<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 05/04/16 13:22, Stian Thorgersen
wrote:<br>
</div>
<blockquote
cite="mid:CAJgngAe_sGcQnbj_HTrFNFuwO7GgwkkKhNw255o3MqQpR2K_rA@mail.gmail.com"
type="cite">
<div dir="ltr"><br>
<div class="gmail_extra"><br>
<div class="gmail_quote">On 5 April 2016 at 12:58, Marek
Posolda <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:mposolda@redhat.com" target="_blank">mposolda@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"><span class="">
<div>On 05/04/16 10:19, Stian Thorgersen wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">At least personally I think the admin
client needs some TLC. For example creating a user
requires:
<div>
<div><font face="monospace, monospace"><br>
</font></div>
<div><font face="monospace, monospace">
UserRepresentation user = new
UserRepresentation();</font></div>
<div><font face="monospace, monospace">
user.setUsername("user");</font></div>
<div><font face="monospace, monospace"><br>
</font></div>
<div><font face="monospace, monospace">
Response response =
keycloak.realm("realm").users().create(user);</font></div>
<div><font face="monospace, monospace"><br>
</font></div>
<div><font face="monospace, monospace">
// Retrieve created user id</font></div>
<div><font face="monospace, monospace">
String path =
response.getLocation().getPath();</font></div>
<div><font face="monospace, monospace">
String id =
path.substring(path.lastIndexOf('/') + 1);</font></div>
<div><font face="monospace, monospace"> </font></div>
<div><font face="monospace, monospace">
// Remember to close the response</font></div>
<div><font face="monospace, monospace">
response.close();</font></div>
<div><font face="monospace, monospace"><br>
</font></div>
<div><font face="monospace, monospace">
// Set password</font></div>
<div><font face="monospace, monospace">
CredentialRepresentation credentials = new
CredentialRepresentation();</font></div>
<div><font face="monospace, monospace">
credentials.setType(CredentialRepresentation.PASSWORD);</font></div>
<div><font face="monospace, monospace">
credentials.setValue("password");</font></div>
<div><font face="monospace, monospace"> </font></div>
<div><font face="monospace, monospace">
keycloak.realm("realm").users().get(id).resetPassword(credentials);</font></div>
<div><font face="monospace, monospace"> </font></div>
<div><font face="monospace, monospace">
// Add role</font></div>
<div><font face="monospace, monospace">
RoleRepresentation role =
keycloak.realm("realm").roles().get("role").toRepresentation();</font></div>
<div><font face="monospace, monospace">
keycloak.realm("realm").users().get(id).roles().realmLevel().add(Collections.singletonList(role));</font></div>
<div><font face="monospace, monospace"> </font></div>
<div><font face="arial, helvetica, sans-serif">That's
pretty rubbish right?</font></div>
</div>
<div><font face="arial, helvetica, sans-serif"><br>
</font></div>
<div><font face="arial, helvetica, sans-serif">In
my opinion a lot of the usability issues is
caused by directly exposing interfaces/proxies
from RestEasy Client and it would be much
better if we introduced a wrapper around it.</font></div>
</div>
</blockquote>
</span><font face="arial, helvetica, sans-serif">Yeah,
agree that usability is not very great.<br>
<br>
However to me personally, the biggest issue is not
usability but the fact, that admin-client needs to be
manually maintained. AFAIK it was lots of spent time -
especially for Stan and Marko - to have the
admin-client synced with the latest server. And it
seems that earlier or later, the issue will be back
once we will add more endpoints. We can have "policy"
that everyone, who is adding new server endpoint,
would need to update client too (which is usually
needed anyway for the test). But that still requires
some time spend in manually updating code + there is
some risk that earlier or later will admin-client
still become outdated...<br>
<br>
IMO If we can have admin-client autogenerated, it will
be a huge win. I am not sure if it's realistic (and
seems that it will be even harder to accomplish if we
use wrapper instead of JAX-RS directly. ) but maybe
worth to look into it at least?<br>
</font></div>
</blockquote>
<div><br>
</div>
<div>I don't think auto-generating is realistic. Nor do I
think it will be a particularly big issue going forward.
If anyone touches the admin endpoints they WILL update the
admin client as well as add tests for it, end of ;)</div>
<div> </div>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"><font face="arial,
helvetica, sans-serif"> </font><span class="">
<blockquote type="cite">
<div dir="ltr">
<div><font face="arial, helvetica, sans-serif"><br>
</font></div>
<div><font face="arial, helvetica, sans-serif">So
my questions are:</font></div>
<div><font face="arial, helvetica, sans-serif"><br>
</font></div>
<div><font face="arial, helvetica, sans-serif">1)
What do we do with regards to admin client? Do
we just wrap what we have, keep it or create a
brand new one from scratch?</font></div>
<div><font face="arial, helvetica, sans-serif">2)
Is it an issue that we require a specific
RestEasy version to use the admin client? This
seems a heavy dependency to me, which could
conflict with other JAX-RS libraries. Using
JAX-RS 2 Client would be an improvement as it
should in theory work with any JAX-RS 2
provider.</font></div>
<div><font face="arial, helvetica, sans-serif">3)
What do we do with current fixes for admin
client? Do we merge to master and 1.9.x or
just merge to master?</font></div>
<div><font face="arial, helvetica, sans-serif"><br>
</font></div>
<div><font face="arial, helvetica, sans-serif">At
least from my POV the answers are:</font></div>
<div><font face="arial, helvetica, sans-serif">1)
Create wrappers around interfaces/proxies from
RestEasy client and not expose JAX-RS directly
through the API as that should be an
implementation detail</font></div>
</div>
</blockquote>
</span> +1 for wrappers. And as I mentioned above, look
if we can do something regarding autogeneration (or at
least something else to enforce the admin-client won't
become outdated again).</div>
</blockquote>
<div><br>
</div>
<div>API's, user interfaces, etc.. can NOT be auto-generated
if you want to have anything remotely usable</div>
<div> </div>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"><span class=""><br>
<blockquote type="cite">
<div dir="ltr">
<div><font face="arial, helvetica, sans-serif">2)
Use JAX-RS 2 client</font></div>
</div>
</blockquote>
</span><font face="arial, helvetica, sans-serif">+1<br>
<br>
But it will be good if people have possibility to
configure the details of underlying Apache HTTP Client
(connection pooling, connection/socket timeouts, tls
etc). If it's possible to achieve it and use JAX-RS 2
client at the same time, it will be cool. Otherwise if
we need to choose just one of these, the
"configurability" of Apache HTTP client is more
important IMO.<br>
</font></div>
</blockquote>
<div><br>
</div>
<div>Sticking with RestEasy Client makes the assumption that
all users use other JBoss projects. We know that's not
true as Tomcat, Jetty and Spring adapters all have a lot
of use. IMO we should either convert to JAX-RS 2 client or
use Apache HTTP client directly (I'm not to keen on that
though).<br>
</div>
</div>
</div>
</div>
</blockquote>
At least we may just have possibility to inject underlying
javax.ws.rs.<span style="background-color:#e4e4ff;">client.Client
during creation of admin-client. So if someone is on resteasy and
wants to tweak Apache HTTP Client, he can use RestEasy API to
build client by himself and inject it. If he's using some other
library, he would need to use it's API to build client (and
possibly configure connection pooling etc in library specific
way).<br>
<br>
Marek<br>
</span>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<blockquote
cite="mid:CAJgngAe_sGcQnbj_HTrFNFuwO7GgwkkKhNw255o3MqQpR2K_rA@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"><font face="arial,
helvetica, sans-serif"> </font><span class="">
<blockquote type="cite">
<div dir="ltr">
<div><font face="arial, helvetica, sans-serif">3)
Merge fixes to both master and 1.9.x (admin
client is not supported in product for now, so
it's less risky)</font></div>
</div>
</blockquote>
</span><font face="arial, helvetica, sans-serif">+1<span
class="HOEnZb"><font color="#888888"><br>
<br>
Marek<br>
</font></span></font><span class="">
<blockquote type="cite"> <br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
keycloak-dev mailing list
<a moz-do-not-send="true" href="mailto:keycloak-dev@lists.jboss.org" target="_blank">keycloak-dev@lists.jboss.org</a>
<a moz-do-not-send="true" href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a></pre>
</blockquote>
<br>
</span></div>
</blockquote>
</div>
<br>
</div>
</div>
</blockquote>
<br>
</body>
</html>