Example 6 with WFCall
use of com.tremolosecurity.provisioning.service.util.WFCall in project OpenUnison by TremoloSecurity.
the class Registration method doFilter.
@Override
public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception {
if (request.getMethod().equalsIgnoreCase("GET")) {
// TODO switch this off
AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
String accountName = userData.getAttribs().get(this.uidAttributeName).getValues().get(0);
List<SecurityKeyData> keys = U2fUtil.loadUserKeys(userData, challengeStoreAttribute, encyrptionKeyName);
Set<String> origins = new HashSet<String>();
String appID = U2fUtil.getApplicationId(request.getServletRequest());
origins.add(appID);
U2FServer u2f = new U2FServerUnison(this.challengeGen, new UnisonDataStore(UUID.randomUUID().toString(), keys, (this.requireAttestation ? this.attestationCerts : new HashSet<X509Certificate>())), new BouncyCastleCrypto(), origins, this.requireAttestation);
RegistrationRequest regRequest = u2f.getRegistrationRequest(accountName, appID);
request.getSession().setAttribute(Registration.REGISTRATION_REQUEST_JSON, gson.toJson(regRequest));
request.getSession().setAttribute(Registration.REGISTRATION_REQUEST, regRequest);
request.getSession().setAttribute(Registration.SERVER, u2f);
request.setAttribute(REGISTRATION_URI, request.getRequestURL().toString());
request.getRequestDispatcher(this.challengeURI).forward(request.getServletRequest(), response.getServletResponse());
} else if (request.getMethod().equalsIgnoreCase("POST")) {
U2FServer u2f = (U2FServer) request.getSession().getAttribute(SERVER);
if (logger.isDebugEnabled()) {
logger.debug("response : '" + request.getParameter("tokenResponse").getValues().get(0) + "'");
}
RegistrationResponseHolder rrh = gson.fromJson(request.getParameter("tokenResponse").getValues().get(0), RegistrationResponseHolder.class);
RegistrationResponse rr = new RegistrationResponse(rrh.getRegistrationData(), rrh.getClientData(), rrh.getClientData());
try {
u2f.processRegistrationResponse(rr, System.currentTimeMillis());
} catch (U2FException e) {
logger.error("Could not register", e);
request.setAttribute("register.result", false);
request.getRequestDispatcher(this.registrationCompleteURI).forward(request.getServletRequest(), response.getServletResponse());
return;
}
AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
String encrypted = U2fUtil.encode(u2f.getAllSecurityKeys("doesntmatter"), encyrptionKeyName);
WFCall wc = new WFCall();
wc.setName(this.workflowName);
wc.setUidAttributeName(this.uidAttributeName);
TremoloUser tu = new TremoloUser();
tu.setUid(userData.getAttribs().get(this.uidAttributeName).getValues().get(0));
tu.getAttributes().add(new Attribute(this.uidAttributeName, userData.getAttribs().get(this.uidAttributeName).getValues().get(0)));
tu.getAttributes().add(new Attribute(this.challengeStoreAttribute, encrypted));
wc.setUser(tu);
Map<String, Object> req = new HashMap<String, Object>();
req.put(ProvisioningParams.UNISON_EXEC_TYPE, ProvisioningParams.UNISON_EXEC_SYNC);
wc.setRequestParams(req);
GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getWorkFlow(this.workflowName).executeWorkflow(wc);
request.setAttribute("register.result", true);
request.getRequestDispatcher(this.registrationCompleteURI).forward(request.getServletRequest(), response.getServletResponse());
}
}
Also used :
AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo)
U2FServer(com.google.u2f.server.U2FServer)
WFCall(com.tremolosecurity.provisioning.service.util.WFCall)
BouncyCastleCrypto(com.google.u2f.server.impl.BouncyCastleCrypto)
Attribute(com.tremolosecurity.saml.Attribute)
AuthController(com.tremolosecurity.proxy.auth.AuthController)
RegistrationRequest(com.google.u2f.server.messages.RegistrationRequest)
SecurityKeyData(com.google.u2f.server.data.SecurityKeyData)
TremoloUser(com.tremolosecurity.provisioning.service.util.TremoloUser)
U2FException(com.google.u2f.U2FException)
RegistrationResponse(com.google.u2f.server.messages.RegistrationResponse)
HashMap(java.util.HashMap)
Map(java.util.Map)
HashSet(java.util.HashSet)
Example 7 with WFCall
use of com.tremolosecurity.provisioning.service.util.WFCall in project OpenUnison by TremoloSecurity.
the class U2fAuth method doGet.
