Examples with RequestHolder com.tremolosecurity.proxy.auth.RequestHolder used on opensource projects

Search in sources :

Example 16 with RequestHolder

use of com.tremolosecurity.proxy.auth.RequestHolder in project OpenUnison by TremoloSecurity.

the class CompleteLogin method doFilter.

@Override
public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception {
    RequestHolder reqHolder = (RequestHolder) request.getSession().getAttribute(LoginService.ORIG_REQ_HOLDER);
    ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).setHolder(reqHolder);
    StringBuffer redirURL;
    ConfigManager cfg = (ConfigManager) request.getAttribute(ProxyConstants.TREMOLO_CFG_OBJ);
    redirURL = cfg.getAuthManager().getGetRedirectURL(reqHolder);
    /*
		switch (reqHolder.getMethod()) {
		
			case GET :  redirURL = cfg.getAuthManager().getGetRedirectURL(reqHolder);
						break;
						
			case POST : redirURL = (new StringBuffer(cfg.getAuthFormsPath())).append("/postPreservation.jsp");
						break;
						
			default : redirURL = new StringBuffer(reqHolder.getURL());
		}*/
    response.sendRedirect(redirURL.toString());
    chain.setNoProxy(true);
}
Also used : RequestHolder(com.tremolosecurity.proxy.auth.RequestHolder) AuthController(com.tremolosecurity.proxy.auth.AuthController) ConfigManager(com.tremolosecurity.config.util.ConfigManager)

Example 17 with RequestHolder

use of com.tremolosecurity.proxy.auth.RequestHolder in project OpenUnison by TremoloSecurity.

the class OAuth2K8sServiceAccount method processToken.

@Override
public void processToken(HttpServletRequest request, HttpServletResponse response, AuthStep as, HttpSession session, HashMap<String, Attribute> authParams, AuthChainType act, String realmName, String scope, ConfigManager cfg, String lmToken) throws ServletException, IOException {
    String k8sTarget = authParams.get("k8sTarget").getValues().get(0);
    boolean linkToDirectory = Boolean.parseBoolean(authParams.get("linkToDirectory").getValues().get(0));
    String noMatchOU = authParams.get("noMatchOU").getValues().get(0);
    String uidAttr = authParams.get("uidAttr").getValues().get(0);
    String lookupFilter = authParams.get("lookupFilter").getValues().get(0);
    String defaultObjectClass = authParams.get("defaultObjectClass").getValues().get(0);
    UrlHolder holder = (UrlHolder) request.getAttribute(ProxyConstants.AUTOIDM_CFG);
    RequestHolder reqHolder = ((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).getHolder();
    JSONObject root = new JSONObject();
    root.put("kind", "TokenReview");
    root.put("apiVersion", "authentication.k8s.io/v1");
    root.put("spec", new JSONObject());
    ((JSONObject) root.get("spec")).put("token", lmToken);
    String json = root.toJSONString();
    OpenShiftTarget target = null;
    HttpCon con = null;
    try {
        target = (OpenShiftTarget) cfg.getProvisioningEngine().getTarget(k8sTarget).getProvider();
        con = target.createClient();
        String respJSON = target.callWSPost(target.getAuthToken(), con, "/apis/authentication.k8s.io/v1/tokenreviews", json);
        if (logger.isDebugEnabled()) {
            logger.debug("JSON - " + respJSON);
        }
        JSONParser parser = new JSONParser();
        JSONObject resp = (JSONObject) parser.parse(respJSON);
        JSONObject status = (JSONObject) resp.get("status");
        if (status.get("error") != null) {
            logger.error("Could not validate token : " + status.get("error"));
            as.setExecuted(true);
            as.setSuccess(false);
            cfg.getAuthManager().nextAuth(request, response, request.getSession(), false);
            super.sendFail(response, realmName, scope, null, null);
            return;
        } else {
            Boolean authenticated = (Boolean) status.get("authenticated");
            if (authenticated != null && authenticated) {
                JSONObject user = (JSONObject) status.get("user");
                if (!linkToDirectory) {
                    loadUnlinkedUser(session, noMatchOU, uidAttr, act, user, defaultObjectClass);
                    as.setSuccess(true);
                } else {
                    lookupUser(as, session, cfg.getMyVD(), noMatchOU, uidAttr, lookupFilter, act, user, defaultObjectClass);
                }
                String redirectToURL = request.getParameter("target");
                if (redirectToURL != null && !redirectToURL.isEmpty()) {
                    reqHolder.setURL(redirectToURL);
                }
                as.setExecuted(true);
                as.setSuccess(true);
                cfg.getAuthManager().nextAuth(request, response, request.getSession(), false);
            } else {
                as.setExecuted(true);
                as.setSuccess(false);
                cfg.getAuthManager().nextAuth(request, response, request.getSession(), false);
                super.sendFail(response, realmName, scope, null, null);
                return;
            }
        }
    } catch (Exception e) {
        throw new ServletException("Could not validate token", e);
    } finally {
        con.getHttp().close();
        con.getBcm().close();
    }
}
Also used : UrlHolder(com.tremolosecurity.config.util.UrlHolder) ServletException(javax.servlet.ServletException) HttpCon(com.tremolosecurity.provisioning.util.HttpCon) JSONObject(org.json.simple.JSONObject) OpenShiftTarget(com.tremolosecurity.unison.openshiftv3.OpenShiftTarget) JSONParser(org.json.simple.parser.JSONParser) RequestHolder(com.tremolosecurity.proxy.auth.RequestHolder) AuthController(com.tremolosecurity.proxy.auth.AuthController) LDAPException(com.novell.ldap.LDAPException) ServletException(javax.servlet.ServletException) ParseException(org.json.simple.parser.ParseException) IOException(java.io.IOException) JoseException(org.jose4j.lang.JoseException)

