[[_jetty9_adapter]] ==== Jetty 9.4 adapter Keycloak has a separate adapter for Jetty 9.4 that you will have to install into your Jetty installation. You then have to provide some extra configuration in each WAR you deploy to Jetty. [[_jetty9_adapter_installation]] ===== Installing the adapter Adapters are no longer included with the appliance or war distribution. Each adapter is a separate download on the Keycloak downloads site. They are also available as a maven artifact. .Procedure . Download the {project_name} Jetty 9.4 adapter ZIP archive from the link:https://www.keycloak.org/downloads[Keycloak Downloads] site. . Unzip the Jetty 9.4 distro into Jetty 9.4's link:https://eclipse.dev/jetty/documentation/jetty-9/index.html[base directory]. In the example below, the Jetty base is named `your-base`: + [source, subs="attributes"] ---- $ cd your-base $ unzip keycloak-jetty94-adapter-dist-{project_version}.Final.zip ---- . Enable the `keycloak` module for your Jetty base: + [source] ---- $ java -jar $JETTY_HOME/start.jar --add-to-startd=keycloak ---- + ==== [NOTE] Including the adapter's jars within your WEB-INF/lib directory will not work. ==== [[_jetty9_per_war]] ===== Jetty 9 Securing a WAR Use this procedure to secure a WAR directly by adding config and editing files within your WAR package. .Procedure . Create a `WEB-INF/jetty-web.xml` file in your WAR package. This is a Jetty specific config fil. You define a Keycloak specific authenticator within it. + [source] ---- ---- . Create a `keycloak.json` adapter config file within the `WEB-INF` directory of your WAR. + The format of this config file is described in the <<_java_adapter_config,Java adapter configuration>> section. + WARNING: The Jetty 9.4 adapter will not be able to find the `keycloak.json` file. You will have to define all adapter settings within the `jetty-web.xml` file as described below. Instead of using keycloak.json, you can define everything within the `jetty-web.xml`. You'll just have to figure out how the json settings match to the `org.keycloak.representations.adapters.config.AdapterConfig` class. + [source,subs="attributes+"] ---- tomcat customer-portal http://localhost:8081{kc_base_path} external secret password ---- . Create the jetty-web.xml file in your webapps directory with the name of yourwar.xml. Jetty should pick it up. You do not need to open your WAR to secure it with {project_name}. In this mode, you declare keycloak.json configuration directly within the xml file. . Specify both a `login-config` and use standard servlet security to specify role-base constraints on your URLs. Here's an example: + [source,xml] ---- customer-portal Customers /* user CONFIDENTIAL BASIC this is ignored currently admin user ----