org.apache.jackrabbit.oak.spi.security.authentication.external.basic

Class DefaultSyncContext

java.lang.Object

org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncContext

All Implemented Interfaces:

SyncContext

Direct Known Subclasses:

DynamicSyncContext

public class DefaultSyncContext
extends Object
implements SyncContext

Internal implementation of the sync context

Field Summary

Fields

Modifier and Type	Field and Description
protected DefaultSyncConfig	config
protected boolean	forceGroupSync
protected boolean	forceUserSync
protected ExternalIdentityProvider	idp
protected boolean	keepMissing
protected long	now
protected Value	nowValue
static String	REP_EXTERNAL_ID Name of the ExternalIdentity.getExternalId() property of a synchronized identity.
static String	REP_LAST_SYNCED Name of the property that stores the time when an identity was synced.
protected UserManager	userManager
protected ValueFactory	valueFactory

Constructor Summary

Constructors

Constructor and Description
DefaultSyncContext(DefaultSyncConfig config, ExternalIdentityProvider idp, UserManager userManager, ValueFactory valueFactory)

Method Summary

Modifier and Type	Method and Description
protected void	applyMembership(Authorizable member, Set<String> groups) Ensures that the given authorizable is member of the specific groups.
void	close() Closes this context and releases any resources bound to it.
protected Group	createGroup(ExternalGroup externalGroup) Creates a new repository group for the given external one.
static DefaultSyncedIdentity	createSyncedIdentity(Authorizable auth) Creates a synced identity from the given authorizable.
protected User	createUser(ExternalUser externalUser) Creates a new repository user for the given external one.
protected Value	createValue(Object v) Creates a new JCR value of the given object, checking the internal type.
protected Value[]	createValues(Collection<?> propValues) Creates an array of JCR values based on the type.
protected <T extends Authorizable> T	getAuthorizable(ExternalIdentity external, Class<T> type) Retrieves the repository authorizable that corresponds to the given external identity
static ExternalIdentityRef	getIdentityRef(Authorizable auth) Retrieves the external identity ref from the authorizable
protected boolean	isExpired(Authorizable auth, long expirationTime, String type) Checks if the given authorizable needs syncing based on the REP_LAST_SYNCED property.
boolean	isForceGroupSync() Defines if synchronization of groups always will perform, i.e.
boolean	isForceUserSync() Defines if synchronization of users always will perform, i.e.
boolean	isKeepMissing() Defines if synchronization keeps missing external identities on synchronization of authorizables.
protected boolean	isSameIDP(Authorizable auth) Checks if the given authorizable was synced from the same IDP by comparing the IDP name of the "rep:externalId" property.
protected boolean	isSameIDP(ExternalIdentityRef ref) Tests if the given ExternalIdentityRef refers to the same IDP as associated with this context instance.
static String	joinPaths(String... paths) Deprecated. Since Oak 1.3.10. Please use PathUtils.concatRelativePaths(String...) instead.
SyncContext	setForceGroupSync(boolean forceGroupSync) See SyncContext.isForceGroupSync()
SyncContext	setForceUserSync(boolean forceUserSync) See SyncContext.isForceUserSync()
SyncContext	setKeepMissing(boolean keepMissing) See SyncContext.isKeepMissing()
SyncResult	sync(ExternalIdentity identity) Synchronizes an external identity with the repository based on the respective configuration.
SyncResult	sync(String id) Synchronizes an authorizable with the corresponding external identity with the repository based on the respective configuration.
protected DefaultSyncResultImpl	syncGroup(ExternalGroup external, Group group)
protected void	syncMembership(ExternalIdentity external, Authorizable auth, long depth) Recursively sync the memberships of an authorizable up-to the specified depth.
protected void	syncProperties(ExternalIdentity ext, Authorizable auth, Map<String,String> mapping) Syncs the properties specified in the mapping from the external identity to the given authorizable.
protected DefaultSyncResultImpl	syncUser(ExternalUser external, User user)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

REP_EXTERNAL_ID

public static final String REP_EXTERNAL_ID

Name of the ExternalIdentity.getExternalId() property of a synchronized identity.

See Also:

Constant Field Values

REP_LAST_SYNCED

public static final String REP_LAST_SYNCED

Name of the property that stores the time when an identity was synced.

