Example 1 with FilterConfigType
use of com.tremolosecurity.config.xml.FilterConfigType in project OpenUnison by TremoloSecurity.
the class PreAuthFilter method initFilter.
@Override
public void initFilter(HttpFilterConfig config) throws Exception {
this.postSAML = config.getAttribute("postSAML") != null && config.getAttribute("postSAML").getValues().get(0).equalsIgnoreCase("true");
if (postSAML) {
String idpName = config.getAttribute("idpName").getValues().get(0);
ApplicationType app = config.getConfigManager().getApp(idpName);
IdpType idp = app.getUrls().getUrl().get(0).getIdp();
for (ParamType pt : idp.getParams()) {
if (pt.getName().equalsIgnoreCase("sigKey")) {
this.keyAlias = pt.getValue();
}
}
TrustType tt = idp.getTrusts().getTrust().get(0);
for (ParamType pt : tt.getParam()) {
if (pt.getName().equalsIgnoreCase("signResponse")) {
this.signResponse = pt.getValue().equalsIgnoreCase("true");
} else if (pt.getName().equalsIgnoreCase("signAssertion")) {
this.signAssertion = pt.getValue().equalsIgnoreCase("true");
} else if (pt.getName().equalsIgnoreCase("httpPostRespURL")) {
this.assertionConsumerURL = pt.getValue();
} else if (pt.getName().equalsIgnoreCase("defaultNameId")) {
this.nameIDType = pt.getValue();
} else if (pt.getName().equalsIgnoreCase("nameIdMap")) {
this.nameIDAttribute = pt.getValue().substring(pt.getValue().indexOf('=') + 1);
} else if (pt.getName().equalsIgnoreCase("defaultAuthCtx")) {
this.authnCtxClassRef = pt.getValue();
}
}
String issuerHost = config.getAttribute("issuerHost").getValues().get(0);
String issuerPort = config.getAttribute("issuerPort").getValues().get(0);
boolean issuerSSL = config.getAttribute("issuerSSL").getValues().get(0).equalsIgnoreCase("true");
StringBuffer b = new StringBuffer();
if (issuerSSL) {
b.append("https://");
} else {
b.append("http://");
}
b.append(issuerHost);
if (!issuerPort.isEmpty()) {
b.append(':').append(issuerPort);
}
b.append("/auth/idp/").append(idpName);
this.issuer = b.toString();
// this.issuer = config.getAttribute("issuer").getValues().get(0);
this.audience = tt.getName();
this.relayState = config.getAttribute("relayState").getValues().get(0);
InitializationService.initialize();
this.url = this.assertionConsumerURL;
} else {
this.url = config.getAttribute("url").getValues().get(0);
}
URL nurl = new URL(this.url);
this.uri = nurl.getPath();
UrlType urlCfg = config.getConfigManager().findURL(this.url).getUrl();
for (FilterConfigType filterCfg : urlCfg.getFilterChain().getFilter()) {
if (filterCfg.getClazz().equalsIgnoreCase("com.tremolosecurity.proxy.filters.LastMile")) {
for (ParamWithValueType pt : filterCfg.getParam()) {
if (pt.getName().equalsIgnoreCase("encKeyAlias")) {
this.lastMileKeyAlias = pt.getValue();
} else if (pt.getName().equalsIgnoreCase("headerName")) {
this.headerName = pt.getValue();
} else if (pt.getName().equalsIgnoreCase("userAttribute")) {
this.loginAttribute = pt.getValue();
}
}
for (ParamWithValueType pt : filterCfg.getParam()) {
if (pt.getName().equalsIgnoreCase("attribs")) {
String param = pt.getValue();
String fromUser = param.substring(0, param.indexOf('='));
String toApp = param.substring(param.indexOf('=') + 1);
if (fromUser.equalsIgnoreCase(this.headerName)) {
this.headerName = toApp;
}
}
}
}
}
logger.info("URL : '" + this.url + "'");
logger.info("Key Alias : '" + this.lastMileKeyAlias + "'");
logger.info("Login ID Attribute : '" + this.loginAttribute + "'");
logger.info("Header Attribute : '" + this.headerName + "'");
if (this.postSAML) {
logger.info("Saml : true");
logger.info("Issuer : " + this.issuer);
}
}
Also used :
ApplicationType(com.tremolosecurity.config.xml.ApplicationType)
IdpType(com.tremolosecurity.config.xml.IdpType)
FilterConfigType(com.tremolosecurity.config.xml.FilterConfigType)
TrustType(com.tremolosecurity.config.xml.TrustType)
ParamWithValueType(com.tremolosecurity.config.xml.ParamWithValueType)
UrlType(com.tremolosecurity.config.xml.UrlType)
ParamType(com.tremolosecurity.config.xml.ParamType)
URL(java.net.URL)
Example 2 with FilterConfigType
use of com.tremolosecurity.config.xml.FilterConfigType in project OpenUnison by TremoloSecurity.
the class ScaleJSOperator method initFilter.
