Search in sources :

Example 26 with AuthController

use of com.tremolosecurity.proxy.auth.AuthController in project OpenUnison by TremoloSecurity.

the class ScaleMain method runReport.

private void runReport(final HttpFilterRequest request, final HttpFilterResponse response, final Gson gson) throws UnsupportedEncodingException, IOException, MalformedURLException, ProvisioningException, SQLException {
    String name = URLDecoder.decode(request.getRequestURI().substring(request.getRequestURI().lastIndexOf('/') + 1), "UTF-8");
    ReportType reportToRun = null;
    for (ReportType report : GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getReports().getReport()) {
        if (report.getName().equalsIgnoreCase(name)) {
            reportToRun = report;
            break;
        }
    }
    if (reportToRun == null) {
        response.setStatus(404);
        ScaleError error = new ScaleError();
        error.getErrors().add("Report not found");
        ScaleJSUtils.addCacheHeaders(response);
        response.getWriter().print(gson.toJson(error).trim());
        response.getWriter().flush();
    } else {
        HashSet<String> allowedOrgs = new HashSet<String>();
        final AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
        OrgType ot = GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getOrg();
        AzSys az = new AzSys();
        this.checkOrg(allowedOrgs, ot, az, userData, request.getSession());
        if (allowedOrgs.contains(reportToRun.getOrgID())) {
            Connection db = null;
            final ReportType reportToRunUse = reportToRun;
            try {
                Session session = GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getHibernateSessionFactory().openSession();
                session.doWork(new Work() {

                    public void execute(Connection connection) throws SQLException {
                        try {
                            generateReport(request, response, gson, reportToRunUse, userData, connection);
                        } catch (IOException e) {
                            throw new SQLException("Could not run reports", e);
                        }
                    }
                });
            } finally {
            }
        } else {
            response.setStatus(401);
            ScaleError error = new ScaleError();
            error.getErrors().add("Unauthorized");
            ScaleJSUtils.addCacheHeaders(response);
            response.getWriter().print(gson.toJson(error).trim());
            response.getWriter().flush();
        }
    }
}
Also used : AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo) SQLException(java.sql.SQLException) Connection(java.sql.Connection) ScaleError(com.tremolosecurity.scalejs.data.ScaleError) XSSFRichTextString(org.apache.poi.xssf.usermodel.XSSFRichTextString) RichTextString(org.apache.poi.ss.usermodel.RichTextString) IOException(java.io.IOException) AuthController(com.tremolosecurity.proxy.auth.AuthController) OrgType(com.tremolosecurity.config.xml.OrgType) AzSys(com.tremolosecurity.proxy.auth.AzSys) Work(org.hibernate.jdbc.Work) ReportType(com.tremolosecurity.config.xml.ReportType) HashSet(java.util.HashSet) Session(org.hibernate.Session) HttpSession(javax.servlet.http.HttpSession)

Example 27 with AuthController

use of com.tremolosecurity.proxy.auth.AuthController in project OpenUnison by TremoloSecurity.

the class ScaleMain method loadWorkflows.

