public class AuditingDirectoryDecorator extends Object implements RemoteDirectory
RemoteDirectory
that creates events in the audit log upon changes. Used to extend
existing directories with auditing. This class should not be used for directories using Crowd's persistence layer as
the changes will be audited by the DAOs.Constructor and Description |
---|
AuditingDirectoryDecorator(RemoteDirectory remoteDirectory,
AuditService auditService,
AuditLogUserMapper auditLogUserMapper,
AuditLogGroupMapper auditLogGroupMapper,
String directoryName) |
Modifier and Type | Method and Description |
---|---|
Group |
addGroup(GroupTemplate group)
Adds a
group to the directory store. |
void |
addGroupToGroup(String childGroup,
String parentGroup)
Adds a group as a member of a parent group.
|
User |
addUser(UserTemplate user,
PasswordCredential credential)
Adds a
user to the directory store. |
UserWithAttributes |
addUser(UserTemplateWithAttributes user,
PasswordCredential credential)
Adds a
user to the directory store. |
void |
addUserToGroup(String username,
String groupName)
Adds a user as a member of a group.
|
User |
authenticate(String name,
PasswordCredential credential)
Authenticates a
user with the directory store. |
BoundedCount |
countDirectMembersOfGroup(String groupName,
int querySizeHint)
Count the direct members of a group in the remote directory.
|
void |
expireAllPasswords()
Sets the
UserConstants.REQUIRES_PASSWORD_CHANGE attribute to true for
all users in the directory using bulk operations |
Group |
findGroupByName(String name)
Finds the
group that matches the supplied name . |
GroupWithAttributes |
findGroupWithAttributesByName(String name)
Finds the
group that matches the supplied name . |
User |
findUserByExternalId(String externalId)
Finds the user that matches the supplied
externalId . |
User |
findUserByName(String name)
Finds the
user that matches the supplied name . |
UserWithAttributes |
findUserWithAttributesByName(String name)
Finds the
user that matches the supplied name . |
RemoteDirectory |
getAuthoritativeDirectory() |
String |
getDescriptiveName()
Returns a descriptive name for the type of directory.
|
long |
getDirectoryId()
Gets the internal unique
directoryId of the directory store. |
Set<String> |
getKeys()
Gets all the keys of the attributes.
|
Iterable<Membership> |
getMemberships()
Get an iterable view of the available group memberships.
|
AvatarReference |
getUserAvatarByName(String username,
int sizeHint)
Return an avatar, if available, for the named user.
|
String |
getValue(String key)
Returns any value associated with the given key, returns
null if there is no value. |
Set<String> |
getValues(String key)
Get all the values associated with a given key.
|
boolean |
isEmpty() |
boolean |
isGroupDirectGroupMember(String childGroup,
String parentGroup)
Determines if a group is a direct member of another group.
|
boolean |
isRolesDisabled()
Expose whether the directory has roles disabled.
|
boolean |
isUserDirectGroupMember(String username,
String groupName)
Determines if a user is a direct member of a group.
|
void |
removeGroup(String name)
Removes the
group that matches the supplied name . |
void |
removeGroupAttributes(String groupName,
String attributeName)
Removes all the values for a single attribute key for a group.
|
void |
removeGroupFromGroup(String childGroup,
String parentGroup)
Removes a group as a member of a parent group.
|
void |
removeUser(String name)
Removes the
user that matches the supplied name . |
void |
removeUserAttributes(String username,
String attributeName)
Removes all the values for a single attribute key for a user.
|
void |
removeUserFromGroup(String username,
String groupName)
Removes a user as a member of a group.
|
Group |
renameGroup(String oldName,
String newName)
Renames a
group . |
User |
renameUser(String oldName,
String newName)
Renames a
user . |
<T> List<T> |
searchGroupRelationships(MembershipQuery<T> query)
Searches for membership information.
|
<T> List<T> |
searchGroups(EntityQuery<T> query)
Searches for
groups that match the supplied query criteria. |
<T> List<T> |
searchUsers(EntityQuery<T> query)
Searches for
users that match the supplied query criteria. |
void |
setAttributes(Map<String,String> attributes)
When a directory store is loaded, the attributes map will be
set by the Crowd framework.
