| <?xml version="1.0" encoding="UTF-8"?> |
| <!-- |
| Licensed to the Apache Software Foundation (ASF) under one |
| or more contributor license agreements. See the NOTICE file |
| distributed with this work for additional information |
| regarding copyright ownership. The ASF licenses this file |
| to you under the Apache License, Version 2.0 (the |
| "License"); you may not use this file except in compliance |
| with the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, |
| software distributed under the License is distributed on an |
| "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| KIND, either express or implied. See the License for the |
| specific language governing permissions and limitations |
| under the License. |
| |
| --> |
| <document xmlns="http://maven.apache.org/XDOC/2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
| xsi:schemaLocation="http://maven.apache.org/XDOC/2.0 http://maven.apache.org/xsd/xdoc-2.0.xsd"> |
| |
| <properties> |
| <title>Architecture</title> |
| <author email="dev@syncope.apache.org">Apache Syncope Documentation Team</author> |
| </properties> |
| |
| <body> |
| |
| <div class="toc_container"> |
| <macro name="toc"> |
| <param name="class" value="toc"/> |
| </macro> |
| </div> |
| |
| <section name="Introduction"> |
| <p> |
| From a high-level point of view, the component architecture of Apache Syncope can be summarized by the following |
| figure: |
| <div style="width:100%; text-align:center; margin:20px;"> |
| <img src="images/apache-syncope-architecture.png" alt="Apache Syncope Architecture" width="600px"/> |
| </div> |
| Apache Syncope is composed by two main subsystems: |
| <a href="#The_core">core</a> and |
| <a href="#The_console">console</a>. |
| </p> |
| </section> |
| |
| <section name="The core"> |
| <p> |
| The web application that implements IdM features. It offers a RESTful interface for caller applications, |
| implements the provisioning core by mean of its workflow engine and its propagation layer, and manages data |
| persistence. |
| </p> |
| |
| <subsection name="Apache Syncope core logic"> |
| <p> |
| This central component orchestrates the whole data flow throughout the system. |
| Handles RESTful calls, processes data alongside the defined workflow and propagates to and synchronizes from |
| configured external resources (if needed). |
| </p> |
| </subsection> |
| |
| <subsection name="RESTful controllers"> |
| <p> |
| RESTful controllers take care of communication with outside world. |
| Implemented by leveraging Spring's REST and MVC features, these controllers exchange data in both XML and JSON |
| formats. |
| </p> |
| </subsection> |
| |
| <subsection name="Workflow engine"> |
| <p> |
| The Workflow engine is a pluggable aspect of Apache Syncope: this lets every deployment choose among one of |
| provided engine implementations or define new, custom ones. |
| </p> |
| |
| <p> |
| The default implementation is based on |
| <a href="http://www.activiti.org" target="_blank">Activiti BPM</a>, the reference Open Source implementation |
| that supports the definition of an XML descriptor in which the user lifecycle is defined. |
| This aspect makes the whole system very flexible to adapt to different situations. |
| <br/> |
| The default implementation also provides notification, approval, and end-user request management. |
| </p> |
| </subsection> |
| |
| <subsection name="JPA persistence layer"> |
| <p> |
| All data in Apache Syncope (users, roles, attributes, resources, ...) is managed at a high level using a |
| standard JPA 2.0 approach and persisted to an underlying database. |
| </p> |
| <p> |
| <a href="http://openjpa.apache.org">Apache OpenJPA</a>, the chosen JPA implementation, allows Apache Syncope |
| to be successfully deployable to most DBMSs without any modification of the source code; for more information, |
| see these |
| <a href="http://openjpa.apache.org/builds/latest/docs/docbook/manual/ref_guide_dbsetup_dbsupport.html">available options</a>. |
| <br/> |
| Currently, Apache Syncope officially supports MySQL, PostgreSQL, Oracle DB and MS SQL Server. |
| </p> |
| </subsection> |
| |
| <subsection name="Connectors layer"> |
| <p> |
| The Connector layer is implemented with |
| <a href="http://tirasa.github.com/ConnId/" target="_blank">ConnId</a>; ConnId is designed to separate the |
| implementation of an application from the dependencies of the system that the application is attempting to |
| connect to. |
| </p> |
| <p> |
| Connid is the continuation of Identity connectors, a project that used to be part of market leader Sun IdM |
| and has since been released by Sun as an Open Source project. |
| This makes the connectors layer particularly reliable since most connectors have already been implemented in |
| the framework and widely tested. |
| The new ConnId project provides all that is required nowadays for a modern Open Source project, including an |
| Apache Maven driven build, artifacts and mailing lists. |
| Additional connectors – such as for SOAP, CSV and Active Directory – are also provided. |
| </p> |
| <p> |
| Apache Syncope supports either |
| <ul> |
| <li> |
| <em>propagation</em> towards external resources (when user data is copied from Syncope to external |
| resources) |
| </li> |
| <li> |
| <em>synchronization</em> from external resources (when user data is pulled from external resources into |
| Syncope) |
| </li> |
| </ul> |
| |
| Propagation and synchronization operations – a.k.a tasks – are saved for reporting and later re-execution. |
| </p> |
| </subsection> |
| </section> |
| |
| <section name="The console"> |
| <p>The web management interface for configuring and administering Syncope core, implemented with |
| <a href="http://wicket.apache,org">Apache Wicket</a> |
| </p> |
| <p>As with other external applications, the console communicates with the core using REST calls.</p> |
| </section> |
| </body> |
| </document> |