In my previous post, I introduced our first OGNL expression and, in the process, a part of the OGNL syntax. In this post, I'll expand on that syntax.
In learning any language, it's always good to start with basic structures. By learning the syntax, you can start down the path of writing your own OGNL expressions, which is the ultimate objective of this series.
A typical OGNL expression consists of a variable and a method that allows you to get some information from that variable or perform an operation. A variable can be identified by prefixing a name with the # symbol. We saw the use of this with the #this, which is a special variable that allows to get the current context of the Mapping we are trying to do (and therefore reference its attributes).
See the complete list of articles in my OGNL series at the end of this post.
Another important part of the OGNL syntax is the comma (,) which acts like a semi-colon (;) in Java in separating different lines or blocks of code in an expression.
Let's say you need to generate a unique value based on the SAML_SUBJECT that will differ for each SSO event and place this into another attribute in the assertion that you're building. You could write an expression like the following:
#hash = #this.get("subject").toString().hashCode(), #timeStamp = new java.util.Date().getTime(), #uid = new java.util.UUID(#timeStamp, new java.lang.Integer(#hash).longValue())
In this expression, we have three lines of code and use three different variables to hold values as we step along. The results from the final line will end up being the value (its String value) that will be placed into our target attribute. The following is the explanation for each line of code (for more details on the Java classes used see the Javadocs):
We're taking the hash of the subject attribute, as a string, provided by the adapter. This is a unique integer value generated by the hashCode method.
We create a date object with the current time; we then extract the number of milliseconds as a long value.
The UUID class allows us to create a GUID-like value using two long values, so we take our timestamp value and convert the hash integer to a long value.
The expression as mapped into an attribute is shown below, in this case in an SP Connection to build an assertion.
You can paste or write it into the edit field as a multi-line expression as I show above, but once it is saved, PingFederate will reformat the expression and remove the line feeds.
Here's what the results look like when received by the application:
There's more to come on OGNL, so be sure to check back for the next post in the series. Follow me on Twitter (@jdasilvaPI) to find out when the next post comes out. In the meantime, let me know of any additional topics on OGNL you would like to see.