Example 6 with AuthStep
use of com.tremolosecurity.proxy.auth.util.AuthStep in project OpenUnison by TremoloSecurity.
the class ConfigSys method doConfig.
/* (non-Javadoc)
* @see com.tremolosecurity.proxy.ConfigSys#doConfig(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, com.tremolosecurity.proxy.util.NextSys)
*/
public void doConfig(HttpServletRequest req, HttpServletResponse resp, NextSys nextSys) throws IOException, ServletException {
UrlHolder holder = null;
AuthInfo userAuth = null;
try {
SessionManager sessionManager = (SessionManager) this.ctx.getAttribute(ProxyConstants.TREMOLO_SESSION_MANAGER);
boolean setSessionCookie = false;
boolean checkLogout = false;
RequestHolder reqHolder = (RequestHolder) req.getAttribute(ProxyConstants.TREMOLO_REQ_HOLDER);
holder = (UrlHolder) req.getAttribute(ProxyConstants.AUTOIDM_CFG);
boolean isForcedAuth = req.getAttribute(ProxyConstants.TREMOLO_IS_FORCED_AUTH) != null ? (Boolean) req.getAttribute(ProxyConstants.TREMOLO_IS_FORCED_AUTH) : false;
checkLogout = true;
StringBuffer resetsb = new StringBuffer(cfg.getAuthPath()).append("resetChain");
HttpSession sharedSession = req.getSession();
if (sharedSession != null) {
AuthController actl = (AuthController) sharedSession.getAttribute(ProxyConstants.AUTH_CTL);
if (actl != null && actl.getHolder() != null) {
RequestHolder presentHolder = actl.getHolder();
AuthInfo authdata = actl.getAuthInfo();
userAuth = authdata;
if (!req.getRequestURI().startsWith(cfg.getAuthPath()) && /*&& ! presentHolder.getUrlNoQueryString().equalsIgnoreCase(req.getRequestURL().toString())*/
(authdata == null || !authdata.isAuthComplete())) {
// we're going to ignore requests for favicon.ico
if (!req.getRequestURI().endsWith("/favicon.ico") && !req.getRequestURI().endsWith("/apple-touch-icon-precomposed.png") && !req.getRequestURI().endsWith("/apple-touch-icon.png")) {
sharedSession.removeAttribute(ProxyConstants.AUTH_CTL);
this.cfg.createAnonUser(sharedSession);
}
} else if (req.getRequestURI().equalsIgnoreCase(resetsb.toString())) {
sharedSession.removeAttribute("TREMOLO_AUTH_URI");
for (AuthStep step : actl.getAuthSteps()) {
step.setExecuted(false);
step.setSuccess(false);
}
actl.setCurrentStep(actl.getAuthSteps().get(0));
String chainName = holder.getUrl().getAuthChain();
AuthChainType chain = cfg.getAuthChains().get(chainName);
String mech = chain.getAuthMech().get(0).getName();
String uri = cfg.getAuthMechs().get(mech).getUri();
holder.getConfig().getAuthManager().loadAmtParams(sharedSession, chain.getAuthMech().get(0));
String redirectURI = "";
if (holder.getConfig().getContextPath().equalsIgnoreCase("/")) {
redirectURI = uri;
} else {
redirectURI = new StringBuffer().append(holder.getConfig().getContextPath()).append(uri).toString();
}
sharedSession.setAttribute("TREMOLO_AUTH_URI", redirectURI);
resp.sendRedirect(redirectURI);
return;
}
}
if (isForcedAuth) {
actl.setHolder(reqHolder);
String authChain = holder.getUrl().getAuthChain();
AuthChainType act = cfg.getAuthChains().get(authChain);
holder.getConfig().getAuthManager().loadAmtParams(sharedSession, act.getAuthMech().get(0));
}
}
if (holder == null) {
if (req.getRequestURI().startsWith(cfg.getAuthPath())) {
req.setAttribute(ProxyConstants.AUTOIDM_MYVD, cfg.getMyVD());
ProxyResponse presp = new ProxyResponse((HttpServletResponse) resp, (HttpServletRequest) req);
// we still need a holder
/*AuthController actl = (AuthController) sharedSession.getAttribute(AuthSys.AUTH_CTL);
if (actl != null) {
holder = cfg.findURL(actl.getHolder().getUrlNoQueryString());
req.setAttribute(ConfigSys.AUTOIDM_CFG, holder);
} else {*/
AuthMechanism authMech = cfg.getAuthMech(((HttpServletRequest) req).getRequestURI());
if (authMech != null) {
String finalURL = authMech.getFinalURL(req, resp);
if (finalURL != null) {
holder = cfg.findURL(finalURL);
} else {
// throw new ServletException("Can not generate holder");
}
} else {
// throw new ServletException("Can not generate holder");
}
// no holder should be needed beyond this point
// }
/*
String urlChain = holder.getUrl().getAuthChain();
AuthChainType act = holder.getConfig().getAuthChains().get(urlChain);
HashMap<String,Attribute> params = new HashMap<String,Attribute>();
ProxyUtil.loadParams(req, params);
reqHolder = new RequestHolder(HTTPMethod.GET,params,finalURL,true,act.getName());
