Examples with ScriptConfiguration org.forgerock.openam.scripting.service.ScriptConfiguration used on opensource projects

Search in sources :

Example 6 with ScriptConfiguration

use of org.forgerock.openam.scripting.service.ScriptConfiguration in project OpenAM by OpenRock.

the class ScriptConditionTest method missingScriptConfiguration.

@Test(expectedExceptions = EntitlementException.class, expectedExceptionsMessageRegExp = "Script condition is unable to load script 123-456-789.")
public void missingScriptConfiguration() throws ScriptException, EntitlementException {
    // Given
    Subject subject = new Subject();
    subject.getPrincipals().add(new AuthSPrincipal("user"));
    Map<String, Set<String>> env = new HashMap<>();
    scriptCondition = new ScriptCondition() {

        @Override
        protected ScriptConfiguration getScriptConfiguration(String realm) throws ScriptException {
            return null;
        }
    };
    // When
    scriptCondition.setScriptId("123-456-789");
    scriptCondition.evaluate("/abc", subject, "http://a:b/c", env);
}
Also used : ScriptException(org.forgerock.openam.scripting.ScriptException) Set(java.util.Set) HashMap(java.util.HashMap) AuthSPrincipal(com.sun.identity.rest.AuthSPrincipal) ScriptConfiguration(org.forgerock.openam.scripting.service.ScriptConfiguration) Subject(javax.security.auth.Subject) Test(org.testng.annotations.Test)

Example 7 with ScriptConfiguration

use of org.forgerock.openam.scripting.service.ScriptConfiguration in project OpenAM by OpenRock.

the class OpenAMScopeValidator method getOIDCClaimsExtensionScript.

private ScriptObject getOIDCClaimsExtensionScript(String realm) throws ServerException {
    OpenAMSettingsImpl settings = new OpenAMSettingsImpl(OAuth2Constants.OAuth2ProviderService.NAME, OAuth2Constants.OAuth2ProviderService.VERSION);
    try {
        String scriptId = settings.getStringSetting(realm, OAuth2Constants.OAuth2ProviderService.OIDC_CLAIMS_EXTENSION_SCRIPT);
        if (EMPTY_SCRIPT_SELECTION.equals(scriptId)) {
            return new ScriptObject("oidc-claims-script", "", SupportedScriptingLanguage.JAVASCRIPT);
        }
        ScriptConfiguration config = getScriptConfiguration(realm, scriptId);
        return new ScriptObject(config.getName(), config.getScript(), config.getLanguage());
    } catch (org.forgerock.openam.scripting.ScriptException | SSOException | SMSException e) {
        logger.message("Error running OIDC claims script", e);
        throw new ServerException("Error running OIDC claims script: " + e.getMessage());
    }
}
Also used : ScriptObject(org.forgerock.openam.scripting.ScriptObject) ScriptException(javax.script.ScriptException) ServerException(org.forgerock.oauth2.core.exceptions.ServerException) SMSException(com.sun.identity.sm.SMSException) OpenAMSettingsImpl(org.forgerock.openam.utils.OpenAMSettingsImpl) ScriptConfiguration(org.forgerock.openam.scripting.service.ScriptConfiguration) SSOException(com.iplanet.sso.SSOException)

Example 8 with ScriptConfiguration

use of org.forgerock.openam.scripting.service.ScriptConfiguration in project OpenAM by OpenRock.

the class ScriptResourceTest method shouldQueryScriptConfigurationWithPaging.

