[keycloak-dev] AS7 subsystem problems Re: release? Stan?
Stan Silvert
ssilvert at redhat.com
Wed Dec 3 09:12:01 EST 2014
On 12/3/2014 9:07 AM, Bill Burke wrote:
>
> On 12/3/2014 2:43 AM, Stian Thorgersen wrote:
>>
>> ----- Original Message -----
>>> From: "Stan Silvert" <ssilvert at redhat.com>
>>> To: keycloak-dev at lists.jboss.org
>>> Sent: Wednesday, 3 December, 2014 3:56:27 AM
>>> Subject: Re: [keycloak-dev] AS7 subsystem problems Re: release? Stan?
>>>
>>> On 12/2/2014 6:18 PM, Stan Silvert wrote:
>>>> On 12/2/2014 4:41 PM, Bill Burke wrote:
>>>>> On 12/2/2014 4:38 PM, Bill Burke wrote:
>>>>>> On 12/2/2014 3:55 PM, Stan Silvert wrote:
>>>>>>> On 12/2/2014 3:36 PM, Marek Posolda wrote:
>>>>>>>> oops, thanks to you for reporting issue to me this time:-)
>>>>>>>>
>>>>>>>> It should be fixed now. Let me know if it helps.
>>>>>>> That fixed it. Wish mine was that easy.
>>>>>>>
>>>>>>> So much for EAP6 being based on AS7. The API I'm using doesn't exist on
>>>>>>> AS7. It does exist on EAP6, WF8, and WF9.
>>>>>>>
>>>>>>> I think our best course right now is to not use the subsystem on AS7.
>>>>>>> You can still deploy the auth-server WAR into the /deployments directory
>>>>>>> if you are dead set on using AS7 that way.
>>>>>>>
>>>>>>> This doesn't affect the AS7 adapter at all. We just need to remove the
>>>>>>> subsystem module from the dist.
>>>>>>>
>>>>>> Isn't the adapter subsystem and auth-server subsystem in the same
>>>>>> jar/module?
>>>>>>
>>>>>> http://docs.jboss.org/keycloak/docs/1.0.4.Final/userguide/html/ch07.html#jboss-adapter
>>>>>>
>>>>> What I'm saying is...didn't you just totally break the as7 adapter?
>>>>>
>>>>>
>>>> No, they are not in the same module. But now I do see what you are
>>>> saying. The subsystem is adding the adapter module, so yes, it's broken
>>>> unless you add the module in jboss-structure.xml.
>>>>
>>>> Need to think on this some more.
>>> So the simplest solution actually is to do what I say above when using
>>> AS7. That is, you either package the adapter in your WAR or you
>>> reference it in jboss-structure.xml. That would require no further
>>> changes. Just merge the PR I sent earlier and I'll change the docs.
>>>
>>> Is that acceptable? There are some other solutions, but I don't like
>>> them as much. Anything else we do will require treating the AS7
>>> subsystem as a special case and I just don't see the ROI. AS7 is (or
>>> should be) a dead platform.
>>>
>>> So what I'm proposing is that we just treat AS7 like Tomcat or Jetty.
>>> We still have the AS7 adapter but you don't use the subsystem.
>> IMO that's a decent solution and better than having a separate subsystem for AS7 (assuming that'd be the only option).
>>
> -20...The subsystem allows you to have specify KEYCLOAK as the
> <auth-method>, as well as to override a WAR's security settings in
> standalone.xml. Without a subsystem you have to specify a jboss-web.xml
> and a valve. We need to be as consistent as possible. If you're not
> going to fix it, let me know and I'll do it.
>
That's fine. I can fix it, but it will take some time.
I could disable auth server creation within the subsystem on AS7. All
the places where I used the newer API are in that part of the
subsystem. So if you wanted to run the auth server on AS7, you would
need to deploy the WAR manually. Everything else in the subsystem would
work as it did in the previous release.
Does that sound OK?
More information about the keycloak-dev
mailing list