[keycloak-dev] implement JPA model

Tue Nov 5 11:30:08 EST 2013

On 11/05/2013 07:06 AM, Bill Burke wrote:
> Pedro, with all due respect, we already use Picketlink.  What we're
> doing is swapping it out until there is an advantage to use it again.
> Right now there are only disadvantages and the fact it can't run in
> Wildfly is a blocker.  I'll be committing the JPA model later today.
We are updating WildFly with the PicketLink subsystem that contains IDM 
configuration, this week. Can you please provide a list of disadvantages 
of using PicketLink? A lot of people/teams collaborated on the subsystem 
design. It will be beneficial if KeyCloak can wait a bit on the PL. Give 
us a chance. :)
>
> On 11/5/2013 7:32 AM, Pedro Igor Silva wrote:
>> I think most of the frustrating feeling you got was because you're trying to reuse the Basic Model.
>>
>> https://github.com/keycloak/keycloak/tree/master/model/picketlink/src/main/java/org/keycloak/models/picketlink/mappings (If I'm not wrong)
>>
>> The Basic Model is a simple and ready to use domain model that can be used to enable very quickly most of IDM capabilities. But you're not tied to this model at all, as you can always provide your own and make it PL enabled.
>>
>> When designing an application like yours, I believe the best thing to do is start by writing your own model. And then provide the necessary annotations to enable PL on top of it.
>>
>> The idea behind the JPA store is not restrict your design decisions when modeling your domain model, but integrate with it.
>>
>> Give me a chance and I can enable PL in your model, so you still get your model the way you want.
>>
>> ----- Original Message -----
>> From: "Anil Saldhana" <Anil.Saldhana at redhat.com>
>> To: keycloak-dev at lists.jboss.org
>> Sent: Monday, November 4, 2013 2:53:48 PM
>> Subject: Re: [keycloak-dev] implement JPA model
>>
>> On 11/04/2013 10:25 AM, Bill Burke wrote:
>>> On 11/4/2013 11:05 AM, Anil Saldhana wrote:
>>>> What I cannot accept is Bill's refusal to look at what we are trying to
>>>> tell him and cop out
>>>> in the guise of timelines. The PL team has very limited time in engaging
>>>> in lengthy email
>>>> discussions but we are willing to help in any manner if the team shows
>>>> interest in listening
>>>> to us.
>>>>
>>> Anil, what exactly are you trying to tell me?  That there's some
>>> mythical "unified developer experience" I'm missing out on?  An
>>> experience that currently doesn't exist at all, even in Wildfly?  An
>>> experience that you're promising for WF9?  What is Keycloak supposed to
>>> do until then?
>> I am saying try to use the PL IDM API for the basic model.  That would
>> automatically reduce your work when WF9 will use the IDM natively for its
>> user stores. Basically you can just reuse the integration work done in
>> WF9 for IDM configuration. KeyCloak would not have to do anything.
>>
>> Right now for JBossAS7, EAP6.1+ and WF8,  PicketLink IDM exists as
>> an external library.  The IDM subsystem does work for AS7,6.1 but has
>> not yet been updated for WF8.  But KeyCloak as a web application should
>> focus on the IDM API for the basic model.
>>> What's frustrating is that our data model is simple.  So simple it only
>>> takes one or two days to write a JPA or Mongo implementation for.  I
>>> just refuse to spend weeks and weeks like I did this summer wading
>>> through Picketlink code and/or waiting for next next patch to be
>>> released to make Picketlink usable.  Until this magic Picketlink
>>> "unified developer experience" comes to fruition, we're doing our own
>>> backend.
>> Ok.  If you have your JPA model in a KeyCloak branch somewhere, we can
>> take a look at it and make suggestions.