Interface RemoteDirectory
- All Superinterfaces:
Attributes
- All Known Subinterfaces:
InternalRemoteDirectory
,LDAPDirectory
,SynchronisableDirectory
- All Known Implementing Classes:
AbstractForwardingDirectory
,AbstractInternalDirectory
,ApacheDS
,ApacheDS15
,AppleOpenDirectory
,AuditingDirectoryDecorator
,AzureAdDirectory
,CachingDirectory
,DbCachingRemoteDirectory
,DelegatedAuthenticationDirectory
,FedoraDS
,GenericLDAP
,InternalDirectory
,InternalDirectoryForDelegation
,MicrosoftActiveDirectory
,MockSimpleRemoteDirectory
,NovelleDirectory
,OpenDS
,OpenLDAP
,OpenLDAPRfc2307
,RecoveryModeRemoteDirectory
,RemoteCrowdDirectory
,Rfc2307
,RFC2307Directory
,RFC4519Directory
,SpringLDAPConnector
,SunONE
Implementations will be provided an directoryId and Map of attributes.
Implementations of RemoteDirectory</tt> may throw an <tt>OperationNotSupportedException
, if the operation is
not supported, and the method declares that it may throw an OperationFailedException
. Implementations should
not knowingly throw a RuntimeException unless it really is a programming error - e.g. attempting to search for users
using a group query.
-
Method Summary
Modifier and TypeMethodDescriptionaddGroup
(GroupTemplate group) Adds agroup
to the directory store.void
addGroupToGroup
(String childGroup, String parentGroup) Adds a group as a member of a parent group.addUser
(UserTemplate user, PasswordCredential credential) Deprecated.addUser
(UserTemplateWithAttributes user, PasswordCredential credential) Adds auser
to the directory store.void
addUserToGroup
(String username, String groupName) Adds a user as a member of a group.authenticate
(String name, PasswordCredential credential) Authenticates auser
with the directory store.countDirectMembersOfGroup
(String groupName, int querySizeHint) Count the direct members of a group in the remote directory.void
Sets theUserConstants.REQUIRES_PASSWORD_CHANGE
attribute to true for all users in the directory using bulk operationsfindGroupByName
(String name) Finds thegroup
that matches the suppliedname
.Finds thegroup
that matches the suppliedname
.findUserByExternalId
(String externalId) Finds the user that matches the suppliedexternalId
.findUserByName
(String name) Finds theuser
that matches the suppliedname
.Finds theuser
that matches the suppliedname
.Returns a descriptive name for the type of directory.long
Gets the internal uniquedirectoryId
of the directory store.Returns locally filtered group names.Get an iterable view of the available group memberships.default AvatarReference
getUserAvatarByName
(String username, int sizeHint) Return an avatar, if available, for the named user.boolean
isGroupDirectGroupMember
(String childGroup, String parentGroup) Determines if a group is a direct member of another group.boolean
Deprecated.boolean
isUserDirectGroupMember
(String username, String groupName) Determines if a user is a direct member of a group.void
removeGroup
(String name) Removes thegroup
that matches the suppliedname
.void
removeGroupAttributes
(String groupName, String attributeName) Removes all the values for a single attribute key for a group.void
removeGroupFromGroup
(String childGroup, String parentGroup) Removes a group as a member of a parent group.void
removeUser
(String name) Removes theuser
that matches the suppliedname
.void
removeUserAttributes
(String username, String attributeName) Removes all the values for a single attribute key for a user.void
removeUserFromGroup
(String username, String groupName) Removes a user as a member of a group.renameGroup
(String oldName, String newName) Renames agroup
.renameUser
(String oldName, String newName) Renames auser
.<T> List<T>
searchGroupRelationships
(MembershipQuery<T> query) Searches for membership information.<T> List<T>
searchGroups
(EntityQuery<T> query) Searches forgroups
that match the supplied query criteria.<T> List<T>
searchUsers
(EntityQuery<T> query) Searches forusers
that match the supplied query criteria.void
setAttributes
(Map<String, String> attributes) When a directory store is loaded, the attributes map will be set by the Crowd framework.void
setDirectoryId
(long directoryId) When a directory store is loaded, thedirectoryId
will be set by the crowd framework.void
Adds or updates a group's attributes with the new Map of attribute values in the directory specified by the passed indirectoryId
.void
Adds or updates a user's attributes with the new Map of attribute values in the directory specified by the passed indirectoryId
.boolean
Return true if this directory supports inactive users and groups.boolean
Allows us to only display nested-group related UI for directories that support it.boolean
Return true if this directory supports manually expiring passwords.boolean
If this method returns true, then callingupdateUserCredential(String, PasswordCredential)
oraddUser(com.atlassian.crowd.model.user.UserTemplate, com.atlassian.crowd.embedded.api.PasswordCredential)
with aPasswordCredential
instance wherePasswordCredential.isEncryptedCredential()
returns true and the instance is not equal toPasswordCredential.NONE
will succeed; otherwise, it will fail.void
Test if a connection to the directory server can be established.updateGroup
(GroupTemplate group) Updates thegroup
.updateUser
(UserTemplate user) Updates theuser
.void
updateUserCredential
(String username, PasswordCredential credential) default User
updateUserFromRemoteDirectory
(User remoteUser) default User
userAuthenticated
(String username) Methods inherited from interface com.atlassian.crowd.embedded.api.Attributes
getKeys, getValue, getValues, isEmpty
-
Method Details
-
getDirectoryId
long getDirectoryId()Gets the internal uniquedirectoryId
of the directory store.- Returns:
- The
directoryId
.
-
setDirectoryId
void setDirectoryId(long directoryId) When a directory store is loaded, thedirectoryId
will be set by the crowd framework.- Parameters:
directoryId
- The uniquedirectoryId
of theDirectoryImpl
stored in the database.
-
getDescriptiveName
Returns a descriptive name for the type of directory.- Returns:
- descriptive name.
-
setAttributes
When a directory store is loaded, the attributes map will be set by the Crowd framework. Implementations may store a reference to this map in order to implement the AttributesThe Map is immutable and implementations are required to maintain immutability.
- Parameters:
attributes
- attributes map.
-
findUserByName
Finds theuser
that matches the suppliedname
.- Parameters:
name
- the name of the user (username).- Returns:
- user entity.
- Throws:
UserNotFoundException
- a user with the supplied name does not exist.OperationFailedException
- underlying directory implementation failed to execute the operation.
-
findUserWithAttributesByName
@Nonnull UserWithAttributes findUserWithAttributesByName(String name) throws UserNotFoundException, OperationFailedException Finds theuser
that matches the suppliedname
.- Parameters:
name
- the name of the user (username).- Returns:
- user entity with attributes.
- Throws:
UserNotFoundException
- a user with the supplied name does not exist.OperationFailedException
- underlying directory implementation failed to execute the operation.
-
findUserByExternalId
@Nonnull User findUserByExternalId(String externalId) throws UserNotFoundException, OperationFailedException Finds the user that matches the suppliedexternalId
. This is an optional method that may not be implemented on all directory types. Currently it is implemented for LDAP and Internal directories but not Crowd directories.- Parameters:
externalId
- the externalId of the user- Returns:
- the user that matches the supplied
externalId
. - Throws:
UserNotFoundException
- a user with the supplied externalId does not exist.OperationFailedException
- underlying directory implementation failed to execute the operation.- Since:
- 2.7
- See Also:
-
authenticate
@Nonnull User authenticate(String name, PasswordCredential credential) throws UserNotFoundException, InactiveAccountException, InvalidAuthenticationException, ExpiredCredentialException, OperationFailedException Authenticates auser
with the directory store.- Parameters:
name
- The name of the user (username).credential
- The supplied credentials (password).- Returns:
- The populated user if the authentication is valid.
- Throws:
InactiveAccountException
- The supplied user is inactive.InvalidAuthenticationException
- Authentication with the provided credentials failed.UserNotFoundException
- The user with the supplied name does not exist.ExpiredCredentialException
- The user's credentials have expired. The user must change their credentials in order to successfully authenticate.OperationFailedException
- underlying directory implementation failed to execute the operation.
-
addUser
@Nonnull @Deprecated User addUser(UserTemplate user, PasswordCredential credential) throws InvalidUserException, InvalidCredentialException, UserAlreadyExistsException, OperationFailedException Deprecated.Adds auser
to the directory store.- Parameters:
user
- template of the user to add.credential
- a password, orPasswordCredential.NONE
for an account that cannot login with any password- Returns:
- the added user retrieved from the underlying store.
