Example 11 with TremoloUser
use of com.tremolosecurity.provisioning.service.util.TremoloUser in project OpenUnison by TremoloSecurity.
the class ScaleRegister method doFilter.
@Override
public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception {
Gson gson = new Gson();
request.getServletRequest().setAttribute("com.tremolosecurity.unison.proxy.noRedirectOnError", "com.tremolosecurity.unison.proxy.noRedirectOnError");
if (request.getRequestURI().endsWith("/register/config")) {
response.setContentType("application/json");
ScaleJSUtils.addCacheHeaders(response);
ScaleJSRegisterConfig localCfg = gson.fromJson(gson.toJson(this.scaleConfig), ScaleJSRegisterConfig.class);
for (String attrName : scaleConfig.getAttributes().keySet()) {
ScaleAttribute fromMainCfg = scaleConfig.getAttributes().get(attrName);
if (fromMainCfg.getDynamicSource() != null) {
ScaleAttribute fromLocalCfg = localCfg.getAttributes().get(attrName);
fromLocalCfg.setValues(fromMainCfg.getDynamicSource().getSourceList(request));
}
}
response.getWriter().println(gson.toJson(localCfg).trim());
} else if (request.getRequestURI().endsWith("/register/values")) {
String attributeName = request.getParameter("name").getValues().get(0);
List<NVP> values = this.scaleConfig.getAttributes().get(attributeName).getDynamicSource().getSourceList(request);
response.setContentType("application/json");
ScaleJSUtils.addCacheHeaders(response);
response.getWriter().println(gson.toJson(values).trim());
} else if (request.getRequestURI().endsWith("/register/submit")) {
ScaleError errors = new ScaleError();
String json = new String((byte[]) request.getAttribute(ProxySys.MSG_BODY));
NewUserRequest newUser = gson.fromJson(json, NewUserRequest.class);
if (scaleConfig.isRequireReCaptcha()) {
if (newUser.getReCaptchaCode() == null || newUser.getReCaptchaCode().isEmpty()) {
errors.getErrors().add("Please verify you are not a robot");
} else {
BasicHttpClientConnectionManager bhcm = new BasicHttpClientConnectionManager(GlobalEntries.getGlobalEntries().getConfigManager().getHttpClientSocketRegistry());
RequestConfig rc = RequestConfig.custom().setCookieSpec(CookieSpecs.STANDARD).build();
CloseableHttpClient http = HttpClients.custom().setConnectionManager(bhcm).setDefaultRequestConfig(rc).build();
HttpPost httppost = new HttpPost("https://www.google.com/recaptcha/api/siteverify");
List<NameValuePair> formparams = new ArrayList<NameValuePair>();
formparams.add(new BasicNameValuePair("secret", scaleConfig.getRcSecretKey()));
formparams.add(new BasicNameValuePair("response", newUser.getReCaptchaCode()));
UrlEncodedFormEntity entity = new UrlEncodedFormEntity(formparams, "UTF-8");
httppost.setEntity(entity);
CloseableHttpResponse resp = http.execute(httppost);
ReCaptchaResponse res = gson.fromJson(EntityUtils.toString(resp.getEntity()), ReCaptchaResponse.class);
if (!res.isSuccess()) {
errors.getErrors().add("Human validation failed");
}
http.close();
bhcm.close();
}
}
if (scaleConfig.isRequireTermsAndConditions() && !newUser.isCheckedTermsAndConditions()) {
errors.getErrors().add("You must accept the terms and conditions to register");
}
if (this.scaleConfig.isRequireReason() && (newUser.getReason() == null || newUser.getReason().isEmpty())) {
errors.getErrors().add("Reason is required");
}
if (this.scaleConfig.isPreSetPassword()) {
if (newUser.getPassword() == null || newUser.getPassword().isEmpty()) {
errors.getErrors().add("Password is required");
} else if (!newUser.getPassword().equals(newUser.getPassword2())) {
errors.getErrors().add("Passwords must match");
}
}
for (String attributeName : this.scaleConfig.getAttributes().keySet()) {
String value = newUser.getAttributes().get(attributeName);
if (this.scaleConfig.getAttributes().get(attributeName) == null) {
errors.getErrors().add("Invalid attribute : '" + attributeName + "'");
}