@Override
public void initFilter(HttpFilterConfig config) throws Exception {
this.config = new OperatorsConfig();
Attribute bases = config.getAttribute("bases");
if (bases == null) {
throw new Exception("bases not set");
}
for (String base : bases.getValues()) {
String desc = base.substring(0, base.indexOf('='));
String ldap = base.substring(base.indexOf('=') + 1);
this.config.getBaseLabelToDN().put(desc, ldap);
this.config.getSearchBases().add(desc);
}
Attribute attr = config.getAttribute("searchableAttributes");
if (attr == null) {
throw new Exception("searchableAttributes not found");
}
for (String searchable : attr.getValues()) {
String name = searchable.substring(0, searchable.indexOf('='));
String label = searchable.substring(searchable.indexOf('=') + 1);
this.config.getSearchableAttributes().add(new AttributeConfig(name, label, ""));
}
attr = config.getAttribute("resultAttributes");
if (attr == null) {
throw new Exception("resultAttributes not found");
}
for (String resultAttr : attr.getValues()) {
String name = resultAttr.substring(0, resultAttr.indexOf('='));
String label = resultAttr.substring(resultAttr.indexOf('=') + 1);
this.config.getResultsAttributes().add(new AttributeConfig(name, label, ""));
}
this.config.setScaleJsMainUri(this.loadAttributeValue("scaleMainURI", "Scale Main URI", config));
this.config.setHomeUrl(this.loadAttributeValue("homeUrl", "Home URL", config));
this.scalejsAppName = this.loadAttributeValue("scaleMainAppName", "Scale Main Application", config);
ApplicationType app = null;
for (ApplicationType at : config.getConfigManager().getCfg().getApplications().getApplication()) {
if (at.getName().equalsIgnoreCase(scalejsAppName)) {
app = at;
}
}
if (app == null) {
throw new Exception(scalejsAppName + " does not exist");
}
for (UrlType url : app.getUrls().getUrl()) {
if (url.getUri().equalsIgnoreCase(this.config.getScaleJsMainUri())) {
this.scaleJsUrl = url;
}
}
if (this.scaleJsUrl == null) {
throw new Exception("Could not find url for ScaleJS Main");
}
this.scaleMainURL = "https://" + this.scaleJsUrl.getHost().get(0) + this.scaleJsUrl.getUri();
HashMap<String, Attribute> decCfg = new HashMap<String, Attribute>();
for (FilterConfigType filter : this.scaleJsUrl.getFilterChain().getFilter()) {
if (filter.getClazz().equalsIgnoreCase("com.tremolosecurity.scalejs.ws.ScaleMain")) {
for (ParamWithValueType pt : filter.getParam()) {
if (pt.getName().equalsIgnoreCase("uiHelperClassName")) {
this.dec = (UiDecisions) Class.forName(pt.getValue()).newInstance();
} else if (pt.getName().equalsIgnoreCase("uihelper.params")) {
String v = pt.getValue();
String name = v.substring(0, v.indexOf('='));
String value = v.substring(v.indexOf('=') + 1);
Attribute param = decCfg.get(name);
if (param == null) {
param = new Attribute(name);
decCfg.put(name, param);
}
param.getValues().add(value);
}
}
}
}
if (this.dec != null) {
this.dec.init(decCfg);
}
}
Also used :
ApplicationType(com.tremolosecurity.config.xml.ApplicationType)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
Attribute(com.tremolosecurity.saml.Attribute)
HashMap(java.util.HashMap)
FilterConfigType(com.tremolosecurity.config.xml.FilterConfigType)
OperatorsConfig(com.tremolosecurity.scalejs.operators.config.OperatorsConfig)
ParamWithValueType(com.tremolosecurity.config.xml.ParamWithValueType)
AttributeConfig(com.tremolosecurity.scalejs.operators.config.AttributeConfig)
UrlType(com.tremolosecurity.config.xml.UrlType)
LDAPException(com.novell.ldap.LDAPException)
IOException(java.io.IOException)
Example 3 with FilterConfigType
use of com.tremolosecurity.config.xml.FilterConfigType in project OpenUnison by TremoloSecurity.
the class UrlComp method init.
