Example 6 with DebugTimer
use of org.apache.jackrabbit.oak.commons.DebugTimer in project jackrabbit-oak by apache.
the class LdapIdentityProvider method getUser.
@Override
public ExternalUser getUser(@Nonnull String userId) throws ExternalIdentityException {
DebugTimer timer = new DebugTimer();
LdapConnection connection = connect();
timer.mark("connect");
try {
Entry entry = getEntry(connection, config.getUserConfig(), userId, config.getCustomAttributes());
timer.mark("lookup");
if (log.isDebugEnabled()) {
log.debug("getUser({}) {}", userId, timer.getString());
}
if (entry != null) {
return createUser(entry, userId);
} else {
return null;
}
} catch (LdapException e) {
throw lookupFailedException(e, timer);
} catch (CursorException e) {
throw lookupFailedException(e, timer);
} finally {
disconnect(connection);
}
}
Also used :
DebugTimer(org.apache.jackrabbit.oak.commons.DebugTimer)
Entry(org.apache.directory.api.ldap.model.entry.Entry)
SearchResultEntry(org.apache.directory.api.ldap.model.message.SearchResultEntry)
CursorException(org.apache.directory.api.ldap.model.cursor.CursorException)
LdapException(org.apache.directory.api.ldap.model.exception.LdapException)
LdapConnection(org.apache.directory.ldap.client.api.LdapConnection)
Example 7 with DebugTimer
use of org.apache.jackrabbit.oak.commons.DebugTimer in project jackrabbit-oak by apache.
the class LdapIdentityProvider method getDeclaredMemberRefs.
/**
* Collects the declared (direct) members of a group
* @param ref the reference to the group
* @return map of identity refers
* @throws ExternalIdentityException if an error occurs
*/
Map<String, ExternalIdentityRef> getDeclaredMemberRefs(ExternalIdentityRef ref) throws ExternalIdentityException {
if (!isMyRef(ref)) {
return Collections.emptyMap();
}
LdapConnection connection = null;
try {
Map<String, ExternalIdentityRef> members = new HashMap<String, ExternalIdentityRef>();
DebugTimer timer = new DebugTimer();
connection = connect();
timer.mark("connect");
Entry entry = connection.lookup(ref.getId());
timer.mark("lookup");
Attribute attr = entry.get(config.getGroupMemberAttribute());
if (attr == null) {
log.warn("LDAP group does not have configured attribute: {}", config.getGroupMemberAttribute());
} else {
for (Value value : attr) {
ExternalIdentityRef memberRef = new ExternalIdentityRef(value.getString(), this.getName());
members.put(memberRef.getId(), memberRef);
}
}
timer.mark("iterate");
if (log.isDebugEnabled()) {
log.debug("members lookup of {} found {} members. {}", ref.getId(), members.size(), timer.getString());
}
return members;
} catch (Exception e) {
String msg = "Error during ldap group members lookup.";
log.error(msg, e);
throw new ExternalIdentityException(msg, e);
} finally {
disconnect(connection);
}
}
Also used :
DebugTimer(org.apache.jackrabbit.oak.commons.DebugTimer)
Entry(org.apache.directory.api.ldap.model.entry.Entry)
SearchResultEntry(org.apache.directory.api.ldap.model.message.SearchResultEntry)
HashMap(java.util.HashMap)
ExternalIdentityRef(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef)
Attribute(org.apache.directory.api.ldap.model.entry.Attribute)
Value(org.apache.directory.api.ldap.model.entry.Value)
ExternalIdentityException(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException)
LoginException(javax.security.auth.login.LoginException)
LdapInvalidAttributeValueException(org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException)
LdapAuthenticationException(org.apache.directory.api.ldap.model.exception.LdapAuthenticationException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
CursorException(org.apache.directory.api.ldap.model.cursor.CursorException)
NoSuchElementException(java.util.NoSuchElementException)
IOException(java.io.IOException)
ExternalIdentityException(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException)
LdapException(org.apache.directory.api.ldap.model.exception.LdapException)
LdapConnection(org.apache.directory.ldap.client.api.LdapConnection)
Example 8 with DebugTimer
use of org.apache.jackrabbit.oak.commons.DebugTimer in project jackrabbit-oak by apache.
the class DefaultSyncContext method syncMembership.
/**
* Recursively sync the memberships of an authorizable up-to the specified depth. If the given depth
* is equal or less than 0, no syncing is performed.
*
* @param external the external identity
* @param auth the authorizable
* @param depth recursion depth.
