Example 6 with AzRuleType
use of com.tremolosecurity.config.xml.AzRuleType in project OpenUnison by TremoloSecurity.
the class ScaleMain method doFilter.
@Override
public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception {
Gson gson = new Gson();
request.getServletRequest().setAttribute("com.tremolosecurity.unison.proxy.noRedirectOnError", "com.tremolosecurity.unison.proxy.noRedirectOnError");
try {
if (request.getRequestURI().endsWith("/main/config")) {
if (scaleConfig.getUiDecisions() != null) {
AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
Set<String> allowedAttrs = this.scaleConfig.getUiDecisions().availableAttributes(userData, request.getServletRequest());
ScaleConfig local = new ScaleConfig(this.scaleConfig);
if (allowedAttrs != null) {
for (String attrName : this.scaleConfig.getAttributes().keySet()) {
if (!allowedAttrs.contains(attrName)) {
local.getAttributes().remove(attrName);
}
}
}
local.setCanEditUser(this.scaleConfig.getUiDecisions().canEditUser(userData, request.getServletRequest()));
ScaleJSUtils.addCacheHeaders(response);
response.setContentType("application/json");
response.getWriter().println(gson.toJson(local).trim());
} else {
ScaleJSUtils.addCacheHeaders(response);
response.setContentType("application/json");
response.getWriter().println(gson.toJson(scaleConfig).trim());
}
} else if (request.getMethod().equalsIgnoreCase("GET") && request.getRequestURI().endsWith("/main/user")) {
lookupUser(request, response, gson);
} else if (request.getMethod().equalsIgnoreCase("PUT") && request.getRequestURI().endsWith("/main/user")) {
saveUser(request, response, gson);
} else if (request.getMethod().equalsIgnoreCase("GET") && request.getRequestURI().endsWith("/main/orgs")) {
AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
AzSys az = new AzSys();
OrgType ot = GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getOrg();
Organization org = new Organization();
copyOrg(org, ot, az, userData);
ScaleJSUtils.addCacheHeaders(response);
response.setContentType("application/json");
response.getWriter().println(gson.toJson(org).trim());
} else if (request.getMethod().equalsIgnoreCase("GET") && request.getRequestURI().contains("/main/workflows/org/")) {
loadWorkflows(request, response, gson);
} else if (request.getMethod().equalsIgnoreCase("GET") && request.getRequestURI().contains("/main/workflows/candelegate")) {
try {
AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
OrgType ot = GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getOrg();
AzSys az = new AzSys();
HashSet<String> allowedOrgs = new HashSet<String>();
this.checkOrg(allowedOrgs, ot, az, userData, request.getSession());
String workflowName = request.getParameter("workflowName").getValues().get(0);
// need to check org
String orgid = null;
for (WorkflowType wf : GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getWorkflows().getWorkflow()) {
if (wf.getName().equals(workflowName)) {
orgid = wf.getOrgid();
break;
}
}
PreCheckResponse preCheckResp = new PreCheckResponse();
if (request.getParameter("uuid") != null) {
preCheckResp.setUuid(request.getParameter("uuid").getValues().get(0));
}
checkPreCheck(request, userData, allowedOrgs, workflowName, orgid, preCheckResp);
ScaleJSUtils.addCacheHeaders(response);
response.getWriter().print(gson.toJson(preCheckResp).trim());
response.getWriter().flush();
} catch (Throwable t) {
logger.error("Could not check for preapproval status", t);
response.setStatus(500);
response.setContentType("application/json");
ScaleJSUtils.addCacheHeaders(response);
ScaleError error = new ScaleError();
error.getErrors().add("Unable to check");
response.getWriter().print(gson.toJson(error).trim());
response.getWriter().flush();
}
} else if (request.getMethod().equalsIgnoreCase("PUT") && request.getRequestURI().endsWith("/main/workflows")) {
executeWorkflows(request, response, gson);
