Example 26 with User
use of com.tremolosecurity.provisioning.core.User in project OpenUnison by TremoloSecurity.
the class AddGroupsFromProvisioningTarget method postSearchEntry.
public void postSearchEntry(PostSearchEntryInterceptorChain chain, Entry entry, DistinguishedName base, Int scope, Filter filter, ArrayList<Attribute> attributes, Bool typesOnly, LDAPSearchConstraints constraints) throws LDAPException {
chain.nextPostSearchEntry(entry, base, scope, filter, attributes, typesOnly, constraints);
if (logger.isDebugEnabled()) {
logger.debug("in post search entry");
}
boolean addAttr = false;
if (attributes == null || attributes.size() == 0 || attributes.get(0).getAttribute().getName().equalsIgnoreCase("*")) {
addAttr = true;
}
if (addAttr) {
for (Attribute attr : attributes) {
if (attr.getAttribute().getName().equalsIgnoreCase(this.attributeName)) {
addAttr = true;
break;
}
}
}
if (logger.isDebugEnabled()) {
logger.debug("Adding attribute : '" + addAttr + "'");
}
if (addAttr) {
// LDAPAttribute attr = new LDAPAttribute(this.attributeName);
try {
StringBuffer b = new StringBuffer();
LDAPAttribute userID = entry.getEntry().getAttribute(this.uidAttribute);
if (logger.isDebugEnabled()) {
logger.debug("Looking up user : '" + userID + "'");
}
if (userID != null) {
User user = GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getTarget(targetName).findUser(userID.getStringValue(), new HashMap<String, Object>());
if (logger.isDebugEnabled()) {
logger.debug("User returned : '" + user + "'");
}
if (user != null) {
if (logger.isDebugEnabled()) {
logger.debug("User groups : '" + user.getGroups() + "'");
}
if (user.getGroups().size() > 0) {
LDAPAttribute attr = entry.getEntry().getAttributeSet().getAttribute(this.attributeName);
if (attr == null) {
attr = new LDAPAttribute(this.attributeName);
entry.getEntry().getAttributeSet().add(attr);
}
if (this.targetRoleAttribute == null || this.targetRoleAttribute.isEmpty()) {
for (String groupName : user.getGroups()) {
b.setLength(0);
if (this.label.isEmpty()) {
b.append(groupName);
} else {
b.append(this.label).append(" - ").append(groupName);
}
attr.addValue(b.toString());
}
} else {
com.tremolosecurity.saml.Attribute targetAttr = user.getAttribs().get(this.targetRoleAttribute);
if (targetAttr != null) {
for (String val : targetAttr.getValues()) {
b.setLength(0);
b.append(this.label).append(" - ").append(val);
attr.addValue(b.toString());
}
}
}
}
}
}
} catch (Throwable t) {
logger.warn("Could not load user : '" + t.getMessage() + "'");
if (logger.isDebugEnabled()) {
logger.debug(t);
}
}
}
}
Also used :
LDAPAttribute(com.novell.ldap.LDAPAttribute)
User(com.tremolosecurity.provisioning.core.User)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
Attribute(net.sourceforge.myvd.types.Attribute)
Example 27 with User
use of com.tremolosecurity.provisioning.core.User in project OpenUnison by TremoloSecurity.
the class ModuleType method syncUser.
@Override
public void syncUser(User user, boolean addOnly, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
ModuleType mt = this.getModuleType(request);
int userID = 0;
int approvalID = 0;
int workflow = 0;
if (request.containsKey("TREMOLO_USER_ID")) {
userID = (Integer) request.get("TREMOLO_USER_ID");
}
if (request.containsKey("APPROVAL_ID")) {
approvalID = (Integer) request.get("APPROVAL_ID");
}
if (request.containsKey("WORKFLOW_ID")) {
workflow = (Integer) request.get("WORKFLOW_ID");
}
try {
String sessionId = sugarLogin();
Map<String, String> toAdd = new HashMap<String, String>();
Map<String, String> toReplace = new HashMap<String, String>();
Map<String, String> toDelete = new HashMap<String, String>();
Gson gson = new Gson();
Set<String> nattribs = new HashSet<String>();
nattribs.addAll(attributes);
nattribs.add("id");
User foundUser = null;
try {
foundUser = this.findUser(user.getUserID(), nattribs, request);
} catch (Exception e) {
this.createUser(user, attributes, request);
return;
}
Map<String, String> nvps = new HashMap<String, String>();
nvps.put("id", foundUser.getAttribs().get("id").getValues().get(0));
for (String attrName : user.getAttribs().keySet()) {
if (!attributes.contains(attrName)) {
continue;
}
if (attrName.equalsIgnoreCase("account_name")) {
String id = this.getAccountId(user.getAttribs().get(attrName).getValues().get(0), sessionId);
nvps.put("account_id", id);
}
foundUser.getAttribs().put(attrName, new Attribute(attrName, user.getAttribs().get(attrName).getValues().get(0)));
}
if (!addOnly) {
for (String attrName : foundUser.getAttribs().keySet()) {
