@Override public Map<String, String> getSecurityQuestions(final String username) { return ScriptingUtils.executeGroovyScript(this.groovyResource, "getSecurityQuestions", new Object[]{username, LOGGER}, Map.class, true); } }
/** * Is inline groovy script ?. * * @param script the script * @return the boolean */ public static boolean isInlineGroovyScript(final String script) { return getMatcherForInlineGroovyScript(script).find(); }
/** * Is external groovy script ?. * * @param script the script * @return the boolean */ public static boolean isExternalGroovyScript(final String script) { return getMatcherForExternalGroovyScript(script).find(); }
private Optional<Exception> getScriptExecutionResult(final Authentication auth, final Matcher matcherInline) { if (matcherInline.find()) { val args = CollectionUtils.wrap("principal", auth.getPrincipal(), "logger", LOGGER); val inlineScript = matcherInline.group(1); return ScriptingUtils.executeGroovyShellScript(inlineScript, args, Optional.class); } val res = this.resourceLoader.getResource(script); final Object[] args = {auth.getPrincipal(), LOGGER}; return ScriptingUtils.executeGroovyScript(res, args, Optional.class, true); } }
@SneakyThrows private static <T> T getGroovyResult(final Resource groovyScript, final String methodName, final Object[] args, final Class<T> clazz, final boolean failOnError) { try { val groovyObject = parseGroovyScript(groovyScript, failOnError); if (groovyObject == null) { LOGGER.error("Could not parse the Groovy script at [{}]", groovyScript); return null; } return executeGroovyScript(groovyObject, methodName, args, clazz, failOnError); } catch (final Exception e) { if (failOnError) { throw e; } LOGGER.error(e.getMessage(), e); } return null; }
@Override public Identifier toPhysicalTableName(final Identifier name, final JdbcEnvironment jdbcEnvironment) { val propsResult = ApplicationContextProvider.getCasProperties(); if (propsResult.isEmpty()) { LOGGER.error("Could not load configuration settings. CAS application context may not have initialized correctly."); return super.toPhysicalTableName(name, jdbcEnvironment); } val tableName = name.getCanonicalName(); val casProperties = propsResult.get(); val tableNames = casProperties.getJdbc().getPhysicalTableNames(); if (tableNames.isEmpty()) { LOGGER.trace("No configured table names are defined to map [{}]", tableName); return super.toPhysicalTableName(name, jdbcEnvironment); } LOGGER.trace("Locating physical table name for [{}] based on configured table names [{}]", tableName, tableNames); if (tableNames.containsKey(tableName)) { val physicalName = tableNames.get(tableName); if (ScriptingUtils.isExternalGroovyScript(physicalName)) { LOGGER.trace("Executing script [{}] to determine physical table name for [{}]", physicalName, tableName); val scriptResource = ApplicationContextProvider.getResourceLoader().getResource(physicalName); val args = new Object[]{name, jdbcEnvironment, ApplicationContextProvider.getApplicationContext(), LOGGER}; val identifier = ScriptingUtils.executeGroovyScript(scriptResource, args, Identifier.class, true); LOGGER.trace("Determine table physical name from script [{}] to be [{}]", scriptResource, identifier); return identifier; } LOGGER.trace("Located physical table name [{}] for [{}]", physicalName, tableName); return Identifier.toIdentifier(physicalName); } return super.toPhysicalTableName(name, jdbcEnvironment); }
@Override public Map<String, Object> filter(final Map<String, Object> givenAttributes) { val matcherInline = ScriptingUtils.getMatcherForInlineGroovyScript(script); val matcherFile = ScriptingUtils.getMatcherForExternalGroovyScript(script); if (matcherInline.find()) { return filterInlinedGroovyAttributeValues(givenAttributes, matcherInline.group(1)); } if (matcherFile.find()) { return filterFileBasedGroovyAttributeValues(givenAttributes, matcherFile.group(2)); } return givenAttributes; }
/** * Gets object instance from groovy resource. * * @param <T> the type parameter * @param resource the resource * @param expectedType the expected type * @return the object instance from groovy resource */ public static <T> T getObjectInstanceFromGroovyResource(final Resource resource, final Class<T> expectedType) { return getObjectInstanceFromGroovyResource(resource, ArrayUtils.EMPTY_CLASS_ARRAY, ArrayUtils.EMPTY_OBJECT_ARRAY, expectedType); }
private static Map<String, Object> getGroovyAttributeValue(final String groovyScript, final Map<String, Object> resolvedAttributes) { val args = CollectionUtils.wrap("attributes", resolvedAttributes, "logger", LOGGER); return ScriptingUtils.executeGroovyShellScript(groovyScript, args, Map.class); }
private Map<String, Object> getScriptedAttributesFromFile(final Map<String, Object> attributes) { final Object[] args = {attributes, LOGGER}; val map = ScriptingUtils.executeScriptEngine(this.scriptFile, args, Map.class); return ObjectUtils.defaultIfNull(map, new HashMap<>()); } }
