[security-dev] lookupIdentityById requires preconfigured Tiers

Shane Bryzak sbryzak at redhat.com
Wed Jul 10 19:55:09 EDT 2013


Bill, you've got to wait until we've merged the PLINK-130 changes back 
into trunk - pretty much everything has changed now, and we're working 
extremely hard to get another beta out shortly.  If you want to get a 
feel for what has changed, the merge branch is here:

https://github.com/picketlink/picketlink/tree/merge/PLINK-130

By the way we're code-naming the next release "Bill", because it was 
your use cases that drove all the changes.  Hopefully the work we've 
done is going to meet your requirements much better than before.

On 11/07/13 09:45, Bill Burke wrote:
> Ok, I was going to add a getPartitions() method to IdentityStore, but
> this just won't scale.  Instead I changed
> DefaultIdentityManager.checkIfIdentityTypeExists() to take into account
> the identityType's partition id if it is set.  This fixes my grantRole()
> problem.
>
> The question is on whether IdentityManager.lookupIdentityById() needs to
> be fixed.  If this method is supposed to be scoped to the partition,
> then its ok, otherwise it will need to be fixed.
>
> On 7/10/2013 7:12 PM, Bill Burke wrote:
>> A problem I just ran into with my dynamic tier creation/deletion is that
>> DefaultIdnetityManager.lookupIdentityById() requires that tiers be
>> preconfigured and listed in the store's config.  So, if you're doing a
>> realm.grantRole() for a dynamically created Tier-based Role, it won't
>> work :(
>>
>> I'm working on a fix now.
>>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/security-dev/attachments/20130711/70168b64/attachment.html 


More information about the security-dev mailing list