Example 1 with AzSys
use of com.tremolosecurity.proxy.auth.AzSys in project OpenUnison by TremoloSecurity.
the class SendMessageThread method doApproval.
/* (non-Javadoc)
* @see com.tremolosecurity.provisioning.core.ProvisioningEngine#doApproval(int, java.lang.String, boolean, java.lang.String)
*/
@Override
public void doApproval(int id, String userID, boolean approved, String reason) throws ProvisioningException {
org.hibernate.Session session = this.sessionFactory.openSession();
try {
StringBuffer b = new StringBuffer();
LDAPSearchResults res = this.cfgMgr.getMyVD().search(this.cfgMgr.getCfg().getLdapRoot(), 2, equal(this.userIDAttributeName, userID).toString(), new ArrayList<String>());
if (!res.hasMore()) {
throw new ProvisioningException("Could not locate approver '" + userID + "'");
}
LDAPEntry approver = res.next();
AuthInfo auinfo = new AuthInfo();
auinfo.setUserDN(approver.getDN());
LDAPAttributeSet attrs = approver.getAttributeSet();
for (Object obj : attrs) {
LDAPAttribute attr = (LDAPAttribute) obj;
Attribute attrib = new Attribute(attr.getName());
String[] vals = attr.getStringValueArray();
for (String val : vals) {
attrib.getValues().add(val);
}
auinfo.getAttribs().put(attrib.getName(), attrib);
}
while (res.hasMore()) res.next();
Query query = session.createQuery("FROM Approvers WHERE userKey = :user_key");
query.setParameter("user_key", userID);
List<Approvers> approvers = query.list();
Approvers approverObj = null;
if (logger.isDebugEnabled()) {
logger.debug("Approver UserID : " + userID);
}
int approverID;
if (approvers.size() == 0) {
approverObj = new Approvers();
approverObj.setUserKey(userID);
session.save(approverObj);
approverID = approverObj.getId();
} else {
approverObj = approvers.get(0);
approverID = approverObj.getId();
}
session.beginTransaction();
boolean changed = false;
for (String attrName : this.getApproverAttributes()) {
boolean found = false;
for (ApproverAttributes appAttr : approverObj.getApproverAttributeses()) {
if (attrName.equalsIgnoreCase(appAttr.getName())) {
found = true;
LDAPAttribute approverAttr = approver.getAttribute(attrName);
if (approverAttr != null) {
if (!approverAttr.getStringValue().equals(appAttr.getValue())) {
appAttr.setValue(approverAttr.getStringValue());
session.save(appAttr);
}
}
}
}
if (!found) {
ApproverAttributes attr = new ApproverAttributes();
attr.setName(attrName);
LDAPAttribute approverAttr = approver.getAttribute(attrName);
if (approverAttr != null) {
attr.setValue(approverAttr.getStringValue());
}
attr.setApprovers(approverObj);
approverObj.getApproverAttributeses().add(attr);
session.save(attr);
changed = true;
}
}
Approvals approvals = session.load(Approvals.class, id);
if (approvals == null) {
throw new ProvisioningException("Approval not found");
}
Gson gson = new Gson();
String json = approvals.getWorkflowObj();
Token token = gson.fromJson(json, Token.class);
byte[] iv = org.bouncycastle.util.encoders.Base64.decode(token.getIv());
IvParameterSpec spec = new IvParameterSpec(iv);
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.DECRYPT_MODE, this.cfgMgr.getSecretKey(this.cfgMgr.getCfg().getProvisioning().getApprovalDB().getEncryptionKey()), spec);
byte[] encBytes = org.bouncycastle.util.encoders.Base64.decode(token.getEncryptedRequest());
String jsonDecr = new String(cipher.doFinal(encBytes));
Workflow wf = (Workflow) JsonReader.jsonToJava(jsonDecr);
Approval approval = (Approval) wf.findCurrentApprovalTask();
if (approval == null) {
throw new ProvisioningException("Could not locate approval step");
}
AzSys az = new AzSys();
for (AzRule rule : approval.getAzRules()) {
if (rule.getCustomAuthorization() != null) {
rule.getCustomAuthorization().loadConfigManager(cfgMgr);
rule.getCustomAuthorization().setWorkflow(wf);
}
}
if (!az.checkRules(auinfo, this.cfgMgr, approval.getAzRules(), wf.getRequest())) {
throw new ProvisioningException("Az of approval failed");
}
