tessl/maven-org-keycloak--keycloak-adapter-core
Core functionality for Keycloak OIDC/OAuth2 client adapters enabling Java applications to integrate with Keycloak identity and access management services
—
Pending
core-adapters.mddocs/
Core Adapter Management
Essential deployment configuration and context management for Keycloak integration. This module provides the foundation for all Keycloak adapter functionality, handling single-tenant and multi-tenant scenarios with comprehensive configuration options.
Capabilities
KeycloakDeployment
Core deployment configuration holder that contains all settings needed for Keycloak integration.
/**
* Core deployment configuration holder containing all Keycloak integration settings
*/
public class KeycloakDeployment {
public KeycloakDeployment();
// Configuration state
public boolean isConfigured();
// Basic configuration
public String getResourceName();
public void setResourceName(String resourceName);
public String getRealm();
public void setRealm(String realm);
public String getAuthServerBaseUrl();
public void setAuthServerBaseUrl(AdapterConfig config);
// URLs
public String getRealmInfoUrl();
public KeycloakUriBuilder getAuthUrl();
public String getTokenUrl();
public KeycloakUriBuilder getLogoutUrl();
public String getAccountUrl();
public String getJwksUrl();
// Client configuration
public boolean isBearerOnly();
public void setBearerOnly(boolean bearerOnly);
public boolean isAutodetectBearerOnly();
public void setAutodetectBearerOnly(boolean autodetectBearerOnly);
public boolean isPublicClient();
public void setPublicClient(boolean publicClient);
public boolean isEnableBasicAuth();
public void setEnableBasicAuth(boolean enableBasicAuth);
// Credentials and authentication
public Map<String, Object> getResourceCredentials();
public void setResourceCredentials(Map<String, Object> resourceCredentials);
public ClientCredentialsProvider getClientAuthenticator();
public void setClientAuthenticator(ClientCredentialsProvider clientAuthenticator);
// HTTP client
public HttpClient getClient();
public void setClient(HttpClient client);
public void setClient(Callable<HttpClient> callable);
// SSL configuration
public SslRequired getSslRequired();
public void setSslRequired(SslRequired sslRequired);
public boolean isSSLEnabled();
public int getConfidentialPort();
public void setConfidentialPort(int confidentialPort);
// Token configuration
public TokenStore getTokenStore();
public void setTokenStore(TokenStore tokenStore);
public String getScope();
public void setScope(String scope);
public boolean isAlwaysRefreshToken();
public void setAlwaysRefreshToken(boolean alwaysRefreshToken);
public int getTokenMinimumTimeToLive();
public void setTokenMinimumTimeToLive(int tokenMinimumTimeToLive);
// CORS configuration
public boolean isCors();
public void setCors(boolean cors);
public int getCorsMaxAge();
public void setCorsMaxAge(int corsMaxAge);
public String getCorsAllowedHeaders();
public void setCorsAllowedHeaders(String corsAllowedHeaders);
public String getCorsAllowedMethods();
public void setCorsAllowedMethods(String corsAllowedMethods);
public String getCorsExposedHeaders();
public void setCorsExposedHeaders(String corsExposedHeaders);
// Security configuration
public int getNotBefore();
public void setNotBefore(int notBefore);
public void updateNotBefore(int notBefore);
public boolean isExposeToken();
public void setExposeToken(boolean exposeToken);
public boolean isUseResourceRoleMappings();
public void setUseResourceRoleMappings(boolean useResourceRoleMappings);
// Session configuration
public String getAdapterStateCookiePath();
public void setAdapterStateCookiePath(String adapterStateCookiePath);
public String getStateCookieName();
public void setStateCookieName(String stateCookieName);
public boolean isTurnOffChangeSessionIdOnLogin();