See Also:

Constant Field Values

config

protected final DefaultSyncConfig config

idp

protected final ExternalIdentityProvider idp

userManager

protected final UserManager userManager

valueFactory

protected final ValueFactory valueFactory

keepMissing

protected boolean keepMissing

forceUserSync

protected boolean forceUserSync

forceGroupSync

protected boolean forceGroupSync

now

protected final long now

nowValue

protected final Value nowValue

Constructor Detail

DefaultSyncContext

public DefaultSyncContext(@Nonnull
                          DefaultSyncConfig config,
                          @Nonnull
                          ExternalIdentityProvider idp,
                          @Nonnull
                          UserManager userManager,
                          @Nonnull
                          ValueFactory valueFactory)

Method Detail

createSyncedIdentity

@CheckForNull
public static DefaultSyncedIdentity createSyncedIdentity(@Nullable
                                                                       Authorizable auth)
                                                                throws RepositoryException

Creates a synced identity from the given authorizable.

Parameters:

auth - the authorizable

Returns:

the id

Throws:

RepositoryException - if an error occurs

getIdentityRef

@CheckForNull
public static ExternalIdentityRef getIdentityRef(@Nullable
                                                               Authorizable auth)
                                                        throws RepositoryException

Retrieves the external identity ref from the authorizable

Parameters:

auth - the authorizable

Returns:

the ref

Throws:

RepositoryException - if an error occurs

joinPaths

public static String joinPaths(String... paths)

Deprecated. Since Oak 1.3.10. Please use PathUtils.concatRelativePaths(String...) instead.

Robust relative path concatenation.

Parameters:

paths - relative paths

Returns:

the concatenated path

close

public void close()

Closes this context and releases any resources bound to it. Note that an implementation must not commit the Root passed during the creation call. This is the responsibility of the application.

Specified by:

close in interface SyncContext

isKeepMissing

public boolean isKeepMissing()

Defines if synchronization keeps missing external identities on synchronization of authorizables. Default is false.

Specified by:

isKeepMissing in interface SyncContext

Returns:

true if keep missing.

setKeepMissing

@Nonnull
public SyncContext setKeepMissing(boolean keepMissing)

See SyncContext.isKeepMissing()

Specified by:

setKeepMissing in interface SyncContext

isForceUserSync

public boolean isForceUserSync()

Defines if synchronization of users always will perform, i.e. ignores the last synced properties.

Specified by:

isForceUserSync in interface SyncContext

Returns:

true if forced syncing users

setForceUserSync

@Nonnull
public SyncContext setForceUserSync(boolean forceUserSync)

See SyncContext.isForceUserSync()

Specified by:

setForceUserSync in interface SyncContext

isForceGroupSync

public boolean isForceGroupSync()

Defines if synchronization of groups always will perform, i.e. ignores the last synced properties.

Specified by:

isForceGroupSync in interface SyncContext

Returns:

true if forced syncing groups

setForceGroupSync

@Nonnull
public SyncContext setForceGroupSync(boolean forceGroupSync)

Description copied from interface: SyncContext

See SyncContext.isForceGroupSync()

Specified by:

setForceGroupSync in interface SyncContext

sync

@Nonnull
public SyncResult sync(@Nonnull
                                ExternalIdentity identity)
                         throws SyncException

Synchronizes an external identity with the repository based on the respective configuration.

Specified by:

sync in interface SyncContext

Parameters:

identity - the identity to sync.

Returns:

the result of the operation

Throws:

SyncException - if an error occurs

sync

@Nonnull
public SyncResult sync(@Nonnull
                                String id)
                         throws SyncException

Synchronizes an authorizable with the corresponding external identity with the repository based on the respective configuration.

Specified by:

sync in interface SyncContext

Parameters:

id - the id of the authorizable

Returns:

the result of the operation

Throws:

SyncException - if an error occurs

getAuthorizable

@CheckForNull
protected <T extends Authorizable> T getAuthorizable(@Nonnull
                                                                   ExternalIdentity external,
                                                                   @Nonnull
                                                                   Class<T> type)
                                                            throws RepositoryException,
                                                                   SyncException

Retrieves the repository authorizable that corresponds to the given external identity

Parameters:

external - the external identity

type - the authorizable type

Returns:

the repository authorizable or null if not found.

