PicketLink is an Application Security Framework for Java EE applications. It provides features for authenticating users, authorizing access to the business methods of your application, managing your application's users, groups, roles and permissions, plus much more. The following diagram presents a high level overview of the PicketLink modules.
The base module provides the integration framework required to use PicketLink within a Java EE application. It defines a flexible authentication API that allows pluggable authentication mechanisms to be easy configured, with a sensible default authentication policy that delegates to the identity management subsystem. It provides session-scoped authentication tracking for web applications and other session-capable clients, plus a customisable permissions SPI that supports a flexible range of authorization mechanisms for object-level security. It is also the "glue" that integrates all of the PicketLink modules together to provide a cohesive API.
The base module libraries are as follows:
-
picketlink-api- API for PicketLink's base module. -
picketlink-impl- Internal implementation classes for the base API.
The Identity Management module defines the base identity model; a collection of interfaces and classes that represent the identity constructs (such as users, groups and roles) used throughout PicketLink (see the Identity Management chapter for more details). As such, it is a required module and must always be included in any application deployments that use PicketLink for security. It also provides a uniform API for managing the identity objects within your application. The Identity Management module has been designed with minimal dependencies and may be used in a Java SE environment, however the recommended environment is Java EE in conjunction with the base module.
Libraries are as follows:
-
picketlink-idm-api- PicketLink's Identity Management (IDM) API. This library defines the Identity Model central to all of PicketLink, and all of the identity management-related interfaces. -
picketlink-idm-impl- Internal implementation classes for the IDM API.
PicketLink is licensed under the Apache License Version 2, the terms and conditions of which can be found at apache.org.
The PicketLink libraries are available from the Maven Central Repository. To use PicketLink in your Maven-based
project, it is recommended that you first define a version property for PicketLink in your project's
pom.xml file like so:
<properties>
<picketlink.version>2.5.1.Final</picketlink.version>
</properties>
For a typical application, it is suggested that you include the following PicketLink dependencies:
<dependencies>
<dependency>
<groupId>org.picketlink</groupId>
<artifactId>picketlink-api</artifactId>
<scope>compile</scope>
<version>${picketlink.version}</version>
</dependency>
<dependency>
<groupId>org.picketlink</groupId>
<artifactId>picketlink-impl</artifactId>
<scope>runtime</scope>
<version>${picketlink.version}</version>
</dependency>
The identity management library is a required dependency of the base module and so will be automatically included.
If you wish to use PicketLink's Identity Management features and want to include the default database schema (see the Identity Management chapter for more details) then configure the following dependency also:
<dependency>
<groupId>org.picketlink</groupId>
<artifactId>picketlink-idm-simple-schema</artifactId>
<version>${picketlink.version}</version>
</dependency>