[security-dev] IDM API - Final review
Shane Bryzak
sbryzak at redhat.com
Tue Nov 20 20:38:35 EST 2012
I've just spotted one inconsistency myself with the Role management
methods. Since "application" roles no longer exist, I propose we
redefine the "standard" role to take their place, and what we previously
called a "standard role" we now call a "group role" (as it applies to a
role within a group). Updated API is as follows:
// Roles
void createRole(Role role);
void removeRole(Role role);
Role getRole(String name);
boolean hasGroupRole(IdentityType identityType, Role role, Group
group);
void grantGroupRole(IdentityType identityType, Role role, Group group);
void revokeGroupRole(IdentityType identityType, Role role, Group
group);
boolean hasRole(IdentityType identityType, Role role);
void grantRole(IdentityType identityType, Role role);
void revokeRole(IdentityType identityType, Role role);
On 11/21/2012 08:41 AM, Shane Bryzak wrote:
> I've updated the IdentityManager API based on the latest design, could
> everyone please take a couple of minutes to review and let me know if
> you spot any issues. We'll probably do a time-boxed release (Anil,
> could you please confirm?) shortly so that projects consuming PLIDM can
> start building against the API.
>
> Thanks,
> Shane
>
>
> public interface IdentityManager {
> void bootstrap(IdentityConfiguration configuration,
> IdentityStoreInvocationContextFactory contextFactory);
>
> void setIdentityStoreFactory(IdentityStoreFactory factory);
>
> // User
>
> void createUser(User user);
>
> void removeUser(User user);
>
> void updateUser(User user);
>
> User getUser(String name);
>
> // Group
>
> void createGroup(Group group);
>
> void removeGroup(Group group);
>
> Group getGroup(String groupId);
>
> Group getGroup(String groupName, Group parent);
>
> boolean isMember(IdentityType identityType, Group group);
>
> void addToGroup(IdentityType identityType, Group group);
>
> void removeFromGroup(IdentityType identityType, Group group);
>
> // Roles
>
> void createRole(Role role);
>
> void removeRole(Role role);
>
> Role getRole(String name);
>
> boolean hasRole(IdentityType identityType, Role role, Group group);
>
> void grantRole(IdentityType identityType, Role role, Group group);
>
> void revokeRole(IdentityType identityType, Role role, Group group);
>
> boolean hasApplicationRole(IdentityType identityType, Role role);
>
> void grantApplicationRole(IdentityType identityType, Role role);
>
> void revokeApplicationRole(IdentityType identityType, Role role);
>
> // Query API
>
> <T extends IdentityType> IdentityQuery<T> createQuery();
>
> // Credential management
>
> boolean validateCredential(User user, Credential credential);
>
> void updateCredential(User user, Credential credential);
>
> // User / Role / Group enablement / expiry
>
> void setEnabled(IdentityType identityType, boolean enabled);
>
> void setExpirationDate(IdentityType identityType, Date expirationDate);
>
> IdentityType lookupIdentityByKey(String key);
>
> // Attributes
>
> void setAttribute(IdentityType identityType, Attribute<? extends
> Serializable> attribute);
>
> <T extends Serializable> Attribute<T> getAttribute(IdentityType
> identityType, String attributeName);
>
> void removeAttribute(IdentityType identityType, String attributeName);
>
> // Realm
>
> void createRealm(Realm realm);
>
> void removeRealm(Realm realm);
>
> Realm getRealm(String name);
>
> // Tier
>
> void createTier(Tier tier);
>
> void removeTier(Tier tier);
>
> Tier getTier(String id);
>
> // Context
>
> IdentityManager forRealm(Realm realm);
>
> IdentityManager forTier(Tier tier);
> }
>
> _______________________________________________
> security-dev mailing list
> security-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/security-dev
More information about the security-dev
mailing list