use of com.tremolosecurity.config.util.UrlHolder in project OpenUnison by TremoloSecurity.
the class PersistentCookie method doWork.
private void doWork(HttpServletRequest request, HttpServletResponse response, AuthStep as) throws IOException, ServletException {
as.setExecuted(true);
MyVDConnection myvd = cfgMgr.getMyVD();
// HttpSession session = (HttpSession) req.getAttribute(ConfigFilter.AUTOIDM_SESSION);//((HttpServletRequest) req).getSession(); //SharedSession.getSharedSession().getSession(req.getSession().getId());
// SharedSession.getSharedSession().getSession(req.getSession().getId());
HttpSession session = ((HttpServletRequest) request).getSession();
UrlHolder holder = (UrlHolder) request.getAttribute(ProxyConstants.AUTOIDM_CFG);
if (holder == null) {
throw new ServletException("Holder is null");
}
RequestHolder reqHolder = ((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).getHolder();
String urlChain = holder.getUrl().getAuthChain();
AuthChainType act = holder.getConfig().getAuthChains().get(reqHolder.getAuthChainName());
HashMap<String, Attribute> authParams = (HashMap<String, Attribute>) session.getAttribute(ProxyConstants.AUTH_MECH_PARAMS);
Attribute attr = authParams.get("cookieName");
if (attr == null) {
throw new ServletException("No cookie name specified");
}
String cookieName = attr.getValues().get(0);
boolean useSSLSessionID;
attr = authParams.get("useSSLSessionID");
if (attr == null) {
useSSLSessionID = false;
} else {
useSSLSessionID = attr.getValues().get(0).equalsIgnoreCase("true");
}
attr = authParams.get("millisToLive");
if (attr == null) {
throw new ServletException("No milliseconds to live specified");
}
long millisToLive = Long.parseLong(attr.getValues().get(0));
attr = authParams.get("keyAlias");
if (attr == null) {
throw new ServletException("No key name specified");
}
String keyAlias = attr.getValues().get(0);
Cookie authCookie = null;
if (request.getCookies() == null) {
as.setSuccess(false);
holder.getConfig().getAuthManager().nextAuth(request, response, session, false);
return;
}
for (Cookie cookie : request.getCookies()) {
if (cookie.getName().equalsIgnoreCase(cookieName)) {
authCookie = cookie;
break;
}
}
if (authCookie == null) {
as.setSuccess(false);
holder.getConfig().getAuthManager().nextAuth(request, response, session, false);
return;
}
com.tremolosecurity.lastmile.LastMile lastmile = new com.tremolosecurity.lastmile.LastMile();
SecretKey key = this.cfgMgr.getSecretKey(keyAlias);
if (key == null) {
throw new ServletException("Secret key '" + keyAlias + "' does not exist");
}
try {
String cookieVal = authCookie.getValue();
if (cookieVal.startsWith("\"")) {
cookieVal = cookieVal.substring(1, cookieVal.length() - 1);
}
lastmile.loadLastMielToken(cookieVal, key);
} catch (Exception e) {
logger.warn("Could not decrypt cookie", e);
as.setSuccess(false);
holder.getConfig().getAuthManager().nextAuth(request, response, session, false);
return;
}
if (!lastmile.isValid()) {
logger.warn("Cookie no longer valid");
as.setSuccess(false);
holder.getConfig().getAuthManager().nextAuth(request, response, session, false);
return;
}
boolean found = false;
boolean validip = false;
boolean validSslSessionId = !useSSLSessionID;
String dn = null;
for (Attribute attrib : lastmile.getAttributes()) {
if (attrib.getName().equalsIgnoreCase("CLIENT_IP")) {
validip = attrib.getValues().get(0).equals(request.getRemoteAddr());
} else if (attrib.getName().equalsIgnoreCase("DN")) {
dn = attrib.getValues().get(0);
} else if (attrib.getName().equalsIgnoreCase("SSL_SESSION_ID")) {
Object sessionID = request.getAttribute("javax.servlet.request.ssl_session_id");
if (sessionID instanceof byte[]) {
sessionID = new String(Base64.encodeBase64((byte[]) sessionID));
}
validSslSessionId = attrib.getValues().get(0).equals(sessionID);
}
}
if (dn != null && validip && validSslSessionId) {
try {
LDAPSearchResults res = myvd.search(dn, 0, "(objectClass=*)", new ArrayList<String>());
if (res.hasMore()) {
LDAPEntry entry = res.next();
Iterator<LDAPAttribute> it = entry.getAttributeSet().iterator();
AuthInfo authInfo = new AuthInfo(entry.getDN(), (String) session.getAttribute(ProxyConstants.AUTH_MECH_NAME), act.getName(), act.getLevel());
((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).setAuthInfo(authInfo);
while (it.hasNext()) {
LDAPAttribute ldapattr = it.next();
attr = new Attribute(ldapattr.getName());
String[] vals = ldapattr.getStringValueArray();
for (int i = 0; i < vals.length; i++) {
attr.getValues().add(vals[i]);
}
authInfo.getAttribs().put(attr.getName(), attr);
}
as.setSuccess(true);
} else {
as.setSuccess(false);
}
} catch (LDAPException e) {
if (e.getResultCode() != LDAPException.INVALID_CREDENTIALS) {
logger.error("Could not authenticate user", e);
}
as.setSuccess(false);
}
} else {
as.setSuccess(false);
}
holder.getConfig().getAuthManager().nextAuth(request, response, session, false);
}
use of com.tremolosecurity.config.util.UrlHolder in project OpenUnison by TremoloSecurity.