} else if (request.getMethod().equalsIgnoreCase("GET") && request.getRequestURI().endsWith("/main/approvals")) {
AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
String uid = userData.getAttribs().get(this.scaleConfig.getUidAttributeName()).getValues().get(0);
response.setContentType("application/json");
ScaleJSUtils.addCacheHeaders(response);
response.getWriter().println(gson.toJson(ServiceActions.listOpenApprovals(uid, this.scaleConfig.getDisplayNameAttribute(), GlobalEntries.getGlobalEntries().getConfigManager())).trim());
} else if (request.getMethod().equalsIgnoreCase("GET") && request.getRequestURI().contains("/main/approvals/")) {
loadApproval(request, response, gson);
} else if (request.getMethod().equalsIgnoreCase("PUT") && request.getRequestURI().contains("/main/approvals/")) {
int approvalID = Integer.parseInt(request.getRequestURI().substring(request.getRequestURI().lastIndexOf('/') + 1));
AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
String uid = userData.getAttribs().get(this.scaleConfig.getUidAttributeName()).getValues().get(0);
boolean ok = false;
ApprovalSummaries summaries = ServiceActions.listOpenApprovals(uid, this.scaleConfig.getDisplayNameAttribute(), GlobalEntries.getGlobalEntries().getConfigManager());
for (ApprovalSummary as : summaries.getApprovals()) {
if (as.getApproval() == approvalID) {
ok = true;
}
}
if (!ok) {
response.setStatus(401);
response.setContentType("application/json");
ScaleJSUtils.addCacheHeaders(response);
ScaleError error = new ScaleError();
error.getErrors().add("Unauthorized");
response.getWriter().print(gson.toJson(error).trim());
response.getWriter().flush();
} else {
ScaleApprovalData approvalData = gson.fromJson(new String((byte[]) request.getAttribute(ProxySys.MSG_BODY)), ScaleApprovalData.class);
try {
String approval = approvalData.getReason().trim();
if (approval.length() > 255) {
logger.warn("approval justification greater then 255 characters");
approval = approval.substring(0, 255);
}
GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().doApproval(approvalID, uid, approvalData.isApproved(), approval);
} catch (Exception e) {
logger.error("Could not execute approval", e);
response.setStatus(500);
ScaleError error = new ScaleError();
error.getErrors().add("There was a problem completeding your request, please contact your system administrator");
ScaleJSUtils.addCacheHeaders(response);
response.getWriter().print(gson.toJson(error).trim());
response.getWriter().flush();
}
}
} else if (request.getMethod().equalsIgnoreCase("GET") && request.getRequestURI().contains("/main/reports/org/")) {
loadReports(request, response, gson);
} else if (request.getMethod().equalsIgnoreCase("GET") && request.getRequestURI().contains("/main/reports/excel/")) {
exportToExcel(request, response, gson);
} else if (request.getMethod().equalsIgnoreCase("GET") && request.getRequestURI().contains("/main/reports/")) {
runReport(request, response, gson);
} else if (request.getMethod().equalsIgnoreCase("GET") && request.getRequestURI().endsWith("/main/urls")) {
AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
AzSys az = new AzSys();
PortalUrlsType pt = GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getPortal();
PortalURLs urls = new PortalURLs();
if (pt != null && pt.getUrls() != null) {
for (PortalUrlType url : pt.getUrls()) {
if (url.getAzRules() != null && url.getAzRules().getRule().size() > 0) {
ArrayList<AzRule> rules = new ArrayList<AzRule>();
for (AzRuleType art : url.getAzRules().getRule()) {
rules.add(new AzRule(art.getScope(), art.getConstraint(), art.getClassName(), GlobalEntries.getGlobalEntries().getConfigManager(), null));
}
if (!az.checkRules(userData, GlobalEntries.getGlobalEntries().getConfigManager(), rules, request.getSession(), this.appType, new HashMap<String, Object>())) {
continue;
}
}
PortalURL purl = new PortalURL();
purl.setName(url.getName());
purl.setLabel(url.getLabel());
purl.setOrg(url.getOrg());
purl.setUrl(url.getUrl());
