/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at
* docs/licenses/cddl.txt
* or http://www.opensource.org/licenses/cddl1.php.
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at
* docs/licenses/cddl.txt. If applicable,
* add the following below this CDDL HEADER, with the fields enclosed
* by brackets "[]" replaced with your own identifying information:
* Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*
*
* Portions Copyright 2015-2024 Ping Identity Corporation
*/
package com.unboundid.directory.sdk.examples;
import com.unboundid.directory.sdk.broker.types.BrokerContext;
import com.unboundid.directory.sdk.common.api.AccessTokenValidator;
import com.unboundid.directory.sdk.common.config.AccessTokenValidatorConfig;
import com.unboundid.directory.sdk.common.types.TokenValidationResult;
import com.unboundid.directory.sdk.common.types.ServerContext;
import com.unboundid.util.args.ArgumentParser;
import java.util.Arrays;
import java.util.HashSet;
/**
* Example Access Token Validator that processes access tokens issued from
* a fictional external IDP. The format of the fictional access token is:
* <p>
* ExternalTestToken:[validity]:[owner]:[scope]
* <UL>
* <LI>ExternalTestToken -- tells this validator that the token is one
* of "ours".</LI>
* <LI>validity -- token is valid if this is equal to "TrustMe".</LI>
* <LI>owner -- userName, for this example assumed to be common between
* the external IDP and the user store</LI>
* <LI>scope -- scopes granted by this token, space-delimited</LI>
* </UL>
*/
public class ExampleAccessTokenValidator extends AccessTokenValidator {
/**
* Prefix for all tokens that can be validated by this validator.
*/
public static final String TOKEN_PREFIX = "ExternalTestToken";
/**
* String value indicating that the token is valid.
*/
public static final String VALID_TOKEN = "TrustMe";
private BrokerContext serverContext;
/**
* {@inheritDoc}
*/
@Override
public String getExtensionName() {
return "Example Access Token Validator";
}
/**
* {@inheritDoc}
*/
@Override
public String[] getExtensionDescription() {
return new String[]
{
"This access token validator serves as an example that may be used to " +
"demonstrate the process for creating a third-party access token " +
"validator. It validates human-readable access tokens whose " +
"value includes whether the token is valid, the subject of the " +
"token, and the scopes granted to the token."
};
}
/**
* {@inheritDoc}
*/
@Override
public void initializeTokenValidator(
final ServerContext serverContext,
final AccessTokenValidatorConfig config,
final ArgumentParser parser) throws Exception {
super.initializeTokenValidator(serverContext, config, parser);
this.serverContext = (BrokerContext) serverContext;
}
/**
* {@inheritDoc}
*/
@Override
public TokenValidationResult validate(
final String encodedAccessToken)
throws Exception {
TokenValidationResult tokenValidationResult = null;
String[] tokenParts = encodedAccessToken.split(":");
if (tokenParts.length == 4 && tokenParts[0].equals(TOKEN_PREFIX)) {
// this token is recognized, so populate a result object
boolean isValid = tokenParts[1].equals(VALID_TOKEN);
String userName = tokenParts[2];
String scope = tokenParts[3];
TokenValidationResult.Builder builder =
new TokenValidationResult.Builder(encodedAccessToken, isValid);
// set the token subject
builder.setTokenSubject(userName);
builder.setScope(new HashSet<>(Arrays.asList(scope.split(" "))));
tokenValidationResult = builder.build();
}
return tokenValidationResult;
}
}