if (!user.getAttribs().containsKey(attrName) && !attributes.contains(attrName) && !attrName.equalsIgnoreCase("id")) {
foundUser.getAttribs().put(attrName, new Attribute(attrName, ""));
}
}
}
for (String attrName : foundUser.getAttribs().keySet()) {
nvps.put(attrName, foundUser.getAttribs().get(attrName).getValues().get(0));
}
SugarEntry newContact = new SugarEntry();
newContact.setSession(sessionId);
newContact.setModule(mt.name);
newContact.setName_value_list(nvps);
String createUserJSON = gson.toJson(newContact);
execJson(createUserJSON, "set_entry");
} catch (Exception e) {
throw new ProvisioningException("Could not sync user", e);
}
}
Also used :
User(com.tremolosecurity.provisioning.core.User)
HashMap(java.util.HashMap)
Attribute(com.tremolosecurity.saml.Attribute)
SugarEntry(com.tremolosecurity.provisioning.core.providers.sugarcrm.SugarEntry)
Gson(com.google.gson.Gson)
MalformedCookieException(org.apache.http.cookie.MalformedCookieException)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
ClientProtocolException(org.apache.http.client.ClientProtocolException)
MalformedURLException(java.net.MalformedURLException)
IOException(java.io.IOException)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
HashSet(java.util.HashSet)
Example 28 with User
use of com.tremolosecurity.provisioning.core.User in project OpenUnison by TremoloSecurity.
the class AuthLockoutInsert method updateFailedAttrs.
private void updateFailedAttrs(LDAPEntry entry) throws LDAPException {
LDAPAttribute numFails = entry.getAttribute(this.numFailedAttribute);
int fails = 0;
if (numFails != null) {
fails = Integer.parseInt(numFails.getStringValue());
}
fails++;
String uid = entry.getAttribute(this.uidAttributeName).getStringValue();
User updateAttrs = new User(uid);
updateAttrs.getAttribs().put(this.lastFailedAttribute, new com.tremolosecurity.saml.Attribute(this.lastFailedAttribute, Long.toString(new DateTime(DateTimeZone.UTC).getMillis())));
updateAttrs.getAttribs().put(this.numFailedAttribute, new com.tremolosecurity.saml.Attribute(this.numFailedAttribute, Integer.toString(fails)));
updateAttrs.getAttribs().put(this.uidAttributeName, new com.tremolosecurity.saml.Attribute(this.uidAttributeName, uid));
HashMap<String, Object> wfReq = new HashMap<String, Object>();
wfReq.put(ProvisioningParams.UNISON_EXEC_TYPE, ProvisioningParams.UNISON_EXEC_SYNC);
try {
GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getWorkFlow(this.updateAttributesWorkflow).executeWorkflow(updateAttrs, wfReq);
} catch (ProvisioningException e) {
throw new LDAPException("Could not update compliance attribute", LDAPException.OPERATIONS_ERROR, "Operations Error", e);
}
}
Also used :
LDAPAttribute(com.novell.ldap.LDAPAttribute)
User(com.tremolosecurity.provisioning.core.User)
HashMap(java.util.HashMap)
DateTime(org.joda.time.DateTime)
LDAPException(com.novell.ldap.LDAPException)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
Example 29 with User
use of com.tremolosecurity.provisioning.core.User in project OpenUnison by TremoloSecurity.
the class AuthLockoutInsert method updateSuccessAttrs.
private void updateSuccessAttrs(LDAPEntry entry) throws LDAPException {
int fails = 0;
String uid = entry.getAttribute(this.uidAttributeName).getStringValue();
User updateAttrs = new User(uid);
updateAttrs.getAttribs().put(this.lastSucceedAttribute, new com.tremolosecurity.saml.Attribute(this.lastSucceedAttribute, Long.toString(new DateTime(DateTimeZone.UTC).getMillis())));
updateAttrs.getAttribs().put(this.numFailedAttribute, new com.tremolosecurity.saml.Attribute(this.numFailedAttribute, Integer.toString(fails)));
updateAttrs.getAttribs().put(this.uidAttributeName, new com.tremolosecurity.saml.Attribute(this.uidAttributeName, uid));
HashMap<String, Object> wfReq = new HashMap<String, Object>();
wfReq.put(ProvisioningParams.UNISON_EXEC_TYPE, ProvisioningParams.UNISON_EXEC_SYNC);
try {
GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getWorkFlow(this.updateAttributesWorkflow).executeWorkflow(updateAttrs, wfReq);
} catch (ProvisioningException e) {
throw new LDAPException("Could not update compliance attribute", LDAPException.OPERATIONS_ERROR, "Operations Error", e);
}
}
Also used :
User(com.tremolosecurity.provisioning.core.User)
LDAPException(com.novell.ldap.LDAPException)
HashMap(java.util.HashMap)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
DateTime(org.joda.time.DateTime)
Example 30 with User
use of com.tremolosecurity.provisioning.core.User in project OpenUnison by TremoloSecurity.
the class AuthManagerImpl method finishSuccessfulLogin.
