[keycloak-dev] Problems with Filter session management
Bill Burke
bburke at redhat.com
Wed Sep 25 09:31:27 EDT 2013
There's a problem using servlet filters to manage KeycloakSession objects.
1) We may not be in a servlet environment. It seems that MBaaS may want
to avoid having a servlet container
2) Not all exceptions are propagated to Servlet Filter, thus, no
automatic rollbacks. i.e. WebApplicationException and all its varients
like NotFoundException
3) You may think, "Well, we can write an ExceptionMapper to rollback",
but you'd be wrong. Stupid idiotic JAX-RS spec will not run an
ExceptionMapper for a WebApplicationException that has an entity.
There's two ways we could fix this problem:
1) Bring back the Transaction class
2) Write a JAX-RS ContainerRequestFilter that starts the session. Write
a JAX-RS ContainerResponseFilter that will check the response code to
see if it is a) successful, or b) a redirect and commit, otherwise rollback.
Thoughts?
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list