use of com.tremolosecurity.proxy.logout.LogoutHandler in project OpenUnison by TremoloSecurity.
the class ConfigSys method doConfig.
/* (non-Javadoc)
* @see com.tremolosecurity.proxy.ConfigSys#doConfig(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, com.tremolosecurity.proxy.util.NextSys)
*/
public void doConfig(HttpServletRequest req, HttpServletResponse resp, NextSys nextSys) throws IOException, ServletException {
UrlHolder holder = null;
AuthInfo userAuth = null;
try {
SessionManager sessionManager = (SessionManager) this.ctx.getAttribute(ProxyConstants.TREMOLO_SESSION_MANAGER);
boolean setSessionCookie = false;
boolean checkLogout = false;
RequestHolder reqHolder = (RequestHolder) req.getAttribute(ProxyConstants.TREMOLO_REQ_HOLDER);
holder = (UrlHolder) req.getAttribute(ProxyConstants.AUTOIDM_CFG);
boolean isForcedAuth = req.getAttribute(ProxyConstants.TREMOLO_IS_FORCED_AUTH) != null ? (Boolean) req.getAttribute(ProxyConstants.TREMOLO_IS_FORCED_AUTH) : false;
checkLogout = true;
StringBuffer resetsb = new StringBuffer(cfg.getAuthPath()).append("resetChain");
HttpSession sharedSession = req.getSession();
if (sharedSession != null) {
AuthController actl = (AuthController) sharedSession.getAttribute(ProxyConstants.AUTH_CTL);
if (actl != null && actl.getHolder() != null) {
RequestHolder presentHolder = actl.getHolder();
AuthInfo authdata = actl.getAuthInfo();
userAuth = authdata;
if (!req.getRequestURI().startsWith(cfg.getAuthPath()) && /*&& ! presentHolder.getUrlNoQueryString().equalsIgnoreCase(req.getRequestURL().toString())*/
(authdata == null || !authdata.isAuthComplete())) {
// we're going to ignore requests for favicon.ico
if (!req.getRequestURI().endsWith("/favicon.ico") && !req.getRequestURI().endsWith("/apple-touch-icon-precomposed.png") && !req.getRequestURI().endsWith("/apple-touch-icon.png")) {
sharedSession.removeAttribute(ProxyConstants.AUTH_CTL);
this.cfg.createAnonUser(sharedSession);
}
} else if (req.getRequestURI().equalsIgnoreCase(resetsb.toString())) {
sharedSession.removeAttribute("TREMOLO_AUTH_URI");
for (AuthStep step : actl.getAuthSteps()) {
step.setExecuted(false);
step.setSuccess(false);
}
actl.setCurrentStep(actl.getAuthSteps().get(0));
String chainName = holder.getUrl().getAuthChain();
AuthChainType chain = cfg.getAuthChains().get(chainName);
String mech = chain.getAuthMech().get(0).getName();
String uri = cfg.getAuthMechs().get(mech).getUri();
holder.getConfig().getAuthManager().loadAmtParams(sharedSession, chain.getAuthMech().get(0));
String redirectURI = "";
if (holder.getConfig().getContextPath().equalsIgnoreCase("/")) {
redirectURI = uri;
} else {
redirectURI = new StringBuffer().append(holder.getConfig().getContextPath()).append(uri).toString();
}
sharedSession.setAttribute("TREMOLO_AUTH_URI", redirectURI);
resp.sendRedirect(redirectURI);
return;
}
}
if (isForcedAuth) {
actl.setHolder(reqHolder);
String authChain = holder.getUrl().getAuthChain();
AuthChainType act = cfg.getAuthChains().get(authChain);
holder.getConfig().getAuthManager().loadAmtParams(sharedSession, act.getAuthMech().get(0));
}
}
if (holder == null) {
if (req.getRequestURI().startsWith(cfg.getAuthPath())) {
req.setAttribute(ProxyConstants.AUTOIDM_MYVD, cfg.getMyVD());
ProxyResponse presp = new ProxyResponse((HttpServletResponse) resp, (HttpServletRequest) req);
// we still need a holder
/*AuthController actl = (AuthController) sharedSession.getAttribute(AuthSys.AUTH_CTL);
if (actl != null) {
holder = cfg.findURL(actl.getHolder().getUrlNoQueryString());
req.setAttribute(ConfigSys.AUTOIDM_CFG, holder);
} else {*/
AuthMechanism authMech = cfg.getAuthMech(((HttpServletRequest) req).getRequestURI());
if (authMech != null) {
String finalURL = authMech.getFinalURL(req, resp);
if (finalURL != null) {
holder = cfg.findURL(finalURL);