/**
* Initializes a URL from the XML configuration. Multiple calls perform no actions.
* @throws Exception
*/
public void init() throws Exception {
if (!this.inited) {
this.lowerCasePath = url.getUri().toLowerCase();
this.filterChain = new ArrayList<HttpFilter>();
List<FilterConfigType> filterCfgs = url.getFilterChain().getFilter();
if (filterCfgs != null) {
Iterator<FilterConfigType> it = filterCfgs.iterator();
while (it.hasNext()) {
FilterConfigType cfg = it.next();
HttpFilter filter = (HttpFilter) Class.forName(cfg.getClazz()).newInstance();
this.filterChain.add(filter);
filter.initFilter(new HttpFilterConfig(cfg, this.cfg));
}
}
this.inited = true;
}
}
Also used :
FilterConfigType(com.tremolosecurity.config.xml.FilterConfigType)
HttpFilterConfig(com.tremolosecurity.proxy.filter.HttpFilterConfig)
HttpFilter(com.tremolosecurity.proxy.filter.HttpFilter)
Example 4 with FilterConfigType
use of com.tremolosecurity.config.xml.FilterConfigType in project OpenUnison by TremoloSecurity.
the class LoadApplicationsFromK8s method createApplication.
public ApplicationType createApplication(JSONObject item, String name) throws Exception {
ApplicationType app = new ApplicationType();
app.setName(name);
JSONObject spec = (JSONObject) item.get("spec");
app.setAzTimeoutMillis(getLongValue(spec.get("azTimeoutMillis"), 3000));
app.setIsApp(getBoolValue(spec.get("isApp"), true));
JSONArray urls = (JSONArray) spec.get("urls");
app.setUrls(new UrlsType());
for (Object o : urls) {
JSONObject jsonUrl = (JSONObject) o;
UrlType url = new UrlType();
if (!app.isIsApp()) {
createIdpOnUrl(jsonUrl, url);
}
JSONArray hosts = (JSONArray) jsonUrl.get("hosts");
for (Object x : hosts) {
url.getHost().add((String) x);
}
JSONArray filters = (JSONArray) jsonUrl.get("filterChain");
url.setFilterChain(new FilterChainType());
if (filters != null) {
for (Object x : filters) {
JSONObject jsonFilter = (JSONObject) x;
FilterConfigType ft = new FilterConfigType();
ft.setClazz((String) jsonFilter.get("className"));
JSONObject params = (JSONObject) jsonFilter.get("params");
if (params != null) {
for (Object y : params.keySet()) {
String paramName = (String) y;
Object z = params.get(paramName);
if (z instanceof String) {
ParamWithValueType pt = new ParamWithValueType();
pt.setName(paramName);
pt.setValue((String) z);
ft.getParam().add(pt);
} else {
JSONArray values = (JSONArray) z;
for (Object w : values) {
ParamWithValueType pt = new ParamWithValueType();
pt.setName(paramName);
pt.setValue((String) w);
ft.getParam().add(pt);
}
}
}
}
JSONArray secretParams = (JSONArray) jsonFilter.get("secretParams");
if (secretParams != null) {
HttpCon nonwatchHttp = this.k8sWatch.getK8s().createClient();
String token = this.k8sWatch.getK8s().getAuthToken();
try {
for (Object ox : secretParams) {
JSONObject secretParam = (JSONObject) ox;
String paramName = (String) secretParam.get("name");
String secretName = (String) secretParam.get("secretName");
String secretKey = (String) secretParam.get("secretKey");
String secretValue = this.k8sWatch.getSecretValue(secretName, secretKey, token, nonwatchHttp);
ParamWithValueType pt = new ParamWithValueType();
pt.setName(paramName);
pt.setValue(secretValue);
pt.setValueAttribute(secretValue);
ft.getParam().add(pt);
}
} finally {
nonwatchHttp.getHttp().close();
nonwatchHttp.getBcm().close();
}
}
url.getFilterChain().getFilter().add(ft);
}
}
JSONArray jsonAzRules = (JSONArray) jsonUrl.get("azRules");
AzRulesType art = new AzRulesType();
if (jsonAzRules != null) {
for (Object x : jsonAzRules) {
JSONObject jsonRule = (JSONObject) x;
AzRuleType artx = new AzRuleType();
artx.setScope((String) jsonRule.get("scope"));
artx.setConstraint((String) jsonRule.get("constraint"));
art.getRule().add(artx);
}
}
url.setAzRules(art);
url.setProxyTo((String) jsonUrl.get("proxyTo"));
url.setUri((String) jsonUrl.get("uri"));
url.setRegex(getBoolValue(jsonUrl.get("regex"), false));
url.setAuthChain((String) jsonUrl.get("authChain"));
url.setOverrideHost(getBoolValue(jsonUrl.get("overrideHost"), false));
url.setOverrideReferer(getBoolValue(jsonUrl.get("overrideReferer"), false));
JSONObject jsonResults = (JSONObject) jsonUrl.get("results");
if (jsonResults != null) {
ResultRefType rt = new ResultRefType();
rt.setAuSuccess((String) jsonResults.get("auSuccess"));
rt.setAzSuccess((String) jsonResults.get("azSuccess"));
rt.setAuFail((String) jsonResults.get("auFail"));
rt.setAzFail((String) jsonResults.get("azFail"));
url.setResults(rt);
}
app.getUrls().getUrl().add(url);
}
JSONObject jsonCookie = (JSONObject) spec.get("cookieConfig");
if (jsonCookie != null) {
CookieConfigType cct = new CookieConfigType();
cct.setSessionCookieName((String) jsonCookie.get("sessionCookieName"));
cct.setDomain((String) jsonCookie.get("domain"));
cct.setScope(getIntValue(jsonCookie.get("scope"), -1));
cct.setLogoutURI((String) jsonCookie.get("logoutURI"));
cct.setKeyAlias((String) jsonCookie.get("keyAlias"));
cct.setTimeout(getIntValue(jsonCookie.get("timeout"), 0).intValue());
cct.setSecure(getBoolValue(jsonCookie.get("secure"), false));
cct.setHttpOnly(getBoolValue(jsonCookie.get("httpOnly"), false));
cct.setSameSite((String) jsonCookie.get("sameSite"));
cct.setCookiesEnabled(getBoolValue(jsonCookie.get("cookiesEnabled"), true));
app.setCookieConfig(cct);
}
return app;
}
Also used :
AzRulesType(com.tremolosecurity.config.xml.AzRulesType)
JSONArray(org.json.simple.JSONArray)
UrlsType(com.tremolosecurity.config.xml.UrlsType)
FilterChainType(com.tremolosecurity.config.xml.FilterChainType)
ResultRefType(com.tremolosecurity.config.xml.ResultRefType)
ApplicationType(com.tremolosecurity.config.xml.ApplicationType)
CustomAzRuleType(com.tremolosecurity.config.xml.CustomAzRuleType)
AzRuleType(com.tremolosecurity.config.xml.AzRuleType)
HttpCon(com.tremolosecurity.provisioning.util.HttpCon)
JSONObject(org.json.simple.JSONObject)
FilterConfigType(com.tremolosecurity.config.xml.FilterConfigType)
CookieConfigType(com.tremolosecurity.config.xml.CookieConfigType)
JSONObject(org.json.simple.JSONObject)
ParamWithValueType(com.tremolosecurity.config.xml.ParamWithValueType)
UrlType(com.tremolosecurity.config.xml.UrlType)
Aggregations
FilterConfigType (com.tremolosecurity.config.xml.FilterConfigType)4
ApplicationType (com.tremolosecurity.config.xml.ApplicationType)3
ParamWithValueType (com.tremolosecurity.config.xml.ParamWithValueType)3
UrlType (com.tremolosecurity.config.xml.UrlType)3
LDAPAttribute (com.novell.ldap.LDAPAttribute)1
LDAPException (com.novell.ldap.LDAPException)1
AzRuleType (com.tremolosecurity.config.xml.AzRuleType)1
AzRulesType (com.tremolosecurity.config.xml.AzRulesType)1
CookieConfigType (com.tremolosecurity.config.xml.CookieConfigType)1
CustomAzRuleType (com.tremolosecurity.config.xml.CustomAzRuleType)1
FilterChainType (com.tremolosecurity.config.xml.FilterChainType)1
IdpType (com.tremolosecurity.config.xml.IdpType)1
ParamType (com.tremolosecurity.config.xml.ParamType)1
ResultRefType (com.tremolosecurity.config.xml.ResultRefType)1
TrustType (com.tremolosecurity.config.xml.TrustType)1
UrlsType (com.tremolosecurity.config.xml.UrlsType)1
HttpCon (com.tremolosecurity.provisioning.util.HttpCon)1
HttpFilter (com.tremolosecurity.proxy.filter.HttpFilter)1
HttpFilterConfig (com.tremolosecurity.proxy.filter.HttpFilterConfig)1
Attribute (com.tremolosecurity.saml.Attribute)1