@Test
public void shouldQueryScriptConfigurationWithPaging() throws ScriptException, ResourceException {
    // given
    scriptConfigSet.clear();
    for (int i = 0; i < 9; i++) {
        ScriptConfiguration sc = ScriptConfiguration.builder().generateId().setName("MyJavaScript" + i).setScript(script).setLanguage(JAVASCRIPT).setContext(POLICY_CONDITION).build();
        scriptConfigSet.put(sc.getId(), sc);
    }
    QueryResourceHandler resultHandler = mock(QueryResourceHandler.class);
    given(resultHandler.handleResource(any(ResourceResponse.class))).willReturn(true);
    QueryRequest queryRequest = mock(QueryRequest.class);
    when(queryRequest.getPageSize()).thenReturn(5);
    // when
    when(queryRequest.getPagedResultsOffset()).thenReturn(0);
    scriptResource.queryCollection(context, queryRequest, resultHandler).getOrThrowUninterruptibly();
    // then
    ArgumentCaptor<ResourceResponse> resources = ArgumentCaptor.forClass(ResourceResponse.class);
    verify(resultHandler, times(5)).handleResource(resources.capture());
    List<ResourceResponse> responses = resources.getAllValues();
    assertThat(responses).isNotNull().hasSize(5);
    int count = 0;
    for (ResourceResponse resource : responses) {
        assertThat(resource.getContent().get(SCRIPT_NAME).asString()).endsWith(String.valueOf(count++));
    }
    // when
    Mockito.reset(resultHandler);
    given(resultHandler.handleResource(any(ResourceResponse.class))).willReturn(true);
    resources = ArgumentCaptor.forClass(ResourceResponse.class);
    when(queryRequest.getPagedResultsOffset()).thenReturn(5);
    scriptResource.queryCollection(context, queryRequest, resultHandler).getOrThrowUninterruptibly();
    verify(resultHandler, times(4)).handleResource(resources.capture());
    // then
    responses = resources.getAllValues();
    assertThat(responses).isNotNull().hasSize(4);
    for (ResourceResponse resource : responses) {
        assertThat(resource.getContent().get(SCRIPT_NAME).asString()).endsWith(String.valueOf(count++));
    }
}
Also used : ResourceResponse(org.forgerock.json.resource.ResourceResponse) QueryRequest(org.forgerock.json.resource.QueryRequest) ScriptConfiguration(org.forgerock.openam.scripting.service.ScriptConfiguration) QueryResourceHandler(org.forgerock.json.resource.QueryResourceHandler) Test(org.testng.annotations.Test)

Example 9 with ScriptConfiguration

use of org.forgerock.openam.scripting.service.ScriptConfiguration in project OpenAM by OpenRock.

the class ScriptCondition method evaluate.

@Override
public ConditionDecision evaluate(String realm, Subject subject, String resourceName, Map<String, Set<String>> environment) throws EntitlementException {
    try {
        ScriptConfiguration configuration = getScriptConfiguration(realm);
        if (configuration == null) {
            throw new EntitlementException(EntitlementException.INVALID_SCRIPT_ID, scriptId);
        }
        ScriptObject script = new ScriptObject(configuration.getName(), configuration.getScript(), configuration.getLanguage());
        Map<String, List<String>> advice = new HashMap<>();
        Map<String, List<String>> responseAttributes = new HashMap<>();
        Bindings scriptVariables = new SimpleBindings();
        scriptVariables.put("logger", PolicyConstants.DEBUG);
        scriptVariables.put("username", SubjectUtils.getPrincipalId(subject));
        scriptVariables.put("resourceURI", resourceName);
        scriptVariables.put("environment", environment);
        scriptVariables.put("advice", advice);
        scriptVariables.put("responseAttributes", responseAttributes);
        scriptVariables.put("httpClient", getHttpClient(configuration.getLanguage()));
        scriptVariables.put("authorized", Boolean.FALSE);
        scriptVariables.put("ttl", Long.MAX_VALUE);
        SSOToken ssoToken = SubjectUtils.getSSOToken(subject);
        if (ssoToken != null) {
            // If a token is present include the corresponding identity and session objects.
            scriptVariables.put("identity", new ScriptedIdentity(coreWrapper.getIdentity(ssoToken)));
            scriptVariables.put("session", new ScriptedSession(ssoToken));
        }
        evaluator.evaluateScript(script, scriptVariables);
        boolean authorized = (Boolean) scriptVariables.get("authorized");
        if (!authorized) {
            return ConditionDecision.newFailureBuilder().setAdvice(transformMap(advice, LIST_TO_SET)).setResponseAttributes(transformMap(responseAttributes, LIST_TO_SET)).build();
        }
        long ttl = ((Number) scriptVariables.get("ttl")).longValue();
        return ConditionDecision.newSuccessBuilder().setResponseAttributes(transformMap(responseAttributes, LIST_TO_SET)).setTimeToLive(ttl).build();
    } catch (ScriptException | javax.script.ScriptException | IdRepoException | SSOException ex) {
        throw new EntitlementException(EntitlementException.CONDITION_EVALUATION_FAILED, ex);
    }
}
Also used : ScriptObject(org.forgerock.openam.scripting.ScriptObject) SSOToken(com.iplanet.sso.SSOToken) HashMap(java.util.HashMap) IdRepoException(com.sun.identity.idm.IdRepoException) SSOException(com.iplanet.sso.SSOException) Bindings(javax.script.Bindings) SimpleBindings(javax.script.SimpleBindings) EntitlementException(com.sun.identity.entitlement.EntitlementException) ScriptException(org.forgerock.openam.scripting.ScriptException) SimpleBindings(javax.script.SimpleBindings) ScriptConfiguration(org.forgerock.openam.scripting.service.ScriptConfiguration) List(java.util.List) ScriptedSession(org.forgerock.openam.scripting.api.ScriptedSession) ScriptedIdentity(org.forgerock.openam.scripting.api.ScriptedIdentity)

