Attribute Release Policy - Groovy Script
Let an external Groovy script decide how principal attributes should be released. The configuration of this component qualifies to use the Spring Expression Language syntax.
1
2
3
4
5
6
7
8
9
10
{
"@class" : "org.apereo.cas.services.CasRegisteredService",
"serviceId" : "sample",
"name" : "sample",
"id" : 300,
"attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.GroovyScriptAttributeReleasePolicy",
"groovyScript" : "classpath:/script.groovy"
}
}
The script itself may be designed in Groovy as:
1
2
3
4
5
6
7
8
9
10
11
import java.util.*
def run(final Object... args) {
def currentAttributes = args[0]
def logger = args[1]
def principal = args[2]
def service = args[3]
logger.debug("Current attributes received are {}", currentAttributes)
return [username:["something"], likes:["cheese", "food"], id:[1234,2,3,4,5], another:"attribute"]
}
Usage Warning
Activating this policy is not without cost, as CAS needs to evaluate the inline script, compile and run it for subsequent executions. While the compiled script is cached and should help with execution performance, as a general rule, you should avoid opting for and designing complicated scripts.
The following parameters are passed to the script:
| Parameter | Description |
|---|---|
currentAttributes |
Map of attributes currently resolved and available for release. |
logger |
The object responsible for issuing log messages such as logger.info(...). |
principal |
The object representing the authenticated principal. |
service |
The object representing the corresponding service definition in the registry. |