3.6. Partition Management
PicketLink has been designed from the ground up to support a system of partitioning, allowing the identity objects it manages to be separated into logical groupings. Partitions may be used to split identities into separate realms, allowing an application to serve multiple organisations (for example in a SaaS architecture) or to support a multi-tier application allowing each tier to define its own set of identity objects (such as groups or roles). PicketLink's architecture also allows you to define your own custom partition types, allowing more complex use cases to be supported.
The
PartitionManager interface provides the following methods for managing partitions:
public interface PartitionManager extends Serializable { <T extends Partition> T getPartition(Class<T> partitionClass, String name); <T extends Partition> List<T> getPartitions(Class<T> partitionClass); <T extends Partition> T lookupById(final Class<T> partitionClass, String id); void add(Partition partition); void add(Partition partition, String configurationName); void update(Partition partition); void remove(Partition partition); }
To create a new
Partition object you may use either of the add() methods. If a configurationName parameter value isn't provided (see Chapter 7, Identity Management - Configuration for more information), then the newly created Partition will use the default configuration.
// Create a new Realm partition called "acme" partitionManager.add(new Realm("acme"));
// Create a new Tier partition called "sales" using the named configuration "companyAD" partitionManager.add(new Tier("sales"), "companyAD");
Each new
Partition object created will be automatically assigned a unique identifier value, which can be accessed via its getId() method:
Realm realm = new Realm("acme"); partitionManager.add(realm); String partitionId = realm.getId();
Partitions may be retrieved using either their name or their unique identifier value. Both methods require the exact partition class to be provided as a parameter:
Realm realm = partitionManager.getPartition(Realm.class, "acme"); Tier tier = partitionManager.lookupById(Tier.class, tierId);
It is also possible to retrieve all partitions for a given partition class. In this case you can retrieve all partitions for a given type or all of them:
List<Realm> realms = partitionManager.getPartitions(Realm.class); List<Partition> allPartitions = partitionManager.getPartitions(Partition.class);
Since
Partition objects all implement the AttributedType interface, it is also possible to set arbitrary attribute values:
realm.setAttribute(new Attribute<Date>("created", new Date()));
After making changes to an existing
Partition object, the update() method may be used to persist those changes:
partitionManager.update(realm);
A
Partition object may also be removed with the remove() method:
Warning
Removing a
Partition object is permanent, and will also remove all identity objects that exist within that partition!
partitionManager.remove(realm);
3.6.1. Creating Custom Partitions
Creating a custom partition type is extremely simple. PicketLink provides an abstract base class called
AbstractPartition (see above) which makes creating a custom partition class a trivial exercise - simply extend the AbstractPartition class and then add any additional property getter/setter methods that you might require. Let's take a look at the built-in Realm class to see how little code it requires to create a custom partition:
@IdentityPartition(supportedTypes = {IdentityType.class}) public class Realm extends AbstractPartition { public Realm() { super(null); } public Realm(String name) { super(name); } }
The
@IdentityPartition annotation must be present on the partition class - the supportedTypes member is used to configure which identity types may be stored in this partition. Any identity object (or subclass) specified by supportedTypes is valid. There is also a unsupportedTypes member which may be used to specify identity types which may not be stored in the partition. This value can be used to trim unsupported classes (and their subclasses) off the supportedTypes.