Search in sources :

Example 1 with LogoutHandler

use of com.tremolosecurity.proxy.logout.LogoutHandler in project OpenUnison by TremoloSecurity.

the class ConfigSys method doConfig.

/* (non-Javadoc)
	 * @see com.tremolosecurity.proxy.ConfigSys#doConfig(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, com.tremolosecurity.proxy.util.NextSys)
	 */
public void doConfig(HttpServletRequest req, HttpServletResponse resp, NextSys nextSys) throws IOException, ServletException {
    UrlHolder holder = null;
    AuthInfo userAuth = null;
    try {
        SessionManager sessionManager = (SessionManager) this.ctx.getAttribute(ProxyConstants.TREMOLO_SESSION_MANAGER);
        boolean setSessionCookie = false;
        boolean checkLogout = false;
        RequestHolder reqHolder = (RequestHolder) req.getAttribute(ProxyConstants.TREMOLO_REQ_HOLDER);
        holder = (UrlHolder) req.getAttribute(ProxyConstants.AUTOIDM_CFG);
        boolean isForcedAuth = req.getAttribute(ProxyConstants.TREMOLO_IS_FORCED_AUTH) != null ? (Boolean) req.getAttribute(ProxyConstants.TREMOLO_IS_FORCED_AUTH) : false;
        checkLogout = true;
        StringBuffer resetsb = new StringBuffer(cfg.getAuthPath()).append("resetChain");
        HttpSession sharedSession = req.getSession();
        if (sharedSession != null) {
            AuthController actl = (AuthController) sharedSession.getAttribute(ProxyConstants.AUTH_CTL);
            if (actl != null && actl.getHolder() != null) {
                RequestHolder presentHolder = actl.getHolder();
                AuthInfo authdata = actl.getAuthInfo();
                userAuth = authdata;
                if (!req.getRequestURI().startsWith(cfg.getAuthPath()) && /*&&  ! presentHolder.getUrlNoQueryString().equalsIgnoreCase(req.getRequestURL().toString())*/
                (authdata == null || !authdata.isAuthComplete())) {
                    // we're going to ignore requests for favicon.ico
                    if (!req.getRequestURI().endsWith("/favicon.ico") && !req.getRequestURI().endsWith("/apple-touch-icon-precomposed.png") && !req.getRequestURI().endsWith("/apple-touch-icon.png")) {
                        sharedSession.removeAttribute(ProxyConstants.AUTH_CTL);
                        this.cfg.createAnonUser(sharedSession);
                    }
                } else if (req.getRequestURI().equalsIgnoreCase(resetsb.toString())) {
                    sharedSession.removeAttribute("TREMOLO_AUTH_URI");
                    for (AuthStep step : actl.getAuthSteps()) {
                        step.setExecuted(false);
                        step.setSuccess(false);
                    }
                    actl.setCurrentStep(actl.getAuthSteps().get(0));
                    String chainName = holder.getUrl().getAuthChain();
                    AuthChainType chain = cfg.getAuthChains().get(chainName);
                    String mech = chain.getAuthMech().get(0).getName();
                    String uri = cfg.getAuthMechs().get(mech).getUri();
                    holder.getConfig().getAuthManager().loadAmtParams(sharedSession, chain.getAuthMech().get(0));
                    String redirectURI = "";
                    if (holder.getConfig().getContextPath().equalsIgnoreCase("/")) {
                        redirectURI = uri;
                    } else {
                        redirectURI = new StringBuffer().append(holder.getConfig().getContextPath()).append(uri).toString();
                    }
                    sharedSession.setAttribute("TREMOLO_AUTH_URI", redirectURI);
                    resp.sendRedirect(redirectURI);
                    return;
                }
            }
            if (isForcedAuth) {
                actl.setHolder(reqHolder);
                String authChain = holder.getUrl().getAuthChain();
                AuthChainType act = cfg.getAuthChains().get(authChain);
                holder.getConfig().getAuthManager().loadAmtParams(sharedSession, act.getAuthMech().get(0));
            }
        }
        if (holder == null) {
            if (req.getRequestURI().startsWith(cfg.getAuthPath())) {
                req.setAttribute(ProxyConstants.AUTOIDM_MYVD, cfg.getMyVD());
                ProxyResponse presp = new ProxyResponse((HttpServletResponse) resp, (HttpServletRequest) req);
                // we still need a holder
                /*AuthController actl = (AuthController) sharedSession.getAttribute(AuthSys.AUTH_CTL);
						if (actl != null) {
							holder = cfg.findURL(actl.getHolder().getUrlNoQueryString());
							req.setAttribute(ConfigSys.AUTOIDM_CFG, holder);
						} else {*/
                AuthMechanism authMech = cfg.getAuthMech(((HttpServletRequest) req).getRequestURI());
                if (authMech != null) {
                    String finalURL = authMech.getFinalURL(req, resp);
                    if (finalURL != null) {
                        holder = cfg.findURL(finalURL);
                    } else {
                    // throw new ServletException("Can not generate holder");
                    }
                } else {
                // throw new ServletException("Can not generate holder");
                }
                // no holder should be needed beyond this point
                // }
                /*
						
