/**
* Validates the request by checking for the presence of a pre-configured attribute in the
* ServletRequest.
*
* @param messageInfo {@inheritDoc}
* @param clientSubject {@inheritDoc}
* @param serviceSubject {@inheritDoc}
* @return {@inheritDoc}
*/
@Override
public Promise<AuthStatus, AuthenticationException> validateRequest(
MessageInfoContext messageInfo, Subject clientSubject, Subject serviceSubject) {
SecurityContextMapper securityContextMapper =
SecurityContextMapper.fromMessageInfo(messageInfo);
final JsonValue attributes =
json(messageInfo.asContext(AttributesContext.class).getAttributes());
if (attributes.isDefined(authenticationIdAttribute)
&& attributes.get(authenticationIdAttribute).isString()) {
final String authenticationId = attributes.get(authenticationIdAttribute).asString();
securityContextMapper.setAuthenticationId(authenticationId);
clientSubject
.getPrincipals()
.add(
new Principal() {
public String getName() {
return authenticationId;
}
});
return newResultPromise(SUCCESS);
} else {
return newResultPromise(SEND_FAILURE);
}
}
private ResourceResponse getResourceResponse(
Context context, String clientId, Iterable<JsonValue> tokens)
throws NotFoundException, InvalidClientException, ServerException,
InternalServerErrorException {
String realm = getAttributeValue(tokens.iterator().next(), REALM.getOAuthField());
OAuth2ProviderSettings oAuth2ProviderSettings = oAuth2ProviderSettingsFactory.get(context);
ClientRegistration clientRegistration = clientRegistrationStore.get(clientId, realm, context);
Map<String, String> scopeDescriptions =
clientRegistration.getScopeDescriptions(getLocale(context));
Map<String, String> scopes = new HashMap<>();
for (JsonValue token : tokens) {
for (String scope : token.get(SCOPE.getOAuthField()).asSet(String.class)) {
if (scopeDescriptions.containsKey(scope)) {
scopes.put(scope, scopeDescriptions.get(scope));
} else {
scopes.put(scope, scope);
}
}
}
String displayName = clientRegistration.getDisplayName(getLocale(context));
String expiryDateTime = calculateExpiryDateTime(tokens, oAuth2ProviderSettings);
JsonValue content =
json(
object(
field("_id", clientId),
field("name", displayName),
field("scopes", scopes),
field("expiryDateTime", expiryDateTime)));
return Responses.newResourceResponse(
clientId, String.valueOf(content.getObject().hashCode()), content);
}
/**
* Initialize the instance with the given configuration.
*
* <p>This can configure managed (DS/SCR) instances, as well as explicitly instantiated
* (bootstrap) instances.
*
* @param config the configuration
*/
void init(JsonValue config) {
synchronized (dbLock) {
try {
dbURL = getDBUrl(config);
logger.info("Use DB at dbURL: {}", dbURL);
user = config.get(CONFIG_USER).defaultTo("admin").asString();
password = config.get(CONFIG_PASSWORD).defaultTo("admin").asString();
poolMinSize = config.get(CONFIG_POOL_MIN_SIZE).defaultTo(DEFAULT_POOL_MIN_SIZE).asInteger();
poolMaxSize = config.get(CONFIG_POOL_MAX_SIZE).defaultTo(DEFAULT_POOL_MAX_SIZE).asInteger();
Map<String, String> queryMap =
config.get(CONFIG_QUERIES).defaultTo(new HashMap<String, String>()).asMap(String.class);
queries.setConfiguredQueries(queryMap);
Map<String, String> commandMap =
config
.get(CONFIG_COMMANDS)
.defaultTo(new HashMap<String, String>())
.asMap(String.class);
commands.setConfiguredQueries(commandMap);
} catch (RuntimeException ex) {
logger.warn("Configuration invalid, can not start OrientDB repository", ex);
throw ex;
}
try {
pool = DBHelper.getPool(dbURL, user, password, poolMinSize, poolMaxSize, config, true);
logger.debug("Obtained pool {}", pool);
} catch (RuntimeException ex) {
logger.warn("Initializing database pool failed", ex);
throw ex;
}
}
}
/**
* Gets the specified parameter from the JsonValue.
*
* @param paramName The parameter name.
* @return A {@code Set} of the parameter values.
