Example 16 with TremoloUser
use of com.tremolosecurity.provisioning.service.util.TremoloUser in project OpenUnison by TremoloSecurity.
the class CallRemoteWorkflow method doTask.
@Override
public boolean doTask(User user, Map<String, Object> request) throws ProvisioningException {
HashMap<String, Object> newRequest = new HashMap<String, Object>();
for (String name : this.fromRequest) {
newRequest.put(name, request.get(name));
}
for (String key : this.staticRequest.keySet()) {
newRequest.put(key, this.staticRequest.get(key));
}
WFCall wfCall = new WFCall();
wfCall.setName(this.workflowName);
wfCall.setRequestParams(newRequest);
wfCall.setUser(new TremoloUser());
wfCall.getUser().setUid(user.getUserID());
wfCall.getUser().setUserPassword(user.getPassword());
wfCall.getUser().setGroups(user.getGroups());
wfCall.getUser().setAttributes(new ArrayList<Attribute>());
wfCall.getUser().getAttributes().addAll(user.getAttribs().values());
wfCall.setUidAttributeName(uidAttributeName);
wfCall.setReason(task.getWorkflow().getUser().getRequestReason());
if (task.getWorkflow().getRequester() != null) {
wfCall.setRequestor(task.getWorkflow().getRequester().getUserID());
} else {
wfCall.setRequestor(this.lastMileUser);
}
DateTime notBefore = new DateTime();
notBefore = notBefore.minusSeconds(timeSkew);
DateTime notAfter = new DateTime();
notAfter = notAfter.plusSeconds(timeSkew);
com.tremolosecurity.lastmile.LastMile lastmile = null;
try {
lastmile = new com.tremolosecurity.lastmile.LastMile(this.uri, notBefore, notAfter, 0, "oauth2");
} catch (URISyntaxException e) {
throw new ProvisioningException("Could not generate lastmile", e);
}
Attribute attrib = new Attribute(this.lastMileUid, this.lastMileUser);
lastmile.getAttributes().add(attrib);
String encryptedXML = null;
try {
encryptedXML = lastmile.generateLastMileToken(this.task.getConfigManager().getSecretKey(this.lastmileKeyName));
} catch (Exception e) {
throw new ProvisioningException("Could not generate lastmile", e);
}
StringBuffer header = new StringBuffer();
header.append("Bearer ").append(encryptedXML);
BasicHttpClientConnectionManager bhcm = null;
CloseableHttpClient http = null;
try {
bhcm = new BasicHttpClientConnectionManager(this.task.getConfigManager().getHttpClientSocketRegistry());
RequestConfig rc = RequestConfig.custom().setCookieSpec(CookieSpecs.STANDARD).setRedirectsEnabled(false).build();
http = HttpClients.custom().setConnectionManager(bhcm).setDefaultRequestConfig(rc).build();
HttpPost post = new HttpPost(this.url);
post.addHeader(new BasicHeader("Authorization", header.toString()));
Gson gson = new Gson();
StringEntity str = new StringEntity(gson.toJson(wfCall), ContentType.APPLICATION_JSON);
post.setEntity(str);
HttpResponse resp = http.execute(post);
if (resp.getStatusLine().getStatusCode() != 200) {
throw new ProvisioningException("Call failed");
}
} catch (IOException e) {
throw new ProvisioningException("Could not make call", e);
} finally {
if (http != null) {
try {
http.close();
} catch (IOException e) {
logger.warn(e);
}
}
if (bhcm != null) {
bhcm.close();
}
}
return true;
}
Also used :
HttpPost(org.apache.http.client.methods.HttpPost)
HashMap(java.util.HashMap)
Attribute(com.tremolosecurity.saml.Attribute)
Gson(com.google.gson.Gson)
URISyntaxException(java.net.URISyntaxException)
DateTime(org.joda.time.DateTime)
StringEntity(org.apache.http.entity.StringEntity)
TremoloUser(com.tremolosecurity.provisioning.service.util.TremoloUser)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
BasicHttpClientConnectionManager(org.apache.http.impl.conn.BasicHttpClientConnectionManager)
CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient)
RequestConfig(org.apache.http.client.config.RequestConfig)
WFCall(com.tremolosecurity.provisioning.service.util.WFCall)
HttpResponse(org.apache.http.HttpResponse)
IOException(java.io.IOException)
ClientProtocolException(org.apache.http.client.ClientProtocolException)
URISyntaxException(java.net.URISyntaxException)
MalformedURLException(java.net.MalformedURLException)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
IOException(java.io.IOException)
BasicHeader(org.apache.http.message.BasicHeader)
Example 17 with TremoloUser
use of com.tremolosecurity.provisioning.service.util.TremoloUser in project OpenUnison by TremoloSecurity.
the class CopyGroupMembers method doTask.
