use of org.forgerock.openam.scripting.api.ScriptedSession in project OpenAM by OpenRock.
the class ScriptCondition method evaluate.
@Override
public ConditionDecision evaluate(String realm, Subject subject, String resourceName, Map<String, Set<String>> environment) throws EntitlementException {
try {
ScriptConfiguration configuration = getScriptConfiguration(realm);
if (configuration == null) {
throw new EntitlementException(EntitlementException.INVALID_SCRIPT_ID, scriptId);
}
ScriptObject script = new ScriptObject(configuration.getName(), configuration.getScript(), configuration.getLanguage());
Map<String, List<String>> advice = new HashMap<>();
Map<String, List<String>> responseAttributes = new HashMap<>();
Bindings scriptVariables = new SimpleBindings();
scriptVariables.put("logger", PolicyConstants.DEBUG);
scriptVariables.put("username", SubjectUtils.getPrincipalId(subject));
scriptVariables.put("resourceURI", resourceName);
scriptVariables.put("environment", environment);
scriptVariables.put("advice", advice);
scriptVariables.put("responseAttributes", responseAttributes);
scriptVariables.put("httpClient", getHttpClient(configuration.getLanguage()));
scriptVariables.put("authorized", Boolean.FALSE);
scriptVariables.put("ttl", Long.MAX_VALUE);
SSOToken ssoToken = SubjectUtils.getSSOToken(subject);
if (ssoToken != null) {
// If a token is present include the corresponding identity and session objects.
scriptVariables.put("identity", new ScriptedIdentity(coreWrapper.getIdentity(ssoToken)));
scriptVariables.put("session", new ScriptedSession(ssoToken));
}
evaluator.evaluateScript(script, scriptVariables);
boolean authorized = (Boolean) scriptVariables.get("authorized");
if (!authorized) {
return ConditionDecision.newFailureBuilder().setAdvice(transformMap(advice, LIST_TO_SET)).setResponseAttributes(transformMap(responseAttributes, LIST_TO_SET)).build();
}
long ttl = ((Number) scriptVariables.get("ttl")).longValue();
return ConditionDecision.newSuccessBuilder().setResponseAttributes(transformMap(responseAttributes, LIST_TO_SET)).setTimeToLive(ttl).build();
} catch (ScriptException | javax.script.ScriptException | IdRepoException | SSOException ex) {
throw new EntitlementException(EntitlementException.CONDITION_EVALUATION_FAILED, ex);
}
}
Aggregations