use of com.tremolosecurity.scalejs.data.ScaleApprovalData in project OpenUnison by TremoloSecurity.
the class ScaleMain method doFilter.
@Override
public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception {
Gson gson = new Gson();
request.getServletRequest().setAttribute("com.tremolosecurity.unison.proxy.noRedirectOnError", "com.tremolosecurity.unison.proxy.noRedirectOnError");
try {
if (request.getRequestURI().endsWith("/main/config")) {
if (scaleConfig.getUiDecisions() != null) {
AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
Set<String> allowedAttrs = this.scaleConfig.getUiDecisions().availableAttributes(userData, request.getServletRequest());
ScaleConfig local = new ScaleConfig(this.scaleConfig);
if (allowedAttrs != null) {
for (String attrName : this.scaleConfig.getAttributes().keySet()) {
if (!allowedAttrs.contains(attrName)) {
local.getAttributes().remove(attrName);
}
}
}
local.setCanEditUser(this.scaleConfig.getUiDecisions().canEditUser(userData, request.getServletRequest()));
ScaleJSUtils.addCacheHeaders(response);
response.setContentType("application/json");
response.getWriter().println(gson.toJson(local).trim());
} else {
ScaleJSUtils.addCacheHeaders(response);
response.setContentType("application/json");
response.getWriter().println(gson.toJson(scaleConfig).trim());
}
} else if (request.getMethod().equalsIgnoreCase("GET") && request.getRequestURI().endsWith("/main/user")) {
lookupUser(request, response, gson);
} else if (request.getMethod().equalsIgnoreCase("PUT") && request.getRequestURI().endsWith("/main/user")) {
saveUser(request, response, gson);
} else if (request.getMethod().equalsIgnoreCase("GET") && request.getRequestURI().endsWith("/main/orgs")) {
AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
AzSys az = new AzSys();
OrgType ot = GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getOrg();
Organization org = new Organization();
copyOrg(org, ot, az, userData);
ScaleJSUtils.addCacheHeaders(response);
response.setContentType("application/json");
response.getWriter().println(gson.toJson(org).trim());
} else if (request.getMethod().equalsIgnoreCase("GET") && request.getRequestURI().contains("/main/workflows/org/")) {
loadWorkflows(request, response, gson);
} else if (request.getMethod().equalsIgnoreCase("GET") && request.getRequestURI().contains("/main/workflows/candelegate")) {
try {
AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
OrgType ot = GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getOrg();
AzSys az = new AzSys();
HashSet<String> allowedOrgs = new HashSet<String>();
this.checkOrg(allowedOrgs, ot, az, userData, request.getSession());
String workflowName = request.getParameter("workflowName").getValues().get(0);
// need to check org
String orgid = null;
for (WorkflowType wf : GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getWorkflows().getWorkflow()) {
if (wf.getName().equals(workflowName)) {
orgid = wf.getOrgid();
break;
}
}
PreCheckResponse preCheckResp = new PreCheckResponse();
if (request.getParameter("uuid") != null) {
preCheckResp.setUuid(request.getParameter("uuid").getValues().get(0));
}
checkPreCheck(request, userData, allowedOrgs, workflowName, orgid, preCheckResp);
ScaleJSUtils.addCacheHeaders(response);
response.getWriter().print(gson.toJson(preCheckResp).trim());
response.getWriter().flush();
} catch (Throwable t) {
logger.error("Could not check for preapproval status", t);
response.setStatus(500);
response.setContentType("application/json");
ScaleJSUtils.addCacheHeaders(response);
ScaleError error = new ScaleError();
error.getErrors().add("Unable to check");
response.getWriter().print(gson.toJson(error).trim());
response.getWriter().flush();
}
} else if (request.getMethod().equalsIgnoreCase("PUT") && request.getRequestURI().endsWith("/main/workflows")) {
executeWorkflows(request, response, gson);
} else if (request.getMethod().equalsIgnoreCase("GET") && request.getRequestURI().endsWith("/main/approvals")) {
AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
String uid = userData.getAttribs().get(this.scaleConfig.getUidAttributeName()).getValues().get(0);
response.setContentType("application/json");
ScaleJSUtils.addCacheHeaders(response);
response.getWriter().println(gson.toJson(ServiceActions.listOpenApprovals(uid, this.scaleConfig.getDisplayNameAttribute(), GlobalEntries.getGlobalEntries().getConfigManager())).trim());
} else if (request.getMethod().equalsIgnoreCase("GET") && request.getRequestURI().contains("/main/approvals/")) {
loadApproval(request, response, gson);
} else if (request.getMethod().equalsIgnoreCase("PUT") && request.getRequestURI().contains("/main/approvals/")) {
int approvalID = Integer.parseInt(request.getRequestURI().substring(request.getRequestURI().lastIndexOf('/') + 1));
AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
String uid = userData.getAttribs().get(this.scaleConfig.getUidAttributeName()).getValues().get(0);
boolean ok = false;