DateTime now = new DateTime();
approvals.setWorkflowObj(null);
approvals.setApprovedTs(new Timestamp(now.getMillis()));
approvals.setApprovers(approverObj);
approvals.setApproved(approved ? 1 : 0);
approvals.setReason(reason);
session.save(approvals);
wf.getRequest().put(Approval.APPROVAL_RESULT, new Boolean(approved));
approval.markComplete(approved);
if (approved) {
wf.reInit(cfgMgr);
wf.restart();
} else {
if (wf.getUserNum() != wf.getRequesterNum()) {
wf.getRequester().getAttribs().put("reason", new Attribute("reason", reason));
if (!wf.getRequester().getAttribs().containsKey(approval.getMailAttr())) {
logger.warn("Can not send failure notification to " + wf.getRequester().getUserID() + ", no mail found");
} else {
this.sendNotification(wf.getRequester().getAttribs().get(approval.getMailAttr()).getValues().get(0), approval.getFailureEmailMsg(), approval.getFailureEmailSubject(), wf.getRequester());
}
}
wf.getUser().getAttribs().put("reason", new Attribute("reason", reason));
if (!wf.getUser().getAttribs().containsKey(approval.getMailAttr())) {
logger.warn("Can not send failure notification to " + wf.getUser().getUserID() + ", no mail found");
} else {
this.sendNotification(wf.getUser().getAttribs().get(approval.getMailAttr()).getValues().get(0), approval.getFailureEmailMsg(), approval.getFailureEmailSubject(), wf.getUser());
}
wf.reInit(cfgMgr);
wf.restart();
}
session.getTransaction().commit();
} catch (LDAPException e) {
throw new ProvisioningException("Could not load approver", e);
} catch (SQLException e) {
throw new ProvisioningException("Could not load saved workflow", e);
} catch (IOException e) {
throw new ProvisioningException("Could not load saved workflow", e);
} catch (ClassNotFoundException e) {
throw new ProvisioningException("Could not load saved workflow", e);
} catch (NoSuchAlgorithmException e) {
throw new ProvisioningException("Could not decrypt workflow object", e);
} catch (NoSuchPaddingException e) {
throw new ProvisioningException("Could not decrypt workflow object", e);
} catch (InvalidKeyException e) {
throw new ProvisioningException("Could not decrypt workflow object", e);
} catch (InvalidAlgorithmParameterException e) {
throw new ProvisioningException("Could not decrypt workflow object", e);
} catch (IllegalBlockSizeException e) {
throw new ProvisioningException("Could not decrypt workflow object", e);
} catch (BadPaddingException e) {
throw new ProvisioningException("Could not decrypt workflow object", e);
} catch (ProvisioningException e) {
throw e;
} catch (Exception e) {
logger.error("Exception running workflow", e);
throw new ProvisioningException("Exception running workflow", e);
} finally {
if (session != null) {
session.close();
}
}
}
Also used :
ApproverAttributes(com.tremolosecurity.provisioning.objects.ApproverAttributes)
Query(org.hibernate.Query)
Attribute(com.tremolosecurity.saml.Attribute)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
SQLException(java.sql.SQLException)
Approvals(com.tremolosecurity.provisioning.objects.Approvals)
Gson(com.google.gson.Gson)
IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException)
Token(com.tremolosecurity.json.Token)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
BadPaddingException(javax.crypto.BadPaddingException)
Timestamp(java.sql.Timestamp)
DateTime(org.joda.time.DateTime)
LDAPEntry(com.novell.ldap.LDAPEntry)
Approvers(com.tremolosecurity.provisioning.objects.Approvers)
AllowedApprovers(com.tremolosecurity.provisioning.objects.AllowedApprovers)
Approval(com.tremolosecurity.provisioning.tasks.Approval)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo)
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
LDAPAttributeSet(com.novell.ldap.LDAPAttributeSet)
NoSuchPaddingException(javax.crypto.NoSuchPaddingException)
IOException(java.io.IOException)
InvalidKeyException(java.security.InvalidKeyException)
