com.atlassian.crowd.directory

Class AbstractInternalDirectory

java.lang.Object

com.atlassian.crowd.directory.AbstractInternalDirectory

All Implemented Interfaces:

FastEntityCountProvider, InternalRemoteDirectory, MultiValuesQueriesSupport, RemoteDirectory, Attributes

Direct Known Subclasses:

CachingDirectory, InternalDirectory

public abstract class AbstractInternalDirectory
extends Object
implements InternalRemoteDirectory

This class holds methods that are common to both InternalDirectory and CachingDirectory.

Field Summary

Fields

Modifier and Type	Field and Description
static String	ATTRIBUTE_PASSWORD_COMPLEXITY_MESSAGE
static String	ATTRIBUTE_PASSWORD_EXPIRATION_NOTIFICATION_PERIODS
static String	ATTRIBUTE_PASSWORD_HISTORY_COUNT
static String	ATTRIBUTE_PASSWORD_MAX_ATTEMPTS
static String	ATTRIBUTE_PASSWORD_MAX_CHANGE_TIME
static String	ATTRIBUTE_PASSWORD_MINIMUM_LENGTH The minimum length a password can have for users in this directory, stored as a non-negative integer
static String	ATTRIBUTE_PASSWORD_MINIMUM_SCORE The minimum password score allowed for new passwords for users in this directory, stored as PasswordScore.getRanking().
static String	ATTRIBUTE_PASSWORD_REGEX
static String	ATTRIBUTE_USER_ENCRYPTION_METHOD
protected AttributeValuesHolder	attributes
static String	DESCRIPTIVE_NAME
protected DirectoryDao	directoryDao
protected long	directoryId
protected GroupDao	groupDao
protected InternalDirectoryUtils	internalDirectoryUtils
protected MembershipDao	membershipDao
protected PasswordEncoderFactory	passwordEncoderFactory
protected TombstoneDao	tombstoneDao
protected UserDao	userDao

Constructor Summary

Constructors

Constructor and Description
AbstractInternalDirectory(InternalDirectoryUtils internalDirectoryUtils, PasswordEncoderFactory passwordEncoderFactory, DirectoryDao directoryDao, UserDao userDao, GroupDao groupDao, MembershipDao membershipDao, TombstoneDao tombstoneDao, PasswordConstraintsLoader passwordConstraints)

Method Summary

Modifier and Type	Method and Description
BatchResult<String>	addAllGroupsToGroup(Collection<String> childGroupNames, String groupName) Adds a collection of child groups to a group.
Group	addGroup(GroupTemplate group) Adds a group to the directory store.
void	addGroupToGroup(String childGroup, String parentGroup) Adds a group as a member of a parent group.
abstract Group	addLocalGroup(GroupTemplate group) Adds a "local" group to the directory.
abstract UserWithAttributes	addUser(UserTemplateWithAttributes user, PasswordCredential credential) Adds a user to the directory store.
void	addUserToGroup(String username, String groupName) Adds a user as a member of a group.
BatchResult<String>	addUserToGroups(String username, Set<String> groupNames) Adds a user to many groups.
User	authenticate(String name, PasswordCredential credential) Authenticates a user with the directory store.
protected static Map<String,Set<String>>	calculatePostPasswordUpdateAttributes() Generate the list of default attributes and values relating to passwords, for use when creating or resetting a password
BoundedCount	countDirectMembersOfGroup(String groupName, int querySizeHint) Count the direct members of a group in the remote directory.
protected long	currentPrincipalInvalidPasswordAttempts(UserWithAttributes user)
protected PasswordCredential	encryptedCredential(PasswordCredential passwordCredential)
void	expireAllPasswords() Sets the UserConstants.REQUIRES_PASSWORD_CHANGE attribute to true for all users in the directory using bulk operations
InternalDirectoryGroup	findGroupByName(String name) Finds the group that matches the supplied name.
GroupWithAttributes	findGroupWithAttributesByName(String name) Finds the group that matches the supplied name.
TimestampedUser	findUserByExternalId(String externalId) Finds the user that matches the supplied externalId.
TimestampedUser	findUserByName(String name) Finds the user that matches the supplied name.
UserWithAttributes	findUserWithAttributesByName(String name) Finds the user that matches the supplied name.
User	forceRenameUser(User oldUser, String newName) Forces a rename on the given user in this directory.
Set<String>	getAllUserExternalIds() Retrieves all users externalIds found in this directory.
RemoteDirectory	getAuthoritativeDirectory()
String	getDescriptiveName() Returns a descriptive name for the type of directory.
long	getDirectoryId() Gets the internal unique directoryId of the directory store.
protected PasswordEncoder	getEncoder()
long	getGroupCount()
Set<String>	getKeys() Gets all the keys of the attributes.
Iterable<Membership>	getMemberships() Get an iterable view of the available group memberships.
protected Set<PasswordConstraint>	getPasswordConstraints()
AvatarReference	getUserAvatarByName(String username, int sizeHint) Return an avatar, if available, for the named user.
long	getUserCount()
String	getValue(String name) Returns any value associated with the given key, returns null if there is no value.
Set<String>	getValues(String name) Get all the values associated with a given key.
boolean	isEmpty()
boolean	isGroupDirectGroupMember(String childGroup, String parentGroup) Determines if a group is a direct member of another group.
boolean	isRolesDisabled() Expose whether the directory has roles disabled.
boolean	isUserDirectGroupMember(String username, String groupName) Determines if a user is a direct member of a group.
BatchResult<String>	removeAllGroups(Set<String> groupNames) Removes all groups from the directory.
BatchResult<String>	removeAllUsers(Set<String> userNames) Removes all users from the directory.
void	removeGroup(String name) Removes the group that matches the supplied name.
void	removeGroupAttributes(String groupName, String attributeName) Removes all the values for a single attribute key for a group.
void	removeGroupFromGroup(String childGroup, String parentGroup) Removes a group as a member of a parent group.
BatchResult<String>	removeGroupsFromGroup(Collection<String> childGroupNames, String groupName) Removes a collection of child groups from a group.
void	removeUser(String name) Removes the user that matches the supplied name.
void	removeUserAttributes(String username, String attributeName) Removes all the values for a single attribute key for a user.
void	removeUserFromGroup(String username, String groupName) Removes a user as a member of a group.
BatchResult<String>	removeUsersFromGroup(Set<String> usernames, String groupName) Removes a collection of users from a group.
Group	renameGroup(String oldName, String newName) Renames a group.
User	renameUser(String oldName, String newName) Renames a user.
protected boolean	requiresPasswordChange(UserWithAttributes user)
<T> List<T>	searchGroupRelationships(MembershipQuery<T> query) Searches for membership information.
<T> com.google.common.collect.ListMultimap<String,T>	searchGroupRelationshipsGroupedByName(MembershipQuery<T> query) Searches for groups that match the supplied query criteria.
<T> List<T>	searchGroups(EntityQuery<T> query) Searches for groups that match the supplied query criteria.
<T> List<T>	searchUsers(EntityQuery<T> query) Searches for users that match the supplied query criteria.
void	setAttributes(Map<String,String> attributes) Called by the DirectoryInstanceLoader after constructing an InternalDirectory.
void	setDirectoryId(long id) Called by the DirectoryInstanceLoader after constructing an InternalDirectory.
void	storeGroupAttributes(String groupName, Map<String,Set<String>> attributes) Adds or updates a group's attributes with the new Map of attribute values in the directory specified by the passed in directoryId.
void	storeUserAttributes(String username, Map<String,Set<String>> attributes) Adds or updates a user's attributes with the new Map of attribute values in the directory specified by the passed in directoryId.
boolean	supportsInactiveAccounts() Internal directories always support inactive accounts.
boolean	supportsNestedGroups() Allows us to only display nested-group related UI for directories that support it.
boolean	supportsPasswordExpiration() Internal Directories always support expiring passwords
boolean	supportsSettingEncryptedCredential() Internal directories always support setting passwords by hash.
void	testConnection() Does nothing, connection is determined by the ability to communicate with the database.
Group	updateGroup(GroupTemplate group) Updates the group.
void	updateUserCredential(String name, PasswordCredential newCredential) Updates the password for a user.
User	userAuthenticated(String username)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface com.atlassian.crowd.directory.InternalRemoteDirectory

addAllGroups, addAllUsers, addAllUsersToGroup, isLocalUserStatusEnabled

Methods inherited from interface com.atlassian.crowd.directory.RemoteDirectory

addUser, getLocallyFilteredGroupNames, updateUser, updateUserFromRemoteDirectory

Field Detail

DESCRIPTIVE_NAME

public static final String DESCRIPTIVE_NAME

See Also:

Constant Field Values

ATTRIBUTE_PASSWORD_REGEX

public static final String ATTRIBUTE_PASSWORD_REGEX

See Also:

Constant Field Values

ATTRIBUTE_PASSWORD_COMPLEXITY_MESSAGE

public static final String ATTRIBUTE_PASSWORD_COMPLEXITY_MESSAGE

See Also:

Constant Field Values

ATTRIBUTE_PASSWORD_MAX_ATTEMPTS

public static final String ATTRIBUTE_PASSWORD_MAX_ATTEMPTS

See Also:

Constant Field Values

ATTRIBUTE_PASSWORD_HISTORY_COUNT

public static final String ATTRIBUTE_PASSWORD_HISTORY_COUNT

See Also:

Constant Field Values

ATTRIBUTE_USER_ENCRYPTION_METHOD

public static final String ATTRIBUTE_USER_ENCRYPTION_METHOD

See Also:

Constant Field Values

ATTRIBUTE_PASSWORD_MAX_CHANGE_TIME

public static final String ATTRIBUTE_PASSWORD_MAX_CHANGE_TIME

See Also:

Constant Field Values

ATTRIBUTE_PASSWORD_EXPIRATION_NOTIFICATION_PERIODS

public static final String ATTRIBUTE_PASSWORD_EXPIRATION_NOTIFICATION_PERIODS

See Also:

Constant Field Values

ATTRIBUTE_PASSWORD_MINIMUM_LENGTH

public static final String ATTRIBUTE_PASSWORD_MINIMUM_LENGTH

The minimum length a password can have for users in this directory, stored as a non-negative integer

See Also:

Constant Field Values

ATTRIBUTE_PASSWORD_MINIMUM_SCORE

public static final String ATTRIBUTE_PASSWORD_MINIMUM_SCORE

The minimum password score allowed for new passwords for users in this directory, stored as PasswordScore.getRanking().

See Also:

Constant Field Values

directoryId

protected long directoryId

attributes

protected AttributeValuesHolder attributes

passwordEncoderFactory

protected final PasswordEncoderFactory passwordEncoderFactory

directoryDao

protected final DirectoryDao directoryDao

userDao

protected final UserDao userDao

groupDao

protected final GroupDao groupDao

membershipDao

protected final MembershipDao membershipDao

tombstoneDao

protected final TombstoneDao tombstoneDao

internalDirectoryUtils

protected final InternalDirectoryUtils internalDirectoryUtils

Constructor Detail

AbstractInternalDirectory

public AbstractInternalDirectory(InternalDirectoryUtils internalDirectoryUtils,
                                 PasswordEncoderFactory passwordEncoderFactory,
                                 DirectoryDao directoryDao,
                                 UserDao userDao,
                                 GroupDao groupDao,
                                 MembershipDao membershipDao,
                                 TombstoneDao tombstoneDao,
                                 PasswordConstraintsLoader passwordConstraints)

Method Detail

getDirectoryId

public long getDirectoryId()

Description copied from interface: RemoteDirectory

Gets the internal unique directoryId of the directory store.

Specified by:

getDirectoryId in interface RemoteDirectory

Returns:

The directoryId.

setDirectoryId

public void setDirectoryId(long id)

Called by the DirectoryInstanceLoader after constructing an InternalDirectory.

Specified by:

setDirectoryId in interface RemoteDirectory

Parameters:

id - The unique id of the Directory stored in the database.

setAttributes

public void setAttributes(Map<String,String> attributes)

Called by the DirectoryInstanceLoader after constructing an InternalDirectory.

Specified by:

setAttributes in interface RemoteDirectory

Parameters:

attributes - attributes map.

getValues

public Set<String> getValues(String name)

Description copied from interface: Attributes

Get all the values associated with a given key. Duplicate values are not allowed, and this should be enforced case-insensitively to match the behaviour of LDAP servers. Will return null if the key does not exist.

Specified by:

getValues in interface Attributes

Parameters:

name - the key to retrieve the values for

Returns:

the values associated with the given key. It may return null or empty set if the key does not exist.

getValue

public String getValue(String name)

Description copied from interface: Attributes

Returns any value associated with the given key, returns null if there is no value.

Specified by:

getValue in interface Attributes

Parameters:

name - the key to retrieve the value for

Returns:

any value associated with the given key, or null if there is no value

getKeys

public Set<String> getKeys()

Description copied from interface: Attributes

Gets all the keys of the attributes. Warning: case-insensitive keys are currently no enforced, however this is the case for LDAP, so this may be implemented in the future.

Specified by:

getKeys in interface Attributes

Returns:

a set of all the keys.

isEmpty

public boolean isEmpty()

Specified by:

isEmpty in interface Attributes

Returns:

true if there are no attributes

getDescriptiveName

public String getDescriptiveName()

Description copied from interface: RemoteDirectory

Returns a descriptive name for the type of directory.

Specified by:

getDescriptiveName in interface RemoteDirectory

Returns:

descriptive name.

findUserByName

public TimestampedUser findUserByName(String name)
                               throws UserNotFoundException

Description copied from interface: RemoteDirectory

Finds the user that matches the supplied name.

Specified by:

findUserByName in interface InternalRemoteDirectory

Specified by:

findUserByName in interface RemoteDirectory

Parameters:

name - the name of the user (username).

Returns:

TimestampedUser entity.

Throws:

UserNotFoundException - a user with the supplied name does not exist.

findUserByExternalId

public TimestampedUser findUserByExternalId(String externalId)
                                     throws UserNotFoundException

Description copied from interface: RemoteDirectory

Finds the user that matches the supplied externalId. This is an optional method that may not be implemented on all directory types. Currently it is implemented for LDAP and Internal directories but not Crowd directories.

Specified by:

findUserByExternalId in interface InternalRemoteDirectory

Specified by:

findUserByExternalId in interface RemoteDirectory

Parameters:

externalId - the externalId of the user

Returns:

TimestampedUser entity.

Throws:

UserNotFoundException - a user with the supplied externalId does not exist.

See Also:

RemoteDirectory.findUserByName(String)

findUserWithAttributesByName

public UserWithAttributes findUserWithAttributesByName(String name)
                                                throws UserNotFoundException

Description copied from interface: RemoteDirectory

Finds the user that matches the supplied name.