|
void |
setDirectoryId(long directoryId)
When a directory store is loaded, the
directoryId will be set by the
crowd framework. |
void |
storeGroupAttributes(String groupName,
Map<String,Set<String>> attributes)
Adds or updates a group's attributes with the new Map of attribute values in the directory specified by the passed in
directoryId . |
void |
storeUserAttributes(String username,
Map<String,Set<String>> attributes)
Adds or updates a user's attributes with the new Map of attribute values in the directory specified by the passed in
directoryId . |
boolean |
supportsInactiveAccounts()
Return true if this directory supports inactive users and groups.
|
boolean |
supportsNestedGroups()
Allows us to only display nested-group related UI for directories that support it.
|
boolean |
supportsPasswordExpiration()
Return true if this directory supports manually expiring passwords.
|
boolean |
supportsSettingEncryptedCredential()
If this method returns true, then calling
RemoteDirectory.updateUserCredential(String, PasswordCredential) or
RemoteDirectory.addUser(com.atlassian.crowd.model.user.UserTemplate, com.atlassian.crowd.embedded.api.PasswordCredential)
with a PasswordCredential instance where PasswordCredential.isEncryptedCredential() returns true
and the instance is not equal to PasswordCredential.NONE will succeed; otherwise, it will fail. |
void |
testConnection()
Test if a connection to the directory server can be established.
|
Group |
updateGroup(GroupTemplate group)
Updates the
group . |
User |
updateUser(UserTemplate user)
Updates the
user . |
void |
updateUserCredential(String username,
PasswordCredential credential)
|
User |
updateUserFromRemoteDirectory(User remoteUser) |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
getLocallyFilteredGroupNames, userAuthenticated
public AuditingDirectoryDecorator(RemoteDirectory remoteDirectory, AuditService auditService, AuditLogUserMapper auditLogUserMapper, AuditLogGroupMapper auditLogGroupMapper, String directoryName)
public void addUserToGroup(String username, String groupName) throws GroupNotFoundException, UserNotFoundException, ReadOnlyGroupException, OperationFailedException, MembershipAlreadyExistsException
RemoteDirectory
childGroup
will
appear as members of parentGroup
to querying applications.addUserToGroup
in interface RemoteDirectory
username
- The user that will become a member of groupName
groupName
- The group that will gain a new member.GroupNotFoundException
- If the group cannot be found.UserNotFoundException
- If the user cannot be found.ReadOnlyGroupException
- If the group is read-onlyOperationFailedException
- underlying directory implementation failed to execute the operation.MembershipAlreadyExistsException
- if the user is already a member of the grouppublic void addGroupToGroup(String childGroup, String parentGroup) throws GroupNotFoundException, InvalidMembershipException, ReadOnlyGroupException, OperationFailedException, MembershipAlreadyExistsException
RemoteDirectory
addGroupToGroup
in interface RemoteDirectory
childGroup
- The group that will become a member of parentGroup
parentGroup
- The group that will gain a new memberGroupNotFoundException
- One or both of the groups cannot be found.InvalidMembershipException
- if the childGroup and parentGroup exist but are of different GroupTypes.ReadOnlyGroupException
- if either of the groups are read-onlyOperationFailedException
- underlying directory implementation failed to execute the operation.MembershipAlreadyExistsException
- if the child group is already a child of the parent grouppublic void removeUserFromGroup(String username, String groupName) throws GroupNotFoundException, UserNotFoundException, MembershipNotFoundException, ReadOnlyGroupException, OperationFailedException
RemoteDirectory
removeUserFromGroup
in interface RemoteDirectory
username
- The user that will be removed from parentGroup
groupName
- The group that will lose the member.GroupNotFoundException
- If the group cannot be found.UserNotFoundException
- If the user cannot be found.MembershipNotFoundException
- if the user is not a direct member of the group.ReadOnlyGroupException
- if the group is read-onlyOperationFailedException
