001/* 002 * The contents of this file are subject to the terms of the Common Development and 003 * Distribution License (the License). You may not use this file except in compliance with the 004 * License. 005 * 006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the 007 * specific language governing permission and limitations under the License. 008 * 009 * When distributing Covered Software, include this CDDL Header Notice in each file and include 010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL 011 * Header, with the fields enclosed by brackets [] replaced by your own identifying 012 * information: "Portions copyright [year] [name of copyright owner]". 013 * 014 * Copyright 2014-2015 ForgeRock AS. 015 */ 016package org.forgerock.openig.filter; 017 018import static org.forgerock.openig.el.Bindings.bindings; 019 020import org.forgerock.http.Filter; 021import org.forgerock.http.Handler; 022import org.forgerock.http.protocol.Request; 023import org.forgerock.http.protocol.Response; 024import org.forgerock.openig.heap.Heap; 025import org.forgerock.openig.heap.HeapException; 026import org.forgerock.openig.script.AbstractScriptableHeapObject; 027import org.forgerock.openig.script.Script; 028import org.forgerock.services.context.Context; 029import org.forgerock.util.promise.NeverThrowsException; 030import org.forgerock.util.promise.Promise; 031 032/** 033 * A scriptable filter. This filter acts as a simple wrapper around the 034 * scripting engine. Scripts are provided with the following variable bindings: 035 * <ul> 036 * <li>{@link java.util.Map globals} - the Map of global variables which persist across 037 * successive invocations of the script 038 * <li>{@link org.forgerock.services.context.Context context} - the associated request context 039 * <li>{@link Request request} - the HTTP request 040 * <li>{@link org.forgerock.http.Client http} - an HTTP client which may be used for 041 * performing outbound HTTP requests 042 * <li>{@link org.forgerock.openig.ldap.LdapClient ldap} - an OpenIG LDAP client which may be used for 043 * performing LDAP requests such as LDAP authentication 044 * <li>{@link org.forgerock.openig.log.Logger logger} - the OpenIG logger 045 * <li>{@link Handler next} - the next handler in the filter chain. 046 * </ul> 047 * Like Java based filters, scripts are free to choose whether or not they 048 * forward the request to the next handler or, instead, return a response 049 * immediately. 050 * <p>Contains also easy access to {@code attributes} from the {@link org.forgerock.services.context.AttributesContext}, 051 * e.g: {@code attributes.user = "jackson"}, instead of {@code contexts.attributes.attributes.user = "jackson"}. 052 * <p>In the same way, it gives access to {@code session} from the {@link org.forgerock.http.session.SessionContext}, 053 * for example, you can use: {@code session.put(...)}, instead of {@code contexts.session.session.put(...)}. 054 * <p> 055 * <b>NOTE:</b> at the moment only Groovy is supported. 056 * <p><b>NOTE:</b> As of OpenIG 4.0, {@code exchange.request} and {@code exchange.response} are not set anymore. 057 */ 058public class ScriptableFilter extends AbstractScriptableHeapObject implements Filter { 059 060 @Override 061 public Promise<Response, NeverThrowsException> filter(final Context context, 062 final Request request, 063 final Handler next) { 064 // Delegates filtering to the script. 065 return runScript(bindings(context, request), next, context); 066 } 067 068 /** 069 * Creates and initializes a scriptable filter in a heap environment. 070 */ 071 public static class Heaplet extends AbstractScriptableHeaplet { 072 @Override 073 public ScriptableFilter newInstance(Script script, Heap heap) throws HeapException { 074 return new ScriptableFilter(script, heap); 075 } 076 } 077 078 ScriptableFilter(final Script compiledScript, Heap heap) { 079 super(compiledScript, heap); 080 } 081}