Groovy script examples
The following examples show possible uses for Groovy scripts.
OAuth Policy context example
In some instances, it might be necessary to transmit identity information to sites to provide details of the user attempting to access a site. In such instances, Groovy scripts can be used to inject identity information into various portions of the HTTP request to the target.
In this example, the site is expecting the identity of the user to be conveyed through the User
HTTP header. This can be accomplished using the OAuth Groovy script rule and the following Groovy script.
user=policyCtx?.context.get("oauth_token")?.attributes?.get("user")?.get(0)
exc?.request?.header?.add("User", "$user")
pass()
- More complex Groovy script logic
-
test = exc?.request?.header?.getFirstValue("test"); if(test != null && test.equals("foo")) { //rule will fail evaluation if Test header has value 'foo' fail() } else { //rule will pass evaluation is Test header has value of anything else //or isn't present pass() }
- Set an exchange property named
com.pingidentity.policy.error.info
-
This value will be available for the
$info
variable in error templates when an error is encountered. You can set the$info
variable using a Groovy Script rule or an OAuth Groovy script rule.exc?.setProperty("com.pingidentity.policy.error.info", "this value will be passed to the template in $info variable") not(anything())
- Create a whitelisting rule for certain characters
-
if (!exc?.request?.uri?.matches("[\\p{Po}\\p{N}\\p{Z}\\p{L}\\p{M}\\p{Zs}\\./_\\-\\()\\{\\}\\[\\]]*")) { fail() } else { pass() }
- Add a cookie to the response
-
// Construct the cookie value value = "cookie-value" cookieHeaderFieldValue = "ResponseTestCookie=${value}; Path=/" // Add the cookie on to the response exc?.response?.header?.add("Set-Cookie", cookieHeaderFieldValue) pass()
- Combine an
AND
andOR
, invoking an existing rule matcher -
if ((anyOf(containsWebSessionAttribute("engineering", "true"), containsWebSessionAttribute("marketing", "true")) && (containsWebSessionAttribute("manager", "true"))) {pass() } else{ fail() }