*/
private Set<String> getParameter(String paramName) {
final JsonValue param = get(paramName);
if (param != null) {
return (Set<String>) param.getObject();
}
return null;
}
/**
* Helper function to retrieve a field from the provided request's JSON POST data. This exists for
* the new-style interfaces, and takes the parameter name as an argument also.
*
* @param input JsonValue containing the key "goto" and a paired URL.
* @param paramName The key whose value to attempt to read.
* @return The String representation fo the "goto" key's value, or null.
*/
public String getValueFromJson(JsonValue input, String paramName) {
if (input == null || !input.isDefined(paramName)) {
return null;
} else {
return input.get(paramName).asString();
}
}
/**
* Takes a list of results (in json value wrapped form) and calls the handleResource for each on
* the handler.
*
* @param resultList the list of results, possibly with id and rev entries
* @param handler the handle to set the results on
*/
private void handleQueryResultList(JsonValue resultList, QueryResourceHandler handler) {
for (JsonValue entry : resultList) {
// These can end up null
String id = null;
String rev = null;
if (entry.isMap()) {
id = entry.get(ResourceResponse.FIELD_ID).asString();
rev = entry.get(ResourceResponse.FIELD_REVISION).asString();
}
handler.handleResource(newResourceResponse(id, rev, entry));
}
}
/**
* Initialises the TrustedServletFilterAuthModule.
*
* @param requestPolicy {@inheritDoc}
* @param responsePolicy {@inheritDoc}
* @param handler {@inheritDoc}
* @param options {@inheritDoc}
* @return {@inheritDoc}
*/
@Override
public Promise<Void, AuthenticationException> initialize(
MessagePolicy requestPolicy,
MessagePolicy responsePolicy,
CallbackHandler handler,
Map<String, Object> options) {
JsonValue properties = json(options);
authenticationIdAttribute = properties.get(AUTHENTICATION_ID).required().asString();
return newResultPromise(null);
}
private String generateKid(JsonValue jwkSet, String algorithm) {
final JwsAlgorithm jwsAlgorithm = JwsAlgorithm.valueOf(algorithm);
if (JwsAlgorithmType.RSA.equals(jwsAlgorithm.getAlgorithmType())) {
JsonValue jwks = jwkSet.get(OAuth2Constants.JWTTokenParams.KEYS);
if (!jwks.isNull() && !jwks.asList().isEmpty()) {
return jwks.get(0).get(OAuth2Constants.JWTTokenParams.KEY_ID).asString();
}
}
return null;
}
private Promise<ResourceResponse, ResourceException> evaluate(
final Request request, final Script script) throws ScriptException {
Object result = script.eval();
ResourcePath resourcePath = request.getResourcePathObject();
if (null == result) {
return new NotFoundException("script returned null").asPromise();
}
JsonValue resultJson =
(result instanceof JsonValue) ? (JsonValue) result : new JsonValue(result);
// If the resultJson isn't able to provide an ID, then we default to the resourcePath.
String id = resultJson.get(ResourceResponse.FIELD_CONTENT_ID).defaultTo("").asString();
if (id.isEmpty() && resourcePath.size() > 0) {
id = resourcePath.leaf();
}
return newResourceResponse(id, null, resultJson).asPromise();
}
private String getAttributeValue(JsonValue token, String attributeName) {
Set<String> value = token.get(attributeName).asSet(String.class);
if (CollectionUtils.isNotEmpty(value)) {
return value.iterator().next();
}
return null;
}
@Override
protected Map<String, String> getContextsForAccessAttempt(Request request) {
try {
String jsonString = request.getEntity().getString();
if (isNotEmpty(jsonString)) {
JsonValue jsonValue = toJsonValue(jsonString);
if (jsonValue.isDefined(AUTH_ID)) {
populateContextFromAuthId(jsonValue.get(AUTH_ID).asString());
}
}
} catch (IOException e) {
// Do nothing
}
return super.getContextsForAccessAttempt(request);
}
@Test
public void crestUpdateIsAllowed() throws SSOException, DelegationException {
// Given...
