3 Replies Latest reply on Feb 4, 2011 1:05 PM by Kevin Merritt

    Identity Management and confusion about @RoleGroups

    Leandro Hermida Newbie

      Hello,


      After reading the documentation on Identity Management the annotation @RoleGroups has me a bit confused as to what conceptually it is supposed to annotate.  In the definition it says:



      This annotation marks the field or method containing the group memberships of the role.

      Where here it seems that @RoleGroups are supposed to annotate the relationship of the role to group of users which have this role.


      And in the coding examples it shows:


      @RoleGroups
      @ManyToMany(targetEntity = Role.class)
      @JoinTable(name = "RoleGroups", 
          joinColumns = @JoinColumn(name = "RoleId"),
          inverseJoinColumns = @JoinColumn(name = "GroupId"))
      public Set<Role> getGroups() { return groups; }
      public void setGroups(Set<Role> groups) { this.groups = groups; }    
      



      Where it seems that @RoleGroups is should annotatet a group of other roles.


      In my data model I have a Group entity bean which represents a group of users so this is why I am confused.  What is @RoleGroups supposed to annotate?


      Leandro

        • 1. Re: Identity Management and confusion about @RoleGroups
          Shane Bryzak Master

          Role groups are simply groups of roles, they allow roles to become members of other roles.  For example, if your application requires a superuser role that should have all the privileges of the user role plus some extra higher level privileges, then you could use a role group for this (i.e. make superuser a member of the user group).

          • 2. Re: Identity Management and confusion about @RoleGroups
            Leandro Hermida Newbie

            Thanks Shane, now it's clear.  I will use 2.1.0.CR1 now!

            • 3. Re: Identity Management and confusion about @RoleGroups
              Kevin Merritt Newbie

              I realize this post if old, but I had a hard time getting the @RoleGroups to work properly when using Seam Identity Management.  Based on the documentation, I had assumed that a certain role object, contains a list of groups to which it is a member.  For Example, something like this:




              admin (my role) is a member of:
                getGroups -->
                 MasterAdminGroup
                 AdminGroup
              
              user (another role) is a member of:
                getGroups -->
                 MasterAdminGroup
                 AdminGroup
                 UserGroup





              Essentially, the roles contain the list of their groups.  However, when I set it up that way and called identityManager.getImpliedRoles('myuser') is only would show the group MasterAdminGroup that my user was linked to.


              I then set it up so that each group contained a list of it's roles:




              MasterAdminGroup (my role group) contains:
                getGroups ->
                 master
                 admin
                 user
              
              AdminGroup (another role group) contains:
                getGroups ->
                 admin
                 user






              This seemed to work perfectly.


              Possibly I am confusing things, but in my opinion is not clear based on the documentation. It seems to me a role group contains a list of it's implied roles and not visa versa. Perhaps it should read:




                @RoleGroups
                @ManyToMany(targetEntity = Role.class)
                @JoinTable(name = "RoleGroups", 
                  joinColumns = @JoinColumn(name = "RoleId"),
                  inverseJoinColumns = @JoinColumn(name = "GroupId"))
                public Set<Role> getRoles() { return roles; }
                public void setRoles(Set<Role> roles) { this.roles = roles; }





              Please correct me if I am wrong, but otherwise I hope this helps someone else who may be confused by this.