[keycloak-dev] Removing JaxrsBearerTokenFilter
sthorger at redhat.com
Wed Feb 20 15:25:32 EST 2019
DId you send this to user mailing list as well? If not you should.
On Wed, 20 Feb 2019 at 19:45, Marek Posolda <mposolda at redhat.com> wrote:
> Thanks for the confirm! Will wait few more days if someone has any reason
> against removing it. If not, will likely send PR early next week for
> removing it.
> On 20/02/2019 15:32, Stian Thorgersen wrote:
> +1 To just removing it as long if there's no mention of it in the
> On Wed, 20 Feb 2019 at 14:44, Marek Posolda <mposolda at redhat.com> wrote:
>> I wonder if we can remove JaxrsBearerTokenFilter?
>> Jut to add some context, the JaxrsBearerTokenFilter is the "adapter",
>> which we have in the codebase and which allows to "secure" the JaxRS
>> Application by adding the JaxrsFilter, which implements our OIDC
>> adapter. Bill added this thing in the early days of Keycloak. I enhanced
>> it a bit few years ago as someone wanted to secure the JaxRS application
>> on Fuse. But this was before we had the proper Fuse adapter.
>> This thing was never documented and we never had any
>> examples/quickstarts for it. We have just few automated tests (in the
>> old testsuite). IMO it is very obsolete now as you can probably always
>> secure your application through some other oficially supported way (HTTP
>> Servlet filter or any of our other built-in adapters).
>> Does anyone have any reason why we shouldn't remove this?
>> If not, I wonder if we can remove it directly without "deprecation
>> period"? Considering that this was never documented or announced, it
>> probably can't be treated as a Keycloak feature, but rather an
>> "implementation detail" or "prototype" and hence removing it directly
>> may be fine? In this case, we won't need to migrate the tests from the
>> old testsuite (which is my main motivation for writing this email :)
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
More information about the keycloak-dev