Search in sources :

Example 81 with Attribute

use of com.tremolosecurity.saml.Attribute in project OpenUnison by TremoloSecurity.

the class LastMile method doFilter.

@Override
public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception {
    DateTime notBefore = new DateTime();
    notBefore = notBefore.minusSeconds(timeScew);
    DateTime notAfter = new DateTime();
    notAfter = notAfter.plusSeconds(timeScew);
    AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
    com.tremolosecurity.lastmile.LastMile lastmile = new com.tremolosecurity.lastmile.LastMile(request.getRequestURI(), notBefore, notAfter, userData.getAuthLevel(), userData.getAuthChain());
    Iterator<String> it = this.headers.keySet().iterator();
    while (it.hasNext()) {
        String fromUser = it.next();
        String toApp = this.headers.get(fromUser);
        Attribute attrib = userData.getAttribs().get(fromUser);
        request.removeHeader(toApp);
        if (logger.isDebugEnabled()) {
            logger.debug("Header to add : " + fromUser);
        }
        if (attrib != null) {
            if (logger.isDebugEnabled()) {
                logger.debug("Attribute " + fromUser + "='" + attrib.getValues() + "' for " + userData.getUserDN());
            }
            Attribute toAppAttrib = new Attribute(toApp);
            toAppAttrib.getValues().addAll(attrib.getValues());
            lastmile.getAttributes().add(toAppAttrib);
        } else {
            if (logger.isDebugEnabled()) {
                logger.debug("Attribute " + fromUser + " is not available for " + userData.getUserDN());
            }
        }
    }
    String encryptedXML = lastmile.generateLastMileToken(encKey);
    if (this.headerPrefix != null && !this.headerPrefix.isEmpty()) {
        StringBuffer b = new StringBuffer();
        b.append(this.headerPrefix).append(' ').append(encryptedXML);
        encryptedXML = b.toString();
    }
    request.addHeader(new Attribute(this.headerName, encryptedXML));
    // response.addHeader(this.headerName, requestKey.getEncrypted());
    chain.nextFilter(request, response, chain);
}
Also used : AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo) Attribute(com.tremolosecurity.saml.Attribute) AuthController(com.tremolosecurity.proxy.auth.AuthController) DateTime(org.joda.time.DateTime)

Example 82 with Attribute

use of com.tremolosecurity.saml.Attribute in project OpenUnison by TremoloSecurity.

the class LastMileJSON method doFilter.

@Override
public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception {
    chain.setNoProxy(true);
    ConfigManager cfgMgr = (ConfigManager) request.getAttribute(ProxyConstants.TREMOLO_CFG_OBJ);
    PrintWriter out = response.getWriter();
    out.println("<html><head>");
    out.println("<script type=\"text/javascript\">");
    out.println("     function onBodyLoad() {");
    out.println("          var element = document.getElementById(\"json\");");
    // out.println("          alert(element.innerHTML);");
    out.println("          window.javascriptAccessor.setJSON(element.innerHTML);");
    out.println("     }");
    out.println("</script></head><body onload=\"onBodyLoad()\">");
    out.print("<div id=\"json\">");
    DateTime notBefore = new DateTime().minusSeconds(secondsScew);
    DateTime notAfter = new DateTime().plusSeconds(secondsToLive);
    AuthController actl = (AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL);
    com.tremolosecurity.lastmile.LastMile lmreq = new com.tremolosecurity.lastmile.LastMile(request.getRequestURI(), notBefore, notAfter, 1, "chainName");
    lmreq.getAttributes().add(new Attribute("dn", actl.getAuthInfo().getUserDN()));
    AccessTokenResponse resp = new AccessTokenResponse();
    resp.setAccess_token(lmreq.generateLastMileToken(cfgMgr.getSecretKey(encKeyAlias)));
    resp.setToken_type("bearer");
    resp.setExpires_in(this.secondsToLive);
    Gson gson = new Gson();
    out.print(gson.toJson(resp));
    out.print("</div></body></html>");
}
Also used : Attribute(com.tremolosecurity.saml.Attribute) Gson(com.google.gson.Gson) AuthController(com.tremolosecurity.proxy.auth.AuthController) AccessTokenResponse(com.tremolosecurity.proxy.auth.oauth2.AccessTokenResponse) ConfigManager(com.tremolosecurity.config.util.ConfigManager) DateTime(org.joda.time.DateTime) PrintWriter(java.io.PrintWriter)

Example 83 with Attribute

use of com.tremolosecurity.saml.Attribute in project OpenUnison by TremoloSecurity.

the class AnonAz method doFilter.

