<dependency> <groupId>org.wildfly.swarm</groupId> <artifactId>keycloak</artifactId> </dependency>
Single Sign On using Keycloak
Keycloak is an authentication and authorization server created by JBoss. It runs separate from any particular application. It acts as the primary authentication/authorization database of record and can also provide social-login capabilities.
WildFly Swarm provides easy integration with Keycloak.
Currently, WildFly Swarm supports version 2.5.5.Final.
Adding Keycloak support
To bring Keycloak integration to your application, you need the following dependency:
Once this is added, you can use the
Secured archive type to secure your application. The easiest way to integrate is by providing a
keycloak.json file in your application classpath and use
JAXRSArchive deployment = ShrinkWrap.create(JAXRSArchive.class); deployment.as(Secured.class);
By default, this only adds support, but not a requirement, on Keycloak. Anonymous users can still access the entire application. If they are authenticated, the
SecurityContext will be populated with the user’s information.
Protecting your application
You can also protect various aspects of your application after using
.as(Secured.class) by chaining calls to
deployment.as(Secured.class) .protect( "/some-resource" ) .withMethod( "GET" ) .withRoles( "admin" );
If your appliction doesn’t have main(), you can do it with project-defaults.yml.
swarm: keycloak: security: constraints: - url-pattern: /some-resource methods: [GET] roles: [admin]
External keycloak.json path. If this property specified, keycloak.json on classpath will be ignored.