You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2016/03/15 15:32:23 UTC
svn commit: r1735081 -
/jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/DefaultSyncContext.java
Author: angela
Date: Tue Mar 15 14:32:21 2016
New Revision: 1735081
URL: http://svn.apache.org/viewvc?rev=1735081&view=rev
Log:
OAK-3563 : Improve DefaultSyncContext
Modified:
jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/DefaultSyncContext.java
Modified: jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/DefaultSyncContext.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/DefaultSyncContext.java?rev=1735081&r1=1735080&r2=1735081&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/DefaultSyncContext.java (original)
+++ jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/DefaultSyncContext.java Tue Mar 15 14:32:21 2016
@@ -281,41 +281,19 @@ public class DefaultSyncContext implemen
}
if (auth.isGroup()) {
- Group group = (Group) auth;
ExternalGroup external = idp.getGroup(id);
timer.mark("retrieve");
if (external == null) {
- DefaultSyncedIdentity syncId = DefaultSyncContext.createSyncedIdentity(auth);
- if (group.getDeclaredMembers().hasNext()) {
- log.info("won't remove local group with members: {}", id);
- ret = new DefaultSyncResultImpl(syncId, SyncResult.Status.NOP);
- } else if (!keepMissing) {
- auth.remove();
- log.debug("removing authorizable '{}' that no longer exists on IDP {}", id, idp.getName());
- timer.mark("remove");
- ret = new DefaultSyncResultImpl(syncId, SyncResult.Status.DELETE);
- } else {
- ret = new DefaultSyncResultImpl(syncId, SyncResult.Status.MISSING);
- log.info("external identity missing for {}, but purge == false.", id);
- }
+ ret = handleMissingIdentity(id, auth, timer);
} else {
- ret = syncGroup(external, group);
+ ret = syncGroup(external, (Group) auth);
timer.mark("sync");
}
} else {
ExternalUser external = idp.getUser(id);
timer.mark("retrieve");
if (external == null) {
- DefaultSyncedIdentity syncId = DefaultSyncContext.createSyncedIdentity(auth);
- if (!keepMissing) {
- auth.remove();
- log.debug("removing authorizable '{}' that no longer exists on IDP {}", id, idp.getName());
- timer.mark("remove");
- ret = new DefaultSyncResultImpl(syncId, SyncResult.Status.DELETE);
- } else {
- ret = new DefaultSyncResultImpl(syncId, SyncResult.Status.MISSING);
- log.info("external identity missing for {}, but purge == false.", id);
- }
+ ret = handleMissingIdentity(id, auth, timer);
} else {
ret = syncUser(external, (User) auth);
timer.mark("sync");
@@ -332,6 +310,26 @@ public class DefaultSyncContext implemen
}
}
+ private DefaultSyncResultImpl handleMissingIdentity(@Nonnull String id,
+ @Nonnull Authorizable authorizable,
+ @Nonnull DebugTimer timer) throws RepositoryException {
+ DefaultSyncedIdentity syncId = DefaultSyncContext.createSyncedIdentity(authorizable);
+ SyncResult.Status status;
+ if (authorizable.isGroup() && ((Group) authorizable).getDeclaredMembers().hasNext()) {
+ log.info("won't remove local group with members: {}", id);
+ status = SyncResult.Status.NOP;
+ } else if (!keepMissing) {
+ authorizable.remove();
+ log.debug("removing authorizable '{}' that no longer exists on IDP {}", id, idp.getName());
+ timer.mark("remove");
+ status = SyncResult.Status.DELETE;
+ } else {
+ status = SyncResult.Status.MISSING;
+ log.info("external identity missing for {}, but purge == false.", id);
+ }
+ return new DefaultSyncResultImpl(syncId, status);
+ }
+
/**
* Retrieves the repository authorizable that corresponds to the given external identity
* @param external the external identity
@@ -401,47 +399,53 @@ public class DefaultSyncContext implemen
@Nonnull
protected DefaultSyncResultImpl syncUser(@Nonnull ExternalUser external, @Nonnull User user) throws RepositoryException {
+ SyncResult.Status status;
// first check if user is expired
- if (!forceUserSync && !isExpired(user, config.user().getExpirationTime(), "Properties")) {
- DefaultSyncedIdentity syncId = DefaultSyncContext.createSyncedIdentity(user);
- return new DefaultSyncResultImpl(syncId, SyncResult.Status.NOP);
- }
-
- // synchronize the properties
- syncProperties(external, user, config.user().getPropertyMapping());
