@Transactional public class ApplicationServiceGeneric extends Object implements ApplicationService
Constructor and Description |
---|
ApplicationServiceGeneric(DirectoryManager directoryManager,
SearchStrategyFactory searchStrategyFactory,
PermissionManager permissionManager,
com.atlassian.event.api.EventPublisher eventPublisher,
EventStore eventStore,
WebhookRegistry webhookRegistry,
AvatarProvider avatarProvider,
AuthenticationOrderOptimizer authenticationOrderOptimizer) |
Modifier and Type | Method and Description |
---|---|
void |
addAllUsers(Application application,
Collection<UserTemplateWithCredentialAndAttributes> userTemplates)
Adds the user to THE FIRST permissible active directory.
|
Group |
addGroup(Application application,
GroupTemplate group)
Adds the group to ALL the active permissible directories.
|
void |
addGroupToGroup(Application application,
String childGroupName,
String parentGroupName)
Makes groups matching the given name (childGroupName) direct members of the group (parentGroupName) across ALL active directories.
|
User |
addUser(Application application,
UserTemplate user,
PasswordCredential credential)
Adds the user to the first permissible active directory.
|
UserWithAttributes |
addUser(Application application,
UserTemplateWithAttributes user,
PasswordCredential credential)
Adds the user to the first permissible active directory.
|
void |
addUserToGroup(Application application,
String username,
String groupName)
Makes the primary user of the given username a direct member of the group on the directory where the primary user resides.
|
User |
authenticateUser(Application application,
String username,
PasswordCredential passwordCredential)
Will attempt to authenticate the given user against the application.
|
void |
expireAllPasswords(Application application)
Expires all passwords for all directories which are part of this application, regardless of
group mapping.
|
Group |
findGroupByName(Application application,
String name)
Returns the first group with the matching groupname
from all the active directories assigned to the application.
|
GroupWithAttributes |
findGroupWithAttributesByName(Application application,
String name)
Returns the first group with the matching groupname
from all the active directories assigned to the application.
|
User |
findRemoteUserByName(Application application,
String username)
Returns the first user with the matching username from all active directories authoratiative remote directory.
|
User |
findUserByKey(Application application,
String key)
Returns the user with a matching key from all the active directories assigned to the application.
|
User |
findUserByName(Application application,
String name)
Returns the first user with the matching username
from all the active directories assigned to the application.
|
UserWithAttributes |
findUserWithAttributesByKey(Application application,
String key)
Returns the user with a matching key from all the active directories assigned to the application.
|
UserWithAttributes |
findUserWithAttributesByName(Application application,
String name)
Returns the first user with the matching username
from all the active directories assigned to the application.
|
Webhook |
findWebhookById(Application application,
long webhookId)
Retrieves a Webhook by its identifier.
|
protected List<Directory> |
getActiveDirectories(Application application)
Given an
application , retrieve all active directories associated with it. |
UserCapabilities |
getCapabilitiesForNewUsers(Application application)
Gets the expected capabilities for
new users . |
String |
getCurrentEventToken(Application application)
Returns a token that can be used for querying events that have happened
after the token was generated.
|
Events |
getNewEvents(Application application,
String eventToken)
Returns an events object which contains a new eventToken and events that
happened after the given
eventToken was generated. |
AvatarReference |
getUserAvatar(Application application,
String username,
int sizeHint)
Gets an avatar for this user, if one is available.
|
URI |
getUserAvatarLink(Application application,
String username,
int sizeHint)
Gets a URL for an avatar for this user, if one is available.
|
boolean |
isGroupDirectGroupMember(Application application,
String childGroup,
String parentGroup)
Returns
true if the childGroup is a direct member of the parentGroup in any of the application's assigned directories. |
boolean |
isGroupNestedGroupMember(Application application,
String childGroup,
String parentGroup)
Returns
true if the childGroup is a direct or indirect (nested) member of the parentGroup in any of the application's active assigned directories. |
boolean |
isUserAuthorised(Application application,
String username)
Returns true if the user is permitted to attempt authentication with the application.
|
boolean |
isUserAuthorised(Application application,
User user)
Returns true if the user is permitted to attempt authentication with the application.
|
boolean |
isUserDirectGroupMember(Application application,
String username,
String groupName)
Returns
true if the user is a direct member of the group in the directory of the first user found with the specified username. |
boolean |
isUserNestedGroupMember(Application application,
String username,
String groupName)
Returns
true if the user is a direct or indirect (nested) member of the group in the directory of the first user found with the specified username. |
Webhook |
registerWebhook(Application application,
String endpointUrl,
String token)
Registers a Webhook associated to the application.
|
void |
removeGroup(Application application,
String groupname)
Removes ALL groups from each of the application's assigned
directories that are active.
|
void |
removeGroupAttributes(Application application,
String groupname,
String attributeName)
Removes a group's attribute values for all active permissible directories assigned to the application.
|
void |
removeGroupFromGroup(Application application,
String childGroupName,
String parentGroupName)
Makes child group matching the given name not members of the parent group across ALL active directories.
|
void |
removeUser(Application application,
String username)
Removes the user from the first active directory they are found in.
|
void |
removeUserAttributes(Application application,
String username,
String attributeName)
Removes a user's attribute values for the first active directory containing this username.
|
void |
removeUserFromGroup(Application application,
String username,
String groupName)
Makes the primary user of the given username no longer a member of the group on the directory where the primary user resides.
|
User |
renameUser(Application application,
String oldUserName,
String newUsername)
Renames the user in the first active directory the users exists in.
|
<T> List<T> |
searchDirectGroupRelationships(Application application,
MembershipQuery<T> query)
Searches for direct group relationships in any of the application's active assigned directories.
|
<T> List<T> |
searchGroups(Application application,
EntityQuery<T> query)
Returns a List<Group> matching the search criteria defined in the query
for ALL of the active directories assigned to the application.
|
<T> List<T> |
searchNestedGroupRelationships(Application application,
MembershipQuery<T> query)
Searches for direct and indirect (nested) group relationships in any of the application's active assigned directories.
|
<T> List<T> |
searchUsers(Application application,
EntityQuery<T> query)
Returns a List<User> or List<String> matching the search criteria defined in the query
for ALL of the active directories assigned to the application.
|
void |
storeGroupAttributes(Application application,
String groupname,
Map<String,Set<String>> attributes)
Adds or updates a group's attributes with the new Map of attribute values for all active permissible directories assigned to the application.
|
void |
storeUserAttributes(Application application,
String username,
Map<String,Set<String>> attributes)
Adds or updates a user's attributes with the new Map of attribute values for the first active directory containing this username.
|
void |
unregisterWebhook(Application application,
long webhookId)
Unregisters a Webhook.
|
Group |
updateGroup(Application application,
GroupTemplate group)
Updates the group in ALL the active permissible directories.
|
User |
updateUser(Application application,
UserTemplate user)
Updates the user in the first active directory the User belongs.
|
void |
updateUserCredential(Application application,
String username,
PasswordCredential credential)
Updates the credentials of the first matching user from all the active directories assigned to the application.
|
User |
userAuthenticated(Application application,
String username) |
public ApplicationServiceGeneric(DirectoryManager directoryManager, SearchStrategyFactory searchStrategyFactory, PermissionManager permissionManager, com.atlassian.event.api.EventPublisher eventPublisher, EventStore eventStore, WebhookRegistry webhookRegistry, AvatarProvider avatarProvider, AuthenticationOrderOptimizer authenticationOrderOptimizer)
public User authenticateUser(Application application, String username, PasswordCredential passwordCredential) throws OperationFailedException, InactiveAccountException, InvalidAuthenticationException, ExpiredCredentialException, UserNotFoundException
ApplicationService
OperationFailedException
being thrown,
the authentication logic will skip those directories, instead relying on the operative ones, in the order defined in the application's directory mappings.
However, if the user, still, cannot be authenticated against any remaining directories, we suspect one of the bad directories must have held
the user account, in which case OperationFailedException
, which indicates the underlying cause of the first failing directory,
will be thrown from this method.authenticateUser
in interface ApplicationService
application
- the application to authenticate againstusername
- the username to authenticate againstpasswordCredential
- the password to use for authenticationOperationFailedException
- underlying directory implementation failed to execute the operation.InactiveAccountException
- if the users account is marked as inactiveInvalidAuthenticationException
- if authentication with the provided credentials failed, or potentially the user does not exist.ExpiredCredentialException
- if the users credentials have expiredUserNotFoundException
public boolean isUserAuthorised(Application application, String username)
ApplicationService
For a user to have access to an application:
isUserAuthorised
in interface ApplicationService
application
- application user is authenticating againstusername
- usernamepublic boolean isUserAuthorised(Application application, User user)
ApplicationService
For a user to have access to an application:
isUserAuthorised
in interface ApplicationService
application
- application user is authenticating againstuser
- the user that will be checkedpublic void addAllUsers(Application application, Collection<UserTemplateWithCredentialAndAttributes> userTemplates) throws ApplicationPermissionException, OperationFailedException, BulkAddFailedException
ApplicationService
If no directories have CREATE_USER permission, an ApplicationPermissionException
is thrown.
