Search in sources :

Example 1 with AuthSvcInternalApiClientIterator

use of com.emc.storageos.security.authentication.AuthSvcInternalApiClientIterator in project coprhd-controller by CoprHD.

the class Validator method isUsableAuthenticationProvider.

/**
 * Sends an internal api call to authsvc to validate authentication provider
 * basic connectivity parameters
 *
 * @param param has the basic connectivity parameters
 * @param errorString will be set to an error message if the validation fails
 * @return true if validation succeeded. False otherwise.
 */
public static boolean isUsableAuthenticationProvider(AuthnProviderParamsToValidate param, StringBuilder errorString) {
    String endpoint = null;
    int attempts = 0;
    while (attempts < _MAX_VALIDATION_RETRIES) {
        _log.debug("Validation attempt {}", ++attempts);
        AuthSvcInternalApiClientIterator authSvcClientItr = new AuthSvcInternalApiClientIterator(_authSvcEndPointLocator, _coordinator);
        try {
            if (authSvcClientItr.hasNext()) {
                endpoint = authSvcClientItr.peek().toString();
                _log.info("isAuthenticationProvider(): {}", endpoint);
                final ClientResponse response = authSvcClientItr.post(URI.create(_URI_VALIDATE_AUTHNPROVIDER.toString()), param);
                final int status = response.getStatus();
                String errorRaw = response.getEntity(String.class);
                _log.debug("Status: {}", status);
                _log.debug("Response entity: {}", errorRaw);
                if (status == ClientResponse.Status.OK.getStatusCode()) {
                    return true;
                } else if (status == ClientResponse.Status.BAD_REQUEST.getStatusCode()) {
                    errorString.append(errorRaw);
                    return false;
                } else {
                    _log.info("Unexpected response code {}.", status);
                }
            }
        } catch (Exception e) {
            _log.info("Exception connecting to {}. ", endpoint, e);
        }
    }
    return false;
}
Also used : ClientResponse(com.sun.jersey.api.client.ClientResponse) AuthSvcInternalApiClientIterator(com.emc.storageos.security.authentication.AuthSvcInternalApiClientIterator) APIException(com.emc.storageos.svcs.errorhandling.resources.APIException) InternalServerErrorException(com.emc.storageos.svcs.errorhandling.resources.InternalServerErrorException) FatalSecurityException(com.emc.storageos.security.exceptions.FatalSecurityException) SecurityException(com.emc.storageos.security.exceptions.SecurityException) UnsupportedEncodingException(java.io.UnsupportedEncodingException)

Example 2 with AuthSvcInternalApiClientIterator

use of com.emc.storageos.security.authentication.AuthSvcInternalApiClientIterator in project coprhd-controller by CoprHD.

the class APINotifier method notifyChangeToAuthsvc.

/**
 * Call the internode URI on all authSvc endpoints to reload
 */
public void notifyChangeToAuthsvc() {
    try {
        AuthSvcInternalApiClientIterator authSvcItr = new AuthSvcInternalApiClientIterator(_authSvcEndPointLocator, _coordinator);
        while (authSvcItr.hasNext()) {
            String endpoint = authSvcItr.peek().toString();
            _log.info("sending request to endpoint: " + endpoint);
            try {
                ClientResponse response = authSvcItr.post(_URI_AUTH_RELOAD, null);
                if (response.getStatus() != ClientResponse.Status.OK.getStatusCode()) {
                    _log.error("Failed to reload authN providers on endpoint {} response {}", endpoint, response.toString());
                }
            } catch (Exception e) {
                _log.error("Caught exception trying to reload an authsvc on {} continuing", endpoint, e);
            }
        }
    } catch (CoordinatorException e) {
        _log.error("Caught coordinator exception trying to find an authsvc endpoint", e);
    }
}
Also used : ClientResponse(com.sun.jersey.api.client.ClientResponse) CoordinatorException(com.emc.storageos.coordinator.exceptions.CoordinatorException) AuthSvcInternalApiClientIterator(com.emc.storageos.security.authentication.AuthSvcInternalApiClientIterator) CoordinatorException(com.emc.storageos.coordinator.exceptions.CoordinatorException)

Example 3 with AuthSvcInternalApiClientIterator

use of com.emc.storageos.security.authentication.AuthSvcInternalApiClientIterator in project coprhd-controller by CoprHD.

the class UserInfoHelper method getUserDetails.