final Set<String> actions = new HashSet<>(Arrays.asList("MODIFY"));
final DelegationPermission permission =
new DelegationPermission(
"/abc", "rest", "1.0", "policies", "modify", actions, EXTENSIONS, DUMB_FUNC);
given(factory.newInstance("/abc", "rest", "1.0", "policies", "modify", actions, EXTENSIONS))
.willReturn(permission);
given(subjectContext.getCallerSSOToken()).willReturn(token);
given(evaluator.isAllowed(eq(token), eq(permission), eq(ENVIRONMENT))).willReturn(true);
JsonValue jsonValue = json(object(field("someKey", "someValue")));
Promise<ResourceResponse, ResourceException> promise =
Promises.newResultPromise(Responses.newResourceResponse("1", "1.0", jsonValue));
given(provider.updateInstance(isA(Context.class), eq("123"), isA(UpdateRequest.class)))
.willReturn(promise);
// When...
final FilterChain chain = AuthorizationFilters.createAuthorizationFilter(provider, module);
final Router router = new Router();
router.addRoute(RoutingMode.STARTS_WITH, Router.uriTemplate("/policies"), chain);
final RealmContext context = new RealmContext(subjectContext);
context.setSubRealm("abc", "abc");
final UpdateRequest request =
Requests.newUpdateRequest("/policies/123", JsonValue.json(new Object()));
Promise<ResourceResponse, ResourceException> result = router.handleUpdate(context, request);
// Then...
assertThat(result).succeeded().withContent().stringAt("someKey").isEqualTo("someValue");
}
JsonValue performDynamicClientRegistration(
final Context context,
final JsonValue clientRegistrationConfiguration,
final URI registrationEndpoint)
throws RegistrationException {
final Request request = new Request();
request.setMethod("POST");
request.setUri(registrationEndpoint);
request.setEntity(clientRegistrationConfiguration.asMap());
final Response response;
try {
response = blockingCall(registrationHandler, context, request);
} catch (InterruptedException e) {
throw new RegistrationException(
format("Interrupted while waiting for '%s' response", request.getUri()), e);
}
if (!CREATED.equals(response.getStatus())) {
throw new RegistrationException(
"Cannot perform dynamic registration: this can be caused "
+ "by the distant server(busy, offline...) "
+ "or a malformed registration response.");
}
try {
return getJsonContent(response);
} catch (OAuth2ErrorException e) {
throw new RegistrationException(
"Cannot perform dynamic registration: invalid response JSON content.");
}
}
@Test
public void crestRequestNotAllowed() throws SSOException, DelegationException {
// Given...
final Set<String> actions = new HashSet<>(Arrays.asList("MODIFY"));
final DelegationPermission permission =
new DelegationPermission(
"/abc", "rest", "1.0", "policies", "modify", actions, EXTENSIONS, DUMB_FUNC);
given(factory.newInstance("/abc", "rest", "1.0", "policies", "modify", actions, EXTENSIONS))
.willReturn(permission);
given(subjectContext.getCallerSSOToken()).willReturn(token);
given(evaluator.isAllowed(eq(token), eq(permission), eq(ENVIRONMENT))).willReturn(false);
// When...
final FilterChain chain = AuthorizationFilters.createAuthorizationFilter(provider, module);
final Router router = new Router();
router.addRoute(RoutingMode.STARTS_WITH, Router.uriTemplate("/policies"), chain);
final RealmContext context = new RealmContext(subjectContext);
context.setSubRealm("abc", "abc");
final CreateRequest request =
Requests.newCreateRequest("/policies", JsonValue.json(new Object()));
Promise<ResourceResponse, ResourceException> promise = router.handleCreate(context, request);
// Then...