addAllUsers
in interface ApplicationService
application
- add to application's assigned directories.userTemplates
- the users to add.ApplicationPermissionException
- thrown when no CREATE USER permission for any of the directories.OperationFailedException
- underlying directory implementation failed to execute the operation.BulkAddFailedException
- throw when it failed to create a user in of the directories.public User findUserByName(Application application, String name) throws UserNotFoundException
ApplicationService
The directories are searched in the order they are assigned to the application.
findUserByName
in interface ApplicationService
application
- search application's assigned directories.name
- the username of the user to find.UserNotFoundException
- user not found in any of the directories.public User findRemoteUserByName(Application application, String username) throws UserNotFoundException
ApplicationService
The directories are searched in the order they are assigned to the application.
findRemoteUserByName
in interface ApplicationService
application
- search application's assigned directories.username
- the username of the user to find.UserNotFoundException
- user not found in any of the directories.public User findUserByKey(Application application, String key) throws UserNotFoundException
ApplicationService
findUserByKey
in interface ApplicationService
application
- application that is looking up the user.key
- user key to look up by.UserNotFoundException
- if the canonical user with the given key is not found in the active directories
mapped to the application.public UserWithAttributes findUserWithAttributesByKey(Application application, String key) throws UserNotFoundException
ApplicationService
findUserWithAttributesByKey
in interface ApplicationService
application
- application that is looking up the user.key
- user key to look up by.UserNotFoundException
- if the canonical user with the given key is not found in the active directories
mapped to the application.public UserWithAttributes findUserWithAttributesByName(Application application, String name) throws UserNotFoundException
ApplicationService
The directories are searched in the order they are assigned to the application.
findUserWithAttributesByName
in interface ApplicationService
application
- search application's assigned directories.name
- the username of the user to find.UserNotFoundException
- user not found in any of the directories.public User addUser(Application application, UserTemplate user, PasswordCredential credential) throws InvalidUserException, OperationFailedException, InvalidCredentialException, ApplicationPermissionException
ApplicationService
If the user exists in ANY of the application's active assigned
directories, then an InvalidUserException
will be thrown.
If the add operation fails on the directory because of permission restrictions, an ApplicationPermissionException is thrown
If ALL directories permissions fail, an
ApplicationPermissionException
is thrown.
If the add operation fails on a directory for any other reason, such as directory failure, update failure, etc., an Exception is thrown immediately.
Returns the added user from the directory operation.
addUser
in interface ApplicationService
application
- add to application's assigned directories.user
- a template of the user to be added. The directoryId of the UserTemplate is ignored, and will be mutated for each directoryMapping.credential
- the password credential of the user (unencrypted).ApplicationService.findUserByName(com.atlassian.crowd.model.application.Application, String)
.InvalidUserException
- if the user already exists in ANY associated directory or the user template does not have the required properties populated.OperationFailedException
- underlying directory implementation failed to execute the operation.InvalidCredentialException
- if the user's credential does not meet the validation requirements for an associated directory.ApplicationPermissionException
- if none of the application's associated directories are allowed to perform operations of type OperationType.CREATE_USER
.public UserWithAttributes addUser(Application application, UserTemplateWithAttributes user, PasswordCredential credential) throws InvalidUserException, OperationFailedException, InvalidCredentialException, ApplicationPermissionException
ApplicationService
If the user exists in ANY of the application's active assigned
directories, then an InvalidUserException
will be thrown.
If the add operation fails on the directory because of permission restrictions, an ApplicationPermissionException is thrown
If ALL directories permissions fail, an
ApplicationPermissionException
is thrown.
If the add operation fails on a directory for any other reason, such as directory failure, update failure, etc., an Exception is thrown immediately.
Returns the added user from the directory operation.
addUser
in interface ApplicationService
application
- add to application's assigned directories.user
- a template of the user to be added. The directoryId of the UserTemplateWithAttributes
is ignored, and will be mutated for each directoryMapping.credential
- the password credential of the user (unencrypted).ApplicationService.findUserWithAttributesByName(com.atlassian.crowd.model.application.Application, String)
.InvalidUserException
- if the user already exists in ANY associated directory or the user template does not have the required properties populated.OperationFailedException
- underlying directory implementation failed to execute the operation.InvalidCredentialException
- if the user's credential does not meet the validation requirements for an associated directory.ApplicationPermissionException
- if none of the application's associated directories are allowed to perform operations of type OperationType.CREATE_USER
.public User updateUser(Application application, UserTemplate user) throws InvalidUserException, OperationFailedException, ApplicationPermissionException, UserNotFoundException
ApplicationService
If the user does not exist in ANY of the application's active assigned
directories, then a UserNotFoundException
will be thrown.
