Search in sources :

Example 1 with ScaleError

use of com.tremolosecurity.scalejs.data.ScaleError in project OpenUnison by TremoloSecurity.

the class ScaleMain method runReport.

private void runReport(final HttpFilterRequest request, final HttpFilterResponse response, final Gson gson) throws UnsupportedEncodingException, IOException, MalformedURLException, ProvisioningException, SQLException {
    String name = URLDecoder.decode(request.getRequestURI().substring(request.getRequestURI().lastIndexOf('/') + 1), "UTF-8");
    ReportType reportToRun = null;
    for (ReportType report : GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getReports().getReport()) {
        if (report.getName().equalsIgnoreCase(name)) {
            reportToRun = report;
            break;
        }
    }
    if (reportToRun == null) {
        response.setStatus(404);
        ScaleError error = new ScaleError();
        error.getErrors().add("Report not found");
        ScaleJSUtils.addCacheHeaders(response);
        response.getWriter().print(gson.toJson(error).trim());
        response.getWriter().flush();
    } else {
        HashSet<String> allowedOrgs = new HashSet<String>();
        final AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
        OrgType ot = GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getOrg();
        AzSys az = new AzSys();
        this.checkOrg(allowedOrgs, ot, az, userData, request.getSession());
        if (allowedOrgs.contains(reportToRun.getOrgID())) {
            Connection db = null;
            final ReportType reportToRunUse = reportToRun;
            try {
                Session session = GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getHibernateSessionFactory().openSession();
                session.doWork(new Work() {

                    public void execute(Connection connection) throws SQLException {
                        try {
                            generateReport(request, response, gson, reportToRunUse, userData, connection);
                        } catch (IOException e) {
                            throw new SQLException("Could not run reports", e);
                        }
                    }
                });
            } finally {
            }
        } else {
            response.setStatus(401);
            ScaleError error = new ScaleError();
            error.getErrors().add("Unauthorized");
            ScaleJSUtils.addCacheHeaders(response);
            response.getWriter().print(gson.toJson(error).trim());
            response.getWriter().flush();
        }
    }
}
Also used : AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo) SQLException(java.sql.SQLException) Connection(java.sql.Connection) ScaleError(com.tremolosecurity.scalejs.data.ScaleError) XSSFRichTextString(org.apache.poi.xssf.usermodel.XSSFRichTextString) RichTextString(org.apache.poi.ss.usermodel.RichTextString) IOException(java.io.IOException) AuthController(com.tremolosecurity.proxy.auth.AuthController) OrgType(com.tremolosecurity.config.xml.OrgType) AzSys(com.tremolosecurity.proxy.auth.AzSys) Work(org.hibernate.jdbc.Work) ReportType(com.tremolosecurity.config.xml.ReportType) HashSet(java.util.HashSet) Session(org.hibernate.Session) HttpSession(javax.servlet.http.HttpSession)

Example 2 with ScaleError

use of com.tremolosecurity.scalejs.data.ScaleError in project OpenUnison by TremoloSecurity.

the class ScaleMain method loadWorkflows.

