public class ChainingUserRegistrySynchronizer extends org.springframework.extensions.surf.util.AbstractLifecycleBean implements UserRegistrySynchronizer, ChainingUserRegistrySynchronizerStatus, TestableChainingUserRegistrySynchronizer, org.springframework.context.ApplicationEventPublisherAware
ChainingUserRegistrySynchronizer
is responsible for synchronizing Alfresco's local user (person) and
group (authority) information with the external subsystems in the authentication chain (most typically LDAP
directories). When the synchronize(boolean, boolean)
method is called, it visits each UserRegistry
bean in
the 'chain' of application contexts, managed by a ChildApplicationContextManager
, and compares its
timestamped user and group information with the local users and groups last retrieved from the same source. Any
updates and additions made to those users and groups are applied to the local copies. The ordering of each
UserRegistry
in the chain determines its precedence when it comes to user and group name collisions. The
JobLockService
is used to ensure that in a cluster, no two nodes actually run a synchronize at the same time.
The force
argument determines whether a complete or partial set of information is queried from the
UserRegistry
. When true
then all users and groups are queried. With this complete set of
information, the synchronizer is able to identify which users and groups have been deleted, so it will delete users
and groups as well as update and create them. Since processing all users and groups may be fairly time consuming, it
is recommended this mode is only used by a background scheduled synchronization job. When the argument is
false
then only those users and groups modified since the most recent modification date of all the
objects last queried from the same UserRegistry
are retrieved. In this mode, local users and groups are
created and updated, but not deleted (except where a name collision with a lower priority UserRegistry
is
detected). This 'differential' mode is much faster, and by default is triggered on subsystem startup and also by
createMissingPerson(String)
when a user is successfully authenticated who doesn't yet have a local person
object in Alfresco. This should mean that new users and their group information are pulled over from LDAP servers as
and when required.
Modifier and Type | Class and Description |
---|---|
protected class |
ChainingUserRegistrySynchronizer.BaseBatchProcessWorker<T> |
Modifier and Type | Field and Description |
---|---|
static String |
ROOT_ATTRIBUTE_PATH
The path in the attribute service below which we persist attributes.
|
Constructor and Description |
---|
ChainingUserRegistrySynchronizer() |
Modifier and Type | Method and Description |
---|---|
boolean |
createMissingPerson(String userName)
Creates a person object for a successfully authenticated user who does not yet have a person object, if allowed
to by configuration.
|
String |
getLastErrorMessage()
The last error message or null if last sync completed without error
|
String |
getLastRunOnServer()
Get the serverid
|
Set<org.alfresco.service.namespace.QName> |
getPersonMappedProperties(String username)
Gets the set of property names that are auto-mapped for the user with the given user name.
|
Date |
getSyncEndTime()
Get the end date/time of the last synchronization
|
String |
getSynchronizationLastError(String zoneId)
Get the last error message from synchronizing this zone
|
Date |
getSynchronizationLastGroupUpdateTime(String id)
Get the date/time that the last group update completed
|
Date |
getSynchronizationLastUserUpdateTime(String id)
Get the date/time that the last user/person update completed
|
String |
getSynchronizationStatus() |
String |
getSynchronizationStatus(String zoneId)
Get the synchronization status
|
String |
getSynchronizationSummary(String zoneId)
Get the synchronization summary message for the specified zone
|
Date |
getSyncStartTime()
Get the start date/time of the last synchronization
|
SysAdminParams |
getSysAdminParams() |
void |
init() |
void |
onApplicationEvent(org.springframework.context.ApplicationEvent event) |
protected void |
onBootstrap(org.springframework.context.ApplicationEvent event) |
protected void |
onShutdown(org.springframework.context.ApplicationEvent event) |
void |
setAllowDeletions(boolean allowDeletions)
Controls how deleted users and groups are handled.
|
void |
setApplicationContextManager(ChildApplicationContextManager applicationContextManager)
Sets the application context manager.
