diff --git a/components/org.wso2.carbon.identity.conditional.auth.functions.user/pom.xml b/components/org.wso2.carbon.identity.conditional.auth.functions.user/pom.xml
index 51c5a7c1..6b2bb267 100644
--- a/components/org.wso2.carbon.identity.conditional.auth.functions.user/pom.xml
+++ b/components/org.wso2.carbon.identity.conditional.auth.functions.user/pom.xml
@@ -104,6 +104,11 @@
nashorn-core
provided
+
+ org.graalvm.sdk
+ graal-sdk
+ provided
+
org.wso2.orbit.com.nimbusds
nimbus-jose-jwt
diff --git a/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/model/JsGraalWrapperFactory.java b/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/model/JsGraalWrapperFactory.java
new file mode 100644
index 00000000..898c3ea4
--- /dev/null
+++ b/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/model/JsGraalWrapperFactory.java
@@ -0,0 +1,35 @@
+/*
+ * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.conditional.auth.functions.user.model;
+
+import org.wso2.carbon.identity.application.authentication.framework.model.UserSession;
+import org.wso2.carbon.identity.conditional.auth.functions.user.model.graaljs.JsGraalUserSession;
+
+/**
+ * Factory to create a Javascript Object Wrappers for GraalJS execution.
+ * Since Nashorn is deprecated in JDK 11 and onwards. We are introducing GraalJS engine.
+ */
+public class JsGraalWrapperFactory implements JsWrapperBaseFactory {
+
+ @Override
+ public JsUserSession createJsUserSession(UserSession userSession) {
+
+ return new JsGraalUserSession(userSession);
+ }
+}
diff --git a/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/model/JsWrapperFactoryProvider.java b/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/model/JsWrapperFactoryProvider.java
index 27308c67..5536e08a 100644
--- a/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/model/JsWrapperFactoryProvider.java
+++ b/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/model/JsWrapperFactoryProvider.java
@@ -18,6 +18,8 @@
package org.wso2.carbon.identity.conditional.auth.functions.user.model;
+import org.wso2.carbon.identity.application.authentication.framework.config.model.graph.JsBaseGraphBuilderFactory;
+import org.wso2.carbon.identity.application.authentication.framework.config.model.graph.JsGraphBuilderFactory;
import org.wso2.carbon.identity.application.authentication.framework.config.model.graph.openjdk.nashorn.JsOpenJdkNashornGraphBuilderFactory;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils;
@@ -32,8 +34,11 @@ public class JsWrapperFactoryProvider {
private JsWrapperFactoryProvider() {
- if (FrameworkUtils.createJsGraphBuilderFactoryFromConfig() instanceof JsOpenJdkNashornGraphBuilderFactory) {
+ JsBaseGraphBuilderFactory jsGraphBuilderFactory = FrameworkUtils.createJsGraphBuilderFactoryFromConfig();
+ if (jsGraphBuilderFactory instanceof JsOpenJdkNashornGraphBuilderFactory) {
jsWrapperBaseFactory = new JsOpenJdkNashornWrapperFactory();
+ } else if (jsGraphBuilderFactory instanceof JsGraalWrapperFactory) {
+ jsWrapperBaseFactory = new JsGraalWrapperFactory();
} else {
jsWrapperBaseFactory = new JsWrapperFactory();
}
diff --git a/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/model/graaljs/JsGraalApplication.java b/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/model/graaljs/JsGraalApplication.java
new file mode 100644
index 00000000..8e83a88b
--- /dev/null
+++ b/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/model/graaljs/JsGraalApplication.java
@@ -0,0 +1,68 @@
+/*
+ * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.conditional.auth.functions.user.model.graaljs;
+
+import org.graalvm.polyglot.Value;
+import org.graalvm.polyglot.proxy.ProxyArray;
+import org.graalvm.polyglot.proxy.ProxyObject;
+import org.wso2.carbon.identity.application.authentication.framework.model.Application;
+import org.wso2.carbon.identity.conditional.auth.functions.user.model.JsApplication;
+
+/**
+ * Javascript wrapper for Java level Application.
+ * This provides controlled access to UserSession object via provided javascript native syntax.
+ * Also, it prevents writing an arbitrary values to the respective fields, keeping consistency on runtime
+ * AuthenticatedUser.
+ *
+ * @see Application
+ */
+public class JsGraalApplication extends JsApplication implements ProxyObject {
+
+ public JsGraalApplication(Application wrappedApplication) {
+
+ super(wrappedApplication);
+ }
+
+ @Override
+ public Object getMemberKeys() {
+
+ return ProxyArray.fromArray("subject", "appName", "appId");
+ }
+
+ @Override
+ public Object getMember(String name) {
+
+ switch (name) {
+ case "subject":
+ return getWrapped().getSubject();
+ case "appName":
+ return getWrapped().getAppName();
+ case "appId":
+ return getWrapped().getAppId();
+ default:
+ return super.getMember(name);
+ }
+ }
+
+ @Override
+ public void putMember(String key, Value value) {
+
+ // read-only object.
+ }
+}
diff --git a/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/model/graaljs/JsGraalUserAgent.java b/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/model/graaljs/JsGraalUserAgent.java
new file mode 100644
index 00000000..3eaa8e8c
--- /dev/null
+++ b/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/model/graaljs/JsGraalUserAgent.java
@@ -0,0 +1,70 @@
+/*
+ * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.conditional.auth.functions.user.model.graaljs;
+
+import org.graalvm.polyglot.Value;
+import org.graalvm.polyglot.proxy.ProxyObject;
+import org.wso2.carbon.identity.conditional.auth.functions.user.model.JsUserAgent;
+import org.wso2.carbon.identity.core.model.UserAgent;
+
+/**
+ * Javascript wrapper for Java level UserAgent.
+ * This provides controlled access to UserSession object via provided javascript native syntax.
+ * Also, it prevents writing an arbitrary values to the respective fields, keeping consistency on runtime
+ * AuthenticatedUser.
+ *
+ * @see UserAgent
+ */
+public class JsGraalUserAgent extends JsUserAgent implements ProxyObject {
+
+ public JsGraalUserAgent(UserAgent wrappedUserAgent) {
+
+ super(wrappedUserAgent);
+ }
+
+ @Override
+ public Object getMemberKeys() {
+
+ return new String[]{"rawString", "browser", "platform", "device"};
+ }
+
+ @Override
+ public void putMember(String key, Value value) {
+
+ // read-only object.
+ }
+
+ @Override
+ public Object getMember(String name) {
+
+ switch (name) {
+ case "rawString":
+ return getWrapped().getRawString();
+ case "browser":
+ return getWrapped().getBrowser();
+ case "platform":
+ return getWrapped().getPlatform();
+ case "device":
+ return getWrapped().getDevice();
+ default:
+ return super.getMember(name);
+ }
+ }
+
+}
diff --git a/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/model/graaljs/JsGraalUserSession.java b/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/model/graaljs/JsGraalUserSession.java
new file mode 100644
index 00000000..06243977
--- /dev/null
+++ b/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/model/graaljs/JsGraalUserSession.java
@@ -0,0 +1,83 @@
+/*
+ * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.conditional.auth.functions.user.model.graaljs;
+
+import org.graalvm.polyglot.Value;
+import org.graalvm.polyglot.proxy.ProxyObject;
+import org.wso2.carbon.identity.application.authentication.framework.model.UserSession;
+import org.wso2.carbon.identity.conditional.auth.functions.user.model.JsUserSession;
+import org.wso2.carbon.identity.conditional.auth.functions.user.model.nashorn.JsNashornApplication;
+import org.wso2.carbon.identity.conditional.auth.functions.user.model.nashorn.JsNashornUserAgent;
+import org.wso2.carbon.identity.core.model.UserAgent;
+
+import java.util.stream.Collectors;
+
+/**
+ * Javascript wrapper for Java level UserSession.
+ * This provides controlled access to UserSession object via provided javascript native syntax.
+ * Also it prevents writing an arbitrary values to the respective fields, keeping consistency on runtime
+ * AuthenticatedUser.
+ *
+ * @see UserSession
+ */
+public class JsGraalUserSession extends JsUserSession implements ProxyObject {
+
+ private final UserAgent userAgent;
+
+ public JsGraalUserSession(UserSession wrappedUserSession) {
+
+ super(wrappedUserSession);
+ userAgent = new UserAgent(wrappedUserSession.getUserAgent());
+ }
+
+ @Override
+ public Object getMemberKeys() {
+
+ return new String[]{"id", "createdTimestamp", "lastAccessTime", "tenantDomain", "user", "application",
+ "userAgent"};
+ }
+
+ @Override
+ public void putMember(String key, Value value) {
+
+ }
+
+ @Override
+ public Object getMember(String name) {
+
+ switch (name) {
+ case "userAgent":
+ return new JsNashornUserAgent(userAgent);
+ case "ip":
+ return getWrapped().getIp();
+ case "loginTime":
+ return getWrapped().getLoginTime();
+ case "lastAccessTime":
+ return getWrapped().getLastAccessTime();
+ case "id":
+ return getWrapped().getSessionId();
+ case "applications":
+ return getWrapped().getApplications().stream().map(JsNashornApplication::new)
+ .collect(Collectors.toList());
+ default:
+ return super.getMember(name);
+ }
+ }
+
+}
diff --git a/pom.xml b/pom.xml
index 43be0cde..1bae4865 100644
--- a/pom.xml
+++ b/pom.xml
@@ -289,6 +289,12 @@
${nashorn.core.version}
provided
+
+ org.graalvm.sdk
+ graal-sdk
+ ${graalvm.version}
+ provided
+
javax.ws.rs
jsr311-api
@@ -483,7 +489,7 @@
4.9.17
[4.6.0, 5.0.0)
[1.0.1, 2.0.0)
- 5.25.509
+ 5.25.643-SNAPSHOT
1.0.89
5.20.447
[5.14.0, 7.0.0)
@@ -533,6 +539,7 @@
[1.9.0,2.0.0)
1.4.01
15.3
+ 20.2.0
**/*Exception.java,
**/*Constants*.java,