edu.internet2.middleware.grouper.pspng

Class Provisioner<ConfigurationClass extends ProvisionerConfiguration,TSUserClass extends TargetSystemUser,TSGroupClass extends TargetSystemGroup>

java.lang.Object

edu.internet2.middleware.grouper.pspng.Provisioner<ConfigurationClass,TSUserClass,TSGroupClass>

Direct Known Subclasses:

LdapProvisioner, VoidProvisioner

public abstract class Provisioner<ConfigurationClass extends ProvisionerConfiguration,TSUserClass extends TargetSystemUser,TSGroupClass extends TargetSystemGroup>
extends Object

Top-Level provisioner class of PSPNG and is the superclass of Target-System-Specific subclasses. This class is generic so that User & Group objects that the subclasses need are cached and referenced directly in overridden methods. For example, an LDAP-provisioning subclass will receive both Subject and LdapUser information. This class is responsible for the following functionalities: -Mapping the grouper world of Subjects & Groups into User and Group objects specific to the target system -Caching both Grouper & Target-System information -Driving Incremental and FullSync operations -Keep track of what groups need to be full-synced (ie, there is a full-sync queue) While there are several abstract methods: fetchTargetSystemUsers & fetchTargetSystemGroups addMembership & deleteMembership createGroup & deleteGroup doFullSync & doFullSync_cleanupExtraGroups And that some subclasses can override the following method(s): createUser The Provisioner lifecycle is as follows: -Constructed(Name and ProvisionerConfiguration subclass) (setup empty caches) Invoked with a batch of changes -startProvisioningBatch(A collection of change events) (refresh caches as necessary, do any bulk fetching that will help provisioning go faster) -provisionItem or addMember/deleMembership/createGroup/deleteGroup (for each event in the batch) (Determine and/or make the necessary changes) -finishProvisioningBatch(A collection of change events) (Perform any batch updates that were determined, but not performed, by provisionItem step) (Clear any caches specific to batch) FullSync -Go through all Grouper groups and see which match the provisioner's selection filter -Run the subclass's doFullSync method for each group that matches -Run doFullSync_cleanupExtraGruops with the list of correct groups

Field Summary

Fields

Modifier and Type	Field and Description
static ThreadLocal<Provisioner>	activeProvisioner
protected ConfigurationClass	config
protected boolean	fullSyncMode Should this provisioner operate in Full-Sync mode? This might mean fetching all members of a group which can be expensive in an incremental-sync, but is worth the trouble in a full-sync.
protected org.slf4j.Logger	LOG
String	provisionerConfigName
String	provisionerDisplayName

