[keycloak-dev] What to do about Java admin client

Stian Thorgersen sthorger at redhat.com
Tue Apr 5 07:22:00 EDT 2016


On 5 April 2016 at 12:58, Marek Posolda <mposolda at redhat.com> wrote:

> On 05/04/16 10:19, Stian Thorgersen wrote:
>
> At least personally I think the admin client needs some TLC. For example
> creating a user requires:
>
>         UserRepresentation user = new UserRepresentation();
>         user.setUsername("user");
>
>         Response response = keycloak.realm("realm").users().create(user);
>
>         // Retrieve created user id
>         String path = response.getLocation().getPath();
>         String id = path.substring(path.lastIndexOf('/') + 1);
>
>         // Remember to close the response
>         response.close();
>
>         // Set password
>         CredentialRepresentation credentials = new
> CredentialRepresentation();
>         credentials.setType(CredentialRepresentation.PASSWORD);
>         credentials.setValue("password");
>
>         keycloak.realm("realm").users().get(id).resetPassword(credentials);
>
>         // Add role
>         RoleRepresentation role =
> keycloak.realm("realm").roles().get("role").toRepresentation();
>
> keycloak.realm("realm").users().get(id).roles().realmLevel().add(Collections.singletonList(role));
>
> That's pretty rubbish right?
>
> In my opinion a lot of the usability issues is caused by directly exposing
> interfaces/proxies from RestEasy Client and it would be much better if we
> introduced a wrapper around it.
>
> Yeah, agree that usability is not very great.
>
> However to me personally, the biggest issue is not usability but the fact,
> that admin-client needs to be manually maintained. AFAIK it was lots of
> spent time - especially for Stan and Marko - to have the admin-client
> synced with the latest server. And it seems that earlier or later, the
> issue will be back once we will add more endpoints. We can have "policy"
> that everyone, who is adding new server endpoint, would need to update
> client too (which is usually needed anyway for the test). But that still
> requires some time spend in manually updating code + there is some risk
> that earlier or later will admin-client still become outdated...
>
> IMO If we can have admin-client autogenerated, it will be a huge win. I am
> not sure if it's realistic (and seems that it will be even harder to
> accomplish if we use wrapper instead of JAX-RS directly. ) but maybe worth
> to look into it at least?
>

I don't think auto-generating is realistic. Nor do I think it will be a
particularly big issue going forward. If anyone touches the admin endpoints
they WILL update the admin client as well as add tests for it, end of ;)


>
> So my questions are:
>
> 1) What do we do with regards to admin client? Do we just wrap what we
> have, keep it or create a brand new one from scratch?
> 2) Is it an issue that we require a specific RestEasy version to use the
> admin client? This seems a heavy dependency to me, which could conflict
> with other JAX-RS libraries. Using JAX-RS 2 Client would be an improvement
> as it should in theory work with any JAX-RS 2 provider.
> 3) What do we do with current fixes for admin client? Do we merge to
> master and 1.9.x or just merge to master?
>
> At least from my POV the answers are:
> 1) Create wrappers around interfaces/proxies from RestEasy client and not
> expose JAX-RS directly through the API as that should be an implementation
> detail
>
> +1 for wrappers. And as I mentioned above, look if we can do something
> regarding autogeneration (or at least something else to enforce the
> admin-client won't become outdated again).
>

API's, user interfaces, etc.. can NOT be auto-generated if you want to have
anything remotely usable


>
> 2) Use JAX-RS 2 client
>
> +1
>
> But it will be good if people have possibility to configure the details of
> underlying Apache HTTP Client (connection pooling, connection/socket
> timeouts, tls etc). If it's possible to achieve it and use JAX-RS 2 client
> at the same time, it will be cool. Otherwise if we need to choose just one
> of these, the "configurability" of Apache HTTP client is more important IMO.
>

Sticking with RestEasy Client makes the assumption that all users use other
JBoss projects. We know that's not true as Tomcat, Jetty and Spring
adapters all have a lot of use. IMO we should either convert to JAX-RS 2
client or use Apache HTTP client directly (I'm not to keen on that though).

> 3) Merge fixes to both master and 1.9.x (admin client is not supported in
> product for now, so it's less risky)
>
> +1
>
> Marek
>
>
>
> _______________________________________________
> keycloak-dev mailing listkeycloak-dev at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-dev
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160405/dce77890/attachment-0001.html 


More information about the keycloak-dev mailing list