[keycloak-dev] Async HTTP Request Processing
Raghuram Prabhala
prabhalar at yahoo.com
Wed Mar 30 21:32:13 EDT 2016
I am talking about some external authenticators (MIT Kerberos or SecurID) when KC will wait for the response which can take a few seconds (the thread executing that call sits idle during that time) -and it makes perfect sense in those cases to use async model. The same applies to Identity Broker when KC opens up http connection to an external Identity Provider (say ADFS - there could be delay of few seconds for the response to come back). I had a quick look at the KC code and it appears that normal http blocking calls are being made. Shifting to async will definitely help KC handle many more user requests. See the below text from Apache http components website on when async model makes sense. Whether you consider shifting to async or not is totally your call but shifting to async model (infact using modern web frameworks/servers like Vertx) will future proof KC functionality.
The blocking I/O model may be more appropriate for data intensive, low latency scenarios, whereas the non-blocking model may be more appropriate for high latency scenarios where raw data throughput is less important than the ability to handle thousands of simultaneous HTTP connections in a resource efficient manner.
From: Bill Burke <bburke at redhat.com>
To: keycloak-dev at lists.jboss.org
Sent: Wednesday, March 30, 2016 9:43 AM
Subject: Re: [keycloak-dev] Async HTTP Request Processing
JAX-RS async can be enabled per resource, so its really up to you to decide if Authz needs it.
Async doesn't make sense for core KC autthentication. KC Identity broker does not wait/block for a response on a login. Authenticators are not waiting/blocking for responses either. Waiting/blocking only happens on backchannel logouts and background admin operations. Somebody is going to have to show me real tangible benefits before we switch core KC to use Async JAX-RS or some async event driven SPI, because right now, with our currently functionality and our roadmap, there is no need for an async model.
On 3/29/2016 9:57 PM, Raghuram Prabhala wrote:
+1. Makes sense for even KC (as Identity broker waiting for a response from Identity provider or as Identity provider waiting for a response from Authenticators)
From: Pedro Igor Silva <psilva at redhat.com>
To: keycloak-dev <keycloak-dev at lists.jboss.org>
Sent: Tuesday, March 29, 2016 9:47 PM
Subject: [keycloak-dev] Async HTTP Request Processing
Hi,
I'm working with the AuthZ Java API in order to make it more event-driven and non-blocking. During our F2F, I've discussed some very interesting requirements with Marc Savy around that.
I would like to know if makes sense to enable JAX-RS Async support to some AuthZ REST endpoints, which are basically using this API to evaluate policies using different providers (where these providers can be executed in parallel).
Regards.
Pedro Igor
_______________________________________________
keycloak-dev mailing list
keycloak-dev at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
_______________________________________________
keycloak-dev mailing list
keycloak-dev at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-dev mailing list
keycloak-dev at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160331/7e6bba17/attachment.html
More information about the keycloak-dev
mailing list