if (this.scaleConfig.getAttributes().get(attributeName).isReadOnly()) {
errors.getErrors().add("Attribute is read only : '" + this.scaleConfig.getAttributes().get(attributeName).getDisplayName() + "'");
}
if (this.scaleConfig.getAttributes().get(attributeName).isRequired() && (value == null || value.length() == 0)) {
errors.getErrors().add("Attribute is required : '" + this.scaleConfig.getAttributes().get(attributeName).getDisplayName() + "'");
}
if (this.scaleConfig.getAttributes().get(attributeName).getMinChars() > 0 && this.scaleConfig.getAttributes().get(attributeName).getMinChars() > value.length()) {
errors.getErrors().add(this.scaleConfig.getAttributes().get(attributeName).getDisplayName() + " must have at least " + this.scaleConfig.getAttributes().get(attributeName).getMinChars() + " characters");
}
if (this.scaleConfig.getAttributes().get(attributeName).getMaxChars() > 0 && this.scaleConfig.getAttributes().get(attributeName).getMaxChars() < value.length()) {
errors.getErrors().add(this.scaleConfig.getAttributes().get(attributeName).getDisplayName() + " must have at most " + this.scaleConfig.getAttributes().get(attributeName).getMaxChars() + " characters");
}
if (this.scaleConfig.getAttributes().get(attributeName).getType().equalsIgnoreCase("list")) {
if (this.scaleConfig.getAttributes().get(attributeName).getDynamicSource() == null) {
boolean found = false;
for (NVP nvp : this.scaleConfig.getAttributes().get(attributeName).getValues()) {
if (nvp.getValue().equalsIgnoreCase(value)) {
found = true;
}
}
if (!found) {
errors.getErrors().add(this.scaleConfig.getAttributes().get(attributeName).getDisplayName() + " has an invalid value");
}
}
}
if (this.scaleConfig.getAttributes().get(attributeName).getPattern() != null) {
boolean ok = true;
try {
Matcher m = this.scaleConfig.getAttributes().get(attributeName).getPattern().matcher(value);
if (m == null || !m.matches()) {
ok = false;
}
} catch (Exception e) {
ok = false;
}
if (!ok) {
errors.getErrors().add("Attribute value not valid : '" + this.scaleConfig.getAttributes().get(attributeName).getDisplayName() + "' - " + this.scaleConfig.getAttributes().get(attributeName).getRegExFailedMsg());
}
}
if (this.scaleConfig.getAttributes().get(attributeName).isUnique()) {
String filter = equal(attributeName, value).toString();
LDAPSearchResults res = GlobalEntries.getGlobalEntries().getConfigManager().getMyVD().search(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getLdapRoot(), 2, filter, new ArrayList<String>());
if (res.hasMore()) {
errors.getErrors().add(this.scaleConfig.getAttributes().get(attributeName).getDisplayName() + " is not available");
}
while (res.hasMore()) res.next();
}
if (this.scaleConfig.getAttributes().get(attributeName).getDynamicSource() != null) {
String error = this.scaleConfig.getAttributes().get(attributeName).getDynamicSource().validate(value, request);
if (error != null) {
errors.getErrors().add(this.scaleConfig.getAttributes().get(attributeName).getDisplayName() + " - " + error);
}
}
}
WFCall wfcall = null;
String wfName = this.scaleConfig.getWorkflowName();
if (errors.getErrors().isEmpty()) {
if (scaleConfig.isUseCustomSubmission()) {
AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
wfName = cru.createTremoloUser(newUser, errors.getErrors(), userData);
}
}
if (errors.getErrors().isEmpty()) {
TremoloUser user = new TremoloUser();
AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
if (this.scaleConfig.isSubmitLoggedInUser()) {
user.setUid(userData.getAttribs().get(this.scaleConfig.getUidAttributeName()).getValues().get(0));
user.getAttributes().add(new Attribute(this.scaleConfig.getUidAttributeName(), userData.getAttribs().get(this.scaleConfig.getUidAttributeName()).getValues().get(0)));
} else {
user.setUid(newUser.getAttributes().get(this.scaleConfig.getUidAttributeName()));
}
for (String attrName : newUser.getAttributes().keySet()) {
