Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.atlassian.crowd.manager.application
Class ApplicationServiceGeneric

java.lang.Object
  extended by com.atlassian.crowd.manager.GenericManager
      extended by com.atlassian.crowd.manager.application.ApplicationServiceGeneric
All Implemented Interfaces:
ApplicationService
public class ApplicationServiceGeneric
extends GenericManager
implements ApplicationService

Field Summary
 
Fields inherited from class com.atlassian.crowd.manager.GenericManager
cacheManager, directoryManager, i18nHelper, logger, propertyManager, tokenDAO, tokenFactory
 
Constructor Summary
ApplicationServiceGeneric()
           
 
Method Summary
 Group addGroup(Application application, GroupTemplate group)
          Adds the group to ALL the permissible directories.
 void addGroupToGroup(Application application, java.lang.String childGroup, java.lang.String parentGroup)
          Makes groups matching the given name (childGroup) direct members of the group (parentGroup) across ALL directories.
 User addUser(Application application, UserTemplate user, PasswordCredential credential)
          Adds the user to ALL the permissible directories.
 void addUserToGroup(Application application, java.lang.String username, java.lang.String groupName)
          Makes users matching the given name direct members of the group across ALL directories.
 Token authenticateApplication(ApplicationAuthenticationContext authenticationContext)
          Authenticates an application and generates an authentication token.
 Token authenticateUser(UserAuthenticationContext authenticateContext)
          Authenticates a user and and generates an authentication token.
 Token authenticateUser(UserAuthenticationContext authenticationContext, boolean validatePassword, boolean ignoreCache)
           
 Token authenticateUserWithoutValidatingPassword(UserAuthenticationContext authenticateContext)
          Feigns the authentication process for a user and creates a token for the authentication without validating the password.
 java.util.List<Application> findAuthorisedApplications(User user)
          Returns a list of applications a user is authorised to authenticate with.
 Group findGroupByName(Application application, java.lang.String name)
          Returns the first group with the matching groupname from all the directories assigned to the application.
 GroupWithAttributes findGroupWithAttributesByName(Application application, java.lang.String name)
          Returns the first group with the matching groupname from all the directories assigned to the application.
 User findUserByName(Application application, java.lang.String name)
          Returns the first user with the matching username from all the directories assigned to the application.
 UserWithAttributes findUserWithAttributesByName(Application application, java.lang.String name)
          Returns the first user with the matching username from all the directories assigned to the application.
 boolean isGroupDirectGroupMember(Application application, java.lang.String childGroup, java.lang.String parentGroup)
          Returns true if the childGroup is a direct member of the parentGroup in any of the application's assigned directories.
 boolean isGroupNestedGroupMember(Application application, java.lang.String childGroup, java.lang.String parentGroup)
          Returns true if the childGroup is a direct or indirect (nested) member of the parentGroup in any of the application's assigned directories.
 boolean isUserDirectGroupMember(Application application, java.lang.String username, java.lang.String groupName)
          Returns true if the user is a direct member of the group in any of the application's assigned directories.
 boolean isUserNestedGroupMember(Application application, java.lang.String username, java.lang.String groupName)
          Returns true if the user is a direct or indirect (nested) member of the group in any of the application's assigned directories.
 void removeGroup(Application application, java.lang.String groupname)
          Removes ALL groups from each of the application's assigned directories.
 void removeGroupAttributes(Application application, java.lang.String groupname, java.lang.String attributeName)
          Removes a group's attribute values for all permissible directories assigned to the application.
 void removeGroupFromGroup(Application application, java.lang.String childGroup, java.lang.String parentGroup)
          Makes child group matching the given name not members of the parent group across ALL directories.
 void removeUser(Application application, java.lang.String username)
          Removes ALL users from each of the application's assigned directories.
 void removeUserAttributes(Application application, java.lang.String username, java.lang.String attributeName)
          Removes a user's attribute values for all permissible directories assigned to the application.
 void removeUserFromGroup(Application application, java.lang.String username, java.lang.String groupName)
          Makes users matching the given name not members of the group across ALL directories.
 void resetUserCredential(Application application, java.lang.String username)
          Resets the credentials of the first matching user in the application's directories.
 java.util.List searchDirectGroupRelationships(Application application, MembershipQuery query)
          Searches for direct group relationships in any of the application's assigned directories.
 java.util.List searchGroups(Application application, EntityQuery query)
          Returns a List matching the search criteria defined in the query for ALL of the directories assigned to the application.
 java.util.List searchNestedGroupRelationships(Application application, MembershipQuery query)
          Searches for direct and indirect (nested) group relationships in any of the application's assigned directories.
 java.util.List searchUsers(Application application, EntityQuery query)
          Returns a List matching the search criteria defined in the query for ALL of the directories assigned to the application.
 void setApplicationDAO(ApplicationDAO applicationDAO)
           
 void setDirectoryManager(DirectoryManager directoryManager)
           
 void setEventManager(com.atlassian.event.EventManager eventManager)
           
 void setPasswordEncoderFactory(PasswordEncoderFactory passwordEncoderFactory)
           
 void setPermissionManager(PermissionManager permissionManager)
           
 void storeGroupAttributes(Application application, java.lang.String groupname, java.util.Map<java.lang.String,java.util.List<java.lang.String>> attributes)
          Adds or updates a group's attributes with the new Map of attribute values for all permissible directories assigned to the application.
 void storeUserAttributes(Application application, java.lang.String username, java.util.Map<java.lang.String,java.util.List<java.lang.String>> attributes)
          Adds or updates a user's attributes with the new Map of attribute values for all permissible directories assigned to the application.
 Group updateGroup(Application application, GroupTemplate group)
          Updates the group in ALL the permissible directories.
 User updateUser(Application application, UserTemplate user)
          Updates the user in ALL the permissible directories.
 void updateUserCredential(Application application, java.lang.String username, PasswordCredential credential)
          Updates the credentials of the first matching user in the application's assigned directories.
 Token validateApplicationToken(java.lang.String tokenKey, ValidationFactor[] clientValidationFactors)
          Validates an application token key given validation factors.
 Token validateUserToken(java.lang.String userTokenKey, ValidationFactor[] validationFactors, java.lang.String applicationName)
          Validates a user token key given validation factors and checks that the user is allowed to authenticate with the specified application
 
Methods inherited from class com.atlassian.crowd.manager.GenericManager
generateApplicationToken, generateUserToken, genericValidateToken, isAllowedToAuthenticate, isAllowedToAuthenticate, isAllowedToAuthenticate, isExpired, setCacheManager, setI18nHelper, setPropertyManager, setTokenDAO, setTokenFactory
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

ApplicationServiceGeneric

public ApplicationServiceGeneric()
Method Detail

findAuthorisedApplications

public java.util.List<Application> findAuthorisedApplications(User user)
Description copied from interface: ApplicationService
Returns a list of applications a user is authorised to authenticate with.

NOTE: this is a potentially expensive call, iterating all applications and all group mappings for each application and determining group membership, ie. expense = number of applications * number of group mappings per application.

Specified by:
findAuthorisedApplications in interface ApplicationService
Parameters:
user - user to search for.
Returns:
list of applications.

authenticateApplication

public Token authenticateApplication(ApplicationAuthenticationContext authenticationContext)
                              throws InvalidAuthenticationException
Description copied from interface: ApplicationService
Authenticates an application and generates an authentication token.

Specified by:
authenticateApplication in interface ApplicationService
Parameters:
authenticationContext - application authentication credentials.
Returns:
generated authentication token.
Throws:
InvalidAuthenticationException - authentication was not successful because either the application does not exist, the password is incorrect, the application is inactive or there was a problem generating the authentication token.

authenticateUser

public Token authenticateUser(UserAuthenticationContext authenticationContext,
                              boolean validatePassword,
                              boolean ignoreCache)
                       throws InvalidAuthenticationException,
                              DirectoryAccessException,
                              InactiveAccountException,
                              ApplicationAccessDeniedException
Throws:
InvalidAuthenticationException
DirectoryAccessException
InactiveAccountException
ApplicationAccessDeniedException

authenticateUser

public Token authenticateUser(UserAuthenticationContext authenticateContext)
                       throws InvalidAuthenticationException,
                              DirectoryAccessException,
                              InactiveAccountException,
                              ApplicationAccessDeniedException
Description copied from interface: ApplicationService
Authenticates a user and and generates an authentication token. The password of the user is validated before generating a token.

The RemoteDirectory.authenticate(String, com.atlassian.crowd.integration.authentication.PasswordCredential) method is iteratively called for each assigned directory. If the user does not exist in one directory, the directory is skipped and the next one is examined. If the user does not exist in any of the assigned directories then an InvalidAuthenticationException is thrown.

Specified by:
authenticateUser in interface ApplicationService
Parameters:
authenticateContext - The authentication details for the user.
Returns:
The authenticated token for the user.
Throws:
InvalidAuthenticationException - The authentication was not successful.
DirectoryAccessException - error thrown by directory implementation when attempting to find or authenticate the user.
InactiveAccountException - user account is inactive.
ApplicationAccessDeniedException - user does not have access to authenticate with application.

authenticateUserWithoutValidatingPassword

public Token authenticateUserWithoutValidatingPassword(UserAuthenticationContext authenticateContext)
                                                throws InvalidAuthenticationException,
                                                       DirectoryAccessException,
                                                       InactiveAccountException,
                                                       ApplicationAccessDeniedException
Description copied from interface: ApplicationService
Feigns the authentication process for a user and creates a token for the authentication without validating the password.

This method only be used to generate a token for a user that has already authenticated credentials via some other means (eg. SharePoint NTLM connector) as this method bypasses any password checks.

If you want actual password authentication, use the ApplicationService.authenticateUser(com.atlassian.crowd.integration.authentication.UserAuthenticationContext) method.

