4.6. Validating Credentials for Custom Account Types
The built-in credential types use the
Account types provided by the Basic Model when validating or updating credentials. That said, only the following types can be used with the built-in credential types, by default:
-
org.picketlink.idm.model.basic.Agent -
org.picketlink.idm.model.basic.User
These are the
Account types provided by the Basic Model.
As previously discussed, PicketLink provides a very flexible Identity Model, from which you can build your own model with your own types. You may decide to use none of these
Account types and use your own to better represent your users.
Let's say you have a custom
Account type called MyUser. Which may look like this:
@IdentityStereotype(USER) public class MyUser extends AbstractIdentityType implements Account { @AttributeProperty @Unique @StereotypeProperty(IDENTITY_USER_NAME) private String loginName; // getters and setters }
If you try to update or validate a password-based credential (which is one of the built-in types) using this type, PicketLink will not be able to perform these operations because this type is not known.
To let PicketLink aware about your custom
Account types you must provide them during the configuration as follows:
IdentityConfigurationBuilder builder = event.getConfig(); builder .named("default.config") .stores() .jpa() .supportType(MyUser.class)
You may notice that
MyUser is annotated with @IdentityStereotype(USER) and also defines a loginName property annotated with @StereotypeProperty(IDENTITY_USER_NAME) to represent the user name. Those annotations are important to tell PicketLink that your type represents an user and the loginName property is used to store his name. The latter is going to be used to retrieve the account from the underlying stores when updating or validating credentials.