1 Reply Latest reply on Jun 5, 2008 5:04 AM by bdaw

Portal Identity Requirements

anil.saldhana May 19, 2008 10:25 AM

Currently the requirements are rough. Need to polish. Bolek will provide the updates as and when he processes the requirements.


(9:20:26 AM) boldaw: I will describe the design we discussed this week
(9:20:56 AM) boldaw: basically we thought about the simplest model
(9:21:10 AM) boldaw: so User - manyToMany - Group (with a type)
(9:21:44 AM) boldaw: and Group - manyToMany - Relationship (where relationship has From, To and Type)
(9:21:59 AM) boldaw: so the same entity (Group) can act as a JEE role or whatever
(9:22:14 AM) boldaw: and relationship can be mapped to LDAP tree (Relationship of type hierarchical)

1. Re: Portal Identity Requirements

bdaw Jun 5, 2008 5:04 AM (in response to anil.saldhana)
The initial document with Portal requirements and design ideas is here:

http://docs.google.com/View?docid=dfzsjmg9_9gjtzhtdd

I started playing with interfaces for the API and SPI a bit (mainly ideas - nothing complete...). They are here:

http://anonsvn.jboss.org/repos/portal/modules/identity/trunk/identity/src/main/java/org/jboss/portal/identity2/

The main concern about the API interfaces I see is where to put methods that update state. Like I wrote in the doc it can be either directly in the entity interfaces or in the common service class:

user.assignGroup(Group group); user.updateAttribute(String name, String[] values);

This is quite convenient but requires to attach reference to some context object to be able to delegate those methods calls. Another option is:

identityModule.assignGroup(User user, Group group); identityModule.updateAttribute(User user, String name, String[] values);

Less convenient but User and Group implementations can remain (more or less) plain POJOs

Another challenge I see in the design is about storing relationships between groups persisted in different stores. One solution is to just make one-to-one mapping between the GroupType and IdentityStore.
Actions