Examples with AuthChainType com.tremolosecurity.config.xml.AuthChainType used on opensource projects
Example 36 with AuthChainType
use of com.tremolosecurity.config.xml.AuthChainType in project OpenUnison by TremoloSecurity.
the class SecretQuestionAuth method doGet.
@Override
public void doGet(HttpServletRequest request, HttpServletResponse response, AuthStep as) throws IOException, ServletException {
HttpSession session = ((HttpServletRequest) request).getSession();
HashMap<String, Attribute> authParams = (HashMap<String, Attribute>) session.getAttribute(ProxyConstants.AUTH_MECH_PARAMS);
UrlHolder holder = (UrlHolder) request.getAttribute(ProxyConstants.AUTOIDM_CFG);
RequestHolder reqHolder = ((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).getHolder();
String urlChain = holder.getUrl().getAuthChain();
AuthChainType act = holder.getConfig().getAuthChains().get(reqHolder.getAuthChainName());
AuthMechType amt = act.getAuthMech().get(as.getId());
AuthInfo user = ((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
if (user == null) {
throw new ServletException("No user present");
}
String questionAttrName = authParams.get("questionAttr").getValues().get(0);
String loginForm = authParams.get("loginForm").getValues().get(0);
Attribute qAttr = user.getAttribs().get(questionAttrName);
if (qAttr == null) {
throw new ServletException("User " + user.getUserDN() + " does not have secret questions");
}
byte[] encBytes = org.bouncycastle.util.encoders.Base64.decode(qAttr.getValues().get(0));
ByteArrayInputStream bais = new ByteArrayInputStream(encBytes);
ObjectInputStream ois = new ObjectInputStream(bais);
ArrayList<SecretQuestion> questions = null;
try {
questions = (ArrayList<SecretQuestion>) ois.readObject();
} catch (ClassNotFoundException e) {
throw new ServletException("Could not load questions", e);
}
request.getSession(true).setAttribute("TREMOLO_SECRET_ANSWERS", questions);
request.setAttribute("TREMOLO_SECRET_QUESTIONS", questions);
request.setAttribute("TREMOLO_SECRET_QUESTION_LIST", this.questionList);
request.getRequestDispatcher(loginForm).forward(request, response);
}
Also used :
AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo)
Attribute(com.tremolosecurity.saml.Attribute)
HashMap(java.util.HashMap)
HttpSession(javax.servlet.http.HttpSession)
AuthMechType(com.tremolosecurity.config.xml.AuthMechType)
RequestHolder(com.tremolosecurity.proxy.auth.RequestHolder)
AuthController(com.tremolosecurity.proxy.auth.AuthController)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
UrlHolder(com.tremolosecurity.config.util.UrlHolder)
ServletException(javax.servlet.ServletException)
ByteArrayInputStream(java.io.ByteArrayInputStream)
AuthChainType(com.tremolosecurity.config.xml.AuthChainType)
ObjectInputStream(java.io.ObjectInputStream)
Example 37 with AuthChainType
use of com.tremolosecurity.config.xml.AuthChainType in project OpenUnison by TremoloSecurity.
the class UserOnlyAuthMech method doPost.
@Override
public void doPost(HttpServletRequest req, HttpServletResponse resp, AuthStep as) throws ServletException, IOException {
MyVDConnection myvd = cfgMgr.getMyVD();
// HttpSession session = (HttpSession) req.getAttribute(ConfigFilter.AUTOIDM_SESSION);//((HttpServletRequest) req).getSession(); //SharedSession.getSharedSession().getSession(req.getSession().getId());
// SharedSession.getSharedSession().getSession(req.getSession().getId());
HttpSession session = ((HttpServletRequest) req).getSession();
UrlHolder holder = (UrlHolder) req.getAttribute(ProxyConstants.AUTOIDM_CFG);
RequestHolder reqHolder = ((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).getHolder();
HashMap<String, Attribute> authParams = (HashMap<String, Attribute>) session.getAttribute(ProxyConstants.AUTH_MECH_PARAMS);
String uidAttr = "uid";
if (authParams.get("uidAttr") != null) {
uidAttr = authParams.get("uidAttr").getValues().get(0);
}
boolean uidIsFilter = false;
if (authParams.get("uidIsFilter") != null) {
uidIsFilter = authParams.get("uidIsFilter").getValues().get(0).equalsIgnoreCase("true");
}
String noUserJSP = authParams.get("noUserJSP").getValues().get(0);
String filter = "";
if (uidIsFilter) {
StringBuffer b = new StringBuffer();
int lastIndex = 0;
int index = uidAttr.indexOf('$');
while (index >= 0) {
b.append(uidAttr.substring(lastIndex, index));
lastIndex = uidAttr.indexOf('}', index) + 1;
String reqName = uidAttr.substring(index + 2, lastIndex - 1);
b.append(req.getParameter(reqName));
index = uidAttr.indexOf('$', index + 1);
}
b.append(uidAttr.substring(lastIndex));
filter = b.toString();
} else {
StringBuffer b = new StringBuffer();
b.append("(").append(uidAttr).append("=").append(req.getParameter("user")).append(")");
filter = b.toString();
}
String urlChain = holder.getUrl().getAuthChain();
AuthChainType act = holder.getConfig().getAuthChains().get(reqHolder.getAuthChainName());
AuthMechType amt = act.getAuthMech().get(as.getId());
try {
LDAPSearchResults res = myvd.search(AuthUtil.getChainRoot(cfgMgr, act), 2, filter, new ArrayList<String>());
if (res.hasMore()) {
LDAPEntry entry = res.next();
Iterator<LDAPAttribute> it = entry.getAttributeSet().iterator();
AuthInfo authInfo = new AuthInfo(entry.getDN(), (String) session.getAttribute(ProxyConstants.AUTH_MECH_NAME), act.getName(), act.getLevel());
((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).setAuthInfo(authInfo);
while (it.hasNext()) {
LDAPAttribute attrib = it.next();
Attribute attr = new Attribute(attrib.getName());
String[] vals = attrib.getStringValueArray();
for (int i = 0; i < vals.length; i++) {
attr.getValues().add(vals[i]);
}
authInfo.getAttribs().put(attr.getName(), attr);
}
as.setSuccess(true);
} else {
as.setSuccess(false);
resp.sendRedirect(noUserJSP);
return;
}
} catch (LDAPException e) {
logger.error("Could not find user", e);
as.setSuccess(false);
resp.sendRedirect(noUserJSP);
return;
}
String redirectToURL = req.getParameter("target");
if (redirectToURL != null && !redirectToURL.isEmpty()) {
reqHolder.setURL(redirectToURL);
}
holder.getConfig().getAuthManager().nextAuth(req, resp, session, false);
}
Also used :
LDAPAttribute(com.novell.ldap.LDAPAttribute)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
HashMap(java.util.HashMap)
TremoloHttpSession(com.tremolosecurity.proxy.TremoloHttpSession)
HttpSession(javax.servlet.http.HttpSession)
AuthMechType(com.tremolosecurity.config.xml.AuthMechType)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
UrlHolder(com.tremolosecurity.config.util.UrlHolder)
LDAPEntry(com.novell.ldap.LDAPEntry)
LDAPSearchResults(com.novell.ldap.LDAPSearchResults)
LDAPException(com.novell.ldap.LDAPException)
AuthChainType(com.tremolosecurity.config.xml.AuthChainType)
MyVDConnection(com.tremolosecurity.proxy.myvd.MyVDConnection)
Example 38 with AuthChainType
use of com.tremolosecurity.config.xml.AuthChainType in project OpenUnison by TremoloSecurity.
the class AuthManagerImpl method buildACT.
public static AuthChainType buildACT(AuthChainType origChain, ConfigManager cfg) {
AuthChainType newAct = new AuthChainType();
newAct.setCompliance(origChain.getCompliance());
newAct.setFinishOnRequiredSucess(origChain.isFinishOnRequiredSucess());
newAct.setLevel(origChain.getLevel());
newAct.setName(origChain.getName());
newAct.setRoot(origChain.getRoot());
newAct.getAuthMech().addAll(buildMechList(origChain.getAuthMech(), cfg));
newAct.setFinishOnRequiredSucess(origChain.isFinishOnRequiredSucess());
return newAct;
}
Also used :
AuthChainType(com.tremolosecurity.config.xml.AuthChainType)
Example 39 with AuthChainType
use of com.tremolosecurity.config.xml.AuthChainType in project OpenUnison by TremoloSecurity.
