[security-dev] deleting a partition
Pedro Igor Silva
psilva at redhat.com
Fri Jun 14 14:19:28 EDT 2013
Ok, the reason is why this is a critical operation which involves removing critical data. That said, I don't think we should do that, like I said, "automatically".
You can always use the following construct to query all identity types:
IdentityQuery<IdentityType> query = identityManager.createIdentityQuery(IdentityType.class); // here we use the base type to create the query
query.setParameter(IdentityType.PARTITION, Realm.DEFAULT_REALM); // or query.setParameter(IdentityType.PARTITION, "Another Partition")
List<IdentityType> result = query.getResultList();
for (IdentityType type: result) {
// remove
}
I understand your point and it is valid. My opinion is just we should leave that for users.
----- Original Message -----
From: "Bill Burke" <bburke at redhat.com>
To: "Pedro Igor Silva" <psilva at redhat.com>
Cc: security-dev at lists.jboss.org
Sent: Friday, June 14, 2013 2:22:08 PM
Subject: Re: [security-dev] deleting a partition
You didn't really give a reason. From an admin perspective you will
want to delete a realm or partition, but the admin may not know exactly
what identity metadata was created. The admin UI implementation is
going to have to do this anyways, so might as well do it within IDM API.
On 6/14/2013 1:12 PM, Pedro Igor Silva wrote:
> I just don't think we should "automatically" do something like that. If you want to delete them, you can do it by yourself.
>
> This is a critical thing. Not sure if we should do that internally, but just allow users to do it if they want.
>
> You can query all u/r/g for a specific partition and delete them by yourself, using the Query API.
>
> ----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: "Pedro Igor Silva" <psilva at redhat.com>
> Cc: security-dev at lists.jboss.org
> Sent: Friday, June 14, 2013 2:02:32 PM
> Subject: Re: [security-dev] deleting a partition
>
> I don't agree. What's your reasoning? At least in my case, because an
> Application is going to be a Partition, i'll need to have an operation
> somewhere that deletes the roles/role mappings somewhere.
>
> On 6/14/2013 12:10 PM, Pedro Igor Silva wrote:
>> IMO, we should not delete u/g/r and raise an exception instead. Telling the user that a partition can not be removed because of the associated data (u/r/g).
>>
>> If he wants to remove, he must remove first all related identity data.
>>
>> Btw, we were doing that before the last refactoring to the Partition API.
>>
>> ----- Original Message -----
>> From: "Bill Burke" <bburke at redhat.com>
>> To: security-dev at lists.jboss.org
>> Sent: Friday, June 14, 2013 12:38:12 PM
>> Subject: [security-dev] deleting a partition
>>
>> I'm looking at how to delete a partition and its not that simple. Is
>> this good enough? First I delete all Agents, users, groups, and roles.
>> Relationships should be deleted too right?
>>
>> List<AttributedType> toRemove = new ArrayList<AttributedType>();
>> {
>> IdentityQuery<IdentityType> query = new
>> DefaultIdentityQuery(context, Agent.class, this);
>> List<IdentityType> resultSet = fetchQueryResults(context,
>> query);
>> toRemove.addAll(resultSet);
>> }
>> {
>> IdentityQuery<IdentityType> query = new
>> DefaultIdentityQuery(context, User.class, this);
>> List<IdentityType> resultSet = fetchQueryResults(context,
>> query);
>> toRemove.addAll(resultSet);
>> }
>> {
>> IdentityQuery<IdentityType> query = new
>> DefaultIdentityQuery(context, Group.class, this);
>> List<IdentityType> resultSet = fetchQueryResults(context,
>> query);
>> toRemove.addAll(resultSet);
>> }
>> {
>> IdentityQuery<IdentityType> query = new
>> DefaultIdentityQuery(context, Role.class, this);
>> List<IdentityType> resultSet = fetchQueryResults(context,
>> query);
>> toRemove.addAll(resultSet);
>> }
>>
>> I do this all at the IdentityStore level, after this, I delete the
>> partition entry using IdentityStore specific routines.
>>
>>
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the security-dev
mailing list