Specified by:
authenticateUserWithoutValidatingPassword in interface ApplicationService
Parameters:
authenticateContext - The authentication details for the user.
Returns:
The authenticated token for the user.
Throws:
InvalidAuthenticationException - The authentication was not successful.
DirectoryAccessException - error thrown by directory implementation when attempting to find or authenticate the user.
InactiveAccountException - user account is inactive.
ApplicationAccessDeniedException - user does not have access to authenticate with application.

validateApplicationToken

public Token validateApplicationToken(java.lang.String tokenKey,
                                      ValidationFactor[] clientValidationFactors)
                               throws InvalidTokenException
Description copied from interface: ApplicationService
Validates an application token key given validation factors.

Specified by:
validateApplicationToken in interface ApplicationService
Parameters:
tokenKey - returns a valid token corresponding to the tokenKey.
clientValidationFactors - validation factors for generating the token hash.
Returns:
validated token.
Throws:
InvalidTokenException - if the tokenKey or corresponding client validation factors do not represent a valid application token.

validateUserToken

public Token validateUserToken(java.lang.String userTokenKey,
                               ValidationFactor[] validationFactors,
                               java.lang.String applicationName)
                        throws InvalidTokenException,
                               ApplicationAccessDeniedException,
                               DirectoryAccessException
Description copied from interface: ApplicationService
Validates a user token key given validation factors and checks that the user is allowed to authenticate with the specified application

Specified by:
validateUserToken in interface ApplicationService
Parameters:
userTokenKey - returns a valid token corresponding to the tokenKey.
validationFactors - validation factors for generating the token hash.
applicationName - name of application to authenticate with.
Returns:
validated authentication token.
Throws:
InvalidTokenException - if the userTokenKey or corresponding validationFactors do not represent a valid SSO token.
ApplicationAccessDeniedException - the user is not allowed to authenticate with the application.
DirectoryAccessException - there was an error communicating with an underlying directory when determining if a user is allowed to authenticate with the application (eg. if a user has the appropriate group memberships).

findUserByName

public User findUserByName(Application application,
                           java.lang.String name)
                    throws ObjectNotFoundException,
                           DirectoryAccessException
Description copied from interface: ApplicationService
Returns the first user with the matching username from all the directories assigned to the application.

The directories are searched in the order they are assigned to the application.

Specified by:
findUserByName in interface ApplicationService
Parameters:
application - search application's assigned directories.
name - the username of the user to find.
Returns:
first matching user.
Throws:
ObjectNotFoundException - user not found in any of the directories.
DirectoryAccessException - there was an error executing the request with any underlying directory.

findUserWithAttributesByName

public UserWithAttributes findUserWithAttributesByName(Application application,
                                                       java.lang.String name)
                                                throws ObjectNotFoundException,
                                                       DirectoryAccessException
Description copied from interface: ApplicationService
Returns the first user with the matching username from all the directories assigned to the application.

The directories are searched in the order they are assigned to the application.

Specified by:
findUserWithAttributesByName in interface ApplicationService
Parameters:
application - search application's assigned directories.
name - the username of the user to find.
Returns:
first matching user.
Throws:
ObjectNotFoundException - user not found in any of the directories.
DirectoryAccessException - there was an error executing the request with any underlying directory.

addUser

public User addUser(Application application,
                    UserTemplate user,
                    PasswordCredential credential)
             throws InvalidUserException,
                    DirectoryAccessException,
                    InvalidCredentialException,
                    ApplicationPermissionException
Description copied from interface: ApplicationService
Adds the user to ALL the permissible directories.

If the user exists in ANY of the application's assigned directories, then an InvalidUserException will be thrown.

If the add operation fails on a directory because of permissioning restrictions, an INFO message is logged. If ALL directories permissions fail, an ApplicationPermissionException is thrown.

If the add operation fails on a directory for any other reason, such as directory failure, update failure, etc., an Exception is thrown immediately.

Returns the user from the first directory containing the user.

Specified by:
addUser in interface ApplicationService
Parameters:
application - add to application's assigned directories.
user - a template of the user to be added. The directoryId of the UserTemplate is ignored, and will be mutated for each directoryMapping.
credential - the password credential of the user (unencrypted).
Returns:
the added user returned from ApplicationService.findUserByName(com.atlassian.crowd.model.application.Application , String).
Throws:
InvalidUserException - if the user already exists in ANY associated directory or the user template does not have the required properties populated.
DirectoryAccessException - if there was an error performing the operation or instantiating the backend directory.
InvalidCredentialException - if the user's credential does not meet the validation requirements for an associated directory.
ApplicationPermissionException - if none of the application's associated directories are allowed to perform operations of type OperationType.CREATE_USER.

updateUser

public User updateUser(Application application,
                       UserTemplate user)
                throws InvalidUserException,
                       DirectoryAccessException,
                       ApplicationPermissionException,
                       ObjectNotFoundException
Description copied from interface: ApplicationService
Updates the user in ALL the permissible directories.

If the user does not exist in ANY of the application's assigned directories, then an ObjectNotFoundException will be thrown.

