use of com.tremolosecurity.proxy.filter.HttpFilter in project OpenUnison by TremoloSecurity.
the class ScaleJSOperator method lookupUser.
private void lookupUser(HttpFilterRequest request, HttpFilterResponse response, Gson gson) throws Exception, LDAPException, IOException {
if (this.scaleMainConfig == null) {
UrlHolder holder = GlobalEntries.getGlobalEntries().getConfigManager().findURL(this.scaleMainURL);
for (HttpFilter filter : holder.getFilterChain()) {
if (filter instanceof ScaleMain) {
ScaleMain scaleMain = (ScaleMain) filter;
this.scaleMainConfig = scaleMain.scaleConfig;
}
}
}
String dn = request.getParameter("dn").getValues().get(0);
FilterBuilder baseFilter = (FilterBuilder) request.getAttribute("ops.search.filter");
String filter = "(objectClass=*)";
if (baseFilter != null) {
filter = baseFilter.toString();
}
LDAPSearchResults res = GlobalEntries.getGlobalEntries().getConfigManager().getMyVD().search(dn, 0, filter, new ArrayList<String>());
if (!res.hasMore()) {
throw new Exception("Could not locate user '" + dn + "'");
}
LDAPEntry entry = res.next();
AuthInfo userData = new AuthInfo();
userData.setUserDN(entry.getDN());
LDAPAttributeSet attrs = entry.getAttributeSet();
for (Object obj : attrs) {
LDAPAttribute attr = (LDAPAttribute) obj;
Attribute attrib = new Attribute(attr.getName());
String[] vals = attr.getStringValueArray();
for (String val : vals) {
attrib.getValues().add(val);
}
userData.getAttribs().put(attrib.getName(), attrib);
}
Set<String> allowedAttrs = null;
if (scaleMainConfig.getUiDecisions() != null) {
allowedAttrs = this.scaleMainConfig.getUiDecisions().availableAttributes(userData, request.getServletRequest());
}
OpsUserData userToSend = new OpsUserData();
userToSend.setDn(userData.getUserDN());
for (String attrName : this.scaleMainConfig.getUserAttributeList()) {
if (allowedAttrs == null || allowedAttrs.contains(attrName)) {
Attribute attr = new Attribute(attrName);
Attribute fromUser = userData.getAttribs().get(attrName);
if (fromUser != null) {
attr.getValues().addAll(fromUser.getValues());
if (attrName.equalsIgnoreCase(this.scaleMainConfig.getUidAttributeName())) {
userToSend.setUid(fromUser.getValues().get(0));
}
}
userToSend.getAttributes().add(attr);
}
}
if (this.scaleMainConfig.getRoleAttribute() != null && !this.scaleMainConfig.getRoleAttribute().isEmpty()) {
Attribute fromUser = userData.getAttribs().get(this.scaleMainConfig.getRoleAttribute());
Attribute attr = new Attribute(this.scaleMainConfig.getRoleAttribute());
if (fromUser != null) {
attr.getValues().addAll(fromUser.getValues());
userToSend.getGroups().clear();
userToSend.getGroups().addAll(fromUser.getValues());
}
userToSend.getAttributes().add(attr);
}
ArrayList<String> attrNames = new ArrayList<String>();
attrNames.add("cn");
attrNames.add(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getGroupMemberAttribute());
res = GlobalEntries.getGlobalEntries().getConfigManager().getMyVD().search(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getLdapRoot(), 2, equal(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getGroupMemberAttribute(), dn).toString(), attrNames);
net.sourceforge.myvd.types.Filter ldapFiltertoCheck = new net.sourceforge.myvd.types.Filter(equal(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getGroupMemberAttribute(), dn).toString());
while (res.hasMore()) {
entry = res.next();
if (ldapFiltertoCheck.getRoot().checkEntry(entry)) {
LDAPAttribute la = entry.getAttribute("cn");
if (la != null) {
String val = la.getStringValue();
if (!userToSend.getGroups().contains(val)) {
userToSend.getGroups().add(val);
}
}
}
}
if (scaleMainConfig.getUiDecisions() != null) {
Set<String> smAllowedAttrs = this.scaleMainConfig.getUiDecisions().availableAttributes(userData, request.getServletRequest());
ScaleConfig local = new ScaleConfig(this.scaleMainConfig);
if (smAllowedAttrs != null) {
for (String attrName : this.scaleMainConfig.getAttributes().keySet()) {
if (!smAllowedAttrs.contains(attrName)) {
local.getAttributes().remove(attrName);
}
}
}
userToSend.setMetaData(local.getAttributes());
userToSend.setCanEditUser(this.scaleMainConfig.getUiDecisions().canEditUser(userData, request.getServletRequest()));
} else {
userToSend.setMetaData(scaleMainConfig.getAttributes());
userToSend.setCanEditUser(scaleMainConfig.isCanEditUser());
}
ScaleJSUtils.addCacheHeaders(response);
response.setContentType("application/json");
response.getWriter().println(gson.toJson(userToSend).trim());
}
use of com.tremolosecurity.proxy.filter.HttpFilter in project OpenUnison by TremoloSecurity.
the class ScaleJSOperator method doFilter.
@Override
public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception {
Gson gson = new Gson();
request.getServletRequest().setAttribute("com.tremolosecurity.unison.proxy.noRedirectOnError", "com.tremolosecurity.unison.proxy.noRedirectOnError");
try {
if (request.getRequestURI().endsWith("/ops/config")) {
ScaleJSUtils.addCacheHeaders(response);
response.setContentType("application/json");
response.getWriter().println(gson.toJson(this.config).trim());
} else if (request.getRequestURI().endsWith("/ops/search")) {
runSearch(request, response, gson);
} else if (request.getRequestURI().endsWith("/ops/user") && request.getMethod().equalsIgnoreCase("GET")) {
lookupUser(request, response, gson);
} else if (request.getRequestURI().endsWith("/ops/user") && request.getMethod().equalsIgnoreCase("POST")) {
AuthInfo loggedIn = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
String json = new String((byte[]) request.getAttribute(ProxySys.MSG_BODY));
OpsUpdate updateInput = gson.fromJson(json, OpsUpdate.class);
if (this.scaleMainConfig == null) {
UrlHolder holder = GlobalEntries.getGlobalEntries().getConfigManager().findURL(this.scaleMainURL);
for (HttpFilter filter : holder.getFilterChain()) {
if (filter instanceof ScaleMain) {
ScaleMain scaleMain = (ScaleMain) filter;
this.scaleMainConfig = scaleMain.scaleConfig;
}
}
}
String dn = updateInput.getDn();
LDAPSearchResults res = GlobalEntries.getGlobalEntries().getConfigManager().getMyVD().search(dn, 0, "(objectClass=*)", new ArrayList<String>());
if (!res.hasMore()) {
throw new Exception("Could not locate user '" + dn + "'");
}
LDAPEntry entry = res.next();
AuthInfo userData = new AuthInfo();
userData.setUserDN(entry.getDN());
LDAPAttributeSet attrs = entry.getAttributeSet();
for (Object obj : attrs) {
LDAPAttribute attr = (LDAPAttribute) obj;
Attribute attrib = new Attribute(attr.getName());
String[] vals = attr.getStringValueArray();
for (String val : vals) {
attrib.getValues().add(val);
}
userData.getAttribs().put(attrib.getName(), attrib);
}
ScaleError errors = new ScaleError();
Set<String> allowedAttrs = null;
if (this.scaleMainConfig.getUiDecisions() != null) {
allowedAttrs = this.scaleMainConfig.getUiDecisions().availableAttributes(userData, request.getServletRequest());
}
HashMap<String, String> values = new HashMap<String, String>();
boolean ok = true;
for (Attribute attr : updateInput.getAttributes()) {
String attributeName = attr.getName();
if (allowedAttrs == null || allowedAttrs.contains(attributeName)) {
String value = attr.getValues().get(0);
if (this.scaleMainConfig.getAttributes().get(attributeName) == null) {
errors.getErrors().add("Invalid attribute : '" + attributeName + "'");
ok = false;
} else if (this.scaleMainConfig.getAttributes().get(attributeName).isReadOnly()) {
errors.getErrors().add("Attribute is read only : '" + this.scaleMainConfig.getAttributes().get(attributeName).getDisplayName() + "'");
ok = false;
} else if (this.scaleMainConfig.getAttributes().get(attributeName).isRequired() && value.length() == 0) {
errors.getErrors().add("Attribute is required : '" + this.scaleMainConfig.getAttributes().get(attributeName).getDisplayName() + "'");
ok = false;
} else if (this.scaleMainConfig.getAttributes().get(attributeName).getMinChars() > 0 && this.scaleMainConfig.getAttributes().get(attributeName).getMinChars() > value.length()) {
errors.getErrors().add(this.scaleMainConfig.getAttributes().get(attributeName).getDisplayName() + " must have at least " + this.scaleMainConfig.getAttributes().get(attributeName).getMinChars() + " characters");
ok = false;
} else if (this.scaleMainConfig.getAttributes().get(attributeName).getMaxChars() > 0 && this.scaleMainConfig.getAttributes().get(attributeName).getMaxChars() < value.length()) {
