com.unboundid.directory.sdk.broker.api.PolicyDecisionLogger Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of server-sdk Show documentation
Show all versions of server-sdk Show documentation
The UnboundID Server SDK is a library that may be used to develop various
types of extensions to Ping Identity server products, including the
Directory Server, Directory Proxy Server, Data Sync Server, Data Metrics
Server, and Data Governance Broker.
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at
* docs/licenses/cddl.txt
* or http://www.opensource.org/licenses/cddl1.php.
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at
* docs/licenses/cddl.txt. If applicable,
* add the following below this CDDL HEADER, with the fields enclosed
* by brackets "[]" replaced with your own identifying information:
* Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*
*
* Portions Copyright 2010-2024 Ping Identity Corporation
*/
package com.unboundid.directory.sdk.broker.api;
import com.unboundid.directory.sdk.broker.internal.BrokerExtension;
import com.unboundid.directory.sdk.broker.config.PolicyDecisionLoggerConfig;
import com.unboundid.directory.sdk.common.internal.ExampleUsageProvider;
import com.unboundid.directory.sdk.common.internal.Reconfigurable;
import com.unboundid.directory.sdk.common.internal.UnboundIDExtension;
import com.unboundid.directory.sdk.broker.types.PolicyMessageType;
import com.unboundid.directory.sdk.common.types.ServerContext;
import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.ldap.sdk.ResultCode;
import com.unboundid.util.Extensible;
import com.unboundid.util.ThreadSafety;
import com.unboundid.util.ThreadSafetyLevel;
import com.unboundid.util.args.ArgumentException;
import com.unboundid.util.args.ArgumentParser;
import java.util.Collections;
import java.util.List;
import java.util.Map;
/**
* This class defines an API that must be implemented by extensions which
* record information about PingAuthorize policy enforcement point
* (PEP) and policy decision point (PDP) activity
*
* Each policy decision logger may be configured to indicate whether to
* include the PDP response or exclude log messages based on their Policy
* Message Type. This is handled automatically by the server, so individual
* policy decision logger implementations do not need to attempt to perform that
* filtering on their own. However, they may perform additional processing
* if desired to further narrow the set of messages that should be logged.
*
* Configuring Policy Decision Loggers
* To configure a policy decision created using this API, use a command
* like:
*
* dsconfig create-log-publisher \
* --publisher-name "{logger-name}" \
* --type third-party-policy-decision \
* --set enabled:true \
* --set "extension-class:{class-name}" \
* --set "extension-argument:{name=value}"
*
* where "{logger-name}" is the name
* to use for the policy decision logger
* instance, "{class-name}" is the fully-qualified name of the Java class
* that extends {@code com.unboundid.directory.sdk.common.api
* .PolicyDecisionLogger},
* and "{name=value}" represents name-value pairs for any arguments to
* provide to the logger. If multiple arguments should be provided to the
* logger, then the "--set extension-argument:{name=value}"
* option should be provided multiple times.
*
*/
@Extensible()
@BrokerExtension()
@ThreadSafety(level= ThreadSafetyLevel.INTERFACE_THREADSAFE)
public abstract class PolicyDecisionLogger implements UnboundIDExtension,
Reconfigurable, ExampleUsageProvider {
/**
* Creates a new instance of this policy decision logger.
* All policy decision logger implementations must include a default
* constructor, but any initialization should generally be done in
* the {@code initializePolicyDecisionLogger} method.
*/
public PolicyDecisionLogger()
{
// No implementation is required.
}
/**
* {@inheritDoc}
*/
public abstract String getExtensionName();
/**
* {@inheritDoc}
*/
public abstract String[] getExtensionDescription();
/**
* {@inheritDoc}
*/
public void defineConfigArguments(final ArgumentParser parser)
throws ArgumentException
{
// No arguments will be allowed by default.
}
/**
* Initializes this policy decision logger.
*
* @param serverContext A handle to the server context for the server in
* which this extension is running.
* @param config The general configuration for
* this policy decision logger.
* @param parser The argument parser which
* has been initialized from the configuration
* for this policy decision logger.
*
* @throws LDAPException If a problem occurs while initializing
* this policy decision logger.
*/
public void initializePolicyDecisionLogger(
final ServerContext serverContext,
final PolicyDecisionLoggerConfig config,
final ArgumentParser parser)
throws LDAPException
{
// No initialization will be performed by default.
}
/**
* {@inheritDoc}
*/
public boolean isConfigurationAcceptable(
final PolicyDecisionLoggerConfig config,
final ArgumentParser parser,
final List unacceptableReasons)
{
// No extended validation will be performed by default.
return true;
}
/**
* {@inheritDoc}
*/
public ResultCode applyConfiguration(
final PolicyDecisionLoggerConfig config,
final ArgumentParser parser,
final List adminActionsRequired,
final List messages)
{
// By default, no configuration changes will be applied.
// If there are any arguments,
// then add an admin action message indicating that the extension
// needs to be restarted for any changes to take effect.
if (! parser.getNamedArguments().isEmpty())
{
adminActionsRequired.add(
"No configuration change has actually been applied." +
" The new configuration will not take effect" +
" until this policy decision logger is disabled" +
" and re-enabled or until the server is restarted.");
}
return ResultCode.SUCCESS;
}
/**
* Performs any cleanup which may be necessary when this
* policy decision logger is to be taken out of service.
*/
public void finalizePolicyDecisionLogger()
{
// No implementation is required.
}
/**
* Logs a message.
*
* @param messageType The {@link PolicyMessageType}.
* This is an indication of what stage in the decision
* processing lifecycle is being logged.
*
* This can be either {@link PolicyMessageType#ADVICE}
* or {@link PolicyMessageType#DECISION}
*
* @param logContext A set of key/value pairs summarizing and providing
* context for the policy decision or advice.
* @param message This is {@code null} when include-pdp-response
* is disabled and for message types that do not record
* a policy decision response
* (like {@link PolicyMessageType#ADVICE}).
*/
public abstract void log(
final PolicyMessageType messageType,
final Map logContext,
final String message);
/**
* {@inheritDoc}
*/
public Map,String> getExamplesArgumentSets()
{
return Collections.emptyMap();
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy