Search in sources :

Example 6 with ApplicationType

use of com.tremolosecurity.config.xml.ApplicationType in project OpenUnison by TremoloSecurity.

the class ScaleMain method initFilter.

@Override
public void initFilter(HttpFilterConfig config) throws Exception {
    this.scaleConfig = new ScaleConfig();
    scaleConfig.setDisplayNameAttribute(this.loadAttributeValue("displayNameAttribute", "Display Name Attribute Name", config));
    scaleConfig.getFrontPage().setTitle(this.loadAttributeValue("frontPage.title", "Front Page Title", config));
    scaleConfig.getFrontPage().setText(this.loadAttributeValue("frontPage.text", "Front Page Text", config));
    scaleConfig.setCanEditUser(this.loadAttributeValue("canEditUser", "User Fields Editable", config).equalsIgnoreCase("true"));
    scaleConfig.setWorkflowName(this.loadAttributeValue("workflowName", "Save User Workflow", config));
    scaleConfig.setUidAttributeName(this.loadAttributeValue("uidAttributeName", "User ID Attribute Name", config));
    scaleConfig.setShowPortalOrgs(this.loadAttributeValue("showPortalOrgs", "Show Portal Orgs", config).equalsIgnoreCase("true"));
    scaleConfig.setLogoutURL(this.loadAttributeValue("logoutURL", "Logout URL", config));
    scaleConfig.setWarnMinutesLeft(Integer.parseInt(this.loadAttributeValue("warnMinutesLeft", "Warn when number of minutes left in the user's session", config)));
    String val = this.loadOptionalAttributeValue("canDelegate", "canDelegate", config);
    if (val == null) {
        val = "NO";
    }
    scaleConfig.setCanDelegate(PreCheckAllowed.valueOf(val.toUpperCase()));
    val = this.loadOptionalAttributeValue("canPreApprove", "canPreApprove", config);
    if (val == null) {
        val = "NO";
    }
    scaleConfig.setCanPreApprove(PreCheckAllowed.valueOf(val.toUpperCase()));
    val = this.loadOptionalAttributeValue("enableApprovals", "enableApprovals", config);
    if (val == null) {
        scaleConfig.setEnableApprovals(true);
    } else {
        scaleConfig.setEnableApprovals(val.equalsIgnoreCase("true"));
    }
    val = this.loadOptionalAttributeValue("roleAttribute", "Role Attribute Name", config);
    this.appType = new ApplicationType();
    this.appType.setAzTimeoutMillis((long) 3000);
    if (val != null) {
        scaleConfig.setRoleAttribute(val);
    }
    Attribute attr = config.getAttribute("attributeNames");
    if (attr == null) {
        throw new Exception("Attribute names not found");
    }
    for (String attributeName : attr.getValues()) {
        ScaleAttribute scaleAttr = new ScaleAttribute();
        scaleAttr.setName(attributeName);
        scaleAttr.setDisplayName(this.loadAttributeValue(attributeName + ".displayName", attributeName + " Display Name", config));
        scaleAttr.setReadOnly(this.loadAttributeValue(attributeName + ".readOnly", attributeName + " Read Only", config).equalsIgnoreCase("true"));
        val = this.loadOptionalAttributeValue(attributeName + ".required", attributeName + " Required", config);
        scaleAttr.setRequired(val != null && val.equalsIgnoreCase("true"));
        val = this.loadOptionalAttributeValue(attributeName + ".regEx", attributeName + " Reg Ex", config);
        if (val != null) {
            scaleAttr.setRegEx(val);
        }
        val = this.loadOptionalAttributeValue(attributeName + ".regExFailedMsg", attributeName + " Reg Ex Failed Message", config);
        if (val != null) {
            scaleAttr.setRegExFailedMsg(val);
        }
        val = this.loadOptionalAttributeValue(attributeName + ".minChars", attributeName + " Minimum Characters", config);
        if (val != null) {
            scaleAttr.setMinChars(Integer.parseInt(val));
        }
        val = this.loadOptionalAttributeValue(attributeName + ".mxnChars", attributeName + " Maximum Characters", config);
        if (val != null) {
            scaleAttr.setMaxChars(Integer.parseInt(val));
        }
        val = this.loadOptionalAttributeValue(attributeName + ".type", attributeName + " Attribute Type", config);
        if (val != null) {
            scaleAttr.setType(val);
        }
        Attribute attrVals = config.getAttribute(attributeName + ".values");
        if (attrVals != null) {
            for (String attrVal : attrVals.getValues()) {
                String valLabel = attrVal.substring(0, attrVal.indexOf('='));
                String valValue = attrVal.substring(attrVal.indexOf('=') + 1);
                scaleAttr.getValues().add(new NVP(valLabel, valValue));
            }
        }
        scaleConfig.getAttributes().put(attributeName, scaleAttr);
        scaleConfig.getUserAttributeList().add(attributeName);
    }
    if (scaleConfig.isEnableApprovals()) {
        attr = config.getAttribute("approvalAttributeNames");
        if (attr == null) {
            throw new Exception("Approval attribute names not found");
        }
        for (String attributeName : attr.getValues()) {
            ScaleAttribute scaleAttr = new ScaleAttribute();
            scaleAttr.setName(attributeName);
            scaleAttr.setDisplayName(this.loadAttributeValue("approvals." + attributeName, "Approvals attribute " + attributeName + " Display Name", config));
            scaleConfig.getApprovalAttributes().put(attributeName, scaleAttr);
        }
        val = this.loadOptionalAttributeValue("uiHelperClassName", "UI Helper Class Name", config);
        if (val != null && !val.isEmpty()) {
            UiDecisions dec = (UiDecisions) Class.forName(val).newInstance();
            attr = config.getAttribute("uihelper.params");
            HashMap<String, Attribute> decCfg = new HashMap<String, Attribute>();
            if (attr != null) {
                for (String v : attr.getValues()) {
                    String name = v.substring(0, v.indexOf('='));
                    String value = v.substring(v.indexOf('=') + 1);
                    Attribute param = decCfg.get(name);
                    if (param == null) {
                        param = new Attribute(name);
                        decCfg.put(name, param);
                    }
                    param.getValues().add(value);
                }
            }
            dec.init(decCfg);
            scaleConfig.setUiDecisions(dec);
        }
        val = this.loadOptionalAttributeValue("reasonIsList", "reasonIsList", config);
        if (val == null) {
            val = "false";
        }
        scaleConfig.setReasonIsList(val.equalsIgnoreCase("true"));
        if (scaleConfig.isReasonIsList()) {
            Attribute reasons = config.getAttribute("reasons");
            if (reasons != null) {
                scaleConfig.getReasons().addAll(reasons.getValues());
            }
        }
    }
}
Also used : ScaleAttribute(com.tremolosecurity.scalejs.cfg.ScaleAttribute) ApplicationType(com.tremolosecurity.config.xml.ApplicationType) Attribute(com.tremolosecurity.saml.Attribute) LDAPAttribute(com.novell.ldap.LDAPAttribute) ScaleAttribute(com.tremolosecurity.scalejs.cfg.ScaleAttribute) HashMap(java.util.HashMap) NVP(com.tremolosecurity.util.NVP) XSSFRichTextString(org.apache.poi.xssf.usermodel.XSSFRichTextString) RichTextString(org.apache.poi.ss.usermodel.RichTextString) UiDecisions(com.tremolosecurity.scalejs.sdk.UiDecisions) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) LDAPException(com.novell.ldap.LDAPException) SQLException(java.sql.SQLException) IOException(java.io.IOException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) MalformedURLException(java.net.MalformedURLException) ScaleConfig(com.tremolosecurity.scalejs.cfg.ScaleConfig)

