Class ScimV2MappingServiceImpl

java.lang.Object
org.nuxeo.runtime.model.DefaultComponent
org.nuxeo.scim.v2.service.ScimV2MappingServiceImpl
All Implemented Interfaces:
Adaptable, Component, Extensible, TimestampedService, ScimV2MappingService

public class ScimV2MappingServiceImpl extends DefaultComponent implements ScimV2MappingService
This service is used to register the SCIM v2 mapping class.
Since:
2023.14
  • Field Details

  • Constructor Details

    • ScimV2MappingServiceImpl

      public ScimV2MappingServiceImpl()
  • Method Details

    • activate

      public void activate(ComponentContext context)
      Description copied from interface: Component
      Activates the component.

      This method is called by the runtime when a component is activated.

      Specified by:
      activate in interface Component
      Overrides:
      activate in class DefaultComponent
      Parameters:
      context - the runtime context
    • createNuxeoGroupFromGroupResource

      public DocumentModel createNuxeoGroupFromGroupResource(com.unboundid.scim2.common.types.GroupResource group) throws com.unboundid.scim2.common.exceptions.ScimException
      Description copied from interface: ScimV2MappingService
      Creates a Nuxeo group model according to the group resource.
      Specified by:
      createNuxeoGroupFromGroupResource in interface ScimV2MappingService
      Parameters:
      group - the group resource
      Returns:
      the created group
      Throws:
      com.unboundid.scim2.common.exceptions.ScimException - if an error occurred
    • createNuxeoUserFromUserResource

      public DocumentModel createNuxeoUserFromUserResource(com.unboundid.scim2.common.types.UserResource user) throws com.unboundid.scim2.common.exceptions.ScimException
      Description copied from interface: ScimV2MappingService
      Creates a Nuxeo user model according to the user resource.
      Specified by:
      createNuxeoUserFromUserResource in interface ScimV2MappingService
      Parameters:
      user - the user resource
      Returns:
      the created user
      Throws:
      com.unboundid.scim2.common.exceptions.ScimException - if an error occurred
    • deactivate

      public void deactivate(ComponentContext context)
      Description copied from interface: Component
      Deactivates the component.

      This method is called by the runtime when a component is deactivated.

      Specified by:
      deactivate in interface Component
      Overrides:
      deactivate in class DefaultComponent
      Parameters:
      context - the runtime context
    • getGroupResourceFromNuxeoGroup

      public com.unboundid.scim2.common.types.GroupResource getGroupResourceFromNuxeoGroup(DocumentModel groupModel, String baseURL) throws com.unboundid.scim2.common.exceptions.ScimException
      Description copied from interface: ScimV2MappingService
      Gets a group resource representation of a group model.
      Specified by:
      getGroupResourceFromNuxeoGroup in interface ScimV2MappingService
      Parameters:
      groupModel - the group model
      baseURL - the location base URL of the SCIM group object
      Returns:
      the group resource
      Throws:
      com.unboundid.scim2.common.exceptions.ScimException - if an error occurred
    • getMapping

      public ScimV2Mapping getMapping()
      Description copied from interface: ScimV2MappingService
      Gets the contributed SCIM mapping.
      Specified by:
      getMapping in interface ScimV2MappingService
      Returns:
      the contributed scim mapping
    • getUserResourceFromNuxeoUser

      public com.unboundid.scim2.common.types.UserResource getUserResourceFromNuxeoUser(DocumentModel groupModel, String baseURL) throws com.unboundid.scim2.common.exceptions.ScimException
      Description copied from interface: ScimV2MappingService
      Gets a user resource representation of a user model.
      Specified by:
      getUserResourceFromNuxeoUser in interface ScimV2MappingService
      Parameters:
      groupModel - the user model
      baseURL - the location base URL of the SCIM user object
      Returns:
      the user resource
      Throws:
      com.unboundid.scim2.common.exceptions.ScimException - if an error occurred
    • patchNuxeoGroup

      public void patchNuxeoGroup(String uid, com.unboundid.scim2.common.messages.PatchRequest patch) throws com.unboundid.scim2.common.exceptions.ScimException
      Description copied from interface: ScimV2MappingService
      Patches a Nuxeo group model according to the patch request.
      Specified by:
      patchNuxeoGroup in interface ScimV2MappingService
      Parameters:
      uid - the group uid
      patch - the patch request
      Throws:
      com.unboundid.scim2.common.exceptions.ScimException - if an error occurred
    • patchNuxeoUser

      public DocumentModel patchNuxeoUser(String uid, com.unboundid.scim2.common.messages.PatchRequest patch) throws com.unboundid.scim2.common.exceptions.ScimException
      Description copied from interface: ScimV2MappingService
      Patches a Nuxeo user model according to the patch request.
      Specified by:
      patchNuxeoUser in interface ScimV2MappingService
      Parameters:
      uid - the user uid
      patch - the patch request
      Returns:
      the patched user
      Throws:
      com.unboundid.scim2.common.exceptions.ScimException - if an error occurred
    • queryGroups

      public com.unboundid.scim2.common.messages.ListResponse<com.unboundid.scim2.common.ScimResource> queryGroups(ScimV2QueryContext queryCtx) throws com.unboundid.scim2.common.exceptions.ScimException
      Description copied from interface: ScimV2MappingService
      Searches for groups.
      Specified by:
      queryGroups in interface ScimV2MappingService
      Parameters:
      queryCtx - the query context
      Returns:
      the query result
      Throws:
      com.unboundid.scim2.common.exceptions.ScimException - if an error occurred
    • queryUsers

      public com.unboundid.scim2.common.messages.ListResponse<com.unboundid.scim2.common.ScimResource> queryUsers(ScimV2QueryContext queryCtx) throws com.unboundid.scim2.common.exceptions.ScimException
      Description copied from interface: ScimV2MappingService
      Searches for users.
      Specified by:
      queryUsers in interface ScimV2MappingService
      Parameters:
      queryCtx - the query context
      Returns:
      the query result
      Throws:
      com.unboundid.scim2.common.exceptions.ScimException - if an error occurred
    • registerContribution

      public void registerContribution(Object contribution, String extensionPoint, ComponentInstance contributor)
      Overrides:
      registerContribution in class DefaultComponent
    • start

      public void start(ComponentContext context)
      Description copied from interface: Component
      Start the component. This method is called after all the components were resolved and activated
      Specified by:
      start in interface Component
      Overrides:
      start in class DefaultComponent
    • unregisterContribution

      public void unregisterContribution(Object contribution, String extensionPoint, ComponentInstance contributor)
      Overrides:
      unregisterContribution in class DefaultComponent
    • updateNuxeoGroupFromGroupResource

      public DocumentModel updateNuxeoGroupFromGroupResource(String uid, com.unboundid.scim2.common.types.GroupResource group) throws com.unboundid.scim2.common.exceptions.ScimException
      Description copied from interface: ScimV2MappingService
      Updates a Nuxeo group model according to the group resource.
      Specified by:
      updateNuxeoGroupFromGroupResource in interface ScimV2MappingService
      Parameters:
      uid - the group uid
      group - the group resource
      Returns:
      the updated group
      Throws:
      com.unboundid.scim2.common.exceptions.ScimException - if an error occurred
    • updateNuxeoUserFromUserResource

      public DocumentModel updateNuxeoUserFromUserResource(String uid, com.unboundid.scim2.common.types.UserResource user) throws com.unboundid.scim2.common.exceptions.ScimException
      Description copied from interface: ScimV2MappingService
      Updates a Nuxeo user model according to the user resource.
      Specified by:
      updateNuxeoUserFromUserResource in interface ScimV2MappingService
      Parameters:
      uid - the user uid
      user - the user resource
      Returns:
      the updated user
      Throws:
      com.unboundid.scim2.common.exceptions.ScimException - if an error occurred
    • addMembersToNuxeoGroup

      protected void addMembersToNuxeoGroup(DocumentModel groupModel, List<com.unboundid.scim2.common.types.Member> members, boolean resetGroup)
    • getAttribute

      protected String getAttribute(com.unboundid.scim2.common.filters.Filter filter)
    • getPredicate

