Examples with ScriptedIdentity org.forgerock.openam.scripting.api.ScriptedIdentity used on opensource projects

Example 1 with ScriptedIdentity

use of org.forgerock.openam.scripting.api.ScriptedIdentity in project OpenAM by OpenRock.

the class ScriptIdentityRepository method setAttribute.

/**
     * Sets a particular attribute for a particular user. If the attribute already exists it will be overridden.
     *
     * @param userName       The name of the user
     * @param attributeName  The attribute name to be set
     * @param attributeValues The new value of the attribute
     */
public void setAttribute(String userName, String attributeName, String[] attributeValues) {
    ScriptedIdentity amIdentity = getIdentity(userName);
    if (amIdentity != null) {
        amIdentity.setAttribute(attributeName, attributeValues);
        amIdentity.store();
    }
}

Example 2 with ScriptedIdentity

use of org.forgerock.openam.scripting.api.ScriptedIdentity in project OpenAM by OpenRock.

the class ScriptIdentityRepository method addAttribute.

/**
     * Adds an attribute to the list of values already assigned to the attributeName
     * @param userName The name of the user
     * @param attributeName The attribute name to be added to
     * @param attributeValue The value to be added
     */
public void addAttribute(String userName, String attributeName, String attributeValue) {
    ScriptedIdentity amIdentity = getIdentity(userName);
    if (amIdentity != null) {
        amIdentity.addAttribute(attributeName, attributeValue);
        amIdentity.store();
    }
}

Example 3 with ScriptedIdentity

use of org.forgerock.openam.scripting.api.ScriptedIdentity in project OpenAM by OpenRock.

the class ScriptIdentityRepository method getIdentity.

/**
     * Retrieves the attributes associated with a particular user
     *
     * @param userName The name of the user
     * @return A ScriptedIdentity object containing the attributes for the specified user
     */
private ScriptedIdentity getIdentity(String userName) {
    ScriptedIdentity amIdentity = null;
    IdSearchControl idsc = new IdSearchControl();
    idsc.setAllReturnAttributes(true);
    idsc.setMaxResults(0);
    Set<AMIdentity> results = Collections.emptySet();
    try {
        IdSearchResults searchResults = identityRepository.searchIdentities(IdType.USER, userName, idsc);
        if (searchResults != null) {
            results = searchResults.getSearchResults();
        }
        if (results.isEmpty()) {
            DEBUG.error("ScriptedModule.getIdentity : User " + userName + " is not found");
        } else if (results.size() > 1) {
            DEBUG.error("ScriptedModule.getIdentity : More than one user found for the userName " + userName);
        } else {
            amIdentity = new ScriptedIdentity(results.iterator().next());
        }
    } catch (IdRepoException e) {
        DEBUG.error("ScriptedModule.getIdentity : Error searching Identities with username : " + userName, e);
    } catch (SSOException e) {
        DEBUG.error("ScriptedModule.getIdentity : Module exception : ", e);
    }
    return amIdentity;
}

Example 4 with ScriptedIdentity

use of org.forgerock.openam.scripting.api.ScriptedIdentity in project OpenAM by OpenRock.

the class ScriptCondition method evaluate.

@Override
public ConditionDecision evaluate(String realm, Subject subject, String resourceName, Map<String, Set<String>> environment) throws EntitlementException {
    try {
        ScriptConfiguration configuration = getScriptConfiguration(realm);
        if (configuration == null) {
            throw new EntitlementException(EntitlementException.INVALID_SCRIPT_ID, scriptId);
        }
        ScriptObject script = new ScriptObject(configuration.getName(), configuration.getScript(), configuration.getLanguage());
        Map<String, List<String>> advice = new HashMap<>();
        Map<String, List<String>> responseAttributes = new HashMap<>();
        Bindings scriptVariables = new SimpleBindings();
        scriptVariables.put("logger", PolicyConstants.DEBUG);
        scriptVariables.put("username", SubjectUtils.getPrincipalId(subject));
        scriptVariables.put("resourceURI", resourceName);
        scriptVariables.put("environment", environment);
        scriptVariables.put("advice", advice);
        scriptVariables.put("responseAttributes", responseAttributes);
        scriptVariables.put("httpClient", getHttpClient(configuration.getLanguage()));
        scriptVariables.put("authorized", Boolean.FALSE);
        scriptVariables.put("ttl", Long.MAX_VALUE);
        SSOToken ssoToken = SubjectUtils.getSSOToken(subject);
        if (ssoToken != null) {
            // If a token is present include the corresponding identity and session objects.
            scriptVariables.put("identity", new ScriptedIdentity(coreWrapper.getIdentity(ssoToken)));
            scriptVariables.put("session", new ScriptedSession(ssoToken));
        }
        evaluator.evaluateScript(script, scriptVariables);
        boolean authorized = (Boolean) scriptVariables.get("authorized");
        if (!authorized) {
            return ConditionDecision.newFailureBuilder().setAdvice(transformMap(advice, LIST_TO_SET)).setResponseAttributes(transformMap(responseAttributes, LIST_TO_SET)).build();
        }
        long ttl = ((Number) scriptVariables.get("ttl")).longValue();
        return ConditionDecision.newSuccessBuilder().setResponseAttributes(transformMap(responseAttributes, LIST_TO_SET)).setTimeToLive(ttl).build();
    } catch (ScriptException | javax.script.ScriptException | IdRepoException | SSOException ex) {
        throw new EntitlementException(EntitlementException.CONDITION_EVALUATION_FAILED, ex);
    }
}