use of com.tremolosecurity.provisioning.core.User in project OpenUnison by TremoloSecurity.
the class AddGroupsFromProvisioningTarget method postSearchEntry.
public void postSearchEntry(PostSearchEntryInterceptorChain chain, Entry entry, DistinguishedName base, Int scope, Filter filter, ArrayList<Attribute> attributes, Bool typesOnly, LDAPSearchConstraints constraints) throws LDAPException {
chain.nextPostSearchEntry(entry, base, scope, filter, attributes, typesOnly, constraints);
if (logger.isDebugEnabled()) {
logger.debug("in post search entry");
}
boolean addAttr = false;
if (attributes == null || attributes.size() == 0 || attributes.get(0).getAttribute().getName().equalsIgnoreCase("*")) {
addAttr = true;
}
if (addAttr) {
for (Attribute attr : attributes) {
if (attr.getAttribute().getName().equalsIgnoreCase(this.attributeName)) {
addAttr = true;
break;
}
}
}
if (logger.isDebugEnabled()) {
logger.debug("Adding attribute : '" + addAttr + "'");
}
if (addAttr) {
// LDAPAttribute attr = new LDAPAttribute(this.attributeName);
try {
StringBuffer b = new StringBuffer();
LDAPAttribute userID = entry.getEntry().getAttribute(this.uidAttribute);
if (logger.isDebugEnabled()) {
logger.debug("Looking up user : '" + userID + "'");
}
if (userID != null) {
User user = GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getTarget(targetName).findUser(userID.getStringValue(), new HashMap<String, Object>());
if (logger.isDebugEnabled()) {
logger.debug("User returned : '" + user + "'");
}
if (user != null) {
if (logger.isDebugEnabled()) {
logger.debug("User groups : '" + user.getGroups() + "'");
}
if (user.getGroups().size() > 0) {
LDAPAttribute attr = entry.getEntry().getAttributeSet().getAttribute(this.attributeName);
if (attr == null) {
attr = new LDAPAttribute(this.attributeName);
entry.getEntry().getAttributeSet().add(attr);
}
if (this.targetRoleAttribute == null || this.targetRoleAttribute.isEmpty()) {
for (String groupName : user.getGroups()) {
b.setLength(0);
if (this.label.isEmpty()) {
b.append(groupName);
} else {
b.append(this.label).append(" - ").append(groupName);
}
attr.addValue(b.toString());
}
} else {
com.tremolosecurity.saml.Attribute targetAttr = user.getAttribs().get(this.targetRoleAttribute);
if (targetAttr != null) {
for (String val : targetAttr.getValues()) {
b.setLength(0);
b.append(this.label).append(" - ").append(val);
attr.addValue(b.toString());
}
}
}
}
}
}
} catch (Throwable t) {
logger.warn("Could not load user : '" + t.getMessage() + "'");
if (logger.isDebugEnabled()) {
logger.debug(t);
}
}
}
}
use of com.tremolosecurity.provisioning.core.User in project OpenUnison by TremoloSecurity.
the class ModuleType method syncUser.