assertThat(promise).failedWithException().isInstanceOf(ForbiddenException.class);
}
@Override
public byte[] convertFrom(JsonValue jsonValue) {
try {
return mapper.writeValueAsBytes(jsonValue.getObject());
} catch (IOException e) {
throw new IllegalArgumentException("Could not convert input to JSON", e);
}
}
@Override
public void handleRead(final Context context, final ReadRequest request, final Bindings handler)
throws ResourceException {
super.handleRead(context, request, handler);
handler.put("request", request);
handler.put("resources", configuration.get("resources").copy().getObject());
}
protected ResourceException convertScriptException(final ScriptException scriptException) {
ResourceException convertedError;
try {
throw scriptException;
} catch (ScriptThrownException e) {
convertedError =
e.toResourceException(ResourceException.INTERNAL_ERROR, scriptException.getMessage());
} catch (ScriptException e) {
convertedError =
new InternalServerErrorException(scriptException.getMessage(), scriptException);
}
if (convertedError.getDetail().isNull()) {
convertedError.setDetail(new JsonValue(new HashMap<String, Object>()));
}
final JsonValue detail = convertedError.getDetail();
if (detail.get("fileName").isNull()
&& detail.get("lineNumber").isNull()
&& detail.get("columnNumber").isNull()) {
detail.put("fileName", scriptException.getFileName());
detail.put("lineNumber", scriptException.getLineNumber());
detail.put("columnNumber", scriptException.getColumnNumber());
}
return convertedError;
}
private JsonValue createClientRegistrationDeclaration(
final JsonValue configuration, final String issuerName) {
configuration.put("issuer", issuerName);
return json(
object(
field("name", issuerName + suffix),
field("type", "ClientRegistration"),
field("config", configuration)));
}
private String getDBUrl(JsonValue config) {
File dbFolder = IdentityServer.getFileForWorkingPath("db/openidm");
String orientDbFolder = dbFolder.getAbsolutePath();
orientDbFolder = orientDbFolder.replace('\\', '/'); // OrientDB does not handle backslashes well
return config
.get(OrientDBRepoService.CONFIG_DB_URL)
.defaultTo("local:" + orientDbFolder)
.asString();
}
@Override
public DeviceCode readDeviceCode(String userCode, OAuth2Request request)
throws ServerException, NotFoundException, InvalidGrantException {
try {
JsonValue token = tokenStore.query(equalTo(CoreTokenField.STRING_FOURTEEN, userCode));
if (token.size() != 1) {
throw new InvalidGrantException();
}
DeviceCode deviceCode = new DeviceCode(json(token.asSet().iterator().next()));
request.setToken(DeviceCode.class, deviceCode);
return deviceCode;
} catch (CoreTokenException e) {
logger.error("Unable to read device code corresponding to id: " + userCode, e);
throw new ServerException("Could not read token in CTS: " + e.getMessage());
}
}
/**
* Persist the supplied {@link JsonValue} {@code value} as the new state of this singleton
* relationship on {@code resourceId}.
*
* <p><em>This is currently the only means of creating an instance of this singleton</em>
*
* @param context The context of this request
* @param resourceId Id of the resource relation fields in value are to be memebers of
* @param value A {@link JsonValue} map of relationship fields and their values
* @return The persisted instance of {@code value}
*/
@Override
public Promise<JsonValue, ResourceException> setRelationshipValueForResource(
Context context, String resourceId, JsonValue value) {
if (value.isNotNull()) {
try {
final JsonValue id = value.get(FIELD_ID);
// Update if we got an id, otherwise replace
if (id != null && id.isNotNull()) {
final UpdateRequest updateRequest = Requests.newUpdateRequest("", value);
updateRequest.setAdditionalParameter(PARAM_FIRST_ID, resourceId);
return updateInstance(context, value.get(FIELD_ID).asString(), updateRequest)
.then(
new Function<ResourceResponse, JsonValue, ResourceException>() {
@Override
public JsonValue apply(ResourceResponse resourceResponse)
throws ResourceException {
return resourceResponse.getContent();
}
});
} else { // no id, replace current instance
clear(context, resourceId);
final CreateRequest createRequest = Requests.newCreateRequest("", value);
createRequest.setAdditionalParameter(PARAM_FIRST_ID, resourceId);
return createInstance(context, createRequest)
.then(
new Function<ResourceResponse, JsonValue, ResourceException>() {
@Override
public JsonValue apply(ResourceResponse resourceResponse)
throws ResourceException {
return resourceResponse.getContent();
}
});
}
} catch (ResourceException e) {
return e.asPromise();
}
} else {
clear(context, resourceId);
return newResultPromise(json(null));
}
}
/**
* Performs the calculation of roles based on the userRoles property in the configuration and the
* retrieved user object.
*
* @param principal The principal.
* @param securityContextMapper The message info instance.
* @param resource the retrieved resource for the principal.
* @return A SecurityContextMapper instance containing the authentication context information.
*/
public void calculateRoles(
String principal, SecurityContextMapper securityContextMapper, ResourceResponse resource) {
// Set roles from retrieved object:
if (resource != null) {
final JsonValue userDetail = resource.getContent();
// support reading roles from property in object
if (userRoles != null && !userDetail.get(userRoles).isNull()) {
if (userDetail.get(userRoles).isString()) {
for (String role : userDetail.get(userRoles).asString().split(",")) {
securityContextMapper.addRole(role);
}
} else if (userDetail.get(userRoles).isList()) {
for (JsonValue role : userDetail.get(userRoles)) {
if (RelationshipUtil.isRelationship(role)) {
// Role is specified as a relationship Object
JsonPointer roleId =
new JsonPointer(role.get(RelationshipUtil.REFERENCE_ID).asString());
securityContextMapper.addRole(roleId.leaf());
} else {
// Role is specified as a String
securityContextMapper.addRole(role.asString());
}
}
} else {
logger.warn(
"Unknown roles type retrieved from user query, expected collection: {} type: {}",
userRoles,
userDetail.get(userRoles).getObject().getClass());
}
}
// Roles are now set.