user.getAttributes().add(new Attribute(attrName, newUser.getAttributes().get(attrName)));
}
if (this.scaleConfig.isPreSetPassword()) {
user.setUserPassword(newUser.getPassword());
}
wfcall = new WFCall();
wfcall.setUidAttributeName(this.scaleConfig.getUidAttributeName());
wfcall.setReason(newUser.getReason());
wfcall.setName(wfName);
wfcall.setUser(user);
HashMap<String, Object> params = new HashMap<String, Object>();
wfcall.setRequestParams(params);
if (userData.getAuthLevel() != 0 && !this.scaleConfig.isSubmitLoggedInUser()) {
wfcall.setRequestor(userData.getAttribs().get(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getApprovalDB().getUserIdAttribute()).getValues().get(0));
wfcall.getRequestParams().put(Approval.SEND_NOTIFICATION, "false");
wfcall.getRequestParams().put(Approval.REASON, newUser.getReason());
wfcall.getRequestParams().put(Approval.IMMEDIATE_ACTION, "true");
}
if (scaleConfig.isUseCustomSubmission()) {
cru.setWorkflowParameters(params, newUser, userData);
}
ExecuteWorkflow exec = new ExecuteWorkflow();
try {
exec.execute(wfcall, GlobalEntries.getGlobalEntries().getConfigManager());
} catch (Exception e) {
throw new ProvisioningException("Could not complete registration", e);
}
SubmitResponse res = new SubmitResponse();
res.setAddNewUsers(userData.getAuthLevel() != 0);
ScaleJSUtils.addCacheHeaders(response);
response.getWriter().print(gson.toJson(res));
response.getWriter().flush();
} else {
response.setStatus(500);
ScaleJSUtils.addCacheHeaders(response);
response.getWriter().print(gson.toJson(errors).trim());
response.getWriter().flush();
}
} else {
response.setStatus(500);
ScaleJSUtils.addCacheHeaders(response);
ScaleError error = new ScaleError();
error.getErrors().add("Operation not supported");
response.getWriter().print(gson.toJson(error).trim());
response.getWriter().flush();
}
}
Also used :
ScaleAttribute(com.tremolosecurity.scalejs.cfg.ScaleAttribute)
HttpPost(org.apache.http.client.methods.HttpPost)
Matcher(java.util.regex.Matcher)
Attribute(com.tremolosecurity.saml.Attribute)
ScaleAttribute(com.tremolosecurity.scalejs.cfg.ScaleAttribute)
HashMap(java.util.HashMap)
ScaleJSRegisterConfig(com.tremolosecurity.scalejs.register.cfg.ScaleJSRegisterConfig)
SubmitResponse(com.tremolosecurity.scalejs.register.data.SubmitResponse)
ArrayList(java.util.ArrayList)
Gson(com.google.gson.Gson)
NVP(com.tremolosecurity.util.NVP)
ReCaptchaResponse(com.tremolosecurity.scalejs.register.data.ReCaptchaResponse)
TremoloUser(com.tremolosecurity.provisioning.service.util.TremoloUser)
BasicNameValuePair(org.apache.http.message.BasicNameValuePair)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse)
ArrayList(java.util.ArrayList)
SourceList(com.tremolosecurity.scalejs.sdk.SourceList)
List(java.util.List)
BasicHttpClientConnectionManager(org.apache.http.impl.conn.BasicHttpClientConnectionManager)
RequestConfig(org.apache.http.client.config.RequestConfig)
CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient)
BasicNameValuePair(org.apache.http.message.BasicNameValuePair)
NameValuePair(org.apache.http.NameValuePair)
WFCall(com.tremolosecurity.provisioning.service.util.WFCall)
AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo)
ScaleError(com.tremolosecurity.scalejs.data.ScaleError)
UrlEncodedFormEntity(org.apache.http.client.entity.UrlEncodedFormEntity)
AuthController(com.tremolosecurity.proxy.auth.AuthController)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
LDAPSearchResults(com.novell.ldap.LDAPSearchResults)
ExecuteWorkflow(com.tremolosecurity.provisioning.workflow.ExecuteWorkflow)
NewUserRequest(com.tremolosecurity.scalejs.register.data.NewUserRequest)
Example 12 with TremoloUser
use of com.tremolosecurity.provisioning.service.util.TremoloUser in project OpenUnison by TremoloSecurity.
the class ScaleSingleRequest method doFilter.
