[keycloak-user] tomcat libs dir

Bill Burke bburke at redhat.com
Thu Nov 12 15:06:42 EST 2015


Honestly, I don't remember if the keycloak jars can be contained in your 
WAR as the different versions of Jetty and Tomcat are a blur to me at 
this time.  I do think I had to do it that way for Tomcat.  Keycloak 
runs as a valve and has to have visibility to other Tomcat system classes.



On 11/12/2015 10:41 AM, Tim Dudgeon wrote:
> When deploying the Tomcat adapter (presumably the same applies to other
> containers) I find that the 3rd party libs needed by the Keycloak
> adapter can clash with different versions of the same libs deployed with
> a web app. For instance I just needed to spend quite a bit of time
> finding out why a webapp would not deploy, and it resulted from
> bcprov-jdk15on-1.50.jar provided by Keycloak, and hence in the Tomcat
> lib dir and bcprov-jdk15on-1.53.jar in my application and hence in the
> webapp's WEB-INF/lib dir.
> Some of these 3rdparty libs are quite common and might be be expected in
> many web apps.
>
> The docs state that the Keycloak libs must be deployed to the lib dir.
> Presumably there's no way round that and hence no way around potential
> conflicts?
>

IIRC, there's not much classloader isolation you can do in Tomcat.  jars 
in WEB-INF/lib are supposed to take precedence over those in system 
classpath.

I don't remember exactly, but I believe that keycloak jars and 
dependencies needed to be in tomcat lib dir because Keycloak runs as a 
valve and has to have visibility to other Tomcat system classes.  I'm 
just not sure how else we can solve this issue.  If you have any 
suggestings that would be great.


-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com


More information about the keycloak-user mailing list