InvocationTargetException(java.lang.reflect.InvocationTargetException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeyException(java.security.InvalidKeyException)
LDAPException(com.novell.ldap.LDAPException)
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
SocketException(java.net.SocketException)
SQLException(java.sql.SQLException)
SchedulerException(org.quartz.SchedulerException)
IOException(java.io.IOException)
MessagingException(javax.mail.MessagingException)
IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException)
JMSException(javax.jms.JMSException)
JAXBException(javax.xml.bind.JAXBException)
FileNotFoundException(java.io.FileNotFoundException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
NoSuchPaddingException(javax.crypto.NoSuchPaddingException)
BadPaddingException(javax.crypto.BadPaddingException)
LDAPSearchResults(com.novell.ldap.LDAPSearchResults)
LDAPException(com.novell.ldap.LDAPException)
AzSys(com.tremolosecurity.proxy.auth.AzSys)
IvParameterSpec(javax.crypto.spec.IvParameterSpec)
Cipher(javax.crypto.Cipher)
AzRule(com.tremolosecurity.proxy.az.AzRule)
Example 2 with AzSys
use of com.tremolosecurity.proxy.auth.AzSys in project OpenUnison by TremoloSecurity.
the class TokenData method doPost.
public void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
if (request.getHeader("Accept") != null && request.getHeader("Accept").startsWith("application/json")) {
request.setAttribute("com.tremolosecurity.unison.proxy.noRedirectOnError", "com.tremolosecurity.unison.proxy.noRedirectOnError");
}
try {
String action = (String) request.getAttribute(IDP.ACTION_NAME);
if (action.contentEquals("completefed")) {
this.completeFederation(request, response);
} else if (action.equalsIgnoreCase("token")) {
String code = request.getParameter("code");
String clientID = request.getParameter("client_id");
String clientSecret = request.getParameter("client_secret");
String redirectURI = request.getParameter("redirect_uri");
String grantType = request.getParameter("grant_type");
String refreshToken = request.getParameter("refresh_token");
if (clientID == null) {
// this means that the clientid is in the Authorization header
String azHeader = request.getHeader("Authorization");
azHeader = azHeader.substring(azHeader.indexOf(' ') + 1).trim();
azHeader = new String(org.apache.commons.codec.binary.Base64.decodeBase64(azHeader));
clientID = azHeader.substring(0, azHeader.indexOf(':'));
clientSecret = azHeader.substring(azHeader.indexOf(':') + 1);
}
AuthController ac = (AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL);
UrlHolder holder = (UrlHolder) request.getAttribute(ProxyConstants.AUTOIDM_CFG);
holder.getApp().getCookieConfig().getTimeout();
if (refreshToken != null) {
try {
refreshToken(response, clientID, clientSecret, refreshToken, holder, request, ac.getAuthInfo());
} catch (Exception e1) {
logger.warn("Could not refresh token", e1);
AccessLog.log(AccessEvent.AzFail, holder.getApp(), (HttpServletRequest) request, ac.getAuthInfo(), "NONE");
response.sendError(401);
}
} else if (grantType.equalsIgnoreCase("urn:ietf:params:oauth:grant-type:token-exchange")) {
StsRequest stsRequest = new StsRequest();
stsRequest.setAudience(request.getParameter("audience"));
stsRequest.setDelegation(request.getParameter("actor_token") != null);
stsRequest.setImpersonation(!stsRequest.isDelegation());
stsRequest.setSubjectToken(request.getParameter("subject_token"));
stsRequest.setSubjectTokenType(request.getParameter("subject_token_type"));
stsRequest.setActorToken(request.getParameter("actor_token"));
stsRequest.setActorTokenType(request.getParameter("actor_token_type"));
stsRequest.setImpersonation(stsRequest.getActorToken() == null);
stsRequest.setDelegation(stsRequest.getActorToken() != null);
OpenIDConnectTrust trust = this.trusts.get(clientID);
if (trust == null) {
String errorMessage = new StringBuilder().append("Trust '").append(clientID).append("' not found").toString();
logger.warn(errorMessage);
throw new Exception(errorMessage);
}
if (!trust.isSts()) {
String errorMessage = new StringBuilder().append("Trust '").append(clientID).append("' not an sts").toString();
logger.warn(errorMessage);
response.sendError(401);
return;
}
if (stsRequest.isImpersonation()) {
stsImpersontion(request, response, clientID, ac, holder, stsRequest, trust);
} else {
if (!trust.isStsDelegation()) {
logger.warn(new StringBuilder().append("clientid '").append(clientID).append("' does not support delegation"));
response.sendError(403);
}
// validate the actor
X509Certificate sigCert = GlobalEntries.getGlobalEntries().getConfigManager().getCertificate(this.getJwtSigningKeyName());
if (sigCert == null) {
logger.error(new StringBuilder().append("JWT Signing Certificate '").append(this.getJwtSigningKeyName()).append("' does not exist").toString());
response.sendError(500);
return;
}
StringBuffer issuer = new StringBuffer();
// issuer.append(cfg.getAuthIdPPath()).append(this.idpName);
issuer.append(holder.getApp().getUrls().getUrl().get(0).getUri());
String issuerUrl = ProxyTools.getInstance().getFqdnUrl(issuer.toString(), request);
HttpSession session = request.getSession();
AuthInfo authData = ((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
TokenData actorTokenData = this.validateToken(stsRequest.getActorToken(), "actor_token", sigCert.getPublicKey(), issuerUrl, clientID, holder, request, authData, response, false);
if (actorTokenData == null) {
return;
}
String uidAttribute = this.getUidAttributeFromMap();
if (uidAttribute == null) {
logger.error(new StringBuilder().append("IdP ").append(holder.getApp().getName()).append(" does not have a sub attribute mapped to a user attribute").toString());
response.sendError(500);
return;
}
String authChainName = null;
AuthChainType actorAuthChain = null;
if (actorTokenData.amr != null) {
authChainName = this.getAmrToAuthChain().get(actorTokenData.amr);
if (authChainName != null) {
actorAuthChain = GlobalEntries.getGlobalEntries().getConfigManager().getAuthChains().get(authChainName);
}
}
AuthInfo actorAuth = this.jwtToAuthInfo(actorTokenData, uidAttribute, actorAuthChain, authChainName);
if (actorAuth == null) {
// don't think this can happen
logger.error("Could not create user auth object from jwt");
response.sendError(500);
return;
}
AzSys azSys = new AzSys();
if (!azSys.checkRules(actorAuth, GlobalEntries.getGlobalEntries().getConfigManager(), trust.getClientAzRules(), new HashMap<String, Object>())) {
AccessLog.log(AccessEvent.AzFail, holder.getApp(), request, actorAuth, new StringBuilder().append("client not authorized to exchange token for subject '").append(actorTokenData.subjectUid).append("'").toString());
response.sendError(403);
return;
}
if (!trust.getAllowedAudiences().contains(stsRequest.getAudience())) {
AccessLog.log(AccessEvent.AzFail, holder.getApp(), request, actorAuth, new StringBuilder().append("Audience '").append(stsRequest.getAudience()).append("' is not an authorized audience for sts '").append(trust.getTrustName()).append("'").toString());
response.sendError(403);
return;
}
OpenIDConnectTrust targetTrust = this.getTrusts().get(stsRequest.getAudience());
if (targetTrust == null) {
logger.warn(new StringBuilder().append("Audience '").append(stsRequest.getAudience()).append("' does not exist").toString());
response.sendError(404);
return;
}
TokenData subjectTokenData = this.validateToken(stsRequest.getSubjectToken(), "subject_token", sigCert.getPublicKey(), issuerUrl, null, holder, request, authData, response, true);
if (subjectTokenData == null) {
return;
}
authChainName = null;
actorAuthChain = null;
if (subjectTokenData.amr != null) {
authChainName = this.getAmrToAuthChain().get(subjectTokenData.amr);
if (authChainName != null) {
actorAuthChain = GlobalEntries.getGlobalEntries().getConfigManager().getAuthChains().get(authChainName);
}
}
AuthInfo subjectAuth = this.jwtToAuthInfo(subjectTokenData, uidAttribute, actorAuthChain, authChainName);