Specified by:

findUserWithAttributesByName in interface RemoteDirectory

Parameters:

name - the name of the user (username).

Returns:

user entity with attributes.

Throws:

UserNotFoundException - a user with the supplied name does not exist.

authenticate

public User authenticate(String name,
                         PasswordCredential credential)
                  throws InactiveAccountException,
                         InvalidAuthenticationException,
                         ExpiredCredentialException,
                         UserNotFoundException

Description copied from interface: RemoteDirectory

Authenticates a user with the directory store.

Specified by:

authenticate in interface RemoteDirectory

Parameters:

name - The name of the user (username).

credential - The supplied credentials (password).

Returns:

user entity.

Throws:

InactiveAccountException - The supplied user is inactive.

InvalidAuthenticationException - Authentication with the provided credentials failed OR the user has exceeded the maximum number of failed authentication attempts.

UserNotFoundException - The user wth the supplied name does not exist.

ExpiredCredentialException - The user's credentials have expired. The user must change their credentials in order to successfully authenticate.

userAuthenticated

public User userAuthenticated(String username)
                       throws OperationFailedException,
                              UserNotFoundException,
                              InactiveAccountException

Specified by:

userAuthenticated in interface RemoteDirectory

Throws:

OperationFailedException

UserNotFoundException

InactiveAccountException

currentPrincipalInvalidPasswordAttempts

protected long currentPrincipalInvalidPasswordAttempts(UserWithAttributes user)

Parameters:

user - user with attributes.

Returns:

long value of the invalid password attempts attribute on the user.

requiresPasswordChange

protected boolean requiresPasswordChange(UserWithAttributes user)

Parameters:

user - user with attributes.

Returns:

true if the requires password change attribute on the user is set to true, or if the password last changed attribute on the user exceeds the password max change time attribute on the directory (ie. password timeout).

addUser

public abstract UserWithAttributes addUser(UserTemplateWithAttributes user,
                                           PasswordCredential credential)
                                    throws InvalidCredentialException,
                                           InvalidUserException,
                                           UserAlreadyExistsException,
                                           OperationFailedException

Description copied from interface: RemoteDirectory

Adds a user to the directory store.

Specified by:

addUser in interface RemoteDirectory

Parameters:

user - template of the user to add.

credential - a password, or PasswordCredential.NONE for an account that cannot login with any password

Returns:

the added user retrieved from the underlying store.

Throws:

InvalidCredentialException - The supplied credential is invalid.

InvalidUserException - The supplied user is invalid.

UserAlreadyExistsException - The user already exists

OperationFailedException - underlying directory implementation failed to execute the operation.

See Also:

RemoteDirectory.supportsSettingEncryptedCredential()

encryptedCredential

protected PasswordCredential encryptedCredential(PasswordCredential passwordCredential)

getEncoder

protected PasswordEncoder getEncoder()

updateUserCredential

public void updateUserCredential(String name,
                                 PasswordCredential newCredential)
                          throws InvalidCredentialException,
                                 UserNotFoundException

Description copied from interface: RemoteDirectory

Updates the password for a user.

Specified by:

updateUserCredential in interface RemoteDirectory

Parameters:

name - The name of the user (username).

newCredential - The new credential (password).

Throws:

InvalidCredentialException - The supplied credential is invalid.

UserNotFoundException - The user does not exist.

See Also:

RemoteDirectory.supportsSettingEncryptedCredential()

calculatePostPasswordUpdateAttributes

protected static Map<String,Set<String>> calculatePostPasswordUpdateAttributes()

Generate the list of default attributes and values relating to passwords, for use when creating or resetting a password

Returns:

A map containing the values to then be stored

renameUser

public User renameUser(String oldName,
                       String newName)
                throws InvalidUserException,
                       UserNotFoundException,
                       UserAlreadyExistsException

Description copied from interface: RemoteDirectory

Renames a user.

Specified by:

renameUser in interface RemoteDirectory

Parameters:

oldName - name of existing user.

newName - desired name of user.

Returns:

renamed user.

Throws:

InvalidUserException - if the new username is invalid.

UserNotFoundException - if the user with the existing name does not exist.

UserAlreadyExistsException - if the newName already exists.

forceRenameUser

public User forceRenameUser(@Nonnull
                            User oldUser,
                            @Nonnull
                            String newName)
                     throws UserNotFoundException

Description copied from interface: InternalRemoteDirectory

Forces a rename on the given user in this directory. This works like RemoteDirectory.renameUser(String, String), except it will still do the rename even if there is an existing user under the newName. In this case, it will first rename that existing user to a name that is known not to exist in this directory.

Specified by:

forceRenameUser in interface InternalRemoteDirectory

Parameters:

oldUser - the existing user.

newName - desired name of user.

Returns:

renamed user.

Throws:

UserNotFoundException - if the "oldUser" does not exist.

See Also:

RemoteDirectory.renameUser(String, String)

getPasswordConstraints

protected final Set<PasswordConstraint> getPasswordConstraints()

getAllUserExternalIds

@Nonnull
public Set<String> getAllUserExternalIds()
                                           throws OperationFailedException

Description copied from interface: InternalRemoteDirectory

Retrieves all users externalIds found in this directory.

Specified by:

getAllUserExternalIds in interface InternalRemoteDirectory

Returns:

set of all users externalIds

Throws:

OperationFailedException - underlying directory implementation failed to execute the operation.

getUserCount

public long getUserCount()
                  throws OperationFailedException

Specified by:

getUserCount in interface FastEntityCountProvider

Returns:

number of users found in this directory.

Throws:

OperationFailedException - underlying directory implementation failed to execute the operation.

getGroupCount

public long getGroupCount()
                   throws OperationFailedException

Specified by:

getGroupCount in interface FastEntityCountProvider

Returns:

number of groups found in this directory.

Throws:

OperationFailedException - underlying directory implementation failed to execute the operation.

storeUserAttributes

public void storeUserAttributes(String username,
                                Map<String,Set<String>> attributes)
                         throws UserNotFoundException,
                                OperationFailedException

Description copied from interface: RemoteDirectory

Adds or updates a user's attributes with the new Map of attribute values in the directory specified by the passed in directoryId.

The attributes map represents new or updated attributes and does not replace existing attributes unless the key of an attribute matches the key of an existing

Attributes with values of empty sets are not added (these attributes are effectively removed).

Specified by:

storeUserAttributes in interface RemoteDirectory

Parameters:

username - name of user to update.

attributes - new or updated attributes (attributes that don't need changing should not appear in this Map).

Throws:

UserNotFoundException - user with supplied username does not exist.

OperationFailedException - underlying directory implementation failed to execute the operation.

removeUserAttributes

public void removeUserAttributes(String username,
                                 String attributeName)
                          throws UserNotFoundException

Description copied from interface: RemoteDirectory

Removes all the values for a single attribute key for a user. If the attribute key does not exist nothing will happen.

Specified by:

removeUserAttributes in interface RemoteDirectory

Parameters:

username - name of the user to update.

attributeName - name of attribute to remove.

Throws:

UserNotFoundException - user with supplied username does not exist.

removeUser

public void removeUser(String name)
                throws UserNotFoundException

Description copied from interface: RemoteDirectory

Removes the user that matches the supplied name.

Specified by:

removeUser in interface RemoteDirectory

Parameters:

name - The name of the user (username).

Throws:

UserNotFoundException - The user does not exist.

removeAllUsers

public BatchResult<String> removeAllUsers(Set<String> userNames)

Description copied from interface: InternalRemoteDirectory

Removes all users from the directory.

If a user with the supplied username does not exist in the directory, the username will be ignored.

Specified by:

removeAllUsers in interface InternalRemoteDirectory

Parameters:

userNames - usernames of users to remove.

Returns:

batch result containing successes (removed users) and failures (users which were not removed)

removeAllGroups

public BatchResult<String> removeAllGroups(Set<String> groupNames)

Description copied from interface: InternalRemoteDirectory

Removes all groups from the directory.

If a group with the supplied group name does not exist in the directory, the group name will be ignored.

Specified by:

removeAllGroups in interface InternalRemoteDirectory

Parameters:

groupNames - names of groups to remove.

Returns:

batch result containing successes (removed groups) and failures (groups which were not removed)

searchUsers

public <T> List<T> searchUsers(EntityQuery<T> query)

Description copied from interface: RemoteDirectory

Searches for users that match the supplied query criteria.

The users will be returned in a stable order including across pagination boundaries (excluding modification).

Specified by:

searchUsers in interface RemoteDirectory

Parameters:

query - EntityQuery for Entity.USER.

Returns:

List<User> or List<String> of users/usernames matching the search criteria. An empty List will be returned if no users matching the criteria are found.

findGroupByName

public InternalDirectoryGroup findGroupByName(String name)
                                       throws GroupNotFoundException

Description copied from interface: RemoteDirectory

Finds the group that matches the supplied name.

Specified by:

findGroupByName in interface InternalRemoteDirectory

Specified by:

findGroupByName in interface RemoteDirectory

Parameters:

name - the name of the group.

Returns:

InternalDirectoryGroup entity.

Throws:

GroupNotFoundException - a group with the supplied name does not exist.

findGroupWithAttributesByName

public GroupWithAttributes findGroupWithAttributesByName(String name)
                                                  throws GroupNotFoundException

Description copied from interface: RemoteDirectory

Finds the group that matches the supplied name.

Specified by:

findGroupWithAttributesByName in interface RemoteDirectory

Parameters:

name - the name of the group.

Returns:

group entity with attributes.

Throws:

GroupNotFoundException - a group with the supplied name does not exist.

addGroup

public Group addGroup(GroupTemplate group)
               throws InvalidGroupException,
                      OperationFailedException

Description copied from interface: RemoteDirectory

Adds a group to the directory store.

