[keycloak-dev] No more keycloak-server.json

Stan Silvert ssilvert at redhat.com
Fri Aug 26 08:24:47 EDT 2016


Now that changes for KEYCLOAK-3196 are merged,  everything you used to 
configure in keycloak-server.json will now be configured in 
standalone.xml, standalone-ha.xml, or domain.xml.

If you need to make a change to the default keycloak-subsystem 
configuration, you will need to edit this file:
https://github.com/keycloak/keycloak/blob/master/wildfly/server-subsystem/src/main/config/default-server-subsys-config.properties

This file contains a single multi-line property containing the subsystem 
xml declaration.  Maven filtering is used to read this property and 
inject it everywhere it needs to go.  Editing this file will also take 
care of propagating it to the distributions like server-dist and demo-dist.

Also, you need to create CLI commands for each change by editing this file:
https://github.com/keycloak/keycloak/blob/master/wildfly/server-subsystem/src/main/resources/cli/default-keycloak-subsys-config.cli

This CLI snippet is used in the scripts required by the overlay 
distribution.

We have always had the problem that whenever someone changes 
keycloak-server.json, they forget to make corresponding changes that 
affect the various distributions.  With the switch to standalone.xml, we 
now have just these two files to edit instead of five or six.

Below, I'm pasting part of the asciidoc documentation I'm working on for 
this.  It explains how to configure SPI's in standalone.xml. Also, if 
someone can tell me if what I said about default-provider is accurate 
I'd appreciate that:

----------------------------------------------------------------------------------------------------------------------------------------------------------
All elements in an SPI declaration are optional, but a full SPI declaration
  looks like this:
[source,xml]
----
<spi name="dblock">
     <default-provider>mongo</default-provider>
     <provider name="jpa" enabled="true">
         <properties>
             <property name="lockWaitTimeout" value="800"/>
         </properties>
     </provider>
     <provider name="mongo" enabled="true">
         <properties>
             <property name="lockRecheckTime" value="2"/>
             <property name="lockWaitTimeout" value="600"/>
         </properties>
     </provider>
</spi>
----
Here we have two providers defined for the SPI `dblock`.  The 
`default-provider`
is listed as `mongo`.  However it is up to the SPI to decide how it will 
treat
this setting.  Some SPIs allow more than one provider and some do not.  So
`default-provider` can help the SPI to choose.

Also notice that each provider defines its own set of configuration 
properties.
The fact that both providers above have a property called 
`lockWaitTimeout` is just a
coincidence.

The type of each property value is interpreted by the provider. However, 
there
is one exception.  Consider the `jpa` provider for the `eventStore` API:
[source,xml]
----
<spi name="eventsStore">
     <provider name="jpa" enabled="true">
         <properties>
             <property name="exclude-events" value="[&quot;EVENT1&quot;,
&quot;EVENT2&quot;]"/>
         </properties>
     </provider>
</spi>
----
We see that the value begins and ends with square brackets.  That means that
the value will be passed to the provider as a list.  In this example, 
the system will pass the
provider a list with two element values _EVENT1_ and _EVENT2_. To add 
more values
to the list, just separate each list element with a comma. Unfortunately,
you do need to escape the quotes surrounding each list element with 
`\&quot;`.


More information about the keycloak-dev mailing list