Package com.atlassian.crowd.directory.cache

Class DeltaQueryCacheRefresher

java.lang.Object
com.atlassian.crowd.directory.cache.DeltaQueryCacheRefresher
All Implemented Interfaces:
CacheRefresher
public class DeltaQueryCacheRefresher extends Object implements CacheRefresher
Performs delta queries on Microsoft Entra ID to facilitate incremental synchronisation. More details can be found at https://developer.microsoft.com/en-us/graph/docs/concepts/delta_query_overview

If no delta tokens are present a full synchronisation using Microsoft Entra ID's delta endpoints will be performed to obtain delta tokens for future incremental syncs.

As Microsoft Entra ID returns a diff of group memberships, this cache refresher will add/remove the memberships specified by Microsoft Entra ID instead of diffing current memberships with the ones obtained from the remote directory. This also causes a slight overhead due to the need to look up entity names for those memberships as Microsoft Entra ID only specifies external ids and Crowd needs names. To facilitate this the names for added/changed entities are added into a cache local to a synchronisation and the cache is then populated whenever a lookup is performed.

This CacheRefresher uses worker threads for synchronisation. There are two reasons for this:

  • Increasing performance by concurrently fetching both users and groups
  • Minimising the chance to have an outdated set of users and groups. As these are handled by two separate endpoints and use two separate tokens for tracking their state it's possible that one set will refer to outdated information. For example a user was added to a group and this information was fetched from the groups endpoint. However the user was deleted after that and the deletion was contained in the response from the users endpoint. Concurrent fetching reduces the window for such changes, however they are still possible.