Package org.apache.jackrabbit.oak.spi.security.authentication.external.impl

Class DefaultSyncConfigImpl

java.lang.Object

org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncConfig

org.apache.jackrabbit.oak.spi.security.authentication.external.impl.DefaultSyncConfigImpl

public class DefaultSyncConfigImpl
extends DefaultSyncConfig

DefaultSyncConfig defines how users and groups from an external source are synced into the repository using the DefaultSyncHandler.

Nested Class Summary

Nested classes/interfaces inherited from class org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncConfig

DefaultSyncConfig.Authorizable, DefaultSyncConfig.Group, DefaultSyncConfig.User

Field Summary

Fields

Modifier and Type	Field	Description
static java.lang.String	PARAM_DISABLE_MISSING_USERS
static boolean	PARAM_DISABLE_MISSING_USERS_DEFAULT
static java.lang.String	PARAM_ENABLE_RFC7613_USERCASE_MAPPED_PROFILE
static boolean	PARAM_ENABLE_RFC7613_USERCASE_MAPPED_PROFILE_DEFAULT	Default value for PARAM_ENABLE_RFC7613_USERCASE_MAPPED_PROFILE
static java.lang.String	PARAM_GROUP_AUTO_MEMBERSHIP
static java.lang.String[]	PARAM_GROUP_AUTO_MEMBERSHIP_DEFAULT
static java.lang.String	PARAM_GROUP_DYNAMIC_GROUPS
static boolean	PARAM_GROUP_DYNAMIC_GROUPS_DEFAULT
static java.lang.String	PARAM_GROUP_EXPIRATION_TIME
static java.lang.String	PARAM_GROUP_EXPIRATION_TIME_DEFAULT
static java.lang.String	PARAM_GROUP_PATH_PREFIX
static java.lang.String	PARAM_GROUP_PATH_PREFIX_DEFAULT
static java.lang.String	PARAM_GROUP_PROPERTY_MAPPING
static java.lang.String[]	PARAM_GROUP_PROPERTY_MAPPING_DEFAULT
static java.lang.String	PARAM_NAME
static java.lang.String	PARAM_NAME_DEFAULT
static java.lang.String	PARAM_USER_AUTO_MEMBERSHIP
static java.lang.String[]	PARAM_USER_AUTO_MEMBERSHIP_DEFAULT
static java.lang.String	PARAM_USER_DYNAMIC_MEMBERSHIP	Configuration option to enable dynamic group membership.
static boolean	PARAM_USER_DYNAMIC_MEMBERSHIP_DEFAULT
static java.lang.String	PARAM_USER_ENFORCE_DYNAMIC_MEMBERSHIP	Configuration option to enforce dynamic group membership upon user sync.
static boolean	PARAM_USER_ENFORCE_DYNAMIC_MEMBERSHIP_DEFAULT
static java.lang.String	PARAM_USER_EXPIRATION_TIME
static java.lang.String	PARAM_USER_EXPIRATION_TIME_DEFAULT
static java.lang.String	PARAM_USER_MEMBERSHIP_EXPIRATION_TIME
static java.lang.String	PARAM_USER_MEMBERSHIP_EXPIRATION_TIME_DEFAULT
static java.lang.String	PARAM_USER_MEMBERSHIP_NESTING_DEPTH
static int	PARAM_USER_MEMBERSHIP_NESTING_DEPTH_DEFAULT
static java.lang.String	PARAM_USER_PATH_PREFIX
static java.lang.String	PARAM_USER_PATH_PREFIX_DEFAULT
static java.lang.String	PARAM_USER_PROPERTY_MAPPING
static java.lang.String[]	PARAM_USER_PROPERTY_MAPPING_DEFAULT

Fields inherited from class org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncConfig

DEFAULT_NAME

Constructor Summary

Constructors

Constructor	Description
DefaultSyncConfigImpl()

Method Summary

Modifier and Type	Method	Description
static DefaultSyncConfig	of(ConfigurationParameters params)	Creates a new LDAP provider configuration based on the properties store in the given parameters.