// Note: roles can be further augmented with a script if more complex behavior is desired
logger.debug(
"Used {}object property to update context for {} with userid : {}, roles : {}",
userRoles != null ? (userRoles + " ") : "",
securityContextMapper.getAuthenticationId(),
securityContextMapper.getUserId(),
securityContextMapper.getRoles());
}
}
@SuppressWarnings("rawtypes")
@Test(priority = 3)
public void testCreateNew() throws Exception {
config.put("property1", "value1");
config.put("property2", "value2");
configObjectService.create(rname, id, json(config), false).getOrThrow();
ConfigObjectService.ParsedId parsedId = configObjectService.getParsedId(rname, id);
Configuration config = configObjectService.findExistingConfiguration(parsedId);
assertNotNull(config);
assertNotNull(config.getProperties());
Dictionary properties = config.getProperties();
EnhancedConfig enhancedConfig = new JSONEnhancedConfig();
JsonValue value = enhancedConfig.getConfiguration(properties, rname.toString(), false);
assertTrue(value.keys().contains("property1"));
Assert.assertEquals(value.get("property1").asString(), "value1");
}
/**
* Calls buildAuditEvent() and invokes the request to the audit path.
*
* @param connectionFactory factory used to make crest call to audit service.
*/
public final Promise<ResourceResponse, ResourceException> log(
ConfigAuditState configAuditState,
Request request,
Context context,
ConnectionFactory connectionFactory) {
try {
JsonValue before = configAuditState.getBefore();
JsonValue after = configAuditState.getAfter();
// Get authenticationId from security context, if it exists.
String authenticationId =
(context.containsContext(SecurityContext.class))
? context.asContext(SecurityContext.class).getAuthenticationId()
: null;
// Build the event utilizing the config builder.
AuditEvent auditEvent =
ConfigAuditEventBuilder.configEvent()
.resourceOperationFromRequest(request)
.authenticationFromSecurityContext(context)
.runAs(authenticationId)
.transactionIdFromRootContext(context)
.revision(configAuditState.getRevision())
.timestamp(System.currentTimeMillis())
.eventName(CONFIG_AUDIT_EVENT_NAME)
.before(null != before ? before.toString() : "")
.after(null != after ? after.toString() : "")
.changedFields(getChangedFields(before, after))
.toEvent();
return connectionFactory
.getConnection()
.create(context, Requests.newCreateRequest(AUDIT_CONFIG_REST_PATH, auditEvent.getValue()))
.asPromise();
} catch (ResourceException e) {
LOGGER.error("had trouble logging audit event for config changes.", e);
return e.asPromise();
} catch (Exception e) {
LOGGER.error("had trouble logging audit event for config changes.", e);
return new InternalServerErrorException(e.getMessage(), e).asPromise();
}
}
public static UsernameTokenState fromJson(JsonValue jsonValue) throws TokenMarshalException {
try {
return UsernameTokenState.builder()
.password(
jsonValue
.get(AMSTSConstants.USERNAME_TOKEN_PASSWORD)
.asString()
.getBytes(AMSTSConstants.UTF_8_CHARSET_ID))
.username(
jsonValue
.get(AMSTSConstants.USERNAME_TOKEN_USERNAME)
.asString()
.getBytes(AMSTSConstants.UTF_8_CHARSET_ID))
.build();
} catch (UnsupportedEncodingException e) {
throw new TokenMarshalException(
ResourceException.BAD_REQUEST, "Unsupported charset marshalling fromJson: " + e);
}
}
@SuppressWarnings("rawtypes")
@Test(priority = 6)
public void testUpdate() throws Exception {
config.put("property1", "newvalue1");
config.put("property2", "newvalue2");
when(enhancedConfig.getConfiguration(any(Dictionary.class), any(String.class), eq(false)))
.thenReturn(json(config));
configObjectService.update(rname, id, json(config)).getOrThrow();
ConfigObjectService.ParsedId parsedId = configObjectService.getParsedId(rname, id);
Configuration config = configObjectService.findExistingConfiguration(parsedId);
assertNotNull(config);
assertNotNull(config.getProperties());
Dictionary properties = config.getProperties();