@Override
public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception {
Gson gson = new Gson();
request.getServletRequest().setAttribute("com.tremolosecurity.unison.proxy.noRedirectOnError", "com.tremolosecurity.unison.proxy.noRedirectOnError");
if (request.getRequestURI().endsWith("/singlerequest/config")) {
response.setContentType("application/json");
ScaleSingleRequestUser ssru = new ScaleSingleRequestUser();
ssru.setConfig(scaleConfig);
AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
Attribute displayNameAttribute = userData.getAttribs().get(this.scaleConfig.getDisplayNameAttribute());
if (displayNameAttribute != null) {
ssru.setDisplayName(displayNameAttribute.getValues().get(0));
} else {
ssru.setDisplayName("Unknown");
}
ScaleJSUtils.addCacheHeaders(response);
response.getWriter().println(gson.toJson(ssru).trim());
} else if (request.getMethod().equalsIgnoreCase("POST") && request.getRequestURI().endsWith("/singlerequest/submit")) {
AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
String json = new String((byte[]) request.getAttribute(ProxySys.MSG_BODY));
SingleRequest sr = gson.fromJson(json, SingleRequest.class);
ScaleError errors = new ScaleError();
if (sr.getReason() == null || sr.getReason().isEmpty()) {
errors.getErrors().add("Reason is required");
} else {
ConfigManager cfgMgr = GlobalEntries.getGlobalEntries().getConfigManager();
WFCall wfCall = new WFCall();
wfCall.setName(this.scaleConfig.getWorkflowName());
wfCall.setReason(sr.getReason());
wfCall.setUidAttributeName(this.scaleConfig.getUidAttribute());
TremoloUser tu = new TremoloUser();
tu.setUid(userData.getAttribs().get(this.scaleConfig.getUidAttribute()).getValues().get(0));
tu.getAttributes().add(new Attribute(this.scaleConfig.getUidAttribute(), userData.getAttribs().get(this.scaleConfig.getUidAttribute()).getValues().get(0)));
if (this.scaleConfig.isUseAttributesFromAuthentication()) {
for (String key : userData.getAttribs().keySet()) {
Attribute fromUser = userData.getAttribs().get(key);
if (!key.equalsIgnoreCase(this.scaleConfig.getUidAttribute())) {
Attribute forwf = new Attribute(key);
forwf.getValues().addAll(fromUser.getValues());
tu.getAttributes().add(forwf);
}
}
}
wfCall.setUser(tu);
try {
com.tremolosecurity.provisioning.workflow.ExecuteWorkflow exec = new com.tremolosecurity.provisioning.workflow.ExecuteWorkflow();
exec.execute(wfCall, GlobalEntries.getGlobalEntries().getConfigManager());
} catch (Exception e) {
logger.error("Could not update user", e);
errors.getErrors().add("Please contact your system administrator");
}
}
if (errors.getErrors().size() > 0) {
response.setStatus(500);
response.getWriter().print(gson.toJson(errors).trim());
response.getWriter().flush();
}
}
}
Also used :
SingleRequest(com.tremolosecurity.scalejs.singlerequest.data.SingleRequest)
AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo)
WFCall(com.tremolosecurity.provisioning.service.util.WFCall)
Attribute(com.tremolosecurity.saml.Attribute)
Gson(com.google.gson.Gson)
ScaleSingleRequestUser(com.tremolosecurity.scalejs.singlerequest.data.ScaleSingleRequestUser)
ScaleError(com.tremolosecurity.scalejs.data.ScaleError)
AuthController(com.tremolosecurity.proxy.auth.AuthController)
ConfigManager(com.tremolosecurity.config.util.ConfigManager)
TremoloUser(com.tremolosecurity.provisioning.service.util.TremoloUser)
Example 13 with TremoloUser
use of com.tremolosecurity.provisioning.service.util.TremoloUser in project OpenUnison by TremoloSecurity.
the class ScaleJSOperator method doFilter.