Specified by:

addGroup in interface RemoteDirectory

Parameters:

group - template of the group to add.

Returns:

the added group retrieved from the underlying store.

Throws:

InvalidGroupException - The supplied group is invalid or it already exists in the directory.

OperationFailedException - underlying directory implementation failed to execute the operation.

addLocalGroup

public abstract Group addLocalGroup(GroupTemplate group)
                             throws InvalidGroupException,
                                    OperationFailedException

Description copied from interface: InternalRemoteDirectory

Adds a "local" group to the directory.

This method can be used to store groups that aren't clones of "external" groups. For example, if an LDAP directory is cloned in an internal directory, it's possible to define "local" groups that exist internally but not in LDAP.

This functionality was added to meet the functionality that Confluence provided.

Specified by:

addLocalGroup in interface InternalRemoteDirectory

Parameters:

group - template of the group to add.

Returns:

the added group retrieved from the underlying store.

Throws:

InvalidGroupException - The supplied group is invalid.

OperationFailedException - underlying directory implementation failed to execute the operation.

updateGroup

public Group updateGroup(GroupTemplate group)
                  throws InvalidGroupException,
                         GroupNotFoundException

Description copied from interface: RemoteDirectory

Updates the group.

Specified by:

updateGroup in interface RemoteDirectory

Parameters:

group - The group to update.

Returns:

the updated group retrieved from the underlying store.

Throws:

InvalidGroupException - the supplied group is invalid.

GroupNotFoundException - the group does not exist in the directory store.

renameGroup

public Group renameGroup(String oldName,
                         String newName)
                  throws InvalidGroupException,
                         GroupNotFoundException

Description copied from interface: RemoteDirectory

Renames a group.

Specified by:

renameGroup in interface RemoteDirectory

Parameters:

oldName - name of existing group.

newName - desired name of group.

Returns:

renamed group.

Throws:

InvalidGroupException - if the new group name is invalid or already exists in the directory.

GroupNotFoundException - if the group with the existing name does not exist.

storeGroupAttributes

public void storeGroupAttributes(String groupName,
                                 Map<String,Set<String>> attributes)
                          throws GroupNotFoundException

Description copied from interface: RemoteDirectory

Adds or updates a group's attributes with the new Map of attribute values in the directory specified by the passed in directoryId.

The attributes map represents new or updated attributes and does not replace existing attributes unless the key of an attribute matches the key of an existing

Attributes with values of empty sets are not added (these attributes are effectively removed).

Specified by:

storeGroupAttributes in interface RemoteDirectory

Parameters:

groupName - name of group to update.

attributes - new or updated attributes (attributes that don't need changing should not appear in this Map).

Throws:

GroupNotFoundException - group with supplied groupName does not exist.

removeGroupAttributes

public void removeGroupAttributes(String groupName,
                                  String attributeName)
                           throws GroupNotFoundException

Description copied from interface: RemoteDirectory

Removes all the values for a single attribute key for a group.

Specified by:

removeGroupAttributes in interface RemoteDirectory

Parameters:

groupName - name of the group to update.

attributeName - name of attribute to remove.

Throws:

GroupNotFoundException - group with supplied groupName does not exist.

removeGroup

public void removeGroup(String name)
                 throws GroupNotFoundException

Description copied from interface: RemoteDirectory

Removes the group that matches the supplied name.

Specified by:

removeGroup in interface RemoteDirectory

Parameters:

name - The name of the group.

Throws:

GroupNotFoundException - The group does not exist.

searchGroups

public <T> List<T> searchGroups(EntityQuery<T> query)

Description copied from interface: RemoteDirectory

Searches for groups that match the supplied query criteria.

The groups will be returned in a stable order including across pagination boundaries (excluding modification).

Specified by:

searchGroups in interface RemoteDirectory

Parameters:

query - EntityQuery for Entity.GROUP.

Returns:

List<Group> or List<String> of groups/groupnames matching the search criteria. An empty List will be returned if no groups matching the criteria are found.

isUserDirectGroupMember

public boolean isUserDirectGroupMember(String username,
                                       String groupName)

Description copied from interface: RemoteDirectory

Determines if a user is a direct member of a group. The directory is NOT expected to resolve any transitive group relationships.

Specified by:

isUserDirectGroupMember in interface RemoteDirectory

Parameters:

username - name of user.

groupName - name of group.

Returns:

true iff the user is a direct member of the group.

isGroupDirectGroupMember

public boolean isGroupDirectGroupMember(String childGroup,
                                        String parentGroup)

Description copied from interface: RemoteDirectory

Determines if a group is a direct member of another group. The directory is NOT expected to resolve any transitive group relationships.

Specified by:

isGroupDirectGroupMember in interface RemoteDirectory

Parameters:

childGroup - name of child group.

parentGroup - name of parent group.

Returns:

true iff the childGroup is a direct member of the parentGroup.

addUserToGroups

public BatchResult<String> addUserToGroups(String username,
                                           Set<String> groupNames)
                                    throws UserNotFoundException

Description copied from interface: InternalRemoteDirectory

Adds a user to many groups.

