[security-dev] JPA?

Bill Burke bburke at redhat.com
Tue Jun 11 17:04:48 EDT 2013

How exactly does JPA give users more control over their data than JDBC? 
  Also, I'm sorry, but I just don't believe you that there is this large 
contingent of app deveopers that want JPA.

On 6/11/2013 4:57 PM, Anil Saldhana wrote:
> Bill,  application developers will care about JPA vs JDBC if they want
> greater control on things like roles, groups etc. While container driven
> security is good for many applications, a large contingent of app
> developers just want greater control on determining the roles/groups of
> users authenticating to their app.
> On 06/11/2013 03:53 PM, Bill Burke wrote:
>> JPA vs. JDBC isn't a choice, users won't care.  Why would app developers
>> care either?  They should be using management interfaces or the upcoming
>> sso server to manage their domains.
>> On 6/11/2013 4:39 PM, Anil Saldhana wrote:
>>> Jason - I will let others chime in their thoughts.
>>> We want to support as many Identity Store implementations as possible.
>>> We implemented a File Store implementation mainly to aid its usage as
>>> the default identity store implementation in WildFly.
>>> I have no issues in providing an additional JDBC identity store
>>> implementation. It just gives the users more implementations to choose from.
>>>     From application developers perspective, I think the balance still
>>> swings toward JPA. But for Wildfly core authentication using PicketLink
>>> IDM, for database backends, JDBC makes sense.
>>> It will be at least a couple of months before we attempt a JDBC
>>> implementation due to 2.5.0 release. That is why I placed the JIRA issue
>>> fix to be 2.5.1. I think this works for Wildfly roadmap.
>>> On 06/11/2013 03:14 PM, Jason Greene wrote:
>>>> I thought it best to move the discussion on undertow to here.
>>>> Anil opened a JIRA to investigate:
>>>> https://issues.jboss.org/browse/PLINK-190
>>>> My concerns are:
>>>> - Initialization Time (JPA has always been expensive in this area)
>>>> - Dependency chain problems (if this forces the app server (which at some point might not be limited to Java EE) to have a big chunk of EE just to support database auth)
>>>> - Potential increase of memory usage? (in particular if we end up with hibernate using infinispan as a cache which is then double cached at the auth level)
>>>> I guess the main reason for the switch from JDBC is to avoid supporting various DB dialects. However, the following is also true:
>>>> - ANSI SQL-92 is supported by almost everyone, and it allows for portable DML
>>>> - IDMs have very simple relational layouts and queries
>>>> - It's easy to abstract queries to allow customization by a user
> _______________________________________________
> security-dev mailing list
> security-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/security-dev

Bill Burke
JBoss, a division of Red Hat

More information about the security-dev mailing list