[security-dev] Creating additional entities in IDM

Shane Bryzak sbryzak at redhat.com
Wed May 8 18:11:09 EDT 2013

I would do this by creating your own IdentityType implementation:

public class OrganizationUnit implements IdentityType

For representing the membership, I would create an 
OrganizationUnitMembership relationship class:

public class OrganizationUnitMembership implements Relationship {
     private OrganizationUnit organizationUnit;

     private IdentityType member;

     // getters and setters

Then you can use the IdentityManager add(), update() and remove() 
methods to manage these.  The IdentityStore implementation will need to 
be extended to support the new IdentityType.  Since you're using JPA, 
you could possibly just implement your own IdentityTypeHandler (Pedro 
can probably elaborate on this) to support the OrganizationUnit type, 
and as for role membership you can probably just implement a method that 
uses the Query API to test organization unit membership for a given 

This use case would actually make an interesting quickstart example, 
I'll create a JIRA feature request to track this.

On 09/05/13 05:31, Anil Arora wrote:
> One of our requirements is that we will need the notion of a OrganizationUnit, similar to an LDAP organizational unit.   Essentially a more strict grouping (a group/user can only belong to one ou).  Additionally, roles would be applicable to the OU in a similar way to groups, so that users within the org inherit the roles assigned to the OU.
> Are there any examples where we can augment the IDM model to support this case?  We are using JPA as the persistence layer though.
> Thanks,
> Anil
> _______________________________________________
> security-dev mailing list
> security-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/security-dev

More information about the security-dev mailing list