<bean id="shibboleth.SPNEGO.ActivationCondition" parent="shibboleth.Conditions.Scripted" factory-method="inlineScript"
p:customObject-ref="shibboleth.HttpServletRequest">
<constructor-arg>
<value>
<![CDATA[
// This script activates SPNEGO if the client is part
// of the network 192.168.42.0/24, the user agent's
// identifier string contains the term "Kerberos",
// or the cookie "_idp_krbspnego_enabledautologin" is set to "true".
// Create logger object. (Syntax for Java 1.8/Nashorn.)
var logger = Java.type("org.slf4j.LoggerFactory").getLogger("shibboleth.SPNEGO.ActivationCondition");
// For Java 1.7 do this instead:
// importPackage(Packages.org.slf4j);
// logger = LoggerFactory.getLogger("shibboleth.SPNEGO.ActivationCondition");
// Default return value.
var activate = false;
// Make HTTPServletRequest object known as "request".
var request = custom;
// Check the client's IP address.
if (request.remoteAddr.startsWith("192.168.42.")) {
logger.debug("Activating SPNEGO for client in network 192.168.42.0/24.");
activate = true;
}
if (!activate) {
// Check the user agent's identifier string.
var identifier = request.getHeader("User-Agent");
if (identifier != null && identifier.match(/Kerberos/)) {
logger.debug("Activating SPNEGO for client with term 'Kerberos' in user agent's identifier string.");
activate = true;
}
}
if (!activate) {
// Check whether the cookie "_idp_krbspnego_enabledautologin" is set.
var cookies = request.getCookies();
for (var i = 0; i < cookies.length; i++) {
var cookie = cookies[i];
if (cookie.getName() == "_idp_krbspnego_enabledautologin" && cookie.getValue != null && cookie.getValue() == "true") {
logger.debug("Activating SPNEGO for client having cookie '_idp_krbspnego_enabledautologin' set to 'true'.");
activate = true;
}
}
}
// Return the result.
activate;
]]>
</value>
</constructor-arg>
</bean> |