[jboss-jira] [JBoss JIRA] (ELY-366) Clarify realm read/update semantics
David Lloyd (JIRA)
issues at jboss.org
Tue Nov 1 08:04:00 EDT 2016
[ https://issues.jboss.org/browse/ELY-366?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
David Lloyd resolved ELY-366.
-----------------------------
Fix Version/s: 1.1.0.Beta6
Assignee: David Lloyd
Resolution: Done
> Clarify realm read/update semantics
> -----------------------------------
>
> Key: ELY-366
> URL: https://issues.jboss.org/browse/ELY-366
> Project: WildFly Elytron
> Issue Type: Enhancement
> Components: Realms
> Reporter: David Lloyd
> Assignee: David Lloyd
> Fix For: 1.1.0.Beta6
>
>
> The following points are currently true:
> * Identities are "created" via {{SecurityRealm.createRealmIdentity(name)}}
> * These identities are not really *created* at this time; this just creates a handle by which the identity can be queried
> * Identity access has a bound lifecycle
> * Identity access is not atomic - an identity can be updated as it is accessed
> * Modifiable realm identities use the same "create" mechanism but with an extra method to actually realize them within the realm
> I propose the following changes:
> * {{createRealmIdentity}} should be changed to {{getRealmIdentity}}
> * {{ModifiableSecurityRealm}} should no longer override this method, instead introducing a new method {{getRealmIdentityForUpdate}} which returns a {{ModifiableRealmIdentity}}
> * Semantically, a read lock (or equivalent) is held during the lifecycle of {{RealmIdentity}} and a write lock (or equivalent) is held during the lifecycle of {{ModifiableRealmIdentity}}
> * Locks are released when the identity is destroyed
> * AuthorizationIdentity generally should be an immutable snapshot
> This will ensure the atomicity of all authentication and authorization operations.
--
This message was sent by Atlassian JIRA
(v7.2.2#72004)
More information about the jboss-jira
mailing list