If the update operation is not allowed on the User's directory, an
ApplicationPermissionException
is thrown.
If the update operation fails on a directory for any other reason, such as directory failure, update failure, etc., an Exception is thrown immediately.
Returns the updated User.
updateUser
in interface ApplicationService
application
- application with assigned directories to operate on.user
- a template of the user to be added. The directoryId of the UserTemplate is ignored, and directories searched for the given username.InvalidUserException
- if the user template does not have the required properties populated.OperationFailedException
- underlying directory implementation failed to execute the operation.ApplicationPermissionException
- if the User's directory is not allowed to perform operations of type OperationType.UPDATE_USER
.UserNotFoundException
- user does not exist in any of the associated active directories of the application.public User renameUser(Application application, String oldUserName, String newUsername) throws UserNotFoundException, OperationFailedException, ApplicationPermissionException, InvalidUserException
ApplicationService
If the user does not exist in ANY of the application's active assigned
directories, then a UserNotFoundException
will be thrown.
If the rename operation is not allowed on the User's directory, an
ApplicationPermissionException
is thrown.
If the rename operation fails on a directory for any other reason, such as directory failure, update failure, etc., an Exception is thrown immediately.
Returns the renamed User.
renameUser
in interface ApplicationService
application
- application with assigned directories to operate on.oldUserName
- current username of the user to rename.newUsername
- new username of the renamed user.UserNotFoundException
- user does not exist in any of the associated active directories of the application.OperationFailedException
- underlying directory implementation failed to execute the operation.ApplicationPermissionException
- if the User's directory is not allowed to perform operations of type OperationType.UPDATE_USER
.InvalidUserException
- if the new username does not meet the username requirements for an associated directory.public void updateUserCredential(Application application, String username, PasswordCredential credential) throws OperationFailedException, InvalidCredentialException, ApplicationPermissionException, UserNotFoundException
ApplicationService
Thus, the method only operates on the same user returned from a call to findUserByName.
updateUserCredential
in interface ApplicationService
application
- update in application's assigned directories.username
- name of user.credential
- new (unencrypted) credentials.OperationFailedException
- underlying directory implementation failed to execute the operation.InvalidCredentialException
- if the user's credential does not meet the validation requirements for an associated directory.ApplicationPermissionException
- if the first directory in which the user is found doesn't have the permission to perform operations of type OperationType.UPDATE_USER
.UserNotFoundException
- if no user with the given name exists in ANY assigned directory.public void storeUserAttributes(Application application, String username, Map<String,Set<String>> attributes) throws OperationFailedException, ApplicationPermissionException, UserNotFoundException
ApplicationService
The attributes map represents new or updated attributes and does not replace existing attributes unless the key of an attribute matches the key of an existing attribute on the user.
This method does not update primary field attributes like firstName, lastName, etc.
If the user does not exist in ANY of the application's assigned
directories, then a UserNotFoundException
will be thrown.
If the directory does not have UPDATE_USER permission, an
ApplicationPermissionException
is thrown.
If the update operation fails on a directory for any other reason, such as directory failure, update failure, etc., an Exception is thrown immediately.
storeUserAttributes
in interface ApplicationService
application
- application with assigned directories to operate on.username
- username of the user to update.attributes
- map of one-to-many attribute-values. All attribute keys are treated as new or updated attributes.OperationFailedException
- underlying directory implementation failed to execute the operation.ApplicationPermissionException
- if the User's directory does not have permission to perform operations of type OperationType.UPDATE_USER_ATTRIBUTE
.UserNotFoundException
- if the user with the supplied username does not exist in ANY assigned directory.public void removeUserAttributes(Application application, String username, String attributeName) throws OperationFailedException, ApplicationPermissionException, UserNotFoundException
ApplicationService
If the user does not exist in ANY of the application's assigned
directories, then a UserNotFoundException
will be thrown.
If the directory does not have UPDATE_USER permission, an
ApplicationPermissionException
is thrown.
If the update operation fails on a directory for any other reason, such as directory failure, update failure, etc., an Exception is thrown immediately.
removeUserAttributes
in interface ApplicationService
application
- application with assigned directories to operate on.username
- username of the user to update.attributeName
- all attribute values for this key will be removed from the user.OperationFailedException
- underlying directory implementation failed to execute the operation.ApplicationPermissionException
- if the User's directory does not have permission to perform operations of type OperationType.UPDATE_USER_ATTRIBUTE
.UserNotFoundException
- if the user with the supplied username does not exist in ANY assigned directory.public void removeUser(Application application, String username) throws OperationFailedException, ApplicationPermissionException, UserNotFoundException
ApplicationService
If the user does not exist in ANY of the application's assigned directories, then a UserNotFoundException
will be thrown.