If the update operation fails on a directory because of permissioning restrictions, an INFO message is logged. If ALL directories permissions fail, an ApplicationPermissionException is thrown.

If the update operation fails on a directory for any other reason, such as directory failure, update failure, etc., an Exception is thrown immediately.

Returns the user from the first directory containing the user.

Specified by:
updateUser in interface ApplicationService
Parameters:
application - application with assigned directories to operate on.
user - a template of the user to be added. The directoryId of the UserTemplate is ignored, and will be mutated for each directoryMapping.
Returns:
the added user returned from ApplicationService.findUserByName(com.atlassian.crowd.model.application.Application , String).
Throws:
InvalidUserException - if the user already exists in ANY associated directory or the user template does not have the required properties populated.
DirectoryAccessException - if there was an error performing the operation or instantiating the backend directory.
ApplicationPermissionException - if none of the application's associated directories are allowed to perform operations of type OperationType.UPDATE_USER.
ObjectNotFoundException - user does not exist in any of the associated directories of the application.

updateUserCredential

public void updateUserCredential(Application application,
                                 java.lang.String username,
                                 PasswordCredential credential)
                          throws DirectoryAccessException,
                                 ObjectNotFoundException,
                                 InvalidCredentialException,
                                 ApplicationPermissionException
Description copied from interface: ApplicationService
Updates the credentials of the first matching user in the application's assigned directories.

Thus, the method only operates on the same user returned from a call to findUserByName.

Specified by:
updateUserCredential in interface ApplicationService
Parameters:
application - update in application's assigned directories.
username - name of user.
credential - new (unencrypted) credentials.
Throws:
DirectoryAccessException - if there was an error performing the operation or instantiating the backend directory.
ObjectNotFoundException - if no user with the given name exists in ANY assigned directory.
InvalidCredentialException - if the user's credential does not meet the validation requirements for an associated directory.
ApplicationPermissionException - if the first directory in which the user is found doesn't have the permission to perform operations of type OperationType.UPDATE_USER.

resetUserCredential

public void resetUserCredential(Application application,
                                java.lang.String username)
                         throws DirectoryAccessException,
                                ObjectNotFoundException,
                                InvalidCredentialException,
                                ApplicationPermissionException,
                                InvalidEmailAddressException
Description copied from interface: ApplicationService
Resets the credentials of the first matching user in the application's directories.

Thus, the method only operates on the same user returned from a call to findUserByName.

This method will only function correctly if the User has an email address, otherwise no email can be sent to the user.

Specified by:
resetUserCredential in interface ApplicationService
Parameters:
application - update in application's assigned directories.
username - name of user.
Throws:
DirectoryAccessException - if there was an error performing the operation or instantiating the backend directory.
ObjectNotFoundException - if no user with the given name exists in ANY assigned directory, or the associated directory does not exist
InvalidCredentialException - if the generated credential does not meet the validation requirements for an associated directory.
ApplicationPermissionException - if the first directory in which the user is found doesn't have the permission to perform operations of type OperationType.UPDATE_USER.
InvalidEmailAddressException - if the user doesn't have a valid email address and can't be notified.

storeUserAttributes

public void storeUserAttributes(Application application,
                                java.lang.String username,
                                java.util.Map<java.lang.String,java.util.List<java.lang.String>> attributes)
                         throws DirectoryAccessException,
                                ApplicationPermissionException,
                                ObjectNotFoundException
Description copied from interface: ApplicationService
Adds or updates a user's attributes with the new Map of attribute values for all permissible directories assigned to the application.

The attributes map represents new or updated attributes and does not replace existing attributes unless the key of an attribute matches the key of an existing attribute on the user.

This method does not update primary field attributes like firstName, lastName, etc.

If the user does not exist in ANY of the application's assigned directories, then an ObjectNotFoundException will be thrown.

If the update operation fails on a directory because of permissioning restrictions, an INFO message is logged. If ALL directories permissions fail, an ApplicationPermissionException is thrown.

If the update operation fails on a directory for any other reason, such as directory failure, update failure, etc., an Exception is thrown immediately.

Specified by:
storeUserAttributes in interface ApplicationService
Parameters:
application - application with assigned directories to operate on.
username - username of the user to update.
attributes - map of one-to-many attribute-values. All attribute keys are treated as new or updated attributes.
Throws:
DirectoryAccessException - if there was an error performing the operation or instantiating the backend directory..
ApplicationPermissionException - if none of the application's associated directories are allowed to perform operations of type OperationType.UPDATE_USER.
ObjectNotFoundException - if the user with the supplied username does not exist in ANY assigned directory.

removeUserAttributes

public void removeUserAttributes(Application application,
                                 java.lang.String username,
                                 java.lang.String attributeName)
                          throws DirectoryAccessException,
                                 ApplicationPermissionException,
                                 ObjectNotFoundException
Description copied from interface: ApplicationService
Removes a user's attribute values for all permissible directories assigned to the application.

