[security-dev] PicketLink IDM JPA Identity Store

Pete Muir pmuir at redhat.com
Mon Oct 15 10:02:30 EDT 2012

Ok, makes sense I guess, and it is very easy to enable. I think if we give the module a good name to make it really clear what it's for then it should work well.

On 12 Oct 2012, at 23:50, Shane Bryzak wrote:

> Sure - the biggest problem with this relates to configuration.  We use processAnnotatedType() to pick up the entity beans and perform automatic configuration during the startup process.  To do this, obviously the entity beans must be in a bean archive with a beans.xml - but we can't put a beans.xml in the main jar file as it may not have any dependency on CDI. Since we have producer methods (and other configuration related code) for the main IDM module beans in the core module, we cannot just place a beans.xml in the IDM module, (which by itself wouldn't require a hard dependency on the CDI jar library) because we would then get deployment errors for ambiguous injection points.  The easiest solution for this is to simply place the entity beans for the default schema in their own separate jar file, which contains a beans.xml.  This way, it can be used both in an SE environment and a JEE environment without any problems.
> On 12/10/12 00:54, Pete Muir wrote:
>> Shane, can you elaborate on why we can't package the entity beans in the main jar, but make them only enabled optionally (e.g. via the applications persistence.xml)?
>> On 10 Oct 2012, at 21:07, Shane Bryzak wrote:
>>> On 11/10/12 00:22, Douglas Campos wrote:
>>>> On Oct 9, 2012, at 7:52 PM, Shane Bryzak wrote:
>>>>> On 10/10/12 08:05, Douglas Campos wrote:
>>>>>> On Oct 9, 2012, at 4:49 PM, Shane Bryzak wrote:
>>>>>>> If the goal is to make available a simple schema for just some
>>>>>>> developers that wanted it, the best way to do this is to provide an
>>>>>>> additional, optional jar file containing just the simple schema entity
>>>>>>> beans (call it picketlink-idm-defaultschema or something like this)
>>>>>>> rather than provide an entirely new implementation.  This way we avoid
>>>>>>> the burden of having to maintain two implementations, and also avoid the
>>>>>>> aforementioned problem of having unwanted entity beans in the
>>>>>>> distribution for developers that don't want to use the simple schema.
>>>>>> So we go from complex to simple? Did you mean the opposite?
>>>>> I don't understand the question, sorry?
>>>> Optional jar file for the simple schema? shouldn't it be the opposite?
>>> No no - the point I've been (seemingly unsuccessfully) trying to make is
>>> that we *must not* include any entity beans by default.  If we did it
>>> would cause a multitude of problems for our users.  If we do want to
>>> provide a default schema that some of our users *may* elect to use
>>> instead of providing their own, it must be in a separate jar file.
>>> _______________________________________________
>>> security-dev mailing list
>>> security-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/security-dev

More information about the security-dev mailing list