3.6. Creating Custom Relationships
One of the strengths of PicketLink is its ability to support custom relationship types. This extensibility allows you, the developer to create specific relationship types between two or more identities to address the domain-specific requirements of your own application.
Note
Please note that custom relationship types are not supported by all
IdentityStore
implementations - see the Identity Store section for more information.
To create a custom relationship type, we start by creating a new class that implements the
Relationship
interface. To save time, we also extend the AbstractAttributedType
abstract class which takes care of the identifier and attribute management methods for us:
public class Authorization extends AbstractAttributedType implements Relationship { }
The next step is to define which identities participate in the relationship. Once we create our identity property methods, we also need to annotate them with the
org.picketlink.idm.model.annotation.RelationshipIdentity
annotation. This is done by creating a property for each identity type.
private User user; private Application application; @RelationshipIdentity public User getUser() { return user; } public void setUser(User user) { this.user = user; } @RelationshipIdentity public Application getApplication() { return application; } public void setApplication(Application application) { this.application = application; }
We can also define some attribute properties, using the
@RelationshipAttribute
annotation:
private String accessToken; @RelationshipAttribute public String getAccessToken() { return accessToken; } public void setAccessToken(String accessToken) { this.accessToken = accessToken; }
The code above is a good example on how to authorize users to applications. You may also notice that you can even authorize access based on a given access token. Actually, you can have any property in your relationship types and support more fine-grained access control policies.