Example 46 with AuthController
use of com.tremolosecurity.proxy.auth.AuthController in project OpenUnison by TremoloSecurity.
the class ScaleMain method saveUser.
private void saveUser(HttpFilterRequest request, HttpFilterResponse response, Gson gson) throws IOException {
ScaleError errors = new ScaleError();
String json = new String((byte[]) request.getAttribute(ProxySys.MSG_BODY));
AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
Set<String> allowedAttrs = null;
if (this.scaleConfig.getUiDecisions() != null) {
allowedAttrs = this.scaleConfig.getUiDecisions().availableAttributes(userData, request.getServletRequest());
}
JsonElement root = new JsonParser().parse(json);
JsonObject jo = root.getAsJsonObject();
HashMap<String, String> values = new HashMap<String, String>();
boolean ok = true;
for (Entry<String, JsonElement> entry : jo.entrySet()) {
String attributeName = entry.getKey();
if (allowedAttrs == null || allowedAttrs.contains(attributeName)) {
String value = entry.getValue().getAsJsonObject().get("value").getAsString();
if (this.scaleConfig.getAttributes().get(attributeName) == null) {
errors.getErrors().add("Invalid attribute : '" + attributeName + "'");
ok = false;
} else if (this.scaleConfig.getAttributes().get(attributeName).isReadOnly()) {
errors.getErrors().add("Attribute is read only : '" + this.scaleConfig.getAttributes().get(attributeName).getDisplayName() + "'");
ok = false;
} else if (this.scaleConfig.getAttributes().get(attributeName).isRequired() && value.length() == 0) {
errors.getErrors().add("Attribute is required : '" + this.scaleConfig.getAttributes().get(attributeName).getDisplayName() + "'");
ok = false;
} else if (this.scaleConfig.getAttributes().get(attributeName).getMinChars() > 0 && this.scaleConfig.getAttributes().get(attributeName).getMinChars() > value.length()) {
errors.getErrors().add(this.scaleConfig.getAttributes().get(attributeName).getDisplayName() + " must have at least " + this.scaleConfig.getAttributes().get(attributeName).getMinChars() + " characters");
ok = false;
} else if (this.scaleConfig.getAttributes().get(attributeName).getMaxChars() > 0 && this.scaleConfig.getAttributes().get(attributeName).getMaxChars() < value.length()) {
errors.getErrors().add(this.scaleConfig.getAttributes().get(attributeName).getDisplayName() + " must have at most " + this.scaleConfig.getAttributes().get(attributeName).getMaxChars() + " characters");
ok = false;
} else if (this.scaleConfig.getAttributes().get(attributeName).getPattern() != null) {
try {
Matcher m = this.scaleConfig.getAttributes().get(attributeName).getPattern().matcher(value);
if (m == null || !m.matches()) {
ok = false;
}
} catch (Exception e) {
ok = false;
}
if (!ok) {
errors.getErrors().add("Attribute value not valid : '" + this.scaleConfig.getAttributes().get(attributeName).getDisplayName() + "' - " + this.scaleConfig.getAttributes().get(attributeName).getRegExFailedMsg());
}
}
values.put(attributeName, value);
}
}
for (String attrName : this.scaleConfig.getAttributes().keySet()) {
if (this.scaleConfig.getAttributes().get(attrName).isRequired() && !values.containsKey(attrName) && (allowedAttrs == null || allowedAttrs.contains(attrName))) {
errors.getErrors().add("Attribute is required : '" + this.scaleConfig.getAttributes().get(attrName).getDisplayName() + "'");
ok = false;
}
}
if (ok) {
ConfigManager cfgMgr = GlobalEntries.getGlobalEntries().getConfigManager();
WFCall wfCall = new WFCall();
wfCall.setName(this.scaleConfig.getWorkflowName());
wfCall.setReason("User update");
wfCall.setUidAttributeName(this.scaleConfig.getUidAttributeName());
TremoloUser tu = new TremoloUser();
tu.setUid(userData.getAttribs().get(this.scaleConfig.getUidAttributeName()).getValues().get(0));
for (String name : values.keySet()) {
tu.getAttributes().add(new Attribute(name, values.get(name)));
}
tu.getAttributes().add(new Attribute(this.scaleConfig.getUidAttributeName(), userData.getAttribs().get(this.scaleConfig.getUidAttributeName()).getValues().get(0)));
wfCall.setUser(tu);
try {
com.tremolosecurity.provisioning.workflow.ExecuteWorkflow exec = new com.tremolosecurity.provisioning.workflow.ExecuteWorkflow();
