[security-dev] concurrent access to IDM
Bill Burke
bburke at redhat.com
Fri Jun 21 18:29:26 EDT 2013
On 6/21/2013 6:05 PM, Anil Saldhana wrote:
> Hi Bill,
> in your view, what should PicketLink do as you are operating in a
> JavaSE (Non JTA) environment?
>
Maybe I need to clarify. In Wildfly, servlet authentication will not
happen within an EJB container, so no container managed transactions or
container managed entity managers.
> My understanding is that applications deal with transaction management
> in a non container (non JTA) environment. Special consideration should
> be given to the fact that entity managers are not thread safe.
> http://docs.jboss.org/hibernate/orm/4.0/hem/en-US/html/transactions.html
>
This is what I'm trying to tell you and why I"m bringing this up in a
"concurrent access" email thread.
The servlet authentication layer should not care what the underlying
Identity store is. But the JPA identity store needs to be able to
create and destroy EntityManagers and entity manager transactions *per*
access, depending on the settings. I only see code for initialization,
ContextInitializer.
I think this is all backwards. IDMF hides the SecurityContext, when,
IMO, the SecurityContext should be exposed to the application, and
closed by the application when it is finished.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the security-dev
mailing list