[security-dev] PicketLink IDM JPA Identity Store

Jason Porter lightguard.jp at gmail.com
Fri Oct 12 19:06:08 EDT 2012


Thanks Shane, I hadn't thought of that (should have). Sounds like the
entities being in different archives is not only the best way to do things,
but also the only way to do it without having to write a bunch of hacks.

On Fri, Oct 12, 2012 at 4:50 PM, Shane Bryzak <sbryzak at redhat.com> wrote:

> Sure - the biggest problem with this relates to configuration.  We use
> processAnnotatedType() to pick up the entity beans and perform automatic
> configuration during the startup process.  To do this, obviously the
> entity beans must be in a bean archive with a beans.xml - but we can't
> put a beans.xml in the main jar file as it may not have any dependency
> on CDI. Since we have producer methods (and other configuration related
> code) for the main IDM module beans in the core module, we cannot just
> place a beans.xml in the IDM module, (which by itself wouldn't require a
> hard dependency on the CDI jar library) because we would then get
> deployment errors for ambiguous injection points.  The easiest solution
> for this is to simply place the entity beans for the default schema in
> their own separate jar file, which contains a beans.xml.  This way, it
> can be used both in an SE environment and a JEE environment without any
> problems.
>
> On 12/10/12 00:54, Pete Muir wrote:
> > Shane, can you elaborate on why we can't package the entity beans in the
> main jar, but make them only enabled optionally (e.g. via the applications
> persistence.xml)?
> >
> > On 10 Oct 2012, at 21:07, Shane Bryzak wrote:
> >
> >> On 11/10/12 00:22, Douglas Campos wrote:
> >>> On Oct 9, 2012, at 7:52 PM, Shane Bryzak wrote:
> >>>
> >>>> On 10/10/12 08:05, Douglas Campos wrote:
> >>>>> On Oct 9, 2012, at 4:49 PM, Shane Bryzak wrote:
> >>>>>
> >>>>>> If the goal is to make available a simple schema for just some
> >>>>>> developers that wanted it, the best way to do this is to provide an
> >>>>>> additional, optional jar file containing just the simple schema
> entity
> >>>>>> beans (call it picketlink-idm-defaultschema or something like this)
> >>>>>> rather than provide an entirely new implementation.  This way we
> avoid
> >>>>>> the burden of having to maintain two implementations, and also
> avoid the
> >>>>>> aforementioned problem of having unwanted entity beans in the
> >>>>>> distribution for developers that don't want to use the simple
> schema.
> >>>>> So we go from complex to simple? Did you mean the opposite?
> >>>> I don't understand the question, sorry?
> >>> Optional jar file for the simple schema? shouldn't it be the opposite?
> >>>
> >>>
> >> No no - the point I've been (seemingly unsuccessfully) trying to make is
> >> that we *must not* include any entity beans by default.  If we did it
> >> would cause a multitude of problems for our users.  If we do want to
> >> provide a default schema that some of our users *may* elect to use
> >> instead of providing their own, it must be in a separate jar file.
> >> _______________________________________________
> >> security-dev mailing list
> >> security-dev at lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/security-dev
>
>
> _______________________________________________
> security-dev mailing list
> security-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/security-dev
>



-- 
Jason Porter
http://lightguard-jp.blogspot.com
http://twitter.com/lightguardjp

Software Engineer
Open Source Advocate
Author of Seam Catch - Next Generation Java Exception Handling

PGP key id: 926CCFF5
PGP key available at: keyserver.net, pgp.mit.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/security-dev/attachments/20121012/ad71efac/attachment.html 


More information about the security-dev mailing list