Realm Selection Script Examples
Example 1: Querying Multiple SQL Databases
A common application of realm selection scripts is to query a database for information used to determine the realm name. If the database query fails, you can program the script to query other databases for the required information. In this example, the script defines two DataAccessor objects, each pointing to a different SQL database. It also defines AttributeFilter and RealmSelector objects.
When the script executes, it uses the AttributeFilter object to obtain the value of the Called-Station-ID attribute from the request. It uses this value as the key to look up a realm selection method name in the first SQL database. If the database record is not found, it retries the query on the second database.
The result of the database query is the name of a built-in Steel-Belted Radius Carrier realm selection method. The script then calls the RealmSelector.Execute() method to determine the realm name from the current request, which it returns as the script result.
Table 72 and Table 73 show sample data for the two databases:
Two data accessor
.genfiles are required. They are identical except for the MethodName and Connect settings.[Bootstrap]LibraryName=sqlaccessor.dllEnable=1[Settings]Connect=DSN=<dsn_name_here>;UID=<username_for_dB>;PWD=<password_for_dB>ParameterMarker=?SQL=SELECT RealmMethod FROM RealmExample1 WHERE CallStationId = @Called-Station-IdMethodName=<RealmExample1-1 | RealmExample1-2>MaxConcurrent=1ConcurrentTimeout=30ConnectTimeout=25QueryTimeout=25WaitReconnect=2MaxWaitReconnect=360PasswordFormat = 0DefaultResults = 0[Results]RealmMethod= 1/16[VariableTypes]Called-Station-ID = stringRealmMethod = stringFinally, here is the script configuration file (.jsi) for this example. For script efficiency, you can use an initialization block to define persistent API objects.
[Settings]LogLevel = 2ScriptTraceLevel = 2[Script]// Initialization blockif (!this.initialized) {filter = new AttributeFilter();accessor1 = new DataAccessor("RealmExample1-1");accessor2 = new DataAccessor("RealmExample1-2");selector = new RealmSelector();initialized = true;}else {accessor1.Clear();accessor2.Clear();}// Get the Called-Station-ID attribute from the request.var csid = filter.Get("Called-Station-ID");if (csid == null) {SbrWriteToLog("RealmExample1: Called-Station-ID attribute is null");return SCRIPT_RET_FAILURE;}accessor1.SetInputVariable("Called-Station-ID", csid);accessor2.SetInputVariable("Called-Station-ID", csid);// Try one database, then the other if the first search fails.if (accessor1.Execute() == DataAccessor.FOUND) {var method = accessor1.GetOutputVariable("RealmMethod");}else if (accessor2.Execute() == DataAccessor.FOUND) {var method = accessor2.GetOutputVariable("RealmMethod");}else {SbrWriteToLog("RealmExample1: SQL search failed for Called-Station-ID = '" + csid + "'");return SCRIPT_RET_FAILURE;}// Execute the specified realm selection method and return the result.SbrWriteToLog("RealmExample1: Executing method '" + method + "'");var realm = selector.Execute(method);return realm;[ScriptTrace]var = csidvar = methodvar = realmExample 2: Using JavaScript to Manipulate Request Attributes
In this example, an AttributeFilter object is used to obtain the User-Name attribute from the request. JavaScript string functions are used to extract the realm suffix decoration from the username. The suffix string is concatenated with the value of the Called-Station-Id attribute and is used to look up the realm name in a SQL database. The database query also returns the name of a profile to be merged with the result list upon successful authentication. The SetAuthProfile() function is called by the script to register the profile name.
This is an example database table for use with this script.
The corresponding data accessor
.genfile is:[Bootstrap]LibraryName=sqlaccessor.dllEnable=1[Settings]Connect=DSN=<dsn_name_here>;UID=<username_for_dB>;PWD=<password_for_dB>ParameterMarker=?SQL=SELECT RealmName, Profile FROM RealmExample2 WHERE KeyString = @Key-StringMethodName=RealmExample2MaxConcurrent=1ConcurrentTimeout=30ConnectTimeout=25QueryTimeout=25WaitReconnect=2MaxWaitReconnect=360PasswordFormat = 0DefaultResults = 0[Results]RealmName = 1/32Profile = 2/32[VariableTypes]RealmName = stringProfile = stringKey-String = stringThe script configuration file is as follows.
[Settings]LogLevel = 2ScriptTraceLevel = 0[Script]// Allocate API objects at first execution.if (!this.initialized) {filter = new AttributeFilter();selector = new RealmSelector();accessor = new DataAccessor("RealmExample2");}else {accessor.Clear();}// Get the realm suffix from the username attribute.var suffix = "default";var username = filter.Get("User-Name");var index = username.lastIndexOf("@");if (index >= 0) {suffix = username.substring(index + 1);}// Get the Called-Station-ID attribute from the request.var csid = filter.Get("Called-Station-ID");if (csid == null) {SbrWriteToLog("RealmExample2: Called-Station-ID attribute is null");return SCRIPT_RET_FAILURE;}// Concatenate suffix and Calling-Station-ID string to the SQL search key.accessor.SetInputVariable("Key-String", suffix + csid);// Execute the data accessor and get realm name if search succeeds.var realm;if (accessor.Execute() == DataAccessor.FOUND) {realm = accessor.GetOutputVariable("RealmName");}else {SbrWriteToLog("RealmExample2: SQL search failed for key string '" + suffix + csid + "'");return SCRIPT_RET_FAILURE;}// Set the profile to be merged after the authentication request.var profile = accessor.GetOutputVariable("Profile");selector.SetAuthProfile(profile);// Return the realm name for processing the request.return realm;[ScriptTrace]var = suffixvar = csidvar = realmvar = profile