void close() { if (context != null) { context.close(); context = null; } close(systemSession); }
private List<SyncResult> syncUser(@NotNull String userId, boolean includeIdpName, @NotNull List<SyncResult> results, @NotNull List<String> list) { try { results.add(context.sync(userId)); } catch (SyncException e) { log.warn(ERROR_SYNC_USER, userId, e); results.add(new ErrorSyncResult(userId, ((includeIdpName) ? idp.getName() : null), e)); } return commit(list, results, batchSize); }
/** * @see SynchronizationMBean#syncUsers(String[], boolean) */ @NotNull String[] syncUsers(@NotNull String[] userIds, boolean purge) { context.setKeepMissing(!purge) .setForceGroupSync(true) .setForceUserSync(true); List<String> list = new ArrayList<>(); List<SyncResult> results = new ArrayList<>(batchSize); for (String userId : userIds) { results = syncUser(userId, false, results, list); } commit(list, results, NO_BATCH_SIZE); return list.toArray(new String[0]); }
/** * @see SynchronizationMBean#syncAllExternalUsers() */ @NotNull String[] syncAllExternalUsers() { List<String> list = new ArrayList<>(); context.setForceGroupSync(true).setForceUserSync(true); try { List<SyncResult> results = new ArrayList<>(batchSize); Iterator<ExternalUser> it = idp.listUsers(); while (it.hasNext()) { ExternalUser user = it.next(); results = syncUser(user, results, list); } commit(list, results, NO_BATCH_SIZE); return list.toArray(new String[0]); } catch (ExternalIdentityException e) { throw new SyncRuntimeException("Unable to retrieve external users", e); } }
@Test public void testSyncExternalGroupExisting() throws Exception { // create an external external group that already has been synced into the repo ExternalGroup externalGroup = idp.listGroups().next(); SyncContext ctx = new DefaultSyncContext(syncConfig, idp, userManager, valueFactory); ctx.sync(externalGroup); ctx.close(); // synchronizing using DynamicSyncContext must update the existing group syncContext.setForceGroupSync(true); SyncResult result = syncContext.sync(externalGroup); assertSame(SyncResult.Status.UPDATE, result.getStatus()); }
/** * @see SynchronizationMBean#purgeOrphanedUsers() */ @NotNull String[] purgeOrphanedUsers() { context.setKeepMissing(false); List<String> list = new ArrayList<>(); Iterator<String> orphanedIdentities = internalListOrphanedIdentities(); List<SyncResult> results = new ArrayList<>(batchSize); while (orphanedIdentities.hasNext()) { String userId = orphanedIdentities.next(); results = syncUser(userId, true, results, list); } commit(list, results, NO_BATCH_SIZE); return list.toArray(new String[0]); }
/** * Initiates synchronization of a possible remove user * @param id the user id */ private void validateUser(@NotNull String id) throws SyncException { SyncContext context = null; try { Root root = getRoot(); if (root == null) { throw new SyncException("Cannot synchronize user. root == null"); } UserManager userManager = getUserManager(); if (userManager == null) { throw new SyncException("Cannot synchronize user. userManager == null"); } DebugTimer timer = new DebugTimer(); context = syncHandler.createContext(idp, userManager, new ValueFactoryImpl(root, NamePathMapper.DEFAULT)); context.sync(id); timer.mark("sync"); root.commit(); timer.mark("commit"); debug("validateUser({}) {}", id, timer.getString()); } catch (CommitFailedException e) { throw new SyncException("User synchronization failed during commit.", e); } finally { if (context != null) { context.close(); } } }
String[] syncExternalUsers(@NotNull String[] externalIds) { List<String> list = new ArrayList<>(); context.setForceGroupSync(true).setForceUserSync(true);
