[security-dev] PicketLink IDM JPA Identity Store

Shane Bryzak sbryzak at redhat.com
Fri Oct 12 18:50:20 EDT 2012


Sure - the biggest problem with this relates to configuration.  We use 
processAnnotatedType() to pick up the entity beans and perform automatic 
configuration during the startup process.  To do this, obviously the 
entity beans must be in a bean archive with a beans.xml - but we can't 
put a beans.xml in the main jar file as it may not have any dependency 
on CDI. Since we have producer methods (and other configuration related 
code) for the main IDM module beans in the core module, we cannot just 
place a beans.xml in the IDM module, (which by itself wouldn't require a 
hard dependency on the CDI jar library) because we would then get 
deployment errors for ambiguous injection points.  The easiest solution 
for this is to simply place the entity beans for the default schema in 
their own separate jar file, which contains a beans.xml.  This way, it 
can be used both in an SE environment and a JEE environment without any 
problems.

On 12/10/12 00:54, Pete Muir wrote:
> Shane, can you elaborate on why we can't package the entity beans in the main jar, but make them only enabled optionally (e.g. via the applications persistence.xml)?
>
> On 10 Oct 2012, at 21:07, Shane Bryzak wrote:
>
>> On 11/10/12 00:22, Douglas Campos wrote:
>>> On Oct 9, 2012, at 7:52 PM, Shane Bryzak wrote:
>>>
>>>> On 10/10/12 08:05, Douglas Campos wrote:
>>>>> On Oct 9, 2012, at 4:49 PM, Shane Bryzak wrote:
>>>>>
>>>>>> If the goal is to make available a simple schema for just some
>>>>>> developers that wanted it, the best way to do this is to provide an
>>>>>> additional, optional jar file containing just the simple schema entity
>>>>>> beans (call it picketlink-idm-defaultschema or something like this)
>>>>>> rather than provide an entirely new implementation.  This way we avoid
>>>>>> the burden of having to maintain two implementations, and also avoid the
>>>>>> aforementioned problem of having unwanted entity beans in the
>>>>>> distribution for developers that don't want to use the simple schema.
>>>>> So we go from complex to simple? Did you mean the opposite?
>>>> I don't understand the question, sorry?
>>> Optional jar file for the simple schema? shouldn't it be the opposite?
>>>
>>>
>> No no - the point I've been (seemingly unsuccessfully) trying to make is
>> that we *must not* include any entity beans by default.  If we did it
>> would cause a multitude of problems for our users.  If we do want to
>> provide a default schema that some of our users *may* elect to use
>> instead of providing their own, it must be in a separate jar file.
>> _______________________________________________
>> security-dev mailing list
>> security-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/security-dev




More information about the security-dev mailing list