In this SailPoint tutorial, we will study about beanshell in SailPoint. what is beanshell? why we use it in SailPoint.
What is BeanShell?
BeanShell is scripting language. It is combination of Java + XML language. Java code is written inside XML scripting language. Anything which can be written in Java can be embedded in beanshell also. it is free and fast in execution.
BeanShell in SailPoint
BeanShell scripting language is used in SailPoint. Beanshell is used in Rules, workflow, LCM, certifications everywhere.
As SailPoint is built in Java, so here Beanshell is used to editing/creating new rules, workflow etc.
Sample Beanshell code in SailPoint
<?xml version=’1.0′ encoding=’UTF-8′?>
<!DOCTYPE Rule PUBLIC “sailpoint.dtd” “sailpoint.dtd”>
<Rule created=”1614689523774″ id=”40283a8177f2202d0177f2fed83d0155″ language=”beanshell” name=”Correlation Rule – TRAKK” type=”Correlation”>
<Description>Identity Correlation Rules are used to find identities to which new accounts can be attached.
A correlation rule must return a Map with one of the specified Return arguments.</Description>
<Signature returnType=”Map”>
<Inputs>
<Argument name=”log”>
<Description>
The log object associated with the SailPointContext.
</Description>
</Argument>
<Argument name=”context”>
<Description>
A sailpoint.api.SailPointContext object that can be used to query the database if necessary.
</Description>
</Argument>
<Argument name=”environment” type=”Map”>
<Description>
Arguments passed to the aggregation task.
</Description>
</Argument>
<Argument name=”application”>
<Description>
Application being aggregated.
</Description>
</Argument>
<Argument name=”account”>
<Description>
A sailpoint.object.ResourceObject returned from the
collector.
</Description>
</Argument>
<Argument name=”link”>
<Description>
Existing link to this account.
</Description>
</Argument>
</Inputs>
<Returns>
<Argument name=”identityName”>
<Description>
The name of an Identity object.
</Description>
</Argument>
<Argument name=”identity”>
<Description>
A fully resolved Identity object if the rule wants
to do its own queries to locate the identity.
</Description>
</Argument>
<Argument name=”identityAttributeName”>
<Description>
The name of the extended attribute that can be used
to locate an existing identity.
</Description>
</Argument>
<Argument name=”identityAttributeValue”>
<Description>
The value of the named extended attribute that can be used
to locate an existing identity. This attribute is used
together with the identityAttributeName argument.
</Description>
</Argument>
</Returns>
</Signature>
<Source>Map returnMap = new HashMap ();
// The Account Object has methods to get the “id” attribute from the the schema
String userid = account.getStringAttribute(“id”);
if (userid != null) {
// The IdentityAttributeName is what attribute we will search on
// This attribute should be indexed and available on all cubes
returnMap.put(“identityAttributeName”,”empId”);
// The actual value of the Attribute
returnMap.put(“identityAttributeValue”,userid);
}
return returnMap;
</Source>
</Rule>Explanation
In sample Beanshell program in SailPoint, as we can see that beanshell is combination of both XML and Java language. in above example java code is written inside xml.