Example 1 with ScriptedSession
use of org.forgerock.openam.scripting.api.ScriptedSession in project OpenAM by OpenRock.
the class ScriptCondition method evaluate.
@Override
public ConditionDecision evaluate(String realm, Subject subject, String resourceName, Map<String, Set<String>> environment) throws EntitlementException {
try {
ScriptConfiguration configuration = getScriptConfiguration(realm);
if (configuration == null) {
throw new EntitlementException(EntitlementException.INVALID_SCRIPT_ID, scriptId);
}
ScriptObject script = new ScriptObject(configuration.getName(), configuration.getScript(), configuration.getLanguage());
Map<String, List<String>> advice = new HashMap<>();
Map<String, List<String>> responseAttributes = new HashMap<>();
Bindings scriptVariables = new SimpleBindings();
scriptVariables.put("logger", PolicyConstants.DEBUG);
scriptVariables.put("username", SubjectUtils.getPrincipalId(subject));
scriptVariables.put("resourceURI", resourceName);
scriptVariables.put("environment", environment);
scriptVariables.put("advice", advice);
scriptVariables.put("responseAttributes", responseAttributes);
scriptVariables.put("httpClient", getHttpClient(configuration.getLanguage()));
scriptVariables.put("authorized", Boolean.FALSE);
scriptVariables.put("ttl", Long.MAX_VALUE);
SSOToken ssoToken = SubjectUtils.getSSOToken(subject);
if (ssoToken != null) {
// If a token is present include the corresponding identity and session objects.
scriptVariables.put("identity", new ScriptedIdentity(coreWrapper.getIdentity(ssoToken)));
scriptVariables.put("session", new ScriptedSession(ssoToken));
}
evaluator.evaluateScript(script, scriptVariables);
boolean authorized = (Boolean) scriptVariables.get("authorized");
if (!authorized) {
return ConditionDecision.newFailureBuilder().setAdvice(transformMap(advice, LIST_TO_SET)).setResponseAttributes(transformMap(responseAttributes, LIST_TO_SET)).build();
}
long ttl = ((Number) scriptVariables.get("ttl")).longValue();
return ConditionDecision.newSuccessBuilder().setResponseAttributes(transformMap(responseAttributes, LIST_TO_SET)).setTimeToLive(ttl).build();
} catch (ScriptException | javax.script.ScriptException | IdRepoException | SSOException ex) {
throw new EntitlementException(EntitlementException.CONDITION_EVALUATION_FAILED, ex);
}
}
Also used :
ScriptObject(org.forgerock.openam.scripting.ScriptObject)
SSOToken(com.iplanet.sso.SSOToken)
HashMap(java.util.HashMap)
IdRepoException(com.sun.identity.idm.IdRepoException)
SSOException(com.iplanet.sso.SSOException)
Bindings(javax.script.Bindings)
SimpleBindings(javax.script.SimpleBindings)
EntitlementException(com.sun.identity.entitlement.EntitlementException)
ScriptException(org.forgerock.openam.scripting.ScriptException)
SimpleBindings(javax.script.SimpleBindings)
ScriptConfiguration(org.forgerock.openam.scripting.service.ScriptConfiguration)
List(java.util.List)
ScriptedSession(org.forgerock.openam.scripting.api.ScriptedSession)
ScriptedIdentity(org.forgerock.openam.scripting.api.ScriptedIdentity)
Aggregations
SSOException (com.iplanet.sso.SSOException)1
SSOToken (com.iplanet.sso.SSOToken)1
EntitlementException (com.sun.identity.entitlement.EntitlementException)1
IdRepoException (com.sun.identity.idm.IdRepoException)1
HashMap (java.util.HashMap)1
List (java.util.List)1
Bindings (javax.script.Bindings)1
SimpleBindings (javax.script.SimpleBindings)1
ScriptException (org.forgerock.openam.scripting.ScriptException)1
ScriptObject (org.forgerock.openam.scripting.ScriptObject)1
ScriptedIdentity (org.forgerock.openam.scripting.api.ScriptedIdentity)1
ScriptedSession (org.forgerock.openam.scripting.api.ScriptedSession)1
ScriptConfiguration (org.forgerock.openam.scripting.service.ScriptConfiguration)1
