As you noticed with the ScheduledPermissionEvaluator, policy evaluation is
a blocking operation. The idea is provide in the future ways to configure
an executor and allow more authz requests happening in parallel with
complete control over how it is done.
Right now, yes. We don't have this yet but just using a single thread.
Some time ago I did some tests using executors but I had no success mainly
because of issues with JPA EntityManager.
I'm OK to remove async for now but keep an eye on the future for future
improvements in this area.
Regards.
Pedro Igor
On Sat, Apr 1, 2017 at 12:33 PM, Bill Burke <bburke(a)redhat.com> wrote:
I say this because I'm trying to run the policy evaluator within
the IDE
within the arquillian testsuite and it is failing. We have regular
non-async servlet filters in Keycloak. Undertow now checks to see if
there are any non-async servlet filters and won't allow async http.
On 4/1/17 11:15 AM, Bill Burke wrote:
> I don't understand why async-http support for JAXRS is being used for
> Authz requests. Async HTTP is only useful when you want to limit the
> amount of long running requests or you have an operation that may
> block for some time. Do you want to limit the number of authz
> requests that can happen at one time? Or, do you have an operation
> that may block? Otherwise I don't see the point of using async HTTP.
> It complicates the code.
>
> Looking at your ScheduledPermissionEvaluator you aren't even using the
> Executor that is passed into the constructor so its all happening in
> the same thread anyways.
>
> Bill
>
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev