Forums

Home » Liferay Portal » English » 3. Development

Combination View Flat View Tree View
Threads [ Previous | Next ]
toggle
Sudheer Chekka
External User Roles
July 31, 2008 9:59 AM
Answer

Sudheer Chekka

Rank: New Member

Posts: 13

Join Date: July 1, 2008

Recent Posts

Hi,

I am trying to understand when are the user roles loaded from the database after a user signs into the portal.
I would like to integrate our company's Identity Management System (where user roles are maintained) into the liferay portal.

Any pointers will be great!

Thanks,
Sudheer.
Justen L Britain
RE: External User Roles
July 31, 2008 11:08 AM
Answer

Justen L Britain

Rank: Junior Member

Posts: 39

Join Date: January 16, 2007

Recent Posts

Hello,

I have no good information about the Role system as it pertains to how it works, but what I can tell you is there are a number of functions in the UserServiceUtil, UserLocalServiceUtil, UserService, and UserLocalService classes that verify, add, and remove users from Roles. From my experience with the Liferay model I dont' think there is a specific place where the user Roles are loaded, though the jedi can correct me if I am wrong. I believe that it is the responsibility of the portlet to check the users Roles if that portlet only allows certain Roles. I would say your best bet is to edit the proper service class and use the service builder to rebuild the classes and interfaces so you can properly access that functionality through the Liferay API. If you are not familiar with the service builder system the Liferay Wikihas some great information in it. Hope this helps.

~Justen
Sudheer Chekka
RE: External User Roles
July 31, 2008 11:43 AM
Answer

Sudheer Chekka

Rank: New Member

Posts: 13

Join Date: July 1, 2008

Recent Posts

Thanks Justen. Are there any design patterns for integrating the portal with an external user role management system??


Is it a good idea sync. the liferay roles with my external user management system? Or is there a better way of integration ?

Thanks,
Sudheer.
Justen L Britain
RE: External User Roles
July 31, 2008 12:36 PM
Answer

Justen L Britain

Rank: Junior Member

Posts: 39

Join Date: January 16, 2007

Recent Posts

Sudheer,

Again my experience with the Role system is fairly limited but if you take a look at com.liferay.portal.model.impl.RoleImpl.java in the LR source you can see that a Role is really a glorified string. All of my interaction with Roles has been through the JSR-168 platform, which is pretty simple you simply ask the request if the user is in the role:
1
2request.isUserInRole("RoleNameGoesHere");


The code above will return true or false if the user is in the role or not. It is the responsibility of the Portal to determine if a user is in a specified Role or not but what I have seen is typically a List<String> will be created with all of the specified users Roles in it as Strings, then a String comparison is done on each if one matches it returns true otherwise false. So it depends on what you mean by "Sync". If you mean “Sync” as in duplicate your roles in LR programmatically that will involve different code then if you mean “Sync” as in check LR Roles first and the roles stored in your UMS or if you mean “Sync” as in update the Role-to-User relationships automatically based off of your UMS.

Here is what I suggest. If you are trying to allow user to access certain parts of the web site or content based on the Roles that you have already established in your UMS then I would do as I mentioned above and put code in the appropriate service class(es) that will first check the LR Roles and if that comes back false then proceed try to verify the user in the Roles on your UMS. But if you are trying to get more functionality than just if the user is or isn't in a Role out of the system then I have no advice because you will have to build proprietary portlet(s) with the LR API to work with LR because JSR-168 doesn't offer any other functionality then what I mentioned above. Also the amount of integration to get LR to work with your Roles for more then just verifying if a user is in one would be fairly significant and involve areas of the LR code I am not familiar with. I hope that is helpful.

~Justen