@Override
public void doGet(HttpServletRequest request, HttpServletResponse response, AuthStep as) throws IOException, ServletException {
if (request.getParameter("signResponse") == null) {
startAuthentication(request, response, as);
} else {
SignResponseHolder srh = gson.fromJson(request.getParameter("signResponse"), SignResponseHolder.class);
AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
// SharedSession.getSharedSession().getSession(req.getSession().getId());
HttpSession session = ((HttpServletRequest) request).getSession();
UrlHolder holder = (UrlHolder) request.getAttribute(ProxyConstants.AUTOIDM_CFG);
RequestHolder reqHolder = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getHolder();
String urlChain = holder.getUrl().getAuthChain();
AuthChainType act = holder.getConfig().getAuthChains().get(reqHolder.getAuthChainName());
AuthMechType amt = act.getAuthMech().get(as.getId());
HashMap<String, Attribute> authParams = (HashMap<String, Attribute>) session.getAttribute(ProxyConstants.AUTH_MECH_PARAMS);
String challengeStoreAttribute = authParams.get("attribute").getValues().get(0);
String encyrptionKeyName = authParams.get("encryptionKeyName").getValues().get(0);
String uidAttributeName = authParams.get("uidAttributeName").getValues().get(0);
String workflowName = authParams.get("workflowName").getValues().get(0);
if (srh.getErrorCode() > 0) {
logger.warn("Browser could not validate u2f token for user '" + userData.getUserDN() + "' : " + srh.getErrorCode());
if (amt.getRequired().equals("required")) {
as.setSuccess(false);
}
holder.getConfig().getAuthManager().nextAuth(request, response, session, false);
return;
}
U2FServer u2f = (U2FServer) request.getSession().getAttribute(SERVER);
SignResponse sigResp = new SignResponse(srh.getKeyHandle(), srh.getSignatureData(), srh.getClientData(), srh.getSessionId());
try {
u2f.processSignResponse(sigResp);
} catch (U2FException e) {
logger.warn("Could not authenticate user : '" + e.getMessage() + "'");
if (amt.getRequired().equals("required")) {
as.setSuccess(false);
}
holder.getConfig().getAuthManager().nextAuth(request, response, session, false);
return;
}
String encrypted;
try {
encrypted = U2fUtil.encode(u2f.getAllSecurityKeys("doesntmatter"), encyrptionKeyName);
} catch (Exception e) {
throw new ServletException("Could not encrypt keys");
}
WFCall wc = new WFCall();
wc.setName(workflowName);
wc.setUidAttributeName(uidAttributeName);
TremoloUser tu = new TremoloUser();
tu.setUid(userData.getAttribs().get(uidAttributeName).getValues().get(0));
tu.getAttributes().add(new Attribute(uidAttributeName, userData.getAttribs().get(uidAttributeName).getValues().get(0)));
tu.getAttributes().add(new Attribute(challengeStoreAttribute, encrypted));
wc.setUser(tu);
Map<String, Object> req = new HashMap<String, Object>();
req.put(ProvisioningParams.UNISON_EXEC_TYPE, ProvisioningParams.UNISON_EXEC_SYNC);
wc.setRequestParams(req);
try {
GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getWorkFlow(workflowName).executeWorkflow(wc);
} catch (ProvisioningException e) {
throw new ServletException("Could not save keys", e);
}
as.setSuccess(true);
holder.getConfig().getAuthManager().nextAuth(request, response, session, false);
}
}
Also used :
AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo)
U2FServer(com.google.u2f.server.U2FServer)
WFCall(com.tremolosecurity.provisioning.service.util.WFCall)
Attribute(com.tremolosecurity.saml.Attribute)
HashMap(java.util.HashMap)
HttpSession(javax.servlet.http.HttpSession)
AuthMechType(com.tremolosecurity.config.xml.AuthMechType)
RequestHolder(com.tremolosecurity.proxy.auth.RequestHolder)
AuthController(com.tremolosecurity.proxy.auth.AuthController)
ServletException(javax.servlet.ServletException)
U2FException(com.google.u2f.U2FException)
MalformedURLException(java.net.MalformedURLException)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
IOException(java.io.IOException)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
UrlHolder(com.tremolosecurity.config.util.UrlHolder)
ServletException(javax.servlet.ServletException)
SignResponse(com.google.u2f.server.messages.SignResponse)
TremoloUser(com.tremolosecurity.provisioning.service.util.TremoloUser)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
U2FException(com.google.u2f.U2FException)
AuthChainType(com.tremolosecurity.config.xml.AuthChainType)
Example 8 with WFCall
use of com.tremolosecurity.provisioning.service.util.WFCall in project OpenUnison by TremoloSecurity.
the class ScalePassword method doFilter.
@Override
public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception {
Gson gson = new Gson();
request.getServletRequest().setAttribute("com.tremolosecurity.unison.proxy.noRedirectOnError", "com.tremolosecurity.unison.proxy.noRedirectOnError");
if (request.getRequestURI().endsWith("/password/config")) {
response.setContentType("application/json");
ScalePasswordUser ssru = new ScalePasswordUser();
ssru.setConfig(scaleConfig);
AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
Attribute displayNameAttribute = userData.getAttribs().get(this.scaleConfig.getDisplayNameAttribute());
if (displayNameAttribute != null) {
ssru.setDisplayName(displayNameAttribute.getValues().get(0));
} else {
ssru.setDisplayName("Unknown");
}
ScaleJSUtils.addCacheHeaders(response);
response.getWriter().println(gson.toJson(ssru).trim());
} else if (request.getMethod().equalsIgnoreCase("POST") && request.getRequestURI().endsWith("/password/submit")) {
AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
String json = new String((byte[]) request.getAttribute(ProxySys.MSG_BODY));
ScaleJSPasswordRequest sr = gson.fromJson(json, ScaleJSPasswordRequest.class);
ScaleError errors = new ScaleError();
if (sr.getPassword1() == null || sr.getPassword2() == null) {
errors.getErrors().add("Passwords are missing");
} else if (!sr.getPassword1().equals(sr.getPassword2())) {
errors.getErrors().add("Passwords do not match");
} else {
List<String> valErrors = this.validator.validate(sr.getPassword1(), userData);
if (valErrors != null && !valErrors.isEmpty()) {
errors.getErrors().addAll(valErrors);
}
if (errors.getErrors().isEmpty()) {
ConfigManager cfgMgr = GlobalEntries.getGlobalEntries().getConfigManager();
WFCall wfCall = new WFCall();
wfCall.setName(this.scaleConfig.getWorkflowName());
wfCall.setReason(this.scaleConfig.getReason());
wfCall.setUidAttributeName(this.scaleConfig.getUidAttribute());
if (this.scaleConfig.isRunSynchronously()) {
wfCall.getRequestParams().put(ProvisioningParams.UNISON_EXEC_TYPE, ProvisioningParams.UNISON_EXEC_SYNC);
} else {
wfCall.getRequestParams().put(ProvisioningParams.UNISON_EXEC_TYPE, ProvisioningParams.UNISON_EXEC_ASYNC);
}
TremoloUser tu = new TremoloUser();
tu.setUid(userData.getAttribs().get(this.scaleConfig.getUidAttribute()).getValues().get(0));
tu.getAttributes().add(new Attribute(this.scaleConfig.getUidAttribute(), userData.getAttribs().get(this.scaleConfig.getUidAttribute()).getValues().get(0)));
tu.setUserPassword(sr.getPassword1());
wfCall.setUser(tu);
try {
com.tremolosecurity.provisioning.workflow.ExecuteWorkflow exec = new com.tremolosecurity.provisioning.workflow.ExecuteWorkflow();
exec.execute(wfCall, GlobalEntries.getGlobalEntries().getConfigManager());
} catch (Exception e) {
logger.error("Could not update user", e);
if (this.scaleConfig.isRunSynchronously()) {
errors.getErrors().add("Unable to set your password, make sure it meets with complexity requirements");
} else {
errors.getErrors().add("Please contact your system administrator");
}
}
}
}
if (errors.getErrors().size() > 0) {
response.setStatus(500);
response.getWriter().print(gson.toJson(errors).trim());
response.getWriter().flush();
}
}
}
Also used :
AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo)
WFCall(com.tremolosecurity.provisioning.service.util.WFCall)
Attribute(com.tremolosecurity.saml.Attribute)
Gson(com.google.gson.Gson)
ScalePasswordUser(com.tremolosecurity.scalejs.password.data.ScalePasswordUser)
ScaleError(com.tremolosecurity.scalejs.data.ScaleError)
ScaleJSPasswordRequest(com.tremolosecurity.scalejs.password.data.ScaleJSPasswordRequest)
AuthController(com.tremolosecurity.proxy.auth.AuthController)
ConfigManager(com.tremolosecurity.config.util.ConfigManager)
TremoloUser(com.tremolosecurity.provisioning.service.util.TremoloUser)
Example 9 with WFCall
use of com.tremolosecurity.provisioning.service.util.WFCall in project OpenUnison by TremoloSecurity.
the class ScaleMain method executeWorkflows.
private void executeWorkflows(HttpFilterRequest request, HttpFilterResponse response, Gson gson) throws Exception {
Type listType = new TypeToken<ArrayList<WorkflowRequest>>() {
}.getType();
byte[] requestBytes = (byte[]) request.getAttribute(ProxySys.MSG_BODY);
String requestString = new String(requestBytes, StandardCharsets.UTF_8);
List<WorkflowRequest> reqs = gson.fromJson(requestString, listType);
HashMap<String, String> results = new HashMap<String, String>();
for (WorkflowRequest req : reqs) {
if (req.getReason() == null || req.getReason().isEmpty()) {
results.put(req.getUuid(), "Reason is required");
} else {
HashSet<String> allowedOrgs = new HashSet<String>();
AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
OrgType ot = GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getOrg();
AzSys az = new AzSys();
this.checkOrg(allowedOrgs, ot, az, userData, request.getSession());
String orgid = null;
List<WorkflowType> wfs = GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getWorkflows().getWorkflow();
for (WorkflowType wf : wfs) {
if (wf.getName().equals(req.getName())) {
orgid = wf.getOrgid();
break;
}
}
if (orgid == null) {
results.put(req.getUuid(), "Not Found");
} else if (!allowedOrgs.contains(orgid)) {
results.put(req.getUuid(), "Unauthorized");
} else {
WFCall wfCall = new WFCall();
wfCall.setName(req.getName());
String requestReason = req.getReason().trim();
if (requestReason.length() > 255) {
logger.warn("Reason is oversized : " + requestReason.length());
requestReason = requestReason.substring(0, 255);
}
wfCall.setReason(requestReason);
wfCall.setUidAttributeName(this.scaleConfig.getUidAttributeName());
wfCall.setEncryptedParams(req.getEncryptedParams());
TremoloUser tu = new TremoloUser();
if (req.getSubjects() == null || req.getSubjects().isEmpty()) {
tu.setUid(userData.getAttribs().get(this.scaleConfig.getUidAttributeName()).getValues().get(0));
tu.getAttributes().add(new Attribute(this.scaleConfig.getUidAttributeName(), userData.getAttribs().get(this.scaleConfig.getUidAttributeName()).getValues().get(0)));
wfCall.setUser(tu);
try {
com.tremolosecurity.provisioning.workflow.ExecuteWorkflow exec = new com.tremolosecurity.provisioning.workflow.ExecuteWorkflow();
exec.execute(wfCall, GlobalEntries.getGlobalEntries().getConfigManager());
results.put(req.getUuid(), "success");
} catch (Exception e) {
logger.error("Could not update user", e);
results.put(req.getUuid(), "Error, please contact your system administrator");
}
} else {
PreCheckResponse preCheckResp = new PreCheckResponse();
checkPreCheck(request, userData, allowedOrgs, req.getName(), orgid, preCheckResp);
StringBuffer errors = new StringBuffer();
if (preCheckResp.isCanDelegate()) {
for (String subject : req.getSubjects()) {
// execute for each subject
wfCall = new WFCall();
wfCall.setName(req.getName());
wfCall.setReason(req.getReason());
wfCall.setUidAttributeName(this.scaleConfig.getUidAttributeName());
wfCall.setEncryptedParams(req.getEncryptedParams());
wfCall.setRequestor(userData.getAttribs().get(this.scaleConfig.getUidAttributeName()).getValues().get(0));
tu = new TremoloUser();
wfCall.setUser(tu);
LDAPSearchResults searchRes = GlobalEntries.getGlobalEntries().getConfigManager().getMyVD().search(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getLdapRoot(), 2, equal(this.scaleConfig.getUidAttributeName(), subject).toString(), new ArrayList<String>());
if (searchRes.hasMore()) {
LDAPEntry entry = searchRes.next();
if (entry == null) {
errors.append("Error, user " + subject + " does not exist;");
} else {
startSubjectWorkflow(errors, req, wfCall, tu, subject, entry, preCheckResp);
}
} else {
errors.append("Error, user " + subject + " does not exist;");
}
while (searchRes.hasMore()) searchRes.next();
}
if (errors.length() == 0) {
results.put(req.getUuid(), "success");
} else {
results.put(req.getUuid(), errors.toString().substring(0, errors.toString().length() - 1));
}
} else {
results.put(req.getUuid(), "Unable to submit");
logger.warn("User '" + userData.getUserDN() + "' not allowed to request for others for '" + req.getName() + "'");
}
}
}
}
}
ScaleJSUtils.addCacheHeaders(response);
response.setContentType("application/json");
response.getWriter().println(gson.toJson(results).trim());
}
Also used :
HashMap(java.util.HashMap)
Attribute(com.tremolosecurity.saml.Attribute)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
ScaleAttribute(com.tremolosecurity.scalejs.cfg.ScaleAttribute)
ArrayList(java.util.ArrayList)
XSSFRichTextString(org.apache.poi.xssf.usermodel.XSSFRichTextString)
RichTextString(org.apache.poi.ss.usermodel.RichTextString)
LDAPEntry(com.novell.ldap.LDAPEntry)
TremoloUser(com.tremolosecurity.provisioning.service.util.TremoloUser)
HashSet(java.util.HashSet)
AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo)
WFCall(com.tremolosecurity.provisioning.service.util.WFCall)
PreCheckResponse(com.tremolosecurity.scalejs.data.PreCheckResponse)
AuthController(com.tremolosecurity.proxy.auth.AuthController)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
LDAPException(com.novell.ldap.LDAPException)
SQLException(java.sql.SQLException)
IOException(java.io.IOException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
MalformedURLException(java.net.MalformedURLException)
OrgType(com.tremolosecurity.config.xml.OrgType)
ReportType(com.tremolosecurity.config.xml.ReportType)
ReportsType(com.tremolosecurity.config.xml.ReportsType)
PortalUrlsType(com.tremolosecurity.config.xml.PortalUrlsType)
ApplicationType(com.tremolosecurity.config.xml.ApplicationType)
Type(java.lang.reflect.Type)
PortalUrlType(com.tremolosecurity.config.xml.PortalUrlType)
ParamType(com.tremolosecurity.config.xml.ParamType)
AzRuleType(com.tremolosecurity.config.xml.AzRuleType)
WorkflowType(com.tremolosecurity.config.xml.WorkflowType)
LDAPSearchResults(com.novell.ldap.LDAPSearchResults)
OrgType(com.tremolosecurity.config.xml.OrgType)
WorkflowType(com.tremolosecurity.config.xml.WorkflowType)
AzSys(com.tremolosecurity.proxy.auth.AzSys)
WorkflowRequest(com.tremolosecurity.scalejs.data.WorkflowRequest)
Example 10 with WFCall
use of com.tremolosecurity.provisioning.service.util.WFCall in project OpenUnison by TremoloSecurity.
