9:52 a.m.
I've already stated this, but I'll state it again.
If you want to use the JPA store, your application requires specific
knowledge that it is using a JPA store, on multiple levels:
IdentityManagerFactory creation as well as each time you interact with
an IdentityManager. For JPA, you'll want to begin/commit/rollback, and
you also need to close the underlying EntityManager. I don't think JPA
will be alone in wanting to do this. There may be other stores that
could be transactionally aware i.e. Infinispan, etc.
The ContextInitializer is inadequate because it only handles
initialization and none of the other callbacks I mentioned
(begin/commit/rollback/close/destroy).
Also, I strongly believe you need to expose an abstract "transaction"
interface for the IDM. I suggest the following:
interface IdentityContextFactory {
IdentityContext createIdentityContext();
void close();
}
interface IdentityContext {
void begin();
void commit();
void rollback();
void close();
Realm getRealm(String id);
void deleteRealm(Realm realm);
Realm createRealm(String id);
Tier getTier(String id);
void deleteTier(Tier tier);
Tier createTier(String id);
PartitionManager createPartitionManager(Partition partition);
PartitionManager defaultPartitionManager();
}
interface PartitionManager extends IdentityManager { // really I want to
rename IdentityManager
}
interface ContextInitializer {
void begin(SecurityContext context);
void commit(SecurityContext context);
void rollback(SecurityContext context);
void close(SecurityContext context);
void initContextForStore(SecurityContext context, IdentityStore<?>
store);
}
I'd be happy to implement this so long as I can get any pull request I
create committed sooner than the 25 days my current pull request is
sitting in the queue.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
12:49 p.m.
I'll also want to restate that core Wildfly usage of Picketlink IDM will
not run in a container that can manage EntityManager instances. Even in
the EJB case you'll be authenticating and authorizing before a
transaction is started. Without a transaction, you don't have automatic
management of EntityManager instances.
On 7/8/2013 10:52 AM, Bill Burke wrote:
I've already stated this, but I'll state it again.
If you want to use the JPA store, your application requires specific
knowledge that it is using a JPA store, on multiple levels:
IdentityManagerFactory creation as well as each time you interact with
an IdentityManager. For JPA, you'll want to begin/commit/rollback, and
you also need to close the underlying EntityManager. I don't think JPA
will be alone in wanting to do this. There may be other stores that
could be transactionally aware i.e. Infinispan, etc.
The ContextInitializer is inadequate because it only handles
initialization and none of the other callbacks I mentioned
(begin/commit/rollback/close/destroy).
Also, I strongly believe you need to expose an abstract "transaction"
interface for the IDM. I suggest the following:
interface IdentityContextFactory {
IdentityContext createIdentityContext();
void close();
}
interface IdentityContext {
void begin();
void commit();
void rollback();
void close();
Realm getRealm(String id);
void deleteRealm(Realm realm);
Realm createRealm(String id);
Tier getTier(String id);
void deleteTier(Tier tier);
Tier createTier(String id);
PartitionManager createPartitionManager(Partition partition);
PartitionManager defaultPartitionManager();
}
interface PartitionManager extends IdentityManager { // really I want to
rename IdentityManager
}
interface ContextInitializer {
void begin(SecurityContext context);
void commit(SecurityContext context);
void rollback(SecurityContext context);
void close(SecurityContext context);
void initContextForStore(SecurityContext context, IdentityStore<?>
store);
}
I'd be happy to implement this so long as I can get any pull request I
create committed sooner than the 25 days my current pull request is
sitting in the queue.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
11:20 p.m.
Shane/Pedro - what do you think about the JPA/transaction issues Bill is raising?
The tx api Bill is proposing looks fine to me but I cannot think of any cases where
it may be redundant.
Bill, regarding pending PR - we are close to doing a beta release with the custom identity
types work and other
changes. Your pull request will be dealt along with that. We are counting on your feedback
with this beta release.
----- Original Message -----
From: "Bill Burke" <bburke(a)redhat.com>
To: security-dev(a)lists.jboss.org
Sent: Monday, July 8, 2013 12:49:51 PM
Subject: Re: [security-dev] no API for managing EntityManagers
I'll also want to restate that core Wildfly usage of Picketlink IDM will
not run in a container that can manage EntityManager instances. Even in
the EJB case you'll be authenticating and authorizing before a
transaction is started. Without a transaction, you don't have automatic
management of EntityManager instances.
On 7/8/2013 10:52 AM, Bill Burke wrote:
I've already stated this, but I'll state it again.
If you want to use the JPA store, your application requires specific
knowledge that it is using a JPA store, on multiple levels:
IdentityManagerFactory creation as well as each time you interact with
an IdentityManager. For JPA, you'll want to begin/commit/rollback, and
you also need to close the underlying EntityManager. I don't think JPA
will be alone in wanting to do this. There may be other stores that
could be transactionally aware i.e. Infinispan, etc.
The ContextInitializer is inadequate because it only handles
initialization and none of the other callbacks I mentioned
(begin/commit/rollback/close/destroy).
Also, I strongly believe you need to expose an abstract "transaction"
interface for the IDM. I suggest the following:
interface IdentityContextFactory {
IdentityContext createIdentityContext();
void close();
}
interface IdentityContext {
void begin();
void commit();
void rollback();
void close();
Realm getRealm(String id);
void deleteRealm(Realm realm);
Realm createRealm(String id);
Tier getTier(String id);
void deleteTier(Tier tier);
Tier createTier(String id);
PartitionManager createPartitionManager(Partition partition);
PartitionManager defaultPartitionManager();
}
interface PartitionManager extends IdentityManager { // really I want to
rename IdentityManager
}
interface ContextInitializer {
void begin(SecurityContext context);
void commit(SecurityContext context);
void rollback(SecurityContext context);
void close(SecurityContext context);
void initContextForStore(SecurityContext context, IdentityStore<?>
store);
}
I'd be happy to implement this so long as I can get any pull request I
create committed sooner than the 25 days my current pull request is
sitting in the queue.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
security-dev mailing list
security-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/security-dev
7:49 a.m.
I'm working on the transactional api/spi. I'll have something in a day
or two.
On 7/9/2013 12:20 AM, Anil Saldhana wrote:
Shane/Pedro - what do you think about the JPA/transaction issues Bill
is raising?
The tx api Bill is proposing looks fine to me but I cannot think of any cases where
it may be redundant.
Bill, regarding pending PR - we are close to doing a beta release with the custom
identity types work and other
changes. Your pull request will be dealt along with that. We are counting on your
feedback with this beta release.
----- Original Message -----
From: "Bill Burke" <bburke(a)redhat.com>
To: security-dev(a)lists.jboss.org
Sent: Monday, July 8, 2013 12:49:51 PM
Subject: Re: [security-dev] no API for managing EntityManagers
I'll also want to restate that core Wildfly usage of Picketlink IDM will
not run in a container that can manage EntityManager instances. Even in
the EJB case you'll be authenticating and authorizing before a
transaction is started. Without a transaction, you don't have automatic
management of EntityManager instances.
On 7/8/2013 10:52 AM, Bill Burke wrote:
> I've already stated this, but I'll state it again.
>
> If you want to use the JPA store, your application requires specific
> knowledge that it is using a JPA store, on multiple levels:
> IdentityManagerFactory creation as well as each time you interact with
> an IdentityManager. For JPA, you'll want to begin/commit/rollback, and
> you also need to close the underlying EntityManager. I don't think JPA
> will be alone in wanting to do this. There may be other stores that
> could be transactionally aware i.e. Infinispan, etc.
>
> The ContextInitializer is inadequate because it only handles
> initialization and none of the other callbacks I mentioned
> (begin/commit/rollback/close/destroy).
>
> Also, I strongly believe you need to expose an abstract "transaction"
> interface for the IDM. I suggest the following:
>
> interface IdentityContextFactory {
>
> IdentityContext createIdentityContext();
> void close();
> }
>
> interface IdentityContext {
> void begin();
> void commit();
> void rollback();
> void close();
>
> Realm getRealm(String id);
> void deleteRealm(Realm realm);
> Realm createRealm(String id);
>
> Tier getTier(String id);
> void deleteTier(Tier tier);
> Tier createTier(String id);
>
> PartitionManager createPartitionManager(Partition partition);
> PartitionManager defaultPartitionManager();
> }
>
> interface PartitionManager extends IdentityManager { // really I want to
> rename IdentityManager
> }
>
> interface ContextInitializer {
> void begin(SecurityContext context);
> void commit(SecurityContext context);
> void rollback(SecurityContext context);
> void close(SecurityContext context);
>
> void initContextForStore(SecurityContext context, IdentityStore<?>
> store);
> }
>
> I'd be happy to implement this so long as I can get any pull request I
> create committed sooner than the 25 days my current pull request is
> sitting in the queue.
>
>
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
4202
days inactive
4203
days old
3 comments
2 participants
participants (2)
-
Anil Saldhana -
Bill Burke