The following examples show possible uses for Groovy scripts.
OAuth Policy context example
In some instances, it might be necessary to transmit identity information to sites to
provide details of the user attempting to access a site. In such instances, Groovy scripts
can be used to inject identity information into various portions of the HTTP request to the target. In this example, the site is expecting the identity
of the user to be conveyed through the User
HTTP header. This can be accomplished using the OAuth Groovy script rule and the following Groovy script.
user=policyCtx?.context.get("oauth_token")?.attributes?.get("user")?.get(0)
exc?.request?.header?.add("User", "$user")
pass()
The following is more complex Groovy script logic.
test = exc?.request?.header?.getFirstValue("test");
if(test != null && test.equals("foo"))
{
//rule will fail evaluation if Test header has value 'foo'
fail()
}
else
{
//rule will pass evaluation is Test header has value of anything else
//or isn't present
pass()
}
Set an exchange property named com.pingidentity.policy.error.info
so the
value will be available for the $info
variable in error templates when an
error is encountered. The $info
variable can be set by a Groovy Script rule
or an OAuth Groovy script rule.
exc?.setProperty("com.pingidentity.policy.error.info", "this value will be passed to the template in $info variable")
not(anything())
Create a whitelisting rule for certain characters.
if (!exc?.request?.uri?.matches("[\\p{Po}\\p{N}\\p{Z}\\p{L}\\p{M}\\p{Zs}\\./_\\-\\()\\{\\}\\[\\]]*"))
{
fail()
}
else
{
pass()
}
Add a cookie to the response.
// Construct the cookie value
value = "cookie-value"
cookieHeaderFieldValue = "ResponseTestCookie=${value}; Path=/"
// Add the cookie on to the response
exc?.response?.header?.add("Set-Cookie", cookieHeaderFieldValue)
pass()
Combine an AND
and OR
, invoking an existing rule
matcher.
if ((anyOf(containsWebSessionAttribute("engineering", "true"), containsWebSessionAttribute("marketing", "true")) && (containsWebSessionAttribute("manager", "true")))
{pass()
}
else{
fail()
}