[keycloak-dev] Provider modules

Stian Thorgersen stian at redhat.com
Tue Jan 20 12:03:59 EST 2015 


----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: keycloak-dev at lists.jboss.org
> Sent: Tuesday, 20 January, 2015 5:15:55 PM
> Subject: Re: [keycloak-dev] Provider modules
> 
> 
> 
> On 1/20/2015 10:54 AM, Stian Thorgersen wrote:
> > As I said to make sure we're all on the same page here's my view on what
> > we've just discussed:
> >
> > 1. A user creates a module for the provider
> > 2. The user copies the module into '/modules'
> > 3. The user registers the module with the auth-server subsystem. This can
> > be done either by directly editing standalone.xml or through CLI. Example
> > snippet from standalone.xml would look like:
> >
> >      <subsystem xmlns="urn:jboss:domain:keycloak:1.0">
> >          <auth-server name="main-auth-server">
> >              <enabled>true</enabled>
> >              <web-context>auth</web-context>
> >              <providers>
> >                  <module name="org.acme.userprovider" />
> >                  <module name="org.acme.anotherprovider" />
> >              </providers>
> >          </auth-server>
> >      </subsystem>
> >
> > 4. When a new provider module is registered Keycloak would need to be
> > reloaded
> >
> 
> Don't you have to restart the entire server if you add a new module?
> 
> 
> This should work too, with no code changes, no funky classloading:
> 
> 1. Move all keycloak archives to modules
> 2. add jboss-deployment-structure.xml to embedded WAR
> 3. add a "keycloak-providers" module that only contains a module.xml
> definition
> 4. User creates a module for the provider
> 5. User edits keycloak-providers module.xml file importing the user module
> 6. restart server.

Why would you need jboss-deployment-structure.xml to embedded WAR?

The problem with that approach is that all providers are loaded from the same class-loader so there would be issues if providers use different versions of the same library. I also think it would be more natural for a WildFly user to edit standalone.xml or use the CLI than to add dependencies to an existing module. Finally another issue happens when someone upgrades/patches Keycloak, would they not then override the keycloak-providers module.xml and have to add everything again?

> 
> 
> 
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>

More information about the keycloak-dev mailing list