Examples with AuthChainType com.tremolosecurity.config.xml.AuthChainType used on opensource projects
Example 41 with AuthChainType
use of com.tremolosecurity.config.xml.AuthChainType in project OpenUnison by TremoloSecurity.
the class AuthSys method doAuth.
// public static final String AUTH_DATA = "AUTO_IDM_AUTH_DATA";
// public static final String AUTH_STEPS = "TREMOLO_AUTH_STEPS";
// public static final String AUTH_CURR_STEP = "TREMOLO_CUR_STEP";
/* (non-Javadoc)
* @see com.tremolosecurity.proxy.auth.AuthSys#doAuth(javax.servlet.ServletRequest, javax.servlet.ServletResponse, com.tremolosecurity.proxy.util.NextSys)
*/
public void doAuth(ServletRequest req, ServletResponse resp, NextSys next) throws IOException, ServletException {
req.setAttribute(AuthManager.NEXT_SYS, next);
ConfigManager cfg = (ConfigManager) req.getAttribute(ProxyConstants.TREMOLO_CFG_OBJ);
if (((HttpServletRequest) req).getRequestURI().startsWith(cfg.getAuthPath())) {
next.nextSys((HttpServletRequest) req, (HttpServletResponse) resp);
return;
}
HttpSession session = ((HttpServletRequest) req).getSession();
AuthController actl = (AuthController) session.getAttribute(ProxyConstants.AUTH_CTL);
UrlHolder holder = (UrlHolder) req.getAttribute(ProxyConstants.AUTOIDM_CFG);
String urlChain = holder.getUrl().getAuthChain();
AuthChainType act = holder.getConfig().getAuthChains().get(urlChain);
if (urlChain == null) {
// chain.doFilter(req, resp);
next.nextSys((HttpServletRequest) req, (HttpServletResponse) resp);
return;
}
AuthInfo authData = actl.getAuthInfo();
if (authData == null || !authData.isAuthComplete()) {
if (cfg.getAuthManager().nextAuth((HttpServletRequest) req, (HttpServletResponse) resp, session, false, next)) {
next.nextSys((HttpServletRequest) req, (HttpServletResponse) resp);
}
} else {
boolean mustFail = false;
if (act == null) {
StringBuilder sb = new StringBuilder().append("Authentication chain '").append(urlChain).append("' does not exist. All authentication requests will fail");
logger.warn(sb.toString());
act = cfg.getAuthFailChain();
mustFail = true;
}
if (authData.getAuthLevel() < act.getLevel() || mustFail) {
// step up authentication, clear existing auth data
session.removeAttribute(ProxyConstants.AUTH_CTL);
holder.getConfig().createAnonUser(session);
cfg.getAuthManager().nextAuth((HttpServletRequest) req, (HttpServletResponse) resp, session, false, next);
} else {
// chain.doFilter(req, resp);
next.nextSys((HttpServletRequest) req, (HttpServletResponse) resp);
}
}
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
UrlHolder(com.tremolosecurity.config.util.UrlHolder)
TremoloHttpSession(com.tremolosecurity.proxy.TremoloHttpSession)
HttpSession(javax.servlet.http.HttpSession)
AuthChainType(com.tremolosecurity.config.xml.AuthChainType)
ConfigManager(com.tremolosecurity.config.util.ConfigManager)
Example 42 with AuthChainType
use of com.tremolosecurity.config.xml.AuthChainType in project OpenUnison by TremoloSecurity.
the class UnisonConfigManagerImpl method initialize.
