[security-dev] IDM:: API Change question - feedback requested
Shane Bryzak
sbryzak at redhat.com
Thu Nov 29 21:15:03 EST 2012
I've updated the IdentityManager API so that we now support the
following User/Group/Role related methods:
// General
void add(IdentityType identityType);
void update(IdentityType identityType);
void remove(IdentityType identityType);
// User
User getUser(String name);
// Group
Group getGroup(String groupId);
Group getGroup(String groupName, Group parent);
boolean isMember(IdentityType identityType, Group group);
void addToGroup(IdentityType identityType, Group group);
void removeFromGroup(IdentityType identityType, Group group);
// Roles
Role getRole(String name);
boolean hasGroupRole(IdentityType identityType, Role role, Group
group);
void grantGroupRole(IdentityType identityType, Role role, Group group);
void revokeGroupRole(IdentityType identityType, Role role, Group
group);
boolean hasRole(IdentityType identityType, Role role);
void grantRole(IdentityType identityType, Role role);
void revokeRole(IdentityType identityType, Role role);
This change has meant a net simplification of the API, with the three
new methods (add, update and remove) replacing the seven methods we
previously had, while providing additional features (in the form of
added support for updating Groups and Roles).
Thanks for the feedback guys!
Shane
On 11/30/2012 12:16 AM, Pete Muir wrote:
> I prefer add() to persist(), IMO it's more obvious.
>
> On 29 Nov 2012, at 01:24, Shane Bryzak wrote:
>
>> Just to add to this, the idea is to essentially mimic the JPA API, which
>> provides persist(), merge() and remove() methods. What we are proposing
>> is a slight variation of this, as follows:
>>
>> public interface IdentityManager {
>>
>> // snip other methods
>>
>> /**
>> * Persists the specified IdentityType
>> */
>> void persist(IdentityType identityType);
>>
>> /**
>> * Updates the persisted state of the specified IdentityType, with
>> the exception of the id and name for Groups, and name for Roles
>> */
>> void update(IdentityType identityType);
>>
>> /**
>> * Removes the specified IdentityType
>> */
>> void remove(IdentityType identityType);
>> }
>>
>> Just a reminder, that IdentityType is the super-type for User, Group and
>> Role so these methods can be used for any of these. This would simplify
>> the IdentityManager API considerably (replacing an existing 7 methods
>> with just 3) while providing more functionality (currently the API
>> doesn't allow Roles or Groups to be updated).
>>
>> On 11/29/2012 10:40 AM, Anil Saldhana wrote:
>>> Hi all,
>>> Shane, Pedro and I have been discussing the following use case and
>>> agree on method name change. Shane suggested the list due to it being an
>>> API change.
>>>
>>> The developer can ask the Identity Manager to create an instance of
>>> User/Role/Group (IdentityType). This use case is pretty clear.
>>>
>>> Now if the developer wants to create his own instances of U/R/G as:
>>>
>>> User user = new SimpleUser("userA");
>>>
>>> Now he needs to persist this to the store.
>>>
>>> The current API call would be:
>>>
>>> User storeUser = identityManager.createUser(user)
>>>
>>> We feel this is not as intuitive as:
>>>
>>> User storeUser = identityManager.persist(user)
>>>
>>> Objections to this API change?
>>>
>>> Regards,
>>> Anil
>>> _______________________________________________
>>> security-dev mailing list
>>> security-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/security-dev
>> _______________________________________________
>> security-dev mailing list
>> security-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/security-dev
More information about the security-dev
mailing list