Example 1 with CustomAuthorization
use of com.tremolosecurity.proxy.az.CustomAuthorization in project OpenUnison by TremoloSecurity.
the class AzSys method checkRule.
private boolean checkRule(AuthInfo authData, ConfigManager cfgMgr, ApplicationType at, boolean OK, HashMap<UUID, DateTime> azCache, AzRule rule, Map<String, Object> request) throws MalformedURLException {
String localConstraint = rule.getConstraint();
if (request != null) {
ST st = new ST(localConstraint, '$', '$');
for (String key : request.keySet()) {
st.add(key.replaceAll("[.]", "_"), request.get(key));
}
localConstraint = st.render();
}
switch(rule.getScope()) {
case DN:
if (authData.getUserDN().endsWith(localConstraint)) {
OK = true;
if (azCache != null) {
azCache.put(rule.getGuid(), new DateTime().plus(at.getAzTimeoutMillis()));
}
}
break;
case Group:
if (isUserInGroup(authData, cfgMgr, rule, localConstraint)) {
OK = true;
if (azCache != null) {
azCache.put(rule.getGuid(), new DateTime().plus(at.getAzTimeoutMillis()));
}
}
break;
case DynamicGroup:
if (isUserInGroup(authData, cfgMgr, rule, localConstraint)) {
OK = true;
if (azCache != null) {
azCache.put(rule.getGuid(), new DateTime().plus(at.getAzTimeoutMillis()));
}
} else {
ArrayList<String> attribs = new ArrayList<String>();
attribs.add("memberURL");
try {
LDAPSearchResults rs = cfgMgr.getMyVD().search(localConstraint, 0, "(objectClass=*)", attribs);
rs.hasMore();
LDAPEntry entry = rs.next();
String[] urls = entry.getAttribute("memberURL").getStringValueArray();
for (int i = 0; i < urls.length; i++) {
String url = urls[i];
LDAPUrl ldapUrl = new LDAPUrl(url);
if (ldapUrl.getScope() == 0) {
if (!authData.getUserDN().equalsIgnoreCase(ldapUrl.getDN())) {
continue;
}
} else if (ldapUrl.getScope() == 1) {
String oneLevelDN = authData.getUserDN().substring(authData.getUserDN().indexOf(',') + 1);
if (!ldapUrl.getDN().equalsIgnoreCase(oneLevelDN)) {
continue;
}
} else {
if (!authData.getUserDN().endsWith(ldapUrl.getDN())) {
continue;
}
}
net.sourceforge.myvd.types.Filter filter = new net.sourceforge.myvd.types.Filter(ldapUrl.getFilter());
if (this.checkEntry(filter.getRoot(), authData)) {
OK = true;
if (azCache != null) {
azCache.put(rule.getGuid(), new DateTime().plus(at.getAzTimeoutMillis()));
}
}
}
} catch (LDAPException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
break;
case Filter:
try {
net.sourceforge.myvd.types.Filter filter = new net.sourceforge.myvd.types.Filter(localConstraint);
if (this.checkEntry(filter.getRoot(), authData)) {
OK = true;
if (azCache != null) {
azCache.put(rule.getGuid(), new DateTime().plus(at.getAzTimeoutMillis()));
}
}
} catch (LDAPException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
break;
case Custom:
CustomAuthorization customAz = rule.getCustomAuthorization();
if (customAz == null) {
cfgMgr.getCustomAuthorizations().get(localConstraint);
}
if (customAz == null) {
logger.warn("Rule '" + localConstraint + "' does not exist, failing");
OK = false;
} else {
try {
if (customAz.isAuthorized(authData, rule.getCustomParameters())) {
OK = true;
if (azCache != null) {
azCache.put(rule.getGuid(), new DateTime().plus(at.getAzTimeoutMillis()));
}
}
} catch (AzException e) {
logger.warn("Could not run authorization", e);
}
}
break;
}
return OK;
}
Also used :
ST(org.stringtemplate.v4.ST)
AzException(com.tremolosecurity.proxy.az.AzException)
ArrayList(java.util.ArrayList)
DateTime(org.joda.time.DateTime)
CustomAuthorization(com.tremolosecurity.proxy.az.CustomAuthorization)
LDAPEntry(com.novell.ldap.LDAPEntry)
LDAPSearchResults(com.novell.ldap.LDAPSearchResults)
LDAPUrl(com.novell.ldap.LDAPUrl)
LDAPException(com.novell.ldap.LDAPException)
Example 2 with CustomAuthorization
use of com.tremolosecurity.proxy.az.CustomAuthorization in project OpenUnison by TremoloSecurity.