isForcedAuth = true;
req.setAttribute(ConfigSys.AUTOIDM_CFG, holder);
String chainName = holder.getUrl().getAuthChain();
AuthChainType chain = cfg.getAuthChains().get(chainName);
String mech = chain.getAuthMech().get(0).getName();
String uri = cfg.getAuthMechs().get(mech).getUri();
AuthSys.loadAmtParams(sharedSession, chain.getAuthMech().get(0));
}
}
if (holder == null) {
resp.setStatus(HttpServletResponse.SC_NOT_FOUND);
AccessLog.log(AccessEvent.NotFound, null, req, null, "Resource Not Found");
return;
}*/
nextSys.nextSys(req, presp);
presp.pushHeadersAndCookies(null);
} else {
String redirectLocation = cfg.getErrorPages().get(HttpServletResponse.SC_NOT_FOUND);
if (redirectLocation != null) {
resp.sendRedirect(redirectLocation);
} else {
resp.setStatus(HttpServletResponse.SC_NOT_FOUND);
}
AccessLog.log(AccessEvent.NotFound, null, req, null, "Resource Not Found");
}
} else {
req.setAttribute(ProxyConstants.AUTOIDM_CFG, holder);
req.setAttribute(ProxyConstants.AUTOIDM_MYVD, cfg.getMyVD());
ProxyResponse presp = new ProxyResponse((HttpServletResponse) resp, (HttpServletRequest) req);
ProxyData pd = null;
try {
nextSys.nextSys(req, presp);
pd = (ProxyData) req.getAttribute(ProxyConstants.TREMOLO_PRXY_DATA);
if (holder.getApp().getCookieConfig() != null) {
String logouturi = holder.getApp().getCookieConfig().getLogoutURI();
AuthController actl = (AuthController) sharedSession.getAttribute(ProxyConstants.AUTH_CTL);
if (actl != null) {
AuthInfo authdata = actl.getAuthInfo();
userAuth = authdata;
if ((req.getRequestURI().equalsIgnoreCase(logouturi) || (pd != null && pd.isLogout())) && (authdata != null)) {
// Execute logout handlers
ArrayList<LogoutHandler> logoutHandlers = (ArrayList<LogoutHandler>) sharedSession.getAttribute(LogoutUtil.LOGOUT_HANDLERS);
if (logoutHandlers != null) {
for (LogoutHandler h : logoutHandlers) {
h.handleLogout(req, presp);
}
}
sessionManager.clearSession(holder, sharedSession, (HttpServletRequest) req, (HttpServletResponse) resp);
}
}
}
presp.pushHeadersAndCookies(holder);
if (pd != null && pd.getIns() != null) {
if (pd.getResponse() == null) {
this.procData(pd.getRequest(), resp, holder, pd.isText(), pd.getIns(), sessionManager);
} else {
this.procData(pd.getRequest(), pd.getResponse(), holder, pd.isText(), pd.getIns(), pd.getPostProc(), sessionManager);
}
}
} finally {
if (pd != null && pd.getHttpRequestBase() != null) {
pd.getHttpRequestBase().releaseConnection();
if (!resp.isCommitted()) {
resp.getOutputStream().flush();
resp.getOutputStream().close();
}
}
}
}
} catch (Exception e) {
ApplicationType appType = null;
if (holder != null) {
appType = holder.getApp();
} else {
appType = new ApplicationType();
appType.setName("UNKNOWN");
}
AccessLog.log(AccessEvent.Error, appType, (HttpServletRequest) req, userAuth, "NONE");
req.setAttribute("TREMOLO_ERROR_REQUEST_URL", req.getRequestURL().toString());
req.setAttribute("TREMOLO_ERROR_EXCEPTION", e);
logger.error("Could not process request", e);
String redirectLocation = cfg.getErrorPages().get(500);
if (redirectLocation != null) {
resp.sendRedirect(redirectLocation);
} else {
StringBuffer b = new StringBuffer();
b.append(cfg.getAuthFormsPath()).append("error.jsp");
resp.setStatus(500);
req.getRequestDispatcher(b.toString()).forward(req, resp);
}
}
}
Also used :
AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo)
HttpSession(javax.servlet.http.HttpSession)
ArrayList(java.util.ArrayList)
RequestHolder(com.tremolosecurity.proxy.auth.RequestHolder)
AuthStep(com.tremolosecurity.proxy.auth.util.AuthStep)
AuthController(com.tremolosecurity.proxy.auth.AuthController)
ServletException(javax.servlet.ServletException)
SocketException(java.net.SocketException)
IOException(java.io.IOException)
ConnectionClosedException(org.apache.http.ConnectionClosedException)
UrlHolder(com.tremolosecurity.config.util.UrlHolder)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ApplicationType(com.tremolosecurity.config.xml.ApplicationType)
AuthMechanism(com.tremolosecurity.proxy.auth.AuthMechanism)
LogoutHandler(com.tremolosecurity.proxy.logout.LogoutHandler)
AuthChainType(com.tremolosecurity.config.xml.AuthChainType)
Example 7 with AuthStep
use of com.tremolosecurity.proxy.auth.util.AuthStep in project OpenUnison by TremoloSecurity.
the class AuthMechMgr method doFilter.