private void loadWorkflows(HttpFilterRequest request, HttpFilterResponse response, Gson gson) throws Exception {
    String orgid = request.getRequestURI().substring(request.getRequestURI().lastIndexOf('/') + 1);
    ConfigManager cfgMgr = GlobalEntries.getGlobalEntries().getConfigManager();
    HashSet<String> allowedOrgs = new HashSet<String>();
    AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
    OrgType ot = GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getOrg();
    AzSys az = new AzSys();
    this.checkOrg(allowedOrgs, ot, az, userData, request.getSession());
    if (!allowedOrgs.contains(orgid)) {
        response.setStatus(401);
        response.setContentType("application/json");
        ScaleError error = new ScaleError();
        error.getErrors().add("Unauthorized");
        ScaleJSUtils.addCacheHeaders(response);
        response.getWriter().print(gson.toJson(error).trim());
        response.getWriter().flush();
    } else {
        List<WorkflowType> wfs = GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getWorkflows().getWorkflow();
        ArrayList<WFDescription> workflows = new ArrayList<WFDescription>();
        for (WorkflowType wf : wfs) {
            if (wf.isInList() != null && wf.isInList().booleanValue()) {
                if (wf.getOrgid() == null || wf.getOrgid().equalsIgnoreCase(orgid)) {
                    if (wf.getDynamicConfiguration() != null && wf.getDynamicConfiguration().isDynamic()) {
                        HashMap<String, Attribute> params = new HashMap<String, Attribute>();
                        if (wf.getDynamicConfiguration().getParam() != null) {
                            for (ParamType p : wf.getDynamicConfiguration().getParam()) {
                                Attribute attr = params.get(p.getName());
                                if (attr == null) {
                                    attr = new Attribute(p.getName());
                                    params.put(p.getName(), attr);
                                }
                                attr.getValues().add(p.getValue());
                            }
                        }
                        DynamicWorkflow dwf = (DynamicWorkflow) Class.forName(wf.getDynamicConfiguration().getClassName()).newInstance();
                        List<Map<String, String>> wfParams = dwf.generateWorkflows(wf, cfgMgr, params, userData);
                        StringBuffer b = new StringBuffer();
                        b.append('/').append(URLEncoder.encode(wf.getName(), "UTF-8"));
                        String uri = b.toString();
                        for (Map<String, String> wfParamSet : wfParams) {
                            DateTime now = new DateTime();
                            DateTime expires = now.plusHours(1);
                            LastMile lm = new LastMile(uri, now, expires, 0, "");
                            for (String key : wfParamSet.keySet()) {
                                String val = wfParamSet.get(key);
                                Attribute attr = new Attribute(key, val);
                                lm.getAttributes().add(attr);
                            }
                            WFDescription desc = new WFDescription();
                            desc.setUuid(UUID.randomUUID().toString());
                            desc.setName(wf.getName());
                            ST st = new ST(wf.getLabel(), '$', '$');
                            for (String key : wfParamSet.keySet()) {
                                st.add(key.replaceAll("[.]", "_"), wfParamSet.get(key));
                            }
                            desc.setLabel(st.render());
                            st = new ST(wf.getDescription(), '$', '$');
                            for (String key : wfParamSet.keySet()) {
                                st.add(key.replaceAll("[.]", "_"), wfParamSet.get(key));
                            }
                            desc.setDescription(st.render());
                            desc.setEncryptedParams(lm.generateLastMileToken(cfgMgr.getSecretKey(cfgMgr.getCfg().getProvisioning().getApprovalDB().getEncryptionKey())));
                            workflows.add(desc);
                        }
                    } else {
                        WFDescription desc = new WFDescription();
                        desc.setUuid(UUID.randomUUID().toString());
                        desc.setName(wf.getName());
                        desc.setLabel(wf.getLabel());
                        desc.setDescription(wf.getDescription());
                        workflows.add(desc);
                    }
                }
            }
        }
        ScaleJSUtils.addCacheHeaders(response);
        response.setContentType("application/json");
        response.getWriter().println(gson.toJson(workflows).trim());
        response.getWriter().flush();
    }
}
Also used : Attribute(com.tremolosecurity.saml.Attribute) LDAPAttribute(com.novell.ldap.LDAPAttribute) ScaleAttribute(com.tremolosecurity.scalejs.cfg.ScaleAttribute) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) XSSFRichTextString(org.apache.poi.xssf.usermodel.XSSFRichTextString) RichTextString(org.apache.poi.ss.usermodel.RichTextString) DateTime(org.joda.time.DateTime) WFDescription(com.tremolosecurity.provisioning.service.util.WFDescription) DynamicWorkflow(com.tremolosecurity.provisioning.util.DynamicWorkflow) HashSet(java.util.HashSet) ST(org.stringtemplate.v4.ST) AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo) ScaleError(com.tremolosecurity.scalejs.data.ScaleError) AuthController(com.tremolosecurity.proxy.auth.AuthController) ConfigManager(com.tremolosecurity.config.util.ConfigManager) ParamType(com.tremolosecurity.config.xml.ParamType) LastMile(com.tremolosecurity.lastmile.LastMile) OrgType(com.tremolosecurity.config.xml.OrgType) WorkflowType(com.tremolosecurity.config.xml.WorkflowType) AzSys(com.tremolosecurity.proxy.auth.AzSys) Map(java.util.Map) HashMap(java.util.HashMap)

