Example 6 with ApplicationType
use of com.tremolosecurity.config.xml.ApplicationType in project OpenUnison by TremoloSecurity.
the class ScaleMain method initFilter.
@Override
public void initFilter(HttpFilterConfig config) throws Exception {
this.scaleConfig = new ScaleConfig();
scaleConfig.setDisplayNameAttribute(this.loadAttributeValue("displayNameAttribute", "Display Name Attribute Name", config));
scaleConfig.getFrontPage().setTitle(this.loadAttributeValue("frontPage.title", "Front Page Title", config));
scaleConfig.getFrontPage().setText(this.loadAttributeValue("frontPage.text", "Front Page Text", config));
scaleConfig.setCanEditUser(this.loadAttributeValue("canEditUser", "User Fields Editable", config).equalsIgnoreCase("true"));
scaleConfig.setWorkflowName(this.loadAttributeValue("workflowName", "Save User Workflow", config));
scaleConfig.setUidAttributeName(this.loadAttributeValue("uidAttributeName", "User ID Attribute Name", config));
scaleConfig.setShowPortalOrgs(this.loadAttributeValue("showPortalOrgs", "Show Portal Orgs", config).equalsIgnoreCase("true"));
scaleConfig.setLogoutURL(this.loadAttributeValue("logoutURL", "Logout URL", config));
scaleConfig.setWarnMinutesLeft(Integer.parseInt(this.loadAttributeValue("warnMinutesLeft", "Warn when number of minutes left in the user's session", config)));
String val = this.loadOptionalAttributeValue("canDelegate", "canDelegate", config);
if (val == null) {
val = "NO";
}
scaleConfig.setCanDelegate(PreCheckAllowed.valueOf(val.toUpperCase()));
val = this.loadOptionalAttributeValue("canPreApprove", "canPreApprove", config);
if (val == null) {
val = "NO";
}
scaleConfig.setCanPreApprove(PreCheckAllowed.valueOf(val.toUpperCase()));
val = this.loadOptionalAttributeValue("enableApprovals", "enableApprovals", config);
if (val == null) {
scaleConfig.setEnableApprovals(true);
} else {
scaleConfig.setEnableApprovals(val.equalsIgnoreCase("true"));
}
val = this.loadOptionalAttributeValue("roleAttribute", "Role Attribute Name", config);
this.appType = new ApplicationType();
this.appType.setAzTimeoutMillis((long) 3000);
if (val != null) {
scaleConfig.setRoleAttribute(val);
}
Attribute attr = config.getAttribute("attributeNames");
if (attr == null) {
throw new Exception("Attribute names not found");
}
for (String attributeName : attr.getValues()) {
ScaleAttribute scaleAttr = new ScaleAttribute();
scaleAttr.setName(attributeName);
scaleAttr.setDisplayName(this.loadAttributeValue(attributeName + ".displayName", attributeName + " Display Name", config));
scaleAttr.setReadOnly(this.loadAttributeValue(attributeName + ".readOnly", attributeName + " Read Only", config).equalsIgnoreCase("true"));
val = this.loadOptionalAttributeValue(attributeName + ".required", attributeName + " Required", config);
scaleAttr.setRequired(val != null && val.equalsIgnoreCase("true"));
val = this.loadOptionalAttributeValue(attributeName + ".regEx", attributeName + " Reg Ex", config);
if (val != null) {
scaleAttr.setRegEx(val);
}
val = this.loadOptionalAttributeValue(attributeName + ".regExFailedMsg", attributeName + " Reg Ex Failed Message", config);
if (val != null) {
scaleAttr.setRegExFailedMsg(val);
}
val = this.loadOptionalAttributeValue(attributeName + ".minChars", attributeName + " Minimum Characters", config);
if (val != null) {
scaleAttr.setMinChars(Integer.parseInt(val));
}
