[security-dev] Creating additional entities in IDM

Shane Bryzak sbryzak at redhat.com
Wed May 8 19:06:12 EDT 2013


I've created the following JIRA issue for the quickstart:

https://issues.jboss.org/browse/JDF-319#comment-12773075

We can generate additional feature requests from this issue if we need 
to extend functionality.

On 09/05/13 08:23, Pedro Igor Silva wrote:
> Currently you can not provide a custom IdentityTypeHandler. But we can easily change the JPA store to make it more flexible and support that.
>
> ----- Original Message -----
> From: "Shane Bryzak" <sbryzak at redhat.com>
> To: security-dev at lists.jboss.org
> Sent: Wednesday, May 8, 2013 7:11:09 PM
> Subject: Re: [security-dev] Creating additional entities in IDM
>
> I would do this by creating your own IdentityType implementation:
>
> public class OrganizationUnit implements IdentityType
>
> For representing the membership, I would create an
> OrganizationUnitMembership relationship class:
>
> public class OrganizationUnitMembership implements Relationship {
>       @IdentityProperty
>       private OrganizationUnit organizationUnit;
>
>       @IdentityProperty
>       private IdentityType member;
>
>       // getters and setters
> }
>
> Then you can use the IdentityManager add(), update() and remove()
> methods to manage these.  The IdentityStore implementation will need to
> be extended to support the new IdentityType.  Since you're using JPA,
> you could possibly just implement your own IdentityTypeHandler (Pedro
> can probably elaborate on this) to support the OrganizationUnit type,
> and as for role membership you can probably just implement a method that
> uses the Query API to test organization unit membership for a given
> identity.
>
> This use case would actually make an interesting quickstart example,
> I'll create a JIRA feature request to track this.
>
> On 09/05/13 05:31, Anil Arora wrote:
>> One of our requirements is that we will need the notion of a OrganizationUnit, similar to an LDAP organizational unit.   Essentially a more strict grouping (a group/user can only belong to one ou).  Additionally, roles would be applicable to the OU in a similar way to groups, so that users within the org inherit the roles assigned to the OU.
>>
>> Are there any examples where we can augment the IDM model to support this case?  We are using JPA as the persistence layer though.
>>
>> Thanks,
>> Anil
>> _______________________________________________
>> security-dev mailing list
>> security-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/security-dev
> _______________________________________________
> security-dev mailing list
> security-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/security-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/security-dev/attachments/20130509/4fd74c45/attachment.html 


More information about the security-dev mailing list