|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.springframework.extensions.surf.util.AbstractLifecycleBean
org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer
public class ChainingUserRegistrySynchronizer
A ChainingUserRegistrySynchronizer
is responsible for synchronizing Alfresco's local user (person) and
group (authority) information with the external subsystems in the authentication chain (most typically LDAP
directories). When the #synchronize(boolean)
method is called, it visits each UserRegistry
bean in
the 'chain' of application contexts, managed by a ChildApplicationContextManager
, and compares its
timestamped user and group information with the local users and groups last retrieved from the same source. Any
updates and additions made to those users and groups are applied to the local copies. The ordering of each
UserRegistry
in the chain determines its precedence when it comes to user and group name collisions. The
JobLockService
is used to ensure that in a cluster, no two nodes actually run a synchronize at the same time.
The force
argument determines whether a complete or partial set of information is queried from the
UserRegistry
. When true
then all users and groups are queried. With this complete set of
information, the synchronizer is able to identify which users and groups have been deleted, so it will delete users
and groups as well as update and create them. Since processing all users and groups may be fairly time consuming, it
is recommended this mode is only used by a background scheduled synchronization job. When the argument is
false
then only those users and groups modified since the most recent modification date of all the
objects last queried from the same UserRegistry
are retrieved. In this mode, local users and groups are
created and updated, but not deleted (except where a name collision with a lower priority UserRegistry
is
detected). This 'differential' mode is much faster, and by default is triggered on subsystem startup and also by
ChainingUserRegistrySynchronizer.createMissingPerson(String)
when a user is successfully authenticated who doesn't yet have a local person
object in Alfresco. This should mean that new users and their group information are pulled over from LDAP servers as
and when required.
Nested Class Summary | |
---|---|
protected class |
ChainingUserRegistrySynchronizer.BaseBatchProcessWorker
|
Field Summary | |
---|---|
static java.lang.String |
ROOT_ATTRIBUTE_PATH
The path in the attribute service below which we persist attributes. |
Fields inherited from class org.springframework.extensions.surf.util.AbstractLifecycleBean |
---|
log |
Constructor Summary | |
---|---|
ChainingUserRegistrySynchronizer()
|
Method Summary | |
---|---|
boolean |
createMissingPerson(java.lang.String userName)
Creates a person object for a successfully authenticated user who does not yet have a person object, if allowed to by configuration. |
java.util.Set |
getPersonMappedProperties(java.lang.String username)
Gets the set of property names that are auto-mapped for the user with the given user name. |
protected void |
onBootstrap(org.springframework.context.ApplicationEvent event)
|
protected void |
onShutdown(org.springframework.context.ApplicationEvent event)
|
void |
setApplicationContextManager(ChildApplicationContextManager applicationContextManager)
Sets the application context manager. |
void |
setApplicationEventPublisher(org.springframework.context.ApplicationEventPublisher applicationEventPublisher)
|
void |
setAttributeService(AttributeService attributeService)
Sets the attribute service. |
void |
setAuthorityService(AuthorityService authorityService)
Sets the authority service. |
void |
setAutoCreatePeopleOnLogin(boolean autoCreatePeopleOnLogin)
Controls whether we auto create a missing person on log in. |
void |
setJobLockService(JobLockService jobLockService)
Sets the job lock service. |
void |
setLoggingInterval(int loggingInterval)
Sets the number of entries to process before reporting progress. |
void |
setPersonService(PersonService personService)
Sets the person service. |
void |
setRuleService(RuleService ruleService)
Sets the rule service. |
void |
setSourceBeanName(java.lang.String sourceBeanName)
Sets the name used to look up a UserRegistry bean in each child application context. |
void |
setSyncOnStartup(boolean syncOnStartup)
Controls whether we trigger a differential sync when the subsystem starts up. |
void |
setSyncWhenMissingPeopleLogIn(boolean syncWhenMissingPeopleLogIn)
Controls whether we trigger a differential sync when missing people log in. |
void |
setTransactionService(TransactionService transactionService)
Sets the transaction service. |
void |
setWorkerThreads(int workerThreads)
Sets the number of worker threads. |
void |
synchronize(boolean forceUpdate,
boolean allowDeletions,
boolean splitTxns)
Retrieves timestamped user and group information from configured external sources and compares it with the local users and groups last retrieved from the same sources. |
Methods inherited from class org.springframework.extensions.surf.util.AbstractLifecycleBean |
---|
getApplicationContext, onApplicationEvent, setApplicationContext |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
public static final java.lang.String ROOT_ATTRIBUTE_PATH
Constructor Detail |
---|
public ChainingUserRegistrySynchronizer()
Method Detail |
---|
public void setApplicationContextManager(ChildApplicationContextManager applicationContextManager)
applicationContextManager
- the applicationContextManager to setpublic void setSourceBeanName(java.lang.String sourceBeanName)
UserRegistry
bean in each child application context.