- underlying directory implementation failed to execute the operation.public void removeGroupFromGroup(String childGroup, String parentGroup) throws GroupNotFoundException, InvalidMembershipException, MembershipNotFoundException, ReadOnlyGroupException, OperationFailedException
RemoteDirectory
removeGroupFromGroup
in interface RemoteDirectory
childGroup
- The group that will be removed from parentGroup
parentGroup
- The group that will lose the member.GroupNotFoundException
- One or both of the groups cannot be found.InvalidMembershipException
- if the childGroup and parentGroup exist but are of different GroupTypes.MembershipNotFoundException
- if the childGroup is not a direct member of the parentGroup.ReadOnlyGroupException
- if the groups are read-onlyOperationFailedException
- underlying directory implementation failed to execute the operation.@Nonnull public <T> List<T> searchGroupRelationships(MembershipQuery<T> query) throws OperationFailedException
RemoteDirectory
searchGroupRelationships
in interface RemoteDirectory
query
- query for memberships.OperationFailedException
- underlying directory implementation failed to execute the operation.public void testConnection() throws OperationFailedException
RemoteDirectory
testConnection
in interface RemoteDirectory
OperationFailedException
- underlying directory implementation failed to execute the operation.public boolean supportsInactiveAccounts()
RemoteDirectory
supportsInactiveAccounts
in interface RemoteDirectory
public boolean supportsNestedGroups()
RemoteDirectory
supportsNestedGroups
in interface RemoteDirectory
public boolean supportsPasswordExpiration()
RemoteDirectory
supportsPasswordExpiration
in interface RemoteDirectory
public boolean supportsSettingEncryptedCredential()
RemoteDirectory
RemoteDirectory.updateUserCredential(String, PasswordCredential)
or
RemoteDirectory.addUser(com.atlassian.crowd.model.user.UserTemplate, com.atlassian.crowd.embedded.api.PasswordCredential)
with a PasswordCredential
instance where PasswordCredential.isEncryptedCredential()
returns true
and the instance is not equal to PasswordCredential.NONE
will succeed; otherwise, it will fail.supportsSettingEncryptedCredential
in interface RemoteDirectory
public boolean isRolesDisabled()
RemoteDirectory
isRolesDisabled
in interface RemoteDirectory
@Nonnull public Iterable<Membership> getMemberships() throws OperationFailedException
RemoteDirectory
Get an iterable view of the available group memberships. This may be implemented as a single remote call or separate calls, depending on the directory.
If there is a failure in the underlying retrieval, the iterator may throw
Membership.MembershipIterationException
at runtime.
If the directory does not have a bulk call interface then a typical implementation would be:
return new DirectoryMembershipsIterable(this);
getMemberships
in interface RemoteDirectory
OperationFailedException
- if the underlying directory implementation failed to execute the operation@Nonnull public RemoteDirectory getAuthoritativeDirectory()
getAuthoritativeDirectory
in interface RemoteDirectory
public void expireAllPasswords() throws OperationFailedException
RemoteDirectory
UserConstants.REQUIRES_PASSWORD_CHANGE
attribute to true for
all users in the directory using bulk operationsexpireAllPasswords
in interface RemoteDirectory
OperationFailedException
@Nullable public AvatarReference getUserAvatarByName(String username, int sizeHint) throws UserNotFoundException, OperationFailedException
RemoteDirectory
getUserAvatarByName
in interface RemoteDirectory
sizeHint
- a hint in pixels for the context in which this will be usednull
if none is availableUserNotFoundException
OperationFailedException
@ExperimentalApi public User updateUserFromRemoteDirectory(User remoteUser) throws OperationFailedException, UserNotFoundException
updateUserFromRemoteDirectory
in interface RemoteDirectory
OperationFailedException
UserNotFoundException
@Nullable public Set<String> getValues(String key)
Attributes
getValues
in interface Attributes
key
- the key to retrieve the values for@Nullable public String getValue(String key)
Attributes
null
if there is no value.getValue
in interface Attributes
key
- the key to retrieve the value fornull
if there is no valuepublic Set<String> getKeys()
Attributes
getKeys
in interface Attributes
public boolean isEmpty()
