Example 1 with SessionManager
use of com.tremolosecurity.proxy.SessionManager in project OpenUnison by TremoloSecurity.
the class MetricsFilter method doFilter.
@Override
public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception {
SessionManager sessionMgr = (SessionManager) GlobalEntries.getGlobalEntries().getConfigManager().getContext().getAttribute(ProxyConstants.TREMOLO_SESSION_MANAGER);
sessionsGauge.set(sessionMgr.getSessions().size());
if (this.localMetrics != null) {
this.localMetrics.addMetrics(request, response, chain);
}
response.setStatus(HttpServletResponse.SC_OK);
response.setContentType(TextFormat.CONTENT_TYPE_004);
Enumeration<MetricFamilySamples> mfs = registry.filteredMetricFamilySamples(parse(request.getServletRequest()));
Writer writer = response.getWriter();
try {
TextFormat.write004(writer, mfs);
writer.flush();
} finally {
}
}
Also used :
SessionManager(com.tremolosecurity.proxy.SessionManager)
MetricFamilySamples(io.prometheus.client.Collector.MetricFamilySamples)
Writer(java.io.Writer)
Example 2 with SessionManager
use of com.tremolosecurity.proxy.SessionManager in project OpenUnison by TremoloSecurity.
the class PostProcess method getHttp.
public CloseableHttpClient getHttp(String finalURL, HttpServletRequest request, UrlHolder holder) {
ConfigManager cfgMgr = holder.getConfig();
HttpSession session = request.getSession();
PoolingHttpClientConnectionManager phcm = (PoolingHttpClientConnectionManager) session.getAttribute("TREMOLO_HTTP_POOL");
CloseableHttpClient http = (CloseableHttpClient) session.getAttribute("TREMOLO_HTTP_CLIENT");
if (http == null) {
if (holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig().isCookiesEnabled() == null || holder.getApp().getCookieConfig().isCookiesEnabled()) {
// create a new connection manager and client
phcm = new PoolingHttpClientConnectionManager(cfgMgr.getHttpClientSocketRegistry());
BigInteger num = cfgMgr.getCfg().getThreadsPerRoute();
if (num == null) {
phcm.setDefaultMaxPerRoute(6);
} else {
phcm.setDefaultMaxPerRoute(num.intValue());
}
phcm.setDefaultSocketConfig(SocketConfig.custom().setSoKeepAlive(true).build());
http = HttpClients.custom().setConnectionManager(phcm).setDefaultRequestConfig(cfgMgr.getGlobalHttpClientConfig()).build();
session.setAttribute("TREMOLO_HTTP_POOL", phcm);
session.setAttribute("TREMOLO_HTTP_CLIENT", http);
LogoutUtil.insertFirstLogoutHandler(request, new CloseHttpConnectionsOnLogout(http, phcm));
} else {
// no session, need to create single connection
BasicHttpClientConnectionManager bhcm = new BasicHttpClientConnectionManager(cfgMgr.getHttpClientSocketRegistry());
RequestConfig rc = RequestConfig.custom().setCookieSpec(CookieSpecs.STANDARD).setRedirectsEnabled(false).setConnectionRequestTimeout(10000).setSocketTimeout(10000).setConnectTimeout(10000).build();
http = HttpClients.custom().setConnectionManager(bhcm).setDefaultRequestConfig(rc).build();
session.setAttribute("TREMOLO_HTTP_CM", bhcm);
session.setAttribute("TREMOLO_HTTP_CLIENT", http);
// remove from the session pool
SessionManager sessionMgr = (SessionManager) GlobalEntries.getGlobalEntries().getConfigManager().getContext().getAttribute(ProxyConstants.TREMOLO_SESSION_MANAGER);
sessionMgr.removeSessionFromCache((TremoloHttpSession) session);
}
}
return http;
}
Also used :
CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient)
RequestConfig(org.apache.http.client.config.RequestConfig)
HttpSession(javax.servlet.http.HttpSession)
TremoloHttpSession(com.tremolosecurity.proxy.TremoloHttpSession)
SessionManager(com.tremolosecurity.proxy.SessionManager)
BigInteger(java.math.BigInteger)
ConfigManager(com.tremolosecurity.config.util.ConfigManager)
BasicHttpClientConnectionManager(org.apache.http.impl.conn.BasicHttpClientConnectionManager)
PoolingHttpClientConnectionManager(org.apache.http.impl.conn.PoolingHttpClientConnectionManager)
Example 3 with SessionManager
use of com.tremolosecurity.proxy.SessionManager in project OpenUnison by TremoloSecurity.
the class UnisonServletFilter method doFilter.