						
								String urlChain = holder.getUrl().getAuthChain();
								AuthChainType act = holder.getConfig().getAuthChains().get(urlChain);
								
								HashMap<String,Attribute> params = new HashMap<String,Attribute>();
								ProxyUtil.loadParams(req, params);
								reqHolder = new RequestHolder(HTTPMethod.GET,params,finalURL,true,act.getName());
								
								isForcedAuth = true;
								req.setAttribute(ConfigSys.AUTOIDM_CFG, holder);
								
								String chainName = holder.getUrl().getAuthChain();
								AuthChainType chain = cfg.getAuthChains().get(chainName);
								String mech = chain.getAuthMech().get(0).getName();
								String uri = cfg.getAuthMechs().get(mech).getUri();
								
								AuthSys.loadAmtParams(sharedSession, chain.getAuthMech().get(0));
							}
						} 
							
						
						if (holder == null) {
							resp.setStatus(HttpServletResponse.SC_NOT_FOUND);
							AccessLog.log(AccessEvent.NotFound, null, req, null, "Resource Not Found");
							return;
						}*/
                nextSys.nextSys(req, presp);
                presp.pushHeadersAndCookies(null);
            } else {
                String redirectLocation = cfg.getErrorPages().get(HttpServletResponse.SC_NOT_FOUND);
                if (redirectLocation != null) {
                    resp.sendRedirect(redirectLocation);
                } else {
                    resp.setStatus(HttpServletResponse.SC_NOT_FOUND);
                }
                AccessLog.log(AccessEvent.NotFound, null, req, null, "Resource Not Found");
            }
        } else {
            req.setAttribute(ProxyConstants.AUTOIDM_CFG, holder);
            req.setAttribute(ProxyConstants.AUTOIDM_MYVD, cfg.getMyVD());
            ProxyResponse presp = new ProxyResponse((HttpServletResponse) resp, (HttpServletRequest) req);
            ProxyData pd = null;
            try {
                nextSys.nextSys(req, presp);
                pd = (ProxyData) req.getAttribute(ProxyConstants.TREMOLO_PRXY_DATA);
                if (holder.getApp().getCookieConfig() != null) {
                    String logouturi = holder.getApp().getCookieConfig().getLogoutURI();
                    AuthController actl = (AuthController) sharedSession.getAttribute(ProxyConstants.AUTH_CTL);
                    if (actl != null) {
                        AuthInfo authdata = actl.getAuthInfo();
                        userAuth = authdata;
                        if ((req.getRequestURI().equalsIgnoreCase(logouturi) || (pd != null && pd.isLogout())) && (authdata != null)) {
                            // Execute logout handlers
                            ArrayList<LogoutHandler> logoutHandlers = (ArrayList<LogoutHandler>) sharedSession.getAttribute(LogoutUtil.LOGOUT_HANDLERS);
                            if (logoutHandlers != null) {
                                for (LogoutHandler h : logoutHandlers) {
                                    h.handleLogout(req, presp);
                                }
                            }
                            sessionManager.clearSession(holder, sharedSession, (HttpServletRequest) req, (HttpServletResponse) resp);
                        }
                    }
                }
                presp.pushHeadersAndCookies(holder);
                if (pd != null && pd.getIns() != null) {
                    if (pd.getResponse() == null) {
