Platform Explorer / Nuxeo Platform 2021

Bundle org.nuxeo.usermapper

In bundle group org.nuxeo.ecm.platform

Documentation

  • README.md

    nuxeo-usermapper

    Principles

    Use cases

    We currently have several places where we need to Create/Update a Nuxeo User (and possibly groups) from data provided by an external system.

    This can typically be :

    • an Authentication plugin that handles Just In Time user provisioning
      • Shibboleth
      • SAML
      • OpenId
      • Jboss Keycloak
    • a provisioning API like SCIM

    The goal of this module is double :

    • avoid duplicated code in several modules
    • make the mapping pluggable

    UserMapper Service

    Configurable mapping

    Of course, we need the mapping to be configurable, but unfortunately, the source object is different depending on the source : SAML user, Shibboleth user, SCIM user.

    Ideally, we would like to rely on a key value system (i.e. see user and group as a Map) with simple mapping, but :

    • SCIM Model is more complex than simple Key/Value
    • some time we need to compute some attributes (like : FullName = FirstName + LastName)

    For this reason, the mapping can be contributed :

    • as a Java Class
    • as Groovy Scriptlets
    • as JavaScript

    2 Ways mapping

    At least for SCIM use cases, the Service needs to handle 2 ways :

     NuxeoPrincipal getOrCreateAndUpdateNuxeoPrincipal(Object userObject, boolean createIfNeeded, boolean update,
            Map<String, Serializable> params);
    

    This API will be used to create / update a Nuxeo Principal based on SCIM user object.

     Object wrapNuxeoPrincipal(NuxeoPrincipal principal, Object nativePrincipal, Map<String, Serializable> params);
    

    Get the SCIM representation of a Nuxeo User.

    Contributing new mapping

    The component expose a mapper extension point that can be used to contribute new mappers.

    Using plain Java Code :

    <mapper name="javaDummy" class="org.nuxeo.usermapper.test.dummy.DummyUserMapper">
       <parameters>
         <param name="param1">value1</param>
       </parameters>
    </mapper>
    

    Using Groovy Scriptlet :

    <mapper name="scim" type="groovy">
      <mapperScript>
      <![CDATA[
          import org.nuxeo.ecm.platform.usermanager.UserManager;
          import org.nuxeo.runtime.api.Framework;
    
          UserManager um = Framework.getLocalService(UserManager.class);
    
          String userId = userObject.getId();
          if (userId == null || userId.isEmpty()) {
            userId = userObject.getUserName();
          }
          ...
        ]]>
      </mapperScript>
    
      <wrapperScript>
        <![CDATA[
          import org.nuxeo.ecm.core.api.DocumentModel;
          import org.nuxeo.ecm.core.api.NuxeoException;
          import org.nuxeo.ecm.platform.usermanager.UserManager;
          import org.nuxeo.runtime.api.Framework;
    
          UserManager um = Framework.getLocalService(UserManager.class);
          DocumentModel userModel = nuxeoPrincipal.getModel();
          ...
        ]]>
      </wrapperScript>
    </mapper>
    

    Using JavaScript :

    <mapper name="jsDummy" type="js">
      <mapperScript>
          searchAttributes.put("username", userObject.login);
          userAttributes.put("firstName", userObject.name.firstName);
          userAttributes.put("lastName", userObject.name.lastName);
          profileAttributes.put("userprofile:phonenumber", "555.666.7777");
       </mapperScript>
     </mapper>
    

    mapperScript

    In the script context for mapping userObject to NuxeoPrincipal (i.e. mapperScript tag corresponding to the getOrCreateAndUpdateNuxeoPrincipal)

    • userObject : represent the object passed to the
    • searchAttributes : is the Map<String, String> that will be used to search the NuxeoPrincipal
    • userAttributes : is the Map<String, String> that will be used to create/update the NuxeoPrincipal
    • profileAttribute : is the Map<String, String> that will be used to update the user's profile

    wrapperScript

    In the script context for wrapping a NuxeoPrincipal into a userObject (i.e. wrapperScript tag corresponding to the wrapNuxeoPrincipal method) :

    • userObject : represent the userObject as initialized by the caller code
    • nuxeoPrincipal : is the principal to wrap
    • params : is the Map<String, Serializable> passed by the caller

    Building / Install

    Build :

    mvn clean install
    

Resolution Order

871
The resolution order represents the order in which this bundle's single component has been resolved by the Nuxeo Runtime framework.
You can influence this order by adding "require" tags in the component declaration, to make sure it is resolved after another component. It will also impact the order in which contributions are registered on their target extension point (see "Registration Order" on contributions).

Components

Packages

Maven Artifact

Filenuxeo-usermapper-2021.1.19.jar
Group Idorg.nuxeo.ecm.platform
Artifact Idnuxeo-usermapper
Version2021.1.19

Manifest

Manifest-Version: 1.0
Archiver-Version: Plexus Archiver
Created-By: Apache Maven
Built-By: root
Build-Jdk: 11.0.9.1
Bundle-ManifestVersion: 2
Bundle-Version: 2021.1.19-t20210119-011105
Bundle-Vendor: Nuxeo
Bundle-ActivationPolicy: lazy
Bundle-ClassPath: .
Bundle-Name: org.nuxeo.usermapper
Nuxeo-Component: OSGI-INF/usermapper-service.xml
Bundle-SymbolicName: org.nuxeo.usermapper

Exports