Re: [security-dev] how to model services managed by a realm
On 6/11/2013 10:58 AM, Pedro Igor Silva wrote:
The main idea behind tiers are to share role/groups between
realms. And not tie them to a specific realm. From the documentation:
"A Tier is a more restrictive type of partition than a realm, as it only allows
groups and roles to
be defined (but not users). A Tier may be used to define a set of application-specific
groups and
roles, which may then be assigned to groups within the same Tier, or to users and groups
within
a separate Realm."
I think I have discussed that with Shane some time ago about attributes on
partitions. Need to recall that. But I agree that partition-scoped attributes can be
handy.
Ok, yet another roadblock I've run into is that it seems you cannot
create tiers or realms on the fly. It looks like that all Realms and
Tiers you want to have must be known and pre-configured before you
create the IdentityManagerFactory.
If I understand the code correctly, an IdentityManagerFactory acts as a
cache for all realms and tiers stored under it? So, being able to
add/remote tiers/realms on the fly would be pretty key.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com