Watch out for falling User Objects
December 12, 2005 6:16 PMChanges are afoot in the Confluence codebase. And there are a few things that are important for you, as plugin developers, to know. You may need to make some modifications to your plugins to ensure that they will be compatible with the next version of Confluence (2.1).
Atlassian developer Nick Faiz has been hard at work designing and building the next generation of user management for Atlassian's products. The new library, AtlassianUser, is currently being integrated into Confluence and will follow in JIRA soon thereafter.
Starting with Confluence 2.1 DR1, the user system in Confluence will have changed from OSUser to AtlassianUser.
What will AtlassianUser do for me?
- AtlassianUser improves the LDAP integration for Confluence and will, eventually, do so for JIRA. Users and Groups are read on demand from the LDAP system.
- You can set up delegations in AtlassianUser, to call on several different kinds of backend systems for storing users and groups. You can add your own implementation of the Atlassian User libraries to a delegation (to meet a specialized case) or use one of the pre-bundled implementations. Besides the OSUser, LDAP, and Hibernate implementations we also have caching, delegation, and memory layers, to improve performance, run the delegation, and speed up testing.
- The Hibernate implementation uses a new, normalized database structure for users and groups.
- AtlassianUser will improve performance when dealing with large numbers of users.
What will I need to do for AtlassianUser?
If your plugin makes use of the OSUser API you'll need to refactor it to use the new AtlassianUser Library.
We've done our best to make sure that the required changes are minimal. The new interface is almost identical, so in many cases the only code which needs to altered is the import statement. For example:
becomesimport com.opensymphony.user.*;
import com.atlassian.user.*;
However, do note that when you check group-to-user relationships (i.e., group memberships) you should now query using the userAccessor facade, rather than using the user object directly. For example:
becomesosuserObj.getGroups();
userAccessor.getGroups(atlassianUserObj)
Where are we now?
AtlassianUser has recently been merged in the main source tree of Confluence and will eventually appear as a production-ready version as Confluence 2.1 . We have made early version available in .war form on http://confluence.atlassian.com. If you think your plugin may be effected, you should use this version to prepare your plugins for the upgrade to AtlassianUser.
Importantly, this version is a beta. It is a chance for you to have a 'first look', run tests in your environment, test your plugins, etc. We cannot supported this version in a production environment, though bug reports are welcome.
By the way, we'd like to give a quick shout-out to all the folks that have helped us get this far. The 'early adopters' have provided great ideas, criticisms and have shared a wealth of experience. Thanks :)
We'd also like to acknowedge the work of the Apache Directory Server team. AtlassianUser uses Apache Directory Server extensively in its tests. We're looking forward to seeing Apache Directory Server 1.0 appear in the first half of next year!
Cheers!
Copyright © 2009 Atlassian Pty Ltd.
10 Comment(s)
Any chance you'll be donating this stuff to OpenSymphony to replace the horror that is OSUser?
By Patrick Lightbody at December 14, 2005 12:35 PM
As shipped in Confluence 2.1 Seraph's DefaultAuthenticator seems to not play nice with Atlassian-User. Surprised the heck out of me to see OSUser in an exception stacktrace for the CASAuthenticator (http://www.ja-sig.org/wiki/display/CAS/CasSeraphAuthenticator).
By Jason Shao at December 24, 2005 12:28 AM
Hi Patrick,
We've had a few requests to offer Atlassian User under and open sourcing license. It would definitely be something we'd consider, given our attitude to open source in general. I don't know whether it'd be OpenSymphony or a general open source Atlassian project though.
Right now we're working on making the configuration layer a little simpler. It might be something we could consider after having done that.
Cheers,
Nick
By Nick Faiz at January 8, 2006 3:06 PM
Hi Jason,
We didn't alter Seraph's DefaultAuthenticator to use Atlassian User instead of OSUser. This would have annoyed anyone wanting to use the DefaultAuthenticator with a standard OSUser configuration. Instead, we created a ConfluenceAuthenticator, which overrides the OSUser specific code in the DefaultAuthenticator.
