Class DefaultSyncContext
- java.lang.Object
-
- org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncContext
-
- All Implemented Interfaces:
SyncContext
- Direct Known Subclasses:
DynamicSyncContext
public class DefaultSyncContext extends Object implements SyncContext
Internal implementation of the sync context
-
-
Field Summary
Fields Modifier and Type Field Description protected DefaultSyncConfigconfigprotected booleanforceGroupSyncprotected booleanforceUserSyncprotected ExternalIdentityProvideridpprotected booleankeepMissingprotected longnowprotected javax.jcr.ValuenowValuestatic StringREP_EXTERNAL_IDName of theExternalIdentity.getExternalId()property of a synchronized identity.static StringREP_LAST_SYNCEDName of the property that stores the time when an identity was synced.protected org.apache.jackrabbit.api.security.user.UserManageruserManagerprotected javax.jcr.ValueFactoryvalueFactory
-
Constructor Summary
Constructors Constructor Description DefaultSyncContext(@NotNull DefaultSyncConfig config, @NotNull ExternalIdentityProvider idp, @NotNull org.apache.jackrabbit.api.security.user.UserManager userManager, @NotNull javax.jcr.ValueFactory valueFactory)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description protected voidapplyMembership(@NotNull org.apache.jackrabbit.api.security.user.Authorizable member, @NotNull Set<String> groups)Ensures that the given authorizable is member of the specific groups.voidclose()Closes this context and releases any resources bound to it.protected @NotNull org.apache.jackrabbit.api.security.user.GroupcreateGroup(@NotNull ExternalGroup externalGroup)Creates a new repository group for the given external one.static @Nullable DefaultSyncedIdentitycreateSyncedIdentity(@Nullable org.apache.jackrabbit.api.security.user.Authorizable auth)Creates a synced identity from the given authorizable.protected @NotNull org.apache.jackrabbit.api.security.user.UsercreateUser(@NotNull ExternalUser externalUser)Creates a new repository user for the given external one.protected @Nullable javax.jcr.ValuecreateValue(@Nullable Object v)Creates a new JCR value of the given object, checking the internal type.protected @Nullable javax.jcr.Value[]createValues(@NotNull Collection<?> propValues)Creates an array of JCR values based on the type.protected <T extends org.apache.jackrabbit.api.security.user.Authorizable>
TgetAuthorizable(@NotNull ExternalIdentity external, @NotNull Class<T> type)Retrieves the repository authorizable that corresponds to the given external identitystatic @Nullable ExternalIdentityRefgetIdentityRef(@Nullable org.apache.jackrabbit.api.security.user.Authorizable auth)Retrieves the external identity ref from the authorizableprotected booleanisExpired(@NotNull org.apache.jackrabbit.api.security.user.Authorizable auth, long expirationTime, @NotNull String type)Checks if the given authorizable needs syncing based on theREP_LAST_SYNCEDproperty.booleanisForceGroupSync()Defines if synchronization of groups always will perform, i.e.booleanisForceUserSync()Defines if synchronization of users always will perform, i.e.booleanisKeepMissing()Defines if synchronization keeps missing external identities on synchronization of authorizables.protected booleanisSameIDP(@NotNull ExternalIdentityRef ref)Tests if the givenExternalIdentityRefrefers to the same IDP as associated with this context instance.protected booleanisSameIDP(@Nullable org.apache.jackrabbit.api.security.user.Authorizable auth)Checks if the given authorizable was synced from the same IDP by comparing the IDP name of the "rep:externalId" property.static StringjoinPaths(String... paths)Deprecated.Since Oak 1.3.10.@NotNull SyncContextsetForceGroupSync(boolean forceGroupSync)@NotNull SyncContextsetForceUserSync(boolean forceUserSync)@NotNull SyncContextsetKeepMissing(boolean keepMissing)@NotNull SyncResultsync(@NotNull String id)Synchronizes an authorizable with the corresponding external identity with the repository based on the respective configuration.@NotNull SyncResultsync(@NotNull ExternalIdentity identity)Synchronizes an external identity with the repository based on the respective configuration.protected @NotNull DefaultSyncResultImplsyncGroup(@NotNull ExternalGroup external, @NotNull org.apache.jackrabbit.api.security.user.Group group)protected voidsyncMembership(@NotNull ExternalIdentity external, @NotNull org.apache.jackrabbit.api.security.user.Authorizable auth, long depth)Recursively sync the memberships of an authorizable up-to the specified depth.protected voidsyncProperties(@NotNull ExternalIdentity ext, @NotNull org.apache.jackrabbit.api.security.user.Authorizable auth, @NotNull Map<String,String> mapping)Syncs the properties specified in themappingfrom the external identity to the given authorizable.protected @NotNull DefaultSyncResultImplsyncUser(@NotNull ExternalUser external, @NotNull org.apache.jackrabbit.api.security.user.User user)
-
-
-
Field Detail
-
REP_EXTERNAL_ID
public static final String REP_EXTERNAL_ID
