Inline<br><br><div class="gmail_quote">On Mon, Oct 8, 2012 at 6:00 PM, Shane Bryzak <span dir="ltr"><<a href="mailto:sbryzak@redhat.com" target="_blank">sbryzak@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>I've read through the gist and my
comments are inline:<br>
<br>
<br>
<blockquote>
<h1 style="text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:left;font-style:normal;font-weight:bold;padding:0px;line-height:1.4em;text-transform:none;font-size:28px;white-space:normal;margin:0px 0px 10px;font-family:helvetica,arial,freesans,clean,sans-serif;word-spacing:0px">
Developer Side Notes</h1>
<h2 style="border-bottom-width:1px;text-indent:0px;letter-spacing:normal;text-align:left;font-variant:normal;font-style:normal;font-weight:bold;padding:0px;border-bottom-color:rgb(204,204,204);border-bottom-style:solid;line-height:1.4em;text-transform:none;font-size:24px;white-space:normal;margin:0px 0px 10px;font-family:helvetica,arial,freesans,clean,sans-serif;word-spacing:0px">
<a name="13a42d2c8a19823a_definitions" href="https://gist.github.com/3801805#definitions" style="padding:0px 0px 0px 30px;line-height:1.4em;color:rgb(65,131,196);text-decoration:none;display:block" target="_blank"></a>Definitions</h2>
<ul style="text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:left;font-style:normal;font-weight:normal;padding:0px 0px 0px 30px;line-height:1.4em;text-transform:none;font-size:14px;white-space:normal;margin:15px 0px;font-family:helvetica,arial,freesans,clean,sans-serif;word-spacing:0px">
<li style="margin:0px;padding:0px;line-height:1.4em">
<p style="margin:0px 0px 15px;padding:0px;line-height:1.4em">What is the difference between getKey() and
getId() methods. Can we have getId() on the IdentityType ?</p>
<p style="margin:15px 0px;padding:0px;line-height:1.4em">I think we can associate the getKey with the
username, for example. The getId can be used to let stores
identify the user internally, like a generated identifier
or something.</p>
<p style="margin:15px 0px;padding:0px;line-height:1.4em">Another option is have a getName method on User
type and remove the getKey. That way we have User.getId
and User.getName. Remember that other IdentityTypes like
Role and Group have a getName method.</p>
</li>
</ul>
</blockquote>
<p><br>
The getKey() method returns a "globally" unique identifier for
that identity object. E.g. for a group called "admins" the key
would be "GROUP://admins", for a user called jsmith the key
would be "USER://jsmith". We need this distinction because
permissions can be stored against users, groups, or roles using
their key and we need a reliable way to map this value back to
the actual identity object. The getId() method is specific to
certain identity types, such as User (in which case the id is
their user ID, i.e. "jsmith") or Group (where the id is the full
hierarchy of the group, e.g. "/branches/headoffice/managers").<br>
<br>
</p>
<blockquote>
<h2 style="border-bottom-width:1px;text-indent:0px;letter-spacing:normal;text-align:left;font-variant:normal;font-style:normal;font-weight:bold;padding:0px;border-bottom-color:rgb(204,204,204);border-bottom-style:solid;line-height:1.4em;text-transform:none;font-size:24px;white-space:normal;margin:20px 0px 10px;font-family:helvetica,arial,freesans,clean,sans-serif;word-spacing:0px">
<a name="13a42d2c8a19823a_api-design" href="https://gist.github.com/3801805#api-design" style="padding:0px 0px 0px 30px;line-height:1.4em;color:rgb(65,131,196);text-decoration:none;display:block" target="_blank"></a>API
Design</h2>
<ul style="text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:left;font-style:normal;font-weight:normal;padding:0px 0px 0px 30px;line-height:1.4em;text-transform:none;font-size:14px;white-space:normal;margin:15px 0px;font-family:helvetica,arial,freesans,clean,sans-serif;word-spacing:0px">
<li style="margin:0px;padding:0px;line-height:1.4em">
<p style="margin:0px 0px 15px;padding:0px;line-height:1.4em">Method IdentityManager.grantRole(role,
identityType, group) can be split in:</p>
<ul style="margin:0px;padding:0px 0px 0px 30px;line-height:1.4em">
<li style="margin:0px;padding:0px;line-height:1.4em">IdentityManager.grantRole(role, user)</li>
<li style="margin:0px;padding:0px;line-height:1.4em">IdentityManager.grantRole(role, group)</li>
<li style="margin:0px;padding:0px;line-height:1.4em">IdentityManager.addMember(group, identityType)</li>
</ul>
<p style="margin:15px 0px;padding:0px;line-height:1.4em">Same thing for revokeRole(role, identityType,
group), hasRole(role, identityType, group)</p>
</li>
</ul>
</blockquote>
<p><br>
</p>
<p>The role management methods could probably do with some
improvement. For one thing we don't have explicit support for
application roles yet. I would suggest something like the
following methods:<br>
</p>
<p>IdentityManager.grantRole(IdentityType member, Group parent,
String roleName)<br>