private void loadWorkflows(HttpFilterRequest request, HttpFilterResponse response, Gson gson) throws Exception {
    String orgid = request.getRequestURI().substring(request.getRequestURI().lastIndexOf('/') + 1);
    ConfigManager cfgMgr = GlobalEntries.getGlobalEntries().getConfigManager();
    HashSet<String> allowedOrgs = new HashSet<String>();
    AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
    OrgType ot = GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getOrg();
    AzSys az = new AzSys();
    this.checkOrg(allowedOrgs, ot, az, userData, request.getSession());
    if (!allowedOrgs.contains(orgid)) {
        response.setStatus(401);
        response.setContentType("application/json");
        ScaleError error = new ScaleError();
        error.getErrors().add("Unauthorized");
        ScaleJSUtils.addCacheHeaders(response);
        response.getWriter().print(gson.toJson(error).trim());
        response.getWriter().flush();
    } else {
        List<WorkflowType> wfs = GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getWorkflows().getWorkflow();
        ArrayList<WFDescription> workflows = new ArrayList<WFDescription>();
        for (WorkflowType wf : wfs) {
            if (wf.isInList() != null && wf.isInList().booleanValue()) {
                if (wf.getOrgid() == null || wf.getOrgid().equalsIgnoreCase(orgid)) {
                    if (wf.getDynamicConfiguration() != null && wf.getDynamicConfiguration().isDynamic()) {
                        HashMap<String, Attribute> params = new HashMap<String, Attribute>();
                        if (wf.getDynamicConfiguration().getParam() != null) {
                            for (ParamType p : wf.getDynamicConfiguration().getParam()) {
                                Attribute attr = params.get(p.getName());
                                if (attr == null) {
                                    attr = new Attribute(p.getName());
                                    params.put(p.getName(), attr);
                                }
                                attr.getValues().add(p.getValue());
                            }
                        }
                        DynamicWorkflow dwf = (DynamicWorkflow) Class.forName(wf.getDynamicConfiguration().getClassName()).newInstance();
                        List<Map<String, String>> wfParams = dwf.generateWorkflows(wf, cfgMgr, params, userData);
                        StringBuffer b = new StringBuffer();
                        b.append('/').append(URLEncoder.encode(wf.getName(), "UTF-8"));
                        String uri = b.toString();
                        for (Map<String, String> wfParamSet : wfParams) {
                            DateTime now = new DateTime();
                            DateTime expires = now.plusHours(1);
                            LastMile lm = new LastMile(uri, now, expires, 0, "");
                            for (String key : wfParamSet.keySet()) {
                                String val = wfParamSet.get(key);
                                Attribute attr = new Attribute(key, val);
                                lm.getAttributes().add(attr);
                            }
                            WFDescription desc = new WFDescription();
                            desc.setUuid(UUID.randomUUID().toString());
                            desc.setName(wf.getName());
                            ST st = new ST(wf.getLabel(), '$', '$');
                            for (String key : wfParamSet.keySet()) {
                                st.add(key.replaceAll("[.]", "_"), wfParamSet.get(key));
                            }
                            desc.setLabel(st.render());
                            st = new ST(wf.getDescription(), '$', '$');
                            for (String key : wfParamSet.keySet()) {
                                st.add(key.replaceAll("[.]", "_"), wfParamSet.get(key));
                            }
                            desc.setDescription(st.render());
                            desc.setEncryptedParams(lm.generateLastMileToken(cfgMgr.getSecretKey(cfgMgr.getCfg().getProvisioning().getApprovalDB().getEncryptionKey())));
                            workflows.add(desc);
                        }
                    } else {
                        WFDescription desc = new WFDescription();
                        desc.setUuid(UUID.randomUUID().toString());
                        desc.setName(wf.getName());
                        desc.setLabel(wf.getLabel());
                        desc.setDescription(wf.getDescription());
                        workflows.add(desc);
                    }
                }
            }
        }
        ScaleJSUtils.addCacheHeaders(response);
        response.setContentType("application/json");
        response.getWriter().println(gson.toJson(workflows).trim());
        response.getWriter().flush();
    }
}
Also used : Attribute(com.tremolosecurity.saml.Attribute) LDAPAttribute(com.novell.ldap.LDAPAttribute) ScaleAttribute(com.tremolosecurity.scalejs.cfg.ScaleAttribute) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) XSSFRichTextString(org.apache.poi.xssf.usermodel.XSSFRichTextString) RichTextString(org.apache.poi.ss.usermodel.RichTextString) DateTime(org.joda.time.DateTime) WFDescription(com.tremolosecurity.provisioning.service.util.WFDescription) DynamicWorkflow(com.tremolosecurity.provisioning.util.DynamicWorkflow) HashSet(java.util.HashSet) ST(org.stringtemplate.v4.ST) AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo) ScaleError(com.tremolosecurity.scalejs.data.ScaleError) AuthController(com.tremolosecurity.proxy.auth.AuthController) ConfigManager(com.tremolosecurity.config.util.ConfigManager) ParamType(com.tremolosecurity.config.xml.ParamType) LastMile(com.tremolosecurity.lastmile.LastMile) OrgType(com.tremolosecurity.config.xml.OrgType) WorkflowType(com.tremolosecurity.config.xml.WorkflowType) AzSys(com.tremolosecurity.proxy.auth.AzSys) Map(java.util.Map) HashMap(java.util.HashMap)

Example 3 with ScaleError

use of com.tremolosecurity.scalejs.data.ScaleError in project OpenUnison by TremoloSecurity.

the class ScaleMain method loadReports.