Example 7 with ApplicationType

use of com.tremolosecurity.config.xml.ApplicationType in project OpenUnison by TremoloSecurity.

the class ScaleJSOperator method initFilter.

@Override
public void initFilter(HttpFilterConfig config) throws Exception {
    this.config = new OperatorsConfig();
    Attribute bases = config.getAttribute("bases");
    if (bases == null) {
        throw new Exception("bases not set");
    }
    for (String base : bases.getValues()) {
        String desc = base.substring(0, base.indexOf('='));
        String ldap = base.substring(base.indexOf('=') + 1);
        this.config.getBaseLabelToDN().put(desc, ldap);
        this.config.getSearchBases().add(desc);
    }
    Attribute attr = config.getAttribute("searchableAttributes");
    if (attr == null) {
        throw new Exception("searchableAttributes not found");
    }
    for (String searchable : attr.getValues()) {
        String name = searchable.substring(0, searchable.indexOf('='));
        String label = searchable.substring(searchable.indexOf('=') + 1);
        this.config.getSearchableAttributes().add(new AttributeConfig(name, label, ""));
    }
    attr = config.getAttribute("resultAttributes");
    if (attr == null) {
        throw new Exception("resultAttributes not found");
    }
    for (String resultAttr : attr.getValues()) {
        String name = resultAttr.substring(0, resultAttr.indexOf('='));
        String label = resultAttr.substring(resultAttr.indexOf('=') + 1);
        this.config.getResultsAttributes().add(new AttributeConfig(name, label, ""));
    }
    this.config.setScaleJsMainUri(this.loadAttributeValue("scaleMainURI", "Scale Main URI", config));
    this.config.setHomeUrl(this.loadAttributeValue("homeUrl", "Home URL", config));
    this.scalejsAppName = this.loadAttributeValue("scaleMainAppName", "Scale Main Application", config);
    ApplicationType app = null;
    for (ApplicationType at : config.getConfigManager().getCfg().getApplications().getApplication()) {
        if (at.getName().equalsIgnoreCase(scalejsAppName)) {
            app = at;
        }
    }
    if (app == null) {
        throw new Exception(scalejsAppName + " does not exist");
    }
    for (UrlType url : app.getUrls().getUrl()) {
        if (url.getUri().equalsIgnoreCase(this.config.getScaleJsMainUri())) {
            this.scaleJsUrl = url;
        }
    }
    if (this.scaleJsUrl == null) {
        throw new Exception("Could not find url for ScaleJS Main");
    }
    this.scaleMainURL = "https://" + this.scaleJsUrl.getHost().get(0) + this.scaleJsUrl.getUri();
    HashMap<String, Attribute> decCfg = new HashMap<String, Attribute>();
    for (FilterConfigType filter : this.scaleJsUrl.getFilterChain().getFilter()) {
        if (filter.getClazz().equalsIgnoreCase("com.tremolosecurity.scalejs.ws.ScaleMain")) {
            for (ParamWithValueType pt : filter.getParam()) {
                if (pt.getName().equalsIgnoreCase("uiHelperClassName")) {
                    this.dec = (UiDecisions) Class.forName(pt.getValue()).newInstance();
                } else if (pt.getName().equalsIgnoreCase("uihelper.params")) {
                    String v = pt.getValue();
                    String name = v.substring(0, v.indexOf('='));
                    String value = v.substring(v.indexOf('=') + 1);
                    Attribute param = decCfg.get(name);
                    if (param == null) {
                        param = new Attribute(name);
                        decCfg.put(name, param);
                    }
                    param.getValues().add(value);
                }
            }
        }
    }
    if (this.dec != null) {
        this.dec.init(decCfg);
    }
}
Also used : ApplicationType(com.tremolosecurity.config.xml.ApplicationType) LDAPAttribute(com.novell.ldap.LDAPAttribute) Attribute(com.tremolosecurity.saml.Attribute) HashMap(java.util.HashMap) FilterConfigType(com.tremolosecurity.config.xml.FilterConfigType) OperatorsConfig(com.tremolosecurity.scalejs.operators.config.OperatorsConfig) ParamWithValueType(com.tremolosecurity.config.xml.ParamWithValueType) AttributeConfig(com.tremolosecurity.scalejs.operators.config.AttributeConfig) UrlType(com.tremolosecurity.config.xml.UrlType) LDAPException(com.novell.ldap.LDAPException) IOException(java.io.IOException)

Example 8 with ApplicationType

use of com.tremolosecurity.config.xml.ApplicationType in project OpenUnison by TremoloSecurity.

the class SessionTimeoutChecker method locateSession.