IdentityManager.grantApplicationRole(IdentityType member, String
roleName)<br>
</p>
<p><br>
</p>
<blockquote>
<ul style="text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:left;font-style:normal;font-weight:normal;padding:0px 0px 0px 30px;line-height:1.4em;text-transform:none;font-size:14px;white-space:normal;margin:15px 0px;font-family:helvetica,arial,freesans,clean,sans-serif;word-spacing:0px">
<li style="margin:0px;padding:0px;line-height:1.4em">
<p style="margin:0px 0px 15px;padding:0px;line-height:1.4em">Customization of ldap attributes and db stuff
based on preexisting DBs and LDAP stores. For databases
there is some working done in previous versions of
PicketLink IDM.</p>
</li>
<li style="margin:0px;padding:0px;line-height:1.4em">
<p style="margin:0px 0px 15px;padding:0px;line-height:1.4em">Serialization of User, Role, Group and Membership
types. I think is important to make those classes work in
a clustered environment.</p>
</li>
</ul>
</blockquote>
<p><br>
+1, we should make these interfaces Serializable<br>
</p>
<p><br>
</p>
<blockquote>
<ul style="text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:left;font-style:normal;font-weight:normal;padding:0px 0px 0px 30px;line-height:1.4em;text-transform:none;font-size:14px;white-space:normal;margin:15px 0px;font-family:helvetica,arial,freesans,clean,sans-serif;word-spacing:0px">
<li style="margin:0px;padding:0px;line-height:1.4em">
<p style="margin:0px 0px 15px;padding:0px;line-height:1.4em">The IdentityManager provides two methods for
creating groups providing the parent: createGroup(String,
Group) and createGroup(String, String). Maybe we can have
only createGroup(String, Group) considering that the
parent must be always created.</p>
</li>
</ul>
</blockquote>
<p><br>
+1, good idea<br>
<br>
</p>
<blockquote>
<h2 style="border-bottom-width:1px;text-indent:0px;letter-spacing:normal;text-align:left;font-variant:normal;font-style:normal;font-weight:bold;padding:0px;border-bottom-color:rgb(204,204,204);border-bottom-style:solid;line-height:1.4em;text-transform:none;font-size:24px;white-space:normal;margin:20px 0px 10px;font-family:helvetica,arial,freesans,clean,sans-serif;word-spacing:0px">
<a name="13a42d2c8a19823a_query-api-design" href="https://gist.github.com/3801805#query-api-design" style="padding:0px 0px 0px 30px;line-height:1.4em;color:rgb(65,131,196);text-decoration:none;display:block" target="_blank"></a>Query
API Design</h2>
<ul style="text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:left;font-style:normal;font-weight:normal;padding:0px 0px 0px 30px;line-height:1.4em;text-transform:none;font-size:14px;white-space:normal;margin:15px 0px;font-family:helvetica,arial,freesans,clean,sans-serif;word-spacing:0px">
<li style="margin:0px;padding:0px;line-height:1.4em">Common
interface and base class for UserQuery, RoleQuery,
GroupQuery and MembershipQuery interfaces/implementations.</li>
</ul>
</blockquote>
<p>+1, all the common stuff should go in a base interface<br>
<br>
</p>
<blockquote>
<ul style="text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:left;font-style:normal;font-weight:normal;padding:0px 0px 0px 30px;line-height:1.4em;text-transform:none;font-size:14px;white-space:normal;margin:15px 0px;font-family:helvetica,arial,freesans,clean,sans-serif;word-spacing:0px">
<li style="margin:0px;padding:0px;line-height:1.4em">Do
we need the *Query.executeQuery(query, range) method ? We
already have the *Query.executeQuery().</li>
</ul>
</blockquote>
<p>I don't think we need this, the range can be set explicitly on
the Query object.<br>
<br>
</p>
<blockquote>
<ul style="text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:left;font-style:normal;font-weight:normal;padding:0px 0px 0px 30px;line-height:1.4em;text-transform:none;font-size:14px;white-space:normal;margin:15px 0px;font-family:helvetica,arial,freesans,clean,sans-serif;word-spacing:0px">
<li style="margin:0px;padding:0px;line-height:1.4em">We
can also have a *Query.executeQuery(range) method to
configure how the query is executed. Instead of always force
the range argument.</li>
<li style="margin:0px;padding:0px;line-height:1.4em">The
UserQuery interface defines a getName method, but there is
no such method/property in the User interface. Should we map
the UserQuery.getName to User.getKey ? This item is related
with item #1 from the Definitions section.</li>
</ul>
</blockquote>
<p>This should probably be getId() instead.<br>
<br>
</p>
<blockquote>
<ul style="text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:left;font-style:normal;font-weight:normal;padding:0px 0px 0px 30px;line-height:1.4em;text-transform:none;font-size:14px;white-space:normal;margin:15px 0px;font-family:helvetica,arial,freesans,clean,sans-serif;word-spacing:0px">
<li style="margin:0px;padding:0px;line-height:1.4em">Add
support to query users by creation and expiration date.
