001/* 002 * The contents of this file are subject to the terms of the Common Development and 003 * Distribution License (the License). You may not use this file except in compliance with the 004 * License. 005 * 006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the 007 * specific language governing permission and limitations under the License. 008 * 009 * When distributing Covered Software, include this CDDL Header Notice in each file and include 010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL 011 * Header, with the fields enclosed by brackets [] replaced by your own identifying 012 * information: "Portions Copyright [year] [name of copyright owner]". 013 * 014 * Copyright 2008 Sun Microsystems, Inc. 015 */ 016package org.forgerock.opendj.server.config.meta; 017 018 019 020import java.util.Collection; 021import java.util.SortedSet; 022import org.forgerock.opendj.config.AdministratorAction; 023import org.forgerock.opendj.config.AggregationPropertyDefinition; 024import org.forgerock.opendj.config.BooleanPropertyDefinition; 025import org.forgerock.opendj.config.ClassPropertyDefinition; 026import org.forgerock.opendj.config.client.ConcurrentModificationException; 027import org.forgerock.opendj.config.client.ManagedObject; 028import org.forgerock.opendj.config.client.MissingMandatoryPropertiesException; 029import org.forgerock.opendj.config.client.OperationRejectedException; 030import org.forgerock.opendj.config.conditions.Conditions; 031import org.forgerock.opendj.config.DefaultBehaviorProvider; 032import org.forgerock.opendj.config.DefinedDefaultBehaviorProvider; 033import org.forgerock.opendj.config.DurationPropertyDefinition; 034import org.forgerock.opendj.config.ManagedObjectAlreadyExistsException; 035import org.forgerock.opendj.config.ManagedObjectDefinition; 036import org.forgerock.opendj.config.PropertyOption; 037import org.forgerock.opendj.config.PropertyProvider; 038import org.forgerock.opendj.config.server.ConfigurationChangeListener; 039import org.forgerock.opendj.config.server.ServerManagedObject; 040import org.forgerock.opendj.config.StringPropertyDefinition; 041import org.forgerock.opendj.config.UndefinedDefaultBehaviorProvider; 042import org.forgerock.opendj.ldap.DN; 043import org.forgerock.opendj.ldap.LdapException; 044import org.forgerock.opendj.server.config.client.HTTPOauth2CtsAuthorizationMechanismCfgClient; 045import org.forgerock.opendj.server.config.client.IdentityMapperCfgClient; 046import org.forgerock.opendj.server.config.server.HTTPAuthorizationMechanismCfg; 047import org.forgerock.opendj.server.config.server.HTTPOauth2AuthorizationMechanismCfg; 048import org.forgerock.opendj.server.config.server.HTTPOauth2CtsAuthorizationMechanismCfg; 049import org.forgerock.opendj.server.config.server.IdentityMapperCfg; 050 051 052 053/** 054 * An interface for querying the HTTP Oauth2 Cts Authorization 055 * Mechanism managed object definition meta information. 056 * <p> 057 * The HTTP Oauth2 Cts Authorization Mechanism is used to define 058 * OAuth2 authorization through a direct access to the CTS (Core Token 059 * Service). 060 */ 061public final class HTTPOauth2CtsAuthorizationMechanismCfgDefn extends ManagedObjectDefinition<HTTPOauth2CtsAuthorizationMechanismCfgClient, HTTPOauth2CtsAuthorizationMechanismCfg> { 062 063 /** The singleton configuration definition instance. */ 064 private static final HTTPOauth2CtsAuthorizationMechanismCfgDefn INSTANCE = new HTTPOauth2CtsAuthorizationMechanismCfgDefn(); 065 066 067 068 /** The "authzid-json-pointer" property definition. */ 069 private static final StringPropertyDefinition PD_AUTHZID_JSON_POINTER; 070 071 072 073 /** The "base-dn" property definition. */ 074 private static final StringPropertyDefinition PD_BASE_DN; 075 076 077 078 /** The "java-class" property definition. */ 079 private static final ClassPropertyDefinition PD_JAVA_CLASS; 080 081 082 083 /** Build the "authzid-json-pointer" property definition. */ 084 static { 085 StringPropertyDefinition.Builder builder = StringPropertyDefinition.createBuilder(INSTANCE, "authzid-json-pointer"); 086 builder.setOption(PropertyOption.MANDATORY); 087 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "authzid-json-pointer")); 088 builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<String>()); 089 PD_AUTHZID_JSON_POINTER = builder.getInstance(); 090 INSTANCE.registerPropertyDefinition(PD_AUTHZID_JSON_POINTER); 091 } 092 093 094 095 /** Build the "base-dn" property definition. */ 096 static { 097 StringPropertyDefinition.Builder builder = StringPropertyDefinition.createBuilder(INSTANCE, "base-dn"); 098 builder.setOption(PropertyOption.MANDATORY); 099 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "base-dn")); 100 builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<String>()); 101 PD_BASE_DN = builder.getInstance(); 102 INSTANCE.registerPropertyDefinition(PD_BASE_DN); 103 } 104 105 106 107 /** Build the "java-class" property definition. */ 108 static { 109 ClassPropertyDefinition.Builder builder = ClassPropertyDefinition.createBuilder(INSTANCE, "java-class"); 110 builder.setOption(PropertyOption.MANDATORY); 111 builder.setOption(PropertyOption.ADVANCED); 112 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "java-class")); 113 DefaultBehaviorProvider<String> provider = new DefinedDefaultBehaviorProvider<String>("org.opends.server.protocols.http.authz.HttpOAuth2CtsAuthorizationMechanism"); 114 builder.setDefaultBehaviorProvider(provider); 115 builder.addInstanceOf("org.opends.server.protocols.http.authz.HttpAuthorizationMechanism"); 116 PD_JAVA_CLASS = builder.getInstance(); 117 INSTANCE.registerPropertyDefinition(PD_JAVA_CLASS); 118 } 119 120 121 122 /** 123 * Get the HTTP Oauth2 Cts Authorization Mechanism configuration 124 * definition singleton. 125 * 126 * @return Returns the HTTP Oauth2 Cts Authorization Mechanism 127 * configuration definition singleton. 128 */ 129 public static HTTPOauth2CtsAuthorizationMechanismCfgDefn getInstance() { 130 return INSTANCE; 131 } 132 133 134 135 /** 136 * Private constructor. 137 */ 138 private HTTPOauth2CtsAuthorizationMechanismCfgDefn() { 139 super("http-oauth2-cts-authorization-mechanism", HTTPOauth2AuthorizationMechanismCfgDefn.getInstance()); 140 } 141 142 143 144 /** {@inheritDoc} */ 145 public HTTPOauth2CtsAuthorizationMechanismCfgClient createClientConfiguration( 146 ManagedObject<? extends HTTPOauth2CtsAuthorizationMechanismCfgClient> impl) { 147 return new HTTPOauth2CtsAuthorizationMechanismCfgClientImpl(impl); 148 } 149 150 151 152 /** {@inheritDoc} */ 153 public HTTPOauth2CtsAuthorizationMechanismCfg createServerConfiguration( 154 ServerManagedObject<? extends HTTPOauth2CtsAuthorizationMechanismCfg> impl) { 155 return new HTTPOauth2CtsAuthorizationMechanismCfgServerImpl(impl); 156 } 157 158 159 160 /** {@inheritDoc} */ 161 public Class<HTTPOauth2CtsAuthorizationMechanismCfg> getServerConfigurationClass() { 162 return HTTPOauth2CtsAuthorizationMechanismCfg.class; 163 } 164 165 166 167 /** 168 * Get the "access-token-cache-enabled" property definition. 169 * <p> 170 * Indicates whether the HTTP Oauth2 Cts Authorization Mechanism is 171 * enabled for use. 172 * 173 * @return Returns the "access-token-cache-enabled" property definition. 174 */ 175 public BooleanPropertyDefinition getAccessTokenCacheEnabledPropertyDefinition() { 176 return HTTPOauth2AuthorizationMechanismCfgDefn.getInstance().getAccessTokenCacheEnabledPropertyDefinition(); 177 } 178 179 180 181 /** 182 * Get the "access-token-cache-expiration" property definition. 183 * <p> 184 * Token cache expiration 185 * 186 * @return Returns the "access-token-cache-expiration" property definition. 