Search in sources :

Example 1 with ScriptedSession

use of org.forgerock.openam.scripting.api.ScriptedSession in project OpenAM by OpenRock.

the class ScriptCondition method evaluate.

@Override
public ConditionDecision evaluate(String realm, Subject subject, String resourceName, Map<String, Set<String>> environment) throws EntitlementException {
    try {
        ScriptConfiguration configuration = getScriptConfiguration(realm);
        if (configuration == null) {
            throw new EntitlementException(EntitlementException.INVALID_SCRIPT_ID, scriptId);
        }
        ScriptObject script = new ScriptObject(configuration.getName(), configuration.getScript(), configuration.getLanguage());
        Map<String, List<String>> advice = new HashMap<>();
        Map<String, List<String>> responseAttributes = new HashMap<>();
        Bindings scriptVariables = new SimpleBindings();
        scriptVariables.put("logger", PolicyConstants.DEBUG);
        scriptVariables.put("username", SubjectUtils.getPrincipalId(subject));
        scriptVariables.put("resourceURI", resourceName);
        scriptVariables.put("environment", environment);
        scriptVariables.put("advice", advice);
        scriptVariables.put("responseAttributes", responseAttributes);
        scriptVariables.put("httpClient", getHttpClient(configuration.getLanguage()));
        scriptVariables.put("authorized", Boolean.FALSE);
        scriptVariables.put("ttl", Long.MAX_VALUE);
        SSOToken ssoToken = SubjectUtils.getSSOToken(subject);
        if (ssoToken != null) {
            // If a token is present include the corresponding identity and session objects.
            scriptVariables.put("identity", new ScriptedIdentity(coreWrapper.getIdentity(ssoToken)));
            scriptVariables.put("session", new ScriptedSession(ssoToken));
        }
        evaluator.evaluateScript(script, scriptVariables);
        boolean authorized = (Boolean) scriptVariables.get("authorized");
        if (!authorized) {
            return ConditionDecision.newFailureBuilder().setAdvice(transformMap(advice, LIST_TO_SET)).setResponseAttributes(transformMap(responseAttributes, LIST_TO_SET)).build();
        }
        long ttl = ((Number) scriptVariables.get("ttl")).longValue();
        return ConditionDecision.newSuccessBuilder().setResponseAttributes(transformMap(responseAttributes, LIST_TO_SET)).setTimeToLive(ttl).build();
    } catch (ScriptException | javax.script.ScriptException | IdRepoException | SSOException ex) {
        throw new EntitlementException(EntitlementException.CONDITION_EVALUATION_FAILED, ex);
    }
}
Also used : ScriptObject(org.forgerock.openam.scripting.ScriptObject) SSOToken(com.iplanet.sso.SSOToken) HashMap(java.util.HashMap) IdRepoException(com.sun.identity.idm.IdRepoException) SSOException(com.iplanet.sso.SSOException) Bindings(javax.script.Bindings) SimpleBindings(javax.script.SimpleBindings) EntitlementException(com.sun.identity.entitlement.EntitlementException) ScriptException(org.forgerock.openam.scripting.ScriptException) SimpleBindings(javax.script.SimpleBindings) ScriptConfiguration(org.forgerock.openam.scripting.service.ScriptConfiguration) List(java.util.List) ScriptedSession(org.forgerock.openam.scripting.api.ScriptedSession) ScriptedIdentity(org.forgerock.openam.scripting.api.ScriptedIdentity)

Aggregations

SSOException (com.iplanet.sso.SSOException)1 SSOToken (com.iplanet.sso.SSOToken)1 EntitlementException (com.sun.identity.entitlement.EntitlementException)1 IdRepoException (com.sun.identity.idm.IdRepoException)1 HashMap (java.util.HashMap)1 List (java.util.List)1 Bindings (javax.script.Bindings)1 SimpleBindings (javax.script.SimpleBindings)1 ScriptException (org.forgerock.openam.scripting.ScriptException)1 ScriptObject (org.forgerock.openam.scripting.ScriptObject)1 ScriptedIdentity (org.forgerock.openam.scripting.api.ScriptedIdentity)1 ScriptedSession (org.forgerock.openam.scripting.api.ScriptedSession)1 ScriptConfiguration (org.forgerock.openam.scripting.service.ScriptConfiguration)1