/* * CDDL HEADER START * * The contents of this file are subject to the terms of the * Common Development and Distribution License, Version 1.0 only * (the "License"). You may not use this file except in compliance * with the License. * * You can obtain a copy of the license at * docs/licenses/cddl.txt * or http://www.opensource.org/licenses/cddl1.php. * See the License for the specific language governing permissions * and limitations under the License. * * When distributing Covered Code, include this CDDL HEADER in each * file and include the License file at * docs/licenses/cddl.txt. If applicable, * add the following below this CDDL HEADER, with the fields enclosed * by brackets "[]" replaced with your own identifying information: * Portions Copyright [yyyy] [name of copyright owner] * * CDDL HEADER END * * * Portions Copyright 2015-2023 Ping Identity Corporation */ package com.unboundid.directory.sdk.examples; import com.unboundid.directory.sdk.broker.types.BrokerContext; import com.unboundid.directory.sdk.common.api.AccessTokenValidator; import com.unboundid.directory.sdk.common.config.AccessTokenValidatorConfig; import com.unboundid.directory.sdk.common.types.TokenValidationResult; import com.unboundid.directory.sdk.common.types.ServerContext; import com.unboundid.util.args.ArgumentParser; import java.util.Arrays; import java.util.HashSet; /** * Example Access Token Validator that processes access tokens issued from * a fictional external IDP. The format of the fictional access token is: * <p> * ExternalTestToken:[validity]:[owner]:[scope] * <UL> * <LI>ExternalTestToken -- tells this validator that the token is one * of "ours".</LI> * <LI>validity -- token is valid if this is equal to "TrustMe".</LI> * <LI>owner -- userName, for this example assumed to be common between * the external IDP and the user store</LI> * <LI>scope -- scopes granted by this token, space-delimited</LI> * </UL> */ public class ExampleAccessTokenValidator extends AccessTokenValidator { /** * Prefix for all tokens that can be validated by this validator. */ public static final String TOKEN_PREFIX = "ExternalTestToken"; /** * String value indicating that the token is valid. */ public static final String VALID_TOKEN = "TrustMe"; private BrokerContext serverContext; /** * {@inheritDoc} */ @Override public String getExtensionName() { return "Example Access Token Validator"; } /** * {@inheritDoc} */ @Override public String[] getExtensionDescription() { return new String[] { "This access token validator serves as an example that may be used to " + "demonstrate the process for creating a third-party access token " + "validator. It validates human-readable access tokens whose " + "value includes whether the token is valid, the subject of the " + "token, and the scopes granted to the token." }; } /** * {@inheritDoc} */ @Override public void initializeTokenValidator( final ServerContext serverContext, final AccessTokenValidatorConfig config, final ArgumentParser parser) throws Exception { super.initializeTokenValidator(serverContext, config, parser); this.serverContext = (BrokerContext) serverContext; } /** * {@inheritDoc} */ @Override public TokenValidationResult validate( final String encodedAccessToken) throws Exception { TokenValidationResult tokenValidationResult = null; String[] tokenParts = encodedAccessToken.split(":"); if (tokenParts.length == 4 && tokenParts[0].equals(TOKEN_PREFIX)) { // this token is recognized, so populate a result object boolean isValid = tokenParts[1].equals(VALID_TOKEN); String userName = tokenParts[2]; String scope = tokenParts[3]; TokenValidationResult.Builder builder = new TokenValidationResult.Builder(encodedAccessToken, isValid); // set the token subject builder.setTokenSubject(userName); builder.setScope(new HashSet<>(Arrays.asList(scope.split(" ")))); tokenValidationResult = builder.build(); } return tokenValidationResult; } }