public class DynamicSyncContext extends DefaultSyncContext
DefaultSyncContext
that doesn't synchronize group
membership of new external users into the user management of the repository.
Instead it will only synchronize the principal names up to the configured depths.
In combination with the a dedicated PrincipalConfiguration
this allows
to benefit from the repository's authorization model (which is solely
based on principals) i.e. full compatibility with the default approach without
the complication of synchronizing user management information into the repository,
when user management is effectively take care of by the third party system.
With the DefaultSyncHandler
this feature can be turned on using
DefaultSyncConfig.User.setDynamicMembership(boolean)
Note: users and groups that have been synchronized before the dynamic membership
feature has been enabled will continue to be synchronized in the default way
and this context doesn't take effect.config, forceGroupSync, forceUserSync, idp, keepMissing, now, nowValue, REP_EXTERNAL_ID, REP_LAST_SYNCED, userManager, valueFactory
Constructor and Description |
---|
DynamicSyncContext(@NotNull DefaultSyncConfig config,
@NotNull ExternalIdentityProvider idp,
@NotNull UserManager userManager,
@NotNull ValueFactory valueFactory) |
Modifier and Type | Method and Description |
---|---|
protected void |
applyMembership(@NotNull Authorizable member,
@NotNull java.util.Set<java.lang.String> groups)
Ensures that the given authorizable is member of the specific groups.
|
boolean |
convertToDynamicMembership(@NotNull Authorizable authorizable) |
@NotNull SyncResult |
sync(@NotNull ExternalIdentity identity)
Synchronizes an external identity with the repository based on the respective configuration.
|
protected void |
syncMembership(@NotNull ExternalIdentity external,
@NotNull Authorizable auth,
long depth)
Recursively sync the memberships of an authorizable up-to the specified depth.
|
close, createGroup, createSyncedIdentity, createUser, createValue, createValues, getAuthorizable, getIdentityRef, isExpired, isForceGroupSync, isForceUserSync, isKeepMissing, isSameIDP, isSameIDP, joinPaths, setForceGroupSync, setForceUserSync, setKeepMissing, sync, syncGroup, syncProperties, syncUser
public DynamicSyncContext(@NotNull @NotNull DefaultSyncConfig config, @NotNull @NotNull ExternalIdentityProvider idp, @NotNull @NotNull UserManager userManager, @NotNull @NotNull ValueFactory valueFactory)
public boolean convertToDynamicMembership(@NotNull @NotNull Authorizable authorizable) throws RepositoryException
RepositoryException
@NotNull public @NotNull SyncResult sync(@NotNull @NotNull ExternalIdentity identity) throws SyncException
DefaultSyncContext
sync
in interface SyncContext
sync
in class DefaultSyncContext
identity
- the identity to sync.SyncException
- if an error occursprotected void syncMembership(@NotNull @NotNull ExternalIdentity external, @NotNull @NotNull Authorizable auth, long depth) throws RepositoryException
DefaultSyncContext
syncMembership
in class DefaultSyncContext
external
- the external identityauth
- the authorizabledepth
- recursion depth.RepositoryException
- If a user management specific error occurs upon synchronizing membershipprotected void applyMembership(@NotNull @NotNull Authorizable member, @NotNull @NotNull java.util.Set<java.lang.String> groups) throws RepositoryException
DefaultSyncContext
applyMembership
in class DefaultSyncContext
member
- the authorizablegroups
- set of groups.RepositoryException
Copyright © 2012–2022 The Apache Software Foundation. All rights reserved.