/examples/demo-template/customer-app/src/main/webapp/WEB-INF/jboss-web.xml
@@ -1,5 +1,5 @@
 <jboss-web>
     <valve>
-        <class-name>org.keycloak.adapters.as7.OAuthAuthenticatorValve</class-name>
+        <class-name>org.keycloak.adapters.as7.KeycloakAuthenticatorValve</class-name>
     </valve>
 </jboss-web>
\ No newline at end of file
diff --git a/examples/demo-template/database-service/src/main/webapp/WEB-INF/jboss-web.xml b/examples/demo-template/database-service/src/main/webapp/WEB-INF/jboss-web.xml
index d1ca3931f9..42df73f16c 100755
--- a/examples/demo-template/database-service/src/main/webapp/WEB-INF/jboss-web.xml
+++ b/examples/demo-template/database-service/src/main/webapp/WEB-INF/jboss-web.xml
@@ -1,5 +1,5 @@
 <jboss-web>
     <valve>
-        <class-name>org.keycloak.adapters.as7.BearerTokenAuthenticatorValve</class-name>
+        <class-name>org.keycloak.adapters.as7.KeycloakAuthenticatorValve</class-name>
     </valve>
 </jboss-web>
\ No newline at end of file
diff --git a/examples/demo-template/product-app/src/main/webapp/WEB-INF/jboss-web.xml b/examples/demo-template/product-app/src/main/webapp/WEB-INF/jboss-web.xml
index a28a2651c9..42df73f16c 100755
--- a/examples/demo-template/product-app/src/main/webapp/WEB-INF/jboss-web.xml
+++ b/examples/demo-template/product-app/src/main/webapp/WEB-INF/jboss-web.xml
@@ -1,5 +1,5 @@
 <jboss-web>
     <valve>
-        <class-name>org.keycloak.adapters.as7.OAuthAuthenticatorValve</class-name>
+        <class-name>org.keycloak.adapters.as7.KeycloakAuthenticatorValve</class-name>
     </valve>
 </jboss-web>
\ No newline at end of file
diff --git a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/BearerTokenAuthenticatorValve.java b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/BearerTokenAuthenticatorValve.java
deleted file mode 100755
index 4cececc4f7..0000000000
--- a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/BearerTokenAuthenticatorValve.java
+++ /dev/null
@@ -1,80 +0,0 @@
-package org.keycloak.adapters.as7;
-
-import org.apache.catalina.Lifecycle;
-import org.apache.catalina.LifecycleEvent;
-import org.apache.catalina.LifecycleException;
-import org.apache.catalina.LifecycleListener;
-import org.apache.catalina.authenticator.AuthenticatorBase;
-import org.apache.catalina.connector.Request;
-import org.apache.catalina.connector.Response;
-import org.apache.catalina.core.StandardContext;
-import org.apache.catalina.deploy.LoginConfig;
-import org.jboss.logging.Logger;
-import org.keycloak.adapters.ResourceMetadata;
-import org.keycloak.adapters.as7.config.CatalinaAdapterConfigLoader;
-import org.keycloak.representations.adapters.config.AdapterConfig;
-import org.keycloak.adapters.config.AdapterConfigLoader;
-
-import javax.security.auth.login.LoginException;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-
-/**
- * Uses a configured remote auth server to do Bearer token authentication only.  SkeletonKeyTokens are used
- * to provide user data and role mappings.
- *
- * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
- * @version $Revision: 1 $
- */
-public class BearerTokenAuthenticatorValve extends AuthenticatorBase implements LifecycleListener {
-    private static final Logger log = Logger.getLogger(BearerTokenAuthenticatorValve.class);
-    protected AdapterConfig adapterConfig;
-    protected ResourceMetadata resourceMetadata;
-
-    @Override
-    public void start() throws LifecycleException {
-        super.start();
-        StandardContext standardContext = (StandardContext) context;
-        standardContext.addLifecycleListener(this);
-    }
-
-    @Override
-    public void lifecycleEvent(LifecycleEvent event) {
-        if (event.getType() == Lifecycle.AFTER_START_EVENT) init();
-    }
-
-    protected void init() {
-        AdapterConfigLoader adapterConfigLoader = new CatalinaAdapterConfigLoader(context);
-        adapterConfig = adapterConfigLoader.getAdapterConfig();
-        adapterConfigLoader.init();
-        resourceMetadata = adapterConfigLoader.getResourceMetadata();
-        AuthenticatedActionsValve actions = new AuthenticatedActionsValve(adapterConfig, getNext(), getContainer(), getController());
-        setNext(actions);
-    }
-
-    @Override
-    public void invoke(Request request, Response response) throws IOException, ServletException {
-        try {
-            log.debugv("{0} {1}", request.getMethod(), request.getRequestURI());
-            if (adapterConfig.isCors() && new CorsPreflightChecker(adapterConfig).checkCorsPreflight(request, response)) {
-                return;
-            }
-            super.invoke(request, response);
-        } finally {
-        }
-    }
-
-    @Override
-    protected boolean authenticate(Request request, HttpServletResponse response, LoginConfig config) throws IOException {
-        try {
-            CatalinaBearerTokenAuthenticator bearer = new CatalinaBearerTokenAuthenticator(resourceMetadata, true, adapterConfig.isUseResourceRoleMappings());
-            if (bearer.login(request, response)) {
-                return true;
-            }
-            return false;
-        } catch (LoginException e) {
-        }
-        return false;
-    }
-}
diff --git a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/OAuthAuthenticatorValve.java b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/KeycloakAuthenticatorValve.java
similarity index 95%
rename from integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/OAuthAuthenticatorValve.java
rename to integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/KeycloakAuthenticatorValve.java
index 056e80d40e..b1a53f2800 100755
--- a/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/OAuthAuthenticatorValve.java
+++ b/integration/as7-eap6/adapter/src/main/java/org/keycloak/adapters/as7/KeycloakAuthenticatorValve.java
@@ -45,9 +45,9 @@ import java.util.Set;
  * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
  * @version $Revision: 1 $
  */
-public class OAuthAuthenticatorValve extends FormAuthenticator implements LifecycleListener {
+public class KeycloakAuthenticatorValve extends FormAuthenticator implements LifecycleListener {
     protected RealmConfiguration realmConfiguration;
-    private static final Logger log = Logger.getLogger(OAuthAuthenticatorValve.class);
+    private static final Logger log = Logger.getLogger(KeycloakAuthenticatorValve.class);
     protected UserSessionManagement userSessionManagement = new UserSessionManagement();
     protected AdapterConfig adapterConfig;
     protected ResourceMetadata resourceMetadata;
@@ -116,7 +116,7 @@ public class OAuthAuthenticatorValve extends FormAuthenticator implements Lifecy
             }
 
             // initiate or continue oauth2 protocol
-            oauth(request, response);
+            if (!adapterConfig.isBearerOnly()) oauth(request, response);
         } catch (LoginException e) {
         }
         return false;