sourceBeanName
- the bean namepublic void setAuthorityService(AuthorityService authorityService)
authorityService
- the new authority servicepublic void setPersonService(PersonService personService)
personService
- the new person servicepublic void setAttributeService(AttributeService attributeService)
attributeService
- the new attribute servicepublic void setTransactionService(TransactionService transactionService)
transactionService
- the transaction servicepublic void setRuleService(RuleService ruleService)
ruleService
- the new rule servicepublic void setJobLockService(JobLockService jobLockService)
jobLockService
- the job lock servicepublic void setApplicationEventPublisher(org.springframework.context.ApplicationEventPublisher applicationEventPublisher)
setApplicationEventPublisher
in interface org.springframework.context.ApplicationEventPublisherAware
public void setAutoCreatePeopleOnLogin(boolean autoCreatePeopleOnLogin)
autoCreatePeopleOnLogin
- true
if we should auto create a missing person on log inpublic void setSyncWhenMissingPeopleLogIn(boolean syncWhenMissingPeopleLogIn)
syncWhenMissingPeopleLogIn
- public void setSyncOnStartup(boolean syncOnStartup)
syncOnStartup
- public void setLoggingInterval(int loggingInterval)
loggingInterval
- the number of entries to process before reporting progress or zero to disable progress reporting.public void setWorkerThreads(int workerThreads)
workerThreads
- the number of worker threadspublic void synchronize(boolean forceUpdate, boolean allowDeletions, boolean splitTxns)
UserRegistrySynchronizer
synchronize
in interface UserRegistrySynchronizer
forceUpdate
- Should the complete set of users and groups be updated / created locally or just those known to have
changed since the last sync? When true
then all users and groups are queried from
the user registry and updated locally. When false
then each source is only queried for
those users and groups modified since the most recent modification date of all the objects last
queried from that same source.allowDeletions
- Should a complete set of user and group IDs be queried from the user registries in order to determine
deletions? This parameter is independent of force
as a separate query is run to process
updates.splitTxns
- Can the modifications to Alfresco be split across multiple transactions for maximum performance? If
true
, users and groups are created/updated in batches of 10 for increased performance. If
false
, all users and groups are processed in the current transaction. This is required if
calling synchronously (e.g. in response to an authentication event in the same transaction).public java.util.Set getPersonMappedProperties(java.lang.String username)
UserRegistrySynchronizer
getPersonMappedProperties
in interface UserRegistrySynchronizer
public boolean createMissingPerson(java.lang.String userName)
UserRegistrySynchronizer
createMissingPerson
in interface UserRegistrySynchronizer
userName
- the user name
protected void onBootstrap(org.springframework.context.ApplicationEvent event)
onBootstrap
in class org.springframework.extensions.surf.util.AbstractLifecycleBean
protected void onShutdown(org.springframework.context.ApplicationEvent event)
onShutdown
in class org.springframework.extensions.surf.util.AbstractLifecycleBean
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |