Example 6 with ProxyRequest
use of com.tremolosecurity.proxy.ProxyRequest in project OpenUnison by TremoloSecurity.
the class NextEmbSys method nextSys.
@Override
public void nextSys(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
ConfigManager cfg = this.cfgSys.getConfigManager();
switch(this.state) {
case Config:
this.state = SysState.Auth;
cfgSys.doConfig(request, response, this);
break;
case Auth:
if (request.getRequestURI().startsWith(cfg.getAuthFormsPath())) /*|| request.getRequestURI().startsWith(cfg.getAuthIdPPath() ) /*|| request.getRequestURI().startsWith("/auth/idp/")*/
{
// processesing the authentications, skip auth and az processing
this.state = SysState.Skip;
// System.out.println(request.getSession());
chain.doFilter(request, response);
} else {
this.state = SysState.Az;
auSys.doAuth(request, response, this);
}
break;
case Az:
this.state = SysState.AuthMgr;
azSys.doAz(request, response, this);
break;
case AuthMgr:
this.state = SysState.Fwd;
AuthController actl = (AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL);
if (actl != null) {
AuthStep curStep = actl.getCurrentStep();
if (curStep != null) {
curStep.setExecuted(true);
curStep.setSuccess(false);
}
authMgrSys.doAuthMgr(request, response, this, curStep);
} else {
authMgrSys.doAuthMgr(request, response, this, null);
}
break;
case Fwd:
if (this.passOn) {
if (request.getRequestURI().startsWith(cfg.getAuthPath()) || proxy == null) {
chain.doFilter(request, response);
} else {
if (((ProxyRequest) request).isPush()) {
proxy.doPush(request, response);
} else {
proxy.doURI(request, response);
}
/*
if (request.getMethod().equalsIgnoreCase("get")) {
proxy.doGet(request, response);
} else if (request.getMethod().equalsIgnoreCase("post")) {
proxy.doPost(request, response);
} else if (request.getMethod().equalsIgnoreCase("options")) {
proxy.doOptions(request, response);
} else if (request.getMethod().equalsIgnoreCase("delete")) {
proxy.doDelete(request, response);
} else if (request.getMethod().equalsIgnoreCase("put")) {
proxy.doPut(request, response);
} else {
throw new ServletException("Method not supported");
}*/
}
} else {
((ProxyRequest) request).copyQSParamsToFormParams();
fwd.doEmbResults(request, response, chain, this);
}
break;
default:
}
}
Also used :
AuthStep(com.tremolosecurity.proxy.auth.util.AuthStep)
ProxyRequest(com.tremolosecurity.proxy.ProxyRequest)
AuthController(com.tremolosecurity.proxy.auth.AuthController)
ConfigManager(com.tremolosecurity.config.util.ConfigManager)
Example 7 with ProxyRequest
use of com.tremolosecurity.proxy.ProxyRequest in project OpenUnison by TremoloSecurity.
the class UnisonServletFilter method doFilter.
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = new LocalSessionRequest((HttpServletRequest) request);
HttpServletResponse resp = (HttpServletResponse) response;
ConfigManager cfg = (ConfigManager) ctx.getAttribute(ProxyConstants.TREMOLO_CONFIG);
SessionManager sessionMgr = (SessionManager) ctx.getAttribute(ProxyConstants.TREMOLO_SESSION_MANAGER);
ProxyRequest pr = null;
try {
pr = new ProxyRequest((HttpServletRequest) req);
} catch (Exception e1) {
logger.error("Unable to create request", e1);
throw new IOException("Could not create request");
}
try {
req.setAttribute(ProxyConstants.TREMOLO_FILTER_CHAIN, chain);
NextEmbSys embSys = new NextEmbSys(this.cfg.getServletContext(), chain, passOn);
/*System.err.println("*** Begin Request ****");
System.err.println("url = '" + ((HttpServletRequest)req).getRequestURL() + "'");
Cookie[] cookies = ((HttpServletRequest) req).getCookies();
if (cookies != null) {
for (Cookie cookie : cookies) {
System.err.println("'" + cookie.getName() + "'='" + cookie.getValue() + "'");
}
}
System.err.println("*** End Request ****");*/
String fwdProto = req.getHeader("X-Forwarded-Proto");
boolean toSSL = false;
if (cfg.isForceToSSL()) {
if (fwdProto != null) {
toSSL = fwdProto.equalsIgnoreCase("http");
} else {
toSSL = !req.getRequestURL().toString().toLowerCase().startsWith("https");
}
}
if (toSSL) {
StringBuffer redirURL = new StringBuffer();
URL reqURL = new URL(req.getRequestURL().toString());
redirURL.append("https://").append(reqURL.getHost());
if (cfg.getExternalSecurePort() != 443) {
redirURL.append(":").append(cfg.getSecurePort());
}
redirURL.append(reqURL.getPath());
if (reqURL.getQuery() != null) {
redirURL.append('?').append(reqURL.getQuery());
}
resp.sendRedirect(redirURL.toString());
return;
}
// add hsts
if (GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getApplications().isHsts()) {
StringBuffer sb = new StringBuffer();
sb.append("max-age=").append(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getApplications().getHstsTTL()).append(" ; includeSubDomains");
resp.addHeader("Strict-Transport-Security", sb.toString());
}
req.setAttribute(ProxyConstants.TREMOLO_CFG_OBJ, cfg);
HttpServletRequest servReq = (HttpServletRequest) req;
String URL;
HttpSession sharedSession = null;
UrlHolder holder = null;
URL = servReq.getRequestURL().toString();
holder = cfg.findURL(URL);
boolean isForcedAuth = false;
RequestHolder reqHolder = null;
String sessionCookieName = req.getParameter("sessionCookie");
if (sessionCookieName == null) {
Cookie[] cookies = ((HttpServletRequest) req).getCookies();
if (cookies != null) {
for (int i = 0; i < cookies.length; i++) {
if (cookies[i].getName().equals("autoIdmSessionCookieName")) {
sessionCookieName = cookies[i].getValue();
}
}
}
}
if (sessionCookieName == null) {
} else {
}
if (holder == null) {
// check the session
sharedSession = sessionMgr.getSession(sessionCookieName, holder, ((HttpServletRequest) req), ((HttpServletResponse) resp), this.ctx);
if (sharedSession != null) {
AuthController actl = (AuthController) sharedSession.getAttribute(ProxyConstants.AUTH_CTL);
if (actl.getHolder() != null) {
URL = ((AuthController) sharedSession.getAttribute(ProxyConstants.AUTH_CTL)).getHolder().getURL();
holder = cfg.findURL(URL);
}
}
} else {
sharedSession = sessionMgr.getSession(holder, ((HttpServletRequest) req), ((HttpServletResponse) resp), this.ctx);
}
// LocalSessionRequest lsr = new LocalSessionRequest((HttpServletRequest)req,sharedSession);
if (sharedSession != null) {
pr.setSession(sharedSession);
}
if ((holder == null || holder.getUrl().getUri().equalsIgnoreCase("/")) && req.getRequestURI().startsWith(cfg.getAuthPath()) && sessionCookieName == null) {
// if (req.getRequestURI().startsWith("/auth/")) {
AuthMechanism authMech = cfg.getAuthMech(((HttpServletRequest) req).getRequestURI());
if (authMech != null) {
String finalURL = authMech.getFinalURL(pr, resp);
if (resp.getStatus() == 302) {
// redirect sent, stop processing
return;
}
if (finalURL != null) {
holder = cfg.findURL(finalURL);
if (holder != null) {
String urlChain = holder.getUrl().getAuthChain();
AuthChainType act = holder.getConfig().getAuthChains().get(urlChain);
HashMap<String, Attribute> params = new HashMap<String, Attribute>();
ProxyUtil.loadParams(req, params);
if (req instanceof ProxyRequest) {
reqHolder = new RequestHolder(HTTPMethod.GET, params, finalURL, true, act.getName(), ((ProxyRequest) req).getQueryStringParams());
} else {
reqHolder = new RequestHolder(HTTPMethod.GET, params, finalURL, true, act.getName(), ((com.tremolosecurity.embedd.LocalSessionRequest) req).getQueryStringParams());
}
isForcedAuth = true;
sharedSession = sessionMgr.getSession(holder, ((HttpServletRequest) req), ((HttpServletResponse) resp), this.ctx);
if (sharedSession != null) {
pr.setSession(sharedSession);
}
Cookie lsessionCookieName = new Cookie("autoIdmSessionCookieName", holder.getApp().getCookieConfig().getSessionCookieName());
String domain = ProxyTools.getInstance().getCookieDomain(holder.getApp().getCookieConfig(), req);
if (domain != null) {
lsessionCookieName.setDomain(domain);
}
lsessionCookieName.setPath("/");
lsessionCookieName.setMaxAge(-1);
lsessionCookieName.setSecure(false);
if ((holder.getApp() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig().isCookiesEnabled() == null) || holder.getApp().getCookieConfig().isCookiesEnabled()) {
ProxyResponse.addCookieToResponse(holder, lsessionCookieName, (HttpServletResponse) response);
}
Cookie appCookieName = new Cookie("autoIdmAppName", URLEncoder.encode(holder.getApp().getName(), "UTF-8"));
if (domain != null) {
appCookieName.setDomain(domain);
}
appCookieName.setPath("/");
appCookieName.setMaxAge(-1);
appCookieName.setSecure(false);
if ((holder.getApp() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig().isCookiesEnabled() == null) || holder.getApp().getCookieConfig().isCookiesEnabled()) {
ProxyResponse.addCookieToResponse(holder, appCookieName, (HttpServletResponse) response);
}
// resp.addCookie(appCookieName);
}
}
}
}
req.setAttribute(ProxyConstants.AUTOIDM_CFG, holder);
