All Classes and Interfaces
Class
Description
Abstract implementation of the batch finder, sub classes should extend this implementation with an implementation
of
AbstractBatchFinder.processBatchFind(long, java.util.Collection, Class) which performs the hibernate version specific
search.Thread-safe batch processor.
AbstractChangePasswordPage<T extends com.atlassian.pageobjects.Page,V extends AbstractChangePasswordPage>
Implementation of ClusterNodeHeartbeatService.
Base class for Crowd pages.
Abstract database validator that depends on an existing
Connection.Contains constants and helper methods that are shared between DbCachingLoad tests
The LDAP server properties will be determined by the property file provided in the system property: tpm.loadtest.file
An implementation of ApplicationService that delegates all methods to another ApplicationService.
Abstract class providing a delegating implementation of the
Attributes interface.An abstract implementation of
DirectoryInstanceLoader which provides a default implementation
of AbstractDirectoryInstanceLoader.getDirectory(Directory)Base class for event listeners.
A utility class which delegates (i.e.
AbstractHibernateBatchProcessor<T extends org.hibernate.SharedSessionContract>
AbstractHibernateBatchProcessor<T extends org.hibernate.SharedSessionContract>
An abstract
MembershipSearchStrategy which searches across multiple directories in memory for users and groupsThis class holds methods that are common to both
InternalDirectory and CachingDirectory.Represents an action which injects look and feel config and returns the SUCCESS resolution
Helper class that publishes output event at most once per defined period of time, when the threshold
of incoming events is reached.
Abstract resource controller.
Base class for listeners that manage transactions on it's own.
A filter that delegates to a plugin filter, but only if the user is allowed to access the annotated resource.
Interface for filtering users and groups with access.
Factory for
AccessFilter.An enum class to extract security defined access information.
Basic interface for all access type analyzers.
Thrown when the account could not be found during an authentication attempt.
Essentially a function pointer.
Execute an action, repeatedly, concurrently.
An encoder specifically for Microsoft Active Directory that first delegates to the provided base encoder and then
converts the result of that to the byte[] format that Active Directory expects.
Represents an "entity deleted" event from Active Directory.
Utility for handling ActiveDirectory's account expiration setting.
An specialisation of
LDAPQueryTranslaterImpl that can translate Active Directory
enabled/disabled user queries.Specialised
LDAPUserAttributesMapper for Active Directory.A specialisation of
UserContextMapper for Active Directory.Connection details for an application
Adds user attributes to SAML assertion
Web acceptance test for the adding of a Group
Service for providing additional information to
SupportInformationService.Web acceptance test for the adding of a Principal
Encapsulates a query for groups administered by a user.
Used to indicate that an alias is already used by another application user.
TODO: replace this with AliasAlreadyInUseException when bumping major version
RuntimeException version of
AliasAlreadyInUseExceptionManages persistence of aliases.
API to manage application-specific user aliases.
Resource for managing aliases.
Used as a marker for all alias changes, not only deletions.
An event which is published after all passwords have been expired from a directory.
Invalidate all user sessions after all passwords have been expired from a director.
This event is triggered after invalidating all SSO Tokens.
Helper class for configuring and fetching analytics through REST.
Listener for all analytics events that can be published in Crowd.
Checks if the user is allowed to access the annotated resource.
Thrown when the user is not logged in but attempts to perform an action
which requires an authenticated user.
Thrown when the user is not logged in but attempts to perform an action
which requires an authenticated user.
Results of scan which iterates over users in a given application and finds invalid and duplicated email addresses.
Manages persistence of
AppIssuesWithMailScanResultEntity.Service for running email issues scans for a given application.
Provides limited support for Apple's Open Directory.
An Application in Crowd.
Generic ApplicationAcceptanceTestCase base class for all
web acceptance tests.
Thrown to indicate that a user does not have access to authenticate against an application.
Thrown if user does not have access to a particular
application and attempts to authenticate against it.
Exception thrown when user can log in to CROWD but not to a given application.
Represents a service for managing applications
Used to indicate that there exists an application with the same name as
the one to be created.
Maps an
ApplicationAlreadyExistsException to a Response.Constants for attributes of an application.
The
ApplicationAuthenticationContext is used by authenticating
applications.Needed so application plugins can get the correct list of web-items without having to depend too heavily on the
internals of the way Crowd lays out the page.
Holder class for Application information collected during
the 'Application Wizard'
Context for data related to the
Application user is logging into.Controller for the Application resource.
Event published when a new application has been created
Manages persistence of
Application.A default group membership configuration for an application and a directory
Hibernate DAO for managing application default group memberships
Event published when an application has been deleted
Event which occurs when a directory is added to an Application's list of
included directories.
Represents a mapping of an application to a directory.
Event which occurs when a directory is moved to another position in
Application's list of included directories.
Event which occurs when a directory is removed from an Application's list of
included directories.
Represents an Application entity.
Contains a list of
ApplicationEntitys.Translates between application related REST entities and
com.atlassian.crowd.model classes.Necessary evil as Crowd's
Application is a concrete class.Deprecated.
Component providing information whether Centralized licensing feature is enabled
Resource for application licensing
Component controlling the feature of application license usage monitoring, it is a god class for fetching usage data
from the application as well as storing the data and serving the queries for it.
An abstraction to hide away the mechanism to fetch the instance of
ApplicationLinkServiceHelper for creating links and URIs.
Application management API.
Represents an error attempting to modify application configuration.
Maps an
ApplicationManagerException to a Response.This mapper will handle the mapping of a
ApplicationThrown when an application is not found.
Thrown to indicate that an Application does not have the required permission to perform the operation.
This event is fired when the application has started and is ready.
Listens to
ApplicationStartedEvent and
XMLRestoreFinishedEvent and notifies lifecycle manager.Event which occurs when a RemoteAddress is added to an Application's list of allowed remote addresses.
Listens to events affecting the Application's list of permitted remote addresses.
Event which occurs when a RemoteAddress is removed from an Application's list of allowed remote addresses.
Decides if a client address is authorised to connect as a given application.
Validates a connection attempt based on whether the client address matches the set of allowed remote
addresses of the application.
Represents an Application resource.
Tests for the Application resource
Utility class for
ApplicationRepresents SAML SSO configuration for an application
Allows storing and retrieving application-specific SAML SSO configuration
This mapper will handle the mapping of a
ApplicationSamlConfigurationEntityException thrown when application was not configured for the SSO.
A service for managing an application's SAML SSO configuration
Event which occurs when a SAML configuration within application is changed.
The exposed service provided by Crowd to client applications.
Helper class for testing
ApplicationServiceIndicates that SSO was disabled for given application.
Represents the current state of the Crowd application
Service for operating on the current Crowd status
A servlet that returns the current state of the application.
Application subtypes.
Parent class for events related to specific applications, such as configuration changes and aliasing changes.
Represents the type of an application.
Occurs when the configuration of an newApplication changes.
Used as a marker for all application updates that should invalidate synchronization for a specific application,
without affecting other applications that are configured to use the same directories.
Helper to build the final audit log changesets, from separately retrieved changesets, entries and entities
Should avoid doing any extra queries (usually via collection/relationship traversal), and be implemented
using pre-fetched data instead.
This action handles the importing of all Atlassian
products into Crowd
This enricher is intended for Atlassian plugins that use atlassian-rest by defining rest tags inside the
plugin descriptor file (atlassian-plugin.xml).
Atlassian Scheduler specific implementation of
BackupSchedulerImplementation of DirectoryPollerManager that uses Atlassian Scheduler
This class is responsible for encoding and validating passwords using Atlassian Password Encoder from Atlassian
Security project, while also validating passwords encoded in Atlassian SHA1 format in order to be backwards
compatible.
The Atlassian implementation of the SHA-1 password encoder, based on the OSUser implementation.
Represents a single-valued attribute.
Contains a list of
AttributeEntitys.Maps a single attribute for an entity from an LDAP
NameAttributesPair to a set of string values.Represents attributes that can be associated to users and groups.
Matcher for any Crowd entity with attributes.
Modified by Atlassian
From Spring LDAP 2.0.2.RELEASE
Utility class for
Attributes conversions.Code copied from: http://jira.springframework.org/browse/LDAP-176
To fix: http://jira.atlassian.com/browse/CWD-1445
Concrete implementation of Attributes interface.
Hibernate DAO for storing and accessing the audit log
A decorator around a
RemoteDirectory that creates events in the audit log upon changes.Represents the author of an audit log entry
Determines the type of entity that created the audit log entry
Represents a set of changes that was saved in an audit log.
Populates the audit log changeset and author
Allows specifying a projection for an
AuditLogQuery.Represents configuration for the audit log
This class represents an update to the auditing configuration.
Allows to run code with overridden default properties (such as the audit log author or source)
Represents a set of operations which should be executed on behalf of
AuditLogAuthor.Internal extension of
AuditLogContext that allows to obtain the current state in the contextRepresentation of component which checks whether auditing is enabled or not
Represents an object affected by an auditable event.
Determines the type of entity which was changed during the audit action
Represents an audit log entry, belonging to a changeset
Describes the possible auditable event types.
Resolves the common properties for the audit log changeset - the author and the current request's address
Responsible for cleaning state audit log entries
A specialized type of query for the audit log.
A restriction for an author of an audit log changeset.
Allows creating AuditLogQueries
A restriction for an affected object of an audit log entry.
Translates an instance of
AuditLogQuery into a HQLQuery, that can later be executed.The service for interacting with the audit log.
Keeps a reference to the authenticated application, during requests processed by
com.atlassian.plugins.rest.common.security.jersey.AuthenticatedResourceFilterUtility for setting and retrieving the application name and token from the
HttpServletRequest.An authentication token maps the valid authentication.
Utility for setting and retrieving the authenticated user's name from the
HttpServletRequest.Minimal information necessary when authenticating with the Crowd server.
REST version of an AuthenticationContext.
REST version of an AuthenticationContext.
User authentication controller.
Authentication methods known to the Rest Crowd Client.
User Authentication Resource.
Note that this test class is reused in JIRA via inheritance.
This class holds authentication state.
Interface that
CacheAwareCrowdHttpAuthenticator
calls when it want's to ensure a user exists in the cache.Context for logged in user data.
Group was automatically created.
User was automatically created.
User was automatically updated.
A directory may represent avatars as references to URLs or as binary blobs.
An image represented as a blob of bytes along with a content type.
A reference to an avatar available through a user's browser.
Microsoft Entra ID connector
Marker interface for the Microsoft Entra ID directory instance loader.
Loads an implementation of a
AzureAdDirectory for use at runtime by the Crowd security server.Wrapper class to facilitate paging results from Microsoft Graph
Jersey ClientRequestFilter for Microsoft Entra ID authentication support.
The client used to communicate with Microsoft Entra ID via Microsoft Graph.
Creates an
AzureAdRestClient and all of its dependencies, using the given Azure application data.Maps REST entities returned from Microsoft Graph to Crowd entities and vice versa
Provides addresses of Microsoft Entra ID APIs
Data object containing the configuration for user filtering based on groups
Helper class to fetch membership data.
Various constants related to backup file names
Service to deal with access to backup files
JobRunner to perform an export
Service to deal with with backups
Indicates that a backup or restore has not been performed as there is a backup or restore operation currently underway
Service to handle the scheduling of automated backup.
Summary of automated backup files.
Responsible for specifying Importer implementation for crowdified/legacy Bamboo versions
Bamboo 6.6 introduced integration with EC along with updated data schema compatible with CrowdifiedJiraImporter
Encryptor that uses base64 to encode and decode input string.
Represents SAML SSO configuration for an application, without application data
Abstract class with a few methods that will help locate a given resource
Get a test application's base URL from a properties file, with overrides from system properties.
Utility class that returns the base URL of the running Crowd/Horde server.
Implementation of HTTP Basic Authentication such that all invocations
to the filter must be authenticated with a valid application name
and corresponding password.
A collection of methods that help implementing HTTP basic auth for end users and applications.
This exists because the HTTPBasicAuthFilter shipped with Jersey 1.0.3 adds "�" padding before encoding, which
confuses the Spring Basic Auth filter.
Represents resolvers for Microsoft Entra ID directories with default endpoints
Rule which runs tests in batches.
@BatchNumber annotation is applied at the test class level to assign each class to a specific batch
when tests are executed in batched mode.Performs a named query against crowd data with the ability to split up the related IN clause.
Threadsafe batch processor.
A batch mutation operation result representing the collection of entities
that were successfully processed and the collection of entities that failed
processing.
Batch result that stores ID references of all the directory entities that were
successfully processed by the batch.
Allows actions to be taken before groups are removed by the directory manager
on Application or Directory DAOs.
Dumps both global SSO and per app SSO configs.
Implements a bitwise filter for Active Directory attributes.
Specialized filter to block OpenSocial requests specifically made by the
Apache Shindig OpenSocial implementation.
A boolean search restriction.
Represents a boolean restriction entity.
Represents a boolean restriction entity.
Boolean implementation that allows us to store Booleans as "true" and "false".
An
AbstractTypeDescriptor which maps Java Boolean values to String values containing either
"true" or "false".A
SpringObjectFactory that is aware that Crowd's ApplicationContext
can change after bootstrapping.An event indicating that the bootstrap context has been initialised.
Represents basic added dependencies for the initialization of the web-app context for Crowd.
A
ContextLoaderListener for the main Spring context.A possibly approximate count of the number of elements in a collection.
Test the searching of groups
Test the searching of users
Build constants.
Thrown to indicate that a bulk add operation has failed.
Represents the results from an 'addAll' operation.
Allows mapping a collection of entities processes by a
BatchProcessor
to a list of audit log changesets, to be persisted to generate an audit trail for the operation.Represents the results from a 'removeAll' operation.
Responsible for loading bundled plugins that
are stored in "atlassian-bundled-plugins.zip"
on the root of the classpath, or, the jars
from the crowd-home/bundled-plugins directory.
Deprecated.
Since v2.12 - directory instances no longer rely on instance-local state (when using the new v2.12 components)
and don't need to be cached.
A servlet that serves custom login page logo.
CacheAwareCrowdHttpAuthenticator ensures that a user exists in the cache when a user is retrieved from the server or
is authenticated.
Contains some static definitions for caching that may be useful to REST endpoints
Caches the result of validating the application remote address.
Wrapper that caches encryption and decryption results.
Cached version of
HttpRequestAccessTypeAnalyzer.Caching wrapper for
MultipleGroupsProviderCached version of
HttpRequestAccessTypeAnalyzer for plugin servlets.Allows lookups on users/groups stored in the database.
Interface for distributed cache factory.
A
CacheFactory (and also a CacheManager) backed by Ehcache.Collection of membership cache invalidations.
Represents a way of refreshing a local cache of an external directory.
Factory for creating CacheRefresher instances.
Deprecated.
Implementation of ApplicationService which caches the result of ApplicationService methods.
Helper class improving backup restore by caching in memory DB dump after first restore.
This InternalDirectory is used for locally caching Users and Groups from an external Directory.
Caching wrapper over
InternalMembershipDao.Caching wrapper over
InternalMembershipDao.Helper class for getting canonical entity from multiple directories.
Finds canonical users that have a provided email address.
Generates pair of certificate and private key 4096 bits long using RSA algorithm.
NameID generator which allows to add supported generators to which it delegates.
Collects count of e-mail changes by end-users that happened since last statistics collection.
Counts occurrences of character classes in a String.
Password constraint which analyzes the character types of a password.
Properties required for the Crowd Client.
This bean is a container for the application's crowd.properties.
Will find the location of the given resourceName based off a set of rules to
locate the given resourceFileName:
System property
Configuration directory
Classpath
Utility methods for the Jersey client classes
javax.ws.rs.client.Exception is thrown when a client validation fails.
Manager that validates whether a client can make a request.
Implements ClientValidationManager.
Email address validator compatible with Atlassian Cloud.
Utility class to store in a cache whether the InetAddress is permitted or forbidden to make a request to the Crowd server.
A plugin controller which has methods dedicated to working with single nodes of a cluster Crowd setup.
A cluster-safe implementation of UserAuthorisationCache.
Hibernate DAO to store node heartbeats
Handles direct operations on cluster heartbeats
Allows persisting and retrieving information about the cluster nodes
Provides data about cluster
Handles conversion between Crowd's InternalClusterJob and Caesium's ClusteredJobs.
Hibernate DAO to store cluster locks
Encryptor that synchronizes on given cluster lock when doing encryption.Helper class supporting lambdas for
ClusterLockPersistent storage of messages passed between cluster nodes.
Receives messages from other nodes in a cluster.
Administration interface for
ClusterMessageService.Allows sending short cross-node messages.
Exposes the spi for cluster-monitoring plugin, based on
ClusterServiceRepresents additional monitoring information about the cluster node and it's environment
Clustered applications need to implement this DAO in order to be able to use the
DatabaseClusterLockService.Provides a heartbeat for nodes of a cluster and utility methods for finding out about the "liveness" of other nodes.
Manages storing the additional cluster node information on each node
Provides data about clustering configuration
Implementation of com.atlassian.crowd.service.cluster.ClusterService
Schedules and runs cluster wide statistics collection.
Builder for MultiTermRestrictions.
A specific extension of the Runtime OperationFailedException that is thrown when the host application is unable to
communicate with the remote User Directory.
Represents combination of the multiple validator instance, giving an AND behaviour
Responsible for identifying the appropriate Importer based on
whether the source product is integrated with Embedded Crowd
A subclass of
DbCachingRemoteDirectoryInstanceLoader which allows DB caching to be switched off based
on the DirectoryProperties.CACHE_ENABLED attribute.Injects extra hibernate properties, based on
HibernateConfigThis class represents the properties required to connect with a database,
specifically the details for a JIRA, Confluence or Bamboo database.
This class represents a simple property update, mainly meant for configuration changes in Crowd.
Types of all supported and configurable database engines
This class handles the delegation of the import of Confluence Groups, Users and their memberships into Crowd.
The system-wide settings for JNDI LDAP connection pooling.
Class containing the JNDI LDAP Connection Pool properties.
Represents a component which can be configured to stop or start issuing
Connection to the
applicationRepresents a component which track all the active JDBC connections leased via
DelegatingConnectionProviderFacilitates decoration of connection properties as specified in
DefaultDatabaseConnectionParameters for JDBC
connectionsAggregates errors for the list of validators
Authentication tests for the Crowd Console.
Will find the location of the given propertyFileName based off a set of rules to
locate the given propertyFileName.
Crowd Client constants.
Factory bean for EhCacheManagers that name
CacheManagers after
the Id of the application context in which they are instantiated.An abstract implementation of
ContextMapperWithRequiredAttributes for cases where
a mapper requires core attributes and also the attributes for any attached
custom AttributeMappers.A
ContextMapper for LDAP NameAttributesPairs that declares which attributes it requires.Utility class for converting between model objects and embedded/application objects.
Converts a string name into a Name, for use with spring-ldap.
Controller for cookie configuration.
REST version of a cookie configuration
REST version of a cookie configuration
Represents the configuration of Crowd's cookie based SSO
This Mojo copies dependencies from a specified artifact's dependencyManagement section to the project.
Used to parse Cql to a
SearchRestriction.An implementation of CqlQueryParser
Extension of the Connector Action to allow for Delegated Directory Creation
Basic action creating a SAML SSO Response
Extends
CrowdAcceptanceTestCase with an email server.Although this is an authorisation exception, Crowd
combines authentication and authorisation in one
call to the Crowd server to determine if a user is
allowed access to a particular remote application.
Marker interface for Crowd emitted analytics events.
Required by the Plugin System
AuthenticationProvider for the Crowd web-application itself.
Service for creating persistent sessions for specified users.
This class has the responsibility of returning an instance of the 'Crowd'
application (not constructing it).
This granted authority is assigned to users authenticated to the Crowd application
This is the implementation of CrowdAuthenticationProvider used by the 'crowd-application' plugin modules
(ie.
This granted authority is assigned to users authenticated to applications defined in Crowd, other than the Crowd
application.
Implementation of
AuthenticationControllerCrowd implementation of
AuthenticationListenerThe CrowdAuthenticationProvider can be used in both SSO and non-SSO mode.
Responsible for parsing and formatting dates used in Crowd backups.
A filter that modifies
StrutsPrepareFilter to get its state from
BootstrapLoaderListener and installs a DefaultConfiguration.BootstrapManager is responsible for initializing the dependencies of Crowd environment.
Prevents IE and Safari user agents from caching REST responses
IE and Safari aggressively cache responses of asynchronous request unless they've headers preventing doing that
Handles URIs that should not be cached.
Atlassian Crowd client interface.
Class will create new instances of a CrowdClient.
Mapper implementation that will take the values from a Crowd instances
crowd.cfg.xml
and place this into Crowd XML export/import.This class extends the current 2.x CrowdConfigMapper because configuration mapping is 100% backwards-compatible in XML.
Provides a connection to the database in SAL.
Page object implementation for the Dashboard page in Crowd.
All test cases exhibit Crowd in state where JNDI LDAP Connection pool system property is set to '0'
Crowd server constants.
Crowd implementation of
CriteriaBatchedInClauseHelperBuilder.A char data type using char-length semantics in Oracle and respects the
SQLServerIntlDialect.Custom type mirroring HBM2DDL's handling of 'text' type, which additionally respects the
SQLServerIntlDialectA custom timestamp data type that is compatible with
SQLServerDialect.A varchar data type using char-length semantics in Oracle and respects the
SQLServerIntlDialect.Provides methods to determine if specified dark features are enabled or not
Represents a Crowd-Server specific error, eg.
A springified DelagatingFilterProxy which does not
attempt to wire up (and hence run) the filter unless
Crowd has been setup successfully.
Provides the interface for performing Directory Operations in Crowd for applications embedding Crowd.
Factory for event publisher instances.
CrowdException is the superclass of Crowd-specific exceptions
that must be caught.PageObject representing the header of the pages
Resolves help paths using help-paths.properties
Implementation of
InternalHostApplication for CrowdThis is HSQL dialect for Hibernate compatible with hsql 1.8.
This interface is used to manage HTTP authentication.
An implementation of CrowdHttpAuthenticator using a
CrowdClient
to talk to a Crowd server.Crowd implementation of
HttpContext.Helper class for Crowd SSO token operations.
Helper class for Crowd SSO token operations.
Classes which extracts validation factors from a request object should implement this interface.
Extracts ValidationFactors.
Crowd i18n resolver
This interface represents the subset of LdapName functionality that is expected to be used by the Crowd code base.
A singleton factory class responsible for generating and managing CrowdLdapName instances.
Light-weight version of LdapTemplate which avoids creating DirContextAdapter.
Crowd license handler that stores the license
Stores license/hash in crowd.cfg.xml.
Handles the storage and retrieval of a Crowd License.
Crowd implementation of LevelConverter strategy.
If the CrowdHomeLogAppender has been configured, then this listener is responsible for configuring it to
redirect logging to the crowd home directory once the bootstrap context is initialised.
Logout handler to logout of Crowd and remove the
Crowd SSO token cookie.
An OpenSessionInViewFilter which does not
attempt to wire up (and hence run) the filter unless
Crowd's Spring container has been loaded successfully.
OSGI container manager that caches service trackers.
Persists into the DB via the
PluginPropertyManager the state of Crowd's pluginsCrowd implementation of PluginSettings interface.
Crowd project manager that returns no project keys, as this doesn't really apply to crowd
Mapper implementation that will take the values from a Crowd instances
crowd.properties
and place this into Crowd XML export/importThis class extends the current 2.x CrowdPropertiesMapper because crowd.properties mapping is 100% backwards-compatible in XML.
Configuration for Crowd Remember me functionality
Service allowing storage, retrieval and manipulation of
CrowdRememberMeTokenComponent representing database access layer for
InternalCrowdRememberMeTokenCrowdRuntimeException is the superclass of Crowd-specific exceptions that may be thrown but not
necessarily caught.A service for managing global SAML configuration.
A service for managing global SAML configuration.
An implementation of CaesiumServiceConfiguration using default values.
Search provider that always returns no search matches
Enhances the plugin filters with access check.
This filter manages protecting a
web.xml url-pattern.Provides ClientProperties to be used in crowd-the-webapp.
Provides the interface for performing User and Group operations in Crowd for applications embedding Crowd.
Default implementation of the CrowdService
Filters container implementation which delegates to plugin filters.
Servlets container implementation which delegates to plugin servlets.
Represents basic Remember Me configuration in Crowd
Tests that are Crowd (Crowd as product) specific.
This handles static initialization of our liquibase custom components.
A provider which delivers logic to get SSO user details.
The authentication details for an AuthenticationToken.
The CrowdSSOAuthenticationProcessingFilter is to be used in
conjunction with the CrowdAuthenticationProvider to provide SSO
authentication.
A CrowdSSOAuthenticationToken can be used to represent an
authentication request consisting of the Crowd SSO Token
String (credential) and HTTP ValidationFactors (details).
Represents a failed authentication attempt using an SSO token
that is not valid.
CrowdTestedProduct (or TestedProduct<…>) contains the configuration of the product for testing with PageObjects, especially the base URL that is used to
execute the tests.
Crowd thread local context manager.
Provide access to the state of the application thread locals.
Crowd's implementation of
TimeZoneManager.This authentication strategy is replacement for
DefaultTlsDirContextAuthenticationStrategy,
and is a workaround for bug affecting JDK9-JDK13.Implements a basic UserWithAttributes wrapper for Crowd principals.
Interface for retrieving users from Crowd.
Retrieves users from Crowd using Crowd's remote API.
Crowd specific implementation of the Atlassian Plugin
WebFragmentHelperCrowd-specific implementation of the Atlassian Plugin WebResourceIntegration
Base Crowd test case, with extra assertions on top of
CrowdWebDriverTest.Crowd specific implementation of XsrfTokenAccessor.
Crowd specific implementation of XsrfTokenInterceptor.
Crowd specific implementation of XsrfTokenValidator.
An interceptor that wraps the action execution in a single Hibernate transaction.
This configuration type will encapsulate all required elements
to import users/groups and their memberships into Crowd from
two CSV files
Action class to handle the confimation of the CSV mappings
This class is responsible for importing users, groups and their
memberships from two CSV files.
Test's the adding of a CSV file into Crowd
Simple csv stat writer
Abstract class that contains a common method that all sub-classes will require to read and manage
the mapping of attributes from a CSV line.
Mapping action for the CSV importer
Represents resolvers for Microsoft Entra ID directories with custom endpoints specified
Helper class providing
CustomDataFetcher.CustomDirectoryInstanceLoader loads a RemoteDirectory by using an
InstanceFactory
to create a RemoteDirectory.Oracle has deprecated LONG and LONG RAW data types,
so Hibernate's standard mappings will be overridden to clob and blob.
Allows using the DarkFeatureManager that lives in the Crowd SAL plugin from the Crowd host.
Collects values of dark features
Select the type of database to configure Crowd with:
Embedded (HSQLDB)
External JDBC (C3P0 pooled)
Handles database initialisation, either by means of setup or application bootstrap
Represents a database connection decorator component which decorates the application config, connection url according
to relevant parameters supplied by underlying implementations
A mapper that will handle migrating the data from a legacy Crowd (pre 2.0) database to the Crowd 2.0+ database schema.
Responsible for storing the encryption keypair in the database
Validator that checks the settings of a database, configured externally.
This manager will look after verifiers that need to run against the legacy database before migration
to validate that the migration can proceed.
Responsible for verifying the correctness/compatibility of pre 2.0 database to 2.0+ database
Deprecated.
Generic interface for classes that need to encrypt or re-encrypt existing data.
Formats and parses dates using the provided
DateTimeFormatter pattern with the timezone set to UTC.A Directory poller for the
DbCachingRemoteDirectory.Tests that DbCaching directories can still function while a synchronisation is occurring.
Tests will create and remove users/groups/memberships in the base of the test OU in order to test
sync performance if there has been changes made to the LDAP directory.
Summary of the loadTesting ou that exists on crowd-ad1 and TPM
https://hello.atlassian.net/wiki/spaces/CROWD/pages/161748218/Load+Testing
A
RemoteDirectory that provides LDAP and Crowd integration plus local storage in an internal directory
for LDAP user and group attributes, and local groups for LDAP and Crowd users with local caching of remote data.Loader that allows for proxying of a remote directory through a local cache/mirror.
Helper class for testing DB caching directories.
Information about the synchronisation.
Interface to determine whether current license is DC.
This Component verifies Data Center license if a given method or class is decorated by
RequiresDataCenterLicenseAdds debug logging when accessing the wrapped
PropertySet.Implements the
<decorator> plugin module.Default implementation of
AzureAdRestClientFactoryDefault implementation of
BackupFileStore.Default implementation of
BackupManagerDefault implementation of
CacheFactory.Form-backing bean used to set default values in the JNDI LDAP connection pool UI and convert
the values for storage as application attributes.
Data holder for the connection parameters for specified databases
The service for configuration of default group memberships in directories
Default implementation of
ExpirableUserTokenService backed by a storage DAO.The default GroupActionStrategy, that does not have explicit handling for groups with duplicate names and different
external ids
Resolves default groups which user should be added to during authentication
The service for configuring default group memberships.
Default implementation of
HttpClientProvider that creates http clients with client-side caching support.Default implementation of
InviteUserTokenService backed by a storage DAO.Represents a set of Microsoft Entra ID regions which are supported by Crowd
A
SearchStrategyFactory which will delegate to the DirectoryManager for all of its
search strategies.Crowd implementation of the UserManager
This implementation of a
RemoteDirectory provides delegated
authentication to an underlying remote LDAP implementation.Marker interface for the Delegated Authentication Directory instance loader.
Extra tests on top of
DelegatedDirectoryTest to cover LDAP
directories with nested groups.Extra tests on top of
DelegatedDirectoryTest to cover LDAP
directories with nested groups.Marker interface for the Delegating Directory instance loader.
Iterative directory instance loader.
Implementation of GroupWithAttributes that simply delegates to an underlying Group and Attributes object.
Implementation of GroupWithAttributes that simply delegates to an underlying Group and Attributes object.
Basic implementation of
MultiEventPublisher that delegates to an underlying EventPublisherImplementation of UserWithAttributes that simply delegates to an underlying User and Attributes object.
Implementation of UserWithAttributes that simply delegates to an underlying User and Attributes object.
Active Directory control that allows for
the searching of deleted objects aka
'tombstones'.
Wrapper for the LDAPDeletedResultsControl so
that it "fits in" with the SpringLDAP templating
model.
Hibernate Operation to delete entities in batch
Hibernate Operation to delete entities in batch
Performs delta queries on Microsoft Entra ID to facilitate incremental synchronisation.
Encapsulates the result of a delta query.
Represents a pair of delta tokens for an Microsoft Entra ID synchronisation.
This encoder implements the DES algorithm
Utility class for
DirectoryRepresents a Directory configuration in Crowd.
Represents a resource for directories, this resource is accessible by user-based authentication
Class providing assertions for directory tests.
A cache of users, groups and memberships for an external Directory.
Individual methods that should be performed in transactions.
Factory for creating DirectoryCache instances.
DirectoryCacheFactory that returns DbCachingRemoteDirectoryCache instance.
Configuration specific to the movement of users/groups/memberships
from one RemoteDirectory to another.
Action class to handle the confirmation of the Directory mappingsm
Thrown when an operation failed because the directory is currently synchronising.
Thrown when an operation failed because the directory is currently synchronising.
Stores and retrieves directories.
Wraps
DirectoryDao calls in a Transactional.Utility class for
DirectoryEntity.Helper class with some example data corresponding to setup from
RestTestFixtureHelper class transforming directory entities between different formats.
Represents a directory entity.
Helper interface to resolve entities by name.
Interface for various user searches.
An Event that represents any operation on a
Directory
going via the DirectoryManager.A representation of a per-directory group
Non-persisted implementation to return to the service layer
Deprecated.
Use
ImmutableDirectory instead.This action handles the setup of an import from one directory to another.
An Importer that manages moving users, groups and roles from one directory to another.
Acceptance tests for the directory based importer.
Directory information for users that are consuming licenses in the product.
Data access object for
DirectoryInfoLoads an implementation of a
RemoteDirectory for use at runtime
by the Crowd security server.Exception when a
RemoteDirectory implementation can not be loaded
by a Directory.Create a default internal directory during setup.
A service interface providing:
Directory CRUD Operations
Token Operations
RemoteDirectory User Operations
RemoteDirectory Group Operations
RemoteDirectory Membership Operations
RemoteDirectory Bulk Operations
Helper class for
DirectoryManager search methods.This mapper will handle the mapping of a
DirectoryImplThis mapper is expected to import legacy Directories AND populate the oldToNewDirectoryIds map.
Deprecated.
Use
ApplicationDirectoryMapping instead.Represents a DirectoryMapping entity.
Contains a list of
DirectoryMappingEntitys.Thrown when a directory mapping could not be found for the given pair application and directory ids.
An
Iterable view of the memberships of a collection of named groups, backed
with individual calls to a RemoteDirectory.Allows monitoring remote directory mutations.
Thrown when a directory is already being monitored.
Signifies an error during the creation of a DirectoryMonitor instance.
Deprecated.
Since v3.0.0.
Updates scheduled jobs related to directory synchronization, based on the current directory configuration.
Handles scheduling
DirectoryMonitorRefresherJob when the application is first started, restored, or when the
directory configuration changesError registering directory monitor.
Thrown when a directory could not be found
Represents a generic directory object returned from a membership related endpoint.
TypeIdResolver for
DirectoryObject instances.Thrown when a
RemoteDirectory does not have the
permission set to perform an operation such as add/modify/delete verses a
group/principal/role.Allows polling for remote directory mutations.
Manager for adding and removing DirectoryPollers.
Contains properties for
Directory.Defines query and results filter that should be run for a given directory.
Represents an Directory management resource.
Builder utility extending the base class
RuleBuilder specifically for Directory related ValidationRuleAnalytics event thrown after receiving a
RemoteDirectorySynchronisationFinishedEvent.Simple object to store synchronisation information for synchronisable directories
Storage for directory synchronisation information.
Deprecated.
Information of a directory synchronisation round.
Represents information about synchronisation status.
A DAO to store synchronisation progress and results
Implementation of
com.atlassian.crowd.model.directory.DirectorySynchronisationStatusResponsible for storing and obtaining directory synchronisation tokens
An object that synchronises a
SynchronisableDirectory with a cache.An implementation of a
DirectorySynchroniser.Default implementation for
UserCapabilities.Represents a subset of context that should be used for Directory Validation
Represents Validator which validates
Directory implementationsRepresents the factory for creating
Validator instancesJunit rules which disables SSL certificate validation.
