PicketLink IDM API - Should PasswordCredential use char[] instead of String
by Darran Lofthouse
It is a fairly common recommended practice that passwords are stored
using character arrays instead of String - this means that as soon as it
is finished with the array can be cleared instead of relying on the
garbage collector to remote the String from the heap.
Just thinking should PasswordCredential also do the same?
Regards,
Darran Lofthouse.
12 years, 2 months
PicketLink 3 IDM - hasRole Checking
by Darran Lofthouse
For hasRole has there been any thought about being able to check
multiple roles concurrently?
The scenario I am thinking about here is where we want to check that a
user is a member of at least one role - if we have a large number of
roles at the moment we would need to loop and call hasRole once for each
role.
Regards,
Darran Lofthouse.
12 years, 2 months
PicketLink 3 - Group/Role - Membership
by Darran Lofthouse
I haven't spent too much time digging into the query side yet so
hopefully a quick question.
For a given user is it possible to run a query that returns a list of
all of their groups/roles?
For a given role/group is it possible to run a query to identify all of
the members?
Regards,
Darran Lofthouse.
12 years, 2 months
PicketLink 3 IDM API - Command Chaining
by Darran Lofthouse
Working with the IdentityManager interface quite a lot of methods are
returning void - has there been any consideration to them returning an
appropriate IdentityManager reference to avoid the need for subsequent
lookup calls and to potentially commands to be chained?
As an example creating a new Tier and obtaining the IdentityManager for
that Tier takes three lines and introduces the need to cache the Tier
for it's re-use: -
Tier internalTier = new Tier("InternalApps", "Tier to contain
roles for internal apps.", null);
im.createTier(internalTier);
IdentityManager internalTierIm = im.forTier(internalTier);
Had the call to createTier returned the IdentityManager I could have
reduced this down to: -
IdentityManager internalTierIm = im.createTier(new Tier(
"InternalApps",
"Tier to contain roles for internal apps.",
null));
Regards,
Darran Lofthouse.
12 years, 2 months
PicketLink 3 IDM - Avoiding Knowledge of the IdentityStore
by Darran Lofthouse
Working further with the API one thing that I notice is that is that
although basic access to load IdentityTypes can be performed using the
generic interfaces adding new identities seems to require a knowledge of
the store to select the correct type.
As an example from what I can see to add a user to the
FileBasedIdentityStore I need to add a FileUser - is this correct or am
I missing something?
What I would hope to see is that a client of the API can be written to
be completely independent of the IdentityStore so should the
IdentityStore be switched the client would remain mostly unchanged.
Regards,
Darran Lofthouse.
12 years, 2 months
IDM:: API Change question - feedback requested
by Anil Saldhana
Hi all,
Shane, Pedro and I have been discussing the following use case and
agree on method name change. Shane suggested the list due to it being an
API change.
The developer can ask the Identity Manager to create an instance of
User/Role/Group (IdentityType). This use case is pretty clear.
Now if the developer wants to create his own instances of U/R/G as:
User user = new SimpleUser("userA");
Now he needs to persist this to the store.
The current API call would be:
User storeUser = identityManager.createUser(user)
We feel this is not as intuitive as:
User storeUser = identityManager.persist(user)
Objections to this API change?
Regards,
Anil
12 years, 2 months