exec.execute(wfCall, GlobalEntries.getGlobalEntries().getConfigManager());
lookupUser(request, response, gson);
} catch (Exception e) {
logger.error("Could not update user", e);
response.setStatus(500);
ScaleError error = new ScaleError();
error.getErrors().add("Please contact your system administrator");
ScaleJSUtils.addCacheHeaders(response);
response.getWriter().print(gson.toJson(error).trim());
response.getWriter().flush();
}
} else {
response.setStatus(500);
ScaleJSUtils.addCacheHeaders(response);
response.getWriter().print(gson.toJson(errors).trim());
response.getWriter().flush();
}
}
Also used :
AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo)
WFCall(com.tremolosecurity.provisioning.service.util.WFCall)
HashMap(java.util.HashMap)
Matcher(java.util.regex.Matcher)
Attribute(com.tremolosecurity.saml.Attribute)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
ScaleAttribute(com.tremolosecurity.scalejs.cfg.ScaleAttribute)
JsonObject(com.google.gson.JsonObject)
ScaleError(com.tremolosecurity.scalejs.data.ScaleError)
XSSFRichTextString(org.apache.poi.xssf.usermodel.XSSFRichTextString)
RichTextString(org.apache.poi.ss.usermodel.RichTextString)
AuthController(com.tremolosecurity.proxy.auth.AuthController)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
LDAPException(com.novell.ldap.LDAPException)
SQLException(java.sql.SQLException)
IOException(java.io.IOException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
MalformedURLException(java.net.MalformedURLException)
ConfigManager(com.tremolosecurity.config.util.ConfigManager)
TremoloUser(com.tremolosecurity.provisioning.service.util.TremoloUser)
JsonElement(com.google.gson.JsonElement)
JsonParser(com.google.gson.JsonParser)
Example 47 with AuthController
use of com.tremolosecurity.proxy.auth.AuthController in project OpenUnison by TremoloSecurity.
the class ScaleRegister method doFilter.
@Override
public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception {
Gson gson = new Gson();
request.getServletRequest().setAttribute("com.tremolosecurity.unison.proxy.noRedirectOnError", "com.tremolosecurity.unison.proxy.noRedirectOnError");
if (request.getRequestURI().endsWith("/register/config")) {
response.setContentType("application/json");
ScaleJSUtils.addCacheHeaders(response);
ScaleJSRegisterConfig localCfg = gson.fromJson(gson.toJson(this.scaleConfig), ScaleJSRegisterConfig.class);
for (String attrName : scaleConfig.getAttributes().keySet()) {
ScaleAttribute fromMainCfg = scaleConfig.getAttributes().get(attrName);
if (fromMainCfg.getDynamicSource() != null) {
ScaleAttribute fromLocalCfg = localCfg.getAttributes().get(attrName);
fromLocalCfg.setValues(fromMainCfg.getDynamicSource().getSourceList(request));
}
}
response.getWriter().println(gson.toJson(localCfg).trim());
} else if (request.getRequestURI().endsWith("/register/values")) {
String attributeName = request.getParameter("name").getValues().get(0);
List<NVP> values = this.scaleConfig.getAttributes().get(attributeName).getDynamicSource().getSourceList(request);
response.setContentType("application/json");
ScaleJSUtils.addCacheHeaders(response);
response.getWriter().println(gson.toJson(values).trim());
} else if (request.getRequestURI().endsWith("/register/submit")) {
ScaleError errors = new ScaleError();
String json = new String((byte[]) request.getAttribute(ProxySys.MSG_BODY));
NewUserRequest newUser = gson.fromJson(json, NewUserRequest.class);
if (scaleConfig.isRequireReCaptcha()) {
if (newUser.getReCaptchaCode() == null || newUser.getReCaptchaCode().isEmpty()) {
errors.getErrors().add("Please verify you are not a robot");
} else {
BasicHttpClientConnectionManager bhcm = new BasicHttpClientConnectionManager(GlobalEntries.getGlobalEntries().getConfigManager().getHttpClientSocketRegistry());
RequestConfig rc = RequestConfig.custom().setCookieSpec(CookieSpecs.STANDARD).build();
CloseableHttpClient http = HttpClients.custom().setConnectionManager(bhcm).setDefaultRequestConfig(rc).build();
HttpPost httppost = new HttpPost("https://www.google.com/recaptcha/api/siteverify");
List<NameValuePair> formparams = new ArrayList<NameValuePair>();
formparams.add(new BasicNameValuePair("secret", scaleConfig.getRcSecretKey()));
formparams.add(new BasicNameValuePair("response", newUser.getReCaptchaCode()));
UrlEncodedFormEntity entity = new UrlEncodedFormEntity(formparams, "UTF-8");
httppost.setEntity(entity);
CloseableHttpResponse resp = http.execute(httppost);
ReCaptchaResponse res = gson.fromJson(EntityUtils.toString(resp.getEntity()), ReCaptchaResponse.class);
if (!res.isSuccess()) {
errors.getErrors().add("Human validation failed");
}
http.close();
bhcm.close();
}
}
if (scaleConfig.isRequireTermsAndConditions() && !newUser.isCheckedTermsAndConditions()) {
errors.getErrors().add("You must accept the terms and conditions to register");
}
if (this.scaleConfig.isRequireReason() && (newUser.getReason() == null || newUser.getReason().isEmpty())) {
errors.getErrors().add("Reason is required");
}
if (this.scaleConfig.isPreSetPassword()) {
if (newUser.getPassword() == null || newUser.getPassword().isEmpty()) {
errors.getErrors().add("Password is required");
} else if (!newUser.getPassword().equals(newUser.getPassword2())) {
errors.getErrors().add("Passwords must match");
}
}
for (String attributeName : this.scaleConfig.getAttributes().keySet()) {
String value = newUser.getAttributes().get(attributeName);
if (this.scaleConfig.getAttributes().get(attributeName) == null) {
errors.getErrors().add("Invalid attribute : '" + attributeName + "'");
}
if (this.scaleConfig.getAttributes().get(attributeName).isReadOnly()) {
errors.getErrors().add("Attribute is read only : '" + this.scaleConfig.getAttributes().get(attributeName).getDisplayName() + "'");
}
if (this.scaleConfig.getAttributes().get(attributeName).isRequired() && (value == null || value.length() == 0)) {
errors.getErrors().add("Attribute is required : '" + this.scaleConfig.getAttributes().get(attributeName).getDisplayName() + "'");
}
if (this.scaleConfig.getAttributes().get(attributeName).getMinChars() > 0 && this.scaleConfig.getAttributes().get(attributeName).getMinChars() > value.length()) {
errors.getErrors().add(this.scaleConfig.getAttributes().get(attributeName).getDisplayName() + " must have at least " + this.scaleConfig.getAttributes().get(attributeName).getMinChars() + " characters");
}
if (this.scaleConfig.getAttributes().get(attributeName).getMaxChars() > 0 && this.scaleConfig.getAttributes().get(attributeName).getMaxChars() < value.length()) {
errors.getErrors().add(this.scaleConfig.getAttributes().get(attributeName).getDisplayName() + " must have at most " + this.scaleConfig.getAttributes().get(attributeName).getMaxChars() + " characters");
}
if (this.scaleConfig.getAttributes().get(attributeName).getType().equalsIgnoreCase("list")) {
if (this.scaleConfig.getAttributes().get(attributeName).getDynamicSource() == null) {
boolean found = false;
for (NVP nvp : this.scaleConfig.getAttributes().get(attributeName).getValues()) {
if (nvp.getValue().equalsIgnoreCase(value)) {
found = true;
}
}
if (!found) {
errors.getErrors().add(this.scaleConfig.getAttributes().get(attributeName).getDisplayName() + " has an invalid value");
}
}
}
if (this.scaleConfig.getAttributes().get(attributeName).getPattern() != null) {
boolean ok = true;
try {
Matcher m = this.scaleConfig.getAttributes().get(attributeName).getPattern().matcher(value);
if (m == null || !m.matches()) {
ok = false;
}
} catch (Exception e) {
ok = false;
}
if (!ok) {
errors.getErrors().add("Attribute value not valid : '" + this.scaleConfig.getAttributes().get(attributeName).getDisplayName() + "' - " + this.scaleConfig.getAttributes().get(attributeName).getRegExFailedMsg());
}
}
if (this.scaleConfig.getAttributes().get(attributeName).isUnique()) {
String filter = equal(attributeName, value).toString();
LDAPSearchResults res = GlobalEntries.getGlobalEntries().getConfigManager().getMyVD().search(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getLdapRoot(), 2, filter, new ArrayList<String>());
if (res.hasMore()) {
errors.getErrors().add(this.scaleConfig.getAttributes().get(attributeName).getDisplayName() + " is not available");
}
while (res.hasMore()) res.next();
}
if (this.scaleConfig.getAttributes().get(attributeName).getDynamicSource() != null) {
String error = this.scaleConfig.getAttributes().get(attributeName).getDynamicSource().validate(value, request);
if (error != null) {
errors.getErrors().add(this.scaleConfig.getAttributes().get(attributeName).getDisplayName() + " - " + error);
}
}
}
WFCall wfcall = null;
String wfName = this.scaleConfig.getWorkflowName();
if (errors.getErrors().isEmpty()) {
if (scaleConfig.isUseCustomSubmission()) {
AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
wfName = cru.createTremoloUser(newUser, errors.getErrors(), userData);
}
}
if (errors.getErrors().isEmpty()) {
TremoloUser user = new TremoloUser();
AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
if (this.scaleConfig.isSubmitLoggedInUser()) {
user.setUid(userData.getAttribs().get(this.scaleConfig.getUidAttributeName()).getValues().get(0));
user.getAttributes().add(new Attribute(this.scaleConfig.getUidAttributeName(), userData.getAttribs().get(this.scaleConfig.getUidAttributeName()).getValues().get(0)));
} else {
user.setUid(newUser.getAttributes().get(this.scaleConfig.getUidAttributeName()));
}
for (String attrName : newUser.getAttributes().keySet()) {
user.getAttributes().add(new Attribute(attrName, newUser.getAttributes().get(attrName)));
}
if (this.scaleConfig.isPreSetPassword()) {
user.setUserPassword(newUser.getPassword());
}
wfcall = new WFCall();
wfcall.setUidAttributeName(this.scaleConfig.getUidAttributeName());
wfcall.setReason(newUser.getReason());
wfcall.setName(wfName);
wfcall.setUser(user);
HashMap<String, Object> params = new HashMap<String, Object>();
wfcall.setRequestParams(params);
if (userData.getAuthLevel() != 0 && !this.scaleConfig.isSubmitLoggedInUser()) {
wfcall.setRequestor(userData.getAttribs().get(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getApprovalDB().getUserIdAttribute()).getValues().get(0));
wfcall.getRequestParams().put(Approval.SEND_NOTIFICATION, "false");
wfcall.getRequestParams().put(Approval.REASON, newUser.getReason());
wfcall.getRequestParams().put(Approval.IMMEDIATE_ACTION, "true");
}
if (scaleConfig.isUseCustomSubmission()) {
cru.setWorkflowParameters(params, newUser, userData);
}
ExecuteWorkflow exec = new ExecuteWorkflow();
try {
exec.execute(wfcall, GlobalEntries.getGlobalEntries().getConfigManager());
} catch (Exception e) {
throw new ProvisioningException("Could not complete registration", e);
}
SubmitResponse res = new SubmitResponse();
res.setAddNewUsers(userData.getAuthLevel() != 0);
ScaleJSUtils.addCacheHeaders(response);
response.getWriter().print(gson.toJson(res));
response.getWriter().flush();
} else {
response.setStatus(500);
ScaleJSUtils.addCacheHeaders(response);
response.getWriter().print(gson.toJson(errors).trim());
response.getWriter().flush();
}
} else {
response.setStatus(500);
ScaleJSUtils.addCacheHeaders(response);
ScaleError error = new ScaleError();
error.getErrors().add("Operation not supported");
response.getWriter().print(gson.toJson(error).trim());
response.getWriter().flush();
}
}
Also used :
ScaleAttribute(com.tremolosecurity.scalejs.cfg.ScaleAttribute)
HttpPost(org.apache.http.client.methods.HttpPost)
Matcher(java.util.regex.Matcher)
Attribute(com.tremolosecurity.saml.Attribute)
ScaleAttribute(com.tremolosecurity.scalejs.cfg.ScaleAttribute)
HashMap(java.util.HashMap)
ScaleJSRegisterConfig(com.tremolosecurity.scalejs.register.cfg.ScaleJSRegisterConfig)
SubmitResponse(com.tremolosecurity.scalejs.register.data.SubmitResponse)
ArrayList(java.util.ArrayList)
Gson(com.google.gson.Gson)
NVP(com.tremolosecurity.util.NVP)
ReCaptchaResponse(com.tremolosecurity.scalejs.register.data.ReCaptchaResponse)
TremoloUser(com.tremolosecurity.provisioning.service.util.TremoloUser)
BasicNameValuePair(org.apache.http.message.BasicNameValuePair)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse)
ArrayList(java.util.ArrayList)
SourceList(com.tremolosecurity.scalejs.sdk.SourceList)
List(java.util.List)
BasicHttpClientConnectionManager(org.apache.http.impl.conn.BasicHttpClientConnectionManager)
RequestConfig(org.apache.http.client.config.RequestConfig)
CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient)
BasicNameValuePair(org.apache.http.message.BasicNameValuePair)
NameValuePair(org.apache.http.NameValuePair)
WFCall(com.tremolosecurity.provisioning.service.util.WFCall)
AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo)
ScaleError(com.tremolosecurity.scalejs.data.ScaleError)
UrlEncodedFormEntity(org.apache.http.client.entity.UrlEncodedFormEntity)
AuthController(com.tremolosecurity.proxy.auth.AuthController)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
LDAPSearchResults(com.novell.ldap.LDAPSearchResults)
ExecuteWorkflow(com.tremolosecurity.provisioning.workflow.ExecuteWorkflow)
NewUserRequest(com.tremolosecurity.scalejs.register.data.NewUserRequest)
Example 48 with AuthController
use of com.tremolosecurity.proxy.auth.AuthController in project OpenUnison by TremoloSecurity.
the class ScaleSingleRequest method doFilter.
@Override
public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception {
Gson gson = new Gson();
request.getServletRequest().setAttribute("com.tremolosecurity.unison.proxy.noRedirectOnError", "com.tremolosecurity.unison.proxy.noRedirectOnError");
if (request.getRequestURI().endsWith("/singlerequest/config")) {
response.setContentType("application/json");
ScaleSingleRequestUser ssru = new ScaleSingleRequestUser();
ssru.setConfig(scaleConfig);
AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
Attribute displayNameAttribute = userData.getAttribs().get(this.scaleConfig.getDisplayNameAttribute());
if (displayNameAttribute != null) {
ssru.setDisplayName(displayNameAttribute.getValues().get(0));
} else {
ssru.setDisplayName("Unknown");
}
ScaleJSUtils.addCacheHeaders(response);
response.getWriter().println(gson.toJson(ssru).trim());
} else if (request.getMethod().equalsIgnoreCase("POST") && request.getRequestURI().endsWith("/singlerequest/submit")) {
AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
String json = new String((byte[]) request.getAttribute(ProxySys.MSG_BODY));
SingleRequest sr = gson.fromJson(json, SingleRequest.class);
ScaleError errors = new ScaleError();
if (sr.getReason() == null || sr.getReason().isEmpty()) {
errors.getErrors().add("Reason is required");
} else {
ConfigManager cfgMgr = GlobalEntries.getGlobalEntries().getConfigManager();
WFCall wfCall = new WFCall();
wfCall.setName(this.scaleConfig.getWorkflowName());
wfCall.setReason(sr.getReason());
wfCall.setUidAttributeName(this.scaleConfig.getUidAttribute());
TremoloUser tu = new TremoloUser();
tu.setUid(userData.getAttribs().get(this.scaleConfig.getUidAttribute()).getValues().get(0));
tu.getAttributes().add(new Attribute(this.scaleConfig.getUidAttribute(), userData.getAttribs().get(this.scaleConfig.getUidAttribute()).getValues().get(0)));
if (this.scaleConfig.isUseAttributesFromAuthentication()) {
for (String key : userData.getAttribs().keySet()) {
Attribute fromUser = userData.getAttribs().get(key);
if (!key.equalsIgnoreCase(this.scaleConfig.getUidAttribute())) {
Attribute forwf = new Attribute(key);
forwf.getValues().addAll(fromUser.getValues());
tu.getAttributes().add(forwf);
}
}
}
wfCall.setUser(tu);
try {
com.tremolosecurity.provisioning.workflow.ExecuteWorkflow exec = new com.tremolosecurity.provisioning.workflow.ExecuteWorkflow();
exec.execute(wfCall, GlobalEntries.getGlobalEntries().getConfigManager());
} catch (Exception e) {
logger.error("Could not update user", e);
errors.getErrors().add("Please contact your system administrator");
}
}
if (errors.getErrors().size() > 0) {
response.setStatus(500);
response.getWriter().print(gson.toJson(errors).trim());
response.getWriter().flush();
}
}
}
Also used :
SingleRequest(com.tremolosecurity.scalejs.singlerequest.data.SingleRequest)
AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo)
WFCall(com.tremolosecurity.provisioning.service.util.WFCall)
Attribute(com.tremolosecurity.saml.Attribute)
Gson(com.google.gson.Gson)
ScaleSingleRequestUser(com.tremolosecurity.scalejs.singlerequest.data.ScaleSingleRequestUser)
ScaleError(com.tremolosecurity.scalejs.data.ScaleError)
AuthController(com.tremolosecurity.proxy.auth.AuthController)
ConfigManager(com.tremolosecurity.config.util.ConfigManager)
TremoloUser(com.tremolosecurity.provisioning.service.util.TremoloUser)
Example 49 with AuthController
use of com.tremolosecurity.proxy.auth.AuthController in project OpenUnison by TremoloSecurity.
the class PersistentCookieResult method createResultCookie.
@Override
public void createResultCookie(Cookie cookie, HttpServletRequest request, HttpServletResponse response) throws ServletException {
UrlHolder holder = (UrlHolder) request.getAttribute(ProxyConstants.AUTOIDM_CFG);
ConfigManager mgr = holder.getConfig();
HashSet<String> mechs = new HashSet<String>();
for (String mechName : mgr.getAuthMechs().keySet()) {
MechanismType mech = mgr.getAuthMechs().get(mechName);
if (mech.getClassName().equalsIgnoreCase("com.tremolosecurity.proxy.auth.persistentCookie.PersistentCookie")) {
mechs.add(mechName);
}
}
AuthController authCtl = (AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL);
String chainName = authCtl.getAuthInfo().getAuthChain();
AuthChainType chain = mgr.getAuthChains().get(chainName);
chain = AuthManagerImpl.buildACT(chain, mgr);
int millisToLive = 0;
String keyAlias = "";
boolean useSSLSession = false;
for (AuthMechType amt : chain.getAuthMech()) {
if (mechs.contains(amt.getName())) {
for (ParamWithValueType pt : amt.getParams().getParam()) {
String value = "";
if (pt.getValue() != null && !pt.getValue().isBlank()) {
value = pt.getValue();
} else {
value = pt.getValueAttribute();
}
if (pt.getName().equalsIgnoreCase("millisToLive")) {
millisToLive = Integer.parseInt(value);
}
if (pt.getName().equalsIgnoreCase("useSSLSessionID") && value.equalsIgnoreCase("true")) {
useSSLSession = true;
} else if (pt.getName().equalsIgnoreCase("keyAlias")) {
keyAlias = value;
}
}
}
}
DateTime now = new DateTime();
DateTime expires = now.plusMillis(millisToLive);
com.tremolosecurity.lastmile.LastMile lastmile = null;
try {
lastmile = new com.tremolosecurity.lastmile.LastMile("/", now, expires, 0, "NONE");
} catch (URISyntaxException e) {
// not possible
}
lastmile.getAttributes().add(new Attribute("DN", authCtl.getAuthInfo().getUserDN()));
lastmile.getAttributes().add(new Attribute("CLIENT_IP", request.getRemoteAddr()));
if (useSSLSession) {
Object sessionID = request.getAttribute("javax.servlet.request.ssl_session_id");
if (sessionID instanceof byte[]) {
sessionID = new String(Base64.encodeBase64((byte[]) sessionID));
}
lastmile.getAttributes().add(new Attribute("SSL_SESSION_ID", (String) sessionID));
}
try {
cookie.setValue(new StringBuilder().append('"').append(lastmile.generateLastMileToken(mgr.getSecretKey(keyAlias))).append('"').toString());
} catch (Exception e) {
throw new ServletException("Could not encrypt persistent cookie", e);
}
cookie.setMaxAge(millisToLive / 1000);
}
Also used :
Attribute(com.tremolosecurity.saml.Attribute)
AuthMechType(com.tremolosecurity.config.xml.AuthMechType)
URISyntaxException(java.net.URISyntaxException)
AuthController(com.tremolosecurity.proxy.auth.AuthController)
ConfigManager(com.tremolosecurity.config.util.ConfigManager)
DateTime(org.joda.time.DateTime)
ServletException(javax.servlet.ServletException)
URISyntaxException(java.net.URISyntaxException)
UrlHolder(com.tremolosecurity.config.util.UrlHolder)
ServletException(javax.servlet.ServletException)
MechanismType(com.tremolosecurity.config.xml.MechanismType)
ParamWithValueType(com.tremolosecurity.config.xml.ParamWithValueType)
AuthChainType(com.tremolosecurity.config.xml.AuthChainType)
HashSet(java.util.HashSet)
Example 50 with AuthController
use of com.tremolosecurity.proxy.auth.AuthController in project OpenUnison by TremoloSecurity.
the class SecretQuestionAuth method doGet.
@Override
public void doGet(HttpServletRequest request, HttpServletResponse response, AuthStep as) throws IOException, ServletException {
HttpSession session = ((HttpServletRequest) request).getSession();
HashMap<String, Attribute> authParams = (HashMap<String, Attribute>) session.getAttribute(ProxyConstants.AUTH_MECH_PARAMS);
UrlHolder holder = (UrlHolder) request.getAttribute(ProxyConstants.AUTOIDM_CFG);
RequestHolder reqHolder = ((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).getHolder();
String urlChain = holder.getUrl().getAuthChain();
AuthChainType act = holder.getConfig().getAuthChains().get(reqHolder.getAuthChainName());
AuthMechType amt = act.getAuthMech().get(as.getId());
AuthInfo user = ((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
if (user == null) {
throw new ServletException("No user present");
}
String questionAttrName = authParams.get("questionAttr").getValues().get(0);
String loginForm = authParams.get("loginForm").getValues().get(0);
Attribute qAttr = user.getAttribs().get(questionAttrName);
if (qAttr == null) {
throw new ServletException("User " + user.getUserDN() + " does not have secret questions");
}
byte[] encBytes = org.bouncycastle.util.encoders.Base64.decode(qAttr.getValues().get(0));
ByteArrayInputStream bais = new ByteArrayInputStream(encBytes);
ObjectInputStream ois = new ObjectInputStream(bais);
ArrayList<SecretQuestion> questions = null;
try {
questions = (ArrayList<SecretQuestion>) ois.readObject();
} catch (ClassNotFoundException e) {
throw new ServletException("Could not load questions", e);
}
request.getSession(true).setAttribute("TREMOLO_SECRET_ANSWERS", questions);
request.setAttribute("TREMOLO_SECRET_QUESTIONS", questions);
request.setAttribute("TREMOLO_SECRET_QUESTION_LIST", this.questionList);
request.getRequestDispatcher(loginForm).forward(request, response);
}
Also used :
AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo)
Attribute(com.tremolosecurity.saml.Attribute)
HashMap(java.util.HashMap)
HttpSession(javax.servlet.http.HttpSession)
AuthMechType(com.tremolosecurity.config.xml.AuthMechType)
RequestHolder(com.tremolosecurity.proxy.auth.RequestHolder)
AuthController(com.tremolosecurity.proxy.auth.AuthController)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
UrlHolder(com.tremolosecurity.config.util.UrlHolder)
ServletException(javax.servlet.ServletException)
ByteArrayInputStream(java.io.ByteArrayInputStream)
AuthChainType(com.tremolosecurity.config.xml.AuthChainType)
ObjectInputStream(java.io.ObjectInputStream)
Aggregations
AuthController (com.tremolosecurity.proxy.auth.AuthController)76
AuthInfo (com.tremolosecurity.proxy.auth.AuthInfo)59
Attribute (com.tremolosecurity.saml.Attribute)45
ServletException (javax.servlet.ServletException)28
HttpSession (javax.servlet.http.HttpSession)28
UrlHolder (com.tremolosecurity.config.util.UrlHolder)26
HashMap (java.util.HashMap)25
IOException (java.io.IOException)24
LDAPAttribute (com.novell.ldap.LDAPAttribute)21
LDAPException (com.novell.ldap.LDAPException)19
AuthChainType (com.tremolosecurity.config.xml.AuthChainType)19
Gson (com.google.gson.Gson)18
RequestHolder (com.tremolosecurity.proxy.auth.RequestHolder)17
HttpServletRequest (javax.servlet.http.HttpServletRequest)15
LDAPSearchResults (com.novell.ldap.LDAPSearchResults)14
ConfigManager (com.tremolosecurity.config.util.ConfigManager)14
ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)12
MalformedURLException (java.net.MalformedURLException)12
ArrayList (java.util.ArrayList)12
LDAPEntry (com.novell.ldap.LDAPEntry)11
