Javascript is actually
a good thing!
Make sure it's turned on
so that pingidentity.com can work properly.
OGNL: What about those curly braces?

OGNL: What about those curly braces?
Back
July 17, 2013
John DaSilva

If you have seen more complex OGNL expressions you probably have seen the use of curly braces { } with expressions in them that seem to do wonderful things, but definitely looks nothing like Java. This is one of the more interesting and powerful features of OGNL and will take 2 or 3 posts to cover.

 

The challenge may be where to start.

 

Let's first introduce a PingFederate class that is part of the SDK and is very handy in working with OGNL:

 

org.sourceid.saml20.adapter.attribute.AttributeValue

 

 

See the complete list of articles in my OGNL series at the end of this entry.

 

This class represents the attribute object in PingFederate and when you use the following in your expression:

 

#this.get("SAML_SUBJECT")

 

 

It actually returns an instance of this type of object and if it is a single value attribute you can use the toString method as we did in the second article of this series to get the actual value. This class is very flexible and you can use it to create multi-valued attributes along with single-value attributes.

 

You can use the curly braces to create an array (we first talked about arrays last week) of objects, for example, by doing something like this:

 

{"first", "second", "third"}

 

 

This expression creates a java.util.Collection object. Combining the PingFederate class and the above code you can create an attribute that will be sent as a multi-valued attribute in the SAML assertion. The expression would look like:

 

new org.sourceid.saml20.adapter.attribute.AttributeValue({"first", "second", "third"})

 

 

The following screenshot shows the expression in PingFederate:

The resulting assertion would would look like the following in the server log:

 

<saml:Attribute Name="attribute04" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">

<saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">first</saml:AttributeValue>

<saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">second</saml:AttributeValue>

<saml:AttributeValue xsi:type="xs:string" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">third</saml:AttributeValue>

</saml:Attribute>

 

 

The following screenshot shows the result in the application:

Stay tuned for more about OGNL. In the meantime please leave a comment on this post and let me know what topics you would like to see. Follow me on Twitter: @jdasilvaPI

 

 

****************************************

 

OGNL Blog Series:

 

  1. Introduction to OGNL
  2. A simple OGNL expression
  3. Declaring variables in OGNL
  4. Method calls in OGNL
  5. Arrays in OGNL
  6. OGNL: What about those curly braces?
  7. Looping in OGNL
  8. Looping in OGNL take 2
  9. So what exactly is #this in OGNL?
  10. A continuing look at #this variable in OGNL
  11. Functions in OGNL
  12. Misc Topics in OGNL

 

John DaSilva develops training and solutions at Ping Identity.

 

Related Posts
Categories