There are not methods in the UserQuery to search using these
attributes.</li>
</ul>
</blockquote>
<p><br>
+1, this is a good idea<br>
</p>
<blockquote>
<h2 style="border-bottom-width:1px;text-indent:0px;letter-spacing:normal;text-align:left;font-variant:normal;font-style:normal;font-weight:bold;padding:0px;border-bottom-color:rgb(204,204,204);border-bottom-style:solid;line-height:1.4em;text-transform:none;font-size:24px;white-space:normal;margin:20px 0px 10px;font-family:helvetica,arial,freesans,clean,sans-serif;word-spacing:0px">
<a name="13a42d2c8a19823a_messages-and-logging" href="https://gist.github.com/3801805#messages-and-logging" style="padding:0px 0px 0px 30px;line-height:1.4em;color:rgb(65,131,196);text-decoration:none;display:block" target="_blank"></a>Messages
and Logging</h2>
<ul style="text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:left;font-style:normal;font-weight:normal;padding:0px 0px 0px 30px;line-height:1.4em;text-transform:none;font-size:14px;white-space:normal;margin:15px 0px;font-family:helvetica,arial,freesans,clean,sans-serif;word-spacing:0px">
<li style="margin:0px;padding:0px;line-height:1.4em">Better
exception hierarchy and handling</li>
</ul>
</blockquote>
<p>+1, we should also define a list of error codes, I'll ask Pete
for some advice on this.<br>
<br>
</p>
<blockquote>
<ul style="text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:left;font-style:normal;font-weight:normal;padding:0px 0px 0px 30px;line-height:1.4em;text-transform:none;font-size:14px;white-space:normal;margin:15px 0px;font-family:helvetica,arial,freesans,clean,sans-serif;word-spacing:0px">
<li style="margin:0px;padding:0px;line-height:1.4em">JBoss
Logging for messages/exceptions and log messages</li>
</ul>
</blockquote>
<p><br>
My concern here is how we integrate the logging in an SE module
with CDI. It would be nice to provide some kind of i18n
support, maybe Jason would have some suggestions as to how we
best achieve this.<br></p></div></div></blockquote><div>I think JBoss Logging has everything we need to do this w/o CDI simply by using proxies and type safe logging with the annotation processor. James or Ken would know for sure though. </div>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div bgcolor="#FFFFFF" text="#000000"><div><p>
<br>
</p>
<blockquote>
<ul style="text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:left;font-style:normal;font-weight:normal;padding:0px 0px 0px 30px;line-height:1.4em;text-transform:none;font-size:14px;white-space:normal;margin:15px 0px;font-family:helvetica,arial,freesans,clean,sans-serif;word-spacing:0px">
<li style="margin:0px;padding:0px;line-height:1.4em">More
logging code (warn, info, error and debug levels)</li>
</ul>
</blockquote>
<p><br>
+1, comprehensive logging is always good<br>
<br>
</p>
<h2 style="border-bottom-width:1px;text-indent:0px;letter-spacing:normal;text-align:left;font-variant:normal;font-style:normal;font-weight:bold;padding:0px;border-bottom-color:rgb(204,204,204);border-bottom-style:solid;line-height:1.4em;text-transform:none;font-size:24px;white-space:normal;margin:20px 0px 10px;font-family:helvetica,arial,freesans,clean,sans-serif;word-spacing:0px">
<a name="13a42d2c8a19823a_configuration" href="https://gist.github.com/3801805#configuration" style="padding:0px 0px 0px 30px;line-height:1.4em;color:rgb(65,131,196);text-decoration:none;display:block" target="_blank"></a>Configuration</h2>
<ul style="text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:left;font-style:normal;font-weight:normal;padding:0px 0px 0px 30px;line-height:1.4em;text-transform:none;font-size:14px;white-space:normal;margin:15px 0px;font-family:helvetica,arial,freesans,clean,sans-serif;word-spacing:0px">
<li style="margin:0px;padding:0px;line-height:1.4em">Review
the builder code ? Use xml or something else ?</li>
</ul>
