Hi All,
I’m working on a project to use function libraries in adaptive
authentication scripts and a component to manage function
libraries(add/list/delete/edit/export/import) [1]. I have implemented a
carbon component to manage function libraries with add/list/delete and edit
features[2].
Then, I researched possible ways to include the implemented function
libraries to adaptive authentication scripts and make the functions in the
library could be used in the authentication scripts. Nashorn – (the new
default JavaScript engine for the JVM as of Java 8.)[3] has the capability
to load and evaluate additional script files quite easily with ‘load()’
function. It loads and evaluates script from a file or a URL or a script
object.
load(file path of the function library);
or
load(URL to the function library);
or
load({script:”function library script”, name:”library name”});
needs to be added on top of the authentication script.
However, directly using load function in authentication script is not a
user-friendly option. If so, the user needs to know either file path to the
needed function library, or URL or the content and the name of the function
library. Therefore, I added a new function under core functions in
adaptive authentication JS API reference[4] as “loadLocalLibrary(‘’)” . Inside that function, retrieving the relevant function
library from database and load() function evaluation is done. Then, the
user has to add “loadLocalLibrary(‘’);” on top of
the authentication script or before an usage of a function in the function
library. Hence, the user needs to know only the function library name.
Moreover, over the three options available to load and evaluate the script,
script object method is selected.
Reasons to reject the other two methods:
File path: need to write a file with the content of the loaded function
library from DB. So, file writings inside the IS cause for security issues.
URL: Need an addition REST service and having a network call is an overhead.
engine.eval(“load({name:“library name”, script:“function library
script”})”) is used inside the loadLocalLibrary(String name) core function
to evaluate the function library script.
This diagram illustrates the above described process.
If you have any other possible solutions or suggestions regarding the above
scenario, feel free to discuss.
References
[1] [IAM]Function Library for adaptive authentication
[2]https://github.com/AnuradhaSK/Function-Library-Manager
[3]https://docs.oracle.com/javase/9/nashorn/JSNUG.pdf
[4]
https://docs.wso2.com/display/IS570/Adaptive+Authentication+JS+API+Reference#AdaptiveAuthenticationJSAPIReference-Corefunctions
*Anuradha Karunarathna*
Intern-Software Engineering | WSO2,inc.
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev