com.unboundid.directory.sdk.ds.api

Class DataSecurityAuditor

java.lang.Object

com.unboundid.directory.sdk.ds.api.DataSecurityAuditor

All Implemented Interfaces:

Configurable, ExampleUsageProvider, UnboundIDExtension

@Extensible
 @DirectoryServerExtension
 @ThreadSafety(level=INTERFACE_THREADSAFE)
public abstract class DataSecurityAuditor
extends java.lang.Object
implements UnboundIDExtension, Configurable, ExampleUsageProvider

This class defines an API that must be implemented by extensions that may examine entries to identify potential security-related issues (or potentially other characteristics of note).

Configuring Data Security Auditors

In order to configure a data security auditor created using this API, use a command like:

      dsconfig create-data-security-auditor \
           --auditor-name "{auditor-name}" \
           --type third-party \
           --set enabled:true \
           --set "extension-class:{class-name}" \
           --set "extension-argument:{name=value}"
 

where "{auditor-name}" is the name to use for the data security auditor instance, "{class-name}" is the fully-qualified name of the Java class that extends com.unboundid.directory.sdk.ds.api.DataSecurityAuditor, and "{name=value}" represents name-value pairs for any arguments to provide to the data security auditor. If multiple arguments should be provided to the data security auditor, then the "--set extension-argument:{name=value}" option should be provided multiple times.

Constructor Summary

Constructors

Constructor and Description
DataSecurityAuditor() Creates a new instance of this data security auditor.

Method Summary

Modifier and Type	Method and Description
void	defineConfigArguments(ArgumentParser parser) Updates the provided argument parser to define any configuration arguments which may be used by this extension.
abstract void	examineEntry(Entry entry, PasswordPolicyStateJSON passwordPolicyState, DataSecurityAuditorEntryReporter reporter) Examines the provided entry to determine whether any data security issues should be reported.
void	finalizeDataSecurityAuditor() Performs any cleanup that may be necessary when this data security auditor ends processing in a backend.
java.util.Map<java.util.List<java.lang.String>,java.lang.String>	getExamplesArgumentSets() Retrieves a map containing examples of configurations that may be used for this extension.
abstract java.lang.String[]	getExtensionDescription() Retrieves a human-readable description for this extension.
abstract java.lang.String	getExtensionName() Retrieves a human-readable name for this extension.
void	initializeDataSecurityAuditorForBackend(DirectoryServerContext serverContext, DataSecurityAuditorConfig config, ArgumentParser parser, java.lang.String backendID) Initializes this data security auditor before beginning processing in the specified backend.
abstract void	reportSummary(DataSecurityAuditorSummaryReporter reporter) Reports a summary of the results obtained from processing this data security auditor in the associated backend.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

DataSecurityAuditor

public DataSecurityAuditor()

Creates a new instance of this data security auditor. All data security auditor implementations must include a default constructor, but any initialization should generally be done in the initializeDataSecurityAuditor method.

Method Detail

getExtensionName

@NotNull
public abstract java.lang.String getExtensionName()

Retrieves a human-readable name for this extension.

Specified by:

getExtensionName in interface UnboundIDExtension

Returns:

A human-readable name for this extension.

getExtensionDescription

@Nullable
public abstract java.lang.String[] getExtensionDescription()

Retrieves a human-readable description for this extension. Each element of the array that is returned will be considered a separate paragraph in generated documentation.

Specified by:

getExtensionDescription in interface UnboundIDExtension

Returns:

A human-readable description for this extension, or null or an empty array if no description should be available.

defineConfigArguments

public void defineConfigArguments(@NotNull
                                  ArgumentParser parser)
                           throws ArgumentException

Updates the provided argument parser to define any configuration arguments which may be used by this extension. The argument parser may also be updated to define relationships between arguments (e.g., to specify required, exclusive, or dependent argument sets).

Specified by:

defineConfigArguments in interface Configurable

Parameters:

parser - The argument parser to be updated with the configuration arguments which may be used by this extension.

Throws:

ArgumentException - If a problem is encountered while updating the provided argument parser.

initializeDataSecurityAuditorForBackend

public void initializeDataSecurityAuditorForBackend(@NotNull
                                                    DirectoryServerContext serverContext,
                                                    @NotNull
                                                    DataSecurityAuditorConfig config,
                                                    @NotNull
                                                    ArgumentParser parser,
                                                    @NotNull
                                                    java.lang.String backendID)
                                             throws LDAPException

Initializes this data security auditor before beginning processing in the specified backend.

Parameters:

serverContext - A handle to the server context for the server in which this extension is running.

config - The general configuration for this data security auditor.

parser - The argument parser which has been initialized from the configuration for this data security auditor.

backendID - The backend ID for the backend in which processing will be performed.

Throws:

LDAPException - If a problem occurs while initializing this data security auditor.

finalizeDataSecurityAuditor

public void finalizeDataSecurityAuditor()

Performs any cleanup that may be necessary when this data security auditor ends processing in a backend.

examineEntry

public abstract void examineEntry(@NotNull
                                  Entry entry,
                                  @NotNull
                                  PasswordPolicyStateJSON passwordPolicyState,
                                  @NotNull
                                  DataSecurityAuditorEntryReporter reporter)
                           throws java.io.IOException

Examines the provided entry to determine whether any data security issues should be reported. If any such issues are found, then the provided reporter should be used to report them.

Parameters:

entry - The entry to examine.

passwordPolicyState - The password policy state for the account with which the provided entry is associated.

reporter - A reporter whose reportEntry method may be used to indicate that the provided entry has one or more identified issues.

Throws:

java.io.IOException - If a problem is encountered while the reporter is attempting to add an entry to the report file.

reportSummary

public abstract void reportSummary(@NotNull
                                   DataSecurityAuditorSummaryReporter reporter)
                            throws java.io.IOException

Reports a summary of the results obtained from processing this data security auditor in the associated backend.

Parameters:

reporter - The reporter that may be used to provide the summary of processing performed by this data security auditor in the associated backend.

Throws:

java.io.IOException - If a problem is encountered while the reporter is attempting to add an entry to the report file.

getExamplesArgumentSets

@Nullable
public java.util.Map<java.util.List<java.lang.String>,java.lang.String> getExamplesArgumentSets()

Retrieves a map containing examples of configurations that may be used for this extension. The map key should be a list of sample arguments, and the corresponding value should be a description of the behavior that will be exhibited by the extension when used with that configuration.

Specified by:

getExamplesArgumentSets in interface ExampleUsageProvider

Returns:

A map containing examples of configurations that may be used for this extension. It may be null or empty if there should not be any example argument sets.