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = new LocalSessionRequest((HttpServletRequest) request);
HttpServletResponse resp = (HttpServletResponse) response;
ConfigManager cfg = (ConfigManager) ctx.getAttribute(ProxyConstants.TREMOLO_CONFIG);
SessionManager sessionMgr = (SessionManager) ctx.getAttribute(ProxyConstants.TREMOLO_SESSION_MANAGER);
ProxyRequest pr = null;
try {
pr = new ProxyRequest((HttpServletRequest) req);
} catch (Exception e1) {
logger.error("Unable to create request", e1);
throw new IOException("Could not create request");
}
try {
req.setAttribute(ProxyConstants.TREMOLO_FILTER_CHAIN, chain);
NextEmbSys embSys = new NextEmbSys(this.cfg.getServletContext(), chain, passOn);
/*System.err.println("*** Begin Request ****");
System.err.println("url = '" + ((HttpServletRequest)req).getRequestURL() + "'");
Cookie[] cookies = ((HttpServletRequest) req).getCookies();
if (cookies != null) {
for (Cookie cookie : cookies) {
System.err.println("'" + cookie.getName() + "'='" + cookie.getValue() + "'");
}
}
System.err.println("*** End Request ****");*/
String fwdProto = req.getHeader("X-Forwarded-Proto");
boolean toSSL = false;
if (cfg.isForceToSSL()) {
if (fwdProto != null) {
toSSL = fwdProto.equalsIgnoreCase("http");
} else {
toSSL = !req.getRequestURL().toString().toLowerCase().startsWith("https");
}
}
if (toSSL) {
StringBuffer redirURL = new StringBuffer();
URL reqURL = new URL(req.getRequestURL().toString());
redirURL.append("https://").append(reqURL.getHost());
if (cfg.getExternalSecurePort() != 443) {
redirURL.append(":").append(cfg.getSecurePort());
}
redirURL.append(reqURL.getPath());
if (reqURL.getQuery() != null) {
redirURL.append('?').append(reqURL.getQuery());
}
resp.sendRedirect(redirURL.toString());
return;
}
// add hsts
if (GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getApplications().isHsts()) {
StringBuffer sb = new StringBuffer();
sb.append("max-age=").append(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getApplications().getHstsTTL()).append(" ; includeSubDomains");
resp.addHeader("Strict-Transport-Security", sb.toString());
}
req.setAttribute(ProxyConstants.TREMOLO_CFG_OBJ, cfg);
HttpServletRequest servReq = (HttpServletRequest) req;
String URL;
HttpSession sharedSession = null;
UrlHolder holder = null;
URL = servReq.getRequestURL().toString();
holder = cfg.findURL(URL);
boolean isForcedAuth = false;
RequestHolder reqHolder = null;
String sessionCookieName = req.getParameter("sessionCookie");
if (sessionCookieName == null) {
Cookie[] cookies = ((HttpServletRequest) req).getCookies();
if (cookies != null) {
for (int i = 0; i < cookies.length; i++) {
if (cookies[i].getName().equals("autoIdmSessionCookieName")) {
sessionCookieName = cookies[i].getValue();
}
}
}
}
if (sessionCookieName == null) {
} else {
}
if (holder == null) {
// check the session
sharedSession = sessionMgr.getSession(sessionCookieName, holder, ((HttpServletRequest) req), ((HttpServletResponse) resp), this.ctx);
if (sharedSession != null) {
AuthController actl = (AuthController) sharedSession.getAttribute(ProxyConstants.AUTH_CTL);
if (actl.getHolder() != null) {
URL = ((AuthController) sharedSession.getAttribute(ProxyConstants.AUTH_CTL)).getHolder().getURL();
holder = cfg.findURL(URL);
}
}
} else {
sharedSession = sessionMgr.getSession(holder, ((HttpServletRequest) req), ((HttpServletResponse) resp), this.ctx);
}
// LocalSessionRequest lsr = new LocalSessionRequest((HttpServletRequest)req,sharedSession);
if (sharedSession != null) {
pr.setSession(sharedSession);
}
if ((holder == null || holder.getUrl().getUri().equalsIgnoreCase("/")) && req.getRequestURI().startsWith(cfg.getAuthPath()) && sessionCookieName == null) {
// if (req.getRequestURI().startsWith("/auth/")) {
AuthMechanism authMech = cfg.getAuthMech(((HttpServletRequest) req).getRequestURI());
if (authMech != null) {
String finalURL = authMech.getFinalURL(pr, resp);
if (resp.getStatus() == 302) {
// redirect sent, stop processing
return;
}
if (finalURL != null) {
holder = cfg.findURL(finalURL);
if (holder != null) {
String urlChain = holder.getUrl().getAuthChain();
AuthChainType act = holder.getConfig().getAuthChains().get(urlChain);
HashMap<String, Attribute> params = new HashMap<String, Attribute>();
ProxyUtil.loadParams(req, params);
if (req instanceof ProxyRequest) {
reqHolder = new RequestHolder(HTTPMethod.GET, params, finalURL, true, act.getName(), ((ProxyRequest) req).getQueryStringParams());
} else {
reqHolder = new RequestHolder(HTTPMethod.GET, params, finalURL, true, act.getName(), ((com.tremolosecurity.embedd.LocalSessionRequest) req).getQueryStringParams());
}
isForcedAuth = true;
sharedSession = sessionMgr.getSession(holder, ((HttpServletRequest) req), ((HttpServletResponse) resp), this.ctx);
if (sharedSession != null) {
pr.setSession(sharedSession);
}
Cookie lsessionCookieName = new Cookie("autoIdmSessionCookieName", holder.getApp().getCookieConfig().getSessionCookieName());
String domain = ProxyTools.getInstance().getCookieDomain(holder.getApp().getCookieConfig(), req);
if (domain != null) {
lsessionCookieName.setDomain(domain);
}
lsessionCookieName.setPath("/");
lsessionCookieName.setMaxAge(-1);
lsessionCookieName.setSecure(false);
if ((holder.getApp() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig().isCookiesEnabled() == null) || holder.getApp().getCookieConfig().isCookiesEnabled()) {
ProxyResponse.addCookieToResponse(holder, lsessionCookieName, (HttpServletResponse) response);
}
Cookie appCookieName = new Cookie("autoIdmAppName", URLEncoder.encode(holder.getApp().getName(), "UTF-8"));
if (domain != null) {
appCookieName.setDomain(domain);
}
appCookieName.setPath("/");
appCookieName.setMaxAge(-1);
appCookieName.setSecure(false);
if ((holder.getApp() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig().isCookiesEnabled() == null) || holder.getApp().getCookieConfig().isCookiesEnabled()) {
ProxyResponse.addCookieToResponse(holder, appCookieName, (HttpServletResponse) response);
}
// resp.addCookie(appCookieName);
}
}
}
}
req.setAttribute(ProxyConstants.AUTOIDM_CFG, holder);
req.setAttribute(ProxyConstants.TREMOLO_IS_FORCED_AUTH, isForcedAuth);
req.setAttribute(ProxyConstants.TREMOLO_REQ_HOLDER, reqHolder);
if (!resp.isCommitted()) {
embSys.nextSys(pr, (HttpServletResponse) resp);
}
} catch (Exception e) {
req.setAttribute("TREMOLO_ERROR_REQUEST_URL", req.getRequestURL().toString());
req.setAttribute("TREMOLO_ERROR_EXCEPTION", e);
logger.error("Could not process request", e);
StringBuffer b = new StringBuffer();
b.append(cfg.getAuthFormsPath()).append("error.jsp");
req.getRequestDispatcher(b.toString()).forward(pr, resp);
}
}
Also used :
Attribute(com.tremolosecurity.saml.Attribute)
HashMap(java.util.HashMap)
NextEmbSys(com.tremolosecurity.embedd.NextEmbSys)
RequestHolder(com.tremolosecurity.proxy.auth.RequestHolder)
URL(java.net.URL)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
LocalSessionRequest(com.tremolosecurity.embedd.LocalSessionRequest)
UrlHolder(com.tremolosecurity.config.util.UrlHolder)
AuthMechanism(com.tremolosecurity.proxy.auth.AuthMechanism)
ProxyRequest(com.tremolosecurity.proxy.ProxyRequest)
AuthChainType(com.tremolosecurity.config.xml.AuthChainType)
Cookie(javax.servlet.http.Cookie)
SessionManager(com.tremolosecurity.proxy.SessionManager)
HttpSession(javax.servlet.http.HttpSession)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
IOException(java.io.IOException)
AuthController(com.tremolosecurity.proxy.auth.AuthController)
ConfigManager(com.tremolosecurity.config.util.ConfigManager)
ServletException(javax.servlet.ServletException)
IOException(java.io.IOException)
Aggregations
SessionManager (com.tremolosecurity.proxy.SessionManager)3
ConfigManager (com.tremolosecurity.config.util.ConfigManager)2
HttpSession (javax.servlet.http.HttpSession)2
UrlHolder (com.tremolosecurity.config.util.UrlHolder)1
AuthChainType (com.tremolosecurity.config.xml.AuthChainType)1
LocalSessionRequest (com.tremolosecurity.embedd.LocalSessionRequest)1
NextEmbSys (com.tremolosecurity.embedd.NextEmbSys)1
ProxyRequest (com.tremolosecurity.proxy.ProxyRequest)1
TremoloHttpSession (com.tremolosecurity.proxy.TremoloHttpSession)1
AuthController (com.tremolosecurity.proxy.auth.AuthController)1
AuthMechanism (com.tremolosecurity.proxy.auth.AuthMechanism)1
RequestHolder (com.tremolosecurity.proxy.auth.RequestHolder)1
Attribute (com.tremolosecurity.saml.Attribute)1
MetricFamilySamples (io.prometheus.client.Collector.MetricFamilySamples)1
IOException (java.io.IOException)1
Writer (java.io.Writer)1
BigInteger (java.math.BigInteger)1
URL (java.net.URL)1
HashMap (java.util.HashMap)1
ServletException (javax.servlet.ServletException)1
