use of com.tremolosecurity.saml.Attribute in project OpenUnison by TremoloSecurity.
the class LastMile method doFilter.
@Override
public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception {
DateTime notBefore = new DateTime();
notBefore = notBefore.minusSeconds(timeScew);
DateTime notAfter = new DateTime();
notAfter = notAfter.plusSeconds(timeScew);
AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
com.tremolosecurity.lastmile.LastMile lastmile = new com.tremolosecurity.lastmile.LastMile(request.getRequestURI(), notBefore, notAfter, userData.getAuthLevel(), userData.getAuthChain());
Iterator<String> it = this.headers.keySet().iterator();
while (it.hasNext()) {
String fromUser = it.next();
String toApp = this.headers.get(fromUser);
Attribute attrib = userData.getAttribs().get(fromUser);
request.removeHeader(toApp);
if (logger.isDebugEnabled()) {
logger.debug("Header to add : " + fromUser);
}
if (attrib != null) {
if (logger.isDebugEnabled()) {
logger.debug("Attribute " + fromUser + "='" + attrib.getValues() + "' for " + userData.getUserDN());
}
Attribute toAppAttrib = new Attribute(toApp);
toAppAttrib.getValues().addAll(attrib.getValues());
lastmile.getAttributes().add(toAppAttrib);
} else {
if (logger.isDebugEnabled()) {
logger.debug("Attribute " + fromUser + " is not available for " + userData.getUserDN());
}
}
}
String encryptedXML = lastmile.generateLastMileToken(encKey);
if (this.headerPrefix != null && !this.headerPrefix.isEmpty()) {
StringBuffer b = new StringBuffer();
b.append(this.headerPrefix).append(' ').append(encryptedXML);
encryptedXML = b.toString();
}
request.addHeader(new Attribute(this.headerName, encryptedXML));
// response.addHeader(this.headerName, requestKey.getEncrypted());
chain.nextFilter(request, response, chain);
}
use of com.tremolosecurity.saml.Attribute in project OpenUnison by TremoloSecurity.
the class LastMileJSON method doFilter.
@Override
public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception {
chain.setNoProxy(true);
ConfigManager cfgMgr = (ConfigManager) request.getAttribute(ProxyConstants.TREMOLO_CFG_OBJ);
PrintWriter out = response.getWriter();
out.println("<html><head>");
out.println("<script type=\"text/javascript\">");
out.println(" function onBodyLoad() {");
out.println(" var element = document.getElementById(\"json\");");
// out.println(" alert(element.innerHTML);");
out.println(" window.javascriptAccessor.setJSON(element.innerHTML);");
out.println(" }");
out.println("</script></head><body onload=\"onBodyLoad()\">");
out.print("<div id=\"json\">");
DateTime notBefore = new DateTime().minusSeconds(secondsScew);
DateTime notAfter = new DateTime().plusSeconds(secondsToLive);
AuthController actl = (AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL);
com.tremolosecurity.lastmile.LastMile lmreq = new com.tremolosecurity.lastmile.LastMile(request.getRequestURI(), notBefore, notAfter, 1, "chainName");
lmreq.getAttributes().add(new Attribute("dn", actl.getAuthInfo().getUserDN()));
AccessTokenResponse resp = new AccessTokenResponse();
resp.setAccess_token(lmreq.generateLastMileToken(cfgMgr.getSecretKey(encKeyAlias)));
resp.setToken_type("bearer");
resp.setExpires_in(this.secondsToLive);
Gson gson = new Gson();
out.print(gson.toJson(resp));
out.print("</div></body></html>");
}
use of com.tremolosecurity.saml.Attribute in project OpenUnison by TremoloSecurity.
the class AnonAz method doFilter.
@Override
public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception {
// SharedSession.getSharedSession().getSession(req.getSession().getId());
HttpSession session = request.getSession();
AuthController actl = (AuthController) session.getAttribute(ProxyConstants.AUTH_CTL);
if (actl == null) {
actl = new AuthController();
session.setAttribute(ProxyConstants.AUTH_CTL, actl);
}
if (actl.getAuthInfo() == null) {
AuthInfo authInfo = new AuthInfo(this.rdn, (String) session.getAttribute(ProxyConstants.AUTH_MECH_NAME), "anonymous", 0);
((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).setAuthInfo(authInfo);
authInfo.getAttribs().put(this.uidAttr, new Attribute(this.uidAttr, this.uidVal));
authInfo.getAttribs().put("objectClass", new Attribute("objectClass", GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getUserObjectClass()));
actl.setAuthInfo(authInfo);
}
chain.nextFilter(request, response, chain);
}
use of com.tremolosecurity.saml.Attribute in project OpenUnison by TremoloSecurity.
the class BasicAuth method doFilter.
@Override
public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception {
HashMap<String, Attribute> authParams = new HashMap<String, Attribute>();
authParams.put("realmName", new Attribute("realmName", this.realmName));
authParams.put("uidAttr", new Attribute("uidAttr", this.uidAttrName));
request.getSession().setAttribute(ProxyConstants.AUTH_MECH_PARAMS, authParams);
AuthStep as = new AuthStep();
as.setId(0);
as.setExecuted(true);
as.setRequired(true);
if (com.tremolosecurity.proxy.auth.BasicAuth.checkBasicAuth(request.getServletRequest(), response.getServletResponse(), cfgMgr, new LDAPBasicAuth(), as)) {
request.removeHeader("Authorization");
chain.nextFilter(request, response, chain);
} else {
chain.setNoProxy(true);
}
}
use of com.tremolosecurity.saml.Attribute in project OpenUnison by TremoloSecurity.
the class CheckADShadowAccounts method doFilter.
@Override
public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception {
AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
if (!userData.getAttribs().get("userPrincipalName").getValues().get(0).endsWith(this.nonShadowSuffix)) {
String newUPN = userData.getAttribs().get(this.upnAttributeName).getValues().get(0);
StringBuffer newUPNVal = new StringBuffer();
newUPNVal.append(newUPN.replace('@', '.')).append('@').append(this.nonShadowSuffix);
userData.getAttribs().get("userPrincipalName").getValues().clear();
userData.getAttribs().get("userPrincipalName").getValues().add(newUPNVal.toString());
userData.getAttribs().put(this.flagAttributeName, new Attribute(this.flagAttributeName, this.flagAttributeValue));
}
chain.nextFilter(request, response, chain);
}
Aggregations