@Override
public void syncUser(User user, boolean addOnly, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
ModuleType mt = this.getModuleType(request);
int userID = 0;
int approvalID = 0;
int workflow = 0;
if (request.containsKey("TREMOLO_USER_ID")) {
userID = (Integer) request.get("TREMOLO_USER_ID");
}
if (request.containsKey("APPROVAL_ID")) {
approvalID = (Integer) request.get("APPROVAL_ID");
}
if (request.containsKey("WORKFLOW_ID")) {
workflow = (Integer) request.get("WORKFLOW_ID");
}
try {
String sessionId = sugarLogin();
Map<String, String> toAdd = new HashMap<String, String>();
Map<String, String> toReplace = new HashMap<String, String>();
Map<String, String> toDelete = new HashMap<String, String>();
Gson gson = new Gson();
Set<String> nattribs = new HashSet<String>();
nattribs.addAll(attributes);
nattribs.add("id");
User foundUser = null;
try {
foundUser = this.findUser(user.getUserID(), nattribs, request);
} catch (Exception e) {
this.createUser(user, attributes, request);
return;
}
Map<String, String> nvps = new HashMap<String, String>();
nvps.put("id", foundUser.getAttribs().get("id").getValues().get(0));
for (String attrName : user.getAttribs().keySet()) {
if (!attributes.contains(attrName)) {
continue;
}
if (attrName.equalsIgnoreCase("account_name")) {
String id = this.getAccountId(user.getAttribs().get(attrName).getValues().get(0), sessionId);
nvps.put("account_id", id);
}
foundUser.getAttribs().put(attrName, new Attribute(attrName, user.getAttribs().get(attrName).getValues().get(0)));
}
if (!addOnly) {
for (String attrName : foundUser.getAttribs().keySet()) {
if (!user.getAttribs().containsKey(attrName) && !attributes.contains(attrName) && !attrName.equalsIgnoreCase("id")) {
foundUser.getAttribs().put(attrName, new Attribute(attrName, ""));
}
}
}
for (String attrName : foundUser.getAttribs().keySet()) {
nvps.put(attrName, foundUser.getAttribs().get(attrName).getValues().get(0));
}
SugarEntry newContact = new SugarEntry();
newContact.setSession(sessionId);
newContact.setModule(mt.name);
newContact.setName_value_list(nvps);
String createUserJSON = gson.toJson(newContact);
execJson(createUserJSON, "set_entry");
} catch (Exception e) {
throw new ProvisioningException("Could not sync user", e);
}
}
use of com.tremolosecurity.provisioning.core.User in project OpenUnison by TremoloSecurity.
the class AuthLockoutInsert method updateFailedAttrs.
private void updateFailedAttrs(LDAPEntry entry) throws LDAPException {
LDAPAttribute numFails = entry.getAttribute(this.numFailedAttribute);
int fails = 0;
if (numFails != null) {
fails = Integer.parseInt(numFails.getStringValue());
}
fails++;
String uid = entry.getAttribute(this.uidAttributeName).getStringValue();
User updateAttrs = new User(uid);
updateAttrs.getAttribs().put(this.lastFailedAttribute, new com.tremolosecurity.saml.Attribute(this.lastFailedAttribute, Long.toString(new DateTime(DateTimeZone.UTC).getMillis())));
updateAttrs.getAttribs().put(this.numFailedAttribute, new com.tremolosecurity.saml.Attribute(this.numFailedAttribute, Integer.toString(fails)));
updateAttrs.getAttribs().put(this.uidAttributeName, new com.tremolosecurity.saml.Attribute(this.uidAttributeName, uid));
HashMap<String, Object> wfReq = new HashMap<String, Object>();
wfReq.put(ProvisioningParams.UNISON_EXEC_TYPE, ProvisioningParams.UNISON_EXEC_SYNC);
try {
GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getWorkFlow(this.updateAttributesWorkflow).executeWorkflow(updateAttrs, wfReq);
} catch (ProvisioningException e) {
throw new LDAPException("Could not update compliance attribute", LDAPException.OPERATIONS_ERROR, "Operations Error", e);
}
}
use of com.tremolosecurity.provisioning.core.User in project OpenUnison by TremoloSecurity.
the class AuthLockoutInsert method updateSuccessAttrs.
private void updateSuccessAttrs(LDAPEntry entry) throws LDAPException {
int fails = 0;
String uid = entry.getAttribute(this.uidAttributeName).getStringValue();
User updateAttrs = new User(uid);
updateAttrs.getAttribs().put(this.lastSucceedAttribute, new com.tremolosecurity.saml.Attribute(this.lastSucceedAttribute, Long.toString(new DateTime(DateTimeZone.UTC).getMillis())));
updateAttrs.getAttribs().put(this.numFailedAttribute, new com.tremolosecurity.saml.Attribute(this.numFailedAttribute, Integer.toString(fails)));
updateAttrs.getAttribs().put(this.uidAttributeName, new com.tremolosecurity.saml.Attribute(this.uidAttributeName, uid));
HashMap<String, Object> wfReq = new HashMap<String, Object>();
wfReq.put(ProvisioningParams.UNISON_EXEC_TYPE, ProvisioningParams.UNISON_EXEC_SYNC);
try {
GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getWorkFlow(this.updateAttributesWorkflow).executeWorkflow(updateAttrs, wfReq);
} catch (ProvisioningException e) {
throw new LDAPException("Could not update compliance attribute", LDAPException.OPERATIONS_ERROR, "Operations Error", e);
}
}
use of com.tremolosecurity.provisioning.core.User in project OpenUnison by TremoloSecurity.
