use of org.forgerock.openam.scripting.service.ScriptConfiguration in project OpenAM by OpenRock.
the class ScriptConditionTest method missingScriptConfiguration.
@Test(expectedExceptions = EntitlementException.class, expectedExceptionsMessageRegExp = "Script condition is unable to load script 123-456-789.")
public void missingScriptConfiguration() throws ScriptException, EntitlementException {
// Given
Subject subject = new Subject();
subject.getPrincipals().add(new AuthSPrincipal("user"));
Map<String, Set<String>> env = new HashMap<>();
scriptCondition = new ScriptCondition() {
@Override
protected ScriptConfiguration getScriptConfiguration(String realm) throws ScriptException {
return null;
}
};
// When
scriptCondition.setScriptId("123-456-789");
scriptCondition.evaluate("/abc", subject, "http://a:b/c", env);
}
use of org.forgerock.openam.scripting.service.ScriptConfiguration in project OpenAM by OpenRock.
the class OpenAMScopeValidator method getOIDCClaimsExtensionScript.
private ScriptObject getOIDCClaimsExtensionScript(String realm) throws ServerException {
OpenAMSettingsImpl settings = new OpenAMSettingsImpl(OAuth2Constants.OAuth2ProviderService.NAME, OAuth2Constants.OAuth2ProviderService.VERSION);
try {
String scriptId = settings.getStringSetting(realm, OAuth2Constants.OAuth2ProviderService.OIDC_CLAIMS_EXTENSION_SCRIPT);
if (EMPTY_SCRIPT_SELECTION.equals(scriptId)) {
return new ScriptObject("oidc-claims-script", "", SupportedScriptingLanguage.JAVASCRIPT);
}
ScriptConfiguration config = getScriptConfiguration(realm, scriptId);
return new ScriptObject(config.getName(), config.getScript(), config.getLanguage());
} catch (org.forgerock.openam.scripting.ScriptException | SSOException | SMSException e) {
logger.message("Error running OIDC claims script", e);
throw new ServerException("Error running OIDC claims script: " + e.getMessage());
}
}
use of org.forgerock.openam.scripting.service.ScriptConfiguration in project OpenAM by OpenRock.
the class ScriptResourceTest method shouldQueryScriptConfigurationWithPaging.
@Test
public void shouldQueryScriptConfigurationWithPaging() throws ScriptException, ResourceException {
// given
scriptConfigSet.clear();
for (int i = 0; i < 9; i++) {
ScriptConfiguration sc = ScriptConfiguration.builder().generateId().setName("MyJavaScript" + i).setScript(script).setLanguage(JAVASCRIPT).setContext(POLICY_CONDITION).build();
scriptConfigSet.put(sc.getId(), sc);
}
QueryResourceHandler resultHandler = mock(QueryResourceHandler.class);
given(resultHandler.handleResource(any(ResourceResponse.class))).willReturn(true);
QueryRequest queryRequest = mock(QueryRequest.class);
when(queryRequest.getPageSize()).thenReturn(5);
// when
when(queryRequest.getPagedResultsOffset()).thenReturn(0);
scriptResource.queryCollection(context, queryRequest, resultHandler).getOrThrowUninterruptibly();
// then
ArgumentCaptor<ResourceResponse> resources = ArgumentCaptor.forClass(ResourceResponse.class);
verify(resultHandler, times(5)).handleResource(resources.capture());
List<ResourceResponse> responses = resources.getAllValues();
assertThat(responses).isNotNull().hasSize(5);
int count = 0;
for (ResourceResponse resource : responses) {
assertThat(resource.getContent().get(SCRIPT_NAME).asString()).endsWith(String.valueOf(count++));
}
// when
Mockito.reset(resultHandler);
given(resultHandler.handleResource(any(ResourceResponse.class))).willReturn(true);
resources = ArgumentCaptor.forClass(ResourceResponse.class);
when(queryRequest.getPagedResultsOffset()).thenReturn(5);
scriptResource.queryCollection(context, queryRequest, resultHandler).getOrThrowUninterruptibly();
verify(resultHandler, times(4)).handleResource(resources.capture());
// then
responses = resources.getAllValues();
assertThat(responses).isNotNull().hasSize(4);
for (ResourceResponse resource : responses) {
assertThat(resource.getContent().get(SCRIPT_NAME).asString()).endsWith(String.valueOf(count++));
}
}
use of org.forgerock.openam.scripting.service.ScriptConfiguration in project OpenAM by OpenRock.
the class ScriptCondition method evaluate.
