Users and Groups
Institutional User Data
KFS uses KIM provided Person object as users, since there is no direct relationship between these databases relationships are defined in BO data dictionary files instead of OJB. Framework will use the relationship definition wherever reference information is required. For example when a lookup icon is shown next to accountFiscalOfficerUser field in Account maintenance document, reference information from DD is used to create the parameters for lookup.
<property name="relationships"> <list> <dd:relationship objectAttribute="accountFiscalOfficerUser"> <dd:primitiveAttribute source="accountFiscalOfficerSystemIdentifier" target="principalId"/> <dd:supportAttribute source="accountFiscalOfficerUser.principalName" target="principalName" identifier="true"/> <dd:supportAttribute source="accountFiscalOfficerUser.name" target="name"/> </dd:relationship> <dd:relationship objectAttribute="accountSupervisoryUser"> <dd:primitiveAttribute source="accountsSupervisorySystemsIdentifier" target="principalId"/> <dd:supportAttribute source="accountSupervisoryUser.principalName" target="principalName" identifier="true"/> <dd:supportAttribute source="accountSupervisoryUser.name" target="name"/> </dd:relationship> <dd:relationship objectAttribute="accountManagerUser"> <dd:primitiveAttribute source="accountManagerSystemIdentifier" target="principalId"/> <dd:supportAttribute source="accountManagerUser.principalName" target="principalName" identifier="true"/> <dd:supportAttribute source="accountManagerUser.name" target="name"/> </dd:relationship> </list> </property>
As the frameworks encounter an Person
object, through introspection, the object name in the business object is then found. From the object name, the framework can query the data dictionary for the associated primitive.
Lazy getters on Person objects
To retrieve Person objects for various business objects, lazy getters have been implemented to retrieve the object through the Person service using the primitive:
public Person getAccountFiscalOfficerUser() { accountFiscalOfficerUser = SpringContext.getBean(org.kuali.rice.kim.service.PersonService.class).updatePersonIfNecessary(accountFiscalOfficerSystemIdentifier, accountFiscalOfficerUser); return accountFiscalOfficerUser; }
Getting the Current User
The current user can be retrieved within any piece of code by the program statement.
Person currentUser = GlobalVariables.getUserSession().getPerson();
Use of Identity Service vs. use of Person Service
The use of the Person Service can cause performance issues that as of KFS 5.0.2/Rice 2.1.3 can possibly be mitigated by using the Identity Service instead. There is an API change in Rice 2.1.3 that facilitates this (see: KULRICE-8723), and there is a contribution coming in a future internal KFS patch release (5.0.3) that implements this performance improvement in KFS (see: KFSCNTRB-1337). Implementers should also keep this in mind when upgrading their own code. An example of this type of change would be to change the following code:
Person person = getPersonService().getPerson(initiator); if (person == null) { person = getPersonService().getPersonByPrincipalName(initiator); if (person == null) { // log & throw error } }
with this code:
Principal principal = KimApiServiceLocator.getIdentityService().getPrincipal(initiator); if (principal == null) { principal = KimApiServiceLocator.getIdentityService().getPrincipalByPrincipalName(initiator); if (principal == null) { // log & throw error } }
Groups
KFS doesn't use any group definitions at this point of time, mostly groups are converted into KIM Roles and users are assigned to the roles.
Kuali documentation is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 License.
Kuali software is licensed for use pursuant to the Affero General Public License, version 3.
Copyright © 2014 Kuali, Inc. All rights reserved.
Portions of Kuali are copyrighted by other parties as described in the Acknowledgments screen.
Kuali ® is a registered trademark of the Trustees of Indiana University.