Example 56 with AuthController
use of com.tremolosecurity.proxy.auth.AuthController in project OpenUnison by TremoloSecurity.
the class AppConfig method doFilter.
@Override
public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception {
synchronized (this.appConfig) {
if (this.appConfig.cookieName == null) {
this.loadConfigData(this.filterConfig);
}
if (this.appConfig.cookieName == null) {
response.sendError(401);
return;
}
}
request.setAttribute("com.tremolosecurity.unison.proxy.noRedirectOnError", "com.tremolosecurity.unison.proxy.noRedirectOnError");
ArrayList<Cookie> sessionCookies = request.getCookies(this.appConfig.cookieName);
if (sessionCookies == null || sessionCookies.isEmpty()) {
response.sendError(401);
} else {
for (Cookie cookie : sessionCookies) {
TremoloHttpSession session = SessionManagerImpl.findSessionFromCookie(cookie, this.appConfig.secretKey, (SessionManagerImpl) GlobalEntries.getGlobalEntries().get(ProxyConstants.TREMOLO_SESSION_MANAGER));
if (session == null) {
response.sendError(401);
} else {
AuthInfo userData = ((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
if (userData == null || !userData.isAuthComplete() || userData.getAuthLevel() == 0) {
response.sendError(401);
} else {
SessionInfo si = new SessionInfo();
if (this.appConfig.timeoutSeconds > 0) {
ExternalSessionExpires extSession = (ExternalSessionExpires) session.getAttribute(SessionManagerImpl.TREMOLO_EXTERNAL_SESSION);
int extMinLeft = -1;
int stdMinLeft = -1;
if (extSession != null) {
long expires = extSession.getExpires();
if (expires <= 0) {
extMinLeft = -1;
} else {
extMinLeft = (int) ((expires - System.currentTimeMillis()) / 1000 / 60);
}
}
DateTime lastAccessed = (DateTime) session.getAttribute(SessionManagerImpl.TREMOLO_SESSION_LAST_ACCESSED);
DateTime now = new DateTime();
DateTime expires = lastAccessed.plusSeconds(this.appConfig.timeoutSeconds);
stdMinLeft = (int) ((expires.getMillis() - System.currentTimeMillis()) / 1000 / 60);
if (extMinLeft > stdMinLeft) {
si.setMinsLeft(extMinLeft);
} else {
si.setMinsLeft(stdMinLeft);
}
} else {
si.setMinsLeft(-1);
}
String json = gson.toJson(si);
response.setContentType("application/json");
response.getWriter().println(json.trim());
response.sendError(200);
}
}
}
}
}
Also used :
Cookie(javax.servlet.http.Cookie)
AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo)
ExternalSessionExpires(com.tremolosecurity.proxy.ExternalSessionExpires)
AuthController(com.tremolosecurity.proxy.auth.AuthController)
TremoloHttpSession(com.tremolosecurity.proxy.TremoloHttpSession)
DateTime(org.joda.time.DateTime)
Example 57 with AuthController
use of com.tremolosecurity.proxy.auth.AuthController in project OpenUnison by TremoloSecurity.
the class ExecuteWorkflow method doFilter.
@Override
public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception {
if (request.getSession().getAttribute("TREMOLO_WF_EXEC") == null) {
AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
UrlHolder holder = (UrlHolder) request.getAttribute(ProxyConstants.AUTOIDM_CFG);
holder.getConfig().getProvisioningEngine().getWorkFlow(workFlowName).executeWorkflow(userData, uidAttrName);
request.getSession().setAttribute("TREMOLO_WF_EXEC", "FALSE");
}
chain.nextFilter(request, response, chain);
}
Also used :
UrlHolder(com.tremolosecurity.config.util.UrlHolder)
AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo)
AuthController(com.tremolosecurity.proxy.auth.AuthController)
Example 58 with AuthController
use of com.tremolosecurity.proxy.auth.AuthController in project OpenUnison by TremoloSecurity.
the class XForward method doFilter.
@Override
public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception {
URL url = new URL(request.getRequestURL().toString());
String host = request.getHeader("Host").getValues().get(0);
String proto = url.getProtocol();
String clientIP = request.getRemoteAddr();
if (this.createHeaders) {
request.addHeader(new Attribute("X-Forwarded-For", clientIP));
request.addHeader(new Attribute("X-Forwarded-Host", host));
request.addHeader(new Attribute("X-Forwarded-Proto", proto));
} else {
AuthController authCtl = (AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL);
authCtl.getAuthInfo().getAttribs().put("X-Forwarded-For", new Attribute("X-Forwarded-For", clientIP));
authCtl.getAuthInfo().getAttribs().put("X-Forwarded-Host", new Attribute("X-Forwarded-Host", host));
authCtl.getAuthInfo().getAttribs().put("X-Forwarded-Proto", new Attribute("X-Forwarded-Proto", proto));
}
chain.nextFilter(request, response, chain);
}
Also used :
Attribute(com.tremolosecurity.saml.Attribute)
AuthController(com.tremolosecurity.proxy.auth.AuthController)
URL(java.net.URL)
Example 59 with AuthController
use of com.tremolosecurity.proxy.auth.AuthController in project OpenUnison by TremoloSecurity.
the class SessionTimeoutChecker method createOpenSession.
private HttpSession createOpenSession(HttpServletRequest req, HttpServletResponse resp, ServletContext ctx) throws Exception {
byte[] idBytes = new byte[20];
random.nextBytes(idBytes);
StringBuffer b = new StringBuffer();
b.append('f').append(Hex.encodeHexString(idBytes));
String id = b.toString();
// HttpSession session = req.getSession(true);
TremoloHttpSession tsession = new TremoloHttpSession(id);
tsession.setOpen(true);
tsession.refresh(this.ctx, this);
this.anonMech.createSession(tsession, this.anonChainType);
AuthController actl = (AuthController) tsession.getAttribute(ProxyConstants.AUTH_CTL);
AuthInfo auInfo = actl.getAuthInfo();
auInfo.setAuthComplete(true);
// session.setAttribute(app.getCookieConfig().getSessionCookieName(),
// tsession);
tsession.setAttribute(OpenUnisonConstants.TREMOLO_SESSION_ID, id);
// TODO add global session timeout
// tsession.setMaxInactiveInterval(app.getCookieConfig().getTimeout());
// TODO add global open session name
Cookie sessionCookie = new Cookie(cfg.getCfg().getApplications().getOpenSessionCookieName(), id);
sessionCookie.setPath("/");
sessionCookie.setSecure(cfg.getCfg().getApplications().isOpenSessionSecure());
sessionCookie.setHttpOnly(cfg.getCfg().getApplications().isOpenSessionHttpOnly());
sessionCookie.setMaxAge(-1);
// TODO add secure?
// sessionCookie.setSecure(app.getCookieConfig().isSecure());
resp.addCookie(sessionCookie);
sessions.put(id, tsession);
return tsession;
}
Also used :
Cookie(javax.servlet.http.Cookie)
AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo)
AuthController(com.tremolosecurity.proxy.auth.AuthController)
Example 60 with AuthController
use of com.tremolosecurity.proxy.auth.AuthController in project OpenUnison by TremoloSecurity.
the class SessionTimeoutChecker method createSession.
private HttpSession createSession(ApplicationType app, HttpServletRequest req, HttpServletResponse resp, ServletContext ctx, SecretKey encKey) throws Exception {
byte[] idBytes = new byte[20];
random.nextBytes(idBytes);
StringBuffer b = new StringBuffer();
b.append('f').append(Hex.encodeHexString(idBytes));
String id = b.toString();
// HttpSession session = req.getSession(true);
TremoloHttpSession tsession = new TremoloHttpSession(id);
tsession.setAppName(app.getName());
tsession.refresh(this.ctx, this);
tsession.setOpen(false);
this.anonMech.createSession(tsession, this.anonChainType);
AuthController actl = (AuthController) tsession.getAttribute(ProxyConstants.AUTH_CTL);
AuthInfo auInfo = actl.getAuthInfo();
auInfo.setAuthComplete(true);
// session.setAttribute(app.getCookieConfig().getSessionCookieName(),
// tsession);
tsession.setAttribute(OpenUnisonConstants.TREMOLO_SESSION_ID, id);
tsession.setMaxInactiveInterval(app.getCookieConfig().getTimeout());
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, encKey);
byte[] encSessionKey = cipher.doFinal(id.getBytes("UTF-8"));
String base64d = new String(org.bouncycastle.util.encoders.Base64.encode(encSessionKey));
Token token = new Token();
token.setEncryptedRequest(base64d);
token.setIv(new String(org.bouncycastle.util.encoders.Base64.encode(cipher.getIV())));
Gson gson = new Gson();
String cookie = gson.toJson(token);
byte[] btoken = cookie.getBytes("UTF-8");
String encCookie = new String(org.bouncycastle.util.encoders.Base64.encode(btoken));
Cookie sessionCookie;
sessionCookie = new Cookie(app.getCookieConfig().getSessionCookieName(), encCookie);
// logger.debug("session size : " +
// org.apache.directory.shared.ldap.util.Base64.encode(encSession).length);
String domain = ProxyTools.getInstance().getCookieDomain(app.getCookieConfig(), req);
if (domain != null) {
sessionCookie.setDomain(domain);
}
sessionCookie.setPath("/");
sessionCookie.setSecure(false);
sessionCookie.setMaxAge(-1);
sessionCookie.setSecure(app.getCookieConfig().isSecure());
sessionCookie.setHttpOnly(app.getCookieConfig().isHttpOnly() != null && app.getCookieConfig().isHttpOnly());
// resp.addCookie(sessionCookie);
ProxyResponse.addCookieToResponse(app, sessionCookie, resp);
// delete the opensession if it exists
if (cfg.getCfg().getApplications().getOpenSessionCookieName() != null && !cfg.getCfg().getApplications().getOpenSessionCookieName().isEmpty()) {
Cookie openSessionCookie = new Cookie(cfg.getCfg().getApplications().getOpenSessionCookieName(), id);
openSessionCookie.setPath("/");
openSessionCookie.setSecure(cfg.getCfg().getApplications().isOpenSessionSecure());
openSessionCookie.setHttpOnly(cfg.getCfg().getApplications().isOpenSessionHttpOnly());
openSessionCookie.setMaxAge(0);
resp.addCookie(openSessionCookie);
}
sessions.put(id, tsession);
return tsession;
}Aggregations
AuthController (com.tremolosecurity.proxy.auth.AuthController)76
AuthInfo (com.tremolosecurity.proxy.auth.AuthInfo)59
Attribute (com.tremolosecurity.saml.Attribute)45
ServletException (javax.servlet.ServletException)28
HttpSession (javax.servlet.http.HttpSession)28
UrlHolder (com.tremolosecurity.config.util.UrlHolder)26
HashMap (java.util.HashMap)25
IOException (java.io.IOException)24
LDAPAttribute (com.novell.ldap.LDAPAttribute)21
LDAPException (com.novell.ldap.LDAPException)19
AuthChainType (com.tremolosecurity.config.xml.AuthChainType)19
Gson (com.google.gson.Gson)18
RequestHolder (com.tremolosecurity.proxy.auth.RequestHolder)17
HttpServletRequest (javax.servlet.http.HttpServletRequest)15
LDAPSearchResults (com.novell.ldap.LDAPSearchResults)14
ConfigManager (com.tremolosecurity.config.util.ConfigManager)14
ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)12
MalformedURLException (java.net.MalformedURLException)12
ArrayList (java.util.ArrayList)12
LDAPEntry (com.novell.ldap.LDAPEntry)11
