001/* 002 * The contents of this file are subject to the terms of the Common Development and 003 * Distribution License (the License). You may not use this file except in compliance with the 004 * License. 005 * 006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the 007 * specific language governing permission and limitations under the License. 008 * 009 * When distributing Covered Software, include this CDDL Header Notice in each file and include 010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL 011 * Header, with the fields enclosed by brackets [] replaced by your own identifying 012 * information: "Portions Copyright [year] [name of copyright owner]". 013 * 014 * Copyright 2008 Sun Microsystems, Inc. 015 */ 016package org.forgerock.opendj.server.config.meta; 017 018 019 020import java.util.Collection; 021import java.util.SortedSet; 022import org.forgerock.opendj.config.AdministratorAction; 023import org.forgerock.opendj.config.AggregationPropertyDefinition; 024import org.forgerock.opendj.config.BooleanPropertyDefinition; 025import org.forgerock.opendj.config.ClassPropertyDefinition; 026import org.forgerock.opendj.config.client.ConcurrentModificationException; 027import org.forgerock.opendj.config.client.ManagedObject; 028import org.forgerock.opendj.config.client.MissingMandatoryPropertiesException; 029import org.forgerock.opendj.config.client.OperationRejectedException; 030import org.forgerock.opendj.config.conditions.Conditions; 031import org.forgerock.opendj.config.DefaultBehaviorProvider; 032import org.forgerock.opendj.config.DefinedDefaultBehaviorProvider; 033import org.forgerock.opendj.config.DurationPropertyDefinition; 034import org.forgerock.opendj.config.ManagedObjectAlreadyExistsException; 035import org.forgerock.opendj.config.ManagedObjectDefinition; 036import org.forgerock.opendj.config.PropertyOption; 037import org.forgerock.opendj.config.PropertyProvider; 038import org.forgerock.opendj.config.server.ConfigurationChangeListener; 039import org.forgerock.opendj.config.server.ServerManagedObject; 040import org.forgerock.opendj.config.StringPropertyDefinition; 041import org.forgerock.opendj.ldap.DN; 042import org.forgerock.opendj.ldap.LdapException; 043import org.forgerock.opendj.server.config.client.HTTPOauth2FileAuthorizationMechanismCfgClient; 044import org.forgerock.opendj.server.config.client.IdentityMapperCfgClient; 045import org.forgerock.opendj.server.config.server.HTTPAuthorizationMechanismCfg; 046import org.forgerock.opendj.server.config.server.HTTPOauth2AuthorizationMechanismCfg; 047import org.forgerock.opendj.server.config.server.HTTPOauth2FileAuthorizationMechanismCfg; 048import org.forgerock.opendj.server.config.server.IdentityMapperCfg; 049 050 051 052/** 053 * An interface for querying the HTTP Oauth2 File Authorization 054 * Mechanism managed object definition meta information. 055 * <p> 056 * The HTTP Oauth2 File Authorization Mechanism is used to define 057 * OAuth2 authorization through a file based access-token resolution. 058 * For test purpose only, this mechanism is looking up for JSON 059 * access-token files under the specified path. 060 */ 061public final class HTTPOauth2FileAuthorizationMechanismCfgDefn extends ManagedObjectDefinition<HTTPOauth2FileAuthorizationMechanismCfgClient, HTTPOauth2FileAuthorizationMechanismCfg> { 062 063 /** The singleton configuration definition instance. */ 064 private static final HTTPOauth2FileAuthorizationMechanismCfgDefn INSTANCE = new HTTPOauth2FileAuthorizationMechanismCfgDefn(); 065 066 067 068 /** The "access-token-directory" property definition. */ 069 private static final StringPropertyDefinition PD_ACCESS_TOKEN_DIRECTORY; 070 071 072 073 /** The "java-class" property definition. */ 074 private static final ClassPropertyDefinition PD_JAVA_CLASS; 075 076 077 078 /** Build the "access-token-directory" property definition. */ 079 static { 080 