Examples with AzException com.tremolosecurity.proxy.az.AzException used on opensource projects

Search in sources :

Example 1 with AzException

use of com.tremolosecurity.proxy.az.AzException in project OpenUnison by TremoloSecurity.

the class AzSys method checkRule.

private boolean checkRule(AuthInfo authData, ConfigManager cfgMgr, ApplicationType at, boolean OK, HashMap<UUID, DateTime> azCache, AzRule rule, Map<String, Object> request) throws MalformedURLException {
    String localConstraint = rule.getConstraint();
    if (request != null) {
        ST st = new ST(localConstraint, '$', '$');
        for (String key : request.keySet()) {
            st.add(key.replaceAll("[.]", "_"), request.get(key));
        }
        localConstraint = st.render();
    }
    switch(rule.getScope()) {
        case DN:
            if (authData.getUserDN().endsWith(localConstraint)) {
                OK = true;
                if (azCache != null) {
                    azCache.put(rule.getGuid(), new DateTime().plus(at.getAzTimeoutMillis()));
                }
            }
            break;
        case Group:
            if (isUserInGroup(authData, cfgMgr, rule, localConstraint)) {
                OK = true;
                if (azCache != null) {
                    azCache.put(rule.getGuid(), new DateTime().plus(at.getAzTimeoutMillis()));
                }
            }
            break;
        case DynamicGroup:
            if (isUserInGroup(authData, cfgMgr, rule, localConstraint)) {
                OK = true;
                if (azCache != null) {
                    azCache.put(rule.getGuid(), new DateTime().plus(at.getAzTimeoutMillis()));
                }
            } else {
                ArrayList<String> attribs = new ArrayList<String>();
                attribs.add("memberURL");
                try {
                    LDAPSearchResults rs = cfgMgr.getMyVD().search(localConstraint, 0, "(objectClass=*)", attribs);
                    rs.hasMore();
                    LDAPEntry entry = rs.next();
                    String[] urls = entry.getAttribute("memberURL").getStringValueArray();
                    for (int i = 0; i < urls.length; i++) {
                        String url = urls[i];
                        LDAPUrl ldapUrl = new LDAPUrl(url);
                        if (ldapUrl.getScope() == 0) {
                            if (!authData.getUserDN().equalsIgnoreCase(ldapUrl.getDN())) {
                                continue;
                            }
                        } else if (ldapUrl.getScope() == 1) {
                            String oneLevelDN = authData.getUserDN().substring(authData.getUserDN().indexOf(',') + 1);
                            if (!ldapUrl.getDN().equalsIgnoreCase(oneLevelDN)) {
                                continue;
                            }
                        } else {
                            if (!authData.getUserDN().endsWith(ldapUrl.getDN())) {
                                continue;
                            }
                        }
                        net.sourceforge.myvd.types.Filter filter = new net.sourceforge.myvd.types.Filter(ldapUrl.getFilter());
                        if (this.checkEntry(filter.getRoot(), authData)) {
                            OK = true;
                            if (azCache != null) {
                                azCache.put(rule.getGuid(), new DateTime().plus(at.getAzTimeoutMillis()));
                            }
                        }
                    }
                } catch (LDAPException e) {
                    // TODO Auto-generated catch block
                    e.printStackTrace();
                }
            }
            break;
        case Filter:
            try {
                net.sourceforge.myvd.types.Filter filter = new net.sourceforge.myvd.types.Filter(localConstraint);
                if (this.checkEntry(filter.getRoot(), authData)) {
                    OK = true;
                    if (azCache != null) {
                        azCache.put(rule.getGuid(), new DateTime().plus(at.getAzTimeoutMillis()));
                    }
                }
            } catch (LDAPException e) {
                // TODO Auto-generated catch block
                e.printStackTrace();
            }
            break;
        case Custom:
            CustomAuthorization customAz = rule.getCustomAuthorization();
            if (customAz == null) {
                cfgMgr.getCustomAuthorizations().get(localConstraint);
            }
            if (customAz == null) {
                logger.warn("Rule '" + localConstraint + "' does not exist, failing");
                OK = false;
            } else {
                try {
                    if (customAz.isAuthorized(authData, rule.getCustomParameters())) {
                        OK = true;
                        if (azCache != null) {
                            azCache.put(rule.getGuid(), new DateTime().plus(at.getAzTimeoutMillis()));
                        }
                    }
                } catch (AzException e) {
                    logger.warn("Could not run authorization", e);
                }
            }
            break;
    }
    return OK;
}
Also used : ST(org.stringtemplate.v4.ST) AzException(com.tremolosecurity.proxy.az.AzException) ArrayList(java.util.ArrayList) DateTime(org.joda.time.DateTime) CustomAuthorization(com.tremolosecurity.proxy.az.CustomAuthorization) LDAPEntry(com.novell.ldap.LDAPEntry) LDAPSearchResults(com.novell.ldap.LDAPSearchResults) LDAPUrl(com.novell.ldap.LDAPUrl) LDAPException(com.novell.ldap.LDAPException)

Example 2 with AzException

use of com.tremolosecurity.proxy.az.AzException in project OpenUnison by TremoloSecurity.

the class ManagerAuthorization method listPossibleApprovers.

