During the authentication the UserContext can be populated with any additional information like roles, groups, attributes, etc. Usually these information will be retrieved from the Identity Manager using a specific Identity Store like databases, LDAP servers, etc.
That said, PicketBox provides a very simple interface called org.picketbox.core.identity.UserContextPopulator. This interfaces aims to provide a extension point where the user context can be populate before being marked as authenticated. By default, is used an implementation that automatically populates the user context with roles, groups and attributes using the configured Identity Manager/Store.
If you want to use the default implementation you don't need to provide any additional configuration when starting PicketBox.
But sometimes you may want to provide your own or customize any of the built-in implementations. For that, you just need to create a org.picketbox.core.identity.UserContextPopulator implementation and configure it as follows:
ConfigurationBuilder builder = new ConfigurationBuilder();
builder.identityManager().userPopulator(new UserContextPopulator() {
@Override
public UserContext getIdentity(UserContext authenticatedUserContext) {
List<Role> roles = new ArrayList<Role>();
roles.add(new SimpleRole("User Role"));
authenticatedUserContext.setRoles(roles);
return authenticatedUserContext;
}
});
The example above configures a custom user context populator that always set the "User Role" every time an user is being authenticated.