* @throws RepositoryException
*/
protected void syncMembership(@Nonnull ExternalIdentity external, @Nonnull Authorizable auth, long depth) throws RepositoryException {
if (depth <= 0) {
return;
}
if (log.isDebugEnabled()) {
log.debug("Syncing membership '{}' -> '{}'", external.getExternalId().getString(), auth.getID());
}
final DebugTimer timer = new DebugTimer();
Iterable<ExternalIdentityRef> externalGroups;
try {
externalGroups = external.getDeclaredGroups();
} catch (ExternalIdentityException e) {
log.error("Error while retrieving external declared groups for '{}'", external.getId(), e);
return;
}
timer.mark("fetching");
// first get the set of the existing groups that are synced ones
Map<String, Group> declaredExternalGroups = new HashMap<String, Group>();
Iterator<Group> grpIter = auth.declaredMemberOf();
while (grpIter.hasNext()) {
Group grp = grpIter.next();
if (isSameIDP(grp)) {
declaredExternalGroups.put(grp.getID(), grp);
}
}
timer.mark("reading");
for (ExternalIdentityRef ref : externalGroups) {
log.debug("- processing membership {}", ref.getId());
// get group
ExternalGroup extGroup;
try {
ExternalIdentity extId = idp.getIdentity(ref);
if (extId instanceof ExternalGroup) {
extGroup = (ExternalGroup) extId;
} else {
log.warn("No external group found for ref '{}'.", ref.getString());
continue;
}
} catch (ExternalIdentityException e) {
log.warn("Unable to retrieve external group '{}' from provider.", ref.getString(), e);
continue;
}
log.debug("- idp returned '{}'", extGroup.getId());
Group grp;
Authorizable a = userManager.getAuthorizable(extGroup.getId());
if (a == null) {
grp = createGroup(extGroup);
log.debug("- created new group");
} else if (a.isGroup() && isSameIDP(a)) {
grp = (Group) a;
} else {
log.warn("Existing authorizable '{}' is not a group from this IDP '{}'.", extGroup.getId(), idp.getName());
continue;
}
log.debug("- user manager returned '{}'", grp);
syncGroup(extGroup, grp);
// ensure membership
grp.addMember(auth);
log.debug("- added '{}' as member to '{}'", auth, grp);
// remember the declared group
declaredExternalGroups.remove(grp.getID());
// recursively apply further membership
if (depth > 1) {
log.debug("- recursively sync group membership of '{}' (depth = {}).", grp.getID(), depth);
syncMembership(extGroup, grp, depth - 1);
} else {
log.debug("- group nesting level for '{}' reached", grp.getID());
}
}
timer.mark("adding");
// remove us from the lost membership groups
for (Group grp : declaredExternalGroups.values()) {
grp.removeMember(auth);
log.debug("- removing member '{}' for group '{}'", auth.getID(), grp.getID());
}
if (log.isDebugEnabled()) {
timer.mark("removing");
log.debug("syncMembership({}) {}", external.getId(), timer.getString());
}
}
Also used :
DebugTimer(org.apache.jackrabbit.oak.commons.DebugTimer)
Group(org.apache.jackrabbit.api.security.user.Group)
ExternalGroup(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalGroup)
ExternalIdentityRef(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef)
HashMap(java.util.HashMap)
ExternalGroup(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalGroup)
ExternalIdentity(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentity)
Authorizable(org.apache.jackrabbit.api.security.user.Authorizable)
ExternalIdentityException(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException)
Example 9 with DebugTimer
use of org.apache.jackrabbit.oak.commons.DebugTimer in project jackrabbit-oak by apache.
the class ExternalLoginModule method validateUser.