Service for handling dismissible messages in Crowd console.
Tests the DMZ configuration of the Crowd application.
This class is used to normalise DNs so that equivalent DNs will be transformed into equal strings.
A cache key formed by two Strings.
DuplicatedEmailAddressException indicates NameID email is used, and authenticating user e-mail address is also assigned to other users than authenticating one.
An extension to the standard ProviderManager implementation
of the AuthenticationManager wich allows adding and removing
provider managers at runtime.
An extension to the standard ProviderManager implementation
of the AuthenticationManager which allows adding and removing
provider managers at runtime.
Validates email address(es).
Collects count email authentication failures.
Event containing aggregated count of e-mail changes performed by end-user in Crowd console during period of time
from last statistic collection.
Emitted when end-user successfully changes their e-mail by using a link with a token that Crowd send them.
Used to change e-mail of a user in a way that they need to prove that they have access to the e-mail they're trying
to change to.
Represents an email message
Thrown when emails scan failed to run.
Collects count email authentication failures.
Marker interface for Embedded Crowd Analytics Events.
An implementation of PropertySet that is backed by Embedded Crowd.
This class is now an alias for
EmptyStringUserType
from the atlassian-hibernate-extras library.Translates a clear-text password into an encrypted one if it isn't already encrypted, using the encryption method
specified by the directory settings.
Manager for in-database passwords encryption.
Encryptor can be used to encrypt / decrypt passwords.
Endpoint test action to ensure that the endpoint protection is working correctly
An encoder which passes a non-encrypted
PasswordCredential's credential through untouched, but throws an
exception for every already-encrypted (i.e.Will compare one directory entity to another by Name (case-insensitive)
Utility class for entity expansion.
Uniquely identify an entity in Crowd based on
the EntityType and name.
Translates between REST entities and
com.atlassian.crowd.model classes.Translates between REST entities and
com.atlassian.crowd.model classes.There are three types of entities: users and groups.
Base class for any entity that can have attributes.
Base class for events containing single enum.
Replaces the database configuration with the one specified in environment properties if a complete database configuration
is provided as environmental variables.
Utility class for checking information about the environment.
A filter for ObjectGUID attribute.
Error action that populates a webwork action with Johnson Events
Represents an error.
Represents an error.
Deprecated.
Unable to process the event.
Crowd Events Resource.
Represents an event store, which can be used to store events.
Thread-safe
EventStore implementation that uses main memory as a
backing store.Used as a marker to indicate that a changed happened, that prevents creating an event stream from before the
tombstone timestamp, either for the specific directory, or for the entire instance
Thrown when an event token is either not recognised or has expired.
Helper class transforming list of
OperationEvent in context of an Application.Holder representing complete set.
Utility class transforming lambdas with checked exceptions to lambdas without exceptions.
This class represent an exclusion filter for dependencies.
This has a thread local that contains the current
RequestContext.ExecutionInfoNameClassPairCallbackHandler<T extends org.springframework.ldap.core.NameClassPairCallbackHandler>
This
NameClassPairCallbackHandler counts the executions and provides information about the search result's name
and attributes, if the NameClassPair was a SearchResult.Helper test rule for running multithreading tests.
This represents a token with a limited lifetime, associated with a user (by email address and/or username).
DAO for
ExpirableUserTokenHibernate backed implementation of
ExpirableUserTokenDaoService for handling expirable user tokens
Thrown when the credentials have expired.
Event published when user downloads licenses usage on application view (csv file)
A group action strategy that compares the remote group with a local group matched by external id.
Maps the externalId attribute.
Event for reporting external links clicks.
Servlet that redirects to the external link.
Interface that maps identifiers to the external links and fires events.
Provides utilities for dealing with failed synchronizations
Interface to be implemented by directory implementations that can compute counts fast.
Exception raised due to usage of a explicitly disabled feature
Class providing information whether given feature is enabled.
Generic event class for denoting that the feature was disabled.
Class providing information whether given feature is enabled.
Exception related to feature being inaccessible due to licensing conditions
Read-only directory connector for FedoraDS running the Posix schema.
Specifies the properties that should be fetched from Microsoft Entra ID
Field validation error, as used by BaseAction.applyFieldErrors().
Used to serve File from crowd, for a given number of strategies.
A class that contains utility methods for formatting the size of files into human
readable form.
Detects if a given license is forged.
Helper class to perform mailing tasks for forgotten login.
Manages functionality related to retrieving forgotten usernames or resetting forgotten passwords.
Runs tests from crowd-functest-plugin, using https://bitbucket.org/atlassian/functest-plugin
Invoked by crowd-test-runner in the 'functest' profile
See Converter interface for details.
This class is now an alias for
GenericEnumUserType
from the atlassian-hibernate-extras library.Generic LDAP connector.
A generic mapper that contains helper methods and attributes to
map domain objects to database objects and vice-versa.
This syntax should be standard SQL.
Represents a Microsoft Graph object that may have been removed from Microsoft Entra ID.
Represents a group fetched from a Microsoft Graph delta query.
Represents a collection of groups returned from the /groups/delta endpoint.
Represents a membership obtained from Microsoft Entra ID.
Represents metadata about an object's removal from Microsoft Entra ID.
Represents a mapped result from a Graph delta query.
Represents a user fetched from a Microsoft Graph delta query.
Represents a collection of groups returned from the /users/delta endpoint
Represents a collection of directory objects, returned from the members and memberOf navigational property endpoints,
which may be either of the generic
DirectoryObject type or more concrete typesRepresents a group returned from the /groups endpoint
Represents a collection of groups returned from the /groups endpoint
Represents a group returned from a membership related endpoint
Represents a user returned from a membership related endpoint
Represents a query to the Microsoft Graph API.
Represents a user returned from the /users endpoint
Represents a collection of users returned from the /users endpoint
Represents a group.
Represents a group.
A handler for deciding what action to perform on a group fetched from a remote directory during the synchronisation
process
Checks, assigns and revokes access to administer groups by other groups and users
Implementation of
GroupAdministrationConfigurationService which only works for cached directories and usersManages persistence of group administration grants for groups
A class which inheritors can extend to create mappings of some entities to groups they can be administrators of
Listens to events related to group administration configuration changes and stores them in the audit log
Allows clients to check group permissions of users
An Event that represents the deletion of an attibute against a
GroupAn Event that represents the creation of a atrributes against a
GroupComparator for a Group.
Supplies re-useable methods for equals, hashcode and compareTo that can be shared with different implementations of
Group in order to be compatible.Translates information returned from an LDAP directory into a
LDAPGroupWithAttributes
implementation of Group.An Event that represents the creation of a
GroupAn Event that represents the removal of a
GroupRepresents a Group entity.
Represents a Group entity.
Expands a GroupEntity from its minimal form to the expanded version.
Contains a list of
GroupEntitys.Contains a list of
GroupEntitys.Utility class for GroupEntity.
Represents an administration mapping of group to group
Represents a resource for managing group-level administrators.
Class generating Group Level Admin analytics.
Helper class for corresponding collector.
GroupMapper that will map a row of data, eg.
This mapper will handle the mapping of a
Group.Deprecated.
Access group mappings through
Application.getApplicationDirectoryMappings() instead.Deprecated.
Listener triggered on group membership changes.
Deprecated.
Use
GroupMembershipsCreatedEvent instead.Deprecated.
Use
GroupMembershipsDeletedEvent instead.An Event that represents the creation of one or more Principal/Child Group to Group membership(s)
The event will be emitted once for each parent, and can contain a number of children added.
An Event that represents the deletion of one or more Principal/Child Group to Group membership(s)
The event will be emitted once for each parent, and can contain a number of children deleted.
Thrown when the specified group could not be found.
Thrown when the specified group could not be found.
Utility class for
GroupController for the Group resource.
A set of querying across a collection of active directories.
Represents a resource for managing groups.
Note that this test class is reused in JIRA via inheritance.
A publicly mutable Group implementation.
Mutable group template with mutable attributes.
Represents attributes of a group.
Represents the type of a Group:
GROUP: group used to determine authorisation.
LEGACY_ROLE: group representing pre-Crowd 2.0 "Role".
An Event that represents the updating of a
GroupCache of retrieved LDAP group/user details.
Represents a group with attributes.
Represents a group with attributes.
Represents a group with members (but not all custom attributes).
Represents a new or modified group for incremental synchronisation.
Util for GUID (externalId) transformations
This tests checks the headers of the response when
the client has Accept-Encoding: gzip.
Hibernate 5 version of the
BatchFinder.The Hibernate 5 implementation of the batch processor runs each collection in a new session, and each batch in
a separate transaction.
This is the Hibernate 5 implementation of the batch processor.
Hibernate 6 version of the
BatchFinder.The Hibernate 6 implementation of the batch processor runs each collection in a new session, and each batch in
a separate transaction.
This is the Hibernate 6 implementation of the batch processor.
Equivalent to pre-Crowd 3.1 hibernate type "bigint"
Equivalent to pre-Crowd 3.1 hibernate type "binary" (which is Types.VARBINARY)
Generic persistence class for storing Hibernate persistence objects.
Equivalent to pre-Crowd 3.1 hibernate type "double"
This context wide logging filter suppresses Hibernate loggers which would log errors which happened during an SQL insert operation.
Hibernate specific batch operation abstraction, shared between hibernate 2 (Confluence) and 4 (Crowd).
Provides information about local and shared home directories.
Defines an interface that allows the host application to control the behaviour of the Crowd API.
A reusable batching helper for HQL queries using "in" clause with a list of parameters.
Translates implementation agnostic Queries into executable
Hibernate Query Language code.
Replaces UniqueConstraintSnapshotGenerator with one that can handle hsql 1.8 (CORE-2966)
Replaces UniqueConstraintSnapshotGenerator with one that can handle hsql 1.8 (CORE-2966)
Needs an extra level of indirection due to how liquibase handles replacements (it removes them based on being assignable
from the replaced class, so this class can't extend UniqueConstraintSnapshotGenerator, or it won't be picked)
Can't use a delegate directly due to having to access protected methods.
Represents a html message.
Abstraction for getting an
HttpClient.Servlet filter responsible for putting the current HTTP request and session in a thread local.
Analyzes the access type of servlet based on HTTP request.
Gets text messages that allow for i18n.
Configuration for the i18n helper.
This class behaves like a HashMap with lower-case String keys.
This class behaves like a HashSet with lower-case String values.
Maps an
IllegalArgumentException to a Response.Thrown when the current page is not what it should be.
Class represents information about image based on it's data URL
Immutable Application
An immutable representation of a
ApplicationDirectoryMappingA general purpose immutable implementation of the
Attributes interface.Concrete implementation of an audit log author
Concrete implementation of an audit log changeset
Builder for
ImmutableAuditLogChangeset.Concrete implementation of an object affected by an auditable event
Concrete implementation of an audit log entry
Used to aid in the construction of an ImmutableDirectory.
A general purpose immutable implementation of the Group interface.
A general purpose immutable implementation of the User interface.
Used to aid in the construction of an Immutable User object.
Web action to handle the import of Crowd data via XML
Where we build our Configuration for the CSV import
Classes that extend this interface will manage the import of users, groups and their memberships
from a given application (or file) into Crowd.
This exception represents that a configuration to a given Import was
invalid.
An exception that will represent an error thrown via the Importer code.
This factory will handle the responsibility of returning
an
ImporterDAO based on a given configurationMain implementation of the
ImporterFactoryHandles the importing of users, groups and memberships into Crowd.
The main implementation of the ImporterManager.
Denotes an event related to the data import process.
Is published when a data import is finished, regardless of its status
Is published when a data import is started.