the class OpenUnisonUtils method loadChainType.
private static AuthChainType loadChainType(String chainName, TremoloType tt) {
for (AuthChainType act : tt.getAuthChains().getChain()) {
if (act.getName().equalsIgnoreCase(chainName)) {
return act;
}
}
System.err.println("Unable to find '" + chainName + "'");
System.exit(1);
return null;
}
Also used :
AuthChainType(com.tremolosecurity.config.xml.AuthChainType)
Example 40 with AuthChainType
use of com.tremolosecurity.config.xml.AuthChainType in project OpenUnison by TremoloSecurity.
the class ConfigSys method doConfig.
/* (non-Javadoc)
* @see com.tremolosecurity.proxy.ConfigSys#doConfig(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, com.tremolosecurity.proxy.util.NextSys)
*/
public void doConfig(HttpServletRequest req, HttpServletResponse resp, NextSys nextSys) throws IOException, ServletException {
UrlHolder holder = null;
AuthInfo userAuth = null;
try {
SessionManager sessionManager = (SessionManager) this.ctx.getAttribute(ProxyConstants.TREMOLO_SESSION_MANAGER);
boolean setSessionCookie = false;
boolean checkLogout = false;
RequestHolder reqHolder = (RequestHolder) req.getAttribute(ProxyConstants.TREMOLO_REQ_HOLDER);
holder = (UrlHolder) req.getAttribute(ProxyConstants.AUTOIDM_CFG);
boolean isForcedAuth = req.getAttribute(ProxyConstants.TREMOLO_IS_FORCED_AUTH) != null ? (Boolean) req.getAttribute(ProxyConstants.TREMOLO_IS_FORCED_AUTH) : false;
checkLogout = true;
StringBuffer resetsb = new StringBuffer(cfg.getAuthPath()).append("resetChain");
HttpSession sharedSession = req.getSession();
if (sharedSession != null) {
AuthController actl = (AuthController) sharedSession.getAttribute(ProxyConstants.AUTH_CTL);
if (actl != null && actl.getHolder() != null) {
RequestHolder presentHolder = actl.getHolder();
AuthInfo authdata = actl.getAuthInfo();
userAuth = authdata;
if (!req.getRequestURI().startsWith(cfg.getAuthPath()) && /*&& ! presentHolder.getUrlNoQueryString().equalsIgnoreCase(req.getRequestURL().toString())*/
(authdata == null || !authdata.isAuthComplete())) {
// we're going to ignore requests for favicon.ico
if (!req.getRequestURI().endsWith("/favicon.ico") && !req.getRequestURI().endsWith("/apple-touch-icon-precomposed.png") && !req.getRequestURI().endsWith("/apple-touch-icon.png")) {
sharedSession.removeAttribute(ProxyConstants.AUTH_CTL);
this.cfg.createAnonUser(sharedSession);
}
} else if (req.getRequestURI().equalsIgnoreCase(resetsb.toString())) {
sharedSession.removeAttribute("TREMOLO_AUTH_URI");
for (AuthStep step : actl.getAuthSteps()) {
step.setExecuted(false);
step.setSuccess(false);
}
actl.setCurrentStep(actl.getAuthSteps().get(0));
String chainName = holder.getUrl().getAuthChain();
AuthChainType chain = cfg.getAuthChains().get(chainName);
String mech = chain.getAuthMech().get(0).getName();
String uri = cfg.getAuthMechs().get(mech).getUri();
holder.getConfig().getAuthManager().loadAmtParams(sharedSession, chain.getAuthMech().get(0));
String redirectURI = "";
if (holder.getConfig().getContextPath().equalsIgnoreCase("/")) {
redirectURI = uri;
} else {
redirectURI = new StringBuffer().append(holder.getConfig().getContextPath()).append(uri).toString();
}
sharedSession.setAttribute("TREMOLO_AUTH_URI", redirectURI);
resp.sendRedirect(redirectURI);
return;
}
}
if (isForcedAuth) {