<h2 style="border-bottom-width:1px;text-indent:0px;letter-spacing:normal;text-align:left;font-variant:normal;font-style:normal;font-weight:bold;padding:0px;border-bottom-color:rgb(204,204,204);border-bottom-style:solid;line-height:1.4em;text-transform:none;font-size:24px;white-space:normal;margin:20px 0px 10px;font-family:helvetica,arial,freesans,clean,sans-serif;word-spacing:0px">
<a name="13a42d2c8a19823a_documentation" href="https://gist.github.com/3801805#documentation" style="padding:0px 0px 0px 30px;line-height:1.4em;color:rgb(65,131,196);text-decoration:none;display:block" target="_blank"></a>Documentation</h2>
<ul style="text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:left;font-style:normal;font-weight:normal;padding:0px 0px 0px 30px;line-height:1.4em;text-transform:none;font-size:14px;white-space:normal;margin:15px 0px;font-family:helvetica,arial,freesans,clean,sans-serif;word-spacing:0px">
<li style="margin:0px;padding:0px;line-height:1.4em">Start
to document what we have so far</li>
</ul>
<h2 style="border-bottom-width:1px;text-indent:0px;letter-spacing:normal;text-align:left;font-variant:normal;font-style:normal;font-weight:bold;padding:0px;border-bottom-color:rgb(204,204,204);border-bottom-style:solid;line-height:1.4em;text-transform:none;font-size:24px;white-space:normal;margin:20px 0px 10px;font-family:helvetica,arial,freesans,clean,sans-serif;word-spacing:0px">
<a name="13a42d2c8a19823a_feature-proposal" href="https://gist.github.com/3801805#feature-proposal" style="padding:0px 0px 0px 30px;line-height:1.4em;color:rgb(65,131,196);text-decoration:none;display:block" target="_blank"></a>Feature Proposal</h2>
<ul style="text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:left;font-style:normal;font-weight:normal;padding:0px 0px 0px 30px;line-height:1.4em;text-transform:none;font-size:14px;white-space:normal;margin:15px 0px;font-family:helvetica,arial,freesans,clean,sans-serif;word-spacing:0px">
<li style="margin:0px;padding:0px;line-height:1.4em">Password
Management API. Support different credentials and management
features (reset, strength, etc)</li>
<li style="margin:0px;padding:0px;line-height:1.4em">IDM
example appplication</li>
<li style="margin:0px;padding:0px;line-height:1.4em">REST
endpoints for the IdentityManager. As Anil suggested.</li>
<li style="margin:0px;padding:0px;line-height:1.4em">Event
Handling. Which events should be supported (user account
created/removed/updated/expired, membership
created/removed/update, etc) ?</li>
</ul><div><div class="h5">
<br>
<br>
<br>
On 09/10/12 02:23, Anil Saldhana wrote:<br>
</div></div></div><div><div class="h5">
<blockquote type="cite">
<pre>Hi all,
I am wondering if we can hold a discussion on the IDM API so we lock it
down in the next couple of weeks.
Recently, Pedro created the following gist page.
<a href="https://gist.github.com/3801805" target="_blank">https://gist.github.com/3801805</a>.
Regards,
Anil
_______________________________________________
security-dev mailing list
<a href="mailto:security-dev@lists.jboss.org" target="_blank">security-dev@lists.jboss.org</a>
<a href="https://lists.jboss.org/mailman/listinfo/security-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/security-dev</a>
</pre>
</blockquote>
<br>
<br>
</div></div></div>
<br>_______________________________________________<br>
security-dev mailing list<br>
<a href="mailto:security-dev@lists.jboss.org">security-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/security-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/security-dev</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br>Jason Porter<br><a href="http://lightguard-jp.blogspot.com" target="_blank">http://lightguard-jp.blogspot.com</a><br><a href="http://twitter.com/lightguardjp" target="_blank">http://twitter.com/lightguardjp</a><br>
<br>Software Engineer<br>Open Source Advocate<br>Author of Seam Catch - Next Generation Java Exception Handling<br><br>PGP key id: 926CCFF5<br>PGP key available at: <a href="http://keyserver.net" target="_blank">keyserver.net</a>, <a href="http://pgp.mit.edu" target="_blank">pgp.mit.edu</a><br>