[keycloak-dev] WildFly subsystem and demo

Bill Burke bburke at redhat.com
Tue Feb 18 10:53:38 EST 2014

On 2/18/2014 10:47 AM, Stan Silvert wrote:
> On 2/18/2014 9:45 AM, Bill Burke wrote:
>> On 2/18/2014 7:44 AM, Stan Silvert wrote:
>>> On 2/18/2014 7:16 AM, Stian Thorgersen wrote:
>>>> I've just tried out deploying the demo manually using the WildFly subsystem. It's very cool and I really like how the WildFly subsystem has made things so much simpler. Some comments though on my "experience" trying this out.
>>>> 1. Having to edit standalone.xml to add secure-deployment requires restarting the server. In installation tab we could have an additional option that lists the jboss-cli command to add this at runtime
>>> Yes, it's usually easier and more accurate to run a CLI script instead
>>> of editing standalone.xml by hand.  Using CLI also allows you to make
>>> the update remotely when you might not have access to the remote file
>>> system.
>> Stan.  I actually kinda (not wholeheartedly) disagree.  To run the CLI
>> requires setting up a local user to administrate the server.  Its
>> actually easier to cut, paste, and restart, IMO.
> If you are local then CLI does not require setting up a user.  Web
> console requires it, but CLI does not.
> If you are remote then I'm sure you agree that CLI is better since it is
> that much harder to edit a remote file.

I just can't see (yet) anybody securing a system remotely.  Even in the 
Openshift case, its a real pain to do anything with a subsystem remotely 
as you have to do port mapping to expose the admin HTTP interface, and 
also set up a admin user (which I don't think can be done without 
hardcoding initial credentials).

> Granted, there is more work to do in this area to make it even easier.
> One thing you could do is create a CLI script along with a *.sh or *.bat
> file to launch it.  Tell the user to save it to JBOSS_HOME/bin.  Then
> you can update the server quickly and accurately with a single click.

Or, they could just cut and paste the XML from the admin console to 
standalone.xml...which is, still...IMO...faster, simpler, and easier?

Bill Burke
JBoss, a division of Red Hat

More information about the keycloak-dev mailing list