[keycloak-dev] AS7 subsystem problems Re: release? Stan?

Bill Burke bburke at redhat.com
Wed Dec 3 09:07:08 EST 2014 


On 12/3/2014 2:43 AM, Stian Thorgersen wrote:
>
>
> ----- Original Message -----
>> From: "Stan Silvert" <ssilvert at redhat.com>
>> To: keycloak-dev at lists.jboss.org
>> Sent: Wednesday, 3 December, 2014 3:56:27 AM
>> Subject: Re: [keycloak-dev] AS7 subsystem problems Re:  release?  Stan?
>>
>> On 12/2/2014 6:18 PM, Stan Silvert wrote:
>>> On 12/2/2014 4:41 PM, Bill Burke wrote:
>>>> On 12/2/2014 4:38 PM, Bill Burke wrote:
>>>>> On 12/2/2014 3:55 PM, Stan Silvert wrote:
>>>>>> On 12/2/2014 3:36 PM, Marek Posolda wrote:
>>>>>>> oops, thanks to you for reporting issue to me this time:-)
>>>>>>>
>>>>>>> It should be fixed now. Let me know if it helps.
>>>>>> That fixed it.  Wish mine was that easy.
>>>>>>
>>>>>> So much for EAP6 being based on AS7.  The API I'm using doesn't exist on
>>>>>> AS7.  It does exist on EAP6, WF8, and WF9.
>>>>>>
>>>>>> I think our best course right now is to not use the subsystem on AS7.
>>>>>> You can still deploy the auth-server WAR into the /deployments directory
>>>>>> if you are dead set on using AS7 that way.
>>>>>>
>>>>>> This doesn't affect the AS7 adapter at all.  We just need to remove the
>>>>>> subsystem module from the dist.
>>>>>>
>>>>> Isn't the adapter subsystem and auth-server subsystem in the same
>>>>> jar/module?
>>>>>
>>>>> http://docs.jboss.org/keycloak/docs/1.0.4.Final/userguide/html/ch07.html#jboss-adapter
>>>>>
>>>> What I'm saying is...didn't you just totally break the as7 adapter?
>>>>
>>>>
>>> No, they are not in the same module.  But now I do see what you are
>>> saying.  The subsystem is adding the adapter module, so yes, it's broken
>>> unless you add the module in jboss-structure.xml.
>>>
>>> Need to think on this some more.
>> So the simplest solution actually is to do what I say above when using
>> AS7.  That is, you either package the adapter in your WAR or you
>> reference it in jboss-structure.xml.  That would require no further
>> changes.  Just merge the PR I sent earlier and I'll change the docs.
>>
>> Is that acceptable?  There are some other solutions, but I don't like
>> them as much.  Anything else we do will require treating the AS7
>> subsystem as a special case and I just don't see the ROI.  AS7 is (or
>> should be) a dead platform.
>>
>> So what I'm proposing is that we just treat AS7 like Tomcat or Jetty.
>> We still have the AS7 adapter but you don't use the subsystem.
>
> IMO that's a decent solution and better than having a separate subsystem for AS7 (assuming that'd be the only option).
>

-20...The subsystem allows you to have specify KEYCLOAK as the 
<auth-method>, as well as to override a WAR's security settings in 
standalone.xml.  Without a subsystem you have to specify a jboss-web.xml 
and a valve.  We need to be as consistent as possible.  If you're not 
going to fix it, let me know and I'll do it.

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

More information about the keycloak-dev mailing list