Example 10 with ScriptConfiguration

use of org.forgerock.openam.scripting.service.ScriptConfiguration in project OpenAM by OpenRock.

the class ScriptConfigurationDataStore method delete.

@Override
public void delete(String uuid) throws ScriptException {
    ScriptConfiguration scriptConfig = get(uuid);
    if (containsGlobalUuid(uuid) || isDefaultScript(scriptConfig)) {
        throw new ScriptException(DELETING_DEFAULT_SCRIPT, scriptConfig.getName());
    }
    int usageCount = getUsageCount(scriptConfig);
    if (usageCount > 0) {
        ScriptContext scriptContext = scriptConfig.getContext();
        if (usageCount == 1) {
            throw new ScriptException(DELETING_SCRIPT_IN_USE_SINGULAR, scriptConfig.getName());
        }
        throw new ScriptException(DELETING_SCRIPT_IN_USE_PLURAL, scriptConfig.getName(), Integer.toString(usageCount));
    }
    try {
        getSubOrgConfig().removeSubConfig(uuid);
    } catch (SSOException | SMSException e) {
        throw createAndLogError(logger, DELETE_FAILED, e, uuid, realm);
    }
}
Also used : ScriptException(org.forgerock.openam.scripting.ScriptException) SMSException(com.sun.identity.sm.SMSException) ScriptConfiguration(org.forgerock.openam.scripting.service.ScriptConfiguration) SSOException(com.iplanet.sso.SSOException)

Aggregations

ScriptConfiguration (org.forgerock.openam.scripting.service.ScriptConfiguration)11 ScriptException (org.forgerock.openam.scripting.ScriptException)7 SSOException (com.iplanet.sso.SSOException)5 SMSException (com.sun.identity.sm.SMSException)4 ScriptObject (org.forgerock.openam.scripting.ScriptObject)4 Test (org.testng.annotations.Test)4 HashMap (java.util.HashMap)3 Bindings (javax.script.Bindings)3 SSOToken (com.iplanet.sso.SSOToken)2 AuthSPrincipal (com.sun.identity.rest.AuthSPrincipal)2 ServiceConfig (com.sun.identity.sm.ServiceConfig)2 LinkedHashSet (java.util.LinkedHashSet)2 Set (java.util.Set)2 SimpleBindings (javax.script.SimpleBindings)2 Subject (javax.security.auth.Subject)2 ResourceResponse (org.forgerock.json.resource.ResourceResponse)2 ConditionDecision (com.sun.identity.entitlement.ConditionDecision)1 EntitlementException (com.sun.identity.entitlement.EntitlementException)1 AMIdentity (com.sun.identity.idm.AMIdentity)1 IdRepoException (com.sun.identity.idm.IdRepoException)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial