Product SiteDocumentation Site

3.6. Creating Custom Relationships

One of the strengths of PicketLink is its ability to support custom relationship types. This extensibility allows you, the developer to create specific relationship types between two or more identities to address the domain-specific requirements of your own application.


Please note that custom relationship types are not supported by all IdentityStore implementations - see the Identity Store section for more information.
To create a custom relationship type, we start by creating a new class that implements the Relationship interface. To save time, we also extend the AbstractAttributedType abstract class which takes care of the identifier and attribute management methods for us:
  public class Authorization extends AbstractAttributedType implements Relationship {
The next step is to define which identities participate in the relationship. Once we create our identity property methods, we also need to annotate them with the org.picketlink.idm.model.annotation.RelationshipIdentity annotation. This is done by creating a property for each identity type.
  private User user;
  private Application application;
  public User getUser() {
    return user;
  public void setUser(User user) {
    this.user = user;
  public Application getApplication() {
    return application;
  public void setApplication(Application application) {
    this.application = application;
We can also define some attribute properties, using the @RelationshipAttribute annotation:
  private String accessToken;
  public String getAccessToken() {
    return accessToken;
  public void setAccessToken(String accessToken) {
    this.accessToken = accessToken;
The code above is a good example on how to authorize users to applications. You may also notice that you can even authorize access based on a given access token. Actually, you can have any property in your relationship types and support more fine-grained access control policies.