JSONEnhancedConfig enhancedConfig = new JSONEnhancedConfig();
JsonValue value = enhancedConfig.getConfiguration(properties, rname.toString(), false);
assertTrue(value.keys().contains("property1"));
Assert.assertEquals(value.get("property1").asString(), "newvalue1");
}
/** Retrieves the cookie domains set on the server. */
private Promise<ResourceResponse, ResourceException> getCookieDomains() {
JsonValue result = new JsonValue(new LinkedHashMap<String, Object>(1));
Set<String> cookieDomains;
ResourceResponse resource;
int rev;
try {
cookieDomains = AuthClientUtils.getCookieDomains();
rev = cookieDomains.hashCode();
result.put("domains", cookieDomains);
resource = newResourceResponse(COOKIE_DOMAINS, Integer.toString(rev), result);
if (debug.messageEnabled()) {
debug.message(
"ServerInfoResource.getCookieDomains ::"
+ " Added resource to response: "
+ COOKIE_DOMAINS);
}
return newResultPromise(resource);
} catch (Exception e) {
debug.error("ServerInfoResource.getCookieDomains : Cannot retrieve cookie domains.", e);
return new NotFoundException(e.getMessage()).asPromise();
}
}
/**
* Handle an existing activated service getting changed; e.g. configuration changes or dependency
* changes
*
* @param compContext THe OSGI component context
* @throws Exception if handling the modified event failed
*/
@Modified
void modified(ComponentContext compContext) throws Exception {
logger.debug("Handle repository service modified notification");
JsonValue newConfig = null;
try {
newConfig = enhancedConfig.getConfigurationAsJson(compContext);
} catch (RuntimeException ex) {
logger.warn(
"Configuration invalid and could not be parsed, can not start OrientDB repository", ex);
throw ex;
}
if (existingConfig != null
&& !existingConfig.get("embeddedServer").equals(newConfig.get("embeddedServer"))) {
// The embedded server configuration has changed so re-initialize it.
embeddedServer.modified(newConfig);
}
if (existingConfig != null
&& user.equals(getUser(newConfig))
&& password.equals(getPassword(newConfig))
&& dbURL.equals(getDBUrl(newConfig))
&& poolMinSize == getPoolMinSize(newConfig)
&& poolMaxSize == getPoolMaxSize(newConfig)) {
// If the DB pool settings don't change keep the existing pool
logger.info("(Re-)initialize repository with latest configuration.");
} else {
// If the DB pool settings changed do a more complete re-initialization
logger.info(
"Re-initialize repository with latest configuration - including DB pool setting changes.");
DBHelper.closePool(dbURL, pool);
}
init(newConfig);
if (bootRepo != null) {
bootRepo.init(newConfig);
}
existingConfig = newConfig;
logger.debug("Repository service modified");
}
@Override
public Object create() throws HeapException {
JsonValue urlString = config.get("url").required();
URL url = evaluateJsonStaticExpression(urlString).asURL();
String password = evaluate(config.get("password"));
String type = config.get("type").defaultTo(KeyStore.getDefaultType()).asString().toUpperCase();
KeyStore keyStore = null;
InputStream keyInput = null;
try {
keyStore = KeyStore.getInstance(type);
keyInput = url.openStream();
char[] credentials = (password == null) ? null : password.toCharArray();
keyStore.load(keyInput, credentials);
} catch (Exception e) {
throw new HeapException(
format("Cannot load %S KeyStore from %s", type, urlString.asString()), e);
} finally {
closeSilently(keyInput);
}
return keyStore;
}
private void init(JsonValue configuration) {
JsonValue additionalPolicies = configuration.get("additionalFiles");
if (!additionalPolicies.isNull()) {
configuration.remove("additionalFiles");
List<String> list = new ArrayList<String>();
for (JsonValue policy : additionalPolicies) {
try {
list.add(FileUtil.readFile(IdentityServer.getFileForProjectPath(policy.asString())));
} catch (Exception e) {
logger.error("Error loading additional policy script " + policy.asString(), e);
}
}
configuration.add("additionalPolicies", list);
}
}