7:38 p.m.
I've just spotted one inconsistency myself with the Role management
methods. Since "application" roles no longer exist, I propose we
redefine the "standard" role to take their place, and what we previously
called a "standard role" we now call a "group role" (as it applies to
a
role within a group). Updated API is as follows:
// Roles
void createRole(Role role);
void removeRole(Role role);
Role getRole(String name);
boolean hasGroupRole(IdentityType identityType, Role role, Group
group);
void grantGroupRole(IdentityType identityType, Role role, Group group);
void revokeGroupRole(IdentityType identityType, Role role, Group
group);
boolean hasRole(IdentityType identityType, Role role);
void grantRole(IdentityType identityType, Role role);
void revokeRole(IdentityType identityType, Role role);
On 11/21/2012 08:41 AM, Shane Bryzak wrote:
I've updated the IdentityManager API based on the latest design,
could
everyone please take a couple of minutes to review and let me know if
you spot any issues. We'll probably do a time-boxed release (Anil,
could you please confirm?) shortly so that projects consuming PLIDM can
start building against the API.
Thanks,
Shane
public interface IdentityManager {
void bootstrap(IdentityConfiguration configuration,
IdentityStoreInvocationContextFactory contextFactory);
void setIdentityStoreFactory(IdentityStoreFactory factory);
// User
void createUser(User user);
void removeUser(User user);
void updateUser(User user);
User getUser(String name);
// Group
void createGroup(Group group);
void removeGroup(Group group);
Group getGroup(String groupId);
Group getGroup(String groupName, Group parent);
boolean isMember(IdentityType identityType, Group group);
void addToGroup(IdentityType identityType, Group group);
void removeFromGroup(IdentityType identityType, Group group);
// Roles
void createRole(Role role);
void removeRole(Role role);
Role getRole(String name);
boolean hasRole(IdentityType identityType, Role role, Group group);
void grantRole(IdentityType identityType, Role role, Group group);
void revokeRole(IdentityType identityType, Role role, Group group);
boolean hasApplicationRole(IdentityType identityType, Role role);
void grantApplicationRole(IdentityType identityType, Role role);
void revokeApplicationRole(IdentityType identityType, Role role);
// Query API
<T extends IdentityType> IdentityQuery<T> createQuery();
// Credential management
boolean validateCredential(User user, Credential credential);
void updateCredential(User user, Credential credential);
// User / Role / Group enablement / expiry
void setEnabled(IdentityType identityType, boolean enabled);
void setExpirationDate(IdentityType identityType, Date expirationDate);
IdentityType lookupIdentityByKey(String key);
// Attributes
void setAttribute(IdentityType identityType, Attribute<? extends
Serializable> attribute);
<T extends Serializable> Attribute<T> getAttribute(IdentityType
identityType, String attributeName);
void removeAttribute(IdentityType identityType, String attributeName);
// Realm
void createRealm(Realm realm);
void removeRealm(Realm realm);
Realm getRealm(String name);
// Tier
void createTier(Tier tier);
void removeTier(Tier tier);
Tier getTier(String id);
// Context
IdentityManager forRealm(Realm realm);
IdentityManager forTier(Tier tier);
}
_______________________________________________
security-dev mailing list
security-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/security-dev