/* (non-Javadoc)
* @see com.tremolosecurity.config.util.ConfigManager#initialize()
*/
/* (non-Javadoc)
* @see com.tremolosecurity.config.util.UnisonConfigManager#initialize()
*/
@Override
public void initialize(String name) throws JAXBException, Exception, IOException, FileNotFoundException, InstantiationException, IllegalAccessException, ClassNotFoundException, LDAPException, KeyStoreException, NoSuchAlgorithmException, CertificateException, ProvisioningException {
JAXBContext jc = JAXBContext.newInstance("com.tremolosecurity.config.xml");
Unmarshaller unmarshaller = jc.createUnmarshaller();
String path = configXML;
this.threads = new ArrayList<StopableThread>();
// path = path.substring(path.lastIndexOf('/') - 1);
// path = path.substring(path.lastIndexOf('/') - 1);
path = path.substring(0, path.lastIndexOf('/'));
JAXBElement<TremoloType> autoidmcfg = this.loadUnisonConfiguration(unmarshaller);
this.cfg = autoidmcfg.getValue();
this.byHost = new HashMap<String, ArrayList<UrlHolder>>();
this.cache = new HashMap<String, UrlHolder>();
this.upgradeManager = (HttpUpgradeRequestManager) Class.forName(this.cfg.getUpgradeHandler()).newInstance();
String myVdPath = cfg.getMyvdConfig();
this.loadKeystore(path, myVdPath);
this.initSSL();
this.loadMyVD(path, myVdPath);
if (cfg.getApplications().getErrorPage() != null) {
for (ErrorPage ep : cfg.getApplications().getErrorPage()) {
this.errorPages.put(ep.getCode(), ep.getLocation());
}
}
this.customAzRules = new HashMap<String, CustomAuthorization>();
if (this.cfg.getCustomAzRules() != null) {
for (CustomAzRuleType azrule : this.cfg.getCustomAzRules().getAzRule()) {
createCustomAuthorizationRule(azrule);
}
}
loadApplicationObjects();
this.authChains = new HashMap<String, AuthChainType>();
if (cfg.getAuthChains() != null) {
Iterator<AuthChainType> itac = cfg.getAuthChains().getChain().iterator();
while (itac.hasNext()) {
AuthChainType ac = itac.next();
this.authChains.put(ac.getName(), ac);
}
}
this.authMechs = new HashMap<String, MechanismType>();
if (cfg.getAuthMechs() != null) {
Iterator<MechanismType> itmt = cfg.getAuthMechs().getMechanism().iterator();
while (itmt.hasNext()) {
MechanismType mt = itmt.next();
authMechs.put(mt.getName(), mt);
}
}
this.resGroups = new HashMap<String, ResultGroupType>();
if (cfg.getResultGroups() != null) {
Iterator<ResultGroupType> itrgt = cfg.getResultGroups().getResultGroup().iterator();
while (itrgt.hasNext()) {
ResultGroupType rgt = itrgt.next();
this.resGroups.put(rgt.getName(), rgt);
}
}
this.apps = new HashMap<String, ApplicationType>();
Iterator<ApplicationType> itApp = cfg.getApplications().getApplication().iterator();
while (itApp.hasNext()) {
ApplicationType app = itApp.next();
this.apps.put(app.getName(), app);
}
this.provEnvgine = new ProvisioningEngineImpl(this);
this.provEnvgine.initWorkFlows();
this.provEnvgine.initMessageConsumers();
this.provEnvgine.initScheduler();
this.provEnvgine.initListeners();
this.provEnvgine.initReports();
try {
if (this.getCfg().getResultGroups() != null && this.getCfg().getResultGroups().getDynamicResultGroups() != null && this.getCfg().getResultGroups().getDynamicResultGroups().isEnabled()) {
DynamicPortalUrlsType dynamicResultGroups = this.getCfg().getResultGroups().getDynamicResultGroups();
String className = dynamicResultGroups.getClassName();
HashMap<String, Attribute> cfgAttrs = new HashMap<String, Attribute>();
for (ParamType pt : dynamicResultGroups.getParams()) {
Attribute attr = cfgAttrs.get(pt.getName());
if (attr == null) {
attr = new Attribute(pt.getName());
cfgAttrs.put(pt.getName(), attr);
}
attr.getValues().add(pt.getValue());
}
DynamicResultGroups dynResGroups = (DynamicResultGroups) Class.forName(className).newInstance();
dynResGroups.loadDynamicResultGroups(this, this.getProvisioningEngine(), cfgAttrs);
}
} catch (InstantiationException | IllegalAccessException | ClassNotFoundException e) {
throw new ProvisioningException("Could not initialize dynamic targets", e);
}
try {
if (this.getCfg().getCustomAzRules() != null && this.getCfg().getCustomAzRules().getDynamicCustomAuthorizations() != null && this.getCfg().getCustomAzRules().getDynamicCustomAuthorizations().isEnabled()) {
DynamicPortalUrlsType dynamicCustomAuthorization = this.getCfg().getCustomAzRules().getDynamicCustomAuthorizations();
