[keycloak-dev] isolate picketlink dependency please

Stian Thorgersen stian at redhat.com
Wed Apr 30 10:14:17 EDT 2014 


----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: keycloak-dev at lists.jboss.org
> Sent: Wednesday, 30 April, 2014 2:48:35 PM
> Subject: Re: [keycloak-dev] isolate picketlink dependency please
> 
> Primary Keycloak code should not depend on Picketlink.  Picketlink
> should always be hidden by SPIs.  So, if we need to provide LDAP support
> on EAP using an older version of Picketlink, then we write a separate
> maven module using that older version of Picketlink and plug it in.
> 
> Following me?

Yep

> 
> Right now, it looks that only the Mongo data model has a PL dependency.
>   Correct?

Yes (except authentication/authentication-picketlink of course)

> 
> On 4/30/2014 4:44 AM, Stian Thorgersen wrote:
> > It may be in the future, if we want to support all/most features on EAP,
> > but I don't think we do now.
> >
> > Bill: wdyt?
> >
> > ----- Original Message -----
> >> From: "Marek Posolda" <mposolda at redhat.com>
> >> To: "Stian Thorgersen" <stian at redhat.com>
> >> Cc: keycloak-dev at lists.jboss.org
> >> Sent: Wednesday, 30 April, 2014 9:30:14 AM
> >> Subject: Re: [keycloak-dev] isolate picketlink dependency please
> >>
> >> Ok, I will remove the dependency from the mongo model, that's an easy
> >> part though.
> >>
> >> So the fact that we actually bundle latest picketlink jars inside
> >> Keycloak WAR in auth-server.war/WEB-INF/lib/ is not an issue?
> >>
> >> Marek
> >>
> >> On 30.4.2014 09:43, Stian Thorgersen wrote:
> >>> AeroGear will use a stripped-down version of Keycloak WAR, without mongo,
> >>> ldap, social, etc. so this won't be an issue for them, but I agree that
> >>> we
> >>> should remove this dependency from the Mongo model though.
> >>>
> >>> I don't see a problem with us using the latest version of PicketLink as
> >>> long as only authentication-picketlink depends on it.
> >>>
> >>> ----- Original Message -----
> >>>> From: "Marek Posolda" <mposolda at redhat.com>
> >>>> To: keycloak-dev at lists.jboss.org
> >>>> Sent: Tuesday, 29 April, 2014 10:59:23 PM
> >>>> Subject: Re: [keycloak-dev] isolate picketlink dependency please
> >>>>
> >>>> Mongo model is using just some helper reflection classes from
> >>>> org.picketlink.common. It should be easy to fork some functionality and
> >>>> completely remove dependency on org.picketlink.common from mongo model.
> >>>>
> >>>> However picketlink is also used for Ldap integration and here it's more
> >>>> complicated...
> >>>>
> >>>> So what exactly is the requirement for picketlink integration? Am I
> >>>> understand correctly that all picketlink dependencies must be removed
> >>>> from auth-server.war/WEB-INF/lib/ and added as deps to
> >>>> auth-server.war/WEB-INF/jboss-deployment-structure.xml instead?
> >>>>
> >>>> If I understand correctly, this means that Keycloak must use same
> >>>> Picketlink version, which is bundled with EAP. Do you know what is our
> >>>> target EAP version and which version of Picketlink is in it?
> >>>>
> >>>> Today I've upgraded Keycloak to newly released Picketlink 2.6.0.CR2,
> >>>> which contains some nice LDAP improvements and fixes (like support for
> >>>> RHDS and connection pooling). So it seems that I will need to revert
> >>>> this and use some older picketlink version bundled in EAP instead:-(
> >>>>
> >>>> Marek
> >>>>
> >>>> On 29.4.2014 18:15, Bill Burke wrote:
> >>>>> Mongo model project seems to have picketlink dependencies:
> >>>>>
> >>>>> org.picketlink.common
> >>>>>
> >>>>> These need to be isolated and removed as a dependency.  Since we may be
> >>>>> introducing Keycloak into EAP (via Aerogear) we want to be sure we can
> >>>>> remove any version conflicting picketlink dependencies.  So, anything
> >>>>> picketlink related has to be behind a plugglable and removable SPI.
> >>>> _______________________________________________
> >>>> keycloak-dev mailing list
> >>>> keycloak-dev at lists.jboss.org
> >>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >>>>
> >>
> >>
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >
> 
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>

More information about the keycloak-dev mailing list