} else {
// throw new ServletException("Can not generate holder");
}
} else {
// throw new ServletException("Can not generate holder");
}
// no holder should be needed beyond this point
// }
/*
String urlChain = holder.getUrl().getAuthChain();
AuthChainType act = holder.getConfig().getAuthChains().get(urlChain);
HashMap<String,Attribute> params = new HashMap<String,Attribute>();
ProxyUtil.loadParams(req, params);
reqHolder = new RequestHolder(HTTPMethod.GET,params,finalURL,true,act.getName());
isForcedAuth = true;
req.setAttribute(ConfigSys.AUTOIDM_CFG, holder);
String chainName = holder.getUrl().getAuthChain();
AuthChainType chain = cfg.getAuthChains().get(chainName);
String mech = chain.getAuthMech().get(0).getName();
String uri = cfg.getAuthMechs().get(mech).getUri();
AuthSys.loadAmtParams(sharedSession, chain.getAuthMech().get(0));
}
}
if (holder == null) {
resp.setStatus(HttpServletResponse.SC_NOT_FOUND);
AccessLog.log(AccessEvent.NotFound, null, req, null, "Resource Not Found");
return;
}*/
nextSys.nextSys(req, presp);
presp.pushHeadersAndCookies(null);
} else {
String redirectLocation = cfg.getErrorPages().get(HttpServletResponse.SC_NOT_FOUND);
if (redirectLocation != null) {
resp.sendRedirect(redirectLocation);
} else {
resp.setStatus(HttpServletResponse.SC_NOT_FOUND);
}
AccessLog.log(AccessEvent.NotFound, null, req, null, "Resource Not Found");
}
} else {
req.setAttribute(ProxyConstants.AUTOIDM_CFG, holder);
req.setAttribute(ProxyConstants.AUTOIDM_MYVD, cfg.getMyVD());
ProxyResponse presp = new ProxyResponse((HttpServletResponse) resp, (HttpServletRequest) req);
ProxyData pd = null;
try {
nextSys.nextSys(req, presp);
pd = (ProxyData) req.getAttribute(ProxyConstants.TREMOLO_PRXY_DATA);
if (holder.getApp().getCookieConfig() != null) {
String logouturi = holder.getApp().getCookieConfig().getLogoutURI();
AuthController actl = (AuthController) sharedSession.getAttribute(ProxyConstants.AUTH_CTL);
if (actl != null) {
AuthInfo authdata = actl.getAuthInfo();
userAuth = authdata;
if ((req.getRequestURI().equalsIgnoreCase(logouturi) || (pd != null && pd.isLogout())) && (authdata != null)) {
// Execute logout handlers
ArrayList<LogoutHandler> logoutHandlers = (ArrayList<LogoutHandler>) sharedSession.getAttribute(LogoutUtil.LOGOUT_HANDLERS);
if (logoutHandlers != null) {
for (LogoutHandler h : logoutHandlers) {
h.handleLogout(req, presp);
}
}
sessionManager.clearSession(holder, sharedSession, (HttpServletRequest) req, (HttpServletResponse) resp);
}
}
}
presp.pushHeadersAndCookies(holder);
if (pd != null && pd.getIns() != null) {
if (pd.getResponse() == null) {
this.procData(pd.getRequest(), resp, holder, pd.isText(), pd.getIns(), sessionManager);
} else {
this.procData(pd.getRequest(), pd.getResponse(), holder, pd.isText(), pd.getIns(), pd.getPostProc(), sessionManager);
}
}
} finally {
if (pd != null && pd.getHttpRequestBase() != null) {
pd.getHttpRequestBase().releaseConnection();
if (!resp.isCommitted()) {
resp.getOutputStream().flush();
resp.getOutputStream().close();
}
}
}
}
} catch (Exception e) {
ApplicationType appType = null;
if (holder != null) {
appType = holder.getApp();
} else {
appType = new ApplicationType();
appType.setName("UNKNOWN");
}
AccessLog.log(AccessEvent.Error, appType, (HttpServletRequest) req, userAuth, "NONE");
req.setAttribute("TREMOLO_ERROR_REQUEST_URL", req.getRequestURL().toString());
req.setAttribute("TREMOLO_ERROR_EXCEPTION", e);
logger.error("Could not process request", e);
String redirectLocation = cfg.getErrorPages().get(500);
if (redirectLocation != null) {
resp.sendRedirect(redirectLocation);
} else {
StringBuffer b = new StringBuffer();
b.append(cfg.getAuthFormsPath()).append("error.jsp");
resp.setStatus(500);
req.getRequestDispatcher(b.toString()).forward(req, resp);
}
}
}
Aggregations