Methods inherited from class org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncConfig

getName, group, setName, user

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

PARAM_NAME_DEFAULT

public static final java.lang.String PARAM_NAME_DEFAULT

See Also:

DefaultSyncConfig.getName(), Constant Field Values

PARAM_NAME

@Property(label="Sync Handler Name",
          description="Name of this sync configuration. This is used to reference this handler by the login modules.",
          value="default")
public static final java.lang.String PARAM_NAME

See Also:

DefaultSyncConfig.getName(), Constant Field Values

PARAM_USER_EXPIRATION_TIME_DEFAULT

public static final java.lang.String PARAM_USER_EXPIRATION_TIME_DEFAULT

See Also:

DefaultSyncConfig.Authorizable.getExpirationTime(), Constant Field Values

PARAM_USER_EXPIRATION_TIME

@Property(label="User Expiration Time",
          description="Duration until a synced user gets expired (eg. \'1h 30m\' or \'1d\').",
          value="1h")
public static final java.lang.String PARAM_USER_EXPIRATION_TIME

See Also:

DefaultSyncConfig.Authorizable.getExpirationTime(), Constant Field Values

PARAM_USER_AUTO_MEMBERSHIP_DEFAULT

public static final java.lang.String[] PARAM_USER_AUTO_MEMBERSHIP_DEFAULT

See Also:

DefaultSyncConfig.Authorizable.getAutoMembership()

PARAM_USER_AUTO_MEMBERSHIP

@Property(label="User auto membership",
          description="List of groups that a synced user is added to automatically",
          value={},
          cardinality=2147483647)
public static final java.lang.String PARAM_USER_AUTO_MEMBERSHIP

See Also:

DefaultSyncConfig.Authorizable.getAutoMembership(), Constant Field Values

PARAM_USER_PROPERTY_MAPPING_DEFAULT

public static final java.lang.String[] PARAM_USER_PROPERTY_MAPPING_DEFAULT

See Also:

DefaultSyncConfig.Authorizable.getPropertyMapping()

PARAM_USER_PROPERTY_MAPPING

@Property(label="User property mapping",
          description="List mapping definition of local properties from external ones. eg: \'profile/email=mail\'.Use double quotes for fixed values. eg: \'profile/nt:primaryType=\"nt:unstructured\"",
          value="rep:fullname=cn",
          cardinality=2147483647)
public static final java.lang.String PARAM_USER_PROPERTY_MAPPING

See Also:

DefaultSyncConfig.Authorizable.getPropertyMapping(), Constant Field Values

PARAM_USER_PATH_PREFIX_DEFAULT

public static final java.lang.String PARAM_USER_PATH_PREFIX_DEFAULT

See Also:

DefaultSyncConfig.Authorizable.getPathPrefix(), Constant Field Values

PARAM_USER_PATH_PREFIX

@Property(label="User Path Prefix",
          description="The path prefix used when creating new users.",
          value="")
public static final java.lang.String PARAM_USER_PATH_PREFIX

See Also:

DefaultSyncConfig.Authorizable.getPathPrefix(), Constant Field Values

PARAM_USER_MEMBERSHIP_EXPIRATION_TIME_DEFAULT

public static final java.lang.String PARAM_USER_MEMBERSHIP_EXPIRATION_TIME_DEFAULT

See Also:

DefaultSyncConfig.User.getMembershipExpirationTime(), Constant Field Values

PARAM_USER_MEMBERSHIP_EXPIRATION_TIME

@Property(label="User Membership Expiration",
          description="Time after which membership expires (eg. \'1h 30m\' or \'1d\'). Note however, that a membership sync is aways bound to a sync of the user.",
          value="1h")
public static final java.lang.String PARAM_USER_MEMBERSHIP_EXPIRATION_TIME

See Also:

