001/* 002 * CDDL HEADER START 003 * 004 * The contents of this file are subject to the terms of the 005 * Common Development and Distribution License, Version 1.0 only 006 * (the "License"). You may not use this file except in compliance 007 * with the License. 008 * 009 * You can obtain a copy of the license at 010 * docs/licenses/cddl.txt 011 * or http://www.opensource.org/licenses/cddl1.php. 012 * See the License for the specific language governing permissions 013 * and limitations under the License. 014 * 015 * When distributing Covered Code, include this CDDL HEADER in each 016 * file and include the License file at 017 * docs/licenses/cddl.txt. If applicable, 018 * add the following below this CDDL HEADER, with the fields enclosed 019 * by brackets "[]" replaced with your own identifying information: 020 * Portions Copyright [yyyy] [name of copyright owner] 021 * 022 * CDDL HEADER END 023 * 024 * 025 * Copyright 2013-2018 Ping Identity Corporation 026 */ 027package com.unboundid.directory.sdk.common.api; 028 029 030import com.unboundid.directory.sdk.broker.internal.BrokerExtension; 031import com.unboundid.directory.sdk.common.config.VelocityContextProviderConfig; 032import com.unboundid.directory.sdk.common.internal.ExampleUsageProvider; 033import com.unboundid.directory.sdk.common.internal.Reconfigurable; 034import com.unboundid.directory.sdk.common.internal.UnboundIDExtension; 035import com.unboundid.directory.sdk.common.types.ServerContext; 036import com.unboundid.directory.sdk.common.types.VelocityContext; 037import com.unboundid.directory.sdk.ds.internal.DirectoryServerExtension; 038import com.unboundid.directory.sdk.metrics.internal.MetricsEngineExtension; 039import com.unboundid.directory.sdk.proxy.internal.DirectoryProxyServerExtension; 040import com.unboundid.directory.sdk.sync.internal.SynchronizationServerExtension; 041import com.unboundid.ldap.sdk.LDAPException; 042import com.unboundid.ldap.sdk.ResultCode; 043import com.unboundid.util.Extensible; 044import com.unboundid.util.ThreadSafety; 045import com.unboundid.util.ThreadSafetyLevel; 046import com.unboundid.util.args.ArgumentException; 047import com.unboundid.util.args.ArgumentParser; 048 049import javax.servlet.http.HttpServletRequest; 050import javax.servlet.http.HttpServletResponse; 051import javax.servlet.http.HttpSession; 052import java.io.IOException; 053import java.util.List; 054 055import static com.unboundid.directory.sdk.common.config 056 .VelocityContextProviderConfig.ObjectScope; 057import static com.unboundid.directory.sdk.common.config 058 .VelocityContextProviderConfig.ObjectScope.*; 059 060 061/** 062 * This class defines an API that must be implemented by extensions which 063 * contribute content to server pages authored as Velocity templates. 064 * These pages are rendered by the Velocity HTTP Servlet Extension included 065 * with the server. During rendering of a Velocity page, the template is merged 066 * with a 'context' that provides values for variables, properties, and method 067 * references in the template. 068 * <p> 069 * A context provider can be restricted to contributing content for certain 070 * pages by specifying one or more included or excluded views names. A view 071 * name is the URL request path to to a template that does not include the 072 * HTTP servlet extension's base context path, nor a starting path separator. 073 * So for example if a template was accessible by the URL 074 * http://localhost:8080/view/path/to/template the view name would be 075 * 'path/to/template'. 076 * <p> 077 * In addition to contributing content for views, a context provider can also 078 * be configured to add header fields to HTTP responses using the 079 * request-header configuration property. Header field values specified the 080 * by a context provider override values for identical fields names for which 081 * the Velocity HTTP Servlet Extension is configured to add to responses. 082 * <p> 083 * Context providers are restricted to servicing requests for the configured 084 * set of HTTP operations. By default, only the HTTP GET method is enabled 085 * though this can be changed by updating the http-method configuration 086 * property. Implementations should abide by the conventions mandated by the 087 * HTTP method specification. For example, an implementation that handles the 088 * GET method should be restricted to retrieval only and not introduce any 089 * persistent side-effects that would change the state of the server. 090 * <H2>Configuring Velocity Context Providers</H2> 091 * In order to configure a Velocity context provider created using this API, 092 * use a command like: 093 * <PRE> 094 * dsconfig create-velocity-context-provider \ 095 * --extension-name "<I>{extension}</I>" \ 096 * --provider-name "<I>{provider}</I>" \ 097 * --type third-party \ 098 * --set enabled:true \ 099 * --set "extension-class:<I>{class-name}</I>" \ 100 * --set "extension-argument:<I>{name=value}</I>" 101 * </PRE> 102 * where "<I>{extension}</I>" is the name of the Velocity HTTP servlet 103 * extension, ("Velocity" by default) 104 * "<I>{provider}</I>" is the name to use for the Velocity context provider 105 * instance, "<I>{class-name}</I>" is the fully-qualified name of the Java 106 * class that extends 107 * {@code com.unboundid.directory.sdk.common.api.VelocityContextProvider}, 108 * and "<I>{name=value}</I>" represents name-value pairs for any arguments to 109 * provide to the virtual attribute provider. If multiple arguments should be 110 * provided to the virtual attribute provider, then the 111 * "<CODE>--set extension-argument:<I>{name=value}</I></CODE>" option should be 112 * provided multiple times. 