@Override
public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception {
Gson gson = new Gson();
request.getServletRequest().setAttribute("com.tremolosecurity.unison.proxy.noRedirectOnError", "com.tremolosecurity.unison.proxy.noRedirectOnError");
try {
if (request.getRequestURI().endsWith("/ops/config")) {
ScaleJSUtils.addCacheHeaders(response);
response.setContentType("application/json");
response.getWriter().println(gson.toJson(this.config).trim());
} else if (request.getRequestURI().endsWith("/ops/search")) {
runSearch(request, response, gson);
} else if (request.getRequestURI().endsWith("/ops/user") && request.getMethod().equalsIgnoreCase("GET")) {
lookupUser(request, response, gson);
} else if (request.getRequestURI().endsWith("/ops/user") && request.getMethod().equalsIgnoreCase("POST")) {
AuthInfo loggedIn = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
String json = new String((byte[]) request.getAttribute(ProxySys.MSG_BODY));
OpsUpdate updateInput = gson.fromJson(json, OpsUpdate.class);
if (this.scaleMainConfig == null) {
UrlHolder holder = GlobalEntries.getGlobalEntries().getConfigManager().findURL(this.scaleMainURL);
for (HttpFilter filter : holder.getFilterChain()) {
if (filter instanceof ScaleMain) {
ScaleMain scaleMain = (ScaleMain) filter;
this.scaleMainConfig = scaleMain.scaleConfig;
}
}
}
String dn = updateInput.getDn();
LDAPSearchResults res = GlobalEntries.getGlobalEntries().getConfigManager().getMyVD().search(dn, 0, "(objectClass=*)", new ArrayList<String>());
if (!res.hasMore()) {
throw new Exception("Could not locate user '" + dn + "'");
}
LDAPEntry entry = res.next();
AuthInfo userData = new AuthInfo();
userData.setUserDN(entry.getDN());
LDAPAttributeSet attrs = entry.getAttributeSet();
for (Object obj : attrs) {
LDAPAttribute attr = (LDAPAttribute) obj;
Attribute attrib = new Attribute(attr.getName());
String[] vals = attr.getStringValueArray();
for (String val : vals) {
attrib.getValues().add(val);
}
userData.getAttribs().put(attrib.getName(), attrib);
}
ScaleError errors = new ScaleError();
Set<String> allowedAttrs = null;
if (this.scaleMainConfig.getUiDecisions() != null) {
allowedAttrs = this.scaleMainConfig.getUiDecisions().availableAttributes(userData, request.getServletRequest());
}
HashMap<String, String> values = new HashMap<String, String>();
boolean ok = true;
for (Attribute attr : updateInput.getAttributes()) {
String attributeName = attr.getName();
if (allowedAttrs == null || allowedAttrs.contains(attributeName)) {
String value = attr.getValues().get(0);
if (this.scaleMainConfig.getAttributes().get(attributeName) == null) {
errors.getErrors().add("Invalid attribute : '" + attributeName + "'");
ok = false;
} else if (this.scaleMainConfig.getAttributes().get(attributeName).isReadOnly()) {
errors.getErrors().add("Attribute is read only : '" + this.scaleMainConfig.getAttributes().get(attributeName).getDisplayName() + "'");
ok = false;
} else if (this.scaleMainConfig.getAttributes().get(attributeName).isRequired() && value.length() == 0) {
errors.getErrors().add("Attribute is required : '" + this.scaleMainConfig.getAttributes().get(attributeName).getDisplayName() + "'");
ok = false;
} else if (this.scaleMainConfig.getAttributes().get(attributeName).getMinChars() > 0 && this.scaleMainConfig.getAttributes().get(attributeName).getMinChars() > value.length()) {
errors.getErrors().add(this.scaleMainConfig.getAttributes().get(attributeName).getDisplayName() + " must have at least " + this.scaleMainConfig.getAttributes().get(attributeName).getMinChars() + " characters");
ok = false;
} else if (this.scaleMainConfig.getAttributes().get(attributeName).getMaxChars() > 0 && this.scaleMainConfig.getAttributes().get(attributeName).getMaxChars() < value.length()) {
errors.getErrors().add(this.scaleMainConfig.getAttributes().get(attributeName).getDisplayName() + " must have at most " + this.scaleMainConfig.getAttributes().get(attributeName).getMaxChars() + " characters");
ok = false;
} else if (this.scaleMainConfig.getAttributes().get(attributeName).getPattern() != null) {
try {
Matcher m = this.scaleMainConfig.getAttributes().get(attributeName).getPattern().matcher(value);
if (m == null || !m.matches()) {
ok = false;
}
} catch (Exception e) {
ok = false;
}
if (!ok) {
errors.getErrors().add("Attribute value not valid : '" + this.scaleMainConfig.getAttributes().get(attributeName).getDisplayName() + "' - " + this.scaleMainConfig.getAttributes().get(attributeName).getRegExFailedMsg());
}
}
values.put(attributeName, value);
}
}
for (String attrName : this.scaleMainConfig.getAttributes().keySet()) {
if (this.scaleMainConfig.getAttributes().get(attrName).isRequired() && !values.containsKey(attrName) && (allowedAttrs == null || allowedAttrs.contains(attrName))) {
errors.getErrors().add("Attribute is required : '" + this.scaleMainConfig.getAttributes().get(attrName).getDisplayName() + "'");
ok = false;
}
}
if (updateInput.getReason() == null || updateInput.getReason().trim().isEmpty()) {
errors.getErrors().add("Reason For Updates Required");
ok = false;
}
if (ok) {
ConfigManager cfgMgr = GlobalEntries.getGlobalEntries().getConfigManager();
WFCall wfCall = new WFCall();
wfCall.setName(this.scaleMainConfig.getWorkflowName());
wfCall.setReason(updateInput.getReason());
wfCall.setUidAttributeName(this.scaleMainConfig.getUidAttributeName());
wfCall.setRequestor(loggedIn.getAttribs().get(this.scaleMainConfig.getUidAttributeName()).getValues().get(0));
TremoloUser tu = new TremoloUser();
tu.setUid(userData.getAttribs().get(this.scaleMainConfig.getUidAttributeName()).getValues().get(0));
for (String name : values.keySet()) {
tu.getAttributes().add(new Attribute(name, values.get(name)));
}
tu.getAttributes().add(new Attribute(this.scaleMainConfig.getUidAttributeName(), userData.getAttribs().get(this.scaleMainConfig.getUidAttributeName()).getValues().get(0)));
wfCall.setUser(tu);
try {
com.tremolosecurity.provisioning.workflow.ExecuteWorkflow exec = new com.tremolosecurity.provisioning.workflow.ExecuteWorkflow();
exec.execute(wfCall, GlobalEntries.getGlobalEntries().getConfigManager());
} catch (Exception e) {
logger.error("Could not update user", e);
response.setStatus(500);
ScaleError error = new ScaleError();
error.getErrors().add("Please contact your system administrator");
ScaleJSUtils.addCacheHeaders(response);
response.getWriter().print(gson.toJson(error).trim());
response.getWriter().flush();
}
} else {
response.setStatus(500);
ScaleJSUtils.addCacheHeaders(response);
response.getWriter().print(gson.toJson(errors).trim());
response.getWriter().flush();
}
}
} catch (Throwable t) {
logger.error("Could not execute request", t);
response.setStatus(500);
ScaleError error = new ScaleError();
error.getErrors().add("Operation not supported");
ScaleJSUtils.addCacheHeaders(response);
response.getWriter().print(gson.toJson(error).trim());
response.getWriter().flush();
}
}
Also used :
LDAPAttributeSet(com.novell.ldap.LDAPAttributeSet)
Set(java.util.Set)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
Attribute(com.tremolosecurity.saml.Attribute)
HashMap(java.util.HashMap)
Matcher(java.util.regex.Matcher)
OpsUpdate(com.tremolosecurity.scalejs.operators.data.OpsUpdate)
ArrayList(java.util.ArrayList)
Gson(com.google.gson.Gson)
UrlHolder(com.tremolosecurity.config.util.UrlHolder)
LDAPEntry(com.novell.ldap.LDAPEntry)
TremoloUser(com.tremolosecurity.provisioning.service.util.TremoloUser)
HttpFilter(com.tremolosecurity.proxy.filter.HttpFilter)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo)
WFCall(com.tremolosecurity.provisioning.service.util.WFCall)
LDAPAttributeSet(com.novell.ldap.LDAPAttributeSet)
ScaleError(com.tremolosecurity.scalejs.data.ScaleError)
LDAPException(com.novell.ldap.LDAPException)
IOException(java.io.IOException)
ConfigManager(com.tremolosecurity.config.util.ConfigManager)
LDAPSearchResults(com.novell.ldap.LDAPSearchResults)
ScaleMain(com.tremolosecurity.scalejs.ws.ScaleMain)
Example 14 with TremoloUser
use of com.tremolosecurity.provisioning.service.util.TremoloUser in project OpenUnison by TremoloSecurity.
the class SearchService method doGet.
