UnboundID Server SDK

Ping Identity
UnboundID Server SDK Documentation


 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License, Version 1.0 only
 * (the "License").  You may not use this file except in compliance
 * with the License.
 * You can obtain a copy of the license at
 * docs/licenses/cddl.txt
 * or http://www.opensource.org/licenses/cddl1.php.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at
 * docs/licenses/cddl.txt.  If applicable,
 * add the following below this CDDL HEADER, with the fields enclosed
 * by brackets "[]" replaced with your own identifying information:
 *      Portions Copyright [yyyy] [name of copyright owner]
 *      Portions Copyright 2010-2023 Ping Identity Corporation
package com.unboundid.directory.sdk.examples.groovy;

import java.util.Date;
import java.util.List;

import com.unboundid.directory.sdk.common.types.AlertSeverity;
import com.unboundid.directory.sdk.ds.config.AccountStatusNotificationHandlerConfig;
import com.unboundid.directory.sdk.ds.scripting.ScriptedAccountStatusNotificationHandler;
import com.unboundid.directory.sdk.ds.types.AccountStatusNotification;
import com.unboundid.directory.sdk.ds.types.AccountStatusNotificationProperty;
import com.unboundid.directory.sdk.ds.types.AccountStatusNotificationType;
import com.unboundid.directory.sdk.ds.types.DirectoryServerContext;
import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.util.StaticUtils;
import com.unboundid.util.args.ArgumentParser;

 * This class provides a simple example of a scripted account status
 * notification handler which will generate an administrative alert any time a
 * user account has been locked as a result of too many failed bind attempts.
public final class ExampleScriptedAccountStatusNotificationHandler
       extends ScriptedAccountStatusNotificationHandler
  // The server context for the server in which this extension is running.
  private DirectoryServerContext serverContext = null;

   * Creates a new instance of this account status notification handler.  All
   * account status notification handler implementations must include a default
   * constructor, but any initialization should generally be done in the
   * {@code initializeAccountStatusNotificationHandler} method.
  public ExampleScriptedAccountStatusNotificationHandler()
    // No implementation required.

   * Initializes this account status notification handler.
   * @param  serverContext  A handle to the server context for the server in
   *                        which this extension is running.
   * @param  config         The general configuration for this account status
   *                        notification handler.
   * @param  parser         The argument parser which has been initialized from
   *                        the configuration for this account status
   *                        notification handler.
   * @throws  LDAPException  If a problem occurs while initializing this account
   *                         status notification handler.
  public void initializeAccountStatusNotificationHandler(
                   final DirectoryServerContext serverContext,
                   final AccountStatusNotificationHandlerConfig config,
                   final ArgumentParser parser)
         throws LDAPException
         "Beginning account status notification handler initialization");

    this.serverContext = serverContext;

   * Performs any processing that may be necessary in conjunction with the
   * provided account status notification.
   * @param  notification  The account status notification to be processed.
  public void handleStatusNotification(
                   final AccountStatusNotification notification)
    switch (notification.getNotificationType())
      case AccountStatusNotificationType.ACCOUNT_PERMANENTLY_LOCKED:
      case AccountStatusNotificationType.ACCOUNT_TEMPORARILY_LOCKED:
        // These notification types will result in administrative alerts.  That
        // will be done later in this method.

        // We will not generate an alert for these notification types.

    // See if there is an unlock time.
    Date unlockTime = null;
      final List<String> unlockTimeValues =
      if ((unlockTimeValues != null) && (! unlockTimeValues.isEmpty()))
        unlockTime = StaticUtils.decodeGeneralizedTime(unlockTimeValues.get(0));
    catch (final Exception e)

    // Generate a message to include in the alert.
    final StringBuilder alertMessage = new StringBuilder();
    alertMessage.append("User account '");
    alertMessage.append("' has been locked as a result of too many failed "+
         "authentication attempts.  The account will remain locked until ");

    if (unlockTime != null)
      alertMessage.append(" or until ");

    alertMessage.append("an administrator resets the user's password.");

    serverContext.sendAlert(AlertSeverity.INFO, alertMessage.toString());