[security-dev] concurrent access to IDM

Bill Burke bburke at redhat.com
Fri Jun 21 18:40:15 EDT 2013

SHould really be something like this:

IdentityManagerFactory factory = ...;

SecurityContext context = factory.beginContext();

IdentityManager corporate = context.getRealm("Red Hat");
User user = corporate.getUser("bburke at redhat.com");
IdentityManager application = context.getTier("My Application");
Role role = application.getRole("admin");
corporate.grantRole(user, role);


IMO also, there should be a rename:
SecurityContext -> IdentityContext
IdentityManagerFactory -> IdentityContextFactory
IdentityManager -> PartitionManager

The SecurityContext name has already been used in other APIs and kind of 
conflicts.already exists.

On 6/21/2013 6:29 PM, Bill Burke wrote:
> On 6/21/2013 6:05 PM, Anil Saldhana wrote:
>> Hi Bill,
>>      in your view, what should PicketLink do as you are operating in a
>> JavaSE (Non JTA) environment?
> Maybe I need to clarify.  In Wildfly, servlet authentication will not
> happen within an EJB container, so no container managed transactions or
> container managed entity managers.
>> My understanding is that applications deal with transaction management
>> in a non container (non JTA) environment. Special consideration should
>> be given to the fact that entity managers are not thread safe.
>> http://docs.jboss.org/hibernate/orm/4.0/hem/en-US/html/transactions.html
> This is what I'm trying to tell you and why I"m bringing this up in a
> "concurrent access" email thread.
> The servlet authentication layer should not care what the underlying
> Identity store is.  But the JPA identity store needs to be able to
> create and destroy EntityManagers and entity manager transactions *per*
> access, depending on the settings.  I only see code for initialization,
> ContextInitializer.
> I think this is all backwards.  IDMF hides the SecurityContext, when,
> IMO, the SecurityContext should be exposed to the application, and
> closed by the application when it is finished.

Bill Burke
JBoss, a division of Red Hat

More information about the security-dev mailing list