4 Replies Latest reply on Mar 26, 2014 4:23 PM by noamichael

    Is there an easy way to find IdentityTypes by role?


      I am writing a page which manages users. I have a selectOneRadioButton on the page which allows the user to update the dataTable of current accounts. Upon selection, I update the DataModel of accounts in my backing bean. The issue is that I can't seem to find an easy way to get a list of users based on their role. Right now, I'm doing a very inefficiency query:


      RelationshipQuery<Grant> query = relationshipManager.createRelationshipQuery(Grant.class);

              List<Grant> grants = query.setParameter(GroupRole.ROLE, role).getResultList();

              //Returns all of the grants for the current role. I then iterate through them and pull out the assignees...

              List<User> usersWithRole = new ArrayList();

              for (Grant g : grants) {

                  if (g.getAssignee() instanceof User) {

                      usersWithRole.add((User) g.getAssignee());//Gets all of the users for the grants. Not the best option, but it works for now.




      It would be nice if there was a single method of simply retrieving all the users based on their role, or group, or permissions. Any thoughts?

        • 1. Re: Is there an easy way to find IdentityTypes by role?

          I'm also facing the problem with custom queries when trying to implement a autocomplete search for users. I'm using primefaces autocomplete component, and it's taking in a list of my custom user types. The only way to do this is use my own entity manager to get the results. My query is basically "SELECT U FROM CustomUserEntity U where U.loginName LIKE :loginName %". This will return a list of user entities just fine, but I'd like to use them with the Identity Manager so they must be CustomUser.class Objects. This means I have to iterate over the list of entities and convert them into the POJO CustomUser class:

          for(CustomUserEntity User: query.getResultsList()){
               userList.add(new CustomUser(user.loginName, user.firstName...etc));


          This works, but it terribly inefficient. It would be awesome if there was another way.

          • 2. Re: Is there an easy way to find IdentityTypes by role?

            Hi Machael,


                 What you did is fine. Currently, this is the solution you should use to get the assignees for a given role. You can use something similar to also get the members of a Group.


                 FYI, You can also get all relationships for a given IdentityType by using the Relationship.IDENTITY parameter.


                 The only issue I can see in this solution is that you probably want only the id and loginName from the User, but PicketLink is loading all data for each User. But once we get the cache done, I think this would not be a problem anymore.


                 Is this impacting the performance of your application ?



            • 3. Re: Is there an easy way to find IdentityTypes by role?

              Hi Michael,


                  Queries based on string fields (like loginName) are not considering patterns, but matching the exact value. I think we need to support that OOTB. Your use case makes a lot of sense.


                  We can probably provide some additional configuration to the Query API so you can specify how a specific field should be matched.


                  Can you open a JIRA ?


              Thanks !

              • 4. Re: Is there an easy way to find IdentityTypes by role?

                If this is the only way to preform the query, then I am completely okay with it. I submitted a JIRA for the other issue of creating queries with partial Strings or a pattern here.


                Thanks for the reply!