[keycloak-dev] Removing JaxrsBearerTokenFilter

Marek Posolda mposolda at redhat.com
Wed Feb 20 08:35:39 EST 2019

I wonder if we can remove JaxrsBearerTokenFilter?

Jut to add some context, the JaxrsBearerTokenFilter is the "adapter", 
which we have in the codebase and which allows to "secure" the JaxRS 
Application by adding the JaxrsFilter, which implements our OIDC 
adapter. Bill added this thing in the early days of Keycloak. I enhanced 
it a bit few years ago as someone wanted to secure the JaxRS application 
on Fuse. But this was before we had the proper Fuse adapter.

This thing was never documented and we never had any 
examples/quickstarts for it. We have just few automated tests (in the 
old testsuite). IMO it is very obsolete now as you can probably always 
secure your application through some other oficially supported way (HTTP 
Servlet filter or any of our other built-in adapters).

Does anyone have any reason why we shouldn't remove this?

If not, I wonder if we can remove it directly without "deprecation 
period"? Considering that this was never documented or announced, it 
probably can't be treated as a Keycloak feature, but rather an 
"implementation detail" or "prototype" and hence removing it directly 
may be fine? In this case, we won't need to migrate the tests from the 
old testsuite (which is my main motivation for writing this email :)


More information about the keycloak-dev mailing list