Throws:

RepositoryException - if an error occurs.

SyncException - if the repository contains a colliding authorizable with the same name.

createUser

@Nonnull
protected User createUser(@Nonnull
                                   ExternalUser externalUser)
                            throws RepositoryException

Creates a new repository user for the given external one. Note that this method only creates the authorizable but does not perform any synchronization.

Parameters:

externalUser - the external user

Returns:

the repository user

Throws:

RepositoryException - if an error occurs

createGroup

@Nonnull
protected Group createGroup(@Nonnull
                                     ExternalGroup externalGroup)
                              throws RepositoryException

Creates a new repository group for the given external one. Note that this method only creates the authorizable but does not perform any synchronization.

Parameters:

externalGroup - the external group

Returns:

the repository group

Throws:

RepositoryException - if an error occurs

syncUser

@Nonnull
protected DefaultSyncResultImpl syncUser(@Nonnull
                                                  ExternalUser external,
                                                  @Nonnull
                                                  User user)
                                           throws RepositoryException

Throws:

RepositoryException

syncGroup

@Nonnull
protected DefaultSyncResultImpl syncGroup(@Nonnull
                                                   ExternalGroup external,
                                                   @Nonnull
                                                   Group group)
                                            throws RepositoryException

Throws:

RepositoryException

syncMembership

protected void syncMembership(@Nonnull
                              ExternalIdentity external,
                              @Nonnull
                              Authorizable auth,
                              long depth)
                       throws RepositoryException

Recursively sync the memberships of an authorizable up-to the specified depth. If the given depth is equal or less than 0, no syncing is performed.

Parameters:

external - the external identity

auth - the authorizable

depth - recursion depth.

Throws:

RepositoryException

applyMembership

protected void applyMembership(@Nonnull
                               Authorizable member,
                               @Nonnull
                               Set<String> groups)
                        throws RepositoryException

Ensures that the given authorizable is member of the specific groups. Note that it does not create groups if missing, nor remove memberships of groups not in the given set.

Parameters:

member - the authorizable

groups - set of groups.

Throws:

RepositoryException

syncProperties

protected void syncProperties(@Nonnull
                              ExternalIdentity ext,
                              @Nonnull
                              Authorizable auth,
                              @Nonnull
                              Map<String,String> mapping)
                       throws RepositoryException

Syncs the properties specified in the mapping from the external identity to the given authorizable. Note that this method does not check for value equality and just blindly copies or deletes the properties.

Parameters:

ext - external identity

auth - the authorizable

mapping - the property mapping

Throws:

RepositoryException - if an error occurs

isExpired

protected boolean isExpired(@Nonnull
                            Authorizable auth,
                            long expirationTime,
                            @Nonnull
                            String type)
                     throws RepositoryException

Checks if the given authorizable needs syncing based on the REP_LAST_SYNCED property.

Parameters:

auth - the authorizable to check

expirationTime - the expiration time to compare to.

type - debug message type

Returns:

true if the authorizable needs sync

Throws:

RepositoryException

createValue

@CheckForNull
protected Value createValue(@Nullable
                                          Object v)
                                   throws RepositoryException

Creates a new JCR value of the given object, checking the internal type.

Parameters:

v - the value

Returns:

the JCR value or null

Throws:

RepositoryException - if an error occurs

createValues

@CheckForNull
protected Value[] createValues(@Nonnull
                                             Collection<?> propValues)
                                      throws RepositoryException

Creates an array of JCR values based on the type.

Parameters:

propValues - the given values

Returns:

and array of JCR values

Throws:

RepositoryException - if an error occurs

isSameIDP

protected boolean isSameIDP(@Nullable
                            Authorizable auth)
                     throws RepositoryException

Checks if the given authorizable was synced from the same IDP by comparing the IDP name of the "rep:externalId" property.

Parameters:

auth - the authorizable.

Returns:

true if same IDP.

Throws:

RepositoryException

isSameIDP

protected boolean isSameIDP(@Nonnull
                            ExternalIdentityRef ref)

Tests if the given ExternalIdentityRef refers to the same IDP as associated with this context instance.

Parameters:

ref - The ExternalIdentityRef to be tested.

Returns:

true if ExternalIdentityRef.getProviderName() refers to the IDP associated with this context instance.