feat: default IAM stores to filer for production-ready persistence

This change makes filer stores the default for all IAM components, requiring
explicit configuration only when different storage is needed.

### Changes Made:

#### Default Store Types Updated:
- STS Session Store: memory → filer (persistent sessions)
- Policy Engine: memory → filer (persistent policies)
- Role Store: memory → filer (persistent roles)

#### Code Updates:
- STSService: Default sessionStoreType now uses DefaultStoreType constant
- PolicyEngine: Default storeType changed to filer for persistence
- IAMManager: Default roleStore changed to filer for persistence
- Added DefaultStoreType constant for consistent configuration

#### Configuration Simplification:
- iam_config_distributed.json: Removed redundant filer specifications
- Only specify storeType when different from default (e.g. memory for testing)

### Benefits:
- Production-ready defaults with persistent storage
- Minimal configuration for standard deployments
- Clear intent: only specify when different from sensible defaults
- Backwards compatible: existing explicit configs continue to work
- Consistent with SeaweedFS distributed, persistent nature

test/s3/iam/iam_config_distributed.json

@@ -4,7 +4,6 @@
     "maxSessionLength": 43200000000000,
     "issuer": "seaweedfs-sts",
     "signingKey": "dGVzdC1zaWduaW5nLWtleS0zMi1jaGFyYWN0ZXJzLWxvbmc=",
-    "sessionStoreType": "filer",
     "providers": [
       {
         "name": "keycloak-oidc",
@@ -34,12 +33,9 @@
     ]
   },
   "policy": {
-    "defaultEffect": "Deny",
-    "storeType": "filer"
-  },
-  "roleStore": {
-    "storeType": "filer"
+    "defaultEffect": "Deny"
   },
+  "roleStore": {},
 
   "roles": [
     {

weed/iam/integration/iam_manager.go

@@ -111,15 +111,15 @@ func (m *IAMManager) Initialize(config *IAMConfig) error {
 // createRoleStore creates a role store based on configuration
 func (m *IAMManager) createRoleStore(config *RoleStoreConfig) (RoleStore, error) {
 	if config == nil {
-		// Default to memory role store
-		return NewMemoryRoleStore(), nil
+		// Default to filer role store
+		return NewFilerRoleStore(nil)
 	}
 
 	switch config.StoreType {
-	case "", "memory":
-		return NewMemoryRoleStore(), nil
-	case "filer":
+	case "", "filer":
 		return NewFilerRoleStore(config.StoreConfig)
+	case "memory":
+		return NewMemoryRoleStore(), nil
 	default:
 		return nil, fmt.Errorf("unsupported role store type: %s", config.StoreType)
 	}

weed/iam/policy/policy_engine.go

@@ -186,7 +186,7 @@ func (e *PolicyEngine) validateConfig(config *PolicyEngineConfig) error {
 	}
 
 	if config.StoreType == "" {
-		config.StoreType = "memory" // Default to memory store
+		config.StoreType = "filer" // Default to filer store for persistence
 	}
 
 	return nil

weed/iam/sts/constants.go

@@ -30,10 +30,11 @@ const (
 
 // Default Values
 const (
-	DefaultTokenDuration    = 3600  // 1 hour in seconds
-	DefaultMaxSessionLength = 43200 // 12 hours in seconds
-	DefaultIssuer          = "seaweedfs-sts"
-	MinSigningKeyLength    = 16 // Minimum signing key length in bytes
+	DefaultTokenDuration      = 3600          // 1 hour in seconds
+	DefaultMaxSessionLength   = 43200         // 12 hours in seconds
+	DefaultIssuer            = "seaweedfs-sts"
+	DefaultStoreType         = StoreTypeFiler // Default store type for persistence
+	MinSigningKeyLength      = 16             // Minimum signing key length in bytes
 )
 
 // Configuration Field Names

weed/iam/sts/sts_service.go

@@ -237,10 +237,10 @@ func (s *STSService) validateConfig(config *STSConfig) error {
 // createSessionStore creates a session store based on configuration
 func (s *STSService) createSessionStore(config *STSConfig) (SessionStore, error) {
 	switch config.SessionStoreType {
-	case "", StoreTypeMemory:
-		return NewMemorySessionStore(), nil
-	case StoreTypeFiler:
+	case "", DefaultStoreType:
 		return NewFilerSessionStore(config.SessionStoreConfig)
+	case StoreTypeMemory:
+		return NewMemorySessionStore(), nil
 	default:
 		return nil, fmt.Errorf(ErrUnsupportedStoreType, config.SessionStoreType)
 	}