Example 1 with UrlType
use of com.tremolosecurity.config.xml.UrlType in project OpenUnison by TremoloSecurity.
the class UnisonConfigManagerImpl method addAppInternal.
private List<UrlHolder> addAppInternal(ApplicationType app) throws Exception {
List<UrlHolder> added = new ArrayList<UrlHolder>();
for (UrlType url : app.getUrls().getUrl()) {
for (String hostName : url.getHost()) {
synchronized (this.byHost) {
ArrayList<UrlHolder> hostUrls = this.byHost.get(hostName);
if (hostUrls == null) {
hostUrls = new ArrayList<UrlHolder>();
this.byHost.put(hostName, hostUrls);
}
synchronized (hostUrls) {
if (logger.isDebugEnabled()) {
logger.debug("Configuring Application : '" + app.getName() + "'");
logger.debug("Configuring URL : '" + url.getHost().toString() + "' / '" + url.getUri() + "'");
}
UrlHolder holder = new UrlHolder(app, url, this);
added.add(holder);
hostUrls.add(holder);
}
}
}
}
this.appUrls.put(app.getName(), added);
return added;
}Example 2 with UrlType
use of com.tremolosecurity.config.xml.UrlType in project OpenUnison by TremoloSecurity.
the class PreAuthFilter method initFilter.
@Override
public void initFilter(HttpFilterConfig config) throws Exception {
this.postSAML = config.getAttribute("postSAML") != null && config.getAttribute("postSAML").getValues().get(0).equalsIgnoreCase("true");
if (postSAML) {
String idpName = config.getAttribute("idpName").getValues().get(0);
ApplicationType app = config.getConfigManager().getApp(idpName);
IdpType idp = app.getUrls().getUrl().get(0).getIdp();
for (ParamType pt : idp.getParams()) {
if (pt.getName().equalsIgnoreCase("sigKey")) {
this.keyAlias = pt.getValue();
}
}
TrustType tt = idp.getTrusts().getTrust().get(0);
for (ParamType pt : tt.getParam()) {
if (pt.getName().equalsIgnoreCase("signResponse")) {
this.signResponse = pt.getValue().equalsIgnoreCase("true");
} else if (pt.getName().equalsIgnoreCase("signAssertion")) {
this.signAssertion = pt.getValue().equalsIgnoreCase("true");
} else if (pt.getName().equalsIgnoreCase("httpPostRespURL")) {
this.assertionConsumerURL = pt.getValue();
} else if (pt.getName().equalsIgnoreCase("defaultNameId")) {
this.nameIDType = pt.getValue();
} else if (pt.getName().equalsIgnoreCase("nameIdMap")) {
this.nameIDAttribute = pt.getValue().substring(pt.getValue().indexOf('=') + 1);
} else if (pt.getName().equalsIgnoreCase("defaultAuthCtx")) {
this.authnCtxClassRef = pt.getValue();
}
}
String issuerHost = config.getAttribute("issuerHost").getValues().get(0);
String issuerPort = config.getAttribute("issuerPort").getValues().get(0);
boolean issuerSSL = config.getAttribute("issuerSSL").getValues().get(0).equalsIgnoreCase("true");
StringBuffer b = new StringBuffer();
if (issuerSSL) {
b.append("https://");
} else {
b.append("http://");
}
b.append(issuerHost);
if (!issuerPort.isEmpty()) {
b.append(':').append(issuerPort);
}
b.append("/auth/idp/").append(idpName);
this.issuer = b.toString();
// this.issuer = config.getAttribute("issuer").getValues().get(0);
this.audience = tt.getName();
this.relayState = config.getAttribute("relayState").getValues().get(0);
InitializationService.initialize();
this.url = this.assertionConsumerURL;
} else {
this.url = config.getAttribute("url").getValues().get(0);
}
URL nurl = new URL(this.url);
this.uri = nurl.getPath();
UrlType urlCfg = config.getConfigManager().findURL(this.url).getUrl();
for (FilterConfigType filterCfg : urlCfg.getFilterChain().getFilter()) {
if (filterCfg.getClazz().equalsIgnoreCase("com.tremolosecurity.proxy.filters.LastMile")) {
for (ParamWithValueType pt : filterCfg.getParam()) {
if (pt.getName().equalsIgnoreCase("encKeyAlias")) {
this.lastMileKeyAlias = pt.getValue();
} else if (pt.getName().equalsIgnoreCase("headerName")) {
this.headerName = pt.getValue();
} else if (pt.getName().equalsIgnoreCase("userAttribute")) {
this.loginAttribute = pt.getValue();
}
}
for (ParamWithValueType pt : filterCfg.getParam()) {
if (pt.getName().equalsIgnoreCase("attribs")) {
String param = pt.getValue();
String fromUser = param.substring(0, param.indexOf('='));
String toApp = param.substring(param.indexOf('=') + 1);
if (fromUser.equalsIgnoreCase(this.headerName)) {
this.headerName = toApp;
}
}
}
}
}
logger.info("URL : '" + this.url + "'");
logger.info("Key Alias : '" + this.lastMileKeyAlias + "'");
logger.info("Login ID Attribute : '" + this.loginAttribute + "'");
