@Extensible @DirectoryServerExtension @DirectoryProxyServerExtension(appliesToLocalContent=false, appliesToRemoteContent=true) @ThreadSafety(level=INTERFACE_THREADSAFE) public abstract class ScriptedOAuthTokenHandler extends java.lang.Object implements Reconfigurable<OAuthTokenHandlerConfig>
dsconfig create-oauth-token-handler \ --handler-name "{handler-name}" \ --type groovy-scripted \ --set "script-class:{class-name}" \ --set "script-argument:{name=value}"where "{handler-name}" is the name to use for the token handler instance, "{class-name}" is the fully-qualified name of the Groovy class that extends
com.unboundid.directory.sdk.http.scripting.ScriptedOAuthTokenHandler
,
and "{name=value}" represents name-value pairs for any arguments to
provide to the token handler. If multiple arguments should be provided to
the token handler, then the
"--set extension-argument:{name=value}
" option should be
provided multiple times.OAuthTokenHandler
Constructor and Description |
---|
ScriptedOAuthTokenHandler()
Creates a new instance of this alert handler.
|
Modifier and Type | Method and Description |
---|---|
ResultCode |
applyConfiguration(OAuthTokenHandlerConfig config,
ArgumentParser parser,
java.util.List<java.lang.String> adminActionsRequired,
java.util.List<java.lang.String> messages)
Attempts to apply the configuration from the provided argument parser to
this extension.
|
abstract com.unboundid.scim.sdk.OAuthToken |
decodeOAuthToken(java.lang.String base64TokenValue)
Creates an
OAuthToken instance from the incoming token value. |
void |
defineConfigArguments(ArgumentParser parser)
Updates the provided argument parser to define any configuration arguments
which may be used by this extension.
|
void |
finalizeTokenHandler()
Performs any cleanup which may be necessary when this token handler is to
be taken out of service.
|
abstract DN |
getAuthzDN(com.unboundid.scim.sdk.OAuthToken token)
Extracts the DN of the authorization entry (for which to apply access
controls) from the incoming token.
|
void |
initializeTokenHandler(HTTPServerContext serverContext,
OAuthTokenHandlerConfig config,
ArgumentParser parser)
Initializes this token handler.
|
boolean |
isConfigurationAcceptable(OAuthTokenHandlerConfig config,
ArgumentParser parser,
java.util.List<java.lang.String> unacceptableReasons)
Indicates whether the configuration represented by the provided argument
parser is acceptable for use by this extension.
|
abstract boolean |
isTokenAuthentic(com.unboundid.scim.sdk.OAuthToken token)
Determines whether the incoming token is authentic (i.e.
|
abstract boolean |
isTokenExpired(com.unboundid.scim.sdk.OAuthToken token)
Determines whether the given token is expired.
|
abstract boolean |
isTokenForThisServer(com.unboundid.scim.sdk.OAuthToken token)
Determines whether the incoming token is targeted for this server.
|
abstract com.unboundid.scim.sdk.OAuthTokenStatus |
validateToken(com.unboundid.scim.sdk.OAuthToken token,
com.unboundid.scim.sdk.SCIMRequest scimRequest)
Determines whether the incoming token is valid for the given request.
|
public ScriptedOAuthTokenHandler()
initializeTokenHandler
method.public void defineConfigArguments(ArgumentParser parser) throws ArgumentException
defineConfigArguments
in interface Configurable
parser
- The argument parser to be updated with the configuration
arguments which may be used by this extension.ArgumentException
- If a problem is encountered while updating the
provided argument parser.public void initializeTokenHandler(HTTPServerContext serverContext, OAuthTokenHandlerConfig config, ArgumentParser parser) throws LDAPException
serverContext
- A handle to the server context for the server in
which this extension is running.config
- The general configuration for this token handler.parser
- The argument parser which has been initialized from
the configuration for this token handler.LDAPException
- If a problem occurs while
initializing this token handler.public boolean isConfigurationAcceptable(OAuthTokenHandlerConfig config, ArgumentParser parser, java.util.List<java.lang.String> unacceptableReasons)
isConfigurationAcceptable
in interface Reconfigurable<OAuthTokenHandlerConfig>
config
- The general configuration for this extension.parser
- The argument parser that has been used to
parse the proposed configuration for this
extension.unacceptableReasons
- A list to which messages may be added to
provide additional information about why the
provided configuration is not acceptable.true
if the configuration in the provided argument parser
appears to be acceptable, or false
if not.public ResultCode applyConfiguration(OAuthTokenHandlerConfig config, ArgumentParser parser, java.util.List<java.lang.String> adminActionsRequired, java.util.List<java.lang.String> messages)
applyConfiguration
in interface Reconfigurable<OAuthTokenHandlerConfig>
config
- The general configuration for this extension.parser
- The argument parser that has been used to
parse the new configuration for this
extension.adminActionsRequired
- A list to which messages may be added to
provide additional information about any
additional administrative actions that may
be required to apply some of the
configuration changes.messages
- A list to which messages may be added to
provide additional information about the
processing performed by this method.SUCCESS
should be
used to indicate that all processing completed successfully. Any
other result will indicate that a problem occurred during
processing.public void finalizeTokenHandler()
public abstract com.unboundid.scim.sdk.OAuthToken decodeOAuthToken(java.lang.String base64TokenValue) throws java.security.GeneralSecurityException
OAuthToken
instance from the incoming token value.
Implementers may choose to return a subclass of OAuthToken
in order
to provide convenience methods for interacting with the token. This can be
helpful because the returned OAuthToken
is passed to all of the
other methods in this class.
base64TokenValue
- the base64-encoded bearer token valueOAuthToken
instance. This must not be null
.java.security.GeneralSecurityException
- if there is an error decoding the tokenpublic abstract boolean isTokenExpired(com.unboundid.scim.sdk.OAuthToken token) throws java.security.GeneralSecurityException
token
- the OAuth 2.0 bearer token.true
if the token is already expired, false
if not.java.security.GeneralSecurityException
- if there is an error determining the
token's expiration datepublic abstract boolean isTokenAuthentic(com.unboundid.scim.sdk.OAuthToken token) throws java.security.GeneralSecurityException
token
- the OAuth 2.0 bearer token.true
if the bearer token can be verified as authentic and
originating from a trusted source, false
if not.java.security.GeneralSecurityException
- if there is an error determining whether
the token is authenticpublic abstract boolean isTokenForThisServer(com.unboundid.scim.sdk.OAuthToken token) throws java.security.GeneralSecurityException
token
- the OAuth 2.0 bearer token.true
if the bearer token identifies this server as the
intended recipient, false
if not.java.security.GeneralSecurityException
- if there is an error determining whether
the token is for this serverpublic abstract com.unboundid.scim.sdk.OAuthTokenStatus validateToken(com.unboundid.scim.sdk.OAuthToken token, com.unboundid.scim.sdk.SCIMRequest scimRequest) throws java.security.GeneralSecurityException
SCIMRequest
. This typically
involves checking the token scope and any other attributes granted by the
authorization grant. Implementations may need to call back to the
authorization server to verify that the token is still valid and has not
been revoked.token
- the OAuth 2.0 bearer token.scimRequest
- the SCIMRequest
that we are validating.OAuthTokenStatus
object which indicates whether the
bearer token is valid and grants access to the target resource.
This must not be null
.java.security.GeneralSecurityException
- if there is an error determining whether
the token is validpublic abstract DN getAuthzDN(com.unboundid.scim.sdk.OAuthToken token) throws java.security.GeneralSecurityException
This may require performing an LDAP search in order to find the DN that matches a certain attribute value contained in the token.
token
- the OAuth 2.0 bearer token.java.security.GeneralSecurityException
- if there is an error determining the
authorization user DN