String className = dynamicCustomAuthorization.getClassName();
HashMap<String, Attribute> cfgAttrs = new HashMap<String, Attribute>();
for (ParamType pt : dynamicCustomAuthorization.getParams()) {
Attribute attr = cfgAttrs.get(pt.getName());
if (attr == null) {
attr = new Attribute(pt.getName());
cfgAttrs.put(pt.getName(), attr);
}
attr.getValues().add(pt.getValue());
}
DynamicAuthorizations dynCustomAz = (DynamicAuthorizations) Class.forName(className).newInstance();
dynCustomAz.loadDynamicAuthorizations(this, this.getProvisioningEngine(), cfgAttrs);
}
} catch (InstantiationException | IllegalAccessException | ClassNotFoundException e) {
throw new ProvisioningException("Could not initialize dynamic targets", e);
}
try {
if (this.getCfg().getAuthChains() != null && this.getCfg().getAuthChains().getDynamicAuthChains() != null && this.getCfg().getAuthChains().getDynamicAuthChains().isEnabled()) {
DynamicPortalUrlsType dynamicAuthChains = this.getCfg().getAuthChains().getDynamicAuthChains();
String className = dynamicAuthChains.getClassName();
HashMap<String, Attribute> cfgAttrs = new HashMap<String, Attribute>();
for (ParamType pt : dynamicAuthChains.getParams()) {
Attribute attr = cfgAttrs.get(pt.getName());
if (attr == null) {
attr = new Attribute(pt.getName());
cfgAttrs.put(pt.getName(), attr);
}
attr.getValues().add(pt.getValue());
}
DynamicAuthChains dynAuthChains = (DynamicAuthChains) Class.forName(className).newInstance();
dynAuthChains.loadDynamicAuthChains(this, provEnvgine, cfgAttrs);
}
} catch (InstantiationException | IllegalAccessException | ClassNotFoundException e) {
throw new ProvisioningException("Could not initialize dynamic targets", e);
}
try {
if (this.getCfg().getApplications() != null && this.getCfg().getApplications().getDynamicApplications() != null && this.getCfg().getApplications().getDynamicApplications().isEnabled()) {
DynamicPortalUrlsType dynamicApps = this.getCfg().getApplications().getDynamicApplications();
String className = dynamicApps.getClassName();
HashMap<String, Attribute> cfgAttrs = new HashMap<String, Attribute>();
for (ParamType pt : dynamicApps.getParams()) {
Attribute attr = cfgAttrs.get(pt.getName());
if (attr == null) {
attr = new Attribute(pt.getName());
cfgAttrs.put(pt.getName(), attr);
}
attr.getValues().add(pt.getValue());
}
DynamicApplications dynApps = (DynamicApplications) Class.forName(className).newInstance();
dynApps.loadDynamicApplications(this, provEnvgine, cfgAttrs);
}
} catch (InstantiationException | IllegalAccessException | ClassNotFoundException e) {
throw new ProvisioningException("Could not initialize dynamic targets", e);
}
this.postInitialize();
}
Also used :
ErrorPage(com.tremolosecurity.config.xml.ApplicationsType.ErrorPage)
TremoloType(com.tremolosecurity.config.xml.TremoloType)
Attribute(com.tremolosecurity.saml.Attribute)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
JAXBContext(javax.xml.bind.JAXBContext)
DynamicApplications(com.tremolosecurity.proxy.dynamicloaders.DynamicApplications)
ProvisioningEngineImpl(com.tremolosecurity.provisioning.core.ProvisioningEngineImpl)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
StopableThread(com.tremolosecurity.server.StopableThread)
CustomAzRuleType(com.tremolosecurity.config.xml.CustomAzRuleType)
MechanismType(com.tremolosecurity.config.xml.MechanismType)
Unmarshaller(javax.xml.bind.Unmarshaller)
AuthChainType(com.tremolosecurity.config.xml.AuthChainType)
DynamicAuthChains(com.tremolosecurity.proxy.dynamicloaders.DynamicAuthChains)
CustomAuthorization(com.tremolosecurity.proxy.az.CustomAuthorization)
AuthMechParamType(com.tremolosecurity.config.xml.AuthMechParamType)
ParamType(com.tremolosecurity.config.xml.ParamType)
DynamicAuthorizations(com.tremolosecurity.proxy.dynamicloaders.DynamicAuthorizations)
ApplicationType(com.tremolosecurity.config.xml.ApplicationType)
DynamicResultGroups(com.tremolosecurity.proxy.dynamicloaders.DynamicResultGroups)
DynamicPortalUrlsType(com.tremolosecurity.config.xml.DynamicPortalUrlsType)
ResultGroupType(com.tremolosecurity.config.xml.ResultGroupType)
Example 43 with AuthChainType
use of com.tremolosecurity.config.xml.AuthChainType in project OpenUnison by TremoloSecurity.