@Override public void before() throws Exception { super.before(); // sync external users into the system using the 2 different sync-context implementations Root systemRoot = getSystemRoot(); SyncContext syncContext = new DynamicSyncContext(syncConfig, idp, getUserManager(systemRoot), getValueFactory(systemRoot)); syncContext.sync(idp.getUser(USER_ID)); syncContext.close(); syncContext = new DefaultSyncContext(syncConfig, idp, getUserManager(systemRoot), getValueFactory(systemRoot)); syncContext.sync(idp.getUser(TestIdentityProvider.ID_SECOND_USER)); syncContext.close(); systemRoot.commit(); root.refresh(); principalProvider = createPrincipalProvider(); }
@NotNull private List<SyncResult> syncUser(@NotNull ExternalIdentity id, @NotNull List<SyncResult> results, @NotNull List<String> list) { try { SyncResult r = context.sync(id); if (r.getIdentity() == null) { r = new DefaultSyncResultImpl( new DefaultSyncedIdentity(id.getId(), id.getExternalId(), false, -1), SyncResult.Status.NO_SUCH_IDENTITY ); log.warn("sync failed. {}", r.getIdentity()); } else { log.info("synced {}", r.getIdentity()); } results.add(r); } catch (SyncException e) { log.error(ERROR_SYNC_USER, id, e); results.add(new ErrorSyncResult(id.getExternalId(), e)); } return commit(list, results, batchSize); }
/** * @see SynchronizationMBean#syncAllUsers(boolean) */ @NotNull String[] syncAllUsers(boolean purge) { try { List<String> list = new ArrayList<>(); context.setKeepMissing(!purge) .setForceGroupSync(true) .setForceUserSync(true); Iterator<SyncedIdentity> it = handler.listIdentities(userMgr); List<SyncResult> results = new ArrayList<>(batchSize); while (it.hasNext()) { SyncedIdentity id = it.next(); if (isMyIDP(id)) { results = syncUser(id.getId(), false, results, list); } } commit(list, results, NO_BATCH_SIZE); return list.toArray(new String[0]); } catch (RepositoryException e) { throw new IllegalStateException("Error retrieving users for syncing", e); } }
private void close() { if (ctx != null) { ctx.close(); } if (idpRegistration != null) { idpRegistration.unregister(); } if (shRegistration != null) { shRegistration.unregister(); } }
SyncResult sync(@NotNull ExternalIdentity externalIdentity, @NotNull ExternalIdentityProvider idp) throws Exception { SyncContext ctx = new DefaultSyncContext(syncConfig, idp, getUserManager(root), getValueFactory(root)); SyncResult res = ctx.sync(externalIdentity); root.commit(); return res; }
@Test public void testSyncMembershipForExternalGroup() throws Exception { ExternalGroup externalGroup = idp.getGroup("a"); // a group that has declaredGroups SyncContext ctx = new DefaultSyncContext(syncConfig, idp, userManager, valueFactory); ctx.sync(externalGroup); ctx.close(); r.commit(); Authorizable gr = userManager.getAuthorizable(externalGroup.getId()); syncContext.syncMembership(externalGroup, gr, 1); assertFalse(gr.hasProperty(ExternalIdentityConstants.REP_EXTERNAL_PRINCIPAL_NAMES)); assertFalse(r.hasPendingChanges()); }
private void sync(@NotNull String id, boolean isGroup) throws Exception { SyncContext ctx = syncHandler.createContext(idp, userManager, getValueFactory()); ExternalIdentity exIdentity = (isGroup) ? idp.getGroup(id) : idp.getUser(id); assertNotNull(exIdentity); SyncResult res = ctx.sync(exIdentity); assertSame(SyncResult.Status.ADD, res.getStatus()); root.commit(); }
private void sync(@NotNull String id, boolean isGroup) throws Exception { ctx = sh.createContext(idp, userManager, valueFactory); ExternalIdentity exIdentity = (isGroup) ? idp.getGroup(id) : idp.getUser(id); assertNotNull(exIdentity); SyncResult res = ctx.sync(exIdentity); assertEquals(idp.getName(), res.getIdentity().getExternalIdRef().getProviderName()); assertSame(SyncResult.Status.ADD, res.getStatus()); r.commit(); }
