JBoss Community Archive (Read Only)

PicketLink

PicketLink IDM - Relationships (Users,Roles,Groups)

In this article, let us look at the way relationships can be formed between User, Role, Group instances etc.

This article assumes that you have initialized an IdentityManager according to the PicketLink IDM

Relationship between User and Role Instances

Add User to Role

IdentityManager identityManager = ...

SimpleUser user = new SimpleUser("someUser");

identityManager.add(user);
user.setEnabled(true);

identityManager.update(user);

SimpleRole role = new SimpleRole("someRole");

identityManager.add(role);

identityManager.grantRole(user, role);

Assert.assertTrue(identityManager.hasRole(user, role));

As you can see, we ask the IdentityManager to grant the role to the user instance.

Remove User from Role

In this example, we revoke the role "someRole" assigned to user "someUser". 

identityManager.revokeRole(someUser, someRole);

Relationship between User and Group Instances

Add User Instance to Group Instance

identityManager.addToGroup(someUser, someGroup);
assertTrue(identityManager.isMember(someUser, someGroup));

In this example, we have added an User Instance (someUser) to a Group Instance (someGroup).  We can then use the isMember method call on the IdentityManager to check whether the user is part of the group.

Remove User Instance from Group Instance.

identityManager.removeFromGroup(someUser, someGroup);
assertFalse(identityManager.isMember(someUser, someGroup));

In this example, we use the removeFromGroup method on the IdentityManager to remove the user from the group.

Relationship between User, Role and Group Instances

In the following example, we build relationships between an user, various roles and various groups. 

//Create User, Role and Group instances
User someUser;
Role managerRole;
Role developerRole;
Group salesGroup;
Group employeeGroup;


//Assign a manager role to someUser in the salesGroup        
identityManager.grantGroupRole(someUser, managerRole, salesGroup);


//Assign developer role to someUser in the employeeGroup
identityManager.grantGroupRole(someUser, developerRole, employeeGroup);

//Verify that someUser has manager role in sales group  and developer role in employee group
assertTrue(identityManager.hasGroupRole(someUser, managerRole, salesGroup));
assertTrue(identityManager.hasGroupRole(someUser, developerRole, employeeGroup)); 


//Check that someUser does not have developer role in the sales group
assertFalse(identityManager.hasGroupRole(someUser, developerRole, salesGroup));
JBoss.org Content Archive (Read Only), exported from JBoss Community Documentation Editor at 2020-03-11 12:19:15 UTC, last content change 2012-12-07 22:02:30 UTC.