Example 28 with AuthController

use of com.tremolosecurity.proxy.auth.AuthController in project OpenUnison by TremoloSecurity.

the class ScaleMain method loadReports.

private void loadReports(HttpFilterRequest request, HttpFilterResponse response, Gson gson) throws MalformedURLException, ProvisioningException, IOException {
    String orgid = request.getRequestURI().substring(request.getRequestURI().lastIndexOf('/') + 1);
    ConfigManager cfgMgr = GlobalEntries.getGlobalEntries().getConfigManager();
    HashSet<String> allowedOrgs = new HashSet<String>();
    AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
    OrgType ot = GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getOrg();
    AzSys az = new AzSys();
    this.checkOrg(allowedOrgs, ot, az, userData, request.getSession());
    if (!allowedOrgs.contains(orgid)) {
        response.setStatus(401);
        response.setContentType("application/json");
        ScaleError error = new ScaleError();
        error.getErrors().add("Unauthorized");
        ScaleJSUtils.addCacheHeaders(response);
        response.getWriter().print(gson.toJson(error).trim());
        response.getWriter().flush();
    } else {
        ReportsType reports = GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getReports();
        ReportsList reportsList = new ReportsList();
        reportsList.setReports(new ArrayList<ReportInformation>());
        if (reports != null && reports.getReport() != null) {
            for (ReportType report : reports.getReport()) {
                if (report.getOrgID().equals(orgid)) {
                    ReportInformation ri = new ReportInformation();
                    ri.setName(report.getName());
                    ri.setDescription(report.getDescription());
                    ri.setOrgID(report.getOrgID());
                    ri.setParameters(new ArrayList<String>());
                    ri.getParameters().addAll(report.getParamater());
                    ri.getParameters().remove("currentUser");
                    reportsList.getReports().add(ri);
                }
            }
        }
        response.setContentType("application/json");
        ScaleJSUtils.addCacheHeaders(response);
        response.getWriter().println(gson.toJson(reportsList).trim());
        response.getWriter().flush();
    }
}
Also used : AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo) ReportsList(com.tremolosecurity.provisioning.service.util.ReportsList) ScaleError(com.tremolosecurity.scalejs.data.ScaleError) XSSFRichTextString(org.apache.poi.xssf.usermodel.XSSFRichTextString) RichTextString(org.apache.poi.ss.usermodel.RichTextString) AuthController(com.tremolosecurity.proxy.auth.AuthController) ConfigManager(com.tremolosecurity.config.util.ConfigManager) ReportInformation(com.tremolosecurity.provisioning.service.util.ReportInformation) OrgType(com.tremolosecurity.config.xml.OrgType) AzSys(com.tremolosecurity.proxy.auth.AzSys) ReportsType(com.tremolosecurity.config.xml.ReportsType) ReportType(com.tremolosecurity.config.xml.ReportType) HashSet(java.util.HashSet)

Example 29 with AuthController

use of com.tremolosecurity.proxy.auth.AuthController in project OpenUnison by TremoloSecurity.

the class ScaleMain method doFilter.

