Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-16124

Request to expose HttpClient config parameters in ScriptCondition

    Details

    • Support Ticket IDs:

      Description

      • Description
        Request to expose HttpClient config parameters in ScriptCondition
      • Recreation Steps
        1. login to admin console
        2. select realm -> "Authorization" -> "Policy Sets" -> iPlanetAMWebAgentService -> "+Add a Policy"
        3. create a policy called "TestPolicy001" and add environment condition type "Script"
        Script Name "Scripted Policy Condition"
        4. fill in other config parameters and click "Save Changes"
        5. select realm -> "Scripts" -> "Scripted Policy Condition"

      notice script is using httpClient variable passed from ScriptCondition.
      ScriptingGuiceModule binds CloseableHttpClientProvider without any options so this provider is using all default such as pool size of 64, soTimeout 10 sec etc.

              bind(Client.class)
                      .annotatedWith(Names.named(SCRIPTING_HTTP_CLIENT_NAME))
                      .toProvider(CloseableHttpClientProvider.class).in(Scopes.SINGLETON);
      

      This causes issues on environment where backend application sits behind Firewall etc and stale connections get disconnected. It will be nice if ScriptCondition exposed parameters where timeout, pool size can be configurable.

      And call Apache's HTTP core classes directly or use ForgeRock CHF library in groovy script "Scripted Policy Condition" under "realm"-> [Scripts] menu and send request rather than using httpClient variable passed to the script. :

      import org.apache.http.client.config.RequestConfig;
      import org.apache.http.client.HttpClient;
      import org.apache.http.impl.client.HttpClientBuilder;
      import org.apache.http.HttpResponse;
      import org.apache.http.HttpEntity;
      import org.apache.http.client.methods.HttpGet;
      
      final int TIME_OUT = 1000;
      
      RequestConfig requestConfig = RequestConfig.custom()
       .setSocketTimeout(TIME_OUT)
       .setConnectTimeout(TIME_OUT).setConnectionRequestTimeout(TIME_OUT)
       .build();
      
      HttpClient httpClient = HttpClientBuilder.create()
       .setDefaultRequestConfig(requestConfig).build();
      
      HttpGet httpGet = new HttpGet();
      httpGet.setURI(new URI("http://google.com"));
      HttpResponse response = httpClient.execute(httpGet);
      int status = response.getStatusLine().getStatusCode();
      
      logger.message("User REST Call. Status: " + status + ", Body: " + response.getEntity());
      

      With the above script, you need to set the following class in whitelist.

      org.apache.http.client.config.RequestConfig
      org.apache.http.client.HttpClient
      org.apache.http.impl.client.HttpClientBuilder
      org.apache.http.HttpResponse
      org.apache.http.HttpEntity
      org.apache.http.client.methods.HttpGet
      org.apache.http.client.methods.HttpPost
      org.apache.http.client.config.RequestConfig$Builder
      org.apache.http.impl.client.InternalHttpClient
      java.net.URI
      org.apache.http.impl.execchain.HttpResponseProxy
      org.apache.http.message.BasicStatusLine
      org.apache.http.client.entity.DecompressingEntity
      

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              sachiko Sachiko Wallace
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated: