Re: [security-dev] concurrent access to IDM
SHould really be something like this:
IdentityManagerFactory factory = ...;
SecurityContext context = factory.beginContext();
IdentityManager corporate = context.getRealm("Red Hat");
User user = corporate.getUser("bburke(a)redhat.com");
IdentityManager application = context.getTier("My Application");
Role role = application.getRole("admin");
corporate.grantRole(user, role);
context.commit();
context.close();
IMO also, there should be a rename:
SecurityContext -> IdentityContext
IdentityManagerFactory -> IdentityContextFactory
IdentityManager -> PartitionManager
The SecurityContext name has already been used in other APIs and kind of
conflicts.already exists.
On 6/21/2013 6:29 PM, Bill Burke wrote:
On 6/21/2013 6:05 PM, Anil Saldhana wrote:
> Hi Bill,
> in your view, what should PicketLink do as you are operating in a
> JavaSE (Non JTA) environment?
>
Maybe I need to clarify. In Wildfly, servlet authentication will not
happen within an EJB container, so no container managed transactions or
container managed entity managers.
> My understanding is that applications deal with transaction management
> in a non container (non JTA) environment. Special consideration should
> be given to the fact that entity managers are not thread safe.
> http://docs.jboss.org/hibernate/orm/4.0/hem/en-US/html/transactions.html
>
This is what I'm trying to tell you and why I"m bringing this up in a
"concurrent access" email thread.
The servlet authentication layer should not care what the underlying
Identity store is. But the JPA identity store needs to be able to
create and destroy EntityManagers and entity manager transactions *per*
access, depending on the settings. I only see code for initialization,
ContextInitializer.
I think this is all backwards. IDMF hides the SecurityContext, when,
IMO, the SecurityContext should be exposed to the application, and
closed by the application when it is finished.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com