purl.setIcon(url.getIcon());
urls.getUrls().add(purl);
}
}
ScaleJSUtils.addCacheHeaders(response);
response.getWriter().print(gson.toJson(urls.getUrls()).trim());
response.getWriter().flush();
} else if (request.getMethod().equalsIgnoreCase("GET") && request.getRequestURI().contains("/main/urls/org")) {
String id = URLDecoder.decode(request.getRequestURI().substring(request.getRequestURI().lastIndexOf('/') + 1), "UTF-8");
AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
AzSys az = new AzSys();
PortalUrlsType pt = GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getPortal();
PortalURLs urls = new PortalURLs();
for (PortalUrlType url : pt.getUrls()) {
if (url.getOrg().equalsIgnoreCase(id)) {
if (url.getAzRules() != null && url.getAzRules().getRule().size() > 0) {
ArrayList<AzRule> rules = new ArrayList<AzRule>();
for (AzRuleType art : url.getAzRules().getRule()) {
rules.add(new AzRule(art.getScope(), art.getConstraint(), art.getClassName(), GlobalEntries.getGlobalEntries().getConfigManager(), null));
}
if (!az.checkRules(userData, GlobalEntries.getGlobalEntries().getConfigManager(), rules, request.getSession(), this.appType, new HashMap<String, Object>())) {
continue;
}
}
PortalURL purl = new PortalURL();
purl.setName(url.getName());
purl.setLabel(url.getLabel());
purl.setOrg(url.getOrg());
purl.setUrl(url.getUrl());
purl.setIcon(url.getIcon());
urls.getUrls().add(purl);
}
}
ScaleJSUtils.addCacheHeaders(response);
response.getWriter().print(gson.toJson(urls.getUrls()).trim());
response.getWriter().flush();
} else {
response.setStatus(500);
ScaleError error = new ScaleError();
error.getErrors().add("Operation not supported");
ScaleJSUtils.addCacheHeaders(response);
response.getWriter().print(gson.toJson(error).trim());
response.getWriter().flush();
}
} catch (Throwable t) {
logger.error("Could not execute request", t);
response.setStatus(500);
ScaleError error = new ScaleError();
error.getErrors().add("Operation not supported");
ScaleJSUtils.addCacheHeaders(response);
response.getWriter().print(gson.toJson(error).trim());
response.getWriter().flush();
}
}
Also used :
Organization(com.tremolosecurity.provisioning.service.util.Organization)
PortalUrlType(com.tremolosecurity.config.xml.PortalUrlType)
PortalURL(com.tremolosecurity.provisioning.service.util.PortalURL)
HashMap(java.util.HashMap)
PortalURLs(com.tremolosecurity.provisioning.service.util.PortalURLs)
ArrayList(java.util.ArrayList)
Gson(com.google.gson.Gson)
PortalUrlsType(com.tremolosecurity.config.xml.PortalUrlsType)
XSSFRichTextString(org.apache.poi.xssf.usermodel.XSSFRichTextString)
RichTextString(org.apache.poi.ss.usermodel.RichTextString)
AzRuleType(com.tremolosecurity.config.xml.AzRuleType)
ApprovalSummaries(com.tremolosecurity.provisioning.service.util.ApprovalSummaries)
HashSet(java.util.HashSet)
ApprovalSummary(com.tremolosecurity.provisioning.service.util.ApprovalSummary)
AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo)
PreCheckResponse(com.tremolosecurity.scalejs.data.PreCheckResponse)
ScaleApprovalData(com.tremolosecurity.scalejs.data.ScaleApprovalData)
ScaleError(com.tremolosecurity.scalejs.data.ScaleError)
AuthController(com.tremolosecurity.proxy.auth.AuthController)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
LDAPException(com.novell.ldap.LDAPException)
SQLException(java.sql.SQLException)
IOException(java.io.IOException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
MalformedURLException(java.net.MalformedURLException)
OrgType(com.tremolosecurity.config.xml.OrgType)
WorkflowType(com.tremolosecurity.config.xml.WorkflowType)
AzSys(com.tremolosecurity.proxy.auth.AzSys)
JsonObject(com.google.gson.JsonObject)
AzRule(com.tremolosecurity.proxy.az.AzRule)
ScaleConfig(com.tremolosecurity.scalejs.cfg.ScaleConfig)
Example 7 with AzRuleType
use of com.tremolosecurity.config.xml.AzRuleType in project OpenUnison by TremoloSecurity.
the class ScaleMain method checkOrg.
