UnboundID Server SDK

UnboundID Server SDK Documentation


 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License, Version 1.0 only
 * (the "License").  You may not use this file except in compliance
 * with the License.
 * You can obtain a copy of the license at
 * docs/licenses/cddl.txt
 * or http://www.opensource.org/licenses/cddl1.php.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at
 * docs/licenses/cddl.txt.  If applicable,
 * add the following below this CDDL HEADER, with the fields enclosed
 * by brackets "[]" replaced with your own identifying information:
 *      Portions Copyright [yyyy] [name of copyright owner]
 *      Copyright 2013-2015 UnboundID Corp.

package com.unboundid.directory.sdk.examples;

import com.unboundid.directory.sdk.broker.api.PolicyInformationProvider;
import com.unboundid.directory.sdk.broker.config.
import com.unboundid.directory.sdk.broker.types.IdentityBrokerContext;
import com.unboundid.directory.sdk.broker.types.RequestAttribute;
import com.unboundid.directory.sdk.broker.types.RequestContext;
import com.unboundid.util.args.ArgumentException;
import com.unboundid.util.args.ArgumentParser;
import com.unboundid.util.args.FileArgument;

import java.io.FileInputStream;
import java.io.IOException;
import java.util.Arrays;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Properties;

 * Example of a third-party Policy Information Provider.  This example
 * implementation retrieves attributes from a Java properties file.
public class ExamplePolicyInformationProvider
    extends PolicyInformationProvider

   * The name of the argument that will be used to specify the path to the
   * properties file in which to find attribute values.
  private static final String ARG_NAME_PATH = "properties-file-path";

  private Properties properties;

   * Character used to delimit subject id from attribute id in the
   * name portion of each java property line.
  public static final Character PROPERTY_NAME_DELIMITER = '$';

   * Creates a new instance of this policy information provider.  All policy
   * information provider implementations must include a default constructor,
   * but any initialization should generally be performed in the
   * {@code initializePolicyInformationProvider} method.
  public ExamplePolicyInformationProvider()

   * Retrieves a human-readable name for this extension.
   * @return extension name
  public String getExtensionName()
    return "Example Policy Information Provider";

   * Retrieves a human-readable description of this extension.
   * @return text description string
  public String[] getExtensionDescription()
    return new String[]
      "This Policy Information Provider serves as an example that may" +
          " be used to demonstrate the process for creating a third-party" +
          " policy information provider.  This example provider reads values" +
          " from a Java properties file.  The full path to the properties" +
          " file is specified using the extension attribute with name " +
          ARG_NAME_PATH + ".  The Policy Information Provider" +
          " must be configured with one or more XACML attribute Ids or " +
          " wild cards that will funnel attribute requests to this provider."

   * Updates the provided argument parser to define any configuration arguments
   * which may be used by this policy information provider. The argument parser
   * may also be updated to define relationships between arguments (e.g., to
   * specify required, exclusive, or dependent argument sets).
   * @param  parser  The argument parser to be updated with the configuration
   *                 arguments which may be used by this provider.
   * @throws  ArgumentException  If a problem is encountered while updating the
   *                             provided argument parser.
  public void defineConfigArguments(final ArgumentParser parser)
      throws ArgumentException

    // add argument used to specify the path to a properties file
    Character shortIdentifier = null;
    String longIdentifier = ARG_NAME_PATH;
    boolean required = true;
    int maxOccurrences = 1;
    String    placeholder     = "{path}";
    String    description     = "The full path to a java properties file" +
        " containing name-value pairs.  Each name-value pair must be in the" +
        " following format:  <subjectName>" + PROPERTY_NAME_DELIMITER +
        "<xacmlAttributeId>=value where subjectName = subject property from" +
        " the request context and xacmlAttributeId = the XACML attribute Id" +
        " being requested.  (Example: 'applicationX$urn:myorganization" +
        PROPERTY_NAME_DELIMITER + "myattribute=myvalue'.)";
    boolean   fileMustExist   = true;
    boolean   parentMustExist = true;
    boolean   mustBeFile      = true;
    boolean   mustBeDirectory = false;

    parser.addArgument(new FileArgument(shortIdentifier, longIdentifier,
        required, maxOccurrences, placeholder, description, fileMustExist,
        parentMustExist, mustBeFile, mustBeDirectory));

   * Initialize this Policy Information Provider.  Loads the java properties
   * file specified in its configuration.
   * @param  serverContext  A handle to the server context for the server in
   *                        which this extension is running.
   * @param  config         The general configuration for this policy
   *                        information provider.
   * @param  parser         The argument parser which has been initialized from
   *                        the configuration for this policy information
   *                        provider.
   * @throws IOException if an error occurs reading the properties file
  public void initializePolicyInformationProvider(
      final IdentityBrokerContext serverContext,
      final PolicyInformationProviderConfig config,
      final ArgumentParser parser) throws IOException
    FileArgument propFilePath =
    properties = new Properties();
    FileInputStream stream = new FileInputStream(propFilePath.getValue());

   * Retrieve an attribute value from the data store, which in the case of
   * this example is a java properties file.
   * @param categoryId XACML category identifier
   * @param attributeId XACML attribute identifier
   * @param context request context, can be used to retrieve other
   *                attributes from the request that may be needed
   *                in order to evaluate the requested attribute
   * @return RequestAttribute object
   * @throws Exception if an error occurs retrieving the attribute
  public RequestAttribute getAttribute(
      final String categoryId,
      final String attributeId,
      final RequestContext context) throws Exception
    // the first couple of lines here are purely an example of how a PIP
    // can examine its environment by retrieving other attributes from the
    // request context.  The return value is not used.
    RequestAttribute currentDate = context.getAttribute(
    String dateAsString = currentDate.getValues().get(0);

    // Actual implementation using properties file is below
    // construct key using both subject and attribute Id
    StringBuilder key = new StringBuilder(context.getSubject());
    String value = properties.getProperty(key.toString());
    if (value == null)
      throw new Exception(String.format(
          "attribute %s not found for subject %s",
          attributeId, context.getSubject()));
    return new RequestAttribute("http://www.w3.org/2001/XMLSchema#string",

   * Retrieves a map containing examples of configurations that may be used for
   * this extension.  The map key should be a list of sample arguments, and the
   * corresponding value should be a description of the behavior that will be
   * exhibited by the extension when used with that configuration.
   * @return  A map containing examples of configurations that may be used for
   *          this extension.  It may be {@code null} or empty if there should
   *          not be any example argument sets.
  public Map<List<String>,String> getExamplesArgumentSets()
    final LinkedHashMap<List<String>,String> exampleMap =
        new LinkedHashMap<List<String>,String>(1);

        Arrays.asList(ARG_NAME_PATH + "=/var/xacmlAttributes.properties"),
        "Retrieve attribute values from the java properties file at path" +

    return exampleMap;