the class UnisonConfigManagerImpl method createCustomAuthorizationRule.
private void createCustomAuthorizationRule(CustomAzRuleType azrule) throws InstantiationException, IllegalAccessException, ClassNotFoundException, AzException {
HashMap<String, Attribute> azCfg = new HashMap<String, Attribute>();
for (ParamType pt : azrule.getParams()) {
Attribute attr = azCfg.get(pt.getName());
if (attr == null) {
attr = new Attribute(pt.getName());
azCfg.put(pt.getName(), attr);
}
attr.getValues().add(pt.getValue());
}
CustomAuthorization cuz = (CustomAuthorization) Class.forName(azrule.getClassName()).newInstance();
cuz.init(azCfg);
this.customAzRules.put(azrule.getName(), cuz);
}
Also used :
Attribute(com.tremolosecurity.saml.Attribute)
HashMap(java.util.HashMap)
AuthMechParamType(com.tremolosecurity.config.xml.AuthMechParamType)
ParamType(com.tremolosecurity.config.xml.ParamType)
CustomAuthorization(com.tremolosecurity.proxy.az.CustomAuthorization)
Example 3 with CustomAuthorization
use of com.tremolosecurity.proxy.az.CustomAuthorization in project OpenUnison by TremoloSecurity.
the class UnisonConfigManagerImpl method addCustomerAuthorization.
@Override
public void addCustomerAuthorization(CustomAzRuleType azrt) {
synchronized (this.customAzRules) {
try {
this.createCustomAuthorizationRule(azrt);
} catch (InstantiationException | IllegalAccessException | ClassNotFoundException | AzException e) {
logger.warn("Could not initialize " + azrt.getName(), e);
return;
}
}
CustomAuthorization caz = this.customAzRules.get(azrt.getName());
AzRule.replaceCustomAuthorization(azrt.getName(), caz);
}
Also used :
AzException(com.tremolosecurity.proxy.az.AzException)
CustomAuthorization(com.tremolosecurity.proxy.az.CustomAuthorization)
Example 4 with CustomAuthorization
use of com.tremolosecurity.proxy.az.CustomAuthorization in project OpenUnison by TremoloSecurity.
the class UnisonConfigManagerImpl method initialize.
/* (non-Javadoc)
* @see com.tremolosecurity.config.util.ConfigManager#initialize()
*/
/* (non-Javadoc)
* @see com.tremolosecurity.config.util.UnisonConfigManager#initialize()
*/
@Override
public void initialize(String name) throws JAXBException, Exception, IOException, FileNotFoundException, InstantiationException, IllegalAccessException, ClassNotFoundException, LDAPException, KeyStoreException, NoSuchAlgorithmException, CertificateException, ProvisioningException {
JAXBContext jc = JAXBContext.newInstance("com.tremolosecurity.config.xml");
Unmarshaller unmarshaller = jc.createUnmarshaller();
String path = configXML;
this.threads = new ArrayList<StopableThread>();
// path = path.substring(path.lastIndexOf('/') - 1);
// path = path.substring(path.lastIndexOf('/') - 1);
path = path.substring(0, path.lastIndexOf('/'));
JAXBElement<TremoloType> autoidmcfg = this.loadUnisonConfiguration(unmarshaller);
this.cfg = autoidmcfg.getValue();
this.byHost = new HashMap<String, ArrayList<UrlHolder>>();
this.cache = new HashMap<String, UrlHolder>();
this.upgradeManager = (HttpUpgradeRequestManager) Class.forName(this.cfg.getUpgradeHandler()).newInstance();
String myVdPath = cfg.getMyvdConfig();
this.loadKeystore(path, myVdPath);
this.initSSL();
this.loadMyVD(path, myVdPath);
if (cfg.getApplications().getErrorPage() != null) {
for (ErrorPage ep : cfg.getApplications().getErrorPage()) {
this.errorPages.put(ep.getCode(), ep.getLocation());
}
}
this.customAzRules = new HashMap<String, CustomAuthorization>();
if (this.cfg.getCustomAzRules() != null) {
for (CustomAzRuleType azrule : this.cfg.getCustomAzRules().getAzRule()) {
createCustomAuthorizationRule(azrule);
}
}
loadApplicationObjects();
this.authChains = new HashMap<String, AuthChainType>();
if (cfg.getAuthChains() != null) {
Iterator<AuthChainType> itac = cfg.getAuthChains().getChain().iterator();
while (itac.hasNext()) {
