Search in sources :

Example 1 with AuthMgrSys

use of com.tremolosecurity.proxy.auth.AuthMgrSys in project OpenUnison by TremoloSecurity.

the class AuthManagerImpl method finishSuccessfulLogin.

/* (non-Javadoc)
	 * @see com.tremolosecurity.proxy.auth.sys.AuthManager#finishSuccessfulLogin(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, com.tremolosecurity.config.util.UrlHolder, com.tremolosecurity.config.xml.AuthChainType, com.tremolosecurity.proxy.auth.RequestHolder, com.tremolosecurity.proxy.auth.AuthController, com.tremolosecurity.proxy.util.NextSys)
	 */
@Override
public boolean finishSuccessfulLogin(HttpServletRequest req, HttpServletResponse resp, UrlHolder holder, AuthChainType act, RequestHolder reqHolder, AuthController actl, NextSys next) throws IOException, ServletException {
    ConfigManager cfg = (ConfigManager) req.getAttribute(ProxyConstants.TREMOLO_CFG_OBJ);
    AuthInfo ai = actl.getAuthInfo();
    ai.setAuthComplete(true);
    StringBuffer msg = new StringBuffer();
    msg.append(act.getLevel()).append(" / ").append(act.getName());
    AccessLog.log(AccessEvent.AuSuccess, holder.getApp(), req, ai, msg.toString());
    StringBuffer redirURL;
    if (reqHolder == null) {
        Cookie sessionCookieName = new Cookie("autoIdmSessionCookieName", "DNE");
        String domain = ProxyTools.getInstance().getCookieDomain(holder.getApp().getCookieConfig(), req);
        if (domain != null) {
            sessionCookieName.setDomain(domain);
        }
        sessionCookieName.setPath("/");
        sessionCookieName.setMaxAge(0);
        sessionCookieName.setSecure(false);
        // resp.addCookie(sessionCookieName);
        if ((holder.getApp() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig().isCookiesEnabled() == null) || holder.getApp().getCookieConfig().isCookiesEnabled()) {
            ProxyResponse.addCookieToResponse(holder, sessionCookieName, (HttpServletResponse) ((ProxyResponse) resp).getResponse());
        }
        Cookie appCookieName = new Cookie("autoIdmAppName", "DNE");
        if (domain != null) {
            appCookieName.setDomain(domain);
        }
        appCookieName.setPath("/");
        appCookieName.setMaxAge(0);
        appCookieName.setSecure(false);
        // resp.addCookie(appCookieName);
        if ((holder.getApp() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig().isCookiesEnabled() == null) || holder.getApp().getCookieConfig().isCookiesEnabled()) {
            ProxyResponse.addCookieToResponse(holder, appCookieName, (HttpServletResponse) ((ProxyResponse) resp).getResponse());
        }
        AuthMgrSys ams = new AuthMgrSys(null);
        try {
            ams.processAuthResp(req, resp, holder, new Boolean(true));
        } catch (InstantiationException | IllegalAccessException | ClassNotFoundException e) {
            throw new ServletException("Could not initialize custom response", e);
        }
        return true;
    } else {
        switch(reqHolder.getMethod()) {
            case GET:
                redirURL = getGetRedirectURL(reqHolder);
                Cookie sessionCookieName = new Cookie("autoIdmSessionCookieName", "DNE");
                String domain = ProxyTools.getInstance().getCookieDomain(holder.getApp().getCookieConfig(), req);
                if (domain != null) {
                    sessionCookieName.setDomain(domain);
                }
                sessionCookieName.setPath("/");
                sessionCookieName.setMaxAge(0);
                sessionCookieName.setSecure(false);
                // resp.addCookie(sessionCookieName);
                if ((holder.getApp() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig().isCookiesEnabled() == null) || holder.getApp().getCookieConfig().isCookiesEnabled()) {
                    ProxyResponse.addCookieToResponse(holder, sessionCookieName, (HttpServletResponse) ((ProxyResponse) resp).getResponse());
                }
                Cookie appCookieName = new Cookie("autoIdmAppName", "DNE");
                if (domain != null) {
                    appCookieName.setDomain(domain);
                }
                appCookieName.setPath("/");
                appCookieName.setMaxAge(0);
                appCookieName.setSecure(false);
                // resp.addCookie(appCookieName);