the class AuthManagerImpl method finishSuccessfulLogin.
/* (non-Javadoc)
* @see com.tremolosecurity.proxy.auth.sys.AuthManager#finishSuccessfulLogin(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, com.tremolosecurity.config.util.UrlHolder, com.tremolosecurity.config.xml.AuthChainType, com.tremolosecurity.proxy.auth.RequestHolder, com.tremolosecurity.proxy.auth.AuthController, com.tremolosecurity.proxy.util.NextSys)
*/
@Override
public boolean finishSuccessfulLogin(HttpServletRequest req, HttpServletResponse resp, UrlHolder holder, AuthChainType act, RequestHolder reqHolder, AuthController actl, NextSys next) throws IOException, ServletException {
ConfigManager cfg = (ConfigManager) req.getAttribute(ProxyConstants.TREMOLO_CFG_OBJ);
AuthInfo ai = actl.getAuthInfo();
ai.setAuthComplete(true);
StringBuffer msg = new StringBuffer();
msg.append(act.getLevel()).append(" / ").append(act.getName());
AccessLog.log(AccessEvent.AuSuccess, holder.getApp(), req, ai, msg.toString());
StringBuffer redirURL;
if (reqHolder == null) {
Cookie sessionCookieName = new Cookie("autoIdmSessionCookieName", "DNE");
String domain = ProxyTools.getInstance().getCookieDomain(holder.getApp().getCookieConfig(), req);
if (domain != null) {
sessionCookieName.setDomain(domain);
}
sessionCookieName.setPath("/");
sessionCookieName.setMaxAge(0);
sessionCookieName.setSecure(false);
// resp.addCookie(sessionCookieName);
if ((holder.getApp() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig().isCookiesEnabled() == null) || holder.getApp().getCookieConfig().isCookiesEnabled()) {
ProxyResponse.addCookieToResponse(holder, sessionCookieName, (HttpServletResponse) ((ProxyResponse) resp).getResponse());
}
Cookie appCookieName = new Cookie("autoIdmAppName", "DNE");
if (domain != null) {
appCookieName.setDomain(domain);
}
appCookieName.setPath("/");
appCookieName.setMaxAge(0);
appCookieName.setSecure(false);
// resp.addCookie(appCookieName);
if ((holder.getApp() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig().isCookiesEnabled() == null) || holder.getApp().getCookieConfig().isCookiesEnabled()) {
ProxyResponse.addCookieToResponse(holder, appCookieName, (HttpServletResponse) ((ProxyResponse) resp).getResponse());
}
AuthMgrSys ams = new AuthMgrSys(null);
try {
ams.processAuthResp(req, resp, holder, new Boolean(true));
} catch (InstantiationException | IllegalAccessException | ClassNotFoundException e) {
throw new ServletException("Could not initialize custom response", e);
}
return true;
} else {
switch(reqHolder.getMethod()) {
case GET:
redirURL = getGetRedirectURL(reqHolder);
Cookie sessionCookieName = new Cookie("autoIdmSessionCookieName", "DNE");
String domain = ProxyTools.getInstance().getCookieDomain(holder.getApp().getCookieConfig(), req);
if (domain != null) {
sessionCookieName.setDomain(domain);
}
sessionCookieName.setPath("/");
sessionCookieName.setMaxAge(0);
sessionCookieName.setSecure(false);
// resp.addCookie(sessionCookieName);
if ((holder.getApp() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig().isCookiesEnabled() == null) || holder.getApp().getCookieConfig().isCookiesEnabled()) {
ProxyResponse.addCookieToResponse(holder, sessionCookieName, (HttpServletResponse) ((ProxyResponse) resp).getResponse());
