[security-dev] no API for managing EntityManagers

Bill Burke bburke at redhat.com
Tue Jul 9 08:49:56 EDT 2013 

I'm working on the transactional api/spi.  I'll have something in a day 
or two.

On 7/9/2013 12:20 AM, Anil Saldhana wrote:
> Shane/Pedro - what do you think about the JPA/transaction issues Bill is raising?
>
> The tx api Bill is proposing looks fine to me but I cannot think of any cases where
> it may be redundant.
>
> Bill, regarding pending PR - we are close to doing a beta release with the custom identity types work and other
> changes. Your pull request will be dealt along with that. We are counting on your feedback with this beta release.
>
> ----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: security-dev at lists.jboss.org
> Sent: Monday, July 8, 2013 12:49:51 PM
> Subject: Re: [security-dev] no API for managing EntityManagers
>
> I'll also want to restate that core Wildfly usage of Picketlink IDM will
> not run in a container that can manage EntityManager instances.  Even in
> the EJB case you'll be authenticating and authorizing before a
> transaction is started.  Without a transaction, you don't have automatic
> management of EntityManager instances.
>
> On 7/8/2013 10:52 AM, Bill Burke wrote:
>> I've already stated this, but I'll state it again.
>>
>> If you want to use the JPA store, your application requires specific
>> knowledge that it is using a JPA store, on multiple levels:
>> IdentityManagerFactory creation as well as each time you interact with
>> an IdentityManager.  For JPA, you'll want to begin/commit/rollback, and
>> you also need to close the underlying EntityManager.  I don't think JPA
>> will be alone in wanting to do this.  There may be other stores that
>> could be transactionally aware i.e. Infinispan, etc.
>>
>> The ContextInitializer is inadequate because it only handles
>> initialization and none of the other callbacks I mentioned
>> (begin/commit/rollback/close/destroy).
>>
>> Also, I strongly believe you need to expose an abstract "transaction"
>> interface for the IDM.  I suggest the following:
>>
>> interface IdentityContextFactory {
>>
>>       IdentityContext createIdentityContext();
>>       void close();
>> }
>>
>> interface IdentityContext {
>>       void begin();
>>       void commit();
>>       void rollback();
>>       void close();
>>
>>       Realm getRealm(String id);
>>       void deleteRealm(Realm realm);
>>       Realm createRealm(String id);
>>
>>       Tier getTier(String id);
>>       void deleteTier(Tier tier);
>>       Tier createTier(String id);
>>
>>       PartitionManager createPartitionManager(Partition partition);
>>       PartitionManager defaultPartitionManager();
>> }
>>
>> interface PartitionManager extends IdentityManager { // really I want to
>> rename IdentityManager
>> }
>>
>> interface ContextInitializer {
>>       void begin(SecurityContext context);
>>       void commit(SecurityContext context);
>>       void rollback(SecurityContext context);
>>       void close(SecurityContext context);
>>
>>       void initContextForStore(SecurityContext context, IdentityStore<?>
>> store);
>> }
>>
>> I'd be happy to implement this so long as I can get any pull request I
>> create committed sooner than the 25 days my current pull request is
>> sitting in the queue.
>>
>>
>>
>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

More information about the security-dev mailing list