      protected Predicate getPredicate(com.unboundid.scim2.common.filters.Filter filter, ScimV2ResourceType type, BiFunction<String,Object,String> colMap) throws com.unboundid.scim2.common.exceptions.ScimException
      Throws:
      com.unboundid.scim2.common.exceptions.ScimException
    • getQueryBuilder

      protected QueryBuilder getQueryBuilder(Integer startIndex, Integer count, String filterString, String sortBy, boolean descending, ScimV2ResourceType type, BiFunction<String,Object,String> columnMapper) throws com.unboundid.scim2.common.exceptions.ScimException
      Throws:
      com.unboundid.scim2.common.exceptions.ScimException
    • getQueryBuilder

      protected QueryBuilder getQueryBuilder(com.unboundid.scim2.common.filters.Filter filter, ScimV2ResourceType type, BiFunction<String,Object,String> columnMapper) throws com.unboundid.scim2.common.exceptions.ScimException
      Throws:
      com.unboundid.scim2.common.exceptions.ScimException
    • getValue

      protected Object getValue(com.unboundid.scim2.common.filters.Filter filter)
    • handleNoGroupMemberMatch

      protected void handleNoGroupMemberMatch(List<com.unboundid.scim2.common.types.Member> members, com.unboundid.scim2.common.messages.PatchOperation op) throws com.unboundid.scim2.common.exceptions.BadRequestException
      Throws:
      com.unboundid.scim2.common.exceptions.BadRequestException
    • isCaseSensitive

      protected boolean isCaseSensitive(String attribute, ScimV2ResourceType type)
    • mapGroupColumnName

      protected String mapGroupColumnName(String column, Object filterValue)
    • mapGroupMemberAttributeName

      protected String mapGroupMemberAttributeName(String scimAttribute, Object filterValue)
    • mapUserColumnName

      protected String mapUserColumnName(String column, Object filterValue)
    • mapUserMemberAttributeName

      protected String mapUserMemberAttributeName(String scimAttribute, Object filterValue)
    • parseFilters

      protected Predicate parseFilters(String filterString, ScimV2ResourceType type, BiFunction<String,Object,String> columnMapper) throws com.unboundid.scim2.common.exceptions.ScimException
      Throws:
      com.unboundid.scim2.common.exceptions.ScimException
    • patchGroup

      protected void patchGroup(DocumentModel groupModel, com.unboundid.scim2.common.messages.PatchRequest patch) throws com.unboundid.scim2.common.exceptions.ScimException
      Patches the given group model according to the given patch request, e.g.:
      
       {
         "schemas":["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
         "Operations":[
           {
             "op":"replace",
             "path":"displayName",
             "value":"updatedDisplayName"
           },
           {
             "op":"add",
             "path":"members",
             "value":[
               {
                 "value":"joe"
               },
               {
                 "value":"jack"
               }
             ]
           }
         ]
       }
       
      The attributes other than "members", such as "displayName", are patched by using JSON patch, as provided by PatchOperation.apply(ObjectNode). The patch operation is applied to the GroupResource representing the group model. Then, the group model is updated following the mapping defined by ScimV2Mapping.patchGroup(DocumentModel, GroupResource).

      The "members" attribute is patched by using directly the UserManager to update the "members" and "subGroups" properties of the given group model. Basically, we iterate on the member ids passed in the patch request ("value" sub-attribute) to incrementally add/remove/replace each user member (relying in its groups) or subgroup (relying on its parent groups).

      This allows to never fetch the Nuxeo group's members and subgroups. Thus, it avoids storing potentially large lists of users/group DocumentModels in memory and the JSON serialization of such large lists.