- Throws:
InvalidUserException
- The supplied user is invalid.InvalidCredentialException
- The supplied credential is invalid.UserAlreadyExistsException
- The user already existsOperationFailedException
- underlying directory implementation failed to execute the operation.- See Also:
-
addUser
UserWithAttributes addUser(UserTemplateWithAttributes user, PasswordCredential credential) throws InvalidUserException, InvalidCredentialException, UserAlreadyExistsException, OperationFailedException Adds auser
to the directory store.- Parameters:
user
- template of the user to add.credential
- a password, orPasswordCredential.NONE
for an account that cannot login with any password- Returns:
- the added user retrieved from the underlying store.
- Throws:
InvalidUserException
- The supplied user is invalid.InvalidCredentialException
- The supplied credential is invalid.UserAlreadyExistsException
- The user already existsOperationFailedException
- underlying directory implementation failed to execute the operation.- See Also:
-
updateUser
@Nonnull User updateUser(UserTemplate user) throws InvalidUserException, UserNotFoundException, OperationFailedException Updates theuser
.- Parameters:
user
- The user to update.- Returns:
- the updated user retrieved from the underlying store.
- Throws:
UserNotFoundException
- the user does not exist in the directory store.InvalidUserException
- the supplied user is invalid.OperationFailedException
- underlying directory implementation failed to execute the operation.
-
updateUserCredential
void updateUserCredential(String username, PasswordCredential credential) throws UserNotFoundException, InvalidCredentialException, OperationFailedException - Parameters:
username
- The name of the user (username).credential
- The new credential (password).- Throws:
UserNotFoundException
- The user does not exist.InvalidCredentialException
- The supplied credential is invalid.OperationFailedException
- underlying directory implementation failed to execute the operation.- See Also:
-
renameUser
@Nonnull User renameUser(String oldName, String newName) throws UserNotFoundException, InvalidUserException, UserAlreadyExistsException, OperationFailedException Renames auser
.- Parameters:
oldName
- name of existing user.newName
- desired name of user.- Returns:
- renamed user.
- Throws:
UserNotFoundException
- if the user with the existing name does not exist.InvalidUserException
- if the new username is invalid.UserAlreadyExistsException
- if the newName already exists.OperationFailedException
- if the underlying directory implementation failed to execute the operation.
-
storeUserAttributes
void storeUserAttributes(String username, Map<String, Set<String>> attributes) throws UserNotFoundException, OperationFailedExceptionAdds or updates a user's attributes with the new Map of attribute values in the directory specified by the passed indirectoryId
.The attributes map represents new or updated attributes and does not replace existing attributes unless the key of an attribute matches the key of an existing
Attributes with values of empty sets are not added (these attributes are effectively removed).
- Parameters:
username
- name of user to update.attributes
- new or updated attributes (attributes that don't need changing should not appear in this Map).- Throws:
UserNotFoundException
- user with supplied username does not exist.OperationFailedException
- underlying directory implementation failed to execute the operation.
-
removeUserAttributes
void removeUserAttributes(String username, String attributeName) throws UserNotFoundException, OperationFailedException Removes all the values for a single attribute key for a user. If the attribute key does not exist nothing will happen.- Parameters:
username
- name of the user to update.attributeName
- name of attribute to remove.- Throws:
UserNotFoundException
- user with supplied username does not exist.OperationFailedException
- underlying directory implementation failed to execute the operation.
-
removeUser
Removes theuser
that matches the suppliedname
.- Parameters:
name
- The name of the user (username).- Throws:
UserNotFoundException
- The user does not exist.OperationFailedException
- underlying directory implementation failed to execute the operation.
-
searchUsers
Searches forusers
that match the supplied query criteria.The users will be returned in a stable order including across pagination boundaries (excluding modification).
- Parameters:
query
- EntityQuery for Entity.USER.- Returns:
List<
orUser
>List<
of users/usernames matching the search criteria. An emptyString
>List
will be returned if no users matching the criteria are found.- Throws:
OperationFailedException
- if the underlying directory implementation failed to execute the operationIllegalArgumentException
- if the query is not a valid user query
-
findGroupByName
Finds thegroup
that matches the suppliedname
.- Parameters:
name
- the name of the group.- Returns:
- group entity.
