May 29, 2014
java, JAX-RS, Keycloak, oauth, openid connect, opensource, REST, security, SSO
Keycloak Beta-1 has been released! We’re edging closer to 1.0! Please visit the Keycloak website for links to documentation and downloads. A lot of hard work the last few months by Stian, Marek, myself and other contributors to bring you loads of new features and improvements:
- LDAP/Active Directory integration built on Picketlink. Thanks Marek!
- User Session management – can now view login IP address and which applications and oauth clients have open tokens. Works with any type of app too. Can view and manage sessions through user account pages or admin console
- Audit log for important events. Integration with admin console and ability to receive emails on certain events.
- Account log viewable in user account management pages
- Export database. Allows you to export a full dump of keycloak database into an encrypted file. Will help out tremendously to migrate between Keycloak versions.
- Authentication SPI. Allows you to plug in different mechanisms to retrieve and authenticate users.
- Theme support for the admin console and any sent email.
- Per-realm admin console. You can now designate a user within a realm that is an admin of that realm.
- Documented the Admin REST API finally. (Docs still kinda suck here)
- CORS support for Admin REST API
- Support for relative URLs when configuring admin console
- Server configuration file
- Social Only Logins
- Installed application adapter
- Expanded the number of example projects
What’s next? This is the last major feature release of Keycloak. We will now be focusing on performance, clustering, security audits, testing, documentation, and usability for the next few releases. We hope to release 1.0 Final sometime in July.
April 25, 2014
When I hear somebody say “Right tool for the job” I cringe. The acid in my stomach starts to churn. My blood pressure goes up. I just feel like lashing out or screaming. Why do I get this reaction? Its a simple, logical statement. Sounds like great advice, right? In my experience though, “right tool for the job” is often code for something else. Its an often used, cliche excuse to hide hidden motives. So, let me translate for you the true meaning of “Right tool for the job”.
- There’s this cool fad new language that everybody is talking about. I’m going to use this new language to implement a new feature even though nobody else on my team will be able to maintain it but me. Even though the code will hard to maintain because I’ll be experimenting with every possible new feature of the new fad language I’m using. Thus: New language XXX is the RIGHT TOOL FOR THE JOB!.
- Everybody is talking about this new cool No SQL stuff, but I’m stuck coding RDBMS with Hibernate. Thus: No-SQL DB XXX is the RIGHT TOOL FOR THE JOB!
- This job sucks and I need to train myself in a new technology so I can get a new job. Thus: Technology XXX is the RIGHT TOOL FOR THE JOB!
- My product/project is missing a key fundamental feature that a competing, more mature technology has had for years. I can’t say that this competing older, mature technology is better, I need an excuse so instead I say: You need to pick the RIGHT TOOL FOR THE RIGHT JOB!
Consultants are even more notorious for this.
- I need to make myself invaluable to this company so I can keep billing high rates for myself and my underlings. So, I will find a technology that nobody in this company has experience. Thus, Technology XXX is the RIGHT TOOL FOR THE JOB!
- I need to train a bunch of my new consultants in a new technology. Better to charge this training on somebody else’s dime. Thus, Technology XXX is the RIGHT TOOL FOR THE JOB!
- I need to drum up business, sales are lagging. So, I’ll create a new methodology and pay some Thought Leader to bless the methodology. Then I’ll get my best speaker to troll all the developer conferences touting this new methodology. Thus, Methodology XXX is the RIGHT TOOL FOR THE JOB!
Admit it! You see this happening everywhere. We’ve all done it at least once. But no more for me! Just like I want to purge swearing and cursing in front of my kids, I want Right Tool for the Job out of my vocabulary as well. If you ever hear or see my say this phrase, call me a hypocrite. Flame me. Chastise me. Remind me of this blog!
March 31, 2014
java, javaee, JAX-RS, jboss, RESTEasy
Ron fixed a few bugs in validation. Netty improvements. A few other bug fixes here and there.
As usual, follow links from jboss.org/resteasy to download and view documentation and release notes.
March 13, 2014
java, javaee, spring
Here’s an interesting testimonial on using GWT, Java EE, and Errai to build an application.
“When I stumbled upon Errai, I was re-introduced to JEE. We had previously explored a variety of backend frameworks, including Spring and most recently Guice. I was instantly amazed and attracted to the simplicity and elegance of JEE – in particular the CDI API. Once I had my JBoss AS 7 environment set up, I was incredibly pleased with how neatly everything just seemed to “work” – REST, Persistence/Transactions, CDI, and how little configuration was required. It almost didn’t seem possible.”
A few years ago, I wrote a blog about how Java EE made a huge comeback over Spring as a development platform. 159 comments later I still get people ranting for or against me on that thread. What was interesting about this particular testimonial is that the developer investigated both Spring and Guice.
“We had previously explored a variety of backend frameworks, including Spring and most recently Guice.”
I still stand by my 2+ year old blog that Java EE made a huge comeback as a web development platform.
March 12, 2014
Keycloak, oauth, openid connect, security, SSO
Another big feature release for Keycloak. As usual, go to keycloak.org to find documentation and download links. Here are the highlights of Alpha 3:
- Minimal support for OpenID Connect. Claims like email, full name, etc. can now be transmitted and viewed with IDToken passed after login.
- Configurable allowed claims. What identity claims are made in id and access tokens can be configured per application or oauth client within the admin console
- Remote logout and session stats available from management console
- Refresh token support
- Not before revocation policy. You can set it per realm, oauth client, or application. Policies are pushed to applications that have an admin url
- Fine grain admin console permissions and roles. You can now specify which realms a master user is allowed to create, view, or edit. An awesome side effect of this is that if you enable registration in the master admin realm and set a default global role of create only, keycloak can become a SaaS for SSO.
- Installed Application feature to support non-browser applications that want to use Keycloak
- You can now add social network links through account management
Our next release will be Beta-1 and will be our last big feature release. One of the features we want to add is support for using an existing LDAP/Active Directory server. We’re going to take a look at Picketlink IDM API for this. We also need more fine grain support for importing and exporting various pieces of the keycloak database. That’s minimally what we want to get in. We’re looking at a May timeframe for this release as in April many of us will be busy with Red Hat Summit.
March 10, 2014
I’ll be doing a talk on Keycloak April 17th at Devnation in San Francisco. Devnation is running the same time as Red Hat summit and JUDCon. I should be around earlier in the week too. For those that suffer through all my “errs” and “uhms”, I’ll be giving away 2 copies of RESTful Java with JAX-RS 2.0. Hopefully that’s enough of a bribe to come and listen! If anybody wants to talk Resteasy or Keycloak earlier in the week, ping me on the keycloak-dev list.
February 27, 2014
John Ament, a long time lurker on resteasy-dev list has put together a lightweight combination of Undertow + Resteasy + Weld called Hammock. We’ve gotten in some PRs from him to help make this a reality, hope to get more. I’m hoping somebody puts together this combination with Netty too and contributes it.