private void init(JsonValue configuration) {
JsonValue additionalPolicies = configuration.get("additionalFiles");
if (!additionalPolicies.isNull()) {
configuration.remove("additionalFiles");
List<String> list = new ArrayList<String>();
for (JsonValue policy : additionalPolicies) {
try {
list.add(FileUtil.readFile(IdentityServer.getFileForProjectPath(policy.asString())));
} catch (Exception e) {
logger.error("Error loading additional policy script " + policy.asString(), e);
}
}
configuration.add("additionalPolicies", list);
}
}
/**
* Performs the calculation of roles based on the userRoles property in the configuration and the
* retrieved user object.
*
* @param principal The principal.
* @param securityContextMapper The message info instance.
* @param resource the retrieved resource for the principal.
* @return A SecurityContextMapper instance containing the authentication context information.
*/
public void calculateRoles(
String principal, SecurityContextMapper securityContextMapper, ResourceResponse resource) {
// Set roles from retrieved object:
if (resource != null) {
final JsonValue userDetail = resource.getContent();
// support reading roles from property in object
if (userRoles != null && !userDetail.get(userRoles).isNull()) {
if (userDetail.get(userRoles).isString()) {
for (String role : userDetail.get(userRoles).asString().split(",")) {
securityContextMapper.addRole(role);
}
} else if (userDetail.get(userRoles).isList()) {
for (JsonValue role : userDetail.get(userRoles)) {
if (RelationshipUtil.isRelationship(role)) {
// Role is specified as a relationship Object
JsonPointer roleId =
new JsonPointer(role.get(RelationshipUtil.REFERENCE_ID).asString());
securityContextMapper.addRole(roleId.leaf());
} else {
// Role is specified as a String
securityContextMapper.addRole(role.asString());
}
}
} else {
logger.warn(
"Unknown roles type retrieved from user query, expected collection: {} type: {}",
userRoles,
userDetail.get(userRoles).getObject().getClass());
}
}
// Roles are now set.
// Note: roles can be further augmented with a script if more complex behavior is desired
logger.debug(
"Used {}object property to update context for {} with userid : {}, roles : {}",
userRoles != null ? (userRoles + " ") : "",
securityContextMapper.getAuthenticationId(),
securityContextMapper.getUserId(),
securityContextMapper.getRoles());
}
}
@Override
public Object create() throws HeapException {
JsonValue urlString = config.get("url").required();
URL url = evaluateJsonStaticExpression(urlString).asURL();
String password = evaluate(config.get("password"));
String type = config.get("type").defaultTo(KeyStore.getDefaultType()).asString().toUpperCase();
KeyStore keyStore = null;
InputStream keyInput = null;
try {
keyStore = KeyStore.getInstance(type);
keyInput = url.openStream();
char[] credentials = (password == null) ? null : password.toCharArray();
keyStore.load(keyInput, credentials);
} catch (Exception e) {
throw new HeapException(
format("Cannot load %S KeyStore from %s", type, urlString.asString()), e);
} finally {
closeSilently(keyInput);
}
return keyStore;
}
/** {@inheritDoc} */
public ConfirmationCallback convertFromJson(ConfirmationCallback callback, JsonValue jsonCallback)
throws RestAuthException {
validateCallbackType(CALLBACK_NAME, jsonCallback);
JsonValue input = jsonCallback.get("input");
if (input.size() != 1) {
throw new JsonException("JSON Callback does not include a input field");
}
JsonValue inputFieldValue = input.get(0).get("value").required();
int value;
if (inputFieldValue.isString()) {
value = Integer.parseInt(inputFieldValue.asString());
} else {
value = inputFieldValue.asInteger();
}
callback.setSelectedIndex(value);
return callback;
}
