[keycloak-dev] Removing JaxrsBearerTokenFilter

Stian Thorgersen sthorger at redhat.com
Wed Feb 20 09:32:01 EST 2019

+1 To just removing it as long if there's no mention of it in the

On Wed, 20 Feb 2019 at 14:44, Marek Posolda <mposolda at redhat.com> wrote:

> I wonder if we can remove JaxrsBearerTokenFilter?
> Jut to add some context, the JaxrsBearerTokenFilter is the "adapter",
> which we have in the codebase and which allows to "secure" the JaxRS
> Application by adding the JaxrsFilter, which implements our OIDC
> adapter. Bill added this thing in the early days of Keycloak. I enhanced
> it a bit few years ago as someone wanted to secure the JaxRS application
> on Fuse. But this was before we had the proper Fuse adapter.
> This thing was never documented and we never had any
> examples/quickstarts for it. We have just few automated tests (in the
> old testsuite). IMO it is very obsolete now as you can probably always
> secure your application through some other oficially supported way (HTTP
> Servlet filter or any of our other built-in adapters).
> Does anyone have any reason why we shouldn't remove this?
> If not, I wonder if we can remove it directly without "deprecation
> period"? Considering that this was never documented or announced, it
> probably can't be treated as a Keycloak feature, but rather an
> "implementation detail" or "prototype" and hence removing it directly
> may be fine? In this case, we won't need to migrate the tests from the
> old testsuite (which is my main motivation for writing this email :)
> Marek
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev

More information about the keycloak-dev mailing list