logger.info("Header Attribute : '" + this.headerName + "'");
if (this.postSAML) {
logger.info("Saml : true");
logger.info("Issuer : " + this.issuer);
}
}
Also used :
ApplicationType(com.tremolosecurity.config.xml.ApplicationType)
IdpType(com.tremolosecurity.config.xml.IdpType)
FilterConfigType(com.tremolosecurity.config.xml.FilterConfigType)
TrustType(com.tremolosecurity.config.xml.TrustType)
ParamWithValueType(com.tremolosecurity.config.xml.ParamWithValueType)
UrlType(com.tremolosecurity.config.xml.UrlType)
ParamType(com.tremolosecurity.config.xml.ParamType)
URL(java.net.URL)
Example 3 with UrlType
use of com.tremolosecurity.config.xml.UrlType in project OpenUnison by TremoloSecurity.
the class ScaleJSOperator method initFilter.
@Override
public void initFilter(HttpFilterConfig config) throws Exception {
this.config = new OperatorsConfig();
Attribute bases = config.getAttribute("bases");
if (bases == null) {
throw new Exception("bases not set");
}
for (String base : bases.getValues()) {
String desc = base.substring(0, base.indexOf('='));
String ldap = base.substring(base.indexOf('=') + 1);
this.config.getBaseLabelToDN().put(desc, ldap);
this.config.getSearchBases().add(desc);
}
Attribute attr = config.getAttribute("searchableAttributes");
if (attr == null) {
throw new Exception("searchableAttributes not found");
}
for (String searchable : attr.getValues()) {
String name = searchable.substring(0, searchable.indexOf('='));
String label = searchable.substring(searchable.indexOf('=') + 1);
this.config.getSearchableAttributes().add(new AttributeConfig(name, label, ""));
}
attr = config.getAttribute("resultAttributes");
if (attr == null) {
throw new Exception("resultAttributes not found");
}
for (String resultAttr : attr.getValues()) {
String name = resultAttr.substring(0, resultAttr.indexOf('='));
String label = resultAttr.substring(resultAttr.indexOf('=') + 1);
this.config.getResultsAttributes().add(new AttributeConfig(name, label, ""));
}
this.config.setScaleJsMainUri(this.loadAttributeValue("scaleMainURI", "Scale Main URI", config));
this.config.setHomeUrl(this.loadAttributeValue("homeUrl", "Home URL", config));
this.scalejsAppName = this.loadAttributeValue("scaleMainAppName", "Scale Main Application", config);
ApplicationType app = null;
for (ApplicationType at : config.getConfigManager().getCfg().getApplications().getApplication()) {
if (at.getName().equalsIgnoreCase(scalejsAppName)) {
app = at;
}
}
if (app == null) {
throw new Exception(scalejsAppName + " does not exist");
}
for (UrlType url : app.getUrls().getUrl()) {
if (url.getUri().equalsIgnoreCase(this.config.getScaleJsMainUri())) {
this.scaleJsUrl = url;
}
}
if (this.scaleJsUrl == null) {
throw new Exception("Could not find url for ScaleJS Main");
}
this.scaleMainURL = "https://" + this.scaleJsUrl.getHost().get(0) + this.scaleJsUrl.getUri();
HashMap<String, Attribute> decCfg = new HashMap<String, Attribute>();
for (FilterConfigType filter : this.scaleJsUrl.getFilterChain().getFilter()) {
if (filter.getClazz().equalsIgnoreCase("com.tremolosecurity.scalejs.ws.ScaleMain")) {
for (ParamWithValueType pt : filter.getParam()) {
if (pt.getName().equalsIgnoreCase("uiHelperClassName")) {
this.dec = (UiDecisions) Class.forName(pt.getValue()).newInstance();
} else if (pt.getName().equalsIgnoreCase("uihelper.params")) {
String v = pt.getValue();
String name = v.substring(0, v.indexOf('='));
String value = v.substring(v.indexOf('=') + 1);
Attribute param = decCfg.get(name);
if (param == null) {
param = new Attribute(name);
decCfg.put(name, param);
}
param.getValues().add(value);
}
}
}
}
if (this.dec != null) {
this.dec.init(decCfg);
}
}
Also used :
ApplicationType(com.tremolosecurity.config.xml.ApplicationType)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
Attribute(com.tremolosecurity.saml.Attribute)
HashMap(java.util.HashMap)
FilterConfigType(com.tremolosecurity.config.xml.FilterConfigType)
OperatorsConfig(com.tremolosecurity.scalejs.operators.config.OperatorsConfig)
ParamWithValueType(com.tremolosecurity.config.xml.ParamWithValueType)
AttributeConfig(com.tremolosecurity.scalejs.operators.config.AttributeConfig)
UrlType(com.tremolosecurity.config.xml.UrlType)
LDAPException(com.novell.ldap.LDAPException)
IOException(java.io.IOException)
Example 4 with UrlType
use of com.tremolosecurity.config.xml.UrlType in project OpenUnison by TremoloSecurity.