DefaultSyncConfig.User.getMembershipExpirationTime(), Constant Field Values

PARAM_USER_MEMBERSHIP_NESTING_DEPTH_DEFAULT

public static final int PARAM_USER_MEMBERSHIP_NESTING_DEPTH_DEFAULT

See Also:

DefaultSyncConfig.User.getMembershipNestingDepth(), Constant Field Values

PARAM_USER_MEMBERSHIP_NESTING_DEPTH

@Property(label="User membership nesting depth",
          description="Returns the maximum depth of group nesting when membership relations are synced. A value of 0 effectively disables group membership lookup. A value of 1 only adds the direct groups of a user. This value has no effect when syncing individual groups only when syncing a users membership ancestry.",
          intValue=0)
public static final java.lang.String PARAM_USER_MEMBERSHIP_NESTING_DEPTH

See Also:

DefaultSyncConfig.User.getMembershipNestingDepth(), Constant Field Values

PARAM_USER_DYNAMIC_MEMBERSHIP_DEFAULT

public static final boolean PARAM_USER_DYNAMIC_MEMBERSHIP_DEFAULT

See Also:

DefaultSyncConfig.User.getDynamicMembership(), Constant Field Values

PARAM_USER_DYNAMIC_MEMBERSHIP

@Property(label="User Dynamic Membership",
          description="If enabled membership of external identities (user) is no longer fully reflected within the repositories user management.",
          boolValue=false)
public static final java.lang.String PARAM_USER_DYNAMIC_MEMBERSHIP

Configuration option to enable dynamic group membership. If enabled the implementation will no longer synchronized group accounts into the repository but instead will enable a dedicated principal management: This results in external users having their complete principal set as defined external IDP synchronized to the repository asserting proper population of the Subject upon login. Please note that the external groups are reflected through the built-in principal management and thus can be retrieved for authorization purposes. However, the information is no longer reflected through the Jackrabbit user management API.

See Also:

DefaultSyncConfig.User.getDynamicMembership(), Constant Field Values

PARAM_USER_ENFORCE_DYNAMIC_MEMBERSHIP_DEFAULT

public static final boolean PARAM_USER_ENFORCE_DYNAMIC_MEMBERSHIP_DEFAULT

See Also:

DefaultSyncConfig.User.getEnforceDynamicMembership(), Constant Field Values

PARAM_USER_ENFORCE_DYNAMIC_MEMBERSHIP

@Property(label="User Enforce Dynamic Membership",
          description="If enabled dynamic membership will be enforced for previously synchronized users. Note, that this option has no effect if \'dynamic membership\' is disabled.",
          boolValue=false)
public static final java.lang.String PARAM_USER_ENFORCE_DYNAMIC_MEMBERSHIP

Configuration option to enforce dynamic group membership upon user sync. If enabled the implementation will clean up previous synchronized membership information that is not yet dynamic.

See Also:

DefaultSyncConfig.User.getDynamicMembership(), Constant Field Values

PARAM_DISABLE_MISSING_USERS_DEFAULT

public static final boolean PARAM_DISABLE_MISSING_USERS_DEFAULT

See Also:

DefaultSyncConfig.User.getDisableMissing(), Constant Field Values

PARAM_DISABLE_MISSING_USERS

@Property(label="Disable missing users",
          description="If true, users that no longer exist on the external provider will be locally disabled, and re-enabled if they become valid again. If false (default) they will be removed.",
          boolValue=false)
public static final java.lang.String PARAM_DISABLE_MISSING_USERS

See Also:

DefaultSyncConfig.User.getDisableMissing(), Constant Field Values

PARAM_GROUP_EXPIRATION_TIME_DEFAULT

public static final java.lang.String PARAM_GROUP_EXPIRATION_TIME_DEFAULT

See Also:

DefaultSyncConfig.Authorizable.getExpirationTime(), Constant Field Values

PARAM_GROUP_EXPIRATION_TIME

@Property(label="Group Expiration Time",
          description="Duration until a synced group expires (eg. \'1h 30m\' or \'1d\').",
          value="1d")
public static final java.lang.String PARAM_GROUP_EXPIRATION_TIME

