Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


Meaning of individual script expression fields is as follows:






Language URL. Specifies the language in which the expression is written. If not specified it defaults to Groovy language.


Explicitly trace the execution of this expression. The execution will be logged on INFO level if this property is set to true to make sure that it will be visible in the logs.
Available since midPoint 3.5.



The type of the expression result, either "list" or "scalar". If not set it will be determined automatically from the target data type for the expression. This setting should be used only if the automatic mechanism does not work as expected.



Values: relative (default) or absolute. See below for more details. If not specified and allowed by the expression usage it defaults to relative mode.


If set to true (which is the default) the script will be evaluated with null value as argument when the input is changed from or to an empty value. This generally works well for most cases. It may be set to false as an optimization.



Expression code. Depends on the script language used for the expression. This is usually a string, but it also may be an XML. Please note that the code is embedded in the XML therefore proper XML escaping is required


The expressions used in midPoint are usually using variables that are set up by midPoint expression engine. For example, the following expression will evaluate to the content of the fullName property of a user (Groovy and Javascript):


Script expressions are a code that runs inside midPoint servers. As such, script expressions are incredibly powerful. But with great powers comes great responsibility. Script expressions can do a lot of useful things, but they can also do a lot of harm. There are just a few simple internal safeguards when it comes to expression evaluation. E.g. midPoint script libraries will properly enforce authorization when executing the functions. However, script languages are powerful and a clever expression can find a way around this safeguards. MidPoint is not placing expressions in a sandbox, therefore expressions are free to do almost anything. The sandbox is not enforced from complexity and performance reasons, but it may be applied in future midPoint versions if necessary. For the time being, please be very careful who can define expressions in midPoint. Do not allow any untrusted user to modify the expressions.

See Script Expression Sandboxing for more details.


The expressions are designed to be extensible and the expression language is not fixed. New expression languages may come in the future if there is a demand for them.