@Override
public boolean doTask(User user, Map<String, Object> request) throws ProvisioningException {
String localWorkflowName = task.renderTemplate(this.workflowName, request);
String localCopyFrom = task.renderTemplate(this.copyFrom, request);
String localCopyTo = task.renderTemplate(this.copyTo, request);
String memberAttr = task.getConfigManager().getCfg().getGroupMemberAttribute();
String[] members = null;
try {
LDAPSearchResults rs = task.getConfigManager().getMyVD().search(localCopyFrom, 0, "(objectClass=*)", new ArrayList<String>());
rs.hasMore();
LDAPEntry group = rs.next();
while (rs.hasMore()) rs.next();
members = group.getAttribute(memberAttr).getStringValueArray();
} catch (LDAPException e) {
throw new ProvisioningException("Could not load from group", e);
}
for (String member : members) {
try {
LDAPSearchResults rs = task.getConfigManager().getMyVD().search(member, 0, "(objectClass=*)", new ArrayList<String>());
rs.hasMore();
LDAPEntry ldapMember = rs.next();
TremoloUser userToUpdate = new TremoloUser();
userToUpdate.setUid(ldapMember.getAttribute(this.uidAttribute).getStringValue());
userToUpdate.getAttributes().add(new Attribute(this.uidAttribute, userToUpdate.getUid()));
userToUpdate.getGroups().add(localCopyTo);
Workflow wf = task.getConfigManager().getProvisioningEngine().getWorkFlow(localWorkflowName);
WFCall call = new WFCall();
call.setReason("auto-creating approval group " + localCopyTo);
call.setUidAttributeName(this.uidAttribute);
call.setUser(userToUpdate);
call.setRequestor(this.requestor);
call.getRequestParams().put(ProvisioningParams.UNISON_EXEC_TYPE, ProvisioningParams.UNISON_EXEC_SYNC);
wf.executeWorkflow(call);
} catch (LDAPException e) {
logger.warn("Could not load user '" + member + "'", e);
}
}
return true;
}
Also used :
LDAPEntry(com.novell.ldap.LDAPEntry)
WFCall(com.tremolosecurity.provisioning.service.util.WFCall)
LDAPSearchResults(com.novell.ldap.LDAPSearchResults)
LDAPException(com.novell.ldap.LDAPException)
TremoloUser(com.tremolosecurity.provisioning.service.util.TremoloUser)
Attribute(com.tremolosecurity.saml.Attribute)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
Workflow(com.tremolosecurity.provisioning.core.Workflow)
Example 18 with TremoloUser
use of com.tremolosecurity.provisioning.service.util.TremoloUser in project OpenUnison by TremoloSecurity.
the class CopyGroupMembers method doTask.
@Override
public boolean doTask(User user, Map<String, Object> request) throws ProvisioningException {
String localWorkflowName = task.renderTemplate(this.workflowName, request);
String localCopyFrom = task.renderTemplate(this.copyFrom, request);
String localCopyTo = task.renderTemplate(this.copyTo, request);
String memberAttr = task.getConfigManager().getCfg().getGroupMemberAttribute();
String[] members = null;
try {
LDAPSearchResults rs = task.getConfigManager().getMyVD().search(localCopyFrom, 0, "(objectClass=*)", new ArrayList<String>());
rs.hasMore();
LDAPEntry group = rs.next();
while (rs.hasMore()) rs.next();
if (group != null && group.getAttribute(memberAttr) != null) {
members = group.getAttribute(memberAttr).getStringValueArray();
} else {
members = new String[0];
}
} catch (LDAPException e) {
throw new ProvisioningException("Could not load from group", e);
}
for (String member : members) {
try {
LDAPSearchResults rs = task.getConfigManager().getMyVD().search(member, 0, "(objectClass=*)", new ArrayList<String>());
rs.hasMore();
LDAPEntry ldapMember = rs.next();
TremoloUser userToUpdate = new TremoloUser();
userToUpdate.setUid(ldapMember.getAttribute(this.uidAttribute).getStringValue());
userToUpdate.getAttributes().add(new Attribute(this.uidAttribute, userToUpdate.getUid()));
userToUpdate.getGroups().add(localCopyTo);
Workflow wf = task.getConfigManager().getProvisioningEngine().getWorkFlow(localWorkflowName);
WFCall call = new WFCall();
call.setReason("auto-creating approval group " + localCopyTo);
call.setUidAttributeName(this.uidAttribute);
call.setUser(userToUpdate);
call.setRequestor(this.requestor);
call.getRequestParams().put(ProvisioningParams.UNISON_EXEC_TYPE, ProvisioningParams.UNISON_EXEC_SYNC);
wf.executeWorkflow(call);
} catch (LDAPException e) {
logger.warn("Could not load user '" + member + "'", e);
}
}
return true;
}
Also used :
LDAPEntry(com.novell.ldap.LDAPEntry)
WFCall(com.tremolosecurity.provisioning.service.util.WFCall)
LDAPSearchResults(com.novell.ldap.LDAPSearchResults)
LDAPException(com.novell.ldap.LDAPException)
TremoloUser(com.tremolosecurity.provisioning.service.util.TremoloUser)
Attribute(com.tremolosecurity.saml.Attribute)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
Workflow(com.tremolosecurity.provisioning.core.Workflow)
Aggregations
TremoloUser (com.tremolosecurity.provisioning.service.util.TremoloUser)18
Attribute (com.tremolosecurity.saml.Attribute)18
WFCall (com.tremolosecurity.provisioning.service.util.WFCall)15
ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)11
Gson (com.google.gson.Gson)9
HashMap (java.util.HashMap)9
AuthInfo (com.tremolosecurity.proxy.auth.AuthInfo)8
IOException (java.io.IOException)8
LDAPSearchResults (com.novell.ldap.LDAPSearchResults)7
AuthController (com.tremolosecurity.proxy.auth.AuthController)7
LDAPEntry (com.novell.ldap.LDAPEntry)6
LDAPException (com.novell.ldap.LDAPException)6
MalformedURLException (java.net.MalformedURLException)6
LDAPAttribute (com.novell.ldap.LDAPAttribute)5
ScaleError (com.tremolosecurity.scalejs.data.ScaleError)5
ArrayList (java.util.ArrayList)5
ConfigManager (com.tremolosecurity.config.util.ConfigManager)4
Workflow (com.tremolosecurity.provisioning.core.Workflow)3
ScaleAttribute (com.tremolosecurity.scalejs.cfg.ScaleAttribute)3
Matcher (java.util.regex.Matcher)3