Method Summary

Modifier and Type	Method and Description
protected abstract void	addMembership(GrouperGroupInfo grouperGroupInfo, TSGroupClass tsGroup, Subject subject, TSUserClass tsUser) Action method that handles membership additions where a person-subject is added to a group.
Set<GrouperGroupInfo>	allGroupsForProvisionerFromCache(String provisionerName)
static void	allGroupsForProvisionerFromCacheClear(String provisionerName)
protected void	cacheGroup(GrouperGroupInfo grouperGroupInfo, TSGroupClass newTSGroup) Store Group-->TSGroupClass mapping in long-term and short-term caches
static void	checkAttributeDefinitions() This creates any attributes missing within the etc:pspng: folder.
protected abstract TSGroupClass	createGroup(GrouperGroupInfo grouperGroup, Collection<Subject> initialMembers) Provisioning a new Group in the target system.
protected TSUserClass	createUser(Subject personSubject) Provisioning a new User account in the target system.
protected abstract void	deleteGroup(GrouperGroupInfo grouperGroupInfo, TSGroupClass tsGroup) Action method that handles group removal.
protected abstract void	deleteMembership(GrouperGroupInfo grouperGroupInfo, TSGroupClass tsGroup, Subject subject, TSUserClass tsUser) Abstract action method that handles membership removals.
protected abstract void	doFullSync_cleanupExtraGroups(JobStatistics stats) This method's responsibility is find extra groups within Grouper's responsibility that exist in the target system.
protected abstract boolean	doFullSync(GrouperGroupInfo grouperGroupInfo, TSGroupClass tsGroup, Set<Subject> correctSubjects, Map<Subject,TSUserClass> tsUserMap, Set<TSUserClass> correctTSUsers, JobStatistics stats) This method's responsibility is to make sure that group's only provisioned memberships are those of correctSubjects.
protected String	evaluateJexlExpression(String expressionName, String expression, Subject subject, TSUserClass tsUser, GrouperGroupInfo grouperGroupInfo, TSGroupClass tsGroup, Object... keysAndValues) Make a JexlMap that contains subject and group information and evaluate the given expression.
protected TSGroupClass	fetchTargetSystemGroup(GrouperGroupInfo grouperGroup) Lookup a single TSGroupClass for a single (grouper) Group.
protected abstract Map<GrouperGroupInfo,TSGroupClass>	fetchTargetSystemGroups(Collection<GrouperGroupInfo> grouperGroups) This fetches group information from the target system.
Map<GrouperGroupInfo,TSGroupClass>	fetchTargetSystemGroupsInBatches(Collection<GrouperGroupInfo> groupsToFetch) This method fetches an arbitrary number of groups from the target system.
protected TSUserClass	fetchTargetSystemUser(Subject personSubject) Lookup a single TSUserClass for a single Subject.
protected abstract Map<Subject,TSUserClass>	fetchTargetSystemUsers(Collection<Subject> personSubjects) This fetches user information from the target system.
List<ProvisioningWorkItem>	filterWorkItems(List<ProvisioningWorkItem> workItems) This method returns the work items that are supposed to be provisioned by calling shouldGroupBeProvisioned on each group mentioned by a workItem.
List<ProvisioningWorkItem>	filterWorkItems2(List<ProvisioningWorkItem> workItems) This method returns the work items that are supposed to be provisioned by calling shouldGroupBeProvisioned on each group mentioned by a workItem.
void	finishCoordination(List<ProvisioningWorkItem> workItems, boolean wasSuccessful) Provisioning is over.
void	finishProvisioningBatch(List<ProvisioningWorkItem> workItems)
protected void	flushCachesIfNecessary(List<ProvisioningWorkItem> allWorkItems) Look at the batch of workItems and flush caches necessary to process the entries properly.
Set<GrouperGroupInfo>	getAllGroupsForProvisioner() This method looks for groups that are marked for provisioning as determined by the GroupSelectionExpression.
Set<GrouperGroupInfo>	getAllGroupsForProvisioner2() This method looks for groups that are marked for provisioning as determined by the GroupSelectionExpression.
ConfigurationClass	getConfig()
String	getConfigName()
ProvisioningWorkItem	getCurrentWorkItem() Get the ProvisioningWorkItem that this provisioner is currently processing
String	getDisplayName()
protected GrouperGroupInfo	getGroupInfo(ProvisioningWorkItem workItem)
protected GrouperGroupInfo	getGroupInfoOfExistingGroup(Group group)
protected GrouperGroupInfo	getGroupInfoOfExistingGroup(String groupName)
protected Map<String,Object>	getGroupJexlMap(String expression, GrouperGroupInfo grouperGroupInfo)
JobStatistics	getJobStatistics() job stats for real time
static Class<? extends ProvisionerConfiguration>	getPropertyClass() This returns the configuration class needed by provisioners of this class.
protected Subject	getSubject(String subjectId, String sourceId)
protected static String	getSubjectCacheKey(String subjectId, String sourceId)
protected static String	getSubjectCacheKey(Subject subject)
TSUserClass	getTargetSystemUser(Subject subject)
static edu.internet2.middleware.grouperClient.util.ExpirableCache<String,edu.internet2.middleware.grouperClient.collections.MultiKey>	groupNameToMillisAndProvisionable(String provisionerConfigId)
boolean	isFullSyncMode()
protected void	populateJexlMap(String expression, Map<String,Object> variableMap, Subject subject, TSUserClass tsUser, GrouperGroupInfo grouperGroupInfo, TSGroupClass tsGroup) Overridable method to put group and subject information into the Jexl map for use during evaluation.
void	provisionBatchOfItems(List<ProvisioningWorkItem> allWorkItems)
protected void	provisionItem(ProvisioningWorkItem workItem) Dispatches an event to the right method, with generally useful parameters.
void	setCurrentWorkItem(ProvisioningWorkItem item)
void	setJobStatistics(JobStatistics jobStatistics) job stats for real time
protected boolean	shouldGroupBeProvisioned(GrouperGroupInfo grouperGroupInfo) Evaluate the GroupSelectionExpression to see if group should be processed by this provisioner.
protected boolean	shouldGroupBeProvisionedConsiderCache(GrouperGroupInfo grouperGroupInfo) Evaluate the GroupSelectionExpression to see if group should be processed by this provisioner.
protected boolean	shouldLogAboutMissingSubjects(Collection<Subject> subjectsToFetch, Collection<?> subjectsInfoFound) Were enough subjects missing from target system that we should log more information than normal to help track down why they were missing? Subclasses should use this in fetchTargetSystemUsers()
protected boolean	shouldWorkItemBeProcessed(ProvisioningWorkItem workItem) Used to filter workItems.
void	startCoordination(List<ProvisioningWorkItem> workItems) Lock the groups that we are about to process.
void	startProvisioningBatch(List<ProvisioningWorkItem> workItems) Get ready for a provisioning batch.
String	toString()
protected void	uncacheAllGroups() This removes all Group information from our caches
protected void	uncacheGroup(GrouperGroupInfo grouperGroupInfo, TSGroupClass tsGroup) The specified Grouper or TargetSystem group has changed, remove them from various caches, including hibernate L2 cache.
protected void	warnAboutCacheSizeConcerns()
boolean	workItemMightChangeGroupSelection(ProvisioningWorkItem workItem) Some changes (eg, labeling a folder for syncing) can have a large effect and are best handled with a complete sync of all groups.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

LOG

protected final org.slf4j.Logger LOG

provisionerDisplayName

public final String provisionerDisplayName

provisionerConfigName

public final String provisionerConfigName

fullSyncMode

protected final boolean fullSyncMode

Should this provisioner operate in Full-Sync mode? This might mean fetching all members of a group which can be expensive in an incremental-sync, but is worth the trouble in a full-sync.

config

protected final ConfigurationClass extends ProvisionerConfiguration config

activeProvisioner

public static final ThreadLocal<Provisioner> activeProvisioner

Method Detail

getJobStatistics

public JobStatistics getJobStatistics()

job stats for real time

Returns:

setJobStatistics

public void setJobStatistics(JobStatistics jobStatistics)

job stats for real time

Parameters:

jobStatistics -

checkAttributeDefinitions

public static void checkAttributeDefinitions()

This creates any attributes missing within the etc:pspng: folder.

addMembership

protected abstract void addMembership(GrouperGroupInfo grouperGroupInfo,
                                      TSGroupClass tsGroup,
                                      Subject subject,
                                      TSUserClass tsUser)
                               throws PspException

Action method that handles membership additions where a person-subject is added to a group. The top-level Provisioner class implementation is abstract, and, of course, this method is expected to be overridden by every provisioner subclass to accomplish something useful.

Parameters:

grouperGroupInfo - The group to which the subject needs to be added as a member

tsGroup - A TSGroupClass created for group by fetchTargetSystemGroup. This will be null for systems that do not need target system groups.

subject - The (person) subject that needs to be provisioned as a member of 'group'

tsUser - A TSUserClass created for the subject by fetchTargetSystemUser. This will be null for systems that do not need target system users.

Throws:

PspException

deleteMembership

protected abstract void deleteMembership(GrouperGroupInfo grouperGroupInfo,
                                         TSGroupClass tsGroup,
                                         Subject subject,
                                         TSUserClass tsUser)
                                  throws PspException

Abstract action method that handles membership removals. Note: This method is called for MembershipDelete events for a non-group member.

Parameters:

grouperGroupInfo - The group to which the subject needs to be removed as a member

tsGroup - TSGroupClass for the 'group.' This is null for systems that do not need target-system group info

subject - The subject that needs to be deprovisioned as a member of 'group'

tsUser - TSUserClass for the 'subject.' This is null for systems that do not need target-system user info

Throws:

PspException

createGroup

protected abstract TSGroupClass createGroup(GrouperGroupInfo grouperGroup,
                                            Collection<Subject> initialMembers)
                                     throws PspException

Provisioning a new Group in the target system. This must be overridden in provisioner subclasses that support creating groups. This will normally be called (with an empty members parameter) when provisioning-enabled groups are created in Grouper. However, when an empty group cannot be created (eg, an ldap group that _requires_ members) or when members are somehow already known, this may be called with a (non-empty) list of members.

