Groovy script examples
The following examples show possible uses for Groovy scripts.
OAuth Policy context example
In some instances, it might be necessary to transmit identity information to sites to provide details of the user attempting to access a site. In such instances, Groovy scripts can be used to inject identity information into various portions of the HTTP request to the target.
In this example, the site is expecting the identity of the user to be conveyed through the User
HTTP header. You can accomplish this using the OAuth Groovy script rule and the following Groovy script:
user=policyCtx?.context.get("oauth_token")?.attributes?.get("user")?.get(0) exc?.request?.header?.add("User", "$user") pass()
- More complex Groovy script logic
-
test = exc?.request?.header?.getFirstValue("test"); if(test != null && test.equals("foo")) { //rule will fail evaluation if Test header has value 'foo' fail() } else { //rule will pass evaluation is Test header has value of anything else //or isn't present pass() }
- Set an exchange property named
com.pingidentity.policy.error.info
-
This value will be available for the
$info
variable in error templates when an error is encountered. The$info
variable can be set by a Groovy Script rule or an OAuth Groovy script rule.exc?.setProperty("com.pingidentity.policy.error.info", "this value will be passed to the template in $info variable") not(anything())
- Create a whitelisting rule for certain characters
-
if (!exc?.request?.uri?.matches("[\\p{Po}\\p{N}\\p{Z}\\p{L}\\p{M}\\p{Zs}\\./_\\-\\()\\{\\}\\[\\]]*")) { fail() } else { pass() }
- Add a cookie to the response
-
// Construct the cookie value value = "cookie-value" cookieHeaderFieldValue = "ResponseTestCookie=${value}; Path=/" // Add the cookie on to the response exc?.response?.header?.add("Set-Cookie", cookieHeaderFieldValue) pass()
- Combine an
AND
andOR
, invoking an existing rule matcher -
if ((anyOf(containsWebSessionAttribute("engineering", "true"), containsWebSessionAttribute("marketing", "true")) && (containsWebSessionAttribute("manager", "true"))) {pass() } else{ fail() }