Managed Beans#
Ready-to-use code in Custom script:#
Jans-auth server uses Weld 3.0 (JSR-365 aka CDI 2.0) for managed beans. The most useful functions are implemented through a set of beans which can be re-used in all custom scripts.
Obtaining a bean inside a custom script:#
CdiUtil used to obtain managed beans inside a custom script.
Relevant methods:
| Signature | Description | 
|---|---|
| Gets the managed bean belonging to the class passed as parameter | 
Usage (jython code): Suppose UserService and AuthenticationService beans have to be referenced in the code, it can be done as below:
from io.jans.as.server.service import UserService
from io.jans.as.server.service import AuthenticationService
...
userService = CdiUtil.bean(UserService)
authenticationService = CdiUtil.bean(AuthenticationService)
Commonly used beans:#
1. AuthenticationService#
Allows to authenticate a user or obtain the current authenticated user
Relevant methods:
| Signature | Description | 
|---|---|
| boolean authenticate(String userName) | Performs authentication for the user whose identifier ( userName) is passed as parameter | 
| boolean authenticate(String userName, String password) | Performs authentication for the user whose identifier ( userName) is passed as parameter. Thepasswordsupplied must be the correct password of the user in question | 
| User getAuthenticatedUser() | Returns a representation of the currently authenticated user. nullif no user is currently authenticated. See User data object | 
Usage:
from io.jans.as.server.service import AuthenticationService
...
#1. authenticate a user using username and password
authenticationService = CdiUtil.bean(AuthenticationService)
logged_in = authenticationService.authenticate(user_name, user_password)
# 2. authenticate method without passing password parameter
logged_in = authenticationService.authenticate(user_name)
#3. obtain an authenticated user
user = authenticationService.getAuthenticatedUser()
userName = user.getUserId()
emailIds = user.getAttribute("oxEmailAlternate")
2. UserService#
Allows CRUD operations for users to the local persistence.
Relevant methods:
| Signature | Description | 
|---|---|
| User addUser(User user, boolean active) | Creates a new user based on the representation passed as parameter. activeparameter denotes whether user status (gluuStatusattribute) will beactiveorregister | 
| User addUserAttribute(String userId, String attributeName, String attributeValue) | Adds an attribute to the user identified by userIdin the database with the name and value passed. Returns a representation of the modified user ornullin case of failure or if such name/attribute is already part of such user | 
| boolean addUserAttribute(User user, String attributeName, String attributeValue) | Adds an attribute to the userobject with the name and value passed. This method only alters theuserargument and does not persist changes. Returnsfalseif such name/attribute is already part ofuser | 
| User addUserAttributeByUserInum(String userInum, String attributeName, String attributeValue) | Adds an attribute to the user whose inumattribute (in the database) equals touserInumusing the name and value passed. Returns a representation of the modified user ornullin case of failure or if such name/attribute is already part of such user | 
| CustomAttribute getCustomAttribute(User user, String attributeName) | Gets a representation of the attribute whose name is passed for the user in question ( user). Returnsnullif no such attribute is populated | 
| String getDnForUser(String inum) | Obtains the DN (distinguished name) of the user whose inumattribute equals touserInum(no check that such user may exist is actually made) | 
| User getUser(String userId, String... returnAttributes) | Retrieves a user representation for the user identified with userIdcontaining only the attributes requested (returnAttributes).nullis returned if no such user exists | 
| User getUserByAttribute(String attributeName, String attributeValue) | Retrieves a user (first available) such that the attribute referenced ( attributeName) has the value passed (attributeValue).nullis returned if no such user exists | 
| String getUserInum(String userId) | Retrieves the inumdatabase attribute for the user identified withuserId.nullis returned if no such user exists | 
| User removeUserAttribute(String userId, String attributeName, String attributeValue) | Removes attributeValuefrom the values of the attribute whose name is passed (attributeName) for the user identified withuserId | 
| User replaceUserAttribute(String userId, String attributeName, String oldAttributeValue, String newAttributeValue) | Updates the user identified with userIdby replacing the value of the attributeattributeNamewith the value passed.nullis returned if no such user exists | 
| void setCustomAttribute(User user, String attributeName, String attributeValue) | Sets the value of the attribute attributeNamewith the single valueattributeValuefor the user representation passes as parameter. This method does not persist changes | 
| User updateUser(User user) | Updates the user represented by userobject in the database | 
Usage#
a. Add a user#
from  io.jans.as.common.service.common import UserService
from io.jans.orm.model.base import CustomObjectAttribute;
...