Presumably, one way to overcome the stacktrace you are seeing would be to havve your CasSeraphAuthenticator extend from com.atlassian.confluence.user.ConfluenceAuthenticator .
If you would like to discuss this further, let us know via confluence-support@atlassian.com .
Cheers,
Nick
By Nick Faiz at January 8, 2006 3:16 PM
If you were honest about open sourcing it, you'd have actually made some effort in that direction, instead of basically taking an opensymphony project, fixing its issues and enhancing it, then forking it into your own codebase.
'given our attitude to open source in general', you mean the hit and miss affair, where you brag of how much you do for OSS but are too busy right now to actually give any code?
When was the last time you put your money where your mouth is? The atlassian open source chest thumping surely needs the odd dose of reality.
Granted, people like Scott have general goodwill and go to the effort of submitting patches and contributing, but he seems to be in the dwindling minority at atlassian these days.
By Hani Suleiman at January 8, 2006 6:05 PM
Hani,
Just to set a few records straight:
- Atlassian User is quite a bit different in implementation than OSUser. With regards to the LDAP stuff, the fixes that Jeff did for the LDAP provider for OS is the base for what we use in LDAP in Atlassian User. So we didn't really steal anything, and all the useful code that can be used in both was contributed back.
- I agree that our 'open source chest thumping' is perhaps reaching back a bit. I agree that the amount of code that we contribute back to open source projects is a fair bit less than we used to, but that is also a sign of the fact that the frameworks have matured to the point where we don't _need_ to extend them.
- Where we have extended / improved open source projects, we have almost always contributed them back. Given that Mike and I are the only committers for OS in Atlassian, a lot of the Atlassian patches come through me.
- In terms of the Atlassian User specifics, we only released our first product using it (Confluence) over Christmas, and we still haven't completed the XML file format for configuration. The developer who works on Atlassian User has been on holidays for the past 2 weeks, and just arrived back in town today.
Given your propensity to mock open source projects that are half-assed, with little documentation, and poor usability, I would have thought that giving us some time to open source the project with proper docs etc, would have been something you would have encouraged.
Anyhow - apologies for the rant. I hope that you more fully appreciate our position now.
By Scott Farquhar at January 8, 2006 8:28 PM
Hani,
Scott's reply covers most points but I do want to say that your assumptions are, in many cases, mistaken here.
Did you stop to investigate what kind of open source work we'd done with the project? During development of Atlassian User we've contributed to the Apache Directory Server project.
Atlassian User certainly isn't a fork of OSUser. You'll have the chance to see that if it makes it to some sort of open source license.
I see your larger point. Poster boy antics about open source ethics are annoying. I don't think we're doing that, or being deceitful about what we really think, as particular sections of your comment want to imply.
Cheers,
Nick
By Nick Faiz at January 8, 2006 9:22 PM
Hi there. Our custom SSO worked greate pre AtlassianUser, and I have tried to follow the information provided and wondered if you could point me in the right direction. I think the problem I am having is in this piece of code, which creates new accounts when they do not exist:
UserAccessor userAccessor = (UserAccessor) bucket.container .ContainerManager.getInstance().getContainerContext().getComponent("userAccessor");
String[] defaultGroup={"confluence-users"};
User newUser = userAccessor.addUser(username, password, email, fullname, defaultGroup);
user = newUser;
log.debug("User created: " + username);
Any ideas greatfully received.
By Ricardo at January 16, 2006 4:21 PM
Hi Ricardo,
Can you please send this on to confluence-support@atlassian.com? I will keep an eye out for it and make sure we answer quickly.
We will need more information, too. What precisely is the problem? Is the account actually created? Please tell us this in the email you send to support, as the blog is not very effective for offering support.
Cheers,
Nick
By Nick Faiz at January 16, 2006 4:50 PM
Will do, thanks.
By Ricardo at January 16, 2006 5:00 PM