0
# Configuration Management
1
2
Hierarchical configuration system with scoped property access, type-safe configuration retrieval, and extensible provider architecture for managing Keycloak settings and service providers.
3
4
## Capabilities
5
6
### Config System
7
8
Core configuration management with hierarchical scoped property access.
9
10
```java { .api }
11
/**
12
* Main configuration management class with static access methods
13
*/
14
public class Config {
15
/**
16
* Initialize the configuration system with a custom provider
17
* @param configProvider Configuration provider implementation
18
*/
19
public static void init(ConfigProvider configProvider);
20
21
/**
22
* Create a configuration scope for hierarchical property access
23
* @param scope Scope path elements
24
* @return Scope instance for property access
25
*/
26
public static Scope scope(String... scope);
27
28
/**
29
* Get the configured provider for a specific SPI
30
* @param spi Service Provider Interface name
31
* @return Provider identifier
32
*/
33
public static String getProvider(String spi);
34
35
/**
36
* Get the admin realm name
37
* @return Admin realm identifier
38
*/
39
public static String getAdminRealm();
40
41
/**
42
* Get the default provider for a specific SPI
43
* @param spi Service Provider Interface name
44
* @return Default provider identifier
45
*/
46
public static String getDefaultProvider(String spi);
47
48
/**
49
* Configuration scope interface for property access
50
*/
51
public interface Scope {
52
/**
53
* Get string property value
54
* @param key Property key
55
* @return Property value or null if not found
56
*/
57
String get(String key);
58
59
/**
60
* Get string property value with default
61
* @param key Property key
62
* @param defaultValue Default value if property not found
63
* @return Property value or default value
64
*/
65
String get(String key, String defaultValue);
66
67
/**
68
* Get string array property value
69
* @param key Property key
70
* @return Array of property values or empty array if not found
71
*/
72
String[] getArray(String key);
73
74
/**
75
* Get integer property value
76
* @param key Property key
77
* @return Integer value or null if not found or not parseable
78
*/
79
Integer getInt(String key);
80
81
/**
82
* Get integer property value with default
83
* @param key Property key
84
* @param defaultValue Default value if property not found
85
* @return Integer value or default value
86
*/
87
Integer getInt(String key, Integer defaultValue);
88
89
/**
90
* Get long property value
91
* @param key Property key
92
* @return Long value or null if not found or not parseable
93
*/
94
Long getLong(String key);
95
96
/**
97
* Get long property value with default
98
* @param key Property key
99
* @param defaultValue Default value if property not found
100
* @return Long value or default value
101
*/
102
Long getLong(String key, Long defaultValue);
103
104
/**
105
* Get boolean property value
106
* @param key Property key
107
* @return Boolean value or null if not found or not parseable
108
*/
109
Boolean getBoolean(String key);
110
111
/**
112
* Get boolean property value with default
113
* @param key Property key
114
* @param defaultValue Default value if property not found
115
* @return Boolean value or default value
116
*/
117
Boolean getBoolean(String key, Boolean defaultValue);
118
119
120
/**
121
* Create a child scope
122
* @param scope Child scope path elements
123
* @return Child Scope instance
124
*/
125
Scope scope(String... scope);
126
127
/**
128
* Get all property names in this scope
129
* @return Set of property names
130
*/
131
Set<String> getPropertyNames();
132
}
133
134
/**
135
* Configuration provider interface for pluggable configuration sources
136
*/
137
public interface ConfigProvider {
138
/**
139
* Get the configured provider for a specific SPI
140
* @param spi Service Provider Interface name
141
* @return Provider identifier
142
*/
143
String getProvider(String spi);
144
145
/**
146
* Get the default provider for a specific SPI
147
* @param spi Service Provider Interface name
148
* @return Default provider identifier
149
*/
150
String getDefaultProvider(String spi);
151
152
/**
153
* Create a configuration scope
154
* @param scope Scope path elements
155
* @return Scope instance
156
*/
157
Scope scope(String... scope);
158
}
159
}
160
```
161
162
### Keystore Configuration
163
164
Configuration representation for keystore settings.