private void loadReports(HttpFilterRequest request, HttpFilterResponse response, Gson gson) throws MalformedURLException, ProvisioningException, IOException {
    String orgid = request.getRequestURI().substring(request.getRequestURI().lastIndexOf('/') + 1);
    ConfigManager cfgMgr = GlobalEntries.getGlobalEntries().getConfigManager();
    HashSet<String> allowedOrgs = new HashSet<String>();
    AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
    OrgType ot = GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getOrg();
    AzSys az = new AzSys();
    this.checkOrg(allowedOrgs, ot, az, userData, request.getSession());
    if (!allowedOrgs.contains(orgid)) {
        response.setStatus(401);
        response.setContentType("application/json");
        ScaleError error = new ScaleError();
        error.getErrors().add("Unauthorized");
        ScaleJSUtils.addCacheHeaders(response);
        response.getWriter().print(gson.toJson(error).trim());
        response.getWriter().flush();
    } else {
        ReportsType reports = GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getReports();
        ReportsList reportsList = new ReportsList();
        reportsList.setReports(new ArrayList<ReportInformation>());
        if (reports != null && reports.getReport() != null) {
            for (ReportType report : reports.getReport()) {
                if (report.getOrgID().equals(orgid)) {
                    ReportInformation ri = new ReportInformation();
                    ri.setName(report.getName());
                    ri.setDescription(report.getDescription());
                    ri.setOrgID(report.getOrgID());
                    ri.setParameters(new ArrayList<String>());
                    ri.getParameters().addAll(report.getParamater());
                    ri.getParameters().remove("currentUser");
                    reportsList.getReports().add(ri);
                }
            }
        }
        response.setContentType("application/json");
        ScaleJSUtils.addCacheHeaders(response);
        response.getWriter().println(gson.toJson(reportsList).trim());
        response.getWriter().flush();
    }
}
Also used : AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo) ReportsList(com.tremolosecurity.provisioning.service.util.ReportsList) ScaleError(com.tremolosecurity.scalejs.data.ScaleError) XSSFRichTextString(org.apache.poi.xssf.usermodel.XSSFRichTextString) RichTextString(org.apache.poi.ss.usermodel.RichTextString) AuthController(com.tremolosecurity.proxy.auth.AuthController) ConfigManager(com.tremolosecurity.config.util.ConfigManager) ReportInformation(com.tremolosecurity.provisioning.service.util.ReportInformation) OrgType(com.tremolosecurity.config.xml.OrgType) AzSys(com.tremolosecurity.proxy.auth.AzSys) ReportsType(com.tremolosecurity.config.xml.ReportsType) ReportType(com.tremolosecurity.config.xml.ReportType) HashSet(java.util.HashSet)

Example 4 with ScaleError

use of com.tremolosecurity.scalejs.data.ScaleError in project OpenUnison by TremoloSecurity.

the class ScaleMain method doFilter.

@Override
public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception {
    Gson gson = new Gson();
    request.getServletRequest().setAttribute("com.tremolosecurity.unison.proxy.noRedirectOnError", "com.tremolosecurity.unison.proxy.noRedirectOnError");
    try {
        if (request.getRequestURI().endsWith("/main/config")) {
            if (scaleConfig.getUiDecisions() != null) {
                AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
                Set<String> allowedAttrs = this.scaleConfig.getUiDecisions().availableAttributes(userData, request.getServletRequest());
                ScaleConfig local = new ScaleConfig(this.scaleConfig);
                if (allowedAttrs != null) {
                    for (String attrName : this.scaleConfig.getAttributes().keySet()) {
                        if (!allowedAttrs.contains(attrName)) {
                            local.getAttributes().remove(attrName);
                        }
                    }
                }
                local.setCanEditUser(this.scaleConfig.getUiDecisions().canEditUser(userData, request.getServletRequest()));
                ScaleJSUtils.addCacheHeaders(response);
                response.setContentType("application/json");
                response.getWriter().println(gson.toJson(local).trim());
            } else {
                ScaleJSUtils.addCacheHeaders(response);
                response.setContentType("application/json");
                response.getWriter().println(gson.toJson(scaleConfig).trim());
            }
        } else if (request.getMethod().equalsIgnoreCase("GET") && request.getRequestURI().endsWith("/main/user")) {
            lookupUser(request, response, gson);
        } else if (request.getMethod().equalsIgnoreCase("PUT") && request.getRequestURI().endsWith("/main/user")) {
            saveUser(request, response, gson);
        } else if (request.getMethod().equalsIgnoreCase("GET") && request.getRequestURI().endsWith("/main/orgs")) {
            AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
            AzSys az = new AzSys();
            OrgType ot = GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getOrg();
            Organization org = new Organization();
            copyOrg(org, ot, az, userData);
            ScaleJSUtils.addCacheHeaders(response);
            response.setContentType("application/json");
            response.getWriter().println(gson.toJson(org).trim());
        } else if (request.getMethod().equalsIgnoreCase("GET") && request.getRequestURI().contains("/main/workflows/org/")) {
            loadWorkflows(request, response, gson);
        } else if (request.getMethod().equalsIgnoreCase("GET") && request.getRequestURI().contains("/main/workflows/candelegate")) {
            try {
                AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
                OrgType ot = GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getOrg();
                AzSys az = new AzSys();
                HashSet<String> allowedOrgs = new HashSet<String>();
                this.checkOrg(allowedOrgs, ot, az, userData, request.getSession());
                String workflowName = request.getParameter("workflowName").getValues().get(0);
                // need to check org
                String orgid = null;
                for (WorkflowType wf : GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getWorkflows().getWorkflow()) {
                    if (wf.getName().equals(workflowName)) {
                        orgid = wf.getOrgid();
                        break;
                    }
                }
                PreCheckResponse preCheckResp = new PreCheckResponse();
                if (request.getParameter("uuid") != null) {
                    preCheckResp.setUuid(request.getParameter("uuid").getValues().get(0));
                }
                checkPreCheck(request, userData, allowedOrgs, workflowName, orgid, preCheckResp);
                ScaleJSUtils.addCacheHeaders(response);
                response.getWriter().print(gson.toJson(preCheckResp).trim());
                response.getWriter().flush();
            } catch (Throwable t) {
                logger.error("Could not check for preapproval status", t);
                response.setStatus(500);
                response.setContentType("application/json");
                ScaleJSUtils.addCacheHeaders(response);
                ScaleError error = new ScaleError();
                error.getErrors().add("Unable to check");
                response.getWriter().print(gson.toJson(error).trim());
                response.getWriter().flush();
            }
        } else if (request.getMethod().equalsIgnoreCase("PUT") && request.getRequestURI().endsWith("/main/workflows")) {
            executeWorkflows(request, response, gson);
        } else if (request.getMethod().equalsIgnoreCase("GET") && request.getRequestURI().endsWith("/main/approvals")) {
            AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
            String uid = userData.getAttribs().get(this.scaleConfig.getUidAttributeName()).getValues().get(0);
            response.setContentType("application/json");
            ScaleJSUtils.addCacheHeaders(response);
            response.getWriter().println(gson.toJson(ServiceActions.listOpenApprovals(uid, this.scaleConfig.getDisplayNameAttribute(), GlobalEntries.getGlobalEntries().getConfigManager())).trim());
        } else if (request.getMethod().equalsIgnoreCase("GET") && request.getRequestURI().contains("/main/approvals/")) {
            loadApproval(request, response, gson);
        } else if (request.getMethod().equalsIgnoreCase("PUT") && request.getRequestURI().contains("/main/approvals/")) {
            int approvalID = Integer.parseInt(request.getRequestURI().substring(request.getRequestURI().lastIndexOf('/') + 1));
            AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
            String uid = userData.getAttribs().get(this.scaleConfig.getUidAttributeName()).getValues().get(0);
            boolean ok = false;
            ApprovalSummaries summaries = ServiceActions.listOpenApprovals(uid, this.scaleConfig.getDisplayNameAttribute(), GlobalEntries.getGlobalEntries().getConfigManager());
