Search in sources :

Example 1 with PostAuthSuccess

use of com.tremolosecurity.proxy.auth.PostAuthSuccess in project OpenUnison by TremoloSecurity.

the class AuthManagerImpl method finishSuccessfulLogin.

/* (non-Javadoc)
	 * @see com.tremolosecurity.proxy.auth.sys.AuthManager#finishSuccessfulLogin(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, com.tremolosecurity.config.util.UrlHolder, com.tremolosecurity.config.xml.AuthChainType, com.tremolosecurity.proxy.auth.RequestHolder, com.tremolosecurity.proxy.auth.AuthController, com.tremolosecurity.proxy.util.NextSys)
	 */
@Override
public boolean finishSuccessfulLogin(HttpServletRequest req, HttpServletResponse resp, UrlHolder holder, AuthChainType act, RequestHolder reqHolder, AuthController actl, NextSys next) throws IOException, ServletException {
    ConfigManager cfg = (ConfigManager) req.getAttribute(ProxyConstants.TREMOLO_CFG_OBJ);
    AuthInfo ai = actl.getAuthInfo();
    ai.setAuthComplete(true);
    StringBuffer msg = new StringBuffer();
    msg.append(act.getLevel()).append(" / ").append(act.getName());
    AccessLog.log(AccessEvent.AuSuccess, holder.getApp(), req, ai, msg.toString());
    StringBuffer redirURL;
    if (reqHolder == null) {
        Cookie sessionCookieName = new Cookie("autoIdmSessionCookieName", "DNE");
        String domain = ProxyTools.getInstance().getCookieDomain(holder.getApp().getCookieConfig(), req);
        if (domain != null) {
            sessionCookieName.setDomain(domain);
        }
        sessionCookieName.setPath("/");
        sessionCookieName.setMaxAge(0);
        sessionCookieName.setSecure(false);
        // resp.addCookie(sessionCookieName);
        if ((holder.getApp() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig().isCookiesEnabled() == null) || holder.getApp().getCookieConfig().isCookiesEnabled()) {
            ProxyResponse.addCookieToResponse(holder, sessionCookieName, (HttpServletResponse) ((ProxyResponse) resp).getResponse());
        }
        Cookie appCookieName = new Cookie("autoIdmAppName", "DNE");
        if (domain != null) {
            appCookieName.setDomain(domain);
        }
        appCookieName.setPath("/");
        appCookieName.setMaxAge(0);
        appCookieName.setSecure(false);
        // resp.addCookie(appCookieName);
        if ((holder.getApp() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig().isCookiesEnabled() == null) || holder.getApp().getCookieConfig().isCookiesEnabled()) {
            ProxyResponse.addCookieToResponse(holder, appCookieName, (HttpServletResponse) ((ProxyResponse) resp).getResponse());
        }
        AuthMgrSys ams = new AuthMgrSys(null);
        try {
            ams.processAuthResp(req, resp, holder, new Boolean(true));
        } catch (InstantiationException | IllegalAccessException | ClassNotFoundException e) {
            throw new ServletException("Could not initialize custom response", e);
        }
        return true;
    } else {
        switch(reqHolder.getMethod()) {
            case GET:
                redirURL = getGetRedirectURL(reqHolder);
                Cookie sessionCookieName = new Cookie("autoIdmSessionCookieName", "DNE");
                String domain = ProxyTools.getInstance().getCookieDomain(holder.getApp().getCookieConfig(), req);
                if (domain != null) {
                    sessionCookieName.setDomain(domain);
                }
                sessionCookieName.setPath("/");
                sessionCookieName.setMaxAge(0);
                sessionCookieName.setSecure(false);
                // resp.addCookie(sessionCookieName);
                if ((holder.getApp() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig().isCookiesEnabled() == null) || holder.getApp().getCookieConfig().isCookiesEnabled()) {
                    ProxyResponse.addCookieToResponse(holder, sessionCookieName, (HttpServletResponse) ((ProxyResponse) resp).getResponse());
                }
                Cookie appCookieName = new Cookie("autoIdmAppName", "DNE");
                if (domain != null) {
                    appCookieName.setDomain(domain);
                }
                appCookieName.setPath("/");
                appCookieName.setMaxAge(0);
                appCookieName.setSecure(false);
                // resp.addCookie(appCookieName);
                if ((holder.getApp() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig() == null || holder.getApp().getCookieConfig().isCookiesEnabled() == null) || holder.getApp().getCookieConfig().isCookiesEnabled()) {
                    ProxyResponse.addCookieToResponse(holder, appCookieName, (HttpServletResponse) ((ProxyResponse) resp).getResponse());
                }
                break;
            case POST:
                redirURL = new StringBuffer(holder.getConfig().getAuthFormsPath()).append("postPreservation.jsp");
                break;
            default:
                redirURL = new StringBuffer(reqHolder.getURL());
        }
        req.setAttribute(AuthMgrSys.AU_RES, new Boolean(true));
        AuthMgrSys ams = new AuthMgrSys(null);
        try {
            ams.processAuthResp(req, resp, holder, new Boolean(true));
        } catch (InstantiationException | IllegalAccessException | ClassNotFoundException e) {
            throw new ServletException("Could not initialize custom response", e);
        }
        if (act.getCompliance() != null && act.getCompliance().isEnabled()) {
            Attribute uidAttribute = actl.getAuthInfo().getAttribs().get(act.getCompliance().getUidAttributeName());
            if (uidAttribute != null) {
                String uid = uidAttribute.getValues().get(0);
                User updateAttrs = new User(uid);
                updateAttrs.getAttribs().put(act.getCompliance().getLastSucceedAttribute(), new Attribute(act.getCompliance().getLastSucceedAttribute(), Long.toString(new DateTime(DateTimeZone.UTC).getMillis())));
                updateAttrs.getAttribs().put(act.getCompliance().getNumFailedAttribute(), new Attribute(act.getCompliance().getNumFailedAttribute(), "0"));
                updateAttrs.getAttribs().put(act.getCompliance().getUidAttributeName(), new Attribute(act.getCompliance().getUidAttributeName(), uid));
                if (GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getUserAttrbiutes() != null) {
                    for (String attrName : GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getUserAttrbiutes()) {
                        Attribute fromAuth = ai.getAttribs().get(attrName);
                        if (fromAuth != null) {
                            Attribute attrForWF = new Attribute(attrName);
                            attrForWF.getValues().addAll(fromAuth.getValues());
                            updateAttrs.getAttribs().put(attrName, attrForWF);
                        }
                    }
                }
                HashMap<String, Object> wfReq = new HashMap<String, Object>();
                wfReq.put(ProvisioningParams.UNISON_EXEC_TYPE, ProvisioningParams.UNISON_EXEC_SYNC);
                try {
                    holder.getConfig().getProvisioningEngine().getWorkFlow(act.getCompliance().getUpdateAttributesWorkflow()).executeWorkflow(updateAttrs, wfReq);
                } catch (ProvisioningException e) {
                    throw new ServletException("Could not update successful login attribute", e);
                }
            }
        }
        // if
        // (redirURL.toString().equalsIgnoreCase(req.getRequestURL().toString())
        // || ( actl.getAuthSteps().size() == 1 && !
        // req.getRequestURI().startsWith(cfg.getAuthPath()))) {
        PostAuthSuccess postAuth = (PostAuthSuccess) req.getAttribute(PostAuthSuccess.POST_AUTH_ACTION);
        if (postAuth != null) {
            postAuth.runAfterSuccessfulAuthentication(req, resp, holder, act, reqHolder, actl, next);
        } else if (!req.getRequestURI().startsWith(cfg.getAuthPath())) {
            next.nextSys(req, resp);
        } else {
            resp.sendRedirect(redirURL.toString());
        }
        return false;
    }
}
Also used : Cookie(javax.servlet.http.Cookie) ProxyResponse(com.tremolosecurity.proxy.ProxyResponse) AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo) User(com.tremolosecurity.provisioning.core.User) LDAPAttribute(com.novell.ldap.LDAPAttribute) Attribute(com.tremolosecurity.saml.Attribute) HashMap(java.util.HashMap) ConfigManager(com.tremolosecurity.config.util.ConfigManager) DateTime(org.joda.time.DateTime) ServletException(javax.servlet.ServletException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) PostAuthSuccess(com.tremolosecurity.proxy.auth.PostAuthSuccess) AuthMgrSys(com.tremolosecurity.proxy.auth.AuthMgrSys)

Aggregations

LDAPAttribute (com.novell.ldap.LDAPAttribute)1 ConfigManager (com.tremolosecurity.config.util.ConfigManager)1 ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)1 User (com.tremolosecurity.provisioning.core.User)1 ProxyResponse (com.tremolosecurity.proxy.ProxyResponse)1 AuthInfo (com.tremolosecurity.proxy.auth.AuthInfo)1 AuthMgrSys (com.tremolosecurity.proxy.auth.AuthMgrSys)1 PostAuthSuccess (com.tremolosecurity.proxy.auth.PostAuthSuccess)1 Attribute (com.tremolosecurity.saml.Attribute)1 HashMap (java.util.HashMap)1 ServletException (javax.servlet.ServletException)1 Cookie (javax.servlet.http.Cookie)1 DateTime (org.joda.time.DateTime)1