Search in sources :

Example 6 with OrgType

use of com.tremolosecurity.config.xml.OrgType in project OpenUnison by TremoloSecurity.

the class ScaleMain method loadWorkflows.

private void loadWorkflows(HttpFilterRequest request, HttpFilterResponse response, Gson gson) throws Exception {
    String orgid = request.getRequestURI().substring(request.getRequestURI().lastIndexOf('/') + 1);
    ConfigManager cfgMgr = GlobalEntries.getGlobalEntries().getConfigManager();
    HashSet<String> allowedOrgs = new HashSet<String>();
    AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
    OrgType ot = GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getOrg();
    AzSys az = new AzSys();
    this.checkOrg(allowedOrgs, ot, az, userData, request.getSession());
    if (!allowedOrgs.contains(orgid)) {
        response.setStatus(401);
        response.setContentType("application/json");
        ScaleError error = new ScaleError();
        error.getErrors().add("Unauthorized");
        ScaleJSUtils.addCacheHeaders(response);
        response.getWriter().print(gson.toJson(error).trim());
        response.getWriter().flush();
    } else {
        List<WorkflowType> wfs = GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getWorkflows().getWorkflow();
        ArrayList<WFDescription> workflows = new ArrayList<WFDescription>();
        for (WorkflowType wf : wfs) {
            if (wf.isInList() != null && wf.isInList().booleanValue()) {
                if (wf.getOrgid() == null || wf.getOrgid().equalsIgnoreCase(orgid)) {
                    if (wf.getDynamicConfiguration() != null && wf.getDynamicConfiguration().isDynamic()) {
                        HashMap<String, Attribute> params = new HashMap<String, Attribute>();
                        if (wf.getDynamicConfiguration().getParam() != null) {
                            for (ParamType p : wf.getDynamicConfiguration().getParam()) {
                                Attribute attr = params.get(p.getName());
                                if (attr == null) {
                                    attr = new Attribute(p.getName());
                                    params.put(p.getName(), attr);
                                }
                                attr.getValues().add(p.getValue());
                            }
                        }
                        DynamicWorkflow dwf = (DynamicWorkflow) Class.forName(wf.getDynamicConfiguration().getClassName()).newInstance();
                        List<Map<String, String>> wfParams = dwf.generateWorkflows(wf, cfgMgr, params, userData);
                        StringBuffer b = new StringBuffer();
                        b.append('/').append(URLEncoder.encode(wf.getName(), "UTF-8"));
                        String uri = b.toString();
                        for (Map<String, String> wfParamSet : wfParams) {
                            DateTime now = new DateTime();
                            DateTime expires = now.plusHours(1);
                            LastMile lm = new LastMile(uri, now, expires, 0, "");
                            for (String key : wfParamSet.keySet()) {
                                String val = wfParamSet.get(key);
                                Attribute attr = new Attribute(key, val);
                                lm.getAttributes().add(attr);
                            }
                            WFDescription desc = new WFDescription();
                            desc.setUuid(UUID.randomUUID().toString());
                            desc.setName(wf.getName());
                            ST st = new ST(wf.getLabel(), '$', '$');
                            for (String key : wfParamSet.keySet()) {
                                st.add(key.replaceAll("[.]", "_"), wfParamSet.get(key));
                            }
                            desc.setLabel(st.render());
                            st = new ST(wf.getDescription(), '$', '$');
                            for (String key : wfParamSet.keySet()) {
                                st.add(key.replaceAll("[.]", "_"), wfParamSet.get(key));
                            }
                            desc.setDescription(st.render());
                            desc.setEncryptedParams(lm.generateLastMileToken(cfgMgr.getSecretKey(cfgMgr.getCfg().getProvisioning().getApprovalDB().getEncryptionKey())));
                            workflows.add(desc);
                        }
                    } else {
                        WFDescription desc = new WFDescription();
                        desc.setUuid(UUID.randomUUID().toString());
                        desc.setName(wf.getName());
                        desc.setLabel(wf.getLabel());
                        desc.setDescription(wf.getDescription());
                        workflows.add(desc);
                    }
                }
            }
        }
        ScaleJSUtils.addCacheHeaders(response);
        response.setContentType("application/json");
        response.getWriter().println(gson.toJson(workflows).trim());
        response.getWriter().flush();
    }
}
Also used : Attribute(com.tremolosecurity.saml.Attribute) LDAPAttribute(com.novell.ldap.LDAPAttribute) ScaleAttribute(com.tremolosecurity.scalejs.cfg.ScaleAttribute) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) XSSFRichTextString(org.apache.poi.xssf.usermodel.XSSFRichTextString) RichTextString(org.apache.poi.ss.usermodel.RichTextString) DateTime(org.joda.time.DateTime) WFDescription(com.tremolosecurity.provisioning.service.util.WFDescription) DynamicWorkflow(com.tremolosecurity.provisioning.util.DynamicWorkflow) HashSet(java.util.HashSet) ST(org.stringtemplate.v4.ST) AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo) ScaleError(com.tremolosecurity.scalejs.data.ScaleError) AuthController(com.tremolosecurity.proxy.auth.AuthController) ConfigManager(com.tremolosecurity.config.util.ConfigManager) ParamType(com.tremolosecurity.config.xml.ParamType) LastMile(com.tremolosecurity.lastmile.LastMile) OrgType(com.tremolosecurity.config.xml.OrgType) WorkflowType(com.tremolosecurity.config.xml.WorkflowType) AzSys(com.tremolosecurity.proxy.auth.AzSys) Map(java.util.Map) HashMap(java.util.HashMap)

