[security-dev] deleting a partition

Bill Burke bburke at redhat.com
Fri Jun 14 14:29:06 EDT 2013

On 6/14/2013 2:19 PM, Pedro Igor Silva wrote:
> Ok, the reason is why this is a critical operation which involves removing critical data. That said, I don't think we should do that, like I said, "automatically".

But again, you give no reason :)  Sure its critical data, but everything 
in the IDM is critical data.

> You can always use the following construct to query all identity types:
> IdentityQuery<IdentityType> query = identityManager.createIdentityQuery(IdentityType.class); // here we use the base type to create the query
> query.setParameter(IdentityType.PARTITION, Realm.DEFAULT_REALM); // or query.setParameter(IdentityType.PARTITION, "Another Partition")
> List<IdentityType> result = query.getResultList();
> for (IdentityType type: result) {
>      // remove
> }

So, the above can be done at a higher level and not have to be done at 
each IdentityStore?  There's no potential for duplicate entries in a 
federated store?

> I understand your point and it is valid. My opinion is just we should leave that for users.

Who is the user?  The admin UI on top of Picketlink IDM API?

Bill Burke
JBoss, a division of Red Hat

More information about the security-dev mailing list