                        this.procData(pd.getRequest(), resp, holder, pd.isText(), pd.getIns(), sessionManager);
                    } else {
                        this.procData(pd.getRequest(), pd.getResponse(), holder, pd.isText(), pd.getIns(), pd.getPostProc(), sessionManager);
                    }
                }
            } finally {
                if (pd != null && pd.getHttpRequestBase() != null) {
                    pd.getHttpRequestBase().releaseConnection();
                    if (!resp.isCommitted()) {
                        resp.getOutputStream().flush();
                        resp.getOutputStream().close();
                    }
                }
            }
        }
    } catch (Exception e) {
        ApplicationType appType = null;
        if (holder != null) {
            appType = holder.getApp();
        } else {
            appType = new ApplicationType();
            appType.setName("UNKNOWN");
        }
        AccessLog.log(AccessEvent.Error, appType, (HttpServletRequest) req, userAuth, "NONE");
        req.setAttribute("TREMOLO_ERROR_REQUEST_URL", req.getRequestURL().toString());
        req.setAttribute("TREMOLO_ERROR_EXCEPTION", e);
        logger.error("Could not process request", e);
        String redirectLocation = cfg.getErrorPages().get(500);
        if (redirectLocation != null) {
            resp.sendRedirect(redirectLocation);
        } else {
            StringBuffer b = new StringBuffer();
            b.append(cfg.getAuthFormsPath()).append("error.jsp");
            resp.setStatus(500);
            req.getRequestDispatcher(b.toString()).forward(req, resp);
        }
    }
}
Also used : AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo) HttpSession(javax.servlet.http.HttpSession) ArrayList(java.util.ArrayList) RequestHolder(com.tremolosecurity.proxy.auth.RequestHolder) AuthStep(com.tremolosecurity.proxy.auth.util.AuthStep) AuthController(com.tremolosecurity.proxy.auth.AuthController) ServletException(javax.servlet.ServletException) SocketException(java.net.SocketException) IOException(java.io.IOException) ConnectionClosedException(org.apache.http.ConnectionClosedException) UrlHolder(com.tremolosecurity.config.util.UrlHolder) HttpServletRequest(javax.servlet.http.HttpServletRequest) ApplicationType(com.tremolosecurity.config.xml.ApplicationType) AuthMechanism(com.tremolosecurity.proxy.auth.AuthMechanism) LogoutHandler(com.tremolosecurity.proxy.logout.LogoutHandler) AuthChainType(com.tremolosecurity.config.xml.AuthChainType)

Aggregations

UrlHolder (com.tremolosecurity.config.util.UrlHolder)1 ApplicationType (com.tremolosecurity.config.xml.ApplicationType)1 AuthChainType (com.tremolosecurity.config.xml.AuthChainType)1 AuthController (com.tremolosecurity.proxy.auth.AuthController)1 AuthInfo (com.tremolosecurity.proxy.auth.AuthInfo)1 AuthMechanism (com.tremolosecurity.proxy.auth.AuthMechanism)1 RequestHolder (com.tremolosecurity.proxy.auth.RequestHolder)1 AuthStep (com.tremolosecurity.proxy.auth.util.AuthStep)1 LogoutHandler (com.tremolosecurity.proxy.logout.LogoutHandler)1 IOException (java.io.IOException)1 SocketException (java.net.SocketException)1 ArrayList (java.util.ArrayList)1 ServletException (javax.servlet.ServletException)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 HttpSession (javax.servlet.http.HttpSession)1 ConnectionClosedException (org.apache.http.ConnectionClosedException)1