                if ((holder.getApp() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig().isCookiesEnabled() == null) || holder.getApp().getCookieConfig().isCookiesEnabled()) {
                    ProxyResponse.addCookieToResponse(holder, appCookieName, (HttpServletResponse) ((ProxyResponse) resp).getResponse());
                }
                break;
            case POST:
                redirURL = new StringBuffer(holder.getConfig().getAuthFormsPath()).append("postPreservation.jsp");
                break;
            default:
                redirURL = new StringBuffer(reqHolder.getURL());
        }
        req.setAttribute(AuthMgrSys.AU_RES, new Boolean(true));
        AuthMgrSys ams = new AuthMgrSys(null);
        try {
            ams.processAuthResp(req, resp, holder, new Boolean(true));
        } catch (InstantiationException | IllegalAccessException | ClassNotFoundException e) {
            throw new ServletException("Could not initialize custom response", e);
        }
        if (act.getCompliance() != null && act.getCompliance().isEnabled()) {
            Attribute uidAttribute = actl.getAuthInfo().getAttribs().get(act.getCompliance().getUidAttributeName());
            if (uidAttribute != null) {
                String uid = uidAttribute.getValues().get(0);
                User updateAttrs = new User(uid);
                updateAttrs.getAttribs().put(act.getCompliance().getLastSucceedAttribute(), new Attribute(act.getCompliance().getLastSucceedAttribute(), Long.toString(new DateTime(DateTimeZone.UTC).getMillis())));
                updateAttrs.getAttribs().put(act.getCompliance().getNumFailedAttribute(), new Attribute(act.getCompliance().getNumFailedAttribute(), "0"));
                updateAttrs.getAttribs().put(act.getCompliance().getUidAttributeName(), new Attribute(act.getCompliance().getUidAttributeName(), uid));
                if (GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getUserAttrbiutes() != null) {
                    for (String attrName : GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getUserAttrbiutes()) {
                        Attribute fromAuth = ai.getAttribs().get(attrName);
                        if (fromAuth != null) {
                            Attribute attrForWF = new Attribute(attrName);
                            attrForWF.getValues().addAll(fromAuth.getValues());
                            updateAttrs.getAttribs().put(attrName, attrForWF);
                        }
                    }
                }
                HashMap<String, Object> wfReq = new HashMap<String, Object>();
                wfReq.put(ProvisioningParams.UNISON_EXEC_TYPE, ProvisioningParams.UNISON_EXEC_SYNC);
                try {
                    holder.getConfig().getProvisioningEngine().getWorkFlow(act.getCompliance().getUpdateAttributesWorkflow()).executeWorkflow(updateAttrs, wfReq);
                } catch (ProvisioningException e) {
                    throw new ServletException("Could not update successful login attribute", e);
                }
            }
        }
        // if
        // (redirURL.toString().equalsIgnoreCase(req.getRequestURL().toString())
        // || ( actl.getAuthSteps().size() == 1 && !
        // req.getRequestURI().startsWith(cfg.getAuthPath()))) {
        PostAuthSuccess postAuth = (PostAuthSuccess) req.getAttribute(PostAuthSuccess.POST_AUTH_ACTION);
        if (postAuth != null) {
            postAuth.runAfterSuccessfulAuthentication(req, resp, holder, act, reqHolder, actl, next);
        } else if (!req.getRequestURI().startsWith(cfg.getAuthPath())) {
            next.nextSys(req, resp);
        } else {
            resp.sendRedirect(redirURL.toString());
        }
        return false;
    }
}
Also used : Cookie(javax.servlet.http.Cookie) ProxyResponse(com.tremolosecurity.proxy.ProxyResponse) AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo) User(com.tremolosecurity.provisioning.core.User) LDAPAttribute(com.novell.ldap.LDAPAttribute) Attribute(com.tremolosecurity.saml.Attribute) HashMap(java.util.HashMap) ConfigManager(com.tremolosecurity.config.util.ConfigManager) DateTime(org.joda.time.DateTime) ServletException(javax.servlet.ServletException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) PostAuthSuccess(com.tremolosecurity.proxy.auth.PostAuthSuccess) AuthMgrSys(com.tremolosecurity.proxy.auth.AuthMgrSys)

