3.4. Stereotypes
There is a set of recurring security concepts you will find in different applications such as:
-
Users -
Roles -
Groups -
User's Roles Relationship -
Users and Group Membership
Most applications use all or a set of these concepts in order to represent their users, roles, groups, how users are associated with roles and groups, etc. In PicketLink, those concepts are represented as Stereotypes.
As you might know, PicketLink provides a very extensible Identity Model from which you can extend in order to define your own representation for users, roles, groups, relationships between those entities and so forth. A Stereotype helps PicketLink to identify what a specific
IdentityType or Relationship type is.
There are two types of stereotypes:
-
Identity Stereotypes -
Relationship Stereotypes
A Stereotype is a very important concept in PicketLink Identity Management, specially when you need to customize it in order to provide your own and custom identity model. Some built-in features (eg.: credential validation, authorization, etc) are strongly based on those recurring concepts and helps PicketLink to fully integrate and recognize your custom identity model in order to reuse those features.
Important
Stereotypes don't imply you can't provide other representations for your own concepts. The Identity Model provided by PicketLink can helps you to represent anything you want. For example, in a typical mobile application you may want to represent user's devices as a specific identity type. So you can start applying security considering how user is accessing your application.
3.4.1. Identity Stereotypes
Identity Stereotypes represent those recurring concepts applied to a specific
IdentityType type. Let's take for an example the User type provided by the Basic Model:
@IdentityStereotype(USER) public class User extends Agent { }
Considering that the
User type represents users we need to annotate the class with the @IdentityStereotype(USER) annotation.
This annotations supports the following stereotypes:
-
USER- Should be used by identity types that represent an user. -
ROLE- Should be used by identity types that represent a role. -
GROUP- Should be used by identity types that represent a group.
Each stereotype has its own common set of properties. Those properties represent some specific information which is usually associated with a stereotype. For example, roles usually have a
name property from where we can get its name.
Stereotype properties are defined using the
StereotypeProperty annotation. It provides a set of values defining the properties for a specific stereotype.
@IdentityStereotype(ROLE) public class Role extends AbstractIdentityType { @AttributeProperty @StereotypeProperty(IDENTITY_ROLE_NAME) @Unique public String getName() { return this.name; } }
The code example above defines that the
name property of the Role type is related with the name of a role stereotype.