Parameters:

grouperGroup -

initialMembers - What members should in the provisioned group once the method completes. This is generally empty during incremental/changelog-based provisioning, but may list users at other times.

Returns:

Throws:

PspException

deleteGroup

protected abstract void deleteGroup(GrouperGroupInfo grouperGroupInfo,
                                    TSGroupClass tsGroup)
                             throws PspException

Action method that handles group removal. The top-level Provisioner class implementation does nothing except log an error if the target system needs groups. This is expected to be overridden by subclasses if the target system needs groups, and do not call the super.deleteGroup version of this when you override it this

Parameters:

grouperGroupInfo -

tsGroup -

Throws:

PspException

doFullSync

protected abstract boolean doFullSync(GrouperGroupInfo grouperGroupInfo,
                                      TSGroupClass tsGroup,
                                      Set<Subject> correctSubjects,
                                      Map<Subject,TSUserClass> tsUserMap,
                                      Set<TSUserClass> correctTSUsers,
                                      JobStatistics stats)
                               throws PspException

This method's responsibility is to make sure that group's only provisioned memberships are those of correctSubjects. Extra subjects should be removed. Before this is called, the following have occurred: -a ProvisioningWorkItem was created representing the whole Full Sync, and it was marked as the current provisioning item -StartProvisioningBatch was called -TSGroupClass- and TSUserClass-caches are populated with the group and CORRECT Subjects Also, remember that fullSyncMode=true for provisioners doing full-sync, so TargetSystemUsers and TargetSystemGroups should have the extra information needed to facilitate full syncs.

Parameters:

grouperGroupInfo - Grouper group to fully synchronize with target system

tsGroup - TSGroupClass that maps to group.

correctSubjects - What subjects are members in the Grouper Registry

tsUserMap - Map of TargetSystemUsers which map to the correctSubjects. This will be empty for provisioners that do not use TargetSystemUsers.

correctTSUsers - A list of the TSUsers that correspond to correctSubjects. This might be a subset of the TSUsers in the tsUserMap.

stats - A holder of the number of changes the fullSync performs

Returns:

True when changes were made to target system

Throws:

PspException

doFullSync_cleanupExtraGroups

protected abstract void doFullSync_cleanupExtraGroups(JobStatistics stats)
                                               throws PspException

This method's responsibility is find extra groups within Grouper's responsibility that exist in the target system. These extra groups should be removed. Note: This is only called when grouperIsAuthoritative=true in the provisioner's properties. To avoid deleting newly created groups, implementations should follow the following: 1) Read all the provisioned information 2) Read all the groups that should be provisioned (getAllGroupsForProvisioner()) 3) Fetch group information from system (fetchTargetSystemGroupsInBatches(allGroupsForProvisioner) (if TSGroup objects are relevant) 4) Compare (1) & (3) and delete anything extra in (1)

Throws:

PspException

fetchTargetSystemGroups

protected abstract Map<GrouperGroupInfo,TSGroupClass> fetchTargetSystemGroups(Collection<GrouperGroupInfo> grouperGroups)
                                                                       throws PspException

This fetches group information from the target system. Subclasses that have TSGroupClass information need to override this. Subclasses that do not need TSGroupClass information should just return either an empty map (Collections.EMPTY_MAP) or null;. Note: The signature of this method is designed for batch fetching. If you cannot fetch batches of information, then loop through the provided groups and build a resulting map.

Parameters:

grouperGroups -

Returns:

Throws:

PspException

fetchTargetSystemUsers

protected abstract Map<Subject,TSUserClass> fetchTargetSystemUsers(Collection<Subject> personSubjects)
                                                            throws PspException

This fetches user information from the target system. Subclasses that have TSUserClass information need to override this. Subclasses that do not have TSUserClass should implement this so it returns either an empty map (Collections.EMPTY_MAP) or null. Note: The signature of this method is designed for batch fetching. If you cannot fetch batches of information, then loop through the provided users and build a resulting map.