@Test public void testForeign() throws Exception { // sync foreign user into the repository // NOTE: that should be considered a bug by the tool that does the sync // as it uses an IDP that is not configured with the login-chain! ExternalIdentityProvider foreign = new TestIdentityProvider("foreign"); SyncContext syncContext = new DefaultSyncContext(syncConfig, foreign, getUserManager(root), getValueFactory(root)); SyncResult result = syncContext.sync(foreign.getUser(TestIdentityProvider.ID_TEST_USER)); long lastSynced = result.getIdentity().lastSynced(); root.commit(); PreAuthCredentials creds = new PreAuthCredentials(TestIdentityProvider.ID_TEST_USER); ContentSession cs = null; try { // login should succeed due the fact that the _LoginModuleImpl_ succeeds for // an existing authorizable if _pre_auth_ is enabled. cs = login(creds); assertEquals(PreAuthCredentials.PRE_AUTH_DONE, creds.getMessage()); // foreign user _must_ not have been touched by the _ExternalLoginModule_ root.refresh(); User u = getUserManager(root).getAuthorizable(TestIdentityProvider.ID_TEST_USER, User.class); assertNotNull(u); assertEquals(lastSynced, DefaultSyncContext.createSyncedIdentity(u).lastSynced()); } finally { if (cs != null) { cs.close(); } } }
@Test public void testExistingExternalNoSync() throws Exception { // prevent expiration of the user syncConfig.user().setExpirationTime(Long.MAX_VALUE); // sync user upfront SyncContext syncContext = new DefaultSyncContext(syncConfig, idp, getUserManager(root), getValueFactory(root)); SyncResult result = syncContext.sync(idp.getUser(TestIdentityProvider.ID_TEST_USER)); long lastSynced = result.getIdentity().lastSynced(); root.commit(); PreAuthCredentials creds = new PreAuthCredentials(TestIdentityProvider.ID_TEST_USER); ContentSession cs = null; try { cs = login(creds); assertEquals(PreAuthCredentials.PRE_AUTH_DONE, creds.getMessage()); assertEquals(TestIdentityProvider.ID_TEST_USER, cs.getAuthInfo().getUserID()); root.refresh(); User u = getUserManager(root).getAuthorizable(TestIdentityProvider.ID_TEST_USER, User.class); assertNotNull(u); // user _should_ not have been re-synced assertEquals(lastSynced, DefaultSyncContext.createSyncedIdentity(u).lastSynced()); } finally { if (cs != null) { cs.close(); } } }
@Test public void testExistingExternalReSync() throws Exception { // sync user upfront UserManager uMgr = getUserManager(root); SyncContext syncContext = new DefaultSyncContext(syncConfig, idp, uMgr, getValueFactory(root)); SyncResult result = syncContext.sync(idp.getUser(TestIdentityProvider.ID_TEST_USER)); long lastSynced = result.getIdentity().lastSynced(); root.commit(); PreAuthCredentials creds = new PreAuthCredentials(TestIdentityProvider.ID_TEST_USER); ContentSession cs = null; try { // wait until the synced user is expired waitUntilExpired(uMgr.getAuthorizable(TestIdentityProvider.ID_TEST_USER, User.class), root, syncConfig.user().getExpirationTime()); cs = login(creds); assertEquals(PreAuthCredentials.PRE_AUTH_DONE, creds.getMessage()); assertEquals(TestIdentityProvider.ID_TEST_USER, cs.getAuthInfo().getUserID()); root.refresh(); User u = getUserManager(root).getAuthorizable(TestIdentityProvider.ID_TEST_USER, User.class); assertNotNull(u); // user _should_ be re-synced assertFalse(lastSynced == DefaultSyncContext.createSyncedIdentity(u).lastSynced()); } finally { if (cs != null) { cs.close(); } } }