[keycloak-dev] Provider modules

Stan Silvert ssilvert at redhat.com
Tue Jan 20 11:38:22 EST 2015 


----- Original Message -----
From: "Bill Burke" <bburke at redhat.com>
To: keycloak-dev at lists.jboss.org
Sent: Tuesday, January 20, 2015 11:15:55 AM
Subject: Re: [keycloak-dev] Provider modules



On 1/20/2015 10:54 AM, Stian Thorgersen wrote:
> As I said to make sure we're all on the same page here's my view on what we've just discussed:
>
> 1. A user creates a module for the provider
> 2. The user copies the module into '/modules'
> 3. The user registers the module with the auth-server subsystem. This can be done either by directly editing standalone.xml or through CLI. Example snippet from standalone.xml would look like:
>
>      <subsystem xmlns="urn:jboss:domain:keycloak:1.0">
>          <auth-server name="main-auth-server">
>              <enabled>true</enabled>
>              <web-context>auth</web-context>
>              <providers>
>                  <module name="org.acme.userprovider" />
>                  <module name="org.acme.anotherprovider" />
>              </providers>
>          </auth-server>
>      </subsystem>
>
> 4. When a new provider module is registered Keycloak would need to be reloaded
>

>Don't you have to restart the entire server if you add a new module?

I'm 99% sure that you don't have to restart the whole server.  Just redeploying the WAR should do the trick.


>This should work too, with no code changes, no funky classloading:

>1. Move all keycloak archives to modules
>2. add jboss-deployment-structure.xml to embedded WAR
>3. add a "keycloak-providers" module that only contains a module.xml 
>definition
>4. User creates a module for the provider
>5. User edits keycloak-providers module.xml file importing the user module
>6. restart server.

Yes, that will work too.  But long term, I think we should do what Stian is talking about.  The EJB subsystem does the same thing.  It allows you to add global modules in standalone.xml.

Also, if we want to support two kc servers in the same domain with different configs, we can't let them edit jboss-deployment-structure.xml.



-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-dev mailing list
keycloak-dev at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev

More information about the keycloak-dev mailing list