[keycloak-user] Keycloak Java Servlet Filter Adapter.

[Luis Rodríguez Fernández]

Hello there,

I am using the java servlet filter adapter (
http://www.keycloak.org/docs/latest/securing_apps/index.html#java-servlet-filter-adapter)
in apache-tomcat 9 and it works like a charm, thanks! The filter class
is org.keycloak.adapters.saml.servlet.SamlFilter

I would like to fully externalize the keycloak configuration from the
deployed applications. I know that I can set the keycloack config file via
the filter config param keycloak.config.file, to some external path like
/usr/local/my-keycloak-saml.xml, brilliant!

In the other hand the SamlFilter(
https://github.com/keycloak/keycloak/blob/master/adapters/saml/servlet-filter/src/main/java/org/keycloak/adapters/saml/servlet/SamlFilter.java)
looks for the keystores inside of the application context: usually
something like /WEB-INF/my-keystore.jks. This is due the implementation of
the ResourceLoader.getResourceAsStream(String resource) function. It looks
like something like this:

ResourceLoader loader = new ResourceLoader() {
  @Override
  public InputStream getResourceAsStream(String resource) {
    return filterConfig.getServletContext().getResourceAsStream(resource);
  }
};

In ServletContext.getResourceAsStream(java.lang.String path) the path param
must begin with a "/" and it is interpreted as relative to the current
context root. I would be in favor of having the possibility of externalize
this resource, perhaps having somethig like:

//First try the original one
InputStream is =
filterConfig.getServletContext().getResourceAsStream(resource);
if(is=null) {
  // Try with an external one
  try {
    is = new FileInputStream(resource);
  } catch (FileNotFoundException e) {
        throw new RuntimeException(e);
  }
}

Any thoughts on this?

Thanks in advance,

Luis


-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett