<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">The other adapters support the concept of Multi Tenancy[0]:<div class=""><br class=""></div><div class="">“That one single target application (WAR) can be secured by a single (or clustered) Keycloak server, authenticating its users against different realms. In practice, this means that one application needs to use different keycloak.json files"<br class=""><div class=""><br class=""></div><div class=""><br class=""></div><div class="">[0]: <a href="http://keycloak.github.io/docs/userguide/html/ch08.html#multi_tenancy" class="">http://keycloak.github.io/docs/userguide/html/ch08.html#multi_tenancy</a></div><div class=""><br class=""><div apple-content-edited="true" class="">
<div class="">Scott Rossillo</div><div class="">Smartling | Senior Software Engineer</div><div class=""><a href="mailto:srossillo@smartling.com" class="">srossillo@smartling.com</a></div><div class=""><br class=""></div><div class=""><a href="https://app.sigstr.com/uc/55e5d41c6533390d03580000" id="campaignblock" target="_blank" style="box-sizing: border-box; color: rgb(0, 75, 118); outline-offset: -2px; font-family: gesta, Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; widows: 1; background-color: rgb(255, 255, 255); outline: 0px !important;" class=""><img alt="Latest News + Events" border="0" src="https://app.sigstr.com/uc/55e5d41c6533390d03580000/img" style="box-sizing: border-box; border: 0px; vertical-align: top; max-width: 100%; height: auto; width: inherit; color: blue; font-family: Helvetica; font-size: 12px;" class=""></a><span style="color: rgb(169, 169, 169); font-family: gesta, Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; widows: 1; background-color: rgb(255, 255, 255);" class=""></span><div id="watermark" style="box-sizing: border-box; color: rgb(169, 169, 169); font-family: gesta, Arial, Helvetica, sans-serif; font-size: 14px; line-height: 20px; widows: 1; background-color: rgb(255, 255, 255);" class=""><a href="http://www.sigstr.com/" style="box-sizing: border-box; color: rgb(0, 124, 194); text-decoration: none; background-color: transparent; outline: 0px !important;" class=""><img alt="Powered by Sigstr" border="0" src="https://app.sigstr.com/uc/55e5d41c6533390d03580000/watermark" style="box-sizing: border-box; border: 0px; vertical-align: top; max-width: 100%; height: auto; width: inherit; color: rgb(99, 99, 99); font-family: Helvetica; font-size: 11px;" class=""></a></div></div>
</div>
<br class=""><div><blockquote type="cite" class=""><div class="">On Sep 28, 2015, at 6:10 PM, Andrzej Goławski <<a href="mailto:andipansa@gmail.com" class="">andipansa@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class="">Sorry if it is a stupid question, but what do you mean by multi-tenant in this case?<div class=""><br class=""></div><div class=""><br class=""></div></div><div class="gmail_extra"><br class=""><div class="gmail_quote">2015-09-28 23:56 GMT+02:00 Scott Rossillo <span dir="ltr" class=""><<a href="mailto:srossillo@smartling.com" target="_blank" class="">srossillo@smartling.com</a>></span>:<br class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word" class="">This could be done if the constructor argument is a Spring Resource[0] instead of a string. It doesn’t help with multi-tenant support but it’s still an improvement.<div class=""><br class=""></div><div class=""><br class=""></div><div class="">[0] <a href="http://docs.spring.io/spring-framework/docs/3.2.x/javadoc-api/org/springframework/core/io/Resource.html" target="_blank" class="">http://docs.spring.io/spring-framework/docs/3.2.x/javadoc-api/org/springframework/core/io/Resource.html</a><div class=""><br class=""></div><div class=""><br class=""></div><div class=""><span class=""><br class=""><div class="">
<div class="">Scott Rossillo</div><div class="">Smartling | Senior Software Engineer</div><div class=""><a href="mailto:srossillo@smartling.com" target="_blank" class="">srossillo@smartling.com</a></div><div class=""><br class=""></div><div class=""><a href="https://app.sigstr.com/uc/55e5d41c6533390d03580000" style="color:rgb(0,75,118);font-family:gesta,Arial,Helvetica,sans-serif;font-size:14px;line-height:20px;background-color:rgb(255,255,255);outline:0px!important" target="_blank" class=""><img alt="Latest News + Events" border="0" src="https://app.sigstr.com/uc/55e5d41c6533390d03580000/img" style="border:0px;vertical-align:top;max-width:100%;min-height:auto;width:inherit;color:blue;font-family:Helvetica;font-size:12px" class=""></a><span style="color:rgb(169,169,169);font-family:gesta,Arial,Helvetica,sans-serif;font-size:14px;line-height:20px;background-color:rgb(255,255,255)" class=""></span><div style="color:rgb(169,169,169);font-family:gesta,Arial,Helvetica,sans-serif;font-size:14px;line-height:20px;background-color:rgb(255,255,255)" class=""><a href="http://www.sigstr.com/" style="color:rgb(0,124,194);text-decoration:none;background-color:transparent;outline:0px!important" target="_blank" class=""><img alt="Powered by Sigstr" border="0" src="https://app.sigstr.com/uc/55e5d41c6533390d03580000/watermark" style="border:0px;vertical-align:top;max-width:100%;min-height:auto;width:inherit;color:rgb(99,99,99);font-family:Helvetica;font-size:11px" class=""></a></div></div>
</div>
<br class=""></span><div class=""><div class="h5"><div class=""><blockquote type="cite" class=""><div class="">On Sep 28, 2015, at 5:04 PM, Andrzej Goławski <<a href="mailto:andipansa@gmail.com" target="_blank" class="">andipansa@gmail.com</a>> wrote:</div><br class=""><div class=""><div dir="ltr" class="">Hi<div class=""><br class=""></div><div class="">Why not do it via contructor:</div><div class=""><br class=""></div><div class="">public AdapterDeploymentContextBean(String configFile){<br class=""></div><div class=""> .....</div><div class="">}</div><div class=""><br class=""></div><div class="">and in BasicKeycloakWebSecurityConfigurationAdapter add:</div><div class=""><br class=""></div><div class="">@Value("${keycloak.configFile:WEB-INF/keycloak.json}")<br class=""></div><div class=""><div class="">private String keycloakConfigFile;</div></div><div class=""><br class=""></div><div class=""><div class="">@Bean</div><div class="">protected AdapterDeploymentContextBean adapterDeploymentContextBean() {</div><div class=""> return new AdapterDeploymentContextBean(keycloakConfigFile);</div><div class="">}</div></div><div class=""><br class=""></div><div class=""><div style="font-size:13px" class="">Best Regards,</div><div style="font-size:13px" class=""> Andrzej</div></div><div class=""><br class=""></div><div class=""><br class=""></div></div><div class="gmail_extra"><br class=""><div class="gmail_quote">2015-09-28 22:51 GMT+02:00 Scott Rossillo <span dir="ltr" class=""><<a href="mailto:srossillo@smartling.com" target="_blank" class="">srossillo@smartling.com</a>></span>:<br class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word" class=""><div class=""><br class=""></div><div class="">Based on the other feedback and the Spring way of providing as many configuration options as possible, I think we should refactor AdapterDeploymentContextBean.</div><div class=""><br class=""></div><div class="">However, I rather like the way Spring that divides behavior up into an interface and multiple implementations. I think we should:</div><div class=""><br class=""></div><div class="">1. Refactor the current AdapterDeploymentContextBean to be an interface and maybe rename it AdapterDeploymentContextFactory.</div><div class="">2. Split the current implementation into:</div><div class=""> a. ClasspathAdapterDeploymentContextFactory > loads from class path</div><div class=""> b. WebApplicationAdapterDeploymentContextFactory > loads from WEB-INF</div><div class=""> c. JndiAdapterDeploymentContextFactory > load from JNDI</div><div class="">3. The above implementations should extend AbtractAdapterDeploymentContextFactory with something like:</div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">protected loadKeycloakDeployment(Resource resource) {<br class=""> return KeycloakDeploymentBuilder.build(resource.getInputStream());</div><div class="">}</div><div class=""><br class=""></div><div class="">That would allow anyone to provide a custom AdapterDeploymentContextFactory to load the keycloak.json from “anywhere."</div><div class=""><br class=""></div><div class="">What do you think? Since we’re refactoring, I’d also like to take into account design multi-tentant support. I think this approach is flexible enough to add that in the future.</div><div class=""><br class=""></div><div class="">If we agree this is a good approach you want to take a stab at it Thomas or should I?</div><div class=""><br class=""></div><div class="">Best,</div><div class="">Scott</div><div class=""><br class=""></div><br class=""><div class="">
