We have so far discussed users and groups separately, so let's start working on assigning users to existing groups available in the portal.
It's very important in a user domain to create a group model that can be used not only for managing users, but also for associating permissions in an easy way.
It's good practice to create a group model for associating permissions to groups. In this way, the group is also used as an authority. This means that our work for the permission model becomes very simple for managing permissions.
Sometimes it is not possible to create a unique group model due to specific requirements that you may have for certain domains. For instance, you could retrieve information about groups from an existing LDAP or another user storage that was based on a different permissions mechanism compared to the one provided in GateIn.
Finally, you could have a different tree structure on a specific LDAP1 and another one on a potential LDAP2. If you are in this situation it could be useful to create a new LDAP storage based on a merge of the existing LDAP1 and LDAP2. In this way you can create a new and unique tree for managing the portal permissions.
We will see how to manage members in some groups related to the Financials portal.
In order to add a new user as a member of the Customer Care group, follow these steps:
- Click on Group | Organization | Users and groups management.
- Click on Group Management.
- Select the Financials group from the Groups panel.
- Expand the Financials group, if it is not already expanded.
- Select the Customer Care group.
- As you have seen before in this chapter, on the right you have the following two panels:
- Group Info: Shows all the member of the current group
- Add member: Allows you to add new members to the group
- We want to add John in the Customer Care group with a Manager role. Therefore, in the Add member panel, type
johnin the Username field. - Select Manager in the Membership list.
- Click on Save.
GateIn is based on a set of services for managing all the components dedicated for storing information. The Organization Service is one of the services of the GateIn API and it is hidden by some administration portlets using a friendly user interface as shown in the previous recipe.
The association engine behind the Organization Service is managed by a web interface provided by GateIn for adding and removing members from groups.
This operation is needed to allow any user to be enabled to read or manipulate pages inside the portal. This because each operation inside the portal is allowed only for specific groups that are defined in the security model.
If you want to remove a membership from a group, you have to follow these steps:
- Click on Group | Organization | Users and groups management.
- Click on Group Management.
- Select the group that contains the membership you want to remove.
- Identify the specific membership in the Group Info panel.
- Click on the trash icon.
- Click on OK in the confirmation alert to finally remove the membership from the selected group.
Notice that this is an alternative way to remove a membership of a user; we have discussed this in a previous recipe in this chapter.
The Organization Service is the core for the identity management in GateIn. Thanks to this service we can manage users, roles, and memberships. The service manages its internal logic through an identity manager that we can choose in its configuration file.
Each portal application in GateIn must have its own configuration file for the Organization Service. The organization is the handling of users, groups, memberships, and profiles. In this folder (WEB-INF/conf/organization) we can decide for example where to take the users, or how to store the user passwords. We can also plug in custom business logic against the creation of users, groups, and memberships.
The configuration is usually declared in the <PORTAL_WAR_ROOT>/WEB-INF/conf/configuration.xml file. The default configuration provided in GateIn is the following code:
….. <import>war:/conf/organization/idm-configuration.xml</import> ……. <import>war:/conf/organization/organization-configuration.xml</import>
The first row represents the type of the organization. By default, GateIn uses the JBoss IDM manager called PicketLink.
The second row is a set of generic configurations and we always suggest taking a look at it in the Organization Framework.
Note
The Organization Framework is the main framework used to configure the Organization Service. For more details about it, please see: http://docs.jboss.com/gatein/portal/3.2.0.Final/reference-guide/en-US/html/chap-Reference_Guide-Authentication_And_Identity.html
Therefore, it is enough to choose the correct file to decide what product or technology the organization framework must use. Here we list all available configurations, where each configuration file is named by a suffix –configuration.xml:
- IDM
- Active Directory
- Hibernate
- InstallCS
- JDBC
- LDAP
The following recipes will show some custom operations in the organization making use of the configuration files.