Example 1 with EvaluatableScriptAdapter
use of org.keycloak.scripting.EvaluatableScriptAdapter in project keycloak by keycloak.
the class JSPolicyProvider method evaluate.
@Override
public void evaluate(Evaluation evaluation) {
Policy policy = evaluation.getPolicy();
AuthorizationProvider authorization = evaluation.getAuthorizationProvider();
EvaluatableScriptAdapter adapter = evaluatableScript.apply(authorization, policy);
try {
SimpleScriptContext context = new SimpleScriptContext();
context.setAttribute("$evaluation", evaluation, ScriptContext.ENGINE_SCOPE);
adapter.eval(context);
} catch (Exception e) {
throw new RuntimeException("Error evaluating JS Policy [" + policy.getName() + "].", e);
}
}
Also used :
Policy(org.keycloak.authorization.model.Policy)
SimpleScriptContext(javax.script.SimpleScriptContext)
AuthorizationProvider(org.keycloak.authorization.AuthorizationProvider)
EvaluatableScriptAdapter(org.keycloak.scripting.EvaluatableScriptAdapter)
Example 2 with EvaluatableScriptAdapter
use of org.keycloak.scripting.EvaluatableScriptAdapter in project keycloak by keycloak.
the class ScriptBasedMapper method transformAttributeStatement.
/**
* This method attaches one or many attributes to the passed attribute statement.
* To obtain the attribute values, it executes the mapper's script and returns attaches the returned value to the
* attribute.
* If the returned attribute is an Array or is iterable, the mapper will either return multiple attributes, or an
* attribute with multiple values. The variant chosen depends on the configuration of the mapper
*
* @param attributeStatement The attribute statements to be added to a token
* @param mappingModel The mapping model reflects the values that are actually input in the GUI
* @param session The current session
* @param userSession The current user session
* @param clientSession The current client session
*/
@Override
public void transformAttributeStatement(AttributeStatementType attributeStatement, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, AuthenticatedClientSessionModel clientSession) {
UserModel user = userSession.getUser();
String scriptSource = mappingModel.getConfig().get(ProviderConfigProperty.SCRIPT_TYPE);
RealmModel realm = userSession.getRealm();
String single = mappingModel.getConfig().get(SINGLE_VALUE_ATTRIBUTE);
boolean singleAttribute = Boolean.parseBoolean(single);
ScriptingProvider scripting = session.getProvider(ScriptingProvider.class);
ScriptModel scriptModel = scripting.createScript(realm.getId(), ScriptModel.TEXT_JAVASCRIPT, "attribute-mapper-script_" + mappingModel.getName(), scriptSource, null);
EvaluatableScriptAdapter script = scripting.prepareEvaluatableScript(scriptModel);
Object attributeValue;
try {
attributeValue = script.eval((bindings) -> {
bindings.put("user", user);
bindings.put("realm", realm);
bindings.put("clientSession", clientSession);
bindings.put("userSession", userSession);
bindings.put("keycloakSession", session);
});
// If the result is a an array or is iterable, get all values
if (attributeValue.getClass().isArray()) {
attributeValue = Arrays.asList((Object[]) attributeValue);
}
if (attributeValue instanceof Iterable) {
if (singleAttribute) {
AttributeType singleAttributeType = AttributeStatementHelper.createAttributeType(mappingModel);
attributeStatement.addAttribute(new AttributeStatementType.ASTChoiceType(singleAttributeType));
for (Object value : (Iterable) attributeValue) {
singleAttributeType.addAttributeValue(value);
}
} else {
for (Object value : (Iterable) attributeValue) {
AttributeStatementHelper.addAttribute(attributeStatement, mappingModel, value.toString());
}
}
} else {
// single value case
AttributeStatementHelper.addAttribute(attributeStatement, mappingModel, attributeValue.toString());
}
} catch (Exception ex) {
LOGGER.error("Error during execution of ProtocolMapper script", ex);
AttributeStatementHelper.addAttribute(attributeStatement, mappingModel, null);
}
}
Also used :
AttributeStatementType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType)
EvaluatableScriptAdapter(org.keycloak.scripting.EvaluatableScriptAdapter)
java.util(java.util)
ProtocolMapperConfigException(org.keycloak.protocol.ProtocolMapperConfigException)
ScriptingProvider(org.keycloak.scripting.ScriptingProvider)
ScriptCompilationException(org.keycloak.scripting.ScriptCompilationException)
Logger(org.jboss.logging.Logger)
org.keycloak.models(org.keycloak.models)
ProviderConfigProperty(org.keycloak.provider.ProviderConfigProperty)
AttributeType(org.keycloak.dom.saml.v2.assertion.AttributeType)
AttributeStatementType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType)
ProtocolMapperConfigException(org.keycloak.protocol.ProtocolMapperConfigException)
ScriptCompilationException(org.keycloak.scripting.ScriptCompilationException)
ScriptingProvider(org.keycloak.scripting.ScriptingProvider)
AttributeType(org.keycloak.dom.saml.v2.assertion.AttributeType)
EvaluatableScriptAdapter(org.keycloak.scripting.EvaluatableScriptAdapter)
Example 3 with EvaluatableScriptAdapter
use of org.keycloak.scripting.EvaluatableScriptAdapter in project keycloak by keycloak.
the class ScriptBasedOIDCProtocolMapper method evaluateScript.