Name of theExternalIdentity.getExternalId()property of a synchronized identity.- See Also:
- Constant Field Values
-
REP_LAST_SYNCED
public static final String REP_LAST_SYNCED
Name of the property that stores the time when an identity was synced.- See Also:
- Constant Field Values
-
config
protected final DefaultSyncConfig config
-
idp
protected final ExternalIdentityProvider idp
-
userManager
protected final org.apache.jackrabbit.api.security.user.UserManager userManager
-
valueFactory
protected final javax.jcr.ValueFactory valueFactory
-
keepMissing
protected boolean keepMissing
-
forceUserSync
protected boolean forceUserSync
-
forceGroupSync
protected boolean forceGroupSync
-
now
protected final long now
-
nowValue
protected final javax.jcr.Value nowValue
-
-
Constructor Detail
-
DefaultSyncContext
public DefaultSyncContext(@NotNull @NotNull DefaultSyncConfig config, @NotNull @NotNull ExternalIdentityProvider idp, @NotNull @NotNull org.apache.jackrabbit.api.security.user.UserManager userManager, @NotNull @NotNull javax.jcr.ValueFactory valueFactory)
-
-
Method Detail
-
createSyncedIdentity
@Nullable public static @Nullable DefaultSyncedIdentity createSyncedIdentity(@Nullable @Nullable org.apache.jackrabbit.api.security.user.Authorizable auth) throws javax.jcr.RepositoryException
Creates a synced identity from the given authorizable.- Parameters:
auth- the authorizable- Returns:
- the id
- Throws:
javax.jcr.RepositoryException- if an error occurs
-
getIdentityRef
@Nullable public static @Nullable ExternalIdentityRef getIdentityRef(@Nullable @Nullable org.apache.jackrabbit.api.security.user.Authorizable auth) throws javax.jcr.RepositoryException
Retrieves the external identity ref from the authorizable- Parameters:
auth- the authorizable- Returns:
- the ref
- Throws:
javax.jcr.RepositoryException- if an error occurs
-
joinPaths
public static String joinPaths(String... paths)
Deprecated.Since Oak 1.3.10. Please usePathUtils.concatRelativePaths(String...)instead.Robust relative path concatenation.- Parameters:
paths- relative paths- Returns:
- the concatenated path
-
close
public void close()
Closes this context and releases any resources bound to it. Note that an implementation must not commit theRootpassed during the creation call. This is the responsibility of the application.- Specified by:
closein interfaceSyncContext
-
isKeepMissing
public boolean isKeepMissing()
Defines if synchronization keeps missing external identities on synchronization of authorizables. Default isfalse.- Specified by:
isKeepMissingin interfaceSyncContext- Returns:
trueif keep missing.
-
setKeepMissing
@NotNull public @NotNull SyncContext setKeepMissing(boolean keepMissing)
- Specified by:
setKeepMissingin interfaceSyncContext
-
isForceUserSync
public boolean isForceUserSync()
Defines if synchronization of users always will perform, i.e. ignores the last synced properties.- Specified by:
isForceUserSyncin interfaceSyncContext- Returns:
trueif forced syncing users
-
setForceUserSync
@NotNull public @NotNull SyncContext setForceUserSync(boolean forceUserSync)
- Specified by:
setForceUserSyncin interfaceSyncContext
-
isForceGroupSync
public boolean isForceGroupSync()
Defines if synchronization of groups always will perform, i.e. ignores the last synced properties.- Specified by:
isForceGroupSyncin interfaceSyncContext- Returns:
trueif forced syncing groups
-
setForceGroupSync
@NotNull public @NotNull SyncContext setForceGroupSync(boolean forceGroupSync)
Description copied from interface:SyncContext- Specified by:
setForceGroupSyncin interfaceSyncContext
-
sync
@NotNull public @NotNull SyncResult sync(@NotNull @NotNull ExternalIdentity identity) throws SyncException
Synchronizes an external identity with the repository based on the respective configuration.- Specified by:
syncin interfaceSyncContext- Parameters:
identity- the identity to sync.- Returns:
- the result of the operation
- Throws:
SyncException- if an error occurs
-
sync
@NotNull public @NotNull SyncResult sync(@NotNull @NotNull String id) throws SyncException
Synchronizes an authorizable with the corresponding external identity with the repository based on the respective configuration.- Specified by:
syncin interfaceSyncContext- Parameters:
id- the id of the authorizable- Returns:
- the result of the operation
- Throws:
SyncException- if an error occurs
-
getAuthorizable
@Nullable protected <T extends org.apache.jackrabbit.api.security.user.Authorizable> T getAuthorizable(@NotNull @NotNull ExternalIdentity external, @NotNull @NotNull Class<T> type) throws javax.jcr.RepositoryException, SyncExceptionRetrieves the repository authorizable that corresponds to the given external identity- Parameters:
external- the external identitytype- the authorizable type- Returns:
- the repository authorizable or
nullif not found. - Throws:
javax.jcr.RepositoryException- if an error occurs.SyncException- if the repository contains a colliding authorizable with the same name.
