<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On 5 April 2016 at 12:58, Marek Posolda <span dir="ltr"><<a href="mailto:mposolda@redhat.com" target="_blank">mposolda@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"><span class="">
<div>On 05/04/16 10:19, Stian Thorgersen
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">At least personally I think the admin client needs
some TLC. For example creating a user requires:
<div>
<div><font face="monospace, monospace"><br>
</font></div>
<div><font face="monospace, monospace">
UserRepresentation user = new UserRepresentation();</font></div>
<div><font face="monospace, monospace">
user.setUsername("user");</font></div>
<div><font face="monospace, monospace"><br>
</font></div>
<div><font face="monospace, monospace"> Response
response = keycloak.realm("realm").users().create(user);</font></div>
<div><font face="monospace, monospace"><br>
</font></div>
<div><font face="monospace, monospace"> // Retrieve
created user id</font></div>
<div><font face="monospace, monospace"> String path =
response.getLocation().getPath();</font></div>
<div><font face="monospace, monospace"> String id =
path.substring(path.lastIndexOf('/') + 1);</font></div>
<div><font face="monospace, monospace"> </font></div>
<div><font face="monospace, monospace"> // Remember to
close the response</font></div>
<div><font face="monospace, monospace">
response.close();</font></div>
<div><font face="monospace, monospace"><br>
</font></div>
<div><font face="monospace, monospace"> // Set password</font></div>
<div><font face="monospace, monospace">
CredentialRepresentation credentials = new
CredentialRepresentation();</font></div>
<div><font face="monospace, monospace">
credentials.setType(CredentialRepresentation.PASSWORD);</font></div>
<div><font face="monospace, monospace">
credentials.setValue("password");</font></div>
<div><font face="monospace, monospace"> </font></div>
<div><font face="monospace, monospace">
keycloak.realm("realm").users().get(id).resetPassword(credentials);</font></div>
<div><font face="monospace, monospace"> </font></div>
<div><font face="monospace, monospace"> // Add role</font></div>
<div><font face="monospace, monospace">
RoleRepresentation role =
keycloak.realm("realm").roles().get("role").toRepresentation();</font></div>
<div><font face="monospace, monospace">
keycloak.realm("realm").users().get(id).roles().realmLevel().add(Collections.singletonList(role));</font></div>
<div><font face="monospace, monospace"> </font></div>
<div><font face="arial, helvetica, sans-serif">That's pretty
rubbish right?</font></div>
</div>
<div><font face="arial, helvetica, sans-serif"><br>
</font></div>
<div><font face="arial, helvetica, sans-serif">In my opinion a
lot of the usability issues is caused by directly exposing
interfaces/proxies from RestEasy Client and it would be much
better if we introduced a wrapper around it.</font></div>
</div>
</blockquote>
</span><font face="arial, helvetica, sans-serif">Yeah, agree that usability
is not very great.<br>
<br>
However to me personally, the biggest issue is not usability but
the fact, that admin-client needs to be manually maintained. AFAIK
it was lots of spent time - especially for Stan and Marko - to
have the admin-client synced with the latest server. And it seems
that earlier or later, the issue will be back once we will add
more endpoints. We can have "policy" that everyone, who is adding
new server endpoint, would need to update client too (which is
usually needed anyway for the test). But that still requires some
time spend in manually updating code + there is some risk that
earlier or later will admin-client still become outdated...<br>
<br>
IMO If we can have admin-client autogenerated, it will be a huge
win. I am not sure if it's realistic (and seems that it will be
even harder to accomplish if we use wrapper instead of JAX-RS
directly. ) but maybe worth to look into it at least?<br></font></div></blockquote><div><br></div><div>I don't think auto-generating is realistic. Nor do I think it will be a particularly big issue going forward. If anyone touches the admin endpoints they WILL update the admin client as well as add tests for it, end of ;)</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div bgcolor="#FFFFFF" text="#000000"><font face="arial, helvetica, sans-serif">
</font><span class="">
<blockquote type="cite">
<div dir="ltr">
<div><font face="arial, helvetica, sans-serif"><br>
</font></div>
<div><font face="arial, helvetica, sans-serif">So my questions
are:</font></div>
<div><font face="arial, helvetica, sans-serif"><br>
</font></div>
<div><font face="arial, helvetica, sans-serif">1) What do we do
with regards to admin client? Do we just wrap what we have,
keep it or create a brand new one from scratch?</font></div>
<div><font face="arial, helvetica, sans-serif">2) Is it an issue
that we require a specific RestEasy version to use the admin
client? This seems a heavy dependency to me, which could
conflict with other JAX-RS libraries. Using JAX-RS 2 Client
would be an improvement as it should in theory work with any
JAX-RS 2 provider.</font></div>
<div><font face="arial, helvetica, sans-serif">3) What do we do
with current fixes for admin client? Do we merge to master
and 1.9.x or just merge to master?</font></div>
<div><font face="arial, helvetica, sans-serif"><br>
</font></div>
<div><font face="arial, helvetica, sans-serif">At least from my
POV the answers are:</font></div>
<div><font face="arial, helvetica, sans-serif">1) Create
wrappers around interfaces/proxies from RestEasy client and
not expose JAX-RS directly through the API as that should be
an implementation detail</font></div>
</div>
</blockquote></span>
+1 for wrappers. And as I mentioned above, look if we can do
something regarding autogeneration (or at least something else to
enforce the admin-client won't become outdated again).</div></blockquote><div><br></div><div>API's, user interfaces, etc.. can NOT be auto-generated if you want to have anything remotely usable</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div bgcolor="#FFFFFF" text="#000000"><span class=""><br>
<blockquote type="cite">
<div dir="ltr">
<div><font face="arial, helvetica, sans-serif">2) Use JAX-RS 2
client</font></div>
</div>
</blockquote>
</span><font face="arial, helvetica, sans-serif">+1<br>
<br>
But it will be good if people have possibility to configure the
details of underlying Apache HTTP Client (connection pooling,
connection/socket timeouts, tls etc). If it's possible to achieve
it and use JAX-RS 2 client at the same time, it will be cool.
Otherwise if we need to choose just one of these, the
"configurability" of Apache HTTP client is more important IMO.<br></font></div></blockquote><div><br></div><div>Sticking with RestEasy Client makes the assumption that all users use other JBoss projects. We know that's not true as Tomcat, Jetty and Spring adapters all have a lot of use. IMO we should either convert to JAX-RS 2 client or use Apache HTTP client directly (I'm not to keen on that though).<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div bgcolor="#FFFFFF" text="#000000"><font face="arial, helvetica, sans-serif">
</font><span class="">
<blockquote type="cite">
<div dir="ltr">
<div><font face="arial, helvetica, sans-serif">3) Merge fixes to
both master and 1.9.x (admin client is not supported in
product for now, so it's less risky)</font></div>
</div>
</blockquote>
</span><font face="arial, helvetica, sans-serif">+1<span class="HOEnZb"><font color="#888888"><br>
<br>
Marek<br>
</font></span></font><span class="">
<blockquote type="cite">
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
keycloak-dev mailing list
<a href="mailto:keycloak-dev@lists.jboss.org" target="_blank">keycloak-dev@lists.jboss.org</a>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a></pre>
</blockquote>
<br>
</span></div>
</blockquote></div><br></div></div>