StringPropertyDefinition.Builder builder = StringPropertyDefinition.createBuilder(INSTANCE, "access-token-directory"); 081 builder.setOption(PropertyOption.MANDATORY); 082 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "access-token-directory")); 083 DefaultBehaviorProvider<String> provider = new DefinedDefaultBehaviorProvider<String>("oauth2-demo/"); 084 builder.setDefaultBehaviorProvider(provider); 085 PD_ACCESS_TOKEN_DIRECTORY = builder.getInstance(); 086 INSTANCE.registerPropertyDefinition(PD_ACCESS_TOKEN_DIRECTORY); 087 } 088 089 090 091 /** Build the "java-class" property definition. */ 092 static { 093 ClassPropertyDefinition.Builder builder = ClassPropertyDefinition.createBuilder(INSTANCE, "java-class"); 094 builder.setOption(PropertyOption.MANDATORY); 095 builder.setOption(PropertyOption.ADVANCED); 096 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "java-class")); 097 DefaultBehaviorProvider<String> provider = new DefinedDefaultBehaviorProvider<String>("org.opends.server.protocols.http.authz.HttpOAuth2FileAuthorizationMechanism"); 098 builder.setDefaultBehaviorProvider(provider); 099 builder.addInstanceOf("org.opends.server.protocols.http.authz.HttpAuthorizationMechanism"); 100 PD_JAVA_CLASS = builder.getInstance(); 101 INSTANCE.registerPropertyDefinition(PD_JAVA_CLASS); 102 } 103 104 105 106 /** 107 * Get the HTTP Oauth2 File Authorization Mechanism configuration 108 * definition singleton. 109 * 110 * @return Returns the HTTP Oauth2 File Authorization Mechanism 111 * configuration definition singleton. 112 */ 113 public static HTTPOauth2FileAuthorizationMechanismCfgDefn getInstance() { 114 return INSTANCE; 115 } 116 117 118 119 /** 120 * Private constructor. 121 */ 122 private HTTPOauth2FileAuthorizationMechanismCfgDefn() { 123 super("http-oauth2-file-authorization-mechanism", HTTPOauth2AuthorizationMechanismCfgDefn.getInstance()); 124 } 125 126 127 128 /** {@inheritDoc} */ 129 public HTTPOauth2FileAuthorizationMechanismCfgClient createClientConfiguration( 130 ManagedObject<? extends HTTPOauth2FileAuthorizationMechanismCfgClient> impl) { 131 return new HTTPOauth2FileAuthorizationMechanismCfgClientImpl(impl); 132 } 133 134 135 136 /** {@inheritDoc} */ 137 public HTTPOauth2FileAuthorizationMechanismCfg createServerConfiguration( 138 ServerManagedObject<? extends HTTPOauth2FileAuthorizationMechanismCfg> impl) { 139 return new HTTPOauth2FileAuthorizationMechanismCfgServerImpl(impl); 140 } 141 142 143 144 /** {@inheritDoc} */ 145 public Class<HTTPOauth2FileAuthorizationMechanismCfg> getServerConfigurationClass() { 146 return HTTPOauth2FileAuthorizationMechanismCfg.class; 147 } 148 149 150 151 /** 152 * Get the "access-token-cache-enabled" property definition. 153 * <p> 154 * Indicates whether the HTTP Oauth2 File Authorization Mechanism is 155 * enabled for use. 156 * 157 * @return Returns the "access-token-cache-enabled" property definition. 158 */ 159 public BooleanPropertyDefinition getAccessTokenCacheEnabledPropertyDefinition() { 160 return HTTPOauth2AuthorizationMechanismCfgDefn.getInstance().getAccessTokenCacheEnabledPropertyDefinition(); 161 } 162 163 164 165 /** 166 * Get the "access-token-cache-expiration" property definition. 167 * <p> 168 * Token cache expiration 169 * 170 * @return Returns the "access-token-cache-expiration" property definition. 171 */ 172 public DurationPropertyDefinition getAccessTokenCacheExpirationPropertyDefinition() { 173 return HTTPOauth2AuthorizationMechanismCfgDefn.getInstance().getAccessTokenCacheExpirationPropertyDefinition(); 174 } 175 176 177 178 /** 179 * Get the "access-token-directory" property definition. 180 * <p> 181 * Directory containing token files. File names must be equal to the 182 * token strings. The file content must a JSON object with the 183 * following attributes: 'scope', 'expireTime' and all the field(s) 184 * needed to resolve the authzIdTemplate. 