private void checkOrg(HashSet<String> allowedOrgs, OrgType ot, AzSys az, AuthInfo auinfo, HttpSession session) throws MalformedURLException, ProvisioningException {
ConfigManager cfgMgr = GlobalEntries.getGlobalEntries().getConfigManager();
if (ot.getAzRules() != null && ot.getAzRules().getRule().size() > 0) {
ArrayList<AzRule> rules = new ArrayList<AzRule>();
for (AzRuleType art : ot.getAzRules().getRule()) {
rules.add(new AzRule(art.getScope(), art.getConstraint(), art.getClassName(), cfgMgr, null));
}
if (!az.checkRules(auinfo, cfgMgr, rules, session, this.appType, new HashMap<String, Object>())) {
return;
}
}
allowedOrgs.add(ot.getUuid());
for (OrgType child : ot.getOrgs()) {
checkOrg(allowedOrgs, child, az, auinfo, session);
}
}
Also used :
AzRuleType(com.tremolosecurity.config.xml.AzRuleType)
HashMap(java.util.HashMap)
OrgType(com.tremolosecurity.config.xml.OrgType)
ArrayList(java.util.ArrayList)
AzRule(com.tremolosecurity.proxy.az.AzRule)
ConfigManager(com.tremolosecurity.config.util.ConfigManager)
Example 8 with AzRuleType
use of com.tremolosecurity.config.xml.AzRuleType in project OpenUnison by TremoloSecurity.
the class ListPortalURLs method doGet.
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
String userID = req.getParameter("uid");
String uidAttr = req.getParameter("uidAttr");
ConfigManager cfgMgr = GlobalEntries.getGlobalEntries().getConfigManager();
try {
StringBuffer b = new StringBuffer();
LDAPSearchResults res = cfgMgr.getMyVD().search(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getLdapRoot(), 2, equal(uidAttr, userID).toString(), new ArrayList<String>());
if (!res.hasMore()) {
throw new ProvisioningException("Could not locate user '" + userID + "'");
}
LDAPEntry entry = res.next();
AuthInfo auinfo = new AuthInfo();
auinfo.setUserDN(entry.getDN());
LDAPAttributeSet attrs = entry.getAttributeSet();
for (Object obj : attrs) {
LDAPAttribute attr = (LDAPAttribute) obj;
Attribute attrib = new Attribute(attr.getName());
String[] vals = attr.getStringValueArray();
for (String val : vals) {
attrib.getValues().add(val);
}
auinfo.getAttribs().put(attrib.getName(), attrib);
}
AzSys az = new AzSys();
PortalUrlsType pt = GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getPortal();
PortalURLs urls = new PortalURLs();
for (PortalUrlType url : pt.getUrls()) {
if (url.getAzRules() != null && url.getAzRules().getRule().size() > 0) {
ArrayList<AzRule> rules = new ArrayList<AzRule>();
for (AzRuleType art : url.getAzRules().getRule()) {
rules.add(new AzRule(art.getScope(), art.getConstraint(), art.getClassName(), cfgMgr, null));
}
if (!az.checkRules(auinfo, GlobalEntries.getGlobalEntries().getConfigManager(), rules, null)) {
continue;
}
}
PortalURL purl = new PortalURL();
purl.setName(url.getName());
purl.setLabel(url.getLabel());
purl.setOrg(url.getOrg());
purl.setUrl(url.getUrl());
purl.setIcon(url.getIcon());
urls.getUrls().add(purl);
}
Gson gson = new Gson();
ProvisioningResult pres = new ProvisioningResult();
pres.setSuccess(true);
pres.setPortalURLs(urls);
resp.getOutputStream().print(gson.toJson(pres));
} catch (Exception e) {
ProvisioningError pe = new ProvisioningError();
pe.setError("Could not load urls : " + e.getMessage());
ProvisioningResult res = new ProvisioningResult();
res.setSuccess(false);
res.setError(pe);
Gson gson = new Gson();
resp.getWriter().write(gson.toJson(res));
logger.error("Could not load urls", e);
}
}
Also used :
LDAPAttribute(com.novell.ldap.LDAPAttribute)
Attribute(com.tremolosecurity.saml.Attribute)
PortalUrlType(com.tremolosecurity.config.xml.PortalUrlType)
PortalURL(com.tremolosecurity.provisioning.service.util.PortalURL)
PortalURLs(com.tremolosecurity.provisioning.service.util.PortalURLs)
ArrayList(java.util.ArrayList)
Gson(com.google.gson.Gson)
PortalUrlsType(com.tremolosecurity.config.xml.PortalUrlsType)
AzRuleType(com.tremolosecurity.config.xml.AzRuleType)
LDAPEntry(com.novell.ldap.LDAPEntry)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo)
LDAPAttributeSet(com.novell.ldap.LDAPAttributeSet)
ProvisioningResult(com.tremolosecurity.provisioning.service.util.ProvisioningResult)
ConfigManager(com.tremolosecurity.config.util.ConfigManager)
ServletException(javax.servlet.ServletException)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
IOException(java.io.IOException)
LDAPSearchResults(com.novell.ldap.LDAPSearchResults)
ProvisioningError(com.tremolosecurity.provisioning.service.util.ProvisioningError)
AzSys(com.tremolosecurity.proxy.auth.AzSys)
AzRule(com.tremolosecurity.proxy.az.AzRule)
Example 9 with AzRuleType
use of com.tremolosecurity.config.xml.AzRuleType in project OpenUnison by TremoloSecurity.
the class AzSys method doAz.
public void doAz(ServletRequest request, ServletResponse response, NextSys nextSys) throws IOException, ServletException, MalformedURLException {
ConfigManager cfg = (ConfigManager) request.getAttribute(ProxyConstants.TREMOLO_CFG_OBJ);
if (((HttpServletRequest) request).getRequestURI().startsWith(cfg.getAuthPath()) && (request.getAttribute(FORCE) == null || request.getAttribute(FORCE).equals("false"))) {
nextSys.nextSys((HttpServletRequest) request, (HttpServletResponse) response);
return;
}
HttpSession session = ((HttpServletRequest) request).getSession(true);
UrlHolder holder = (UrlHolder) request.getAttribute(ProxyConstants.AUTOIDM_CFG);
boolean doAz = holder.getUrl().getAzRules() != null && holder.getUrl().getAzRules().getRule().size() > 0;
if (!doAz) {
// chain.doFilter(request, response);
nextSys.nextSys((HttpServletRequest) request, (HttpServletResponse) response);
return;
}
List<AzRuleType> rules = holder.getUrl().getAzRules().getRule();
AuthInfo authData = ((AuthController) ((HttpServletRequest) request).getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
boolean OK = checkRules(authData, holder.getConfig(), holder.getAzRules(), ((HttpServletRequest) request).getSession(), holder.getApp(), null);
if (OK) {
String respGroup = getResponseSuccessGroup(holder);
AccessLog.log(AccessEvent.AzSuccess, holder.getApp(), (HttpServletRequest) request, authData, respGroup != null ? respGroup : "NONE");
if (respGroup != null) {
try {
processRequestResult(request, response, holder.getConfig().getResultGroup(respGroup), authData);
} catch (InstantiationException | IllegalAccessException | ClassNotFoundException e) {
throw new ServletException("Could not instantiate custom result group", e);
}
}
// chain.doFilter(request, response);
nextSys.nextSys((HttpServletRequest) request, (HttpServletResponse) response);
if (respGroup != null) {
try {
proccessResponseResult(request, response, holder.getConfig().getResultGroup(respGroup), false, authData, holder.getApp().getCookieConfig());
} catch (InstantiationException | IllegalAccessException | ClassNotFoundException e) {
throw new ServletException("Could not instantiate custom result", e);
}
}
} else {
String respGroup = getResponseFailGroup(holder);
AccessLog.log(AccessEvent.AzFail, holder.getApp(), (HttpServletRequest) request, authData, respGroup != null ? respGroup : "NONE");
if (respGroup != null) {
try {
proccessResponseResult(request, response, holder.getConfig().getResultGroup(respGroup), true, authData, holder.getApp().getCookieConfig());
} catch (InstantiationException | IllegalAccessException | ClassNotFoundException e) {
throw new ServletException("Could not instantiate custom result", e);
}
} else {
((HttpServletResponse) response).sendError(401);
}
}
}
Also used :
TremoloHttpSession(com.tremolosecurity.proxy.TremoloHttpSession)
HttpSession(javax.servlet.http.HttpSession)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
ConfigManager(com.tremolosecurity.config.util.ConfigManager)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
UrlHolder(com.tremolosecurity.config.util.UrlHolder)
ServletException(javax.servlet.ServletException)
AzRuleType(com.tremolosecurity.config.xml.AzRuleType)
Example 10 with AzRuleType
use of com.tremolosecurity.config.xml.AzRuleType in project OpenUnison by TremoloSecurity.
the class LoadApplicationsFromK8s method createApplication.
public ApplicationType createApplication(JSONObject item, String name) throws Exception {
ApplicationType app = new ApplicationType();
app.setName(name);
JSONObject spec = (JSONObject) item.get("spec");
app.setAzTimeoutMillis(getLongValue(spec.get("azTimeoutMillis"), 3000));
app.setIsApp(getBoolValue(spec.get("isApp"), true));
JSONArray urls = (JSONArray) spec.get("urls");
app.setUrls(new UrlsType());
for (Object o : urls) {
JSONObject jsonUrl = (JSONObject) o;
UrlType url = new UrlType();
if (!app.isIsApp()) {
createIdpOnUrl(jsonUrl, url);
}
JSONArray hosts = (JSONArray) jsonUrl.get("hosts");
for (Object x : hosts) {
url.getHost().add((String) x);
}
JSONArray filters = (JSONArray) jsonUrl.get("filterChain");
url.setFilterChain(new FilterChainType());
if (filters != null) {
for (Object x : filters) {
JSONObject jsonFilter = (JSONObject) x;
FilterConfigType ft = new FilterConfigType();
ft.setClazz((String) jsonFilter.get("className"));
JSONObject params = (JSONObject) jsonFilter.get("params");
if (params != null) {
for (Object y : params.keySet()) {
String paramName = (String) y;
Object z = params.get(paramName);
if (z instanceof String) {
ParamWithValueType pt = new ParamWithValueType();
pt.setName(paramName);
pt.setValue((String) z);
ft.getParam().add(pt);
} else {
JSONArray values = (JSONArray) z;
for (Object w : values) {
ParamWithValueType pt = new ParamWithValueType();
pt.setName(paramName);
pt.setValue((String) w);
ft.getParam().add(pt);
}
}
}
}
JSONArray secretParams = (JSONArray) jsonFilter.get("secretParams");
if (secretParams != null) {
HttpCon nonwatchHttp = this.k8sWatch.getK8s().createClient();
String token = this.k8sWatch.getK8s().getAuthToken();
try {
for (Object ox : secretParams) {
JSONObject secretParam = (JSONObject) ox;
String paramName = (String) secretParam.get("name");
String secretName = (String) secretParam.get("secretName");
String secretKey = (String) secretParam.get("secretKey");
String secretValue = this.k8sWatch.getSecretValue(secretName, secretKey, token, nonwatchHttp);
ParamWithValueType pt = new ParamWithValueType();
pt.setName(paramName);
pt.setValue(secretValue);
pt.setValueAttribute(secretValue);
ft.getParam().add(pt);
}
} finally {
nonwatchHttp.getHttp().close();
nonwatchHttp.getBcm().close();
}
}
url.getFilterChain().getFilter().add(ft);
}
}
JSONArray jsonAzRules = (JSONArray) jsonUrl.get("azRules");
AzRulesType art = new AzRulesType();
if (jsonAzRules != null) {
for (Object x : jsonAzRules) {
JSONObject jsonRule = (JSONObject) x;
AzRuleType artx = new AzRuleType();
artx.setScope((String) jsonRule.get("scope"));
artx.setConstraint((String) jsonRule.get("constraint"));
art.getRule().add(artx);
}
}
url.setAzRules(art);
url.setProxyTo((String) jsonUrl.get("proxyTo"));
url.setUri((String) jsonUrl.get("uri"));
url.setRegex(getBoolValue(jsonUrl.get("regex"), false));
url.setAuthChain((String) jsonUrl.get("authChain"));
url.setOverrideHost(getBoolValue(jsonUrl.get("overrideHost"), false));
url.setOverrideReferer(getBoolValue(jsonUrl.get("overrideReferer"), false));
JSONObject jsonResults = (JSONObject) jsonUrl.get("results");
if (jsonResults != null) {
ResultRefType rt = new ResultRefType();
rt.setAuSuccess((String) jsonResults.get("auSuccess"));
rt.setAzSuccess((String) jsonResults.get("azSuccess"));
rt.setAuFail((String) jsonResults.get("auFail"));
rt.setAzFail((String) jsonResults.get("azFail"));
url.setResults(rt);
}
app.getUrls().getUrl().add(url);
}
JSONObject jsonCookie = (JSONObject) spec.get("cookieConfig");
if (jsonCookie != null) {
CookieConfigType cct = new CookieConfigType();
cct.setSessionCookieName((String) jsonCookie.get("sessionCookieName"));
cct.setDomain((String) jsonCookie.get("domain"));
cct.setScope(getIntValue(jsonCookie.get("scope"), -1));
cct.setLogoutURI((String) jsonCookie.get("logoutURI"));
cct.setKeyAlias((String) jsonCookie.get("keyAlias"));
cct.setTimeout(getIntValue(jsonCookie.get("timeout"), 0).intValue());
cct.setSecure(getBoolValue(jsonCookie.get("secure"), false));
cct.setHttpOnly(getBoolValue(jsonCookie.get("httpOnly"), false));
cct.setSameSite((String) jsonCookie.get("sameSite"));
cct.setCookiesEnabled(getBoolValue(jsonCookie.get("cookiesEnabled"), true));
app.setCookieConfig(cct);
}
return app;
}
Also used :
AzRulesType(com.tremolosecurity.config.xml.AzRulesType)
JSONArray(org.json.simple.JSONArray)
UrlsType(com.tremolosecurity.config.xml.UrlsType)
FilterChainType(com.tremolosecurity.config.xml.FilterChainType)
ResultRefType(com.tremolosecurity.config.xml.ResultRefType)
ApplicationType(com.tremolosecurity.config.xml.ApplicationType)
CustomAzRuleType(com.tremolosecurity.config.xml.CustomAzRuleType)
AzRuleType(com.tremolosecurity.config.xml.AzRuleType)
HttpCon(com.tremolosecurity.provisioning.util.HttpCon)
JSONObject(org.json.simple.JSONObject)
FilterConfigType(com.tremolosecurity.config.xml.FilterConfigType)
CookieConfigType(com.tremolosecurity.config.xml.CookieConfigType)
JSONObject(org.json.simple.JSONObject)
ParamWithValueType(com.tremolosecurity.config.xml.ParamWithValueType)
UrlType(com.tremolosecurity.config.xml.UrlType)
Aggregations
AzRuleType (com.tremolosecurity.config.xml.AzRuleType)12
ConfigManager (com.tremolosecurity.config.util.ConfigManager)6
OrgType (com.tremolosecurity.config.xml.OrgType)6
AzRule (com.tremolosecurity.proxy.az.AzRule)6
ArrayList (java.util.ArrayList)6
JSONArray (org.json.simple.JSONArray)4
JSONObject (org.json.simple.JSONObject)4
AzRulesType (com.tremolosecurity.config.xml.AzRulesType)3
PortalUrlType (com.tremolosecurity.config.xml.PortalUrlType)3
Organization (com.tremolosecurity.provisioning.service.util.Organization)3
AuthInfo (com.tremolosecurity.proxy.auth.AuthInfo)3
HashMap (java.util.HashMap)3
Gson (com.google.gson.Gson)2
UrlHolder (com.tremolosecurity.config.util.UrlHolder)2
PortalUrlsType (com.tremolosecurity.config.xml.PortalUrlsType)2
ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)2
PortalURL (com.tremolosecurity.provisioning.service.util.PortalURL)2
PortalURLs (com.tremolosecurity.provisioning.service.util.PortalURLs)2
AuthController (com.tremolosecurity.proxy.auth.AuthController)2
AzSys (com.tremolosecurity.proxy.auth.AzSys)2