187 */ 188 public DurationPropertyDefinition getAccessTokenCacheExpirationPropertyDefinition() { 189 return HTTPOauth2AuthorizationMechanismCfgDefn.getInstance().getAccessTokenCacheExpirationPropertyDefinition(); 190 } 191 192 193 194 /** 195 * Get the "authzid-json-pointer" property definition. 196 * <p> 197 * Specifies the JSON pointer to the value to use as Authorization 198 * ID. The JSON pointer is applied to the resolved access token JSON 199 * document. (example: /uid) 200 * 201 * @return Returns the "authzid-json-pointer" property definition. 202 */ 203 public StringPropertyDefinition getAuthzidJsonPointerPropertyDefinition() { 204 return PD_AUTHZID_JSON_POINTER; 205 } 206 207 208 209 /** 210 * Get the "base-dn" property definition. 211 * <p> 212 * The base DN of the Core Token Service where access token are 213 * stored. (example: 214 * ou=famrecords,ou=openam-session,ou=tokens,dc=example,dc=com) 215 * 216 * @return Returns the "base-dn" property definition. 217 */ 218 public StringPropertyDefinition getBaseDNPropertyDefinition() { 219 return PD_BASE_DN; 220 } 221 222 223 224 /** 225 * Get the "enabled" property definition. 226 * <p> 227 * Indicates whether the HTTP Oauth2 Cts Authorization Mechanism is 228 * enabled. 229 * 230 * @return Returns the "enabled" property definition. 231 */ 232 public BooleanPropertyDefinition getEnabledPropertyDefinition() { 233 return HTTPOauth2AuthorizationMechanismCfgDefn.getInstance().getEnabledPropertyDefinition(); 234 } 235 236 237 238 /** 239 * Get the "identity-mapper" property definition. 240 * <p> 241 * > Specifies the name of the identity mapper to use in conjunction 242 * with the authzid-json-pointer to get the user corresponding to the 243 * acccess-token. 244 * 245 * @return Returns the "identity-mapper" property definition. 246 */ 247 public AggregationPropertyDefinition<IdentityMapperCfgClient, IdentityMapperCfg> getIdentityMapperPropertyDefinition() { 248 return HTTPOauth2AuthorizationMechanismCfgDefn.getInstance().getIdentityMapperPropertyDefinition(); 249 } 250 251 252 253 /** 254 * Get the "java-class" property definition. 255 * <p> 256 * Specifies the fully-qualified name of the Java class that 257 * provides the HTTP Oauth2 Cts Authorization Mechanism 258 * implementation. 259 * 260 * @return Returns the "java-class" property definition. 261 */ 262 public ClassPropertyDefinition getJavaClassPropertyDefinition() { 263 return PD_JAVA_CLASS; 264 } 265 266 267 268 /** 269 * Get the "required-scope" property definition. 270 * <p> 271 * Scopes required to grant access to the service. 272 * 273 * @return Returns the "required-scope" property definition. 274 */ 275 public StringPropertyDefinition getRequiredScopePropertyDefinition() { 276 return HTTPOauth2AuthorizationMechanismCfgDefn.getInstance().getRequiredScopePropertyDefinition(); 277 } 278 279 280 281 /** 282 * Managed object client implementation. 283 */ 284 private static class HTTPOauth2CtsAuthorizationMechanismCfgClientImpl implements 285 HTTPOauth2CtsAuthorizationMechanismCfgClient { 286 287 /** Private implementation. */ 288 private ManagedObject<? extends HTTPOauth2CtsAuthorizationMechanismCfgClient> impl; 289 290 291 292 /** Private constructor. */ 293 private HTTPOauth2CtsAuthorizationMechanismCfgClientImpl( 294 ManagedObject<? extends HTTPOauth2CtsAuthorizationMechanismCfgClient> impl) { 295 this.impl = impl; 296 } 297 298 299 300 /** {@inheritDoc} */ 301 public boolean isAccessTokenCacheEnabled() { 302 return impl.getPropertyValue(INSTANCE.getAccessTokenCacheEnabledPropertyDefinition()); 303 } 304 305 306 307 /** {@inheritDoc} */ 308 public void setAccessTokenCacheEnabled(boolean value) { 309 impl.setPropertyValue(INSTANCE.getAccessTokenCacheEnabledPropertyDefinition(), value); 310 } 311 312 313 314 /** {@inheritDoc} */ 315 public Long getAccessTokenCacheExpiration() { 316 return impl.getPropertyValue(INSTANCE.getAccessTokenCacheExpirationPropertyDefinition()); 317 } 318 319 320 321 /** {@inheritDoc} */ 322 public void setAccessTokenCacheExpiration(Long value) { 