[security-dev] query role mappings of a particular partition

Pedro Igor Silva psilva at redhat.com
Mon Jun 24 10:15:27 EDT 2013

----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: security-dev at lists.jboss.org
> Sent: Monday, June 24, 2013 9:21:18 AM
> Subject: [security-dev] query role mappings of a particular partition
> If I have Users defined in one partition (a realm) and roles defined in
> another partition (Tier), how do I:
> * grant a tier role to a realm user?

    Is just a matter of creating/loading a role for a specific Tier and use IM.grantRole(user, role). You can check if an user has a specific role by using IM.hasRole method.

    We have some test cases for that.

> * query grants of a user for a specific tier?

    You can use the Query API for that. Something like this:

        // here we create an IM for a specific Tier
        IdentityManager applicationA = getIdentityManagerFactory().createIdentityManager(new Tier("Application A");
        IdentityQuery<Role> query = applicationA.createIdentityQuery(Role.class);

        // query all roles associated with user
        query.setParameter(Role.ROLE_OF, user);

        List<Role> result = query.getResultList();


        RelationshipQuery<Grant> relationshipQuery = identityManager.createRelationshipQuery(Grant.class);

        relationshipQuery.setParameter(Grant.ASSIGNEE, user);

        List<Grant> resultList = relationshipQuery.getResultList();        

> I guess I have to query for all the Grants for a particular user, then
> filter them out based on the Role's partition?
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> security-dev mailing list
> security-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/security-dev

More information about the security-dev mailing list