I am just placing some rough thoughts on how the api should look for the IDM component. Just some ideas. Nothing concrete.:)
Pseudocode:
Get the Session:
IdentityStore store = //configure the store via simpler means either simple xml or api calls
IdentitySession session = store.getSession();
User/Role/Group Mappings
//Construct user/role/group mappings [You can term it identity if you want]
Identity user = createIdentity(Type.USER);
user.setAttribute("name", "anil");
user.setAttribute("age", 13);
Identity role = createIdentity(Type.ROLE);
role.setAttribute("name", "goodrole");
user.addAttribute("roles", role); //User has the role
Identity group = createIdentity(Type.GROUP);
group.setAttribute("name", "mygroup");
group.addMember(role);
Comments