/* (non-Javadoc)
* @see com.tremolosecurity.proxy.auth.sys.AuthManager#finishSuccessfulLogin(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, com.tremolosecurity.config.util.UrlHolder, com.tremolosecurity.config.xml.AuthChainType, com.tremolosecurity.proxy.auth.RequestHolder, com.tremolosecurity.proxy.auth.AuthController, com.tremolosecurity.proxy.util.NextSys)
*/
@Override
public boolean finishSuccessfulLogin(HttpServletRequest req, HttpServletResponse resp, UrlHolder holder, AuthChainType act, RequestHolder reqHolder, AuthController actl, NextSys next) throws IOException, ServletException {
ConfigManager cfg = (ConfigManager) req.getAttribute(ProxyConstants.TREMOLO_CFG_OBJ);
AuthInfo ai = actl.getAuthInfo();
ai.setAuthComplete(true);
StringBuffer msg = new StringBuffer();
msg.append(act.getLevel()).append(" / ").append(act.getName());
AccessLog.log(AccessEvent.AuSuccess, holder.getApp(), req, ai, msg.toString());
StringBuffer redirURL;
if (reqHolder == null) {
Cookie sessionCookieName = new Cookie("autoIdmSessionCookieName", "DNE");
String domain = ProxyTools.getInstance().getCookieDomain(holder.getApp().getCookieConfig(), req);
if (domain != null) {
sessionCookieName.setDomain(domain);
}
sessionCookieName.setPath("/");
sessionCookieName.setMaxAge(0);
sessionCookieName.setSecure(false);
// resp.addCookie(sessionCookieName);
if ((holder.getApp() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig().isCookiesEnabled() == null) || holder.getApp().getCookieConfig().isCookiesEnabled()) {
ProxyResponse.addCookieToResponse(holder, sessionCookieName, (HttpServletResponse) ((ProxyResponse) resp).getResponse());
}
Cookie appCookieName = new Cookie("autoIdmAppName", "DNE");
if (domain != null) {
appCookieName.setDomain(domain);
}
appCookieName.setPath("/");
appCookieName.setMaxAge(0);
appCookieName.setSecure(false);
// resp.addCookie(appCookieName);
if ((holder.getApp() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig().isCookiesEnabled() == null) || holder.getApp().getCookieConfig().isCookiesEnabled()) {
ProxyResponse.addCookieToResponse(holder, appCookieName, (HttpServletResponse) ((ProxyResponse) resp).getResponse());
}
AuthMgrSys ams = new AuthMgrSys(null);
try {
ams.processAuthResp(req, resp, holder, new Boolean(true));
} catch (InstantiationException | IllegalAccessException | ClassNotFoundException e) {
throw new ServletException("Could not initialize custom response", e);
}
return true;
} else {
switch(reqHolder.getMethod()) {
case GET:
redirURL = getGetRedirectURL(reqHolder);
Cookie sessionCookieName = new Cookie("autoIdmSessionCookieName", "DNE");
String domain = ProxyTools.getInstance().getCookieDomain(holder.getApp().getCookieConfig(), req);
if (domain != null) {
sessionCookieName.setDomain(domain);
}
sessionCookieName.setPath("/");
sessionCookieName.setMaxAge(0);
sessionCookieName.setSecure(false);
// resp.addCookie(sessionCookieName);
if ((holder.getApp() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig().isCookiesEnabled() == null) || holder.getApp().getCookieConfig().isCookiesEnabled()) {
ProxyResponse.addCookieToResponse(holder, sessionCookieName, (HttpServletResponse) ((ProxyResponse) resp).getResponse());
}
Cookie appCookieName = new Cookie("autoIdmAppName", "DNE");
if (domain != null) {
appCookieName.setDomain(domain);
}
appCookieName.setPath("/");
appCookieName.setMaxAge(0);
appCookieName.setSecure(false);
// resp.addCookie(appCookieName);
if ((holder.getApp() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig().isCookiesEnabled() == null) || holder.getApp().getCookieConfig().isCookiesEnabled()) {
ProxyResponse.addCookieToResponse(holder, appCookieName, (HttpServletResponse) ((ProxyResponse) resp).getResponse());
}
break;
case POST:
redirURL = new StringBuffer(holder.getConfig().getAuthFormsPath()).append("postPreservation.jsp");
break;
default:
redirURL = new StringBuffer(reqHolder.getURL());
}
req.setAttribute(AuthMgrSys.AU_RES, new Boolean(true));
AuthMgrSys ams = new AuthMgrSys(null);
try {
