org.alfresco.repo.security.sync
Class ChainingUserRegistrySynchronizer

java.lang.Object
  extended by org.springframework.extensions.surf.util.AbstractLifecycleBean
      extended by org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer
All Implemented Interfaces:
java.util.EventListener, UserRegistrySynchronizer, org.springframework.context.ApplicationContextAware, org.springframework.context.ApplicationEventPublisherAware, org.springframework.context.ApplicationListener

public class ChainingUserRegistrySynchronizer
extends org.springframework.extensions.surf.util.AbstractLifecycleBean
implements UserRegistrySynchronizer, org.springframework.context.ApplicationEventPublisherAware

A ChainingUserRegistrySynchronizer is responsible for synchronizing Alfresco's local user (person) and group (authority) information with the external subsystems in the authentication chain (most typically LDAP directories). When the #synchronize(boolean) method is called, it visits each UserRegistry bean in the 'chain' of application contexts, managed by a ChildApplicationContextManager, and compares its timestamped user and group information with the local users and groups last retrieved from the same source. Any updates and additions made to those users and groups are applied to the local copies. The ordering of each UserRegistry in the chain determines its precedence when it comes to user and group name collisions. The JobLockService is used to ensure that in a cluster, no two nodes actually run a synchronize at the same time.

The force argument determines whether a complete or partial set of information is queried from the UserRegistry. When true then all users and groups are queried. With this complete set of information, the synchronizer is able to identify which users and groups have been deleted, so it will delete users and groups as well as update and create them. Since processing all users and groups may be fairly time consuming, it is recommended this mode is only used by a background scheduled synchronization job. When the argument is false then only those users and groups modified since the most recent modification date of all the objects last queried from the same UserRegistry are retrieved. In this mode, local users and groups are created and updated, but not deleted (except where a name collision with a lower priority UserRegistry is detected). This 'differential' mode is much faster, and by default is triggered on subsystem startup and also by ChainingUserRegistrySynchronizer.createMissingPerson(String) when a user is successfully authenticated who doesn't yet have a local person object in Alfresco. This should mean that new users and their group information are pulled over from LDAP servers as and when required.


Nested Class Summary
protected  class ChainingUserRegistrySynchronizer.BaseBatchProcessWorker
           
 
Field Summary
static java.lang.String ROOT_ATTRIBUTE_PATH
          The path in the attribute service below which we persist attributes.
 
Fields inherited from class org.springframework.extensions.surf.util.AbstractLifecycleBean
log
 
Constructor Summary
ChainingUserRegistrySynchronizer()
           
 
Method Summary
 boolean createMissingPerson(java.lang.String userName)
          Creates a person object for a successfully authenticated user who does not yet have a person object, if allowed to by configuration.
 java.util.Set getPersonMappedProperties(java.lang.String username)
          Gets the set of property names that are auto-mapped for the user with the given user name.
protected  void onBootstrap(org.springframework.context.ApplicationEvent event)
           
protected  void onShutdown(org.springframework.context.ApplicationEvent event)
           
 void setApplicationContextManager(ChildApplicationContextManager applicationContextManager)
          Sets the application context manager.
 void setApplicationEventPublisher(org.springframework.context.ApplicationEventPublisher applicationEventPublisher)
           
 void setAttributeService(AttributeService attributeService)
          Sets the attribute service.
 void setAuthorityService(AuthorityService authorityService)
          Sets the authority service.
 void setAutoCreatePeopleOnLogin(boolean autoCreatePeopleOnLogin)
          Controls whether we auto create a missing person on log in.
 void setJobLockService(JobLockService jobLockService)
          Sets the job lock service.
 void setLoggingInterval(int loggingInterval)
          Sets the number of entries to process before reporting progress.
 void setPersonService(PersonService personService)
          Sets the person service.
 void setRuleService(RuleService ruleService)
          Sets the rule service.
 void setSourceBeanName(java.lang.String sourceBeanName)
          Sets the name used to look up a UserRegistry bean in each child application context.
 void setSyncOnStartup(boolean syncOnStartup)
          Controls whether we trigger a differential sync when the subsystem starts up.
 void setSyncWhenMissingPeopleLogIn(boolean syncWhenMissingPeopleLogIn)
          Controls whether we trigger a differential sync when missing people log in.
 void setTransactionService(TransactionService transactionService)
          Sets the transaction service.
 void setWorkerThreads(int workerThreads)
          Sets the number of worker threads.
 void synchronize(boolean forceUpdate, boolean allowDeletions, boolean splitTxns)
          Retrieves timestamped user and group information from configured external sources and compares it with the local users and groups last retrieved from the same sources.
 
Methods inherited from class org.springframework.extensions.surf.util.AbstractLifecycleBean
getApplicationContext, onApplicationEvent, setApplicationContext
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

ROOT_ATTRIBUTE_PATH

public static final java.lang.String ROOT_ATTRIBUTE_PATH
The path in the attribute service below which we persist attributes.