@Override
public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception {
    Gson gson = new Gson();
    request.getServletRequest().setAttribute("com.tremolosecurity.unison.proxy.noRedirectOnError", "com.tremolosecurity.unison.proxy.noRedirectOnError");
    try {
        if (request.getRequestURI().endsWith("/main/config")) {
            if (scaleConfig.getUiDecisions() != null) {
                AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
                Set<String> allowedAttrs = this.scaleConfig.getUiDecisions().availableAttributes(userData, request.getServletRequest());
                ScaleConfig local = new ScaleConfig(this.scaleConfig);
                if (allowedAttrs != null) {
                    for (String attrName : this.scaleConfig.getAttributes().keySet()) {
                        if (!allowedAttrs.contains(attrName)) {
                            local.getAttributes().remove(attrName);
                        }
                    }
                }
                local.setCanEditUser(this.scaleConfig.getUiDecisions().canEditUser(userData, request.getServletRequest()));
                ScaleJSUtils.addCacheHeaders(response);
                response.setContentType("application/json");
                response.getWriter().println(gson.toJson(local).trim());
            } else {
                ScaleJSUtils.addCacheHeaders(response);
                response.setContentType("application/json");
                response.getWriter().println(gson.toJson(scaleConfig).trim());
            }
        } else if (request.getMethod().equalsIgnoreCase("GET") && request.getRequestURI().endsWith("/main/user")) {
            lookupUser(request, response, gson);
        } else if (request.getMethod().equalsIgnoreCase("PUT") && request.getRequestURI().endsWith("/main/user")) {
            saveUser(request, response, gson);
        } else if (request.getMethod().equalsIgnoreCase("GET") && request.getRequestURI().endsWith("/main/orgs")) {
            AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
            AzSys az = new AzSys();
            OrgType ot = GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getOrg();
            Organization org = new Organization();
            copyOrg(org, ot, az, userData);
            ScaleJSUtils.addCacheHeaders(response);
            response.setContentType("application/json");
            response.getWriter().println(gson.toJson(org).trim());
        } else if (request.getMethod().equalsIgnoreCase("GET") && request.getRequestURI().contains("/main/workflows/org/")) {
            loadWorkflows(request, response, gson);
        } else if (request.getMethod().equalsIgnoreCase("GET") && request.getRequestURI().contains("/main/workflows/candelegate")) {
            try {
                AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
                OrgType ot = GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getOrg();
                AzSys az = new AzSys();
                HashSet<String> allowedOrgs = new HashSet<String>();
                this.checkOrg(allowedOrgs, ot, az, userData, request.getSession());
                String workflowName = request.getParameter("workflowName").getValues().get(0);
                // need to check org
                String orgid = null;
                for (WorkflowType wf : GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getWorkflows().getWorkflow()) {
                    if (wf.getName().equals(workflowName)) {
                        orgid = wf.getOrgid();
                        break;
                    }
                }
                PreCheckResponse preCheckResp = new PreCheckResponse();
                if (request.getParameter("uuid") != null) {
                    preCheckResp.setUuid(request.getParameter("uuid").getValues().get(0));
                }
                checkPreCheck(request, userData, allowedOrgs, workflowName, orgid, preCheckResp);
                ScaleJSUtils.addCacheHeaders(response);
                response.getWriter().print(gson.toJson(preCheckResp).trim());
                response.getWriter().flush();
            } catch (Throwable t) {
                logger.error("Could not check for preapproval status", t);
                response.setStatus(500);
                response.setContentType("application/json");
                ScaleJSUtils.addCacheHeaders(response);
                ScaleError error = new ScaleError();
                error.getErrors().add("Unable to check");
                response.getWriter().print(gson.toJson(error).trim());
                response.getWriter().flush();
            }
        } else if (request.getMethod().equalsIgnoreCase("PUT") && request.getRequestURI().endsWith("/main/workflows")) {
            executeWorkflows(request, response, gson);