323 impl.setPropertyValue(INSTANCE.getAccessTokenCacheExpirationPropertyDefinition(), value); 324 } 325 326 327 328 /** {@inheritDoc} */ 329 public String getAuthzidJsonPointer() { 330 return impl.getPropertyValue(INSTANCE.getAuthzidJsonPointerPropertyDefinition()); 331 } 332 333 334 335 /** {@inheritDoc} */ 336 public void setAuthzidJsonPointer(String value) { 337 impl.setPropertyValue(INSTANCE.getAuthzidJsonPointerPropertyDefinition(), value); 338 } 339 340 341 342 /** {@inheritDoc} */ 343 public String getBaseDN() { 344 return impl.getPropertyValue(INSTANCE.getBaseDNPropertyDefinition()); 345 } 346 347 348 349 /** {@inheritDoc} */ 350 public void setBaseDN(String value) { 351 impl.setPropertyValue(INSTANCE.getBaseDNPropertyDefinition(), value); 352 } 353 354 355 356 /** {@inheritDoc} */ 357 public Boolean isEnabled() { 358 return impl.getPropertyValue(INSTANCE.getEnabledPropertyDefinition()); 359 } 360 361 362 363 /** {@inheritDoc} */ 364 public void setEnabled(boolean value) { 365 impl.setPropertyValue(INSTANCE.getEnabledPropertyDefinition(), value); 366 } 367 368 369 370 /** {@inheritDoc} */ 371 public String getIdentityMapper() { 372 return impl.getPropertyValue(INSTANCE.getIdentityMapperPropertyDefinition()); 373 } 374 375 376 377 /** {@inheritDoc} */ 378 public void setIdentityMapper(String value) { 379 impl.setPropertyValue(INSTANCE.getIdentityMapperPropertyDefinition(), value); 380 } 381 382 383 384 /** {@inheritDoc} */ 385 public String getJavaClass() { 386 return impl.getPropertyValue(INSTANCE.getJavaClassPropertyDefinition()); 387 } 388 389 390 391 /** {@inheritDoc} */ 392 public void setJavaClass(String value) { 393 impl.setPropertyValue(INSTANCE.getJavaClassPropertyDefinition(), value); 394 } 395 396 397 398 /** {@inheritDoc} */ 399 public SortedSet<String> getRequiredScope() { 400 return impl.getPropertyValues(INSTANCE.getRequiredScopePropertyDefinition()); 401 } 402 403 404 405 /** {@inheritDoc} */ 406 public void setRequiredScope(Collection<String> values) { 407 impl.setPropertyValues(INSTANCE.getRequiredScopePropertyDefinition(), values); 408 } 409 410 411 412 /** {@inheritDoc} */ 413 public ManagedObjectDefinition<? extends HTTPOauth2CtsAuthorizationMechanismCfgClient, ? extends HTTPOauth2CtsAuthorizationMechanismCfg> definition() { 414 return INSTANCE; 415 } 416 417 418 419 /** {@inheritDoc} */ 420 public PropertyProvider properties() { 421 return impl; 422 } 423 424 425 426 /** {@inheritDoc} */ 427 public void commit() throws ManagedObjectAlreadyExistsException, 428 MissingMandatoryPropertiesException, ConcurrentModificationException, 429 OperationRejectedException, LdapException { 430 impl.commit(); 431 } 432 433 434 435 /** {@inheritDoc} */ 436 public String toString() { 437 return impl.toString(); 438 } 439 } 440 441 442 443 /** 444 * Managed object server implementation. 445 */ 446 private static class HTTPOauth2CtsAuthorizationMechanismCfgServerImpl implements 447 HTTPOauth2CtsAuthorizationMechanismCfg { 448 449 /** Private implementation. */ 450 private ServerManagedObject<? extends HTTPOauth2CtsAuthorizationMechanismCfg> impl; 451 452 /** The value of the "access-token-cache-enabled" property. */ 453 private final boolean pAccessTokenCacheEnabled; 454 455 /** The value of the "access-token-cache-expiration" property. */ 456 private final Long pAccessTokenCacheExpiration; 457 458 /** The value of the "authzid-json-pointer" property. */ 459 private final String pAuthzidJsonPointer; 460 461 /** The value of the "base-dn" property. */ 462 private final String pBaseDN; 463 464 /** The value of the "enabled" property. */ 465 private final boolean pEnabled; 466 467 /** The value of the "identity-mapper" property. */ 468 private final String pIdentityMapper; 469 470 /** The value of the "java-class" property. */ 471 private final String pJavaClass; 472 473 /** The value of the "required-scope" property. */ 474 private