@Override public String resolveUsernameInternal(final Principal principal, final Service service, final RegisteredService registeredService) { val matcherInline = ScriptingUtils.getMatcherForInlineGroovyScript(this.groovyScript); val matcherFile = ScriptingUtils.getMatcherForExternalGroovyScript(this.groovyScript); if (matcherInline.find()) { return resolveUsernameFromInlineGroovyScript(principal, service, matcherInline.group(1)); } if (matcherFile.find()) { return resolveUsernameFromExternalGroovyScript(principal, service, matcherFile.group(1)); } LOGGER.warn("Groovy script [{}] is not valid. CAS will switch to use the default principal identifier [{}]", this.groovyScript, principal.getId()); return principal.getId(); }
@SneakyThrows private void buildGroovyAccessStrategyInstanceIfNeeded() { if (this.groovyStrategyInstance == null) { val groovyResource = ResourceUtils.getResourceFrom(this.groovyScript); this.groovyStrategyInstance = ScriptingUtils.getObjectInstanceFromGroovyResource(groovyResource, RegisteredServiceAccessStrategy.class); } } }
private static Object getGroovyAttributeValue(final String groovyScript, final Map<String, Object> resolvedAttributes) { val args = CollectionUtils.wrap("attributes", resolvedAttributes, "logger", LOGGER); return ScriptingUtils.executeGroovyShellScript(groovyScript, args, Object.class); }
@Override protected String resolveUsernameInternal(final Principal principal, final Service service, final RegisteredService registeredService) { try { LOGGER.debug("Found groovy script to execute"); val result = ScriptingUtils.executeScriptEngine(this.script, new Object[]{principal.getAttributes(), principal.getId(), LOGGER}, Object.class); if (result != null) { LOGGER.debug("Found username [{}] from script [{}]", result, this.script); return result.toString(); } } catch (final Exception e) { LOGGER.error(e.getMessage(), e); } LOGGER.warn("Script [{}] returned no value for username attribute. Fallback to default [{}]", this.script, principal.getId()); return principal.getId(); }
@Override public boolean send(final String from, final String to, final String message) { return ScriptingUtils.executeGroovyScript(this.groovyResource, new Object[]{from, to, message, LOGGER}, Boolean.class, true); } }
private static void mapSingleAttributeDefinition(final String attributeName, final String mappedAttributeName, final Object attributeValue, final Map<String, Object> resolvedAttributes, final Map<String, Object> attributesToRelease) { val matcherInline = ScriptingUtils.getMatcherForInlineGroovyScript(mappedAttributeName); val matcherFile = ScriptingUtils.getMatcherForExternalGroovyScript(mappedAttributeName); if (matcherInline.find()) { LOGGER.debug("Mapped attribute [{}] is an inlined groovy script", mappedAttributeName); processInlineGroovyAttribute(resolvedAttributes, attributesToRelease, matcherInline, attributeName); } else if (matcherFile.find()) { LOGGER.debug("Mapped attribute [{}] is an external groovy script", mappedAttributeName); processFileBasedGroovyAttributes(resolvedAttributes, attributesToRelease, matcherFile, attributeName); } else { if (attributeValue != null) { LOGGER.debug("Found attribute [{}] in the list of allowed attributes, mapped to the name [{}]", attributeName, mappedAttributeName); attributesToRelease.put(mappedAttributeName, attributeValue); } else { LOGGER.warn("Could not find value for mapped attribute [{}] that is based off of [{}] in the allowed attributes list. " + "Ensure the original attribute [{}] is retrieved and contains at least a single value. Attribute [{}] " + "will and can not be released without the presence of a value.", mappedAttributeName, attributeName, attributeName, mappedAttributeName); } } }
@Override public boolean isSatisfiedBy(final Authentication auth, final Set<AuthenticationHandler> authenticationHandlers) throws Exception { val matcherInline = ScriptingUtils.getMatcherForInlineGroovyScript(script); val ex = getScriptExecutionResult(auth, matcherInline); if (ex != null && ex.isPresent()) { throw new GeneralSecurityException(ex.get()); } return true; }
@SneakyThrows private void buildGroovyMultifactorPolicyInstanceIfNeeded() { if (this.groovyPolicyInstance == null) { val groovyResource = ResourceUtils.getResourceFrom(this.groovyScript); this.groovyPolicyInstance = ScriptingUtils.getObjectInstanceFromGroovyResource(groovyResource, RegisteredServiceMultifactorPolicy.class); } }
private static Object getGroovyAttributeValue(final Principal principal, final String script) { val args = CollectionUtils.wrap("attributes", principal.getAttributes(), "id", principal.getId(), "logger", LOGGER); return ScriptingUtils.executeGroovyShellScript(script, (Map) args, Object.class); }
@Override public String transform(final String formUserId) { return ScriptingUtils.executeGroovyScript(this.script, new Object[]{formUserId, LOGGER}, String.class, true); } }