Search in sources :

Example 1 with ScriptModel

use of org.keycloak.models.ScriptModel in project keycloak by keycloak.

the class ScriptBasedAuthenticator method getInvocableScriptAdapter.

private InvocableScriptAdapter getInvocableScriptAdapter(AuthenticationFlowContext context) {
    Map<String, String> config = getAuthenticatorConfig(context).getConfig();
    String scriptName = config.get(SCRIPT_NAME);
    String scriptCode = config.get(SCRIPT_CODE);
    String scriptDescription = config.get(SCRIPT_DESCRIPTION);
    RealmModel realm = context.getRealm();
    ScriptingProvider scripting = context.getSession().getProvider(ScriptingProvider.class);
    // TODO lookup script by scriptId instead of creating it every time
    ScriptModel script = scripting.createScript(realm.getId(), ScriptModel.TEXT_JAVASCRIPT, scriptName, scriptCode, scriptDescription);
    // how to deal with long running scripts -> timeout?
    return scripting.prepareInvocableScript(script, bindings -> {
        bindings.put("script", script);
        bindings.put("realm", context.getRealm());
        bindings.put("user", context.getUser());
        bindings.put("session", context.getSession());
        bindings.put("httpRequest", context.getHttpRequest());
        bindings.put("authenticationSession", context.getAuthenticationSession());
        bindings.put("LOG", LOGGER);
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) ScriptModel(org.keycloak.models.ScriptModel) ScriptingProvider(org.keycloak.scripting.ScriptingProvider)

Example 2 with ScriptModel

use of org.keycloak.models.ScriptModel in project keycloak by keycloak.

the class ScriptBasedOIDCProtocolMapper method validateConfig.

@Override
public void validateConfig(KeycloakSession session, RealmModel realm, ProtocolMapperContainerModel client, ProtocolMapperModel mapperModel) throws ProtocolMapperConfigException {
    String scriptCode = getScriptCode(mapperModel);
    if (scriptCode == null) {
        return;
    }
    ScriptingProvider scripting = session.getProvider(ScriptingProvider.class);
    ScriptModel scriptModel = scripting.createScript(realm.getId(), ScriptModel.TEXT_JAVASCRIPT, mapperModel.getName() + "-script", scriptCode, "");
    try {
        scripting.prepareEvaluatableScript(scriptModel);
    } catch (ScriptCompilationException ex) {
        throw new ProtocolMapperConfigException("error", "{0}", ex.getMessage());
    }
}
Also used : ScriptModel(org.keycloak.models.ScriptModel) ProtocolMapperConfigException(org.keycloak.protocol.ProtocolMapperConfigException) ScriptingProvider(org.keycloak.scripting.ScriptingProvider) ScriptCompilationException(org.keycloak.scripting.ScriptCompilationException)

Example 3 with ScriptModel

use of org.keycloak.models.ScriptModel in project keycloak by keycloak.

the class JSPolicyProviderFactory method getEvaluatableScript.

private EvaluatableScriptAdapter getEvaluatableScript(final AuthorizationProvider authz, final Policy policy) {
    return scriptCache.computeIfAbsent(policy.getId(), id -> {
        final ScriptingProvider scripting = authz.getKeycloakSession().getProvider(ScriptingProvider.class);
        ScriptModel script = getScriptModel(policy, authz.getRealm(), scripting);
        return scripting.prepareEvaluatableScript(script);
    });
}
Also used : ScriptModel(org.keycloak.models.ScriptModel) ScriptingProvider(org.keycloak.scripting.ScriptingProvider)

Example 4 with ScriptModel

use of org.keycloak.models.ScriptModel in project keycloak by keycloak.

the class ScriptBasedOIDCProtocolMapper method evaluateScript.