final SortedSet<String> pRequiredScope; 475 476 477 478 /** Private constructor. */ 479 private HTTPOauth2CtsAuthorizationMechanismCfgServerImpl(ServerManagedObject<? extends HTTPOauth2CtsAuthorizationMechanismCfg> impl) { 480 this.impl = impl; 481 this.pAccessTokenCacheEnabled = impl.getPropertyValue(INSTANCE.getAccessTokenCacheEnabledPropertyDefinition()); 482 this.pAccessTokenCacheExpiration = impl.getPropertyValue(INSTANCE.getAccessTokenCacheExpirationPropertyDefinition()); 483 this.pAuthzidJsonPointer = impl.getPropertyValue(INSTANCE.getAuthzidJsonPointerPropertyDefinition()); 484 this.pBaseDN = impl.getPropertyValue(INSTANCE.getBaseDNPropertyDefinition()); 485 this.pEnabled = impl.getPropertyValue(INSTANCE.getEnabledPropertyDefinition()); 486 this.pIdentityMapper = impl.getPropertyValue(INSTANCE.getIdentityMapperPropertyDefinition()); 487 this.pJavaClass = impl.getPropertyValue(INSTANCE.getJavaClassPropertyDefinition()); 488 this.pRequiredScope = impl.getPropertyValues(INSTANCE.getRequiredScopePropertyDefinition()); 489 } 490 491 492 493 /** {@inheritDoc} */ 494 public void addHTTPOauth2CtsAuthorizationMechanismChangeListener( 495 ConfigurationChangeListener<HTTPOauth2CtsAuthorizationMechanismCfg> listener) { 496 impl.registerChangeListener(listener); 497 } 498 499 500 501 /** {@inheritDoc} */ 502 public void removeHTTPOauth2CtsAuthorizationMechanismChangeListener( 503 ConfigurationChangeListener<HTTPOauth2CtsAuthorizationMechanismCfg> listener) { 504 impl.deregisterChangeListener(listener); 505 } 506 /** {@inheritDoc} */ 507 public void addHTTPOauth2AuthorizationMechanismChangeListener( 508 ConfigurationChangeListener<HTTPOauth2AuthorizationMechanismCfg> listener) { 509 impl.registerChangeListener(listener); 510 } 511 512 513 514 /** {@inheritDoc} */ 515 public void removeHTTPOauth2AuthorizationMechanismChangeListener( 516 ConfigurationChangeListener<HTTPOauth2AuthorizationMechanismCfg> listener) { 517 impl.deregisterChangeListener(listener); 518 } 519 /** {@inheritDoc} */ 520 public void addChangeListener( 521 ConfigurationChangeListener<HTTPAuthorizationMechanismCfg> listener) { 522 impl.registerChangeListener(listener); 523 } 524 525 526 527 /** {@inheritDoc} */ 528 public void removeChangeListener( 529 ConfigurationChangeListener<HTTPAuthorizationMechanismCfg> listener) { 530 impl.deregisterChangeListener(listener); 531 } 532 533 534 535 /** {@inheritDoc} */ 536 public boolean isAccessTokenCacheEnabled() { 537 return pAccessTokenCacheEnabled; 538 } 539 540 541 542 /** {@inheritDoc} */ 543 public Long getAccessTokenCacheExpiration() { 544 return pAccessTokenCacheExpiration; 545 } 546 547 548 549 /** {@inheritDoc} */ 550 public String getAuthzidJsonPointer() { 551 return pAuthzidJsonPointer; 552 } 553 554 555 556 /** {@inheritDoc} */ 557 public String getBaseDN() { 558 return pBaseDN; 559 } 560 561 562 563 /** {@inheritDoc} */ 564 public boolean isEnabled() { 565 return pEnabled; 566 } 567 568 569 570 /** {@inheritDoc} */ 571 public String getIdentityMapper() { 572 return pIdentityMapper; 573 } 574 575 576 577 /** 578 * {@inheritDoc} 579 */ 580 public DN getIdentityMapperDN() { 581 String value = getIdentityMapper(); 582 if (value == null) return null; 583 return INSTANCE.getIdentityMapperPropertyDefinition().getChildDN(value); 584 } 585 586 587 588 /** {@inheritDoc} */ 589 public String getJavaClass() { 590 return pJavaClass; 591 } 592 593 594 595 /** {@inheritDoc} */ 596 public SortedSet<String> getRequiredScope() { 597 return pRequiredScope; 598 } 599 600 601 602 /** {@inheritDoc} */ 603 public Class<? extends HTTPOauth2CtsAuthorizationMechanismCfg> configurationClass() { 604 return HTTPOauth2CtsAuthorizationMechanismCfg.class; 605 } 606 607 608 609 /** {@inheritDoc} */ 610 public DN dn() { 611 return impl.getDN(); 612 } 613 614 615 616 /** {@inheritDoc} */ 617 public String toString() { 618 return impl.toString(); 619 } 620 } 621}