[security-dev] concurrent access to IDM

Bill Burke bburke at redhat.com
Fri Jun 21 18:29:26 EDT 2013

On 6/21/2013 6:05 PM, Anil Saldhana wrote:
> Hi Bill,
>     in your view, what should PicketLink do as you are operating in a
> JavaSE (Non JTA) environment?

Maybe I need to clarify.  In Wildfly, servlet authentication will not 
happen within an EJB container, so no container managed transactions or 
container managed entity managers.

> My understanding is that applications deal with transaction management
> in a non container (non JTA) environment. Special consideration should
> be given to the fact that entity managers are not thread safe.
> http://docs.jboss.org/hibernate/orm/4.0/hem/en-US/html/transactions.html

This is what I'm trying to tell you and why I"m bringing this up in a 
"concurrent access" email thread.

The servlet authentication layer should not care what the underlying 
Identity store is.  But the JPA identity store needs to be able to 
create and destroy EntityManagers and entity manager transactions *per* 
access, depending on the settings.  I only see code for initialization, 

I think this is all backwards.  IDMF hides the SecurityContext, when, 
IMO, the SecurityContext should be exposed to the application, and 
closed by the application when it is finished.

Bill Burke
JBoss, a division of Red Hat

More information about the security-dev mailing list