Attribute Release Policy - Script Engines

Usage

This feature is deprecated and is scheduled to be removed in the future.

Use alternative script engine implementations and other programming languages to configure attribute release policies. This approach takes advantage of scripting functionality built into the Java platform via additional libraries and drivers. While Groovy should be natively supported by CAS, the following module is required in the overlay to include support for additional languages such as Python, etc.

1
2
3
4
5

<dependency>
    <groupId>org.apereo.cas</groupId>
    <artifactId>cas-server-support-script-engines</artifactId>
    <version>${cas.version}</version>
</dependency>

1

implementation "org.apereo.cas:cas-server-support-script-engines:${project.'cas.version'}"

1
2
3
4
5
6
7
8
9

dependencyManagement {
    imports {
        mavenBom "org.apereo.cas:cas-server-support-bom:${project.'cas.version'}"
    }
}

dependencies {
    implementation "org.apereo.cas:cas-server-support-script-engines"
}

1
2
3
4
5
6
7
8
9
10

dependencies {
    /*
    The following platform references should be included automatically and are listed here for reference only.
            
    implementation enforcedPlatform("org.apereo.cas:cas-server-support-bom:${project.'cas.version'}")
    implementation platform(org.springframework.boot.gradle.plugin.SpringBootPlugin.BOM_COORDINATES)
    */

    implementation "org.apereo.cas:cas-server-support-script-engines"
}

The service definition then may be designed as:

1
2
3
4
5
6
7
8
9
10

{
  "@class" : "org.apereo.cas.services.CasRegisteredService",
  "serviceId" : "sample",
  "name" : "sample",
  "id" : 300,
  "attributeReleasePolicy" : {
    "@class" : "org.apereo.cas.services.ScriptedRegisteredServiceAttributeReleasePolicy",
    "scriptFile" : "classpath:/script.[py|js|groovy]"
  }
}

The configuration of this component qualifies to use the Spring Expression Language syntax. The scripts need to design a run function that receives a list of parameters. The collection of current attributes in process as well as a logger object are passed to this function. The result must produce a map whose keys are attributes names and whose values are a list of attribute values.

As an example, the script itself may be designed in Groovy as:

1
2
3
4
5
6
7
8
9

import java.util.*

def Map<String, List<Object>> run(final Object... args) {
    def currentAttributes = args[0]
    def logger = args[1]

    logger.debug("Current attributes received are {}", currentAttributes)
    return[username:["something"], likes:["cheese", "food"], id:[1234,2,3,4,5], another:"attribute"]
}

Here’s the same script written in Python:

1
2
3
4
5

def run(*Params):
  Attributes = Params[0]
  Logger = Params[1]
  # Calculate attributes and return a new dictionary of attributes...
  return ...

You are also allowed to stuff inlined groovy scripts into the scriptFile attribute. The script has access to the collection of resolved attributes as well as a logger object.

1
2
3
4
5
6
7
8
9
10

{
  "@class" : "org.apereo.cas.services.CasRegisteredService",
  "serviceId" : "sample",
  "name" : "sample",
  "id" : 300,
  "attributeReleasePolicy" : {
    "@class" : "org.apereo.cas.services.ScriptedRegisteredServiceAttributeReleasePolicy",
    "scriptFile" : "groovy { return attributes }"
  }
}