Details
diff --git a/docbook/reference/en/en-US/master.xml b/docbook/reference/en/en-US/master.xml
index c0d39db..6a70415 100755
--- a/docbook/reference/en/en-US/master.xml
+++ b/docbook/reference/en/en-US/master.xml
@@ -11,6 +11,7 @@
<!ENTITY AdapterConfig SYSTEM "modules/adapter-config.xml">
<!ENTITY JBossAdapter SYSTEM "modules/jboss-adapter.xml">
<!ENTITY JavascriptAdapter SYSTEM "modules/javascript-adapter.xml">
+ <!ENTITY TomcatAdapter SYSTEM "modules/tomcat-adapter.xml">
<!ENTITY InstalledApplications SYSTEM "modules/installed-applications.xml">
<!ENTITY Logout SYSTEM "modules/logout.xml">
<!ENTITY SAML SYSTEM "modules/saml.xml">
@@ -83,6 +84,7 @@ This one is short
</para>
&AdapterConfig;
&JBossAdapter;
+ &TomcatAdapter;
&JavascriptAdapter;
&InstalledApplications;
&Logout;
diff --git a/docbook/reference/en/en-US/modules/jboss-adapter.xml b/docbook/reference/en/en-US/modules/jboss-adapter.xml
index c141397..795b74f 100755
--- a/docbook/reference/en/en-US/modules/jboss-adapter.xml
+++ b/docbook/reference/en/en-US/modules/jboss-adapter.xml
@@ -10,7 +10,7 @@
<section id="jboss-adapter-installation">
<title>Adapter Installation</title>
<para>
- This is a adapter zip file for AS7, EAP, and Wildfly in the <literal>adapters/</literal> directory in the Keycloak
+ There is a adapter zip file for AS7, EAP, and Wildfly in the <literal>adapters/</literal> directory in the Keycloak
distribution.
</para>
<para>
@@ -135,7 +135,7 @@ public class CustomerService {
</section>
<section>
- <title>Per WAR Configuration</title>
+ <title>Required Per WAR Configuration</title>
<para>
This section describes how to secure a WAR directly by adding config and editing files within your WAR package.
</para>
diff --git a/docbook/reference/en/en-US/modules/Overview.xml b/docbook/reference/en/en-US/modules/Overview.xml
index 3361e0d..9ef7451 100755
--- a/docbook/reference/en/en-US/modules/Overview.xml
+++ b/docbook/reference/en/en-US/modules/Overview.xml
@@ -98,7 +98,7 @@
Multitenancy support. You can host and manage multiple realms for multiple organizations.
</listitem>
<listitem>
- Supports JBoss AS7, EAP 6.x, Wildfly and Pure JavaScript applications. Plans to support Node.js, RAILS, GRAILS, and other non-Java deployments
+ Supports JBoss AS7, EAP 6.x, Wildfly, Tomcat 7 and Pure JavaScript applications. Plans to support Node.js, RAILS, GRAILS, and other non-Java deployments
</listitem>
</itemizedlist>
</para>
diff --git a/docbook/reference/en/en-US/modules/tomcat-adapter.xml b/docbook/reference/en/en-US/modules/tomcat-adapter.xml
new file mode 100755
index 0000000..b9c0043
--- /dev/null
+++ b/docbook/reference/en/en-US/modules/tomcat-adapter.xml
@@ -0,0 +1,94 @@
+<section id="tomcat-adapter">
+ <title>Tomcat 7 Adapter</title>
+ <para>
+ To be able to secure WAR apps deployed on Tomcat 7 you must install the Keycloak Tomcat 7 adapter
+ into your Tomcat installation. You then have to provide some extra configuration in each WAR you deploy to
+ Tomcat. Let's go over these steps.
+ </para>
+ <section id="tomcat-adapter-installation">
+ <title>Adapter Installation</title>
+ <para>
+ There is a adapter zip file for Tomcat 7 in the <literal>adapters/</literal> directory in the Keycloak appliance
+ or war distribution. You must unzip this file into Tomcat's <literal>lib/</literal> directory. Including
+ adapter's jars within your WEB-INF/lib directory will not work! The Keycloak adapter is implemented as a Valve
+ and valve code must reside in Tomcat's main lib/ directory.
+ </para>
+ <para>
+<programlisting>
+$ cd $TOMCAT_HOME/lib
+$ unzip keycloak-tomcat7-adapter-dist.zip
+</programlisting>
+ </para>
+ </section>
+
+ <section>
+ <title>Required Per WAR Configuration</title>
+ <para>
+ This section describes how to secure a WAR directly by adding config and editing files within your WAR package.
+ </para>
+ <para>
+ The first thing you must do is create a <literal>META-INF/context.xml</literal> file in your WAR package. This is
+ a Tomcat specific config file and you must define a Keycloak specific Valve.
+ </para>
+ <programlisting>
+<![CDATA[
+<Context path="/your-context-path">
+ <Valve className="org.keycloak.adapters.tomcat7.KeycloakAuthenticatorValve"/>
+</Context>]]>
+ </programlisting>
+ <para>
+ Next you must create
+ a <literal>keycloak.json</literal> adapter config file within the <literal>WEB-INF</literal> directory
+ of your WAR. The format of this config file is describe in the <link linkend='adapter-config'>general adapter configuration</link>
+ section.
+ </para>
+ <para>
+ Finally you must specify both a <literal>login-config</literal> and use standard servlet security to specify
+ role-base constraints on your URLs. Here's an example:
+ </para>
+ <para>
+<programlisting>
+<![CDATA[
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+ version="3.0">
+
+ <module-name>customer-portal</module-name>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Customers</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>user</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <security-constraint>
+ <web-resource-collection>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <user-data-constraint>
+ <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+ </user-data-constraint>
+ </security-constraint>
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>this is ignored currently/realm-name>
+ </login-config>
+
+ <security-role>
+ <role-name>admin</role-name>
+ </security-role>
+ <security-role>
+ <role-name>user</role-name>
+ </security-role>
+</web-app>
+]]>
+</programlisting>
+ </para>
+ </section>
+</section>
\ No newline at end of file