ApprovalSummaries summaries = ServiceActions.listOpenApprovals(uid, this.scaleConfig.getDisplayNameAttribute(), GlobalEntries.getGlobalEntries().getConfigManager());
for (ApprovalSummary as : summaries.getApprovals()) {
if (as.getApproval() == approvalID) {
ok = true;
}
}
if (!ok) {
response.setStatus(401);
response.setContentType("application/json");
ScaleJSUtils.addCacheHeaders(response);
ScaleError error = new ScaleError();
error.getErrors().add("Unauthorized");
response.getWriter().print(gson.toJson(error).trim());
response.getWriter().flush();
} else {
ScaleApprovalData approvalData = gson.fromJson(new String((byte[]) request.getAttribute(ProxySys.MSG_BODY)), ScaleApprovalData.class);
try {
String approval = approvalData.getReason().trim();
if (approval.length() > 255) {
logger.warn("approval justification greater then 255 characters");
approval = approval.substring(0, 255);
}
GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().doApproval(approvalID, uid, approvalData.isApproved(), approval);
} catch (Exception e) {
logger.error("Could not execute approval", e);
response.setStatus(500);
ScaleError error = new ScaleError();
error.getErrors().add("There was a problem completeding your request, please contact your system administrator");
ScaleJSUtils.addCacheHeaders(response);
response.getWriter().print(gson.toJson(error).trim());
response.getWriter().flush();
}
}
} else if (request.getMethod().equalsIgnoreCase("GET") && request.getRequestURI().contains("/main/reports/org/")) {
loadReports(request, response, gson);
} else if (request.getMethod().equalsIgnoreCase("GET") && request.getRequestURI().contains("/main/reports/excel/")) {
exportToExcel(request, response, gson);
} else if (request.getMethod().equalsIgnoreCase("GET") && request.getRequestURI().contains("/main/reports/")) {
runReport(request, response, gson);
} else if (request.getMethod().equalsIgnoreCase("GET") && request.getRequestURI().endsWith("/main/urls")) {
AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
AzSys az = new AzSys();
PortalUrlsType pt = GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getPortal();
PortalURLs urls = new PortalURLs();
if (pt != null && pt.getUrls() != null) {
for (PortalUrlType url : pt.getUrls()) {
if (url.getAzRules() != null && url.getAzRules().getRule().size() > 0) {
ArrayList<AzRule> rules = new ArrayList<AzRule>();
for (AzRuleType art : url.getAzRules().getRule()) {
rules.add(new AzRule(art.getScope(), art.getConstraint(), art.getClassName(), GlobalEntries.getGlobalEntries().getConfigManager(), null));
}
if (!az.checkRules(userData, GlobalEntries.getGlobalEntries().getConfigManager(), rules, request.getSession(), this.appType, new HashMap<String, Object>())) {
continue;
}
}
PortalURL purl = new PortalURL();
purl.setName(url.getName());
purl.setLabel(url.getLabel());
purl.setOrg(url.getOrg());
purl.setUrl(url.getUrl());
purl.setIcon(url.getIcon());
urls.getUrls().add(purl);
}
}
ScaleJSUtils.addCacheHeaders(response);
response.getWriter().print(gson.toJson(urls.getUrls()).trim());
response.getWriter().flush();
} else if (request.getMethod().equalsIgnoreCase("GET") && request.getRequestURI().contains("/main/urls/org")) {
String id = URLDecoder.decode(request.getRequestURI().substring(request.getRequestURI().lastIndexOf('/') + 1), "UTF-8");
AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
AzSys az = new AzSys();
PortalUrlsType pt = GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getPortal();
PortalURLs urls = new PortalURLs();
for (PortalUrlType url : pt.getUrls()) {
if (url.getOrg().equalsIgnoreCase(id)) {
if (url.getAzRules() != null && url.getAzRules().getRule().size() > 0) {
ArrayList<AzRule> rules = new ArrayList<AzRule>();
for (AzRuleType art : url.getAzRules().getRule()) {
rules.add(new AzRule(art.getScope(), art.getConstraint(), art.getClassName(), GlobalEntries.getGlobalEntries().getConfigManager(), null));
}
if (!az.checkRules(userData, GlobalEntries.getGlobalEntries().getConfigManager(), rules, request.getSession(), this.appType, new HashMap<String, Object>())) {
continue;
}
}
PortalURL purl = new PortalURL();
purl.setName(url.getName());
purl.setLabel(url.getLabel());
purl.setOrg(url.getOrg());
purl.setUrl(url.getUrl());
purl.setIcon(url.getIcon());
urls.getUrls().add(purl);
}
}
ScaleJSUtils.addCacheHeaders(response);
response.getWriter().print(gson.toJson(urls.getUrls()).trim());
response.getWriter().flush();
} else {
response.setStatus(500);
ScaleError error = new ScaleError();
error.getErrors().add("Operation not supported");
ScaleJSUtils.addCacheHeaders(response);
response.getWriter().print(gson.toJson(error).trim());
response.getWriter().flush();
}
} catch (Throwable t) {
logger.error("Could not execute request", t);
response.setStatus(500);
ScaleError error = new ScaleError();
error.getErrors().add("Operation not supported");
ScaleJSUtils.addCacheHeaders(response);
response.getWriter().print(gson.toJson(error).trim());
response.getWriter().flush();
}
}
Aggregations