[Hawkular-dev] Should Keycloak integration be optional?
Juraci Paixão Kröhling
jpkroehling at redhat.com
Fri Jan 23 12:54:42 EST 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
As I mentioned on the previous email, one of the questions during the
demo was if it would be possible to have the Keycloak integration as
an optional part.
In the backend part, it's not hard to disable Keycloak as the
authentication mechanism, as it's just JAAS. That would require,
though, a second JAAS implementation to replace it.
In the frontend part, however, it's a bit more complicated. The setup
right now is that the web console is treated as an HTML5 single-page
app. This means that the web console is one application and the
backend is a different one, and they propagate the authentication by
using the tokens: the web console gets a token from the Keycloak
JavaScript adapter once the user logs in and sends it along with each
request to the backend. The backend (Keycloak Wildfly Adapter) reads
this token and retrieves the user data from the Keycloak server,
allowing the request to execute or not.
This means that either:
1) web console and REST API (and possibly other wars) become one, so
that the HTML5 single-page app can be served only after the user logs
in (classic Java EE application)
2) the backend JAAS adapter would need to support also some sort of
token exchange, with the frontend abstracting the Keycloak adapter to
work with one auth mechanism or another, possibly auto identifying
what is the backend's auth mechanism.
3) ??
I don't think that the first option is a real one. Having small wars,
each taking care of one concern, is a goal on the project.
So, would an effort in making Keycloak an optional part be worth it?
Should I pursue it?
- - Juca.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJUworiAAoJECKM1e+fkPrX8oMH/jC6DSOzx5gJuQNVHsojO6jB
xHjAbhiF89mnlC9iHBKTmZnJ6O4sOs870tibxhhmNvJs+N5wvQVCWhv+5JdqONfe
ETP4O7iKYLHu317DuNW8gl3FRP9Mgj/FkpgGhanikOLZ7S1B9/86zv8qdQ1/C6Hm
EM1MOIlSqqwPk+QPj/51Uo6rMG42ObG6P+mJOu7IhuJK4LS0uZI3yCIyk42+ngit
+T05kOfYOL24nOcL4iCjb0+Qg9SjNPASklq79Kz1h9tMZkq3CAXwyPJ0ty0kKSwR
mejY48LahgwmGQF53zovQJbb7Lpek+Uu9+G/vbcaJGLgqs5qwQq+3qa3e81Q9I0=
=5KoB
-----END PGP SIGNATURE-----
More information about the hawkular-dev
mailing list