Examples with GroovySandboxFilter - eu.bcvsolutions.idm.core.security.domain.GroovySandboxFilter

Example 1 with GroovySandboxFilter

use of eu.bcvsolutions.idm.core.security.domain.GroovySandboxFilter in project CzechIdMng by bcvsolutions.

the class DefaultGroovyScriptService method evaluate.

@Override
public Object evaluate(String script, Map<String, Object> variables, List<Class<?>> extraAllowedClasses) {
    Assert.notNull(script);
    Binding binding = new Binding(variables);
    Set<Class<?>> allowedVariableClass = resolveCustomAllowTypes(variables);
    if (extraAllowedClasses != null) {
        allowedVariableClass.addAll(extraAllowedClasses);
    }
    GroovySandboxFilter sandboxFilter = null;
    // 
    try {
        // if groovy filter exist add extraAllowedClasses, into this filter, otherwise create new
        if (!GroovyInterceptor.getApplicableInterceptors().isEmpty()) {
            // exists only one goovy filter
            sandboxFilter = (GroovySandboxFilter) GroovyInterceptor.getApplicableInterceptors().get(0);
            sandboxFilter.addCustomTypes(allowedVariableClass);
        } else {
            sandboxFilter = new GroovySandboxFilter(allowedVariableClass);
            sandboxFilter.register();
        }
        // Get script and fill it with variables
        Script scriptObj = scriptCache.getScript(script);
        // Scripts aren't thread safe
        synchronized (scriptObj) {
            scriptObj.setBinding(binding);
            return scriptObj.run();
        }
    } catch (SecurityException | IdmSecurityException ex) {
        LOG.error("SecurityException [{}]", ex.getLocalizedMessage());
        if (ex instanceof IdmSecurityException) {
            throw ex;
        }
        throw new IdmSecurityException(CoreResultCode.GROOVY_SCRIPT_SECURITY_VALIDATION, ImmutableMap.of("message", ex.getLocalizedMessage()), ex);
    } catch (Exception e) {
        LOG.error("Exception [{}]", e.getLocalizedMessage());
        if (e instanceof ResultCodeException) {
            throw e;
        }
        throw new ResultCodeException(CoreResultCode.GROOVY_SCRIPT_EXCEPTION, ImmutableMap.of("message", e.getLocalizedMessage() != null ? e.getLocalizedMessage() : e.toString()), e);
    } finally {
        // otherwise unregister all filter.
        if (sandboxFilter != null) {
            if (sandboxFilter.isCustomTypesLast()) {
                sandboxFilter.unregister();
            } else {
                sandboxFilter.removeLastCustomTypes();
            }
        }
    }
}

Also used : Binding(groovy.lang.Binding) Script(groovy.lang.Script) GroovySandboxFilter(eu.bcvsolutions.idm.core.security.domain.GroovySandboxFilter) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) IdmSecurityException(eu.bcvsolutions.idm.core.security.exception.IdmSecurityException) IdmSecurityException(eu.bcvsolutions.idm.core.security.exception.IdmSecurityException) MultipleCompilationErrorsException(org.codehaus.groovy.control.MultipleCompilationErrorsException) IdmSecurityException(eu.bcvsolutions.idm.core.security.exception.IdmSecurityException) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) CompilationFailedException(org.codehaus.groovy.control.CompilationFailedException) SyntaxException(org.codehaus.groovy.syntax.SyntaxException)

Aggregations

ResultCodeException (eu.bcvsolutions.idm.core.api.exception.ResultCodeException)1 GroovySandboxFilter (eu.bcvsolutions.idm.core.security.domain.GroovySandboxFilter)1 IdmSecurityException (eu.bcvsolutions.idm.core.security.exception.IdmSecurityException)1 Binding (groovy.lang.Binding)1 Script (groovy.lang.Script)1 CompilationFailedException (org.codehaus.groovy.control.CompilationFailedException)1 MultipleCompilationErrorsException (org.codehaus.groovy.control.MultipleCompilationErrorsException)1 SyntaxException (org.codehaus.groovy.syntax.SyntaxException)1