Managed Beans
Ready-to-use code in Custom script:#
Jans-auth server uses Weld 3.0 (JSR-365 aka CDI 2.0) for managed beans. The most useful functions are implemented through a set of beans which can be re-used in all custom scripts.
Obtaining a bean inside a custom script:#
CdiUtil used to obtain managed beans inside a custom script.
Relevant methods:
| Signature | Description |
|---|---|
| Gets the managed bean belonging to the class passed as parameter |
Usage (jython code): Suppose UserService and AuthenticationService beans have to be referenced in the code, it can be done as below:
from io.jans.as.server.service import UserService
from io.jans.as.server.service import AuthenticationService
...
userService = CdiUtil.bean(UserService)
authenticationService = CdiUtil.bean(AuthenticationService)
Commonly used beans:#
1. AuthenticationService#
Allows to authenticate a user or obtain the current authenticated user
Relevant methods:
| Signature | Description |
|---|---|
boolean authenticate(String userName) |
Performs authentication for the user whose identifier (userName) is passed as parameter |
boolean authenticate(String userName, String password) |
Performs authentication for the user whose identifier (userName) is passed as parameter. The password supplied must be the correct password of the user in question |
User getAuthenticatedUser() |
Returns a representation of the currently authenticated user. null if no user is currently authenticated. See User data object |
Usage:
from io.jans.as.server.service import AuthenticationService
...
#1. authenticate a user using username and password
authenticationService = CdiUtil.bean(AuthenticationService)
logged_in = authenticationService.authenticate(user_name, user_password)
# 2. authenticate method without passing password parameter
logged_in = authenticationService.authenticate(user_name)
#3. obtain an authenticated user
user = authenticationService.getAuthenticatedUser()
userName = user.getUserId()
emailIds = user.getAttribute("oxEmailAlternate")
2. UserService#
Allows CRUD operations for users to the local persistence.
Relevant methods:
| Signature | Description |
|---|---|
User addUser(User user, boolean active) |
Creates a new user based on the representation passed as parameter. active parameter denotes whether user status (gluuStatus attribute) will be active or register |
User addUserAttribute(String userId, String attributeName, String attributeValue) |
Adds an attribute to the user identified by userId in the database with the name and value passed. Returns a representation of the modified user or null in case of failure or if such name/attribute is already part of such user |
boolean addUserAttribute(User user, String attributeName, String attributeValue) |
Adds an attribute to the user object with the name and value passed. This method only alters the user argument and does not persist changes. Returns false if such name/attribute is already part of user |
User addUserAttributeByUserInum(String userInum, String attributeName, String attributeValue) |
Adds an attribute to the user whose inum attribute (in the database) equals to userInum using the name and value passed. Returns a representation of the modified user or null in case of failure or if such name/attribute is already part of such user |
CustomAttribute getCustomAttribute(User user, String attributeName) |
Gets a representation of the attribute whose name is passed for the user in question (user). Returns null if no such attribute is populated |
String getDnForUser(String inum) |
Obtains the DN (distinguished name) of the user whose inum attribute equals to userInum (no check that such user may exist is actually made) |
User getUser(String userId, String... returnAttributes) |
Retrieves a user representation for the user identified with userId containing only the attributes requested (returnAttributes). null is returned if no such user exists |
User getUserByAttribute(String attributeName, String attributeValue) |
Retrieves a user (first available) such that the attribute referenced (attributeName) has the value passed (attributeValue). null is returned if no such user exists |
String getUserInum(String userId) |
Retrieves the inum database attribute for the user identified with userId.null is returned if no such user exists |
User removeUserAttribute(String userId, String attributeName, String attributeValue) |
Removes attributeValue from the values of the attribute whose name is passed (attributeName) for the user identified with userId |
User replaceUserAttribute(String userId, String attributeName, String oldAttributeValue, String newAttributeValue) |
Updates the user identified with userId by replacing the value of the attribute attributeName with the value passed. null is returned if no such user exists |
void setCustomAttribute(User user, String attributeName, String attributeValue) |
Sets the value of the attribute attributeName with the single value attributeValue for the user representation passes as parameter. This method does not persist changes |
User updateUser(User user) |
Updates the user represented by user object in the database |
Usage#
a. Add a user#
from io.jans.as.common.service.common import UserService
from io.jans.orm.model.base import CustomObjectAttribute;
...