/**
 * Gets the groups a user is a member of.
 *
 * @param username the name of the user
 * @return UserGroupList
 */
public UserDetails getUserDetails(String username, StringBuilder error) {
    String endpoint = null;
    String param;
    try {
        param = "?username=" + URLEncoder.encode(username, "UTF-8");
    } catch (UnsupportedEncodingException e) {
        throw APIException.badRequests.unableToEncodeString(username, e);
    }
    int attempts = 0;
    while (attempts < _MAX_VALIDATION_RETRIES) {
        _log.debug("Get user details attempt {}", ++attempts);
        AuthSvcInternalApiClientIterator authSvcClientItr = new AuthSvcInternalApiClientIterator(_authSvcEndPointLocator, _coordinator);
        try {
            if (authSvcClientItr.hasNext()) {
                endpoint = authSvcClientItr.peek().toString();
                _log.info("getUserDetails(): {}", endpoint);
                final ClientResponse response = authSvcClientItr.get(URI.create(_URI_GET_USER_GROUPS + param));
                final int status = response.getStatus();
                _log.debug("Status: {}", status);
                if (status == ClientResponse.Status.OK.getStatusCode()) {
                    return response.getEntity(UserDetails.class);
                } else if (status == ClientResponse.Status.BAD_REQUEST.getStatusCode() || status == ClientResponse.Status.INTERNAL_SERVER_ERROR.getStatusCode()) {
                    ServiceErrorRestRep errorXml = response.getEntity(ServiceErrorRestRep.class);
                    error.append(errorXml.getDetailedMessage());
                    return null;
                } else {
                    _log.warn("Unexpected response code {}.", status);
                }
            }
        } catch (Exception e) {
            _log.error("Exception while getting user groups. Details: " + e.getLocalizedMessage(), e);
        }
    }
    throw SecurityException.retryables.requiredServiceUnvailable(ServiceLocatorInfo.AUTH_SVC.getServiceName());
}
Also used : ClientResponse(com.sun.jersey.api.client.ClientResponse) ServiceErrorRestRep(com.emc.storageos.model.errorhandling.ServiceErrorRestRep) AuthSvcInternalApiClientIterator(com.emc.storageos.security.authentication.AuthSvcInternalApiClientIterator) UnsupportedEncodingException(java.io.UnsupportedEncodingException) APIException(com.emc.storageos.svcs.errorhandling.resources.APIException) SecurityException(com.emc.storageos.security.exceptions.SecurityException) UnsupportedEncodingException(java.io.UnsupportedEncodingException)

Example 4 with AuthSvcInternalApiClientIterator

use of com.emc.storageos.security.authentication.AuthSvcInternalApiClientIterator in project coprhd-controller by CoprHD.

the class CertificateVersionHelper method updateCertificateVersion.

public boolean updateCertificateVersion() {
    int attempts = 0;
    while (attempts < MAX_CONFIG_RETRIES) {
        log.debug("Config attempt {}", ++attempts);
        AuthSvcInternalApiClientIterator sysSvcClientItr = new AuthSvcInternalApiClientIterator(sysSvcEndPointLocator, coordinator);
        if (sysSvcClientItr.hasNext()) {
            final ClientResponse response = sysSvcClientItr.put(URI_INCREMENT_CERTIFICATE_VERSION, null);
            final int status = response.getStatus();
            if (status == ClientResponse.Status.OK.getStatusCode() || status == ClientResponse.Status.ACCEPTED.getStatusCode()) {
                return true;
            } else {
                log.debug("Failed with status " + status + " to set certificate version.");
            }
        }
    }
    return false;
}
Also used : ClientResponse(com.sun.jersey.api.client.ClientResponse) AuthSvcInternalApiClientIterator(com.emc.storageos.security.authentication.AuthSvcInternalApiClientIterator)

Example 5 with AuthSvcInternalApiClientIterator

use of com.emc.storageos.security.authentication.AuthSvcInternalApiClientIterator in project coprhd-controller by CoprHD.

the class PasswordUtils method changePassword.

