Example 6 with AuthInfo
use of com.tremolosecurity.proxy.auth.AuthInfo in project OpenUnison by TremoloSecurity.
the class DNBase2Attribute method doFilter.
@Override
public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception {
HttpSession session = request.getSession();
if (session.getAttribute(key) == null) {
AuthInfo authInfo = ((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
boolean isMember = false;
if (authInfo.getUserDN().toLowerCase().endsWith(this.dn)) {
isMember = true;
logger.debug("User is member");
} else {
isMember = false;
logger.debug("User is NOT member");
}
if (isMember) {
Attribute attr = authInfo.getAttribs().get(this.attributeName);
if (attr == null) {
attr = new Attribute(this.attributeName);
authInfo.getAttribs().put(this.attributeName, attr);
}
attr.getValues().add(this.attributeValue);
}
session.setAttribute(key, key);
}
chain.nextFilter(request, response, chain);
}
Also used :
AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo)
Attribute(com.tremolosecurity.saml.Attribute)
HttpSession(javax.servlet.http.HttpSession)
AuthController(com.tremolosecurity.proxy.auth.AuthController)
Example 7 with AuthInfo
use of com.tremolosecurity.proxy.auth.AuthInfo in project OpenUnison by TremoloSecurity.
the class Group2Attribute method doFilter.
@Override
public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception {
HttpSession session = request.getSession();
if (session.getAttribute(key) == null) {
AuthInfo authInfo = ((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
boolean isMember = false;
StringBuffer filter = new StringBuffer();
LDAPSearchResults res = cfgMgr.getMyVD().search(groupDN, 0, equal(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getGroupMemberAttribute(), authInfo.getUserDN()).toString(), attribs);
if (res.hasMore()) {
res.next();
isMember = true;
logger.debug("User is member");
} else {
isMember = false;
logger.debug("User is NOT member");
}
if (isMember) {
Attribute attr = authInfo.getAttribs().get(this.attributeName);
if (attr == null) {
attr = new Attribute(this.attributeName);
authInfo.getAttribs().put(this.attributeName, attr);
}
attr.getValues().add(this.attributeValue);
}
session.setAttribute(key, key);
}
chain.nextFilter(request, response, chain);
}
Also used :
AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo)
LDAPSearchResults(com.novell.ldap.LDAPSearchResults)
Attribute(com.tremolosecurity.saml.Attribute)
HttpSession(javax.servlet.http.HttpSession)
AuthController(com.tremolosecurity.proxy.auth.AuthController)
Example 8 with AuthInfo
use of com.tremolosecurity.proxy.auth.AuthInfo in project OpenUnison by TremoloSecurity.
the class Groups2Attribute method doFilter.
@Override
public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception {
HttpSession session = request.getSession();
if (session.getAttribute(key) == null) {
AuthInfo authInfo = ((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
Attribute members = authInfo.getAttribs().get(this.attrName);
if (members == null) {
members = new Attribute();
authInfo.getAttribs().put(this.attrName, members);
}
StringBuffer filter = new StringBuffer();
ArrayList<String> attrs = new ArrayList<String>();
attrs.add("cn");
LDAPSearchResults res = this.cfg.getMyVD().search(this.base, 2, equal(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getGroupMemberAttribute(), authInfo.getUserDN()).toString(), attrs);
while (res.hasMore()) {
LDAPEntry entry = res.next();
String cn = entry.getAttribute("cn").getStringValue();
if (p != null) {
Matcher m = p.matcher(cn);
if (m.matches()) {
members.getValues().add(m.group(groupNum));
}
} else {
members.getValues().add(cn);
}
}
session.setAttribute(key, key);
}
chain.nextFilter(request, response, chain);
}
Also used :
AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo)
LDAPEntry(com.novell.ldap.LDAPEntry)
LDAPSearchResults(com.novell.ldap.LDAPSearchResults)
Attribute(com.tremolosecurity.saml.Attribute)
Matcher(java.util.regex.Matcher)
HttpSession(javax.servlet.http.HttpSession)
ArrayList(java.util.ArrayList)
AuthController(com.tremolosecurity.proxy.auth.AuthController)
Example 9 with AuthInfo
use of com.tremolosecurity.proxy.auth.AuthInfo in project OpenUnison by TremoloSecurity.
the class JITAuthMech method doGet.