A tool for providing the location for imported files, for example for the CSV importer.
Thrown when the account is inactive.
This class represent a dependency that is scanned for dependencies to be included in the project.
Code based on: http://jira.springframework.org/browse/LDAP-176
To fix: http://jira.atlassian.com/browse/CWD-1445
Utility class that helps with reading all attribute values from Active Directory using Incremental Retrieval of
Multi-valued Properties.
Stores information about synchronisation status in the database
A persistent implementation of the
DirectorySynchronisationTokenStore that uses the database for token
storageAn in-memory
MembershipSearchStrategy which aggregates memberships across multiple directories.Deprecated.
An
UserSearchStrategy and GroupSearchStrategy implementation which merges results in-memory.A in-memory
MembershipSearchStrategy which only return memberships associated with the canonical users directory.Accepts every certificate
Select and set (in crowd.cfg.xml) the installation type
for the setup:
New Installation
Upgrade from XML Backup
Upgrade from existing Database
See CrowdSetupPersister for more information
regarding the flow of the setup process with
respect to the installation type.
An interface to easily instantiate objects from classes.
Handles insufficient access when accessing HTTP resource.
Extends AuditService for operations like removing stale entries, etc
Describes a scheduled, once-per-cluster job as saved in Crowd's database.
Internal directory connector.
InternalDirectoryEntityHibernateDao<T extends InternalDirectoryEntity<U>,U extends InternalEntityAttribute>
Superclass for DAOs that deal with
InternalDirectoryEntity, it has common logic for operating on attributesThis is the internal front-end of a delegating directory.
Extends the Group interface with "isLocal".
An extension of
DirectoryInstanceLoader specialised for Internal Directories.Loads an implementation of a
RemoteDirectory for use at runtime
by the Crowd security server.Instantiates the active
PasswordConstraint's
for a directory based on the directory's attributes.Internal Directory utility.
Deprecated.
since 3.6.0.
This class can be used to hold data for performing an XML import.
Represent a token that can expire for a user
Encapsulates the concept of group.
Encapsulates the concept of group attribute.
Persistance methods necessary to modify an
InternalDirectory
group.Manages internal group creation and mutation.
Encapsulates the concept of group which has attributes.
Loader for directories that work by caching/mirroring some remote directory in the internal repository.
An internal, node-local scheduler.
Encapsulates the concept of membership.
Manages persistence of
InternalMembership.A marker interface to show that a password encoder is supported by Crowd's Internal Directory.
Internal API for storing and retrieving Crowd server properties.
This interface represents a specialised extension of
RemoteDirectory that is used by InternalDirectories.Encapsulates the concept of crowd user.
Encapsulates the concept of user attribute.
Encapsulates the concept of user credential record.
Manages persistence of
User.Manages persistence of InternalGrantedPermission at the explicit / direct permission level.
Encapsulates the concept of user which has attributes.
Thrown when the attempted authentication is not valid.
Thrown when the authenticated token is invalid.
Thrown when provided invalid (including expired) change e-mail token.
Thrown when the supplied credential is not valid.
Thrown when a Crowd client is not communicating with a valid Crowd service.
Thrown when the email address is not valid.
InvalidEmailAddressFormatException indicates NameID email is used, and authenticating user e-mail address is in invalid format.
An exception to denote an invalid application/embedded group.
Thrown to indicate an invalid model group.
Thrown when a user tries to create a Nested Group membership that is not valid.
Maps an
InvalidMembershipException to a Response.Thrown when an invalid reset password token is provided.
Thrown when an invalid role is provided.
Thrown when an invalid token is provided.
Maps an
InvalidTokenException to a 401 (Unauthorized) status.Service for handling invite user tokens
Returns true if the Application is of type
ApplicationType.PLUGINA
Condition that is true if the instance is running in Data Center mode (DC + clustering enabled)Condition which evaluates to true if Crowd is run with Data Center license.
A
Condition that is true if the instance is running with Data Center licenseCondition which evaluates to true if Crowd runs with JRE 8.
Caches the instances of JAXBContext for each entity class for performance reasons
as suggested by the JAXB docs.
This class represents the properties required to connect with a database,
specifically the details for a JIRA, Confluence or Bamboo database.
Utility class for JNDI LDAP Connection Pool, helping with setting system properties and initialising the pool.
A helper class to allow for scheduler service jobs to be defined in spring XML
Represent pair of private key and x509 certificate
Encodes and decodes byte arrays to/from base64
A task executor that discards tasks if there is another existing task with the same key queued for execution.
Test CSV import of 1000 users, 100 groups and 5000 members.
Deprecated.
since 5.1.6.
Encodes and/or encrypts a given
PasswordCredential to the value expected by a particular directory connector.Contains methods specific to LDAP directories.
This component is responsible for publishing information about LDAP directory deletion/deactivation to other nodes.
Marker interface for the LDAP Directory instance loader.
Loads an implementation of a
RemoteDirectory for use at runtime
by the Crowd security server.A composite map of ObjectGUID to DN and DN to Name.
This SocketFactory needs to call
SSLParameters.setEndpointIdentificationAlgorithm(String) to enable LDAPS hostname
verification.A password encoder which uses MD5 algorithm and supports an Ldap version via having a label of "{MD5}"
preappended to the encoded hash.
Represents an error when parsing a String into a CrowdLdapName (i.e.
A marker interface to show that a password encoder is supported by LDAP based
directories.
This class is a helper class that contains all configuration and implementation information for LDAP
This configuration data is pulled from property files on the classpath in the format
ConnectorClazz.properties
This class is a helper class that contains all configuration and implementation information for LDAP
This configuration data is pulled from property files on the classpath in the format
ConnectorClazz.properties
Allows LDAP directory connectors to obtain LDAP settings, such as directory-specific names for RDNs.
The LDAPQueryTranslater: - Does not support searching based on GroupTermKeys.GROUP_TYPE: this cannot exist as a
search restriction.
The LDAPQueryTranslater:
- Does not support searching based on GroupTermKeys.GROUP_TYPE: this cannot exist as a search restriction.
Enum class for LDAP security modes.
This class uses the
LdapShaPasswordEncoder to specifically add
salt to the SSHA if it has not been provided.Information bean for building the UI configuration screen.
Maps an LDAP
Attributes object to the Crowd {User} object type, and vice versa.Test utility class for restoring LDIF to the embedded ApacheDS server.
Parses and formats dates using the date format used in Crowd before 3.3.0.
Page object implementation for the LoginPage in Crowd.
Pretty much a copy/paste of LegacyXmlVerifier - just that info is taken from database instead of XML document
This class holds references that can be shared across other importers should the need arise.
A Mapper that will handle the import a Domain object, or any object from
legacy (Crowd v1.x) XML into the datastore.
Responsible for verifying the correctness of a legacy XML backup.
Responsible for verifying the correctness of a legacy XML backup.
A Filter to check if the license is valid.
This setup action is not spring-injected.
User that is consuming license in product.
Data access object for
LicensedUserDefines constraints for the search query.
Deprecated.
System event that runs calculating the total number of resources are being consumed verses the license resource
limit.
This event will be used if a Crowd instance is nearing its resource limit.
Will send an email to the Crowd Administrator letting them know that they are reaching their
license limit (within 90%).
Allows interacting with the license for the Crowd Server
Deprecated.
Deprecated.
A cluster event publisher that publishes a message when the license is updated on one of the nodes.
A cluster message listener that listens for license update messages and reloads the license from crowd.cfg.xml
Indicates that the license was updated
Deprecated.
Some global information about application licensing.
Data access object for
LicensingSummaryEvent for licensing tab view.
Wrap a
NamingEnumeration and only return up to a limited number of elements.Helper for creating URI links to resources.
Handles creating and upgrading the schema by running liquibase changelogs.
Code copied from: http://jira.springframework.org/browse/LDAP-176
To fix: http://jira.atlassian.com/browse/CWD-1445
NOTE: This class has to be constructor injected since it's the only way moduleFactory can be set at its parent.
Helper class to create expiring maps.
Application-aware local authentication provider.
Manages local group creation and mutation.
Implementation of
DirectoryEntityResolver with local in-memory cache.A Log4J 2 appender which is aware of when the crowd.home property is set and will switch logging from the console
to within the crowd.home directory.
Logs audit events.
This class represents an update to the logging configuration.
Represents a logging configuration entry, corresponding to a Class or Package mapped to a Level.
Event containing aggregated number of users that authenticated using their email instead of username.
Specialized filter to prevent CSRF attacks against the login url.
Input data for REST login endpoint.
This class represents an update to Crowd's look and feel configuration.
Tests that mixed case user and group names are converted to lower case in REST API responses when the lowerCaseOutput
attribute of an application is set to true.
Represents a mail configuration
The service for interacting with the mail configuration
Represents a Mail Server management resource.
A specialized RuleBuilder for mail server rules
Used to manage session attributes when performing first time OAuth2 authorization.
Text macros used by
MailTemplateRenderer to dynamically generate values for emails sent by Crowd.Simple renderer, which naive substitutes macros into supplied values.
A wrapper around the JavaMail
Transport class that handles the creation/closing of the Session.Handles the construction of a
MailTransport appropriate for the given SMTPServerCalculates different entries for two
Map<String, Object>.A Mapper that will handle the import and export of a Domain object, or any object from XML into the datastore
and vice-versa.
Utility methods for masking data.
Details of the direct members of a single group.
Something went wrong while iterating over a collection of
Memberships.Thrown to indicate that a membership cannot be added because it already exists.
Membership cache implementation.
DTO class representing a membership relationship.
Utility class for checking the type of a directory object
MembershipMapper that will map a row of data, eg.
This mapper will handle the mapping of a
Group.Used to denote that a particular USER-GROUP or GROUP-GROUP membership
does not exist.
Used to denote that a particular USER-GROUP or GROUP-GROUP membership
does not exist.
A set of querying across a collection of active directories.
Represents a component which manages memberships for groups as per available permission
Type of membership relationship.
Hibernate Operation to merge entities in batch
Hibernate Operation to merge entities in batch
Microsoft Active Directory connector.
Represents a token used for change tracking with a Microsoft Entra ID delta query.
Represents a query parameter used by the Microsoft Graph API
Deprecated.
Translates Crowd queries into filters used by Microsoft Graph.
Thrown when encryption key has not been found in the file system or the default key is not set.
Helper class to setup data for membership queries
MembershipQuery.Creates a proxy server, that allows verifying expected calls and returning expected responses without calling the
remote server.
Improved version of
MockServerRule:
It does not find new free port if perTestSuite is set to true.Test Case that modifies the application-permission for directory mappings
Handles authenticating to Microsoft Graph using the MSAL library
Creates an
MsGraphApiAuthenticatorA custom precondition that verifies if index exists on MSSQL.
Validator that checks database settings specific to Microsoft SQL Server database.
An extension to
EventPublisher that allows special handling for sets of many events sent at the same time.Simple functional interface providing directly related (either parents or children) groups of multiple groups.
Represents a multi-valued attribute.
Represents a multi-valued attribute.
Contains a list of
MultiValuedAttributeEntitys.Contains a list of
AttributeEntitys.Expands an
MultiValuedAttributeEntityList.Concrete implementation of Attributes interface for multi-valued attributes.
Interface supporting searches with multiple values to match.
Validator that checks database settings specific to MySQL database.
This class is a light-weight version of DirContextAdapter, holding the name (distinguished name) and corresponding
attributes for a directory entry.
Represents NameID formats supported by Crowd.
Helper class for name related operations on entities.
Maps the name and externalId attribute.
Cache provider for
CachedMultipleGroupsProviderClass simplifying iterating over nested groups.
Thrown when a user attempts to add a group to another group in a Directory that does not support nested groups.