See Also:
Constant Field Values
Constructor Detail

ChainingUserRegistrySynchronizer

public ChainingUserRegistrySynchronizer()
Method Detail

setApplicationContextManager

public void setApplicationContextManager(ChildApplicationContextManager applicationContextManager)
Sets the application context manager.

Parameters:
applicationContextManager - the applicationContextManager to set

setSourceBeanName

public void setSourceBeanName(java.lang.String sourceBeanName)
Sets the name used to look up a UserRegistry bean in each child application context.

Parameters:
sourceBeanName - the bean name

setAuthorityService

public void setAuthorityService(AuthorityService authorityService)
Sets the authority service.

Parameters:
authorityService - the new authority service

setPersonService

public void setPersonService(PersonService personService)
Sets the person service.

Parameters:
personService - the new person service

setAttributeService

public void setAttributeService(AttributeService attributeService)
Sets the attribute service.

Parameters:
attributeService - the new attribute service

setTransactionService

public void setTransactionService(TransactionService transactionService)
Sets the transaction service.

Parameters:
transactionService - the transaction service

setRuleService

public void setRuleService(RuleService ruleService)
Sets the rule service.

Parameters:
ruleService - the new rule service

setJobLockService

public void setJobLockService(JobLockService jobLockService)
Sets the job lock service.

Parameters:
jobLockService - the job lock service

setApplicationEventPublisher

public void setApplicationEventPublisher(org.springframework.context.ApplicationEventPublisher applicationEventPublisher)
Specified by:
setApplicationEventPublisher in interface org.springframework.context.ApplicationEventPublisherAware

setAutoCreatePeopleOnLogin

public void setAutoCreatePeopleOnLogin(boolean autoCreatePeopleOnLogin)
Controls whether we auto create a missing person on log in.

Parameters:
autoCreatePeopleOnLogin - true if we should auto create a missing person on log in

setSyncWhenMissingPeopleLogIn

public void setSyncWhenMissingPeopleLogIn(boolean syncWhenMissingPeopleLogIn)
Controls whether we trigger a differential sync when missing people log in.

Parameters:
syncWhenMissingPeopleLogIn - if we should trigger a sync when missing people log in

setSyncOnStartup

public void setSyncOnStartup(boolean syncOnStartup)
Controls whether we trigger a differential sync when the subsystem starts up.

Parameters:
syncOnStartup - if we should trigger a sync on startup

setLoggingInterval

public void setLoggingInterval(int loggingInterval)
Sets the number of entries to process before reporting progress.

Parameters:
loggingInterval - the number of entries to process before reporting progress or zero to disable progress reporting.

setWorkerThreads

public void setWorkerThreads(int workerThreads)
Sets the number of worker threads.

Parameters:
workerThreads - the number of worker threads

synchronize

public void synchronize(boolean forceUpdate,
                        boolean allowDeletions,
                        boolean splitTxns)
Description copied from interface: UserRegistrySynchronizer
Retrieves timestamped user and group information from configured external sources and compares it with the local users and groups last retrieved from the same sources. Any updates and additions made to those users and groups are applied to the local Alfresco copies.

Specified by:
synchronize in interface UserRegistrySynchronizer
Parameters:
forceUpdate - Should the complete set of users and groups be updated / created locally or just those known to have changed since the last sync? When true then all users and groups are queried from the user registry and updated locally. When false then each source is only queried for those users and groups modified since the most recent modification date of all the objects last queried from that same source.
allowDeletions - Should a complete set of user and group IDs be queried from the user registries in order to determine deletions? This parameter is independent of force as a separate query is run to process updates.
splitTxns - Can the modifications to Alfresco be split across multiple transactions for maximum performance? If true, users and groups are created/updated in batches of 10 for increased performance. If false, all users and groups are processed in the current transaction. This is required if calling synchronously (e.g. in response to an authentication event in the same transaction).

getPersonMappedProperties

public java.util.Set getPersonMappedProperties(java.lang.String username)
Description copied from interface: UserRegistrySynchronizer
Gets the set of property names that are auto-mapped for the user with the given user name. These should remain read-only for the user in the UI.

Specified by:
getPersonMappedProperties in interface UserRegistrySynchronizer
Returns:
the person mapped properties

createMissingPerson

public boolean createMissingPerson(java.lang.String userName)
Description copied from interface: UserRegistrySynchronizer
Creates a person object for a successfully authenticated user who does not yet have a person object, if allowed to by configuration. Depending on configuration, may trigger a partial synchronize and/or create a new person with default settings.

Specified by:
createMissingPerson in interface UserRegistrySynchronizer
Parameters:
userName - the user name
Returns:
true, if a person is created

onBootstrap

protected void onBootstrap(org.springframework.context.ApplicationEvent event)
Specified by:
onBootstrap in class org.springframework.extensions.surf.util.AbstractLifecycleBean

onShutdown

protected void onShutdown(org.springframework.context.ApplicationEvent event)
Specified by:
onShutdown in class org.springframework.extensions.surf.util.AbstractLifecycleBean


Copyright © 2005 - 2010 Alfresco Software, Inc. All Rights Reserved.