This method assumes that user and groups already exist in the directory.

Specified by:

addUserToGroups in interface InternalRemoteDirectory

Parameters:

username - username of the user to whom we add groups

groupNames - names of the groups

Returns:

result of the bulk operation containing successful and failed entities

Throws:

UserNotFoundException - when user with a given username does not exist

addUserToGroup

public void addUserToGroup(String username,
                           String groupName)
                    throws UserNotFoundException,
                           GroupNotFoundException,
                           MembershipAlreadyExistsException

Description copied from interface: RemoteDirectory

Adds a user as a member of a group. This means that all user members of childGroup will appear as members of parentGroup to querying applications.

Specified by:

addUserToGroup in interface RemoteDirectory

Parameters:

username - The user that will become a member of groupName

groupName - The group that will gain a new member.

Throws:

UserNotFoundException - If the user cannot be found.

GroupNotFoundException - If the group cannot be found.

MembershipAlreadyExistsException - if the user is already a member of the group

addGroupToGroup

public void addGroupToGroup(String childGroup,
                            String parentGroup)
                     throws InvalidMembershipException,
                            GroupNotFoundException,
                            MembershipAlreadyExistsException

Description copied from interface: RemoteDirectory

Adds a group as a member of a parent group.

Specified by:

addGroupToGroup in interface RemoteDirectory

Parameters:

childGroup - The group that will become a member of parentGroup

parentGroup - The group that will gain a new member

Throws:

InvalidMembershipException - if the childGroup and parentGroup exist but are of different GroupTypes.

GroupNotFoundException - One or both of the groups cannot be found.

MembershipAlreadyExistsException - if the child group is already a child of the parent group

addAllGroupsToGroup

public BatchResult<String> addAllGroupsToGroup(Collection<String> childGroupNames,
                                               String groupName)
                                        throws GroupNotFoundException

Description copied from interface: InternalRemoteDirectory

Adds a collection of child groups to a group.

Caller must ensure that the memberships don't already exist.

Specified by:

addAllGroupsToGroup in interface InternalRemoteDirectory

Parameters:

childGroupNames - names of child groups to add to group.

groupName - name of group to add child groups to.

Returns:

result containing both successful and failed child groups

Throws:

GroupNotFoundException - group with supplied groupName cannot be found.

removeUserFromGroup

public void removeUserFromGroup(String username,
                                String groupName)
                         throws MembershipNotFoundException,
                                GroupNotFoundException,
                                UserNotFoundException

Description copied from interface: RemoteDirectory

Removes a user as a member of a group.

Specified by:

removeUserFromGroup in interface RemoteDirectory

Parameters:

username - The user that will be removed from parentGroup

groupName - The group that will lose the member.

Throws:

MembershipNotFoundException - if the user is not a direct member of the group.

GroupNotFoundException - If the group cannot be found.

UserNotFoundException - If the user cannot be found.

removeUsersFromGroup

public BatchResult<String> removeUsersFromGroup(Set<String> usernames,
                                                String groupName)
                                         throws GroupNotFoundException

Description copied from interface: InternalRemoteDirectory

Removes a collection of users from a group.

Specified by:

removeUsersFromGroup in interface InternalRemoteDirectory

Parameters:

usernames - names of users to remove from group.

groupName - name of group to remove users from.

Returns:

result containing both successful and failed users

Throws:

GroupNotFoundException - group with supplied groupName does not exist

removeGroupFromGroup

public void removeGroupFromGroup(String childGroup,
                                 String parentGroup)
                          throws InvalidMembershipException,
                                 MembershipNotFoundException,
                                 GroupNotFoundException

Description copied from interface: RemoteDirectory

Removes a group as a member of a parent group.

Specified by:

removeGroupFromGroup in interface RemoteDirectory

Parameters:

childGroup - The group that will be removed from parentGroup

parentGroup - The group that will lose the member.

Throws:

InvalidMembershipException - if the childGroup and parentGroup exist but are of different GroupTypes.

MembershipNotFoundException - if the childGroup is not a direct member of the parentGroup.

GroupNotFoundException - One or both of the groups cannot be found.

removeGroupsFromGroup

public BatchResult<String> removeGroupsFromGroup(Collection<String> childGroupNames,
                                                 String groupName)
                                          throws GroupNotFoundException

Description copied from interface: InternalRemoteDirectory

Removes a collection of child groups from a group.

Specified by:

removeGroupsFromGroup in interface InternalRemoteDirectory

Parameters:

childGroupNames - names of child groups to remove from group.

groupName - name of group to remove child groups from.

Returns:

result containing both successful and failed child groups

Throws:

GroupNotFoundException - group with supplied groupName cannot be found.

countDirectMembersOfGroup

public BoundedCount countDirectMembersOfGroup(String groupName,
                                              int querySizeHint)

Description copied from interface: RemoteDirectory

Count the direct members of a group in the remote directory. You may hint at the number of memberships that you would like to see for the purposes of efficiency but the hint may be ignored.

