|
||||||||
|
This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira |
||||||||
|
||||||||
|
This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira |
||||||||
My ideas for implementing this (from my reply on security-dev):
I would do this by creating your own IdentityType implementation:
public class OrganizationUnit implements IdentityType
For representing the membership, I would create an
OrganizationUnitMembership relationship class:
public class OrganizationUnitMembership implements Relationship {
@IdentityProperty
private OrganizationUnit organizationUnit;
@IdentityProperty
private IdentityType member;
// getters and setters
}
Then you can use the IdentityManager add(), update() and remove()
methods to manage these. The IdentityStore implementation will need to
be extended to support the new IdentityType. Since you're using JPA,
you could possibly just implement your own IdentityTypeHandler (Pedro
can probably elaborate on this) to support the OrganizationUnit type,
and as for role membership you can probably just implement a method that
uses the Query API to test organization unit membership for a given
identity.