Provides directly related groups (e.g.
Builder class for
NestedGroupsProviderNo security access checker.
Deprecated.
Adds node information header to every response when running DC
Used when a fatal error in the node configuration or operation is detected.
Adds a johnson error on node panic.
A
MembershipSearchStrategy for an application with no active directories associated.A glue class to translate between Guava and Java collection APIs.
A Webhook health strategy that imposes a limit to the number of consecutive failures for at least some time.
Workaround https://liquibase.jira.com/browse/CORE-2692 - report that hsql older than 2.0 doesn't support schemas
Indicates that the method decorated with this annotation would not have a default transactional context created by
CrowdXWorkTransactionInterceptorA no-op implementation of the audit log context that will execute the passed action.
An AuditProcessor imolementation that does no audit logging.
No-op implementation of
AuditService, to be used by products embedding Crowd.An implementation of
BeforeGroupRemoval which does nothing.Dummy implementation used when running in non-clustered mode.
A no-op implementation of
DefaultGroupMembershipService, meant to be used in productsA marker interface for events that internal listeners may ignore.
A no-op implementation of InternalUserPermissionDAO, to be used by products embedding Crowd - these don't use
Crowd's permission infrastructure.
A convenience implementation of password score service that always returns
PasswordScore.VERY_STRONG, intended for use by products which do not intend to
implement PasswordScoreService in a meaningful way.A special noop event fired when the user requests their password to be reset.It is used instead of
RequestResetPasswordEvent
to avoid sending emails, e.g.An implementation of
TokenLockProvider which doesn't do any lockingA NOP implementation of WebhookDAO.
This filter is used to add default response to 404 emtpy responses without one.
Holder representing empty set.
Novell eDirectory LDAP connector.
Signifies that there are no restrictions.
Represents a null (no) restriction entity.
Represents a null (no) restriction entity.
Implements a a NullRestriction interface.
Denotes that the LDAPQuery could not be formed because
the query would result in a null result (empty collection).
Maps the objectGUID on an entity.
Thrown when an entity is not found.
Maps the primaryGroupId of a user.
Represents an $expand query parameter used by Microsoft Graph.
Represents a $filter query parameter used by Microsoft Graph.
Represents a $select query parameter used by Microsoft Graph.
Represents a $top query parameter used by Microsoft Graph.
Utility class for working with OpenAPI objects.
Serializes the entries of a map in a sorted order.
Represents an error when executing an operation on the remote directory failed for some reason.
Thrown when an operation failed for some reason.
Thrown when the operation is not permitted.
Checked exception thrown if the requested operation is not supported.
Represents the type of operations allowed to be performed on a directory.
Optimized implementation of
CanonicalityChecker.Helper class constraining results according to the start index and maximum results.
Factory for the PackageScannerConfiguration to provide the scanner with Crowd's version number on startup.
Represents a pageable list of results obtained from an Microsoft Entra ID delta.
Represents a pageable list of results obtained from Microsoft Entra ID.
Interface for iterating over search results with paged approach.
Default implementation of
PagedSearcher.Indicates that paging is not supported for the given type of query and directory setup.
Utility class for paging related tests.
A simple type to represent a pair of objects.
Will check a given Context for the existence of a list of parameter names
If all are present, shouldDisplay will return true
Specialises XmlMapper for mappers that take into account just a subset of the directory types.
Has the responsibility of instantiating the active
PasswordConstraint's
for a directory.Password based authentication information.
Defines the operations and requirements for a class that needs to handle password
operations in Crowd
An exception that is thrown if we have failed to encrypt a password
with a given PasswordEncoder
This factory manages the getting of a PasswordEncoder, based on given encoder key
such as 'MD5', 'SSHA', 'SHA', "PLAINTEXT, "DES"
Module descriptor that handles creating PasswordEncoder plugins
NOTE: This class has to be constructor injected since it's the only way moduleFactory can be set at its parent.
This exception is thrown if no
PasswordEncoder is found when a lookup
is done on the PasswordEncoderFactoryRepresents a password entity.
Represents a password entity.
A job that sends email notifications about password expiry for users whose passwords will soon expire.
Various password helper methods.
Password policy configuration for an internal directory.
Data object for a Password Policy Configuration Analytics Event
Preset for PasswordPolicyConfiguration object
Collector for Password Policy Analytics Events
Listens to directory events that may affect the authentication credentials or the ability to reset a password
and invalidates the password reset tokens for affected users.
A rating of a password based on estimated difficulty of cracking by some
PasswordScoreService.Analyses passwords to provide an estimate of their strength.
Tests for Tomcat path traversal "..;".
Helper class generating path with traversal.
Used to print percentages to log messages.
Permission Exception this Exception will handle Exceptions to do with CRUD operations
on Applications, Directories etc.
Permission Manager for Crowd to validate Directory Permissions and
Application-Directory permissions.
Implementation of the
PermissionManager.Options in the UI for different types of permission configurations for an LDAP directory.
A DirectoryGroup with a corresponding UserPermission.
Convenience implementation (non persisted) to return to the service layer
Schedules and runs per node statistics collection.
Persistence related exception.
This password hash generator mimics the PKCS5S2PasswordHashGenerator, but utilizes SHA-2
Encodes passwords using PKCS 5 version 2, as published by RSA and implemented in BouncyCastle.
A plaintext password encoder
ActionConfig that contains a reference to its parent
plugin.
An Spring autowiring object factory that uses the classloader
of the of PluginAware action configs to load and wire up
the action class.
Appends data about plugins to their struts configuration
Listener for cluster events related to plugin system.
Sends messages across the cluster for specific plugin events.
Utility class to access OSGi components publicly exported by plugins.
This class provides the location of the plugin directories, in particular the plugins and bundled plugins
(in JAR format) and the plugin cache.
Represents the type of a plugin operation that has been performed.
Represents a plugin operation (plugin enabled, disabled, etc)
Manages plugin properties.
Holds data about the decorator override.
Implementation of
ResourceBundleProvider that looks for resource bundles defined in plugins.Resource for managing plugin settings.
Simple utility class to poll and wait for conditions.
Model class holding config of cached directory polling.
Maps the primaryGroupId of a user.
Captures various server properties of the crowd server.
Property Values are accessible via
UserTermKeys,
GroupTermKeysPersist
property objects.Represents a property entity.
Represents a property entity.
API for storing and retrieving Crowd server properties.
Error accessing property.
This mapper will handle the mapping of a
PropertyRestriction on a search based on a property of type T.
Represents a property restriction entity.
Represents a property restriction entity.
Property type service.
Implements a PropertyTypeServiceImpl.
Factory methods for creating Property objects.
PropertyUtils class to enable the writing back of Properties
Provides set system proxy settings.
Utility class simplifying creation of proxy objects.
Represents a search query for user management.
Used to inspect search queries to determine if they
are executable on LDAP implementations.
Recommended convenience class to build queries.
Utility class for executing split queries and merging results.
Type of membership query.
Code copied from: http://jira.springframework.org/browse/LDAP-176
To fix: http://jira.atlassian.com/browse/CWD-1445
Attribute name Range Option used for Incremental Retrieval of
Multi-valued Properties.
Thrown when a directory is asked to modify a group or its memberships
which cannot be modified.
A test class that looks at the license resource count for Crowd
Raised when recovery mode in Crowd has been activated, usually at, or close to the initialization time of
the application.
An extension of
ApplicationServiceGeneric that supports recovery mode.Overrides
DirectoryManagerGeneric to provide recovery-mode aware behaviour.A
Directory implementation that holds a single in-memory user for recovery purposes.Proxy directory that adds a temp admin account to Crowd and allow admin to login to recover from a broken deployment.
Internal service that provides access point to Crowd's recovery mode.
Resource for managing remember-me configuration in Crowd
The expired remember me token reaper removes expired
tokens from the crowd database.Represents a valid IP address (IPv4, IPv6) or hostname for an Application
Represents a RemoteAddress entity
Represents a set of
RemoteAddressEntity.A concrete implementation of the CrowdAuthenticationProvider that uses
the crowd client libraries to communicate with the Crowd server.
A
RemoteDirectory that allows integration with a remote Crowd server.Marker interface for the RemoteCrowdDirectory instance loader.
Loads an implementation of a
RemoteDirectory for use at runtime
by the Crowd security server.Gateway to perform operations on the physical remote directory.
A simple implementation of CacheRefresher that will only do "Full Refresh".
An event that models an event occuring on a Remote Directory.
This event is analogous to
RemoteDirectorySynchronisedEvent, however it's published when a directory
synchronisation fails.Superclass for events thrown when a directory synchronisation finishes.
This event is designed to be thrown by a
SynchronisableDirectory
after it has completed synchronising its cache.A tag to denote a RemoteDirectoryEvent that is
related to groups.
A tag to denote a RemoteDirectoryEvent that is
related to principals.
Test the removing of an application
Test the removing of a directory
Removes internal permissions from group so that it can be deleted without
violating any foreign key constraints.
An operation to remove a group and its related information such as members, memberships, and attributes.
An operation to remove a group and its related information such as members, memberships, and attributes.
Stops displaying of any links where the username/directoryId matches that of the currently authenticated user.
An operation to remove a user and its related information such as memberships and attributes.
An operation to remove a user and its related information such as memberships and attributes.
This takes care of invalidating a user's session after their password is changed.
A helper for managing local plugin copies.
Hibernate Operation to replicate entities in batch
Hibernate Operation to replicate entities in batch
Test the textual representations of entities used by the REST resources.
Threadlocal for caching objects that must survive the whole HTTP request.
Servlet filter for initialising and cleaning up the RequestCacheThreadLocal.
Contains info about the currently executing
HttpServletRequest and HttpServletResponse.An event fired when the user requests their password to be reset.
Listener responsible for handling
RequestResetPasswordEvent's
by sending an email to the user, letting them know their new password.Maps request paths (Ant format) to application
names.
Maps request paths (Ant format) to application
names.
An event fired when the user requests their usernames to be sent to their email.
Listener responsible for handling
RequestUsernamesEvent's
by sending an email to the user, letting them know their new password.Indicates that the component or method decorated with this annotation will be checked for the Data Center license
Method level annotation for XWork actions to mark whether a particular action method invocation needs to be
protected by an XSRF token.
A simple ResetPasswordEvent.
Utility for resetting all ResettableTableHiLoGenerators used by the entities in the current metamodel
Interface for providers of
ResourceBundles.Will provide information about the location of the Crowd resource used to configure a Crowd
Client.
Generates self-posting form with the SAML response and relay state.
Failure handler for REST login endpoint.
Success handler for REST login endpoint.
Tests for /security/rest-login REST login endpoint.
This is the Crowd Client to access REST services on a remote Crowd Server.
Factory class for creating a new instance of CrowdClient using REST.
Tests the
RestCrowdClient.This factory can be used to access a lazily instantiated singleton instance
of CrowdHttpAuthenticator.
All REST acceptance tests should subclass this class.
This class provides primitive building blocks for using a REST API.
Common utilities for REST login.
Tests for /security/login endpoint that is supposed to return target URL (next) that the user wanted to navigate to
Example usage:
This interface represents a server which offers a Crowd REST service.
Filter which adds the REST service version to the response header.
This class represents and tracks just what happened via an import.
An aggregator across results from multiple queries that may include duplicates.
Utility class providing factory methods returning
ResultsAggregator.Determines how long the audit log entries are kept, before being removed
Handles raciness of
TokenAuthenticationManagerImpl by retrying authentications that fail due to a
concurrent authentication creating a token.Specifications for the
RetryRule.This class provides read-only support for the POSIX LDAP Schema (RFC2307)
Read-only, non-nesting implementation of RFC2307 user-group membership
interactions.
