[keycloak-dev] Removing JaxrsBearerTokenFilter

Marek Posolda mposolda at redhat.com
Thu Feb 21 07:16:40 EST 2019

I see. However my point still remains - I think that just quite small 
percentage of Keycloak users is regularly following keycloak-users 
mailing list. However I don't have any better idea where to announce 
those type of messages. Blog or "news channel" is probably not so great 
place for it. And any new ML like "keycloak-announcements" is likely 
also not so great thing as 3 mailing lists seem to be quite lot... I've 
just sent to keycloak-users as you mentioned.


On 21/02/2019 12:45, Stian Thorgersen wrote:
> -1
> Keycloak User mailing list is for users of Keycloak
> Keycloak Developer mailing list is for core team and contributors, 
> let's not encourage more non-contributors to join that list
> On Thu, 21 Feb 2019 at 10:27, Marek Posolda <mposolda at redhat.com 
> <mailto:mposolda at redhat.com>> wrote:
>     I've just sent it to keycloak-user.
>     But question is, if keycloak-user mailing list is good place for
>     such things? I think most people use keycloak-user mailing list to
>     search for solutions to their particular problem or send their
>     particular issue with Keycloak. But not sure how much people read
>     this mailing list regularly? IMO we should instruct community to
>     monitor to keycloak-dev mailing list for general announcements
>     from Keycloak team (EG. release announcements, questionnaires, ask
>     for removing/deprecating some component) as in keycloak-user
>     informations can be easily lost.
>     Marek
>     On 20/02/2019 21:25, Stian Thorgersen wrote:
>>     DId you send this to user mailing list as well? If not you should.
>>     On Wed, 20 Feb 2019 at 19:45, Marek Posolda <mposolda at redhat.com
>>     <mailto:mposolda at redhat.com>> wrote:
>>         Thanks for the confirm! Will wait few more days if someone
>>         has any reason against removing it. If not, will likely send
>>         PR early next week for removing it.
>>         Marek
>>         On 20/02/2019 15:32, Stian Thorgersen wrote:
>>>         +1 To just removing it as long if there's no mention of it
>>>         in the docs/examples/quickstarts
>>>         On Wed, 20 Feb 2019 at 14:44, Marek Posolda
>>>         <mposolda at redhat.com <mailto:mposolda at redhat.com>> wrote:
>>>             I wonder if we can remove JaxrsBearerTokenFilter?
>>>             Jut to add some context, the JaxrsBearerTokenFilter is
>>>             the "adapter",
>>>             which we have in the codebase and which allows to
>>>             "secure" the JaxRS
>>>             Application by adding the JaxrsFilter, which implements
>>>             our OIDC
>>>             adapter. Bill added this thing in the early days of
>>>             Keycloak. I enhanced
>>>             it a bit few years ago as someone wanted to secure the
>>>             JaxRS application
>>>             on Fuse. But this was before we had the proper Fuse adapter.
>>>             This thing was never documented and we never had any
>>>             examples/quickstarts for it. We have just few automated
>>>             tests (in the
>>>             old testsuite). IMO it is very obsolete now as you can
>>>             probably always
>>>             secure your application through some other oficially
>>>             supported way (HTTP
>>>             Servlet filter or any of our other built-in adapters).
>>>             Does anyone have any reason why we shouldn't remove this?
>>>             If not, I wonder if we can remove it directly without
>>>             "deprecation
>>>             period"? Considering that this was never documented or
>>>             announced, it
>>>             probably can't be treated as a Keycloak feature, but
>>>             rather an
>>>             "implementation detail" or "prototype" and hence
>>>             removing it directly
>>>             may be fine? In this case, we won't need to migrate the
>>>             tests from the
>>>             old testsuite (which is my main motivation for writing
>>>             this email :)
>>>             Marek
>>>             _______________________________________________
>>>             keycloak-dev mailing list
>>>             keycloak-dev at lists.jboss.org
>>>             <mailto:keycloak-dev at lists.jboss.org>
>>>             https://lists.jboss.org/mailman/listinfo/keycloak-dev

More information about the keycloak-dev mailing list