private HttpSession locateSession(UrlHolder holder, HttpServletRequest request, ServletContext ctx, String cookieName, HttpServletResponse resp) throws Exception {
    Cookie sessionCookie = null;
    Cookie[] cookies = request.getCookies();
    if (cookies != null) {
        for (int i = 0; i < cookies.length; i++) {
            Cookie cookie = cookies[i];
            if (cookie.getName().equalsIgnoreCase(cookieName)) {
                sessionCookie = cookie;
                break;
            }
        }
    }
    ConfigManager cfg = (ConfigManager) ctx.getAttribute(ProxyConstants.TREMOLO_CONFIG);
    ApplicationType app;
    if (holder != null) {
        app = holder.getApp();
    } else {
        app = null;
        String appName = null;
        if (cookies != null) {
            for (int i = 0; i < cookies.length; i++) {
                if (cookies[i].getName().equals("autoIdmAppName")) {
                    appName = URLDecoder.decode(cookies[i].getValue(), "UTF-8");
                    break;
                }
            }
        }
        if (appName == null) {
            // TODO create open session
            if (cookies != null) {
                for (int i = 0; i < cookies.length; i++) {
                    if (cookies[i].getName().equals(cfg.getCfg().getApplications().getOpenSessionCookieName())) {
                        String sessionID = cookies[i].getValue();
                        TremoloHttpSession tsession = this.sessions.get(sessionID);
                        // TODO add timeouts
                        if (tsession == null) {
                            return this.createOpenSession(request, resp, ctx);
                        } else {
                            return tsession;
                        }
                    }
                }
            }
            return createOpenSession(request, resp, ctx);
        } else {
            app = cfg.getApp(appName);
            if (app == null) {
                throw new Exception("No application named '" + appName + "' found");
            }
        }
    }
    SecretKey encKey = cfg.getSecretKey(app.getCookieConfig().getKeyAlias());
    if (sessionCookie == null) {
        // if (tsession != null) tsession.invalidate();
        return createSession(app, request, resp, ctx, encKey);
    } else {
        HttpSession session = null;
        try {
            try {
                TremoloHttpSession tsession = findSessionFromCookie(sessionCookie, encKey, this);
                if (tsession == null) {
                    return createSession(app, request, resp, ctx, encKey);
                }
                String fromSessionID = (String) tsession.getAttribute(OpenUnisonConstants.TREMOLO_SESSION_ID);
                if (app.getCookieConfig().getTimeout() > 0) {
                    if (logger.isDebugEnabled()) {
                        logger.debug("Application - '" + tsession.getAppName() + "' - Timeout greater then 0");
                    }
                    ExternalSessionExpires extSession = (ExternalSessionExpires) tsession.getAttribute(SessionManagerImpl.TREMOLO_EXTERNAL_SESSION);
                    if (extSession != null) {
                        if (logger.isDebugEnabled()) {
                            logger.debug("Application - '" + tsession.getAppName() + "' - External session");
                        }
                        DateTime now = new DateTime();
                        DateTime lastAccessed = (DateTime) tsession.getAttribute(SessionManagerImpl.TREMOLO_SESSION_LAST_ACCESSED);
                        if (logger.isDebugEnabled()) {
                            logger.debug("Application - '" + tsession.getAppName() + "' - now='" + now + "' ext expires='" + extSession.getExpires() + "' expired='" + (extSession.getExpires() < now.getMillis()) + "'");
                            logger.debug("Application - '" + tsession.getAppName() + "' - now='" + now + "' expires='" + lastAccessed + "' expired='" + (now.minusSeconds(app.getCookieConfig().getTimeout()).isAfter(lastAccessed)) + "'");