Read-write, nesting-aware implementation of RFC4519 user-group membership
interactions.
An
Iterable over group Memberships optimised for the case
where we already have all or some of the DNs and names of possible users and sub-groups.An iterable over RFC4519 directory memberships that assumes that it was supplied a complete list of users and groups
in the remote directory.
A generic memberDn mapper that will look for the 'member' attribute in groups.
A memberDN mapper that will handle both normal and ranged memberships attribute ("member" and "member;")
used in Microsoft Active Directory.
If the group has ranged memberships (Active Directory specific) this mapper will obtain
the offset - i.e.
Deprecated.
Deprecated.
Deprecated.
Deprecated.
Deprecated.
Builder class which facilitates creation of
ValidationRuleRule to run tests with provided dark feature values on the server side.
Rule to run tests with provides system property values on the server side.
Injects submitted form parameters into action properties.
Crowd's license details view for SAL.
This mapper will handle the mapping of a com.atlassian.crowd.model.salproperty.SALProperty objects
This mapper is here for legacy compatibility only, for releases of Crowd older the 1.6 that used SAL
integration (i.e.
Encryptor that delegates another Encryptor and adds to them the salting feature.
Thrown when user tries to change their e-mail to the same e-mail they already have.
Action responsible for servicing SAML
authentication requests.
This tests the SAML Authentication interaction but does
not rigorously examine the actual response message sent
back to Google.
Represents SAML configuration
Resource for SSO SAML configuration.
Tests for the SamlConfigurationResource resource
Contains constants used by Crowd when being a SAML Identity Provider
An exception class for when there's a problem handling SAML
messages.
A service for managing pairs of certificate and private key used in SSO.
A service for managing pairs of certificate and private key used in SSO.
Allows storing and retrieving SAML trust entities (certificates and private keys in PEM format)
This mapper will handle the mapping of a
SAMLTrustEntityHelper class for creating parameters for parameterized tests
Parameterized.ParametersException thrown for scheduling errors for automated backups.
A marker interface for
SearchableTokenStorage that provides
transaction-wrapped access.A store that can accept arbitrary queries over the tokens.
Controller for the Search resource.
Search resource.
Note that this test class is reused in JIRA via inheritance.
Marker interface representing a search restriction.
Search restriction entity classes should extend this abstract class.
Search restriction entity classes should extend this abstract class.
Utility class to convert from a SearchRestriction interface to one of SearchRestrictionEntity classes.
Utility class to convert from a SearchRestriction interface to one of SearchRestrictionEntity classes.
Represents a supported value type.
Represents a supported value type.
Allows traversing a query's SearchRestriction, visiting each clause, and optionally mutating it's property restrictions.
Utility methods for processing search results.
A factory which may be able to create search strategies for a given list of active
directoriesEntry point to
SecureAccessFilterChain.Provide a flexible way to manage filter chain based on current user access level
Service which manages filter path.
Wrapper FilterConfig for
SecureAccessFilterAll filters that are fined here will be checked by
SecureAccessFilter.Generates a salt using
SecureRandom.Generates random
Strings by selecting characters from
an alphabet using a cryptographically secure PRNG.Declares behavior for annotated security checkers.
Context for security related data.
Decides which step in the setup process we
are up to.
Represents a result of sending a test email using MailManager.
A
Filter that disables all Seraph processing further along the chain.Server information resource
Represents the various components of a Servlet
Filter registration: filter, init-params, filter mapping, etc.An enumeration of Servlet
Filter definitions to be registered with the servlet container.A Spring
WebApplicationInitializer which registers and configures Filters.A Session represents an authenticated, time-bound information exchange opportunity granted by a server to a client.
A concrete subinterface of
BatchProcessor that reifies the Session generic.Represents a Session entity.
Represents a resource for managing current application and user sessions.
The token reaper is a scheduled processes that removes expired
tokens
from the crowd server.A store of session tokens, that may be created, retrieved and deleted.
Will update the JNDI LDAP connection pool system settings after the application started up.
It's a
Clock that can be set, for tests
Use applicationContext-testClock.xml to inject it into your tests and make it override the system clock.Ensure we don't try to hit the setup step after setup is complete.
Indicates that the Crowd setup is complete and the server is ready to serve requests
Setup Crowd test to be used in standard setup flow.
Base class containing steps for setup Crowd tests.
Setup Crowd test to be used in setup flow with database config pre-seeded with environment variables.
Convert back and forth between the binary and the String representation of SIDs.
Signs all assertions with the keys configured in
SecurityContext.Simple implementation of
CanonicalityChecker.Simplified version of
ObjectMapper that has following advantages over ObjectMapper:
It's fully thread-safe, as it uses ObjectReader and ObjectWriter which are immutable
Is not prone to performance problems under heavy load
Simple implementation of XsrfTokenGenerator that stores a unique value in the session.
Represents mappings of users and group to a particular group
Simple functional interface providing directly related (either parents or children) groups of a single group.
Currently the main purpose for overwritting the filter is to store the page object in the request so underlying
plugin web-items and sections can get access to the page properties and can perform conditional logic
Will return true if a context contains any of the available property values based on a
given property name.
POJO holding SMTP server config.
This class represents an update to Crowd's mail configuration.
Webwork tag to call a soy template.
NOTE: This class has to be constructor injected since it's the only way moduleFactory can be set at its parent.
Implementation tied to Spring.
This class implements a remote LDAP directory using Spring LdapTemplate.
This component deletes a Dynamic LDAP connection pool for a deleted/deactivated directory after receiving a cluster
message requesting removal of that directory's LDAP connection pool
Default configuration values for Dynamic LDAP connection pool.
Wrap a
CrowdLdapTemplate and perform all operations with the context
ClassLoader set to this class's ClassLoader.A dialect for MS SQL Server 2000 and 2005, which supports unicode characters (CWD-1070)
Extends
GenericLegacyTableQueries and overrides where SQL Server requires
different syntax.Analytics event published when SSO user logs in to an application.
Analytics event published when user sees the application SSO tab.
Event published when user sees the application SSO tab.
Listener transforming
SsoTabViewEvent into
SSOTabViewAnalyticsEvent once per day.Detects stalled synchronisations and reschedules them
Performs upgrades to Crowd based on the build in the database and the build number for the current version of Crowd.
Minimal Hibernate DAO operating with stateless sessions.
A concrete subinterface of
BatchProcessor that reifies the StatelessSession generic.This class is a convenience class to access a
CrowdService in a static way.Simple implementation of
ResourceBundleProvider that looks in fixed set of locations.REST endpoint to force statistics collection
Handles collecting a single set of statistics, and emitting the related analytics event
Interface for forcing collection of statistics.
This is a wrapper required to inject the list of
StatisticsCollectorRunner with HK2 in StatisticsCollectionResource.This class listens for events related to user and group changes and saves
them to
EventStore.String set tag evaluating the given expression against the stack in the default search order.
Default implementation of
TokenLockProvider, backed by Guava's StripedHelper class to map Struts actions to their underlying
AccessTypes and allow
easy and performant retrieval of the AccessType for a given action.Sun ONE / Sun DSEE Directory connector.
Builds a support information map from a bunch of fields.
Provides information for support about the configured directories.
Produces a String containing information about some aspects of the Crowd configuration.
Extends
TokenManager to allow switching between two TokenDAO delegates (in-memory and database).Proxies the concrete TokenDAO implementations, and allows runtime swapping between implementations, along with copying
of data between during swap.
Listens to application events and updates the SwitchableTokenManager if necessary.
A
RemoteDirectory that holds a local cache to remote data.Model for common settings for connector and crowd directories that can do synchronisation.
Constants representing synchronisable directory properties.
Allows configuring whether user groups should be synchronised when the user authenticates
Synchronisation modes for synchronising a directory.
Marks incomplete synchronization as failed for single-node instances.
Represents the i18n keys of synchronisation statuses
A utility class for marshalling and unmarshalling parameters for a
SynchronisationStatusKey.Relevant structure of Apache DS 151
Represents the JNDI LDAP connection pool properties which are set as system properties.
System properties.
Collects values of system properties
An implementation of
RecoveryModeService that activates recovery mode in presence of a system property that
is also used to configure the recovery user password.Interface to render a template into the output
An implementation of HomeLocator that is used for acceptance tests that depend on
having a Crowd home directory.
Allows modifying default proxy setting for the Crowd application.
Simple listener storing all incoming messages in memory.
Class that represents metadata about the Struts Action
Allows modifying system properties of Crowd Application.
Exposes REST API for testing purposes of SAL User Manager.
Represents a plain text email message.
Contains the state of the different thread locals in the application.
Service to access the application's ThreadLocal state.
An alternative to Java's
Function, that declares a checked exception.Simple utility class to record execution time.
A record of how long an operation is taking, for logging.
A class used for timing log messages.
A cluster-safe implementation of EventStore that uses the entity creation and update timestamp,
and the persisted tombstone information to create an event stream.
Some extra methods to add "created date" and "updated date" to Users and Groups.
Extends the Group interface with "updated date" and "created date".
Extends the user interface with "updated date" and "created date".
Deprecated.
use @
ImmutableToken instead.Performs token authentication for the user.
Manages persistence of
TokenAn in-memory implementation of the TokenDAO.
Thrown to indicate that the token has expired and is not valid anymore.
Responsible for the creation of
Token's this should be the
only way you create a Token for CrowdThe
TokenGenerator is responsible for generating tokens when a successful authentication has occurred.An Event that's fired when a
Token is invalidated.Handles the creation of a 'random' token key
A value object that describes the requested lifetime of a new Token.
Provides locks for tokens.
A marker interface for a
SessionTokenStorage that should be
used for token management.Thrown to indicate that the token does not exist in the server.
Deprecated.
use
AuthenticatedTokenQuery instead.Crowd SSO Token Resource.
Event reporting token storage type used by crowd.
Active Directory deleted object (tombstone).
Specific to Active Directory to map deleted objects.
Allows storing tombstones - persistent objects that denote a deletion of an entity or state.
DirectoryCacheFactory that returns DbCachingRemoteDirectoryCache instance
wrapped with TransactionInterceptor.
Marker interface for a
DirectoryDao that also provides transactional behaviour.{link
Executor} wrapper, that wraps executed code into a transaction.Wraps dispatching each atlassian-events event in a separate hibernate transaction.
Delays publishing any events if a transaction is active, until that transaction commits.
Marker interface denoting events that should be propagated immediately and eagerly, regardless whether a
transaction is currently active
A group of objects that are to be committed in one transaction.
Utilities for dealing with DB transactions.
This class is responsible for translating application specific usernames
(aliased usernames) to directory specific usernames (unaliased usernames)
and the other way around.
Manages the list of trusted proxies.
Handles the list of proxy servers whose X-Forwarded-For headers we trust.
TypeWithFallbackType<T extends liquibase.datatype.LiquibaseDataType>
Superclass for custom liquibase types adding additional behavior on top of existing ones.
Provides the interface for performing unfiltered User and Group operations in Crowd.
Failure because this API call is only supported by a later version of Crowd.
Maps an
UnsupportedOperationException to a Response.Action to handle updating configuration details for a 'Connector' based directory.
Action to handle updating connection details for a 'Connector' based directory.
Update Action specifically for Custom Directory Attributes
Update Action specifically for the Delegated Directory type
Update Action specifically for the Delegated Directory type
Update Action specifically for the Delegated Directory type
Action that handles updating the configuration for an Internal Directory
Allows configuration of logging and profiling.
Represents a Log4j Config entry, corresponding to a Class or Package mapped to a Level.
Action to handle the updating of Internal Directory Permissions
Action to handle updating connection details for a remote Crowd directory.
Removes an address from the list of trusted proxies.
Password encoder which provides a way to ask if the password should be re-encoded as it does not match the encoding
format of the most secure underlying encoder.
This manager is responsible for all things related to upgrades for Crowd.
An upgrade task for Crowd
This upgrade task will add a server id to crowd.cfg.xml if one has not already been set
This class will remove the cache time from the database if it exists.
UpgradeTask Setting the Hi-Lo value in the database if it has not already been set
This upgrade task will set all current Internal Directories
to be set to DES
This upgrade task will migrate all current Applications
configured in Crowd from using DES to using the Atlassian SHA1
encryption algorithm
Upgrade task responsible for adding a template for notifications sent to new users created in Crowd.
Upgrade task to add the gzip-enabled server property (true by default).
This task will add the default license user count to Crowd, '0'
Upgrade task to migrate the serverID from the
database to crowd.cfg.xml.
An upgrade task that removes the ldap.user.encryption attribute from directories that do not
need this attribute, currently this is everything that is not OpenLDAP.
An upgrade task that removes the ldap.user.encryption attribute from directories that do not
need this attribute, currently this is everything that is not OpenLDAP.
Makes sure that 1.3 and earlier directories, on upgrade, have an RDN added.
Upgrade task which migrates HSQL from MVCC transaction mode to read uncommitted transaction isolation level.
Update the description and application type for the Crowd, Demo and OpenID applications.
Adds "SSO cookie is NOT secure" preference to the database.
Add "displayName" property to LDAP (non-internal) directories.
Default existing AD directories to useMemberOfForGroupMembership = true, and all to useMemberOfAttribute = false.
Removes all existing Tokens.
Set "ldap.roles.disabled" - LDAPPropertiesMapper.ROLES_DISABLED - to false if it's not set.
Updates the 'use relaxed DN standardisation' flag for Directory Connnectors
to their defaults as defined in the standard property files.
Disables caching/monitoring if roles have been enabled.
Disabling roles for delegating directories
This upgrade task will migrate class names from the old com.atlassian.crowd.integration.directory.connector package
to the com.atlassian.crowd.directory package
This upgrade task will enable auto-create on auth for existing delegated authentication directories.
This upgrade task will enable auto-create on auth for existing delegated authentication directories.
Add default values for JNDI LDAP connection pool settings to the database
All LDAP directories now have caching enabled.
This upgrade task will switch internal directories using Atlassian SHA1 for user encryption to use Atlassian Security instead.
This upgrade task will populate
displayName and lastName
fields using firstName, lastName and name fields
for users with empty display name or empty last name in internal
directories.Updating the local column in cwd_group from null to false.
Upgrades the connector directories to include a
DirectoryProperties.CACHE_ENABLED properties set to
true.Upgrades directories having InternalDirectoryWithBatching as an
implementation class to use InternalDirectory class as an implementation
class.
Updating values for application remote addresses to allow support for IPv6
Upgrades directories to contain UPDATE_USER_ATTRIBUTE, UPDATE_GROUP_ATTRIBUTE and UPDATE_ROLE_ATTRIBUTE permissions.
Upgrades Active Directories to include a
SynchronisableDirectoryProperties.INCREMENTAL_SYNC_ENABLED attribute set to
true.Upgrades remote Crowd directories to include a
SynchronisableDirectoryProperties.INCREMENTAL_SYNC_ENABLED properties set to
true.Updates cached LDAP directories to include
com.atlassian.crowd.model.directory.DirectoryImpl.ATTRIBUTE_KEY_LOCAL_USER_STATUS set to true to
preserve the behaviour previous to CWD-995.Updates LDAP and delegating directories configuration by adding the User Unique Id attribute if absent.
Updates users in internal directories to assign them an UUID.
Crowd 3.2 introduces a new audit log event syntax where the event that an audit log represents is a combination of
an entity type (noun) and an event type (verb).
RFC 6265 states, about the domain name in the Set-Cookie header, that:
Represents a user.
Represents a user that exists in a directory.
Maps the userAccountControl on a user.
Helper class to manipulate the values of Active Directory userAccountControl attribute.
Aggregate event that contains the number of notifications sent to new users created in Crowd.
Used to signal that a user has been created, and they should be notified about it via email
Listener for
UserAddedNotificationEvent that maintains the daily count
of notifications sent to new users added in CrowdListener responsible for handling
UserAddedNotificationEvent's
by calling UserAddedNotificationMailer to send a notification email to the created user.Responsible for creating and sending email notifications to users created in Crowd
Manager class responsible for email notifications sent to new users created in Crowd.
Statistics collector for notifications sent to new users created in Crowd.
Manages persistence of group administration grants for users
Represents a group-level admin resource for users view.
Thrown to indicate that a user already exists in the directory.
An Event that represents the deletion of an attribute+values against a
UserAn Event that represents the creation of an attribute+values against a
UserPublished when user successfully authenticated to Crowd's console via their email address.
This event is published when a user has been successfully authenticated
to application.
This event is published when a user has been successfully authenticated
to application through SAML SSO.
The
UserAuthenticationContext is used to authenticate
users.Listener processing
UserAuthenticationSucceededEvent and UserTokenVerificationSucceededEvent events
and publishing analytics event SSOLoginEvent.This event is published when a user has successfully logged in to a
single-sign-on application.
Cache to determine whether a user is authorised to authenticate with an application.
Default implementation of UserAuthorisationCache in Crowd.
Manually handle username to authorities mapping, rather than depending on the groups they belong to
Provide authorities based on userPermission levels, rather than looking at GroupMappings
Details of which operations can be performed on a
user.Supplies re-useable methods for equals, hashcode and compareTo that can be shared with different implementations of
User in order to be compatible.A simple class to hold the Constants that are used on a
UserTranslates information returned from an LDAP directory into a
LDAPUserWithAttributes
implementation of User.Allows to describe what kind of attributes should be mapped during synchronisation
An Event that represents the creation of a
UserAn Event that represents the creation of a
User as a result of directory synchronisation.An Event that is fired when a user (principal) changes their password (credential).
An Event that is fired when a user (principal) attempts to change their password (credential) but it does not meet
the password criteria for the directory.
Responsible for verifying users credentials
Creates an
UserCredentialVerifierResponsible for the persistence and retrieval of
Users, PasswordCredentials and user attributes.Deprecated.
Listening on this event will degrade performance.
Deletes the appropriate Tokens when a User or Directory is deleted, or when a user is renamed.
An event that is published when user is edited
Event containing aggregated count of failed email authentication event counts.
An event which is published after a user's email address is updated
Event containing aggregated count of failed email SSO authentication event counts.
Represents a User entity (client side).
Represents a User entity (server side).
Expands a UserEntity from its minimal form to the expanded version.
Contains a list of
UserEntitys.Contains a list of
UserEntitys.Utility class for UserEntity.
This test tries to replicate the following scenario:
Given two
Represents an administration mapping of user to a group
A
Condition that is true if the current user is a group adminA
Condition that is true if a user is currently logged in.A
Condition that is true if the current user is a system administratorThis mapper will handle the mapping of a
User.Will map a row from a JDBC
ResultSet to a MembershipDTO.Adds username information header to every HTTP response
Thrown when the user is not found.
Thrown when the specified user could not be found.
This is primarily testing 2 things:
1.
All methods on this class require at least ADMIN permissions.
Thrown when a User can not remove permissions from a group specifically because doing so
would downgrade their own permissions.
Thrown when a range of permission based exceptions occur.
Check Crowd access permissions for users, eg SYS_ADMIN and ADMIN.
An Event that represents the renaming of a
UserUtility class for
UserController responsible for user management.
An Event that represents the deletion of one or more
Users.A set of querying across a collection of active directories.
Tests UsersResource.
Test CSV import of 10 users with user status mapping type set to VALUE_FROM_CSV and mapping display name
A publicly mutable User implementation.
Mutable user template with mutable attributes.
Predominantly used for the 'bulk' adding of users to Crowd.
Attributes of a user.
The expired token reaper is a scheduled processes that removes expired
tokens
from the crowd database.An Event that represents the updating of a
User
This is a generic event.General utility class for email related methods.
Combination of a User and the user's Attributes.
Represents a user with attributes that exists in a directory.
Retrieves the latest changes from MS Active Directory in order to allow "delta" cache refreshes.
Generic exception indicating the incremental sync has failed.
Maps the uSNChanged on an entity.
This utility class is used across the various servlets that make up the
SAML-based Single Sign-On Reference Tool.
Password validation request.
Represents a single error containing the field name and corresponding error message
Validation factors are used to construct a unique token when a
com.atlassian.crowd.integration.model.RemotePrincipal
authenticates with the crowd server.REST version of a validation factor.
REST version of a validation factor.
List of ValidationFactors.
List of ValidationFactors.
Exception to be generated whenever an entity's validation fails.
Represents a Validation rule which will generate ValidationError if the input entity fails to pass the check
Interface for the entity validators
This manager will look after verifiers that need to run against the imported XML document before import
to validate that the import can proceed.
Responsible for verifying the correctness of an XML backup.
This class will validate the correctness of an XML file to be imported into the currently running version of Crowd.
Tests updates to an application
Adds the ability to search for the users in an application by using the functionality of BrowsePrincipals.
Extension of the View Connector Action to allow for Delegated Directory Viewing
Tests to look at updating Crowd directories
Test class for testing the updating of a group in an external (LDAP) directory
Action to view the Principals for a given group
Please note that this page has two versions.
Test class for testing the updating of a group
Test class to test the setting of options in the Crowd Console
Tests the functionality of the View Principal page
Test class for testing the updating of a group
Tests of how the webapp is deployed in its container.
A Webhook is an application-provided HTTP endpoint that is pinged by Crowd to notify
the occurrence of certain events.
Persists
Webhooks.Persists Webhooks using Hibernate.
REST version of a validation factor (client-side).
REST version of a Webhook (server-side).
Strategy to decide the health of Webhooks.
Deprecated.
Use
ImmutableWebhook instead, since 3.6.0.Thrown to indicate that a Webhook does not exist on the server
Reacts to the outcome of Webhook notifications.
Reacts to the outcome of Webhook notifications by registering this outcome, updating the Webhook and,
if decided by the WebhookHealthStrategy, removing the Webhook.
A runnable that pings a Webhook and reports success or failure
Synchronously ping a Webhook.
A service interface that provides persistence for
Webhooks.A manager for Webhooks
Webhooks controller
Webhook service.
An implementation of WebhookService
Webhook management resource
A prototype to create Webhooks
A provider of avatars from public web services using the
Gravatar API.
Utility class for handling the X-Forwarded-For (XFF) HTTP request header.
This helper class, part of the SAML-based Single Sign-On Reference Tool,
serves to digitally sign XML files, given the contents of the XML file, and a
pair of public and private keys.
A generic mapper that contains helper methods and attributes to
map domain objects to database objects and vice-versa.
This class manages the import and export of Crowd's entity type's via
Mapper's
Each mapper has an exportXML() that process's each entity and writes all required relationship to an
XML element that is then returned to this class to be finally written to disk (on export).Utility class simplifying building
XMLObject and SAMLObject.A wrapper for XMLObjectSupport to allow using it as a component.
Interface for generating anti-XSRF tokens for web forms.
Interceptor to add XSRF token protection to XWork actions.
Event listener that is interested in changes to the XWork configuration
This test specifically targets https://jira.atlassian.com/browse/CWD-3880 ,
a vulnerability that allows EL expressions in XWork actions to traverse
the object graph to the classloader and call setters to change its configuration.
Event for XWork - Webwork change events
Manages two separate database transactions around the action execution and result execution
in XWork, using the Spring PlatformTransactionManager.
ApplicationorImmutableApplicationinstead.