[keycloak-dev] Handling exceptions thrown from user storage providers

[Tomas Kyjovsky]

Currently there isn't much handling of exceptions which may be thrown from User Storage SPI methods.

For example:

- when `UserStorageProvider.preRemove` throws an exception it's not possible to remove a group/role or realm in which the offending provider is registered

- when `UserLookupProvider.getUserByUsername` throws an exception this blocks all lower priority providers from looking up users

- exception from `UserStorageProviderFactory.create` blocks all providers from lookup, credential validation/updates, etc.

I can't decide whether this "fail fast" behavior is bug or feature. On one hand it lets the developer know there's a problem with the provider. On the other hand it destabilizes the other providers in the realm.

WDYT?


Tomas