[[_jetty9_adapter]]
==== Jetty 9.4 adapter
Keycloak has a separate adapter for Jetty 9.4 that you will have to install into your Jetty installation.
You then have to provide some extra configuration in each WAR you deploy to Jetty.
[[_jetty9_adapter_installation]]
===== Installing the adapter
Adapters are no longer included with the appliance or war distribution. Each adapter is a separate download on the Keycloak downloads site. They are also available as a maven artifact.
.Procedure
. Download the {project_name} Jetty 9.4 adapter ZIP archive from the link:https://www.keycloak.org/downloads[Keycloak Downloads] site.
. Unzip the Jetty 9.4 distro into Jetty 9.4's link:https://eclipse.dev/jetty/documentation/jetty-9/index.html[base directory]. In the example below, the Jetty base is named `your-base`:
+
[source, subs="attributes"]
----
$ cd your-base
$ unzip keycloak-jetty94-adapter-dist-{project_version}.Final.zip
----
. Enable the `keycloak` module for your Jetty base:
+
[source]
----
$ java -jar $JETTY_HOME/start.jar --add-to-startd=keycloak
----
+
====
[NOTE]
Including the adapter's jars within your WEB-INF/lib directory will not work.
====
[[_jetty9_per_war]]
===== Jetty 9 Securing a WAR
Use this procedure to secure a WAR directly by adding config and editing files within your WAR package.
.Procedure
. Create a `WEB-INF/jetty-web.xml` file in your WAR package. This is a Jetty specific config fil. You define a Keycloak specific authenticator within it.
+
[source]
----
----
. Create a `keycloak.json` adapter config file within the `WEB-INF` directory of your WAR.
+
The format of this config file is described in the <<_java_adapter_config,Java adapter configuration>> section.
+
WARNING: The Jetty 9.4 adapter will not be able to find the `keycloak.json` file.
You will have to define all adapter settings within the `jetty-web.xml` file as described below.
Instead of using keycloak.json, you can define everything within the `jetty-web.xml`.
You'll just have to figure out how the json settings match to the `org.keycloak.representations.adapters.config.AdapterConfig` class.
+
[source,subs="attributes+"]
----
tomcat
customer-portal
http://localhost:8081{kc_base_path}
external
----
. Create the jetty-web.xml file in your webapps directory with the name of yourwar.xml.
Jetty should pick it up. You do not need to open your WAR to secure it with {project_name}.
In this mode, you declare keycloak.json configuration directly within the xml file.
. Specify both a `login-config` and use standard servlet security to specify role-base constraints on your URLs. Here's an example:
+
[source,xml]
----
customer-portal
Customers
/*
user
CONFIDENTIAL
BASIC
this is ignored currently
admin
user
----