/* * CDDL HEADER START * * The contents of this file are subject to the terms of the * Common Development and Distribution License, Version 1.0 only * (the "License"). You may not use this file except in compliance * with the License. * * You can obtain a copy of the license at * docs/licenses/cddl.txt * or http://www.opensource.org/licenses/cddl1.php. * See the License for the specific language governing permissions * and limitations under the License. * * When distributing Covered Code, include this CDDL HEADER in each * file and include the License file at * docs/licenses/cddl.txt. If applicable, * add the following below this CDDL HEADER, with the fields enclosed * by brackets "[]" replaced with your own identifying information: * Portions Copyright [yyyy] [name of copyright owner] * * CDDL HEADER END * * * Portions Copyright 2010-2023 Ping Identity Corporation */ package com.unboundid.directory.sdk.examples.groovy; import java.util.Date; import java.util.List; import com.unboundid.directory.sdk.common.types.AlertSeverity; import com.unboundid.directory.sdk.ds.config.AccountStatusNotificationHandlerConfig; import com.unboundid.directory.sdk.ds.scripting.ScriptedAccountStatusNotificationHandler; import com.unboundid.directory.sdk.ds.types.AccountStatusNotification; import com.unboundid.directory.sdk.ds.types.AccountStatusNotificationProperty; import com.unboundid.directory.sdk.ds.types.AccountStatusNotificationType; import com.unboundid.directory.sdk.ds.types.DirectoryServerContext; import com.unboundid.ldap.sdk.LDAPException; import com.unboundid.util.StaticUtils; import com.unboundid.util.args.ArgumentParser; /** * This class provides a simple example of a scripted account status * notification handler which will generate an administrative alert any time a * user account has been locked as a result of too many failed bind attempts. */ public final class ExampleScriptedAccountStatusNotificationHandler extends ScriptedAccountStatusNotificationHandler { // The server context for the server in which this extension is running. private DirectoryServerContext serverContext = null; /** * Creates a new instance of this account status notification handler. All * account status notification handler implementations must include a default * constructor, but any initialization should generally be done in the * {@code initializeAccountStatusNotificationHandler} method. */ public ExampleScriptedAccountStatusNotificationHandler() { // No implementation required. } /** * Initializes this account status notification handler. * * @param serverContext A handle to the server context for the server in * which this extension is running. * @param config The general configuration for this account status * notification handler. * @param parser The argument parser which has been initialized from * the configuration for this account status * notification handler. * * @throws LDAPException If a problem occurs while initializing this account * status notification handler. */ @Override() public void initializeAccountStatusNotificationHandler( final DirectoryServerContext serverContext, final AccountStatusNotificationHandlerConfig config, final ArgumentParser parser) throws LDAPException { serverContext.debugInfo( "Beginning account status notification handler initialization"); this.serverContext = serverContext; } /** * Performs any processing that may be necessary in conjunction with the * provided account status notification. * * @param notification The account status notification to be processed. */ @Override() public void handleStatusNotification( final AccountStatusNotification notification) { switch (notification.getNotificationType()) { case AccountStatusNotificationType.ACCOUNT_PERMANENTLY_LOCKED: case AccountStatusNotificationType.ACCOUNT_TEMPORARILY_LOCKED: // These notification types will result in administrative alerts. That // will be done later in this method. break; default: // We will not generate an alert for these notification types. return; } // See if there is an unlock time. Date unlockTime = null; try { final List<String> unlockTimeValues = notification.getNotificationProperty( AccountStatusNotificationProperty.ACCOUNT_UNLOCK_TIME); if ((unlockTimeValues != null) && (! unlockTimeValues.isEmpty())) { unlockTime = StaticUtils.decodeGeneralizedTime(unlockTimeValues.get(0)); } } catch (final Exception e) { serverContext.debugCaught(e); } // Generate a message to include in the alert. final StringBuilder alertMessage = new StringBuilder(); alertMessage.append("User account '"); alertMessage.append(notification.getUserDN()); alertMessage.append("' has been locked as a result of too many failed "+ "authentication attempts. The account will remain locked until "); if (unlockTime != null) { alertMessage.append(unlockTime); alertMessage.append(" or until "); } alertMessage.append("an administrator resets the user's password."); serverContext.sendAlert(AlertSeverity.INFO, alertMessage.toString()); } }