the class WorkflowImpl method executeWorkflow.
/* (non-Javadoc)
* @see com.tremolosecurity.provisioning.core.Workflow#executeWorkflow(com.tremolosecurity.proxy.auth.AuthInfo, java.lang.String)
*/
@Override
public Map<String, Object> executeWorkflow(AuthInfo authInfo, String uidAttr) throws ProvisioningException {
Attribute uid = authInfo.getAttribs().get(uidAttr);
if (uid == null) {
throw new ProvisioningException("No uid attribute " + uidAttr);
}
User user = new User(uid.getValues().get(0));
user.getAttribs().putAll(authInfo.getAttribs());
Map<String, Object> params = new HashMap<String, Object>();
params.put(ProvisioningParams.UNISON_EXEC_TYPE, ProvisioningParams.UNISON_EXEC_SYNC);
params = this.executeWorkflow(user, params);
try {
if (user.isResync()) {
StringBuffer b = new StringBuffer();
b.append("(").append(uidAttr).append("=").append(user.getUserID()).append(")");
String root = null;
AuthChainType act = this.cfgMgr.getAuthChains().get(authInfo.getAuthChain());
root = (String) params.get(ProvisioningParams.UNISON_RESYNC_ROOT);
if (root == null) {
if (act != null) {
root = act.getRoot();
}
if (root == null) {
root = this.cfgMgr.getCfg().getLdapRoot();
}
}
LDAPSearchResults res = this.cfgMgr.getMyVD().search(root, 2, equal(uidAttr, user.getUserID()).toString(), new ArrayList<String>());
if (res.hasMore()) {
if (!user.keepExternalAttrs) {
authInfo.getAttribs().clear();
}
LDAPEntry entry = res.next();
authInfo.setUserDN(entry.getDN());
Iterator<LDAPAttribute> it = entry.getAttributeSet().iterator();
while (it.hasNext()) {
LDAPAttribute attrib = it.next();
Attribute attr = new Attribute(attrib.getName());
String[] vals = attrib.getStringValueArray();
for (int i = 0; i < vals.length; i++) {
attr.getValues().add(vals[i]);
}
authInfo.getAttribs().put(attr.getName(), attr);
}
} else {
throw new ProvisioningException("User " + authInfo.getUserDN() + " does not exist");
}
}
} catch (Exception e) {
throw new ProvisioningException("Could not reload user", e);
}
return params;
}
Also used :
LDAPAttribute(com.novell.ldap.LDAPAttribute)
TremoloUser(com.tremolosecurity.provisioning.service.util.TremoloUser)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
Attribute(com.tremolosecurity.saml.Attribute)
HashMap(java.util.HashMap)
LDAPException(com.novell.ldap.LDAPException)
SQLException(java.sql.SQLException)
HibernateException(org.hibernate.HibernateException)
LDAPEntry(com.novell.ldap.LDAPEntry)
LDAPSearchResults(com.novell.ldap.LDAPSearchResults)
AuthChainType(com.tremolosecurity.config.xml.AuthChainType)
Example 44 with AuthChainType
use of com.tremolosecurity.config.xml.AuthChainType in project OpenUnison by TremoloSecurity.
the class UnisonServletFilter method doFilter.
