[keycloak-user] Removing JaxrsBearerTokenFilter

Stian Thorgersen sthorger at redhat.com
Fri Feb 22 01:36:18 EST 2019


Why not use one of the proper adapters for the container you are deploying
to?

On Thu, 21 Feb 2019, 14:51 Lukasz Lech, <l.lech at ringler.ch> wrote:

> Hello,
>
> I'm one of the users of org.keycloak.jaxrs.JaxrsBearerTokenFilterImpl. It
> is indeed poorly documented, for example I've found no mention that
> org.keycloak.adapters.KeycloakConfigResolver must cache
> org.keycloak.adapters.KeycloakDeployment, which resulted in public keys
> being downloaded from Keycloak Server with every request to our REST
> channel...
>
> If nobody have time and will to document it and fix bugs, what about
> moving it to separate project instead of deleting it? I haven't seen any
> alternative for securing jaxrs channels other than writing everything from
> scratch... Is there any alternative usable project?
>
>
>
>
> Best regards,
> Lukasz Lech
>
>
> -----Original Message-----
> From: keycloak-user-bounces at lists.jboss.org [mailto:
> keycloak-user-bounces at lists.jboss.org] On Behalf Of Marek Posolda
> Sent: Donnerstag, 21. Februar 2019 10:21
> To: keycloak-user at lists.jboss.org
> Subject: [keycloak-user] Removing JaxrsBearerTokenFilter
>
> Keycloak team things about removing JaxrsBearerTokenFilter.
>
> Just to add some context, the JaxrsBearerTokenFilter is the "adapter",
> which we have in the codebase and which allows to "secure" the JaxRS
> Application by adding the JaxrsFilter, which implements our OIDC
> adapter.This filter is not documented and we don't have any
> examples/quickstarts of it. Hence it is not considered as officially
> supported Keycloak feature. And you can probably always secure your
> application through some other officially supported way (HTTP Servlet
> filter or any of our other built-in adapters).
>
> Anyway, if someone is aware of any reason why to not remove this filter
> from Keycloak, please let me know, ideally by the Monday Feb 25th.
>
> See some details in keycloak-dev thread "Removing JaxrsBearerTokenFilter" .
>
> Thanks,
> Marek
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>


More information about the keycloak-user mailing list