[security-dev] no API for managing EntityManagers
Bill Burke
bburke at redhat.com
Mon Jul 8 13:49:51 EDT 2013
I'll also want to restate that core Wildfly usage of Picketlink IDM will
not run in a container that can manage EntityManager instances. Even in
the EJB case you'll be authenticating and authorizing before a
transaction is started. Without a transaction, you don't have automatic
management of EntityManager instances.
On 7/8/2013 10:52 AM, Bill Burke wrote:
> I've already stated this, but I'll state it again.
>
> If you want to use the JPA store, your application requires specific
> knowledge that it is using a JPA store, on multiple levels:
> IdentityManagerFactory creation as well as each time you interact with
> an IdentityManager. For JPA, you'll want to begin/commit/rollback, and
> you also need to close the underlying EntityManager. I don't think JPA
> will be alone in wanting to do this. There may be other stores that
> could be transactionally aware i.e. Infinispan, etc.
>
> The ContextInitializer is inadequate because it only handles
> initialization and none of the other callbacks I mentioned
> (begin/commit/rollback/close/destroy).
>
> Also, I strongly believe you need to expose an abstract "transaction"
> interface for the IDM. I suggest the following:
>
> interface IdentityContextFactory {
>
> IdentityContext createIdentityContext();
> void close();
> }
>
> interface IdentityContext {
> void begin();
> void commit();
> void rollback();
> void close();
>
> Realm getRealm(String id);
> void deleteRealm(Realm realm);
> Realm createRealm(String id);
>
> Tier getTier(String id);
> void deleteTier(Tier tier);
> Tier createTier(String id);
>
> PartitionManager createPartitionManager(Partition partition);
> PartitionManager defaultPartitionManager();
> }
>
> interface PartitionManager extends IdentityManager { // really I want to
> rename IdentityManager
> }
>
> interface ContextInitializer {
> void begin(SecurityContext context);
> void commit(SecurityContext context);
> void rollback(SecurityContext context);
> void close(SecurityContext context);
>
> void initContextForStore(SecurityContext context, IdentityStore<?>
> store);
> }
>
> I'd be happy to implement this so long as I can get any pull request I
> create committed sooner than the 25 days my current pull request is
> sitting in the queue.
>
>
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the security-dev
mailing list