If the remove operation fails because of permission restrictions, an ApplicationPermissionException is thrown.
removeUser
in interface ApplicationService
application
- remove from application's assigned directories.username
- the name of the user to remove.OperationFailedException
- underlying directory implementation failed to execute the operation.ApplicationPermissionException
- if the User's directory does not have permission to perform operations of type OperationType.DELETE_USER
.UserNotFoundException
- if user with given name does not exist in ANY assigned directory.public <T> List<T> searchUsers(Application application, EntityQuery<T> query)
ApplicationService
The users will be returned in a stable order including across pagination boundaries (excluding modification).
searchUsers
in interface ApplicationService
application
- search application's assigned directories.query
- the search query.public Group findGroupByName(Application application, String name) throws GroupNotFoundException
ApplicationService
The directories are searched in the order they are assigned to the application.
findGroupByName
in interface ApplicationService
application
- search application's assigned directories.name
- the groupname of the group to find.GroupNotFoundException
- group not found in any of the directories.public GroupWithAttributes findGroupWithAttributesByName(Application application, String name) throws GroupNotFoundException
ApplicationService
The directories are searched in the order they are assigned to the application.
findGroupWithAttributesByName
in interface ApplicationService
application
- search application's assigned directories.name
- the groupname of the group to find.GroupNotFoundException
- group not found in any of the directories.public Group addGroup(Application application, GroupTemplate group) throws InvalidGroupException, OperationFailedException, ApplicationPermissionException
ApplicationService
If the group exists in ANY of the application's active assigned
directories, then an InvalidGroupException
will be thrown.
If the add operation fails on a directory because of
permissioning restrictions, an INFO message is logged.
If ALL directories permissions fail, an
ApplicationPermissionException
is thrown.
If the add operation fails on a directory for any other reason, such as directory failure, update failure, etc., an Exception is thrown immediately.
Returns the group from the first directory containing the group.
addGroup
in interface ApplicationService
application
- add to application's assigned directories.group
- a template of the group to be added. The directoryId of the GroupTemplate is ignored, and will be mutated for each directoryMapping.ApplicationService.findGroupByName(com.atlassian.crowd.model.application.Application, String)
.InvalidGroupException
- if the group already exists in ANY associated directory or the group template does not have the required properties populated.OperationFailedException
- underlying directory implementation failed to execute the operation.ApplicationPermissionException
- if none of the application's associated directories are allowed to perform operations of type OperationType.CREATE_GROUP
.public Group updateGroup(Application application, GroupTemplate group) throws InvalidGroupException, OperationFailedException, ApplicationPermissionException, GroupNotFoundException
ApplicationService
If the group does not exist in ANY of the application's assigned
directories, then a GroupNotFoundException
will be thrown.
If the update operation fails on a directory because of
permissioning restrictions, an INFO message is logged.
If ALL directories permissions fail, an
ApplicationPermissionException
is thrown.
If the update operation fails on a directory for any other reason, such as directory failure, update failure, etc., an Exception is thrown immediately.
Returns the group from the first directory containing the group.
updateGroup
in interface ApplicationService
application
- application with assigned directories to operate on.group
- a template of the group to be added. The directoryId of the GroupTemplate is ignored, and will be mutated for each directoryMapping.ApplicationService.findGroupByName(com.atlassian.crowd.model.application.Application, String)
.InvalidGroupException
- if the group already exists in ANY associated directory or the group template does not have the required properties populated.OperationFailedException
- underlying directory implementation failed to execute the operation.ApplicationPermissionException
- if none of the application's associated directories are allowed to perform operations of type OperationType.UPDATE_GROUP
.GroupNotFoundException
- group does not exist in any of the associated directories of the application.public void storeGroupAttributes(Application application, String groupname, Map<String,Set<String>> attributes) throws OperationFailedException, ApplicationPermissionException, GroupNotFoundException
ApplicationService
The attributes map represents new or updated attributes and does not replace existing attributes unless the key of an attribute matches the key of an existing attribute on the group.
This method does not update primary field attributes like firstName, lastName, etc.
If the group does not exist in ANY of the application's assigned
directories, then a GroupNotFoundException
will be thrown.
If the update operation fails on a directory because of
permissioning restrictions, an INFO message is logged.
If ALL directories permissions fail, an
ApplicationPermissionException
is thrown.