errors.getErrors().add(this.scaleMainConfig.getAttributes().get(attributeName).getDisplayName() + " must have at most " + this.scaleMainConfig.getAttributes().get(attributeName).getMaxChars() + " characters");
ok = false;
} else if (this.scaleMainConfig.getAttributes().get(attributeName).getPattern() != null) {
try {
Matcher m = this.scaleMainConfig.getAttributes().get(attributeName).getPattern().matcher(value);
if (m == null || !m.matches()) {
ok = false;
}
} catch (Exception e) {
ok = false;
}
if (!ok) {
errors.getErrors().add("Attribute value not valid : '" + this.scaleMainConfig.getAttributes().get(attributeName).getDisplayName() + "' - " + this.scaleMainConfig.getAttributes().get(attributeName).getRegExFailedMsg());
}
}
values.put(attributeName, value);
}
}
for (String attrName : this.scaleMainConfig.getAttributes().keySet()) {
if (this.scaleMainConfig.getAttributes().get(attrName).isRequired() && !values.containsKey(attrName) && (allowedAttrs == null || allowedAttrs.contains(attrName))) {
errors.getErrors().add("Attribute is required : '" + this.scaleMainConfig.getAttributes().get(attrName).getDisplayName() + "'");
ok = false;
}
}
if (updateInput.getReason() == null || updateInput.getReason().trim().isEmpty()) {
errors.getErrors().add("Reason For Updates Required");
ok = false;
}
if (ok) {
ConfigManager cfgMgr = GlobalEntries.getGlobalEntries().getConfigManager();
WFCall wfCall = new WFCall();
wfCall.setName(this.scaleMainConfig.getWorkflowName());
wfCall.setReason(updateInput.getReason());
wfCall.setUidAttributeName(this.scaleMainConfig.getUidAttributeName());
wfCall.setRequestor(loggedIn.getAttribs().get(this.scaleMainConfig.getUidAttributeName()).getValues().get(0));
TremoloUser tu = new TremoloUser();
tu.setUid(userData.getAttribs().get(this.scaleMainConfig.getUidAttributeName()).getValues().get(0));
for (String name : values.keySet()) {
tu.getAttributes().add(new Attribute(name, values.get(name)));
}
tu.getAttributes().add(new Attribute(this.scaleMainConfig.getUidAttributeName(), userData.getAttribs().get(this.scaleMainConfig.getUidAttributeName()).getValues().get(0)));
wfCall.setUser(tu);
try {
com.tremolosecurity.provisioning.workflow.ExecuteWorkflow exec = new com.tremolosecurity.provisioning.workflow.ExecuteWorkflow();
exec.execute(wfCall, GlobalEntries.getGlobalEntries().getConfigManager());
} catch (Exception e) {
logger.error("Could not update user", e);
response.setStatus(500);
ScaleError error = new ScaleError();
error.getErrors().add("Please contact your system administrator");
ScaleJSUtils.addCacheHeaders(response);
response.getWriter().print(gson.toJson(error).trim());
response.getWriter().flush();
}
} else {
response.setStatus(500);
ScaleJSUtils.addCacheHeaders(response);
response.getWriter().print(gson.toJson(errors).trim());
response.getWriter().flush();
}
}
} catch (Throwable t) {
logger.error("Could not execute request", t);
response.setStatus(500);
ScaleError error = new ScaleError();
error.getErrors().add("Operation not supported");
ScaleJSUtils.addCacheHeaders(response);
response.getWriter().print(gson.toJson(error).trim());
response.getWriter().flush();
}
}
use of com.tremolosecurity.proxy.filter.HttpFilter in project OpenUnison by TremoloSecurity.
the class UrlComp method init.
/**
* Initializes a URL from the XML configuration. Multiple calls perform no actions.
* @throws Exception
*/
public void init() throws Exception {
if (!this.inited) {
this.lowerCasePath = url.getUri().toLowerCase();
this.filterChain = new ArrayList<HttpFilter>();
List<FilterConfigType> filterCfgs = url.getFilterChain().getFilter();
if (filterCfgs != null) {
Iterator<FilterConfigType> it = filterCfgs.iterator();
while (it.hasNext()) {
FilterConfigType cfg = it.next();
HttpFilter filter = (HttpFilter) Class.forName(cfg.getClazz()).newInstance();
this.filterChain.add(filter);
filter.initFilter(new HttpFilterConfig(cfg, this.cfg));
}
}
this.inited = true;
}
}
Aggregations