req.setAttribute(ProxyConstants.TREMOLO_IS_FORCED_AUTH, isForcedAuth);
req.setAttribute(ProxyConstants.TREMOLO_REQ_HOLDER, reqHolder);
if (!resp.isCommitted()) {
embSys.nextSys(pr, (HttpServletResponse) resp);
}
} catch (Exception e) {
req.setAttribute("TREMOLO_ERROR_REQUEST_URL", req.getRequestURL().toString());
req.setAttribute("TREMOLO_ERROR_EXCEPTION", e);
logger.error("Could not process request", e);
StringBuffer b = new StringBuffer();
b.append(cfg.getAuthFormsPath()).append("error.jsp");
req.getRequestDispatcher(b.toString()).forward(pr, resp);
}
}
Also used :
Attribute(com.tremolosecurity.saml.Attribute)
HashMap(java.util.HashMap)
NextEmbSys(com.tremolosecurity.embedd.NextEmbSys)
RequestHolder(com.tremolosecurity.proxy.auth.RequestHolder)
URL(java.net.URL)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
LocalSessionRequest(com.tremolosecurity.embedd.LocalSessionRequest)
UrlHolder(com.tremolosecurity.config.util.UrlHolder)
AuthMechanism(com.tremolosecurity.proxy.auth.AuthMechanism)
ProxyRequest(com.tremolosecurity.proxy.ProxyRequest)
AuthChainType(com.tremolosecurity.config.xml.AuthChainType)
Cookie(javax.servlet.http.Cookie)
SessionManager(com.tremolosecurity.proxy.SessionManager)
HttpSession(javax.servlet.http.HttpSession)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
IOException(java.io.IOException)
AuthController(com.tremolosecurity.proxy.auth.AuthController)
ConfigManager(com.tremolosecurity.config.util.ConfigManager)
ServletException(javax.servlet.ServletException)
IOException(java.io.IOException)
Example 8 with ProxyRequest
use of com.tremolosecurity.proxy.ProxyRequest in project OpenUnison by TremoloSecurity.
the class SamlTransaction method processGetAuthnReq.
private void processGetAuthnReq(HttpServletRequest request, HttpServletResponse response, DocumentBuilderFactory factory) throws ServletException {
try {
ProxyRequest pr = (ProxyRequest) request;
StringBuffer url = new StringBuffer();
url.append(request.getRequestURL()).append('?').append(request.getQueryString());
request.getSession().setAttribute(SAML2_AUTHN_REQ_URL, url);
String saml = this.inflate(request.getParameter("SAMLRequest"));
if (logger.isDebugEnabled()) {
logger.debug(saml);
}
String relayState = request.getParameter("RelayState");
procAuthnReq(request, response, factory, saml, relayState);
} catch (NullPointerException e) {
throw new ServletException("AuthnRequest is missing elements", e);
} catch (Exception e) {
logger.error("Could not parse http-relay request", e);
throw new ServletException("Could not parse http-relay request", e);
}
}
Also used :
ServletException(javax.servlet.ServletException)
ProxyRequest(com.tremolosecurity.proxy.ProxyRequest)
ServletException(javax.servlet.ServletException)
SignatureException(java.security.SignatureException)
UnmarshallingException(org.opensaml.core.xml.io.UnmarshallingException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
SAXException(org.xml.sax.SAXException)
InvalidKeyException(java.security.InvalidKeyException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
InitializationException(org.opensaml.core.config.InitializationException)
MalformedURLException(java.net.MalformedURLException)
IOException(java.io.IOException)
ParserConfigurationException(javax.xml.parsers.ParserConfigurationException)
Aggregations
ProxyRequest (com.tremolosecurity.proxy.ProxyRequest)8
ServletException (javax.servlet.ServletException)5
ConfigManager (com.tremolosecurity.config.util.ConfigManager)4
Attribute (com.tremolosecurity.saml.Attribute)4
IOException (java.io.IOException)4
HashMap (java.util.HashMap)4
UrlHolder (com.tremolosecurity.config.util.UrlHolder)3
AuthChainType (com.tremolosecurity.config.xml.AuthChainType)3
AuthMechType (com.tremolosecurity.config.xml.AuthMechType)3
AuthController (com.tremolosecurity.proxy.auth.AuthController)3
LDAPAttribute (com.novell.ldap.LDAPAttribute)2
LDAPException (com.novell.ldap.LDAPException)2
MechanismType (com.tremolosecurity.config.xml.MechanismType)2
AuthMechanism (com.tremolosecurity.proxy.auth.AuthMechanism)2
RequestHolder (com.tremolosecurity.proxy.auth.RequestHolder)2
AuthStep (com.tremolosecurity.proxy.auth.util.AuthStep)2
UnsupportedEncodingException (java.io.UnsupportedEncodingException)2
Cookie (javax.servlet.http.Cookie)2
HttpServletRequest (javax.servlet.http.HttpServletRequest)2
HttpSession (javax.servlet.http.HttpSession)2
