Package com.unboundid.directory.sdk.ds.api

Class DataSecurityAuditor

  • All Implemented Interfaces:
    Configurable, ExampleUsageProvider, UnboundIDExtension
    @Extensible
@DirectoryServerExtension
@ThreadSafety(level=INTERFACE_THREADSAFE)
public abstract class DataSecurityAuditor
extends java.lang.Object
implements UnboundIDExtension, Configurable, ExampleUsageProvider
    This class defines an API that must be implemented by extensions that may examine entries to identify potential security-related issues (or potentially other characteristics of note).

    Configuring Data Security Auditors

    In order to configure a data security auditor created using this API, use a command like: 
          dsconfig create-data-security-auditor \
           --auditor-name "{auditor-name}" \
           --type third-party \
           --set enabled:true \
           --set "extension-class:{class-name}" \
           --set "extension-argument:{name=value}"
    where "{auditor-name}" is the name to use for the data security auditor instance, "{class-name}" is the fully-qualified name of the Java class that extends com.unboundid.directory.sdk.ds.api.DataSecurityAuditor, and "{name=value}" represents name-value pairs for any arguments to provide to the data security auditor. If multiple arguments should be provided to the data security auditor, then the "--set extension-argument:{name=value}" option should be provided multiple times.

    • Constructor Detail

      • DataSecurityAuditor

        public DataSecurityAuditor()
        Creates a new instance of this data security auditor. All data security auditor implementations must include a default constructor, but any initialization should generally be done in the initializeDataSecurityAuditor method.

    • Method Detail

      • getExtensionDescription

        @Nullable
public abstract java.lang.String[] getExtensionDescription()
        Retrieves a human-readable description for this extension. Each element of the array that is returned will be considered a separate paragraph in generated documentation.
        Specified by:
        getExtensionDescription in interface UnboundIDExtension
        Returns:
        A human-readable description for this extension, or null or an empty array if no description should be available.

      • defineConfigArguments

        public void defineConfigArguments​(@NotNull
                                  ArgumentParser parser)
                           throws ArgumentException
        Updates the provided argument parser to define any configuration arguments which may be used by this extension. The argument parser may also be updated to define relationships between arguments (e.g., to specify required, exclusive, or dependent argument sets).
        Specified by:
        defineConfigArguments in interface Configurable
        Parameters:
        parser - The argument parser to be updated with the configuration arguments which may be used by this extension.
        Throws:
        ArgumentException - If a problem is encountered while updating the provided argument parser.

      • initializeDataSecurityAuditorForBackend

        public void initializeDataSecurityAuditorForBackend​(@NotNull
                                                    DirectoryServerContext serverContext,
                                                    @NotNull
                                                    DataSecurityAuditorConfig config,
                                                    @NotNull
                                                    ArgumentParser parser,
                                                    @NotNull
                                                    java.lang.String backendID)
                                             throws LDAPException
        Initializes this data security auditor before beginning processing in the specified backend.
        Parameters:
        serverContext - A handle to the server context for the server in which this extension is running.
        config - The general configuration for this data security auditor.
        parser - The argument parser which has been initialized from the configuration for this data security auditor.
        backendID - The backend ID for the backend in which processing will be performed.
        Throws:
        LDAPException - If a problem occurs while initializing this data security auditor.

      • finalizeDataSecurityAuditor

        public void finalizeDataSecurityAuditor()
        Performs any cleanup that may be necessary when this data security auditor ends processing in a backend.

      • examineEntry

        public abstract void examineEntry​(@NotNull
                                  Entry entry,
                                  @NotNull
                                  PasswordPolicyStateJSON passwordPolicyState,
                                  @NotNull
                                  DataSecurityAuditorEntryReporter reporter)
                           throws java.io.IOException
        Examines the provided entry to determine whether any data security issues should be reported. If any such issues are found, then the provided reporter should be used to report them.
        Parameters:
        entry - The entry to examine.
        passwordPolicyState - The password policy state for the account with which the provided entry is associated.
        reporter - A reporter whose reportEntry method may be used to indicate that the provided entry has one or more identified issues.
        Throws:
        java.io.IOException - If a problem is encountered while the reporter is attempting to add an entry to the report file.

      • reportSummary

        public abstract void reportSummary​(@NotNull
                                   DataSecurityAuditorSummaryReporter reporter)
                            throws java.io.IOException
        Reports a summary of the results obtained from processing this data security auditor in the associated backend.
        Parameters:
        reporter - The reporter that may be used to provide the summary of processing performed by this data security auditor in the associated backend.
        Throws:
        java.io.IOException - If a problem is encountered while the reporter is attempting to add an entry to the report file.

      • getExamplesArgumentSets

        @Nullable
public java.util.Map<java.util.List<java.lang.String>,​java.lang.String> getExamplesArgumentSets()
        Retrieves a map containing examples of configurations that may be used for this extension. The map key should be a list of sample arguments, and the corresponding value should be a description of the behavior that will be exhibited by the extension when used with that configuration.
        Specified by:
        getExamplesArgumentSets in interface ExampleUsageProvider
        Returns:
        A map containing examples of configurations that may be used for this extension. It may be null or empty if there should not be any example argument sets.