val = this.loadOptionalAttributeValue(attributeName + ".mxnChars", attributeName + " Maximum Characters", config);
if (val != null) {
scaleAttr.setMaxChars(Integer.parseInt(val));
}
val = this.loadOptionalAttributeValue(attributeName + ".type", attributeName + " Attribute Type", config);
if (val != null) {
scaleAttr.setType(val);
}
Attribute attrVals = config.getAttribute(attributeName + ".values");
if (attrVals != null) {
for (String attrVal : attrVals.getValues()) {
String valLabel = attrVal.substring(0, attrVal.indexOf('='));
String valValue = attrVal.substring(attrVal.indexOf('=') + 1);
scaleAttr.getValues().add(new NVP(valLabel, valValue));
}
}
scaleConfig.getAttributes().put(attributeName, scaleAttr);
scaleConfig.getUserAttributeList().add(attributeName);
}
if (scaleConfig.isEnableApprovals()) {
attr = config.getAttribute("approvalAttributeNames");
if (attr == null) {
throw new Exception("Approval attribute names not found");
}
for (String attributeName : attr.getValues()) {
ScaleAttribute scaleAttr = new ScaleAttribute();
scaleAttr.setName(attributeName);
scaleAttr.setDisplayName(this.loadAttributeValue("approvals." + attributeName, "Approvals attribute " + attributeName + " Display Name", config));
scaleConfig.getApprovalAttributes().put(attributeName, scaleAttr);
}
val = this.loadOptionalAttributeValue("uiHelperClassName", "UI Helper Class Name", config);
if (val != null && !val.isEmpty()) {
UiDecisions dec = (UiDecisions) Class.forName(val).newInstance();
attr = config.getAttribute("uihelper.params");
HashMap<String, Attribute> decCfg = new HashMap<String, Attribute>();
if (attr != null) {
for (String v : attr.getValues()) {
String name = v.substring(0, v.indexOf('='));
String value = v.substring(v.indexOf('=') + 1);
Attribute param = decCfg.get(name);
if (param == null) {
param = new Attribute(name);
decCfg.put(name, param);
}
param.getValues().add(value);
}
}
dec.init(decCfg);
scaleConfig.setUiDecisions(dec);
}
val = this.loadOptionalAttributeValue("reasonIsList", "reasonIsList", config);
if (val == null) {
val = "false";
}
scaleConfig.setReasonIsList(val.equalsIgnoreCase("true"));
if (scaleConfig.isReasonIsList()) {
Attribute reasons = config.getAttribute("reasons");
if (reasons != null) {
scaleConfig.getReasons().addAll(reasons.getValues());
}
}
}
}
Also used :
ScaleAttribute(com.tremolosecurity.scalejs.cfg.ScaleAttribute)
ApplicationType(com.tremolosecurity.config.xml.ApplicationType)
Attribute(com.tremolosecurity.saml.Attribute)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
ScaleAttribute(com.tremolosecurity.scalejs.cfg.ScaleAttribute)
HashMap(java.util.HashMap)
NVP(com.tremolosecurity.util.NVP)
XSSFRichTextString(org.apache.poi.xssf.usermodel.XSSFRichTextString)
RichTextString(org.apache.poi.ss.usermodel.RichTextString)
UiDecisions(com.tremolosecurity.scalejs.sdk.UiDecisions)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
LDAPException(com.novell.ldap.LDAPException)
SQLException(java.sql.SQLException)
IOException(java.io.IOException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
MalformedURLException(java.net.MalformedURLException)
ScaleConfig(com.tremolosecurity.scalejs.cfg.ScaleConfig)
Example 7 with ApplicationType
use of com.tremolosecurity.config.xml.ApplicationType in project OpenUnison by TremoloSecurity.
the class ScaleJSOperator method initFilter.
@Override
public void initFilter(HttpFilterConfig config) throws Exception {
this.config = new OperatorsConfig();
Attribute bases = config.getAttribute("bases");
if (bases == null) {
throw new Exception("bases not set");
}
for (String base : bases.getValues()) {
String desc = base.substring(0, base.indexOf('='));
String ldap = base.substring(base.indexOf('=') + 1);
this.config.getBaseLabelToDN().put(desc, ldap);
this.config.getSearchBases().add(desc);
}
Attribute attr = config.getAttribute("searchableAttributes");
if (attr == null) {
throw new Exception("searchableAttributes not found");
}
for (String searchable : attr.getValues()) {
String name = searchable.substring(0, searchable.indexOf('='));
String label = searchable.substring(searchable.indexOf('=') + 1);
this.config.getSearchableAttributes().add(new AttributeConfig(name, label, ""));
}
attr = config.getAttribute("resultAttributes");
if (attr == null) {
throw new Exception("resultAttributes not found");
}
for (String resultAttr : attr.getValues()) {
String name = resultAttr.substring(0, resultAttr.indexOf('='));
String label = resultAttr.substring(resultAttr.indexOf('=') + 1);
this.config.getResultsAttributes().add(new AttributeConfig(name, label, ""));
}
this.config.setScaleJsMainUri(this.loadAttributeValue("scaleMainURI", "Scale Main URI", config));
this.config.setHomeUrl(this.loadAttributeValue("homeUrl", "Home URL", config));
this.scalejsAppName = this.loadAttributeValue("scaleMainAppName", "Scale Main Application", config);
ApplicationType app = null;
for (ApplicationType at : config.getConfigManager().getCfg().getApplications().getApplication()) {
if (at.getName().equalsIgnoreCase(scalejsAppName)) {
app = at;
}
}
if (app == null) {
throw new Exception(scalejsAppName + " does not exist");
}
for (UrlType url : app.getUrls().getUrl()) {
if (url.getUri().equalsIgnoreCase(this.config.getScaleJsMainUri())) {
this.scaleJsUrl = url;
}
}
if (this.scaleJsUrl == null) {
throw new Exception("Could not find url for ScaleJS Main");
}
this.scaleMainURL = "https://" + this.scaleJsUrl.getHost().get(0) + this.scaleJsUrl.getUri();
HashMap<String, Attribute> decCfg = new HashMap<String, Attribute>();
for (FilterConfigType filter : this.scaleJsUrl.getFilterChain().getFilter()) {
if (filter.getClazz().equalsIgnoreCase("com.tremolosecurity.scalejs.ws.ScaleMain")) {
for (ParamWithValueType pt : filter.getParam()) {
if (pt.getName().equalsIgnoreCase("uiHelperClassName")) {
this.dec = (UiDecisions) Class.forName(pt.getValue()).newInstance();
} else if (pt.getName().equalsIgnoreCase("uihelper.params")) {
String v = pt.getValue();
String name = v.substring(0, v.indexOf('='));
String value = v.substring(v.indexOf('=') + 1);
Attribute param = decCfg.get(name);
if (param == null) {
param = new Attribute(name);
decCfg.put(name, param);
}
param.getValues().add(value);
}
}
}
}
if (this.dec != null) {
this.dec.init(decCfg);
}
}
Also used :
ApplicationType(com.tremolosecurity.config.xml.ApplicationType)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
Attribute(com.tremolosecurity.saml.Attribute)
HashMap(java.util.HashMap)
FilterConfigType(com.tremolosecurity.config.xml.FilterConfigType)
OperatorsConfig(com.tremolosecurity.scalejs.operators.config.OperatorsConfig)
ParamWithValueType(com.tremolosecurity.config.xml.ParamWithValueType)
AttributeConfig(com.tremolosecurity.scalejs.operators.config.AttributeConfig)
UrlType(com.tremolosecurity.config.xml.UrlType)
LDAPException(com.novell.ldap.LDAPException)
IOException(java.io.IOException)
Example 8 with ApplicationType
use of com.tremolosecurity.config.xml.ApplicationType in project OpenUnison by TremoloSecurity.
the class SessionTimeoutChecker method locateSession.