Specified by:

countDirectMembersOfGroup in interface RemoteDirectory

Parameters:

groupName - the name of the group to search for

querySizeHint - hinting at the maximum number of memberships that should be counted. The directory that implements this may choose to count less or more. This is a user provided suggestion for potential efficiency.

Returns:

A bounded count of the number of memberships in the given group for the provided directory. If the group is not found then there are exactly 0 members of that non-existent group.

searchGroupRelationships

public <T> List<T> searchGroupRelationships(MembershipQuery<T> query)

Description copied from interface: RemoteDirectory

Searches for membership information.

Specified by:

searchGroupRelationships in interface MultiValuesQueriesSupport

Specified by:

searchGroupRelationships in interface RemoteDirectory

Parameters:

query - query for memberships.

Returns:

a List of Users or Groups or Strings depending on the query criteria. An empty List if there are no results. Results are ordered by entity name, case-insensitive.

searchGroupRelationshipsGroupedByName

public <T> com.google.common.collect.ListMultimap<String,T> searchGroupRelationshipsGroupedByName(MembershipQuery<T> query)

Description copied from interface: MultiValuesQueriesSupport

Searches for groups that match the supplied query criteria. This method is similar to MultiValuesQueriesSupport.searchGroupRelationships(MembershipQuery), but it additionally groups results by elements of MembershipQuery.getEntityNamesToMatch().

Specified by:

searchGroupRelationshipsGroupedByName in interface MultiValuesQueriesSupport

Parameters:

query - EntityQuery for Entity.GROUP.

Returns:

ListMultimap<String, Group> or ListMultimap<String, String> of groups/groupnames matching the search criteria, grouped by MembershipQuery.getEntityNamesToMatch(). Results are ordered by entity name, case-insensitive. An empty ListMultimap will be returned if no groups matching the criteria are found.

testConnection

public void testConnection()
                    throws OperationFailedException

Does nothing, connection is determined by the ability to communicate with the database. Crowd wouldn't have started if the database connection failed.

Specified by:

testConnection in interface RemoteDirectory

Throws:

OperationFailedException - underlying directory implementation failed to execute the operation.

supportsInactiveAccounts

public boolean supportsInactiveAccounts()

Internal directories always support inactive accounts.

Specified by:

supportsInactiveAccounts in interface RemoteDirectory

Returns:

true, always

supportsNestedGroups

public boolean supportsNestedGroups()

Description copied from interface: RemoteDirectory

Allows us to only display nested-group related UI for directories that support it.

Specified by:

supportsNestedGroups in interface RemoteDirectory

Returns:

true because Internal Directories support nested groups as of Crowd 2.0.

supportsPasswordExpiration

public boolean supportsPasswordExpiration()

Internal Directories always support expiring passwords

Specified by:

supportsPasswordExpiration in interface RemoteDirectory

Returns:

true, always.

supportsSettingEncryptedCredential

public boolean supportsSettingEncryptedCredential()

Internal directories always support setting passwords by hash.

Specified by:

supportsSettingEncryptedCredential in interface RemoteDirectory

Returns:

true, always.

isRolesDisabled

public boolean isRolesDisabled()

Description copied from interface: RemoteDirectory

Expose whether the directory has roles disabled. Always true.

Specified by:

isRolesDisabled in interface RemoteDirectory

Returns:

true

getMemberships

public Iterable<Membership> getMemberships()
                                    throws OperationFailedException

Description copied from interface: RemoteDirectory

Get an iterable view of the available group memberships. This may be implemented as a single remote call or separate calls, depending on the directory.

If there is a failure in the underlying retrieval, the iterator may throw Membership.MembershipIterationException at runtime.

If the directory does not have a bulk call interface then a typical implementation would be:

 
 return new DirectoryMembershipsIterable(this);
 
 

Specified by:

getMemberships in interface RemoteDirectory

Returns:

an iterable view of the available group memberships

Throws:

OperationFailedException - if the underlying directory implementation failed to execute the operation

getAuthoritativeDirectory

public RemoteDirectory getAuthoritativeDirectory()

Specified by:

getAuthoritativeDirectory in interface RemoteDirectory

Returns:

the directory that is the authoritative source of data for this directory, possibly itself.

expireAllPasswords

public void expireAllPasswords()

Description copied from interface: RemoteDirectory

Sets the UserConstants.REQUIRES_PASSWORD_CHANGE attribute to true for all users in the directory using bulk operations

Specified by:

expireAllPasswords in interface RemoteDirectory

getUserAvatarByName

public AvatarReference getUserAvatarByName(String username,
                                           int sizeHint)
                                    throws OperationFailedException

Description copied from interface: RemoteDirectory

Return an avatar, if available, for the named user.

Specified by:

getUserAvatarByName in interface RemoteDirectory

sizeHint - a hint in pixels for the context in which this will be used

Returns:

an avatar, or null if none is available

Throws:

OperationFailedException