if (subjectAuth == null) {
// don't think this can happen
logger.error("Could not create user auth object from jwt");
response.sendError(500);
return;
}
if (!azSys.checkRules(subjectAuth, GlobalEntries.getGlobalEntries().getConfigManager(), trust.getSubjectAzRules(), new HashMap<String, Object>())) {
AccessLog.log(AccessEvent.AzFail, holder.getApp(), request, actorAuth, new StringBuilder().append("client not authorized to exchange token for subject '").append(subjectTokenData.subjectUid).append("'").toString());
response.sendError(403);
return;
}
OpenIDConnectAccessToken access = new OpenIDConnectAccessToken();
OidcSessionState oidcSession = this.createUserSession(request, stsRequest.getAudience(), holder, targetTrust, subjectAuth.getUserDN(), GlobalEntries.getGlobalEntries().getConfigManager(), access, UUID.randomUUID().toString(), subjectAuth.getAuthChain(), subjectTokenData.root, actorTokenData.root);
AccessLog.log(AccessEvent.AzSuccess, holder.getApp(), request, actorAuth, new StringBuilder().append("client '").append(trust.getTrustName()).append("' delegated to by '").append(subjectTokenData.subjectUid).append("', jti : '").append(access.getIdTokenId()).append("'").toString());
String idtoken = access.getId_token();
access.setRefresh_token(oidcSession.getRefreshToken());
Gson gson = new Gson();
String json = gson.toJson(access);
response.setContentType("application/json");
response.getOutputStream().write(json.getBytes("UTF-8"));
response.getOutputStream().flush();
if (logger.isDebugEnabled()) {
logger.debug("Token JSON : '" + json + "'");
}
}
} else if (grantType.equalsIgnoreCase("client_credentials")) {
clientCredentialsGrant(request, response, clientID, clientSecret, ac, holder);
} else {
completeUserLogin(request, response, code, clientID, clientSecret, holder, ac.getAuthInfo());
}
}
} catch (Throwable t) {
if (request.getHeader("Accept") != null && request.getHeader("Accept").startsWith("application/json")) {
response.sendError(500);
response.setContentType("application/json");
response.getWriter().print("{\"error\":\"invalid_request\"}");
logger.error("Sending JSON Error", t);
} else {
if (t instanceof ServletException) {
throw (ServletException) t;
} else if (t instanceof IOException) {
throw (IOException) t;
} else {
throw new ServletException("Error processing post", t);
}
}
}
}
Also used :
AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo)
HashMap(java.util.HashMap)
HttpSession(javax.servlet.http.HttpSession)
Gson(com.google.gson.Gson)
IOException(java.io.IOException)
AuthController(com.tremolosecurity.proxy.auth.AuthController)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeyException(java.security.InvalidKeyException)
LDAPException(com.novell.ldap.LDAPException)
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
IOException(java.io.IOException)
ServletException(javax.servlet.ServletException)
URISyntaxException(java.net.URISyntaxException)
InvalidJwtException(org.jose4j.jwt.consumer.InvalidJwtException)
IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException)
JoseException(org.jose4j.lang.JoseException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
ParseException(org.json.simple.parser.ParseException)
NoSuchPaddingException(javax.crypto.NoSuchPaddingException)
MalformedURLException(java.net.MalformedURLException)
BadPaddingException(javax.crypto.BadPaddingException)
X509Certificate(java.security.cert.X509Certificate)
UrlHolder(com.tremolosecurity.config.util.UrlHolder)
ServletException(javax.servlet.ServletException)
AzSys(com.tremolosecurity.proxy.auth.AzSys)
StsRequest(com.tremolosecurity.idp.providers.oidc.db.StsRequest)
AuthChainType(com.tremolosecurity.config.xml.AuthChainType)
OidcSessionState(com.tremolosecurity.idp.providers.oidc.model.OidcSessionState)
Example 3 with AzSys
use of com.tremolosecurity.proxy.auth.AzSys in project OpenUnison by TremoloSecurity.
