DynamicSyncContext (Oak External Authentication Support 1.2.29 API)

java.lang.Object
- org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncContext
- - org.apache.jackrabbit.oak.spi.security.authentication.external.impl.DynamicSyncContext

All Implemented Interfaces:

SyncContext
```
public class DynamicSyncContext
extends DefaultSyncContext
```
Extension of the DefaultSyncContext that doesn't synchronize group membership of new external users into the user management of the repository. Instead it will only synchronize the principal names up to the configured depths. In combination with the a dedicated PrincipalConfiguration this allows to benefit from the repository's authorization model (which is solely based on principals) i.e. full compatibility with the default approach without the complication of synchronizing user management information into the repository, when user management is effectively take care of by the third party system. With the DefaultSyncHandler this feature can be turned on using DefaultSyncConfig.User.setDynamicMembership(boolean) Note: users and groups that have been synchronized before the dynamic membership feature has been enabled will continue to be synchronized in the default way and this context doesn't take effect.

Since:

Oak 1.5.3

Field Summary
- Fields inherited from class org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncContext
  config, forceGroupSync, forceUserSync, idp, keepMissing, now, nowValue, REP_EXTERNAL_ID, REP_LAST_SYNCED, userManager, valueFactory

Constructor Summary

Constructors
Constructor and Description
`DynamicSyncContext(DefaultSyncConfig config, ExternalIdentityProvider idp, UserManager userManager, ValueFactory valueFactory)`

Method Summary

Methods
Modifier and Type	Method and Description
`protected void`	`applyMembership(Authorizable member, Set<String> groups)` Ensures that the given authorizable is member of the specific groups.
`SyncResult`	`sync(ExternalIdentity identity)` Synchronizes an external identity with the repository based on the respective configuration.
`protected void`	`syncMembership(ExternalIdentity external, Authorizable auth, long depth)` Recursively sync the memberships of an authorizable up-to the specified depth.

Methods inherited from class org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncContext
close, createGroup, createSyncedIdentity, createUser, createValue, createValues, getAuthorizable, getIdentityRef, isExpired, isForceGroupSync, isForceUserSync, isKeepMissing, isSameIDP, isSameIDP, joinPaths, setForceGroupSync, setForceUserSync, setKeepMissing, sync, syncGroup, syncProperties, syncUser

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

DynamicSyncContext

public DynamicSyncContext(@Nonnull
                  DefaultSyncConfig config,
                  @Nonnull
                  ExternalIdentityProvider idp,
                  @Nonnull
                  UserManager userManager,
                  @Nonnull
                  ValueFactory valueFactory)

Method Detail
- sync
```
@Nonnull
public SyncResult sync(@Nonnull
                      ExternalIdentity identity)
                throws SyncException
```
  Description copied from class: DefaultSyncContext
  
  Synchronizes an external identity with the repository based on the respective configuration.
  
  Specified by:
  
  sync in interface SyncContext
  
  Overrides:
  
  sync in class DefaultSyncContext
  
  Parameters:
  identity - the identity to sync.
  
  Returns:
  the result of the operation
  
  Throws:
  
  SyncException - if an error occurrs
- syncMembership
```
protected void syncMembership(@Nonnull
                  ExternalIdentity external,
                  @Nonnull
                  Authorizable auth,
                  long depth)
                       throws RepositoryException
```
  Description copied from class: DefaultSyncContext
  
  Recursively sync the memberships of an authorizable up-to the specified depth. If the given depth is equal or less than 0, no syncing is performed.
  
  Overrides:
  
  syncMembership in class DefaultSyncContext
  
  Parameters:
  external - the external identity
  auth - the authorizable
  depth - recursion depth.
  
  Throws:
  
  RepositoryException
- applyMembership
```
protected void applyMembership(@Nonnull
                   Authorizable member,
                   @Nonnull
                   Set<String> groups)
                        throws RepositoryException
```
  Description copied from class: DefaultSyncContext
  
  Ensures that the given authorizable is member of the specific groups. Note that it does not create groups if missing, nor remove memberships of groups not in the given set.
  
  Overrides:
  
  applyMembership in class DefaultSyncContext
  
  Parameters:
  member - the authorizable
  groups - set of groups.
  
  Throws:
  
  RepositoryException

Class DynamicSyncContext

Field Summary

Fields inherited from class org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncContext

Constructor Summary

Method Summary

Methods inherited from class org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncContext

Methods inherited from class java.lang.Object

Constructor Detail

DynamicSyncContext

Method Detail

sync

syncMembership

applyMembership