/**
 * a wrapper to call change-password internal API or validate-change internal API in PasswordService
 *
 * bDryRun: if true, call validate-change internal API
 * if false, call change-password internal API
 *
 * @param passwordChange
 * @param bDryRun
 * @return
 */
public Response changePassword(PasswordChangeParam passwordChange, boolean bDryRun) {
    SysSvcEndPointLocator sysSvcEndPointLocator = new SysSvcEndPointLocator();
    sysSvcEndPointLocator.setCoordinator(coordinator);
    int attempts = 0;
    ClientResponse response = null;
    while (attempts < MAX_CONFIG_RETRIES) {
        _log.debug("change password attempt {}", ++attempts);
        AuthSvcInternalApiClientIterator sysSvcClientItr = new AuthSvcInternalApiClientIterator(sysSvcEndPointLocator, coordinator);
        try {
            if (sysSvcClientItr.hasNext()) {
                if (bDryRun) {
                    _log.debug("change password dry run");
                    response = sysSvcClientItr.post(URI_VALIDATE_PASSWORD, passwordChange);
                } else {
                    response = sysSvcClientItr.put(URI_CHANGE_PASSWORD, passwordChange);
                }
                _log.debug("change password response with status: " + response.getStatus());
                break;
            }
        } catch (Exception exception) {
            // log the exception and retry the request
            _log.warn(exception.getMessage());
            if (attempts == MAX_CONFIG_RETRIES - 1) {
                throw exception;
            }
        }
    }
    Response.ResponseBuilder b = Response.status(response.getStatus());
    if (!(response.getStatus() == ClientResponse.Status.NO_CONTENT.getStatusCode())) {
        b.entity(response.getEntity(String.class));
    }
    return b.build();
}
Also used : ClientResponse(com.sun.jersey.api.client.ClientResponse) ClientResponse(com.sun.jersey.api.client.ClientResponse) Response(javax.ws.rs.core.Response) AuthSvcInternalApiClientIterator(com.emc.storageos.security.authentication.AuthSvcInternalApiClientIterator) APIException(com.emc.storageos.svcs.errorhandling.resources.APIException) BadRequestException(com.emc.storageos.svcs.errorhandling.resources.BadRequestException) CoordinatorException(com.emc.storageos.coordinator.exceptions.CoordinatorException) SysSvcEndPointLocator(com.emc.storageos.security.authentication.SysSvcEndPointLocator)

Aggregations

AuthSvcInternalApiClientIterator (com.emc.storageos.security.authentication.AuthSvcInternalApiClientIterator)9 ClientResponse (com.sun.jersey.api.client.ClientResponse)9 APIException (com.emc.storageos.svcs.errorhandling.resources.APIException)7 SecurityException (com.emc.storageos.security.exceptions.SecurityException)6 UnsupportedEncodingException (java.io.UnsupportedEncodingException)6 FatalSecurityException (com.emc.storageos.security.exceptions.FatalSecurityException)5 InternalServerErrorException (com.emc.storageos.svcs.errorhandling.resources.InternalServerErrorException)5 ServiceErrorRestRep (com.emc.storageos.model.errorhandling.ServiceErrorRestRep)4 CoordinatorException (com.emc.storageos.coordinator.exceptions.CoordinatorException)2 SysSvcEndPointLocator (com.emc.storageos.security.authentication.SysSvcEndPointLocator)1 BadRequestException (com.emc.storageos.svcs.errorhandling.resources.BadRequestException)1 Response (javax.ws.rs.core.Response)1