      Throws:
      com.unboundid.scim2.common.exceptions.ScimException
    • patchGroupJSONPatch

      protected void patchGroupJSONPatch(DocumentModel groupModel, com.unboundid.scim2.common.messages.PatchOperation op) throws com.unboundid.scim2.common.exceptions.ScimException
      Patches the given group model according to the given patch operation using JSON patch.
      Throws:
      com.unboundid.scim2.common.exceptions.ScimException
    • patchGroupWithoutPath

      protected void patchGroupWithoutPath(DocumentModel groupModel, com.unboundid.scim2.common.messages.PatchOperation op) throws com.unboundid.scim2.common.exceptions.ScimException
      Patches the given group model according to the given patch operation without any "path" attribute, e.g.:
      
       {
         "op":"add",
         "value":{
           "displayName":"updatedDisplayName"
           "members":[
             {
               "value":"joe"
             },
             {
               "value":"jack"
             }
           ]
         }
       }
       
      Throws:
      com.unboundid.scim2.common.exceptions.ScimException
    • patchGroupWithPath

      protected void patchGroupWithPath(DocumentModel groupModel, com.unboundid.scim2.common.messages.PatchOperation op) throws com.unboundid.scim2.common.exceptions.ScimException
      Patches the given group model according to the given patch operation with a "path" attribute, e.g.:
      
       {
         "op":"add",
         "path":"members"
          "value":[
            {
              "value":"joe"
             },
             {
               "value":"jack"
             }
          ]
       }
       
      Throws:
      com.unboundid.scim2.common.exceptions.ScimException
    • patchGroupWithoutFilter

      protected void patchGroupWithoutFilter(DocumentModel groupModel, com.unboundid.scim2.common.messages.PatchOperation op) throws com.unboundid.scim2.common.exceptions.ScimException
      Patches the given group model according to the given patch operation with a "path" attribute and no value filter specified, e.g.:
      
       {
         "op":"remove",
         "path":"members"
       }
       
      Throws:
      com.unboundid.scim2.common.exceptions.ScimException
    • patchGroupWithFilter

      protected void patchGroupWithFilter(DocumentModel groupModel, com.unboundid.scim2.common.messages.PatchOperation op, com.unboundid.scim2.common.filters.Filter filter) throws com.unboundid.scim2.common.exceptions.ScimException
      Patches the given group model according to the given patch operation with a "path" attribute and a value filter specified, e.g.:
      
       {
         "op":"remove",
         "path":"members[value sw \"userIdPrefix\"]"
       }
       
      Throws:
      com.unboundid.scim2.common.exceptions.ScimException
    • patchScimResource

      protected com.unboundid.scim2.common.ScimResource patchScimResource(com.unboundid.scim2.common.ScimResource resource, com.unboundid.scim2.common.messages.PatchRequest patch) throws com.unboundid.scim2.common.exceptions.ScimException
      Throws:
      com.unboundid.scim2.common.exceptions.ScimException
    • patchScimResource

      protected com.unboundid.scim2.common.ScimResource patchScimResource(com.unboundid.scim2.common.ScimResource resource, com.unboundid.scim2.common.messages.PatchOperation patchOperation) throws com.unboundid.scim2.common.exceptions.ScimException
      Throws:
      com.unboundid.scim2.common.exceptions.ScimException
    • queryResources

      protected com.unboundid.scim2.common.messages.ListResponse<com.unboundid.scim2.common.ScimResource> queryResources(ScimV2QueryContext queryCtx, ScimV2ResourceType type) throws com.unboundid.scim2.common.exceptions.ScimException
      Throws:
      com.unboundid.scim2.common.exceptions.ScimException
    • removeMembersFromNuxeoGroup

      protected void removeMembersFromNuxeoGroup(DocumentModel groupModel, List<com.unboundid.scim2.common.types.Member> members)
    • resetGroupMembers

      protected void resetGroupMembers(DocumentModel groupModel)
    • searchGroupMembers

      protected List<com.unboundid.scim2.common.types.Member> searchGroupMembers(com.unboundid.scim2.common.filters.Filter filter) throws com.unboundid.scim2.common.exceptions.ScimException
      Throws:
      com.unboundid.scim2.common.exceptions.ScimException
    • searchUserMembers

      protected List<com.unboundid.scim2.common.types.Member> searchUserMembers(com.unboundid.scim2.common.filters.Filter filter) throws com.unboundid.scim2.common.exceptions.ScimException
      Throws:
      com.unboundid.scim2.common.exceptions.ScimException