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = new LocalSessionRequest((HttpServletRequest) request);
HttpServletResponse resp = (HttpServletResponse) response;
ConfigManager cfg = (ConfigManager) ctx.getAttribute(ProxyConstants.TREMOLO_CONFIG);
SessionManager sessionMgr = (SessionManager) ctx.getAttribute(ProxyConstants.TREMOLO_SESSION_MANAGER);
ProxyRequest pr = null;
try {
pr = new ProxyRequest((HttpServletRequest) req);
} catch (Exception e1) {
logger.error("Unable to create request", e1);
throw new IOException("Could not create request");
}
try {
req.setAttribute(ProxyConstants.TREMOLO_FILTER_CHAIN, chain);
NextEmbSys embSys = new NextEmbSys(this.cfg.getServletContext(), chain, passOn);
/*System.err.println("*** Begin Request ****");
System.err.println("url = '" + ((HttpServletRequest)req).getRequestURL() + "'");
Cookie[] cookies = ((HttpServletRequest) req).getCookies();
if (cookies != null) {
for (Cookie cookie : cookies) {
System.err.println("'" + cookie.getName() + "'='" + cookie.getValue() + "'");
}
}
System.err.println("*** End Request ****");*/
String fwdProto = req.getHeader("X-Forwarded-Proto");
boolean toSSL = false;
if (cfg.isForceToSSL()) {
if (fwdProto != null) {
toSSL = fwdProto.equalsIgnoreCase("http");
} else {
toSSL = !req.getRequestURL().toString().toLowerCase().startsWith("https");
}
}
if (toSSL) {
StringBuffer redirURL = new StringBuffer();
URL reqURL = new URL(req.getRequestURL().toString());
redirURL.append("https://").append(reqURL.getHost());
if (cfg.getExternalSecurePort() != 443) {
redirURL.append(":").append(cfg.getSecurePort());
}
redirURL.append(reqURL.getPath());
if (reqURL.getQuery() != null) {
redirURL.append('?').append(reqURL.getQuery());
}
resp.sendRedirect(redirURL.toString());
return;
}
// add hsts
if (GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getApplications().isHsts()) {
StringBuffer sb = new StringBuffer();
sb.append("max-age=").append(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getApplications().getHstsTTL()).append(" ; includeSubDomains");
resp.addHeader("Strict-Transport-Security", sb.toString());
}
req.setAttribute(ProxyConstants.TREMOLO_CFG_OBJ, cfg);
HttpServletRequest servReq = (HttpServletRequest) req;
String URL;
HttpSession sharedSession = null;
UrlHolder holder = null;
URL = servReq.getRequestURL().toString();
holder = cfg.findURL(URL);
boolean isForcedAuth = false;
RequestHolder reqHolder = null;
String sessionCookieName = req.getParameter("sessionCookie");
if (sessionCookieName == null) {
Cookie[] cookies = ((HttpServletRequest) req).getCookies();
if (cookies != null) {
for (int i = 0; i < cookies.length; i++) {
if (cookies[i].getName().equals("autoIdmSessionCookieName")) {
sessionCookieName = cookies[i].getValue();
}
}
}
}
if (sessionCookieName == null) {
} else {
}
if (holder == null) {
// check the session
sharedSession = sessionMgr.getSession(sessionCookieName, holder, ((HttpServletRequest) req), ((HttpServletResponse) resp), this.ctx);
if (sharedSession != null) {
AuthController actl = (AuthController) sharedSession.getAttribute(ProxyConstants.AUTH_CTL);
if (actl.getHolder() != null) {
URL = ((AuthController) sharedSession.getAttribute(ProxyConstants.AUTH_CTL)).getHolder().getURL();
holder = cfg.findURL(URL);
}
}
} else {
sharedSession = sessionMgr.getSession(holder, ((HttpServletRequest) req), ((HttpServletResponse) resp), this.ctx);
}
// LocalSessionRequest lsr = new LocalSessionRequest((HttpServletRequest)req,sharedSession);
if (sharedSession != null) {
pr.setSession(sharedSession);
}
if ((holder == null || holder.getUrl().getUri().equalsIgnoreCase("/")) && req.getRequestURI().startsWith(cfg.getAuthPath()) && sessionCookieName == null) {
// if (req.getRequestURI().startsWith("/auth/")) {
AuthMechanism authMech = cfg.getAuthMech(((HttpServletRequest) req).getRequestURI());
if (authMech != null) {
