JBoss.orgCommunity Documentation
HibernateIdentityStoreImpl maps PicketLink IDM SPI model into Hibernate entities. This enables to use any RDBMS supported by Hibernate as identity persistence store (IdentityStore). Because of flexibility that ORM gives this IdentityStore implementation support all of the optional design concepts like role management. It can be used as the default IdentityStore together with other more limited implementations. For example in combination with LDAP IdentityStore it can handle IdentityObject attributes that are not supported in LDAP schema. In such configuration part of IdentityObject profile will be stored in LDAP and part in relational database. To learn more about such setup please read FallbackIdentityStoreRepository documentation. In current version implementation doesn't have any caching mechanism besides of what can be set in hibernate configuration
hibernateConfiguration - the hibernate configuration file that will be used to create SessionFactory
hibernateSessionFactoryJNDIName - JNDI name of hibernate SessionFactory that will be used to obtain it
hibernateSessionFactoryRegistryName - name of hibernate SessionFactory placed in the IdentityConfigurationRegistry that will be used to obtain it
addHibernateMappings - of set to true all annotated hibernate model classes will be added to the hibernate configuration before SessionFactory is created
populateRelationshipTypes - true/false - Populate configured <supported-relationship-types> (IdentityObjectRelationshipType in SPI model) during IdentityStore initialization. Default value is 'false'
populateIdentityObjectTypes - true/false - Populate configured <supported-identity-object-types> (IdentityObjectType in SPI model) during IdentityStore initialization. Default value is 'false'
allowNotDefinedAttributes - true/false - Allow to set IdentityObject attributes that are not specified in <identity-object-type> configuration. Such attributes are assumed to have "text" type and many values. Default value is 'false'.
isRealmAware - true/false - If set to true HibernateIdentityStoreImpl will create separate namespaces for different Realms from which method invocations come. This means that each IdentityObject, IdentityObjectRelationship and IdentityObjectRelationshipName will be connected and only accessible with a realm name in which it was created. Entities representing IdentityObjectType, IdentityObjectCredentialType and IdentityObjectRelationshipType are always same for all realms and not affected with this option. Default value is 'false'.
manageTransactionDuringBootstrap - true/false - indicate that transactions should be managed manually during store bootstrap when initial entities are created.
allowNotDefinedIdentityObjectTypes - true/false - indicate that store won't check for a given IdentityObjectType configuration and if one is not specified it will be just lazily created. This option enables to have minimal xml config without definition of all constraints in relationship between types.
<identity-store>
<id>Hibernate Identity Store</id>
<class>org.picketlink.idm.impl.store.hibernate.HibernateIdentityStoreImpl</class>
<external-config/>
<supported-relationship-types>
<relationship-type>JBOSS_IDENTITY_MEMBERSHIP</relationship-type>
<relationship-type>JBOSS_IDENTITY_ROLE</relationship-type>
</supported-relationship-types>
<supported-identity-object-types>
<identity-object-type>
<name>IDENTITY</name>
<relationships/>
<credentials>
<credential-type>PASSWORD</credential-type>
</credentials>
<attributes>
<attribute>
<name>user.name.given</name>
<mapping>user.name.given</mapping>
<type>text</type>
<isRequired>false</isRequired>
<isMultivalued>false</isMultivalued>
<isReadOnly>false</isReadOnly>
</attribute>
<attribute>
<name>picture</name>
<mapping>user.picture</mapping>
<type>binary</type>
<isRequired>false</isRequired>
<isMultivalued>false</isMultivalued>
<isReadOnly>false</isReadOnly>
</attribute>
</attributes>
<options/>
</identity-object-type>
<identity-object-type>
<name>ORGANIZATION</name>
<relationships>
<relationship>
<relationship-type-ref>JBOSS_IDENTITY_MEMBERSHIP</relationship-type-ref>
<identity-object-type-ref>IDENTITY</identity-object-type-ref>
</relationship>
<relationship>
<relationship-type-ref>JBOSS_IDENTITY_MEMBERSHIP</relationship-type-ref>
<identity-object-type-ref>ORGANIZATION</identity-object-type-ref>
</relationship>
<relationship>
<relationship-type-ref>JBOSS_IDENTITY_ROLE</relationship-type-ref>
<identity-object-type-ref>IDENTITY</identity-object-type-ref>
</relationship>
</relationships>
<credentials/>
<attributes/>
<options/>
</identity-object-type>
</supported-identity-object-types>
<options>
<option>
<name>hibernateConfiguration</name>
<value>hibernate-jboss-identity.cfg.xml</value>
</option>
<option>
<name>populateRelationshipTypes</name>
<value>true</value>
</option>
<option>
<name>populateIdentityObjectTypes</name>
<value>true</value>
</option>
<option>
<name>allowNotDefinedAttributes</name>
<value>true</value>
</option>
<option>
<name>isRealmAware</name>
<value>true</value>
</option>
<option>
<name>allowNotDefinedAttributes</name>
<value>true</value>
</option>
</options>
</identity-store>
In case 'addHibernateMappings' option is not set to true hibernate configuration need to list all annotated model classes:
<mapping resource="mappings/HibernateRealm.hbm.xml"/>
<mapping resource="mappings/HibernateIdentityObjectCredentialBinaryValue.hbm.xml"/>
<mapping resource="mappings/HibernateIdentityObjectAttributeBinaryValue.hbm.xml"/>
<mapping resource="mappings/HibernateIdentityObject.hbm.xml"/>
<mapping resource="mappings/HibernateIdentityObjectCredential.hbm.xml"/>
<mapping resource="mappings/HibernateIdentityObjectCredentialType.hbm.xml"/>
<mapping resource="mappings/HibernateIdentityObjectAttribute.hbm.xml"/>
<mapping resource="mappings/HibernateIdentityObjectType.hbm.xml"/>
<mapping resource="mappings/HibernateIdentityObjectRelationship.hbm.xml"/>
<mapping resource="mappings/HibernateIdentityObjectRelationshipType.hbm.xml"/>
<mapping resource="mappings/HibernateIdentityObjectRelationshipName.hbm.xml"/>