[keycloak-dev] isolate picketlink dependency please
Bill Burke
bburke at redhat.com
Wed Apr 30 09:48:35 EDT 2014
Primary Keycloak code should not depend on Picketlink. Picketlink
should always be hidden by SPIs. So, if we need to provide LDAP support
on EAP using an older version of Picketlink, then we write a separate
maven module using that older version of Picketlink and plug it in.
Following me?
Right now, it looks that only the Mongo data model has a PL dependency.
Correct?
On 4/30/2014 4:44 AM, Stian Thorgersen wrote:
> It may be in the future, if we want to support all/most features on EAP, but I don't think we do now.
>
> Bill: wdyt?
>
> ----- Original Message -----
>> From: "Marek Posolda" <mposolda at redhat.com>
>> To: "Stian Thorgersen" <stian at redhat.com>
>> Cc: keycloak-dev at lists.jboss.org
>> Sent: Wednesday, 30 April, 2014 9:30:14 AM
>> Subject: Re: [keycloak-dev] isolate picketlink dependency please
>>
>> Ok, I will remove the dependency from the mongo model, that's an easy
>> part though.
>>
>> So the fact that we actually bundle latest picketlink jars inside
>> Keycloak WAR in auth-server.war/WEB-INF/lib/ is not an issue?
>>
>> Marek
>>
>> On 30.4.2014 09:43, Stian Thorgersen wrote:
>>> AeroGear will use a stripped-down version of Keycloak WAR, without mongo,
>>> ldap, social, etc. so this won't be an issue for them, but I agree that we
>>> should remove this dependency from the Mongo model though.
>>>
>>> I don't see a problem with us using the latest version of PicketLink as
>>> long as only authentication-picketlink depends on it.
>>>
>>> ----- Original Message -----
>>>> From: "Marek Posolda" <mposolda at redhat.com>
>>>> To: keycloak-dev at lists.jboss.org
>>>> Sent: Tuesday, 29 April, 2014 10:59:23 PM
>>>> Subject: Re: [keycloak-dev] isolate picketlink dependency please
>>>>
>>>> Mongo model is using just some helper reflection classes from
>>>> org.picketlink.common. It should be easy to fork some functionality and
>>>> completely remove dependency on org.picketlink.common from mongo model.
>>>>
>>>> However picketlink is also used for Ldap integration and here it's more
>>>> complicated...
>>>>
>>>> So what exactly is the requirement for picketlink integration? Am I
>>>> understand correctly that all picketlink dependencies must be removed
>>>> from auth-server.war/WEB-INF/lib/ and added as deps to
>>>> auth-server.war/WEB-INF/jboss-deployment-structure.xml instead?
>>>>
>>>> If I understand correctly, this means that Keycloak must use same
>>>> Picketlink version, which is bundled with EAP. Do you know what is our
>>>> target EAP version and which version of Picketlink is in it?
>>>>
>>>> Today I've upgraded Keycloak to newly released Picketlink 2.6.0.CR2,
>>>> which contains some nice LDAP improvements and fixes (like support for
>>>> RHDS and connection pooling). So it seems that I will need to revert
>>>> this and use some older picketlink version bundled in EAP instead:-(
>>>>
>>>> Marek
>>>>
>>>> On 29.4.2014 18:15, Bill Burke wrote:
>>>>> Mongo model project seems to have picketlink dependencies:
>>>>>
>>>>> org.picketlink.common
>>>>>
>>>>> These need to be isolated and removed as a dependency. Since we may be
>>>>> introducing Keycloak into EAP (via Aerogear) we want to be sure we can
>>>>> remove any version conflicting picketlink dependencies. So, anything
>>>>> picketlink related has to be behind a plugglable and removable SPI.
>>>> _______________________________________________
>>>> keycloak-dev mailing list
>>>> keycloak-dev at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>>
>>
>>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list