[security-dev] how to model services managed by a realm

Bill Burke bburke at redhat.com
Tue Jun 11 11:18:32 EDT 2013

On 6/11/2013 10:58 AM, Pedro Igor Silva wrote:
>     The main idea behind tiers are to share role/groups between realms. And not tie them to a specific realm. From the documentation:
>     "A Tier is a more restrictive type of partition than a realm, as it only allows groups and roles to
> be defined (but not users). A Tier may be used to define a set of application-specific groups and
> roles, which may then be assigned to groups within the same Tier, or to users and groups within
> a separate Realm."
>     I think I have discussed that with Shane some time ago about attributes on partitions. Need to recall that. But I agree that partition-scoped attributes can be handy.

Ok, yet another roadblock I've run into is that it seems you cannot 
create tiers or realms on the fly.  It looks like that all Realms and 
Tiers you want to have must be known and pre-configured before you 
create the IdentityManagerFactory.

If I understand the code correctly, an IdentityManagerFactory acts as a 
cache for all realms and tiers stored under it?  So, being able to 
add/remote tiers/realms on the fly would be pretty key.
Bill Burke
JBoss, a division of Red Hat

More information about the security-dev mailing list