[keycloak-dev] LiveOak and JavaEE libraries
Stan Silvert
ssilvert at redhat.com
Fri May 16 10:03:39 EDT 2014
On 5/16/2014 9:43 AM, Bill Burke wrote:
>
> On 5/16/2014 9:08 AM, Stan Silvert wrote:
>> On 5/16/2014 8:47 AM, Bill Burke wrote:
>>> On 5/16/2014 8:23 AM, Stan Silvert wrote:
>>>> On 5/16/2014 4:04 AM, Bolesław Dawidowicz wrote:
>>>>> Yes, the intention is that LiveOak doesn't require JEE container. We
>>>>> started with pure netty container. Currently we deploy on WildFly for
>>>>> several reasons, also because of KeyCloak. However we want to start
>>>>> stripping it down as soon as WildFly Core is available.
>>>> I'm working on "Keycloak without servlets" right now. The goal is to be
>>>> able to use Keycloak for the EAP console where servlets are verboten.
>>>> So far so good.
>>>>
>>>> But it begs the question, "Since the Servlet API is mostly just a facade
>>>> on top of the Undertow API, why do we care if Keycloak is using the
>>>> Servlet API?"
>>> There's two places we use the servlet API. In KeycloakApplication and
>>> in CookieHelper. The former is to get the context path of the
>>> deployment, the latter is because JAX-RS 1.1 API (required because of
>>> EAP 6.x) doesn't support HttpOnly Cookies.
>>>
>>>
>> Also, I see that UndertowUserSessionManagement is using the servlet's
>> HttpSession class. But it probably should be using Undertow's Session
>> class instead.
>>
>> My main point was to ask Boleslaw why it matters. I think the technical
>> arguments against using the Servlet API have gotten much weaker.
> I haven't implemented a pure Undertow adapter yet.
>
I'm hacking on one right now, but I'm questioning if it will every
really be needed.
More information about the keycloak-dev
mailing list