Platform Explorer / Nuxeo Platform LTS 2019 10.10

Bundle org.nuxeo.usermapper

In bundle group org.nuxeo.ecm.platform

Documentation

  • README.md

    nuxeo-usermapper

    Principles

    Use cases

    We currently have several places where we need to Create/Update a Nuxeo User (and possibly groups) from data provided by an external system.

    This can typically be :

    • an Authentication plugin that handles Just In Time user provisioning
      • Shibboleth
      • SAML
      • OpenId
      • Jboss Keycloak
    • a provisioning API like SCIM

    The goal of this module is double :

    • avoid duplicated code in several modules
    • make the mapping pluggable

    UserMapper Service

    Configurable mapping

    Of course, we need the mapping to be configurable, but unfortunately, the source object is different depending on the source : SAML user, Shibboleth user, SCIM user.

    Ideally, we would like to rely on a key value system (i.e. see user and group as a Map) with simple mapping, but :

    • SCIM Model is more complex than simple Key/Value
    • some time we need to compute some attributes (like : FullName = FirstName + LastName)

    For this reason, the mapping can be contributed :

    • as a Java Class
    • as Groovy Scriptlets
    • as JavaScript

    2 Ways mapping

    At least for SCIM use cases, the Service needs to handle 2 ways :

     NuxeoPrincipal getOrCreateAndUpdateNuxeoPrincipal(Object userObject, boolean createIfNeeded, boolean update,
            Map<String, Serializable> params);
    

    This API will be used to create / update a Nuxeo Principal based on SCIM user object.

     Object wrapNuxeoPrincipal(NuxeoPrincipal principal, Object nativePrincipal, Map<String, Serializable> params);
    

    Get the SCIM representation of a Nuxeo User.

    Contributing new mapping

    The component expose a mapper extension point that can be used to contribute new mappers.

    Using plain Java Code :

    <mapper name="javaDummy" class="org.nuxeo.usermapper.test.dummy.DummyUserMapper">
       <parameters>
         <param name="param1">value1</param>
       </parameters>
    </mapper>
    

    Using Groovy Scriptlet :

    <mapper name="scim" type="groovy">
      <mapperScript>
      <![CDATA[
          import org.nuxeo.ecm.platform.usermanager.UserManager;
          import org.nuxeo.runtime.api.Framework;
    
          UserManager um = Framework.getLocalService(UserManager.class);
    
          String userId = userObject.getId();
          if (userId == null || userId.isEmpty()) {
            userId = userObject.getUserName();
          }
          ...
        ]]>
      </mapperScript>
    
      <wrapperScript>
        <![CDATA[
          import org.nuxeo.ecm.core.api.DocumentModel;
          import org.nuxeo.ecm.core.api.NuxeoException;
          import org.nuxeo.ecm.platform.usermanager.UserManager;
          import org.nuxeo.runtime.api.Framework;
    
          UserManager um = Framework.getLocalService(UserManager.class);
          DocumentModel userModel = nuxeoPrincipal.getModel();
          ...
        ]]>
      </wrapperScript>
    </mapper>
    

    Using JavaScript :

    <mapper name="jsDummy" type="js">
      <mapperScript>
          searchAttributes.put("username", userObject.login);
          userAttributes.put("firstName", userObject.name.firstName);
          userAttributes.put("lastName", userObject.name.lastName);
          profileAttributes.put("userprofile:phonenumber", "555.666.7777");
       </mapperScript>
     </mapper>
    

    mapperScript

    In the script context for mapping userObject to NuxeoPrincipal (i.e. mapperScript tag corresponding to the getOrCreateAndUpdateNuxeoPrincipal)

    • userObject : represent the object passed to the
    • searchAttributes : is the Map<String, String> that will be used to search the NuxeoPrincipal
    • userAttributes : is the Map<String, String> that will be used to create/update the NuxeoPrincipal
    • profileAttribute : is the Map<String, String> that will be used to update the user's profile

    wrapperScript

    In the script context for wrapping a NuxeoPrincipal into a userObject (i.e. wrapperScript tag corresponding to the wrapNuxeoPrincipal method) :

    • userObject : represent the userObject as initialized by the caller code
    • nuxeoPrincipal : is the principal to wrap
    • params : is the Map<String, Serializable> passed by the caller

    Building / Install

    Build :

    mvn clean install
    

Resolution Order

940
The resolution order represents the order in which this bundle's single component has been resolved by the Nuxeo Runtime framework.
You can influence this order by adding "require" tags in the component declaration, to make sure it is resolved after another component. It will also impact the order in which contributions are registered on their target extension point (see "Registration Order" on contributions).

Components

Packages

Maven Artifact

Filenuxeo-usermapper-10.10.jar
Group Idorg.nuxeo.ecm.platform
Artifact Idnuxeo-usermapper
Version10.10

Manifest

Manifest-Version: 1.0
Archiver-Version: Plexus Archiver
Created-By: Apache Maven
Built-By: jenkins
Build-Jdk: 1.8.0_191
Bundle-ManifestVersion: 2
Bundle-Version: 10.10-t20190122-091448
Bundle-Vendor: Nuxeo
Bundle-ActivationPolicy: lazy
Bundle-ClassPath: .
Bundle-Name: org.nuxeo.usermapper
Nuxeo-Component: OSGI-INF/usermapper-service.xml
Bundle-SymbolicName: org.nuxeo.usermapper

Exports

Charts

    Raw Data: Json Contribution Stats

    Contributions by Code Type

    Loading data

    Contributions by Target Extension Point

    Loading data

    Contributions by Studio Source

    Loading data