Parameters:

personSubjects -

Returns:

Throws:

PspException

groupNameToMillisAndProvisionable

public static edu.internet2.middleware.grouperClient.util.ExpirableCache<String,edu.internet2.middleware.grouperClient.collections.MultiKey> groupNameToMillisAndProvisionable(String provisionerConfigId)

filterWorkItems2

public List<ProvisioningWorkItem> filterWorkItems2(List<ProvisioningWorkItem> workItems)
                                            throws PspException

This method returns the work items that are supposed to be provisioned by calling shouldGroupBeProvisioned on each group mentioned by a workItem. If a workItem's group is within the scope of this provisioner or if the workItem is not related to a group, then it is included in the returned list of work items that should be processed further. Otherwise, it is marked as completed and not returned. If the workItem is not to be processed,

Parameters:

workItems - WorkItems read from the triggering source (Changelog or messaging). This will include both events that affect groups and those that do not. Generally, we pass on non-group changes in case a provisioner wants to process them.

Returns:

The list of workItems that are to be provisioned

Throws:

PspException

filterWorkItems

public List<ProvisioningWorkItem> filterWorkItems(List<ProvisioningWorkItem> workItems)
                                           throws PspException

This method returns the work items that are supposed to be provisioned by calling shouldGroupBeProvisioned on each group mentioned by a workItem. If a workItem's group is within the scope of this provisioner or if the workItem is not related to a group, then it is included in the returned list of work items that should be processed further. Otherwise, it is marked as completed and not returned. If the workItem is not to be processed,

Parameters:

workItems - WorkItems read from the triggering source (Changelog or messaging). This will include both events that affect groups and those that do not. Generally, we pass on non-group changes in case a provisioner wants to process them.

Returns:

The list of workItems that are to be provisioned

Throws:

PspException

shouldWorkItemBeProcessed

protected boolean shouldWorkItemBeProcessed(ProvisioningWorkItem workItem)

Used to filter workItems. This can be overridden by a subclass that was unhappy with the default filter behaviors. If overriding this, eg, to accept additional changes into a provisioner, then it would probably be useful to look for those additional types of changes and then call the super version of this. Note: In addition to returning a boolean about skipping the work item, it is helpful if this method actually calls markAsSkipped(reason) so that a more detailed reason can be noted for skipping it. In other words, this method has the (optional) side effect of actually marking the item as skipped. Finally, if this method does _not_ mark the item as skipped, it will be marked as skipped with a generic message.

Parameters:

workItem -

Returns:

startCoordination

public void startCoordination(List<ProvisioningWorkItem> workItems)

Lock the groups that we are about to process. This will prevent simultaneous activity on them, which reduces the opportunities for duplicate provisioning operations that result in spurious error messages.

Parameters:

workItems -

finishCoordination

public void finishCoordination(List<ProvisioningWorkItem> workItems,
                               boolean wasSuccessful)

Provisioning is over. Time to unlock in order to allow other full- or incremental-sync to occur on them

Parameters:

workItems -

wasSuccessful -

startProvisioningBatch

public void startProvisioningBatch(List<ProvisioningWorkItem> workItems)
                            throws PspException

Get ready for a provisioning batch. If this is overridden, make sure you call super() at the beginning of your overridden version.

Parameters:

workItems -

Throws:

PspException

warnAboutCacheSizeConcerns

protected void warnAboutCacheSizeConcerns()

finishProvisioningBatch

public void finishProvisioningBatch(List<ProvisioningWorkItem> workItems)
                             throws PspException

Throws:

PspException

evaluateJexlExpression

protected final String evaluateJexlExpression(String expressionName,
                                              String expression,
                                              Subject subject,
                                              TSUserClass tsUser,
                                              GrouperGroupInfo grouperGroupInfo,
                                              TSGroupClass tsGroup,
                                              Object... keysAndValues)
                                       throws PspException

Make a JexlMap that contains subject and group information and evaluate the given expression.