                        }
                        if ((extSession.getExpires() < now.getMillis()) && (now.minusSeconds(app.getCookieConfig().getTimeout()).isAfter(lastAccessed))) {
                            if (logger.isDebugEnabled()) {
                                logger.debug("Application - '" + tsession.getAppName() + "' - Invalidating and creating");
                            }
                            // external session has expired, create a new one
                            tsession.invalidate();
                            return createSession(app, request, resp, ctx, encKey);
                        } else {
                            if (logger.isDebugEnabled()) {
                                logger.debug("Application - '" + tsession.getAppName() + "' - Session OK");
                            }
                            tsession.setAttribute(SessionManagerImpl.TREMOLO_SESSION_LAST_ACCESSED, now);
                            session = tsession;
                        }
                    } else {
                        if (logger.isDebugEnabled()) {
                            logger.debug("Application - '" + tsession.getAppName() + "' - Not external session");
                        }
                        DateTime lastAccessed = (DateTime) tsession.getAttribute(SessionManagerImpl.TREMOLO_SESSION_LAST_ACCESSED);
                        DateTime now = new DateTime();
                        if (logger.isDebugEnabled()) {
                            logger.debug("Application - '" + tsession.getAppName() + "' - now='" + now + "' expires='" + lastAccessed + "' expired='" + (now.minusSeconds(app.getCookieConfig().getTimeout()).isAfter(lastAccessed)) + "'");
                        }
                        if (now.minusSeconds(app.getCookieConfig().getTimeout()).isAfter(lastAccessed)) {
                            if (logger.isDebugEnabled()) {
                                logger.debug("Application - '" + tsession.getAppName() + "' - Invalidating sesssion and recreating");
                            }
                            tsession.invalidate();
                            return createSession(app, request, resp, ctx, encKey);
                        } else {
                            if (logger.isDebugEnabled()) {
                                logger.debug("Application - '" + tsession.getAppName() + "' - Session OK");
                            }
                            tsession.setAttribute(SessionManagerImpl.TREMOLO_SESSION_LAST_ACCESSED, now);
                            session = tsession;
                        }
                    }
                } else {
                    session = tsession;
                }
            } catch (Exception e) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Exception loading session", e);
                }
                return createSession(app, request, resp, ctx, encKey);
            }
        // this.sessions.put(session.getSessionID(), key);
        // }
        } catch (Exception e) {
            logger.error("Error generating session", e);
        }
        if (session == null) {
            // session.invalidate();
            return createSession(app, request, resp, ctx, encKey);
        }
        return session;
    }
}
Also used : Cookie(javax.servlet.http.Cookie) ApplicationType(com.tremolosecurity.config.xml.ApplicationType) SecretKey(javax.crypto.SecretKey) HttpSession(javax.servlet.http.HttpSession) ConfigManager(com.tremolosecurity.config.util.ConfigManager) ServletException(javax.servlet.ServletException) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException) IOException(java.io.IOException) BadPaddingException(javax.crypto.BadPaddingException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) DateTime(org.joda.time.DateTime)

Example 9 with ApplicationType

use of com.tremolosecurity.config.xml.ApplicationType in project OpenUnison by TremoloSecurity.

the class SessionTimeoutChecker method run.

@Override
public void run() {
    while (stillRun) {
        try {
            ArrayList<String> toremove = new ArrayList<String>();
            Set<String> keys = new HashSet<String>();
            synchronized (this.sessionMgr.getSessions()) {
                keys.addAll(this.sessionMgr.getSessions().keySet());
            }
            for (String key : keys) {
                TremoloHttpSession session = this.sessionMgr.getSessions().get(key);
                if (session == null) {
                    continue;
                }
                ApplicationType app = cfg.getApp(session.getAppName());
                if (session.isOpen()) {
                    if (cfg.getCfg().getApplications().getOpenSessionTimeout() > 0) {
                        ExternalSessionExpires extSession = (ExternalSessionExpires) session.getAttribute(SessionManagerImpl.TREMOLO_EXTERNAL_SESSION);
                        if (extSession != null) {
                            if (extSession.getExpires() < System.currentTimeMillis()) {
                                session.invalidate();
                                toremove.add(key);
                            }
                        } else {
                            DateTime lastAccessed = (DateTime) session.getAttribute(SessionManagerImpl.TREMOLO_SESSION_LAST_ACCESSED);
                            if (lastAccessed == null) {
                                lastAccessed = new DateTime(session.getCreationTime());
                            }
                            DateTime now = new DateTime();
                            if (now.minusSeconds(cfg.getCfg().getApplications().getOpenSessionTimeout()).isAfter(lastAccessed)) {
                                session.invalidate();
                                toremove.add(key);
                            }
                        }
                    }
                } else {
                    if (app == null) {
                        StringBuffer b = new StringBuffer();
                        b.append("Session ").append(session.getId()).append(" application ").append(session.getAppName()).append(" does not exist, invalidating");
                        SessionManagerImpl.logger.warn(b.toString());
                        toremove.add(key);
                        session.invalidate();
                    } else {
                        if (app.getCookieConfig().getTimeout() > 0) {
                            ExternalSessionExpires extSession = (ExternalSessionExpires) session.getAttribute(SessionManagerImpl.TREMOLO_EXTERNAL_SESSION);
                            if (extSession != null) {
                                DateTime lastAccessed = (DateTime) session.getAttribute(SessionManagerImpl.TREMOLO_SESSION_LAST_ACCESSED);
                                DateTime now = new DateTime();
                                if ((extSession.getExpires() < System.currentTimeMillis()) && (now.minusSeconds(app.getCookieConfig().getTimeout()).isAfter(lastAccessed))) {
                                    session.invalidate();
                                    toremove.add(key);
                                }
                            } else {
                                DateTime lastAccessed = (DateTime) session.getAttribute(SessionManagerImpl.TREMOLO_SESSION_LAST_ACCESSED);
                                if (lastAccessed == null) {
                                    lastAccessed = new DateTime(session.getCreationTime());
                                }
                                DateTime now = new DateTime();
                                if (now.minusSeconds(app.getCookieConfig().getTimeout()).isAfter(lastAccessed)) {
                                    session.invalidate();
                                    toremove.add(key);
                                }
                            }
                        }
                    }
                }
            }
            synchronized (this.sessionMgr.getSessions()) {
                StringBuffer b = new StringBuffer();
                b.append("Clearing ").append(toremove.size()).append(" sessions");
                SessionManagerImpl.logger.warn(b.toString());
                for (String key : toremove) {
                    this.sessionMgr.getSessions().remove(key);
                }
            }
            try {
                Thread.sleep(60000);
            } catch (InterruptedException e) {
            }
        } catch (Throwable t) {
            SessionManagerImpl.logger.warn("Exception while processing expired sessions", t);
            try {
                Thread.sleep(60000);
            } catch (InterruptedException e) {
            }
        }
    }
}
Also used : ApplicationType(com.tremolosecurity.config.xml.ApplicationType) ArrayList(java.util.ArrayList) DateTime(org.joda.time.DateTime) HashSet(java.util.HashSet)

Example 10 with ApplicationType

use of com.tremolosecurity.config.xml.ApplicationType in project OpenUnison by TremoloSecurity.

the class AuthorizationAuthMech method init.

@Override
public void init(ServletContext ctx, HashMap<String, Attribute> init) {
    this.azSys = new AzSys();
    this.at = new ApplicationType();
    this.at.setAzTimeoutMillis(3000L);
}
Also used : ApplicationType(com.tremolosecurity.config.xml.ApplicationType)

Aggregations

ApplicationType (com.tremolosecurity.config.xml.ApplicationType)16 IOException (java.io.IOException)6 ParamType (com.tremolosecurity.config.xml.ParamType)5 ArrayList (java.util.ArrayList)5 HashMap (java.util.HashMap)5 ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)4 Attribute (com.tremolosecurity.saml.Attribute)4 ServletException (javax.servlet.ServletException)4 AuthMechParamType (com.tremolosecurity.config.xml.AuthMechParamType)3 FilterConfigType (com.tremolosecurity.config.xml.FilterConfigType)3 ParamWithValueType (com.tremolosecurity.config.xml.ParamWithValueType)3 TrustType (com.tremolosecurity.config.xml.TrustType)3 UrlType (com.tremolosecurity.config.xml.UrlType)3 LDAPAttribute (com.novell.ldap.LDAPAttribute)2 LDAPException (com.novell.ldap.LDAPException)2 AuthChainType (com.tremolosecurity.config.xml.AuthChainType)2 CustomAzRuleType (com.tremolosecurity.config.xml.CustomAzRuleType)2 UnsupportedEncodingException (java.io.UnsupportedEncodingException)2 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2 DateTime (org.joda.time.DateTime)2