        } else if (request.getMethod().equalsIgnoreCase("GET") && request.getRequestURI().endsWith("/main/approvals")) {
            AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
            String uid = userData.getAttribs().get(this.scaleConfig.getUidAttributeName()).getValues().get(0);
            response.setContentType("application/json");
            ScaleJSUtils.addCacheHeaders(response);
            response.getWriter().println(gson.toJson(ServiceActions.listOpenApprovals(uid, this.scaleConfig.getDisplayNameAttribute(), GlobalEntries.getGlobalEntries().getConfigManager())).trim());
        } else if (request.getMethod().equalsIgnoreCase("GET") && request.getRequestURI().contains("/main/approvals/")) {
            loadApproval(request, response, gson);
        } else if (request.getMethod().equalsIgnoreCase("PUT") && request.getRequestURI().contains("/main/approvals/")) {
            int approvalID = Integer.parseInt(request.getRequestURI().substring(request.getRequestURI().lastIndexOf('/') + 1));
            AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
            String uid = userData.getAttribs().get(this.scaleConfig.getUidAttributeName()).getValues().get(0);
            boolean ok = false;
            ApprovalSummaries summaries = ServiceActions.listOpenApprovals(uid, this.scaleConfig.getDisplayNameAttribute(), GlobalEntries.getGlobalEntries().getConfigManager());
            for (ApprovalSummary as : summaries.getApprovals()) {
                if (as.getApproval() == approvalID) {
                    ok = true;
                }
            }
            if (!ok) {
                response.setStatus(401);
                response.setContentType("application/json");
                ScaleJSUtils.addCacheHeaders(response);
                ScaleError error = new ScaleError();
                error.getErrors().add("Unauthorized");
                response.getWriter().print(gson.toJson(error).trim());
                response.getWriter().flush();
            } else {
                ScaleApprovalData approvalData = gson.fromJson(new String((byte[]) request.getAttribute(ProxySys.MSG_BODY)), ScaleApprovalData.class);
                try {
                    String approval = approvalData.getReason().trim();
                    if (approval.length() > 255) {
                        logger.warn("approval justification greater then 255 characters");
                        approval = approval.substring(0, 255);
                    }
                    GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().doApproval(approvalID, uid, approvalData.isApproved(), approval);
                } catch (Exception e) {
                    logger.error("Could not execute approval", e);
                    response.setStatus(500);
                    ScaleError error = new ScaleError();
                    error.getErrors().add("There was a problem completeding your request, please contact your system administrator");
                    ScaleJSUtils.addCacheHeaders(response);
                    response.getWriter().print(gson.toJson(error).trim());
                    response.getWriter().flush();
                }
            }
        } else if (request.getMethod().equalsIgnoreCase("GET") && request.getRequestURI().contains("/main/reports/org/")) {
            loadReports(request, response, gson);
        } else if (request.getMethod().equalsIgnoreCase("GET") && request.getRequestURI().contains("/main/reports/excel/")) {
            exportToExcel(request, response, gson);
        } else if (request.getMethod().equalsIgnoreCase("GET") && request.getRequestURI().contains("/main/reports/")) {
            runReport(request, response, gson);
        } else if (request.getMethod().equalsIgnoreCase("GET") && request.getRequestURI().endsWith("/main/urls")) {
            AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
            AzSys az = new AzSys();
            PortalUrlsType pt = GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getPortal();
            PortalURLs urls = new PortalURLs();
            if (pt != null && pt.getUrls() != null) {
                for (PortalUrlType url : pt.getUrls()) {
                    if (url.getAzRules() != null && url.getAzRules().getRule().size() > 0) {
                        ArrayList<AzRule> rules = new ArrayList<AzRule>();
                        for (AzRuleType art : url.getAzRules().getRule()) {
                            rules.add(new AzRule(art.getScope(), art.getConstraint(), art.getClassName(), GlobalEntries.getGlobalEntries().getConfigManager(), null));
                        }
                        if (!az.checkRules(userData, GlobalEntries.getGlobalEntries().getConfigManager(), rules, request.getSession(), this.appType, new HashMap<String, Object>())) {
                            continue;