the class SecretQuestionAuth method doPost.
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response, AuthStep as) throws IOException, ServletException {
MyVDConnection myvd = cfgMgr.getMyVD();
// HttpSession session = (HttpSession) req.getAttribute(ConfigFilter.AUTOIDM_SESSION);//((HttpServletRequest) req).getSession(); //SharedSession.getSharedSession().getSession(req.getSession().getId());
// SharedSession.getSharedSession().getSession(req.getSession().getId());
HttpSession session = ((HttpServletRequest) request).getSession();
UrlHolder holder = (UrlHolder) request.getAttribute(ProxyConstants.AUTOIDM_CFG);
RequestHolder reqHolder = ((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).getHolder();
HashMap<String, Attribute> authParams = (HashMap<String, Attribute>) session.getAttribute(ProxyConstants.AUTH_MECH_PARAMS);
String alg = authParams.get("alg").getValues().get(0);
String salt = authParams.get("salt").getValues().get(0);
String urlChain = holder.getUrl().getAuthChain();
AuthChainType act = holder.getConfig().getAuthChains().get(reqHolder.getAuthChainName());
AuthMechType amt = act.getAuthMech().get(as.getId());
ArrayList<SecretQuestion> questions = (ArrayList<SecretQuestion>) request.getSession(true).getAttribute("TREMOLO_SECRET_ANSWERS");
if (questions == null) {
this.doGet(request, response, as);
return;
}
int i = 0;
StringBuffer b = new StringBuffer();
for (SecretQuestion sq : questions) {
b.setLength(0);
b.append("answer").append(i);
String answer = request.getParameter(b.toString());
if (!sq.checkAnswer(alg, answer, salt)) {
if (amt.getRequired().equals("required")) {
as.setSuccess(false);
holder.getConfig().getAuthManager().nextAuth(request, response, session, false);
return;
}
}
i++;
}
as.setSuccess(true);
holder.getConfig().getAuthManager().nextAuth(request, response, session, false);
}
use of com.tremolosecurity.config.util.UrlHolder in project OpenUnison by TremoloSecurity.
the class AcknowledgeAuthMech method doPost.
@Override
public void doPost(HttpServletRequest req, HttpServletResponse resp, AuthStep as) throws ServletException, IOException {
if (req.getParameter("acknowledge") == null) {
this.doGet(req, resp, as);
return;
}
// SharedSession.getSharedSession().getSession(req.getSession().getId());
HttpSession session = ((HttpServletRequest) req).getSession();
UrlHolder holder = (UrlHolder) req.getAttribute(ProxyConstants.AUTOIDM_CFG);
RequestHolder reqHolder = ((AuthController) req.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getHolder();
HashMap<String, Attribute> authParams = (HashMap<String, Attribute>) session.getAttribute(ProxyConstants.AUTH_MECH_PARAMS);
String urlChain = holder.getUrl().getAuthChain();
AuthChainType act = holder.getConfig().getAuthChains().get(reqHolder.getAuthChainName());
AuthMechType amt = act.getAuthMech().get(as.getId());
if (req.getParameter("acknowledge") != null && req.getParameter("acknowledge").equalsIgnoreCase("yes")) {
as.setSuccess(true);
} else {
as.setSuccess(false);
}
String redirectToURL = req.getParameter("target");
if (redirectToURL != null && !redirectToURL.isEmpty()) {
reqHolder.setURL(redirectToURL);
}
holder.getConfig().getAuthManager().nextAuth(req, resp, session, false);
}
use of com.tremolosecurity.config.util.UrlHolder in project OpenUnison by TremoloSecurity.
the class AnonAuth method setAnonCtx.
private void setAnonCtx(HttpServletRequest request, HttpServletResponse response, AuthStep as) throws ServletException, IOException {
// SharedSession.getSharedSession().getSession(req.getSession().getId());
HttpSession session = request.getSession();
UrlHolder holder = (UrlHolder) request.getAttribute(ProxyConstants.AUTOIDM_CFG);
String urlChain = holder.getUrl().getAuthChain();
AuthChainType act = holder.getConfig().getAuthChains().get(urlChain);
AuthMechType amt = act.getAuthMech().get(as.getId());
createSession(session, act);
as.setSuccess(true);
holder.getConfig().getAuthManager().nextAuth(request, response, session, false);
}
use of com.tremolosecurity.config.util.UrlHolder in project OpenUnison by TremoloSecurity.
