001/* 002 * The contents of this file are subject to the terms of the Common Development and 003 * Distribution License (the License). You may not use this file except in compliance with the 004 * License. 005 * 006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the 007 * specific language governing permission and limitations under the License. 008 * 009 * When distributing Covered Software, include this CDDL Header Notice in each file and include 010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL 011 * Header, with the fields enclosed by brackets [] replaced by your own identifying 012 * information: "Portions Copyright [year] [name of copyright owner]". 013 * 014 * Copyright 2008 Sun Microsystems, Inc. 015 */ 016package org.forgerock.opendj.server.config.meta; 017 018 019 020import org.forgerock.opendj.config.AbstractManagedObjectDefinition; 021import org.forgerock.opendj.config.AdministratorAction; 022import org.forgerock.opendj.config.AggregationPropertyDefinition; 023import org.forgerock.opendj.config.BooleanPropertyDefinition; 024import org.forgerock.opendj.config.ClassPropertyDefinition; 025import org.forgerock.opendj.config.conditions.Conditions; 026import org.forgerock.opendj.config.DefaultBehaviorProvider; 027import org.forgerock.opendj.config.DefinedDefaultBehaviorProvider; 028import org.forgerock.opendj.config.DurationPropertyDefinition; 029import org.forgerock.opendj.config.GenericConstraint; 030import org.forgerock.opendj.config.PropertyOption; 031import org.forgerock.opendj.config.StringPropertyDefinition; 032import org.forgerock.opendj.config.UndefinedDefaultBehaviorProvider; 033import org.forgerock.opendj.server.config.client.HTTPOauth2AuthorizationMechanismCfgClient; 034import org.forgerock.opendj.server.config.client.IdentityMapperCfgClient; 035import org.forgerock.opendj.server.config.server.HTTPOauth2AuthorizationMechanismCfg; 036import org.forgerock.opendj.server.config.server.IdentityMapperCfg; 037 038 039 040/** 041 * An interface for querying the HTTP Oauth2 Authorization Mechanism 042 * managed object definition meta information. 043 * <p> 044 * The HTTP Oauth2 Authorization Mechanism is used to define HTTP 045 * OAuth2 authorization mechanism. 046 */ 047public final class HTTPOauth2AuthorizationMechanismCfgDefn extends AbstractManagedObjectDefinition<HTTPOauth2AuthorizationMechanismCfgClient, HTTPOauth2AuthorizationMechanismCfg> { 048 049 /** The singleton configuration definition instance. */ 050 private static final HTTPOauth2AuthorizationMechanismCfgDefn INSTANCE = new HTTPOauth2AuthorizationMechanismCfgDefn(); 051 052 053 054 /** The "access-token-cache-enabled" property definition. */ 055 private static final BooleanPropertyDefinition PD_ACCESS_TOKEN_CACHE_ENABLED; 056 057 058 059 /** The "access-token-cache-expiration" property definition. */ 060 private static final DurationPropertyDefinition PD_ACCESS_TOKEN_CACHE_EXPIRATION; 061 062 063 064 /** The "authzid-json-pointer" property definition. */ 065 private static final StringPropertyDefinition PD_AUTHZID_JSON_POINTER; 066 067 068 069 /** The "identity-mapper" property definition. */ 070 private static final AggregationPropertyDefinition<IdentityMapperCfgClient, IdentityMapperCfg> PD_IDENTITY_MAPPER; 071 072 073 074 /** The "required-scope" property definition. */ 075 private static final StringPropertyDefinition PD_REQUIRED_SCOPE; 076 077 078 079 /** Build the "access-token-cache-enabled" property definition. */ 080 static { 081 BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "access-token-cache-enabled"); 082 builder.setOption(PropertyOption.MANDATORY); 083 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "access-token-cache-enabled")); 084 DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("false"); 085 builder.setDefaultBehaviorProvider(provider); 086 PD_ACCESS_TOKEN_CACHE_ENABLED = builder.getInstance(); 087 INSTANCE.registerPropertyDefinition(PD_ACCESS_TOKEN_CACHE_ENABLED); 088 } 089 090 091 092 /** Build the "access-token-cache-expiration" property definition. */ 093 static { 094 DurationPropertyDefinition.Builder builder = DurationPropertyDefinition.createBuilder(INSTANCE, "access-token-cache-expiration"); 095 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "access-token-cache-expiration")); 096 builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<Long>()); 097 builder.setAllowUnlimited(false); 098 builder.setBaseUnit("s"); 099 builder.setUpperLimit("2147483647"); 100 builder.setLowerLimit("0"); 101 PD_ACCESS_TOKEN_CACHE_EXPIRATION = builder.getInstance(); 102 INSTANCE.registerPropertyDefinition(PD_ACCESS_TOKEN_CACHE_EXPIRATION); 103 } 104 105 106 107 /** Build the "authzid-json-pointer" property definition. */ 108 static { 109 StringPropertyDefinition.Builder builder = StringPropertyDefinition.createBuilder(INSTANCE, "authzid-json-pointer"); 110 builder.setOption(PropertyOption.MANDATORY); 111 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "authzid-json-pointer")); 112 builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<String>()); 113 PD_AUTHZID_JSON_POINTER = builder.getInstance(); 114 INSTANCE.registerPropertyDefinition(PD_AUTHZID_JSON_POINTER); 