3.2. Getting Started - The 5 Minute Guide

Prev
PicketLink Reference Documentation
Next

⁠3.2. Getting Started - The 5 Minute Guide

If you'd like to get up and running with IDM quickly, the good news is that PicketLink will provide a default configuration that stores your identity data on the file system if no other configuration is available. This means that if you have the PicketLink libraries in your project, you can simply inject the PartitionManager, IdentityManager or RelationshipManager beans into your own application and start using them immediately:

@Inject PartitionManager partitionManager;
@Inject IdentityManager identityManager;
@Inject RelationshipManager relationshipManager;

Once you have injected an IdentityManager you can begin creating users, groups and roles for your application:

Note

The following code examples make use of the classes provided as part of the basic identity model - see Chapter 5, Identity Management - Basic Identity Model for more information.

User user = new User("jdoe");
user.setFirstName("Jane");
user.setLastName("Doe");
identityManager.add(user);

Group group = new Group("employees");
identityManager.add(group);

Role admin = new Role("admin");
identityManager.add(admin);

Use the RelationshipManager to create relationships, such as role assignments and group memberships:

// Grant the admin role to the user
relationshipManager.add(new Grant(user, admin));

// Add the user to the employees group
relationshipManager.add(new GroupMembership(user, group));

The static methods provided by the org.picketlink.idm.model.basic.BasicModel class are based on the basic identity model and may be used to lookup various identity objects, or test whether certain relationships exist. These methods accept either an IdentityManager or RelationshipManager object as a parameter.

// Lookup the user by their username
User user = BasicModel.getUser(identityManager, "jdoe");

// Test if the user has the admin role
boolean isAdmin = BasicModel.hasRole(relationshipManager, user, admin);

// Test if the user is a member of the employee group
boolean isEmployee = BasicModel.isMember(relationshipManager, user, group);

You can also use the IDM Query API to retrieve both identity types and relationships from the underlying identity stores. Actually, the static methods from BasicModel are just wrappers to simplify some very common use cases.

// Lookup the user by their username
IdentityQueryBuilder queryBuilder = identityManager.getQueryBuilder();
List<User> users = queryBuilder
    .createIdentityQuery(User.class)
    .where(
        queryBuilder.equal(User.LOGIN_NAME, loginName)
    )
    .getResultList();

User user = agents.get(0);

// Test if the user has the admin role
RelationshipQuery<Grant> relationshipQuery = relationshipManager.createRelationshipQuery(Grant.class);

relationshipQuery.setParameter(Grant.ASSIGNEE, user);
relationshipQuery.setParameter(Grant.ROLE, admin);

boolean hasRole = !relationshipQuery.getResultList().isEmpty();

Report a bug