new_user = User()
found_user.getCustomAttributes().add(new CustomObjectAttribute("address", Arrays.asList("London", "Texas", "Kiev")));
found_user.getCustomAttributes().add(new CustomObjectAttribute("jansGuid", "test_value"));
found_user.getCustomAttributes().add(new CustomObjectAttribute("birthdate", new Date()));
found_user.getCustomAttributes().add(new CustomObjectAttribute("jansActive", false));
found_user.getCustomAttributes().add(new CustomObjectAttribute("scimCustomThird", 18));
found_user.setUserRole(UserRole.ADMIN);
found_user.setMemberOf(Arrays.asList("group_1", "group_2", "group_3"));
CustomObjectAttribute multiValuedSingleValue = new CustomObjectAttribute("oxExternalUid", "multivalued_single_valued");
multiValuedSingleValue.setMultiValued(true);
foundUser.getCustomAttributes().add(multiValuedSingleValue);
new_user = CdiUtil.bean(UserService).addUser(new_user, True)
b. Add user attributes#
userObject = userService.addUserAttribute(user_name, "oxExternalUid", cert_user_external_uid, true)
c. Get User#
# example 1 - get User by userId
user = userService.getUser(user_name)
# example 2 - get User by User-Id only if attribute oxExternalUid is populated
user = userService.getUser(user_name, "oxExternalUid")
customAttributeValue = userService.getCustomAttribute(user, "oxExternalUid")
d. Get specific User attribute#
status_attribute_value = userService.getCustomAttribute(find_user_by_uid, "gluuStatus")
e. Replace user attributes#
userService.replaceUserAttribute(user_name, "oxOTPCache", cachedOTP, localTotpKey)
f. Remove user attribute#
userService.removeUserAttribute(user.getUserId(),"oxTrustExternalId", "wwpass:%s"%puid)
g. Update users#
found_user = userService.getUser(user_name)
found_user.getCustomAttributes().add(new CustomObjectAttribute("address", Arrays.asList("London", "Texas", "Kiev")));
found_user.getCustomAttributes().add(new CustomObjectAttribute("jansGuid", "test_value"));
found_user.getCustomAttributes().add(new CustomObjectAttribute("birthdate", new Date()));
found_user.getCustomAttributes().add(new CustomObjectAttribute("jansActive", false));
found_user.getCustomAttributes().add(new CustomObjectAttribute("jansActive", false));
found_user.getCustomAttributes().add(new CustomObjectAttribute("scimCustomThird", 18));
found_user.setUserRole(UserRole.ADMIN);
found_user.setMemberOf(Arrays.asList("group_1", "group_2", "group_3"));
userService.updateUser(found_user)
4. User#
A class employed to represent a user entry in the persistence. Provides getters and setters to retrieve and assign value(s) for attributes
5. CustomAttribute#
A class that models an attribute. An attribute has a name and a collection of associated values
6. Identity#
The authentication flow in jans-auth server is stateless and the instance is preserved because the Identity parameters (another name for session parameters) are persisted in databases.
A function in the PersonAuthenticationType script called getExtraParametersForStep should be overridden to include any new session variable. The underlying Jans-auth server takes care of retrieving it, persisting it etc.
def getExtraParametersForStep(self, configurationAttributes, step):
return Arrays.asList("sessionParamName1", "sessionParamName2", "sessionParamName3")
Object getWorkingParameter(String name)|Retrieves a working parameter by name previously set via setWorkingParameter|
|void setWorkingParameter(String name, Object value)|Binds data to a name for further use in an authentication flow. Recommended values to store are Strings|
|SessionId getSessionId()|Retrieves a reference to the associated server session object, see SessionId|
Usage
from io.jans.as.server.security import Identity
identity = CdiUtil.bean(Identity)
#1.
newExpDate = identity.getWorkingParameter("expDate")
#2.
identity.setWorkingParameter("expDate", expDate)
#3.