                        }
                    }
                    PortalURL purl = new PortalURL();
                    purl.setName(url.getName());
                    purl.setLabel(url.getLabel());
                    purl.setOrg(url.getOrg());
                    purl.setUrl(url.getUrl());
                    purl.setIcon(url.getIcon());
                    urls.getUrls().add(purl);
                }
            }
            ScaleJSUtils.addCacheHeaders(response);
            response.getWriter().print(gson.toJson(urls.getUrls()).trim());
            response.getWriter().flush();
        } else if (request.getMethod().equalsIgnoreCase("GET") && request.getRequestURI().contains("/main/urls/org")) {
            String id = URLDecoder.decode(request.getRequestURI().substring(request.getRequestURI().lastIndexOf('/') + 1), "UTF-8");
            AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
            AzSys az = new AzSys();
            PortalUrlsType pt = GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getPortal();
            PortalURLs urls = new PortalURLs();
            for (PortalUrlType url : pt.getUrls()) {
                if (url.getOrg().equalsIgnoreCase(id)) {
                    if (url.getAzRules() != null && url.getAzRules().getRule().size() > 0) {
                        ArrayList<AzRule> rules = new ArrayList<AzRule>();
                        for (AzRuleType art : url.getAzRules().getRule()) {
                            rules.add(new AzRule(art.getScope(), art.getConstraint(), art.getClassName(), GlobalEntries.getGlobalEntries().getConfigManager(), null));
                        }
                        if (!az.checkRules(userData, GlobalEntries.getGlobalEntries().getConfigManager(), rules, request.getSession(), this.appType, new HashMap<String, Object>())) {
                            continue;
                        }
                    }
                    PortalURL purl = new PortalURL();
                    purl.setName(url.getName());
                    purl.setLabel(url.getLabel());
                    purl.setOrg(url.getOrg());
                    purl.setUrl(url.getUrl());
                    purl.setIcon(url.getIcon());
                    urls.getUrls().add(purl);
                }
            }
            ScaleJSUtils.addCacheHeaders(response);
            response.getWriter().print(gson.toJson(urls.getUrls()).trim());
            response.getWriter().flush();
        } else {
            response.setStatus(500);
            ScaleError error = new ScaleError();
            error.getErrors().add("Operation not supported");
            ScaleJSUtils.addCacheHeaders(response);
            response.getWriter().print(gson.toJson(error).trim());
            response.getWriter().flush();
        }
    } catch (Throwable t) {
        logger.error("Could not execute request", t);
        response.setStatus(500);
        ScaleError error = new ScaleError();
        error.getErrors().add("Operation not supported");
        ScaleJSUtils.addCacheHeaders(response);
        response.getWriter().print(gson.toJson(error).trim());
        response.getWriter().flush();
    }
}
Also used : Organization(com.tremolosecurity.provisioning.service.util.Organization) PortalUrlType(com.tremolosecurity.config.xml.PortalUrlType) PortalURL(com.tremolosecurity.provisioning.service.util.PortalURL) HashMap(java.util.HashMap) PortalURLs(com.tremolosecurity.provisioning.service.util.PortalURLs) ArrayList(java.util.ArrayList) Gson(com.google.gson.Gson) PortalUrlsType(com.tremolosecurity.config.xml.PortalUrlsType) XSSFRichTextString(org.apache.poi.xssf.usermodel.XSSFRichTextString) RichTextString(org.apache.poi.ss.usermodel.RichTextString) AzRuleType(com.tremolosecurity.config.xml.AzRuleType) ApprovalSummaries(com.tremolosecurity.provisioning.service.util.ApprovalSummaries) HashSet(java.util.HashSet) ApprovalSummary(com.tremolosecurity.provisioning.service.util.ApprovalSummary) AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo) PreCheckResponse(com.tremolosecurity.scalejs.data.PreCheckResponse) ScaleApprovalData(com.tremolosecurity.scalejs.data.ScaleApprovalData) ScaleError(com.tremolosecurity.scalejs.data.ScaleError) AuthController(com.tremolosecurity.proxy.auth.AuthController) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) LDAPException(com.novell.ldap.LDAPException) SQLException(java.sql.SQLException) IOException(java.io.IOException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) MalformedURLException(java.net.MalformedURLException) OrgType(com.tremolosecurity.config.xml.OrgType) WorkflowType(com.tremolosecurity.config.xml.WorkflowType) AzSys(com.tremolosecurity.proxy.auth.AzSys) JsonObject(com.google.gson.JsonObject) AzRule(com.tremolosecurity.proxy.az.AzRule) ScaleConfig(com.tremolosecurity.scalejs.cfg.ScaleConfig)

