/** * Sets the {@link #REP_EXTERNAL_ID} as obtained from {@code externalIdentity} * to the specified {@code authorizable} (user or group). The property is * a single value of type {@link javax.jcr.PropertyType#STRING STRING}. * * @param authorizable The user or group that needs to get the {@link #REP_EXTERNAL_ID} property set. * @param externalIdentity The {@link ExternalIdentity} from which to retrieve the value of the property. * @throws RepositoryException If setting the property using {@link Authorizable#setProperty(String, Value)} fails. */ private void setExternalId(@NotNull Authorizable authorizable, @NotNull ExternalIdentity externalIdentity) throws RepositoryException { log.debug("Fallback: setting rep:externalId without adding the corresponding mixin type"); authorizable.setProperty(REP_EXTERNAL_ID, valueFactory.createValue(externalIdentity.getExternalId().getString())); }
@NotNull private List<SyncResult> syncUser(@NotNull ExternalIdentity id, @NotNull List<SyncResult> results, @NotNull List<String> list) { try { SyncResult r = context.sync(id); if (r.getIdentity() == null) { r = new DefaultSyncResultImpl( new DefaultSyncedIdentity(id.getId(), id.getExternalId(), false, -1), SyncResult.Status.NO_SUCH_IDENTITY ); log.warn("sync failed. {}", r.getIdentity()); } else { log.info("synced {}", r.getIdentity()); } results.add(r); } catch (SyncException e) { log.error(ERROR_SYNC_USER, id, e); results.add(new ErrorSyncResult(id.getExternalId(), e)); } return commit(list, results, batchSize); }
public TestIdentity(@NotNull ExternalIdentity base) { userId = base.getId(); principalName = base.getPrincipalName(); id = base.getExternalId(); }
@NotNull @Override public SyncResult sync(@NotNull ExternalIdentity identity) throws SyncException { if (identity instanceof ExternalUser) { return super.sync(identity); } else if (identity instanceof ExternalGroup) { try { Group group = getAuthorizable(identity, Group.class); if (group != null) { // group has been synchronized before -> continue updating for consistency. return syncGroup((ExternalGroup) identity, group); } else { // external group has never been synchronized before: // don't sync external groups into the repository internal user management // but limit synchronized information to group-principals stored // separately with each external user such that the subject gets // properly populated upon login ExternalIdentityRef ref = identity.getExternalId(); log.debug("ExternalGroup {}: Not synchronized as authorizable Group into the repository.", ref.getString()); SyncResult.Status status = (isSameIDP(ref)) ? SyncResult.Status.NOP : SyncResult.Status.FOREIGN; return new DefaultSyncResultImpl(new DefaultSyncedIdentity(identity.getId(), ref, true, -1), status); } } catch (RepositoryException e) { throw new SyncException(e); } } else { throw new IllegalArgumentException("identity must be user or group but was: " + identity); } }
log.debug("Syncing membership '{}' -> '{}'", external.getExternalId().getString(), auth.getID());
static void assertSync(@NotNull ExternalIdentity ei, @NotNull UserManager userManager) throws Exception { Authorizable authorizable; if (ei instanceof ExternalUser) { authorizable = userManager.getAuthorizable(ei.getId(), User.class); } else { authorizable = userManager.getAuthorizable(ei.getId(), Group.class); } assertNotNull(ei.getId(), authorizable); assertEquals(ei.getId(), authorizable.getID()); assertEquals(ei.getExternalId(), ExternalIdentityRef.fromString(authorizable.getProperty(DefaultSyncContext.REP_EXTERNAL_ID)[0].getString())); }
@Test public void testGetIdentityRefSyncGroup() throws Exception { ExternalIdentity externalGroup = idp.listGroups().next(); sync(externalGroup); ExternalIdentityRef ref = DefaultSyncContext.getIdentityRef(userManager.getAuthorizable(externalGroup.getId())); assertNotNull(ref); assertEquals(externalGroup.getExternalId(), ref); }
@Override public SyncResult sync(@NotNull ExternalIdentity identity) throws SyncException { ExternalIdentityRef ref = identity.getExternalId(); if (!isSameIDP(ref)) {
@Test public void testGetIdentityRefSyncUser() throws Exception { ExternalIdentity externalUser = idp.listUsers().next(); sync(externalUser); ExternalIdentityRef ref = DefaultSyncContext.getIdentityRef(userManager.getAuthorizable(externalUser.getId())); assertNotNull(ref); assertEquals(externalUser.getExternalId(), ref); }
@Test public void testSyncUserByIdUpdate() throws Exception { ExternalIdentity externalId = idp.listUsers().next(); Authorizable a = userManager.createUser(externalId.getId(), null); a.setProperty(DefaultSyncContext.REP_EXTERNAL_ID, valueFactory.createValue(externalId.getExternalId().getString())); syncContext.setForceUserSync(true); SyncResult result = syncContext.sync(externalId.getId()); assertEquals(SyncResult.Status.UPDATE, result.getStatus()); Tree t = r.getTree(a.getPath()); assertTrue(t.hasProperty(ExternalIdentityConstants.REP_EXTERNAL_PRINCIPAL_NAMES)); }
@Test public void testSyncMembershipGroupIsExternalUser() throws Exception { // sync the 'wrong' external group into the repository ExternalIdentity externalIdentity = idp.listUsers().next(); sync(externalIdentity); // create external user with an synced-ext-user as declared group ExternalUser withWrongDeclaredGroup = new ExternalUserWithDeclaredGroup(externalIdentity.getExternalId()); try { Authorizable a = syncCtx.createUser(withWrongDeclaredGroup); root.commit(); syncCtx.syncMembership(withWrongDeclaredGroup, a, 1); assertFalse(root.hasPendingChanges()); } finally { Authorizable a = userManager.getAuthorizable(withWrongDeclaredGroup.getId()); if (a != null) { a.remove(); root.commit(); } } }
@Test public void testSyncForeignExternalUser() throws Exception { ExternalIdentity foreign = new TestIdentityProvider.ForeignExternalUser(); SyncResult res = syncCtx.sync(foreign); assertNotNull(res); assertSame(SyncResult.Status.FOREIGN, res.getStatus()); // expect {@code SyncedIdentity} in accordance with {@code sync(String userId)}, // where the authorizable is found to be linked to a different IDP. SyncedIdentity si = res.getIdentity(); assertNotNull(si); assertEquals(foreign.getId(), si.getId()); ExternalIdentityRef ref = si.getExternalIdRef(); assertNotNull(ref); assertEquals(foreign.getExternalId(), ref); assertFalse(si.isGroup()); assertEquals(-1, si.lastSynced()); assertFalse(root.hasPendingChanges()); }
@Test public void testSyncForeignExternalGroup() throws Exception { ExternalIdentity foreign = new TestIdentityProvider.ForeignExternalGroup(); SyncResult res = syncCtx.sync(foreign); assertNotNull(res); assertSame(SyncResult.Status.FOREIGN, res.getStatus()); // expect {@code SyncedIdentity} in accordance with {@code sync(String userId)}, // where the authorizable is found to be linked to a different IDP. SyncedIdentity si = res.getIdentity(); assertNotNull(si); assertEquals(foreign.getId(), si.getId()); ExternalIdentityRef ref = si.getExternalIdRef(); assertNotNull(ref); assertEquals(foreign.getExternalId(), ref); assertTrue(si.isGroup()); assertEquals(-1, si.lastSynced()); assertFalse(root.hasPendingChanges()); }