- Throws:
GroupNotFoundException
- a group with the supplied name does not exist.OperationFailedException
- underlying directory implementation failed to execute the operation.
-
findGroupWithAttributesByName
@Nonnull GroupWithAttributes findGroupWithAttributesByName(String name) throws GroupNotFoundException, OperationFailedException Finds thegroup
that matches the suppliedname
.- Parameters:
name
- the name of the group.- Returns:
- group entity with attributes.
- Throws:
GroupNotFoundException
- a group with the supplied name does not exist.OperationFailedException
- underlying directory implementation failed to execute the operation.
-
addGroup
Adds agroup
to the directory store.- Parameters:
group
- template of the group to add.- Returns:
- the added group retrieved from the underlying store.
- Throws:
InvalidGroupException
- The supplied group is invalid or it already exists in the directory.OperationFailedException
- underlying directory implementation failed to execute the operation.
-
updateGroup
@Nonnull Group updateGroup(GroupTemplate group) throws InvalidGroupException, GroupNotFoundException, ReadOnlyGroupException, OperationFailedException Updates thegroup
.- Parameters:
group
- The group to update.- Returns:
- the updated group retrieved from the underlying store.
- Throws:
GroupNotFoundException
- the group does not exist in the directory store.InvalidGroupException
- the supplied group is invalid.ReadOnlyGroupException
- the group is read-onlyOperationFailedException
- underlying directory implementation failed to execute the operation.
-
renameGroup
@Nonnull Group renameGroup(String oldName, String newName) throws GroupNotFoundException, InvalidGroupException, OperationFailedException Renames agroup
.- Parameters:
oldName
- name of existing group.newName
- desired name of group.- Returns:
- renamed group.
- Throws:
GroupNotFoundException
- if the group with the existing name does not exist.InvalidGroupException
- if the new group name is invalid or already exists in the directory.OperationFailedException
- if the underlying directory implementation failed to execute the operation.
-
storeGroupAttributes
void storeGroupAttributes(String groupName, Map<String, Set<String>> attributes) throws GroupNotFoundException, OperationFailedExceptionAdds or updates a group's attributes with the new Map of attribute values in the directory specified by the passed indirectoryId
.The attributes map represents new or updated attributes and does not replace existing attributes unless the key of an attribute matches the key of an existing
Attributes with values of empty sets are not added (these attributes are effectively removed).
- Parameters:
groupName
- name of group to update.attributes
- new or updated attributes (attributes that don't need changing should not appear in this Map).- Throws:
GroupNotFoundException
- group with supplied groupName does not exist.OperationFailedException
- underlying directory implementation failed to execute the operation.
-
removeGroupAttributes
void removeGroupAttributes(String groupName, String attributeName) throws GroupNotFoundException, OperationFailedException Removes all the values for a single attribute key for a group.- Parameters:
groupName
- name of the group to update.attributeName
- name of attribute to remove.- Throws:
GroupNotFoundException
- group with supplied groupName does not exist.OperationFailedException
- underlying directory implementation failed to execute the operation.
-
removeGroup
void removeGroup(String name) throws GroupNotFoundException, ReadOnlyGroupException, OperationFailedException Removes thegroup
that matches the suppliedname
.- Parameters:
name
- The name of the group.- Throws:
GroupNotFoundException
- The group does not exist.ReadOnlyGroupException
- if the group is read-only and not allowed to be deleted.OperationFailedException
- underlying directory implementation failed to execute the operation.
-
searchGroups
Searches forgroups
that match the supplied query criteria.The groups will be returned in a stable order including across pagination boundaries (excluding modification).
- Parameters:
query
- EntityQuery for Entity.GROUP.- Returns:
List<Group>
orList<String>
of groups/groupnames matching the search criteria. An emptyList
will be returned if no groups matching the criteria are found.- Throws:
OperationFailedException
- if the underlying directory implementation failed to execute the operationIllegalArgumentException
- if the query is not a valid group query
-
isUserDirectGroupMember
Determines if a user is a direct member of a group. The directory is NOT expected to resolve any transitive group relationships.- Parameters:
username
- name of user.groupName
- name of group.- Returns:
true
iff the user is a direct member of the group.- Throws:
OperationFailedException
- underlying directory implementation failed to execute the operation.