@Override
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) resp;
AuthController ac = (AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL);
AuthStep curStep = ac.getCurrentStep();
if (curStep != null) {
curStep.setExecuted(true);
curStep.setSuccess(false);
}
NextSys next = new FilterNextSys(chain);
sys.doAuthMgr(request, response, next, curStep);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
FilterNextSys(com.tremolosecurity.proxy.util.FilterNextSys)
NextSys(com.tremolosecurity.proxy.util.NextSys)
FilterNextSys(com.tremolosecurity.proxy.util.FilterNextSys)
AuthStep(com.tremolosecurity.proxy.auth.util.AuthStep)
Example 8 with AuthStep
use of com.tremolosecurity.proxy.auth.util.AuthStep in project OpenUnison by TremoloSecurity.
the class NextEmbSys method nextSys.
@Override
public void nextSys(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
ConfigManager cfg = this.cfgSys.getConfigManager();
switch(this.state) {
case Config:
this.state = SysState.Auth;
cfgSys.doConfig(request, response, this);
break;
case Auth:
if (request.getRequestURI().startsWith(cfg.getAuthFormsPath())) /*|| request.getRequestURI().startsWith(cfg.getAuthIdPPath() ) /*|| request.getRequestURI().startsWith("/auth/idp/")*/
{
// processesing the authentications, skip auth and az processing
this.state = SysState.Skip;
// System.out.println(request.getSession());
chain.doFilter(request, response);
} else {
this.state = SysState.Az;
auSys.doAuth(request, response, this);
}
break;
case Az:
this.state = SysState.AuthMgr;
azSys.doAz(request, response, this);
break;
case AuthMgr:
this.state = SysState.Fwd;
AuthController actl = (AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL);
if (actl != null) {
AuthStep curStep = actl.getCurrentStep();
if (curStep != null) {
curStep.setExecuted(true);
curStep.setSuccess(false);
}
authMgrSys.doAuthMgr(request, response, this, curStep);
} else {
authMgrSys.doAuthMgr(request, response, this, null);
}
break;
case Fwd:
if (this.passOn) {
if (request.getRequestURI().startsWith(cfg.getAuthPath()) || proxy == null) {
chain.doFilter(request, response);
} else {
if (((ProxyRequest) request).isPush()) {
proxy.doPush(request, response);
} else {
proxy.doURI(request, response);
}
/*
if (request.getMethod().equalsIgnoreCase("get")) {
proxy.doGet(request, response);
} else if (request.getMethod().equalsIgnoreCase("post")) {
proxy.doPost(request, response);
} else if (request.getMethod().equalsIgnoreCase("options")) {
proxy.doOptions(request, response);
} else if (request.getMethod().equalsIgnoreCase("delete")) {
proxy.doDelete(request, response);
} else if (request.getMethod().equalsIgnoreCase("put")) {
proxy.doPut(request, response);
} else {
throw new ServletException("Method not supported");
}*/
}
} else {
((ProxyRequest) request).copyQSParamsToFormParams();
fwd.doEmbResults(request, response, chain, this);
}
break;
default:
}
}
Also used :
AuthStep(com.tremolosecurity.proxy.auth.util.AuthStep)
ProxyRequest(com.tremolosecurity.proxy.ProxyRequest)
AuthController(com.tremolosecurity.proxy.auth.AuthController)
ConfigManager(com.tremolosecurity.config.util.ConfigManager)
Aggregations
AuthStep (com.tremolosecurity.proxy.auth.util.AuthStep)8
Attribute (com.tremolosecurity.saml.Attribute)5
HashMap (java.util.HashMap)5
IOException (java.io.IOException)4
ServletException (javax.servlet.ServletException)4
HttpServletRequest (javax.servlet.http.HttpServletRequest)4
LDAPAttribute (com.novell.ldap.LDAPAttribute)3
LDAPException (com.novell.ldap.LDAPException)3
UrlHolder (com.tremolosecurity.config.util.UrlHolder)3
AuthChainType (com.tremolosecurity.config.xml.AuthChainType)3
AuthMechType (com.tremolosecurity.config.xml.AuthMechType)3
AuthController (com.tremolosecurity.proxy.auth.AuthController)3
ArrayList (java.util.ArrayList)3
HttpSession (javax.servlet.http.HttpSession)3
ConfigManager (com.tremolosecurity.config.util.ConfigManager)2
ProxyRequest (com.tremolosecurity.proxy.ProxyRequest)2
AuthMechanism (com.tremolosecurity.proxy.auth.AuthMechanism)2
RequestHolder (com.tremolosecurity.proxy.auth.RequestHolder)2
ByteArrayInputStream (java.io.ByteArrayInputStream)2
UnsupportedEncodingException (java.io.UnsupportedEncodingException)2