}
Cookie appCookieName = new Cookie("autoIdmAppName", "DNE");
if (domain != null) {
appCookieName.setDomain(domain);
}
appCookieName.setPath("/");
appCookieName.setMaxAge(0);
appCookieName.setSecure(false);
// resp.addCookie(appCookieName);
if ((holder.getApp() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig().isCookiesEnabled() == null) || holder.getApp().getCookieConfig().isCookiesEnabled()) {
ProxyResponse.addCookieToResponse(holder, appCookieName, (HttpServletResponse) ((ProxyResponse) resp).getResponse());
}
break;
case POST:
redirURL = new StringBuffer(holder.getConfig().getAuthFormsPath()).append("postPreservation.jsp");
break;
default:
redirURL = new StringBuffer(reqHolder.getURL());
}
req.setAttribute(AuthMgrSys.AU_RES, new Boolean(true));
AuthMgrSys ams = new AuthMgrSys(null);
try {
ams.processAuthResp(req, resp, holder, new Boolean(true));
} catch (InstantiationException | IllegalAccessException | ClassNotFoundException e) {
throw new ServletException("Could not initialize custom response", e);
}
if (act.getCompliance() != null && act.getCompliance().isEnabled()) {
Attribute uidAttribute = actl.getAuthInfo().getAttribs().get(act.getCompliance().getUidAttributeName());
if (uidAttribute != null) {
String uid = uidAttribute.getValues().get(0);
User updateAttrs = new User(uid);
updateAttrs.getAttribs().put(act.getCompliance().getLastSucceedAttribute(), new Attribute(act.getCompliance().getLastSucceedAttribute(), Long.toString(new DateTime(DateTimeZone.UTC).getMillis())));
updateAttrs.getAttribs().put(act.getCompliance().getNumFailedAttribute(), new Attribute(act.getCompliance().getNumFailedAttribute(), "0"));
updateAttrs.getAttribs().put(act.getCompliance().getUidAttributeName(), new Attribute(act.getCompliance().getUidAttributeName(), uid));
if (GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getUserAttrbiutes() != null) {
for (String attrName : GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getUserAttrbiutes()) {
Attribute fromAuth = ai.getAttribs().get(attrName);
if (fromAuth != null) {
Attribute attrForWF = new Attribute(attrName);
attrForWF.getValues().addAll(fromAuth.getValues());
updateAttrs.getAttribs().put(attrName, attrForWF);
}
}
}
HashMap<String, Object> wfReq = new HashMap<String, Object>();
wfReq.put(ProvisioningParams.UNISON_EXEC_TYPE, ProvisioningParams.UNISON_EXEC_SYNC);
try {
holder.getConfig().getProvisioningEngine().getWorkFlow(act.getCompliance().getUpdateAttributesWorkflow()).executeWorkflow(updateAttrs, wfReq);
} catch (ProvisioningException e) {
throw new ServletException("Could not update successful login attribute", e);
}
}
}
// if
// (redirURL.toString().equalsIgnoreCase(req.getRequestURL().toString())
// || ( actl.getAuthSteps().size() == 1 && !
// req.getRequestURI().startsWith(cfg.getAuthPath()))) {
PostAuthSuccess postAuth = (PostAuthSuccess) req.getAttribute(PostAuthSuccess.POST_AUTH_ACTION);
if (postAuth != null) {
postAuth.runAfterSuccessfulAuthentication(req, resp, holder, act, reqHolder, actl, next);
} else if (!req.getRequestURI().startsWith(cfg.getAuthPath())) {
next.nextSys(req, resp);
} else {
resp.sendRedirect(redirURL.toString());
}
return false;
}
}
Aggregations