If the update operation fails on a directory for any other reason, such as directory failure, update failure, etc., an Exception is thrown immediately.
storeGroupAttributes
in interface ApplicationService
application
- application with assigned directories to operate on.groupname
- groupname of the group to update.attributes
- map of one-to-many attribute-values. All attribute keys are treated as new or updated attributes.OperationFailedException
- underlying directory implementation failed to execute the operation.ApplicationPermissionException
- if none of the application's associated directories are allowed to perform operations of type OperationType.UPDATE_GROUP_ATTRIBUTE
.GroupNotFoundException
- if the group with the supplied groupname does not exist in ANY assigned directory.public void removeGroupAttributes(Application application, String groupname, String attributeName) throws OperationFailedException, ApplicationPermissionException, GroupNotFoundException
ApplicationService
If the group does not exist in ANY of the application's assigned
directories, then a GroupNotFoundException
will be thrown.
If the update operation fails on a directory because of
permissioning restrictions, an INFO message is logged.
If ALL directories permissions fail, an
ApplicationPermissionException
is thrown.
If the update operation fails on a directory for any other reason, such as directory failure, update failure, etc., an Exception is thrown immediately.
removeGroupAttributes
in interface ApplicationService
application
- application with assigned directories to operate on.groupname
- groupname of the group to update.attributeName
- all attribute values for this key will be removed from the group.OperationFailedException
- underlying directory implementation failed to execute the operation.ApplicationPermissionException
- if none of the application's associated directories are allowed to perform operations of type OperationType.UPDATE_GROUP_ATTRIBUTE
.GroupNotFoundException
- if the group with the supplied groupname does not exist in ANY assigned directory.public void removeGroup(Application application, String groupname) throws OperationFailedException, ApplicationPermissionException, GroupNotFoundException
ApplicationService
If the group doesn't exist in ANY of the application's assigned directories that are active, then a GroupNotFoundException will be thrown.
If the remove operation fails on a directory because of permissioning restrictions, an INFO message is logged. If ALL directories permissions fail, a ApplicationPermissionException is thrown.
If the remove operation fails on a directory for any other reason, such as directory failure, update failure, etc., an Exception is thrown immediately.
removeGroup
in interface ApplicationService
application
- remove from application's assigned directories.groupname
- the name of the group to remove.OperationFailedException
- underlying directory implementation failed to execute the operation.ApplicationPermissionException
- if none of the application's associated directories are allowed to perform operations of type OperationType.DELETE_GROUP
.GroupNotFoundException
- if group with given name does not exist in ANY assigned directory.public <T> List<T> searchGroups(Application application, EntityQuery<T> query)
ApplicationService
The groups will be returned in a stable order including across pagination boundaries (excluding modification).
searchGroups
in interface ApplicationService
application
- search application's assigned directories.query
- the search query.public void addUserToGroup(Application application, String username, String groupName) throws OperationFailedException, ApplicationPermissionException, UserNotFoundException, GroupNotFoundException, MembershipAlreadyExistsException
ApplicationService
A user exists in one individual directory, however a group is thought to "span" all directories (users from different directories can belong to the same group). With this in mind, if the group does not exist in the User's directory (but does already exist), then this method will attempt to automatically add the group to that directory for you.
addUserToGroup
in interface ApplicationService
application
- modify groups in application's assigned directories.username
- username of the user.groupName
- name of the group.OperationFailedException
- underlying directory implementation failed to execute the operation.ApplicationPermissionException
- if the application's directory where the primary user resides does not allow operations of type OperationType.UPDATE_GROUP
or the group is readonly.UserNotFoundException
- when the user cannot be found in ANY directoryGroupNotFoundException
- when the group cannot be found in ANY directoryMembershipAlreadyExistsException
- if the user is already a member of the grouppublic void addGroupToGroup(Application application, String childGroupName, String parentGroupName) throws OperationFailedException, ApplicationPermissionException, GroupNotFoundException, InvalidMembershipException, MembershipAlreadyExistsException
ApplicationService
addGroupToGroup
in interface ApplicationService
application
- modify groups in the application's assigned directories.childGroupName
- name of child group.parentGroupName
- name of parent group.OperationFailedException
- underlying directory implementation failed to execute the operation.ApplicationPermissionException
- if we were unable to create the membership in any directory. This is based on Edit permissions, Create permissions, and whether Nested Groups is supported by the individual directories.GroupNotFoundException
- when the parent or child group do not existInvalidMembershipException
- The child and parent are of different group types or would cause a circular reference.MembershipAlreadyExistsException
