Skip to content

Managed Beans

Ready-to-use code in Custom script:#

Jans-auth server uses Weld 3.0 (JSR-365 aka CDI 2.0) for managed beans. The most useful functions are implemented through a set of beans which can be re-used in all custom scripts.

Obtaining a bean inside a custom script:#

CdiUtil used to obtain managed beans inside a custom script.

Relevant methods:

Signature Description
T bean(Class clazz) Gets the managed bean belonging to the class passed as parameter

Usage (jython code): Suppose UserService and AuthenticationService beans have to be referenced in the code, it can be done as below:

from io.jans.as.server.service import UserService
from io.jans.as.server.service import AuthenticationService
...
userService = CdiUtil.bean(UserService)
authenticationService = CdiUtil.bean(AuthenticationService)

Commonly used beans:#

1. AuthenticationService#

Allows to authenticate a user or obtain the current authenticated user
Relevant methods:

Signature Description
boolean authenticate(String userName) Performs authentication for the user whose identifier (userName) is passed as parameter
boolean authenticate(String userName, String password) Performs authentication for the user whose identifier (userName) is passed as parameter. The password supplied must be the correct password of the user in question
User getAuthenticatedUser() Returns a representation of the currently authenticated user. null if no user is currently authenticated. See User data object

Usage:

from io.jans.as.server.service import AuthenticationService
...

#1. authenticate a user using username and password
authenticationService = CdiUtil.bean(AuthenticationService)
logged_in = authenticationService.authenticate(user_name, user_password)

# 2. authenticate method without passing password parameter
logged_in = authenticationService.authenticate(user_name)

#3. obtain an authenticated user
user = authenticationService.getAuthenticatedUser()
userName = user.getUserId()
emailIds = user.getAttribute("oxEmailAlternate")

2. UserService#

Allows CRUD operations for users to the local persistence.

Relevant methods:

Signature Description
User addUser(User user, boolean active) Creates a new user based on the representation passed as parameter. active parameter denotes whether user status (gluuStatus attribute) will be active or register
User addUserAttribute(String userId, String attributeName, String attributeValue) Adds an attribute to the user identified by userId in the database with the name and value passed. Returns a representation of the modified user or null in case of failure or if such name/attribute is already part of such user
boolean addUserAttribute(User user, String attributeName, String attributeValue) Adds an attribute to the user object with the name and value passed. This method only alters the user argument and does not persist changes. Returns false if such name/attribute is already part of user
User addUserAttributeByUserInum(String userInum, String attributeName, String attributeValue) Adds an attribute to the user whose inum attribute (in the database) equals to userInum using the name and value passed. Returns a representation of the modified user or null in case of failure or if such name/attribute is already part of such user
CustomAttribute getCustomAttribute(User user, String attributeName) Gets a representation of the attribute whose name is passed for the user in question (user). Returns null if no such attribute is populated
String getDnForUser(String inum) Obtains the DN (distinguished name) of the user whose inum attribute equals to userInum (no check that such user may exist is actually made)
User getUser(String userId, String... returnAttributes) Retrieves a user representation for the user identified with userId containing only the attributes requested (returnAttributes). null is returned if no such user exists
User getUserByAttribute(String attributeName, String attributeValue) Retrieves a user (first available) such that the attribute referenced (attributeName) has the value passed (attributeValue). null is returned if no such user exists
String getUserInum(String userId) Retrieves the inum database attribute for the user identified with userId.null is returned if no such user exists
User removeUserAttribute(String userId, String attributeName, String attributeValue) Removes attributeValue from the values of the attribute whose name is passed (attributeName) for the user identified with userId
User replaceUserAttribute(String userId, String attributeName, String oldAttributeValue, String newAttributeValue) Updates the user identified with userId by replacing the value of the attribute attributeName with the value passed. null is returned if no such user exists
void setCustomAttribute(User user, String attributeName, String attributeValue) Sets the value of the attribute attributeName with the single value attributeValue for the user representation passes as parameter. This method does not persist changes
User updateUser(User user) Updates the user represented by user object in the database

Usage#

a. Add a user#

from  io.jans.as.common.service.common import UserService
from io.jans.orm.model.base import CustomObjectAttribute;
...

new_user = User()
found_user.getCustomAttributes().add(new CustomObjectAttribute("address", Arrays.asList("London", "Texas", "Kiev")));
found_user.getCustomAttributes().add(new CustomObjectAttribute("jansGuid", "test_value"));
found_user.getCustomAttributes().add(new CustomObjectAttribute("birthdate", new Date()));
found_user.getCustomAttributes().add(new CustomObjectAttribute("jansActive", false));
found_user.getCustomAttributes().add(new CustomObjectAttribute("scimCustomThird", 18));
found_user.setUserRole(UserRole.ADMIN);
found_user.setMemberOf(Arrays.asList("group_1", "group_2", "group_3"));

CustomObjectAttribute multiValuedSingleValue = new CustomObjectAttribute("oxExternalUid", "multivalued_single_valued");
multiValuedSingleValue.setMultiValued(true);
foundUser.getCustomAttributes().add(multiValuedSingleValue);

new_user = CdiUtil.bean(UserService).addUser(new_user, True)

b. Add user attributes#

userObject = userService.addUserAttribute(user_name, "oxExternalUid", cert_user_external_uid, true)

c. Get User#

# example 1 - get User by userId
user = userService.getUser(user_name)

# example 2 - get User by User-Id only if attribute oxExternalUid is populated
user = userService.getUser(user_name, "oxExternalUid")
customAttributeValue = userService.getCustomAttribute(user, "oxExternalUid")

d. Get specific User attribute#

status_attribute_value = userService.getCustomAttribute(find_user_by_uid, "gluuStatus")

e. Replace user attributes#

userService.replaceUserAttribute(user_name, "oxOTPCache", cachedOTP, localTotpKey)

f. Remove user attribute#

userService.removeUserAttribute(user.getUserId(),"oxTrustExternalId", "wwpass:%s"%puid)

g. Update users#

found_user = userService.getUser(user_name)

found_user.getCustomAttributes().add(new CustomObjectAttribute("address", Arrays.asList("London", "Texas", "Kiev")));
found_user.getCustomAttributes().add(new CustomObjectAttribute("jansGuid", "test_value"));
found_user.getCustomAttributes().add(new CustomObjectAttribute("birthdate", new Date()));
found_user.getCustomAttributes().add(new CustomObjectAttribute("jansActive", false));
found_user.getCustomAttributes().add(new CustomObjectAttribute("jansActive", false));
found_user.getCustomAttributes().add(new CustomObjectAttribute("scimCustomThird", 18));
found_user.setUserRole(UserRole.ADMIN);
found_user.setMemberOf(Arrays.asList("group_1", "group_2", "group_3"));

userService.updateUser(found_user)

4. User#

A class employed to represent a user entry in the persistence. Provides getters and setters to retrieve and assign value(s) for attributes

5. CustomAttribute#

A class that models an attribute. An attribute has a name and a collection of associated values

6. Identity#

The authentication flow in jans-auth server is stateless and the instance is preserved because the Identity parameters (another name for session parameters) are persisted in databases. A function in the PersonAuthenticationType script called getExtraParametersForStep should be overridden to include any new session variable. The underlying Jans-auth server takes care of retrieving it, persisting it etc.

def getExtraParametersForStep(self, configurationAttributes, step):
       return Arrays.asList("sessionParamName1", "sessionParamName2", "sessionParamName3")
Bean details: |Signature|Description| |-|-| |Object getWorkingParameter(String name)|Retrieves a working parameter by name previously set via setWorkingParameter| |void setWorkingParameter(String name, Object value)|Binds data to a name for further use in an authentication flow. Recommended values to store are Strings| |SessionId getSessionId()|Retrieves a reference to the associated server session object, see SessionId|

Usage

from io.jans.as.server.security import Identity
identity = CdiUtil.bean(Identity)

#1.
newExpDate = identity.getWorkingParameter("expDate")

#2.
identity.setWorkingParameter("expDate", expDate)

#3.
session_attributes = identity.getSessionId().getSessionAttributes()
session_attributes.containsKey("remote_ip")

8. SessionIdService#

#1. get session
sessionIdservice = CdiUtil.bean(SessionIdService).getSessionId()

#2. update session

sessionIdservice.getSessionAttributes().put(key, value)
sessionIdservice.updateSessionId(session)

9. GrantService#

10. ClientService : Provides operations with clients.#

Usage:

from io.jans.as.server.service import ClientService

clientService = CdiUtil.bean(ClientService)
client = clientService.getClient(clientId)

7. HttpService: HttpService#

Provides utility methods to execute HTTP requests, manipulate responses, etc

Relevant methods:

Signature Description
HttpClient getHttpsClient() Returns an instance of org.apache.http.client.HttpClient (see oxcore-util class SslDefaultHttpClient)
HttpServiceResponse executeGet(HttpClient httpClient, String requestUri) Perform a GET on the URI requested. Returns an instance of io.jans.as.server.model.net.HttpServiceResponse (a wrapper on org.apache.http.HttpResponse)
byte[] getResponseContent(HttpResponse httpResponse) Consumes the bytes of the associated response. Returns null if the response status code is not 200 (OK)

8. CacheService#

Provides a unified means to interact with the underlying cache provider configured in the Jans-auth Server

Relevant methods:

Signature Description
void clear() Flushes the whole cache
Object get(String key) Retrieves the value of key in the cache. null if there is no such key present
void put(int expirationInSeconds, String key, Object object) Puts an object in the cache associated to the key passed. An expiration in seconds can be provided
put(String key, Object object) Puts an object in the cache associated to the key passed. The expiration used is the default expiration configured in Gluu
void remove(String key) Removes an entry from the cache

9. FacesService : Provides utilities to properly build encoded URLs and make redirections. This class is used a great deal in custom scripts#

Relevant methods:

Signature Description
void redirectToExternalURL(String url) Redirects the user's browser to the URL passed as parameter
String encodeParameters(String url, Map<String, Object> parameters) Builds a URL by appending query parameters as supplied in parameters map. Every value in the map is properly URL-encoded

10. FacesMessages#

Allows manipulation of JSF context messages

Relevant methods:

Signature Description
void add(Severity severity, String message) Adds a message to the JSF context with the severity (javax.faces.application.FacesMessage.Severity) specified
void clear() Clears the messages of the JSF context
String evalAsString(String expression) Evaluates an EL expression using the JSF context and returns the result as a String
void setKeepMessages() Sets the "keep messages" property of the JSF flash

11. StringHelper#

Provides many utility methods that often arise in the manipulation of Strings Usage:

from io.jans.util import StringHelper
  1. isNotEmptyString#

    if StringHelper.isNotEmptyString(user_name):
      # do something
    
  2. equalsIgnoreCase#

    if StringHelper.equalsIgnoreCase(authentication_mode, "one_step"):
      # do something
    
  3. isEmpty#

    if StringHelper.isEmpty(auth_method):
      # do something
    
  4. split#

    allowedClientsListArray = StringHelper.split(allowedClientsList, ",")
    
  5. toLowerCase#

    remoteAttribute = StringHelper.toLowerCase(remoteAttributesListArray[i])
    
  6. base64urlencode#

    StringUtils.base64urlencode(input);
    

13. EncryptionService#

Allows to encrypt/decrypt strings using a 3DES cipher whose salt is found in /etc/jans/conf/salt

Relevant methods:

Signature Description
String decrypt(String encryptedString) Decrypts the encrypted string supplied
Properties decryptAllProperties(Properties connectionProperties) Returns a java.util.Properties object with all decrypted values found in connectionProperties
String encrypt(String unencryptedString) Encrypts the string supplied

Usage:#

from io.jans.as.common.service.common import EncryptionService
....

encryptionService = CdiUtil.bean(EncryptionService)
pwd_decrypted = encryptionService.decrypt("stringtobedecrypted")

14. Base64Util#

Usage:

from io.jans.as.model.util import Base64Util
....

Base64Util.base64urldecodeToString(input_string)

Base64Util.base64urlencode(input_string.encode('utf-8')));

Last update: 2024-09-27
Created: 2022-08-17