Example 7 with OrgType

use of com.tremolosecurity.config.xml.OrgType in project OpenUnison by TremoloSecurity.

the class ScaleMain method loadReports.

private void loadReports(HttpFilterRequest request, HttpFilterResponse response, Gson gson) throws MalformedURLException, ProvisioningException, IOException {
    String orgid = request.getRequestURI().substring(request.getRequestURI().lastIndexOf('/') + 1);
    ConfigManager cfgMgr = GlobalEntries.getGlobalEntries().getConfigManager();
    HashSet<String> allowedOrgs = new HashSet<String>();
    AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
    OrgType ot = GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getOrg();
    AzSys az = new AzSys();
    this.checkOrg(allowedOrgs, ot, az, userData, request.getSession());
    if (!allowedOrgs.contains(orgid)) {
        response.setStatus(401);
        response.setContentType("application/json");
        ScaleError error = new ScaleError();
        error.getErrors().add("Unauthorized");
        ScaleJSUtils.addCacheHeaders(response);
        response.getWriter().print(gson.toJson(error).trim());
        response.getWriter().flush();
    } else {
        ReportsType reports = GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getReports();
        ReportsList reportsList = new ReportsList();
        reportsList.setReports(new ArrayList<ReportInformation>());
        if (reports != null && reports.getReport() != null) {
            for (ReportType report : reports.getReport()) {
                if (report.getOrgID().equals(orgid)) {
                    ReportInformation ri = new ReportInformation();
                    ri.setName(report.getName());
                    ri.setDescription(report.getDescription());
                    ri.setOrgID(report.getOrgID());
                    ri.setParameters(new ArrayList<String>());
                    ri.getParameters().addAll(report.getParamater());
                    ri.getParameters().remove("currentUser");
                    reportsList.getReports().add(ri);
                }
            }
        }
        response.setContentType("application/json");
        ScaleJSUtils.addCacheHeaders(response);
        response.getWriter().println(gson.toJson(reportsList).trim());
        response.getWriter().flush();
    }
}
Also used : AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo) ReportsList(com.tremolosecurity.provisioning.service.util.ReportsList) ScaleError(com.tremolosecurity.scalejs.data.ScaleError) XSSFRichTextString(org.apache.poi.xssf.usermodel.XSSFRichTextString) RichTextString(org.apache.poi.ss.usermodel.RichTextString) AuthController(com.tremolosecurity.proxy.auth.AuthController) ConfigManager(com.tremolosecurity.config.util.ConfigManager) ReportInformation(com.tremolosecurity.provisioning.service.util.ReportInformation) OrgType(com.tremolosecurity.config.xml.OrgType) AzSys(com.tremolosecurity.proxy.auth.AzSys) ReportsType(com.tremolosecurity.config.xml.ReportsType) ReportType(com.tremolosecurity.config.xml.ReportType) HashSet(java.util.HashSet)