the class ScaleMain method runReport.
private void runReport(final HttpFilterRequest request, final HttpFilterResponse response, final Gson gson) throws UnsupportedEncodingException, IOException, MalformedURLException, ProvisioningException, SQLException {
String name = URLDecoder.decode(request.getRequestURI().substring(request.getRequestURI().lastIndexOf('/') + 1), "UTF-8");
ReportType reportToRun = null;
for (ReportType report : GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getReports().getReport()) {
if (report.getName().equalsIgnoreCase(name)) {
reportToRun = report;
break;
}
}
if (reportToRun == null) {
response.setStatus(404);
ScaleError error = new ScaleError();
error.getErrors().add("Report not found");
ScaleJSUtils.addCacheHeaders(response);
response.getWriter().print(gson.toJson(error).trim());
response.getWriter().flush();
} else {
HashSet<String> allowedOrgs = new HashSet<String>();
final AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
OrgType ot = GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getOrg();
AzSys az = new AzSys();
this.checkOrg(allowedOrgs, ot, az, userData, request.getSession());
if (allowedOrgs.contains(reportToRun.getOrgID())) {
Connection db = null;
final ReportType reportToRunUse = reportToRun;
try {
Session session = GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getHibernateSessionFactory().openSession();
session.doWork(new Work() {
public void execute(Connection connection) throws SQLException {
try {
generateReport(request, response, gson, reportToRunUse, userData, connection);
} catch (IOException e) {
throw new SQLException("Could not run reports", e);
}
}
});
} finally {
}
} else {
response.setStatus(401);
ScaleError error = new ScaleError();
error.getErrors().add("Unauthorized");
ScaleJSUtils.addCacheHeaders(response);
response.getWriter().print(gson.toJson(error).trim());
response.getWriter().flush();
}
}
}
Also used :
AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo)
SQLException(java.sql.SQLException)
Connection(java.sql.Connection)
ScaleError(com.tremolosecurity.scalejs.data.ScaleError)
XSSFRichTextString(org.apache.poi.xssf.usermodel.XSSFRichTextString)
RichTextString(org.apache.poi.ss.usermodel.RichTextString)
IOException(java.io.IOException)
AuthController(com.tremolosecurity.proxy.auth.AuthController)
OrgType(com.tremolosecurity.config.xml.OrgType)
AzSys(com.tremolosecurity.proxy.auth.AzSys)
Work(org.hibernate.jdbc.Work)
ReportType(com.tremolosecurity.config.xml.ReportType)
HashSet(java.util.HashSet)
Session(org.hibernate.Session)
HttpSession(javax.servlet.http.HttpSession)
Example 4 with AzSys
use of com.tremolosecurity.proxy.auth.AzSys in project OpenUnison by TremoloSecurity.
the class ScaleMain method loadWorkflows.
