<div dir="ltr"><div><div><div><div><div><div>Thanks all for your responses!<br><br><br></div><div>I'm using the JBoss/Wildfly adapter.<br></div><div><br></div>So, my case can be reduced to the following:<br><br></div>I have a java REST bearer-only web application (no Spring context here) that is protected using keycloak1.json<br><br></div>I need to switch on the fly (at runtime, without container restart or re-deploying) to another keycloak2.json adapter config.<br><br></div><div>It seems that the multitenancy solution suggested by Bill should work.<br></div><div><br></div><br></div>Best regards<br><br></div>Orestis<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Jul 6, 2015 at 4:54 PM, Scott Rossillo <span dir="ltr"><<a href="mailto:srossillo@smartling.com" target="_blank">srossillo@smartling.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Sorry, just re-read the whole thread. Which adapter are you using?</div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Jul 6, 2015 at 9:52 AM, Scott Rossillo <span dir="ltr"><<a href="mailto:srossillo@smartling.com" target="_blank">srossillo@smartling.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Well, the keycloak.json config is just a means to configure a KeycloakDeployment from an AdapterConfig object. Specifically for the the Spring adapter, the AdapterDeploymentContextBean would have to be aware that the deployment changed. There would be a minimal amount of code needed to support that and we can modify AdapterDeploymentContextBean to be more flexible.<div><br></div><div>Just so I understand what you're asking for: you want to be able to update a KeycloakDeployment on-the-fly, correct? Also, you're aware that a keycloak.json can be configured at startup via either environment variables on command like properties, correct? You have to change at runtime?</div><div><br></div><div>I think the AdapterDeploymentContextBean should be as flexible as possible, however I have a small concern about the security of allowing certain properties to be swapped at runtime (e.g. the realm-public-key and the auth-server-url).</div><div><br></div><div>Best,</div><div>Scott</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote"><div><div>On Mon, Jul 6, 2015 at 7:33 AM, Orestis Tsakiridis <span dir="ltr"><<a href="mailto:orestis.tsakiridis@telestax.com" target="_blank">orestis.tsakiridis@telestax.com</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div><div dir="ltr"><div><div>Hello,<br><br></div>I'm securing a REST bearer-only application using keycloak.<br><br></div><div>Is there any way to change keycloak.json adapter config file on the fly so that it can take effect without restarting the container? <br><br></div><div>Will just editing keycloak.json work? I guess not. <br></div><div><br></div><div>What i want to do is complete an administrative task that will provide the information needed for keycloak.json such as 'resource', edit keycloak.json and then make this configuration effective for the REST api.<br><br></div><div><br>Best regards<span><font color="#888888"><br></font></span></div><span><font color="#888888"><div><br></div><div>Orestis<br></div></font></span></div>
<br></div></div><span>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></span></blockquote></div><br></div>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div>