Example 18 with RequestHolder

use of com.tremolosecurity.proxy.auth.RequestHolder in project OpenUnison by TremoloSecurity.

the class TokenData method nextTokenAuth.

private boolean nextTokenAuth(HttpServletRequest req, HttpServletResponse resp, HttpSession session, boolean jsRedirect, AuthChainType act) throws ServletException, IOException {
    RequestHolder reqHolder;
    UrlHolder holder = (UrlHolder) req.getAttribute(ProxyConstants.AUTOIDM_CFG);
    String urlChain = holder.getUrl().getAuthChain();
    if (urlChain == null) {
        // we now know which chain name it is
        holder.getUrl().setAuthChain(act.getName());
    }
    StringBuffer b = genTokenURL(req);
    return holder.getConfig().getAuthManager().execAuth(req, resp, session, jsRedirect, holder, act, b.toString());
}
Also used : UrlHolder(com.tremolosecurity.config.util.UrlHolder) RequestHolder(com.tremolosecurity.proxy.auth.RequestHolder)

Example 19 with RequestHolder

use of com.tremolosecurity.proxy.auth.RequestHolder in project OpenUnison by TremoloSecurity.

the class TokenData method nextAuth.

private boolean nextAuth(HttpServletRequest req, HttpServletResponse resp, HttpSession session, boolean jsRedirect, AuthChainType act) throws ServletException, IOException {
    RequestHolder reqHolder;
    UrlHolder holder = (UrlHolder) req.getAttribute(ProxyConstants.AUTOIDM_CFG);
    String urlChain = holder.getUrl().getAuthChain();
    if (urlChain == null) {
        // we now know which chain name it is
        holder.getUrl().setAuthChain(act.getName());
    }
    StringBuffer b = genFinalURL(req);
    return holder.getConfig().getAuthManager().execAuth(req, resp, session, jsRedirect, holder, act, b.toString());
}
Also used : UrlHolder(com.tremolosecurity.config.util.UrlHolder) RequestHolder(com.tremolosecurity.proxy.auth.RequestHolder)

Example 20 with RequestHolder

use of com.tremolosecurity.proxy.auth.RequestHolder in project OpenUnison by TremoloSecurity.

the class U2fAuth method startAuthentication.

