private Delegatee(@NotNull SyncHandler handler, @NotNull ExternalIdentityProvider idp, @NotNull ContentSession systemSession, @NotNull SecurityProvider securityProvider, int batchSize) { this.handler = handler; this.idp = idp; this.systemSession = systemSession; this.batchSize = batchSize; root = systemSession.getLatestRoot(); userMgr = securityProvider.getConfiguration(UserConfiguration.class).getUserManager(root, NamePathMapper.DEFAULT); context = handler.createContext(idp, userMgr, new ValueFactoryImpl(root, NamePathMapper.DEFAULT)); log.info("Created delegatee for SyncMBean with session: {} {}", systemSession, systemSession.getAuthInfo().getUserID()); }
@Override public SyncHandler getSyncHandler(@NotNull String name) { for (SyncHandler handler: getServices()) { if (name.equals(handler.getName())) { return handler; } } return null; } }
@NotNull private Iterator<String> internalListOrphanedIdentities() { try { Iterator<SyncedIdentity> it = handler.listIdentities(userMgr); return Iterators.filter(Iterators.transform(it, new Function<SyncedIdentity, String>() { @Nullable @Override public String apply(@Nullable SyncedIdentity syncedIdentity) { if (syncedIdentity != null && isMyIDP(syncedIdentity)) { ExternalIdentityRef ref = syncedIdentity.getExternalIdRef(); try { ExternalIdentity extId = (ref == null) ? null : idp.getIdentity(ref); if (extId == null) { return syncedIdentity.getId(); } } catch (ExternalIdentityException e) { log.error("Error while fetching external identity {}", syncedIdentity, e); } } return null; } }), Predicates.notNull()); } catch (RepositoryException e) { log.error("Error while listing orphaned users", e); return Collections.emptyIterator(); } }
@Nullable private SyncedIdentity getSyncedIdentity(@Nullable String userId) throws RepositoryException { UserManager userMgr = getUserManager(); if (userId != null && userMgr != null) { return syncHandler.findIdentity(userMgr, userId); } else { return null; } }
private boolean ignore(@Nullable SyncedIdentity syncedIdentity, @Nullable PreAuthenticatedLogin preAuthLogin) { if (syncedIdentity != null) { ExternalIdentityRef externalIdRef = syncedIdentity.getExternalIdRef(); if (externalIdRef == null) { debug("ignoring local user: {}", syncedIdentity.getId()); return true; } else if (!idp.getName().equals(externalIdRef.getProviderName())) { debug("ignoring foreign identity: {} (idp={})", externalIdRef.getString(), idp.getName()); return true; } if (preAuthLogin != null && !syncHandler.requiresSync(syncedIdentity)) { debug("pre-authenticated external user {} does not require syncing.", syncedIdentity.toString()); return true; } } return false; }
private AppConfigurationEntry asConfigurationEntry() { return new AppConfigurationEntry( ExternalLoginModule.class.getName(), AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT, ImmutableMap.<String, String>of( SyncHandlerMapping.PARAM_SYNC_HANDLER_NAME, sh.getName(), SyncHandlerMapping.PARAM_IDP_NAME, idp.getName() )); } }
/** * Initiates synchronization of a possible remove user * @param id the user id */ private void validateUser(@NotNull String id) throws SyncException { SyncContext context = null; try { Root root = getRoot(); if (root == null) { throw new SyncException("Cannot synchronize user. root == null"); } UserManager userManager = getUserManager(); if (userManager == null) { throw new SyncException("Cannot synchronize user. userManager == null"); } DebugTimer timer = new DebugTimer(); context = syncHandler.createContext(idp, userManager, new ValueFactoryImpl(root, NamePathMapper.DEFAULT)); context.sync(id); timer.mark("sync"); root.commit(); timer.mark("commit"); debug("validateUser({}) {}", id, timer.getString()); } catch (CommitFailedException e) { throw new SyncException("User synchronization failed during commit.", e); } finally { if (context != null) { context.close(); } } }
@Override protected void runTest() throws Exception { JackrabbitSession s = ((JackrabbitSession) systemLogin()); try { UserManager userManager = s.getUserManager(); Iterator<SyncedIdentity> it = syncHandler.listIdentities(userManager); while (it.hasNext()) { it.next(); } } finally { s.logout(); } } }
throw e; } catch (Exception e) { log.debug("SyncHandler {} throws sync exception for '{}'", syncHandler.getName(), logId, e); LoginException le = new LoginException("Error while syncing user."); le.initCause(e);
try { DebugTimer timer = new DebugTimer(); context = syncHandler.createContext(idp, userManager, new ValueFactoryImpl(root, NamePathMapper.DEFAULT)); SyncResult syncResult = context.sync(user); timer.mark("sync");
/** * @see SynchronizationMBean#syncAllUsers(boolean) */ @NotNull String[] syncAllUsers(boolean purge) { try { List<String> list = new ArrayList<>(); context.setKeepMissing(!purge) .setForceGroupSync(true) .setForceUserSync(true); Iterator<SyncedIdentity> it = handler.listIdentities(userMgr); List<SyncResult> results = new ArrayList<>(batchSize); while (it.hasNext()) { SyncedIdentity id = it.next(); if (isMyIDP(id)) { results = syncUser(id.getId(), false, results, list); } } commit(list, results, NO_BATCH_SIZE); return list.toArray(new String[0]); } catch (RepositoryException e) { throw new IllegalStateException("Error retrieving users for syncing", e); } }
private ExternalSetup(@NotNull ExternalIdentityProvider idp, @NotNull DefaultSyncConfig sc, @NotNull SyncHandler sh, @Nullable String groupId) throws Exception { this.idp = idp; this.sc = sc; this.sh = sh; if (groupId != null) { Group g = userManager.getAuthorizable(groupId, Group.class); if (g != null) { gr = g; } else { gr = userManager.createGroup(groupId); } r.commit(); sc.user().setAutoMembership(gr.getID(), NON_EXISTING_NAME).setExpirationTime(Long.MAX_VALUE); } else { gr = null; } idpRegistration = whiteboard.register(ExternalIdentityProvider.class, idp, Collections.<String, Object>emptyMap()); shRegistration = whiteboard.register(SyncHandler.class, sh, ImmutableMap.of( DefaultSyncConfigImpl.PARAM_NAME, sh.getName(), DefaultSyncConfigImpl.PARAM_USER_DYNAMIC_MEMBERSHIP, sc.user().getDynamicMembership(), DefaultSyncConfigImpl.PARAM_GROUP_AUTO_MEMBERSHIP, sc.user().getAutoMembership())); registerSyncHandlerMapping(context, this); }
private void sync(@NotNull String id, boolean isGroup) throws Exception { ctx = sh.createContext(idp, userManager, valueFactory); ExternalIdentity exIdentity = (isGroup) ? idp.getGroup(id) : idp.getUser(id); assertNotNull(exIdentity); SyncResult res = ctx.sync(exIdentity); assertEquals(idp.getName(), res.getIdentity().getExternalIdRef().getProviderName()); assertSame(SyncResult.Status.ADD, res.getStatus()); r.commit(); }