use of com.tremolosecurity.proxy.auth.AuthMgrSys in project OpenUnison by TremoloSecurity.
the class AuthManagerImpl method finishSuccessfulLogin.
/* (non-Javadoc)
* @see com.tremolosecurity.proxy.auth.sys.AuthManager#finishSuccessfulLogin(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, com.tremolosecurity.config.util.UrlHolder, com.tremolosecurity.config.xml.AuthChainType, com.tremolosecurity.proxy.auth.RequestHolder, com.tremolosecurity.proxy.auth.AuthController, com.tremolosecurity.proxy.util.NextSys)
*/
@Override
public boolean finishSuccessfulLogin(HttpServletRequest req, HttpServletResponse resp, UrlHolder holder, AuthChainType act, RequestHolder reqHolder, AuthController actl, NextSys next) throws IOException, ServletException {
ConfigManager cfg = (ConfigManager) req.getAttribute(ProxyConstants.TREMOLO_CFG_OBJ);
AuthInfo ai = actl.getAuthInfo();
ai.setAuthComplete(true);
StringBuffer msg = new StringBuffer();
msg.append(act.getLevel()).append(" / ").append(act.getName());
AccessLog.log(AccessEvent.AuSuccess, holder.getApp(), req, ai, msg.toString());
StringBuffer redirURL;
if (reqHolder == null) {
Cookie sessionCookieName = new Cookie("autoIdmSessionCookieName", "DNE");
String domain = ProxyTools.getInstance().getCookieDomain(holder.getApp().getCookieConfig(), req);
if (domain != null) {
sessionCookieName.setDomain(domain);
}
sessionCookieName.setPath("/");
sessionCookieName.setMaxAge(0);
sessionCookieName.setSecure(false);
// resp.addCookie(sessionCookieName);
if ((holder.getApp() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig().isCookiesEnabled() == null) || holder.getApp().getCookieConfig().isCookiesEnabled()) {
ProxyResponse.addCookieToResponse(holder, sessionCookieName, (HttpServletResponse) ((ProxyResponse) resp).getResponse());
}
Cookie appCookieName = new Cookie("autoIdmAppName", "DNE");
if (domain != null) {
appCookieName.setDomain(domain);
}
appCookieName.setPath("/");
appCookieName.setMaxAge(0);
appCookieName.setSecure(false);
// resp.addCookie(appCookieName);
if ((holder.getApp() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig().isCookiesEnabled() == null) || holder.getApp().getCookieConfig().isCookiesEnabled()) {
ProxyResponse.addCookieToResponse(holder, appCookieName, (HttpServletResponse) ((ProxyResponse) resp).getResponse());
}
AuthMgrSys ams = new AuthMgrSys(null);
try {
ams.processAuthResp(req, resp, holder, new Boolean(true));
} catch (InstantiationException | IllegalAccessException | ClassNotFoundException e) {
throw new ServletException("Could not initialize custom response", e);
}
return true;
} else {
switch(reqHolder.getMethod()) {
case GET:
redirURL = getGetRedirectURL(reqHolder);
Cookie sessionCookieName = new Cookie("autoIdmSessionCookieName", "DNE");
String domain = ProxyTools.getInstance().getCookieDomain(holder.getApp().getCookieConfig(), req);
if (domain != null) {
sessionCookieName.setDomain(domain);
}
sessionCookieName.setPath("/");
sessionCookieName.setMaxAge(0);
sessionCookieName.setSecure(false);
// resp.addCookie(sessionCookieName);
if ((holder.getApp() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig().isCookiesEnabled() == null) || holder.getApp().getCookieConfig().isCookiesEnabled()) {
ProxyResponse.addCookieToResponse(holder, sessionCookieName, (HttpServletResponse) ((ProxyResponse) resp).getResponse());
}
Cookie appCookieName = new Cookie("autoIdmAppName", "DNE");
if (domain != null) {
appCookieName.setDomain(domain);
}
appCookieName.setPath("/");
appCookieName.setMaxAge(0);
appCookieName.setSecure(false);
// resp.addCookie(appCookieName);
if ((holder.getApp() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig().isCookiesEnabled() == null) || holder.getApp().getCookieConfig().isCookiesEnabled()) {
ProxyResponse.addCookieToResponse(holder, appCookieName, (HttpServletResponse) ((ProxyResponse) resp).getResponse());
}
break;
case POST:
redirURL = new StringBuffer(holder.getConfig().getAuthFormsPath()).append("postPreservation.jsp");
break;
default:
redirURL = new StringBuffer(reqHolder.getURL());
}
req.setAttribute(AuthMgrSys.AU_RES, new Boolean(true));
AuthMgrSys ams = new AuthMgrSys(null);
try {
ams.processAuthResp(req, resp, holder, new Boolean(true));
} catch (InstantiationException | IllegalAccessException | ClassNotFoundException e) {
throw new ServletException("Could not initialize custom response", e);
}
if (act.getCompliance() != null && act.getCompliance().isEnabled()) {
Attribute uidAttribute = actl.getAuthInfo().getAttribs().get(act.getCompliance().getUidAttributeName());
if (uidAttribute != null) {
String uid = uidAttribute.getValues().get(0);
User updateAttrs = new User(uid);
updateAttrs.getAttribs().put(act.getCompliance().getLastSucceedAttribute(), new Attribute(act.getCompliance().getLastSucceedAttribute(), Long.toString(new DateTime(DateTimeZone.UTC).getMillis())));
updateAttrs.getAttribs().put(act.getCompliance().getNumFailedAttribute(), new Attribute(act.getCompliance().getNumFailedAttribute(), "0"));
updateAttrs.getAttribs().put(act.getCompliance().getUidAttributeName(), new Attribute(act.getCompliance().getUidAttributeName(), uid));
if (GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getUserAttrbiutes() != null) {
for (String attrName : GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getUserAttrbiutes()) {
Attribute fromAuth = ai.getAttribs().get(attrName);
if (fromAuth != null) {
Attribute attrForWF = new Attribute(attrName);
attrForWF.getValues().addAll(fromAuth.getValues());
updateAttrs.getAttribs().put(attrName, attrForWF);
}
}
}
HashMap<String, Object> wfReq = new HashMap<String, Object>();
wfReq.put(ProvisioningParams.UNISON_EXEC_TYPE, ProvisioningParams.UNISON_EXEC_SYNC);
try {
holder.getConfig().getProvisioningEngine().getWorkFlow(act.getCompliance().getUpdateAttributesWorkflow()).executeWorkflow(updateAttrs, wfReq);
} catch (ProvisioningException e) {
throw new ServletException("Could not update successful login attribute", e);
}
}
}
// if
// (redirURL.toString().equalsIgnoreCase(req.getRequestURL().toString())
// || ( actl.getAuthSteps().size() == 1 && !