isEmpty
in interface Attributes
true
if there are no attributes@Nonnull public User addUser(UserTemplate user, PasswordCredential credential) throws InvalidUserException, InvalidCredentialException, UserAlreadyExistsException, OperationFailedException
RemoteDirectory
user
to the directory store.addUser
in interface RemoteDirectory
user
- template of the user to add.credential
- a password, or PasswordCredential.NONE
for an account that cannot login with any passwordInvalidUserException
- The supplied user is invalid.InvalidCredentialException
- The supplied credential is invalid.UserAlreadyExistsException
- The user already existsOperationFailedException
- underlying directory implementation failed to execute the operation.RemoteDirectory.supportsSettingEncryptedCredential()
public UserWithAttributes addUser(UserTemplateWithAttributes user, PasswordCredential credential) throws InvalidUserException, InvalidCredentialException, UserAlreadyExistsException, OperationFailedException
RemoteDirectory
user
to the directory store.addUser
in interface RemoteDirectory
user
- template of the user to add.credential
- a password, or PasswordCredential.NONE
for an account that cannot login with any passwordInvalidUserException
- The supplied user is invalid.InvalidCredentialException
- The supplied credential is invalid.UserAlreadyExistsException
- The user already existsOperationFailedException
- underlying directory implementation failed to execute the operation.RemoteDirectory.supportsSettingEncryptedCredential()
@Nonnull public User updateUser(UserTemplate user) throws InvalidUserException, UserNotFoundException, OperationFailedException
RemoteDirectory
user
.updateUser
in interface RemoteDirectory
user
- The user to update.InvalidUserException
- the supplied user is invalid.UserNotFoundException
- the user does not exist in the directory store.OperationFailedException
- underlying directory implementation failed to execute the operation.@Nonnull public User renameUser(String oldName, String newName) throws UserNotFoundException, InvalidUserException, UserAlreadyExistsException, OperationFailedException
RemoteDirectory
user
.renameUser
in interface RemoteDirectory
oldName
- name of existing user.newName
- desired name of user.UserNotFoundException
- if the user with the existing name does not exist.InvalidUserException
- if the new username is invalid.UserAlreadyExistsException
- if the newName already exists.OperationFailedException
- if the underlying directory implementation failed to execute the operation.public void storeUserAttributes(String username, Map<String,Set<String>> attributes) throws UserNotFoundException, OperationFailedException
RemoteDirectory
directoryId
.
The attributes map represents new or updated attributes and does not replace existing attributes unless the key of an attribute matches the key of an existing
Attributes with values of empty sets are not added (these attributes are effectively removed).
storeUserAttributes
in interface RemoteDirectory
username
- name of user to update.attributes
- new or updated attributes (attributes that don't need changing should not appear in this Map).UserNotFoundException
- user with supplied username does not exist.OperationFailedException
- underlying directory implementation failed to execute the operation.public void removeUserAttributes(String username, String attributeName) throws UserNotFoundException, OperationFailedException
RemoteDirectory
removeUserAttributes
in interface RemoteDirectory
username
- name of the user to update.attributeName
- name of attribute to remove.UserNotFoundException
- user with supplied username does not exist.OperationFailedException
- underlying directory implementation failed to execute the operation.public void removeUser(String name) throws UserNotFoundException, OperationFailedException
RemoteDirectory
user
that matches the supplied name
.removeUser
in interface RemoteDirectory
name
- The name of the user (username).UserNotFoundException
- The user does not exist.OperationFailedException
- underlying directory implementation failed to execute the operation.@Nonnull public <T> List<T> searchUsers(EntityQuery<T> query) throws OperationFailedException
RemoteDirectory
users
that match the supplied query criteria.
The users will be returned in a stable order including across pagination boundaries (excluding modification).
searchUsers
in interface RemoteDirectory
query
- EntityQuery for Entity.USER.List<User
>
or List<String
>
of users/usernames
matching the search criteria. An empty List
will be returned
if no users matching the criteria are found.OperationFailedException
- if the underlying directory implementation failed to execute the operation@Nonnull public Group findGroupByName(String name) throws GroupNotFoundException, OperationFailedException
RemoteDirectory
group
that matches the supplied name
.findGroupByName
in interface RemoteDirectory
name
- the name of the group.GroupNotFoundException
- a group with the supplied name does not exist.OperationFailedException
- underlying directory implementation failed to execute the operation.@Nonnull public GroupWithAttributes findGroupWithAttributesByName(String name) throws GroupNotFoundException, OperationFailedException
RemoteDirectory
group
that matches the supplied name
.findGroupWithAttributesByName
in interface RemoteDirectory
name
- the name of the group.GroupNotFoundException
- a group with the supplied name does not exist.OperationFailedException
- underlying directory implementation failed to execute the operation.public void updateUserCredential(String username, PasswordCredential credential) throws UserNotFoundException, InvalidCredentialException, OperationFailedException
RemoteDirectory
updateUserCredential
in interface RemoteDirectory
username
- The name of the user (username).credential
- The new credential (password).UserNotFoundException
- The user does not exist.InvalidCredentialException
- The supplied credential is invalid.OperationFailedException
- underlying directory implementation failed to execute the operation.RemoteDirectory.supportsSettingEncryptedCredential()
@Nonnull public Group addGroup(GroupTemplate group) throws InvalidGroupException, OperationFailedException
RemoteDirectory
group
to the directory store.addGroup
in interface RemoteDirectory
group
- template of the group to add.InvalidGroupException
- The supplied group is invalid or it already exists in the directory.OperationFailedException
- underlying directory implementation failed to execute the operation.public void removeGroup(String name) throws GroupNotFoundException, ReadOnlyGroupException, OperationFailedException
RemoteDirectory
group
that matches the supplied name
.removeGroup
in interface RemoteDirectory
name
- The name of the group.GroupNotFoundException
- The group does not exist.ReadOnlyGroupException
- if the group is read-only and not allowed to be deleted.OperationFailedException
- underlying directory implementation failed to execute the operation.@Nonnull public <T> List<T> searchGroups(EntityQuery<T> query) throws OperationFailedException
RemoteDirectory
groups
that match the supplied query criteria.
The groups will be returned in a stable order including across pagination boundaries (excluding modification).
searchGroups
in interface RemoteDirectory
query
- EntityQuery for Entity.GROUP.List<Group>
or List<String>
of groups/groupnames
matching the search criteria. An empty List
will be returned
if no groups matching the criteria are found.OperationFailedException
- if the underlying directory implementation failed to execute the operationpublic boolean isUserDirectGroupMember(String username, String groupName) throws OperationFailedException
RemoteDirectory
isUserDirectGroupMember
in interface RemoteDirectory
username
- name of user.groupName
- name of group.true
iff the user is a direct member of the group.OperationFailedException
- underlying directory implementation failed to execute the operation.public boolean isGroupDirectGroupMember(String childGroup, String parentGroup) throws OperationFailedException
RemoteDirectory
isGroupDirectGroupMember
in interface RemoteDirectory
childGroup
- name of child group.parentGroup
- name of parent group.true
iff the childGroup is a direct member of the parentGroup.OperationFailedException
- underlying directory implementation failed to execute the operation.@Nonnull public BoundedCount countDirectMembersOfGroup(String groupName, int querySizeHint) throws OperationFailedException
RemoteDirectory
countDirectMembersOfGroup
in interface RemoteDirectory
groupName
- the name of the group to search forquerySizeHint
- hinting at the maximum number of memberships that should be counted. The directory that
implements this may choose to count less or more. This is a user provided suggestion for potential efficiency.OperationFailedException
- if we failed to count the number of memberships for the provided group.@Nonnull public Group updateGroup(GroupTemplate group) throws InvalidGroupException, GroupNotFoundException, ReadOnlyGroupException, OperationFailedException
RemoteDirectory
group
.updateGroup
in interface RemoteDirectory
group
- The group to update.InvalidGroupException
- the supplied group is invalid.GroupNotFoundException
- the group does not exist in the directory store.ReadOnlyGroupException
- the group is read-onlyOperationFailedException
- underlying directory implementation failed to execute the operation.@Nonnull public Group renameGroup(String oldName, String newName) throws GroupNotFoundException, InvalidGroupException, OperationFailedException
RemoteDirectory
group
.renameGroup
in interface RemoteDirectory
oldName
- name of existing group.newName
- desired name of group.GroupNotFoundException
- if the group with the existing name does not exist.InvalidGroupException
- if the new group name is invalid or already exists in the directory.OperationFailedException
- if the underlying directory implementation failed to execute the operation.public void storeGroupAttributes(String groupName, Map<String,Set<String>> attributes) throws GroupNotFoundException, OperationFailedException
RemoteDirectory
directoryId
.
