Search in sources :

Example 6 with ScriptConfiguration

use of org.forgerock.openam.scripting.service.ScriptConfiguration in project OpenAM by OpenRock.

the class ScriptConditionTest method missingScriptConfiguration.

@Test(expectedExceptions = EntitlementException.class, expectedExceptionsMessageRegExp = "Script condition is unable to load script 123-456-789.")
public void missingScriptConfiguration() throws ScriptException, EntitlementException {
    // Given
    Subject subject = new Subject();
    subject.getPrincipals().add(new AuthSPrincipal("user"));
    Map<String, Set<String>> env = new HashMap<>();
    scriptCondition = new ScriptCondition() {

        @Override
        protected ScriptConfiguration getScriptConfiguration(String realm) throws ScriptException {
            return null;
        }
    };
    // When
    scriptCondition.setScriptId("123-456-789");
    scriptCondition.evaluate("/abc", subject, "http://a:b/c", env);
}
Also used : ScriptException(org.forgerock.openam.scripting.ScriptException) Set(java.util.Set) HashMap(java.util.HashMap) AuthSPrincipal(com.sun.identity.rest.AuthSPrincipal) ScriptConfiguration(org.forgerock.openam.scripting.service.ScriptConfiguration) Subject(javax.security.auth.Subject) Test(org.testng.annotations.Test)

Example 7 with ScriptConfiguration

use of org.forgerock.openam.scripting.service.ScriptConfiguration in project OpenAM by OpenRock.

the class OpenAMScopeValidator method getOIDCClaimsExtensionScript.

private ScriptObject getOIDCClaimsExtensionScript(String realm) throws ServerException {
    OpenAMSettingsImpl settings = new OpenAMSettingsImpl(OAuth2Constants.OAuth2ProviderService.NAME, OAuth2Constants.OAuth2ProviderService.VERSION);
    try {
        String scriptId = settings.getStringSetting(realm, OAuth2Constants.OAuth2ProviderService.OIDC_CLAIMS_EXTENSION_SCRIPT);
        if (EMPTY_SCRIPT_SELECTION.equals(scriptId)) {
            return new ScriptObject("oidc-claims-script", "", SupportedScriptingLanguage.JAVASCRIPT);
        }
        ScriptConfiguration config = getScriptConfiguration(realm, scriptId);
        return new ScriptObject(config.getName(), config.getScript(), config.getLanguage());
    } catch (org.forgerock.openam.scripting.ScriptException | SSOException | SMSException e) {
        logger.message("Error running OIDC claims script", e);
        throw new ServerException("Error running OIDC claims script: " + e.getMessage());
    }
}
Also used : ScriptObject(org.forgerock.openam.scripting.ScriptObject) ScriptException(javax.script.ScriptException) ServerException(org.forgerock.oauth2.core.exceptions.ServerException) SMSException(com.sun.identity.sm.SMSException) OpenAMSettingsImpl(org.forgerock.openam.utils.OpenAMSettingsImpl) ScriptConfiguration(org.forgerock.openam.scripting.service.ScriptConfiguration) SSOException(com.iplanet.sso.SSOException)

Example 8 with ScriptConfiguration

use of org.forgerock.openam.scripting.service.ScriptConfiguration in project OpenAM by OpenRock.

the class ScriptResourceTest method shouldQueryScriptConfigurationWithPaging.

@Test
public void shouldQueryScriptConfigurationWithPaging() throws ScriptException, ResourceException {
    // given
    scriptConfigSet.clear();
    for (int i = 0; i < 9; i++) {
        ScriptConfiguration sc = ScriptConfiguration.builder().generateId().setName("MyJavaScript" + i).setScript(script).setLanguage(JAVASCRIPT).setContext(POLICY_CONDITION).build();
        scriptConfigSet.put(sc.getId(), sc);
    }
    QueryResourceHandler resultHandler = mock(QueryResourceHandler.class);
    given(resultHandler.handleResource(any(ResourceResponse.class))).willReturn(true);
    QueryRequest queryRequest = mock(QueryRequest.class);
    when(queryRequest.getPageSize()).thenReturn(5);
    // when
    when(queryRequest.getPagedResultsOffset()).thenReturn(0);
    scriptResource.queryCollection(context, queryRequest, resultHandler).getOrThrowUninterruptibly();
    // then
    ArgumentCaptor<ResourceResponse> resources = ArgumentCaptor.forClass(ResourceResponse.class);
    verify(resultHandler, times(5)).handleResource(resources.capture());
    List<ResourceResponse> responses = resources.getAllValues();
    assertThat(responses).isNotNull().hasSize(5);
    int count = 0;
    for (ResourceResponse resource : responses) {
        assertThat(resource.getContent().get(SCRIPT_NAME).asString()).endsWith(String.valueOf(count++));
    }
    // when
    Mockito.reset(resultHandler);
    given(resultHandler.handleResource(any(ResourceResponse.class))).willReturn(true);
    resources = ArgumentCaptor.forClass(ResourceResponse.class);
    when(queryRequest.getPagedResultsOffset()).thenReturn(5);
    scriptResource.queryCollection(context, queryRequest, resultHandler).getOrThrowUninterruptibly();
    verify(resultHandler, times(4)).handleResource(resources.capture());
    // then
    responses = resources.getAllValues();
    assertThat(responses).isNotNull().hasSize(4);
    for (ResourceResponse resource : responses) {
        assertThat(resource.getContent().get(SCRIPT_NAME).asString()).endsWith(String.valueOf(count++));
    }
}
Also used : ResourceResponse(org.forgerock.json.resource.ResourceResponse) QueryRequest(org.forgerock.json.resource.QueryRequest) ScriptConfiguration(org.forgerock.openam.scripting.service.ScriptConfiguration) QueryResourceHandler(org.forgerock.json.resource.QueryResourceHandler) Test(org.testng.annotations.Test)

Example 9 with ScriptConfiguration

use of org.forgerock.openam.scripting.service.ScriptConfiguration in project OpenAM by OpenRock.

the class ScriptCondition method evaluate.

@Override
public ConditionDecision evaluate(String realm, Subject subject, String resourceName, Map<String, Set<String>> environment) throws EntitlementException {
    try {
        ScriptConfiguration configuration = getScriptConfiguration(realm);
        if (configuration == null) {
            throw new EntitlementException(EntitlementException.INVALID_SCRIPT_ID, scriptId);
        }
        ScriptObject script = new ScriptObject(configuration.getName(), configuration.getScript(), configuration.getLanguage());
        Map<String, List<String>> advice = new HashMap<>();
        Map<String, List<String>> responseAttributes = new HashMap<>();
        Bindings scriptVariables = new SimpleBindings();
        scriptVariables.put("logger", PolicyConstants.DEBUG);
        scriptVariables.put("username", SubjectUtils.getPrincipalId(subject));
        scriptVariables.put("resourceURI", resourceName);
        scriptVariables.put("environment", environment);
        scriptVariables.put("advice", advice);
        scriptVariables.put("responseAttributes", responseAttributes);
        scriptVariables.put("httpClient", getHttpClient(configuration.getLanguage()));
        scriptVariables.put("authorized", Boolean.FALSE);
        scriptVariables.put("ttl", Long.MAX_VALUE);
        SSOToken ssoToken = SubjectUtils.getSSOToken(subject);
        if (ssoToken != null) {
            // If a token is present include the corresponding identity and session objects.
            scriptVariables.put("identity", new ScriptedIdentity(coreWrapper.getIdentity(ssoToken)));
            scriptVariables.put("session", new ScriptedSession(ssoToken));
        }
        evaluator.evaluateScript(script, scriptVariables);
        boolean authorized = (Boolean) scriptVariables.get("authorized");
        if (!authorized) {
            return ConditionDecision.newFailureBuilder().setAdvice(transformMap(advice, LIST_TO_SET)).setResponseAttributes(transformMap(responseAttributes, LIST_TO_SET)).build();
        }
        long ttl = ((Number) scriptVariables.get("ttl")).longValue();
        return ConditionDecision.newSuccessBuilder().setResponseAttributes(transformMap(responseAttributes, LIST_TO_SET)).setTimeToLive(ttl).build();
    } catch (ScriptException | javax.script.ScriptException | IdRepoException | SSOException ex) {
        throw new EntitlementException(EntitlementException.CONDITION_EVALUATION_FAILED, ex);
    }
}
Also used : ScriptObject(org.forgerock.openam.scripting.ScriptObject) SSOToken(com.iplanet.sso.SSOToken) HashMap(java.util.HashMap) IdRepoException(com.sun.identity.idm.IdRepoException) SSOException(com.iplanet.sso.SSOException) Bindings(javax.script.Bindings) SimpleBindings(javax.script.SimpleBindings) EntitlementException(com.sun.identity.entitlement.EntitlementException) ScriptException(org.forgerock.openam.scripting.ScriptException) SimpleBindings(javax.script.SimpleBindings) ScriptConfiguration(org.forgerock.openam.scripting.service.ScriptConfiguration) List(java.util.List) ScriptedSession(org.forgerock.openam.scripting.api.ScriptedSession) ScriptedIdentity(org.forgerock.openam.scripting.api.ScriptedIdentity)

