use of org.keycloak.models.ScriptModel in project keycloak by keycloak.
the class ScriptBasedAuthenticator method getInvocableScriptAdapter.
private InvocableScriptAdapter getInvocableScriptAdapter(AuthenticationFlowContext context) {
Map<String, String> config = getAuthenticatorConfig(context).getConfig();
String scriptName = config.get(SCRIPT_NAME);
String scriptCode = config.get(SCRIPT_CODE);
String scriptDescription = config.get(SCRIPT_DESCRIPTION);
RealmModel realm = context.getRealm();
ScriptingProvider scripting = context.getSession().getProvider(ScriptingProvider.class);
// TODO lookup script by scriptId instead of creating it every time
ScriptModel script = scripting.createScript(realm.getId(), ScriptModel.TEXT_JAVASCRIPT, scriptName, scriptCode, scriptDescription);
// how to deal with long running scripts -> timeout?
return scripting.prepareInvocableScript(script, bindings -> {
bindings.put("script", script);
bindings.put("realm", context.getRealm());
bindings.put("user", context.getUser());
bindings.put("session", context.getSession());
bindings.put("httpRequest", context.getHttpRequest());
bindings.put("authenticationSession", context.getAuthenticationSession());
bindings.put("LOG", LOGGER);
});
}
use of org.keycloak.models.ScriptModel in project keycloak by keycloak.
the class ScriptBasedOIDCProtocolMapper method validateConfig.
@Override
public void validateConfig(KeycloakSession session, RealmModel realm, ProtocolMapperContainerModel client, ProtocolMapperModel mapperModel) throws ProtocolMapperConfigException {
String scriptCode = getScriptCode(mapperModel);
if (scriptCode == null) {
return;
}
ScriptingProvider scripting = session.getProvider(ScriptingProvider.class);
ScriptModel scriptModel = scripting.createScript(realm.getId(), ScriptModel.TEXT_JAVASCRIPT, mapperModel.getName() + "-script", scriptCode, "");
try {
scripting.prepareEvaluatableScript(scriptModel);
} catch (ScriptCompilationException ex) {
throw new ProtocolMapperConfigException("error", "{0}", ex.getMessage());
}
}
use of org.keycloak.models.ScriptModel in project keycloak by keycloak.
the class JSPolicyProviderFactory method getEvaluatableScript.
private EvaluatableScriptAdapter getEvaluatableScript(final AuthorizationProvider authz, final Policy policy) {
return scriptCache.computeIfAbsent(policy.getId(), id -> {
final ScriptingProvider scripting = authz.getKeycloakSession().getProvider(ScriptingProvider.class);
ScriptModel script = getScriptModel(policy, authz.getRealm(), scripting);
return scripting.prepareEvaluatableScript(script);
});
}
use of org.keycloak.models.ScriptModel in project keycloak by keycloak.
the class ScriptBasedOIDCProtocolMapper method evaluateScript.
private Object evaluateScript(Object tokenBinding, ProtocolMapperModel mappingModel, UserSessionModel userSession, KeycloakSession keycloakSession) {
UserModel user = userSession.getUser();
String scriptSource = getScriptCode(mappingModel);
RealmModel realm = userSession.getRealm();
ScriptingProvider scripting = keycloakSession.getProvider(ScriptingProvider.class);
ScriptModel scriptModel = scripting.createScript(realm.getId(), ScriptModel.TEXT_JAVASCRIPT, "token-mapper-script_" + mappingModel.getName(), scriptSource, null);
EvaluatableScriptAdapter script = scripting.prepareEvaluatableScript(scriptModel);
Object claimValue;
try {
claimValue = script.eval((bindings) -> {
bindings.put("user", user);
bindings.put("realm", realm);
if (tokenBinding instanceof IDToken) {
bindings.put("token", tokenBinding);
} else if (tokenBinding instanceof AccessTokenResponse) {
bindings.put("tokenResponse", tokenBinding);
}
bindings.put("userSession", userSession);
bindings.put("keycloakSession", keycloakSession);
});
} catch (Exception ex) {
LOGGER.error("Error during execution of ProtocolMapper script", ex);
claimValue = null;
}
return claimValue;
}
Aggregations