Example 6 with Approvals
use of com.tremolosecurity.provisioning.objects.Approvals in project OpenUnison by TremoloSecurity.
the class Approver method doTask.
@Override
public boolean doTask(User user, Map<String, Object> request) throws ProvisioningException {
if (this.isOnHold()) {
return runChildTasks(user, request);
} else {
Session session = this.getConfigManager().getProvisioningEngine().getHibernateSessionFactory().openSession();
try {
session.beginTransaction();
DateTime now = new DateTime();
Approvals approval = new Approvals();
approval.setLabel(this.renderTemplate(this.label, request));
approval.setWorkflow(this.getWorkflow().getFromDB(session));
approval.setCreateTs(new Timestamp(now.getMillis()));
session.save(approval);
this.id = approval.getId();
// request.put("APPROVAL_ID", Integer.toString(this.id));
request.put("APPROVAL_ID", this.id);
if (request.get(Approval.APPROVAL_RESULT) != null) {
request.remove(Approval.APPROVAL_RESULT);
}
this.setOnHold(true);
Gson gson = new Gson();
String json = "";
synchronized (this.getWorkflow()) {
json = JsonWriter.objectToJson(this.getWorkflow());
}
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, this.getConfigManager().getSecretKey(this.getConfigManager().getCfg().getProvisioning().getApprovalDB().getEncryptionKey()));
byte[] encJson = cipher.doFinal(json.getBytes("UTF-8"));
String base64d = new String(org.bouncycastle.util.encoders.Base64.encode(encJson));
Token token = new Token();
token.setEncryptedRequest(base64d);
token.setIv(new String(org.bouncycastle.util.encoders.Base64.encode(cipher.getIV())));
// String base64 = new String(org.bouncycastle.util.encoders.Base64.encode(baos.toByteArray()));
approval.setWorkflowObj(gson.toJson(token));
session.save(approval);
boolean sendNotification = true;
if (request.containsKey(Approval.SEND_NOTIFICATION) && request.get(Approval.SEND_NOTIFICATION).equals("false")) {
sendNotification = false;
}
String localTemplate = this.renderTemplate(this.emailTemplate, request);
for (Approver approver : this.approvers) {
String[] localParams = null;
localParams = renderCustomParameters(request, approver, localParams);
String constraintRendered = this.renderTemplate(approver.constraint, request);
switch(approver.type) {
case StaticGroup:
AzUtils.loadStaticGroupApprovers(approval, localTemplate, this.getConfigManager(), session, id, constraintRendered, sendNotification);
break;
case Filter:
AzUtils.loadFilterApprovers(approval, localTemplate, this.getConfigManager(), session, id, constraintRendered, sendNotification);
break;
case DN:
AzUtils.loadDNApprovers(approval, localTemplate, this.getConfigManager(), session, id, constraintRendered, sendNotification);
break;
case Custom:
AzUtils.loadCustomApprovers(approval, localTemplate, this.getConfigManager(), session, id, constraintRendered, sendNotification, approver.customAz, localParams);
break;
}
}
session.getTransaction().commit();
if (request.get(Approval.IMMEDIATE_ACTION) != null && request.get(Approval.REASON) != null) {
String reason = (String) request.get(Approval.REASON);
boolean action = false;
Object tmp = request.get(Approval.IMMEDIATE_ACTION);
if (tmp instanceof String) {
action = tmp.equals("true");
} else {
action = (boolean) tmp;
}
try {
GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().doApproval(this.id, this.getWorkflow().getRequester().getUserID(), action, reason);
} catch (ProvisioningException pe) {
logger.warn("Could not execute pre-approval", pe);
}
}
return false;
} catch (IOException e) {
throw new ProvisioningException("Could not store approval", e);
} catch (NoSuchAlgorithmException e) {
throw new ProvisioningException("Could not encrypt workflow object", e);
} catch (NoSuchPaddingException e) {
throw new ProvisioningException("Could not encrypt workflow object", e);
} catch (InvalidKeyException e) {
throw new ProvisioningException("Could not encrypt workflow object", e);
} catch (IllegalBlockSizeException e) {
throw new ProvisioningException("Could not encrypt workflow object", e);
} catch (BadPaddingException e) {
throw new ProvisioningException("Could not encrypt workflow object", e);
} finally {
if (session != null) {
if (session.getTransaction() != null && session.getTransaction().getStatus() == TransactionStatus.ACTIVE) {
session.getTransaction().rollback();
}
session.close();
}
}
}
}
Also used :
Approvals(com.tremolosecurity.provisioning.objects.Approvals)
Gson(com.google.gson.Gson)
NoSuchPaddingException(javax.crypto.NoSuchPaddingException)
IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException)
Token(com.tremolosecurity.json.Token)
IOException(java.io.IOException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
BadPaddingException(javax.crypto.BadPaddingException)
InvalidKeyException(java.security.InvalidKeyException)
Timestamp(java.sql.Timestamp)
DateTime(org.joda.time.DateTime)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
Cipher(javax.crypto.Cipher)
Session(org.hibernate.Session)
Example 7 with Approvals
use of com.tremolosecurity.provisioning.objects.Approvals in project OpenUnison by TremoloSecurity.
the class Approver method updateAllowedApprovals.
public boolean updateAllowedApprovals(Session session, ConfigManager cfg, Map<String, Object> request) throws ProvisioningException, SQLException {
boolean updateObj = false;
boolean localFail = false;
Approvals approvalObj = session.load(Approvals.class, this.id);
if (!this.failed && this.escalationRules != null && !this.escalationRules.isEmpty()) {
boolean continueLooking = true;
for (EscalationRule rule : this.escalationRules) {
if (!rule.isCompleted() && continueLooking) {
RunOptions res = rule.shouldExecute(this.getWorkflow().getUser());
switch(res) {
case notReadyYet:
continueLooking = false;
break;
case run:
continueLooking = false;
this.azRules.clear();
this.azRules.addAll(rule.getAzRules());
this.approvers = new ArrayList<Approver>();
for (AzRule azr : this.azRules) {
Approver approver = new Approver();
if (azr.getScope() == ScopeType.Filter) {
approver.type = ApproverType.Filter;
} else if (azr.getScope() == ScopeType.Group) {
approver.type = ApproverType.StaticGroup;
} else if (azr.getScope() == ScopeType.DN) {
approver.type = ApproverType.DN;
} else if (azr.getScope() == ScopeType.DynamicGroup) {
approver.type = ApproverType.DynamicGroup;
} else if (azr.getScope() == ScopeType.Custom) {
approver.type = ApproverType.Custom;
approver.customAz = azr.getCustomAuthorization();
}
approver.constraint = azr.getConstraint();
setupCustomParameters(approver);
this.approvers.add(approver);
}
if (this.approvers.size() == 0 && this.failOnNoAZ) {
this.azRules = this.failureAzRules;
this.approvers = new ArrayList<Approver>();
for (AzRule azr : this.azRules) {
Approver approver = new Approver();
if (azr.getScope() == ScopeType.Filter) {
approver.type = ApproverType.Filter;
} else if (azr.getScope() == ScopeType.Group) {
approver.type = ApproverType.StaticGroup;
} else if (azr.getScope() == ScopeType.DN) {
approver.type = ApproverType.DN;
} else if (azr.getScope() == ScopeType.DynamicGroup) {
approver.type = ApproverType.DynamicGroup;
} else if (azr.getScope() == ScopeType.Custom) {
approver.type = ApproverType.Custom;
approver.customAz = azr.getCustomAuthorization();
approver.params = azr.getCustomParameters();
}
approver.constraint = azr.getConstraint();
this.approvers.add(approver);
}
}
updateObj = true;
rule.setCompleted(true);
Escalation escalation = new Escalation();
escalation.setApprovals(approvalObj);
escalation.setWhenTs(new Timestamp(new DateTime().getMillis()));
session.save(escalation);
break;
case stopEscalating:
continueLooking = false;
localFail = true;
updateObj = true;
break;
}
}
}
}
boolean foundApprovers = false;
Approvals approval = session.load(Approvals.class, this.id);
if (!session.isJoinedToTransaction()) {
session.beginTransaction();
}
for (Approver approver : this.approvers) {
String constraintRendered = this.renderTemplate(approver.constraint, request);
String[] localParams = null;
localParams = renderCustomParameters(request, approver, localParams);
switch(approver.type) {
case StaticGroup:
foundApprovers |= AzUtils.loadStaticGroupApprovers(approval, this.emailTemplate, cfg, session, id, constraintRendered, false);
break;
case Filter:
foundApprovers |= AzUtils.loadFilterApprovers(approval, this.emailTemplate, cfg, session, id, constraintRendered, false);
break;
case DN:
foundApprovers |= AzUtils.loadDNApprovers(approval, this.emailTemplate, cfg, session, id, constraintRendered, false);
break;
case Custom:
foundApprovers |= AzUtils.loadCustomApprovers(approval, this.emailTemplate, cfg, session, id, constraintRendered, false, approver.customAz, localParams);
break;
}
}
if (!this.failed && (!foundApprovers || localFail)) {
if (this.failOnNoAZ) {
this.azRules = this.failureAzRules;
this.approvers = new ArrayList<Approver>();
for (AzRule azr : this.azRules) {
Approver approver = new Approver();
if (azr.getScope() == ScopeType.Filter) {
approver.type = ApproverType.Filter;
} else if (azr.getScope() == ScopeType.Group) {
approver.type = ApproverType.StaticGroup;
} else if (azr.getScope() == ScopeType.DN) {
approver.type = ApproverType.DN;
} else if (azr.getScope() == ScopeType.DynamicGroup) {
approver.type = ApproverType.DynamicGroup;
} else if (azr.getScope() == ScopeType.Custom) {
approver.type = ApproverType.Custom;