113 */ 114@Extensible() 115@DirectoryServerExtension() 116@DirectoryProxyServerExtension(appliesToLocalContent = true, 117 appliesToRemoteContent = false) 118@SynchronizationServerExtension(appliesToLocalContent = true, 119 appliesToSynchronizedContent = false) 120@MetricsEngineExtension() 121@BrokerExtension() 122@ThreadSafety(level = ThreadSafetyLevel.INTERFACE_THREADSAFE) 123public abstract class VelocityContextProvider 124 implements UnboundIDExtension, 125 Reconfigurable<VelocityContextProviderConfig>, 126 ExampleUsageProvider 127{ 128 129 130 // The current configuration. 131 private VelocityContextProviderConfig config; 132 133 134 135 /** 136 * {@inheritDoc} 137 */ 138 public abstract String getExtensionName(); 139 140 141 142 /** 143 * {@inheritDoc} 144 */ 145 public abstract String[] getExtensionDescription(); 146 147 148 149 /** 150 * {@inheritDoc} 151 */ 152 public void defineConfigArguments(final ArgumentParser parser) 153 throws ArgumentException 154 { 155 // No arguments will be allowed by default. 156 } 157 158 159 160 /** 161 * Initializes this Velocity context provider. 162 * 163 * @param serverContext A handle to the server context for the server in 164 * which this extension is running. 165 * @param config The general configuration for this Velocity context 166 * provider. 167 * @param parser The argument parser which has been initialized from 168 * the configuration for this Velocity context 169 * provider. 170 * @throws LDAPException If a problem occurs while initializing this context 171 * provider. 172 */ 173 public void initializeVelocityContextProvider( 174 final ServerContext serverContext, 175 final VelocityContextProviderConfig config, 176 final ArgumentParser parser) 177 throws LDAPException 178 { 179 this.config = config; 180 } 181 182 183 184 /** 185 * {@inheritDoc} 186 */ 187 public boolean isConfigurationAcceptable( 188 final VelocityContextProviderConfig config, 189 final ArgumentParser parser, 190 final List<String> unacceptableReasons) 191 { 192 // No extended validation will be performed by default. 193 return true; 194 } 195 196 197 198 /** 199 * {@inheritDoc} 200 */ 201 public ResultCode applyConfiguration( 202 final VelocityContextProviderConfig config, 203 final ArgumentParser parser, 204 final List<String> adminActionsRequired, 205 final List<String> messages) 206 { 207 // By default, no configuration changes will be applied. If there are any 208 // arguments, then add an admin action message indicating that the extension 209 // needs to be restarted for any changes to take effect. 210 if (!parser.getNamedArguments().isEmpty()) 211 { 212 adminActionsRequired.add( 213 "No configuration change has actually been applied. The new " + 214 "configuration will not take effect until this Velocity " + 215 "context provider is disabled and re-enabled or until the " + 216 "server is restarted."); 217 } 218 219 return ResultCode.SUCCESS; 220 } 221 222 223 224 /** 225 * Performs any cleanup which may be necessary when this virtual attribute 226 * provider is to be taken out of service. 227 */ 228 public void finalizeVelocityContextProvider() 229 { 230 // No implementation is required. 231 } 232 233 234 235 /** 236 * Handle an HTTP DELETE request. Implementations should be idempotent in 237 * the sense that the side-effects of a single call to this method are the 238 * same as N > 0 identical requests. 239 * 240 * @param context to update. 241 * @param request for the view implemented by a template. 242 * @param response to the client. 243 * 244 * @throws IOException if the provider has a problem related to processing 245 * the response such as sending an error to the client. 246 */ 247 public void handleDelete(final VelocityContext context, 248 final HttpServletRequest request, 249 final HttpServletResponse response) 250 throws IOException 251 { 252 response.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED); 253 } 254 255 256 257 /** 258 * Handle an HTTP GET request. Implementations should be restricted to 259 * retrieval operations only, ensuring there are no persistent side-effects 260 * generated by the server as a result of this method being called. 261 * 262 * @param context to update. 263 * @param request for the view implemented by a template. 264 * @param response to the client. 265 * 266 * @throws IOException if the provider has a problem related to processing 267 * the response such as sending an error to the client. 268 */ 269 public void handleGet(final VelocityContext context, 270 final HttpServletRequest request, 271 final HttpServletResponse response) 272 throws IOException 273 { 274 // Do not respond with an error to avoid breaking existing implementations. 275 } 276 277 278 279 /** 280 * Handle an HTTP HEAD request. Implementations should be restricted to 281 * retrieval operations only, ensuring there are no persistent side-effects 282 * generated by the server as a result of this method being called. 283 * 284 * @param context to update. 285 * @param request for the view implemented by a template. 286 * @param response to the client. 287 * 288 * @throws IOException if the provider has a problem related to processing 289 * the response such as sending an error to the client. 290 */ 291 public void handleHead(final VelocityContext context, 292 final HttpServletRequest request, 293 final HttpServletResponse response) 294 throws IOException 295 { 296 response.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED); 297 } 298 299 300 301 /** 302 * Handle an HTTP OPTIONS request. Implementations should ensure there 303 * are no persistent side-effects generated by the server as a result of this 304 * method being called. 305 * 306 * @param context to update. 307 * @param request for the view implemented by a template. 308 * @param response to the client. 309 * 310 * @throws IOException if the provider has a problem related to processing 311 * the response such as sending an error to the client. 312 */ 313 public void handleOptions(final VelocityContext context, 314 final HttpServletRequest request, 315 final HttpServletResponse response) 316 throws IOException 317 { 318 response.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED); 319 } 320 321 322 323 /** 324 * Handle an HTTP PATCH request. 325 * 326 * @param context to update. 327 * @param request for the view implemented by a template. 328 * @param response to the client. 329 * 330 * @throws IOException if the provider has a problem related to processing 331 * the response such as sending an error to the client. 332 */ 333 public void handlePatch(final VelocityContext context, 334 final HttpServletRequest request, 335 final HttpServletResponse response) 336 throws IOException 337 { 338 response.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED); 339 } 340 341 342 343 /** 344 * Handle an HTTP POST request. 345 * 346 * @param context to update. 347 * @param request for the view implemented by a template. 348 * @param response to the client. 349 * 350 * @throws IOException if the provider has a problem related to processing 351 * the response such as sending an error to the client. 352 */ 353 public void handlePost(final VelocityContext context, 354 final HttpServletRequest request, 355 final HttpServletResponse response) 356 throws IOException 357 { 358 // Do not respond with an error to avoid breaking existing implementations. 359 } 360 361 362 363 /** 364 * Handle an HTTP PUT request. Implementations should be idempotent in 365 * the sense that the side-effects of a single call to this method are the 366 * same as N > 0 identical requests. 367 * 368 * @param context to update. 369 * @param request for the view implemented by a template. 370 * @param response to the client. 371 * 372 * @throws IOException if the provider has a problem related to processing 373 * the response such as sending an error to the client. 374 */ 375 public void handlePut(final VelocityContext context, 376 final HttpServletRequest request, 377 final HttpServletResponse response) 378 throws IOException 379 { 380 response.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED); 381 } 382 383 384 385 /** 386 * Handle an HTTP TRACE request. Implementations should ensure there 387 * are no persistent side-effects generated by the server as a result of this 388 * method being called. 389 * 390 * @param context to update. 391 * @param request for the view implemented by a template. 392 * @param response to the client. 393 * 394 * @throws IOException if the provider has a problem related to processing 395 * the response such as sending an error to the client. 396 */ 397 public void handleTrace(final VelocityContext context, 398 final HttpServletRequest request, 399 final HttpServletResponse response) 400 throws IOException 401 { 402 response.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED); 403 } 404 405 406 407 /** 408 * Handle an HTTP method not already handled by one of the other 409 * {@code handleXXX} methods. Implementations should check the value 410 * of the request's {@code getMethod()} method and take whatever action is 411 * necessary to fulfill the request before updating the context. Unexpected 412 * HTTP methods should result in the client sending an HTTP 405 Method Not 413 * Allowed response. 414 * 415 * @param context to update. 416 * @param request for the view implemented by a template. 417 * @param response to the client. 418 * 419 * @throws IOException if the provider has a problem related to processing 420 * the response such as sending an error to the client. 421 */ 422 public void handleAdditionalMethod(final VelocityContext context, 423 final HttpServletRequest request, 424 final HttpServletResponse response) 425 throws IOException 426 { 427 response.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED); 428 } 429 430 431 432 /** 433 * This method is called following a call to one of the {@code handleXXX} 434 * methods and may be used for logic that is independent of the HTTP operation 435 * requested. HTTP method-specific code such as request attribute or form 436 * data processing should be restricted to the appropriate {@code handleXXX} 437 * method. 438 * 439 * @param context to update. 440 * @param request for the view implemented by a template. 441 * @param response to the client. 442 * 443 * @throws IOException if the provider has a problem related to processing 444 * the response such as sending an error to the client. 445 */ 446 public void updateContext(final VelocityContext context, 447 final HttpServletRequest request, 448 final HttpServletResponse response) 449 throws IOException 450 { 451 // No implementation. 452 } 453 454 455 456 /** 457 * Gets an object from the current user session or servlet context 458 * depending on the object scope currently configured for this provider. 459 * This method can be used as a convenience for providers the maintain 460 * a set of context objects for a particular scope. 461 * 462 * @param <T> the type of object to return. If an object exists in 463 * the current scope with the given name but is not of type 464 * T this method returns {@code null} 465 * 466 * @param name of the object. 467 * @param request current user request. 468 * 469 * @return the named object or {@code null} if no object exists by the 470 * provided name or an input parameter is (@code null}. 471 */ 472 protected <T> T getNamedObject(final String name, 473 final HttpServletRequest request) 474 { 475 T object = null; 476 if (this.config != null) 477 { 478 object = getNamedObject(name, request, config.getObjectScope()); 479 } 480 return object; 481 } 482 483 484 485 /** 486 * Stores an object in current user request, session or servlet context 487 * depending on the object scope currently configured for this provider. 488 * This method can be used as a convenience for providers the maintain 489 * a set of context objects for a particular scope. 490 * 491 * @param name of the object. 492 * @param object to store. 493 * @param request current user request. 494 */ 495 protected void setNamedObject(final String name, 496 final Object object, 497 final HttpServletRequest request) 498 { 499 if (this.config != null) 500 { 501 setNamedObject(name, object, request, config.getObjectScope()); 502 } 503 } 504 505 506 507 /** 508 * Gets an object from the current user session or servlet context 509 * depending on the object scope currently configured for this provider. 510 * This method can be used as a convenience for providers the maintain 511 * a set of context objects for a particular scope. 512 * 513 * @param <T> the type of object to return. If an object exists in 514 * the current scope with the given name but is not of type 515 * T this method returns {@code null} 516 * 517 * @param name of the object. 518 * @param request current user request. 519 * @param scope from which to retrieve the object. 520 * @return the named object or {@code null} if no object exists by the 521 * provided name or an input parameter is (@code null}. 522 */ 523 @SuppressWarnings("unchecked") 524 public static <T> T getNamedObject(final String name, 525 final HttpServletRequest request, 526 final ObjectScope scope) 527 { 528 T object = null; 529 Object o = null; 530 if (name != null && request != null) 531 { 532 if (REQUEST.equals(scope)) 533 { 534 o = request.getAttribute(name); 535 } 536 else if (SESSION.equals(scope)) 537 { 538 HttpSession session = request.getSession(false); 539 if (session != null) 540 { 541 o = session.getAttribute(name); 542 } 543 } 544 else if (APPLICATION.equals(scope)) 545 { 546 o = request.getServletContext().getAttribute(name); 547 } 548 } 549 try 550 { 551 object = (T) o; 552 } 553 catch (ClassCastException cce) 554 { 555 // ignore 556 } 557 return object; 558 } 559 560 561 562 /** 563 * Stores an object in current user request, session or servlet context 564 * depending on the object scope currently configured for this provider. 565 * This method can be used as a convenience for providers the maintain 566 * a set of context objects for a particular scope. 567 * 568 * @param name of the object. 569 * @param object to store. 570 * @param request current user request. 571 * @param scope in which to set the object. 572 */ 573 public static void setNamedObject(final String name, 574 final Object object, 575 final HttpServletRequest request, 576 final ObjectScope scope) 577 { 578 if (scope != null && request != null && name != null) 579 { 580 if (REQUEST.equals(scope)) 581 { 582 request.setAttribute(name, object); 583 } 584 else if (SESSION.equals(scope)) 585 { 586 HttpSession session = request.getSession(true); 587 session.setAttribute(name, object); 588 } 589 else if (APPLICATION.equals(scope)) 590 { 591 request.getServletContext().setAttribute(name, object); 592 } 593 } 594 } 595 596}