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
resp.setContentType("text/json");
try {
String filter = "";
String base = "";
int scope = 0;
if (req.getParameter("uid") != null) {
StringBuffer sfilter = new StringBuffer();
sfilter.append("(uid=").append(req.getParameter("uid")).append(')');
if (logger.isDebugEnabled()) {
logger.debug("UID Filter : '" + sfilter.toString() + "'");
}
filter = sfilter.toString();
base = GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getLdapRoot();
scope = 2;
} else if (req.getParameter("dn") != null) {
filter = "(objectClass=*)";
base = req.getParameter("dn");
if (logger.isDebugEnabled()) {
logger.debug("Base DN : '" + base + "'");
}
scope = 0;
} else if (req.getParameter("filter") != null) {
filter = req.getParameter("filter");
if (logger.isDebugEnabled()) {
logger.debug("Filter : '" + filter + "'");
}
base = GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getLdapRoot();
scope = 2;
}
ArrayList<String> attrs = new ArrayList<String>();
String[] attrNames = req.getParameterValues("attr");
boolean uidFound = false;
if (attrNames != null) {
for (String attrName : attrNames) {
if (attrName.equalsIgnoreCase("uid")) {
uidFound = true;
}
attrs.add(attrName);
}
if (!uidFound) {
attrs.add("uid");
}
}
MyVDConnection con = GlobalEntries.getGlobalEntries().getConfigManager().getMyVD();
LDAPSearchResults res = con.search(base, scope, filter, attrs);
if (!res.hasMore()) {
ProvisioningException ex = new ProvisioningException("User not found");
ex.setPrintStackTrace(false);
throw ex;
}
LDAPEntry entry = res.next();
TremoloUser user = new TremoloUser();
user.setDn(entry.getDN());
int lq = entry.getDN().lastIndexOf(',');
int fq = entry.getDN().lastIndexOf('=', lq - 1) + 1;
user.setDirectory(entry.getDN().substring(fq, lq));
for (Object attr : entry.getAttributeSet()) {
LDAPAttribute attribute = (LDAPAttribute) attr;
Attribute usrAttr = new Attribute(attribute.getName());
if (attribute.getName().equalsIgnoreCase("uid")) {
user.setUid(attribute.getStringValue());
if (!uidFound && attrs.size() > 1) {
continue;
}
}
for (String val : attribute.getStringValueArray()) {
usrAttr.getValues().add(val);
}
user.getAttributes().add(usrAttr);
}
while (res.hasMore()) res.next();
ArrayList<String> reqAttrs = new ArrayList<String>();
reqAttrs.add("cn");
StringBuffer b = new StringBuffer();
b.append("(").append(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getGroupMemberAttribute()).append(")=").append(user.getDn()).append(")");
res = con.search(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getLdapRoot(), 2, equal(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getGroupMemberAttribute(), user.getDn()).toString(), reqAttrs);
while (res.hasMore()) {
entry = res.next();
LDAPAttribute groups = entry.getAttribute("cn");
for (String val : groups.getStringValueArray()) {
user.getGroups().add(val);
}
}
ProvisioningResult resObj = new ProvisioningResult();
resObj.setSuccess(true);
resObj.setUser(user);
Gson gson = new GsonBuilder().setPrettyPrinting().create();
// System.out.println(gson.toJson(user));
resp.getWriter().print(gson.toJson(resObj));
} catch (ProvisioningException pe) {
if (pe.isPrintStackTrace()) {
logger.error("Error searching for a user", pe);
} else {
logger.warn(pe.toString());
}
resp.setStatus(500);
ProvisioningError pre = new ProvisioningError();
pre.setError(pe.toString());
ProvisioningResult resObj = new ProvisioningResult();
resObj.setSuccess(false);
resObj.setError(pre);
Gson gson = new Gson();
resp.getOutputStream().print(gson.toJson(resObj));
} catch (Throwable t) {
logger.error("Error searching", t);
resp.setStatus(500);
ProvisioningError pe = new ProvisioningError();
pe.setError(t.toString());
ProvisioningResult resObj = new ProvisioningResult();
resObj.setSuccess(false);
resObj.setError(pe);
Gson gson = new Gson();
resp.getOutputStream().print(gson.toJson(resObj));
}
}
Also used :
LDAPAttribute(com.novell.ldap.LDAPAttribute)
Attribute(com.tremolosecurity.saml.Attribute)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
GsonBuilder(com.google.gson.GsonBuilder)
ProvisioningResult(com.tremolosecurity.provisioning.service.util.ProvisioningResult)
ArrayList(java.util.ArrayList)
Gson(com.google.gson.Gson)
LDAPEntry(com.novell.ldap.LDAPEntry)
LDAPSearchResults(com.novell.ldap.LDAPSearchResults)
TremoloUser(com.tremolosecurity.provisioning.service.util.TremoloUser)
ProvisioningError(com.tremolosecurity.provisioning.service.util.ProvisioningError)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
MyVDConnection(com.tremolosecurity.proxy.myvd.MyVDConnection)
Example 15 with TremoloUser
use of com.tremolosecurity.provisioning.service.util.TremoloUser in project OpenUnison by TremoloSecurity.