-
createUser
@NotNull protected @NotNull org.apache.jackrabbit.api.security.user.User createUser(@NotNull @NotNull ExternalUser externalUser) throws javax.jcr.RepositoryExceptionCreates a new repository user for the given external one. Note that this method only creates the authorizable but does not perform any synchronization.- Parameters:
externalUser- the external user- Returns:
- the repository user
- Throws:
javax.jcr.RepositoryException- if an error occurs
-
createGroup
@NotNull protected @NotNull org.apache.jackrabbit.api.security.user.Group createGroup(@NotNull @NotNull ExternalGroup externalGroup) throws javax.jcr.RepositoryExceptionCreates a new repository group for the given external one. Note that this method only creates the authorizable but does not perform any synchronization.- Parameters:
externalGroup- the external group- Returns:
- the repository group
- Throws:
javax.jcr.RepositoryException- if an error occurs
-
syncUser
@NotNull protected @NotNull DefaultSyncResultImpl syncUser(@NotNull @NotNull ExternalUser external, @NotNull @NotNull org.apache.jackrabbit.api.security.user.User user) throws javax.jcr.RepositoryException
- Throws:
javax.jcr.RepositoryException
-
syncGroup
@NotNull protected @NotNull DefaultSyncResultImpl syncGroup(@NotNull @NotNull ExternalGroup external, @NotNull @NotNull org.apache.jackrabbit.api.security.user.Group group) throws javax.jcr.RepositoryException
- Throws:
javax.jcr.RepositoryException
-
syncMembership
protected void syncMembership(@NotNull @NotNull ExternalIdentity external, @NotNull @NotNull org.apache.jackrabbit.api.security.user.Authorizable auth, long depth) throws javax.jcr.RepositoryExceptionRecursively sync the memberships of an authorizable up-to the specified depth. If the given depth is equal or less than 0, no syncing is performed.- Parameters:
external- the external identityauth- the authorizabledepth- recursion depth.- Throws:
javax.jcr.RepositoryException
-
applyMembership
protected void applyMembership(@NotNull @NotNull org.apache.jackrabbit.api.security.user.Authorizable member, @NotNull @NotNull Set<String> groups) throws javax.jcr.RepositoryExceptionEnsures that the given authorizable is member of the specific groups. Note that it does not create groups if missing, nor remove memberships of groups not in the given set.- Parameters:
member- the authorizablegroups- set of groups.- Throws:
javax.jcr.RepositoryException
-
syncProperties
protected void syncProperties(@NotNull @NotNull ExternalIdentity ext, @NotNull @NotNull org.apache.jackrabbit.api.security.user.Authorizable auth, @NotNull @NotNull Map<String,String> mapping) throws javax.jcr.RepositoryExceptionSyncs the properties specified in themappingfrom the external identity to the given authorizable. Note that this method does not check for value equality and just blindly copies or deletes the properties.- Parameters:
ext- external identityauth- the authorizablemapping- the property mapping- Throws:
javax.jcr.RepositoryException- if an error occurs
-
isExpired
protected boolean isExpired(@NotNull @NotNull org.apache.jackrabbit.api.security.user.Authorizable auth, long expirationTime, @NotNull @NotNull String type) throws javax.jcr.RepositoryExceptionChecks if the given authorizable needs syncing based on theREP_LAST_SYNCEDproperty.- Parameters:
auth- the authorizable to checkexpirationTime- the expiration time to compare to.type- debug message type- Returns:
trueif the authorizable needs sync- Throws:
javax.jcr.RepositoryException
-
createValue
@Nullable protected @Nullable javax.jcr.Value createValue(@Nullable @Nullable Object v) throws javax.jcr.RepositoryExceptionCreates a new JCR value of the given object, checking the internal type.- Parameters:
v- the value- Returns:
- the JCR value or null
- Throws:
javax.jcr.RepositoryException- if an error occurs
-
createValues
@Nullable protected @Nullable javax.jcr.Value[] createValues(@NotNull @NotNull Collection<?> propValues) throws javax.jcr.RepositoryExceptionCreates an array of JCR values based on the type.- Parameters:
propValues- the given values- Returns:
- and array of JCR values
- Throws:
javax.jcr.RepositoryException- if an error occurs
-
isSameIDP
protected boolean isSameIDP(@Nullable @Nullable org.apache.jackrabbit.api.security.user.Authorizable auth) throws javax.jcr.RepositoryExceptionChecks if the given authorizable was synced from the same IDP by comparing the IDP name of the "rep:externalId" property.- Parameters:
auth- the authorizable.- Returns:
trueif same IDP.- Throws:
javax.jcr.RepositoryException
-
isSameIDP
protected boolean isSameIDP(@NotNull @NotNull ExternalIdentityRef ref)Tests if the givenExternalIdentityRefrefers to the same IDP as associated with this context instance.- Parameters:
ref- TheExternalIdentityRefto be tested.- Returns:
trueifExternalIdentityRef.getProviderName()refers to the IDP associated with this context instance.
-
-