Examples with MechanismType com.tremolosecurity.config.xml.MechanismType used on opensource projects
Example 6 with MechanismType
use of com.tremolosecurity.config.xml.MechanismType in project OpenUnison by TremoloSecurity.
the class AuthManagerImpl method buildMechList.
private static List<AuthMechType> buildMechList(List<AuthMechType> origMechs, ConfigManager cfg) {
List<AuthMechType> newList = new ArrayList<AuthMechType>();
for (AuthMechType amt : origMechs) {
MechanismType mt = cfg.getAuthMechs().get(amt.getName());
if (mt != null && mt.getClassName().trim().equalsIgnoreCase("com.tremolosecurity.proxy.auth.IncludeChain")) {
ParamWithValueType pt = amt.getParams().getParam().get(0);
String chainName = "";
if (pt.getValue() != null && !pt.getValue().isBlank()) {
chainName = pt.getValue();
} else {
chainName = pt.getValueAttribute();
}
AuthChainType toInclude = cfg.getAuthChains().get(chainName);
if (toInclude == null) {
logger.warn(new StringBuilder().append("Could not load chain '").append(chainName).append("', forcing to fail").toString());
toInclude = cfg.getAuthFailChain();
}
newList.addAll(buildMechList(toInclude.getAuthMech(), cfg));
} else {
newList.add(amt);
}
}
return newList;
}
Also used :
ArrayList(java.util.ArrayList)
AuthMechType(com.tremolosecurity.config.xml.AuthMechType)
MechanismType(com.tremolosecurity.config.xml.MechanismType)
ParamWithValueType(com.tremolosecurity.config.xml.ParamWithValueType)
AuthChainType(com.tremolosecurity.config.xml.AuthChainType)
Example 7 with MechanismType
use of com.tremolosecurity.config.xml.MechanismType in project OpenUnison by TremoloSecurity.
the class AuthMgrSys method doAuthMgr.
public void doAuthMgr(HttpServletRequest request, HttpServletResponse response, NextSys nextSys, AuthStep as) throws ServletException, IOException {
// String prefix = "/auth";
// uri = uri.substring(prefix.length());
String uri = request.getRequestURI();
UrlHolder holder = (UrlHolder) request.getAttribute(ProxyConstants.AUTOIDM_CFG);
ConfigManager cfgMgr = (ConfigManager) request.getAttribute(ProxyConstants.TREMOLO_CFG_OBJ);
AuthController actl = (AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL);
String actName = "";
if (actl != null && actl.getHolder() == null && holder == null) {
AuthMechanism authMech = cfgMgr.getAuthMech(request.getRequestURI());
if (authMech != null) {
String finalURL = authMech.getFinalURL(request, response);
if (finalURL != null) {
try {
holder = cfgMgr.findURL(finalURL);
String urlChain = holder.getUrl().getAuthChain();
AuthChainType act = holder.getConfig().getAuthChains().get(urlChain);
HashMap<String, Attribute> params = new HashMap<String, Attribute>();
ProxyUtil.loadParams(request, params);
actl.setHolder(new RequestHolder(HTTPMethod.GET, params, finalURL, true, act.getName(), ((ProxyRequest) request).getQueryStringParams()));
request.setAttribute(ProxyConstants.AUTOIDM_CFG, holder);
String authChain = holder.getUrl().getAuthChain();
holder.getConfig().getAuthManager().loadAmtParams(request.getSession(), act.getAuthMech().get(0));
} catch (Exception e) {
throw new ServletException("Could not run authentication", e);
}
}
} else {
throw new ServletException("Unknown URI : " + request.getRequestURI());
}
}
if (actl != null && actl.getHolder() != null) {
actName = actl.getHolder().getAuthChainName();
} else {
if (holder != null) {
actName = holder.getUrl().getAuthChain();
} else {
actName = null;
}
}
AuthChainType act = actName != null ? cfgMgr.getAuthChains().get(actName) : null;
AuthMechanism mech = cfgMgr.getAuthMech(uri);
if (mech == null || act == null) {
nextSys.nextSys(request, response);
return;
}
act = AuthManagerImpl.buildACT(act, cfgMgr);
int step = 0;
if (as != null) {
AuthMechType amt = act.getAuthMech().get(as.getId());
String amtName = amt.getName();