the class AuthMgrSys method doAuthMgr.
public void doAuthMgr(HttpServletRequest request, HttpServletResponse response, NextSys nextSys, AuthStep as) throws ServletException, IOException {
// String prefix = "/auth";
// uri = uri.substring(prefix.length());
String uri = request.getRequestURI();
UrlHolder holder = (UrlHolder) request.getAttribute(ProxyConstants.AUTOIDM_CFG);
ConfigManager cfgMgr = (ConfigManager) request.getAttribute(ProxyConstants.TREMOLO_CFG_OBJ);
AuthController actl = (AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL);
String actName = "";
if (actl != null && actl.getHolder() == null && holder == null) {
AuthMechanism authMech = cfgMgr.getAuthMech(request.getRequestURI());
if (authMech != null) {
String finalURL = authMech.getFinalURL(request, response);
if (finalURL != null) {
try {
holder = cfgMgr.findURL(finalURL);
String urlChain = holder.getUrl().getAuthChain();
AuthChainType act = holder.getConfig().getAuthChains().get(urlChain);
HashMap<String, Attribute> params = new HashMap<String, Attribute>();
ProxyUtil.loadParams(request, params);
actl.setHolder(new RequestHolder(HTTPMethod.GET, params, finalURL, true, act.getName(), ((ProxyRequest) request).getQueryStringParams()));
request.setAttribute(ProxyConstants.AUTOIDM_CFG, holder);
String authChain = holder.getUrl().getAuthChain();
holder.getConfig().getAuthManager().loadAmtParams(request.getSession(), act.getAuthMech().get(0));
} catch (Exception e) {
throw new ServletException("Could not run authentication", e);
}
}
} else {
throw new ServletException("Unknown URI : " + request.getRequestURI());
}
}
if (actl != null && actl.getHolder() != null) {
actName = actl.getHolder().getAuthChainName();
} else {
if (holder != null) {
actName = holder.getUrl().getAuthChain();
} else {
actName = null;
}
}
AuthChainType act = actName != null ? cfgMgr.getAuthChains().get(actName) : null;
AuthMechanism mech = cfgMgr.getAuthMech(uri);
if (mech == null || act == null) {
nextSys.nextSys(request, response);
return;
}
act = AuthManagerImpl.buildACT(act, cfgMgr);
int step = 0;
if (as != null) {
AuthMechType amt = act.getAuthMech().get(as.getId());
String amtName = amt.getName();
MechanismType mech2 = cfgMgr.getAuthMechs().get(amtName);
if (!request.getRequestURI().endsWith(mech2.getUri())) {
logger.warn("Attempted double post");
StringBuilder sb = new StringBuilder().append(cfgMgr.getAuthFormsPath()).append("/resetChain.jsp");
response.sendRedirect(sb.toString());
return;
}
step = as.getId();
}
String authMechName = act.getAuthMech().get(step).getName();
MechanismType mt = cfgMgr.getAuthMechs().get(authMechName);
String ruri = request.getRequestURI();
String forwardedURI = (String) request.getAttribute("javax.servlet.forward.request_uri");
if (forwardedURI != null) {
ruri = forwardedURI;
}
if (request.getMethod().equalsIgnoreCase("get")) {
mech.doGet(request, response, as);
} else if (request.getMethod().equalsIgnoreCase("post")) {
mech.doPost(request, response, as);
} else if (request.getMethod().equalsIgnoreCase("put") || request.getMethod().equalsIgnoreCase("patch")) {
mech.doPut(request, response, as);
} else if (request.getMethod().equalsIgnoreCase("delete")) {
mech.doDelete(request, response, as);
} else if (request.getMethod().equalsIgnoreCase("head")) {
mech.doHead(request, response, as);
} else if (request.getMethod().equalsIgnoreCase("options")) {
mech.doOptions(request, response, as);
} else {
mech.doGet(request, response, as);
}
// check for a failed authenction
// Boolean bool = (Boolean) request.getAttribute(AuthMgrSys.AU_RES);
// HttpSession session = ((HttpServletRequest) request).getSession(true);
// session = SharedSession.getSharedSession().getSession(session.getId());
// AuthInfo authData = (AuthInfo) session.getAttribute(AuthSys.AUTH_DATA);
// String urlChain = holder.getUrl().getAuthChain();
// AuthChainType act = holder.getConfig().getAuthChains().get(urlChain);
/*if (urlChain != null && bool != null) {
processAuthResp(request, response, holder, bool);
}*/
}
Aggregations