the class LoadApplicationsFromK8s method createApplication.
public ApplicationType createApplication(JSONObject item, String name) throws Exception {
ApplicationType app = new ApplicationType();
app.setName(name);
JSONObject spec = (JSONObject) item.get("spec");
app.setAzTimeoutMillis(getLongValue(spec.get("azTimeoutMillis"), 3000));
app.setIsApp(getBoolValue(spec.get("isApp"), true));
JSONArray urls = (JSONArray) spec.get("urls");
app.setUrls(new UrlsType());
for (Object o : urls) {
JSONObject jsonUrl = (JSONObject) o;
UrlType url = new UrlType();
if (!app.isIsApp()) {
createIdpOnUrl(jsonUrl, url);
}
JSONArray hosts = (JSONArray) jsonUrl.get("hosts");
for (Object x : hosts) {
url.getHost().add((String) x);
}
JSONArray filters = (JSONArray) jsonUrl.get("filterChain");
url.setFilterChain(new FilterChainType());
if (filters != null) {
for (Object x : filters) {
JSONObject jsonFilter = (JSONObject) x;
FilterConfigType ft = new FilterConfigType();
ft.setClazz((String) jsonFilter.get("className"));
JSONObject params = (JSONObject) jsonFilter.get("params");
if (params != null) {
for (Object y : params.keySet()) {
String paramName = (String) y;
Object z = params.get(paramName);
if (z instanceof String) {
ParamWithValueType pt = new ParamWithValueType();
pt.setName(paramName);
pt.setValue((String) z);
ft.getParam().add(pt);
} else {
JSONArray values = (JSONArray) z;
for (Object w : values) {
ParamWithValueType pt = new ParamWithValueType();
pt.setName(paramName);
pt.setValue((String) w);
ft.getParam().add(pt);
}
}
}
}
JSONArray secretParams = (JSONArray) jsonFilter.get("secretParams");
if (secretParams != null) {
HttpCon nonwatchHttp = this.k8sWatch.getK8s().createClient();
String token = this.k8sWatch.getK8s().getAuthToken();
try {
for (Object ox : secretParams) {
JSONObject secretParam = (JSONObject) ox;
String paramName = (String) secretParam.get("name");
String secretName = (String) secretParam.get("secretName");
String secretKey = (String) secretParam.get("secretKey");
String secretValue = this.k8sWatch.getSecretValue(secretName, secretKey, token, nonwatchHttp);
ParamWithValueType pt = new ParamWithValueType();
pt.setName(paramName);
pt.setValue(secretValue);
pt.setValueAttribute(secretValue);
ft.getParam().add(pt);
}
} finally {
nonwatchHttp.getHttp().close();
nonwatchHttp.getBcm().close();
}
}
url.getFilterChain().getFilter().add(ft);
}
}
JSONArray jsonAzRules = (JSONArray) jsonUrl.get("azRules");
AzRulesType art = new AzRulesType();
if (jsonAzRules != null) {
for (Object x : jsonAzRules) {
JSONObject jsonRule = (JSONObject) x;
AzRuleType artx = new AzRuleType();
artx.setScope((String) jsonRule.get("scope"));
artx.setConstraint((String) jsonRule.get("constraint"));
art.getRule().add(artx);
}
}
url.setAzRules(art);
url.setProxyTo((String) jsonUrl.get("proxyTo"));
url.setUri((String) jsonUrl.get("uri"));
url.setRegex(getBoolValue(jsonUrl.get("regex"), false));
url.setAuthChain((String) jsonUrl.get("authChain"));
url.setOverrideHost(getBoolValue(jsonUrl.get("overrideHost"), false));
url.setOverrideReferer(getBoolValue(jsonUrl.get("overrideReferer"), false));
JSONObject jsonResults = (JSONObject) jsonUrl.get("results");