165
166
```java { .api }
167
/**
168
* Keystore configuration representation
169
*/
170
public class KeyStoreConfig {
171
/**
172
* Check if this is a realm certificate
173
* @return true if realm certificate
174
*/
175
public Boolean isRealmCertificate();
176
177
/**
178
* Set the realm certificate flag
179
* @param realmCertificate Realm certificate flag
180
*/
181
public void setRealmCertificate(Boolean realmCertificate);
182
183
/**
184
* Get the keystore password
185
* @return Store password
186
*/
187
public String getStorePassword();
188
189
/**
190
* Set the keystore password
191
* @param storePassword Store password
192
*/
193
public void setStorePassword(String storePassword);
194
195
/**
196
* Get the key password
197
* @return Key password
198
*/
199
public String getKeyPassword();
200
201
/**
202
* Set the key password
203
* @param keyPassword Key password
204
*/
205
public void setKeyPassword(String keyPassword);
206
207
/**
208
* Get the key alias
209
* @return Key alias
210
*/
211
public String getKeyAlias();
212
213
/**
214
* Set the key alias
215
* @param keyAlias Key alias
216
*/
217
public void setKeyAlias(String keyAlias);
218
219
/**
220
* Get the realm alias
221
* @return Realm alias
222
*/
223
public String getRealmAlias();
224
225
/**
226
* Set the realm alias
227
* @param realmAlias Realm alias
228
*/
229
public void setRealmAlias(String realmAlias);
230
231
/**
232
* Get the keystore format
233
* @return Keystore format (e.g., "JKS", "PKCS12")
234
*/
235
public String getFormat();
236
237
/**
238
* Set the keystore format
239
* @param format Keystore format
240
*/
241
public void setFormat(String format);
242
}
243
```
244
245
### Base Configuration Classes
246
247
Base configuration classes for various Keycloak components.
248
249
```java { .api }
250
/**
251
* Base adapter configuration
252
*/
253
public class BaseAdapterConfig {
254
/**
255
* Get the realm name
256
* @return Realm name
257
*/
258
public String getRealm();
259
260
/**
261
* Set the realm name
262
* @param realm Realm name
263
*/
264
public void setRealm(String realm);
265
266
/**
267
* Get the auth server URL
268
* @return Auth server URL
269
*/
270
public String getAuthServerUrl();
271
272
/**
273
* Set the auth server URL
274
* @param authServerUrl Auth server URL
275
*/
276
public void setAuthServerUrl(String authServerUrl);
277
278
/**
279
* Check if SSL is required
280
* @return SSL requirement setting
281
*/
282
public String getSslRequired();
283
284
/**
285
* Set SSL requirement
286
* @param sslRequired SSL requirement setting
287
*/
288
public void setSslRequired(String sslRequired);
289
290
/**
291
* Get the client ID
292
* @return Client identifier
293
*/
294
public String getResource();
295
296
/**
297
* Set the client ID
298
* @param resource Client identifier
299
*/
300
public void setResource(String resource);
301
302
/**
303
* Check if public client
304
* @return true if public client
305
*/
306
public boolean isPublicClient();
307
308
/**
309
* Set public client flag
310
* @param publicClient Public client flag
311
*/
312
public void setPublicClient(boolean publicClient);
313
314
/**
315
* Get the client credentials
316
* @return Map of client credentials
317
*/
318
public Map<String, Object> getCredentials();
319
320
/**
321
* Set the client credentials
322
* @param credentials Map of client credentials
323
*/
324
public void setCredentials(Map<String, Object> credentials);
325
}
326
327
/**
328
* Base realm configuration
329
*/
330
public class BaseRealmConfig {
331
/**
332
* Get the realm name
333
* @return Realm name
334
*/
335
public String getRealm();
336
337
/**
338
* Set the realm name
339
* @param realm Realm name
340
*/
341
public void setRealm(String realm);
342
343
/**
344
* Get the realm public key
345
* @return Public key string
346
*/
347
public String getRealmKey();
348
349
/**
350
* Set the realm public key
351
* @param realmKey Public key string
352
*/
353
public void setRealmKey(String realmKey);
354
355
/**
356
* Get the auth server URL
357
* @return Auth server URL
358
*/
359
public String getAuthServerUrl();
360
361
/**
362
* Set the auth server URL
363
* @param authServerUrl Auth server URL
364
*/
365
public void setAuthServerUrl(String authServerUrl);
366
}
367
368
/**
369
* Adapter HTTP client configuration
370
*/
371
public class AdapterHttpClientConfig {
372
/**
373
* Check if hostname verification is disabled
374
* @return true if disabled
375
*/
376
public boolean isDisableTrustManager();
377
378
/**
379
* Set hostname verification disabled flag
380
* @param disableTrustManager Disable flag
381
*/
382
public void setDisableTrustManager(boolean disableTrustManager);
