[keycloak-dev] What to do about Java admin client

Marek Posolda mposolda at redhat.com
Tue Apr 5 07:47:04 EDT 2016


On 05/04/16 13:22, Stian Thorgersen wrote:
>
>
> On 5 April 2016 at 12:58, Marek Posolda <mposolda at redhat.com 
> <mailto:mposolda at redhat.com>> wrote:
>
>     On 05/04/16 10:19, Stian Thorgersen wrote:
>>     At least personally I think the admin client needs some TLC. For
>>     example creating a user requires:
>>
>>     UserRepresentation user = new UserRepresentation();
>>     user.setUsername("user");
>>
>>     Response response = keycloak.realm("realm").users().create(user);
>>
>>     // Retrieve created user id
>>     String path = response.getLocation().getPath();
>>     String id = path.substring(path.lastIndexOf('/') + 1);
>>     // Remember to close the response
>>     response.close();
>>
>>     // Set password
>>     CredentialRepresentation credentials = new
>>     CredentialRepresentation();
>>     credentials.setType(CredentialRepresentation.PASSWORD);
>>     credentials.setValue("password");
>>     keycloak.realm("realm").users().get(id).resetPassword(credentials);
>>     // Add role
>>     RoleRepresentation role =
>>     keycloak.realm("realm").roles().get("role").toRepresentation();
>>     keycloak.realm("realm").users().get(id).roles().realmLevel().add(Collections.singletonList(role));
>>     That's pretty rubbish right?
>>
>>     In my opinion a lot of the usability issues is caused by directly
>>     exposing interfaces/proxies from RestEasy Client and it would be
>>     much better if we introduced a wrapper around it.
>     Yeah, agree that usability is not very great.
>
>     However to me personally, the biggest issue is not usability but
>     the fact, that admin-client needs to be manually maintained. AFAIK
>     it was lots of spent time - especially for Stan and Marko - to
>     have the admin-client synced with the latest server. And it seems
>     that earlier or later, the issue will be back once we will add
>     more endpoints. We can have "policy" that everyone, who is adding
>     new server endpoint, would need to update client too (which is
>     usually needed anyway for the test). But that still requires some
>     time spend in manually updating code + there is some risk that
>     earlier or later will admin-client still become outdated...
>
>     IMO If we can have admin-client autogenerated, it will be a huge
>     win. I am not sure if it's realistic (and seems that it will be
>     even harder to accomplish if we use wrapper instead of JAX-RS
>     directly. ) but maybe worth to look into it at least?
>
>
> I don't think auto-generating is realistic. Nor do I think it will be 
> a particularly big issue going forward. If anyone touches the admin 
> endpoints they WILL update the admin client as well as add tests for 
> it, end of ;)
>
>>
>>     So my questions are:
>>
>>     1) What do we do with regards to admin client? Do we just wrap
>>     what we have, keep it or create a brand new one from scratch?
>>     2) Is it an issue that we require a specific RestEasy version to
>>     use the admin client? This seems a heavy dependency to me, which
>>     could conflict with other JAX-RS libraries. Using JAX-RS 2 Client
>>     would be an improvement as it should in theory work with any
>>     JAX-RS 2 provider.
>>     3) What do we do with current fixes for admin client? Do we merge
>>     to master and 1.9.x or just merge to master?
>>
>>     At least from my POV the answers are:
>>     1) Create wrappers around interfaces/proxies from RestEasy client
>>     and not expose JAX-RS directly through the API as that should be
>>     an implementation detail
>     +1 for wrappers. And as I mentioned above, look if we can do
>     something regarding autogeneration (or at least something else to
>     enforce the admin-client won't become outdated again).
>
>
> API's, user interfaces, etc.. can NOT be auto-generated if you want to 
> have anything remotely usable
>
>
>>     2) Use JAX-RS 2 client
>     +1
>
>     But it will be good if people have possibility to configure the
>     details of underlying Apache HTTP Client (connection pooling,
>     connection/socket timeouts, tls etc). If it's possible to achieve
>     it and use JAX-RS 2 client at the same time, it will be cool.
>     Otherwise if we need to choose just one of these, the
>     "configurability" of Apache HTTP client is more important IMO.
>
>
> Sticking with RestEasy Client makes the assumption that all users use 
> other JBoss projects. We know that's not true as Tomcat, Jetty and 
> Spring adapters all have a lot of use. IMO we should either convert to 
> JAX-RS 2 client or use Apache HTTP client directly (I'm not to keen on 
> that though).
At least we may just have possibility to inject underlying 
javax.ws.rs.client.Client during creation of admin-client. So if someone 
is on resteasy and wants to tweak Apache HTTP Client, he can use 
RestEasy API to build client by himself and inject it. If he's using 
some other library, he would need to use it's API to build client (and 
possibly configure connection pooling etc in library specific way).

Marek
>
>>     3) Merge fixes to both master and 1.9.x (admin client is not
>>     supported in product for now, so it's less risky)
>     +1
>
>     Marek
>>
>>
>>     _______________________________________________
>>     keycloak-dev mailing list
>>     keycloak-dev at lists.jboss.org <mailto:keycloak-dev at lists.jboss.org>
>>     https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160405/cc5194af/attachment.html 


More information about the keycloak-dev mailing list