AuthChainType ac = itac.next();
this.authChains.put(ac.getName(), ac);
}
}
this.authMechs = new HashMap<String, MechanismType>();
if (cfg.getAuthMechs() != null) {
Iterator<MechanismType> itmt = cfg.getAuthMechs().getMechanism().iterator();
while (itmt.hasNext()) {
MechanismType mt = itmt.next();
authMechs.put(mt.getName(), mt);
}
}
this.resGroups = new HashMap<String, ResultGroupType>();
if (cfg.getResultGroups() != null) {
Iterator<ResultGroupType> itrgt = cfg.getResultGroups().getResultGroup().iterator();
while (itrgt.hasNext()) {
ResultGroupType rgt = itrgt.next();
this.resGroups.put(rgt.getName(), rgt);
}
}
this.apps = new HashMap<String, ApplicationType>();
Iterator<ApplicationType> itApp = cfg.getApplications().getApplication().iterator();
while (itApp.hasNext()) {
ApplicationType app = itApp.next();
this.apps.put(app.getName(), app);
}
this.provEnvgine = new ProvisioningEngineImpl(this);
this.provEnvgine.initWorkFlows();
this.provEnvgine.initMessageConsumers();
this.provEnvgine.initScheduler();
this.provEnvgine.initListeners();
this.provEnvgine.initReports();
try {
if (this.getCfg().getResultGroups() != null && this.getCfg().getResultGroups().getDynamicResultGroups() != null && this.getCfg().getResultGroups().getDynamicResultGroups().isEnabled()) {
DynamicPortalUrlsType dynamicResultGroups = this.getCfg().getResultGroups().getDynamicResultGroups();
String className = dynamicResultGroups.getClassName();
HashMap<String, Attribute> cfgAttrs = new HashMap<String, Attribute>();
for (ParamType pt : dynamicResultGroups.getParams()) {
Attribute attr = cfgAttrs.get(pt.getName());
if (attr == null) {
attr = new Attribute(pt.getName());
cfgAttrs.put(pt.getName(), attr);
}
attr.getValues().add(pt.getValue());
}
DynamicResultGroups dynResGroups = (DynamicResultGroups) Class.forName(className).newInstance();
dynResGroups.loadDynamicResultGroups(this, this.getProvisioningEngine(), cfgAttrs);
}
} catch (InstantiationException | IllegalAccessException | ClassNotFoundException e) {
throw new ProvisioningException("Could not initialize dynamic targets", e);
}
try {
if (this.getCfg().getCustomAzRules() != null && this.getCfg().getCustomAzRules().getDynamicCustomAuthorizations() != null && this.getCfg().getCustomAzRules().getDynamicCustomAuthorizations().isEnabled()) {
DynamicPortalUrlsType dynamicCustomAuthorization = this.getCfg().getCustomAzRules().getDynamicCustomAuthorizations();
String className = dynamicCustomAuthorization.getClassName();
HashMap<String, Attribute> cfgAttrs = new HashMap<String, Attribute>();
for (ParamType pt : dynamicCustomAuthorization.getParams()) {
Attribute attr = cfgAttrs.get(pt.getName());
if (attr == null) {
attr = new Attribute(pt.getName());
cfgAttrs.put(pt.getName(), attr);
}
attr.getValues().add(pt.getValue());
}
DynamicAuthorizations dynCustomAz = (DynamicAuthorizations) Class.forName(className).newInstance();
dynCustomAz.loadDynamicAuthorizations(this, this.getProvisioningEngine(), cfgAttrs);
}
} catch (InstantiationException | IllegalAccessException | ClassNotFoundException e) {
throw new ProvisioningException("Could not initialize dynamic targets", e);
}
try {
if (this.getCfg().getAuthChains() != null && this.getCfg().getAuthChains().getDynamicAuthChains() != null && this.getCfg().getAuthChains().getDynamicAuthChains().isEnabled()) {
DynamicPortalUrlsType dynamicAuthChains = this.getCfg().getAuthChains().getDynamicAuthChains();
String className = dynamicAuthChains.getClassName();
HashMap<String, Attribute> cfgAttrs = new HashMap<String, Attribute>();
for (ParamType pt : dynamicAuthChains.getParams()) {
Attribute attr = cfgAttrs.get(pt.getName());
if (attr == null) {
attr = new Attribute(pt.getName());
cfgAttrs.put(pt.getName(), attr);
}
attr.getValues().add(pt.getValue());
}
DynamicAuthChains dynAuthChains = (DynamicAuthChains) Class.forName(className).newInstance();