|
void |
setApplicationEventPublisher(org.springframework.context.ApplicationEventPublisher applicationEventPublisher) |
void |
setAttributeService(AttributeService attributeService)
Sets the attribute service.
|
void |
setAuthorityService(AuthorityService authorityService)
Sets the authority service.
|
void |
setAutoCreatePeopleOnLogin(boolean autoCreatePeopleOnLogin)
Controls whether we auto create a missing person on log in.
|
void |
setExternalUserControl(String externalUserControl) |
void |
setExternalUserControlSubsystemName(String externalUserControlSubsystemName) |
void |
setJobLockService(JobLockService jobLockService)
Sets the job lock service.
|
void |
setLoggingInterval(int loggingInterval)
Sets the number of entries to process before reporting progress.
|
void |
setNameChecker(org.alfresco.repo.dictionary.constraint.NameChecker nameChecker)
Sets name checker
|
void |
setPersonService(PersonService personService)
Sets the person service.
|
void |
setSourceBeanName(String sourceBeanName)
Sets the name used to look up a
UserRegistry bean in each child application context. |
void |
setSyncDelete(boolean syncDelete)
Controls whether to query for users and groups that have been deleted in LDAP.
|
void |
setSyncOnStartup(boolean syncOnStartup)
Controls whether we trigger a differential sync when the subsystem starts up.
|
void |
setSyncWhenMissingPeopleLogIn(boolean syncWhenMissingPeopleLogIn)
Controls whether we trigger a differential sync when missing people log in.
|
void |
setSysAdminParams(SysAdminParams sysAdminParams) |
void |
setTransactionService(TransactionService transactionService)
Sets the transaction service.
|
void |
setWorkerThreads(int workerThreads)
Sets the number of worker threads.
|
void |
synchronize(boolean forceUpdate,
boolean isFullSync)
Retrieves timestamped user and group information from configured external sources and compares it with the local
users and groups last retrieved from the same sources.
|
SynchronizeDiagnostic |
testSynchronize(String authenticatorName)
runs read only diagnostic tests upon the specified user directory, does not actually do any synchronization
|
public static final String ROOT_ATTRIBUTE_PATH
public void init()
public void setExternalUserControl(String externalUserControl)
public void setExternalUserControlSubsystemName(String externalUserControlSubsystemName)
public void setNameChecker(org.alfresco.repo.dictionary.constraint.NameChecker nameChecker)
public void setApplicationContextManager(ChildApplicationContextManager applicationContextManager)
applicationContextManager
- the applicationContextManager to setpublic void setSourceBeanName(String sourceBeanName)
UserRegistry
bean in each child application context.sourceBeanName
- the bean namepublic void setAuthorityService(AuthorityService authorityService)
authorityService
- the new authority servicepublic void setPersonService(PersonService personService)
personService
- the new person servicepublic void setAttributeService(AttributeService attributeService)
attributeService
- the new attribute servicepublic void setTransactionService(TransactionService transactionService)
transactionService
- the transaction servicepublic void setJobLockService(JobLockService jobLockService)
jobLockService
- the job lock servicepublic void setApplicationEventPublisher(org.springframework.context.ApplicationEventPublisher applicationEventPublisher)
setApplicationEventPublisher
in interface org.springframework.context.ApplicationEventPublisherAware
public void setAutoCreatePeopleOnLogin(boolean autoCreatePeopleOnLogin)
autoCreatePeopleOnLogin
- true
if we should auto create a missing person on log inpublic void setSyncWhenMissingPeopleLogIn(boolean syncWhenMissingPeopleLogIn)
syncWhenMissingPeopleLogIn
- true
if we should trigger a sync when missing people log inpublic void setSyncOnStartup(boolean syncOnStartup)
syncOnStartup
- true
if we should trigger a sync on startuppublic void setLoggingInterval(int loggingInterval)
loggingInterval
- the number of entries to process before reporting progress or zero to disable progress reporting.public void setWorkerThreads(int workerThreads)
workerThreads
- the number of worker threadspublic void setAllowDeletions(boolean allowDeletions)
allowDeletions
- If true the entries are deleted from alfresco.