private HttpSession locateSession(UrlHolder holder, HttpServletRequest request, ServletContext ctx, String cookieName, HttpServletResponse resp) throws Exception {
Cookie sessionCookie = null;
Cookie[] cookies = request.getCookies();
if (cookies != null) {
for (int i = 0; i < cookies.length; i++) {
Cookie cookie = cookies[i];
if (cookie.getName().equalsIgnoreCase(cookieName)) {
sessionCookie = cookie;
break;
}
}
}
ConfigManager cfg = (ConfigManager) ctx.getAttribute(ProxyConstants.TREMOLO_CONFIG);
ApplicationType app;
if (holder != null) {
app = holder.getApp();
} else {
app = null;
String appName = null;
if (cookies != null) {
for (int i = 0; i < cookies.length; i++) {
if (cookies[i].getName().equals("autoIdmAppName")) {
appName = URLDecoder.decode(cookies[i].getValue(), "UTF-8");
break;
}
}
}
if (appName == null) {
// TODO create open session
if (cookies != null) {
for (int i = 0; i < cookies.length; i++) {
if (cookies[i].getName().equals(cfg.getCfg().getApplications().getOpenSessionCookieName())) {
String sessionID = cookies[i].getValue();
TremoloHttpSession tsession = this.sessions.get(sessionID);
// TODO add timeouts
if (tsession == null) {
return this.createOpenSession(request, resp, ctx);
} else {
return tsession;
}
}
}
}
return createOpenSession(request, resp, ctx);
} else {
app = cfg.getApp(appName);
if (app == null) {
throw new Exception("No application named '" + appName + "' found");
}
}
}
SecretKey encKey = cfg.getSecretKey(app.getCookieConfig().getKeyAlias());
if (sessionCookie == null) {
// if (tsession != null) tsession.invalidate();
return createSession(app, request, resp, ctx, encKey);
} else {
HttpSession session = null;
try {
try {
TremoloHttpSession tsession = findSessionFromCookie(sessionCookie, encKey, this);
if (tsession == null) {
return createSession(app, request, resp, ctx, encKey);
}
String fromSessionID = (String) tsession.getAttribute(OpenUnisonConstants.TREMOLO_SESSION_ID);
if (app.getCookieConfig().getTimeout() > 0) {
if (logger.isDebugEnabled()) {
logger.debug("Application - '" + tsession.getAppName() + "' - Timeout greater then 0");
}
ExternalSessionExpires extSession = (ExternalSessionExpires) tsession.getAttribute(SessionManagerImpl.TREMOLO_EXTERNAL_SESSION);
if (extSession != null) {
if (logger.isDebugEnabled()) {
logger.debug("Application - '" + tsession.getAppName() + "' - External session");
}
DateTime now = new DateTime();
DateTime lastAccessed = (DateTime) tsession.getAttribute(SessionManagerImpl.TREMOLO_SESSION_LAST_ACCESSED);
if (logger.isDebugEnabled()) {
logger.debug("Application - '" + tsession.getAppName() + "' - now='" + now + "' ext expires='" + extSession.getExpires() + "' expired='" + (extSession.getExpires() < now.getMillis()) + "'");
logger.debug("Application - '" + tsession.getAppName() + "' - now='" + now + "' expires='" + lastAccessed + "' expired='" + (now.minusSeconds(app.getCookieConfig().getTimeout()).isAfter(lastAccessed)) + "'");
}
if ((extSession.getExpires() < now.getMillis()) && (now.minusSeconds(app.getCookieConfig().getTimeout()).isAfter(lastAccessed))) {
if (logger.isDebugEnabled()) {
logger.debug("Application - '" + tsession.getAppName() + "' - Invalidating and creating");
}
// external session has expired, create a new one
tsession.invalidate();
return createSession(app, request, resp, ctx, encKey);
} else {
if (logger.isDebugEnabled()) {
logger.debug("Application - '" + tsession.getAppName() + "' - Session OK");
}
tsession.setAttribute(SessionManagerImpl.TREMOLO_SESSION_LAST_ACCESSED, now);
session = tsession;
}
} else {
if (logger.isDebugEnabled()) {
logger.debug("Application - '" + tsession.getAppName() + "' - Not external session");
}
DateTime lastAccessed = (DateTime) tsession.getAttribute(SessionManagerImpl.TREMOLO_SESSION_LAST_ACCESSED);
DateTime now = new DateTime();
if (logger.isDebugEnabled()) {
logger.debug("Application - '" + tsession.getAppName() + "' - now='" + now + "' expires='" + lastAccessed + "' expired='" + (now.minusSeconds(app.getCookieConfig().getTimeout()).isAfter(lastAccessed)) + "'");
}
if (now.minusSeconds(app.getCookieConfig().getTimeout()).isAfter(lastAccessed)) {
if (logger.isDebugEnabled()) {
logger.debug("Application - '" + tsession.getAppName() + "' - Invalidating sesssion and recreating");
}
tsession.invalidate();
return createSession(app, request, resp, ctx, encKey);
} else {
if (logger.isDebugEnabled()) {
logger.debug("Application - '" + tsession.getAppName() + "' - Session OK");
}
tsession.setAttribute(SessionManagerImpl.TREMOLO_SESSION_LAST_ACCESSED, now);
session = tsession;
}
}
} else {
session = tsession;
}
} catch (Exception e) {
if (logger.isDebugEnabled()) {
logger.debug("Exception loading session", e);
}
return createSession(app, request, resp, ctx, encKey);
}
// this.sessions.put(session.getSessionID(), key);
// }
} catch (Exception e) {
logger.error("Error generating session", e);
}
if (session == null) {
// session.invalidate();
return createSession(app, request, resp, ctx, encKey);
}
return session;
}
}
Also used :
Cookie(javax.servlet.http.Cookie)
ApplicationType(com.tremolosecurity.config.xml.ApplicationType)
SecretKey(javax.crypto.SecretKey)
HttpSession(javax.servlet.http.HttpSession)
ConfigManager(com.tremolosecurity.config.util.ConfigManager)
ServletException(javax.servlet.ServletException)
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
NoSuchPaddingException(javax.crypto.NoSuchPaddingException)
IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException)
IOException(java.io.IOException)
BadPaddingException(javax.crypto.BadPaddingException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeyException(java.security.InvalidKeyException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
DateTime(org.joda.time.DateTime)
Example 9 with ApplicationType
use of com.tremolosecurity.config.xml.ApplicationType in project OpenUnison by TremoloSecurity.
the class SessionTimeoutChecker method run.
@Override
public void run() {
while (stillRun) {
try {
ArrayList<String> toremove = new ArrayList<String>();
Set<String> keys = new HashSet<String>();
synchronized (this.sessionMgr.getSessions()) {
keys.addAll(this.sessionMgr.getSessions().keySet());
}
for (String key : keys) {
TremoloHttpSession session = this.sessionMgr.getSessions().get(key);
if (session == null) {
continue;
}
ApplicationType app = cfg.getApp(session.getAppName());
if (session.isOpen()) {
if (cfg.getCfg().getApplications().getOpenSessionTimeout() > 0) {
ExternalSessionExpires extSession = (ExternalSessionExpires) session.getAttribute(SessionManagerImpl.TREMOLO_EXTERNAL_SESSION);
if (extSession != null) {
if (extSession.getExpires() < System.currentTimeMillis()) {
session.invalidate();
toremove.add(key);
}
} else {
DateTime lastAccessed = (DateTime) session.getAttribute(SessionManagerImpl.TREMOLO_SESSION_LAST_ACCESSED);
if (lastAccessed == null) {
lastAccessed = new DateTime(session.getCreationTime());
}
DateTime now = new DateTime();
if (now.minusSeconds(cfg.getCfg().getApplications().getOpenSessionTimeout()).isAfter(lastAccessed)) {
session.invalidate();
toremove.add(key);
}
}
}
} else {
if (app == null) {
StringBuffer b = new StringBuffer();
b.append("Session ").append(session.getId()).append(" application ").append(session.getAppName()).append(" does not exist, invalidating");
SessionManagerImpl.logger.warn(b.toString());
toremove.add(key);
session.invalidate();
} else {
if (app.getCookieConfig().getTimeout() > 0) {
ExternalSessionExpires extSession = (ExternalSessionExpires) session.getAttribute(SessionManagerImpl.TREMOLO_EXTERNAL_SESSION);
if (extSession != null) {
DateTime lastAccessed = (DateTime) session.getAttribute(SessionManagerImpl.TREMOLO_SESSION_LAST_ACCESSED);
DateTime now = new DateTime();
if ((extSession.getExpires() < System.currentTimeMillis()) && (now.minusSeconds(app.getCookieConfig().getTimeout()).isAfter(lastAccessed))) {
session.invalidate();
toremove.add(key);
}
} else {
DateTime lastAccessed = (DateTime) session.getAttribute(SessionManagerImpl.TREMOLO_SESSION_LAST_ACCESSED);
if (lastAccessed == null) {
lastAccessed = new DateTime(session.getCreationTime());
}
DateTime now = new DateTime();
if (now.minusSeconds(app.getCookieConfig().getTimeout()).isAfter(lastAccessed)) {
session.invalidate();
toremove.add(key);
}
}
}
}
}
}
synchronized (this.sessionMgr.getSessions()) {
StringBuffer b = new StringBuffer();
b.append("Clearing ").append(toremove.size()).append(" sessions");
SessionManagerImpl.logger.warn(b.toString());
for (String key : toremove) {
this.sessionMgr.getSessions().remove(key);
}
}
try {
Thread.sleep(60000);
} catch (InterruptedException e) {
}
} catch (Throwable t) {
SessionManagerImpl.logger.warn("Exception while processing expired sessions", t);
try {
Thread.sleep(60000);
} catch (InterruptedException e) {
}
}
}
}
Also used :
ApplicationType(com.tremolosecurity.config.xml.ApplicationType)
ArrayList(java.util.ArrayList)
DateTime(org.joda.time.DateTime)
HashSet(java.util.HashSet)
Example 10 with ApplicationType
use of com.tremolosecurity.config.xml.ApplicationType in project OpenUnison by TremoloSecurity.
the class AuthorizationAuthMech method init.
@Override
public void init(ServletContext ctx, HashMap<String, Attribute> init) {
this.azSys = new AzSys();
this.at = new ApplicationType();
this.at.setAzTimeoutMillis(3000L);
}
Also used :
ApplicationType(com.tremolosecurity.config.xml.ApplicationType)
Aggregations
ApplicationType (com.tremolosecurity.config.xml.ApplicationType)16
IOException (java.io.IOException)6
ParamType (com.tremolosecurity.config.xml.ParamType)5
ArrayList (java.util.ArrayList)5
HashMap (java.util.HashMap)5
ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)4
Attribute (com.tremolosecurity.saml.Attribute)4
ServletException (javax.servlet.ServletException)4
AuthMechParamType (com.tremolosecurity.config.xml.AuthMechParamType)3
FilterConfigType (com.tremolosecurity.config.xml.FilterConfigType)3
ParamWithValueType (com.tremolosecurity.config.xml.ParamWithValueType)3
TrustType (com.tremolosecurity.config.xml.TrustType)3
UrlType (com.tremolosecurity.config.xml.UrlType)3
LDAPAttribute (com.novell.ldap.LDAPAttribute)2
LDAPException (com.novell.ldap.LDAPException)2
AuthChainType (com.tremolosecurity.config.xml.AuthChainType)2
CustomAzRuleType (com.tremolosecurity.config.xml.CustomAzRuleType)2
UnsupportedEncodingException (java.io.UnsupportedEncodingException)2
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2
DateTime (org.joda.time.DateTime)2
