Class DynamicSyncContext
- java.lang.Object
-
- org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncContext
-
- org.apache.jackrabbit.oak.spi.security.authentication.external.impl.DynamicSyncContext
-
- All Implemented Interfaces:
SyncContext
public class DynamicSyncContext extends DefaultSyncContext
Extension of theDefaultSyncContext
that doesn't synchronize group membership of new external users into the user management of the repository. Instead it will only synchronize the principal names up to the configured depths. In combination with the a dedicatedPrincipalConfiguration
this allows to benefit from the repository's authorization model (which is solely based on principals) i.e. full compatibility with the default approach without the complication of synchronizing user management information into the repository, when user management is effectively take care of by the third party system. With theDefaultSyncHandler
this feature can be turned on usingDefaultSyncConfig.User.setDynamicMembership(boolean)
Note: users and groups that have been synchronized before the dynamic membership feature has been enabled will continue to be synchronized in the default way and this context doesn't take effect.- Since:
- Oak 1.5.3
-
-
Field Summary
-
Fields inherited from class org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncContext
config, forceGroupSync, forceUserSync, idp, keepMissing, now, nowValue, REP_EXTERNAL_ID, REP_LAST_SYNCED, userManager, valueFactory
-
-
Constructor Summary
Constructors Constructor Description DynamicSyncContext(@NotNull DefaultSyncConfig config, @NotNull ExternalIdentityProvider idp, @NotNull UserManager userManager, @NotNull ValueFactory valueFactory)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected void
applyMembership(@NotNull Authorizable member, @NotNull Set<String> groups)
Ensures that the given authorizable is member of the specific groups.boolean
convertToDynamicMembership(@NotNull Authorizable authorizable)
@NotNull SyncResult
sync(@NotNull ExternalIdentity identity)
Synchronizes an external identity with the repository based on the respective configuration.protected void
syncMembership(@NotNull ExternalIdentity external, @NotNull Authorizable auth, long depth)
Recursively sync the memberships of an authorizable up-to the specified depth.-
Methods inherited from class org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncContext
close, createGroup, createSyncedIdentity, createUser, createValue, createValues, getAuthorizable, getExternalGroupFromRef, getIdentityRef, isExpired, isForceGroupSync, isForceUserSync, isKeepMissing, isSameIDP, isSameIDP, joinPaths, setForceGroupSync, setForceUserSync, setKeepMissing, sync, syncGroup, syncProperties, syncUser, warnForeign, warnForeignExisting
-
-
-
-
Constructor Detail
-
DynamicSyncContext
public DynamicSyncContext(@NotNull @NotNull DefaultSyncConfig config, @NotNull @NotNull ExternalIdentityProvider idp, @NotNull @NotNull UserManager userManager, @NotNull @NotNull ValueFactory valueFactory)
-
-
Method Detail
-
convertToDynamicMembership
public boolean convertToDynamicMembership(@NotNull @NotNull Authorizable authorizable) throws RepositoryException
- Throws:
RepositoryException
-
sync
@NotNull public @NotNull SyncResult sync(@NotNull @NotNull ExternalIdentity identity) throws SyncException
Description copied from class:DefaultSyncContext
Synchronizes an external identity with the repository based on the respective configuration.- Specified by:
sync
in interfaceSyncContext
- Overrides:
sync
in classDefaultSyncContext
- Parameters:
identity
- the identity to sync.- Returns:
- the result of the operation
- Throws:
SyncException
- if an error occurs
-
syncMembership
protected void syncMembership(@NotNull @NotNull ExternalIdentity external, @NotNull @NotNull Authorizable auth, long depth) throws RepositoryException
Description copied from class:DefaultSyncContext
Recursively sync the memberships of an authorizable up-to the specified depth. If the given depth is equal or less than 0, no syncing is performed.- Overrides:
syncMembership
in classDefaultSyncContext
- Parameters:
external
- the external identityauth
- the authorizabledepth
- recursion depth.- Throws:
RepositoryException
- If a user management specific error occurs upon synchronizing membership
-
applyMembership
protected void applyMembership(@NotNull @NotNull Authorizable member, @NotNull @NotNull Set<String> groups) throws RepositoryException
Description copied from class:DefaultSyncContext
Ensures that the given authorizable is member of the specific groups. Note that it does not create groups if missing, nor remove memberships of groups not in the given set.- Overrides:
applyMembership
in classDefaultSyncContext
- Parameters:
member
- the authorizablegroups
- set of groups.- Throws:
RepositoryException
-
-