If the user does not exist in ANY of the application's assigned directories, then an ObjectNotFoundException will be thrown.

If the update operation fails on a directory because of permissioning restrictions, an INFO message is logged. If ALL directories permissions fail, an ApplicationPermissionException is thrown.

If the update operation fails on a directory for any other reason, such as directory failure, update failure, etc., an Exception is thrown immediately.

Specified by:
removeUserAttributes in interface ApplicationService
Parameters:
application - application with assigned directories to operate on.
username - username of the user to update.
attributeName - all attribute values for this key will be removed from the user.
Throws:
DirectoryAccessException - if there was an error performing the operation or instantiating the backend directory.
ApplicationPermissionException - if none of the application's associated directories are allowed to perform operations of type OperationType.UPDATE_USER.
ObjectNotFoundException - if the user with the supplied username does not exist in ANY assigned directory.

removeUser

public void removeUser(Application application,
                       java.lang.String username)
                throws DirectoryAccessException,
                       ObjectNotFoundException,
                       ApplicationPermissionException
Description copied from interface: ApplicationService
Removes ALL users from each of the application's assigned directories.

If the user doesn't exist in ANY of the application's assigned directories, then an ObjectNotFoundException will be thrown.

If the remove operation fails on a directory because of permissioning restrictions, an INFO message is logged. If ALL directories permissions fail, a ApplicationPermissionException is thrown.

If the remove operation fails on a directory for any other reason, such as directory failure, update failure, etc., an Exception is thrown immediately.

Specified by:
removeUser in interface ApplicationService
Parameters:
application - remove from application's assigned directories.
username - the name of the user to remove.
Throws:
DirectoryAccessException - if there was an error performing the operation or instantiating the backend directory.
ObjectNotFoundException - if user with given name does not exist in ANY assigned directory.
ApplicationPermissionException - if none of the application's associated directories are allowed to perform operations of type OperationType.DELETE_USER.

searchUsers

public java.util.List searchUsers(Application application,
                                  EntityQuery query)
                           throws DirectoryAccessException
Description copied from interface: ApplicationService
Returns a List matching the search criteria defined in the query for ALL of the directories assigned to the application.

Specified by:
searchUsers in interface ApplicationService
Parameters:
application - search application's assigned directories.
query - the search query.
Returns:
List user objects or List usernames, depending on the query.
Throws:
DirectoryAccessException - if there was an error performing the operation or instantiating the backend directory.

findGroupByName

public Group findGroupByName(Application application,
                             java.lang.String name)
                      throws ObjectNotFoundException,
                             DirectoryAccessException
Description copied from interface: ApplicationService
Returns the first group with the matching groupname from all the directories assigned to the application.

The directories are searched in the order they are assigned to the application.

Specified by:
findGroupByName in interface ApplicationService
Parameters:
application - search application's assigned directories.
name - the groupname of the group to find.
Returns:
first matching group.
Throws:
ObjectNotFoundException - group not found in any of the directories.
DirectoryAccessException - there was an error executing the request with any underlying directory.

findGroupWithAttributesByName

public GroupWithAttributes findGroupWithAttributesByName(Application application,
                                                         java.lang.String name)
                                                  throws ObjectNotFoundException,
                                                         DirectoryAccessException
Description copied from interface: ApplicationService
Returns the first group with the matching groupname from all the directories assigned to the application.

The directories are searched in the order they are assigned to the application.

Specified by:
findGroupWithAttributesByName in interface ApplicationService
Parameters:
application - search application's assigned directories.
name - the groupname of the group to find.
Returns:
first matching group.
Throws:
ObjectNotFoundException - group not found in any of the directories.
DirectoryAccessException - there was an error executing the request with any underlying directory.

addGroup

public Group addGroup(Application application,
                      GroupTemplate group)
               throws InvalidGroupException,
                      DirectoryAccessException,
                      ApplicationPermissionException
Description copied from interface: ApplicationService
Adds the group to ALL the permissible directories.

If the group exists in ANY of the application's assigned directories, then an InvalidGroupException will be thrown.

If the add operation fails on a directory because of permissioning restrictions, an INFO message is logged. If ALL directories permissions fail, an ApplicationPermissionException is thrown.

If the add operation fails on a directory for any other reason, such as directory failure, update failure, etc., an Exception is thrown immediately.

Returns the group from the first directory containing the group.

Specified by:
addGroup in interface ApplicationService
Parameters:
application - add to application's assigned directories.
group - a template of the group to be added. The directoryId of the GroupTemplate is ignored, and will be mutated for each directoryMapping.
Returns:
the added group returned from ApplicationService.findGroupByName(com.atlassian.crowd.model.application.Application , String).
Throws:
InvalidGroupException - if the group already exists in ANY associated directory or the group template does not have the required properties populated.
DirectoryAccessException - if there was an error performing the operation or instantiating the backend directory.
ApplicationPermissionException - if none of the application's associated directories are allowed to perform operations of type OperationType.CREATE_GROUP.

updateGroup

public Group updateGroup(Application application,
                         GroupTemplate group)
                  throws InvalidGroupException,
                         DirectoryAccessException,
                         ApplicationPermissionException,
                         ObjectNotFoundException
Description copied from interface: ApplicationService
Updates the group in ALL the permissible directories.