Example 8 with OrgType

use of com.tremolosecurity.config.xml.OrgType in project OpenUnison by TremoloSecurity.

the class ScaleMain method copyOrg.

private boolean copyOrg(Organization org, OrgType ot, AzSys az, AuthInfo auinfo) throws MalformedURLException, ProvisioningException {
    ConfigManager cfgMgr = GlobalEntries.getGlobalEntries().getConfigManager();
    if (ot.getAzRules() != null && ot.getAzRules().getRule().size() > 0) {
        ArrayList<AzRule> rules = new ArrayList<AzRule>();
        for (AzRuleType art : ot.getAzRules().getRule()) {
            rules.add(new AzRule(art.getScope(), art.getConstraint(), art.getClassName(), cfgMgr, null));
        }
        if (!az.checkRules(auinfo, cfgMgr, rules, new HashMap<String, Object>())) {
            return false;
        }
    }
    org.setId(ot.getUuid());
    org.setName(ot.getName());
    org.setDescription(ot.getDescription());
    org.setShowInPortal(ot.isShowInPortal());
    org.setShowInReports(ot.isShowInReports());
    org.setShowInRequest(ot.isShowInRequestsAccess());
    for (OrgType child : ot.getOrgs()) {
        Organization sub = new Organization();
        if (copyOrg(sub, child, az, auinfo)) {
            org.getSubOrgs().add(sub);
        }
    }
    return true;
}
Also used : AzRuleType(com.tremolosecurity.config.xml.AzRuleType) Organization(com.tremolosecurity.provisioning.service.util.Organization) HashMap(java.util.HashMap) OrgType(com.tremolosecurity.config.xml.OrgType) ArrayList(java.util.ArrayList) AzRule(com.tremolosecurity.proxy.az.AzRule) ConfigManager(com.tremolosecurity.config.util.ConfigManager)

Example 9 with OrgType

use of com.tremolosecurity.config.xml.OrgType in project OpenUnison by TremoloSecurity.

the class ScaleMain method doFilter.

@Override
public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception {
    Gson gson = new Gson();
    request.getServletRequest().setAttribute("com.tremolosecurity.unison.proxy.noRedirectOnError", "com.tremolosecurity.unison.proxy.noRedirectOnError");
    try {
        if (request.getRequestURI().endsWith("/main/config")) {
            if (scaleConfig.getUiDecisions() != null) {
                AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
                Set<String> allowedAttrs = this.scaleConfig.getUiDecisions().availableAttributes(userData, request.getServletRequest());
                ScaleConfig local = new ScaleConfig(this.scaleConfig);
                if (allowedAttrs != null) {
                    for (String attrName : this.scaleConfig.getAttributes().keySet()) {
                        if (!allowedAttrs.contains(attrName)) {
                            local.getAttributes().remove(attrName);
                        }
                    }
                }
                local.setCanEditUser(this.scaleConfig.getUiDecisions().canEditUser(userData, request.getServletRequest()));
                ScaleJSUtils.addCacheHeaders(response);
                response.setContentType("application/json");
                response.getWriter().println(gson.toJson(local).trim());
            } else {
                ScaleJSUtils.addCacheHeaders(response);
                response.setContentType("application/json");
                response.getWriter().println(gson.toJson(scaleConfig).trim());
            }
        } else if (request.getMethod().equalsIgnoreCase("GET") && request.getRequestURI().endsWith("/main/user")) {
            lookupUser(request, response, gson);
        } else if (request.getMethod().equalsIgnoreCase("PUT") && request.getRequestURI().endsWith("/main/user")) {
            saveUser(request, response, gson);
        } else if (request.getMethod().equalsIgnoreCase("GET") && request.getRequestURI().endsWith("/main/orgs")) {
            AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
            AzSys az = new AzSys();
            OrgType ot = GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getOrg();
            Organization org = new Organization();
            copyOrg(org, ot, az, userData);
            ScaleJSUtils.addCacheHeaders(response);
            response.setContentType("application/json");
            response.getWriter().println(gson.toJson(org).trim());
        } else if (request.getMethod().equalsIgnoreCase("GET") && request.getRequestURI().contains("/main/workflows/org/")) {
            loadWorkflows(request, response, gson);
        } else if (request.getMethod().equalsIgnoreCase("GET") && request.getRequestURI().contains("/main/workflows/candelegate")) {
            try {
                AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
                OrgType ot = GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getOrg();
                AzSys az = new AzSys();
                HashSet<String> allowedOrgs = new HashSet<String>();
                this.checkOrg(allowedOrgs, ot, az, userData, request.getSession());
                String workflowName = request.getParameter("workflowName").getValues().get(0);
                // need to check org
                String orgid = null;
                for (WorkflowType wf : GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getWorkflows().getWorkflow()) {
                    if (wf.getName().equals(workflowName)) {
                        orgid = wf.getOrgid();
                        break;
                    }
                }
                PreCheckResponse preCheckResp = new PreCheckResponse();
                if (request.getParameter("uuid") != null) {
                    preCheckResp.setUuid(request.getParameter("uuid").getValues().get(0));
                }
                checkPreCheck(request, userData, allowedOrgs, workflowName, orgid, preCheckResp);
                ScaleJSUtils.addCacheHeaders(response);
                response.getWriter().print(gson.toJson(preCheckResp).trim());
                response.getWriter().flush();
            } catch (Throwable t) {
                logger.error("Could not check for preapproval status", t);
                response.setStatus(500);
                response.setContentType("application/json");
                ScaleJSUtils.addCacheHeaders(response);
                ScaleError error = new ScaleError();
                error.getErrors().add("Unable to check");
                response.getWriter().print(gson.toJson(error).trim());
                response.getWriter().flush();
            }
        } else if (request.getMethod().equalsIgnoreCase("PUT") && request.getRequestURI().endsWith("/main/workflows")) {
            executeWorkflows(request, response, gson);
        } else if (request.getMethod().equalsIgnoreCase("GET") && request.getRequestURI().endsWith("/main/approvals")) {
            AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
            String uid = userData.getAttribs().get(this.scaleConfig.getUidAttributeName()).getValues().get(0);
            response.setContentType("application/json");
            ScaleJSUtils.addCacheHeaders(response);
            response.getWriter().println(gson.toJson(ServiceActions.listOpenApprovals(uid, this.scaleConfig.getDisplayNameAttribute(), GlobalEntries.getGlobalEntries().getConfigManager())).trim());
        } else if (request.getMethod().equalsIgnoreCase("GET") && request.getRequestURI().contains("/main/approvals/")) {
            loadApproval(request, response, gson);
        } else if (request.getMethod().equalsIgnoreCase("PUT") && request.getRequestURI().contains("/main/approvals/")) {
            int approvalID = Integer.parseInt(request.getRequestURI().substring(request.getRequestURI().lastIndexOf('/') + 1));
            AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
            String uid = userData.getAttribs().get(this.scaleConfig.getUidAttributeName()).getValues().get(0);
            boolean ok = false;
            ApprovalSummaries summaries = ServiceActions.listOpenApprovals(uid, this.scaleConfig.getDisplayNameAttribute(), GlobalEntries.getGlobalEntries().getConfigManager());
            for (ApprovalSummary as : summaries.getApprovals()) {
                if (as.getApproval() == approvalID) {
                    ok = true;
                }
            }
            if (!ok) {
                response.setStatus(401);
                response.setContentType("application/json");
                ScaleJSUtils.addCacheHeaders(response);
                ScaleError error = new ScaleError();
                error.getErrors().add("Unauthorized");
                response.getWriter().print(gson.toJson(error).trim());
                response.getWriter().flush();
            } else {
                ScaleApprovalData approvalData = gson.fromJson(new String((byte[]) request.getAttribute(ProxySys.MSG_BODY)), ScaleApprovalData.class);
                try {
                    String approval = approvalData.getReason().trim();
                    if (approval.length() > 255) {
                        logger.warn("approval justification greater then 255 characters");
                        approval = approval.substring(0, 255);
                    }
                    GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().doApproval(approvalID, uid, approvalData.isApproved(), approval);
                } catch (Exception e) {
                    logger.error("Could not execute approval", e);
                    response.setStatus(500);
                    ScaleError error = new ScaleError();
                    error.getErrors().add("There was a problem completeding your request, please contact your system administrator");
                    ScaleJSUtils.addCacheHeaders(response);
                    response.getWriter().print(gson.toJson(error).trim());
                    response.getWriter().flush();
                }
            }
        } else if (request.getMethod().equalsIgnoreCase("GET") && request.getRequestURI().contains("/main/reports/org/")) {
            loadReports(request, response, gson);
        } else if (request.getMethod().equalsIgnoreCase("GET") && request.getRequestURI().contains("/main/reports/excel/")) {
            exportToExcel(request, response, gson);
        } else if (request.getMethod().equalsIgnoreCase("GET") && request.getRequestURI().contains("/main/reports/")) {
            runReport(request, response, gson);
        } else if (request.getMethod().equalsIgnoreCase("GET") && request.getRequestURI().endsWith("/main/urls")) {
            AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
            AzSys az = new AzSys();
            PortalUrlsType pt = GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getPortal();
            PortalURLs urls = new PortalURLs();
            if (pt != null && pt.getUrls() != null) {
                for (PortalUrlType url : pt.getUrls()) {
                    if (url.getAzRules() != null && url.getAzRules().getRule().size() > 0) {
                        ArrayList<AzRule> rules = new ArrayList<AzRule>();
                        for (AzRuleType art : url.getAzRules().getRule()) {
                            rules.add(new AzRule(art.getScope(), art.getConstraint(), art.getClassName(), GlobalEntries.getGlobalEntries().getConfigManager(), null));
                        }
                        if (!az.checkRules(userData, GlobalEntries.getGlobalEntries().getConfigManager(), rules, request.getSession(), this.appType, new HashMap<String, Object>())) {
                            continue;
                        }
                    }
                    PortalURL purl = new PortalURL();
                    purl.setName(url.getName());
                    purl.setLabel(url.getLabel());
                    purl.setOrg(url.getOrg());
                    purl.setUrl(url.getUrl());
                    purl.setIcon(url.getIcon());
                    urls.getUrls().add(purl);
                }
            }
            ScaleJSUtils.addCacheHeaders(response);
            response.getWriter().print(gson.toJson(urls.getUrls()).trim());
            response.getWriter().flush();
        } else if (request.getMethod().equalsIgnoreCase("GET") && request.getRequestURI().contains("/main/urls/org")) {
            String id = URLDecoder.decode(request.getRequestURI().substring(request.getRequestURI().lastIndexOf('/') + 1), "UTF-8");
            AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
            AzSys az = new AzSys();
            PortalUrlsType pt = GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getPortal();
            PortalURLs urls = new PortalURLs();
            for (PortalUrlType url : pt.getUrls()) {
                if (url.getOrg().equalsIgnoreCase(id)) {
                    if (url.getAzRules() != null && url.getAzRules().getRule().size() > 0) {
                        ArrayList<AzRule> rules = new ArrayList<AzRule>();
                        for (AzRuleType art : url.getAzRules().getRule()) {
                            rules.add(new AzRule(art.getScope(), art.getConstraint(), art.getClassName(), GlobalEntries.getGlobalEntries().getConfigManager(), null));
                        }
                        if (!az.checkRules(userData, GlobalEntries.getGlobalEntries().getConfigManager(), rules, request.getSession(), this.appType, new HashMap<String, Object>())) {
                            continue;
                        }
                    }
                    PortalURL purl = new PortalURL();
                    purl.setName(url.getName());
                    purl.setLabel(url.getLabel());
                    purl.setOrg(url.getOrg());
                    purl.setUrl(url.getUrl());
                    purl.setIcon(url.getIcon());
                    urls.getUrls().add(purl);
                }
            }
            ScaleJSUtils.addCacheHeaders(response);
            response.getWriter().print(gson.toJson(urls.getUrls()).trim());
            response.getWriter().flush();
        } else {
            response.setStatus(500);
            ScaleError error = new ScaleError();
            error.getErrors().add("Operation not supported");
            ScaleJSUtils.addCacheHeaders(response);
            response.getWriter().print(gson.toJson(error).trim());
            response.getWriter().flush();
        }
    } catch (Throwable t) {
        logger.error("Could not execute request", t);
        response.setStatus(500);
        ScaleError error = new ScaleError();
        error.getErrors().add("Operation not supported");
        ScaleJSUtils.addCacheHeaders(response);
        response.getWriter().print(gson.toJson(error).trim());
        response.getWriter().flush();
    }
}
Also used : Organization(com.tremolosecurity.provisioning.service.util.Organization) PortalUrlType(com.tremolosecurity.config.xml.PortalUrlType) PortalURL(com.tremolosecurity.provisioning.service.util.PortalURL) HashMap(java.util.HashMap) PortalURLs(com.tremolosecurity.provisioning.service.util.PortalURLs) ArrayList(java.util.ArrayList) Gson(com.google.gson.Gson) PortalUrlsType(com.tremolosecurity.config.xml.PortalUrlsType) XSSFRichTextString(org.apache.poi.xssf.usermodel.XSSFRichTextString) RichTextString(org.apache.poi.ss.usermodel.RichTextString) AzRuleType(com.tremolosecurity.config.xml.AzRuleType) ApprovalSummaries(com.tremolosecurity.provisioning.service.util.ApprovalSummaries) HashSet(java.util.HashSet) ApprovalSummary(com.tremolosecurity.provisioning.service.util.ApprovalSummary) AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo) PreCheckResponse(com.tremolosecurity.scalejs.data.PreCheckResponse) ScaleApprovalData(com.tremolosecurity.scalejs.data.ScaleApprovalData) ScaleError(com.tremolosecurity.scalejs.data.ScaleError) AuthController(com.tremolosecurity.proxy.auth.AuthController) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) LDAPException(com.novell.ldap.LDAPException) SQLException(java.sql.SQLException) IOException(java.io.IOException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) MalformedURLException(java.net.MalformedURLException) OrgType(com.tremolosecurity.config.xml.OrgType) WorkflowType(com.tremolosecurity.config.xml.WorkflowType) AzSys(com.tremolosecurity.proxy.auth.AzSys) JsonObject(com.google.gson.JsonObject) AzRule(com.tremolosecurity.proxy.az.AzRule) ScaleConfig(com.tremolosecurity.scalejs.cfg.ScaleConfig)

Example 10 with OrgType

use of com.tremolosecurity.config.xml.OrgType in project OpenUnison by TremoloSecurity.

the class ScaleMain method executeWorkflows.

private void executeWorkflows(HttpFilterRequest request, HttpFilterResponse response, Gson gson) throws Exception {
    Type listType = new TypeToken<ArrayList<WorkflowRequest>>() {
    }.getType();
    byte[] requestBytes = (byte[]) request.getAttribute(ProxySys.MSG_BODY);
    String requestString = new String(requestBytes, StandardCharsets.UTF_8);
    List<WorkflowRequest> reqs = gson.fromJson(requestString, listType);
    HashMap<String, String> results = new HashMap<String, String>();
    for (WorkflowRequest req : reqs) {
        if (req.getReason() == null || req.getReason().isEmpty()) {
            results.put(req.getUuid(), "Reason is required");
        } else {
            HashSet<String> allowedOrgs = new HashSet<String>();
            AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
            OrgType ot = GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getOrg();
            AzSys az = new AzSys();
            this.checkOrg(allowedOrgs, ot, az, userData, request.getSession());
            String orgid = null;
            List<WorkflowType> wfs = GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getWorkflows().getWorkflow();
            for (WorkflowType wf : wfs) {
                if (wf.getName().equals(req.getName())) {
                    orgid = wf.getOrgid();
                    break;
                }
            }
            if (orgid == null) {
                results.put(req.getUuid(), "Not Found");
            } else if (!allowedOrgs.contains(orgid)) {
                results.put(req.getUuid(), "Unauthorized");
            } else {
                WFCall wfCall = new WFCall();
                wfCall.setName(req.getName());
                String requestReason = req.getReason().trim();
                if (requestReason.length() > 255) {
                    logger.warn("Reason is oversized : " + requestReason.length());
                    requestReason = requestReason.substring(0, 255);
                }
                wfCall.setReason(requestReason);
                wfCall.setUidAttributeName(this.scaleConfig.getUidAttributeName());
                wfCall.setEncryptedParams(req.getEncryptedParams());
                TremoloUser tu = new TremoloUser();
                if (req.getSubjects() == null || req.getSubjects().isEmpty()) {
                    tu.setUid(userData.getAttribs().get(this.scaleConfig.getUidAttributeName()).getValues().get(0));
                    tu.getAttributes().add(new Attribute(this.scaleConfig.getUidAttributeName(), userData.getAttribs().get(this.scaleConfig.getUidAttributeName()).getValues().get(0)));
                    wfCall.setUser(tu);
                    try {
                        com.tremolosecurity.provisioning.workflow.ExecuteWorkflow exec = new com.tremolosecurity.provisioning.workflow.ExecuteWorkflow();
                        exec.execute(wfCall, GlobalEntries.getGlobalEntries().getConfigManager());
                        results.put(req.getUuid(), "success");
                    } catch (Exception e) {
                        logger.error("Could not update user", e);
                        results.put(req.getUuid(), "Error, please contact your system administrator");
                    }
                } else {
                    PreCheckResponse preCheckResp = new PreCheckResponse();
                    checkPreCheck(request, userData, allowedOrgs, req.getName(), orgid, preCheckResp);
                    StringBuffer errors = new StringBuffer();
                    if (preCheckResp.isCanDelegate()) {
                        for (String subject : req.getSubjects()) {
                            // execute for each subject
                            wfCall = new WFCall();
                            wfCall.setName(req.getName());
                            wfCall.setReason(req.getReason());
                            wfCall.setUidAttributeName(this.scaleConfig.getUidAttributeName());
                            wfCall.setEncryptedParams(req.getEncryptedParams());
                            wfCall.setRequestor(userData.getAttribs().get(this.scaleConfig.getUidAttributeName()).getValues().get(0));
                            tu = new TremoloUser();
                            wfCall.setUser(tu);
                            LDAPSearchResults searchRes = GlobalEntries.getGlobalEntries().getConfigManager().getMyVD().search(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getLdapRoot(), 2, equal(this.scaleConfig.getUidAttributeName(), subject).toString(), new ArrayList<String>());
                            if (searchRes.hasMore()) {
                                LDAPEntry entry = searchRes.next();
                                if (entry == null) {
                                    errors.append("Error, user " + subject + " does not exist;");
                                } else {
                                    startSubjectWorkflow(errors, req, wfCall, tu, subject, entry, preCheckResp);
                                }
                            } else {
                                errors.append("Error, user " + subject + " does not exist;");
                            }
                            while (searchRes.hasMore()) searchRes.next();
                        }
                        if (errors.length() == 0) {
                            results.put(req.getUuid(), "success");
                        } else {
                            results.put(req.getUuid(), errors.toString().substring(0, errors.toString().length() - 1));
                        }
                    } else {
                        results.put(req.getUuid(), "Unable to submit");
                        logger.warn("User '" + userData.getUserDN() + "' not allowed to request for others for '" + req.getName() + "'");
                    }
                }
            }
        }
    }
    ScaleJSUtils.addCacheHeaders(response);
    response.setContentType("application/json");
    response.getWriter().println(gson.toJson(results).trim());
}
Also used : HashMap(java.util.HashMap) Attribute(com.tremolosecurity.saml.Attribute) LDAPAttribute(com.novell.ldap.LDAPAttribute) ScaleAttribute(com.tremolosecurity.scalejs.cfg.ScaleAttribute) ArrayList(java.util.ArrayList) XSSFRichTextString(org.apache.poi.xssf.usermodel.XSSFRichTextString) RichTextString(org.apache.poi.ss.usermodel.RichTextString) LDAPEntry(com.novell.ldap.LDAPEntry) TremoloUser(com.tremolosecurity.provisioning.service.util.TremoloUser) HashSet(java.util.HashSet) AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo) WFCall(com.tremolosecurity.provisioning.service.util.WFCall) PreCheckResponse(com.tremolosecurity.scalejs.data.PreCheckResponse) AuthController(com.tremolosecurity.proxy.auth.AuthController) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) LDAPException(com.novell.ldap.LDAPException) SQLException(java.sql.SQLException) IOException(java.io.IOException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) MalformedURLException(java.net.MalformedURLException) OrgType(com.tremolosecurity.config.xml.OrgType) ReportType(com.tremolosecurity.config.xml.ReportType) ReportsType(com.tremolosecurity.config.xml.ReportsType) PortalUrlsType(com.tremolosecurity.config.xml.PortalUrlsType) ApplicationType(com.tremolosecurity.config.xml.ApplicationType) Type(java.lang.reflect.Type) PortalUrlType(com.tremolosecurity.config.xml.PortalUrlType) ParamType(com.tremolosecurity.config.xml.ParamType) AzRuleType(com.tremolosecurity.config.xml.AzRuleType) WorkflowType(com.tremolosecurity.config.xml.WorkflowType) LDAPSearchResults(com.novell.ldap.LDAPSearchResults) OrgType(com.tremolosecurity.config.xml.OrgType) WorkflowType(com.tremolosecurity.config.xml.WorkflowType) AzSys(com.tremolosecurity.proxy.auth.AzSys) WorkflowRequest(com.tremolosecurity.scalejs.data.WorkflowRequest)

Aggregations

OrgType (com.tremolosecurity.config.xml.OrgType)14 AzRuleType (com.tremolosecurity.config.xml.AzRuleType)7 AuthInfo (com.tremolosecurity.proxy.auth.AuthInfo)7 AzSys (com.tremolosecurity.proxy.auth.AzSys)7 ArrayList (java.util.ArrayList)7 ConfigManager (com.tremolosecurity.config.util.ConfigManager)6 HashSet (java.util.HashSet)6 AuthController (com.tremolosecurity.proxy.auth.AuthController)5 AzRule (com.tremolosecurity.proxy.az.AzRule)5 IOException (java.io.IOException)5 HashMap (java.util.HashMap)5 LDAPAttribute (com.novell.ldap.LDAPAttribute)4 ReportType (com.tremolosecurity.config.xml.ReportType)4 ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)4 Organization (com.tremolosecurity.provisioning.service.util.Organization)4 Attribute (com.tremolosecurity.saml.Attribute)4 ScaleError (com.tremolosecurity.scalejs.data.ScaleError)4 RichTextString (org.apache.poi.ss.usermodel.RichTextString)4 XSSFRichTextString (org.apache.poi.xssf.usermodel.XSSFRichTextString)4 Gson (com.google.gson.Gson)3