private Object evaluateScript(Object tokenBinding, ProtocolMapperModel mappingModel, UserSessionModel userSession, KeycloakSession keycloakSession) {
    UserModel user = userSession.getUser();
    String scriptSource = getScriptCode(mappingModel);
    RealmModel realm = userSession.getRealm();
    ScriptingProvider scripting = keycloakSession.getProvider(ScriptingProvider.class);
    ScriptModel scriptModel = scripting.createScript(realm.getId(), ScriptModel.TEXT_JAVASCRIPT, "token-mapper-script_" + mappingModel.getName(), scriptSource, null);
    EvaluatableScriptAdapter script = scripting.prepareEvaluatableScript(scriptModel);
    Object claimValue;
    try {
        claimValue = script.eval((bindings) -> {
            bindings.put("user", user);
            bindings.put("realm", realm);
            if (tokenBinding instanceof IDToken) {
                bindings.put("token", tokenBinding);
            } else if (tokenBinding instanceof AccessTokenResponse) {
                bindings.put("tokenResponse", tokenBinding);
            }
            bindings.put("userSession", userSession);
            bindings.put("keycloakSession", keycloakSession);
        });
    } catch (Exception ex) {
        LOGGER.error("Error during execution of ProtocolMapper script", ex);
        claimValue = null;
    }
    return claimValue;
}
Also used : UserModel(org.keycloak.models.UserModel) RealmModel(org.keycloak.models.RealmModel) ScriptModel(org.keycloak.models.ScriptModel) ProtocolMapperContainerModel(org.keycloak.models.ProtocolMapperContainerModel) RealmModel(org.keycloak.models.RealmModel) Profile(org.keycloak.common.Profile) ProtocolMapperModel(org.keycloak.models.ProtocolMapperModel) ProtocolMapperConfigException(org.keycloak.protocol.ProtocolMapperConfigException) Logger(org.jboss.logging.Logger) ProviderConfigProperty(org.keycloak.provider.ProviderConfigProperty) KeycloakSession(org.keycloak.models.KeycloakSession) UserSessionModel(org.keycloak.models.UserSessionModel) EnvironmentDependentProviderFactory(org.keycloak.provider.EnvironmentDependentProviderFactory) IDToken(org.keycloak.representations.IDToken) ProviderConfigurationBuilder(org.keycloak.provider.ProviderConfigurationBuilder) AccessTokenResponse(org.keycloak.representations.AccessTokenResponse) ScriptModel(org.keycloak.models.ScriptModel) EvaluatableScriptAdapter(org.keycloak.scripting.EvaluatableScriptAdapter) List(java.util.List) UserModel(org.keycloak.models.UserModel) ClientSessionContext(org.keycloak.models.ClientSessionContext) ScriptingProvider(org.keycloak.scripting.ScriptingProvider) ScriptCompilationException(org.keycloak.scripting.ScriptCompilationException) ProtocolMapperUtils(org.keycloak.protocol.ProtocolMapperUtils) ScriptingProvider(org.keycloak.scripting.ScriptingProvider) EvaluatableScriptAdapter(org.keycloak.scripting.EvaluatableScriptAdapter) IDToken(org.keycloak.representations.IDToken) AccessTokenResponse(org.keycloak.representations.AccessTokenResponse) ProtocolMapperConfigException(org.keycloak.protocol.ProtocolMapperConfigException) ScriptCompilationException(org.keycloak.scripting.ScriptCompilationException)

Aggregations

ScriptModel (org.keycloak.models.ScriptModel)4 ScriptingProvider (org.keycloak.scripting.ScriptingProvider)4 RealmModel (org.keycloak.models.RealmModel)2 ProtocolMapperConfigException (org.keycloak.protocol.ProtocolMapperConfigException)2 ScriptCompilationException (org.keycloak.scripting.ScriptCompilationException)2 List (java.util.List)1 Logger (org.jboss.logging.Logger)1 Profile (org.keycloak.common.Profile)1 ClientSessionContext (org.keycloak.models.ClientSessionContext)1 KeycloakSession (org.keycloak.models.KeycloakSession)1 ProtocolMapperContainerModel (org.keycloak.models.ProtocolMapperContainerModel)1 ProtocolMapperModel (org.keycloak.models.ProtocolMapperModel)1 UserModel (org.keycloak.models.UserModel)1 UserSessionModel (org.keycloak.models.UserSessionModel)1 ProtocolMapperUtils (org.keycloak.protocol.ProtocolMapperUtils)1 EnvironmentDependentProviderFactory (org.keycloak.provider.EnvironmentDependentProviderFactory)1 ProviderConfigProperty (org.keycloak.provider.ProviderConfigProperty)1 ProviderConfigurationBuilder (org.keycloak.provider.ProviderConfigurationBuilder)1 AccessTokenResponse (org.keycloak.representations.AccessTokenResponse)1 IDToken (org.keycloak.representations.IDToken)1