use of com.tremolosecurity.proxy.filter.HttpFilterResponse in project OpenUnison by TremoloSecurity.
the class EmbForward method doEmbResults.
public void doEmbResults(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain, NextSys nextSys) throws ServletException, IOException {
ConfigManager cfg = (ConfigManager) request.getAttribute(ProxyConstants.TREMOLO_CFG_OBJ);
if (((HttpServletRequest) request).getRequestURI().startsWith(cfg.getAuthPath())) {
filterChain.doFilter(request, response);
// nextSys.nextSys((HttpServletRequest) request, (HttpServletResponse) response);
return;
}
boolean isText = false;
UrlHolder holder = (UrlHolder) request.getAttribute(ProxyConstants.AUTOIDM_CFG);
HttpFilterRequest filterReq = new HttpFilterRequestImpl(request, null);
HttpFilterResponse filterResp = new HttpFilterResponseImpl(response);
HttpFilterChain chain = new HttpFilterChainImpl(holder, new EmbPostProc(filterChain));
try {
chain.nextFilter(filterReq, filterResp, chain);
} catch (Exception e) {
logger.error("Error", e);
throw new ServletException(e);
}
}
use of com.tremolosecurity.proxy.filter.HttpFilterResponse in project OpenUnison by TremoloSecurity.
the class TokenData method completeFederation.
private void completeFederation(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException, MalformedURLException {
final OpenIDConnectTransaction transaction = (OpenIDConnectTransaction) request.getSession().getAttribute(OpenIDConnectIdP.TRANSACTION_DATA);
final AuthInfo authInfo = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
if (!authInfo.isAuthComplete()) {
logger.warn("Attempted completetd federation before autthentication is completeed, clearing authentication and redirecting to the original URL");
UrlHolder holder = (UrlHolder) request.getAttribute(ProxyConstants.AUTOIDM_CFG);
request.getSession().removeAttribute(ProxyConstants.AUTH_CTL);
holder.getConfig().createAnonUser(request.getSession());
StringBuffer b = new StringBuffer();
b.append(transaction.getRedirectURI()).append("?error=login_reset");
response.sendRedirect(b.toString());
return;
}
request.setAttribute(AzSys.FORCE, "true");
NextSys completeFed = new NextSys() {
public void nextSys(final HttpServletRequest request, final HttpServletResponse response) throws IOException, ServletException {
UrlHolder holder = (UrlHolder) request.getAttribute(ProxyConstants.AUTOIDM_CFG);
HttpFilterRequest filterReq = new HttpFilterRequestImpl(request, null);
HttpFilterResponse filterResp = new HttpFilterResponseImpl(response);
PostProcess postProc = new PostProcess() {
@Override
public void postProcess(HttpFilterRequest req, HttpFilterResponse resp, UrlHolder holder, HttpFilterChain chain) throws Exception {
postResponse(transaction, request, response, authInfo, holder);
}
@Override
public boolean addHeader(String name) {
return false;
}
};
HttpFilterChain chain = new HttpFilterChainImpl(holder, postProc);
try {
chain.nextFilter(filterReq, filterResp, chain);
} catch (Exception e) {
throw new ServletException(e);
}
}
};
AzSys az = new AzSys();
az.doAz(request, response, completeFed);
}
use of com.tremolosecurity.proxy.filter.HttpFilterResponse in project OpenUnison by TremoloSecurity.
the class ProxySys method doPush.
public void doPush(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
UrlHolder holder = (UrlHolder) req.getAttribute(ProxyConstants.AUTOIDM_CFG);
HttpFilterRequest filterReq = new HttpFilterRequestImpl(req, null);
HttpFilterResponse filterResp = new HttpFilterResponseImpl(resp);
HashMap<String, String> uriParams = (HashMap<String, String>) req.getAttribute("TREMOLO_URI_PARAMS");
if (uriParams == null) {
uriParams = new HashMap<String, String>();
req.setAttribute("TREMOLO_URI_PARAMS", uriParams);
}
uriParams.put("fullURI", req.getRequestURI());
HashSet<String> queryParams = new HashSet<String>();
req.setAttribute(ProxySys.QUERY_PARAMS, queryParams);
String qs = req.getQueryString();
if (qs != null) {
StringTokenizer toker = new StringTokenizer(qs, "&", false);
while (toker.hasMoreTokens()) {
String qsParam = toker.nextToken();
int eqIndex = qsParam.indexOf('=');
String paramName;
if (eqIndex == -1) {
paramName = qsParam;
} else {
paramName = qsParam.substring(0, eqIndex);
}
if (!queryParams.contains(paramName)) {
queryParams.add(paramName);
}
}
}
PostProcess postProc = null;
if (holder.getUrl().getProxyTo() == null || holder.getUrl().getProxyTo().isEmpty()) {
FilterChain filterChain = (FilterChain) req.getAttribute(ProxyConstants.TREMOLO_FILTER_CHAIN);
if (filterChain == null) {
logger.warn("Could not find filter chain");
}
postProc = new EmbPostProc(filterChain);
} else {
postProc = new PushRequestProcess();
;
}
HttpFilterChain chain = new HttpFilterChainImpl(holder, postProc);
try {
chain.nextFilter(filterReq, filterResp, chain);
} catch (Exception e) {
throw new ServletException(e);
}
ProxyData pd = new ProxyData();
pd.setHolder(holder);
pd.setIns(chain.getIns());
pd.setPostProc(postProc);
pd.setRequest(filterReq);
pd.setResponse(filterResp);
pd.setText(chain.isText());
pd.setLogout(chain.isLogout());
pd.setHttpRequestBase(chain.getHttpRequestBase());
req.setAttribute(ProxyConstants.TREMOLO_PRXY_DATA, pd);
}
use of com.tremolosecurity.proxy.filter.HttpFilterResponse in project OpenUnison by TremoloSecurity.