185 * 186 * @return Returns the "access-token-directory" property definition. 187 */ 188 public StringPropertyDefinition getAccessTokenDirectoryPropertyDefinition() { 189 return PD_ACCESS_TOKEN_DIRECTORY; 190 } 191 192 193 194 /** 195 * Get the "authzid-json-pointer" property definition. 196 * <p> 197 * Specifies the JSON pointer to the value to use as Authorization 198 * ID. The JSON pointer is applied to the resolved access token JSON 199 * document. (example: /uid) 200 * 201 * @return Returns the "authzid-json-pointer" property definition. 202 */ 203 public StringPropertyDefinition getAuthzidJsonPointerPropertyDefinition() { 204 return HTTPOauth2AuthorizationMechanismCfgDefn.getInstance().getAuthzidJsonPointerPropertyDefinition(); 205 } 206 207 208 209 /** 210 * Get the "enabled" property definition. 211 * <p> 212 * Indicates whether the HTTP Oauth2 File Authorization Mechanism is 213 * enabled. 214 * 215 * @return Returns the "enabled" property definition. 216 */ 217 public BooleanPropertyDefinition getEnabledPropertyDefinition() { 218 return HTTPOauth2AuthorizationMechanismCfgDefn.getInstance().getEnabledPropertyDefinition(); 219 } 220 221 222 223 /** 224 * Get the "identity-mapper" property definition. 225 * <p> 226 * > Specifies the name of the identity mapper to use in conjunction 227 * with the authzid-json-pointer to get the user corresponding to the 228 * acccess-token. 229 * 230 * @return Returns the "identity-mapper" property definition. 231 */ 232 public AggregationPropertyDefinition<IdentityMapperCfgClient, IdentityMapperCfg> getIdentityMapperPropertyDefinition() { 233 return HTTPOauth2AuthorizationMechanismCfgDefn.getInstance().getIdentityMapperPropertyDefinition(); 234 } 235 236 237 238 /** 239 * Get the "java-class" property definition. 240 * <p> 241 * Specifies the fully-qualified name of the Java class that 242 * provides the HTTP Oauth2 File Authorization Mechanism 243 * implementation. 244 * 245 * @return Returns the "java-class" property definition. 246 */ 247 public ClassPropertyDefinition getJavaClassPropertyDefinition() { 248 return PD_JAVA_CLASS; 249 } 250 251 252 253 /** 254 * Get the "required-scope" property definition. 255 * <p> 256 * Scopes required to grant access to the service. 257 * 258 * @return Returns the "required-scope" property definition. 259 */ 260 public StringPropertyDefinition getRequiredScopePropertyDefinition() { 261 return HTTPOauth2AuthorizationMechanismCfgDefn.getInstance().getRequiredScopePropertyDefinition(); 262 } 263 264 265 266 /** 267 * Managed object client implementation. 268 */ 269 private static class HTTPOauth2FileAuthorizationMechanismCfgClientImpl implements 270 HTTPOauth2FileAuthorizationMechanismCfgClient { 271 272 /** Private implementation. */ 273 private ManagedObject<? extends HTTPOauth2FileAuthorizationMechanismCfgClient> impl; 274 275 276 277 /** Private constructor. */ 278 private HTTPOauth2FileAuthorizationMechanismCfgClientImpl( 279 ManagedObject<? extends HTTPOauth2FileAuthorizationMechanismCfgClient> impl) { 280 this.impl = impl; 281 } 282 283 284 285 /** {@inheritDoc} */ 286 public boolean isAccessTokenCacheEnabled() { 287 return impl.getPropertyValue(INSTANCE.getAccessTokenCacheEnabledPropertyDefinition()); 288 } 289 290 291 292 /** {@inheritDoc} */ 293 public void setAccessTokenCacheEnabled(boolean value) { 294 impl.setPropertyValue(INSTANCE.getAccessTokenCacheEnabledPropertyDefinition(), value); 295 } 296 297 298 299 /** {@inheritDoc} */ 300 public Long getAccessTokenCacheExpiration() { 301 return impl.getPropertyValue(INSTANCE.getAccessTokenCacheExpirationPropertyDefinition()); 302 } 303 304 305 306 /** {@inheritDoc} */ 307 public void setAccessTokenCacheExpiration(Long value) { 308 impl.setPropertyValue(INSTANCE.getAccessTokenCacheExpirationPropertyDefinition(), value); 309 } 310 311 312 313 /** {@inheritDoc} */ 314 public String getAccessTokenDirectory() { 