MechanismType mech2 = cfgMgr.getAuthMechs().get(amtName);
if (!request.getRequestURI().endsWith(mech2.getUri())) {
logger.warn("Attempted double post");
StringBuilder sb = new StringBuilder().append(cfgMgr.getAuthFormsPath()).append("/resetChain.jsp");
response.sendRedirect(sb.toString());
return;
}
step = as.getId();
}
String authMechName = act.getAuthMech().get(step).getName();
MechanismType mt = cfgMgr.getAuthMechs().get(authMechName);
String ruri = request.getRequestURI();
String forwardedURI = (String) request.getAttribute("javax.servlet.forward.request_uri");
if (forwardedURI != null) {
ruri = forwardedURI;
}
if (request.getMethod().equalsIgnoreCase("get")) {
mech.doGet(request, response, as);
} else if (request.getMethod().equalsIgnoreCase("post")) {
mech.doPost(request, response, as);
} else if (request.getMethod().equalsIgnoreCase("put") || request.getMethod().equalsIgnoreCase("patch")) {
mech.doPut(request, response, as);
} else if (request.getMethod().equalsIgnoreCase("delete")) {
mech.doDelete(request, response, as);
} else if (request.getMethod().equalsIgnoreCase("head")) {
mech.doHead(request, response, as);
} else if (request.getMethod().equalsIgnoreCase("options")) {
mech.doOptions(request, response, as);
} else {
mech.doGet(request, response, as);
}
// check for a failed authenction
// Boolean bool = (Boolean) request.getAttribute(AuthMgrSys.AU_RES);
// HttpSession session = ((HttpServletRequest) request).getSession(true);
// session = SharedSession.getSharedSession().getSession(session.getId());
// AuthInfo authData = (AuthInfo) session.getAttribute(AuthSys.AUTH_DATA);
// String urlChain = holder.getUrl().getAuthChain();
// AuthChainType act = holder.getConfig().getAuthChains().get(urlChain);
/*if (urlChain != null && bool != null) {
processAuthResp(request, response, holder, bool);
}*/
}
Also used :
Attribute(com.tremolosecurity.saml.Attribute)
HashMap(java.util.HashMap)
AuthMechType(com.tremolosecurity.config.xml.AuthMechType)
ConfigManager(com.tremolosecurity.config.util.ConfigManager)
ServletException(javax.servlet.ServletException)
IOException(java.io.IOException)
UrlHolder(com.tremolosecurity.config.util.UrlHolder)
ServletException(javax.servlet.ServletException)
MechanismType(com.tremolosecurity.config.xml.MechanismType)
ProxyRequest(com.tremolosecurity.proxy.ProxyRequest)
AuthChainType(com.tremolosecurity.config.xml.AuthChainType)
Example 8 with MechanismType
use of com.tremolosecurity.config.xml.MechanismType in project OpenUnison by TremoloSecurity.
the class PersistentCookieResult method createResultCookie.
@Override
public void createResultCookie(Cookie cookie, HttpServletRequest request, HttpServletResponse response) throws ServletException {
UrlHolder holder = (UrlHolder) request.getAttribute(ProxyConstants.AUTOIDM_CFG);
ConfigManager mgr = holder.getConfig();
HashSet<String> mechs = new HashSet<String>();
for (String mechName : mgr.getAuthMechs().keySet()) {
MechanismType mech = mgr.getAuthMechs().get(mechName);
if (mech.getClassName().equalsIgnoreCase("com.tremolosecurity.proxy.auth.persistentCookie.PersistentCookie")) {
mechs.add(mechName);
}
}
AuthController authCtl = (AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL);
String chainName = authCtl.getAuthInfo().getAuthChain();
AuthChainType chain = mgr.getAuthChains().get(chainName);
chain = AuthManagerImpl.buildACT(chain, mgr);
int millisToLive = 0;
String keyAlias = "";
boolean useSSLSession = false;
for (AuthMechType amt : chain.getAuthMech()) {
if (mechs.contains(amt.getName())) {
for (ParamWithValueType pt : amt.getParams().getParam()) {
String value = "";
if (pt.getValue() != null && !pt.getValue().isBlank()) {
value = pt.getValue();
} else {
value = pt.getValueAttribute();
}
if (pt.getName().equalsIgnoreCase("millisToLive")) {
millisToLive = Integer.parseInt(value);
}
if (pt.getName().equalsIgnoreCase("useSSLSessionID") && value.equalsIgnoreCase("true")) {
useSSLSession = true;
} else if (pt.getName().equalsIgnoreCase("keyAlias")) {
keyAlias = value;
}
}
}
}
DateTime now = new DateTime();
DateTime expires = now.plusMillis(millisToLive);
com.tremolosecurity.lastmile.LastMile lastmile = null;
try {
lastmile = new com.tremolosecurity.lastmile.LastMile("/", now, expires, 0, "NONE");
} catch (URISyntaxException e) {
// not possible
}
lastmile.getAttributes().add(new Attribute("DN", authCtl.getAuthInfo().getUserDN()));
lastmile.getAttributes().add(new Attribute("CLIENT_IP", request.getRemoteAddr()));
if (useSSLSession) {
Object sessionID = request.getAttribute("javax.servlet.request.ssl_session_id");
if (sessionID instanceof byte[]) {
sessionID = new String(Base64.encodeBase64((byte[]) sessionID));
}
lastmile.getAttributes().add(new Attribute("SSL_SESSION_ID", (String) sessionID));
}
try {
cookie.setValue(new StringBuilder().append('"').append(lastmile.generateLastMileToken(mgr.getSecretKey(keyAlias))).append('"').toString());
} catch (Exception e) {
throw new ServletException("Could not encrypt persistent cookie", e);
}
cookie.setMaxAge(millisToLive / 1000);
}
Also used :
Attribute(com.tremolosecurity.saml.Attribute)
AuthMechType(com.tremolosecurity.config.xml.AuthMechType)
URISyntaxException(java.net.URISyntaxException)
AuthController(com.tremolosecurity.proxy.auth.AuthController)
ConfigManager(com.tremolosecurity.config.util.ConfigManager)
DateTime(org.joda.time.DateTime)
ServletException(javax.servlet.ServletException)
URISyntaxException(java.net.URISyntaxException)
UrlHolder(com.tremolosecurity.config.util.UrlHolder)
ServletException(javax.servlet.ServletException)
MechanismType(com.tremolosecurity.config.xml.MechanismType)
ParamWithValueType(com.tremolosecurity.config.xml.ParamWithValueType)
AuthChainType(com.tremolosecurity.config.xml.AuthChainType)
HashSet(java.util.HashSet)
Example 9 with MechanismType
use of com.tremolosecurity.config.xml.MechanismType in project OpenUnison by TremoloSecurity.
the class AuthManagerImpl method execAuth.
/* (non-Javadoc)
* @see com.tremolosecurity.proxy.auth.sys.AuthManager#execAuth(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, javax.servlet.http.HttpSession, boolean, com.tremolosecurity.config.util.UrlHolder, com.tremolosecurity.config.xml.AuthChainType, java.lang.String, com.tremolosecurity.proxy.util.NextSys)
*/
@Override
public boolean execAuth(HttpServletRequest req, HttpServletResponse resp, HttpSession session, boolean jsRedirect, UrlHolder holder, AuthChainType act, String finalURL, NextSys next) throws IOException, ServletException {
boolean shortCircut = false;
ConfigManager cfg = (ConfigManager) req.getAttribute(ProxyConstants.TREMOLO_CFG_OBJ);
// Generate an AuthChainType based on the existing chain+includes
if (act != cfg.getAuthFailChain()) {
act = this.buildACT(act, cfg);
}
if (act.getLevel() == 0 && (act != cfg.getAuthFailChain())) {
AuthController actl = (AuthController) session.getAttribute(ProxyConstants.AUTH_CTL);
// there's no need to go through the process
String anonMechName = act.getAuthMech().get(0).getName();
MechanismType mt = holder.getConfig().getAuthMechs().get(anonMechName);
AnonAuth anonAuth = (AnonAuth) holder.getConfig().getAuthMech(mt.getUri());
anonAuth.createSession(session, act);
return finishSuccessfulLogin(req, resp, holder, act, actl.getHolder(), actl, next);
}
RequestHolder reqHolder;
int step = -1;
AuthController actl = (AuthController) req.getSession().getAttribute(ProxyConstants.AUTH_CTL);
ArrayList<AuthStep> auths = actl.getAuthSteps();
if (auths.size() == 0) {
int id = 0;
for (AuthMechType amt : act.getAuthMech()) {
AuthStep as = new AuthStep();
as.setId(id);
as.setExecuted(false);
as.setRequired(amt.getRequired().equals("required"));
as.setSuccess(false);
auths.add(as);
id++;
}
boolean anyRequired = false;
for (AuthStep as : auths) {
if (as.isRequired()) {
anyRequired = true;
break;
}
}
if (!anyRequired) {
act.setFinishOnRequiredSucess(true);
}
step = 0;
HashMap<String, Attribute> params = new HashMap<String, Attribute>();
ProxyUtil.loadParams(req, params);
try {
reqHolder = new RequestHolder(RequestHolder.getMethod(req.getMethod()), params, finalURL, act.getName(), ((ProxyRequest) req).getQueryStringParams());
actl.setHolder(reqHolder);
} catch (Exception e) {
throw new ServletException("Error creating request holder", e);
}
} else {
reqHolder = actl.getHolder();
boolean clearAllNotRequired = false;
// determine the step
for (AuthStep as : auths) {
if (as.isSuccess()) {
// TODO Check to see if the user is locked out
if (act.getCompliance() != null && act.getCompliance().isEnabled()) {
Attribute lastFailed = actl.getAuthInfo().getAttribs().get(act.getCompliance().getLastFailedAttribute());
Attribute numFailures = actl.getAuthInfo().getAttribs().get(act.getCompliance().getNumFailedAttribute());
if (logger.isDebugEnabled()) {
logger.debug("lastFailed Attribute : '" + lastFailed + "'");
logger.debug("numFailures Attribute : '" + numFailures + "'");
}
if (lastFailed != null && numFailures != null) {
long lastFailedTS = lastFailed.getValues().size() > 0 ? Long.parseLong(lastFailed.getValues().get(0)) : 0;
int numPrevFailures = Integer.parseInt(numFailures.getValues().size() > 0 ? numFailures.getValues().get(0) : "0");
long now = new DateTime(DateTimeZone.UTC).getMillis();
long lockedUntil = lastFailedTS + act.getCompliance().getMaxLockoutTime();
if (logger.isDebugEnabled()) {
logger.debug("Num Failed : " + numPrevFailures);
logger.debug("Last Failed : '" + lastFailedTS + "'");
logger.info("Now : '" + now + "'");
logger.info("Locked Until : '" + lockedUntil + "'");
logger.info("locked >= now? : '" + (lockedUntil >= now) + "'");
logger.info("max fails? : '" + act.getCompliance().getMaxFailedAttempts() + "'");
logger.info("too many fails : '" + (numPrevFailures >= act.getCompliance().getMaxFailedAttempts()) + "'");
}
if (lockedUntil >= now && numPrevFailures >= act.getCompliance().getMaxFailedAttempts()) {
try {
failAuthentication(req, resp, holder, act);
} catch (Exception e) {
throw new ServletException("Could not complete authentication failure", e);
}
return false;
}
}
}
if (act.isFinishOnRequiredSucess()) {
step = -1;
clearAllNotRequired = true;
}
} else {
if (as.isRequired()) {
if (as.isExecuted()) {
try {
failAuthentication(req, resp, holder, act);
} catch (Exception e) {
throw new ServletException("Could not complete authentication failure", e);
}
return false;
} else {
step = as.getId();
break;
}
} else {
if (clearAllNotRequired) {
as.setExecuted(true);
as.setSuccess(true);
} else {
if (as.isExecuted()) {
} else {
step = as.getId();
break;
}
}
}
}
}
}
if (step != -1) {
/*if (jsRedirect && step < auths.size()) {
step++;
}*/
AuthStep curStep = auths.get(step);
actl.setCurrentStep(curStep);
AuthMechType amt = act.getAuthMech().get(step);
loadAmtParams(session, amt);
// req.getRequestDispatcher(authFilterURI).forward(req, resp);
Cookie sessionCookieName = new Cookie("autoIdmSessionCookieName", holder.getApp().getCookieConfig().getSessionCookieName());
String domain = ProxyTools.getInstance().getCookieDomain(holder.getApp().getCookieConfig(), req);
if (domain != null) {
sessionCookieName.setDomain(domain);
}
sessionCookieName.setPath("/");
sessionCookieName.setMaxAge(-1);
sessionCookieName.setSecure(false);
if ((holder.getApp() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig().isCookiesEnabled() == null) || holder.getApp().getCookieConfig().isCookiesEnabled()) {
ProxyResponse.addCookieToResponse(holder, sessionCookieName, (HttpServletResponse) ((ProxyResponse) resp).getResponse());
}
Cookie appCookieName = new Cookie("autoIdmAppName", URLEncoder.encode(holder.getApp().getName(), "UTF-8"));
if (domain != null) {
appCookieName.setDomain(domain);
}
appCookieName.setPath("/");
appCookieName.setMaxAge(-1);
appCookieName.setSecure(false);
if ((holder.getApp() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig().isCookiesEnabled() == null) || holder.getApp().getCookieConfig().isCookiesEnabled()) {
ProxyResponse.addCookieToResponse(holder, appCookieName, (HttpServletResponse) ((ProxyResponse) resp).getResponse());
}
// resp.addCookie(appCookieName);
String redirectURI = "";
MechanismType nextAuthConfiguration = null;
if (holder.getConfig().getContextPath().equalsIgnoreCase("/")) {
nextAuthConfiguration = holder.getConfig().getAuthMechs().get(amt.getName());
if (nextAuthConfiguration == null) {
StringBuilder sb = new StringBuilder().append("Authentication mechanism '").append(amt.getName()).append("' does not exist, will always fail");
logger.warn(sb.toString());
nextAuthConfiguration = holder.getConfig().getAuthFailMechanism();
}
redirectURI = nextAuthConfiguration.getUri();
} else {
nextAuthConfiguration = holder.getConfig().getAuthMechs().get(amt.getName());
if (nextAuthConfiguration == null) {
StringBuilder sb = new StringBuilder().append("Authentication mechanism '").append(amt.getName()).append("' does not exist, will always fail");
logger.warn(sb.toString());
nextAuthConfiguration = holder.getConfig().getAuthFailMechanism();
}
redirectURI = new StringBuffer().append(holder.getConfig().getContextPath()).append(nextAuthConfiguration.getUri()).toString();
}
req.getSession().setAttribute("TREMOLO_AUTH_URI", redirectURI);
if (jsRedirect) {
StringBuffer b = new StringBuffer();
b.append("<html><head></head><body onload=\"window.location='").append(ProxyTools.getInstance().getFqdnUrl(redirectURI, req)).append("';\"></body></html>");
String respHTML = b.toString();
ProxyData pd = new ProxyData();
pd.setHolder(holder);
pd.setIns(new ByteArrayInputStream(respHTML.getBytes("UTF-8")));
pd.setPostProc(null);
pd.setRequest(null);
pd.setResponse(null);
pd.setText(true);
pd.setLogout(false);
req.setAttribute(ProxyConstants.TREMOLO_PRXY_DATA, pd);
// req.setAttribute(ProxySys.AUTOIDM_STREAM_WRITER,true);
// req.setAttribute(ProxySys.TREMOLO_TXT_DATA, new
// StringBuffer(respHTML));
resp.sendError(401);
} else {
AuthMechanism mech = cfg.getAuthMech(redirectURI);
if (mech == null) {
throw new ServletException("Redirect URI '" + redirectURI + "' does not map to an authentication mechanism");
}
req.setAttribute(ProxyConstants.AUTH_REDIR_URI, redirectURI);
if (curStep != null) {
curStep.setExecuted(true);
}
if (req.getMethod().equalsIgnoreCase("get")) {
mech.doGet(req, resp, curStep);
} else if (req.getMethod().equalsIgnoreCase("post")) {
mech.doPost(req, resp, curStep);
} else if (req.getMethod().equalsIgnoreCase("put") || req.getMethod().equalsIgnoreCase("patch")) {
mech.doPut(req, resp, curStep);
} else if (req.getMethod().equalsIgnoreCase("delete")) {
mech.doDelete(req, resp, curStep);
} else if (req.getMethod().equalsIgnoreCase("head")) {
mech.doHead(req, resp, curStep);
} else if (req.getMethod().equalsIgnoreCase("options")) {
mech.doOptions(req, resp, curStep);
}
}
return false;
} else {
boolean success = true;
boolean opSuccess = false;
boolean hasOptional = false;
for (AuthStep as : auths) {
if (as.isRequired()) {
if (!as.isSuccess()) {
success = false;
break;
}
} else {
hasOptional = true;
if (as.isSuccess()) {
opSuccess = true;
}
}
}
boolean allSuccess = success && ((hasOptional && opSuccess) || (!hasOptional));
if (allSuccess) {
return finishSuccessfulLogin(req, resp, holder, act, reqHolder, actl, next);
} else {
throw new ServletException("Unknown state");
/*
* Cookie sessionCookieName = new
* Cookie("autoIdmSessionCookieName","DNE");
* sessionCookieName.setDomain
* (ProxyTools.getInstance().getCookieDomain
* (holder.getApp().getCookieConfig(), req));
* sessionCookieName.setPath("/");
* sessionCookieName.setMaxAge(0);
* sessionCookieName.setSecure(false);
* //resp.addCookie(sessionCookieName);
*
* Cookie appCookieName = new Cookie("autoIdmAppName","DNE");
* appCookieName
* .setDomain(ProxyTools.getInstance().getCookieDomain
* (holder.getApp().getCookieConfig(), req));
* appCookieName.setPath("/"); appCookieName.setMaxAge(0);
* appCookieName.setSecure(false);
* //resp.addCookie(appCookieName);
*/
}
}
}
Also used :
AnonAuth(com.tremolosecurity.proxy.auth.AnonAuth)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
Attribute(com.tremolosecurity.saml.Attribute)
HashMap(java.util.HashMap)
RequestHolder(com.tremolosecurity.proxy.auth.RequestHolder)
AuthStep(com.tremolosecurity.proxy.auth.util.AuthStep)
DateTime(org.joda.time.DateTime)
ServletException(javax.servlet.ServletException)
AuthMechanism(com.tremolosecurity.proxy.auth.AuthMechanism)
ProxyData(com.tremolosecurity.proxy.ProxyData)
MechanismType(com.tremolosecurity.config.xml.MechanismType)
ProxyRequest(com.tremolosecurity.proxy.ProxyRequest)
Cookie(javax.servlet.http.Cookie)
ProxyResponse(com.tremolosecurity.proxy.ProxyResponse)
AuthMechType(com.tremolosecurity.config.xml.AuthMechType)
AuthController(com.tremolosecurity.proxy.auth.AuthController)
ConfigManager(com.tremolosecurity.config.util.ConfigManager)
ServletException(javax.servlet.ServletException)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
LDAPException(com.novell.ldap.LDAPException)
IOException(java.io.IOException)
ByteArrayInputStream(java.io.ByteArrayInputStream)
Example 10 with MechanismType
use of com.tremolosecurity.config.xml.MechanismType in project OpenUnison by TremoloSecurity.
the class UnisonConfigManagerImpl method initialize.
/* (non-Javadoc)
* @see com.tremolosecurity.config.util.ConfigManager#initialize()
*/
/* (non-Javadoc)
* @see com.tremolosecurity.config.util.UnisonConfigManager#initialize()
*/
@Override
public void initialize(String name) throws JAXBException, Exception, IOException, FileNotFoundException, InstantiationException, IllegalAccessException, ClassNotFoundException, LDAPException, KeyStoreException, NoSuchAlgorithmException, CertificateException, ProvisioningException {
JAXBContext jc = JAXBContext.newInstance("com.tremolosecurity.config.xml");
Unmarshaller unmarshaller = jc.createUnmarshaller();
String path = configXML;
this.threads = new ArrayList<StopableThread>();
// path = path.substring(path.lastIndexOf('/') - 1);
// path = path.substring(path.lastIndexOf('/') - 1);
path = path.substring(0, path.lastIndexOf('/'));
JAXBElement<TremoloType> autoidmcfg = this.loadUnisonConfiguration(unmarshaller);
this.cfg = autoidmcfg.getValue();
this.byHost = new HashMap<String, ArrayList<UrlHolder>>();
this.cache = new HashMap<String, UrlHolder>();
this.upgradeManager = (HttpUpgradeRequestManager) Class.forName(this.cfg.getUpgradeHandler()).newInstance();
String myVdPath = cfg.getMyvdConfig();
this.loadKeystore(path, myVdPath);
this.initSSL();
this.loadMyVD(path, myVdPath);
if (cfg.getApplications().getErrorPage() != null) {
for (ErrorPage ep : cfg.getApplications().getErrorPage()) {
this.errorPages.put(ep.getCode(), ep.getLocation());
}
}
this.customAzRules = new HashMap<String, CustomAuthorization>();
if (this.cfg.getCustomAzRules() != null) {
for (CustomAzRuleType azrule : this.cfg.getCustomAzRules().getAzRule()) {
createCustomAuthorizationRule(azrule);
}
}
loadApplicationObjects();
this.authChains = new HashMap<String, AuthChainType>();
if (cfg.getAuthChains() != null) {
Iterator<AuthChainType> itac = cfg.getAuthChains().getChain().iterator();
while (itac.hasNext()) {
AuthChainType ac = itac.next();
this.authChains.put(ac.getName(), ac);
}
}
this.authMechs = new HashMap<String, MechanismType>();
if (cfg.getAuthMechs() != null) {
Iterator<MechanismType> itmt = cfg.getAuthMechs().getMechanism().iterator();
while (itmt.hasNext()) {
MechanismType mt = itmt.next();
authMechs.put(mt.getName(), mt);
}
}
this.resGroups = new HashMap<String, ResultGroupType>();
if (cfg.getResultGroups() != null) {
Iterator<ResultGroupType> itrgt = cfg.getResultGroups().getResultGroup().iterator();
while (itrgt.hasNext()) {
ResultGroupType rgt = itrgt.next();
this.resGroups.put(rgt.getName(), rgt);
}
}
this.apps = new HashMap<String, ApplicationType>();
Iterator<ApplicationType> itApp = cfg.getApplications().getApplication().iterator();
while (itApp.hasNext()) {
ApplicationType app = itApp.next();
this.apps.put(app.getName(), app);
}
this.provEnvgine = new ProvisioningEngineImpl(this);
this.provEnvgine.initWorkFlows();
this.provEnvgine.initMessageConsumers();
this.provEnvgine.initScheduler();
this.provEnvgine.initListeners();
this.provEnvgine.initReports();
try {
if (this.getCfg().getResultGroups() != null && this.getCfg().getResultGroups().getDynamicResultGroups() != null && this.getCfg().getResultGroups().getDynamicResultGroups().isEnabled()) {
DynamicPortalUrlsType dynamicResultGroups = this.getCfg().getResultGroups().getDynamicResultGroups();
String className = dynamicResultGroups.getClassName();
HashMap<String, Attribute> cfgAttrs = new HashMap<String, Attribute>();
for (ParamType pt : dynamicResultGroups.getParams()) {
Attribute attr = cfgAttrs.get(pt.getName());
if (attr == null) {
attr = new Attribute(pt.getName());
cfgAttrs.put(pt.getName(), attr);
}
attr.getValues().add(pt.getValue());
}
DynamicResultGroups dynResGroups = (DynamicResultGroups) Class.forName(className).newInstance();
dynResGroups.loadDynamicResultGroups(this, this.getProvisioningEngine(), cfgAttrs);
}
} catch (InstantiationException | IllegalAccessException | ClassNotFoundException e) {
throw new ProvisioningException("Could not initialize dynamic targets", e);
}
try {
if (this.getCfg().getCustomAzRules() != null && this.getCfg().getCustomAzRules().getDynamicCustomAuthorizations() != null && this.getCfg().getCustomAzRules().getDynamicCustomAuthorizations().isEnabled()) {
DynamicPortalUrlsType dynamicCustomAuthorization = this.getCfg().getCustomAzRules().getDynamicCustomAuthorizations();
String className = dynamicCustomAuthorization.getClassName();
HashMap<String, Attribute> cfgAttrs = new HashMap<String, Attribute>();
for (ParamType pt : dynamicCustomAuthorization.getParams()) {
Attribute attr = cfgAttrs.get(pt.getName());
if (attr == null) {
attr = new Attribute(pt.getName());
cfgAttrs.put(pt.getName(), attr);
}
attr.getValues().add(pt.getValue());
}
DynamicAuthorizations dynCustomAz = (DynamicAuthorizations) Class.forName(className).newInstance();
dynCustomAz.loadDynamicAuthorizations(this, this.getProvisioningEngine(), cfgAttrs);
}
} catch (InstantiationException | IllegalAccessException | ClassNotFoundException e) {
throw new ProvisioningException("Could not initialize dynamic targets", e);
}
try {
if (this.getCfg().getAuthChains() != null && this.getCfg().getAuthChains().getDynamicAuthChains() != null && this.getCfg().getAuthChains().getDynamicAuthChains().isEnabled()) {
DynamicPortalUrlsType dynamicAuthChains = this.getCfg().getAuthChains().getDynamicAuthChains();
String className = dynamicAuthChains.getClassName();
HashMap<String, Attribute> cfgAttrs = new HashMap<String, Attribute>();
for (ParamType pt : dynamicAuthChains.getParams()) {
Attribute attr = cfgAttrs.get(pt.getName());
if (attr == null) {
attr = new Attribute(pt.getName());
cfgAttrs.put(pt.getName(), attr);
}
attr.getValues().add(pt.getValue());
}
DynamicAuthChains dynAuthChains = (DynamicAuthChains) Class.forName(className).newInstance();
dynAuthChains.loadDynamicAuthChains(this, provEnvgine, cfgAttrs);
}
} catch (InstantiationException | IllegalAccessException | ClassNotFoundException e) {
throw new ProvisioningException("Could not initialize dynamic targets", e);
}
try {
if (this.getCfg().getApplications() != null && this.getCfg().getApplications().getDynamicApplications() != null && this.getCfg().getApplications().getDynamicApplications().isEnabled()) {
DynamicPortalUrlsType dynamicApps = this.getCfg().getApplications().getDynamicApplications();
String className = dynamicApps.getClassName();
HashMap<String, Attribute> cfgAttrs = new HashMap<String, Attribute>();
for (ParamType pt : dynamicApps.getParams()) {
Attribute attr = cfgAttrs.get(pt.getName());
if (attr == null) {
attr = new Attribute(pt.getName());
cfgAttrs.put(pt.getName(), attr);
}
attr.getValues().add(pt.getValue());
}
DynamicApplications dynApps = (DynamicApplications) Class.forName(className).newInstance();
dynApps.loadDynamicApplications(this, provEnvgine, cfgAttrs);
}
} catch (InstantiationException | IllegalAccessException | ClassNotFoundException e) {
throw new ProvisioningException("Could not initialize dynamic targets", e);
}
this.postInitialize();
}
Also used :
ErrorPage(com.tremolosecurity.config.xml.ApplicationsType.ErrorPage)
TremoloType(com.tremolosecurity.config.xml.TremoloType)
Attribute(com.tremolosecurity.saml.Attribute)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
JAXBContext(javax.xml.bind.JAXBContext)
DynamicApplications(com.tremolosecurity.proxy.dynamicloaders.DynamicApplications)
ProvisioningEngineImpl(com.tremolosecurity.provisioning.core.ProvisioningEngineImpl)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
StopableThread(com.tremolosecurity.server.StopableThread)
CustomAzRuleType(com.tremolosecurity.config.xml.CustomAzRuleType)
MechanismType(com.tremolosecurity.config.xml.MechanismType)
Unmarshaller(javax.xml.bind.Unmarshaller)
AuthChainType(com.tremolosecurity.config.xml.AuthChainType)
DynamicAuthChains(com.tremolosecurity.proxy.dynamicloaders.DynamicAuthChains)
CustomAuthorization(com.tremolosecurity.proxy.az.CustomAuthorization)
AuthMechParamType(com.tremolosecurity.config.xml.AuthMechParamType)
ParamType(com.tremolosecurity.config.xml.ParamType)
DynamicAuthorizations(com.tremolosecurity.proxy.dynamicloaders.DynamicAuthorizations)
ApplicationType(com.tremolosecurity.config.xml.ApplicationType)
DynamicResultGroups(com.tremolosecurity.proxy.dynamicloaders.DynamicResultGroups)
DynamicPortalUrlsType(com.tremolosecurity.config.xml.DynamicPortalUrlsType)
ResultGroupType(com.tremolosecurity.config.xml.ResultGroupType)
Aggregations
MechanismType (com.tremolosecurity.config.xml.MechanismType)12
AuthChainType (com.tremolosecurity.config.xml.AuthChainType)7
AuthMechType (com.tremolosecurity.config.xml.AuthMechType)7
HashMap (java.util.HashMap)6
ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)5
Attribute (com.tremolosecurity.saml.Attribute)5
ServletException (javax.servlet.ServletException)5
ParamWithValueType (com.tremolosecurity.config.xml.ParamWithValueType)4
ConfigManager (com.tremolosecurity.config.util.ConfigManager)3
AuthMechParamType (com.tremolosecurity.config.xml.AuthMechParamType)3
ParamType (com.tremolosecurity.config.xml.ParamType)3
IOException (java.io.IOException)3
LDAPException (com.novell.ldap.LDAPException)2
UrlHolder (com.tremolosecurity.config.util.UrlHolder)2
ConfigType (com.tremolosecurity.config.xml.ConfigType)2
DynamicPortalUrlsType (com.tremolosecurity.config.xml.DynamicPortalUrlsType)2
ParamListType (com.tremolosecurity.config.xml.ParamListType)2
ProxyRequest (com.tremolosecurity.proxy.ProxyRequest)2
AnonAuth (com.tremolosecurity.proxy.auth.AnonAuth)2
AuthController (com.tremolosecurity.proxy.auth.AuthController)2