- if the child group is already a child of the parent grouppublic void removeUserFromGroup(Application application, String username, String groupName) throws OperationFailedException, ApplicationPermissionException, MembershipNotFoundException, UserNotFoundException, GroupNotFoundException
ApplicationService
removeUserFromGroup
in interface ApplicationService
application
- modify groups in application's assigned directories.username
- username of the user.groupName
- name of the group.OperationFailedException
- underlying directory implementation failed to execute the operation.ApplicationPermissionException
- if the application's directory where the primary user resides does not allow operations of type OperationType.UPDATE_GROUP
.MembershipNotFoundException
- if the user is not a direct member of the group in an assigned directory.UserNotFoundException
- when the user cannot be found in ANY directoryGroupNotFoundException
- when the group does not exist in the directory where the primary user resides.public void removeGroupFromGroup(Application application, String childGroupName, String parentGroupName) throws OperationFailedException, ApplicationPermissionException, MembershipNotFoundException, GroupNotFoundException
ApplicationService
removeGroupFromGroup
in interface ApplicationService
application
- modify groups in application's assigned directories.childGroupName
- name of child group.parentGroupName
- name of parent group.OperationFailedException
- underlying directory implementation failed to execute the operation.ApplicationPermissionException
- if none of the application's associated directories are allowed to perform operations of type OperationType.UPDATE_GROUP
.MembershipNotFoundException
- if the user is not a direct member of the group in an assigned directory.GroupNotFoundException
- when the child group cannot be found in ANY directory OR when ALL child groups are in directories which don't have the requested parent group.public boolean isUserDirectGroupMember(Application application, String username, String groupName)
ApplicationService
true
if the user is a direct member of the group in the directory of the first user found with the specified username.isUserDirectGroupMember
in interface ApplicationService
application
- search groups in application's assigned directories.username
- name of the user to inspect.groupName
- name of the group to inspect.true
if and only if the user is a direct member of the group. If the group or user does not exist in any directory, false
is returned.public boolean isGroupDirectGroupMember(Application application, String childGroup, String parentGroup)
ApplicationService
true
if the childGroup is a direct member of the parentGroup in any of the application's assigned directories.isGroupDirectGroupMember
in interface ApplicationService
application
- search groups in application's assigned directories.childGroup
- name of the group to inspect.parentGroup
- name of the group to inspect.true
if and only if the childGroup is a direct member of the parentGroup. If either group does not exist in any directory, false
is returned.public boolean isUserNestedGroupMember(Application application, String username, String groupName)
ApplicationService
true
if the user is a direct or indirect (nested) member of the group in the directory of the first user found with the specified username.
If the directory does not support nested groups, this call will be equivalent to DirectoryManager.isUserDirectGroupMember(long, String, String)
.
WARNING: this method could be very slow if the underlying RemoteDirectory does not employ caching.
See CWD-1485 for explanation of logic in amalgamation.
Nesting is not resolved across directories.
isUserNestedGroupMember
in interface ApplicationService
application
- search groups in application's assigned directories.username
- name of the user to inspect.groupName
- name of the group to inspect.true
if and only if the user is a direct or indirect (nested) member of the group. If the group or user does not exist in the directory, false
is returned.public boolean isGroupNestedGroupMember(Application application, String childGroup, String parentGroup)
ApplicationService
true
if the childGroup is a direct or indirect (nested) member of the parentGroup in any of the application's active assigned directories.
If the directory does not support nested groups, this call will be equivalent to DirectoryManager.isGroupDirectGroupMember(long, String, String)
.
WARNING: this method could be very slow if the underlying RemoteDirectory does not employ caching.
See CWD-1485 for explanation of logic in amalgamation.
Nesting is not resolved across directories.
isGroupNestedGroupMember
in interface ApplicationService
application
- search groups in application's assigned directories.childGroup
- name of the user to inspect.parentGroup
- name of the group to inspect.true
if and only if the childGroup is a direct or indirect (nested) member of the parentGroup. If either group does not exist in the directory, false
is returned.public <T> List<T> searchDirectGroupRelationships(Application application, MembershipQuery<T> query)
ApplicationService
membership aggregation semantic
will determine whether only the owning directory (when false
) or all directories (when true
) will be searched.searchDirectGroupRelationships
in interface ApplicationService
application
- search groups in application's assigned directories.query
- membership query.User
entities,
Group
entities,
String
usernames or String
group names matching the query criteria.public <T> List<T> searchNestedGroupRelationships(Application application, MembershipQuery<T> query)
ApplicationService
If the directory does not support nested groups, this call will be equivalent to DirectoryManager.searchDirectGroupRelationships(long, com.atlassian.crowd.search.query.membership.MembershipQuery)
.
WARNING: this method could be very slow if the underlying RemoteDirectory does not employ caching.