@Override
public ConditionDecision evaluate(String realm, Subject subject, String resourceName, Map<String, Set<String>> environment) throws EntitlementException {
try {
ScriptConfiguration configuration = getScriptConfiguration(realm);
if (configuration == null) {
throw new EntitlementException(EntitlementException.INVALID_SCRIPT_ID, scriptId);
}
ScriptObject script = new ScriptObject(configuration.getName(), configuration.getScript(), configuration.getLanguage());
Map<String, List<String>> advice = new HashMap<>();
Map<String, List<String>> responseAttributes = new HashMap<>();
Bindings scriptVariables = new SimpleBindings();
scriptVariables.put("logger", PolicyConstants.DEBUG);
scriptVariables.put("username", SubjectUtils.getPrincipalId(subject));
scriptVariables.put("resourceURI", resourceName);
scriptVariables.put("environment", environment);
scriptVariables.put("advice", advice);
scriptVariables.put("responseAttributes", responseAttributes);
scriptVariables.put("httpClient", getHttpClient(configuration.getLanguage()));
scriptVariables.put("authorized", Boolean.FALSE);
scriptVariables.put("ttl", Long.MAX_VALUE);
SSOToken ssoToken = SubjectUtils.getSSOToken(subject);
if (ssoToken != null) {
// If a token is present include the corresponding identity and session objects.
scriptVariables.put("identity", new ScriptedIdentity(coreWrapper.getIdentity(ssoToken)));
scriptVariables.put("session", new ScriptedSession(ssoToken));
}
evaluator.evaluateScript(script, scriptVariables);
boolean authorized = (Boolean) scriptVariables.get("authorized");
if (!authorized) {
return ConditionDecision.newFailureBuilder().setAdvice(transformMap(advice, LIST_TO_SET)).setResponseAttributes(transformMap(responseAttributes, LIST_TO_SET)).build();
}
long ttl = ((Number) scriptVariables.get("ttl")).longValue();
return ConditionDecision.newSuccessBuilder().setResponseAttributes(transformMap(responseAttributes, LIST_TO_SET)).setTimeToLive(ttl).build();
} catch (ScriptException | javax.script.ScriptException | IdRepoException | SSOException ex) {
throw new EntitlementException(EntitlementException.CONDITION_EVALUATION_FAILED, ex);
}
}
use of org.forgerock.openam.scripting.service.ScriptConfiguration in project OpenAM by OpenRock.
the class ScriptConfigurationDataStore method delete.
@Override
public void delete(String uuid) throws ScriptException {
ScriptConfiguration scriptConfig = get(uuid);
if (containsGlobalUuid(uuid) || isDefaultScript(scriptConfig)) {
throw new ScriptException(DELETING_DEFAULT_SCRIPT, scriptConfig.getName());
}
int usageCount = getUsageCount(scriptConfig);
if (usageCount > 0) {
ScriptContext scriptContext = scriptConfig.getContext();
if (usageCount == 1) {
throw new ScriptException(DELETING_SCRIPT_IN_USE_SINGULAR, scriptConfig.getName());
}
throw new ScriptException(DELETING_SCRIPT_IN_USE_PLURAL, scriptConfig.getName(), Integer.toString(usageCount));
}
try {
getSubOrgConfig().removeSubConfig(uuid);
} catch (SSOException | SMSException e) {
throw createAndLogError(logger, DELETE_FAILED, e, uuid, realm);
}
}
Aggregations