policy-condition.js revision 305fa812bf6619cb3436c8b1984210fd7f82fca7
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste * This is a Policy Condition example script. It demonstrates how to access a user's information,
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste * use that information in external HTTP calls and make a policy decision based on the outcome.
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste var countryFromUserAddress = getCountryFromUserAddress();
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste logger.message("Country retrieved from user's address: " + countryFromUserAddress);
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste logger.message("Country retrieved from user's IP: " + countryFromUserIP);
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste var countryFromResourceURI = getCountryFromResourceURI();
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste logger.message("Country retrieved from resource URI: " + countryFromResourceURI);
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste if (countryFromUserAddress === countryFromUserIP && countryFromUserAddress === countryFromResourceURI) {
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste responseAttributes.put("countryOfOrigin", list);
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste logger.message("Required parameters not found. Authorization Failed.");
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste * Use the user's address to lookup their country of residence.
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste * @returns {*} The user's country of residence.
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste var response = httpClient.get("http://maps.googleapis.com/maps/api/geocode/json?address=" +
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste for (j = 0; j < result.address_components.length; i++) {
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste if (result.address_components[i].types[0] == "country") {
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste * Use the user's IP to lookup the country from which the request originated.
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste * @returns {*} The country from which the request originated.
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste var response = httpClient.get("http://freegeoip.net/json/" + userIP, {
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste * Use the requested resource's host name to lookup the country where the resource is hosted.
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste * @returns {*} The country in which the resource is hosted.
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste response = httpClient.get("http://freegeoip.net/json/" + encodeURIComponent(resourceHost), {
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste * Retrieve and validate the variables required to make the external HTTP calls.
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste * @returns {boolean} Will be true if validation was successful.
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste var userAddressSet = identity.getAttribute("postalAddress");
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste if (userAddressSet == null || userAddressSet.isEmpty()) {
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste logger.warning("No address specified for user: " + username);
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste return false;
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste logger.warning("No environment parameters specified in the evaluation request.");
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste return false;
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste logger.warning("No IP specified in the evaluation request environment parameters.");
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste return false;
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste return false;
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste resourceHost = resourceURI.match(/^(.*:\/\/)(www\.)?([A-Za-z0-9\-\.]+)(:[0-9]+)?(.*)$/)[3];
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste logger.message("Resource host: " + resourceHost);
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste return true;
305fa812bf6619cb3436c8b1984210fd7f82fca7Jaco Jooste logger.message("User REST Call. Status: " + response.getStatusCode() + ", Body: " + response.getEntity());