private void startAuthentication(HttpServletRequest request, HttpServletResponse response, AuthStep as) throws ServletException, MalformedURLException, IOException {
    AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
    // SharedSession.getSharedSession().getSession(req.getSession().getId());
    HttpSession session = ((HttpServletRequest) request).getSession();
    UrlHolder holder = (UrlHolder) request.getAttribute(ProxyConstants.AUTOIDM_CFG);
    RequestHolder reqHolder = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getHolder();
    String urlChain = holder.getUrl().getAuthChain();
    AuthChainType act = holder.getConfig().getAuthChains().get(reqHolder.getAuthChainName());
    AuthMechType amt = act.getAuthMech().get(as.getId());
    HashMap<String, Attribute> authParams = (HashMap<String, Attribute>) session.getAttribute(ProxyConstants.AUTH_MECH_PARAMS);
    String challengeStoreAttribute = authParams.get("attribute").getValues().get(0);
    String encyrptionKeyName = authParams.get("encryptionKeyName").getValues().get(0);
    String uidAttributeName = authParams.get("uidAttributeName").getValues().get(0);
    String formURI = authParams.get("formURI").getValues().get(0);
    List<SecurityKeyData> keys;
    try {
        keys = U2fUtil.loadUserKeys(userData, challengeStoreAttribute, encyrptionKeyName);
    } catch (Exception e1) {
        throw new ServletException("Could not loak keys", e1);
    }
    Set<String> origins = new HashSet<String>();
    String appID = U2fUtil.getApplicationId(request);
    origins.add(appID);
    U2FServer u2f = new U2FServerUnison(this.challengeGen, new UnisonDataStore(UUID.randomUUID().toString(), keys), new BouncyCastleCrypto(), origins);
    String uid = userData.getAttribs().get(uidAttributeName).getValues().get(0);
    if (keys == null || keys.size() == 0) {
        if (amt.getRequired().equals("required")) {
            as.setSuccess(false);
        }
        holder.getConfig().getAuthManager().nextAuth(request, response, session, false);
        return;
    }
    U2fSignRequest sigReq = null;
    try {
        sigReq = u2f.getSignRequest(uid, appID);
    } catch (U2FException e) {
        logger.error("Could not start authentication", e);
        if (amt.getRequired().equals("required")) {
            as.setSuccess(false);
        }
        holder.getConfig().getAuthManager().nextAuth(request, response, session, false);
        return;
    }
    Gson gson = new Gson();
    request.getSession().setAttribute(AUTH_SIGN_REQ, sigReq);
    request.getSession().setAttribute(AUTH_SIGN_REQ_JSON, gson.toJson(sigReq));
    request.getSession().setAttribute(SERVER, u2f);
    response.sendRedirect(formURI);
}
Also used : U2FServer(com.google.u2f.server.U2FServer) BouncyCastleCrypto(com.google.u2f.server.impl.BouncyCastleCrypto) Attribute(com.tremolosecurity.saml.Attribute) HashMap(java.util.HashMap) Gson(com.google.gson.Gson) RequestHolder(com.tremolosecurity.proxy.auth.RequestHolder) HttpServletRequest(javax.servlet.http.HttpServletRequest) UrlHolder(com.tremolosecurity.config.util.UrlHolder) ServletException(javax.servlet.ServletException) U2fSignRequest(com.google.u2f.server.messages.U2fSignRequest) SecurityKeyData(com.google.u2f.server.data.SecurityKeyData) U2FException(com.google.u2f.U2FException) AuthChainType(com.tremolosecurity.config.xml.AuthChainType) HashSet(java.util.HashSet) AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo) HttpSession(javax.servlet.http.HttpSession) AuthMechType(com.tremolosecurity.config.xml.AuthMechType) AuthController(com.tremolosecurity.proxy.auth.AuthController) ServletException(javax.servlet.ServletException) U2FException(com.google.u2f.U2FException) MalformedURLException(java.net.MalformedURLException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) IOException(java.io.IOException)

Aggregations

RequestHolder (com.tremolosecurity.proxy.auth.RequestHolder)20 UrlHolder (com.tremolosecurity.config.util.UrlHolder)18 AuthController (com.tremolosecurity.proxy.auth.AuthController)17 ServletException (javax.servlet.ServletException)14 AuthChainType (com.tremolosecurity.config.xml.AuthChainType)13 HashMap (java.util.HashMap)12 HttpServletRequest (javax.servlet.http.HttpServletRequest)12 HttpSession (javax.servlet.http.HttpSession)12 Attribute (com.tremolosecurity.saml.Attribute)11 AuthMechType (com.tremolosecurity.config.xml.AuthMechType)10 IOException (java.io.IOException)10 AuthInfo (com.tremolosecurity.proxy.auth.AuthInfo)7 LDAPAttribute (com.novell.ldap.LDAPAttribute)5 LDAPException (com.novell.ldap.LDAPException)5 ConfigManager (com.tremolosecurity.config.util.ConfigManager)5 Gson (com.google.gson.Gson)4 ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)4 MyVDConnection (com.tremolosecurity.proxy.myvd.MyVDConnection)4 JSONParser (org.json.simple.parser.JSONParser)4 ParseException (org.json.simple.parser.ParseException)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial