Search in sources :

Example 1 with SessionManager

use of com.tremolosecurity.proxy.SessionManager in project OpenUnison by TremoloSecurity.

the class MetricsFilter method doFilter.

@Override
public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception {
    SessionManager sessionMgr = (SessionManager) GlobalEntries.getGlobalEntries().getConfigManager().getContext().getAttribute(ProxyConstants.TREMOLO_SESSION_MANAGER);
    sessionsGauge.set(sessionMgr.getSessions().size());
    if (this.localMetrics != null) {
        this.localMetrics.addMetrics(request, response, chain);
    }
    response.setStatus(HttpServletResponse.SC_OK);
    response.setContentType(TextFormat.CONTENT_TYPE_004);
    Enumeration<MetricFamilySamples> mfs = registry.filteredMetricFamilySamples(parse(request.getServletRequest()));
    Writer writer = response.getWriter();
    try {
        TextFormat.write004(writer, mfs);
        writer.flush();
    } finally {
    }
}
Also used : SessionManager(com.tremolosecurity.proxy.SessionManager) MetricFamilySamples(io.prometheus.client.Collector.MetricFamilySamples) Writer(java.io.Writer)

Example 2 with SessionManager

use of com.tremolosecurity.proxy.SessionManager in project OpenUnison by TremoloSecurity.

the class PostProcess method getHttp.

public CloseableHttpClient getHttp(String finalURL, HttpServletRequest request, UrlHolder holder) {
    ConfigManager cfgMgr = holder.getConfig();
    HttpSession session = request.getSession();
    PoolingHttpClientConnectionManager phcm = (PoolingHttpClientConnectionManager) session.getAttribute("TREMOLO_HTTP_POOL");
    CloseableHttpClient http = (CloseableHttpClient) session.getAttribute("TREMOLO_HTTP_CLIENT");
    if (http == null) {
        if (holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig().isCookiesEnabled() == null || holder.getApp().getCookieConfig().isCookiesEnabled()) {
            // create a new connection manager and client
            phcm = new PoolingHttpClientConnectionManager(cfgMgr.getHttpClientSocketRegistry());
            BigInteger num = cfgMgr.getCfg().getThreadsPerRoute();
            if (num == null) {
                phcm.setDefaultMaxPerRoute(6);
            } else {
                phcm.setDefaultMaxPerRoute(num.intValue());
            }
            phcm.setDefaultSocketConfig(SocketConfig.custom().setSoKeepAlive(true).build());
            http = HttpClients.custom().setConnectionManager(phcm).setDefaultRequestConfig(cfgMgr.getGlobalHttpClientConfig()).build();
            session.setAttribute("TREMOLO_HTTP_POOL", phcm);
            session.setAttribute("TREMOLO_HTTP_CLIENT", http);
            LogoutUtil.insertFirstLogoutHandler(request, new CloseHttpConnectionsOnLogout(http, phcm));
        } else {
            // no session, need to create single connection
            BasicHttpClientConnectionManager bhcm = new BasicHttpClientConnectionManager(cfgMgr.getHttpClientSocketRegistry());
            RequestConfig rc = RequestConfig.custom().setCookieSpec(CookieSpecs.STANDARD).setRedirectsEnabled(false).setConnectionRequestTimeout(10000).setSocketTimeout(10000).setConnectTimeout(10000).build();
            http = HttpClients.custom().setConnectionManager(bhcm).setDefaultRequestConfig(rc).build();
            session.setAttribute("TREMOLO_HTTP_CM", bhcm);
            session.setAttribute("TREMOLO_HTTP_CLIENT", http);
            // remove from the session pool
            SessionManager sessionMgr = (SessionManager) GlobalEntries.getGlobalEntries().getConfigManager().getContext().getAttribute(ProxyConstants.TREMOLO_SESSION_MANAGER);
            sessionMgr.removeSessionFromCache((TremoloHttpSession) session);
        }
    }
    return http;
}
Also used : CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient) RequestConfig(org.apache.http.client.config.RequestConfig) HttpSession(javax.servlet.http.HttpSession) TremoloHttpSession(com.tremolosecurity.proxy.TremoloHttpSession) SessionManager(com.tremolosecurity.proxy.SessionManager) BigInteger(java.math.BigInteger) ConfigManager(com.tremolosecurity.config.util.ConfigManager) BasicHttpClientConnectionManager(org.apache.http.impl.conn.BasicHttpClientConnectionManager) PoolingHttpClientConnectionManager(org.apache.http.impl.conn.PoolingHttpClientConnectionManager)

Example 3 with SessionManager

use of com.tremolosecurity.proxy.SessionManager in project OpenUnison by TremoloSecurity.

the class UnisonServletFilter method doFilter.

@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
    HttpServletRequest req = new LocalSessionRequest((HttpServletRequest) request);
    HttpServletResponse resp = (HttpServletResponse) response;
    ConfigManager cfg = (ConfigManager) ctx.getAttribute(ProxyConstants.TREMOLO_CONFIG);
    SessionManager sessionMgr = (SessionManager) ctx.getAttribute(ProxyConstants.TREMOLO_SESSION_MANAGER);
    ProxyRequest pr = null;
    try {
        pr = new ProxyRequest((HttpServletRequest) req);
    } catch (Exception e1) {
        logger.error("Unable to create request", e1);
        throw new IOException("Could not create request");
    }
    try {
        req.setAttribute(ProxyConstants.TREMOLO_FILTER_CHAIN, chain);
        NextEmbSys embSys = new NextEmbSys(this.cfg.getServletContext(), chain, passOn);
        /*System.err.println("*** Begin Request ****");
			System.err.println("url = '" + ((HttpServletRequest)req).getRequestURL() + "'");
			Cookie[] cookies = ((HttpServletRequest) req).getCookies();
			if (cookies != null) {
				for (Cookie cookie : cookies) {
					System.err.println("'" + cookie.getName() + "'='" + cookie.getValue() + "'");
				}
			}
			System.err.println("*** End Request ****");*/
        String fwdProto = req.getHeader("X-Forwarded-Proto");
        boolean toSSL = false;
        if (cfg.isForceToSSL()) {
            if (fwdProto != null) {
                toSSL = fwdProto.equalsIgnoreCase("http");
            } else {
                toSSL = !req.getRequestURL().toString().toLowerCase().startsWith("https");
            }
        }
        if (toSSL) {
            StringBuffer redirURL = new StringBuffer();
            URL reqURL = new URL(req.getRequestURL().toString());
            redirURL.append("https://").append(reqURL.getHost());
            if (cfg.getExternalSecurePort() != 443) {
                redirURL.append(":").append(cfg.getSecurePort());
            }
            redirURL.append(reqURL.getPath());
            if (reqURL.getQuery() != null) {
                redirURL.append('?').append(reqURL.getQuery());
            }
            resp.sendRedirect(redirURL.toString());
            return;
        }
        // add hsts
        if (GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getApplications().isHsts()) {
            StringBuffer sb = new StringBuffer();
            sb.append("max-age=").append(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getApplications().getHstsTTL()).append(" ; includeSubDomains");
            resp.addHeader("Strict-Transport-Security", sb.toString());
        }
        req.setAttribute(ProxyConstants.TREMOLO_CFG_OBJ, cfg);
        HttpServletRequest servReq = (HttpServletRequest) req;
        String URL;
        HttpSession sharedSession = null;
        UrlHolder holder = null;
        URL = servReq.getRequestURL().toString();
        holder = cfg.findURL(URL);
        boolean isForcedAuth = false;
        RequestHolder reqHolder = null;
        String sessionCookieName = req.getParameter("sessionCookie");
        if (sessionCookieName == null) {
            Cookie[] cookies = ((HttpServletRequest) req).getCookies();
            if (cookies != null) {
                for (int i = 0; i < cookies.length; i++) {
                    if (cookies[i].getName().equals("autoIdmSessionCookieName")) {
                        sessionCookieName = cookies[i].getValue();
                    }
                }
            }
        }
        if (sessionCookieName == null) {
        } else {
        }
        if (holder == null) {
            // check the session
            sharedSession = sessionMgr.getSession(sessionCookieName, holder, ((HttpServletRequest) req), ((HttpServletResponse) resp), this.ctx);
            if (sharedSession != null) {
                AuthController actl = (AuthController) sharedSession.getAttribute(ProxyConstants.AUTH_CTL);
                if (actl.getHolder() != null) {
                    URL = ((AuthController) sharedSession.getAttribute(ProxyConstants.AUTH_CTL)).getHolder().getURL();
                    holder = cfg.findURL(URL);
                }
            }
        } else {
            sharedSession = sessionMgr.getSession(holder, ((HttpServletRequest) req), ((HttpServletResponse) resp), this.ctx);
        }
        // LocalSessionRequest lsr = new LocalSessionRequest((HttpServletRequest)req,sharedSession);
        if (sharedSession != null) {
            pr.setSession(sharedSession);
        }
        if ((holder == null || holder.getUrl().getUri().equalsIgnoreCase("/")) && req.getRequestURI().startsWith(cfg.getAuthPath()) && sessionCookieName == null) {
            // if (req.getRequestURI().startsWith("/auth/")) {
            AuthMechanism authMech = cfg.getAuthMech(((HttpServletRequest) req).getRequestURI());
            if (authMech != null) {
                String finalURL = authMech.getFinalURL(pr, resp);
                if (resp.getStatus() == 302) {
                    // redirect sent, stop processing
                    return;
                }
                if (finalURL != null) {
                    holder = cfg.findURL(finalURL);
                    if (holder != null) {
                        String urlChain = holder.getUrl().getAuthChain();
                        AuthChainType act = holder.getConfig().getAuthChains().get(urlChain);
                        HashMap<String, Attribute> params = new HashMap<String, Attribute>();
                        ProxyUtil.loadParams(req, params);
                        if (req instanceof ProxyRequest) {
                            reqHolder = new RequestHolder(HTTPMethod.GET, params, finalURL, true, act.getName(), ((ProxyRequest) req).getQueryStringParams());
                        } else {
                            reqHolder = new RequestHolder(HTTPMethod.GET, params, finalURL, true, act.getName(), ((com.tremolosecurity.embedd.LocalSessionRequest) req).getQueryStringParams());
                        }
                        isForcedAuth = true;
                        sharedSession = sessionMgr.getSession(holder, ((HttpServletRequest) req), ((HttpServletResponse) resp), this.ctx);
                        if (sharedSession != null) {
                            pr.setSession(sharedSession);
                        }
                        Cookie lsessionCookieName = new Cookie("autoIdmSessionCookieName", holder.getApp().getCookieConfig().getSessionCookieName());
                        String domain = ProxyTools.getInstance().getCookieDomain(holder.getApp().getCookieConfig(), req);
                        if (domain != null) {
                            lsessionCookieName.setDomain(domain);
                        }
                        lsessionCookieName.setPath("/");
                        lsessionCookieName.setMaxAge(-1);
                        lsessionCookieName.setSecure(false);
                        if ((holder.getApp() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig().isCookiesEnabled() == null) || holder.getApp().getCookieConfig().isCookiesEnabled()) {
                            ProxyResponse.addCookieToResponse(holder, lsessionCookieName, (HttpServletResponse) response);
                        }
                        Cookie appCookieName = new Cookie("autoIdmAppName", URLEncoder.encode(holder.getApp().getName(), "UTF-8"));
                        if (domain != null) {
                            appCookieName.setDomain(domain);
                        }
                        appCookieName.setPath("/");
                        appCookieName.setMaxAge(-1);
                        appCookieName.setSecure(false);
                        if ((holder.getApp() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig().isCookiesEnabled() == null) || holder.getApp().getCookieConfig().isCookiesEnabled()) {
                            ProxyResponse.addCookieToResponse(holder, appCookieName, (HttpServletResponse) response);
                        }
                    // resp.addCookie(appCookieName);
                    }
                }
            }
        }
        req.setAttribute(ProxyConstants.AUTOIDM_CFG, holder);
        req.setAttribute(ProxyConstants.TREMOLO_IS_FORCED_AUTH, isForcedAuth);
        req.setAttribute(ProxyConstants.TREMOLO_REQ_HOLDER, reqHolder);
        if (!resp.isCommitted()) {
            embSys.nextSys(pr, (HttpServletResponse) resp);
        }
    } catch (Exception e) {
        req.setAttribute("TREMOLO_ERROR_REQUEST_URL", req.getRequestURL().toString());
        req.setAttribute("TREMOLO_ERROR_EXCEPTION", e);
        logger.error("Could not process request", e);
        StringBuffer b = new StringBuffer();
        b.append(cfg.getAuthFormsPath()).append("error.jsp");
        req.getRequestDispatcher(b.toString()).forward(pr, resp);
    }
}
Also used : Attribute(com.tremolosecurity.saml.Attribute) HashMap(java.util.HashMap) NextEmbSys(com.tremolosecurity.embedd.NextEmbSys) RequestHolder(com.tremolosecurity.proxy.auth.RequestHolder) URL(java.net.URL) HttpServletRequest(javax.servlet.http.HttpServletRequest) LocalSessionRequest(com.tremolosecurity.embedd.LocalSessionRequest) UrlHolder(com.tremolosecurity.config.util.UrlHolder) AuthMechanism(com.tremolosecurity.proxy.auth.AuthMechanism) ProxyRequest(com.tremolosecurity.proxy.ProxyRequest) AuthChainType(com.tremolosecurity.config.xml.AuthChainType) Cookie(javax.servlet.http.Cookie) SessionManager(com.tremolosecurity.proxy.SessionManager) HttpSession(javax.servlet.http.HttpSession) HttpServletResponse(javax.servlet.http.HttpServletResponse) IOException(java.io.IOException) AuthController(com.tremolosecurity.proxy.auth.AuthController) ConfigManager(com.tremolosecurity.config.util.ConfigManager) ServletException(javax.servlet.ServletException) IOException(java.io.IOException)

Aggregations

SessionManager (com.tremolosecurity.proxy.SessionManager)3 ConfigManager (com.tremolosecurity.config.util.ConfigManager)2 HttpSession (javax.servlet.http.HttpSession)2 UrlHolder (com.tremolosecurity.config.util.UrlHolder)1 AuthChainType (com.tremolosecurity.config.xml.AuthChainType)1 LocalSessionRequest (com.tremolosecurity.embedd.LocalSessionRequest)1 NextEmbSys (com.tremolosecurity.embedd.NextEmbSys)1 ProxyRequest (com.tremolosecurity.proxy.ProxyRequest)1 TremoloHttpSession (com.tremolosecurity.proxy.TremoloHttpSession)1 AuthController (com.tremolosecurity.proxy.auth.AuthController)1 AuthMechanism (com.tremolosecurity.proxy.auth.AuthMechanism)1 RequestHolder (com.tremolosecurity.proxy.auth.RequestHolder)1 Attribute (com.tremolosecurity.saml.Attribute)1 MetricFamilySamples (io.prometheus.client.Collector.MetricFamilySamples)1 IOException (java.io.IOException)1 Writer (java.io.Writer)1 BigInteger (java.math.BigInteger)1 URL (java.net.URL)1 HashMap (java.util.HashMap)1 ServletException (javax.servlet.ServletException)1