new_user = User()
found_user.getCustomAttributes().add(new CustomObjectAttribute("address", Arrays.asList("London", "Texas", "Kiev")));
found_user.getCustomAttributes().add(new CustomObjectAttribute("jansGuid", "test_value"));
found_user.getCustomAttributes().add(new CustomObjectAttribute("birthdate", new Date()));
found_user.getCustomAttributes().add(new CustomObjectAttribute("jansActive", false));
found_user.getCustomAttributes().add(new CustomObjectAttribute("scimCustomThird", 18));
found_user.setUserRole(UserRole.ADMIN);
found_user.setMemberOf(Arrays.asList("group_1", "group_2", "group_3"));
CustomObjectAttribute multiValuedSingleValue = new CustomObjectAttribute("oxExternalUid", "multivalued_single_valued");
multiValuedSingleValue.setMultiValued(true);
foundUser.getCustomAttributes().add(multiValuedSingleValue);
new_user = CdiUtil.bean(UserService).addUser(new_user, True)
b. Add user attributes#
userObject = userService.addUserAttribute(user_name, "oxExternalUid", cert_user_external_uid, true)
c. Get User#
# example 1 - get User by userId
user = userService.getUser(user_name)
# example 2 - get User by User-Id only if attribute oxExternalUid is populated
user = userService.getUser(user_name, "oxExternalUid")
customAttributeValue = userService.getCustomAttribute(user, "oxExternalUid")
d. Get specific User attribute#
status_attribute_value = userService.getCustomAttribute(find_user_by_uid, "gluuStatus")
e. Replace user attributes#
userService.replaceUserAttribute(user_name, "oxOTPCache", cachedOTP, localTotpKey)
f. Remove user attribute#
userService.removeUserAttribute(user.getUserId(),"oxTrustExternalId", "wwpass:%s"%puid)
g. Update users#
found_user = userService.getUser(user_name)
found_user.getCustomAttributes().add(new CustomObjectAttribute("address", Arrays.asList("London", "Texas", "Kiev")));
found_user.getCustomAttributes().add(new CustomObjectAttribute("jansGuid", "test_value"));
found_user.getCustomAttributes().add(new CustomObjectAttribute("birthdate", new Date()));
found_user.getCustomAttributes().add(new CustomObjectAttribute("jansActive", false));
found_user.getCustomAttributes().add(new CustomObjectAttribute("jansActive", false));
found_user.getCustomAttributes().add(new CustomObjectAttribute("scimCustomThird", 18));
found_user.setUserRole(UserRole.ADMIN);
found_user.setMemberOf(Arrays.asList("group_1", "group_2", "group_3"));
userService.updateUser(found_user)
4. User#
A class employed to represent a user entry in the persistence. Provides getters and setters to retrieve and assign value(s) for attributes
5. CustomAttribute#
A class that models an attribute. An attribute has a name and a collection of associated values
6. Identity#
The authentication flow in jans-auth server is stateless and the instance is preserved because the Identity parameters (another name for session parameters) are persisted in databases.
A function in the PersonAuthenticationType script called getExtraParametersForStep should be overridden to include any new session variable. The underlying Jans-auth server takes care of retrieving it, persisting it etc.
def getExtraParametersForStep(self, configurationAttributes, step):
       return Arrays.asList("sessionParamName1", "sessionParamName2", "sessionParamName3")
Object getWorkingParameter(String name)|Retrieves a working parameter by name previously set via setWorkingParameter|
|void setWorkingParameter(String name, Object value)|Binds data to a name for further use in an authentication flow. Recommended values to store are Strings|
|SessionId getSessionId()|Retrieves a reference to the associated server session object, see SessionId|
Usage
from io.jans.as.server.security import Identity
identity = CdiUtil.bean(Identity)
#1.
newExpDate = identity.getWorkingParameter("expDate")
#2.
identity.setWorkingParameter("expDate", expDate)
#3.
session_attributes = identity.getSessionId().getSessionAttributes()
session_attributes.containsKey("remote_ip")
8. SessionIdService#
#1. get session
sessionIdservice = CdiUtil.bean(SessionIdService).getSessionId()
#2. update session
sessionIdservice.getSessionAttributes().put(key, value)
sessionIdservice.updateSessionId(session)
9. GrantService#
10. ClientService : Provides operations with clients.#
Usage:
from io.jans.as.server.service import ClientService
clientService = CdiUtil.bean(ClientService)
client = clientService.getClient(clientId)
7. HttpService: HttpService#
Provides utility methods to execute HTTP requests, manipulate responses, etc
Relevant methods:
| Signature | Description | 
|---|---|
| HttpClient getHttpsClient() | Returns an instance of org.apache.http.client.HttpClient(see oxcore-util class SslDefaultHttpClient) | 
| HttpServiceResponse executeGet(HttpClient httpClient, String requestUri) | Perform a GET on the URI requested. Returns an instance of io.jans.as.server.model.net.HttpServiceResponse  (a wrapper on org.apache.http.HttpResponse) | 
| byte[] getResponseContent(HttpResponse httpResponse) | Consumes the bytes of the associated response. Returns nullif the response status code is not 200 (OK) | 
8. CacheService#
Provides a unified means to interact with the underlying cache provider configured in the Jans-auth Server
Relevant methods:
| Signature | Description | 
|---|---|
| void clear() | Flushes the whole cache | 
| Object get(String key) | Retrieves the value of keyin the cache.nullif there is no such key present | 
| void put(int expirationInSeconds, String key, Object object) | Puts an object in the cache associated to the key passed. An expiration in seconds can be provided | 
| put(String key, Object object) | Puts an object in the cache associated to the key passed. The expiration used is the default expiration configured in Gluu | 
| void remove(String key) | Removes an entry from the cache | 
9. FacesService : Provides utilities to properly build encoded URLs and make redirections. This class is used a great deal in custom scripts#
Relevant methods:
| Signature | Description | 
|---|---|
| void redirectToExternalURL(String url) | Redirects the user's browser to the URL passed as parameter | 
| String encodeParameters(String url, Map<String, Object> parameters) | Builds a URL by appending query parameters as supplied in parametersmap. Every value in the map is properly URL-encoded | 
10. FacesMessages#
Allows manipulation of JSF context messages
Relevant methods:
| Signature | Description | 
|---|---|
| void add(Severity severity, String message) | Adds a message to the JSF context with the severity ( javax.faces.application.FacesMessage.Severity) specified | 
| void clear() | Clears the messages of the JSF context | 
| String evalAsString(String expression) | Evaluates an EL expression using the JSF context and returns the result as a String | 
| void setKeepMessages() | Sets the "keep messages" property of the JSF flash | 
11. StringHelper#
Provides many utility methods that often arise in the manipulation of Strings Usage:
from io.jans.util import StringHelper
- 
isNotEmptyString#if StringHelper.isNotEmptyString(user_name): # do something
- 
equalsIgnoreCase#if StringHelper.equalsIgnoreCase(authentication_mode, "one_step"): # do something
- 
isEmpty#if StringHelper.isEmpty(auth_method): # do something
- 
split#allowedClientsListArray = StringHelper.split(allowedClientsList, ",")
- 
toLowerCase#remoteAttribute = StringHelper.toLowerCase(remoteAttributesListArray[i])
- 
base64urlencode#StringUtils.base64urlencode(input);
13. EncryptionService#
Allows to encrypt/decrypt strings using a 3DES cipher whose salt is found in /etc/jans/conf/salt
Relevant methods:
| Signature | Description | 
|---|---|
| String decrypt(String encryptedString) | Decrypts the encrypted string supplied | 
| Properties decryptAllProperties(Properties connectionProperties) | Returns a java.util.Propertiesobject with all decrypted values found inconnectionProperties | 
| String encrypt(String unencryptedString) | Encrypts the string supplied | 
Usage:#
from io.jans.as.common.service.common import EncryptionService
....
encryptionService = CdiUtil.bean(EncryptionService)
pwd_decrypted = encryptionService.decrypt("stringtobedecrypted")
14. Base64Util#
Usage:
from io.jans.as.model.util import Base64Util
....
Base64Util.base64urldecodeToString(input_string)
Base64Util.base64urlencode(input_string.encode('utf-8')));
Created: 2022-08-17
