[keycloak-dev] [async] Why is async jaxrs being used?

Pedro Igor Silva psilva at redhat.com
Sat Apr 1 14:16:36 EDT 2017

As you noticed with the ScheduledPermissionEvaluator, policy evaluation is
a blocking operation. The idea is provide in the future ways to configure
an executor and allow more authz requests happening in parallel with
complete control over how it is done.

Right now, yes. We don't have this yet but just using a single thread.

Some time ago I did some tests using executors but I had no success mainly
because of issues with JPA EntityManager.

I'm OK to remove async for now but keep an eye on the future for future
improvements in this area.

Pedro Igor

On Sat, Apr 1, 2017 at 12:33 PM, Bill Burke <bburke at redhat.com> wrote:

> I say this because I'm trying to run the policy evaluator within the IDE
> within the arquillian testsuite and it is failing.  We have regular
> non-async servlet filters in Keycloak.  Undertow now checks to see if
> there are any non-async servlet filters and won't allow async http.
> On 4/1/17 11:15 AM, Bill Burke wrote:
> > I don't understand why async-http support for JAXRS is being used for
> > Authz requests.  Async HTTP is only useful when you want to limit the
> > amount of long running requests or you have an operation that may
> > block for some time.  Do you want to limit the number of authz
> > requests that can happen at one time?  Or, do you have an operation
> > that may block?  Otherwise I don't see the point of using async HTTP.
> > It complicates the code.
> >
> > Looking at your ScheduledPermissionEvaluator you aren't even using the
> > Executor that is passed into the constructor so its all happening in
> > the same thread anyways.
> >
> > Bill
> >
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev

More information about the keycloak-dev mailing list