Parameters:

expressionName -

expression -

subject -

tsUser -

grouperGroupInfo -

tsGroup -

keysAndValues - Key/Value pairs that will also be available within the Jexl's variable map

Returns:

Throws:

PspException

populateJexlMap

protected void populateJexlMap(String expression,
                               Map<String,Object> variableMap,
                               Subject subject,
                               TSUserClass tsUser,
                               GrouperGroupInfo grouperGroupInfo,
                               TSGroupClass tsGroup)

Overridable method to put group and subject information into the Jexl map for use during evaluation. If you override this, make sure to call super().populateElMap so the standard mappings will be included in addition to those you're adding.

Parameters:

variableMap - Map that will eventually be provided in Jexl evalutions

subject -

tsUser -

grouperGroupInfo -

tsGroup -

fetchTargetSystemGroupsInBatches

public Map<GrouperGroupInfo,TSGroupClass> fetchTargetSystemGroupsInBatches(Collection<GrouperGroupInfo> groupsToFetch)
                                                                    throws PspException

This method fetches an arbitrary number of groups from the target system. The configuration of the system defines a maximum-batch-fetch size (config.getGroupSearch_batchSize()), and this method breaks the given groups into appropriately-sized batches.

Parameters:

groupsToFetch -

Throws:

PspException

getTargetSystemUser

public TSUserClass getTargetSystemUser(Subject subject)
                                throws PspException

Throws:

PspException

cacheGroup

protected void cacheGroup(GrouperGroupInfo grouperGroupInfo,
                          TSGroupClass newTSGroup)

Store Group-->TSGroupClass mapping in long-term and short-term caches

Parameters:

grouperGroupInfo -

newTSGroup -

uncacheGroup

protected void uncacheGroup(GrouperGroupInfo grouperGroupInfo,
                            TSGroupClass tsGroup)

The specified Grouper or TargetSystem group has changed, remove them from various caches, including hibernate L2 cache. Only one parameter is needed

Parameters:

grouperGroupInfo -

tsGroup -

uncacheAllGroups

protected void uncacheAllGroups()

This removes all Group information from our caches

fetchTargetSystemUser

protected final TSUserClass fetchTargetSystemUser(Subject personSubject)
                                           throws PspException

Lookup a single TSUserClass for a single Subject. If you have several such mappings to look up, you should use the (plural version) fetchTargetSystemUsers( ) instead, as that will have an opportunity to do faster batch fetching. Note: This is final. Systems that have/need TargetSystemUsers need to override fetchTargetSystemUsers.

Parameters:

personSubject -

Returns:

Throws:

PspException

fetchTargetSystemGroup

protected final TSGroupClass fetchTargetSystemGroup(GrouperGroupInfo grouperGroup)
                                             throws PspException

Lookup a single TSGroupClass for a single (grouper) Group. If you have several such mappings to look up, you should use the (plural version) fetchTargetSystemGroups( ) instead, as that will have an opportunity to do faster batch fetching. Note: This is final. Systems that have/need TargetSystemGroups need to override fetchTargetSystemGroups.

Parameters:

grouperGroup -

Returns:

Throws:

PspException

createUser

protected TSUserClass createUser(Subject personSubject)
                          throws PspException

Provisioning a new User account in the target system. This must be overridden in provisioner subclasses that support creating user accounts. This is more used for provisioning testing, but can be supported in production when provisioning can be done with just the information stored in a grouper Subject.

Parameters:

personSubject -

Returns:

Throws:

PspException

provisionItem

protected void provisionItem(ProvisioningWorkItem workItem)
                      throws PspException

Dispatches an event to the right method, with generally useful parameters. There is no need to override this method when implementing basic provisioning (add/delete groups and members), but a Provisioner subclasses might override this to capture other CategoryAndActions combinations.