// req.getRequestURI().startsWith(cfg.getAuthPath()))) {
PostAuthSuccess postAuth = (PostAuthSuccess) req.getAttribute(PostAuthSuccess.POST_AUTH_ACTION);
if (postAuth != null) {
postAuth.runAfterSuccessfulAuthentication(req, resp, holder, act, reqHolder, actl, next);
} else if (!req.getRequestURI().startsWith(cfg.getAuthPath())) {
next.nextSys(req, resp);
} else {
resp.sendRedirect(redirURL.toString());
}
return false;
}
}
use of com.tremolosecurity.proxy.auth.AuthMgrSys in project OpenUnison by TremoloSecurity.
the class AuthManagerImpl method failAuthentication.
private void failAuthentication(HttpServletRequest req, HttpServletResponse resp, UrlHolder holder, AuthChainType act) throws ServletException, IOException, Exception {
AccessLog.log(AccessEvent.AuFail, holder.getApp(), req, null, act.getName());
req.setAttribute(AuthMgrSys.AU_RES, new Boolean(false));
AuthMgrSys ams = new AuthMgrSys(null);
try {
ams.processAuthResp(req, resp, holder, new Boolean(false));
} catch (InstantiationException | IllegalAccessException | ClassNotFoundException e) {
throw new ServletException("Could not initialize custom response", e);
}
if (act.getCompliance() != null && act.getCompliance().isEnabled()) {
String dn = getFailedUserDN(req);
if (dn != null) {
ArrayList<String> attrsToLoad = new ArrayList<String>();
attrsToLoad.add(act.getCompliance().getNumFailedAttribute());
attrsToLoad.add(act.getCompliance().getUidAttributeName());
LDAPSearchResults res = GlobalEntries.getGlobalEntries().getConfigManager().getMyVD().search(dn, 0, "(objectClass=*)", attrsToLoad);
if (res.hasMore()) {
LDAPEntry userObj = res.next();
String uid = userObj.getAttribute(act.getCompliance().getUidAttributeName()).getStringValue();
LDAPAttribute numFails = userObj.getAttribute(act.getCompliance().getNumFailedAttribute());
int fails = 0;
if (numFails != null) {
fails = Integer.parseInt(numFails.getStringValue());
}
fails++;
User updateAttrs = new User(uid);
DateTime now = new DateTime(DateTimeZone.UTC);
updateAttrs.getAttribs().put(act.getCompliance().getLastFailedAttribute(), new Attribute(act.getCompliance().getLastFailedAttribute(), Long.toString(now.getMillis())));
updateAttrs.getAttribs().put(act.getCompliance().getNumFailedAttribute(), new Attribute(act.getCompliance().getNumFailedAttribute(), Integer.toString(fails)));
updateAttrs.getAttribs().put(act.getCompliance().getUidAttributeName(), new Attribute(act.getCompliance().getUidAttributeName(), uid));
HashMap<String, Object> wfReq = new HashMap<String, Object>();
wfReq.put(ProvisioningParams.UNISON_EXEC_TYPE, ProvisioningParams.UNISON_EXEC_SYNC);
// load attributes from the user object if it exists
/*AuthInfo userData = ((AuthController) req.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
if (GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getUserAttrbiutes() != null) {
for (String attrName : GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getUserAttrbiutes()) {
Attribute fromAuth = userData.getAttribs().get(attrName);
if (fromAuth != null) {
Attribute attrForWF = new Attribute(attrName);
attrForWF.getValues().addAll(fromAuth.getValues());
updateAttrs.getAttribs().put(attrName,attrForWF);
}
}
}*/
holder.getConfig().getProvisioningEngine().getWorkFlow(act.getCompliance().getUpdateAttributesWorkflow()).executeWorkflow(updateAttrs, wfReq);
}
}
}
}
Aggregations