315 return impl.getPropertyValue(INSTANCE.getAccessTokenDirectoryPropertyDefinition()); 316 } 317 318 319 320 /** {@inheritDoc} */ 321 public void setAccessTokenDirectory(String value) { 322 impl.setPropertyValue(INSTANCE.getAccessTokenDirectoryPropertyDefinition(), value); 323 } 324 325 326 327 /** {@inheritDoc} */ 328 public String getAuthzidJsonPointer() { 329 return impl.getPropertyValue(INSTANCE.getAuthzidJsonPointerPropertyDefinition()); 330 } 331 332 333 334 /** {@inheritDoc} */ 335 public void setAuthzidJsonPointer(String value) { 336 impl.setPropertyValue(INSTANCE.getAuthzidJsonPointerPropertyDefinition(), value); 337 } 338 339 340 341 /** {@inheritDoc} */ 342 public Boolean isEnabled() { 343 return impl.getPropertyValue(INSTANCE.getEnabledPropertyDefinition()); 344 } 345 346 347 348 /** {@inheritDoc} */ 349 public void setEnabled(boolean value) { 350 impl.setPropertyValue(INSTANCE.getEnabledPropertyDefinition(), value); 351 } 352 353 354 355 /** {@inheritDoc} */ 356 public String getIdentityMapper() { 357 return impl.getPropertyValue(INSTANCE.getIdentityMapperPropertyDefinition()); 358 } 359 360 361 362 /** {@inheritDoc} */ 363 public void setIdentityMapper(String value) { 364 impl.setPropertyValue(INSTANCE.getIdentityMapperPropertyDefinition(), value); 365 } 366 367 368 369 /** {@inheritDoc} */ 370 public String getJavaClass() { 371 return impl.getPropertyValue(INSTANCE.getJavaClassPropertyDefinition()); 372 } 373 374 375 376 /** {@inheritDoc} */ 377 public void setJavaClass(String value) { 378 impl.setPropertyValue(INSTANCE.getJavaClassPropertyDefinition(), value); 379 } 380 381 382 383 /** {@inheritDoc} */ 384 public SortedSet<String> getRequiredScope() { 385 return impl.getPropertyValues(INSTANCE.getRequiredScopePropertyDefinition()); 386 } 387 388 389 390 /** {@inheritDoc} */ 391 public void setRequiredScope(Collection<String> values) { 392 impl.setPropertyValues(INSTANCE.getRequiredScopePropertyDefinition(), values); 393 } 394 395 396 397 /** {@inheritDoc} */ 398 public ManagedObjectDefinition<? extends HTTPOauth2FileAuthorizationMechanismCfgClient, ? extends HTTPOauth2FileAuthorizationMechanismCfg> definition() { 399 return INSTANCE; 400 } 401 402 403 404 /** {@inheritDoc} */ 405 public PropertyProvider properties() { 406 return impl; 407 } 408 409 410 411 /** {@inheritDoc} */ 412 public void commit() throws ManagedObjectAlreadyExistsException, 413 MissingMandatoryPropertiesException, ConcurrentModificationException, 414 OperationRejectedException, LdapException { 415 impl.commit(); 416 } 417 418 419 420 /** {@inheritDoc} */ 421 public String toString() { 422 return impl.toString(); 423 } 424 } 425 426 427 428 /** 429 * Managed object server implementation. 430 */ 431 private static class HTTPOauth2FileAuthorizationMechanismCfgServerImpl implements 432 HTTPOauth2FileAuthorizationMechanismCfg { 433 434 /** Private implementation. */ 435 private ServerManagedObject<? extends HTTPOauth2FileAuthorizationMechanismCfg> impl; 436 437 /** The value of the "access-token-cache-enabled" property. */ 438 private final boolean pAccessTokenCacheEnabled; 439 440 /** The value of the "access-token-cache-expiration" property. */ 441 private final Long pAccessTokenCacheExpiration; 442 443 /** The value of the "access-token-directory" property. */ 444 private final String pAccessTokenDirectory; 445 446 /** The value of the "authzid-json-pointer" property. */ 447 private final String pAuthzidJsonPointer; 448 449 /** The value of the "enabled" property. */ 450 private final boolean pEnabled; 451 452 /** The value of the "identity-mapper" property. */ 453 private final String pIdentityMapper; 454 455 /** The value of the "java-class" property. */ 456 private final String pJavaClass; 457 458 /** The value of the "required-scope" property. */ 459 private final SortedSet<String> pRequiredScope; 460 461 462 463 /** Private constructor. */ 464 private HTTPOauth2FileAuthorizationMechanismCfgServerImpl(ServerManagedObject<? extends HTTPOauth2FileAuthorizationMechanismCfg> impl) { 465 this.impl = impl; 466 this.pAccessTokenCacheEnabled = impl.getPropertyValue(INSTANCE.getAccessTokenCacheEnabledPropertyDefinition()); 467 this.pAccessTokenCacheExpiration = impl.getPropertyValue(INSTANCE.getAccessTokenCacheExpirationPropertyDefinition()); 468 this.pAccessTokenDirectory = impl.getPropertyValue(INSTANCE.getAccessTokenDirectoryPropertyDefinition()); 469 this.pAuthzidJsonPointer = impl.getPropertyValue(INSTANCE.getAuthzidJsonPointerPropertyDefinition()); 470 this.pEnabled = impl.getPropertyValue(INSTANCE.getEnabledPropertyDefinition()); 471 this.pIdentityMapper = impl.getPropertyValue(INSTANCE.getIdentityMapperPropertyDefinition()); 472 this.pJavaClass = impl.getPropertyValue(INSTANCE.getJavaClassPropertyDefinition()); 473 this.pRequiredScope = impl.getPropertyValues(INSTANCE.getRequiredScopePropertyDefinition()); 474 } 475 476 477 478 /** {@inheritDoc} */ 479 public void addHTTPOauth2FileAuthorizationMechanismChangeListener( 480 ConfigurationChangeListener<HTTPOauth2FileAuthorizationMechanismCfg> listener) { 481 impl.registerChangeListener(listener); 482 } 483 484 485 486 /** {@inheritDoc} */ 487 public void removeHTTPOauth2FileAuthorizationMechanismChangeListener( 488 ConfigurationChangeListener<HTTPOauth2FileAuthorizationMechanismCfg> listener) { 489 impl.deregisterChangeListener(listener); 490 } 491 /** {@inheritDoc} */ 492 public void addHTTPOauth2AuthorizationMechanismChangeListener( 493 ConfigurationChangeListener<HTTPOauth2AuthorizationMechanismCfg> listener) { 494 impl.registerChangeListener(listener); 495 } 496 497 498 499 /** {@inheritDoc} */ 500 public void removeHTTPOauth2AuthorizationMechanismChangeListener( 501 ConfigurationChangeListener<HTTPOauth2AuthorizationMechanismCfg> listener) { 502 impl.deregisterChangeListener(listener); 503 } 504 /** {@inheritDoc} */ 505 public void addChangeListener( 506 ConfigurationChangeListener<HTTPAuthorizationMechanismCfg> listener) { 507 impl.registerChangeListener(listener); 508 } 509 510 511 512 /** {@inheritDoc} */ 513 public void removeChangeListener( 514 ConfigurationChangeListener<HTTPAuthorizationMechanismCfg> listener) { 515 impl.deregisterChangeListener(listener); 516 } 517 518 519 520 /** {@inheritDoc} */ 521 public boolean isAccessTokenCacheEnabled() { 522 return pAccessTokenCacheEnabled; 523 } 524 525 526 527 /** {@inheritDoc} */ 528 public Long getAccessTokenCacheExpiration() { 529 return pAccessTokenCacheExpiration; 530 } 531 532 533 534 /** {@inheritDoc} */ 535 public String getAccessTokenDirectory() { 536 return pAccessTokenDirectory; 537 } 538 539 540 541 /** {@inheritDoc} */ 542 public String getAuthzidJsonPointer() { 543 return pAuthzidJsonPointer; 544 } 545 546 547 548 /** {@inheritDoc} */ 549 public boolean isEnabled() { 550 return pEnabled; 551 } 552 553 554 555 /** {@inheritDoc} */ 556 public String getIdentityMapper() { 557 return pIdentityMapper; 558 } 559 560 561 562 /** 563 * {@inheritDoc} 564 */ 565 public DN getIdentityMapperDN() { 566 String value = getIdentityMapper(); 567 if (value == null) return null; 568 return INSTANCE.getIdentityMapperPropertyDefinition().getChildDN(value); 569 } 570 571 572 573 /** {@inheritDoc} */ 574 public String getJavaClass() { 575 return pJavaClass; 576 } 577 578 579 580 /** {@inheritDoc} */ 581 public SortedSet<String> getRequiredScope() { 582 return pRequiredScope; 583 } 584 585 586 587 /** {@inheritDoc} */ 588 public Class<? extends HTTPOauth2FileAuthorizationMechanismCfg> configurationClass() { 589 return HTTPOauth2FileAuthorizationMechanismCfg.class; 590 } 591 592 593 594 /** {@inheritDoc} */ 595 public DN dn() { 596 return impl.getDN(); 597 } 598 599 600 601 /** {@inheritDoc} */ 602 public String toString() { 603 return impl.toString(); 604 } 605 } 606}