On 05/04/16 10:19, Stian Thorgersen wrote:
At least personally I think the admin client needs some TLC. For
example creating a user requires:
UserRepresentation user = new UserRepresentation();
user.setUsername("user");
Response response = keycloak.realm("realm").users().create(user);
// Retrieve created user id
String path = response.getLocation().getPath();
String id = path.substring(path.lastIndexOf('/') + 1);
// Remember to close the response
response.close();
// Set password
CredentialRepresentation credentials = new CredentialRepresentation();
credentials.setType(CredentialRepresentation.PASSWORD);
credentials.setValue("password");
keycloak.realm("realm").users().get(id).resetPassword(credentials);
// Add role
RoleRepresentation role =
keycloak.realm("realm").roles().get("role").toRepresentation();
keycloak.realm("realm").users().get(id).roles().realmLevel().add(Collections.singletonList(role));
That's pretty rubbish right?
In my opinion a lot of the usability issues is caused by directly
exposing interfaces/proxies from RestEasy Client and it would be much
better if we introduced a wrapper around it.
Yeah, agree that usability is not very
great.
However to me personally, the biggest issue is not usability but the
fact, that admin-client needs to be manually maintained. AFAIK it was
lots of spent time - especially for Stan and Marko - to have the
admin-client synced with the latest server. And it seems that earlier or
later, the issue will be back once we will add more endpoints. We can
have "policy" that everyone, who is adding new server endpoint, would
need to update client too (which is usually needed anyway for the test).
But that still requires some time spend in manually updating code +
there is some risk that earlier or later will admin-client still become
outdated...
IMO If we can have admin-client autogenerated, it will be a huge win. I
am not sure if it's realistic (and seems that it will be even harder to
accomplish if we use wrapper instead of JAX-RS directly. ) but maybe
worth to look into it at least?
So my questions are:
1) What do we do with regards to admin client? Do we just wrap what we
have, keep it or create a brand new one from scratch?
2) Is it an issue that we require a specific RestEasy version to use
the admin client? This seems a heavy dependency to me, which could
conflict with other JAX-RS libraries. Using JAX-RS 2 Client would be
an improvement as it should in theory work with any JAX-RS 2 provider.
3) What do we do with current fixes for admin client? Do we merge to
master and 1.9.x or just merge to master?
At least from my POV the answers are:
1) Create wrappers around interfaces/proxies from RestEasy client and
not expose JAX-RS directly through the API as that should be an
implementation detail
+1 for wrappers. And as I mentioned above, look if we can do
something
regarding autogeneration (or at least something else to enforce the
admin-client won't become outdated again).
2) Use JAX-RS 2 client
+1
But it will be good if people have possibility to configure the details
of underlying Apache HTTP Client (connection pooling, connection/socket
timeouts, tls etc). If it's possible to achieve it and use JAX-RS 2
client at the same time, it will be cool. Otherwise if we need to choose
just one of these, the "configurability" of Apache HTTP client is more
important IMO.
3) Merge fixes to both master and 1.9.x (admin client is not
supported
in product for now, so it's less risky)
+1
Marek
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev