[keycloak-dev] AS7 subsystem problems Re: release? Stan?
Bill Burke
bburke at redhat.com
Wed Dec 3 09:16:28 EST 2014
On 12/3/2014 9:12 AM, Stan Silvert wrote:
> On 12/3/2014 9:07 AM, Bill Burke wrote:
>>
>> On 12/3/2014 2:43 AM, Stian Thorgersen wrote:
>>>
>>> ----- Original Message -----
>>>> From: "Stan Silvert" <ssilvert at redhat.com>
>>>> To: keycloak-dev at lists.jboss.org
>>>> Sent: Wednesday, 3 December, 2014 3:56:27 AM
>>>> Subject: Re: [keycloak-dev] AS7 subsystem problems Re: release? Stan?
>>>>
>>>> On 12/2/2014 6:18 PM, Stan Silvert wrote:
>>>>> On 12/2/2014 4:41 PM, Bill Burke wrote:
>>>>>> On 12/2/2014 4:38 PM, Bill Burke wrote:
>>>>>>> On 12/2/2014 3:55 PM, Stan Silvert wrote:
>>>>>>>> On 12/2/2014 3:36 PM, Marek Posolda wrote:
>>>>>>>>> oops, thanks to you for reporting issue to me this time:-)
>>>>>>>>>
>>>>>>>>> It should be fixed now. Let me know if it helps.
>>>>>>>> That fixed it. Wish mine was that easy.
>>>>>>>>
>>>>>>>> So much for EAP6 being based on AS7. The API I'm using doesn't exist on
>>>>>>>> AS7. It does exist on EAP6, WF8, and WF9.
>>>>>>>>
>>>>>>>> I think our best course right now is to not use the subsystem on AS7.
>>>>>>>> You can still deploy the auth-server WAR into the /deployments directory
>>>>>>>> if you are dead set on using AS7 that way.
>>>>>>>>
>>>>>>>> This doesn't affect the AS7 adapter at all. We just need to remove the
>>>>>>>> subsystem module from the dist.
>>>>>>>>
>>>>>>> Isn't the adapter subsystem and auth-server subsystem in the same
>>>>>>> jar/module?
>>>>>>>
>>>>>>> http://docs.jboss.org/keycloak/docs/1.0.4.Final/userguide/html/ch07.html#jboss-adapter
>>>>>>>
>>>>>> What I'm saying is...didn't you just totally break the as7 adapter?
>>>>>>
>>>>>>
>>>>> No, they are not in the same module. But now I do see what you are
>>>>> saying. The subsystem is adding the adapter module, so yes, it's broken
>>>>> unless you add the module in jboss-structure.xml.
>>>>>
>>>>> Need to think on this some more.
>>>> So the simplest solution actually is to do what I say above when using
>>>> AS7. That is, you either package the adapter in your WAR or you
>>>> reference it in jboss-structure.xml. That would require no further
>>>> changes. Just merge the PR I sent earlier and I'll change the docs.
>>>>
>>>> Is that acceptable? There are some other solutions, but I don't like
>>>> them as much. Anything else we do will require treating the AS7
>>>> subsystem as a special case and I just don't see the ROI. AS7 is (or
>>>> should be) a dead platform.
>>>>
>>>> So what I'm proposing is that we just treat AS7 like Tomcat or Jetty.
>>>> We still have the AS7 adapter but you don't use the subsystem.
>>> IMO that's a decent solution and better than having a separate subsystem for AS7 (assuming that'd be the only option).
>>>
>> -20...The subsystem allows you to have specify KEYCLOAK as the
>> <auth-method>, as well as to override a WAR's security settings in
>> standalone.xml. Without a subsystem you have to specify a jboss-web.xml
>> and a valve. We need to be as consistent as possible. If you're not
>> going to fix it, let me know and I'll do it.
>>
> That's fine. I can fix it, but it will take some time.
>
> I could disable auth server creation within the subsystem on AS7. All
> the places where I used the newer API are in that part of the
> subsystem. So if you wanted to run the auth server on AS7, you would
> need to deploy the WAR manually. Everything else in the subsystem would
> work as it did in the previous release.
>
> Does that sound OK?
Sure, or you could just separate the auth-server and adapter subsystem
code into separate artifacts and modules.
Bill
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list