Author: angela
Date: Wed Feb 8 16:10:30 2017
New Revision: 1782213
URL: http://svn.apache.org/viewvc?rev=1782213&view=rev
Log:
OAK-5210 : Ability to resolve principal name from ExternalIdentityRef without
IDP roundtrip (merging rev. 1782196)
Added:
jackrabbit/oak/branches/1.6/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/PrincipalNameResolver.java
- copied unchanged from r1782196,
jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/PrincipalNameResolver.java
jackrabbit/oak/branches/1.6/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/PrincipalResolutionTest.java
- copied unchanged from r1782196,
jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/PrincipalResolutionTest.java
jackrabbit/oak/branches/1.6/oak-run/src/main/java/org/apache/jackrabbit/oak/benchmark/authentication/external/PrincipalNameResolutionTest.java
- copied unchanged from r1782196,
jackrabbit/oak/trunk/oak-run/src/main/java/org/apache/jackrabbit/oak/benchmark/authentication/external/PrincipalNameResolutionTest.java
Modified:
jackrabbit/oak/branches/1.6/ (props changed)
jackrabbit/oak/branches/1.6/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DynamicSyncContext.java
jackrabbit/oak/branches/1.6/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/package-info.java
jackrabbit/oak/branches/1.6/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java
jackrabbit/oak/branches/1.6/oak-auth-ldap/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapProviderTest.java
jackrabbit/oak/branches/1.6/oak-doc/src/site/markdown/security/authentication/external/dynamic.md
jackrabbit/oak/branches/1.6/oak-doc/src/site/markdown/security/authentication/identitymanagement.md
jackrabbit/oak/branches/1.6/oak-doc/src/site/markdown/security/authentication/ldap.md
jackrabbit/oak/branches/1.6/oak-run/src/main/java/org/apache/jackrabbit/oak/benchmark/BenchmarkRunner.java
jackrabbit/oak/branches/1.6/oak-run/src/main/java/org/apache/jackrabbit/oak/benchmark/authentication/external/AbstractExternalTest.java
Propchange: jackrabbit/oak/branches/1.6/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed Feb 8 16:10:30 2017
@@ -1,3 +1,3 @@
/jackrabbit/oak/branches/1.0:1665962
-/jackrabbit/oak/trunk:1781068,1781075,1781386,1781846,1781907,1782000
+/jackrabbit/oak/trunk:1781068,1781075,1781386,1781846,1781907,1782000,1782196
/jackrabbit/trunk:1345480
Modified:
jackrabbit/oak/branches/1.6/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DynamicSyncContext.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.6/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DynamicSyncContext.java?rev=1782213&r1=1782212&r2=1782213&view=diff
==============================================================================
---
jackrabbit/oak/branches/1.6/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DynamicSyncContext.java
(original)
+++
jackrabbit/oak/branches/1.6/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DynamicSyncContext.java
Wed Feb 8 16:10:30 2017
@@ -32,6 +32,7 @@ import org.apache.jackrabbit.oak.spi.sec
import
org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityProvider;
import
org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef;
import
org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser;
+import
org.apache.jackrabbit.oak.spi.security.authentication.external.PrincipalNameResolver;
import
org.apache.jackrabbit.oak.spi.security.authentication.external.SyncException;
import
org.apache.jackrabbit.oak.spi.security.authentication.external.SyncResult;
import
org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncConfig;
@@ -150,17 +151,22 @@ public class DynamicSyncContext extends
* @throws ExternalIdentityException If an error occurs while resolving
the the external group references.
*/
private void collectPrincipalNames(@Nonnull Set<String> principalNames,
@Nonnull Iterable<ExternalIdentityRef> declaredGroupIdRefs, long depth) throws
ExternalIdentityException {
+ boolean shortcut = (depth <= 1 && idp instanceof
PrincipalNameResolver);
for (ExternalIdentityRef ref : declaredGroupIdRefs) {
- // get group
- ExternalIdentity extId = idp.getIdentity(ref);
- if (extId instanceof ExternalGroup) {
- principalNames.add(extId.getPrincipalName());
- // recursively apply further membership until the configured
depth is reached
- if (depth > 1) {
- collectPrincipalNames(principalNames,
extId.getDeclaredGroups(), depth - 1);
- }
+ if (shortcut) {
+ principalNames.add(((PrincipalNameResolver)
idp).fromExternalIdentityRef(ref));
} else {
- log.debug("Not an external group ({}) => ignore.", extId);
+ // get group from the IDP
+ ExternalIdentity extId = idp.getIdentity(ref);
+ if (extId instanceof ExternalGroup) {
+ principalNames.add(extId.getPrincipalName());
+ // recursively apply further membership until the
configured depth is reached
+ if (depth > 1) {
+ collectPrincipalNames(principalNames,
extId.getDeclaredGroups(), depth - 1);
+ }
+ } else {
+ log.debug("Not an external group ({}) => ignore.", extId);
+ }
}
}
}
Modified:
jackrabbit/oak/branches/1.6/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/package-info.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.6/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/package-info.java?rev=1782213&r1=1782212&r2=1782213&view=diff
==============================================================================
---
jackrabbit/oak/branches/1.6/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/package-info.java
(original)
+++
jackrabbit/oak/branches/1.6/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/package-info.java
Wed Feb 8 16:10:30 2017
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-@Version("2.2.0")
+@Version("2.3.0")
@Export
package org.apache.jackrabbit.oak.spi.security.authentication.external;
Modified:
jackrabbit/oak/branches/1.6/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.6/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java?rev=1782213&r1=1782212&r2=1782213&view=diff
==============================================================================
---
jackrabbit/oak/branches/1.6/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java
(original)
+++
jackrabbit/oak/branches/1.6/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java
Wed Feb 8 16:10:30 2017
@@ -78,6 +78,7 @@ import org.apache.jackrabbit.oak.spi.sec
import
org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityProvider;
import
org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef;
import
org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser;
+import
org.apache.jackrabbit.oak.spi.security.authentication.external.PrincipalNameResolver;
import org.apache.jackrabbit.util.Text;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -93,7 +94,7 @@ import org.slf4j.LoggerFactory;
policy = ConfigurationPolicy.REQUIRE
)
@Service
-public class LdapIdentityProvider implements ExternalIdentityProvider {
+public class LdapIdentityProvider implements ExternalIdentityProvider,
PrincipalNameResolver {
/**
* default logger
@@ -183,6 +184,15 @@ public class LdapIdentityProvider implem
}
}
+ //----------------------------------------------< PrincipalNameResolver
>---
+ @Nonnull
+ @Override
+ public String fromExternalIdentityRef(@Nonnull ExternalIdentityRef
externalIdentityRef) throws ExternalIdentityException {
+ if (!isMyRef(externalIdentityRef)) {
+ throw new ExternalIdentityException("Foreign IDP " +
externalIdentityRef.getString());
+ }
+ return externalIdentityRef.getId();
+ }
//-------------------------------------------< ExternalIdentityProvider
>---
@Nonnull
Modified:
jackrabbit/oak/branches/1.6/oak-auth-ldap/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapProviderTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.6/oak-auth-ldap/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapProviderTest.java?rev=1782213&r1=1782212&r2=1782213&view=diff
==============================================================================
---
jackrabbit/oak/branches/1.6/oak-auth-ldap/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapProviderTest.java
(original)
+++
jackrabbit/oak/branches/1.6/oak-auth-ldap/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapProviderTest.java
Wed Feb 8 16:10:30 2017
@@ -35,6 +35,7 @@ import org.apache.jackrabbit.oak.securit
import
org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapProviderConfig;
import
org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalGroup;
import
org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentity;
+import
org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException;
import
org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef;
import
org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser;
import org.apache.jackrabbit.util.Text;
@@ -414,6 +415,26 @@ public class LdapProviderTest {
assertArrayEquals("Array must not contain empty strings", new String[]
{"a", "b" }, providerConfig.getCustomAttributes());
}
+ @Test
+ public void testResolvePrincipalNameUser() throws
ExternalIdentityException {
+ ExternalUser user = idp.getUser(TEST_USER5_UID);
+ assertNotNull(user);
+ assertEquals(user.getPrincipalName(),
idp.fromExternalIdentityRef(user.getExternalId()));
+ }
+
+ @Test
+ public void testResolvePrincipalNameGroup() throws
ExternalIdentityException {
+ ExternalGroup gr = idp.getGroup(TEST_GROUP1_NAME);
+ assertNotNull(gr);
+
+ assertEquals(gr.getPrincipalName(),
idp.fromExternalIdentityRef(gr.getExternalId()));
+ }
+
+ @Test(expected = ExternalIdentityException.class)
+ public void testResolvePrincipalNameForeignExtId() throws Exception {
+ idp.fromExternalIdentityRef(new ExternalIdentityRef("anyId",
"anotherProviderName"));
+ }
+
public static void assertIfEquals(String message, String[] expected,
Iterable<ExternalIdentityRef> result) {
List<String> dns = new LinkedList<String>();
for (ExternalIdentityRef ref: result) {
Modified:
jackrabbit/oak/branches/1.6/oak-doc/src/site/markdown/security/authentication/external/dynamic.md
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.6/oak-doc/src/site/markdown/security/authentication/external/dynamic.md?rev=1782213&r1=1782212&r2=1782213&view=diff
==============================================================================
---
jackrabbit/oak/branches/1.6/oak-doc/src/site/markdown/security/authentication/external/dynamic.md
(original)
+++
jackrabbit/oak/branches/1.6/oak-doc/src/site/markdown/security/authentication/external/dynamic.md
Wed Feb 8 16:10:30 2017
@@ -48,6 +48,12 @@ effects:
membership nesting depth)
- External groups will no longer be synchronised into the repository's user
management
but will only be available as `Principal`s (see section _User Management_
below).
