On 5/16/2014 8:47 AM, Bill Burke wrote:
On 5/16/2014 8:23 AM, Stan Silvert wrote:
> On 5/16/2014 4:04 AM, Bolesław Dawidowicz wrote:
>> Yes, the intention is that LiveOak doesn't require JEE container. We
>> started with pure netty container. Currently we deploy on WildFly for
>> several reasons, also because of KeyCloak. However we want to start
>> stripping it down as soon as WildFly Core is available.
> I'm working on "Keycloak without servlets" right now. The goal is to
be
> able to use Keycloak for the EAP console where servlets are verboten.
> So far so good.
>
> But it begs the question, "Since the Servlet API is mostly just a facade
> on top of the Undertow API, why do we care if Keycloak is using the
> Servlet API?"
There's two places we use the servlet API. In KeycloakApplication and
in CookieHelper. The former is to get the context path of the
deployment, the latter is because JAX-RS 1.1 API (required because of
EAP 6.x) doesn't support HttpOnly Cookies.
Also, I see that UndertowUserSessionManagement is using the servlet's
HttpSession class. But it probably should be using Undertow's Session
class instead.
My main point was to ask Boleslaw why it matters. I think the technical
arguments against using the Servlet API have gotten much weaker.