[security-dev] concurrent access to IDM
Bill Burke
bburke at redhat.com
Fri Jun 21 18:40:15 EDT 2013
SHould really be something like this:
IdentityManagerFactory factory = ...;
SecurityContext context = factory.beginContext();
IdentityManager corporate = context.getRealm("Red Hat");
User user = corporate.getUser("bburke at redhat.com");
IdentityManager application = context.getTier("My Application");
Role role = application.getRole("admin");
corporate.grantRole(user, role);
context.commit();
context.close();
IMO also, there should be a rename:
SecurityContext -> IdentityContext
IdentityManagerFactory -> IdentityContextFactory
IdentityManager -> PartitionManager
The SecurityContext name has already been used in other APIs and kind of
conflicts.already exists.
On 6/21/2013 6:29 PM, Bill Burke wrote:
>
>
> On 6/21/2013 6:05 PM, Anil Saldhana wrote:
>> Hi Bill,
>> in your view, what should PicketLink do as you are operating in a
>> JavaSE (Non JTA) environment?
>>
>
> Maybe I need to clarify. In Wildfly, servlet authentication will not
> happen within an EJB container, so no container managed transactions or
> container managed entity managers.
>
>> My understanding is that applications deal with transaction management
>> in a non container (non JTA) environment. Special consideration should
>> be given to the fact that entity managers are not thread safe.
>> http://docs.jboss.org/hibernate/orm/4.0/hem/en-US/html/transactions.html
>>
>
> This is what I'm trying to tell you and why I"m bringing this up in a
> "concurrent access" email thread.
>
> The servlet authentication layer should not care what the underlying
> Identity store is. But the JPA identity store needs to be able to
> create and destroy EntityManagers and entity manager transactions *per*
> access, depending on the settings. I only see code for initialization,
> ContextInitializer.
>
> I think this is all backwards. IDMF hides the SecurityContext, when,
> IMO, the SecurityContext should be exposed to the application, and
> closed by the application when it is finished.
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the security-dev
mailing list