[security-dev] Creating additional entities in IDM
Pedro Igor Silva
psilva at redhat.com
Wed May 8 18:23:59 EDT 2013
Currently you can not provide a custom IdentityTypeHandler. But we can easily change the JPA store to make it more flexible and support that.
----- Original Message -----
From: "Shane Bryzak" <sbryzak at redhat.com>
To: security-dev at lists.jboss.org
Sent: Wednesday, May 8, 2013 7:11:09 PM
Subject: Re: [security-dev] Creating additional entities in IDM
I would do this by creating your own IdentityType implementation:
public class OrganizationUnit implements IdentityType
For representing the membership, I would create an
OrganizationUnitMembership relationship class:
public class OrganizationUnitMembership implements Relationship {
@IdentityProperty
private OrganizationUnit organizationUnit;
@IdentityProperty
private IdentityType member;
// getters and setters
}
Then you can use the IdentityManager add(), update() and remove()
methods to manage these. The IdentityStore implementation will need to
be extended to support the new IdentityType. Since you're using JPA,
you could possibly just implement your own IdentityTypeHandler (Pedro
can probably elaborate on this) to support the OrganizationUnit type,
and as for role membership you can probably just implement a method that
uses the Query API to test organization unit membership for a given
identity.
This use case would actually make an interesting quickstart example,
I'll create a JIRA feature request to track this.
On 09/05/13 05:31, Anil Arora wrote:
> One of our requirements is that we will need the notion of a OrganizationUnit, similar to an LDAP organizational unit. Essentially a more strict grouping (a group/user can only belong to one ou). Additionally, roles would be applicable to the OU in a similar way to groups, so that users within the org inherit the roles assigned to the OU.
>
> Are there any examples where we can augment the IDM model to support this case? We are using JPA as the persistence layer though.
>
> Thanks,
> Anil
> _______________________________________________
> security-dev mailing list
> security-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/security-dev
_______________________________________________
security-dev mailing list
security-dev at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/security-dev
More information about the security-dev
mailing list