[keycloak-dev] Removing JaxrsBearerTokenFilter

Stian Thorgersen sthorger at redhat.com
Wed Feb 20 15:25:32 EST 2019


DId you send this to user mailing list as well? If not you should.

On Wed, 20 Feb 2019 at 19:45, Marek Posolda <mposolda at redhat.com> wrote:

> Thanks for the confirm! Will wait few more days if someone has any reason
> against removing it. If not, will likely send PR early next week for
> removing it.
>
> Marek
>
> On 20/02/2019 15:32, Stian Thorgersen wrote:
>
> +1 To just removing it as long if there's no mention of it in the
> docs/examples/quickstarts
>
> On Wed, 20 Feb 2019 at 14:44, Marek Posolda <mposolda at redhat.com> wrote:
>
>> I wonder if we can remove JaxrsBearerTokenFilter?
>>
>> Jut to add some context, the JaxrsBearerTokenFilter is the "adapter",
>> which we have in the codebase and which allows to "secure" the JaxRS
>> Application by adding the JaxrsFilter, which implements our OIDC
>> adapter. Bill added this thing in the early days of Keycloak. I enhanced
>> it a bit few years ago as someone wanted to secure the JaxRS application
>> on Fuse. But this was before we had the proper Fuse adapter.
>>
>> This thing was never documented and we never had any
>> examples/quickstarts for it. We have just few automated tests (in the
>> old testsuite). IMO it is very obsolete now as you can probably always
>> secure your application through some other oficially supported way (HTTP
>> Servlet filter or any of our other built-in adapters).
>>
>> Does anyone have any reason why we shouldn't remove this?
>>
>> If not, I wonder if we can remove it directly without "deprecation
>> period"? Considering that this was never documented or announced, it
>> probably can't be treated as a Keycloak feature, but rather an
>> "implementation detail" or "prototype" and hence removing it directly
>> may be fine? In this case, we won't need to migrate the tests from the
>> old testsuite (which is my main motivation for writing this email :)
>>
>> Marek
>>
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>
>


More information about the keycloak-dev mailing list