Example 10 with ScriptConfiguration

use of org.forgerock.openam.scripting.service.ScriptConfiguration in project OpenAM by OpenRock.

the class ScriptConfigurationDataStore method delete.

@Override
public void delete(String uuid) throws ScriptException {
    ScriptConfiguration scriptConfig = get(uuid);
    if (containsGlobalUuid(uuid) || isDefaultScript(scriptConfig)) {
        throw new ScriptException(DELETING_DEFAULT_SCRIPT, scriptConfig.getName());
    }
    int usageCount = getUsageCount(scriptConfig);
    if (usageCount > 0) {
        ScriptContext scriptContext = scriptConfig.getContext();
        if (usageCount == 1) {
            throw new ScriptException(DELETING_SCRIPT_IN_USE_SINGULAR, scriptConfig.getName());
        }
        throw new ScriptException(DELETING_SCRIPT_IN_USE_PLURAL, scriptConfig.getName(), Integer.toString(usageCount));
    }
    try {
        getSubOrgConfig().removeSubConfig(uuid);
    } catch (SSOException | SMSException e) {
        throw createAndLogError(logger, DELETE_FAILED, e, uuid, realm);
    }
}
Also used : ScriptException(org.forgerock.openam.scripting.ScriptException) SMSException(com.sun.identity.sm.SMSException) ScriptConfiguration(org.forgerock.openam.scripting.service.ScriptConfiguration) SSOException(com.iplanet.sso.SSOException)

Aggregations

ScriptConfiguration (org.forgerock.openam.scripting.service.ScriptConfiguration)11 ScriptException (org.forgerock.openam.scripting.ScriptException)7 SSOException (com.iplanet.sso.SSOException)5 SMSException (com.sun.identity.sm.SMSException)4 ScriptObject (org.forgerock.openam.scripting.ScriptObject)4 Test (org.testng.annotations.Test)4 HashMap (java.util.HashMap)3 Bindings (javax.script.Bindings)3 SSOToken (com.iplanet.sso.SSOToken)2 AuthSPrincipal (com.sun.identity.rest.AuthSPrincipal)2 ServiceConfig (com.sun.identity.sm.ServiceConfig)2 LinkedHashSet (java.util.LinkedHashSet)2 Set (java.util.Set)2 SimpleBindings (javax.script.SimpleBindings)2 Subject (javax.security.auth.Subject)2 ResourceResponse (org.forgerock.json.resource.ResourceResponse)2 ConditionDecision (com.sun.identity.entitlement.ConditionDecision)1 EntitlementException (com.sun.identity.entitlement.EntitlementException)1 AMIdentity (com.sun.identity.idm.AMIdentity)1 IdRepoException (com.sun.identity.idm.IdRepoException)1