if (jsonResults != null) {
ResultRefType rt = new ResultRefType();
rt.setAuSuccess((String) jsonResults.get("auSuccess"));
rt.setAzSuccess((String) jsonResults.get("azSuccess"));
rt.setAuFail((String) jsonResults.get("auFail"));
rt.setAzFail((String) jsonResults.get("azFail"));
url.setResults(rt);
}
app.getUrls().getUrl().add(url);
}
JSONObject jsonCookie = (JSONObject) spec.get("cookieConfig");
if (jsonCookie != null) {
CookieConfigType cct = new CookieConfigType();
cct.setSessionCookieName((String) jsonCookie.get("sessionCookieName"));
cct.setDomain((String) jsonCookie.get("domain"));
cct.setScope(getIntValue(jsonCookie.get("scope"), -1));
cct.setLogoutURI((String) jsonCookie.get("logoutURI"));
cct.setKeyAlias((String) jsonCookie.get("keyAlias"));
cct.setTimeout(getIntValue(jsonCookie.get("timeout"), 0).intValue());
cct.setSecure(getBoolValue(jsonCookie.get("secure"), false));
cct.setHttpOnly(getBoolValue(jsonCookie.get("httpOnly"), false));
cct.setSameSite((String) jsonCookie.get("sameSite"));
cct.setCookiesEnabled(getBoolValue(jsonCookie.get("cookiesEnabled"), true));
app.setCookieConfig(cct);
}
return app;
}
Also used :
AzRulesType(com.tremolosecurity.config.xml.AzRulesType)
JSONArray(org.json.simple.JSONArray)
UrlsType(com.tremolosecurity.config.xml.UrlsType)
FilterChainType(com.tremolosecurity.config.xml.FilterChainType)
ResultRefType(com.tremolosecurity.config.xml.ResultRefType)
ApplicationType(com.tremolosecurity.config.xml.ApplicationType)
CustomAzRuleType(com.tremolosecurity.config.xml.CustomAzRuleType)
AzRuleType(com.tremolosecurity.config.xml.AzRuleType)
HttpCon(com.tremolosecurity.provisioning.util.HttpCon)
JSONObject(org.json.simple.JSONObject)
FilterConfigType(com.tremolosecurity.config.xml.FilterConfigType)
CookieConfigType(com.tremolosecurity.config.xml.CookieConfigType)
JSONObject(org.json.simple.JSONObject)
ParamWithValueType(com.tremolosecurity.config.xml.ParamWithValueType)
UrlType(com.tremolosecurity.config.xml.UrlType)
Aggregations
UrlType (com.tremolosecurity.config.xml.UrlType)4
ApplicationType (com.tremolosecurity.config.xml.ApplicationType)3
FilterConfigType (com.tremolosecurity.config.xml.FilterConfigType)3
ParamWithValueType (com.tremolosecurity.config.xml.ParamWithValueType)3
LDAPAttribute (com.novell.ldap.LDAPAttribute)1
LDAPException (com.novell.ldap.LDAPException)1
AzRuleType (com.tremolosecurity.config.xml.AzRuleType)1
AzRulesType (com.tremolosecurity.config.xml.AzRulesType)1
CookieConfigType (com.tremolosecurity.config.xml.CookieConfigType)1
CustomAzRuleType (com.tremolosecurity.config.xml.CustomAzRuleType)1
FilterChainType (com.tremolosecurity.config.xml.FilterChainType)1
IdpType (com.tremolosecurity.config.xml.IdpType)1
ParamType (com.tremolosecurity.config.xml.ParamType)1
ResultRefType (com.tremolosecurity.config.xml.ResultRefType)1
TrustType (com.tremolosecurity.config.xml.TrustType)1
UrlsType (com.tremolosecurity.config.xml.UrlsType)1
HttpCon (com.tremolosecurity.provisioning.util.HttpCon)1
Attribute (com.tremolosecurity.saml.Attribute)1
AttributeConfig (com.tremolosecurity.scalejs.operators.config.AttributeConfig)1
OperatorsConfig (com.tremolosecurity.scalejs.operators.config.OperatorsConfig)1
