Coding the dynamic.attributes.js file

Edit online

Add JavaScript code to the dynamic.attributes.js file to dynamically add attributes or modify the values of attributes.

Before you begin

  • Review the Scenarios for adding and manipulating attributes.
  • Determine which attributes you want to modify and how to store them. Create a function for each one, which you will add to the dynamic.attributes.js file in the steps below.
  • Deploy context-based access.

About this task

The modifySessionAttributes and modifyBehaviorAttributes functions are the only functions called by the context-based access processing. Therefore, any function you add must be called within one of these functions in order to be executed. 

Procedure

  1. Create a JavaScript file or edit the sample dynamic.attributes.js file.
  2. Define the necessary import packages for the APIs you use. For example: 
    importPackage(com.tivoli.am.rba.extensions);
importClass(Packages.com.tivoli.am.rba.attributes.AttributeIdentifier);
  3. Use the modifySessionAttributes function to add or manipulate the session attributes. 
    function modifySessionAttributes(attributes, username, session)
  4. Add code to work with session attributes.
    1. Create an attribute identifier. For example, to use the risk score value, the following line is required: 
      var riskScoreIdentifier = new AttributeIdentifier("riskScore",
  "urn:ibm:security:subject:riskScore","Integer",
  "urn:ibm:security:issuer:RiskCalculator");
    2. Use the attribute identifier to get the value of this attribute. For example, to use the risk score, the following line is required: 
      var riskScoreValue = session.getValue(riskScoreIdentifier);
    3. Call the function you created to process the attributes. Define the function either at the beginning or at the end of the dynamic.attributes.js file.
    4. Store your attribute to session storage. For example, to store the risk score, the following line is required: 
      attributes.put(riskScoreIdentifier, riskScoreValue);
  5. Use the modifyBehaviorAttributes function to add or manipulate behavior attributes. 
    function modifyBehaviorAttributes(attributes, username, session)
  6. Add code to work with behavior attributes.
    1. Create an attribute identifier.
    2. Use the attribute identifier to get the value of this attribute.
    3. Call the function you created to process the attributes. Define the function either at the beginning or at the end of the dynamic.attributes.js file.
    4. Store your attribute to behavioral storage.
  7. Save the file.

Example

The following dynamic.attributes.js file is a sample that is available with Advanced Access Control. The code in this example JavaScript file captures the risk score. This is the only way you can save the risk score value.
/**
 * This script is executed after each request is processed by risk engine.
 * The intent is to allow users to capture attributes that don't get captured
 * automatically by the system. The attributes captured here will be stored
 * in either the session storage or the behavior storage (i.e., usage data, historical)
 * area of RBA, or both. The risk profile configuration dictates where the 
 * attributes will be stored by the system.
 * 
 * For any RBA specific API, necessary packages need to be imported as shown in this example.
 */


/**
 * Import RBA packages necessary for the script to execute.
 */
importPackage(com.tivoli.am.rba.extensions);
importClass(Packages.com.tivoli.am.rba.attributes.AttributeIdentifier);

/**
 * @param username - current user's name
 * @param attributes - java.util.Map where the 'dynamic' values need to be captured by
 *                     this javascript file.
 * @param session - object containing current values visible to incoming request context
 */
function modifySessionAttributes(attributes, username, session) {
	
	// creates an identifier with the attribute's name, URI, datatype, and the issuer
	var riskScoreIdentifier = new AttributeIdentifier("riskScore", "urn:ibm:security:subject:riskScore",
	"Integer", "urn:ibm:security:issuer:RiskCalculator");
	
	// retrieve the risk score
	var riskScoreValue = session.getValue(riskScoreIdentifier);
	
	// set the risk score to be stored as a session attribute
	attributes.put(riskScoreIdentifier, riskScoreValue);
}

/**
 * @param username - current user's name
 * @param attributes - java.util.Map where the 'dynamic' values need to be captured
 *                     by this javascript file.
 * @param session - RBA's com.tivoli.am.rba.fingerprinting.IValueContainer object
 *                  containing current values visible to incoming request context
 */
function modifyBehaviorAttributes(attributes, username, session) {
  
	// store any behavior attributes here
}

What to do next

Update and deploy the dynamic.attributes.js file.