ams.processAuthResp(req, resp, holder, new Boolean(true));
} catch (InstantiationException | IllegalAccessException | ClassNotFoundException e) {
throw new ServletException("Could not initialize custom response", e);
}
if (act.getCompliance() != null && act.getCompliance().isEnabled()) {
Attribute uidAttribute = actl.getAuthInfo().getAttribs().get(act.getCompliance().getUidAttributeName());
if (uidAttribute != null) {
String uid = uidAttribute.getValues().get(0);
User updateAttrs = new User(uid);
updateAttrs.getAttribs().put(act.getCompliance().getLastSucceedAttribute(), new Attribute(act.getCompliance().getLastSucceedAttribute(), Long.toString(new DateTime(DateTimeZone.UTC).getMillis())));
updateAttrs.getAttribs().put(act.getCompliance().getNumFailedAttribute(), new Attribute(act.getCompliance().getNumFailedAttribute(), "0"));
updateAttrs.getAttribs().put(act.getCompliance().getUidAttributeName(), new Attribute(act.getCompliance().getUidAttributeName(), uid));
if (GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getUserAttrbiutes() != null) {
for (String attrName : GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getUserAttrbiutes()) {
Attribute fromAuth = ai.getAttribs().get(attrName);
if (fromAuth != null) {
Attribute attrForWF = new Attribute(attrName);
attrForWF.getValues().addAll(fromAuth.getValues());
updateAttrs.getAttribs().put(attrName, attrForWF);
}
}
}
HashMap<String, Object> wfReq = new HashMap<String, Object>();
wfReq.put(ProvisioningParams.UNISON_EXEC_TYPE, ProvisioningParams.UNISON_EXEC_SYNC);
try {
holder.getConfig().getProvisioningEngine().getWorkFlow(act.getCompliance().getUpdateAttributesWorkflow()).executeWorkflow(updateAttrs, wfReq);
} catch (ProvisioningException e) {
throw new ServletException("Could not update successful login attribute", e);
}
}
}
// if
// (redirURL.toString().equalsIgnoreCase(req.getRequestURL().toString())
// || ( actl.getAuthSteps().size() == 1 && !
// req.getRequestURI().startsWith(cfg.getAuthPath()))) {
PostAuthSuccess postAuth = (PostAuthSuccess) req.getAttribute(PostAuthSuccess.POST_AUTH_ACTION);
if (postAuth != null) {
postAuth.runAfterSuccessfulAuthentication(req, resp, holder, act, reqHolder, actl, next);
} else if (!req.getRequestURI().startsWith(cfg.getAuthPath())) {
next.nextSys(req, resp);
} else {
resp.sendRedirect(redirURL.toString());
}
return false;
}
}
Also used :
Cookie(javax.servlet.http.Cookie)
ProxyResponse(com.tremolosecurity.proxy.ProxyResponse)
AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo)
User(com.tremolosecurity.provisioning.core.User)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
Attribute(com.tremolosecurity.saml.Attribute)
HashMap(java.util.HashMap)
ConfigManager(com.tremolosecurity.config.util.ConfigManager)
DateTime(org.joda.time.DateTime)
ServletException(javax.servlet.ServletException)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
PostAuthSuccess(com.tremolosecurity.proxy.auth.PostAuthSuccess)
AuthMgrSys(com.tremolosecurity.proxy.auth.AuthMgrSys)
Aggregations
User (com.tremolosecurity.provisioning.core.User)64
ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)44
Attribute (com.tremolosecurity.saml.Attribute)33
IOException (java.io.IOException)25
ArrayList (java.util.ArrayList)21
HttpCon (com.tremolosecurity.provisioning.util.HttpCon)18
LDAPAttribute (com.novell.ldap.LDAPAttribute)17
HashMap (java.util.HashMap)17
Workflow (com.tremolosecurity.provisioning.core.Workflow)16
ClientProtocolException (org.apache.http.client.ClientProtocolException)16
UnsupportedEncodingException (java.io.UnsupportedEncodingException)15
LDAPException (com.novell.ldap.LDAPException)14
HashSet (java.util.HashSet)14
LDAPEntry (com.novell.ldap.LDAPEntry)13
JSONObject (org.json.simple.JSONObject)13
ParseException (org.json.simple.parser.ParseException)13
LDAPSearchResults (com.novell.ldap.LDAPSearchResults)11
JSONArray (org.json.simple.JSONArray)10
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)9
SQLException (java.sql.SQLException)9