private void loadWorkflows(HttpFilterRequest request, HttpFilterResponse response, Gson gson) throws Exception {
String orgid = request.getRequestURI().substring(request.getRequestURI().lastIndexOf('/') + 1);
ConfigManager cfgMgr = GlobalEntries.getGlobalEntries().getConfigManager();
HashSet<String> allowedOrgs = new HashSet<String>();
AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
OrgType ot = GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getOrg();
AzSys az = new AzSys();
this.checkOrg(allowedOrgs, ot, az, userData, request.getSession());
if (!allowedOrgs.contains(orgid)) {
response.setStatus(401);
response.setContentType("application/json");
ScaleError error = new ScaleError();
error.getErrors().add("Unauthorized");
ScaleJSUtils.addCacheHeaders(response);
response.getWriter().print(gson.toJson(error).trim());
response.getWriter().flush();
} else {
List<WorkflowType> wfs = GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getWorkflows().getWorkflow();
ArrayList<WFDescription> workflows = new ArrayList<WFDescription>();
for (WorkflowType wf : wfs) {
if (wf.isInList() != null && wf.isInList().booleanValue()) {
if (wf.getOrgid() == null || wf.getOrgid().equalsIgnoreCase(orgid)) {
if (wf.getDynamicConfiguration() != null && wf.getDynamicConfiguration().isDynamic()) {
HashMap<String, Attribute> params = new HashMap<String, Attribute>();
if (wf.getDynamicConfiguration().getParam() != null) {
for (ParamType p : wf.getDynamicConfiguration().getParam()) {
Attribute attr = params.get(p.getName());
if (attr == null) {
attr = new Attribute(p.getName());
params.put(p.getName(), attr);
}
attr.getValues().add(p.getValue());
}
}
DynamicWorkflow dwf = (DynamicWorkflow) Class.forName(wf.getDynamicConfiguration().getClassName()).newInstance();
List<Map<String, String>> wfParams = dwf.generateWorkflows(wf, cfgMgr, params, userData);
StringBuffer b = new StringBuffer();
b.append('/').append(URLEncoder.encode(wf.getName(), "UTF-8"));
String uri = b.toString();
for (Map<String, String> wfParamSet : wfParams) {
DateTime now = new DateTime();
DateTime expires = now.plusHours(1);
LastMile lm = new LastMile(uri, now, expires, 0, "");
for (String key : wfParamSet.keySet()) {
String val = wfParamSet.get(key);
Attribute attr = new Attribute(key, val);
lm.getAttributes().add(attr);
}
WFDescription desc = new WFDescription();
desc.setUuid(UUID.randomUUID().toString());
desc.setName(wf.getName());
ST st = new ST(wf.getLabel(), '$', '$');
for (String key : wfParamSet.keySet()) {
st.add(key.replaceAll("[.]", "_"), wfParamSet.get(key));
}
desc.setLabel(st.render());
st = new ST(wf.getDescription(), '$', '$');
for (String key : wfParamSet.keySet()) {
st.add(key.replaceAll("[.]", "_"), wfParamSet.get(key));
}
desc.setDescription(st.render());
desc.setEncryptedParams(lm.generateLastMileToken(cfgMgr.getSecretKey(cfgMgr.getCfg().getProvisioning().getApprovalDB().getEncryptionKey())));
workflows.add(desc);
}
} else {
WFDescription desc = new WFDescription();
desc.setUuid(UUID.randomUUID().toString());
desc.setName(wf.getName());
desc.setLabel(wf.getLabel());
desc.setDescription(wf.getDescription());
workflows.add(desc);
}
}
}
}
ScaleJSUtils.addCacheHeaders(response);
response.setContentType("application/json");
response.getWriter().println(gson.toJson(workflows).trim());
response.getWriter().flush();
}
}
Also used :
Attribute(com.tremolosecurity.saml.Attribute)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
ScaleAttribute(com.tremolosecurity.scalejs.cfg.ScaleAttribute)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
XSSFRichTextString(org.apache.poi.xssf.usermodel.XSSFRichTextString)
RichTextString(org.apache.poi.ss.usermodel.RichTextString)
DateTime(org.joda.time.DateTime)
WFDescription(com.tremolosecurity.provisioning.service.util.WFDescription)
DynamicWorkflow(com.tremolosecurity.provisioning.util.DynamicWorkflow)
HashSet(java.util.HashSet)
ST(org.stringtemplate.v4.ST)
AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo)
ScaleError(com.tremolosecurity.scalejs.data.ScaleError)
AuthController(com.tremolosecurity.proxy.auth.AuthController)
ConfigManager(com.tremolosecurity.config.util.ConfigManager)
ParamType(com.tremolosecurity.config.xml.ParamType)
LastMile(com.tremolosecurity.lastmile.LastMile)
OrgType(com.tremolosecurity.config.xml.OrgType)
WorkflowType(com.tremolosecurity.config.xml.WorkflowType)
AzSys(com.tremolosecurity.proxy.auth.AzSys)
Map(java.util.Map)
HashMap(java.util.HashMap)
Example 5 with AzSys
use of com.tremolosecurity.proxy.auth.AzSys in project OpenUnison by TremoloSecurity.
the class ScaleMain method loadReports.
private void loadReports(HttpFilterRequest request, HttpFilterResponse response, Gson gson) throws MalformedURLException, ProvisioningException, IOException {
String orgid = request.getRequestURI().substring(request.getRequestURI().lastIndexOf('/') + 1);
ConfigManager cfgMgr = GlobalEntries.getGlobalEntries().getConfigManager();
HashSet<String> allowedOrgs = new HashSet<String>();
AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
OrgType ot = GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getOrg();
AzSys az = new AzSys();
this.checkOrg(allowedOrgs, ot, az, userData, request.getSession());
if (!allowedOrgs.contains(orgid)) {
response.setStatus(401);
response.setContentType("application/json");
ScaleError error = new ScaleError();
error.getErrors().add("Unauthorized");
ScaleJSUtils.addCacheHeaders(response);
response.getWriter().print(gson.toJson(error).trim());
response.getWriter().flush();
} else {
ReportsType reports = GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getReports();
ReportsList reportsList = new ReportsList();
reportsList.setReports(new ArrayList<ReportInformation>());
if (reports != null && reports.getReport() != null) {
for (ReportType report : reports.getReport()) {
if (report.getOrgID().equals(orgid)) {
ReportInformation ri = new ReportInformation();
ri.setName(report.getName());
ri.setDescription(report.getDescription());
ri.setOrgID(report.getOrgID());
ri.setParameters(new ArrayList<String>());
ri.getParameters().addAll(report.getParamater());
ri.getParameters().remove("currentUser");
reportsList.getReports().add(ri);
}
}
}
response.setContentType("application/json");
ScaleJSUtils.addCacheHeaders(response);
response.getWriter().println(gson.toJson(reportsList).trim());
response.getWriter().flush();
}
}
Also used :
AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo)
ReportsList(com.tremolosecurity.provisioning.service.util.ReportsList)
ScaleError(com.tremolosecurity.scalejs.data.ScaleError)
XSSFRichTextString(org.apache.poi.xssf.usermodel.XSSFRichTextString)
RichTextString(org.apache.poi.ss.usermodel.RichTextString)
AuthController(com.tremolosecurity.proxy.auth.AuthController)
ConfigManager(com.tremolosecurity.config.util.ConfigManager)
ReportInformation(com.tremolosecurity.provisioning.service.util.ReportInformation)
OrgType(com.tremolosecurity.config.xml.OrgType)
AzSys(com.tremolosecurity.proxy.auth.AzSys)
ReportsType(com.tremolosecurity.config.xml.ReportsType)
ReportType(com.tremolosecurity.config.xml.ReportType)
HashSet(java.util.HashSet)
Aggregations
AuthInfo (com.tremolosecurity.proxy.auth.AuthInfo)12
AzSys (com.tremolosecurity.proxy.auth.AzSys)12
IOException (java.io.IOException)10
AuthController (com.tremolosecurity.proxy.auth.AuthController)8
OrgType (com.tremolosecurity.config.xml.OrgType)7
ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)7
MalformedURLException (java.net.MalformedURLException)7
Gson (com.google.gson.Gson)6
LDAPAttribute (com.novell.ldap.LDAPAttribute)6
LDAPException (com.novell.ldap.LDAPException)6
Attribute (com.tremolosecurity.saml.Attribute)6
UnsupportedEncodingException (java.io.UnsupportedEncodingException)6
HashSet (java.util.HashSet)6
ServletException (javax.servlet.ServletException)6
LDAPEntry (com.novell.ldap.LDAPEntry)5
LDAPAttributeSet (com.novell.ldap.LDAPAttributeSet)4
LDAPSearchResults (com.novell.ldap.LDAPSearchResults)4
ReportType (com.tremolosecurity.config.xml.ReportType)4
ScaleError (com.tremolosecurity.scalejs.data.ScaleError)4
ArrayList (java.util.ArrayList)4