383
384
/**
385
* Check if trust store is allowed any hostname
386
* @return true if any hostname allowed
387
*/
388
public boolean isAllowAnyHostname();
389
390
/**
391
* Set allow any hostname flag
392
* @param allowAnyHostname Allow flag
393
*/
394
public void setAllowAnyHostname(boolean allowAnyHostname);
395
396
/**
397
* Get the truststore configuration
398
* @return KeyStoreConfig for truststore
399
*/
400
public KeyStoreConfig getTruststore();
401
402
/**
403
* Set the truststore configuration
404
* @param truststore KeyStoreConfig for truststore
405
*/
406
public void setTruststore(KeyStoreConfig truststore);
407
408
/**
409
* Get the client keystore configuration
410
* @return KeyStoreConfig for client keystore
411
*/
412
public KeyStoreConfig getClientKeystore();
413
414
/**
415
* Set the client keystore configuration
416
* @param clientKeystore KeyStoreConfig for client keystore
417
*/
418
public void setClientKeystore(KeyStoreConfig clientKeystore);
419
420
/**
421
* Get the connection pool size
422
* @return Connection pool size
423
*/
424
public int getConnectionPoolSize();
425
426
/**
427
* Set the connection pool size
428
* @param connectionPoolSize Connection pool size
429
*/
430
public void setConnectionPoolSize(int connectionPoolSize);
431
432
/**
433
* Get the connection timeout in milliseconds
434
* @return Connection timeout
435
*/
436
public long getConnectionTimeout();
437
438
/**
439
* Set the connection timeout
440
* @param connectionTimeout Connection timeout in milliseconds
441
*/
442
public void setConnectionTimeout(long connectionTimeout);
443
444
/**
445
* Get the socket timeout in milliseconds
446
* @return Socket timeout
447
*/
448
public long getSocketTimeout();
449
450
/**
451
* Set the socket timeout
452
* @param socketTimeout Socket timeout in milliseconds
453
*/
454
public void setSocketTimeout(long socketTimeout);
455
}
456
```
457
458
### Adapter Configuration
459
460
Complete adapter configuration for Keycloak client adapters.
461
462
```java { .api }
463
/**
464
* Complete adapter configuration with all settings
465
*/
466
public class AdapterConfig extends BaseAdapterConfig {
467
/**
468
* Get the token store type
469
* @return Token store type (session, cookie)
470
*/
471
public String getTokenStore();
472
473
/**
474
* Set the token store type
475
* @param tokenStore Token store type
476
*/
477
public void setTokenStore(String tokenStore);
478
479
/**
480
* Get the principal attribute
481
* @return Principal attribute name
482
*/
483
public String getPrincipalAttribute();
484
485
/**
486
* Set the principal attribute
487
* @param principalAttribute Principal attribute name
488
*/
489
public void setPrincipalAttribute(String principalAttribute);
490
491
/**
492
* Check if bearer-only mode is enabled
493
* @return true if bearer-only
494
*/
495
public boolean isBearerOnly();
496
497
/**
498
* Set bearer-only mode
499
* @param bearerOnly Bearer-only flag
500
*/
501
public void setBearerOnly(boolean bearerOnly);
502
503
/**
504
* Check if CORS is enabled
505
* @return true if CORS enabled
506
*/
507
public boolean isEnableCors();
508
509
/**
510
* Set CORS enabled flag
511
* @param enableCors CORS enabled flag
512
*/
513
public void setEnableCors(boolean enableCors);
514
515
/**
516
* Get CORS max age
517
* @return CORS max age in seconds
518
*/
519
public int getCorsMaxAge();
520
521
/**
522
* Set CORS max age
523
* @param corsMaxAge CORS max age in seconds
524
*/
525
public void setCorsMaxAge(int corsMaxAge);
526
527
/**
528
* Get CORS allowed methods
529
* @return CORS allowed methods
530
*/
531
public String getCorsAllowedMethods();
532
533
/**
534
* Set CORS allowed methods
535
* @param corsAllowedMethods CORS allowed methods
536
*/
537
public void setCorsAllowedMethods(String corsAllowedMethods);
538
539
/**
540
* Get CORS allowed headers
541
* @return CORS allowed headers
542
*/
543
public String getCorsAllowedHeaders();
544
545
/**
546
* Set CORS allowed headers
547
* @param corsAllowedHeaders CORS allowed headers
548
*/
549
public void setCorsAllowedHeaders(String corsAllowedHeaders);
550
551
/**
552
* Check if CORS credentials are exposed
553
* @return true if credentials exposed
554
*/
555
public boolean isCorsExposedHeaders();
556
557
/**
558
* Set CORS credentials exposed flag
559
* @param corsExposedHeaders Credentials exposed flag
560
*/
561
public void setCorsExposedHeaders(boolean corsExposedHeaders);
562
563
/**
564
* Get the HTTP client configuration
565
* @return AdapterHttpClientConfig instance
566
*/
567
public AdapterHttpClientConfig getHttpClientConfig();
568
569
/**
570
* Set the HTTP client configuration
