3.2. Getting Started - The 5 Minute Guide
If you'd like to get up and running with IDM quickly, the good news is that PicketLink will provide a default configuration that stores your identity data on the file system if no other configuration is available. This means that if you have the PicketLink libraries in your project, you can simply inject the
PartitionManager
, IdentityManager
or RelationshipManager
beans into your own application and start using them immediately:
@Inject PartitionManager partitionManager; @Inject IdentityManager identityManager; @Inject RelationshipManager relationshipManager;
Once you have injected an
IdentityManager
you can begin creating users, groups and roles for your application:
Note
The following code examples make use of the classes provided as part of the basic identity model - see Chapter 5, Identity Management - Basic Identity Model for more information.
User user = new User("jdoe"); user.setFirstName("Jane"); user.setLastName("Doe"); identityManager.add(user); Group group = new Group("employees"); identityManager.add(group); Role admin = new Role("admin"); identityManager.add(admin);
Use the
RelationshipManager
to create relationships, such as role assignments and group memberships:
// Grant the admin role to the user relationshipManager.add(new Grant(user, admin)); // Add the user to the employees group relationshipManager.add(new GroupMembership(user, group));
The static methods provided by the
org.picketlink.idm.model.basic.BasicModel
class are based on the basic identity model and may be used to lookup various identity objects, or test whether certain relationships exist. These methods accept either an IdentityManager
or RelationshipManager
object as a parameter.
// Lookup the user by their username User user = BasicModel.getUser(identityManager, "jdoe"); // Test if the user has the admin role boolean isAdmin = BasicModel.hasRole(relationshipManager, user, admin); // Test if the user is a member of the employee group boolean isEmployee = BasicModel.isMember(relationshipManager, user, group);
You can also use the IDM Query API to retrieve both identity types and relationships from the underlying identity stores. Actually, the static methods from
BasicModel
are just wrappers to simplify some very common use cases.
// Lookup the user by their username IdentityQueryBuilder queryBuilder = identityManager.getQueryBuilder(); List<User> users = queryBuilder .createIdentityQuery(User.class) .where( queryBuilder.equal(User.LOGIN_NAME, loginName) ) .getResultList(); User user = agents.get(0); // Test if the user has the admin role RelationshipQuery<Grant> relationshipQuery = relationshipManager.createRelationshipQuery(Grant.class); relationshipQuery.setParameter(Grant.ASSIGNEE, user); relationshipQuery.setParameter(Grant.ROLE, admin); boolean hasRole = !relationshipQuery.getResultList().isEmpty();