approver.customAz = azr.getCustomAuthorization();
approver.params = azr.getCustomParameters();
}
approver.constraint = azr.getConstraint();
this.approvers.add(approver);
}
}
for (Approver approver : this.approvers) {
String constraintRendered = this.renderTemplate(approver.constraint, request);
String[] localParams = null;
localParams = renderCustomParameters(request, approver, localParams);
switch(approver.type) {
case StaticGroup:
AzUtils.loadStaticGroupApprovers(approval, this.emailTemplate, cfg, session, id, constraintRendered, false);
break;
case Filter:
AzUtils.loadFilterApprovers(approval, this.emailTemplate, cfg, session, id, constraintRendered, false);
break;
case DN:
AzUtils.loadDNApprovers(approval, this.emailTemplate, cfg, session, id, constraintRendered, false);
break;
case Custom:
AzUtils.loadCustomApprovers(approval, this.emailTemplate, cfg, session, id, constraintRendered, false, approver.customAz, localParams);
break;
}
}
this.failed = true;
}
return updateObj;
}
Also used :
Escalation(com.tremolosecurity.provisioning.objects.Escalation)
VerifyEscalation(com.tremolosecurity.proxy.az.VerifyEscalation)
Approvals(com.tremolosecurity.provisioning.objects.Approvals)
EscalationRule(com.tremolosecurity.provisioning.util.EscalationRule)
AzRule(com.tremolosecurity.proxy.az.AzRule)
Timestamp(java.sql.Timestamp)
RunOptions(com.tremolosecurity.provisioning.util.EscalationRule.RunOptions)
DateTime(org.joda.time.DateTime)
Example 8 with Approvals
use of com.tremolosecurity.provisioning.objects.Approvals in project OpenUnison by TremoloSecurity.
the class RemindApprovers method execute.
@Override
public void execute(ConfigManager configManager, JobExecutionContext context) throws ProvisioningException {
if (configManager == null || configManager.getProvisioningEngine() == null) {
logger.warn("System not fully initialized");
return;
}
String msg = context.getJobDetail().getJobDataMap().getString("message");
int days = Integer.parseInt(context.getJobDetail().getJobDataMap().getString("days"));
String mailAttribute = context.getJobDetail().getJobDataMap().getString("mailAttributeName");
Session session = null;
try {
session = configManager.getProvisioningEngine().getHibernateSessionFactory().openSession();
DateTime approvalsAfterDate = new DateTime().minusDays(days + 1);
Query query = session.createQuery("FROM Approvals WHERE approved IS NULL AND createTS > :check_date");
query.setParameter("check_date", new java.sql.Date(approvalsAfterDate.getMillis()));
List<com.tremolosecurity.provisioning.objects.Approvals> approvals = query.list();
DateTime now = new DateTime();
for (Approvals apr : approvals) {
int daysOpen = Days.daysBetween(new DateTime(apr.getCreateTs().getTime()), now).getDays();
String label = apr.getLabel();
String mail = null;
for (AllowedApprovers allowed : apr.getAllowedApproverses()) {
mail = null;
for (ApproverAttributes attr : allowed.getApprovers().getApproverAttributeses()) {
if (attr.getName().equalsIgnoreCase(mailAttribute)) {
mail = attr.getValue();
}
}
if (mail == null) {
logger.warn("No attribute called '" + mailAttribute + "' for user '" + allowed.getApprovers().getUserKey() + "'");
} else {
if (logger.isDebugEnabled()) {
logger.debug("Notifying " + mail + " for " + label + " after " + daysOpen + " days");
}
String toSend = msg.replaceAll("[%]L", label).replaceAll("[%]D", Integer.toString(daysOpen));
configManager.getProvisioningEngine().sendNotification(mail, toSend, "Open Approval for " + daysOpen + " days", new User(mail));
}
}
}
} catch (Exception e) {
throw new ProvisioningException("Error reminding open approvers", e);
} finally {
if (session != null) {
session.close();
}
}
}
Also used :
ApproverAttributes(com.tremolosecurity.provisioning.objects.ApproverAttributes)
User(com.tremolosecurity.provisioning.core.User)
Query(org.hibernate.Query)
Approvals(com.tremolosecurity.provisioning.objects.Approvals)
DateTime(org.joda.time.DateTime)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
SQLException(java.sql.SQLException)
AllowedApprovers(com.tremolosecurity.provisioning.objects.AllowedApprovers)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
Session(org.hibernate.Session)
Example 9 with Approvals
use of com.tremolosecurity.provisioning.objects.Approvals in project OpenUnison by TremoloSecurity.