-
isGroupDirectGroupMember
boolean isGroupDirectGroupMember(String childGroup, String parentGroup) throws OperationFailedException Determines if a group is a direct member of another group. The directory is NOT expected to resolve any transitive group relationships.- Parameters:
childGroup
- name of child group.parentGroup
- name of parent group.- Returns:
true
iff the childGroup is a direct member of the parentGroup.- Throws:
OperationFailedException
- underlying directory implementation failed to execute the operation.
-
countDirectMembersOfGroup
@Nonnull BoundedCount countDirectMembersOfGroup(String groupName, int querySizeHint) throws OperationFailedException Count the direct members of a group in the remote directory. You may hint at the number of memberships that you would like to see for the purposes of efficiency but the hint may be ignored.- Parameters:
groupName
- the name of the group to search forquerySizeHint
- hinting at the maximum number of memberships that should be counted. The directory that implements this may choose to count less or more. This is a user provided suggestion for potential efficiency.- Returns:
- A bounded count of the number of memberships in the given group for the provided directory. If the group is not found then there are exactly 0 members of that non-existent group.
- Throws:
OperationFailedException
- if we failed to count the number of memberships for the provided group.
-
addUserToGroup
void addUserToGroup(String username, String groupName) throws GroupNotFoundException, UserNotFoundException, ReadOnlyGroupException, OperationFailedException, MembershipAlreadyExistsException Adds a user as a member of a group. This means that all user members ofchildGroup
will appear as members ofparentGroup
to querying applications.- Parameters:
username
- The user that will become a member ofgroupName
groupName
- The group that will gain a new member.- Throws:
GroupNotFoundException
- If the group cannot be found.UserNotFoundException
- If the user cannot be found.ReadOnlyGroupException
- If the group is read-onlyMembershipAlreadyExistsException
- if the user is already a member of the groupOperationFailedException
- underlying directory implementation failed to execute the operation.
-
addGroupToGroup
void addGroupToGroup(String childGroup, String parentGroup) throws GroupNotFoundException, InvalidMembershipException, ReadOnlyGroupException, OperationFailedException, MembershipAlreadyExistsException Adds a group as a member of a parent group.- Parameters:
parentGroup
- The group that will gain a new memberchildGroup
- The group that will become a member ofparentGroup
- Throws:
GroupNotFoundException
- One or both of the groups cannot be found.InvalidMembershipException
- if the childGroup and parentGroup exist but are of different GroupTypes.ReadOnlyGroupException
- if either of the groups are read-onlyMembershipAlreadyExistsException
- if the child group is already a child of the parent groupOperationFailedException
- underlying directory implementation failed to execute the operation.
-
removeUserFromGroup
void removeUserFromGroup(String username, String groupName) throws GroupNotFoundException, UserNotFoundException, MembershipNotFoundException, ReadOnlyGroupException, OperationFailedException Removes a user as a member of a group.- Parameters:
groupName
- The group that will lose the member.username
- The user that will be removed fromparentGroup
- Throws:
GroupNotFoundException
- If the group cannot be found.UserNotFoundException
- If the user cannot be found.MembershipNotFoundException
- if the user is not a direct member of the group.ReadOnlyGroupException
- if the group is read-onlyOperationFailedException
- underlying directory implementation failed to execute the operation.
-
removeGroupFromGroup
void removeGroupFromGroup(String childGroup, String parentGroup) throws GroupNotFoundException, InvalidMembershipException, MembershipNotFoundException, ReadOnlyGroupException, OperationFailedException Removes a group as a member of a parent group.- Parameters:
parentGroup
- The group that will lose the member.childGroup
- The group that will be removed fromparentGroup
- Throws:
GroupNotFoundException
- One or both of the groups cannot be found.InvalidMembershipException
- if the childGroup and parentGroup exist but are of different GroupTypes.MembershipNotFoundException
- if the childGroup is not a direct member of the parentGroup.ReadOnlyGroupException
- if the groups are read-onlyOperationFailedException
- underlying directory implementation failed to execute the operation.
-
searchGroupRelationships
@Nonnull <T> List<T> searchGroupRelationships(MembershipQuery<T> query) throws OperationFailedException Searches for membership information.- Parameters:
query
- query for memberships.- Returns:
- a List of Users or Groups or Strings depending on the query criteria. An empty List if there are no results. Results are ordered by entity name, case-insensitive.
- Throws:
OperationFailedException
- underlying directory implementation failed to execute the operation.IllegalArgumentException
- if the query is not a valid membership query
-
testConnection
Test if a connection to the directory server can be established. When executed for a directory already persisted in the database (ie with a non-null id) the connection will be taken using the same semantics as during regular directory operations, which means that the connection may be sourced from a connection pool and be subject to additional validation if applicable. This gives a good indicator as to the RemoteDirectory's status but can be problematic when used to verify correctness during a directory update. If absolute certainty about the RemoteDirectory's status is not needed or the RemoteDirectory's lifecycle will be limited strictly to the connection test,CrowdDirectoryService.testConnection(Directory)
should be used instead.- Throws:
OperationFailedException
- underlying directory implementation failed to execute the operation.
-
supportsInactiveAccounts
boolean supportsInactiveAccounts()Return true if this directory supports inactive users and groups.- Returns:
- true if the directory supports inactive users and groups
-
supportsNestedGroups
boolean supportsNestedGroups()Allows us to only display nested-group related UI for directories that support it.- Returns:
- true if the directory can handle having a group added to a group.
-
supportsPasswordExpiration
boolean supportsPasswordExpiration()Return true if this directory supports manually expiring passwords.- Returns:
- true if this directory supports manually expiring passwords
-
supportsSettingEncryptedCredential
boolean supportsSettingEncryptedCredential()If this method returns true, then callingupdateUserCredential(String, PasswordCredential)
oraddUser(com.atlassian.crowd.model.user.UserTemplate, com.atlassian.crowd.embedded.api.PasswordCredential)
with aPasswordCredential
instance wherePasswordCredential.isEncryptedCredential()
returns true and the instance is not equal toPasswordCredential.NONE
will succeed; otherwise, it will fail.- Returns:
- true if this directory supports setting passwords by hash
-
isRolesDisabled
Deprecated.Expose whether the directory has roles disabled. Always true.- Returns:
- true
-
getMemberships
Get an iterable view of the available group memberships. This may be implemented as a single remote call or separate calls, depending on the directory.
If there is a failure in the underlying retrieval, the iterator may throw
Membership.MembershipIterationException
at runtime.If the directory does not have a bulk call interface then a typical implementation would be:
return new DirectoryMembershipsIterable(this);
- Returns:
- an iterable view of the available group memberships
- Throws:
OperationFailedException
- if the underlying directory implementation failed to execute the operation
-
getAuthoritativeDirectory
- Returns:
- the directory that is the authoritative source of data for this directory, possibly itself.
-
expireAllPasswords
Sets theUserConstants.REQUIRES_PASSWORD_CHANGE
attribute to true for all users in the directory using bulk operations- Throws:
OperationFailedException
-
getUserAvatarByName
@Nullable default AvatarReference getUserAvatarByName(String username, int sizeHint) throws UserNotFoundException, OperationFailedException Return an avatar, if available, for the named user.- Parameters:
sizeHint
- a hint in pixels for the context in which this will be used- Returns:
- an avatar, or
null
if none is available - Throws:
UserNotFoundException
OperationFailedException
-
updateUserFromRemoteDirectory
@ExperimentalApi default User updateUserFromRemoteDirectory(User remoteUser) throws OperationFailedException, UserNotFoundException -
userAuthenticated
@ExperimentalApi default User userAuthenticated(String username) throws OperationFailedException, UserNotFoundException, InactiveAccountException -
getLocallyFilteredGroupNames
Returns locally filtered group names.Locally filtered groups are groups filtered on Crowd side, in opposite to groups filtered externally, i.e. using LDAP filter. Group names are case insensitive.
Note: Nested group memberships will not be resolved for the groups by this method.
- Returns:
- Optional.empty() when local group filtering is disabled, otherwise return set of group names to filter.
-
addUser(com.atlassian.crowd.model.user.UserTemplateWithAttributes, com.atlassian.crowd.embedded.api.PasswordCredential)
instead.