64 lines
2.2 KiB
Text
64 lines
2.2 KiB
Text
|
|
[[_saml-jetty9-per-war]]
|
|
===== Jetty 9 Per WAR Configuration
|
|
|
|
This section describes how to secure a WAR directly by adding config and editing files within your WAR package.
|
|
|
|
The first thing you must do is create a `WEB-INF/jetty-web.xml` file in your WAR package.
|
|
This is a Jetty specific config file and you must define a Keycloak specific authenticator within it.
|
|
|
|
[source,xml]
|
|
----
|
|
<?xml version="1.0"?>
|
|
<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
|
|
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
|
|
<Get name="securityHandler">
|
|
<Set name="authenticator">
|
|
<New class="org.keycloak.adapters.saml.jetty.KeycloakSamlAuthenticator">
|
|
</New>
|
|
</Set>
|
|
</Get>
|
|
</Configure>
|
|
----
|
|
|
|
Next you must create a `keycloak-saml.xml` adapter config file within the `WEB-INF` directory of your WAR.
|
|
The format of this config file is describe in the <<fake/../../../../saml/java/general-config.adoc#_saml-general-config,General Adapter Config>> section.
|
|
|
|
Finally you must specify both a `login-config` and use standard servlet security to specify role-base constraints on your URLs.
|
|
Here's an example:
|
|
|
|
[source,xml]
|
|
----
|
|
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
|
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
|
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
|
|
version="3.0">
|
|
|
|
<module-name>customer-portal</module-name>
|
|
|
|
<security-constraint>
|
|
<web-resource-collection>
|
|
<web-resource-name>Customers</web-resource-name>
|
|
<url-pattern>/*</url-pattern>
|
|
</web-resource-collection>
|
|
<auth-constraint>
|
|
<role-name>user</role-name>
|
|
</auth-constraint>
|
|
<user-data-constraint>
|
|
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
|
|
</user-data-constraint>
|
|
</security-constraint>
|
|
|
|
<login-config>
|
|
<auth-method>BASIC</auth-method>
|
|
<realm-name>this is ignored currently</realm-name>
|
|
</login-config>
|
|
|
|
<security-role>
|
|
<role-name>admin</role-name>
|
|
</security-role>
|
|
<security-role>
|
|
<role-name>user</role-name>
|
|
</security-role>
|
|
</web-app>
|
|
----
|