In my last post, (So what exactly is #this in OGNL?) we took a look at the #this variable to see what type of object it was and then we started looking at the contents of a specific attribute that may be retrieved. We discovered that it was an instance of org.sourceid.saml20.adapter.attribute.AttributeValue
But is that all there is?
Let's continue to use the Edit and Test options we first explored in the last article.
See the complete list of articles in my OGNL series at the end of this post.
If you look at the SDK docs provided with PingFederate, you will find that AttributeValue is an object that can hold many types of things in it. We have seen it in the past hold an ArrayList object. We can explore what it holds by using the getObjectValue method in the AttributeValue class to get the object and then find its type.
So continuing with the attribute we looked at in the last article, do the following:
#this.get("username").getObjectValue().getClass().getName()
This gives us the following result:
It turns out that it is a String. ln a way that is not surprising. It's what we expected since the username is supposed to be the unique identifier for the user and there should only be one value. But what about some of the other attributes available to us in a connection? For example, context.HttpRequest looks to be an interesting attribute:
#this.get("context.HttpRequest").getObjectValue().getClass().getName()
Testing it, we get the following result:
When you try to test it you get an error that told you that you cannot test this in the editor. You will need to run it in a connection to see what it is at runtime.
By the way, this is probably what you need to do anyway because the value may differ from what you see in the editor depending on where the value is coming from. The values in the editor will always be strings, which is not always the case at runtime.
So lets take this expression and run with it:
The results of running the connection:
It's interesting that we see the object is of type org.sourceid.websso.servlet.regparam.HttpServletReqProxy. Maybe we'll explore this further in a future article.
So, in this article and the last one, I explored what is available on the IdP side of things. The same applies on the SP side, but I will leave that for you to try on your own.
The key take-away from this is that you can use Java to help you explore what type of information is available then use the Java documentation to understand what methods are available for working with those objects.
Stay tuned for more about OGNL. In the meantime please leave a comment on this post and let me know what topics you would like to see. Follow me on Twitter: @jdasilvaPI
****************************************
OGNL Blog Series:
- Introduction to OGNL
- A simple OGNL expression
- Declaring variables in OGNL
- Method calls in OGNL
- Arrays in OGNL
- OGNL: What about those curly braces?
- Looping in OGNL
- Looping in OGNL take 2
- So what exactly is #this in OGNL?
- A continuing look at #this variable in OGNL
- Functions in OGNL
- Misc Topics in OGNL
John DaSilva develops training and solutions at Ping Identity.