the class ScaleMain method saveUser.
private void saveUser(HttpFilterRequest request, HttpFilterResponse response, Gson gson) throws IOException {
ScaleError errors = new ScaleError();
String json = new String((byte[]) request.getAttribute(ProxySys.MSG_BODY));
AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
Set<String> allowedAttrs = null;
if (this.scaleConfig.getUiDecisions() != null) {
allowedAttrs = this.scaleConfig.getUiDecisions().availableAttributes(userData, request.getServletRequest());
}
JsonElement root = new JsonParser().parse(json);
JsonObject jo = root.getAsJsonObject();
HashMap<String, String> values = new HashMap<String, String>();
boolean ok = true;
for (Entry<String, JsonElement> entry : jo.entrySet()) {
String attributeName = entry.getKey();
if (allowedAttrs == null || allowedAttrs.contains(attributeName)) {
String value = entry.getValue().getAsJsonObject().get("value").getAsString();
if (this.scaleConfig.getAttributes().get(attributeName) == null) {
errors.getErrors().add("Invalid attribute : '" + attributeName + "'");
ok = false;
} else if (this.scaleConfig.getAttributes().get(attributeName).isReadOnly()) {
errors.getErrors().add("Attribute is read only : '" + this.scaleConfig.getAttributes().get(attributeName).getDisplayName() + "'");
ok = false;
} else if (this.scaleConfig.getAttributes().get(attributeName).isRequired() && value.length() == 0) {
errors.getErrors().add("Attribute is required : '" + this.scaleConfig.getAttributes().get(attributeName).getDisplayName() + "'");
ok = false;
} else if (this.scaleConfig.getAttributes().get(attributeName).getMinChars() > 0 && this.scaleConfig.getAttributes().get(attributeName).getMinChars() > value.length()) {
errors.getErrors().add(this.scaleConfig.getAttributes().get(attributeName).getDisplayName() + " must have at least " + this.scaleConfig.getAttributes().get(attributeName).getMinChars() + " characters");
ok = false;
} else if (this.scaleConfig.getAttributes().get(attributeName).getMaxChars() > 0 && this.scaleConfig.getAttributes().get(attributeName).getMaxChars() < value.length()) {
errors.getErrors().add(this.scaleConfig.getAttributes().get(attributeName).getDisplayName() + " must have at most " + this.scaleConfig.getAttributes().get(attributeName).getMaxChars() + " characters");
ok = false;
} else if (this.scaleConfig.getAttributes().get(attributeName).getPattern() != null) {
try {
Matcher m = this.scaleConfig.getAttributes().get(attributeName).getPattern().matcher(value);
if (m == null || !m.matches()) {
ok = false;
}
} catch (Exception e) {
ok = false;
}
if (!ok) {
errors.getErrors().add("Attribute value not valid : '" + this.scaleConfig.getAttributes().get(attributeName).getDisplayName() + "' - " + this.scaleConfig.getAttributes().get(attributeName).getRegExFailedMsg());
}
}
values.put(attributeName, value);
}
}
for (String attrName : this.scaleConfig.getAttributes().keySet()) {
if (this.scaleConfig.getAttributes().get(attrName).isRequired() && !values.containsKey(attrName) && (allowedAttrs == null || allowedAttrs.contains(attrName))) {
errors.getErrors().add("Attribute is required : '" + this.scaleConfig.getAttributes().get(attrName).getDisplayName() + "'");
ok = false;
}
}
if (ok) {
ConfigManager cfgMgr = GlobalEntries.getGlobalEntries().getConfigManager();
WFCall wfCall = new WFCall();
wfCall.setName(this.scaleConfig.getWorkflowName());
