[keycloak-dev] Removing JaxrsBearerTokenFilter
sthorger at redhat.com
Thu Feb 21 07:47:11 EST 2019
If this was important we could announce on blog and Twitter to reach a
slightly bigger audience. End of the day though I don't think it is so if
you ask on user mailing list and no-one replies within a week then I think
we can assume it's not much used.
On Thu, 21 Feb 2019 at 13:16, Marek Posolda <mposolda at redhat.com> wrote:
> I see. However my point still remains - I think that just quite small
> percentage of Keycloak users is regularly following keycloak-users mailing
> list. However I don't have any better idea where to announce those type of
> messages. Blog or "news channel" is probably not so great place for it. And
> any new ML like "keycloak-announcements" is likely also not so great thing
> as 3 mailing lists seem to be quite lot... I've just sent to keycloak-users
> as you mentioned.
> On 21/02/2019 12:45, Stian Thorgersen wrote:
> Keycloak User mailing list is for users of Keycloak
> Keycloak Developer mailing list is for core team and contributors, let's
> not encourage more non-contributors to join that list
> On Thu, 21 Feb 2019 at 10:27, Marek Posolda <mposolda at redhat.com> wrote:
>> I've just sent it to keycloak-user.
>> But question is, if keycloak-user mailing list is good place for such
>> things? I think most people use keycloak-user mailing list to search for
>> solutions to their particular problem or send their particular issue with
>> Keycloak. But not sure how much people read this mailing list regularly?
>> IMO we should instruct community to monitor to keycloak-dev mailing list
>> for general announcements from Keycloak team (EG. release announcements,
>> questionnaires, ask for removing/deprecating some component) as in
>> keycloak-user informations can be easily lost.
>> On 20/02/2019 21:25, Stian Thorgersen wrote:
>> DId you send this to user mailing list as well? If not you should.
>> On Wed, 20 Feb 2019 at 19:45, Marek Posolda <mposolda at redhat.com> wrote:
>>> Thanks for the confirm! Will wait few more days if someone has any
>>> reason against removing it. If not, will likely send PR early next week for
>>> removing it.
>>> On 20/02/2019 15:32, Stian Thorgersen wrote:
>>> +1 To just removing it as long if there's no mention of it in the
>>> On Wed, 20 Feb 2019 at 14:44, Marek Posolda <mposolda at redhat.com> wrote:
>>>> I wonder if we can remove JaxrsBearerTokenFilter?
>>>> Jut to add some context, the JaxrsBearerTokenFilter is the "adapter",
>>>> which we have in the codebase and which allows to "secure" the JaxRS
>>>> Application by adding the JaxrsFilter, which implements our OIDC
>>>> adapter. Bill added this thing in the early days of Keycloak. I
>>>> it a bit few years ago as someone wanted to secure the JaxRS
>>>> on Fuse. But this was before we had the proper Fuse adapter.
>>>> This thing was never documented and we never had any
>>>> examples/quickstarts for it. We have just few automated tests (in the
>>>> old testsuite). IMO it is very obsolete now as you can probably always
>>>> secure your application through some other oficially supported way
>>>> Servlet filter or any of our other built-in adapters).
>>>> Does anyone have any reason why we shouldn't remove this?
>>>> If not, I wonder if we can remove it directly without "deprecation
>>>> period"? Considering that this was never documented or announced, it
>>>> probably can't be treated as a Keycloak feature, but rather an
>>>> "implementation detail" or "prototype" and hence removing it directly
>>>> may be fine? In this case, we won't need to migrate the tests from the
>>>> old testsuite (which is my main motivation for writing this email :)
>>>> keycloak-dev mailing list
>>>> keycloak-dev at lists.jboss.org
More information about the keycloak-dev