public void setTurnOffChangeSessionIdOnLogin(boolean turnOffChangeSessionIdOnLogin);
// Node registration
public boolean isRegisterNodeAtStartup();
public void setRegisterNodeAtStartup(boolean registerNodeAtStartup);
public int getRegisterNodePeriod();
public void setRegisterNodePeriod(int registerNodePeriod);
public String getRegisterNodeUrl();
public String getUnregisterNodeUrl();
// Advanced configuration
public String getPrincipalAttribute();
public void setPrincipalAttribute(String principalAttribute);
public PublicKeyLocator getPublicKeyLocator();
public void setPublicKeyLocator(PublicKeyLocator publicKeyLocator);
public int getMinTimeBetweenJwksRequests();
public void setMinTimeBetweenJwksRequests(int minTimeBetweenJwksRequests);
public int getPublicKeyCacheTtl();
public void setPublicKeyCacheTtl(int publicKeyCacheTtl);
// Policy enforcement
public PolicyEnforcer getPolicyEnforcer();
public void setPolicyEnforcer(Callable<PolicyEnforcer> policyEnforcer);
// PKCE support
public boolean isPkce();
public void setPkce(boolean pkce);
// OAuth query parameter support
public void setIgnoreOAuthQueryParameter(boolean ignoreOAuthQueryParameter);
public boolean isOAuthQueryParameterEnabled();
// Redirect rewrite rules
public Map<String, String> getRedirectRewriteRules();
public void setRewriteRedirectRules(Map<String, String> redirectRewriteRules);
// Bearer token delegation
public boolean isDelegateBearerErrorResponseSending();
public void setDelegateBearerErrorResponseSending(boolean delegateBearerErrorResponseSending);
// Token audience verification
public boolean isVerifyTokenAudience();
public void setVerifyTokenAudience(boolean verifyTokenAudience);
// Configuration access
public AdapterConfig getAdapterConfig();
}Usage Examples:
// Create basic deployment
KeycloakDeployment deployment = new KeycloakDeployment();
deployment.setRealm("my-realm");
deployment.setResourceName("my-client");
deployment.setAuthServerBaseUrl(config);
deployment.setBearerOnly(true);
// Configure SSL requirements
deployment.setSslRequired(SslRequired.EXTERNAL);
deployment.setConfidentialPort(8443);
// Configure CORS
deployment.setCors(true);
deployment.setCorsAllowedMethods("GET,POST,PUT,DELETE");
deployment.setCorsAllowedHeaders("Content-Type,Authorization");
// Configure token settings
deployment.setTokenMinimumTimeToLive(30);
deployment.setAlwaysRefreshToken(false);KeycloakDeploymentBuilder
Builder for creating KeycloakDeployment instances from configuration sources.
/**
* Builder for creating KeycloakDeployment instances from configuration sources
*/
public class KeycloakDeploymentBuilder {
/**
* Build deployment from input stream containing JSON configuration
* @param is InputStream containing Keycloak JSON configuration
* @return Configured KeycloakDeployment instance
*/
public static KeycloakDeployment build(InputStream is);
/**
* Load adapter configuration from input stream
* @param is InputStream containing configuration
* @return AdapterConfig instance
*/
public static AdapterConfig loadAdapterConfig(InputStream is);
/**
* Build deployment from adapter configuration object
* @param adapterConfig Pre-configured AdapterConfig instance
* @return Configured KeycloakDeployment instance
*/
public static KeycloakDeployment build(AdapterConfig adapterConfig);
}Usage Examples:
// Build from JSON file
InputStream configStream = getClass().getResourceAsStream("/keycloak.json");
KeycloakDeployment deployment = KeycloakDeploymentBuilder.build(configStream);
// Build from configuration object
AdapterConfig config = new AdapterConfig();
config.setRealm("my-realm");
config.setResource("my-client");
config.setAuthServerUrl("https://keycloak.example.com/auth");
KeycloakDeployment deployment = KeycloakDeploymentBuilder.build(config);AdapterDeploymentContext
Manages KeycloakDeployment resolution for single-tenant and multi-tenant scenarios.