session_attributes = identity.getSessionId().getSessionAttributes()
session_attributes.containsKey("remote_ip")
8. SessionIdService#
#1. get session
sessionIdservice = CdiUtil.bean(SessionIdService).getSessionId()
#2. update session
sessionIdservice.getSessionAttributes().put(key, value)
sessionIdservice.updateSessionId(session)
9. GrantService#
10. ClientService : Provides operations with clients.#
Usage:
from io.jans.as.server.service import ClientService
clientService = CdiUtil.bean(ClientService)
client = clientService.getClient(clientId)
7. HttpService: HttpService#
Provides utility methods to execute HTTP requests, manipulate responses, etc
Relevant methods:
| Signature | Description |
|---|---|
HttpClient getHttpsClient() |
Returns an instance of org.apache.http.client.HttpClient (see oxcore-util class SslDefaultHttpClient) |
HttpServiceResponse executeGet(HttpClient httpClient, String requestUri) |
Perform a GET on the URI requested. Returns an instance of io.jans.as.server.model.net.HttpServiceResponse (a wrapper on org.apache.http.HttpResponse) |
byte[] getResponseContent(HttpResponse httpResponse) |
Consumes the bytes of the associated response. Returns null if the response status code is not 200 (OK) |
8. CacheService#
Provides a unified means to interact with the underlying cache provider configured in the Jans-auth Server
Relevant methods:
| Signature | Description |
|---|---|
void clear() |
Flushes the whole cache |
Object get(String key) |
Retrieves the value of key in the cache. null if there is no such key present |
void put(int expirationInSeconds, String key, Object object) |
Puts an object in the cache associated to the key passed. An expiration in seconds can be provided |
put(String key, Object object) |
Puts an object in the cache associated to the key passed. The expiration used is the default expiration configured in Gluu |
void remove(String key) |
Removes an entry from the cache |
9. FacesService : Provides utilities to properly build encoded URLs and make redirections. This class is used a great deal in custom scripts#
Relevant methods:
| Signature | Description |
|---|---|
void redirectToExternalURL(String url) |
Redirects the user's browser to the URL passed as parameter |
String encodeParameters(String url, Map<String, Object> parameters) |
Builds a URL by appending query parameters as supplied in parameters map. Every value in the map is properly URL-encoded |
10. FacesMessages#
Allows manipulation of JSF context messages
Relevant methods:
| Signature | Description |
|---|---|
void add(Severity severity, String message) |
Adds a message to the JSF context with the severity (javax.faces.application.FacesMessage.Severity) specified |
void clear() |
Clears the messages of the JSF context |
String evalAsString(String expression) |
Evaluates an EL expression using the JSF context and returns the result as a String |
void setKeepMessages() |
Sets the "keep messages" property of the JSF flash |
11. StringHelper#
Provides many utility methods that often arise in the manipulation of Strings Usage:
from io.jans.util import StringHelper
-
isNotEmptyString#
if StringHelper.isNotEmptyString(user_name): # do something -
equalsIgnoreCase#
if StringHelper.equalsIgnoreCase(authentication_mode, "one_step"): # do something -
isEmpty#
if StringHelper.isEmpty(auth_method): # do something -
split#
allowedClientsListArray = StringHelper.split(allowedClientsList, ",") -
toLowerCase#
remoteAttribute = StringHelper.toLowerCase(remoteAttributesListArray[i]) -
base64urlencode#
StringUtils.base64urlencode(input);
13. EncryptionService#
Allows to encrypt/decrypt strings using a 3DES cipher whose salt is found in /etc/jans/conf/salt
Relevant methods:
| Signature | Description |
|---|---|
| String decrypt(String encryptedString) | Decrypts the encrypted string supplied |
| Properties decryptAllProperties(Properties connectionProperties) | Returns a java.util.Properties object with all decrypted values found in connectionProperties |
String encrypt(String unencryptedString) |
Encrypts the string supplied |
Usage:#
from io.jans.as.common.service.common import EncryptionService
....
encryptionService = CdiUtil.bean(EncryptionService)
pwd_decrypted = encryptionService.decrypt("stringtobedecrypted")
14. Base64Util#
Usage:
from io.jans.as.model.util import Base64Util
....
Base64Util.base64urldecodeToString(input_string)
Base64Util.base64urlencode(input_string.encode('utf-8')));
Last update:
2023-05-22
Created: 2022-08-17
Created: 2022-08-17
