[keycloak-dev] LiveOak and JavaEE libraries
Stan Silvert
ssilvert at redhat.com
Fri May 16 09:08:42 EDT 2014
On 5/16/2014 8:47 AM, Bill Burke wrote:
>
> On 5/16/2014 8:23 AM, Stan Silvert wrote:
>> On 5/16/2014 4:04 AM, Bolesław Dawidowicz wrote:
>>> Yes, the intention is that LiveOak doesn't require JEE container. We
>>> started with pure netty container. Currently we deploy on WildFly for
>>> several reasons, also because of KeyCloak. However we want to start
>>> stripping it down as soon as WildFly Core is available.
>> I'm working on "Keycloak without servlets" right now. The goal is to be
>> able to use Keycloak for the EAP console where servlets are verboten.
>> So far so good.
>>
>> But it begs the question, "Since the Servlet API is mostly just a facade
>> on top of the Undertow API, why do we care if Keycloak is using the
>> Servlet API?"
> There's two places we use the servlet API. In KeycloakApplication and
> in CookieHelper. The former is to get the context path of the
> deployment, the latter is because JAX-RS 1.1 API (required because of
> EAP 6.x) doesn't support HttpOnly Cookies.
>
>
Also, I see that UndertowUserSessionManagement is using the servlet's
HttpSession class. But it probably should be using Undertow's Session
class instead.
My main point was to ask Boleslaw why it matters. I think the technical
arguments against using the Servlet API have gotten much weaker.
More information about the keycloak-dev
mailing list