wfCall.setReason("User update");
wfCall.setUidAttributeName(this.scaleConfig.getUidAttributeName());
TremoloUser tu = new TremoloUser();
tu.setUid(userData.getAttribs().get(this.scaleConfig.getUidAttributeName()).getValues().get(0));
for (String name : values.keySet()) {
tu.getAttributes().add(new Attribute(name, values.get(name)));
}
tu.getAttributes().add(new Attribute(this.scaleConfig.getUidAttributeName(), userData.getAttribs().get(this.scaleConfig.getUidAttributeName()).getValues().get(0)));
wfCall.setUser(tu);
try {
com.tremolosecurity.provisioning.workflow.ExecuteWorkflow exec = new com.tremolosecurity.provisioning.workflow.ExecuteWorkflow();
exec.execute(wfCall, GlobalEntries.getGlobalEntries().getConfigManager());
lookupUser(request, response, gson);
} catch (Exception e) {
logger.error("Could not update user", e);
response.setStatus(500);
ScaleError error = new ScaleError();
error.getErrors().add("Please contact your system administrator");
ScaleJSUtils.addCacheHeaders(response);
response.getWriter().print(gson.toJson(error).trim());
response.getWriter().flush();
}
} else {
response.setStatus(500);
ScaleJSUtils.addCacheHeaders(response);
response.getWriter().print(gson.toJson(errors).trim());
response.getWriter().flush();
}
}
Also used :
AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo)
WFCall(com.tremolosecurity.provisioning.service.util.WFCall)
HashMap(java.util.HashMap)
Matcher(java.util.regex.Matcher)
Attribute(com.tremolosecurity.saml.Attribute)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
ScaleAttribute(com.tremolosecurity.scalejs.cfg.ScaleAttribute)
JsonObject(com.google.gson.JsonObject)
ScaleError(com.tremolosecurity.scalejs.data.ScaleError)
XSSFRichTextString(org.apache.poi.xssf.usermodel.XSSFRichTextString)
RichTextString(org.apache.poi.ss.usermodel.RichTextString)
AuthController(com.tremolosecurity.proxy.auth.AuthController)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
LDAPException(com.novell.ldap.LDAPException)
SQLException(java.sql.SQLException)
IOException(java.io.IOException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
MalformedURLException(java.net.MalformedURLException)
ConfigManager(com.tremolosecurity.config.util.ConfigManager)
TremoloUser(com.tremolosecurity.provisioning.service.util.TremoloUser)
JsonElement(com.google.gson.JsonElement)
JsonParser(com.google.gson.JsonParser)
Aggregations
WFCall (com.tremolosecurity.provisioning.service.util.WFCall)18
TremoloUser (com.tremolosecurity.provisioning.service.util.TremoloUser)15
Attribute (com.tremolosecurity.saml.Attribute)15
Gson (com.google.gson.Gson)9
ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)9
AuthInfo (com.tremolosecurity.proxy.auth.AuthInfo)9
AuthController (com.tremolosecurity.proxy.auth.AuthController)8
HashMap (java.util.HashMap)8
IOException (java.io.IOException)7
LDAPException (com.novell.ldap.LDAPException)6
LDAPSearchResults (com.novell.ldap.LDAPSearchResults)6
LDAPEntry (com.novell.ldap.LDAPEntry)5
ScaleError (com.tremolosecurity.scalejs.data.ScaleError)5
MalformedURLException (java.net.MalformedURLException)5
ConfigManager (com.tremolosecurity.config.util.ConfigManager)4
ArrayList (java.util.ArrayList)4
LDAPAttribute (com.novell.ldap.LDAPAttribute)3
Workflow (com.tremolosecurity.provisioning.core.Workflow)3
ScaleAttribute (com.tremolosecurity.scalejs.cfg.ScaleAttribute)3
Matcher (java.util.regex.Matcher)3
