deleting a partition
by Bill Burke
I'm looking at how to delete a partition and its not that simple. Is
this good enough? First I delete all Agents, users, groups, and roles.
Relationships should be deleted too right?
List<AttributedType> toRemove = new ArrayList<AttributedType>();
{
IdentityQuery<IdentityType> query = new
DefaultIdentityQuery(context, Agent.class, this);
List<IdentityType> resultSet = fetchQueryResults(context,
query);
toRemove.addAll(resultSet);
}
{
IdentityQuery<IdentityType> query = new
DefaultIdentityQuery(context, User.class, this);
List<IdentityType> resultSet = fetchQueryResults(context,
query);
toRemove.addAll(resultSet);
}
{
IdentityQuery<IdentityType> query = new
DefaultIdentityQuery(context, Group.class, this);
List<IdentityType> resultSet = fetchQueryResults(context,
query);
toRemove.addAll(resultSet);
}
{
IdentityQuery<IdentityType> query = new
DefaultIdentityQuery(context, Role.class, this);
List<IdentityType> resultSet = fetchQueryResults(context,
query);
toRemove.addAll(resultSet);
}
I do this all at the IdentityStore level, after this, I delete the
partition entry using IdentityStore specific routines.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
11 years, 5 months
JPA?
by Jason Greene
I thought it best to move the discussion on undertow to here.
Anil opened a JIRA to investigate:
https://issues.jboss.org/browse/PLINK-190
My concerns are:
- Initialization Time (JPA has always been expensive in this area)
- Dependency chain problems (if this forces the app server (which at some point might not be limited to Java EE) to have a big chunk of EE just to support database auth)
- Potential increase of memory usage? (in particular if we end up with hibernate using infinispan as a cache which is then double cached at the auth level)
I guess the main reason for the switch from JDBC is to avoid supporting various DB dialects. However, the following is also true:
- ANSI SQL-92 is supported by almost everyone, and it allows for portable DML
- IDMs have very simple relational layouts and queries
- It's easy to abstract queries to allow customization by a user
--
Jason T. Greene
WildFly Lead / JBoss EAP Platform Architect
JBoss, a division of Red Hat
11 years, 5 months
Rename IDMF and IDM?
by Bill Burke
Was thinking with Partitions, the class names IdentityManagerFactory and
IdentityManager don't make sense...maybe instead:
IdentityManagerFactory change to IdentityManager
IdentityManager change to PartitionManager?
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
11 years, 5 months
pull request for partition creation
by Bill Burke
- Added partition creation support to File and JPA stores
- Added findTier(), findRealm(), createRealm(), createTier() methods to
IdentityManagerFactory.
- Initialized the DefaultStoreFactory storeCache in the constructor
- Changed DefaultStoreFactory hashmaps to ConcurrentHashMaps
Won't be slighted if you don't approve the pull request. But it would
be cool to at least decide on what the high level interface will be for
this. Then I can just implement something in my repository and be
unblocked for my other work.
Thanks.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
11 years, 5 months
creating partitions on the fly
by Bill Burke
Currently, partitions must be pre-known, pre-defined and configured
through the builder interface. If you want something like a management
UI to be able to create new Realms how do you intend to support this?
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
11 years, 5 months
how to model services managed by a realm
by Bill Burke
I'm trying to figure out how to do the following scenario with the
IdentityManager API:
* A realm with N users
* A realm which manages X applications
* Each application has Y roles
* Users have role mappings for each of those roles
I'll need to be able to query:
* What are the applications in the realm
* What roles does a service have
* What are the role mappings for each service for a particular user
It looks like a Role only has a name. So, I can't have "admin" role for
each of my services and different role mappings per service. Would I
have to model this as different "partitions"? I see that you can create
"partitions", but how do you create relationships between "partitions"
or share users between partitions?
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
11 years, 5 months
TOTPCredentails should not be associated with Password
by Bill Burke
Right now, AFAICT, you cannot update the TOTP secret key without also
knowing the password. I"d like to not have TOTP classes inherit from
the corresponding Password classes. I can implement and provide a pull
request if you agree.
Another thing to think about down the road is that you may want to allow
multiple tokens. Tokens generated by different devices owned by the user.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
11 years, 5 months