the class TremoloTarget method findUser.
@Override
public User findUser(String userID, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
StringBuffer sbUrl = new StringBuffer();
sbUrl.append(this.wfUrlBase).append("/services/wf/search?uid=").append(userID);
HttpGet httpget = new HttpGet(sbUrl.toString());
try {
HttpResponse response = httpclient.execute(httpget);
BufferedReader in = new BufferedReader(new InputStreamReader(response.getEntity().getContent()));
String line = null;
StringBuffer json = new StringBuffer();
while ((line = in.readLine()) != null) {
json.append(line);
}
Gson gson = new Gson();
TremoloUser tuser = gson.fromJson(json.toString(), TremoloUser.class);
User toret = new User(tuser.getUid());
for (Attribute attr : tuser.getAttributes()) {
if (attributes.contains(attr.getName())) {
toret.getAttribs().put(attr.getName(), attr);
}
}
httpget.abort();
return toret;
} catch (Exception e) {
throw new ProvisioningException("Could not find user", e);
} finally {
httpget.releaseConnection();
}
}
Also used :
User(com.tremolosecurity.provisioning.core.User)
TremoloUser(com.tremolosecurity.provisioning.service.util.TremoloUser)
InputStreamReader(java.io.InputStreamReader)
TremoloUser(com.tremolosecurity.provisioning.service.util.TremoloUser)
Attribute(com.tremolosecurity.saml.Attribute)
HttpGet(org.apache.http.client.methods.HttpGet)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
BufferedReader(java.io.BufferedReader)
HttpResponse(org.apache.http.HttpResponse)
Gson(com.google.gson.Gson)
ClientProtocolException(org.apache.http.client.ClientProtocolException)
MalformedCookieException(org.apache.http.cookie.MalformedCookieException)
MalformedURLException(java.net.MalformedURLException)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
IOException(java.io.IOException)
Aggregations
TremoloUser (com.tremolosecurity.provisioning.service.util.TremoloUser)18
Attribute (com.tremolosecurity.saml.Attribute)18
WFCall (com.tremolosecurity.provisioning.service.util.WFCall)15
ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)11
Gson (com.google.gson.Gson)9
HashMap (java.util.HashMap)9
AuthInfo (com.tremolosecurity.proxy.auth.AuthInfo)8
IOException (java.io.IOException)8
LDAPSearchResults (com.novell.ldap.LDAPSearchResults)7
AuthController (com.tremolosecurity.proxy.auth.AuthController)7
LDAPEntry (com.novell.ldap.LDAPEntry)6
LDAPException (com.novell.ldap.LDAPException)6
MalformedURLException (java.net.MalformedURLException)6
LDAPAttribute (com.novell.ldap.LDAPAttribute)5
ScaleError (com.tremolosecurity.scalejs.data.ScaleError)5
ArrayList (java.util.ArrayList)5
ConfigManager (com.tremolosecurity.config.util.ConfigManager)4
Workflow (com.tremolosecurity.provisioning.core.Workflow)3
ScaleAttribute (com.tremolosecurity.scalejs.cfg.ScaleAttribute)3
Matcher (java.util.regex.Matcher)3