If false then they are unlinked from their LDAP authentication zone but remain within alfresco.public void setSyncDelete(boolean syncDelete)
syncDelete
- If false then LDAP sync does not even attempt to search for deleted users.public SynchronizeDiagnostic testSynchronize(String authenticatorName)
TestableChainingUserRegistrySynchronizer
testSynchronize
in interface TestableChainingUserRegistrySynchronizer
authenticatorName
- name of the user directory to testpublic void synchronize(boolean forceUpdate, boolean isFullSync)
UserRegistrySynchronizer
synchronize
in interface UserRegistrySynchronizer
forceUpdate
- Should the complete set of users and groups be updated / created locally or just those known to have
changed since the last sync? When true
then all users and groups are queried from
the user registry and updated locally. When false
then each source is only queried for
those users and groups modified since the most recent modification date of all the objects last
queried from that same source.isFullSync
- Should a complete set of user and group IDs be queried from the user registries in order to determine
deletions? This parameter is independent of force
as a separate query is run to process
updates.public Set<org.alfresco.service.namespace.QName> getPersonMappedProperties(String username)
UserRegistrySynchronizer
getPersonMappedProperties
in interface UserRegistrySynchronizer
public boolean createMissingPerson(String userName)
UserRegistrySynchronizer
createMissingPerson
in interface UserRegistrySynchronizer
userName
- the user nameprotected void onBootstrap(org.springframework.context.ApplicationEvent event)
onBootstrap
in class org.springframework.extensions.surf.util.AbstractLifecycleBean
protected void onShutdown(org.springframework.context.ApplicationEvent event)
onShutdown
in class org.springframework.extensions.surf.util.AbstractLifecycleBean
public Date getSyncStartTime()
ChainingUserRegistrySynchronizerStatus
getSyncStartTime
in interface ChainingUserRegistrySynchronizerStatus
public Date getSyncEndTime()
ChainingUserRegistrySynchronizerStatus
getSyncEndTime
in interface ChainingUserRegistrySynchronizerStatus
public String getLastErrorMessage()
ChainingUserRegistrySynchronizerStatus
getLastErrorMessage
in interface ChainingUserRegistrySynchronizerStatus
public String getLastRunOnServer()
ChainingUserRegistrySynchronizerStatus
getLastRunOnServer
in interface ChainingUserRegistrySynchronizerStatus
public String getSynchronizationStatus()
getSynchronizationStatus
in interface ChainingUserRegistrySynchronizerStatus
public String getSynchronizationStatus(String zoneId)
ChainingUserRegistrySynchronizerStatus
getSynchronizationStatus
in interface ChainingUserRegistrySynchronizerStatus
zoneId
- - zone idpublic Date getSynchronizationLastUserUpdateTime(String id)
ChainingUserRegistrySynchronizerStatus
getSynchronizationLastUserUpdateTime
in interface ChainingUserRegistrySynchronizerStatus
id
- Stringpublic Date getSynchronizationLastGroupUpdateTime(String id)
ChainingUserRegistrySynchronizerStatus
getSynchronizationLastGroupUpdateTime
in interface ChainingUserRegistrySynchronizerStatus
id
- Stringpublic String getSynchronizationLastError(String zoneId)
ChainingUserRegistrySynchronizerStatus
getSynchronizationLastError
in interface ChainingUserRegistrySynchronizerStatus
zoneId
- the zonepublic String getSynchronizationSummary(String zoneId)
ChainingUserRegistrySynchronizerStatus
getSynchronizationSummary
in interface ChainingUserRegistrySynchronizerStatus
zoneId
- the zonepublic void setSysAdminParams(SysAdminParams sysAdminParams)
public SysAdminParams getSysAdminParams()
public void onApplicationEvent(org.springframework.context.ApplicationEvent event)
onApplicationEvent
in interface org.springframework.context.ApplicationListener
onApplicationEvent
in class org.springframework.extensions.surf.util.AbstractLifecycleBean
Copyright © 2005–2017 Alfresco Software. All rights reserved.