If the group does not exist in ANY of the application's assigned directories, then an ObjectNotFoundException will be thrown.

If the update operation fails on a directory because of permissioning restrictions, an INFO message is logged. If ALL directories permissions fail, an ApplicationPermissionException is thrown.

If the update operation fails on a directory for any other reason, such as directory failure, update failure, etc., an Exception is thrown immediately.

Returns the group from the first directory containing the group.

Specified by:
updateGroup in interface ApplicationService
Parameters:
application - application with assigned directories to operate on.
group - a template of the group to be added. The directoryId of the GroupTemplate is ignored, and will be mutated for each directoryMapping.
Returns:
the added group returned from ApplicationService.findGroupByName(com.atlassian.crowd.model.application.Application , String).
Throws:
InvalidGroupException - if the group already exists in ANY associated directory or the group template does not have the required properties populated.
DirectoryAccessException - if there was an error performing the operation or instantiating the backend directory.
ApplicationPermissionException - if none of the application's associated directories are allowed to perform operations of type OperationType.UPDATE_GROUP.
ObjectNotFoundException - group does not exist in any of the associated directories of the application.

storeGroupAttributes

public void storeGroupAttributes(Application application,
                                 java.lang.String groupname,
                                 java.util.Map<java.lang.String,java.util.List<java.lang.String>> attributes)
                          throws DirectoryAccessException,
                                 ApplicationPermissionException,
                                 ObjectNotFoundException
Description copied from interface: ApplicationService
Adds or updates a group's attributes with the new Map of attribute values for all permissible directories assigned to the application.

The attributes map represents new or updated attributes and does not replace existing attributes unless the key of an attribute matches the key of an existing attribute on the group.

This method does not update primary field attributes like firstName, lastName, etc.

If the group does not exist in ANY of the application's assigned directories, then an ObjectNotFoundException will be thrown.

If the update operation fails on a directory because of permissioning restrictions, an INFO message is logged. If ALL directories permissions fail, an ApplicationPermissionException is thrown.

If the update operation fails on a directory for any other reason, such as directory failure, update failure, etc., an Exception is thrown immediately.

Specified by:
storeGroupAttributes in interface ApplicationService
Parameters:
application - application with assigned directories to operate on.
groupname - groupname of the group to update.
attributes - map of one-to-many attribute-values. All attribute keys are treated as new or updated attributes.
Throws:
DirectoryAccessException - if there was an error performing the operation or instantiating the backend directory..
ApplicationPermissionException - if none of the application's associated directories are allowed to perform operations of type OperationType.UPDATE_GROUP.
ObjectNotFoundException - if the group with the supplied groupname does not exist in ANY assigned directory.

removeGroupAttributes

public void removeGroupAttributes(Application application,
                                  java.lang.String groupname,
                                  java.lang.String attributeName)
                           throws DirectoryAccessException,
                                  ApplicationPermissionException,
                                  ObjectNotFoundException
Description copied from interface: ApplicationService
Removes a group's attribute values for all permissible directories assigned to the application.

If the group does not exist in ANY of the application's assigned directories, then an ObjectNotFoundException will be thrown.

If the update operation fails on a directory because of permissioning restrictions, an INFO message is logged. If ALL directories permissions fail, an ApplicationPermissionException is thrown.

If the update operation fails on a directory for any other reason, such as directory failure, update failure, etc., an Exception is thrown immediately.

Specified by:
removeGroupAttributes in interface ApplicationService
Parameters:
application - application with assigned directories to operate on.
groupname - groupname of the group to update.
attributeName - all attribute values for this key will be removed from the group.
Throws:
DirectoryAccessException - if there was an error performing the operation or instantiating the backend directory.
ApplicationPermissionException - if none of the application's associated directories are allowed to perform operations of type OperationType.UPDATE_GROUP.
ObjectNotFoundException - if the group with the supplied groupname does not exist in ANY assigned directory.

removeGroup

public void removeGroup(Application application,
                        java.lang.String groupname)
                 throws DirectoryAccessException,
                        ObjectNotFoundException,
                        ApplicationPermissionException
Description copied from interface: ApplicationService
Removes ALL groups from each of the application's assigned directories.

If the group doesn't exist in ANY of the application's assigned directories, then an ObjectNotFoundException will be thrown.

If the remove operation fails on a directory because of permissioning restrictions, an INFO message is logged. If ALL directories permissions fail, a ApplicationPermissionException is thrown.

If the remove operation fails on a directory for any other reason, such as directory failure, update failure, etc., an Exception is thrown immediately.

Specified by:
removeGroup in interface ApplicationService
Parameters:
application - remove from application's assigned directories.
groupname - the name of the group to remove.
Throws:
DirectoryAccessException - if there was an error performing the operation or instantiating the backend directory.
ObjectNotFoundException - if group with given name does not exist in ANY assigned directory.
ApplicationPermissionException - if none of the application's associated directories are allowed to perform operations of type OperationType.DELETE_GROUP.

searchGroups

public java.util.List searchGroups(Application application,
                                   EntityQuery query)
                            throws DirectoryAccessException
Description copied from interface: ApplicationService
Returns a List matching the search criteria defined in the query for ALL of the directories assigned to the application.

Specified by:
searchGroups in interface ApplicationService
Parameters:
application - search application's assigned directories.
query - the search query.
Returns:
List group objects or List groupnames, depending on the query.
Throws:
DirectoryAccessException - if there was an error performing the operation or instantiating the backend directory.

addUserToGroup

public void addUserToGroup(Application application,
                           java.lang.String username,
                           java.lang.String groupName)
                    throws DirectoryAccessException,
                           ObjectNotFoundException,
                           ApplicationPermissionException
Description copied from interface: ApplicationService
Makes users matching the given name direct members of the group across ALL directories.

Specified by:
addUserToGroup in interface ApplicationService
Parameters:
application - modify groups in application's assigned directories.
username - username of the user.
groupName - name of the group.
Throws:
DirectoryAccessException - if there was an error executing the update or instantiating the RemoteDirectory.
ObjectNotFoundException - when the user cannot be found in ANY directory OR when ALL users are in directories which don't have the requested group.
ApplicationPermissionException - if none of the application's associated directories are allowed to perform operations of type OperationType.UPDATE_GROUP.

addGroupToGroup

public void addGroupToGroup(Application application,
                            java.lang.String childGroup,
                            java.lang.String parentGroup)
                     throws DirectoryAccessException,
                            ObjectNotFoundException,
                            ApplicationPermissionException
Description copied from interface: ApplicationService
Makes groups matching the given name (childGroup) direct members of the group (parentGroup) across ALL directories.

Specified by:
addGroupToGroup in interface ApplicationService
Parameters:
application - modify groups in application's assigned directories.
childGroup - name of child group.
parentGroup - name of parent group.
Throws:
DirectoryAccessException - if there was an error executing the update or instantiating the RemoteDirectory.
ObjectNotFoundException - when the child group cannot be found in ANY directory OR when ALL child groups are in directories which don't have the requested parent group.
ApplicationPermissionException - if none of the application's associated directories are allowed to perform operations of type OperationType.UPDATE_GROUP.

removeUserFromGroup

public void removeUserFromGroup(Application application,
                                java.lang.String username,
                                java.lang.String groupName)
                         throws DirectoryAccessException,
                                ObjectNotFoundException,
                                ApplicationPermissionException,
                                MembershipNotFoundException
Description copied from interface: ApplicationService
Makes users matching the given name not members of the group across ALL directories.

Specified by:
removeUserFromGroup in interface ApplicationService
Parameters:
application - modify groups in application's assigned directories.
username - username of the user.
groupName - name of the group.
Throws:
DirectoryAccessException - if there was an error executing the update or instantiating the RemoteDirectory.
ObjectNotFoundException - when the user cannot be found in ANY directory OR when ALL users are in directories which don't have the requested group.
ApplicationPermissionException - if none of the application's associated directories are allowed to perform operations of type OperationType.UPDATE_GROUP.
MembershipNotFoundException - if the user is not a direct member of the group in an assigned directory.

removeGroupFromGroup

public void removeGroupFromGroup(Application application,
                                 java.lang.String childGroup,
                                 java.lang.String parentGroup)
                          throws DirectoryAccessException,
                                 ObjectNotFoundException,
                                 ApplicationPermissionException,
                                 MembershipNotFoundException
Description copied from interface: ApplicationService
Makes child group matching the given name not members of the parent group across ALL directories.

Specified by:
removeGroupFromGroup in interface ApplicationService
Parameters:
application - modify groups in application's assigned directories.
childGroup - name of child group.
parentGroup - name of parent group.
Throws:
DirectoryAccessException - if there was an error executing the update or instantiating the RemoteDirectory.
ObjectNotFoundException - when the child group cannot be found in ANY directory OR when ALL child groups are in directories which don't have the requested parent group.
ApplicationPermissionException - if none of the application's associated directories are allowed to perform operations of type OperationType.UPDATE_GROUP.
MembershipNotFoundException - if the user is not a direct member of the group in an assigned directory.

isUserDirectGroupMember

public boolean isUserDirectGroupMember(Application application,
                                       java.lang.String username,
                                       java.lang.String groupName)
                                throws DirectoryAccessException
Description copied from interface: ApplicationService
Returns true if the user is a direct member of the group in any of the application's assigned directories.

Specified by:
isUserDirectGroupMember in interface ApplicationService
Parameters:
application - search groups in application's assigned directories.
username - name of the user to inspect.
groupName - name of the group to inspect.
Returns:
true if and only if the user is a direct member of the group. If the group or user does not exist in any directory, false is returned.
Throws:
DirectoryAccessException - if there was an error executing the search or instantiating the RemoteDirectory.

isGroupDirectGroupMember

public boolean isGroupDirectGroupMember(Application application,
                                        java.lang.String childGroup,
                                        java.lang.String parentGroup)
                                 throws DirectoryAccessException
Description copied from interface: ApplicationService
Returns true if the childGroup is a direct member of the parentGroup in any of the application's assigned directories.

Specified by:
isGroupDirectGroupMember in interface ApplicationService
Parameters:
application - search groups in application's assigned directories.
childGroup - name of the group to inspect.
parentGroup - name of the group to inspect.
Returns:
true if and only if the childGroup is a direct member of the parentGroup. If either group does not exist in any directory, false is returned.
Throws:
DirectoryAccessException - if there was an error executing the search or instantiating the RemoteDirectory.

isUserNestedGroupMember

public boolean isUserNestedGroupMember(Application application,
                                       java.lang.String username,
                                       java.lang.String groupName)
                                throws DirectoryAccessException
Description copied from interface: ApplicationService
Returns true if the user is a direct or indirect (nested) member of the group in any of the application's assigned directories.

If the directory does not support nested groups, this call will be equivalent to DirectoryManager.isUserDirectGroupMember(long, String, String).

WARNING: this method could be very slow if the underlying RemoteDirectory does not employ caching.

See CWD-1485 for explanation of logic in amalgamation.

Specified by:
isUserNestedGroupMember in interface ApplicationService
Parameters:
application - search groups in application's assigned directories.
username - name of the user to inspect.
groupName - name of the group to inspect.
Returns:
true if and only if the user is a direct or indirect (nested) member of the group. If the group or user does not exist in the directory, false is returned.
Throws:
DirectoryAccessException - if there was an error executing the search or instantiating the RemoteDirectory.

isGroupNestedGroupMember

public boolean isGroupNestedGroupMember(Application application,
                                        java.lang.String childGroup,
                                        java.lang.String parentGroup)
                                 throws DirectoryAccessException
Description copied from interface: ApplicationService
Returns true if the childGroup is a direct or indirect (nested) member of the parentGroup in any of the application's assigned directories.

If the directory does not support nested groups, this call will be equivalent to DirectoryManager.isGroupDirectGroupMember(long, String, String).

WARNING: this method could be very slow if the underlying RemoteDirectory does not employ caching.

See CWD-1485 for explanation of logic in amalgamation.

Specified by:
isGroupNestedGroupMember in interface ApplicationService
Parameters:
application - search groups in application's assigned directories.
childGroup - name of the user to inspect.
parentGroup - name of the group to inspect.
Returns:
true if and only if the childGroup is a direct or indirect (nested) member of the parentGruop. If either group does not exist in the directory, false is returned.
Throws:
DirectoryAccessException - if there was an error executing the search or instantiating the RemoteDirectory.

searchDirectGroupRelationships

public java.util.List searchDirectGroupRelationships(Application application,
                                                     MembershipQuery query)
                                              throws DirectoryAccessException
Description copied from interface: ApplicationService
Searches for direct group relationships in any of the application's assigned directories.

Specified by:
searchDirectGroupRelationships in interface ApplicationService
Parameters:
application - search groups in application's assigned directories.
query - membership query.
Returns:
List of User entities, Group entites, String usernames or String group names matching the query criteria.
Throws:
DirectoryAccessException - if there was an error executing the search or instantiating the RemoteDirectory.

searchNestedGroupRelationships

public java.util.List searchNestedGroupRelationships(Application application,
                                                     MembershipQuery query)
                                              throws DirectoryAccessException
Description copied from interface: ApplicationService
Searches for direct and indirect (nested) group relationships in any of the application's assigned directories.

If the directory does not support nested groups, this call will be equivalent to DirectoryManager.searchDirectGroupRelationships(long, com.atlassian.crowd.search.query.membership.MembershipQuery).

WARNING: this method could be very slow if the underlying RemoteDirectory does not employ caching.

See CWD-1485 for explanation of logic in amalgamation.

Specified by:
searchNestedGroupRelationships in interface ApplicationService
Parameters:
application - search groups in application's assigned directories.
query - membership query.
Returns:
List of User entities, Group entites, String usernames or String group names matching the query criteria.
Throws:
DirectoryAccessException - if there was an error executing the search or instantiating the RemoteDirectory.

setApplicationDAO

public void setApplicationDAO(ApplicationDAO applicationDAO)

setPasswordEncoderFactory

public void setPasswordEncoderFactory(PasswordEncoderFactory passwordEncoderFactory)

setDirectoryManager

public void setDirectoryManager(DirectoryManager directoryManager)
Overrides:
setDirectoryManager in class GenericManager

setPermissionManager

public void setPermissionManager(PermissionManager permissionManager)

setEventManager

public void setEventManager(com.atlassian.event.EventManager eventManager)
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2009 Atlassian Pty Ltd. All Rights Reserved.