String finalURL = authMech.getFinalURL(pr, resp);
if (resp.getStatus() == 302) {
// redirect sent, stop processing
return;
}
if (finalURL != null) {
holder = cfg.findURL(finalURL);
if (holder != null) {
String urlChain = holder.getUrl().getAuthChain();
AuthChainType act = holder.getConfig().getAuthChains().get(urlChain);
HashMap<String, Attribute> params = new HashMap<String, Attribute>();
ProxyUtil.loadParams(req, params);
if (req instanceof ProxyRequest) {
reqHolder = new RequestHolder(HTTPMethod.GET, params, finalURL, true, act.getName(), ((ProxyRequest) req).getQueryStringParams());
} else {
reqHolder = new RequestHolder(HTTPMethod.GET, params, finalURL, true, act.getName(), ((com.tremolosecurity.embedd.LocalSessionRequest) req).getQueryStringParams());
}
isForcedAuth = true;
sharedSession = sessionMgr.getSession(holder, ((HttpServletRequest) req), ((HttpServletResponse) resp), this.ctx);
if (sharedSession != null) {
pr.setSession(sharedSession);
}
Cookie lsessionCookieName = new Cookie("autoIdmSessionCookieName", holder.getApp().getCookieConfig().getSessionCookieName());
String domain = ProxyTools.getInstance().getCookieDomain(holder.getApp().getCookieConfig(), req);
if (domain != null) {
lsessionCookieName.setDomain(domain);
}
lsessionCookieName.setPath("/");
lsessionCookieName.setMaxAge(-1);
lsessionCookieName.setSecure(false);
if ((holder.getApp() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig().isCookiesEnabled() == null) || holder.getApp().getCookieConfig().isCookiesEnabled()) {
ProxyResponse.addCookieToResponse(holder, lsessionCookieName, (HttpServletResponse) response);
}
Cookie appCookieName = new Cookie("autoIdmAppName", URLEncoder.encode(holder.getApp().getName(), "UTF-8"));
if (domain != null) {
appCookieName.setDomain(domain);
}
appCookieName.setPath("/");
appCookieName.setMaxAge(-1);
appCookieName.setSecure(false);
if ((holder.getApp() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig().isCookiesEnabled() == null) || holder.getApp().getCookieConfig().isCookiesEnabled()) {
ProxyResponse.addCookieToResponse(holder, appCookieName, (HttpServletResponse) response);
}
// resp.addCookie(appCookieName);
}
}
}
}
req.setAttribute(ProxyConstants.AUTOIDM_CFG, holder);
req.setAttribute(ProxyConstants.TREMOLO_IS_FORCED_AUTH, isForcedAuth);
req.setAttribute(ProxyConstants.TREMOLO_REQ_HOLDER, reqHolder);
if (!resp.isCommitted()) {
embSys.nextSys(pr, (HttpServletResponse) resp);
}
} catch (Exception e) {
req.setAttribute("TREMOLO_ERROR_REQUEST_URL", req.getRequestURL().toString());
req.setAttribute("TREMOLO_ERROR_EXCEPTION", e);
logger.error("Could not process request", e);
StringBuffer b = new StringBuffer();
b.append(cfg.getAuthFormsPath()).append("error.jsp");
req.getRequestDispatcher(b.toString()).forward(pr, resp);
}
}
Also used :
Attribute(com.tremolosecurity.saml.Attribute)
HashMap(java.util.HashMap)
NextEmbSys(com.tremolosecurity.embedd.NextEmbSys)
RequestHolder(com.tremolosecurity.proxy.auth.RequestHolder)
URL(java.net.URL)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
LocalSessionRequest(com.tremolosecurity.embedd.LocalSessionRequest)
UrlHolder(com.tremolosecurity.config.util.UrlHolder)
AuthMechanism(com.tremolosecurity.proxy.auth.AuthMechanism)
ProxyRequest(com.tremolosecurity.proxy.ProxyRequest)
AuthChainType(com.tremolosecurity.config.xml.AuthChainType)
Cookie(javax.servlet.http.Cookie)
SessionManager(com.tremolosecurity.proxy.SessionManager)
HttpSession(javax.servlet.http.HttpSession)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
IOException(java.io.IOException)
AuthController(com.tremolosecurity.proxy.auth.AuthController)
ConfigManager(com.tremolosecurity.config.util.ConfigManager)
ServletException(javax.servlet.ServletException)
IOException(java.io.IOException)
Example 45 with AuthChainType
use of com.tremolosecurity.config.xml.AuthChainType in project OpenUnison by TremoloSecurity.
the class SMSAuth method doPost.
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response, AuthStep as) throws IOException, ServletException {
HttpSession session = ((HttpServletRequest) request).getSession();
HashMap<String, Attribute> authParams = (HashMap<String, Attribute>) session.getAttribute(ProxyConstants.AUTH_MECH_PARAMS);
String keyFromForm = request.getParameter("key");
if (keyFromForm == null) {
this.doGet(request, response, as);
return;
}
String keyFromSession = (String) request.getSession().getAttribute("TREMOLO_SMS_KEY");
UrlHolder holder = (UrlHolder) request.getAttribute(ProxyConstants.AUTOIDM_CFG);
RequestHolder reqHolder = ((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).getHolder();
String urlChain = holder.getUrl().getAuthChain();
AuthChainType act = holder.getConfig().getAuthChains().get(reqHolder.getAuthChainName());
AuthMechType amt = act.getAuthMech().get(as.getId());
boolean authenticated = keyFromForm.equals(keyFromSession);
if (authenticated) {
session.removeAttribute("TREMOLO_SMS_KEY");
}
as.setExecuted(true);
as.setSuccess(authenticated);
String redirectToURL = request.getParameter("target");
if (redirectToURL != null && !redirectToURL.isEmpty()) {
reqHolder.setURL(redirectToURL);
}
holder.getConfig().getAuthManager().nextAuth(request, response, session, false);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
UrlHolder(com.tremolosecurity.config.util.UrlHolder)
Attribute(com.tremolosecurity.saml.Attribute)
HashMap(java.util.HashMap)
HttpSession(javax.servlet.http.HttpSession)
AuthMechType(com.tremolosecurity.config.xml.AuthMechType)
AuthChainType(com.tremolosecurity.config.xml.AuthChainType)
Aggregations
AuthChainType (com.tremolosecurity.config.xml.AuthChainType)52
UrlHolder (com.tremolosecurity.config.util.UrlHolder)34
AuthMechType (com.tremolosecurity.config.xml.AuthMechType)34
HttpSession (javax.servlet.http.HttpSession)33
HashMap (java.util.HashMap)32
ServletException (javax.servlet.ServletException)32
Attribute (com.tremolosecurity.saml.Attribute)28
HttpServletRequest (javax.servlet.http.HttpServletRequest)28
IOException (java.io.IOException)21
AuthController (com.tremolosecurity.proxy.auth.AuthController)19
LDAPException (com.novell.ldap.LDAPException)18
LDAPAttribute (com.novell.ldap.LDAPAttribute)17
AuthInfo (com.tremolosecurity.proxy.auth.AuthInfo)14
RequestHolder (com.tremolosecurity.proxy.auth.RequestHolder)13
ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)12
MalformedURLException (java.net.MalformedURLException)10
LDAPSearchResults (com.novell.ldap.LDAPSearchResults)9
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)9
ArrayList (java.util.ArrayList)9
LDAPEntry (com.novell.ldap.LDAPEntry)8
