[keycloak-dev] No more keycloak-server.json
Stan Silvert
ssilvert at redhat.com
Fri Aug 26 08:24:47 EDT 2016
Now that changes for KEYCLOAK-3196 are merged, everything you used to
configure in keycloak-server.json will now be configured in
standalone.xml, standalone-ha.xml, or domain.xml.
If you need to make a change to the default keycloak-subsystem
configuration, you will need to edit this file:
https://github.com/keycloak/keycloak/blob/master/wildfly/server-subsystem/src/main/config/default-server-subsys-config.properties
This file contains a single multi-line property containing the subsystem
xml declaration. Maven filtering is used to read this property and
inject it everywhere it needs to go. Editing this file will also take
care of propagating it to the distributions like server-dist and demo-dist.
Also, you need to create CLI commands for each change by editing this file:
https://github.com/keycloak/keycloak/blob/master/wildfly/server-subsystem/src/main/resources/cli/default-keycloak-subsys-config.cli
This CLI snippet is used in the scripts required by the overlay
distribution.
We have always had the problem that whenever someone changes
keycloak-server.json, they forget to make corresponding changes that
affect the various distributions. With the switch to standalone.xml, we
now have just these two files to edit instead of five or six.
Below, I'm pasting part of the asciidoc documentation I'm working on for
this. It explains how to configure SPI's in standalone.xml. Also, if
someone can tell me if what I said about default-provider is accurate
I'd appreciate that:
----------------------------------------------------------------------------------------------------------------------------------------------------------
All elements in an SPI declaration are optional, but a full SPI declaration
looks like this:
[source,xml]
----
<spi name="dblock">
<default-provider>mongo</default-provider>
<provider name="jpa" enabled="true">
<properties>
<property name="lockWaitTimeout" value="800"/>
</properties>
</provider>
<provider name="mongo" enabled="true">
<properties>
<property name="lockRecheckTime" value="2"/>
<property name="lockWaitTimeout" value="600"/>
</properties>
</provider>
</spi>
----
Here we have two providers defined for the SPI `dblock`. The
`default-provider`
is listed as `mongo`. However it is up to the SPI to decide how it will
treat
this setting. Some SPIs allow more than one provider and some do not. So
`default-provider` can help the SPI to choose.
Also notice that each provider defines its own set of configuration
properties.
The fact that both providers above have a property called
`lockWaitTimeout` is just a
coincidence.
The type of each property value is interpreted by the provider. However,
there
is one exception. Consider the `jpa` provider for the `eventStore` API:
[source,xml]
----
<spi name="eventsStore">
<provider name="jpa" enabled="true">
<properties>
<property name="exclude-events" value="["EVENT1",
"EVENT2"]"/>
</properties>
</provider>
</spi>
----
We see that the value begins and ends with square brackets. That means that
the value will be passed to the provider as a list. In this example,
the system will pass the
provider a list with two element values _EVENT1_ and _EVENT2_. To add
more values
to the list, just separate each list element with a comma. Unfortunately,
you do need to escape the quotes surrounding each list element with
`\"`.
More information about the keycloak-dev
mailing list