Re: [keycloak-dev] Keycloak in Tomcat server
On 11/30/2015 5:07 PM, Adam Young wrote:
On 11/26/2015 03:05 AM, Stian Thorgersen wrote:
> In enterprise they should recommend using a standalone SSO server.
> It's more secure and scalable. You wouldn't embed your database into
> Tomcat would you? It's also more reliable and less error prone as you
> are using the exact bits that we test.
>
> It has been achieved in the past, but initially we relied less on
> features from WildFly. Keycloak server is no longer a WAR that's
> deployed onto the WildFly app server, instead we rely on the core bits
> of WildFly to create our own dedicated server.
>
> In theory it would be possible to get it to work on top of Tomcat with
> some considerable amount of effort. However, as we add new features in
> the future that rely on features in WildFly you would have new issues.
> Further we would not be able to help you if you have any issues.
Can you document this? I assume the JMX components are the biggest
aspect, but what else requires a full JEE app server? Is there any JMS
integration?
JMX is not involved.
Infinispan (caching), JPA, datasources, servlet, JAX-RS. Wildfly/JBoss
is also set to run out of the box in a cluster and managable in a domain
( a cluster) out of the box. Not to mention all the classloader
isolation you DO NOT get with Tomcat. Finally all the built in patch
management that comes with Wildfly/JBoss. Then there's developers that
will want to deploy integration/extension plugins. We can also leverage
Wildfly's deployment engine for that too.
Running Keycloak Auth Server in Tomcat/Jetty would actually not be a
very smart thing to do. There are huge advantages to running within
Wildfly/JBoss. The only disadvantage is the size of the distro. There
is no performance penalty.
We have looked into trimming the Wildfly distro, but nixed that because
it puts a huge burden on productization. Its just much easier for them
if we just layer on top of the full app server.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com