Search in sources :

Example 1 with NextEmbSys

use of com.tremolosecurity.embedd.NextEmbSys in project OpenUnison by TremoloSecurity.

the class UnisonServletFilter method doFilter.

@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
    HttpServletRequest req = new LocalSessionRequest((HttpServletRequest) request);
    HttpServletResponse resp = (HttpServletResponse) response;
    ConfigManager cfg = (ConfigManager) ctx.getAttribute(ProxyConstants.TREMOLO_CONFIG);
    SessionManager sessionMgr = (SessionManager) ctx.getAttribute(ProxyConstants.TREMOLO_SESSION_MANAGER);
    ProxyRequest pr = null;
    try {
        pr = new ProxyRequest((HttpServletRequest) req);
    } catch (Exception e1) {
        logger.error("Unable to create request", e1);
        throw new IOException("Could not create request");
    }
    try {
        req.setAttribute(ProxyConstants.TREMOLO_FILTER_CHAIN, chain);
        NextEmbSys embSys = new NextEmbSys(this.cfg.getServletContext(), chain, passOn);
        /*System.err.println("*** Begin Request ****");
			System.err.println("url = '" + ((HttpServletRequest)req).getRequestURL() + "'");
			Cookie[] cookies = ((HttpServletRequest) req).getCookies();
			if (cookies != null) {
				for (Cookie cookie : cookies) {
					System.err.println("'" + cookie.getName() + "'='" + cookie.getValue() + "'");
				}
			}
			System.err.println("*** End Request ****");*/
        String fwdProto = req.getHeader("X-Forwarded-Proto");
        boolean toSSL = false;
        if (cfg.isForceToSSL()) {
            if (fwdProto != null) {
                toSSL = fwdProto.equalsIgnoreCase("http");
            } else {
                toSSL = !req.getRequestURL().toString().toLowerCase().startsWith("https");
            }
        }
        if (toSSL) {
            StringBuffer redirURL = new StringBuffer();
            URL reqURL = new URL(req.getRequestURL().toString());
            redirURL.append("https://").append(reqURL.getHost());
            if (cfg.getExternalSecurePort() != 443) {
                redirURL.append(":").append(cfg.getSecurePort());
            }
            redirURL.append(reqURL.getPath());
            if (reqURL.getQuery() != null) {
                redirURL.append('?').append(reqURL.getQuery());
            }
            resp.sendRedirect(redirURL.toString());
            return;
        }
        // add hsts
        if (GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getApplications().isHsts()) {
            StringBuffer sb = new StringBuffer();
            sb.append("max-age=").append(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getApplications().getHstsTTL()).append(" ; includeSubDomains");
            resp.addHeader("Strict-Transport-Security", sb.toString());
        }
        req.setAttribute(ProxyConstants.TREMOLO_CFG_OBJ, cfg);
        HttpServletRequest servReq = (HttpServletRequest) req;
        String URL;
        HttpSession sharedSession = null;
        UrlHolder holder = null;
        URL = servReq.getRequestURL().toString();
        holder = cfg.findURL(URL);
        boolean isForcedAuth = false;
        RequestHolder reqHolder = null;
        String sessionCookieName = req.getParameter("sessionCookie");
        if (sessionCookieName == null) {
            Cookie[] cookies = ((HttpServletRequest) req).getCookies();
            if (cookies != null) {
                for (int i = 0; i < cookies.length; i++) {
                    if (cookies[i].getName().equals("autoIdmSessionCookieName")) {
                        sessionCookieName = cookies[i].getValue();
                    }
                }
            }
        }
        if (sessionCookieName == null) {
        } else {
        }
        if (holder == null) {
            // check the session
            sharedSession = sessionMgr.getSession(sessionCookieName, holder, ((HttpServletRequest) req), ((HttpServletResponse) resp), this.ctx);
            if (sharedSession != null) {
                AuthController actl = (AuthController) sharedSession.getAttribute(ProxyConstants.AUTH_CTL);
                if (actl.getHolder() != null) {
                    URL = ((AuthController) sharedSession.getAttribute(ProxyConstants.AUTH_CTL)).getHolder().getURL();
                    holder = cfg.findURL(URL);
                }
            }
        } else {
            sharedSession = sessionMgr.getSession(holder, ((HttpServletRequest) req), ((HttpServletResponse) resp), this.ctx);
        }
        // LocalSessionRequest lsr = new LocalSessionRequest((HttpServletRequest)req,sharedSession);
        if (sharedSession != null) {
            pr.setSession(sharedSession);
        }
        if ((holder == null || holder.getUrl().getUri().equalsIgnoreCase("/")) && req.getRequestURI().startsWith(cfg.getAuthPath()) && sessionCookieName == null) {
            // if (req.getRequestURI().startsWith("/auth/")) {
            AuthMechanism authMech = cfg.getAuthMech(((HttpServletRequest) req).getRequestURI());
            if (authMech != null) {
                String finalURL = authMech.getFinalURL(pr, resp);
                if (resp.getStatus() == 302) {
                    // redirect sent, stop processing
                    return;
                }
                if (finalURL != null) {
                    holder = cfg.findURL(finalURL);
                    if (holder != null) {
                        String urlChain = holder.getUrl().getAuthChain();
                        AuthChainType act = holder.getConfig().getAuthChains().get(urlChain);
                        HashMap<String, Attribute> params = new HashMap<String, Attribute>();
                        ProxyUtil.loadParams(req, params);
                        if (req instanceof ProxyRequest) {
                            reqHolder = new RequestHolder(HTTPMethod.GET, params, finalURL, true, act.getName(), ((ProxyRequest) req).getQueryStringParams());
                        } else {
                            reqHolder = new RequestHolder(HTTPMethod.GET, params, finalURL, true, act.getName(), ((com.tremolosecurity.embedd.LocalSessionRequest) req).getQueryStringParams());
                        }
                        isForcedAuth = true;
                        sharedSession = sessionMgr.getSession(holder, ((HttpServletRequest) req), ((HttpServletResponse) resp), this.ctx);
                        if (sharedSession != null) {
                            pr.setSession(sharedSession);
                        }
                        Cookie lsessionCookieName = new Cookie("autoIdmSessionCookieName", holder.getApp().getCookieConfig().getSessionCookieName());
                        String domain = ProxyTools.getInstance().getCookieDomain(holder.getApp().getCookieConfig(), req);
                        if (domain != null) {
                            lsessionCookieName.setDomain(domain);
                        }
                        lsessionCookieName.setPath("/");
                        lsessionCookieName.setMaxAge(-1);
                        lsessionCookieName.setSecure(false);
                        if ((holder.getApp() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig().isCookiesEnabled() == null) || holder.getApp().getCookieConfig().isCookiesEnabled()) {
                            ProxyResponse.addCookieToResponse(holder, lsessionCookieName, (HttpServletResponse) response);
                        }
                        Cookie appCookieName = new Cookie("autoIdmAppName", URLEncoder.encode(holder.getApp().getName(), "UTF-8"));
                        if (domain != null) {
                            appCookieName.setDomain(domain);
                        }
                        appCookieName.setPath("/");
                        appCookieName.setMaxAge(-1);
                        appCookieName.setSecure(false);
                        if ((holder.getApp() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig().isCookiesEnabled() == null) || holder.getApp().getCookieConfig().isCookiesEnabled()) {
                            ProxyResponse.addCookieToResponse(holder, appCookieName, (HttpServletResponse) response);
                        }
                    // resp.addCookie(appCookieName);
                    }
                }
            }
        }
        req.setAttribute(ProxyConstants.AUTOIDM_CFG, holder);
        req.setAttribute(ProxyConstants.TREMOLO_IS_FORCED_AUTH, isForcedAuth);
        req.setAttribute(ProxyConstants.TREMOLO_REQ_HOLDER, reqHolder);
        if (!resp.isCommitted()) {
            embSys.nextSys(pr, (HttpServletResponse) resp);
        }
    } catch (Exception e) {
        req.setAttribute("TREMOLO_ERROR_REQUEST_URL", req.getRequestURL().toString());
        req.setAttribute("TREMOLO_ERROR_EXCEPTION", e);
        logger.error("Could not process request", e);
        StringBuffer b = new StringBuffer();
        b.append(cfg.getAuthFormsPath()).append("error.jsp");
        req.getRequestDispatcher(b.toString()).forward(pr, resp);
    }
}
Also used : Attribute(com.tremolosecurity.saml.Attribute) HashMap(java.util.HashMap) NextEmbSys(com.tremolosecurity.embedd.NextEmbSys) RequestHolder(com.tremolosecurity.proxy.auth.RequestHolder) URL(java.net.URL) HttpServletRequest(javax.servlet.http.HttpServletRequest) LocalSessionRequest(com.tremolosecurity.embedd.LocalSessionRequest) UrlHolder(com.tremolosecurity.config.util.UrlHolder) AuthMechanism(com.tremolosecurity.proxy.auth.AuthMechanism) ProxyRequest(com.tremolosecurity.proxy.ProxyRequest) AuthChainType(com.tremolosecurity.config.xml.AuthChainType) Cookie(javax.servlet.http.Cookie) SessionManager(com.tremolosecurity.proxy.SessionManager) HttpSession(javax.servlet.http.HttpSession) HttpServletResponse(javax.servlet.http.HttpServletResponse) IOException(java.io.IOException) AuthController(com.tremolosecurity.proxy.auth.AuthController) ConfigManager(com.tremolosecurity.config.util.ConfigManager) ServletException(javax.servlet.ServletException) IOException(java.io.IOException)

Aggregations

ConfigManager (com.tremolosecurity.config.util.ConfigManager)1 UrlHolder (com.tremolosecurity.config.util.UrlHolder)1 AuthChainType (com.tremolosecurity.config.xml.AuthChainType)1 LocalSessionRequest (com.tremolosecurity.embedd.LocalSessionRequest)1 NextEmbSys (com.tremolosecurity.embedd.NextEmbSys)1 ProxyRequest (com.tremolosecurity.proxy.ProxyRequest)1 SessionManager (com.tremolosecurity.proxy.SessionManager)1 AuthController (com.tremolosecurity.proxy.auth.AuthController)1 AuthMechanism (com.tremolosecurity.proxy.auth.AuthMechanism)1 RequestHolder (com.tremolosecurity.proxy.auth.RequestHolder)1 Attribute (com.tremolosecurity.saml.Attribute)1 IOException (java.io.IOException)1 URL (java.net.URL)1 HashMap (java.util.HashMap)1 ServletException (javax.servlet.ServletException)1 Cookie (javax.servlet.http.Cookie)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 HttpServletResponse (javax.servlet.http.HttpServletResponse)1 HttpSession (javax.servlet.http.HttpSession)1