actl.setHolder(reqHolder);
String authChain = holder.getUrl().getAuthChain();
AuthChainType act = cfg.getAuthChains().get(authChain);
holder.getConfig().getAuthManager().loadAmtParams(sharedSession, act.getAuthMech().get(0));
}
}
if (holder == null) {
if (req.getRequestURI().startsWith(cfg.getAuthPath())) {
req.setAttribute(ProxyConstants.AUTOIDM_MYVD, cfg.getMyVD());
ProxyResponse presp = new ProxyResponse((HttpServletResponse) resp, (HttpServletRequest) req);
// we still need a holder
/*AuthController actl = (AuthController) sharedSession.getAttribute(AuthSys.AUTH_CTL);
if (actl != null) {
holder = cfg.findURL(actl.getHolder().getUrlNoQueryString());
req.setAttribute(ConfigSys.AUTOIDM_CFG, holder);
} else {*/
AuthMechanism authMech = cfg.getAuthMech(((HttpServletRequest) req).getRequestURI());
if (authMech != null) {
String finalURL = authMech.getFinalURL(req, resp);
if (finalURL != null) {
holder = cfg.findURL(finalURL);
} else {
// throw new ServletException("Can not generate holder");
}
} else {
// throw new ServletException("Can not generate holder");
}
// no holder should be needed beyond this point
// }
/*
String urlChain = holder.getUrl().getAuthChain();
AuthChainType act = holder.getConfig().getAuthChains().get(urlChain);
HashMap<String,Attribute> params = new HashMap<String,Attribute>();
ProxyUtil.loadParams(req, params);
reqHolder = new RequestHolder(HTTPMethod.GET,params,finalURL,true,act.getName());
isForcedAuth = true;
req.setAttribute(ConfigSys.AUTOIDM_CFG, holder);
String chainName = holder.getUrl().getAuthChain();
AuthChainType chain = cfg.getAuthChains().get(chainName);
String mech = chain.getAuthMech().get(0).getName();
String uri = cfg.getAuthMechs().get(mech).getUri();
AuthSys.loadAmtParams(sharedSession, chain.getAuthMech().get(0));
}
}
if (holder == null) {
resp.setStatus(HttpServletResponse.SC_NOT_FOUND);
AccessLog.log(AccessEvent.NotFound, null, req, null, "Resource Not Found");
return;
}*/
nextSys.nextSys(req, presp);
presp.pushHeadersAndCookies(null);
} else {
String redirectLocation = cfg.getErrorPages().get(HttpServletResponse.SC_NOT_FOUND);
if (redirectLocation != null) {
resp.sendRedirect(redirectLocation);
} else {
resp.setStatus(HttpServletResponse.SC_NOT_FOUND);
}
AccessLog.log(AccessEvent.NotFound, null, req, null, "Resource Not Found");
}
} else {
req.setAttribute(ProxyConstants.AUTOIDM_CFG, holder);
req.setAttribute(ProxyConstants.AUTOIDM_MYVD, cfg.getMyVD());
ProxyResponse presp = new ProxyResponse((HttpServletResponse) resp, (HttpServletRequest) req);
ProxyData pd = null;
try {
nextSys.nextSys(req, presp);
pd = (ProxyData) req.getAttribute(ProxyConstants.TREMOLO_PRXY_DATA);
if (holder.getApp().getCookieConfig() != null) {
String logouturi = holder.getApp().getCookieConfig().getLogoutURI();
AuthController actl = (AuthController) sharedSession.getAttribute(ProxyConstants.AUTH_CTL);
if (actl != null) {
AuthInfo authdata = actl.getAuthInfo();
userAuth = authdata;
if ((req.getRequestURI().equalsIgnoreCase(logouturi) || (pd != null && pd.isLogout())) && (authdata != null)) {
// Execute logout handlers
ArrayList<LogoutHandler> logoutHandlers = (ArrayList<LogoutHandler>) sharedSession.getAttribute(LogoutUtil.LOGOUT_HANDLERS);
if (logoutHandlers != null) {
for (LogoutHandler h : logoutHandlers) {
h.handleLogout(req, presp);
}
}
sessionManager.clearSession(holder, sharedSession, (HttpServletRequest) req, (HttpServletResponse) resp);
}
}
}
presp.pushHeadersAndCookies(holder);
if (pd != null && pd.getIns() != null) {
if (pd.getResponse() == null) {
this.procData(pd.getRequest(), resp, holder, pd.isText(), pd.getIns(), sessionManager);
} else {
this.procData(pd.getRequest(), pd.getResponse(), holder, pd.isText(), pd.getIns(), pd.getPostProc(), sessionManager);
}
}
} finally {
if (pd != null && pd.getHttpRequestBase() != null) {
pd.getHttpRequestBase().releaseConnection();
if (!resp.isCommitted()) {
resp.getOutputStream().flush();
resp.getOutputStream().close();
}
}
}
}
} catch (Exception e) {
ApplicationType appType = null;
if (holder != null) {
appType = holder.getApp();
} else {
appType = new ApplicationType();
appType.setName("UNKNOWN");
}
AccessLog.log(AccessEvent.Error, appType, (HttpServletRequest) req, userAuth, "NONE");
req.setAttribute("TREMOLO_ERROR_REQUEST_URL", req.getRequestURL().toString());
req.setAttribute("TREMOLO_ERROR_EXCEPTION", e);
logger.error("Could not process request", e);
String redirectLocation = cfg.getErrorPages().get(500);
if (redirectLocation != null) {
resp.sendRedirect(redirectLocation);
} else {
StringBuffer b = new StringBuffer();
b.append(cfg.getAuthFormsPath()).append("error.jsp");
resp.setStatus(500);
req.getRequestDispatcher(b.toString()).forward(req, resp);
}
}
}
Also used :
AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo)
HttpSession(javax.servlet.http.HttpSession)
ArrayList(java.util.ArrayList)
RequestHolder(com.tremolosecurity.proxy.auth.RequestHolder)
AuthStep(com.tremolosecurity.proxy.auth.util.AuthStep)
AuthController(com.tremolosecurity.proxy.auth.AuthController)
ServletException(javax.servlet.ServletException)
SocketException(java.net.SocketException)
IOException(java.io.IOException)
ConnectionClosedException(org.apache.http.ConnectionClosedException)
UrlHolder(com.tremolosecurity.config.util.UrlHolder)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ApplicationType(com.tremolosecurity.config.xml.ApplicationType)
AuthMechanism(com.tremolosecurity.proxy.auth.AuthMechanism)
LogoutHandler(com.tremolosecurity.proxy.logout.LogoutHandler)
AuthChainType(com.tremolosecurity.config.xml.AuthChainType)
Aggregations
AuthChainType (com.tremolosecurity.config.xml.AuthChainType)52
UrlHolder (com.tremolosecurity.config.util.UrlHolder)34
AuthMechType (com.tremolosecurity.config.xml.AuthMechType)34
HttpSession (javax.servlet.http.HttpSession)33
HashMap (java.util.HashMap)32
ServletException (javax.servlet.ServletException)32
Attribute (com.tremolosecurity.saml.Attribute)28
HttpServletRequest (javax.servlet.http.HttpServletRequest)28
IOException (java.io.IOException)21
AuthController (com.tremolosecurity.proxy.auth.AuthController)19
LDAPException (com.novell.ldap.LDAPException)18
LDAPAttribute (com.novell.ldap.LDAPAttribute)17
AuthInfo (com.tremolosecurity.proxy.auth.AuthInfo)14
RequestHolder (com.tremolosecurity.proxy.auth.RequestHolder)13
ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)12
MalformedURLException (java.net.MalformedURLException)10
LDAPSearchResults (com.novell.ldap.LDAPSearchResults)9
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)9
ArrayList (java.util.ArrayList)9
LDAPEntry (com.novell.ldap.LDAPEntry)8