-
- // synchronize auto-group membership
- applyMembership(user, config.user().getAutoMembership());
-
- if (isExpired(user, config.user().getMembershipExpirationTime(), "Membership")) {
- // synchronize external memberships
- syncMembership(external, user, config.user().getMembershipNestingDepth());
+ if (!forceUserSync && !isExpired(user)) {
+ status = SyncResult.Status.NOP;
+ } else {
+ syncExternalIdentity(external, user, config.user());
+ if (isExpired(user, config.user().getMembershipExpirationTime(), "Membership")) {
+ // synchronize external memberships
+ syncMembership(external, user, config.user().getMembershipNestingDepth());
+ }
+ // finally "touch" the sync property
+ user.setProperty(REP_LAST_SYNCED, nowValue);
+ status = SyncResult.Status.UPDATE;
}
-
- // finally "touch" the sync property
- user.setProperty(REP_LAST_SYNCED, nowValue);
- DefaultSyncedIdentity syncId = DefaultSyncContext.createSyncedIdentity(user);
- return new DefaultSyncResultImpl(syncId, SyncResult.Status.UPDATE);
+ return new DefaultSyncResultImpl(createSyncedIdentity(user), status);
}
@Nonnull
protected DefaultSyncResultImpl syncGroup(@Nonnull ExternalGroup external, @Nonnull Group group) throws RepositoryException {
- // first check if user is expired
- if (!forceGroupSync && !isExpired(group, config.group().getExpirationTime(), "Properties")) {
- DefaultSyncedIdentity syncId = DefaultSyncContext.createSyncedIdentity(group);
- return new DefaultSyncResultImpl(syncId, SyncResult.Status.NOP);
+ SyncResult.Status status;
+ // first check if group is expired
+ if (!forceGroupSync && !isExpired(group)) {
+ status = SyncResult.Status.NOP;
+ } else {
+ syncExternalIdentity(external, group, config.group());
+ // finally "touch" the sync property
+ group.setProperty(REP_LAST_SYNCED, nowValue);
+ status = SyncResult.Status.UPDATE;
}
+ return new DefaultSyncResultImpl(createSyncedIdentity(group), status);
+ }
- // synchronize the properties
- syncProperties(external, group, config.group().getPropertyMapping());
-
- // synchronize auto-group membership
- applyMembership(group, config.group().getAutoMembership());
-
- // finally "touch" the sync property
- group.setProperty(REP_LAST_SYNCED, nowValue);
- DefaultSyncedIdentity syncId = DefaultSyncContext.createSyncedIdentity(group);
- return new DefaultSyncResultImpl(syncId, SyncResult.Status.UPDATE);
+ /**
+ * Synchronize content common to both external users and external groups:
+ * - properties
+ * - auto-group membership
+ *
+ * @param external The external identity
+ * @param authorizable The corresponding repository user/group
+ * @param config The sync configuration
+ * @throws RepositoryException If an error occurs.
+ */
+ private void syncExternalIdentity(@Nonnull ExternalIdentity external,
+ @Nonnull Authorizable authorizable,
+ @Nonnull DefaultSyncConfig.Authorizable config) throws RepositoryException {
+ syncProperties(external, authorizable, config.getPropertyMapping());
+ applyMembership(authorizable, config.getAutoMembership());
}
/**
@@ -533,7 +537,7 @@ public class DefaultSyncContext implemen
}
timer.mark("adding");
// remove us from the lost membership groups
- for (Group grp: declaredExternalGroups.values()) {
+ for (Group grp : declaredExternalGroups.values()) {
grp.removeMember(auth);
log.debug("- removing member '{}' for group '{}'", auth.getID(), grp.getID());
}
@@ -600,6 +604,17 @@ public class DefaultSyncContext implemen
}
/**
+ * Checks if the given authorizable needs syncing based on the {@link #REP_LAST_SYNCED} property.
+ *
+ * @param authorizable the authorizable to check
+ * @return {@code true} if the authorizable needs sync
+ */
+ private boolean isExpired(@Nonnull Authorizable authorizable) throws RepositoryException {
+ long expTime = (authorizable.isGroup()) ? config.group().getExpirationTime() : config.user().getExpirationTime();
+ return isExpired(authorizable, expTime, "Properties");
+ }
+
+ /**
* Checks if the given authorizable needs syncing based on the {@link #REP_LAST_SYNCED} property.
* @param auth the authorizable to check
* @param expirationTime the expiration time to compare to.