Custom scripts samples
Introduction
Note that Soffid supports different scripting languages, you can configure it in the Smart engine settings screen. Soffid 4 configures the smart engine with Javascript scripting language as the default.
Additionally, in the initial configuration of the container, we can configure the SOFFID_TRUSTED_SCRIPTS environment variable to allow the use of insecure classes. You can find this information visiting the Installing IAM Console page.
Custom scripts page
The following examples of custom scripts can be run directly on the Custom script page.
These scripts can also be used in any other Soffid script component.
The scripts have been generated for the Javascript engine.
Identity scripts
Recover a user for userName
var u = serviceLocator.getUserService().findUserByUserName("admin");
out.print("User: " + u.firstName);Print some attributes
var u = serviceLocator.getUserService().findUserByUserName("test");
out.println("UserName: " + u.userName);
out.println("Name: " + u.firstName);
out.println("LastName: " + u.lastName);Print by user the email
var u = serviceLocator.getUserService().findUserByUserName("test");
out.print("Email: " + u.shortName + "@" + u.mailDomain);Print by user some additional data
llistaDadesUsuari = serviceLocator.getUserService().findUserDataByUserName("test");
for (var i=0; i<llistaDadesUsuari.size(); i++) {
var dadaUsuari = llistaDadesUsuari.get(i);
out.println("Atributs " + dadaUsuari.attribute + " = " + dadaUsuari.value);
}Recover users from a json query (Soffid 3)
llistaUsuari = serviceLocator.getUserService().findUserByJsonQuery("firstName sw \"A\" AND lastName sw \"V\" ");
for (usuari : llistaUsuari){
out.println("Usuari: " + usuari.userName);
}Recover users from a json query (Soffid 4) with AI
/** Print on screen the names of all users whose username contains the letter a
**/
var userService = serviceLocator.getService("com.soffid.iam.base.service.UserService");
var query = new com.soffid.zkdb.api.Query();
query.setFilter('userName co "a"'); // SCIM filter for username containing 'a'
var pagedResult = userService.findUsers(query);
var users = pagedResult.getResources();
if (users && users.size() > 0) {
out.println("Users whose username contains 'a':");
for (var i = 0; i < users.size(); i++) {
var user = users.get(i);
out.println(user.userName);
}
} else {
out.println("No users found with 'a' in their username.");
}Create a new identity
var newUser = new com.soffid.iam.base.api.User();
newUser.userName = "jkepler";
newUser.firstName = "Johannes";
newUser.lastName = "Kepler";
newUser.userType = "I";
newUser.primaryGroup = "world";
newUser.active = true;
serviceLocator.getUserService().create(newUser);
out.println("Created "+newUser.userName);Update an identity
var u = serviceLocator.getUserService().findUserByUserName("jkepler");
u.userType = "E";
u = serviceLocator.getUserService().update(u);
out.println("Updated "+u.userName);Delete an identity
var u = serviceLocator.getUserService().findUserByUserName("jkepler");
if (u!=null) {
serviceLocator.getUserService().delete(u);
out.println("Deleted "+u.userName);
} else {
out.println("User not found");
}Account scripts
Recover accounts of users in Soffid 3
la = serviceLocator.getAccountService().findAccountByJsonQuery("users.user.userName eq \"02\" ");
for(a:la) {
out.println("Cuenta: " + a.name);
out.println("ID: " + a.id);
out.println("System: " + a.system + "\n");
}Recover accounts of users in Soffid 4 with AI
/** search all account whose owner's userName starts with the letter 'a' and print the name of the account and the system by the screen
**/
var accountService = serviceLocator.getService("com.soffid.iam.base.service.AccountService");
var query = new com.soffid.zkdb.api.Query();
query.filter = 'users.user.userName sw "a"';
query.pageSize = 10;