+
+Note: as a further improvement the [PrincipalNameResolver] interface was
introduced
+in Oak 1.6.1 to allow for optimized resolution of a principal names from a
given
+`ExternalIdentityRef`. In order to benefit from that shortcut a given
implementation
+of `ExternalIdentityProvider` needs to also implement `PrincipalNameResolver`.
+See also [OAK-5210].
##### Automatic Membership
@@ -131,8 +137,10 @@ membership configuration.
[DefaultSyncContext]:
/oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/DefaultSyncContext.html
[DefaultSyncConfig]:
/oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/authentication/external/basic/DefaultSyncConfig.html
[ExternalIdentityProvider]:
/oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalIdentityProvider.html
+[PrincipalNameResolver]:
/oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/authentication/external/PrincipalNameResolver.html
[OAK-4101]: https://issues.apache.org/jira/browse/OAK-4101
[OAK-2687]: https://issues.apache.org/jira/browse/OAK-2687
[OAK-4087]: https://issues.apache.org/jira/browse/OAK-4087
[OAK-5194]: https://issues.apache.org/jira/browse/OAK-5194
-[OAK-5195]: https://issues.apache.org/jira/browse/OAK-5195
\ No newline at end of file
+[OAK-5195]: https://issues.apache.org/jira/browse/OAK-5195
+[OAK-5210]: https://issues.apache.org/jira/browse/OAK-5210
\ No newline at end of file
Modified:
jackrabbit/oak/branches/1.6/oak-doc/src/site/markdown/security/authentication/identitymanagement.md
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.6/oak-doc/src/site/markdown/security/authentication/identitymanagement.md?rev=1782213&r1=1782212&r2=1782213&view=diff
==============================================================================
---
jackrabbit/oak/branches/1.6/oak-doc/src/site/markdown/security/authentication/identitymanagement.md
(original)
+++
jackrabbit/oak/branches/1.6/oak-doc/src/site/markdown/security/authentication/identitymanagement.md
Wed Feb 8 16:10:30 2017
@@ -33,6 +33,7 @@ accounts such as needed for the [synchro
- [ExternalUser]
- [ExternalGroup]
- [ExternalIdentityRef]: reference to an external user/group consisting of id
and provider name.
+- [PrincipalNameResolver]: optimized lookup of principal name from
[ExternalIdentityRef]; see section [Dynamic Membership](external/dynamic.html)
and [OAK-5210] for details)
### Default Implementation
@@ -83,4 +84,6 @@ OSGi environment, please make sure it ge
[ExternalUser]:
/oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalUser.html
[ExternalGroup]:
/oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalGroup.html
[ExternalIdentityRef]:
/oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalIdentityRef.html
-[CustomExternalIdentityProvider]:
http://svn.apache.org/repos/asf/jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/security/authentication/external/CustomExternalIdentityProvider.java
\ No newline at end of file
+[CustomExternalIdentityProvider]:
http://svn.apache.org/repos/asf/jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/security/authentication/external/CustomExternalIdentityProvider.java
+[PrincipalNameResolver]:
/oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/authentication/external/PrincipalNameResolver.html
+[OAK-5210]: https://issues.apache.org/jira/browse/OAK-5210
\ No newline at end of file
Modified:
jackrabbit/oak/branches/1.6/oak-doc/src/site/markdown/security/authentication/ldap.md
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.6/oak-doc/src/site/markdown/security/authentication/ldap.md?rev=1782213&r1=1782212&r2=1782213&view=diff
==============================================================================
---
jackrabbit/oak/branches/1.6/oak-doc/src/site/markdown/security/authentication/ldap.md
(original)
+++
jackrabbit/oak/branches/1.6/oak-doc/src/site/markdown/security/authentication/ldap.md
Wed Feb 8 16:10:30 2017
@@ -39,6 +39,9 @@ Out of the box Oak comes with the follow
#### LDAP Identity Provider
The [LdapIdentityProvider] is a service implementing the
[ExternalIdentityProvider] interface.
+Since Oak 1.6.1 it also implements the [PrincipalNameResolver] interface to
allow
+for fast resolution from a given `ExternalIdentityRef` to a principal name as
an
+optimization for the [dynamic membership](external/dynamic.html) feature.
In an OSGi-base setup the configuration options required in order to establish
connections to the LDAP are obtained form the properties associated with the
service.
@@ -102,6 +105,7 @@ details about the external login module
<!-- references -->
[ExternalIdentityProvider]:
/oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalIdentityProvider.html
+[PrincipalNameResolver]:
/oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/authentication/external/PrincipalNameResolver.html
[SyncHandler]:
/oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/authentication/external/SyncHandler.html
[DefaultSyncHandler]:
/oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DefaultSyncHandler.html
[LdapIdentityProvider]:
/oak/docs/apidocs/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.html
Modified:
jackrabbit/oak/branches/1.6/oak-run/src/main/java/org/apache/jackrabbit/oak/benchmark/BenchmarkRunner.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.6/oak-run/src/main/java/org/apache/jackrabbit/oak/benchmark/BenchmarkRunner.java?rev=1782213&r1=1782212&r2=1782213&view=diff
==============================================================================
---
jackrabbit/oak/branches/1.6/oak-run/src/main/java/org/apache/jackrabbit/oak/benchmark/BenchmarkRunner.java
(original)
+++
jackrabbit/oak/branches/1.6/oak-run/src/main/java/org/apache/jackrabbit/oak/benchmark/BenchmarkRunner.java
Wed Feb 8 16:10:30 2017
@@ -40,6 +40,7 @@ import joptsimple.OptionSet;
import joptsimple.OptionSpec;
import org.apache.commons.io.FileUtils;
import
org.apache.jackrabbit.oak.benchmark.authentication.external.ExternalLoginTest;
+import
org.apache.jackrabbit.oak.benchmark.authentication.external.PrincipalNameResolutionTest;
import
org.apache.jackrabbit.oak.benchmark.authentication.external.SyncAllExternalUsersTest;
import
org.apache.jackrabbit.oak.benchmark.authentication.external.SyncExternalUsersTest;
import org.apache.jackrabbit.oak.benchmark.authorization.AceCreationTest;
@@ -153,6 +154,8 @@ public class BenchmarkRunner {
.withOptionalArg().ofType(Boolean.class).defaultsTo(Boolean.FALSE);
OptionSpec<String> autoMembership = parser.accepts("autoMembership",
"Ids of those groups a given external identity automatically become member of.")
.withOptionalArg().ofType(String.class).withValuesSeparatedBy(',');
+ OptionSpec<Integer> roundtripDelay = parser.accepts("roundtripDelay",
"Use simplified principal name lookup from ExtIdRef by specifying roundtrip
delay of value < 0.")
+ .withOptionalArg().ofType(Integer.class).defaultsTo(0);
OptionSpec<Boolean> transientWrites = parser.accepts("transient", "Do
not save data.")