the class ProxySys method doURI.
public void doURI(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
boolean isText = false;
UrlHolder holder = (UrlHolder) req.getAttribute(ProxyConstants.AUTOIDM_CFG);
HashMap<String, String> uriParams = (HashMap<String, String>) req.getAttribute("TREMOLO_URI_PARAMS");
if (uriParams == null) {
uriParams = new HashMap<String, String>();
req.setAttribute("TREMOLO_URI_PARAMS", uriParams);
}
uriParams.put("fullURI", req.getRequestURI());
HttpFilterRequest filterReq = new HttpFilterRequestImpl(req, null);
HttpFilterResponse filterResp = new HttpFilterResponseImpl(resp);
PostProcess postProc = null;
if (holder.getUrl().getProxyTo() == null || holder.getUrl().getProxyTo().isEmpty()) {
FilterChain filterChain = (FilterChain) req.getAttribute(ProxyConstants.TREMOLO_FILTER_CHAIN);
if (filterChain == null) {
logger.warn("Could not find filter chain");
}
postProc = new EmbPostProc(filterChain);
} else {
postProc = new UriRequestProcess();
}
HttpFilterChain chain = new HttpFilterChainImpl(holder, postProc);
try {
chain.nextFilter(filterReq, filterResp, chain);
} catch (Exception e) {
ByteArrayOutputStream baos = new ByteArrayOutputStream();
PrintWriter err = new PrintWriter(new OutputStreamWriter(baos));
e.printStackTrace(err);
Throwable t = e.getCause();
while (t != null) {
t.printStackTrace(err);
t = t.getCause();
}
logger.error("Error Executing Request : " + new String(baos.toByteArray()));
throw new ServletException("Could not execute request", e);
}
ProxyData pd = new ProxyData();
pd.setHolder(holder);
pd.setIns(chain.getIns());
pd.setPostProc(postProc);
pd.setRequest(filterReq);
pd.setResponse(filterResp);
pd.setText(chain.isText());
pd.setLogout(chain.isLogout());
pd.setHttpRequestBase(chain.getHttpRequestBase());
req.setAttribute(ProxyConstants.TREMOLO_PRXY_DATA, pd);
}
use of com.tremolosecurity.proxy.filter.HttpFilterResponse in project OpenUnison by TremoloSecurity.
the class SamlTransaction method completeFederation.
private void completeFederation(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException, MalformedURLException {
final SamlTransaction transaction = (SamlTransaction) request.getSession().getAttribute(Saml2Idp.TRANSACTION_DATA);
final AuthInfo authInfo = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
if (!authInfo.isAuthComplete()) {
logger.warn("Attempted completetd federation before autthentication is completeed, clearing authentication and redirecting to the original URL");
UrlHolder holder = (UrlHolder) request.getAttribute(ProxyConstants.AUTOIDM_CFG);
request.getSession().removeAttribute(ProxyConstants.AUTH_CTL);
holder.getConfig().createAnonUser(request.getSession());
this.postErrorResponse(transaction, request, response, authInfo, holder);
return;
}
request.setAttribute(AzSys.FORCE, "true");
NextSys completeFed = new NextSys() {
@Override
public void nextSys(final HttpServletRequest request, final HttpServletResponse response) throws IOException, ServletException {
// System.out.println("Authorized!!!!");
final AuthInfo authInfo = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
UrlHolder holder = (UrlHolder) request.getAttribute(ProxyConstants.AUTOIDM_CFG);
HttpFilterRequest filterReq = new HttpFilterRequestImpl(request, null);
HttpFilterResponse filterResp = new HttpFilterResponseImpl(response);
PostProcess postProc = new PostProcess() {
@Override
public void postProcess(HttpFilterRequest req, HttpFilterResponse resp, UrlHolder holder, HttpFilterChain chain) throws Exception {
postResponse(transaction, request, response, authInfo, holder);
}
@Override
public boolean addHeader(String name) {
return false;
}
};
HttpFilterChain chain = new HttpFilterChainImpl(holder, postProc);
try {
chain.nextFilter(filterReq, filterResp, chain);
} catch (Exception e) {
throw new ServletException(e);
}
}
};
AzSys az = new AzSys();
az.doAz(request, response, completeFed);
}
Aggregations