115 } 116 117 118 119 /** Build the "identity-mapper" property definition. */ 120 static { 121 AggregationPropertyDefinition.Builder<IdentityMapperCfgClient, IdentityMapperCfg> builder = AggregationPropertyDefinition.createBuilder(INSTANCE, "identity-mapper"); 122 builder.setOption(PropertyOption.MANDATORY); 123 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "identity-mapper")); 124 builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<String>()); 125 builder.setParentPath("/"); 126 builder.setRelationDefinition("identity-mapper"); 127 builder.setTargetIsEnabledCondition(Conditions.contains("enabled", "true")); 128 PD_IDENTITY_MAPPER = builder.getInstance(); 129 INSTANCE.registerPropertyDefinition(PD_IDENTITY_MAPPER); 130 INSTANCE.registerConstraint(PD_IDENTITY_MAPPER.getSourceConstraint()); 131 } 132 133 134 135 /** Build the "required-scope" property definition. */ 136 static { 137 StringPropertyDefinition.Builder builder = StringPropertyDefinition.createBuilder(INSTANCE, "required-scope"); 138 builder.setOption(PropertyOption.MULTI_VALUED); 139 builder.setOption(PropertyOption.MANDATORY); 140 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "required-scope")); 141 builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<String>()); 142 PD_REQUIRED_SCOPE = builder.getInstance(); 143 INSTANCE.registerPropertyDefinition(PD_REQUIRED_SCOPE); 144 } 145 146 147 148 // Register the constraints associated with this managed object definition. 149 static { 150 INSTANCE.registerConstraint(new GenericConstraint(INSTANCE, 1, Conditions.implies(Conditions.contains("access-token-cache-enabled", "true"), Conditions.isPresent("access-token-cache-expiration")))); 151 } 152 153 154 155 /** 156 * Get the HTTP Oauth2 Authorization Mechanism configuration 157 * definition singleton. 158 * 159 * @return Returns the HTTP Oauth2 Authorization Mechanism 160 * configuration definition singleton. 161 */ 162 public static HTTPOauth2AuthorizationMechanismCfgDefn getInstance() { 163 return INSTANCE; 164 } 165 166 167 168 /** 169 * Private constructor. 170 */ 171 private HTTPOauth2AuthorizationMechanismCfgDefn() { 172 super("http-oauth2-authorization-mechanism", HTTPAuthorizationMechanismCfgDefn.getInstance()); 173 } 174 175 176 177 /** 178 * Get the "access-token-cache-enabled" property definition. 179 * <p> 180 * Indicates whether the HTTP Oauth2 Authorization Mechanism is 181 * enabled for use. 182 * 183 * @return Returns the "access-token-cache-enabled" property definition. 184 */ 185 public BooleanPropertyDefinition getAccessTokenCacheEnabledPropertyDefinition() { 186 return PD_ACCESS_TOKEN_CACHE_ENABLED; 187 } 188 189 190 191 /** 192 * Get the "access-token-cache-expiration" property definition. 193 * <p> 194 * Token cache expiration 195 * 196 * @return Returns the "access-token-cache-expiration" property definition. 197 */ 198 public DurationPropertyDefinition getAccessTokenCacheExpirationPropertyDefinition() { 199 return PD_ACCESS_TOKEN_CACHE_EXPIRATION; 200 } 201 202 203 204 /** 205 * Get the "authzid-json-pointer" property definition. 206 * <p> 207 * Specifies the JSON pointer to the value to use as Authorization 208 * ID. The JSON pointer is applied to the resolved access token JSON 209 * document. (example: /uid) 210 * 211 * @return Returns the "authzid-json-pointer" property definition. 212 */ 213 public StringPropertyDefinition getAuthzidJsonPointerPropertyDefinition() { 214 return PD_AUTHZID_JSON_POINTER; 215 } 216 217 218 219 /** 220 * Get the "enabled" property definition. 221 * <p> 222 * Indicates whether the HTTP Oauth2 Authorization Mechanism is 223 * enabled. 224 * 225 * @return Returns the "enabled" property definition. 226 */ 227 public BooleanPropertyDefinition getEnabledPropertyDefinition() { 228 return HTTPAuthorizationMechanismCfgDefn.getInstance().getEnabledPropertyDefinition(); 229 } 230 231 232 233 /** 234 * Get the "identity-mapper" property definition. 235 * <p> 236 * > Specifies the name of the identity mapper to use in conjunction 237 * with the authzid-json-pointer to get the user corresponding to the 238 * acccess-token. 239 * 240 * @return Returns the "identity-mapper" property definition. 241 */ 242 public AggregationPropertyDefinition<IdentityMapperCfgClient, IdentityMapperCfg> getIdentityMapperPropertyDefinition() { 243 return PD_IDENTITY_MAPPER; 244 } 245 246 247 248 /** 249 * Get the "java-class" property definition. 250 * <p> 251 * Specifies the fully-qualified name of the Java class that 252 * provides the HTTP Oauth2 Authorization Mechanism implementation. 253 * 254 * @return Returns the "java-class" property definition. 255 */ 256 public ClassPropertyDefinition getJavaClassPropertyDefinition() { 257 return HTTPAuthorizationMechanismCfgDefn.getInstance().getJavaClassPropertyDefinition(); 258 } 259 260 261 262 /** 263 * Get the "required-scope" property definition. 264 * <p> 265 * Scopes required to grant access to the service. 266 * 267 * @return Returns the "required-scope" property definition. 268 */ 269 public StringPropertyDefinition getRequiredScopePropertyDefinition() { 270 return PD_REQUIRED_SCOPE; 271 } 272}