When searching for the groups a user is a member of only the directory of the user (as determined by findUserByName) is searched. When searching for memberships of a group or groups a group is a member of all directories are searched and the results amalgamated.
searchNestedGroupRelationships
in interface ApplicationService
application
- search groups in application's assigned directories.query
- membership query.User
entities,
Group
entities,
String
usernames or String
group names matching the query criteria.public String getCurrentEventToken(Application application) throws IncrementalSynchronisationNotAvailableException
ApplicationService
If the event token has not changed since the last call to this method, it is guaranteed that no new events have been received.
The format of event token is implementation specific and can change without a warning.
getCurrentEventToken
in interface ApplicationService
application
- current applicationIncrementalSynchronisationNotAvailableException
- if the application cannot provide incremental synchronisationpublic Events getNewEvents(Application application, String eventToken) throws EventTokenExpiredException, OperationFailedException
ApplicationService
eventToken
was generated.
If for any reason event store is unable to retrieve events that happened
after the event token was generated, an
EventTokenExpiredException
will be thrown. The caller is then
expected to call ApplicationService.getCurrentEventToken(Application)
again before asking for
new events.
getNewEvents
in interface ApplicationService
application
- return events visible to applicationeventToken
- event token that was retrieved by a call to ApplicationService.getCurrentEventToken(com.atlassian.crowd.model.application.Application)
or this methodeventToken
was generatedEventTokenExpiredException
- if events that happened after the event token was generated can not be retrievedOperationFailedException
- if the operation has failed for any other reason, including invalid argumentspublic Webhook findWebhookById(Application application, long webhookId) throws WebhookNotFoundException, ApplicationPermissionException
ApplicationService
findWebhookById
in interface ApplicationService
application
- the application that owns the Webhook. Only the application that registered
the Webhook is allowed to retrieve itwebhookId
- Id of a Webhook, as returned by ApplicationService.registerWebhook(com.atlassian.crowd.model.application.Application, String, String)
WebhookNotFoundException
- if a Webhook with the given Id does not existApplicationPermissionException
- if the Webhook exists, but was registered by a different applicationpublic Webhook registerWebhook(Application application, String endpointUrl, @Nullable String token) throws InvalidWebhookEndpointException
ApplicationService
registerWebhook
in interface ApplicationService
application
- the application that owns the Webhook. Only this application will
be able to unregister it later.endpointUrl
- the application-provided HTTP endpoint that will be POST'ed by Crowd
when new events are ready to be collected.token
- the token Crowd will use to ping the Webhook endpoint (optional).InvalidWebhookEndpointException
- when endpointUrl
is not a valid urlpublic void unregisterWebhook(Application application, long webhookId) throws ApplicationPermissionException, WebhookNotFoundException
ApplicationService
unregisterWebhook
in interface ApplicationService
application
- the application that owns the Webhook.webhookId
- the identifier of the Webhook that will be unregistered.ApplicationPermissionException
- if the application is not the same that
registered the Webhook.WebhookNotFoundException
- if the Webhook is not found on the serverpublic UserCapabilities getCapabilitiesForNewUsers(Application application)
ApplicationService
new users
.
Those capabilities reflects a specific moment in time and are subject to change if any user directory is added, removed or re-ordered.
getCapabilitiesForNewUsers
in interface ApplicationService
application
- the application the directories are assigned toApplicationService.addUser(Application, UserTemplate, PasswordCredential)
protected List<Directory> getActiveDirectories(Application application)
application
, retrieve all active directories associated with it.application
- application to queryapplication
@Nullable public URI getUserAvatarLink(Application application, String username, int sizeHint) throws UserNotFoundException, DirectoryNotFoundException, OperationFailedException
ApplicationService
getUserAvatarLink
in interface ApplicationService
username
- the user to fetch an avatar for, as returned from a find
methodsizeHint
- a hint in pixels for how large the image should beUserNotFoundException
DirectoryNotFoundException
OperationFailedException
@Nullable public AvatarReference getUserAvatar(Application application, String username, int sizeHint) throws UserNotFoundException, DirectoryNotFoundException, OperationFailedException
ApplicationService
getUserAvatar
in interface ApplicationService
username
- the user to fetch an avatar for, as returned from a find
methodsizeHint
- a hint in pixels for how large the image should beUserNotFoundException
DirectoryNotFoundException
OperationFailedException
public void expireAllPasswords(Application application) throws OperationFailedException
ApplicationService
expireAllPasswords
in interface ApplicationService
application
- the application for which to expire all passwords in all
mapped directories.OperationFailedException
- if any of the directories fail to expire all passwords. This
can lead to only some of the users having expired passwords.public User userAuthenticated(Application application, String username) throws UserNotFoundException, OperationFailedException, InactiveAccountException
userAuthenticated
in interface ApplicationService
UserNotFoundException
OperationFailedException
InactiveAccountException
Copyright © 2020 Atlassian. All rights reserved.