Package org.apache.jackrabbit.oak.spi.security.authentication.external.basic

Class DefaultSyncContext

java.lang.Object
org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncContext
All Implemented Interfaces:
SyncContext
Direct Known Subclasses:
DynamicSyncContext
public class DefaultSyncContext extends Object implements SyncContext
Internal implementation of the sync context

  • Field Details

  • Constructor Details

  • Method Details

    • createSyncedIdentity

      @Nullable public static @Nullable DefaultSyncedIdentity createSyncedIdentity(@Nullable @Nullable Authorizable auth) throws RepositoryException
      Creates a synced identity from the given authorizable.
      Parameters:
      auth - the authorizable
      Returns:
      the id
      Throws:
      RepositoryException - if an error occurs

    • getIdentityRef

      @Nullable public static @Nullable ExternalIdentityRef getIdentityRef(@Nullable @Nullable Authorizable auth) throws RepositoryException
      Retrieves the external identity ref from the authorizable
      Parameters:
      auth - the authorizable
      Returns:
      the ref
      Throws:
      RepositoryException - if an error occurs

    • joinPaths

      @Deprecated public static String joinPaths(String... paths)
      Deprecated.
      Since Oak 1.3.10. Please use PathUtils.concatRelativePaths(String...) instead.
      Robust relative path concatenation.
      Parameters:
      paths - relative paths
      Returns:
      the concatenated path

    • close

      public void close()
      Closes this context and releases any resources bound to it. Note that an implementation must not commit the Root passed during the creation call. This is the responsibility of the application.
      Specified by:
      close in interface SyncContext

    • isKeepMissing

      public boolean isKeepMissing()
      Defines if synchronization keeps missing external identities on synchronization of authorizables. Default is false.
      Specified by:
      isKeepMissing in interface SyncContext
      Returns:
      true if keep missing.

    • setKeepMissing

      @NotNull public @NotNull SyncContext setKeepMissing(boolean keepMissing)
      See SyncContext.isKeepMissing()
      Specified by:
      setKeepMissing in interface SyncContext

    • isForceUserSync

      public boolean isForceUserSync()
      Defines if synchronization of users always will perform, i.e. ignores the last synced properties.
      Specified by:
      isForceUserSync in interface SyncContext
      Returns:
      true if forced syncing users

    • setForceUserSync

      @NotNull public @NotNull SyncContext setForceUserSync(boolean forceUserSync)
      See SyncContext.isForceUserSync()
      Specified by:
      setForceUserSync in interface SyncContext

    • isForceGroupSync

      public boolean isForceGroupSync()
      Defines if synchronization of groups always will perform, i.e. ignores the last synced properties.
      Specified by:
      isForceGroupSync in interface SyncContext
      Returns:
      true if forced syncing groups

    • setForceGroupSync

      @NotNull public @NotNull SyncContext setForceGroupSync(boolean forceGroupSync)
      Description copied from interface: SyncContext
      See SyncContext.isForceGroupSync()
      Specified by:
      setForceGroupSync in interface SyncContext

    • sync

      @NotNull public @NotNull SyncResult sync(@NotNull @NotNull ExternalIdentity identity) throws SyncException
      Synchronizes an external identity with the repository based on the respective configuration.
      Specified by:
      sync in interface SyncContext
      Parameters:
      identity - the identity to sync.
      Returns:
      the result of the operation
      Throws:
      SyncException - if an error occurs

    • sync

      @NotNull public @NotNull SyncResult sync(@NotNull @NotNull String id) throws SyncException
      Synchronizes an authorizable with the corresponding external identity with the repository based on the respective configuration.
      Specified by:
      sync in interface SyncContext
      Parameters:
      id - the id of the authorizable
      Returns:
      the result of the operation
      Throws:
      SyncException - if an error occurs

    • getAuthorizable

      @Nullable protected <T extends Authorizable> T getAuthorizable(@NotNull @NotNull ExternalIdentity external, @NotNull @NotNull Class<T> type) throws RepositoryException, SyncException
      Retrieves the repository authorizable that corresponds to the given external identity
      Parameters:
      external - the external identity
      type - the authorizable type
      Returns:
      the repository authorizable or null if not found.
      Throws:
      RepositoryException - if an error occurs.
      SyncException - if the repository contains a colliding authorizable with the same name.