query.startIndex = 0;
var pagedResult;
do {
pagedResult = accountService.findAccounts(query);
var accounts = pagedResult.resources;
for (var i = 0; i < accounts.size(); i++) {
var account = accounts.get(i);
out.println("Account: " + account.name + ", System: " + account.system);
}
query.startIndex += query.pageSize;
} while (query.startIndex < pagedResult.totalResults);Remove attribute values of a metadata in Soffid 3
public void removeUnAttributeValues(String attribute, String system) {
la = serviceLocator.getAccountService().findAccountByJsonQuery("system eq \""+system+"\"");
for (a : la) {
laa = serviceLocator.getAccountService().getAccountAttributes(a);
for (aa : laa) {
if (aa.attribute.equals(attribute)) {
if (aa.value!=null) {
out.print("accountName: "+accountName+", attribute.value: "+aa.value);
serviceLocator.getAccountService().removeAccountAttribute(aa);
out.println(" ---> removed");
}
}
}
}
}
removeUnAttributeValues("manager","AD");Role scripts
Recover roles of a user
user = serviceLocator.getUserService().findUserByUserName("Ivan");
out.println("Usuari: " + user.userName + "\n");
rolsUser = serviceLocator.getUserService().findUserRolesHierachyByUserName(user.userName);
for(listrRolsUser:rolsUser){
out.println("Nombre: " + listrRolsUser.name);
out.println("Descripcion: " + listrRolsUser.description);
out.println();
}Print the associated roles for each account
llistaUsuaris = serviceLocator.getUserService().findUserByJsonQuery("userName eq \"Ivan\" ");
for(usuari:llistaUsuaris){
llisstacuentas = serviceLocator.getAccountService().findAccountByJsonQuery("users.user.userName eq \""+usuari.userName+"\" ");
for(cuenta:llisstacuentas){
out.print(" Cuenta : " + cuenta.name);
llistaRole = serviceLocator.getApplicationService().findRoleAccountByAccount(cuenta.id);
for(role:llistaRole){
out.print(" Role: " + role.roleName + "\n");
}
}
}Print for an account the roles and applications for each of them
llistaUsuaris = serviceLocator.getUserService().findUserByJsonQuery("userName eq \"Ivan\" ");
for(usuari:llistaUsuaris){
llisstacuentas = serviceLocator.getAccountService().findAccountByJsonQuery("users.user.userName eq \""+usuari.userName+"\" ");
for(cuenta:llisstacuentas){
out.print(" Cuenta : " + cuenta.name);
out.println(" ID: " + cuenta.id);
llistaRole = serviceLocator.getApplicationService().findRoleAccountByAccount(cuenta.id);
for(role:llistaRole){
out.print(" Role: " + role.roleName + "\n");
out.println(" Aplicacion: " + role.informationSystemName);
}
}
}Print the roles associated with each account
usuCuenta = serviceLocator.getUserService().findUserByJsonQuery("");
for(listaUsuCuenta:usuCuenta) {
out.println("Usuario: " + listaUsuCuenta.userName);
out.println("Nombre: " + listaUsuCuenta.firstName);
rolsUser = serviceLocator.getUserService().findUserRolesHierachyByUserName(listaUsuCuenta.userName);
for(listaRolsUser:rolsUser){
out.println("Nombre del Rol: " + listaRolsUser.name);
out.println("Descripcion: " + listaRolsUser.description);
out.println();
}
}
}Create a new role
try {
newRol = new com.soffid.iam.api.Role();
newRol.name = "Rol_New_Script";
newRol.description = "Rol Script";
newRol.informationSystemName = "SOFFID";
newRol.system = "APLICACION01";
serviceLocator.getApplicationService().create(newRol);
} catch(Exception e){
e.printStackTrace(out);
}Update a role
editRole = serviceLocator.getApplicationService().findRoleByJsonQuery("name eq \"Rol editado por script\" and informationSystemName eq \"APLICACION01\" ");
for (role:editRole){
out.println(role.name);
role.name = "ROL01";
role = serviceLocator.getApplicationService().update(role);
out.print(role.name);
}Delete a role
try {
editRole = serviceLocator.getApplicationService().findRoleById(232734);
serviceLocator.getApplicationService().delete(editRole);
} catch(Exception e){
e.printStackTrace(out);
}List the roles of an application
list = serviceLocator.getApplicationService().findRoleByJsonQuery("informationSystemName eq \"SOFFID\"");
for (role : list) {
out.println(role.name);
}Mail scripts
Send email
import javax.mail.BodyPart;
import javax.mail.internet.MimeBodyPart;
import javax.activation.DataHandler;
import javax.activation.FileDataSource;
import java.util.ArrayList;
path = "/tmp/";
name = "file.txt";
BodyPart att = new MimeBodyPart();
att.setDataHandler(new DataHandler(new FileDataSource(path+name)));
att.setFileName(name);
to = "aretha@soffid.com";
cc = "etaylor@soffid.com";
subject = "This is an email with attachment ";
body = "In this email you can see an attachment.";
mimeBodyParts = new ArrayList();
mimeBodyParts.add(att);
serviceLocator.getMailService().sendHtmlMail(to, subject, body, mimeBodyParts);
serviceLocator.getMailService().sendHtmlMail(to, cc, subject, body, mimeBodyParts);
serviceLocator.getMailService().sendTextMailToActors(new String[]{"aretha"}, subject, body, mimeBodyParts);
serviceLocator.getMailService().sendTextMailToActors(new String[]{"aretha"}, cc, subject, body, mimeBodyParts);
out.println("Mails sent!");Event Sample scripts
On grant permission
Update a user attribute when assigning a specific permission
if (grant.roleName.equals("RS002")) {
user = serviceLocator.getUserService().findUserByUserName(grant.user);
if (user != null) {
attributes = serviceLocator.getUserService().findUserAttributes(user.userName);
if (attributes == null) {
attributes = new HashMap();
}
attributes.put("language", "Spanish");
serviceLocator.getUserService().updateUserAttributes(user.userName, attributes);
}
}On user change
Run a Python script when the user has assigned an specific role
if (user != null) {
roleGrantList = serviceLocator.getApplicationService().findEffectiveRoleGrantByUser(user.id);
for(roleGrant:roleGrantList){
if (roleGrant.roleName.equals("SOFFID_TEST")) {
// RUN SCRIPT
String command = "python3 /opt/soffid/iam-console-3/conf/exampleScript.py > /opt/soffid/iam-console-3/conf/resultscript01.txt";
Process process = Runtime.getRuntime().exec(command);
user.comments = "ADD comments";
user = serviceLocator.getUserService().update(user);
}
}
}Agent scripts
User full name
return firstName + lastName;Create mainDomain if it doesn't exit
String mailDomain = null;
if (email != void && email != null && email.contains("@")) {
String[] mailTokens = email.split("@");
mailDomain = mailTokens[1];
}
com.soffid.iam.service.MailListsService service = com.soffid.iam.ServiceLocator.instance().getMailListsService();
com.soffid.iam.api.MailDomain domain = service.findMailDomainByName(mailDomain);
if (domain==null) {
domain = new com.soffid.iam.api.MailDomain();
domain.setCode(mailDomain);
domain.setDescription(mailDomain);
domain.setObsolete(new Boolean(false));
domain = service.create(domain);
}
return mailDomain;Recover active agents
llistaAgents = serviceLocator.getDispatcherService().findAllActiveDispatchers();
for(agent:llistaAgents) {
out.println("Nom: " + agent.name);
out.println("Class Name: " + agent.className + "\n");
}Show by a user the agents that have associates
llistaUsuaris = serviceLocator.getUserService().findUserByJsonQuery("userName eq \"Ivan\" ");
for(usuari:llistaUsuaris) {
out.println("Usuario: " + usuari.userName);
llisstacuentas = serviceLocator.getAccountService().findAccountByJsonQuery("users.user.userName eq \""+usuari.userName+"\" ");
for(cuenta:llisstacuentas){
out.print(" Cuenta : " + cuenta.name);
out.println(" ID: " + cuenta.id);
llistaRole = serviceLocator.getApplicationService().findRoleAccountByAccount(cuenta.id);
for(role:llistaRole){
out.print(" Role: " + role.roleName + "\n");
out.println(" Aplicacion: " + role.informationSystemName);
out.println(" Agente: " + role.system);
}
}
}