[security-dev] IdentityStore changes

Shane Bryzak sbryzak at redhat.com
Thu Oct 25 05:36:19 EDT 2012


On 10/25/2012 12:22 PM, Anil Saldhana wrote:
> On 10/24/2012 09:16 PM, Shane Bryzak wrote:
>> Guys,
>>
>> I've made a couple of minor changes to IdentityStore to simplify the API
>> as follows:
>>
>> 1) Removed method createUser(String id)
>>
>> This method was redundant, as the implementation simply delegated to the
>> other overloaded method of the same name:
>>
>> public User createUser(String id) {
>>      return createUser(new SimpleUser(id));
>> }
>>
>> Also, it would (IMO) be extremely rare for a user to be created without
>> any of its other properties or attributes, such as first name, last
>> name, e-mail address, etc.  We can still provide a createUser(String)
>> method on the IdentityManager interface for the convenience of the User
>> (my preference is not to have one at all), but make IdentityManager
>> responsible for creating the User instance.
>>
>> 2) Changed return type from createUser(User user) from User to void.
>>
>> Returning a User from this method when it already accepts a User
>> parameter is also redundant.  I tossed up whether we should return a
>> boolean instead, but decided against it because if user creation fails
>> for whatever reason we should really be throwing an exception instead.
>>
>> I'll try to make the update to the LDAP identity store myself to reflect
>> these changes.  Just a heads up though that there will most likely be
>> more changes coming as I discover further shortfalls in the API, so any
>> assistance with keeping the various implementations synchronized with
>> the API would be greatly appreciated.
> If the LDAP implementation chokes when you make API changes, add @Ignore
> to the tests so that Pedro or I can fix it periodically.
> IMO IDM is the most critical piece of the puzzle with the most impact on
> projects. We should try to stabilize the API as quickly as possible. If
> we checkpoint periodically, it will enable projects and quickstarts to
> get developed in parallel.

+1 for stabilizing the API quickly.  So far the only changes have been 
in the SPI, so no impact for anyone consuming the IDM module. We should 
shortly review the IdentityManager interface though (the API) so that we 
can lock it down.

On a somewhat related note, I've removed a bunch of attribute management 
methods from IdentityStore to simplify it - we had multiple versions of 
setAttribute/removeAttribute/getAttribute etc for each of the identity 
types (users, groups and roles) however since they all implement 
IdentityType I've just trimmed it down to one set of methods that accept 
an IdentityType as a parameter.

>
> _______________________________________________
> security-dev mailing list
> security-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/security-dev



More information about the security-dev mailing list