.withOptionalArg().ofType(Boolean.class)
.defaultsTo(Boolean.FALSE);
@@ -431,6 +434,8 @@ public class BenchmarkRunner {
new ExternalLoginTest(numberOfUsers.value(options),
numberOfGroups.value(options), expiration.value(options),
dynamicMembership.value(options), autoMembership.values(options)),
new SyncAllExternalUsersTest(numberOfUsers.value(options),
numberOfGroups.value(options), expiration.value(options),
dynamicMembership.value(options), autoMembership.values(options)),
new SyncExternalUsersTest(numberOfUsers.value(options),
numberOfGroups.value(options), expiration.value(options),
dynamicMembership.value(options), autoMembership.values(options),
batchSize.value(options)),
+ new PrincipalNameResolutionTest(numberOfUsers.value(options),
numberOfGroups.value(options), expiration.value(options),
roundtripDelay.value(options)),
+
new HybridIndexTest(base.value(options), statsProvider),
new BundlingNodeTest(),
new PersistentCacheTest(statsProvider)
Modified:
jackrabbit/oak/branches/1.6/oak-run/src/main/java/org/apache/jackrabbit/oak/benchmark/authentication/external/AbstractExternalTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.6/oak-run/src/main/java/org/apache/jackrabbit/oak/benchmark/authentication/external/AbstractExternalTest.java?rev=1782213&r1=1782212&r2=1782213&view=diff
==============================================================================
---
jackrabbit/oak/branches/1.6/oak-run/src/main/java/org/apache/jackrabbit/oak/benchmark/authentication/external/AbstractExternalTest.java
(original)
+++
jackrabbit/oak/branches/1.6/oak-run/src/main/java/org/apache/jackrabbit/oak/benchmark/authentication/external/AbstractExternalTest.java
Wed Feb 8 16:10:30 2017
@@ -23,6 +23,7 @@ import java.util.List;
import java.util.Map;
import java.util.Random;
import java.util.Set;
+import java.util.concurrent.TimeUnit;
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
import javax.jcr.Credentials;
@@ -52,6 +53,7 @@ import org.apache.jackrabbit.oak.spi.sec
import
org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityProviderManager;
import
org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef;
import
org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser;
+import
org.apache.jackrabbit.oak.spi.security.authentication.external.PrincipalNameResolver;
import
org.apache.jackrabbit.oak.spi.security.authentication.external.SyncHandler;
import
org.apache.jackrabbit.oak.spi.security.authentication.external.SyncManager;
import
org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncConfig;
@@ -101,6 +103,7 @@ abstract class AbstractExternalTest exte
final SyncHandler syncHandler = new DefaultSyncHandler(syncConfig);
final ExternalIdentityProvider idp;
+ final long delay;
SyncManagerImpl syncManager;
ExternalIdentityProviderManager idpManager;
@@ -108,7 +111,16 @@ abstract class AbstractExternalTest exte
protected AbstractExternalTest(int numberOfUsers, int numberOfGroups,
long expTime, boolean dynamicMembership,
@Nonnull List<String> autoMembership) {
- idp = new TestIdentityProvider(numberOfUsers, numberOfGroups);
+ this(numberOfUsers, numberOfGroups, expTime, dynamicMembership,
autoMembership, 0);
+ }
+
+ protected AbstractExternalTest(int numberOfUsers, int numberOfGroups,
+ long expTime, boolean dynamicMembership,
+ @Nonnull List<String> autoMembership,
+ int roundtripDelay) {
+
+ idp = (roundtripDelay < 0) ? new
PrincipalResolvingProvider(numberOfUsers, numberOfGroups) : new
TestIdentityProvider(numberOfUsers, numberOfGroups);
+ delay = roundtripDelay;
syncConfig.user()
.setMembershipNestingDepth(1)
.setDynamicMembership(dynamicMembership)
@@ -116,6 +128,7 @@ abstract class AbstractExternalTest exte
.setExpirationTime(expTime).setPathPrefix(PATH_PREFIX);
syncConfig.group()
.setExpirationTime(expTime).setPathPrefix(PATH_PREFIX);
+
}
protected abstract Configuration createConfiguration();
@@ -237,7 +250,7 @@ abstract class AbstractExternalTest exte
}
}
- private final class TestIdentityProvider implements
ExternalIdentityProvider {
+ class TestIdentityProvider implements ExternalIdentityProvider {
private final int numberOfUsers;
private final int membershipSize;
@@ -261,6 +274,13 @@ abstract class AbstractExternalTest exte
if (id.charAt(0) == 'u') {
return new TestUser(index);
} else {
+ if (delay > 0) {
+ try {
+ TimeUnit.MILLISECONDS.sleep(delay);
+ } catch (InterruptedException e) {
+ e.printStackTrace();
+ }
+ }
return new TestGroup(index);
}
}
@@ -316,6 +336,19 @@ abstract class AbstractExternalTest exte
}
}
+ private class PrincipalResolvingProvider extends TestIdentityProvider
implements PrincipalNameResolver {
+
+ private PrincipalResolvingProvider(int numberOfUsers, int
membershipSize) {
+ super(numberOfUsers, membershipSize);
+ }
+
+ @Nonnull
+ @Override
+ public String fromExternalIdentityRef(@Nonnull ExternalIdentityRef
externalIdentityRef) {
+ return "p_" + externalIdentityRef.getId();
+ }
+ }
+
private class TestIdentity implements ExternalIdentity {
private final String userId;