@Override
public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception {
    // SharedSession.getSharedSession().getSession(req.getSession().getId());
    HttpSession session = request.getSession();
    AuthController actl = (AuthController) session.getAttribute(ProxyConstants.AUTH_CTL);
    if (actl == null) {
        actl = new AuthController();
        session.setAttribute(ProxyConstants.AUTH_CTL, actl);
    }
    if (actl.getAuthInfo() == null) {
        AuthInfo authInfo = new AuthInfo(this.rdn, (String) session.getAttribute(ProxyConstants.AUTH_MECH_NAME), "anonymous", 0);
        ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).setAuthInfo(authInfo);
        authInfo.getAttribs().put(this.uidAttr, new Attribute(this.uidAttr, this.uidVal));
        authInfo.getAttribs().put("objectClass", new Attribute("objectClass", GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getUserObjectClass()));
        actl.setAuthInfo(authInfo);
    }
    chain.nextFilter(request, response, chain);
}
Also used : AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo) Attribute(com.tremolosecurity.saml.Attribute) HttpSession(javax.servlet.http.HttpSession) AuthController(com.tremolosecurity.proxy.auth.AuthController)

Example 84 with Attribute

use of com.tremolosecurity.saml.Attribute in project OpenUnison by TremoloSecurity.

the class BasicAuth method doFilter.

@Override
public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception {
    HashMap<String, Attribute> authParams = new HashMap<String, Attribute>();
    authParams.put("realmName", new Attribute("realmName", this.realmName));
    authParams.put("uidAttr", new Attribute("uidAttr", this.uidAttrName));
    request.getSession().setAttribute(ProxyConstants.AUTH_MECH_PARAMS, authParams);
    AuthStep as = new AuthStep();
    as.setId(0);
    as.setExecuted(true);
    as.setRequired(true);
    if (com.tremolosecurity.proxy.auth.BasicAuth.checkBasicAuth(request.getServletRequest(), response.getServletResponse(), cfgMgr, new LDAPBasicAuth(), as)) {
        request.removeHeader("Authorization");
        chain.nextFilter(request, response, chain);
    } else {
        chain.setNoProxy(true);
    }
}
Also used : LDAPBasicAuth(com.tremolosecurity.proxy.auth.util.LDAPBasicAuth) Attribute(com.tremolosecurity.saml.Attribute) HashMap(java.util.HashMap) AuthStep(com.tremolosecurity.proxy.auth.util.AuthStep)

Example 85 with Attribute

use of com.tremolosecurity.saml.Attribute in project OpenUnison by TremoloSecurity.

the class CheckADShadowAccounts method doFilter.

@Override
public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception {
    AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
    if (!userData.getAttribs().get("userPrincipalName").getValues().get(0).endsWith(this.nonShadowSuffix)) {
        String newUPN = userData.getAttribs().get(this.upnAttributeName).getValues().get(0);
        StringBuffer newUPNVal = new StringBuffer();
        newUPNVal.append(newUPN.replace('@', '.')).append('@').append(this.nonShadowSuffix);
        userData.getAttribs().get("userPrincipalName").getValues().clear();
        userData.getAttribs().get("userPrincipalName").getValues().add(newUPNVal.toString());
        userData.getAttribs().put(this.flagAttributeName, new Attribute(this.flagAttributeName, this.flagAttributeValue));
    }
    chain.nextFilter(request, response, chain);
}
Also used : AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo) Attribute(com.tremolosecurity.saml.Attribute) AuthController(com.tremolosecurity.proxy.auth.AuthController)

Aggregations

Attribute (com.tremolosecurity.saml.Attribute)268 LDAPAttribute (com.novell.ldap.LDAPAttribute)90 HashMap (java.util.HashMap)89 ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)87 IOException (java.io.IOException)69 ArrayList (java.util.ArrayList)53 LDAPException (com.novell.ldap.LDAPException)51 ServletException (javax.servlet.ServletException)48 AuthInfo (com.tremolosecurity.proxy.auth.AuthInfo)46 AuthController (com.tremolosecurity.proxy.auth.AuthController)45 LDAPEntry (com.novell.ldap.LDAPEntry)43 LDAPSearchResults (com.novell.ldap.LDAPSearchResults)43 HttpSession (javax.servlet.http.HttpSession)40 Gson (com.google.gson.Gson)35 User (com.tremolosecurity.provisioning.core.User)33 HttpServletRequest (javax.servlet.http.HttpServletRequest)33 UrlHolder (com.tremolosecurity.config.util.UrlHolder)31 UnsupportedEncodingException (java.io.UnsupportedEncodingException)30 AuthChainType (com.tremolosecurity.config.xml.AuthChainType)28 HashSet (java.util.HashSet)26