From 4e6e9e2a5a8d3984ee876538530256b406fbb39f Mon Sep 17 00:00:00 2001 From: shanggeeth Date: Tue, 20 Feb 2024 23:25:15 +0530 Subject: [PATCH] Use @HostAccess.Export to export conditional authentication functions implementations. --- .../analytics/CallAnalyticsFunctionImpl.java | 2 + .../PublishToAnalyticsFunctionImpl.java | 2 + .../choreo/CallChoreoFunctionImpl.java | 2 + .../elk/CallElasticFunctionImpl.java | 2 + .../functions/http/CookieFunctionImpl.java | 3 + .../functions/http/GetCookieFunction.java | 2 + .../functions/http/GetCookieFunctionImpl.java | 115 ++++++++++++++++++ .../functions/http/HTTPGetFunctionImpl.java | 2 + .../functions/http/HTTPPostFunctionImpl.java | 2 + .../functions/http/SetCookieFunctionImpl.java | 115 ++++++++++++++++++ .../HTTPFunctionsServiceComponent.java | 13 +- .../http/CookieFunctionImplTest.java | 13 +- .../functions/jwt/decode/JwtDecodeImpl.java | 2 + .../notification/SendEmailFunctionImpl.java | 2 + .../session/function/KillSessionFunction.java | 1 + .../user/store/UserStoreFunctions.java | 2 + .../user/AssignUserRolesFunctionImpl.java | 2 + .../user/AssignUserRolesV2FunctionImpl.java | 2 + .../CheckSessionExistenceFunctionImpl.java | 2 + .../GetAssociatedLocalUserFunctionImpl.java | 2 + .../user/GetAuthenticatedAppsFuncImp.java | 2 + .../user/GetUserSessionsFunctionImpl.java | 2 + .../user/HasAnyOfTheRolesFunctionImpl.java | 2 + .../user/HasAnyOfTheRolesV2FunctionImpl.java | 2 + .../auth/functions/user/HasRoleFunction.java | 2 + .../functions/user/HasRoleFunctionImpl.java | 2 + ...yOfTheRolesAssignedToUserFunctionImpl.java | 2 + .../user/IsMemberOfAnyOfGroupsFunction.java | 1 + .../IsMemberOfAnyOfGroupsFunctionImpl.java | 2 + ...icrosoftEmailVerificationFunctionImpl.java | 2 + .../user/PromptIdentifierFunctionImpl.java | 2 + .../user/RemoveUserRolesFunctionImpl.java | 2 + .../user/RemoveUserRolesV2FunctionImpl.java | 2 + .../SetAccountAssociationToLocalUserImpl.java | 2 + .../user/TerminateUserSessionImpl.java | 2 + 35 files changed, 303 insertions(+), 14 deletions(-) create mode 100644 components/org.wso2.carbon.identity.conditional.auth.functions.http/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/http/GetCookieFunctionImpl.java create mode 100644 components/org.wso2.carbon.identity.conditional.auth.functions.http/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/http/SetCookieFunctionImpl.java diff --git a/components/org.wso2.carbon.identity.conditional.auth.functions.analytics/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/analytics/CallAnalyticsFunctionImpl.java b/components/org.wso2.carbon.identity.conditional.auth.functions.analytics/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/analytics/CallAnalyticsFunctionImpl.java index dbf7c67c..cdb91434 100644 --- a/components/org.wso2.carbon.identity.conditional.auth.functions.analytics/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/analytics/CallAnalyticsFunctionImpl.java +++ b/components/org.wso2.carbon.identity.conditional.auth.functions.analytics/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/analytics/CallAnalyticsFunctionImpl.java @@ -28,6 +28,7 @@ import org.apache.http.entity.StringEntity; import org.apache.http.impl.nio.client.CloseableHttpAsyncClient; import org.apache.http.util.EntityUtils; +import org.graalvm.polyglot.HostAccess; import org.json.simple.JSONObject; import org.json.simple.parser.JSONParser; import org.json.simple.parser.ParseException; @@ -61,6 +62,7 @@ public class CallAnalyticsFunctionImpl extends AbstractAnalyticsFunction impleme private static final String PARAM_INPUT_STREAM = "InputStream"; @Override + @HostAccess.Export public void callAnalytics(Map metadata, Map payloadData, Map eventHandlers) { diff --git a/components/org.wso2.carbon.identity.conditional.auth.functions.analytics/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/analytics/PublishToAnalyticsFunctionImpl.java b/components/org.wso2.carbon.identity.conditional.auth.functions.analytics/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/analytics/PublishToAnalyticsFunctionImpl.java index c109f61c..7e35fbff 100644 --- a/components/org.wso2.carbon.identity.conditional.auth.functions.analytics/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/analytics/PublishToAnalyticsFunctionImpl.java +++ b/components/org.wso2.carbon.identity.conditional.auth.functions.analytics/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/analytics/PublishToAnalyticsFunctionImpl.java @@ -26,6 +26,7 @@ import org.apache.http.concurrent.FutureCallback; import org.apache.http.entity.StringEntity; import org.apache.http.impl.nio.client.CloseableHttpAsyncClient; +import org.graalvm.polyglot.HostAccess; import org.json.simple.JSONObject; import org.wso2.carbon.identity.application.authentication.framework.config.model.graph.js.base.JsBaseAuthenticationContext; import org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException; @@ -49,6 +50,7 @@ public class PublishToAnalyticsFunctionImpl extends AbstractAnalyticsFunction im private static final String PARAM_INPUT_STREAM = "InputStream"; @Override + @HostAccess.Export public void publishToAnalytics(Map metadata, Map payloadData, JsBaseAuthenticationContext context) { diff --git a/components/org.wso2.carbon.identity.conditional.auth.functions.choreo/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/choreo/CallChoreoFunctionImpl.java b/components/org.wso2.carbon.identity.conditional.auth.functions.choreo/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/choreo/CallChoreoFunctionImpl.java index a71f7456..f9cc3828 100644 --- a/components/org.wso2.carbon.identity.conditional.auth.functions.choreo/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/choreo/CallChoreoFunctionImpl.java +++ b/components/org.wso2.carbon.identity.conditional.auth.functions.choreo/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/choreo/CallChoreoFunctionImpl.java @@ -34,6 +34,7 @@ import org.apache.http.impl.nio.client.CloseableHttpAsyncClient; import org.apache.http.message.BasicNameValuePair; import org.apache.http.util.EntityUtils; +import org.graalvm.polyglot.HostAccess; import org.json.simple.JSONObject; import org.wso2.carbon.identity.application.authentication.framework.AsyncProcess; import org.wso2.carbon.identity.application.authentication.framework.AsyncReturn; @@ -123,6 +124,7 @@ public CallChoreoFunctionImpl() { } @Override + @HostAccess.Export public void callChoreo(Map connectionMetaData, Map payloadData, Map eventHandlers) { diff --git a/components/org.wso2.carbon.identity.conditional.auth.functions.elk/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/elk/CallElasticFunctionImpl.java b/components/org.wso2.carbon.identity.conditional.auth.functions.elk/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/elk/CallElasticFunctionImpl.java index 0cdecbd5..c6b42b66 100644 --- a/components/org.wso2.carbon.identity.conditional.auth.functions.elk/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/elk/CallElasticFunctionImpl.java +++ b/components/org.wso2.carbon.identity.conditional.auth.functions.elk/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/elk/CallElasticFunctionImpl.java @@ -28,6 +28,7 @@ import org.apache.http.entity.StringEntity; import org.apache.http.impl.nio.client.CloseableHttpAsyncClient; import org.apache.http.util.EntityUtils; +import org.graalvm.polyglot.HostAccess; import org.json.JSONException; import org.json.JSONObject; import org.wso2.carbon.identity.application.authentication.framework.AsyncProcess; @@ -66,6 +67,7 @@ public CallElasticFunctionImpl() { } @Override + @HostAccess.Export public void callElastic(Map params, Map eventHandlers) { Map paramsMap = new HashMap<>(params); diff --git a/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/http/CookieFunctionImpl.java b/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/http/CookieFunctionImpl.java index dfd138a0..ab6f9f45 100644 --- a/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/http/CookieFunctionImpl.java +++ b/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/http/CookieFunctionImpl.java @@ -45,12 +45,14 @@ /** * Implementation of the setCookie and getCookieValue functions. */ +@Deprecated public class CookieFunctionImpl implements SetCookieFunction, GetCookieFunction { private static final Log log = LogFactory.getLog(CookieFunctionImpl.class); private static final String ENABLE_ADAPTIVE_SCRIPT_COOKIE_LEGACY_MODE = "enableAdaptiveScriptCookieLegacyMode"; @Override + @Deprecated public void setCookie(JsBaseServletResponse response, String name, Object... params) { Map properties = null; @@ -121,6 +123,7 @@ public void setCookie(JsBaseServletResponse response, String name, Object... par } @Override + @Deprecated public String getCookieValue(JsBaseServletRequest request, Object... params) { Map properties = null; diff --git a/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/http/GetCookieFunction.java b/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/http/GetCookieFunction.java index 398b6524..7bd367bb 100644 --- a/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/http/GetCookieFunction.java +++ b/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/http/GetCookieFunction.java @@ -19,6 +19,7 @@ package org.wso2.carbon.identity.conditional.auth.functions.http; +import org.graalvm.polyglot.HostAccess; import org.wso2.carbon.identity.application.authentication.framework.config.model.graph.js.base.JsBaseServletRequest; import java.util.Map; @@ -36,6 +37,7 @@ public interface GetCookieFunction { * @param params value mandatory and properties optional * @return cookieValue */ + @HostAccess.Export String getCookieValue(JsBaseServletRequest request, Object... params); } diff --git a/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/http/GetCookieFunctionImpl.java b/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/http/GetCookieFunctionImpl.java new file mode 100644 index 00000000..3241f6d7 --- /dev/null +++ b/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/http/GetCookieFunctionImpl.java @@ -0,0 +1,115 @@ +/* + * Copyright (c) 2024, WSO2 LLC. (http://www.wso2.com). + * + * WSO2 LLC. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.carbon.identity.conditional.auth.functions.http; + +import org.apache.axiom.om.util.Base64; +import org.apache.commons.io.Charsets; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.graalvm.polyglot.HostAccess; +import org.json.simple.JSONObject; +import org.json.simple.parser.JSONParser; +import org.json.simple.parser.ParseException; +import org.wso2.carbon.core.util.CryptoException; +import org.wso2.carbon.core.util.CryptoUtil; +import org.wso2.carbon.core.util.SignatureUtil; +import org.wso2.carbon.identity.application.authentication.framework.config.model.graph.js.base.JsBaseServletRequest; +import org.wso2.carbon.identity.conditional.auth.functions.http.util.HTTPConstants; + +import java.nio.charset.StandardCharsets; +import java.util.Map; +import java.util.Optional; + +import javax.servlet.http.Cookie; + +public class GetCookieFunctionImpl implements GetCookieFunction { + + private static final Log log = LogFactory.getLog(GetCookieFunctionImpl.class); + private static final String ENABLE_ADAPTIVE_SCRIPT_COOKIE_LEGACY_MODE = "enableAdaptiveScriptCookieLegacyMode"; + + @Override + @HostAccess.Export + public String getCookieValue(JsBaseServletRequest request, Object... params) { + + Map properties = null; + if (params.length == 0 || params.length > 2) { + return null; + } + if (params.length == 2) { + if (params[1] instanceof Map) { + properties = (Map) params[1]; + } + } + String name = (String) params[0]; + Cookie[] cookies = request.getWrapped().getWrapped().getCookies(); + if (cookies == null) { + return null; + } + for (Cookie cookie : cookies) { + if (name.equals(cookie.getName())) { + JSONObject cookieValueJSON; + try { + JSONParser jsonParser = new JSONParser(); + cookieValueJSON = (JSONObject) jsonParser.parse(new String(Base64.decode(cookie.getValue()), + Charsets.UTF_8)); + } catch (ParseException e) { + log.error("Error occurred when converting cookie value to JSON.", e); + return null; + } + String valueString = (String) cookieValueJSON.get(HTTPConstants.VALUE); + + if (properties != null) { + boolean validateSignature = Optional.ofNullable((Boolean) properties.get( + HTTPConstants.VALIDATE_SIGN)).orElse(false); + boolean decrypt = Optional.ofNullable((Boolean) properties.get(HTTPConstants.DECRYPT)) + .orElse(false); + if (decrypt) { + try { + if (Boolean.parseBoolean(System.getProperty(ENABLE_ADAPTIVE_SCRIPT_COOKIE_LEGACY_MODE))) { + valueString = Base64.encode(CryptoUtil.getDefaultCryptoUtil() + .base64DecodeAndDecrypt(valueString)); + } else { + valueString = new String(CryptoUtil.getDefaultCryptoUtil() + .base64DecodeAndDecrypt(valueString), StandardCharsets.UTF_8); + } + } catch (CryptoException e) { + log.error("Error occurred when decrypting the cookie value.", e); + return null; + } + } + if (validateSignature) { + byte[] signature = Base64.decode((String) cookieValueJSON.get(HTTPConstants.SIGNATURE)); + try { + boolean isValid = SignatureUtil.validateSignature(valueString, signature); + if (!isValid) { + log.error("Cookie signature didn't matched with the cookie value."); + return null; + } + } catch (Exception e) { + log.error("Error occurred when validating signature of the cookie value.", e); + return null; + } + } + } + return valueString; + } + } + return null; + } +} diff --git a/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/http/HTTPGetFunctionImpl.java b/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/http/HTTPGetFunctionImpl.java index 5d2016c3..d7dad577 100644 --- a/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/http/HTTPGetFunctionImpl.java +++ b/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/http/HTTPGetFunctionImpl.java @@ -22,6 +22,7 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.http.client.methods.HttpGet; +import org.graalvm.polyglot.HostAccess; import java.util.HashMap; import java.util.Map; @@ -41,6 +42,7 @@ public HTTPGetFunctionImpl() { } @Override + @HostAccess.Export public void httpGet(String endpointURL, Object... params) { Map eventHandlers; diff --git a/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/http/HTTPPostFunctionImpl.java b/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/http/HTTPPostFunctionImpl.java index f8becd3f..a3c0c56c 100644 --- a/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/http/HTTPPostFunctionImpl.java +++ b/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/http/HTTPPostFunctionImpl.java @@ -27,6 +27,7 @@ import org.apache.http.client.methods.HttpPost; import org.apache.http.entity.StringEntity; import org.apache.http.message.BasicNameValuePair; +import org.graalvm.polyglot.HostAccess; import org.json.simple.JSONObject; import java.nio.charset.StandardCharsets; @@ -52,6 +53,7 @@ public HTTPPostFunctionImpl() { } @Override + @HostAccess.Export public void httpPost(String endpointURL, Object... params) { Map eventHandlers; diff --git a/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/http/SetCookieFunctionImpl.java b/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/http/SetCookieFunctionImpl.java new file mode 100644 index 00000000..c7a6c25c --- /dev/null +++ b/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/http/SetCookieFunctionImpl.java @@ -0,0 +1,115 @@ +/* + * Copyright (c) 2024, WSO2 LLC. (http://www.wso2.com). + * + * WSO2 LLC. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.carbon.identity.conditional.auth.functions.http; + +import org.apache.axiom.om.util.Base64; +import org.apache.commons.io.Charsets; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.graalvm.polyglot.HostAccess; +import org.json.simple.JSONObject; +import org.wso2.carbon.core.SameSiteCookie; +import org.wso2.carbon.core.ServletCookie; +import org.wso2.carbon.core.util.CryptoException; +import org.wso2.carbon.core.util.CryptoUtil; +import org.wso2.carbon.core.util.SignatureUtil; +import org.wso2.carbon.identity.application.authentication.framework.config.model.graph.js.base.JsBaseServletResponse; +import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants; +import org.wso2.carbon.identity.conditional.auth.functions.http.util.HTTPConstants; + +import java.nio.charset.StandardCharsets; +import java.util.Map; +import java.util.Optional; + +public class SetCookieFunctionImpl implements SetCookieFunction { + + private static final Log log = LogFactory.getLog(SetCookieFunctionImpl.class); + private static final String ENABLE_ADAPTIVE_SCRIPT_COOKIE_LEGACY_MODE = "enableAdaptiveScriptCookieLegacyMode"; + + @Override + @HostAccess.Export + public void setCookie(JsBaseServletResponse response, String name, Object... params) { + + Map properties = null; + if (params.length == 0 || params.length > 2) { + return; + } + if (params.length == 2) { + if (params[1] instanceof Map) { + properties = (Map) params[1]; + } + } + + String value = (String) params[0]; + String signature = null; + if (properties != null) { + boolean sign = Optional.ofNullable((Boolean) properties.get(HTTPConstants.SIGN)).orElse(false); + boolean encrypt = Optional.ofNullable((Boolean) properties.get(HTTPConstants.ENCRYPT)).orElse(false); + if (sign) { + try { + signature = Base64.encode(SignatureUtil.doSignature(value)); + } catch (Exception e) { + log.error("Error occurred when signing the cookie value.", e); + return; + } + } + if (encrypt) { + try { + if (Boolean.parseBoolean(System.getProperty(ENABLE_ADAPTIVE_SCRIPT_COOKIE_LEGACY_MODE))) { + value = CryptoUtil.getDefaultCryptoUtil().encryptAndBase64Encode(Base64.decode(value)); + } else { + value = CryptoUtil.getDefaultCryptoUtil().encryptAndBase64Encode( + value.getBytes(StandardCharsets.UTF_8)); + } + } catch (CryptoException e) { + log.error("Error occurred when encrypting the cookie value.", e); + return; + } + } + } + JSONObject cookieValueJson = new JSONObject(); + cookieValueJson.put(HTTPConstants.VALUE, value); + cookieValueJson.put(HTTPConstants.SIGNATURE, signature); + + String cookieValue = cookieValueJson.toString(); + + cookieValue = Base64.encode((cookieValue.getBytes(Charsets.UTF_8))); + ServletCookie cookie = new ServletCookie(name, cookieValue); + if (properties != null) { + Optional.ofNullable((String) properties.get(FrameworkConstants.JSAttributes.JS_COOKIE_DOMAIN)) + .ifPresent(cookie::setDomain); + Optional.ofNullable((String) properties.get(FrameworkConstants.JSAttributes.JS_COOKIE_PATH)) + .ifPresent(cookie::setPath); + Optional.ofNullable((String) properties.get(FrameworkConstants.JSAttributes.JS_COOKIE_COMMENT)) + .ifPresent(cookie::setComment); + Optional.ofNullable((Integer) properties.get(FrameworkConstants.JSAttributes.JS_COOKIE_MAX_AGE)) + .ifPresent(cookie::setMaxAge); + Optional.ofNullable((Integer) properties.get(FrameworkConstants.JSAttributes.JS_COOKIE_VERSION)) + .ifPresent(cookie::setVersion); + Optional.ofNullable((Boolean) properties.get(FrameworkConstants.JSAttributes.JS_COOKIE_HTTP_ONLY)) + .ifPresent(cookie::setHttpOnly); + Optional.ofNullable((Boolean) properties.get(FrameworkConstants.JSAttributes.JS_COOKIE_SECURE)) + .ifPresent(cookie::setSecure); + String sameSite = (String) properties.get(FrameworkConstants.JSAttributes.JS_COOKIE_SAMESITE); + Optional.ofNullable((sameSite != null) ? SameSiteCookie.valueOf(sameSite) : null) + .ifPresent(cookie::setSameSite); + } + response.getWrapped().getWrapped().addCookie(cookie); + } +} diff --git a/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/http/internal/HTTPFunctionsServiceComponent.java b/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/http/internal/HTTPFunctionsServiceComponent.java index 2c60b636..cb4fb9de 100644 --- a/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/http/internal/HTTPFunctionsServiceComponent.java +++ b/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/http/internal/HTTPFunctionsServiceComponent.java @@ -29,13 +29,12 @@ import org.osgi.service.component.annotations.ReferenceCardinality; import org.osgi.service.component.annotations.ReferencePolicy; import org.wso2.carbon.identity.application.authentication.framework.JsFunctionRegistry; +import org.wso2.carbon.identity.conditional.auth.functions.http.GetCookieFunctionImpl; import org.wso2.carbon.identity.conditional.auth.functions.http.HTTPGetFunction; import org.wso2.carbon.identity.conditional.auth.functions.http.HTTPGetFunctionImpl; import org.wso2.carbon.identity.conditional.auth.functions.http.HTTPPostFunction; import org.wso2.carbon.identity.conditional.auth.functions.http.HTTPPostFunctionImpl; -import org.wso2.carbon.identity.conditional.auth.functions.http.CookieFunctionImpl; -import org.wso2.carbon.identity.conditional.auth.functions.http.GetCookieFunction; -import org.wso2.carbon.identity.conditional.auth.functions.http.SetCookieFunction; +import org.wso2.carbon.identity.conditional.auth.functions.http.SetCookieFunctionImpl; import org.wso2.carbon.identity.core.util.IdentityCoreInitializedEvent; /** @@ -58,12 +57,10 @@ public class HTTPFunctionsServiceComponent { @Activate protected void activate(ComponentContext ctxt) { - CookieFunctionImpl cookieFunction = new CookieFunctionImpl(); JsFunctionRegistry jsFunctionRegistry = HTTPFunctionsServiceHolder.getInstance().getJsFunctionRegistry(); - jsFunctionRegistry.register(JsFunctionRegistry.Subsystem.SEQUENCE_HANDLER, FUNC_SET_COOKIE, - (SetCookieFunction) cookieFunction::setCookie); - jsFunctionRegistry.register(JsFunctionRegistry.Subsystem.SEQUENCE_HANDLER, FUNC_GET_COOKIE_VALUE, - (GetCookieFunction) cookieFunction::getCookieValue); + jsFunctionRegistry.register(JsFunctionRegistry.Subsystem.SEQUENCE_HANDLER, FUNC_SET_COOKIE, new GetCookieFunctionImpl()); + jsFunctionRegistry.register(JsFunctionRegistry.Subsystem.SEQUENCE_HANDLER, + FUNC_GET_COOKIE_VALUE, new SetCookieFunctionImpl()); HTTPPostFunction httpPost = new HTTPPostFunctionImpl(); jsFunctionRegistry.register(JsFunctionRegistry.Subsystem.SEQUENCE_HANDLER, FUNC_HTTP_POST, httpPost); diff --git a/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/test/java/org/wso2/carbon/identity/conditional/auth/functions/http/CookieFunctionImplTest.java b/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/test/java/org/wso2/carbon/identity/conditional/auth/functions/http/CookieFunctionImplTest.java index bf8c4871..20ce7c06 100644 --- a/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/test/java/org/wso2/carbon/identity/conditional/auth/functions/http/CookieFunctionImplTest.java +++ b/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/test/java/org/wso2/carbon/identity/conditional/auth/functions/http/CookieFunctionImplTest.java @@ -69,9 +69,8 @@ public class CookieFunctionImplTest extends JsSequenceHandlerAbstractTest { protected void setUp() throws Exception { CarbonConstants.ENABLE_LEGACY_AUTHZ_RUNTIME = true; - sequenceHandlerRunner.registerJsFunction("setCookie", (SetCookieFunction) new CookieFunctionImpl()::setCookie); - sequenceHandlerRunner.registerJsFunction("getCookieValue", (GetCookieFunction) new CookieFunctionImpl() - ::getCookieValue); + sequenceHandlerRunner.registerJsFunction("setCookie", new SetCookieFunctionImpl()); + sequenceHandlerRunner.registerJsFunction("getCookieValue", new GetCookieFunctionImpl()); DefaultCryptoService defaultCryptoService = new DefaultCryptoService(); defaultCryptoService.registerInternalCryptoProvider(new SimpleCryptoProviderTest()); CarbonCoreDataHolder.getInstance().setCryptoService(defaultCryptoService); @@ -168,7 +167,9 @@ public Object[][] getCookieValues() { private void internalTestSetAndGetCookieValues(String inputCookieValue, boolean shouldEncrypt, boolean shouldDecrypt, boolean shouldSign) throws JsTestException { - CookieFunctionImpl cookieFunction = new CookieFunctionImpl(); + GetCookieFunctionImpl getCookieFunction = new GetCookieFunctionImpl(); + SetCookieFunctionImpl setCookieFunction = new SetCookieFunctionImpl(); + String name = "test"; HttpServletResponse resp = sequenceHandlerRunner.createHttpServletResponse(); @@ -177,7 +178,7 @@ private void internalTestSetAndGetCookieValues(String inputCookieValue, boolean setCookieParams.put(HTTPConstants.ENCRYPT, shouldEncrypt); setCookieParams.put(HTTPConstants.SIGN, shouldSign); // Set the Cookie value. - cookieFunction.setCookie(jsServletResponse, name, inputCookieValue, setCookieParams); + setCookieFunction.setCookie(jsServletResponse, name, inputCookieValue, setCookieParams); // Get the cookie value that added to the response when setCookie method value is called. ArgumentCaptor argumentCaptor = ArgumentCaptor.forClass(Cookie.class); @@ -191,7 +192,7 @@ private void internalTestSetAndGetCookieValues(String inputCookieValue, boolean Map getCookieParams = new HashMap<>(); getCookieParams.put(HTTPConstants.DECRYPT, shouldDecrypt); // Get the cookie value - String value = cookieFunction.getCookieValue(jsServletRequest, name, getCookieParams ); + String value = getCookieFunction.getCookieValue(jsServletRequest, name, getCookieParams ); Assert.assertEquals(value, inputCookieValue); } diff --git a/components/org.wso2.carbon.identity.conditional.auth.functions.jwt.decode/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/jwt/decode/JwtDecodeImpl.java b/components/org.wso2.carbon.identity.conditional.auth.functions.jwt.decode/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/jwt/decode/JwtDecodeImpl.java index c2a59400..fbf7fd48 100644 --- a/components/org.wso2.carbon.identity.conditional.auth.functions.jwt.decode/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/jwt/decode/JwtDecodeImpl.java +++ b/components/org.wso2.carbon.identity.conditional.auth.functions.jwt.decode/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/jwt/decode/JwtDecodeImpl.java @@ -22,6 +22,7 @@ import net.minidev.json.JSONObject; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.graalvm.polyglot.HostAccess; import org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException; import java.text.ParseException; @@ -42,6 +43,7 @@ public class JwtDecodeImpl implements JwtDecode { * @throws FrameworkException */ @Override + @HostAccess.Export public String getValueFromDecodedAssertion(String clientAssertion, String parameterName, boolean isParameterInPayload) throws FrameworkException { diff --git a/components/org.wso2.carbon.identity.conditional.auth.functions.notification/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/notification/SendEmailFunctionImpl.java b/components/org.wso2.carbon.identity.conditional.auth.functions.notification/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/notification/SendEmailFunctionImpl.java index 6358c0b6..626db466 100644 --- a/components/org.wso2.carbon.identity.conditional.auth.functions.notification/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/notification/SendEmailFunctionImpl.java +++ b/components/org.wso2.carbon.identity.conditional.auth.functions.notification/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/notification/SendEmailFunctionImpl.java @@ -20,6 +20,7 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.graalvm.polyglot.HostAccess; import org.wso2.carbon.identity.application.authentication.framework.config.model.graph.js.base.JsBaseAuthenticatedUser; import org.wso2.carbon.identity.conditional.auth.functions.notification.internal.NotificationFunctionServiceHolder; import org.wso2.carbon.identity.event.IdentityEventConstants; @@ -40,6 +41,7 @@ public class SendEmailFunctionImpl implements SendEmailFunction { private static final Log LOG = LogFactory.getLog(SendEmailFunctionImpl.class); @Override + @HostAccess.Export public boolean sendMail(JsBaseAuthenticatedUser user, String templateId, Map paramMap) { String eventName = IdentityEventConstants.Event.TRIGGER_NOTIFICATION; diff --git a/components/org.wso2.carbon.identity.conditional.auth.functions.session/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/session/function/KillSessionFunction.java b/components/org.wso2.carbon.identity.conditional.auth.functions.session/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/session/function/KillSessionFunction.java index 3af4904e..283d8d4d 100644 --- a/components/org.wso2.carbon.identity.conditional.auth.functions.session/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/session/function/KillSessionFunction.java +++ b/components/org.wso2.carbon.identity.conditional.auth.functions.session/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/session/function/KillSessionFunction.java @@ -20,6 +20,7 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.graalvm.polyglot.HostAccess; import org.wso2.carbon.identity.application.authentication.framework.config.model.graph.js.base.JsBaseAuthenticationContext; import org.wso2.carbon.identity.application.authentication.framework.services.SessionManagementService; import org.wso2.carbon.identity.conditional.auth.functions.session.util.SessionValidationConstants; diff --git a/components/org.wso2.carbon.identity.conditional.auth.functions.user.store/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/store/UserStoreFunctions.java b/components/org.wso2.carbon.identity.conditional.auth.functions.user.store/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/store/UserStoreFunctions.java index 689b5a3e..554485da 100644 --- a/components/org.wso2.carbon.identity.conditional.auth.functions.user.store/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/store/UserStoreFunctions.java +++ b/components/org.wso2.carbon.identity.conditional.auth.functions.user.store/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/store/UserStoreFunctions.java @@ -20,6 +20,7 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.graalvm.polyglot.HostAccess; import org.wso2.carbon.CarbonConstants; import org.wso2.carbon.identity.application.authentication.framework.config.model.graph.JsWrapperFactoryProvider; import org.wso2.carbon.identity.application.authentication.framework.config.model.graph.js.JsAuthenticatedUser; @@ -47,6 +48,7 @@ public class UserStoreFunctions implements GetUserWithClaimValues { private static final Log LOG = LogFactory.getLog(UserStoreFunctions.class); + @HostAccess.Export public JsAuthenticatedUser getUniqueUserWithClaimValues(Map claimMap, JsBaseAuthenticationContext context, String... parameters) throws FrameworkException { diff --git a/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/AssignUserRolesFunctionImpl.java b/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/AssignUserRolesFunctionImpl.java index 7f9b912e..171fda82 100644 --- a/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/AssignUserRolesFunctionImpl.java +++ b/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/AssignUserRolesFunctionImpl.java @@ -20,6 +20,7 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.graalvm.polyglot.HostAccess; import org.wso2.carbon.identity.application.authentication.framework.config.model.graph.js.base.JsBaseAuthenticatedUser; import org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException; import org.wso2.carbon.user.core.UserRealm; @@ -44,6 +45,7 @@ public class AssignUserRolesFunctionImpl implements AssignUserRolesFunction { * @return true If the role assigning is successfully completed. false for any other case. */ @Override + @HostAccess.Export public boolean assignUserRoles(JsBaseAuthenticatedUser user, List assigningRoles) { if (user == null) { diff --git a/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/AssignUserRolesV2FunctionImpl.java b/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/AssignUserRolesV2FunctionImpl.java index d8051737..7eda624c 100644 --- a/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/AssignUserRolesV2FunctionImpl.java +++ b/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/AssignUserRolesV2FunctionImpl.java @@ -20,6 +20,7 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.graalvm.polyglot.HostAccess; import