@Override
public List<String> listPossibleApprovers(String... params) throws AzException {
    List<String> managers = new ArrayList<String>();
    List<User> managerUser = null;
    try {
        managerUser = this.findManager(this.numLevels, this.allowLowerManagers);
    } catch (Exception e) {
        throw new AzException("Could not load managers", e);
    }
    for (User user : managerUser) {
        managers.add(user.getAttribs().get(DISTINGUISHED_NAME).getValues().get(0));
    }
    return managers;
}
Also used : User(com.tremolosecurity.provisioning.core.User) AzException(com.tremolosecurity.proxy.az.AzException) ArrayList(java.util.ArrayList) AzException(com.tremolosecurity.proxy.az.AzException)

Example 3 with AzException

use of com.tremolosecurity.proxy.az.AzException in project OpenUnison by TremoloSecurity.

the class ManagerAuthorization method isAuthorized.

@Override
public boolean isAuthorized(AuthInfo subject, String... params) throws AzException {
    DN subjectDN = new DN(subject.getUserDN());
    List<User> managers;
    try {
        managers = this.findManager(this.numLevels, this.allowLowerManagers);
    } catch (Exception e) {
        throw new AzException("Could not load managers", e);
    }
    for (User manager : managers) {
        DN managerDN = new DN(manager.getAttribs().get(DISTINGUISHED_NAME).getValues().get(0));
        if (managerDN.equals(subjectDN)) {
            return true;
        }
    }
    // nothing found
    return false;
}
Also used : User(com.tremolosecurity.provisioning.core.User) AzException(com.tremolosecurity.proxy.az.AzException) DN(com.novell.ldap.util.DN) AzException(com.tremolosecurity.proxy.az.AzException)

Example 4 with AzException

use of com.tremolosecurity.proxy.az.AzException in project OpenUnison by TremoloSecurity.

the class UnisonConfigManagerImpl method addCustomerAuthorization.

@Override
public void addCustomerAuthorization(CustomAzRuleType azrt) {
    synchronized (this.customAzRules) {
        try {
            this.createCustomAuthorizationRule(azrt);
        } catch (InstantiationException | IllegalAccessException | ClassNotFoundException | AzException e) {
            logger.warn("Could not initialize " + azrt.getName(), e);
            return;
        }
    }
    CustomAuthorization caz = this.customAzRules.get(azrt.getName());
    AzRule.replaceCustomAuthorization(azrt.getName(), caz);
}
Also used : AzException(com.tremolosecurity.proxy.az.AzException) CustomAuthorization(com.tremolosecurity.proxy.az.CustomAuthorization)

Example 5 with AzException

use of com.tremolosecurity.proxy.az.AzException in project OpenUnison by TremoloSecurity.

the class FreeIPAAz method isAuthorized.

@Override
public boolean isAuthorized(AuthInfo subject, String... params) throws AzException {
    try {
        FreeIPATarget ipa = (FreeIPATarget) GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getTarget(this.targetName).getProvider();
        String groupName = params[0];
        HashSet<String> attributes = new HashSet<String>();
        attributes.add(this.uidAttributeName);
        HashMap<String, Object> request = new HashMap<String, Object>();
        User fromTarget = ipa.findUser(subject.getAttribs().get(this.uidAttributeName).getValues().get(0), attributes, request);
        boolean found = false;
        for (String userGroupName : fromTarget.getGroups()) {
            if (userGroupName.equalsIgnoreCase(groupName)) {
                found = true;
            }
        }
        return found;
    } catch (ProvisioningException e) {
        throw new AzException("Unable to process", e);
    }
}
Also used : User(com.tremolosecurity.provisioning.core.User) HashMap(java.util.HashMap) AzException(com.tremolosecurity.proxy.az.AzException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) HashSet(java.util.HashSet)

Aggregations

AzException (com.tremolosecurity.proxy.az.AzException)7 ArrayList (java.util.ArrayList)4 User (com.tremolosecurity.provisioning.core.User)3 LDAPException (com.novell.ldap.LDAPException)2 LDAPSearchResults (com.novell.ldap.LDAPSearchResults)2 ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)2 CustomAuthorization (com.tremolosecurity.proxy.az.CustomAuthorization)2 HashMap (java.util.HashMap)2 FilterBuilder (org.apache.directory.ldap.client.api.search.FilterBuilder)2 LDAPEntry (com.novell.ldap.LDAPEntry)1 LDAPUrl (com.novell.ldap.LDAPUrl)1 DN (com.novell.ldap.util.DN)1 ConfigManager (com.tremolosecurity.config.util.ConfigManager)1 IPACall (com.tremolosecurity.unison.freeipa.json.IPACall)1 IPAResponse (com.tremolosecurity.unison.freeipa.json.IPAResponse)1 HashSet (java.util.HashSet)1 List (java.util.List)1 Map (java.util.Map)1 DateTime (org.joda.time.DateTime)1 ST (org.stringtemplate.v4.ST)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial