UnboundID Server SDK

Ping Identity
UnboundID Server SDK Documentation

ExampleTokenResourceLookupMethod.java

/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License, Version 1.0 only
 * (the "License").  You may not use this file except in compliance
 * with the License.
 *
 * You can obtain a copy of the license at
 * docs/licenses/cddl.txt
 * or http://www.opensource.org/licenses/cddl1.php.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at
 * docs/licenses/cddl.txt.  If applicable,
 * add the following below this CDDL HEADER, with the fields enclosed
 * by brackets "[]" replaced with your own identifying information:
 *      Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 *
 *
 *      Portions Copyright 2019-2023 Ping Identity Corporation
 */
package com.unboundid.directory.sdk.examples;

import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.ObjectNode;
import com.unboundid.directory.sdk.broker.api.TokenResourceLookupMethod;
import com.unboundid.directory.sdk.broker.config.TokenResourceLookupMethodConfig;
import com.unboundid.directory.sdk.broker.types.BrokerContext;
import com.unboundid.directory.sdk.broker.types.TokenOwnerPrincipal;
import com.unboundid.directory.sdk.common.types.LogSeverity;
import com.unboundid.directory.sdk.common.types.TokenValidationResult;
import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.ldap.sdk.ResultCode;
import com.unboundid.util.args.Argument;
import com.unboundid.util.args.ArgumentException;
import com.unboundid.util.args.ArgumentParser;
import com.unboundid.util.args.FileArgument;

import java.io.File;
import java.io.IOException;
import java.util.Collections;
import java.util.List;
import java.util.Map;

/**
 * This class provides a simple example of a token resource lookup method that
 * uses a JSON file as a source of user data. It takes a single configuration
 * argument:
 * <ul>
 *   <li>users-file -- The path to a file containing user data. This file
 *   should consist of a JSON object in which each field is a username, and
 *   each field value is an object containing user attributes.</li>
 * </ul>
 */
public class ExampleTokenResourceLookupMethod extends TokenResourceLookupMethod
{
  private static final String EXTENSION_NAME =
      "Example Token Resource Lookup Method";
  private static final String EXTENSION_DESCRIPTION =
      "This token resource lookup method demonstrates the process for " +
          "creating a third-party token resource lookup method. Given a " +
          "token validation result object produced by an access token " +
          "validator, it uses the token subject value to look up a token " +
          "owner resource from a file containing user data.";
  private static final String ARG_USERS_FILE = "users-file";
  private static final String ARG_USERS_FILE_DESCRIPTION =
      "The path to a file containing user data. The file should consist of a " +
          "JSON object where each field is a username, and each value is an " +
          "object containing the user's attributes.";

  private static final ObjectMapper MAPPER = new ObjectMapper();

  private BrokerContext serverContext;
  private Map<String, ObjectNode> data;

  /**
   * {@inheritDoc}
   */
  @Override
  public String getExtensionName()
  {
    return EXTENSION_NAME;
  }

  /**
   * {@inheritDoc}
   */
  @Override
  public String[] getExtensionDescription()
  {
    return new String[]
    {
        EXTENSION_DESCRIPTION
    };
  }

  /**
   * {@inheritDoc}
   */
  @Override
  public void initializeTokenResourceLookupMethod(
      final BrokerContext serverContext,
      final TokenResourceLookupMethodConfig config,
      final ArgumentParser parser) throws Exception
  {
    super.initializeTokenResourceLookupMethod(serverContext, config, parser);

    this.serverContext = serverContext;

    final FileArgument usersFileArgument =
        parser.getFileArgument(ARG_USERS_FILE);

    try
    {
      this.data = Collections.unmodifiableMap(
          loadData(usersFileArgument.getValue()));
    }
    catch (IOException e)
    {
      throw new LDAPException(ResultCode.OTHER,
          "Failed to load user data file: " + e.getMessage(), e);
    }
  }

  /**
   * {@inheritDoc}
   */
  @Override
  public void defineConfigArguments(final ArgumentParser parser)
      throws ArgumentException
  {
    Argument usersFileArgument = new FileArgument(
        null,
        ARG_USERS_FILE,
        true,
        1,
        null,
        ARG_USERS_FILE_DESCRIPTION,
        true,
        true,
        true,
        false);
    parser.addArgument(usersFileArgument);
  }

  /**
   * {@inheritDoc}
   */
  public boolean isConfigurationAcceptable(
      final TokenResourceLookupMethodConfig config,
      final ArgumentParser parser,
      final List<String> unacceptableReasons)
  {
    try
    {
      final FileArgument usersFileArgument =
          parser.getFileArgument(ARG_USERS_FILE);
      loadData(usersFileArgument.getValue());
    }
    catch (IOException e)
    {
      unacceptableReasons.add("Failed to load user data file: " +
          e.getMessage());
      return false;
    }
    return true;
  }

  /**
   * {@inheritDoc}
   */
  public synchronized ResultCode applyConfiguration(
      final TokenResourceLookupMethodConfig config,
      final ArgumentParser parser,
      final List<String> adminActionsRequired,
      final List<String> messages)
  {
    try
    {
      final FileArgument usersFileArgument =
          parser.getFileArgument(ARG_USERS_FILE);
      this.data = Collections.unmodifiableMap(
          loadData(usersFileArgument.getValue()));
    }
    catch (IOException e)
    {
      messages.add("Failed to load user data file: " + e.getMessage());
      return ResultCode.OTHER;
    }

    return ResultCode.SUCCESS;
  }

  /**
   * {@inheritDoc}
   */
  @Override
  public TokenOwnerPrincipal lookupTokenOwner(
      final TokenValidationResult tokenValidationResult)
  {
    try
    {
      String userId = tokenValidationResult.getTokenSubject();

      if (userId == null)
      {
        serverContext.logTraceMessage(
            LogSeverity.MILD_WARNING,
            "Access token has no subject; skipping owner lookup");
        return null;
      }

      serverContext.logTraceMessage(
          LogSeverity.INFO,
          String.format("Looking up user id '%s'", userId));
      ObjectNode userData = searchData(userId);
      if (userData != null)
      {
        serverContext.logTraceMessage(
            LogSeverity.INFO,
            String.format("User id '%s' found", userId));
        return new TokenOwnerPrincipal()
        {
          @Override
          public String getName()
          {
            return userId;
          }

          @Override
          public ObjectNode getResource()
          {
            return userData;
          }
        };
      }

      serverContext.logTraceMessage(
          LogSeverity.MILD_WARNING,
          String.format("User id '%s' not found", userId));
      return null;
    }
    catch (Exception e)
    {
      serverContext.logTraceMessage(
          LogSeverity.SEVERE_ERROR,
          "Token owner lookup failed: " + e.getMessage());
      return null;
    }
  }

  /**
   * Loads data from a JSON file containing user data. The contents of this file
   * should be a JSON object where each field is a username and each field
   * value is an object containing user attributes.
   *
   * @param usersFile
   *          A user data file.
   * @return The parsed user data.
   * @throws IOException
   *          if an error occurs while reading or parsing the user data file.
   */
  private Map<String, ObjectNode> loadData(final File usersFile)
      throws IOException
  {
    return MAPPER.readValue(usersFile,
        new TypeReference<Map<String, ObjectNode>>() {});
  }

  /**
   * Searches the in-memory user data for the given user.
   *
   * @param username
   *          The username to search for.
   * @return The matching user data object, or {@code null} if the user was
   * not found.
   */
  private ObjectNode searchData(final String username)
  {
    return data.get(username);
  }
}