/**
* Manages KeycloakDeployment resolution for single-tenant and multi-tenant scenarios
*/
public class AdapterDeploymentContext {
/**
* Default constructor for programmatic configuration
*/
public AdapterDeploymentContext();
/**
* Single-tenant constructor with fixed deployment
* @param deployment Pre-configured deployment for single tenant
*/
public AdapterDeploymentContext(KeycloakDeployment deployment);
/**
* Multi-tenant constructor with custom resolver
* @param configResolver Custom resolver for per-request deployment resolution
*/
public AdapterDeploymentContext(KeycloakConfigResolver configResolver);
/**
* Resolve deployment for the current request
* @param facade HTTP facade providing request context
* @return Resolved KeycloakDeployment for this request
*/
public KeycloakDeployment resolveDeployment(HttpFacade facade);
/**
* Update deployment configuration
* @param config New configuration to apply
*/
public void updateDeployment(AdapterConfig config);
}Usage Examples:
// Single-tenant deployment
KeycloakDeployment deployment = KeycloakDeploymentBuilder.build(configStream);
AdapterDeploymentContext context = new AdapterDeploymentContext(deployment);
// Multi-tenant deployment with custom resolver
KeycloakConfigResolver resolver = new KeycloakConfigResolver() {
@Override
public KeycloakDeployment resolve(Request facade) {
String host = facade.getHeader("Host");
if ("tenant1.example.com".equals(host)) {
return getTenant1Deployment();
} else if ("tenant2.example.com".equals(host)) {
return getTenant2Deployment();
}
return getDefaultDeployment();
}
};
AdapterDeploymentContext multiTenantContext = new AdapterDeploymentContext(resolver);
// Resolve deployment for current request
KeycloakDeployment currentDeployment = context.resolveDeployment(httpFacade);KeycloakConfigResolver
Interface for multi-tenant deployment resolution.
/**
* Interface for resolving Keycloak deployment configuration in multi-tenant scenarios
*/
public interface KeycloakConfigResolver {
/**
* Resolve deployment configuration based on the current request
* @param facade Request facade providing access to request context
* @return KeycloakDeployment appropriate for this request
*/
KeycloakDeployment resolve(Request facade);
}Usage Examples:
// Custom resolver implementation
public class TenantBasedConfigResolver implements KeycloakConfigResolver {
private final Map<String, KeycloakDeployment> tenantDeployments;
public TenantBasedConfigResolver(Map<String, KeycloakDeployment> deployments) {
this.tenantDeployments = deployments;
}
@Override
public KeycloakDeployment resolve(Request facade) {
String tenantId = extractTenantId(facade);
return tenantDeployments.get(tenantId);
}
private String extractTenantId(Request facade) {
// Extract tenant ID from subdomain, path, header, etc.
String host = facade.getHeader("Host");
return host.split("\\.")[0]; // Extract subdomain as tenant ID
}
}AdapterUtils
Utility methods for common adapter operations.
/**
* Utility methods for common adapter operations
*/
public class AdapterUtils {
/**
* Generate unique identifier string
* @return Unique ID string
*/
public static String generateId();
/**
* Extract roles from security context
* @param session Security context containing role information
* @return Set of role names
*/
public static Set<String> getRolesFromSecurityContext(RefreshableKeycloakSecurityContext session);
/**
* Get principal name from token based on deployment configuration
* @param deployment Deployment configuration
* @param token Access token containing user information
* @return Principal name string
*/
public static String getPrincipalName(KeycloakDeployment deployment, AccessToken token);
/**
* Create Keycloak principal from security context
* @param deployment Deployment configuration
* @param securityContext Security context
* @return KeycloakPrincipal instance
*/
public static KeycloakPrincipal<RefreshableKeycloakSecurityContext> createPrincipal(
KeycloakDeployment deployment,
RefreshableKeycloakSecurityContext securityContext
);
/**
* Set client credentials on HTTP request
* @param deployment Deployment containing client credentials
* @param post HTTP POST request to configure
* @param formparams Form parameters list to populate
*/
public static void setClientCredentials(
KeycloakDeployment deployment,
HttpPost post,
List<NameValuePair> formparams
);
}Usage Examples:
// Generate unique ID
String sessionId = AdapterUtils.generateId();
// Extract principal name
String principalName = AdapterUtils.getPrincipalName(deployment, accessToken);
// Create principal
KeycloakPrincipal<RefreshableKeycloakSecurityContext> principal =
AdapterUtils.createPrincipal(deployment, securityContext);
// Get user roles
Set<String> roles = AdapterUtils.getRolesFromSecurityContext(securityContext);Install with Tessl CLI
npx tessl i tessl/maven-org-keycloak--keycloak-adapter-core