private ErrorSyncResult(@NotNull String userId, @Nullable String idpName, @NotNull Exception error) { ExternalIdentityRef ref = (idpName != null) ? new ExternalIdentityRef(userId, idpName) : null; this.syncedIdentity = new DefaultSyncedIdentity(userId, ref, false, -1); this.error = error; }
private ErrorSyncResult(@NotNull ExternalIdentityRef ref, @NotNull Exception error) { this.syncedIdentity = new DefaultSyncedIdentity(ref.getId(), ref, false, -1); this.error = error; }
@NotNull private List<SyncResult> syncUser(@NotNull ExternalIdentity id, @NotNull List<SyncResult> results, @NotNull List<String> list) { try { SyncResult r = context.sync(id); if (r.getIdentity() == null) { r = new DefaultSyncResultImpl( new DefaultSyncedIdentity(id.getId(), id.getExternalId(), false, -1), SyncResult.Status.NO_SUCH_IDENTITY ); log.warn("sync failed. {}", r.getIdentity()); } else { log.info("synced {}", r.getIdentity()); } results.add(r); } catch (SyncException e) { log.error(ERROR_SYNC_USER, id, e); results.add(new ErrorSyncResult(id.getExternalId(), e)); } return commit(list, results, batchSize); }
ExternalIdentityRef ref = ExternalIdentityRef.fromString(externalId); if (!idp.getName().equals(ref.getProviderName())) { results.add(new DefaultSyncResultImpl(new DefaultSyncedIdentity(ref.getId(), ref, false, -1), SyncResult.Status.FOREIGN)); } else { try { } else { results.add(new DefaultSyncResultImpl( new DefaultSyncedIdentity("", ref, false, -1), SyncResult.Status.NO_SUCH_IDENTITY ));
/** * Creates a synced identity from the given authorizable. * @param auth the authorizable * @return the id * @throws RepositoryException if an error occurs */ @Nullable public static DefaultSyncedIdentity createSyncedIdentity(@Nullable Authorizable auth) throws RepositoryException { if (auth == null) { return null; } ExternalIdentityRef ref = getIdentityRef(auth); Value[] lmValues = auth.getProperty(REP_LAST_SYNCED); long lastModified = -1; if (lmValues != null && lmValues.length > 0) { lastModified = lmValues[0].getLong(); } return new DefaultSyncedIdentity(auth.getID(), ref, auth.isGroup(), lastModified); }
@NotNull protected DefaultSyncResultImpl syncGroup(@NotNull ExternalGroup external, @NotNull Group group) throws RepositoryException { // make also sure the local user to be synced belongs to the same IDP. Note: 'external' has been verified before. if (!isSameIDP(group)) { return new DefaultSyncResultImpl(new DefaultSyncedIdentity(external.getId(), external.getExternalId(), false, -1), SyncResult.Status.FOREIGN); } SyncResult.Status status; // first check if group is expired if (!forceGroupSync && !isExpired(group)) { status = SyncResult.Status.NOP; } else { syncExternalIdentity(external, group, config.group()); // finally "touch" the sync property group.setProperty(REP_LAST_SYNCED, nowValue); status = SyncResult.Status.UPDATE; } return new DefaultSyncResultImpl(createSyncedIdentity(group), status); }
@NotNull @Override public SyncResult sync(@NotNull ExternalIdentity identity) throws SyncException { if (identity instanceof ExternalUser) { return super.sync(identity); } else if (identity instanceof ExternalGroup) { try { Group group = getAuthorizable(identity, Group.class); if (group != null) { // group has been synchronized before -> continue updating for consistency. return syncGroup((ExternalGroup) identity, group); } else { // external group has never been synchronized before: // don't sync external groups into the repository internal user management // but limit synchronized information to group-principals stored // separately with each external user such that the subject gets // properly populated upon login ExternalIdentityRef ref = identity.getExternalId(); log.debug("ExternalGroup {}: Not synchronized as authorizable Group into the repository.", ref.getString()); SyncResult.Status status = (isSameIDP(ref)) ? SyncResult.Status.NOP : SyncResult.Status.FOREIGN; return new DefaultSyncResultImpl(new DefaultSyncedIdentity(identity.getId(), ref, true, -1), status); } } catch (RepositoryException e) { throw new SyncException(e); } } else { throw new IllegalArgumentException("identity must be user or group but was: " + identity); } }
@Test public void testGetIdentity() { List<DefaultSyncedIdentity> l = new ArrayList<>(); l.add(new DefaultSyncedIdentity("id", null, true, -1)); l.add(new DefaultSyncedIdentity("id", new ExternalIdentityRef("id", "idp"), false, 500)); for (DefaultSyncedIdentity si : l) { assertEquals(si, new DefaultSyncResultImpl(si, SyncResult.Status.NOP).getIdentity()); } }
return new DefaultSyncResultImpl(new DefaultSyncedIdentity(id, null, false, -1), SyncResult.Status.NO_SUCH_AUTHORIZABLE); return new DefaultSyncResultImpl(new DefaultSyncedIdentity(id, ref, auth.isGroup(), -1), SyncResult.Status.FOREIGN);
@Test public void testRequiresSyncMissingExternalIDRef() { assertTrue(syncHandler.requiresSync(new DefaultSyncedIdentity(USER_ID, null, false, Long.MAX_VALUE))); }
@Before public void before() throws Exception { externalUser = idp.getUser(TestIdentityProvider.ID_TEST_USER); assertNotNull(externalUser); si = new DefaultSyncedIdentity(externalUser.getId(), externalUser.getExternalId(), false, 234); externalGroup = idp.listGroups().next(); siGroup = new DefaultSyncedIdentity(externalGroup.getId(), externalGroup.getExternalId(), true, 234); }
return new DefaultSyncResultImpl(new DefaultSyncedIdentity(identity.getId(), ref, isGroup, -1), SyncResult.Status.FOREIGN);
@NotNull protected DefaultSyncResultImpl syncUser(@NotNull ExternalUser external, @NotNull User user) throws RepositoryException { // make also sure the local user to be synced belongs to the same IDP. Note: 'external' has been verified before. if (!isSameIDP(user)) { return new DefaultSyncResultImpl(new DefaultSyncedIdentity(external.getId(), external.getExternalId(), false, -1), SyncResult.Status.FOREIGN); } SyncResult.Status status; // check if user is expired if (!forceUserSync && !isExpired(user)) { status = SyncResult.Status.NOP; } else { syncExternalIdentity(external, user, config.user()); if (isExpired(user, config.user().getMembershipExpirationTime(), "Membership")) { // synchronize external memberships syncMembership(external, user, config.user().getMembershipNestingDepth()); } if (this.config.user().getDisableMissing() && user.isDisabled()) { status = SyncResult.Status.ENABLE; user.disable(null); } else { status = SyncResult.Status.UPDATE; } // finally "touch" the sync property user.setProperty(REP_LAST_SYNCED, nowValue); } return new DefaultSyncResultImpl(createSyncedIdentity(user), status); }
@Test public void testRequiresSyncNotYetSynced() throws Exception { assertTrue(syncHandler.requiresSync(new DefaultSyncedIdentity(USER_ID, idp.getUser(USER_ID).getExternalId(), false, Long.MIN_VALUE))); }
@Test public void testLastSynced() { assertEquals(234, si.lastSynced()); assertEquals(234, siGroup.lastSynced()); SyncedIdentity siNeverSynced = new DefaultSyncedIdentity(TestIdentityProvider.ID_TEST_USER, externalUser.getExternalId(), false, -1); assertEquals(-1, siNeverSynced.lastSynced()); } }
@Test public void testGetExternalIdRef() { assertEquals(externalUser.getExternalId(), si.getExternalIdRef()); assertEquals(externalGroup.getExternalId(), siGroup.getExternalIdRef()); SyncedIdentity siNullExtRef = new DefaultSyncedIdentity(TestIdentityProvider.ID_TEST_USER, null, false, 234); assertNull(siNullExtRef.getExternalIdRef()); }
@Test public void testGetId() { assertEquals(externalUser.getId(), si.getId()); assertEquals(externalGroup.getId(), siGroup.getId()); SyncedIdentity siOtherId = new DefaultSyncedIdentity("otherId", externalUser.getExternalId(), false, -1); assertEquals("otherId", siOtherId.getId()); }