@Override
public void doGet(HttpServletRequest req, HttpServletResponse resp, AuthStep as) throws ServletException, IOException {
// HttpSession session = (HttpSession) req.getAttribute(ConfigFilter.AUTOIDM_SESSION);//((HttpServletRequest) req).getSession(); //SharedSession.getSharedSession().getSession(req.getSession().getId());
// SharedSession.getSharedSession().getSession(req.getSession().getId());
HttpSession session = ((HttpServletRequest) req).getSession();
UrlHolder holder = (UrlHolder) req.getAttribute(ProxyConstants.AUTOIDM_CFG);
RequestHolder reqHolder = ((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).getHolder();
HashMap<String, Attribute> authParams = (HashMap<String, Attribute>) session.getAttribute(ProxyConstants.AUTH_MECH_PARAMS);
String nameAttr = null;
if (authParams.get("nameAttr") == null) {
throw new ServletException("No name attribute");
}
nameAttr = authParams.get("nameAttr").getValues().get(0);
String workflowName;
if (authParams.get("workflowName") == null) {
throw new ServletException("No workflow specified");
}
workflowName = authParams.get("workflowName").getValues().get(0);
String urlChain = holder.getUrl().getAuthChain();
AuthChainType act = holder.getConfig().getAuthChains().get(reqHolder.getAuthChainName());
AuthMechType amt = act.getAuthMech().get(as.getId());
AuthInfo authInfo = ((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
try {
holder.getConfig().getProvisioningEngine().getWorkFlow(workflowName).executeWorkflow(authInfo, nameAttr);
as.setSuccess(true);
} catch (ProvisioningException e) {
StringBuffer b = new StringBuffer();
b.append("Could not execute workflow '").append(workflowName).append("' on '").append(authInfo.getUserDN()).append("'");
ByteArrayOutputStream baos = new ByteArrayOutputStream();
PrintWriter err = new PrintWriter(new OutputStreamWriter(baos));
e.printStackTrace(err);
Throwable t = e.getCause();
while (t != null) {
t.printStackTrace(err);
t = t.getCause();
}
logger.error(b.toString() + new String(baos.toByteArray()));
as.setSuccess(false);
logger.warn("Could not execute workflow " + workflowName + " for " + authInfo.getUserDN(), e);
}
holder.getConfig().getAuthManager().nextAuth(req, resp, session, false);
}
Also used :
AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
HashMap(java.util.HashMap)
TremoloHttpSession(com.tremolosecurity.proxy.TremoloHttpSession)
HttpSession(javax.servlet.http.HttpSession)
AuthMechType(com.tremolosecurity.config.xml.AuthMechType)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
RequestHolder(com.tremolosecurity.proxy.auth.RequestHolder)
AuthController(com.tremolosecurity.proxy.auth.AuthController)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
UrlHolder(com.tremolosecurity.config.util.UrlHolder)
ServletException(javax.servlet.ServletException)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
OutputStreamWriter(java.io.OutputStreamWriter)
AuthChainType(com.tremolosecurity.config.xml.AuthChainType)
PrintWriter(java.io.PrintWriter)
Example 10 with AuthInfo
use of com.tremolosecurity.proxy.auth.AuthInfo in project OpenUnison by TremoloSecurity.
the class CreateAWSRoleAttribute method doFilter.
@Override
public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception {
AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
Attribute source = userData.getAttribs().get(this.sourceAttribute);
if (source == null) {
logger.warn("Source attribute not found");
} else {
StringBuffer role = new StringBuffer();
Attribute roles = new Attribute("https://aws.amazon.com/SAML/Attributes/Role");
for (String groupName : source.getValues()) {
role.setLength(0);
role.append("arn:aws:iam::").append(this.accountNumber).append(":role/").append(groupName).append(",arn:aws:iam::").append(this.accountNumber).append(":saml-provider/").append(this.idpName);
roles.getValues().add(role.toString());
}
userData.getAttribs().put(roles.getName(), roles);
chain.nextFilter(request, response, chain);
}
}
Also used :
AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo)
Attribute(com.tremolosecurity.saml.Attribute)
AuthController(com.tremolosecurity.proxy.auth.AuthController)
Aggregations
AuthInfo (com.tremolosecurity.proxy.auth.AuthInfo)71
AuthController (com.tremolosecurity.proxy.auth.AuthController)59
Attribute (com.tremolosecurity.saml.Attribute)46
LDAPAttribute (com.novell.ldap.LDAPAttribute)27
IOException (java.io.IOException)25
ServletException (javax.servlet.ServletException)24
HttpSession (javax.servlet.http.HttpSession)23
Gson (com.google.gson.Gson)22
LDAPException (com.novell.ldap.LDAPException)22
LDAPSearchResults (com.novell.ldap.LDAPSearchResults)22
LDAPEntry (com.novell.ldap.LDAPEntry)19
HashMap (java.util.HashMap)19
UrlHolder (com.tremolosecurity.config.util.UrlHolder)18
ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)18
MalformedURLException (java.net.MalformedURLException)15
AuthChainType (com.tremolosecurity.config.xml.AuthChainType)14
ArrayList (java.util.ArrayList)14
AzSys (com.tremolosecurity.proxy.auth.AzSys)12
UnsupportedEncodingException (java.io.UnsupportedEncodingException)11
HttpServletRequest (javax.servlet.http.HttpServletRequest)11