Parameters:

workItem -

Throws:

PspException

getCurrentWorkItem

public ProvisioningWorkItem getCurrentWorkItem()

Get the ProvisioningWorkItem that this provisioner is currently processing

Returns:

setCurrentWorkItem

public void setCurrentWorkItem(ProvisioningWorkItem item)

getSubjectCacheKey

protected static String getSubjectCacheKey(String subjectId,
                                           String sourceId)

getSubjectCacheKey

protected static String getSubjectCacheKey(Subject subject)

getSubject

protected Subject getSubject(String subjectId,
                             String sourceId)

getGroupInfoOfExistingGroup

protected GrouperGroupInfo getGroupInfoOfExistingGroup(Group group)

getGroupInfoOfExistingGroup

protected GrouperGroupInfo getGroupInfoOfExistingGroup(String groupName)

getGroupInfo

protected GrouperGroupInfo getGroupInfo(ProvisioningWorkItem workItem)

getAllGroupsForProvisioner2

public Set<GrouperGroupInfo> getAllGroupsForProvisioner2()

This method looks for groups that are marked for provisioning as determined by the GroupSelectionExpression. Because it can take a very long time to look through a large group registry, this method pre-filters groups and folders before evaluating them with the GroupSelectionExpression: This method looks for Groups and Folders that reference the attributes in attributesUsedInGroupSelectionExpression

Returns:

A collection of groups that are to be provisioned by this provisioner

allGroupsForProvisionerFromCacheClear

public static void allGroupsForProvisionerFromCacheClear(String provisionerName)

allGroupsForProvisionerFromCache

public Set<GrouperGroupInfo> allGroupsForProvisionerFromCache(String provisionerName)

getAllGroupsForProvisioner

public Set<GrouperGroupInfo> getAllGroupsForProvisioner()

This method looks for groups that are marked for provisioning as determined by the GroupSelectionExpression. Because it can take a very long time to look through a large group registry, this method pre-filters groups and folders before evaluating them with the GroupSelectionExpression: This method looks for Groups and Folders that reference the attributes in attributesUsedInGroupSelectionExpression

Returns:

A collection of groups that are to be provisioned by this provisioner

getConfig

public ConfigurationClass getConfig()

getPropertyClass

public static Class<? extends ProvisionerConfiguration> getPropertyClass()

This returns the configuration class needed by provisioners of this class. Unfortunately, java generics do not allow the generics to be used in static methods. Therefore, every (concrete (non-abstract)) subclass of Provisioner needs to implement this so the ProvisionerConfiguration subclass it needs can be returned. TODO: Maybe this could be done with an annotation?

Returns:

getGroupJexlMap

protected Map<String,Object> getGroupJexlMap(String expression,
                                             GrouperGroupInfo grouperGroupInfo)

shouldGroupBeProvisionedConsiderCache

protected boolean shouldGroupBeProvisionedConsiderCache(GrouperGroupInfo grouperGroupInfo)

Evaluate the GroupSelectionExpression to see if group should be processed by this provisioner.

Parameters:

grouperGroupInfo -

Returns:

shouldGroupBeProvisioned

protected boolean shouldGroupBeProvisioned(GrouperGroupInfo grouperGroupInfo)

Evaluate the GroupSelectionExpression to see if group should be processed by this provisioner.

Parameters:

grouperGroupInfo -

Returns:

getDisplayName

public String getDisplayName()

getConfigName

public String getConfigName()

provisionBatchOfItems

public void provisionBatchOfItems(List<ProvisioningWorkItem> allWorkItems)

flushCachesIfNecessary

protected void flushCachesIfNecessary(List<ProvisioningWorkItem> allWorkItems)
                               throws PspException

Look at the batch of workItems and flush caches necessary to process the entries properly. For instance, if we're being notified that an ATTRIBUTE-ASSIGNMENT has occurred, we can flush our cache to get the best information possible.

Parameters:

allWorkItems -

Throws:

PspException

isFullSyncMode

public boolean isFullSyncMode()

toString

public String toString()

Overrides:

toString in class Object

workItemMightChangeGroupSelection

public boolean workItemMightChangeGroupSelection(ProvisioningWorkItem workItem)

Some changes (eg, labeling a folder for syncing) can have a large effect and are best handled with a complete sync of all groups.

Returns:

true if this work item should initiate a full sync of all groups

shouldLogAboutMissingSubjects

protected boolean shouldLogAboutMissingSubjects(Collection<Subject> subjectsToFetch,
                                                Collection<?> subjectsInfoFound)

Were enough subjects missing from target system that we should log more information than normal to help track down why they were missing? Subclasses should use this in fetchTargetSystemUsers()

Parameters:

subjectsToFetch -

subjectsInfoFound -

Returns: