[keycloak-user] Is Keycloak client admin thread safe?

Bill Burke bburke at redhat.com
Mon Apr 4 09:59:17 EDT 2016 

You can just create the ResteasyClient, get a ResteasyWebTarget, then 
call target.proxy(RealmsResource.class)

On 4/4/2016 8:52 AM, Guus der Kinderen wrote:
> Hey, thanks for this. Coincidentally, I was looking into similar issues.
>
> We've been running into concurrently-related issues. These find their 
> origin in the Resteasy client that is created in the client admin 
> Keycloak class.
>
> Marek writes that the underlying connection pool can be modified, but 
> that's not really straightforward: there is no getInstance() method 
> that exposes the Resteasy client. One has to subclass the Keycloak 
> class to gain access. Perhaps there's room for improvement here?
>
> Also, by default, the Resteasy client uses one connection. That seems 
> to be a very conservative default, given the nature of the client 
> admin. I believe that the client admin would benefit from using a 
> thread pool of a size that's arbitrarily larger than 1. I'd go with 10.
>
> Regards,
>
>   Guus
>
> On 31 March 2016 at 21:20, Hristo Stoyanov <hr.stoyanov at peruncs.com 
> <mailto:hr.stoyanov at peruncs.com>> wrote:
>
>     Marek,
>     Thanks for this clarification and all your help in this forum to
>     my other questions!
>
>     You guys rock!
>
>     /Hristo Stoyanov
>
>     On Mar 31, 2016 2:38 AM, "Marek Posolda" <mposolda at redhat.com
>     <mailto:mposolda at redhat.com>> wrote:
>
>         It's supposed to be and we even internally using it in some
>         concurrency test.
>
>         It's using Apache HTTP client under the hood, which itself is
>         thread-safe and is using connection pooling. In case you need,
>         you can configure more fine-grained details (like connection
>         pool size etc) by pass the custom resteasyClient to Keycloak
>         object.
>
>         However when I looked a bit more into sources now, I can see
>         that there are some potential concurrency issues in
>         TokenManager class, which is used internally by admin client.
>         Created JIRA https://issues.jboss.org/browse/KEYCLOAK-2731 for
>         it. It's not too bad IMO, but note that you can possibly see
>         situation when more concurrent threads are trying to refresh
>         the same access token at the same time.
>
>         Marek
>
>
>         On 31/03/16 01:37, Hristo Stoyanov wrote:
>>
>>         Is org.Keycloak.admin.client.Keycloak threadsafe? I intend to
>>         use it as a single admin client for the entire app ...
>>
>>         /Hristo Stoyanov
>>
>>
>>
>>         _______________________________________________
>>         keycloak-user mailing list
>>         keycloak-user at lists.jboss.org
>>         <mailto:keycloak-user at lists.jboss.org>
>>         https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>     _______________________________________________
>     keycloak-user mailing list
>     keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>     https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160404/118d6aff/attachment.html

More information about the keycloak-user mailing list