the class UpdateApprovalAz method execute.
@Override
public void execute(ConfigManager configManager, JobExecutionContext context) throws ProvisioningException {
String queueName = context.getJobDetail().getJobDataMap().getString("queueName");
if (configManager == null || configManager.getProvisioningEngine() == null) {
return;
}
org.hibernate.Session hsession = configManager.getProvisioningEngine().getHibernateSessionFactory().openSession();
try {
this.createConnections(configManager, queueName);
HashMap<Integer, String> approvals = new HashMap<Integer, String>();
// PreparedStatement findOpenApprovals = con.prepareStatement("SELECT id,workflowObj FROM approvals WHERE approved IS NULL");
Query query = hsession.createQuery("FROM Approvals WHERE approved IS NULL");
List<com.tremolosecurity.provisioning.objects.Approvals> approvalObjs = query.list();
for (Approvals aprv : approvalObjs) {
approvals.put(aprv.getId(), aprv.getWorkflowObj());
}
Gson gson = new Gson();
for (int approvalID : approvals.keySet()) {
HashMap<Integer, String> wf = new HashMap<Integer, String>();
wf.put(approvalID, approvals.get(approvalID));
EncryptedMessage em = configManager.getProvisioningEngine().encryptObject(wf);
synchronized (session) {
TextMessage tmsg = session.getSession().createTextMessage(gson.toJson(em));
tmsg.setStringProperty("JMSXGroupID", "unison-updateaz");
session.getMessageProduceer().send(tmsg);
}
}
} catch (Throwable t) {
throw new ProvisioningException("Could not process open approvals", t);
} finally {
if (hsession != null) {
hsession.close();
}
}
}
Also used :
Query(org.hibernate.Query)
HashMap(java.util.HashMap)
Approvals(com.tremolosecurity.provisioning.objects.Approvals)
Gson(com.google.gson.Gson)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
EncryptedMessage(com.tremolosecurity.provisioning.util.EncryptedMessage)
Aggregations
Approvals (com.tremolosecurity.provisioning.objects.Approvals)9
Gson (com.google.gson.Gson)7
ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)7
Query (org.hibernate.Query)6
Session (org.hibernate.Session)5
Token (com.tremolosecurity.json.Token)4
Cipher (javax.crypto.Cipher)4
AllowedApprovers (com.tremolosecurity.provisioning.objects.AllowedApprovers)3
IOException (java.io.IOException)3
SQLException (java.sql.SQLException)3
Timestamp (java.sql.Timestamp)3
IvParameterSpec (javax.crypto.spec.IvParameterSpec)3
DateTime (org.joda.time.DateTime)3
LDAPAttribute (com.novell.ldap.LDAPAttribute)2
LDAPEntry (com.novell.ldap.LDAPEntry)2
LDAPSearchResults (com.novell.ldap.LDAPSearchResults)2
Workflow (com.tremolosecurity.provisioning.core.Workflow)2
ApproverAttributes (com.tremolosecurity.provisioning.objects.ApproverAttributes)2
Approval (com.tremolosecurity.provisioning.tasks.Approval)2
AzRule (com.tremolosecurity.proxy.az.AzRule)2