dynAuthChains.loadDynamicAuthChains(this, provEnvgine, cfgAttrs);
}
} catch (InstantiationException | IllegalAccessException | ClassNotFoundException e) {
throw new ProvisioningException("Could not initialize dynamic targets", e);
}
try {
if (this.getCfg().getApplications() != null && this.getCfg().getApplications().getDynamicApplications() != null && this.getCfg().getApplications().getDynamicApplications().isEnabled()) {
DynamicPortalUrlsType dynamicApps = this.getCfg().getApplications().getDynamicApplications();
String className = dynamicApps.getClassName();
HashMap<String, Attribute> cfgAttrs = new HashMap<String, Attribute>();
for (ParamType pt : dynamicApps.getParams()) {
Attribute attr = cfgAttrs.get(pt.getName());
if (attr == null) {
attr = new Attribute(pt.getName());
cfgAttrs.put(pt.getName(), attr);
}
attr.getValues().add(pt.getValue());
}
DynamicApplications dynApps = (DynamicApplications) Class.forName(className).newInstance();
dynApps.loadDynamicApplications(this, provEnvgine, cfgAttrs);
}
} catch (InstantiationException | IllegalAccessException | ClassNotFoundException e) {
throw new ProvisioningException("Could not initialize dynamic targets", e);
}
this.postInitialize();
}
Also used :
ErrorPage(com.tremolosecurity.config.xml.ApplicationsType.ErrorPage)
TremoloType(com.tremolosecurity.config.xml.TremoloType)
Attribute(com.tremolosecurity.saml.Attribute)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
JAXBContext(javax.xml.bind.JAXBContext)
DynamicApplications(com.tremolosecurity.proxy.dynamicloaders.DynamicApplications)
ProvisioningEngineImpl(com.tremolosecurity.provisioning.core.ProvisioningEngineImpl)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
StopableThread(com.tremolosecurity.server.StopableThread)
CustomAzRuleType(com.tremolosecurity.config.xml.CustomAzRuleType)
MechanismType(com.tremolosecurity.config.xml.MechanismType)
Unmarshaller(javax.xml.bind.Unmarshaller)
AuthChainType(com.tremolosecurity.config.xml.AuthChainType)
DynamicAuthChains(com.tremolosecurity.proxy.dynamicloaders.DynamicAuthChains)
CustomAuthorization(com.tremolosecurity.proxy.az.CustomAuthorization)
AuthMechParamType(com.tremolosecurity.config.xml.AuthMechParamType)
ParamType(com.tremolosecurity.config.xml.ParamType)
DynamicAuthorizations(com.tremolosecurity.proxy.dynamicloaders.DynamicAuthorizations)
ApplicationType(com.tremolosecurity.config.xml.ApplicationType)
DynamicResultGroups(com.tremolosecurity.proxy.dynamicloaders.DynamicResultGroups)
DynamicPortalUrlsType(com.tremolosecurity.config.xml.DynamicPortalUrlsType)
ResultGroupType(com.tremolosecurity.config.xml.ResultGroupType)
Aggregations
CustomAuthorization (com.tremolosecurity.proxy.az.CustomAuthorization)4
AuthMechParamType (com.tremolosecurity.config.xml.AuthMechParamType)2
ParamType (com.tremolosecurity.config.xml.ParamType)2
AzException (com.tremolosecurity.proxy.az.AzException)2
Attribute (com.tremolosecurity.saml.Attribute)2
ArrayList (java.util.ArrayList)2
HashMap (java.util.HashMap)2
LDAPEntry (com.novell.ldap.LDAPEntry)1
LDAPException (com.novell.ldap.LDAPException)1
LDAPSearchResults (com.novell.ldap.LDAPSearchResults)1
LDAPUrl (com.novell.ldap.LDAPUrl)1
ApplicationType (com.tremolosecurity.config.xml.ApplicationType)1
ErrorPage (com.tremolosecurity.config.xml.ApplicationsType.ErrorPage)1
AuthChainType (com.tremolosecurity.config.xml.AuthChainType)1
CustomAzRuleType (com.tremolosecurity.config.xml.CustomAzRuleType)1
DynamicPortalUrlsType (com.tremolosecurity.config.xml.DynamicPortalUrlsType)1
MechanismType (com.tremolosecurity.config.xml.MechanismType)1
ResultGroupType (com.tremolosecurity.config.xml.ResultGroupType)1
TremoloType (com.tremolosecurity.config.xml.TremoloType)1
ProvisioningEngineImpl (com.tremolosecurity.provisioning.core.ProvisioningEngineImpl)1
