[keycloak-dev] Removing JaxrsBearerTokenFilter
Marek Posolda
mposolda at redhat.com
Thu Feb 21 07:16:40 EST 2019
I see. However my point still remains - I think that just quite small
percentage of Keycloak users is regularly following keycloak-users
mailing list. However I don't have any better idea where to announce
those type of messages. Blog or "news channel" is probably not so great
place for it. And any new ML like "keycloak-announcements" is likely
also not so great thing as 3 mailing lists seem to be quite lot... I've
just sent to keycloak-users as you mentioned.
Marek
On 21/02/2019 12:45, Stian Thorgersen wrote:
> -1
>
> Keycloak User mailing list is for users of Keycloak
>
> Keycloak Developer mailing list is for core team and contributors,
> let's not encourage more non-contributors to join that list
>
> On Thu, 21 Feb 2019 at 10:27, Marek Posolda <mposolda at redhat.com
> <mailto:mposolda at redhat.com>> wrote:
>
>
> I've just sent it to keycloak-user.
>
> But question is, if keycloak-user mailing list is good place for
> such things? I think most people use keycloak-user mailing list to
> search for solutions to their particular problem or send their
> particular issue with Keycloak. But not sure how much people read
> this mailing list regularly? IMO we should instruct community to
> monitor to keycloak-dev mailing list for general announcements
> from Keycloak team (EG. release announcements, questionnaires, ask
> for removing/deprecating some component) as in keycloak-user
> informations can be easily lost.
>
> Marek
>
> On 20/02/2019 21:25, Stian Thorgersen wrote:
>> DId you send this to user mailing list as well? If not you should.
>>
>> On Wed, 20 Feb 2019 at 19:45, Marek Posolda <mposolda at redhat.com
>> <mailto:mposolda at redhat.com>> wrote:
>>
>> Thanks for the confirm! Will wait few more days if someone
>> has any reason against removing it. If not, will likely send
>> PR early next week for removing it.
>>
>> Marek
>>
>> On 20/02/2019 15:32, Stian Thorgersen wrote:
>>> +1 To just removing it as long if there's no mention of it
>>> in the docs/examples/quickstarts
>>>
>>> On Wed, 20 Feb 2019 at 14:44, Marek Posolda
>>> <mposolda at redhat.com <mailto:mposolda at redhat.com>> wrote:
>>>
>>> I wonder if we can remove JaxrsBearerTokenFilter?
>>>
>>> Jut to add some context, the JaxrsBearerTokenFilter is
>>> the "adapter",
>>> which we have in the codebase and which allows to
>>> "secure" the JaxRS
>>> Application by adding the JaxrsFilter, which implements
>>> our OIDC
>>> adapter. Bill added this thing in the early days of
>>> Keycloak. I enhanced
>>> it a bit few years ago as someone wanted to secure the
>>> JaxRS application
>>> on Fuse. But this was before we had the proper Fuse adapter.
>>>
>>> This thing was never documented and we never had any
>>> examples/quickstarts for it. We have just few automated
>>> tests (in the
>>> old testsuite). IMO it is very obsolete now as you can
>>> probably always
>>> secure your application through some other oficially
>>> supported way (HTTP
>>> Servlet filter or any of our other built-in adapters).
>>>
>>> Does anyone have any reason why we shouldn't remove this?
>>>
>>> If not, I wonder if we can remove it directly without
>>> "deprecation
>>> period"? Considering that this was never documented or
>>> announced, it
>>> probably can't be treated as a Keycloak feature, but
>>> rather an
>>> "implementation detail" or "prototype" and hence
>>> removing it directly
>>> may be fine? In this case, we won't need to migrate the
>>> tests from the
>>> old testsuite (which is my main motivation for writing
>>> this email :)
>>>
>>> Marek
>>>
>>> _______________________________________________
>>> keycloak-dev mailing list
>>> keycloak-dev at lists.jboss.org
>>> <mailto:keycloak-dev at lists.jboss.org>
>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>
>>
>
More information about the keycloak-dev
mailing list