private Object evaluateScript(Object tokenBinding, ProtocolMapperModel mappingModel, UserSessionModel userSession, KeycloakSession keycloakSession) {
UserModel user = userSession.getUser();
String scriptSource = getScriptCode(mappingModel);
RealmModel realm = userSession.getRealm();
ScriptingProvider scripting = keycloakSession.getProvider(ScriptingProvider.class);
ScriptModel scriptModel = scripting.createScript(realm.getId(), ScriptModel.TEXT_JAVASCRIPT, "token-mapper-script_" + mappingModel.getName(), scriptSource, null);
EvaluatableScriptAdapter script = scripting.prepareEvaluatableScript(scriptModel);
Object claimValue;
try {
claimValue = script.eval((bindings) -> {
bindings.put("user", user);
bindings.put("realm", realm);
if (tokenBinding instanceof IDToken) {
bindings.put("token", tokenBinding);
} else if (tokenBinding instanceof AccessTokenResponse) {
bindings.put("tokenResponse", tokenBinding);
}
bindings.put("userSession", userSession);
bindings.put("keycloakSession", keycloakSession);
});
} catch (Exception ex) {
LOGGER.error("Error during execution of ProtocolMapper script", ex);
claimValue = null;
}
return claimValue;
}
Also used :
UserModel(org.keycloak.models.UserModel)
RealmModel(org.keycloak.models.RealmModel)
ScriptModel(org.keycloak.models.ScriptModel)
ProtocolMapperContainerModel(org.keycloak.models.ProtocolMapperContainerModel)
RealmModel(org.keycloak.models.RealmModel)
Profile(org.keycloak.common.Profile)
ProtocolMapperModel(org.keycloak.models.ProtocolMapperModel)
ProtocolMapperConfigException(org.keycloak.protocol.ProtocolMapperConfigException)
Logger(org.jboss.logging.Logger)
ProviderConfigProperty(org.keycloak.provider.ProviderConfigProperty)
KeycloakSession(org.keycloak.models.KeycloakSession)
UserSessionModel(org.keycloak.models.UserSessionModel)
EnvironmentDependentProviderFactory(org.keycloak.provider.EnvironmentDependentProviderFactory)
IDToken(org.keycloak.representations.IDToken)
ProviderConfigurationBuilder(org.keycloak.provider.ProviderConfigurationBuilder)
AccessTokenResponse(org.keycloak.representations.AccessTokenResponse)
ScriptModel(org.keycloak.models.ScriptModel)
EvaluatableScriptAdapter(org.keycloak.scripting.EvaluatableScriptAdapter)
List(java.util.List)
UserModel(org.keycloak.models.UserModel)
ClientSessionContext(org.keycloak.models.ClientSessionContext)
ScriptingProvider(org.keycloak.scripting.ScriptingProvider)
ScriptCompilationException(org.keycloak.scripting.ScriptCompilationException)
ProtocolMapperUtils(org.keycloak.protocol.ProtocolMapperUtils)
ScriptingProvider(org.keycloak.scripting.ScriptingProvider)
EvaluatableScriptAdapter(org.keycloak.scripting.EvaluatableScriptAdapter)
IDToken(org.keycloak.representations.IDToken)
AccessTokenResponse(org.keycloak.representations.AccessTokenResponse)
ProtocolMapperConfigException(org.keycloak.protocol.ProtocolMapperConfigException)
ScriptCompilationException(org.keycloak.scripting.ScriptCompilationException)
Example 4 with EvaluatableScriptAdapter
use of org.keycloak.scripting.EvaluatableScriptAdapter in project keycloak by keycloak.
the class ScriptCache method computeIfAbsent.
public EvaluatableScriptAdapter computeIfAbsent(String id, Function<String, EvaluatableScriptAdapter> function) {
try {
EvaluatableScriptAdapter adapter = removeIfExpired(cache.get(id));
if (adapter != null) {
return adapter;
}
if (parkForWriteAndCheckInterrupt()) {
return null;
}
CacheEntry entry = cache.computeIfAbsent(id, key -> new CacheEntry(key, function.apply(id), maxAge));
if (entry != null) {
return entry.value();
}
return null;
} finally {
writing.lazySet(false);
}
}
Also used :
EvaluatableScriptAdapter(org.keycloak.scripting.EvaluatableScriptAdapter)
Aggregations
EvaluatableScriptAdapter (org.keycloak.scripting.EvaluatableScriptAdapter)4
Logger (org.jboss.logging.Logger)2
ProtocolMapperConfigException (org.keycloak.protocol.ProtocolMapperConfigException)2
ProviderConfigProperty (org.keycloak.provider.ProviderConfigProperty)2
ScriptCompilationException (org.keycloak.scripting.ScriptCompilationException)2
ScriptingProvider (org.keycloak.scripting.ScriptingProvider)2
java.util (java.util)1
List (java.util.List)1
SimpleScriptContext (javax.script.SimpleScriptContext)1
AuthorizationProvider (org.keycloak.authorization.AuthorizationProvider)1
Policy (org.keycloak.authorization.model.Policy)1
Profile (org.keycloak.common.Profile)1
AttributeStatementType (org.keycloak.dom.saml.v2.assertion.AttributeStatementType)1
AttributeType (org.keycloak.dom.saml.v2.assertion.AttributeType)1
org.keycloak.models (org.keycloak.models)1
ClientSessionContext (org.keycloak.models.ClientSessionContext)1
KeycloakSession (org.keycloak.models.KeycloakSession)1
ProtocolMapperContainerModel (org.keycloak.models.ProtocolMapperContainerModel)1
ProtocolMapperModel (org.keycloak.models.ProtocolMapperModel)1
RealmModel (org.keycloak.models.RealmModel)1
