[keycloak-dev] Readonly UserModel
Bill Burke
bburke at redhat.com
Thu Aug 11 16:04:55 EDT 2016
IMO, you don't need to put a lot of work into this as UserFederation SPI
is going to be deprecated.
Here's an example of new UserStorageProvider SPI. Its very similar.
https://github.com/keycloak/keycloak/tree/master/examples/providers/user-storage-jpa
There will be no more importing of users. If you think about it, what
we had before was a persistent cache, which IMO, doesn't make much
sense. The biggest reason for imports was it made querying easier, but
I think I've got a solution for that implemented, albeit an inefficient
one for large role sets.
What I think we will need is a common exception i.e. ModelReadOnly or
something and have it handled gracefully in the admin console and rest API.
On 8/11/16 3:12 PM, Bruno Oliveira wrote:
> Ahoy, after exploring some ideas I implemented the initial draft[1] for KEYCLOAK-3060[2]. Before submitting any changes, I would like some feedback.
>
> - Motivation
>
> Disable input fields when read-only federation providers like SSSD or LDAP (read-only mode) are enabled.
>
> Another alternative would be just hide sections which people are not supposed to edit. For example: account, OTP and password section.
>
> To be honest, I'm 50/50 about it, because hiding sections could be confusing to users.
>
> - Pros
>
> * Users won't get frustrated trying to update their profile, to later find out that's not possible.
> * Input fields will truly represent what our user is, into other words, read-only
>
> - Cons
>
> * UserModel from my perspective is the only possible place to introduce this change[3] (I can be wrong). The drawback is that the change will affect all the implementing classes.
>
> - Options
>
> 1. If you are fine with the changes here[1]. I could do some clean up, write the proper integration tests and work to get it merged.
>
> 2. Do nothing and leave it as is.
>
> Thoughts?
>
>
> [1] - https://github.com/abstractj/keycloak/tree/KEYCLOAK-3060
> [2] - https://issues.jboss.org/browse/KEYCLOAK-3060
> [3] - https://github.com/abstractj/keycloak/blob/af30b4da101fd7f7775e74b93c6da2f611d364ae/server-spi/src/main/java/org/keycloak/models/UserModel.java#L61-L64
>
> --
>
> abstractj
> PGP: 0x84DC9914
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
More information about the keycloak-dev
mailing list