I'll also want to restate that core Wildfly usage of Picketlink IDM will
not run in a container that can manage EntityManager instances. Even in
the EJB case you'll be authenticating and authorizing before a
transaction is started. Without a transaction, you don't have automatic
management of EntityManager instances.
On 7/8/2013 10:52 AM, Bill Burke wrote:
I've already stated this, but I'll state it again.
If you want to use the JPA store, your application requires specific
knowledge that it is using a JPA store, on multiple levels:
IdentityManagerFactory creation as well as each time you interact with
an IdentityManager. For JPA, you'll want to begin/commit/rollback, and
you also need to close the underlying EntityManager. I don't think JPA
will be alone in wanting to do this. There may be other stores that
could be transactionally aware i.e. Infinispan, etc.
The ContextInitializer is inadequate because it only handles
initialization and none of the other callbacks I mentioned
(begin/commit/rollback/close/destroy).
Also, I strongly believe you need to expose an abstract "transaction"
interface for the IDM. I suggest the following:
interface IdentityContextFactory {
IdentityContext createIdentityContext();
void close();
}
interface IdentityContext {
void begin();
void commit();
void rollback();
void close();
Realm getRealm(String id);
void deleteRealm(Realm realm);
Realm createRealm(String id);
Tier getTier(String id);
void deleteTier(Tier tier);
Tier createTier(String id);
PartitionManager createPartitionManager(Partition partition);
PartitionManager defaultPartitionManager();
}
interface PartitionManager extends IdentityManager { // really I want to
rename IdentityManager
}
interface ContextInitializer {
void begin(SecurityContext context);
void commit(SecurityContext context);
void rollback(SecurityContext context);
void close(SecurityContext context);
void initContextForStore(SecurityContext context, IdentityStore<?>
store);
}
I'd be happy to implement this so long as I can get any pull request I
create committed sooner than the 25 days my current pull request is
sitting in the queue.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com