The attributes map represents new or updated attributes and does not replace existing attributes unless the key of an attribute matches the key of an existing
Attributes with values of empty sets are not added (these attributes are effectively removed).
storeGroupAttributes
in interface RemoteDirectory
groupName
- name of group to update.attributes
- new or updated attributes (attributes that don't need changing should not appear in this Map).GroupNotFoundException
- group with supplied groupName does not exist.OperationFailedException
- underlying directory implementation failed to execute the operation.public void removeGroupAttributes(String groupName, String attributeName) throws GroupNotFoundException, OperationFailedException
RemoteDirectory
removeGroupAttributes
in interface RemoteDirectory
groupName
- name of the group to update.attributeName
- name of attribute to remove.GroupNotFoundException
- group with supplied groupName does not exist.OperationFailedException
- underlying directory implementation failed to execute the operation.public long getDirectoryId()
RemoteDirectory
directoryId
of the directory store.getDirectoryId
in interface RemoteDirectory
directoryId
.public void setDirectoryId(long directoryId)
RemoteDirectory
directoryId
will be set by the
crowd framework.setDirectoryId
in interface RemoteDirectory
directoryId
- The unique directoryId
of the DirectoryImpl
stored in the database.@Nonnull public String getDescriptiveName()
RemoteDirectory
getDescriptiveName
in interface RemoteDirectory
public void setAttributes(Map<String,String> attributes)
RemoteDirectory
The Map is immutable and implementations are required to maintain immutability.
setAttributes
in interface RemoteDirectory
attributes
- attributes map.@Nonnull public User findUserByName(String name) throws UserNotFoundException, OperationFailedException
RemoteDirectory
user
that matches the supplied name
.findUserByName
in interface RemoteDirectory
name
- the name of the user (username).UserNotFoundException
- a user with the supplied name does not exist.OperationFailedException
- underlying directory implementation failed to execute the operation.@Nonnull public UserWithAttributes findUserWithAttributesByName(String name) throws UserNotFoundException, OperationFailedException
RemoteDirectory
user
that matches the supplied name
.findUserWithAttributesByName
in interface RemoteDirectory
name
- the name of the user (username).UserNotFoundException
- a user with the supplied name does not exist.OperationFailedException
- underlying directory implementation failed to execute the operation.@Nonnull public User findUserByExternalId(String externalId) throws UserNotFoundException, OperationFailedException
RemoteDirectory
externalId
.
This is an optional method that may not be implemented on all directory types.
Currently it is implemented for LDAP and Internal directories but not Crowd directories.findUserByExternalId
in interface RemoteDirectory
externalId
- the externalId of the userexternalId
.UserNotFoundException
- a user with the supplied externalId does not exist.OperationFailedException
- underlying directory implementation failed to execute the operation.RemoteDirectory.findUserByName(String)
@Nonnull public User authenticate(String name, PasswordCredential credential) throws UserNotFoundException, InactiveAccountException, InvalidAuthenticationException, ExpiredCredentialException, OperationFailedException
RemoteDirectory
user
with the directory store.authenticate
in interface RemoteDirectory
name
- The name of the user (username).credential
- The supplied credentials (password).UserNotFoundException
- The user with the supplied name does not exist.InactiveAccountException
- The supplied user is inactive.InvalidAuthenticationException
- Authentication with the provided credentials failed.ExpiredCredentialException
- The user's credentials have expired. The user must change their credentials in order to successfully authenticate.OperationFailedException
- underlying directory implementation failed to execute the operation.Copyright © 2021 Atlassian. All rights reserved.