Event callback policies are stored in the domains.json configuration.
The following is a sample event configuration file containing a single event callback configuration named login, which is implemented by the SampleEventHandler class. Event handler classes must implement OpenEdge.Security.STS.IEventProvider.
"events": { "provider" : "login" — references the eventProvider to be called when the group action happens in the domain
"tokenAuthenticate" : true, "tokenExchange" : true — the events that will cause the eventProvider to run the appropriate code
"local" : { "type" : "com.progress.sts.SampleEventHandler", "hash" : "" — this is the event run for the “local” domain when tokenAuthenticate/Exchange happens
The following is a sample event handler class that prints messages to the log file.
SampleEventHandler.cls
using Progress.Lang.*.
using OpenEdge.Security.STS.IEventProvider.
using OpenEdge.Security.Principal.
using Progress.Json.ObjectModel.JsonObject.
block-level on error undo, throw.
class com.progress.sts.SampleEventHandler implements IEventProvider:
method public void RecordEvent( input pcSender as character,
input pcEvent as character,
input poPrincipal as Principal,
input poDomainCtx as JsonObject ):
message "sender:" pcSender skip
"event:" pcEvent skip
"C-P Token" poPrincipal:Token skip
"context:" poDomainCtx.
end method.
end class.
Hash values for events and policies
The “hash” value in the code examples is a security feature to make sure the correct code is being run. If the hash doesn’t match, it may mean the code was replaced, and the code will not run. This protects from someone changing the policy code (and possibly changing the client-principal) or dumping private information in the log file during an event.
Follow these steps to use the “hash” value protection:
1. Compile the code with MD5 hash, for example:
COMPILE SampleLoginPolicy.cls GENERATE-MD5 SAVE.
2. Get the MD5 hash value from the compiled code, for example:
RCODE-INFO:FILE-NAME = "SampleLoginPolicy.r".
DISPLAY RCODE-INFO:MD5-VALUE format "x(44)".
3. Deploy the r-code only to the Authentication Server’s PROPATH