org.wso2.carbon.identity.application.authentication.framework.config.model.graph.js.base.JsBaseAuthenticationContext; import org.wso2.carbon.identity.application.authentication.framework.exception.UserIdNotFoundException; import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser; @@ -46,6 +47,7 @@ public class AssignUserRolesV2FunctionImpl implements AssignUserRolesV2Function private static final Log LOG = LogFactory.getLog(AssignUserRolesV2FunctionImpl.class); @Override + @HostAccess.Export public boolean assignUserRolesV2(JsBaseAuthenticationContext context, List roleListToAssign) { if (roleListToAssign == null || roleListToAssign.isEmpty()) { diff --git a/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/CheckSessionExistenceFunctionImpl.java b/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/CheckSessionExistenceFunctionImpl.java index ed4d5fb6..87f5437d 100644 --- a/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/CheckSessionExistenceFunctionImpl.java +++ b/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/CheckSessionExistenceFunctionImpl.java @@ -19,6 +19,7 @@ package org.wso2.carbon.identity.conditional.auth.functions.user; import org.apache.commons.collections.MapUtils; +import org.graalvm.polyglot.HostAccess; import org.wso2.carbon.identity.application.authentication.framework.config.model.AuthenticatorConfig; import org.wso2.carbon.identity.application.authentication.framework.config.model.StepConfig; import org.wso2.carbon.identity.application.authentication.framework.config.model.graph.js.base.JsBaseAuthenticationContext; @@ -30,6 +31,7 @@ public class CheckSessionExistenceFunctionImpl implements CheckSessionExistenceFunction { @Override + @HostAccess.Export public boolean checkSessionExistence(int step, JsBaseAuthenticationContext context) { StepConfig stepConfig = context.getWrapped() diff --git a/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/GetAssociatedLocalUserFunctionImpl.java b/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/GetAssociatedLocalUserFunctionImpl.java index beb388c6..0d527fa6 100644 --- a/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/GetAssociatedLocalUserFunctionImpl.java +++ b/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/GetAssociatedLocalUserFunctionImpl.java @@ -22,6 +22,7 @@ import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.graalvm.polyglot.HostAccess; import org.wso2.carbon.identity.application.authentication.framework.config.model.graph.JsWrapperFactoryProvider; import org.wso2.carbon.identity.application.authentication.framework.config.model.graph.js.JsAuthenticatedUser; import org.wso2.carbon.identity.application.authentication.framework.config.model.graph.js.base.JsBaseAuthenticatedUser; @@ -39,6 +40,7 @@ public class GetAssociatedLocalUserFunctionImpl implements GetAssociatedLocalUse private static final Log LOG = LogFactory.getLog(GetAssociatedLocalUserFunctionImpl.class); @Override + @HostAccess.Export public JsAuthenticatedUser getAssociatedLocalUser(JsBaseAuthenticatedUser federatedUser) { if (!federatedUser.getWrapped().isFederatedUser()) { diff --git a/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/GetAuthenticatedAppsFuncImp.java b/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/GetAuthenticatedAppsFuncImp.java index e6e24e7b..c50d8ea6 100644 --- a/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/GetAuthenticatedAppsFuncImp.java +++ b/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/GetAuthenticatedAppsFuncImp.java @@ -20,6 +20,7 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.graalvm.polyglot.HostAccess; import org.wso2.carbon.identity.application.authentication.framework.config.model.graph.js.base.JsBaseAuthenticationContext; import org.wso2.carbon.identity.application.authentication.framework.exception.session.mgt.SessionManagementException; import org.wso2.carbon.identity.application.authentication.framework.model.UserSession; @@ -45,6 +46,7 @@ public class GetAuthenticatedAppsFuncImp implements GetAuthenticatedApplications * @return List of already authenticated applications of the given session. */ @Override + @HostAccess.Export public List getAuthenticatedApplications(JsBaseAuthenticationContext context) { String sessionContextKey = context.getWrapped().getSessionIdentifier(); diff --git a/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/GetUserSessionsFunctionImpl.java b/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/GetUserSessionsFunctionImpl.java index 457d047a..8214ecd6 100644 --- a/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/GetUserSessionsFunctionImpl.java +++ b/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/GetUserSessionsFunctionImpl.java @@ -20,6 +20,7 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.graalvm.polyglot.HostAccess; import org.wso2.carbon.identity.application.authentication.framework.config.model.graph.js.base.JsBaseAuthenticatedUser; import org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException; import org.wso2.carbon.identity.application.authentication.framework.exception.UserIdNotFoundException; @@ -43,6 +44,7 @@ public class GetUserSessionsFunctionImpl implements GetUserSessionsFunction { private static final Log LOG = LogFactory.getLog(GetUserSessionsFunctionImpl.class); @Override + @HostAccess.Export public List getUserSessions(JsBaseAuthenticatedUser user) { List sessionsForUser = null; diff --git a/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/HasAnyOfTheRolesFunctionImpl.java b/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/HasAnyOfTheRolesFunctionImpl.java index 6f7e0fbe..e741123a 100644 --- a/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/HasAnyOfTheRolesFunctionImpl.java +++ b/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/HasAnyOfTheRolesFunctionImpl.java @@ -20,6 +20,7 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.graalvm.polyglot.HostAccess; import org.wso2.carbon.identity.application.authentication.framework.config.model.graph.js.base.JsBaseAuthenticatedUser; import org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException; import org.wso2.carbon.user.core.UserRealm; @@ -37,6 +38,7 @@ public class HasAnyOfTheRolesFunctionImpl implements HasAnyOfTheRolesFunction { private static final Log LOG = LogFactory.getLog(HasAnyOfTheRolesFunctionImpl.class); @Override + @HostAccess.Export public boolean hasAnyOfTheRoles(JsBaseAuthenticatedUser user, List roleNames) { boolean result = false; diff --git a/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/HasAnyOfTheRolesV2FunctionImpl.java b/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/HasAnyOfTheRolesV2FunctionImpl.java index 5f2f8496..13995dc2 100644 --- a/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/HasAnyOfTheRolesV2FunctionImpl.java +++ b/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/HasAnyOfTheRolesV2FunctionImpl.java @@ -20,6 +20,7 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.graalvm.polyglot.HostAccess; import org.wso2.carbon.identity.application.authentication.framework.config.model.graph.js.base.JsBaseAuthenticationContext; import org.wso2.carbon.identity.application.authentication.framework.exception.UserIdNotFoundException; import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser; @@ -56,6 +57,7 @@ public class HasAnyOfTheRolesV2FunctionImpl implements HasAnyOfTheRolesV2Functio private static final Log LOG = LogFactory.getLog(HasAnyOfTheRolesV2FunctionImpl.class); @Override + @HostAccess.Export public boolean hasAnyOfTheRolesV2(JsBaseAuthenticationContext context, List roleNames) { if (roleNames == null || roleNames.isEmpty()) { diff --git a/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/HasRoleFunction.java b/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/HasRoleFunction.java index 0b73a9e0..c980c0c9 100644 --- a/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/HasRoleFunction.java +++ b/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/HasRoleFunction.java @@ -18,6 +18,7 @@ package org.wso2.carbon.identity.conditional.auth.functions.user; +import org.graalvm.polyglot.HostAccess; import org.wso2.carbon.identity.application.authentication.framework.config.model.graph.js.base.JsBaseAuthenticatedUser; /** @@ -37,5 +38,6 @@ public interface HasRoleFunction { * @param roleName Role to be checked * @return true if the user has the given role. false for any other case. */ + @HostAccess.Export boolean hasRole(JsBaseAuthenticatedUser user, String roleName); } diff --git a/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/HasRoleFunctionImpl.java b/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/HasRoleFunctionImpl.java index a4925b58..e9f3183c 100644 --- a/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/HasRoleFunctionImpl.java +++ b/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/HasRoleFunctionImpl.java @@ -20,6 +20,7 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.graalvm.polyglot.HostAccess; import org.wso2.carbon.identity.application.authentication.framework.config.model.graph.js.base.JsBaseAuthenticatedUser; import org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException; import org.wso2.carbon.user.core.UserRealm; @@ -39,6 +40,7 @@ public class HasRoleFunctionImpl implements HasRoleFunction { private static final Log LOG = LogFactory.getLog(HasRoleFunctionImpl.class); @Override + @HostAccess.Export public boolean hasRole(JsBaseAuthenticatedUser user, String roleName) { boolean result = false; diff --git a/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/IsAnyOfTheRolesAssignedToUserFunctionImpl.java b/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/IsAnyOfTheRolesAssignedToUserFunctionImpl.java index da7b161d..a7aed7c8 100644 --- a/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/IsAnyOfTheRolesAssignedToUserFunctionImpl.java +++ b/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/IsAnyOfTheRolesAssignedToUserFunctionImpl.java @@ -20,6 +20,7 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.graalvm.polyglot.HostAccess; import org.wso2.carbon.identity.application.authentication.framework.config.model.graph.js.base.JsBaseAuthenticatedUser; import org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException; import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser; @@ -41,6 +42,7 @@ public class IsAnyOfTheRolesAssignedToUserFunctionImpl implements IsAnyOfTheRole private final static String DEFAULT_FILTER = "*"; @Override + @HostAccess.Export public boolean IsAnyOfTheRolesAssignedToUser(JsBaseAuthenticatedUser user, List roleNames) { boolean result = false; diff --git a/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/IsMemberOfAnyOfGroupsFunction.java b/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/IsMemberOfAnyOfGroupsFunction.java index 36a2ab24..a2cbbdaf 100644 --- a/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/IsMemberOfAnyOfGroupsFunction.java +++ b/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/IsMemberOfAnyOfGroupsFunction.java @@ -18,6 +18,7 @@ package org.wso2.carbon.identity.conditional.auth.functions.user; +import org.graalvm.polyglot.HostAccess; import org.wso2.carbon.identity.application.authentication.framework.config.model.graph.js.base.JsBaseAuthenticatedUser; import java.util.List; diff --git a/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/IsMemberOfAnyOfGroupsFunctionImpl.java b/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/IsMemberOfAnyOfGroupsFunctionImpl.java index 6377591b..5aa0c6e3 100644 --- a/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/IsMemberOfAnyOfGroupsFunctionImpl.java +++ b/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/IsMemberOfAnyOfGroupsFunctionImpl.java @@ -22,6 +22,7 @@ import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.graalvm.polyglot.HostAccess; import org.wso2.carbon.identity.application.authentication.framework.config.model.ExternalIdPConfig; import org.wso2.carbon.identity.application.authentication.framework.config.model.graph.js.base.JsBaseAuthenticatedUser; import org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException; @@ -52,6 +53,7 @@ public class IsMemberOfAnyOfGroupsFunctionImpl implements IsMemberOfAnyOfGroupsF private static final String GROUPS_LOCAL_CLAIM = "http://wso2.org/claims/groups"; @Override + @HostAccess.Export public boolean isMemberOfAnyOfGroups(JsBaseAuthenticatedUser user, List groupNames) { boolean result = false; diff --git a/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/MicrosoftEmailVerificationFunctionImpl.java b/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/MicrosoftEmailVerificationFunctionImpl.java index d8a2eb2b..1d8442d3 100644 --- a/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/MicrosoftEmailVerificationFunctionImpl.java +++ b/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/MicrosoftEmailVerificationFunctionImpl.java @@ -22,6 +22,7 @@ import org.apache.commons.codec.binary.Base64; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.graalvm.polyglot.HostAccess; import org.wso2.carbon.identity.application.authentication.framework.config.model.graph.js.base.JsBaseAuthenticationContext; import java.text.ParseException; @@ -45,6 +46,7 @@ public class MicrosoftEmailVerificationFunctionImpl implements MicrosoftEmailVer "https://login.microsoftonline.com/9188040d-6c67-4c5b-b112-36a304b66dad/v2.0"; @Override + @HostAccess.Export public boolean checkMicrosoftEmailVerification(JsBaseAuthenticationContext context) { if (context.getWrapped().getParameter(ID_TOKEN) == null) { diff --git a/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/PromptIdentifierFunctionImpl.java b/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/PromptIdentifierFunctionImpl.java index 90fe4fcf..bb03319f 100644 --- a/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/PromptIdentifierFunctionImpl.java +++ b/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/PromptIdentifierFunctionImpl.java @@ -18,6 +18,7 @@ package org.wso2.carbon.identity.conditional.auth.functions.user; +import org.graalvm.polyglot.HostAccess; import org.wso2.carbon.identity.application.authentication.framework.config.model.graph.JsGraphBuilder; import org.wso2.carbon.identity.application.authentication.framework.config.model.graph.SerializableJsFunction; import org.wso2.carbon.identity.application.authentication.framework.config.model.graph.ShowPromptNode; @@ -33,6 +34,7 @@ public class PromptIdentifierFunctionImpl implements PromptIdentifierFunction { public static final String STEP_PARAM = "step"; @Override + @HostAccess.Export public void promptIdentifier(int step, Object... parameters) { Map validators; diff --git a/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/RemoveUserRolesFunctionImpl.java b/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/RemoveUserRolesFunctionImpl.java index 4f7c8464..79459bfd 100644 --- a/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/RemoveUserRolesFunctionImpl.java +++ b/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/RemoveUserRolesFunctionImpl.java @@ -20,6 +20,7 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.graalvm.polyglot.HostAccess; import org.wso2.carbon.identity.application.authentication.framework.config.model.graph.js.base.JsBaseAuthenticatedUser; import org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException; import org.wso2.carbon.user.core.UserRealm; @@ -44,6 +45,7 @@ public class RemoveUserRolesFunctionImpl implements RemoveUserRolesFunction { * @return true If the role assigning is successfully completed. false for any other case. */ @Override + @HostAccess.Export public boolean removeUserRoles(JsBaseAuthenticatedUser user, List removingRoles) { if (user == null) { diff --git a/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/RemoveUserRolesV2FunctionImpl.java b/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/RemoveUserRolesV2FunctionImpl.java index 03d08f9f..806abdac 100644 --- a/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/RemoveUserRolesV2FunctionImpl.java +++ b/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/RemoveUserRolesV2FunctionImpl.java @@ -20,6 +20,7 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.graalvm.polyglot.HostAccess; import org.wso2.carbon.identity.application.authentication.framework.config.model.graph.js.base.JsBaseAuthenticationContext; import org.wso2.carbon.identity.application.authentication.framework.exception.UserIdNotFoundException; import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser; @@ -46,6 +47,7 @@ public class RemoveUserRolesV2FunctionImpl implements RemoveUserRolesV2Function private static final Log LOG = LogFactory.getLog(RemoveUserRolesV2FunctionImpl.class); @Override + @HostAccess.Export public boolean removeUserRolesV2(JsBaseAuthenticationContext context, List roleListToRemove) { if (roleListToRemove == null || roleListToRemove.isEmpty()) { diff --git a/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/SetAccountAssociationToLocalUserImpl.java b/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/SetAccountAssociationToLocalUserImpl.java index 29a691d7..ab2d5a60 100644 --- a/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/SetAccountAssociationToLocalUserImpl.java +++ b/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/SetAccountAssociationToLocalUserImpl.java @@ -21,6 +21,7 @@ import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.graalvm.polyglot.HostAccess; import org.wso2.carbon.identity.application.authentication.framework.config.model.graph.js.base.JsBaseAuthenticatedUser; import org.wso2.carbon.identity.core.util.IdentityTenantUtil; import org.wso2.carbon.identity.user.profile.mgt.UserProfileException; @@ -34,6 +35,7 @@ public class SetAccountAssociationToLocalUserImpl implements SetAccountAssociati private static final Log log = LogFactory.getLog(SetAccountAssociationToLocalUserImpl.class); @Override + @HostAccess.Export public boolean doAssociationWithLocalUser(JsBaseAuthenticatedUser federatedUser, String username, String tenantDomain, String userStoreDomainName) { diff --git a/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/TerminateUserSessionImpl.java b/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/TerminateUserSessionImpl.java index f9d942cc..44a8b6d1 100644 --- a/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/TerminateUserSessionImpl.java +++ b/components/org.wso2.carbon.identity.conditional.auth.functions.user/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/user/TerminateUserSessionImpl.java @@ -20,6 +20,7 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.graalvm.polyglot.HostAccess; import org.wso2.carbon.identity.application.authentication.framework.config.model.graph.js.base.JsBaseAuthenticatedUser; import org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException; import org.wso2.carbon.identity.application.authentication.framework.exception.UserIdNotFoundException; @@ -37,6 +38,7 @@ public class TerminateUserSessionImpl implements TerminateUserSession { private static final Log LOG = LogFactory.getLog(TerminateUserSession.class); @Override + @HostAccess.Export public boolean terminateUserSession(JsBaseAuthenticatedUser user, String sessionId) { try {