6 Replies Latest reply on Aug 20, 2014 11:54 PM by sachindole

IdentityType and its id field - why only String? why not Long?

sachindole Aug 11, 2014 9:08 PM

Hello, only recently did I start working with picketlink. Documentation is great thank you!

My question is: Why doesn't the AttributedType define an id variable as it's unique identifier as a String? My existing database has ids as Long not String. Further: Is it necessary to use the IdentityType and AttributedType as the roots of my model? Those two classes define a bunch of things that I have no use for at the moment (although, I do not deny that those seem useful). It looks like the @IdentityPartition takes <? extends IdentityType> in its supportedTypes, so, am I stuck to using IdentityType in a custom partition? I am struggling to see the design rationale around this.

Thank you very much!

1. Re: IdentityType and its id field - why only String? why not Long?

noamichael Aug 11, 2014 9:33 PM (in response to sachindole)

It would appear that PicketLink uses UUID's to generate the unique ID for Identity Types. You can read more about them here.
Actions
2. Re: IdentityType and its id field - why only String? why not Long?

sachindole Aug 12, 2014 6:58 AM (in response to noamichael)

That's correct, but, I already have User, Group Entities in my database that require Long as the id. Not a String.
Actions
3. Re: IdentityType and its id field - why only String? why not Long?

sachindole Aug 12, 2014 7:50 PM (in response to sachindole)
I got around this, by adding a @OneToOne JPA relationship between my pre-existing domain objects for users to a new custom JPA entity that has a String @Id field. This means, my picket link IDM model will be completely distinct from my business domain object model. In theory, this is fine, because now, I can use this IDM model for an independent authentication service that I can use for all my apps. In practice, this is the only app I have and for my use case, this seems like a hard constraint that I must extend all Identity objects from AttributedTypeEntity which, in turn, forces me to use a @Id String id field.

I assume that here must be some type "Mapper" that lets me map one type used on the Identity model to another type used in the business domain object model. I probably just dont know about it and it probably is just not documented clearly.

I wanted to clarify my original post: Here is the code that I am scratching my head about:

public interface AttributedType extends Serializable {     /**     * Returns the unique identifier for this instance     * @return     */     String getId(); // THIS. Why should this force me to use id as String
And then to match that:

@Entity @Inheritance(strategy = InheritanceType.JOINED) public abstract class AttributedTypeEntity implements Serializable {     @Id     @Identifier     private String id; //THIS. all my ids are Longs.
Further, I cannot create a Partition unless I use the IdentityType (which is an AttributedType), because the "supportedTypes" parameter of the @IdentityPartition will only take sub classes of IdentityType.

I am sure I am missing something that is causing me to think that the PicketLink model is very restrictive.
Actions
4. Re: IdentityType and its id field - why only String? why not Long?

pcraveiro Aug 14, 2014 8:45 PM (in response to sachindole)

Hey Sachin,

    First of all, your initial thoughts about how to integrate an existing model (eg.: business) to a PicketLink Identity Model are right. As you stated, this design allows you to decouple security-related data from your business model, which in turn is referenced by the PicketLink Identity Model.

    There is a very simple example about how to create a custom Account type with a reference to a business entity called Person. Take a look here.

    When mapping your identity model you don't need to use the AttributedTypeEntity at all. All those entity classes from the picketlink-idm-simple-schema dependency are just a default mapping for our custom Basic Identity Model, which provides built-in representation for users, roles, groups and so forth.

    If you want another example about how to design a new custom identity model, please take a look at this quickstart. This code is based on the following guide.

    You'll see that in the example above, there is no AttributedTypeEntity. It is not mandatory, the one you mentioned is just an default implementation provided by PicketLink.

Best regards.
1 of 1 people found this helpful
Actions
5. Re: IdentityType and its id field - why only String? why not Long?

sachindole Aug 19, 2014 9:18 AM (in response to pcraveiro)

Thank you! I already made it work with an entity from the basic model so i am good for now.

If I remember correctly, if I did not use a String id field, hibernate croaked saying that id parameter is Long and a String was supplied. Maybe my setup was not right. For now, my IDM entities are separate from business entities and it all works just fine. i have another different problem that i am about to post for!
Actions
6. Re: IdentityType and its id field - why only String? why not Long?

sachindole Aug 20, 2014 11:54 PM (in response to pcraveiro)

Hi Pedro, I wanna revisit this. Those links you referred to - both of those use a string for their @Id/@Identifier field in the picketlink model. Its in the business model that it uses a Long @Id. This looks a lot like how I did mine. I still think picketlink requires an identity entity model that has columns from its base classes, these base classes require an id field of type string.

I guess I am ok with this because I might still be able to use picketlink for my purpose.
Actions

Go to original post