    • createUser

      @NotNull protected @NotNull User createUser(@NotNull @NotNull ExternalUser externalUser) throws RepositoryException
      Creates a new repository user for the given external one. Note that this method only creates the authorizable but does not perform any synchronization.
      Parameters:
      externalUser - the external user
      Returns:
      the repository user
      Throws:
      RepositoryException - if an error occurs

    • createGroup

      @NotNull protected @NotNull Group createGroup(@NotNull @NotNull ExternalGroup externalGroup) throws RepositoryException
      Creates a new repository group for the given external one. Note that this method only creates the authorizable but does not perform any synchronization.
      Parameters:
      externalGroup - the external group
      Returns:
      the repository group
      Throws:
      RepositoryException - if an error occurs

    • syncUser

      @NotNull protected @NotNull DefaultSyncResultImpl syncUser(@NotNull @NotNull ExternalUser external, @NotNull @NotNull User user) throws RepositoryException
      Throws:
      RepositoryException

    • syncGroup

      @NotNull protected @NotNull DefaultSyncResultImpl syncGroup(@NotNull @NotNull ExternalGroup external, @NotNull @NotNull Group group) throws RepositoryException
      Throws:
      RepositoryException

    • syncMembership

      protected void syncMembership(@NotNull @NotNull ExternalIdentity external, @NotNull @NotNull Authorizable auth, long depth) throws RepositoryException
      Recursively sync the memberships of an authorizable up-to the specified depth. If the given depth is equal or less than 0, no syncing is performed.
      Parameters:
      external - the external identity
      auth - the authorizable
      depth - recursion depth.
      Throws:
      RepositoryException - If a user management specific error occurs upon synchronizing membership

    • getExternalGroupFromRef

      @Nullable protected @Nullable ExternalGroup getExternalGroupFromRef(@NotNull @NotNull ExternalIdentityRef externalGroupRef)

    • applyMembership

      protected void applyMembership(@NotNull @NotNull Authorizable member, @NotNull @NotNull Set<String> groups) throws RepositoryException
      Ensures that the given authorizable is member of the specific groups. Note that it does not create groups if missing, nor remove memberships of groups not in the given set.
      Parameters:
      member - the authorizable
      groups - set of groups.
      Throws:
      RepositoryException

    • syncProperties

      protected void syncProperties(@NotNull @NotNull ExternalIdentity ext, @NotNull @NotNull Authorizable auth, @NotNull @NotNull Map<String,String> mapping) throws RepositoryException
      Syncs the properties specified in the mapping from the external identity to the given authorizable. Note that this method does not check for value equality and just blindly copies or deletes the properties.
      Parameters:
      ext - external identity
      auth - the authorizable
      mapping - the property mapping
      Throws:
      RepositoryException - if an error occurs

    • isExpired

      protected boolean isExpired(@NotNull @NotNull Authorizable auth, long expirationTime, @NotNull @NotNull String type) throws RepositoryException
      Checks if the given authorizable needs syncing based on the REP_LAST_SYNCED property.
      Parameters:
      auth - the authorizable to check
      expirationTime - the expiration time to compare to.
      type - debug message type
      Returns:
      true if the authorizable needs sync
      Throws:
      RepositoryException

    • createValue

      @Nullable protected @Nullable Value createValue(@Nullable @Nullable Object v) throws RepositoryException
      Creates a new JCR value of the given object, checking the internal type.
      Parameters:
      v - the value
      Returns:
      the JCR value or null
      Throws:
      RepositoryException - if an error occurs

    • createValues

      @NotNull protected @NotNull Value[] createValues(@NotNull @NotNull Collection<?> propValues) throws RepositoryException
      Creates an array of JCR values based on the type.
      Parameters:
      propValues - the given values
      Returns:
      and array of JCR values
      Throws:
      RepositoryException - if an error occurs

    • isSameIDP

      protected boolean isSameIDP(@Nullable @Nullable Authorizable auth) throws RepositoryException
      Checks if the given authorizable was synced from the same IDP by comparing the IDP name of the "rep:externalId" property.
      Parameters:
      auth - the authorizable.
      Returns:
      true if same IDP.
      Throws:
      RepositoryException

    • isSameIDP

      protected boolean isSameIDP(@NotNull @NotNull ExternalIdentityRef ref)
      Tests if the given ExternalIdentityRef refers to the same IDP as associated with this context instance.
      Parameters:
      ref - The ExternalIdentityRef to be tested.
      Returns:
      true if ExternalIdentityRef.getProviderName() refers to the IDP associated with this context instance.

    • warnForeign

      protected void warnForeign(@NotNull @NotNull ExternalIdentity externalIdentity)

    • warnForeignExisting

      protected void warnForeignExisting(@NotNull @NotNull Authorizable existing, boolean expectGroup) throws RepositoryException
      Throws:
      RepositoryException