Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit


Git stats


Failed to load latest commit information.

Integration of Keycloak and Dropwizard



This project shows how JBoss Keycloak and Dropwizard can be used together.

To read this tutorial fully rendered, please visit:

JBoss Keycloak provides a standalone OAuth 2.0 and Open ID Connect server. It handles user credentials for your application, so you can focus on business requirements.

Dropwizard is a Java framework for developing ops-friendly, high-performance, RESTful web services.

TL;DR: The module keycloak-dropwizard-jaxrs-example shows how to use Dropwizard’s @Auth annotation with Keycloak using a full OAuth flow. If you have i.e. a JavaScript-Client and want to send only JWT Tokens, go directly to keycloak-dropwizard-bearermodule

At the time I write this there is no open source integration of the two, so I set up this project. See for the latest version.

How to use

The module keycloak-dropwizard-jaxrs is a ready-to-use Dropwizard module. The releases are available from Maven central.

The releases depend on a version of Dropwizard and Keycloak that was current at release time. To use a more recent release, please add them as an explicit dependency to your project, as this project will not release new versions on every minor or patch release of its dependencies.

Maven Central Build Status

  • Version 0.7.x is tested with Keycloak 1.9.x and Dropwizard 0.9.x

  • Version 0.8.x is tested with Keycloak 2.x.x and Dropwizard 0.9.x

  • Version 0.9.x is tested with Keycloak 2.x.x/3.x.x and Dropwizard 1.0.x

  • Version 1.0.x is tested with Keycloak 3.x.x and Dropwizard 1.1.x/1.2.x/1.3.x

  • Version 1.1.x/1.2.x is tested with Keycloak 4.x-18.x and Dropwizard 1.3.x/2.0.x/2.1.x


Starting with Dropwizard 2.0 and the included version of Jersey, a login performed during a POST for a form will not recover the contents of the POST. This is wired into Keycloak’s JettyAdapterSessionStore (that restores the content type and the parameters to the request), but Jersey’s InboundMessageContext that wants to read the information the request’s header and the body. See the shouldLoginFromPost() test case for an example.


The most recent development version (based on the master branch on GitHub) is available from the Sonatype OSS Snapshot Repository. To use it, include the following repository in your pom.xml.



These examples need a local JBoss Keycloak instance with Realm test and user demo with password demo.

Please download the Keycloak distribution matching your keycloak-dropwizard-integration version from and extract it to a subfolder keycloak-server of this directory. Then call keycloak-server.bat to import an already configured realm. Using this startup file the configuration will be reset every time you start Keycloak.


This example will guide you through setting up JBoss Keycloak in several configurations:

For completeness and as a very simple getting started a standard Servlet configuration is also included (without and with Keycloak):


Copyright 2015-2021 Alexander Schwartz and the individual contributors.

Licensed under the Apache License, Version 2.0 (the “License”); you may not use this file except in compliance with the License. You may obtain a copy of the License at

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.