Example 30 with AuthController

use of com.tremolosecurity.proxy.auth.AuthController in project OpenUnison by TremoloSecurity.

the class ClientCredentialsGrantPostAuth method runAfterSuccessfulAuthentication.

@Override
public void runAfterSuccessfulAuthentication(HttpServletRequest req, HttpServletResponse resp, UrlHolder holder, AuthChainType act, RequestHolder reqHolder, AuthController actl, NextSys next) throws IOException, ServletException {
    HttpSession session = req.getSession();
    AuthInfo authData = ((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
    if (!azSys.checkRules(authData, GlobalEntries.getGlobalEntries().getConfigManager(), trust.getClientAzRules(), new HashMap<String, Object>())) {
        AccessLog.log(AccessEvent.AzFail, holder.getApp(), req, authData, new StringBuilder().append("client not authorized for client_credentials grant on trust '").append(trust.getClientID()).append("'").toString());
        resp.sendError(403);
        return;
    }
    JSONObject existingClaims = new JSONObject();
    for (String attrName : authData.getAttribs().keySet()) {
        Attribute attr = authData.getAttribs().get(attrName);
        if (attr.getValues().size() == 1) {
            existingClaims.put(attrName, attr.getValues().get(0));
        } else {
            JSONArray vals = new JSONArray();
            vals.addAll(attr.getValues());
            existingClaims.put(attrName, vals);
        }
    }
    OpenIDConnectAccessToken access = new OpenIDConnectAccessToken();
    OidcSessionState oidcSession = idp.createUserSession(req, trust.getClientID(), holder, trust, authData.getUserDN(), GlobalEntries.getGlobalEntries().getConfigManager(), access, UUID.randomUUID().toString(), authData.getAuthChain(), existingClaims, null);
    Gson gson = new Gson();
    String json = gson.toJson(access);
    resp.setContentType("application/json");
    resp.getOutputStream().write(json.getBytes("UTF-8"));
    resp.getOutputStream().flush();
    if (logger.isDebugEnabled()) {
        logger.debug("Token JSON : '" + json + "'");
    }
    AccessLog.log(AccessEvent.AzSuccess, holder.getApp(), req, authData, "");
}
Also used : AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo) JSONObject(org.json.simple.JSONObject) HashMap(java.util.HashMap) Attribute(com.tremolosecurity.saml.Attribute) HttpSession(javax.servlet.http.HttpSession) JSONArray(org.json.simple.JSONArray) Gson(com.google.gson.Gson) AuthController(com.tremolosecurity.proxy.auth.AuthController) OidcSessionState(com.tremolosecurity.idp.providers.oidc.model.OidcSessionState)

Aggregations

AuthController (com.tremolosecurity.proxy.auth.AuthController)76 AuthInfo (com.tremolosecurity.proxy.auth.AuthInfo)59 Attribute (com.tremolosecurity.saml.Attribute)45 ServletException (javax.servlet.ServletException)28 HttpSession (javax.servlet.http.HttpSession)28 UrlHolder (com.tremolosecurity.config.util.UrlHolder)26 HashMap (java.util.HashMap)25 IOException (java.io.IOException)24 LDAPAttribute (com.novell.ldap.LDAPAttribute)21 LDAPException (com.novell.ldap.LDAPException)19 AuthChainType (com.tremolosecurity.config.xml.AuthChainType)19 Gson (com.google.gson.Gson)18 RequestHolder (com.tremolosecurity.proxy.auth.RequestHolder)17 HttpServletRequest (javax.servlet.http.HttpServletRequest)15 LDAPSearchResults (com.novell.ldap.LDAPSearchResults)14 ConfigManager (com.tremolosecurity.config.util.ConfigManager)14 ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)12 MalformedURLException (java.net.MalformedURLException)12 ArrayList (java.util.ArrayList)12 LDAPEntry (com.novell.ldap.LDAPEntry)11