Example 2 with AuthMgrSys

use of com.tremolosecurity.proxy.auth.AuthMgrSys in project OpenUnison by TremoloSecurity.

the class AuthManagerImpl method failAuthentication.

private void failAuthentication(HttpServletRequest req, HttpServletResponse resp, UrlHolder holder, AuthChainType act) throws ServletException, IOException, Exception {
    AccessLog.log(AccessEvent.AuFail, holder.getApp(), req, null, act.getName());
    req.setAttribute(AuthMgrSys.AU_RES, new Boolean(false));
    AuthMgrSys ams = new AuthMgrSys(null);
    try {
        ams.processAuthResp(req, resp, holder, new Boolean(false));
    } catch (InstantiationException | IllegalAccessException | ClassNotFoundException e) {
        throw new ServletException("Could not initialize custom response", e);
    }
    if (act.getCompliance() != null && act.getCompliance().isEnabled()) {
        String dn = getFailedUserDN(req);
        if (dn != null) {
            ArrayList<String> attrsToLoad = new ArrayList<String>();
            attrsToLoad.add(act.getCompliance().getNumFailedAttribute());
            attrsToLoad.add(act.getCompliance().getUidAttributeName());
            LDAPSearchResults res = GlobalEntries.getGlobalEntries().getConfigManager().getMyVD().search(dn, 0, "(objectClass=*)", attrsToLoad);
            if (res.hasMore()) {
                LDAPEntry userObj = res.next();
                String uid = userObj.getAttribute(act.getCompliance().getUidAttributeName()).getStringValue();
                LDAPAttribute numFails = userObj.getAttribute(act.getCompliance().getNumFailedAttribute());
                int fails = 0;
                if (numFails != null) {
                    fails = Integer.parseInt(numFails.getStringValue());
                }
                fails++;
                User updateAttrs = new User(uid);
                DateTime now = new DateTime(DateTimeZone.UTC);
                updateAttrs.getAttribs().put(act.getCompliance().getLastFailedAttribute(), new Attribute(act.getCompliance().getLastFailedAttribute(), Long.toString(now.getMillis())));
                updateAttrs.getAttribs().put(act.getCompliance().getNumFailedAttribute(), new Attribute(act.getCompliance().getNumFailedAttribute(), Integer.toString(fails)));
                updateAttrs.getAttribs().put(act.getCompliance().getUidAttributeName(), new Attribute(act.getCompliance().getUidAttributeName(), uid));
                HashMap<String, Object> wfReq = new HashMap<String, Object>();
                wfReq.put(ProvisioningParams.UNISON_EXEC_TYPE, ProvisioningParams.UNISON_EXEC_SYNC);
                // load attributes from the user object if it exists
                /*AuthInfo userData = ((AuthController) req.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
					
					if (GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getUserAttrbiutes() != null) {
						for (String attrName : GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getUserAttrbiutes()) {
							Attribute fromAuth = userData.getAttribs().get(attrName);
							if (fromAuth != null) {
								Attribute attrForWF = new Attribute(attrName);
								attrForWF.getValues().addAll(fromAuth.getValues());
								
								updateAttrs.getAttribs().put(attrName,attrForWF);
							}
						}
					}*/
                holder.getConfig().getProvisioningEngine().getWorkFlow(act.getCompliance().getUpdateAttributesWorkflow()).executeWorkflow(updateAttrs, wfReq);
            }
        }
    }
}
Also used : LDAPAttribute(com.novell.ldap.LDAPAttribute) User(com.tremolosecurity.provisioning.core.User) LDAPAttribute(com.novell.ldap.LDAPAttribute) Attribute(com.tremolosecurity.saml.Attribute) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) DateTime(org.joda.time.DateTime) ServletException(javax.servlet.ServletException) LDAPEntry(com.novell.ldap.LDAPEntry) LDAPSearchResults(com.novell.ldap.LDAPSearchResults) AuthMgrSys(com.tremolosecurity.proxy.auth.AuthMgrSys)

Aggregations

LDAPAttribute (com.novell.ldap.LDAPAttribute)2 User (com.tremolosecurity.provisioning.core.User)2 AuthMgrSys (com.tremolosecurity.proxy.auth.AuthMgrSys)2 Attribute (com.tremolosecurity.saml.Attribute)2 HashMap (java.util.HashMap)2 ServletException (javax.servlet.ServletException)2 DateTime (org.joda.time.DateTime)2 LDAPEntry (com.novell.ldap.LDAPEntry)1 LDAPSearchResults (com.novell.ldap.LDAPSearchResults)1 ConfigManager (com.tremolosecurity.config.util.ConfigManager)1 ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)1 ProxyResponse (com.tremolosecurity.proxy.ProxyResponse)1 AuthInfo (com.tremolosecurity.proxy.auth.AuthInfo)1 PostAuthSuccess (com.tremolosecurity.proxy.auth.PostAuthSuccess)1 ArrayList (java.util.ArrayList)1 Cookie (javax.servlet.http.Cookie)1