[security-dev] IDM API - Final review

Shane Bryzak sbryzak at redhat.com
Tue Nov 20 20:38:35 EST 2012


I've just spotted one inconsistency myself with the Role management 
methods.  Since "application" roles no longer exist, I propose we 
redefine the "standard" role to take their place, and what we previously 
called a "standard role" we now call a "group role" (as it applies to a 
role within a group).  Updated API is as follows:

     // Roles

     void createRole(Role role);

     void removeRole(Role role);

     Role getRole(String name);

     boolean hasGroupRole(IdentityType identityType, Role role, Group 
group);

     void grantGroupRole(IdentityType identityType, Role role, Group group);

     void revokeGroupRole(IdentityType identityType, Role role, Group 
group);

     boolean hasRole(IdentityType identityType, Role role);

     void grantRole(IdentityType identityType, Role role);

     void revokeRole(IdentityType identityType, Role role);



On 11/21/2012 08:41 AM, Shane Bryzak wrote:
> I've updated the IdentityManager API based on the latest design, could
> everyone please take a couple of minutes to review and let me know if
> you spot any issues.  We'll probably do a time-boxed release (Anil,
> could you please confirm?) shortly so that projects consuming PLIDM can
> start building against the API.
>
> Thanks,
> Shane
>
>
> public interface IdentityManager {
>       void bootstrap(IdentityConfiguration configuration,
> IdentityStoreInvocationContextFactory contextFactory);
>
>       void setIdentityStoreFactory(IdentityStoreFactory factory);
>
>       // User
>
>       void createUser(User user);
>
>       void removeUser(User user);
>
>       void updateUser(User user);
>
>       User getUser(String name);
>
>       // Group
>
>       void createGroup(Group group);
>
>       void removeGroup(Group group);
>
>       Group getGroup(String groupId);
>
>       Group getGroup(String groupName, Group parent);
>
>       boolean isMember(IdentityType identityType, Group group);
>
>       void addToGroup(IdentityType identityType, Group group);
>
>       void removeFromGroup(IdentityType identityType, Group group);
>
>       // Roles
>
>       void createRole(Role role);
>
>       void removeRole(Role role);
>
>       Role getRole(String name);
>
>       boolean hasRole(IdentityType identityType, Role role, Group group);
>
>       void grantRole(IdentityType identityType, Role role, Group group);
>
>       void revokeRole(IdentityType identityType, Role role, Group group);
>
>       boolean hasApplicationRole(IdentityType identityType, Role role);
>
>       void grantApplicationRole(IdentityType identityType, Role role);
>
>       void revokeApplicationRole(IdentityType identityType, Role role);
>
>       // Query API
>
>       <T extends IdentityType> IdentityQuery<T> createQuery();
>
>       // Credential management
>
>       boolean validateCredential(User user, Credential credential);
>
>       void updateCredential(User user, Credential credential);
>
>       // User / Role / Group enablement / expiry
>
>       void setEnabled(IdentityType identityType, boolean enabled);
>
>       void setExpirationDate(IdentityType identityType, Date expirationDate);
>
>       IdentityType lookupIdentityByKey(String key);
>
>       // Attributes
>
>       void setAttribute(IdentityType identityType, Attribute<? extends
> Serializable> attribute);
>
>       <T extends Serializable> Attribute<T> getAttribute(IdentityType
> identityType, String attributeName);
>
>       void removeAttribute(IdentityType identityType, String attributeName);
>
>       // Realm
>
>       void createRealm(Realm realm);
>
>       void removeRealm(Realm realm);
>
>       Realm getRealm(String name);
>
>       // Tier
>
>       void createTier(Tier tier);
>
>       void removeTier(Tier tier);
>
>       Tier getTier(String id);
>
>       // Context
>
>       IdentityManager forRealm(Realm realm);
>
>       IdentityManager forTier(Tier tier);
> }
>
> _______________________________________________
> security-dev mailing list
> security-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/security-dev



More information about the security-dev mailing list