571
* @param httpClientConfig AdapterHttpClientConfig instance
572
*/
573
public void setHttpClientConfig(AdapterHttpClientConfig httpClientConfig);
574
575
/**
576
* Check if always refresh token is enabled
577
* @return true if always refresh enabled
578
*/
579
public boolean isAlwaysRefreshToken();
580
581
/**
582
* Set always refresh token flag
583
* @param alwaysRefreshToken Always refresh flag
584
*/
585
public void setAlwaysRefreshToken(boolean alwaysRefreshToken);
586
587
/**
588
* Check if register node at startup is enabled
589
* @return true if register at startup
590
*/
591
public boolean isRegisterNodeAtStartup();
592
593
/**
594
* Set register node at startup flag
595
* @param registerNodeAtStartup Register at startup flag
596
*/
597
public void setRegisterNodeAtStartup(boolean registerNodeAtStartup);
598
599
/**
600
* Get the register node period in seconds
601
* @return Register node period
602
*/
603
public int getRegisterNodePeriod();
604
605
/**
606
* Set the register node period
607
* @param registerNodePeriod Register node period in seconds
608
*/
609
public void setRegisterNodePeriod(int registerNodePeriod);
610
611
/**
612
* Get the token minimum time to live
613
* @return Token minimum TTL in seconds
614
*/
615
public int getTokenMinimumTimeToLive();
616
617
/**
618
* Set the token minimum time to live
619
* @param tokenMinimumTimeToLive Token minimum TTL in seconds
620
*/
621
public void setTokenMinimumTimeToLive(int tokenMinimumTimeToLive);
622
623
/**
624
* Get the minimum time between JWKS requests
625
* @return Minimum time in seconds
626
*/
627
public int getMinTimeBetweenJwksRequests();
628
629
/**
630
* Set the minimum time between JWKS requests
631
* @param minTimeBetweenJwksRequests Minimum time in seconds
632
*/
633
public void setMinTimeBetweenJwksRequests(int minTimeBetweenJwksRequests);
634
635
/**
636
* Get the public key cache TTL
637
* @return Cache TTL in seconds
638
*/
639
public int getPublicKeyCacheTtl();
640
641
/**
642
* Set the public key cache TTL
643
* @param publicKeyCacheTtl Cache TTL in seconds
644
*/
645
public void setPublicKeyCacheTtl(int publicKeyCacheTtl);
646
}
647
```
648
649
## Usage Examples
650
651
```java
652
import org.keycloak.Config;
653
import org.keycloak.representations.KeyStoreConfig;
654
import org.keycloak.representations.adapters.config.AdapterConfig;
655
656
// Basic configuration access
657
Config.Scope authScope = Config.scope("authentication");
658
String defaultProvider = authScope.get("defaultProvider", "password");
659
boolean loginFormsEnabled = authScope.getBoolean("loginFormsEnabled", true);
660
int sessionTimeout = authScope.getInt("sessionTimeout", 1800);
661
662
// Hierarchical configuration scopes
663
Config.Scope sslScope = Config.scope("ssl", "truststore");
664
String truststorePath = sslScope.get("path");
665
String truststorePassword = sslScope.get("password");
666
667
// Database configuration
668
Config.Scope dbScope = Config.scope("database");
669
String connectionUrl = dbScope.get("url");
670
Integer maxPoolSize = dbScope.getInt("maxPoolSize", 20);
671
String[] additionalJars = dbScope.getArray("additionalJars");
672
673
// Provider configuration
674
String userStorageProvider = Config.getProvider("userStorage");
675
String themeProvider = Config.getProvider("theme");
676
677
// Keystore configuration
678
KeyStoreConfig keystoreConfig = new KeyStoreConfig();
679
keystoreConfig.setFile("/path/to/keystore.jks");
680
keystoreConfig.setPassword("keystorePassword");
681
keystoreConfig.setFormat("JKS");
682
keystoreConfig.setAlias("server-key");
683
keystoreConfig.setKeyPassword("keyPassword");
684
685
// Adapter configuration
686
AdapterConfig adapterConfig = new AdapterConfig();
687
adapterConfig.setRealm("my-realm");
688
adapterConfig.setAuthServerUrl("https://auth.example.com");
689
adapterConfig.setResource("my-client");
690
adapterConfig.setPublicClient(false);
691
adapterConfig.setBearerOnly(true);
692
adapterConfig.setEnableCors(true);
693
adapterConfig.setCorsMaxAge(3600);
694
adapterConfig.setTokenMinimumTimeToLive(300);
695
696
// HTTP client configuration
697
AdapterHttpClientConfig httpConfig = new AdapterHttpClientConfig();
698
httpConfig.setConnectionPoolSize(50);
699
httpConfig.setConnectionTimeout(5000);
700
httpConfig.setSocketTimeout(10000);
701
adapterConfig.setHttpClientConfig(httpConfig);
702
703
// Configuration with credentials
704
Map<String, Object> credentials = new HashMap<>();
705
credentials.put("secret", "client-secret");
706
credentials.put("jwt", Map.of(
707
"client_id", "my-client",
708
"algorithm", "RS256"
709
));
710
adapterConfig.setCredentials(credentials);
711
```