[keycloak-dev] creating JPA user storage provider difficult
Bill Burke
bburke at redhat.com
Mon Aug 15 09:52:28 EDT 2016
FYI, deployer is now in master if you didn't see the email. It does not
support deploying SPIs though. I'm not sure on the implications of
supporting that or if it can even work with hot re-deployment. i.e. a
different deployment that implements that deployed SPI.
On 8/15/16 7:39 AM, Stian Thorgersen wrote:
> +1 To dropping provider directory as it's not very useful for real
> providers.
>
> Deployer would be awesome, especially if we can leverage
> jboss-deployment-structure.xml as an alternative to modules and Maven
> deploy plugin. Sounds like a lot of work though. There's also the
> issue around not supporting applications deployed directly to Keycloak.
>
> For a long time ago I built a server which used regular old JEE
> session beans as plugins. All you needed to to was to register it
> globally in JNDI and the server would scan for implementations of
> specific classes. It was a bit of a pain when it came to life cycle
> (beans would need to be deployed before the server, etc.). Worked
> quite well though ;)
>
> On 5 August 2016 at 10:36, Marek Posolda <mposolda at redhat.com
> <mailto:mposolda at redhat.com>> wrote:
>
> On 04/08/16 16:03, Bill Burke wrote:
> >
> >
> > On 8/4/16 9:56 AM, Marek Posolda wrote:
> >> Yep, so we can address this with some sort of "deployer" you
> >> proposed, which will have automatically access to JEE APIs, so
> people
> >> won't need to declare dependencies on them anywhere? Still people
> >> always need to deal with modules though, if they don't want
> just JEE,
> >> but also some other different 3rd party dependencies...
> > True, but at least we can make a keycloak deployer that is
> consistent
> > with WARs, etc. Meaning, those that are experienced writing WARs in
> > Wildfly and using jboss-deployment-structure.xml will not have to be
> > completely retrained to write a keycloak component.
> +1
> >
> >>
> >>>>> * Had to use JpaKeycloakTransaction to enlist EntityManager with
> >>>>> keycloak transactions. This means using EJBs is out of the
> question.
> >>>>>
> >>>>> This is unacceptable. Keycloak is supposed to be simple and
> this is
> >>>>> extremely difficult. When Keycloak was an exploded WAR you
> could use
> >>>>> every Java EE component type as you could just plop your
> extensions
> >>>>> within META-INF/lib. Classloading was simple as it was all
> the same
> >>>>> classloader.
> >>>>>
> >>>>> Going forward we need to write an actual deployer for Keycloak
> >>>>> extensions that allow you to define Keycloak providers within EE
> >>>>> jars,
> >>>>> ears, etc. Writing an extension to Keycloak should be as
> easy as
> >>>>> writing a Java EE application. Extension developers should be
> >>>>> able to
> >>>>> leverage the entire JBoss/Wildfly platform. Minimally, we also
> >>>>> need to
> >>>>> begin and commit/rollback a UserTransaction within a
> Keycloak request
> >>>>> flow so that transaction EE and Spring component layers can
> function.
> >>>> +1 for deployer. Maybe we can try to prototype an example, which
> >>>> uses stuff like EJB and then see what exactly we need to add?
> >>>>
> >>>> For UserTransaction, we can maybe have the KeycloakTransaction
> >>>> implementation, which will delegate to UserTransaction? Then
> people
> >>>> can optionally enlist it in their provider if they need it :
> >>>>
> >>>> session.getTransactionManager().enlistAfterCompletion(new
> >>>> UserTransactionWrapper());
> >>>>
> >>>> Then Keycloak will automatically take care of commit/rollback
> this
> >>>> transaction at end of request.
> >>> Why wouldn't they just use UserTransaction?
> >> In case that KeycloakTransaction is rolled back, then it calls
> >> rollback to all the enlisted delegates. So enlisted
> >> UserTransactionWrapper will then call UserTransaction.rollback
> as well.
> >>
> >> Unless we're going to rewrite our transaction API to use JTA? That
> >> will automatically integrate with JPA and infinispan. If people
> needs
> >> to enlist their own transaction, they need to implement
> >> javax.transaction.xa.XAResource. This looks slightly more
> complicated
> >> then implement our KeycloakTransaction, but on the other hand,
> it's a
> >> standard.
> >>
> > I think we can/should have both. We automatically begin and
> enlist a
> > UserTransactionWrapper into the KeycloakTransactionManager at the
> > beginning of a request (in our filter that starts a
> KeycloakSession).
> > If users want something XA then they implement and integration with
> > JTA. If they want something simpler, than use our
> KeycloakTransactions.
> +1 assuming that automatically enlist UserTransaction in each request
> won't have any performance (or other) impact.
>
> Marek
> >
> > Bill
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org <mailto:keycloak-dev at lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> <https://lists.jboss.org/mailman/listinfo/keycloak-dev>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160815/6b3bebf4/attachment-0001.html
More information about the keycloak-dev
mailing list