[security-dev] how to model services managed by a realm
Bill Burke
bburke at redhat.com
Tue Jun 11 11:18:32 EDT 2013
On 6/11/2013 10:58 AM, Pedro Igor Silva wrote:
> The main idea behind tiers are to share role/groups between realms. And not tie them to a specific realm. From the documentation:
>
> "A Tier is a more restrictive type of partition than a realm, as it only allows groups and roles to
> be defined (but not users). A Tier may be used to define a set of application-specific groups and
> roles, which may then be assigned to groups within the same Tier, or to users and groups within
> a separate Realm."
>
> I think I have discussed that with Shane some time ago about attributes on partitions. Need to recall that. But I agree that partition-scoped attributes can be handy.
>
Ok, yet another roadblock I've run into is that it seems you cannot
create tiers or realms on the fly. It looks like that all Realms and
Tiers you want to have must be known and pre-configured before you
create the IdentityManagerFactory.
If I understand the code correctly, an IdentityManagerFactory acts as a
cache for all realms and tiers stored under it? So, being able to
add/remote tiers/realms on the fly would be pretty key.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the security-dev
mailing list