ScriptedPredicate

The predicate bean named shibboleth.Conditions.Scripted executes a JSR-223 scriptlet against a ProfileRequestContext to produce a true/false result.

Configuration

A Scripted Predicate is instantiated using one of two static factory methods (rather than created directly by invoking a Java constructor), so they have a different syntax in Spring. You can refer to the javadoc for complete details.

If provided with one parameter, this is the script to be executed. If two parameters are the provided, then the first is the name of the (installed) JSR-223 lanuage and the second is the script.

<bean id="MyCondition" parent="shibboleth.Conditions.Scripted" factory-method="inlineScript"
		p:customObject-ref="MyCustomObject" p:hideExceptions="true">
    <constructor-arg>
        <value>
        <![CDATA[
			// Your script here
			true;
         ]]>
        </value>
    </constructor-arg>
</bean>

If provided with one parameter this is the location (usually the file name) of the resource (file) containing the script. If two parameters are provided, the the first is the name of the (installed) JSR-223 lanuage and the second is the location.

<bean id="MyCondition" parent="shibboleth.Conditions.Scripted" factory-method="resourceScript"
  c:_0="javascript"
  c:_1="%{idp.home}/conf/script.js" />

Alternative Input Types

Most of the conditions used in the IdP configuration tend to be of the signature Predicate<ProfileRequestContext>, which this bean provides. In some unusual cases, a different input type is used. In such cases, this bean can’t be used, but a Java class that is higher up in the class hierarchy can be substituted instead, net.shibboleth.shared.logic.ScriptedPredicate

Using this class is essentially the same as using the parent bean except that the bean declaration contains this:

<bean id="example" class="net.shibboleth.shared.logic.ScriptedPredicate">

instead of:

In addition, adding the property named “inputType” and setting it to a specific class type expected as input will constrain the class and raise an error if an unexpected type is passed into the script.

Reference

The following additional bean properties are available:

Name	Type	Default	Description

Name	Type	Default	Description
customObject	Bean/Reference		An object to make available to the script via a variable named `custom`
returnOnError	boolean	false	What to return if the script fails
hideExceptions	boolean	false	If true, then the `returnOnError` value is returned if the script raises an exception, otherwise the exception is passed out

The script environment will have two variables populated:

input - the ProfileRequestContext being evaluated
custom - the object set via the customObject property, if any