[keycloak-dev] Current state of OSGi in Keycloak; Keycloak at adaptTo()'2018 conference & more

Grzegorz Grzybek gr.grzybek at gmail.com
Wed Jun 13 10:35:13 EDT 2018


Hello

First, let me introduce myself (I've subscribed to keycloak-dev list
just recently). I'm Grzegorz Grzybek and I'm contributing to both
Apache Karaf (and JBoss Fuse) and ops4j PAX-WEB project.

"Keycloak OSGi adapter" (GA = org.keycloak:keycloak-osgi-adapter)
indeed has some Fuse specific features. Or rather pax-web specific
features.
It uses org.ops4j.pax.web.service.WebContainer OSGi service to
register "something more" than what's possible to register using plain
org.osgi.service.http.HttpService.

In fact, org.ops4j.pax.web.service.WebContainer simply extends
org.osgi.service.http.HttpService adding methods to register filters,
listeners, login configurations security constraints, etc.
So org.ops4j.pax.web.service.WebContainer allows you to directly
register what's possible with WEB-INF/web.xml elements.

I never used Felix' http service (because Karaf uses pax-web), so I'm
not sure how keycloak works with plain OSGi http service.

I think, for sling integration you should not use
org.keycloak:keycloak-osgi-adapter, but
org.keycloak:keycloak-servlet-filter-adapter.

best regards
Grzegorz Grzybek

2018-06-12 21:59 GMT+02:00 Dmitry Telegin <dt at acutus.pro>:
>
> Hi,
>
> Together with Ioan Eugen Stan (in CC) we'll be doing a talk at
> adaptTo()'2018 conference [1] that will take place 12-13 September in
> Potsdam, Germany. It's an event dedicated to Apache Sling and
> everything around it. The talk will be titled "Modern authentication in
> Sling with OpenID Connect and Keycloak".
>
> As you might guess, we're going to present Sling + Keycloak integration
> which I hope we'll manage to implement by the time of the conference :)
> that said, we welcome any thoughts that might help us with that.
>
> Now for technical details, Sling is an OSGi-based content-oriented web
> framework that runs on top of Apache Felix and uses Felix HTTP Service.
> I've examined Keycloak OSGi adapter and found its name a bit confusing;
> seems like it's only suitable for JBoss Fuse, depending on Pax Web
> (correct me if I'm wrong).
>
> Right now I see two scenarios, the first is to take current OSGi
> adapter and adapt it (sorry for tautology) to Felix HTTP Service; the
> second is to use the existing servlet filter adapter. I'd say I would
> prefer the second variant, as it's more straightforward. Felix and
> Sling have a proven and well-documented support for servlet filters,
> however, we'll have to solve the problems of packaging for OSGi, filter
> registration, configuration and more deep integration with Sling's
> security framework.
>
> Also please let us know if you consider our (future) code worth being
> contributed to Keycloak codebase. Most likely, the deliverables will
> include 1) servlet filter adapter packaged as OSGi bundle, 2) the Sling
> adapter proper.
>
> Cheers and hope to hear from you,
> Dmitry
>
> [1] https://adapt.to/2018/en/schedule/modern-authentication-in-sling-wi
> th-openid-connect-and-keycloak.html
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev


More information about the keycloak-dev mailing list