<div class="">Scott Rossillo</div><div class="">Smartling | Senior Software Engineer</div><div class=""><a href="mailto:srossillo@smartling.com" target="_blank" class="">srossillo@smartling.com</a></div><div class=""><br class=""></div><div class=""><a href="https://app.sigstr.com/uc/55e5d41c6533390d03580000" style="color:rgb(0,75,118);font-family:gesta,Arial,Helvetica,sans-serif;font-size:14px;line-height:20px;background-color:rgb(255,255,255);outline:0px!important" target="_blank" class=""><img alt="Latest News + Events" border="0" src="https://app.sigstr.com/uc/55e5d41c6533390d03580000/img" style="border:0px;vertical-align:top;max-width:100%;min-height:auto;width:inherit;color:blue;font-family:Helvetica;font-size:12px" class=""></a><span style="color:rgb(169,169,169);font-family:gesta,Arial,Helvetica,sans-serif;font-size:14px;line-height:20px;background-color:rgb(255,255,255)" class=""></span><div style="color:rgb(169,169,169);font-family:gesta,Arial,Helvetica,sans-serif;font-size:14px;line-height:20px;background-color:rgb(255,255,255)" class=""><a href="http://www.sigstr.com/" style="color:rgb(0,124,194);text-decoration:none;background-color:transparent;outline:0px!important" target="_blank" class=""><img alt="Powered by Sigstr" border="0" src="https://app.sigstr.com/uc/55e5d41c6533390d03580000/watermark" style="border:0px;vertical-align:top;max-width:100%;min-height:auto;width:inherit;color:rgb(99,99,99);font-family:Helvetica;font-size:11px" class=""></a></div></div>
</div>
<br class=""><div class=""><blockquote type="cite" class=""><div class=""><div class=""><div class="">On Sep 25, 2015, at 9:21 AM, Thomas Raehalme <<a href="mailto:thomas.raehalme@aitiofinland.com" target="_blank" class="">thomas.raehalme@aitiofinland.com</a>> wrote:</div><br class=""></div></div><div class=""><div class=""><div class=""><div dir="ltr" class=""><div class=""><div class=""><div class=""><div class="">Hi!<br class=""><br class=""></div>We have written a custom subclass of org.keycloak.adapters.springsecurity.AdapterDeploymentContextBean to enable custom location for keycloak.json. The use of custom location is optional and defaults to the standard /WEB-INF/keycloak.json.<br class=""><br class=""></div><div class="">Our use case is that for developers we have a default keycloak.json included in the application. In production, however, we override the default by using a file that is external to the application. The location of the file is specified in JNDI settings and injected to our subclass with the help of Spring.<br class=""><br class=""></div>What do you think would such an extension to AdapterDeploymentContextBean be of general use? I'd be happy to merge our subclass to AdapterDeploymentContextBean and submit a pull request.<br class=""><br class=""></div>Best regards,<br class=""></div>Thomas<br class=""></div></div></div>
_______________________________________________<br class="">keycloak-dev mailing list<br class=""><a href="mailto:keycloak-dev@lists.jboss.org" target="_blank" class="">keycloak-dev@lists.jboss.org</a><br class=""><a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" target="_blank" class="">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a></div></blockquote></div><br class=""></div><br class="">_______________________________________________<br class="">
keycloak-dev mailing list<br class="">
<a href="mailto:keycloak-dev@lists.jboss.org" target="_blank" class="">keycloak-dev@lists.jboss.org</a><br class="">
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" rel="noreferrer" target="_blank" class="">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a><br class=""></blockquote></div><br class=""></div>
</div></blockquote></div><br class=""></div></div></div></div></div></blockquote></div><br class=""></div>
</div></blockquote></div><br class=""></div></div></body></html>