001/*
002 * The contents of this file are subject to the terms of the Common Development and
003 * Distribution License (the License). You may not use this file except in compliance with the
004 * License.
005 *
006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
007 * specific language governing permission and limitations under the License.
008 *
009 * When distributing Covered Software, include this CDDL Header Notice in each file and include
010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
011 * Header, with the fields enclosed by brackets [] replaced by your own identifying
012 * information: "Portions Copyright [year] [name of copyright owner]".
013 *
014 * Copyright 2008 Sun Microsystems, Inc.
015 */
016package org.forgerock.opendj.server.config.meta;
017
018
019
020import org.forgerock.opendj.config.AbstractManagedObjectDefinition;
021import org.forgerock.opendj.config.AdministratorAction;
022import org.forgerock.opendj.config.AggregationPropertyDefinition;
023import org.forgerock.opendj.config.BooleanPropertyDefinition;
024import org.forgerock.opendj.config.ClassPropertyDefinition;
025import org.forgerock.opendj.config.conditions.Conditions;
026import org.forgerock.opendj.config.DefaultBehaviorProvider;
027import org.forgerock.opendj.config.DefinedDefaultBehaviorProvider;
028import org.forgerock.opendj.config.DurationPropertyDefinition;
029import org.forgerock.opendj.config.GenericConstraint;
030import org.forgerock.opendj.config.PropertyOption;
031import org.forgerock.opendj.config.StringPropertyDefinition;
032import org.forgerock.opendj.config.UndefinedDefaultBehaviorProvider;
033import org.forgerock.opendj.server.config.client.HTTPOauth2AuthorizationMechanismCfgClient;
034import org.forgerock.opendj.server.config.client.IdentityMapperCfgClient;
035import org.forgerock.opendj.server.config.server.HTTPOauth2AuthorizationMechanismCfg;
036import org.forgerock.opendj.server.config.server.IdentityMapperCfg;
037
038
039
040/**
041 * An interface for querying the HTTP Oauth2 Authorization Mechanism
042 * managed object definition meta information.
043 * <p>
044 * The HTTP Oauth2 Authorization Mechanism is used to define HTTP
045 * OAuth2 authorization mechanism.
046 */
047public final class HTTPOauth2AuthorizationMechanismCfgDefn extends AbstractManagedObjectDefinition<HTTPOauth2AuthorizationMechanismCfgClient, HTTPOauth2AuthorizationMechanismCfg> {
048
049  /** The singleton configuration definition instance. */
050  private static final HTTPOauth2AuthorizationMechanismCfgDefn INSTANCE = new HTTPOauth2AuthorizationMechanismCfgDefn();
051
052
053
054  /** The "access-token-cache-enabled" property definition. */
055  private static final BooleanPropertyDefinition PD_ACCESS_TOKEN_CACHE_ENABLED;
056
057
058
059  /** The "access-token-cache-expiration" property definition. */
060  private static final DurationPropertyDefinition PD_ACCESS_TOKEN_CACHE_EXPIRATION;
061
062
063
064  /** The "authzid-json-pointer" property definition. */
065  private static final StringPropertyDefinition PD_AUTHZID_JSON_POINTER;
066
067
068
069  /** The "identity-mapper" property definition. */
070  private static final AggregationPropertyDefinition<IdentityMapperCfgClient, IdentityMapperCfg> PD_IDENTITY_MAPPER;
071
072
073
074  /** The "required-scope" property definition. */
075  private static final StringPropertyDefinition PD_REQUIRED_SCOPE;
076
077
078
079  /** Build the "access-token-cache-enabled" property definition. */
080  static {
081      BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "access-token-cache-enabled");
082      builder.setOption(PropertyOption.MANDATORY);
083      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "access-token-cache-enabled"));
084      DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("false");
085      builder.setDefaultBehaviorProvider(provider);
086      PD_ACCESS_TOKEN_CACHE_ENABLED = builder.getInstance();
087      INSTANCE.registerPropertyDefinition(PD_ACCESS_TOKEN_CACHE_ENABLED);
088  }
089
090
091
092  /** Build the "access-token-cache-expiration" property definition. */
093  static {
094      DurationPropertyDefinition.Builder builder = DurationPropertyDefinition.createBuilder(INSTANCE, "access-token-cache-expiration");
095      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "access-token-cache-expiration"));
096      builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<Long>());
097      builder.setAllowUnlimited(false);
098      builder.setBaseUnit("s");
099      builder.setUpperLimit("2147483647");
100      builder.setLowerLimit("0");
101      PD_ACCESS_TOKEN_CACHE_EXPIRATION = builder.getInstance();
102      INSTANCE.registerPropertyDefinition(PD_ACCESS_TOKEN_CACHE_EXPIRATION);
103  }
104
105
106
107  /** Build the "authzid-json-pointer" property definition. */
108  static {
109      StringPropertyDefinition.Builder builder = StringPropertyDefinition.createBuilder(INSTANCE, "authzid-json-pointer");
110      builder.setOption(PropertyOption.MANDATORY);
111      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "authzid-json-pointer"));
112      builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<String>());
113      PD_AUTHZID_JSON_POINTER = builder.getInstance();
114      INSTANCE.registerPropertyDefinition(PD_AUTHZID_JSON_POINTER);
115  }
116
117
118
119  /** Build the "identity-mapper" property definition. */
120  static {
121      AggregationPropertyDefinition.Builder<IdentityMapperCfgClient, IdentityMapperCfg> builder = AggregationPropertyDefinition.createBuilder(INSTANCE, "identity-mapper");
122      builder.setOption(PropertyOption.MANDATORY);
123      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "identity-mapper"));
124      builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<String>());
125      builder.setParentPath("/");
126      builder.setRelationDefinition("identity-mapper");
127      builder.setTargetIsEnabledCondition(Conditions.contains("enabled", "true"));
128      PD_IDENTITY_MAPPER = builder.getInstance();
129      INSTANCE.registerPropertyDefinition(PD_IDENTITY_MAPPER);
130      INSTANCE.registerConstraint(PD_IDENTITY_MAPPER.getSourceConstraint());
131  }
132
133
134
135  /** Build the "required-scope" property definition. */
136  static {
137      StringPropertyDefinition.Builder builder = StringPropertyDefinition.createBuilder(INSTANCE, "required-scope");
138      builder.setOption(PropertyOption.MULTI_VALUED);
139      builder.setOption(PropertyOption.MANDATORY);
140      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "required-scope"));
141      builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<String>());
142      PD_REQUIRED_SCOPE = builder.getInstance();
143      INSTANCE.registerPropertyDefinition(PD_REQUIRED_SCOPE);
144  }
145
146
147
148  // Register the constraints associated with this managed object definition.
149  static {
150    INSTANCE.registerConstraint(new GenericConstraint(INSTANCE, 1, Conditions.implies(Conditions.contains("access-token-cache-enabled", "true"), Conditions.isPresent("access-token-cache-expiration"))));
151  }
152
153
154
155  /**
156   * Get the HTTP Oauth2 Authorization Mechanism configuration
157   * definition singleton.
158   *
159   * @return Returns the HTTP Oauth2 Authorization Mechanism
160   *         configuration definition singleton.
161   */
162  public static HTTPOauth2AuthorizationMechanismCfgDefn getInstance() {
163    return INSTANCE;
164  }
165
166
167
168  /**
169   * Private constructor.
170   */
171  private HTTPOauth2AuthorizationMechanismCfgDefn() {
172    super("http-oauth2-authorization-mechanism", HTTPAuthorizationMechanismCfgDefn.getInstance());
173  }
174
175
176
177  /**
178   * Get the "access-token-cache-enabled" property definition.
179   * <p>
180   * Indicates whether the HTTP Oauth2 Authorization Mechanism is
181   * enabled for use.
182   *
183   * @return Returns the "access-token-cache-enabled" property definition.
184   */
185  public BooleanPropertyDefinition getAccessTokenCacheEnabledPropertyDefinition() {
186    return PD_ACCESS_TOKEN_CACHE_ENABLED;
187  }
188
189
190
191  /**
192   * Get the "access-token-cache-expiration" property definition.
193   * <p>
194   * Token cache expiration
195   *
196   * @return Returns the "access-token-cache-expiration" property definition.
197   */
198  public DurationPropertyDefinition getAccessTokenCacheExpirationPropertyDefinition() {
199    return PD_ACCESS_TOKEN_CACHE_EXPIRATION;
200  }
201
202
203
204  /**
205   * Get the "authzid-json-pointer" property definition.
206   * <p>
207   * Specifies the JSON pointer to the value to use as Authorization
208   * ID. The JSON pointer is applied to the resolved access token JSON
209   * document. (example: /uid)
210   *
211   * @return Returns the "authzid-json-pointer" property definition.
212   */
213  public StringPropertyDefinition getAuthzidJsonPointerPropertyDefinition() {
214    return PD_AUTHZID_JSON_POINTER;
215  }
216
217
218
219  /**
220   * Get the "enabled" property definition.
221   * <p>
222   * Indicates whether the HTTP Oauth2 Authorization Mechanism is
223   * enabled.
224   *
225   * @return Returns the "enabled" property definition.
226   */
227  public BooleanPropertyDefinition getEnabledPropertyDefinition() {
228    return HTTPAuthorizationMechanismCfgDefn.getInstance().getEnabledPropertyDefinition();
229  }
230
231
232
233  /**
234   * Get the "identity-mapper" property definition.
235   * <p>
236   * > Specifies the name of the identity mapper to use in conjunction
237   * with the authzid-json-pointer to get the user corresponding to the
238   * acccess-token.
239   *
240   * @return Returns the "identity-mapper" property definition.
241   */
242  public AggregationPropertyDefinition<IdentityMapperCfgClient, IdentityMapperCfg> getIdentityMapperPropertyDefinition() {
243    return PD_IDENTITY_MAPPER;
244  }
245
246
247
248  /**
249   * Get the "java-class" property definition.
250   * <p>
251   * Specifies the fully-qualified name of the Java class that
252   * provides the HTTP Oauth2 Authorization Mechanism implementation.
253   *
254   * @return Returns the "java-class" property definition.
255   */
256  public ClassPropertyDefinition getJavaClassPropertyDefinition() {
257    return HTTPAuthorizationMechanismCfgDefn.getInstance().getJavaClassPropertyDefinition();
258  }
259
260
261
262  /**
263   * Get the "required-scope" property definition.
264   * <p>
265   * Scopes required to grant access to the service.
266   *
267   * @return Returns the "required-scope" property definition.
268   */
269  public StringPropertyDefinition getRequiredScopePropertyDefinition() {
270    return PD_REQUIRED_SCOPE;
271  }
272}