/**
* Initiates synchronization of a possible remove user
* @param id the user id
*/
private void validateUser(@Nonnull String id) throws SyncException {
SyncContext context = null;
try {
Root root = getRoot();
if (root == null) {
throw new SyncException("Cannot synchronize user. root == null");
}
UserManager userManager = getUserManager();
if (userManager == null) {
throw new SyncException("Cannot synchronize user. userManager == null");
}
DebugTimer timer = new DebugTimer();
context = syncHandler.createContext(idp, userManager, new ValueFactoryImpl(root, NamePathMapper.DEFAULT));
context.sync(id);
timer.mark("sync");
root.commit();
timer.mark("commit");
debug("validateUser({}) {}", id, timer.getString());
} catch (CommitFailedException e) {
throw new SyncException("User synchronization failed during commit.", e);
} finally {
if (context != null) {
context.close();
}
}
}
Also used :
DebugTimer(org.apache.jackrabbit.oak.commons.DebugTimer)
Root(org.apache.jackrabbit.oak.api.Root)
UserManager(org.apache.jackrabbit.api.security.user.UserManager)
ValueFactoryImpl(org.apache.jackrabbit.oak.plugins.value.jcr.ValueFactoryImpl)
SyncException(org.apache.jackrabbit.oak.spi.security.authentication.external.SyncException)
SyncContext(org.apache.jackrabbit.oak.spi.security.authentication.external.SyncContext)
CommitFailedException(org.apache.jackrabbit.oak.api.CommitFailedException)
Example 10 with DebugTimer
use of org.apache.jackrabbit.oak.commons.DebugTimer in project jackrabbit-oak by apache.
the class DefaultSyncContext method sync.
/**
* {@inheritDoc}
*/
@Nonnull
@Override
public SyncResult sync(@Nonnull String id) throws SyncException {
try {
DebugTimer timer = new DebugTimer();
DefaultSyncResultImpl ret;
// find authorizable
Authorizable auth = userManager.getAuthorizable(id);
if (auth == null) {
return new DefaultSyncResultImpl(new DefaultSyncedIdentity(id, null, false, -1), SyncResult.Status.NO_SUCH_AUTHORIZABLE);
}
// check if we need to deal with this authorizable
ExternalIdentityRef ref = getIdentityRef(auth);
if (ref == null || !isSameIDP(ref)) {
return new DefaultSyncResultImpl(new DefaultSyncedIdentity(id, ref, auth.isGroup(), -1), SyncResult.Status.FOREIGN);
}
if (auth.isGroup()) {
ExternalGroup external = idp.getGroup(id);
timer.mark("retrieve");
if (external == null) {
ret = handleMissingIdentity(id, auth, timer);
} else {
ret = syncGroup(external, (Group) auth);
timer.mark("sync");
}
} else {
ExternalUser external = idp.getUser(id);
timer.mark("retrieve");
if (external == null) {
ret = handleMissingIdentity(id, auth, timer);
} else {
ret = syncUser(external, (User) auth);
timer.mark("sync");
}
}
if (log.isDebugEnabled()) {
log.debug("sync({}) -> {} {}", id, ref.getString(), timer.getString());
}
return ret;
} catch (RepositoryException e) {
throw new SyncException(e);
} catch (ExternalIdentityException e) {
throw new SyncException(e);
}
}
Also used :
DebugTimer(org.apache.jackrabbit.oak.commons.DebugTimer)
Group(org.apache.jackrabbit.api.security.user.Group)
ExternalGroup(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalGroup)
User(org.apache.jackrabbit.api.security.user.User)
ExternalUser(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser)
ExternalIdentityRef(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef)
ExternalGroup(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalGroup)
ExternalUser(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser)
Authorizable(org.apache.jackrabbit.api.security.user.Authorizable)
RepositoryException(javax.jcr.RepositoryException)
SyncException(org.apache.jackrabbit.oak.spi.security.authentication.external.SyncException)
ExternalIdentityException(org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException)
Nonnull(javax.annotation.Nonnull)
Aggregations
DebugTimer (org.apache.jackrabbit.oak.commons.DebugTimer)10
CursorException (org.apache.directory.api.ldap.model.cursor.CursorException)5
LdapException (org.apache.directory.api.ldap.model.exception.LdapException)5
LdapConnection (org.apache.directory.ldap.client.api.LdapConnection)5
ExternalIdentityException (org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException)5
ExternalIdentityRef (org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef)5
Entry (org.apache.directory.api.ldap.model.entry.Entry)4
SearchResultEntry (org.apache.directory.api.ldap.model.message.SearchResultEntry)4
SyncException (org.apache.jackrabbit.oak.spi.security.authentication.external.SyncException)4
IOException (java.io.IOException)3
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3
HashMap (java.util.HashMap)3
NoSuchElementException (java.util.NoSuchElementException)3
LoginException (javax.security.auth.login.LoginException)3
LdapAuthenticationException (org.apache.directory.api.ldap.model.exception.LdapAuthenticationException)3
LdapInvalidAttributeValueException (org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException)3
Group (org.apache.jackrabbit.api.security.user.Group)3
ExternalGroup (org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalGroup)3
ExternalUser (org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser)3
Nonnull (javax.annotation.Nonnull)2