See Also:

DefaultSyncConfig.Authorizable.getExpirationTime(), Constant Field Values

PARAM_GROUP_AUTO_MEMBERSHIP_DEFAULT

public static final java.lang.String[] PARAM_GROUP_AUTO_MEMBERSHIP_DEFAULT

See Also:

DefaultSyncConfig.Authorizable.getAutoMembership()

PARAM_GROUP_AUTO_MEMBERSHIP

@Property(label="Group auto membership",
          description="List of groups that a synced group is added to automatically",
          value={},
          cardinality=2147483647)
public static final java.lang.String PARAM_GROUP_AUTO_MEMBERSHIP

See Also:

DefaultSyncConfig.Authorizable.getAutoMembership(), Constant Field Values

PARAM_GROUP_PROPERTY_MAPPING_DEFAULT

public static final java.lang.String[] PARAM_GROUP_PROPERTY_MAPPING_DEFAULT

See Also:

DefaultSyncConfig.Authorizable.getPropertyMapping()

PARAM_GROUP_PROPERTY_MAPPING

@Property(label="Group property mapping",
          description="List mapping definition of local properties from external ones.",
          value={},
          cardinality=2147483647)
public static final java.lang.String PARAM_GROUP_PROPERTY_MAPPING

See Also:

DefaultSyncConfig.Authorizable.getPropertyMapping(), Constant Field Values

PARAM_GROUP_PATH_PREFIX_DEFAULT

public static final java.lang.String PARAM_GROUP_PATH_PREFIX_DEFAULT

See Also:

DefaultSyncConfig.Authorizable.getPathPrefix(), Constant Field Values

PARAM_GROUP_PATH_PREFIX

@Property(label="Group Path Prefix",
          description="The path prefix used when creating new groups.",
          value="")
public static final java.lang.String PARAM_GROUP_PATH_PREFIX

See Also:

DefaultSyncConfig.Authorizable.getPathPrefix(), Constant Field Values

PARAM_GROUP_DYNAMIC_GROUPS_DEFAULT

public static final boolean PARAM_GROUP_DYNAMIC_GROUPS_DEFAULT

See Also:

DefaultSyncConfig.Group.getDynamicGroups(), Constant Field Values

PARAM_GROUP_DYNAMIC_GROUPS

@Property(label="Dynamic Groups",
          description="If enabled external identity groups are synchronized as dynamic groups i.e. members/membership is resolved dynamically by a DynamicMembershipProvider. Note: currently this option only takes effect if \'User Dynamic Membership\' is enabled.",
          boolValue=false)
public static final java.lang.String PARAM_GROUP_DYNAMIC_GROUPS

See Also:

DefaultSyncConfig.Group.getDynamicGroups(), Constant Field Values

PARAM_ENABLE_RFC7613_USERCASE_MAPPED_PROFILE_DEFAULT

public static final boolean PARAM_ENABLE_RFC7613_USERCASE_MAPPED_PROFILE_DEFAULT

Default value for PARAM_ENABLE_RFC7613_USERCASE_MAPPED_PROFILE

See Also:

Constant Field Values

PARAM_ENABLE_RFC7613_USERCASE_MAPPED_PROFILE

@Property(label="RFC7613 Username Normalization Profile",
          description="Enable the UsercaseMappedProfile defined in RFC7613 for username normalization.",
          boolValue=false)
public static final java.lang.String PARAM_ENABLE_RFC7613_USERCASE_MAPPED_PROFILE

See Also:

DefaultSyncConfig.Authorizable.isApplyRFC7613UsernameCaseMapped(), Constant Field Values

Constructor Detail

DefaultSyncConfigImpl

public DefaultSyncConfigImpl()

Method Detail

of

public static DefaultSyncConfig of(ConfigurationParameters params)

Creates a new LDAP provider configuration based on the properties store in the given parameters.

Parameters:

params - the configuration parameters.

Returns:

the config