            for (ApprovalSummary as : summaries.getApprovals()) {
                if (as.getApproval() == approvalID) {
                    ok = true;
                }
            }
            if (!ok) {
                response.setStatus(401);
                response.setContentType("application/json");
                ScaleJSUtils.addCacheHeaders(response);
                ScaleError error = new ScaleError();
                error.getErrors().add("Unauthorized");
                response.getWriter().print(gson.toJson(error).trim());
                response.getWriter().flush();
            } else {
                ScaleApprovalData approvalData = gson.fromJson(new String((byte[]) request.getAttribute(ProxySys.MSG_BODY)), ScaleApprovalData.class);
                try {
                    String approval = approvalData.getReason().trim();
                    if (approval.length() > 255) {
                        logger.warn("approval justification greater then 255 characters");
                        approval = approval.substring(0, 255);
                    }
                    GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().doApproval(approvalID, uid, approvalData.isApproved(), approval);
                } catch (Exception e) {
                    logger.error("Could not execute approval", e);
                    response.setStatus(500);
                    ScaleError error = new ScaleError();
                    error.getErrors().add("There was a problem completeding your request, please contact your system administrator");
                    ScaleJSUtils.addCacheHeaders(response);
                    response.getWriter().print(gson.toJson(error).trim());
                    response.getWriter().flush();
                }
            }
        } else if (request.getMethod().equalsIgnoreCase("GET") && request.getRequestURI().contains("/main/reports/org/")) {
            loadReports(request, response, gson);
        } else if (request.getMethod().equalsIgnoreCase("GET") && request.getRequestURI().contains("/main/reports/excel/")) {
            exportToExcel(request, response, gson);
        } else if (request.getMethod().equalsIgnoreCase("GET") && request.getRequestURI().contains("/main/reports/")) {
            runReport(request, response, gson);
        } else if (request.getMethod().equalsIgnoreCase("GET") && request.getRequestURI().endsWith("/main/urls")) {
            AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
            AzSys az = new AzSys();
            PortalUrlsType pt = GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getPortal();
            PortalURLs urls = new PortalURLs();
            if (pt != null && pt.getUrls() != null) {
                for (PortalUrlType url : pt.getUrls()) {
                    if (url.getAzRules() != null && url.getAzRules().getRule().size() > 0) {
                        ArrayList<AzRule> rules = new ArrayList<AzRule>();
                        for (AzRuleType art : url.getAzRules().getRule()) {
                            rules.add(new AzRule(art.getScope(), art.getConstraint(), art.getClassName(), GlobalEntries.getGlobalEntries().getConfigManager(), null));
                        }
                        if (!az.checkRules(userData, GlobalEntries.getGlobalEntries().getConfigManager(), rules, request.getSession(), this.appType, new HashMap<String, Object>())) {
                            continue;
                        }
                    }
                    PortalURL purl = new PortalURL();
                    purl.setName(url.getName());
                    purl.setLabel(url.getLabel());
                    purl.setOrg(url.getOrg());
                    purl.setUrl(url.getUrl());
                    purl.setIcon(url.getIcon());
                    urls.getUrls().add(purl);
                }
            }
            ScaleJSUtils.addCacheHeaders(response);
            response.getWriter().print(gson.toJson(urls.getUrls()).trim());
            response.getWriter().flush();
        } else if (request.getMethod().equalsIgnoreCase("GET") && request.getRequestURI().contains("/main/urls/org")) {
            String id = URLDecoder.decode(request.getRequestURI().substring(request.getRequestURI().lastIndexOf('/') + 1), "UTF-8");
            AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
            AzSys az = new AzSys();
            PortalUrlsType pt = GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getPortal();
            PortalURLs urls = new PortalURLs();
            for (PortalUrlType url : pt.getUrls()) {
                if (url.getOrg().equalsIgnoreCase(id)) {
                    if (url.getAzRules() != null && url.getAzRules().getRule().size() > 0) {
                        ArrayList<AzRule> rules = new ArrayList<AzRule>();
                        for (AzRuleType art : url.getAzRules().getRule()) {
                            rules.add(new AzRule(art.getScope(), art.getConstraint(), art.getClassName(), GlobalEntries.getGlobalEntries().getConfigManager(), null));
                        }
                        if (!az.checkRules(userData, GlobalEntries.getGlobalEntries().getConfigManager(), rules, request.getSession(), this.appType, new HashMap<String, Object>())) {
                            continue;
                        }
                    }
                    PortalURL purl = new PortalURL();
                    purl.setName(url.getName());
                    purl.setLabel(url.getLabel());
                    purl.setOrg(url.getOrg());
                    purl.setUrl(url.getUrl());
                    purl.setIcon(url.getIcon());
                    urls.getUrls().add(purl);
                }
            }
            ScaleJSUtils.addCacheHeaders(response);
            response.getWriter().print(gson.toJson(urls.getUrls()).trim());
            response.getWriter().flush();
        } else {
            response.setStatus(500);
            ScaleError error = new ScaleError();
            error.getErrors().add("Operation not supported");
            ScaleJSUtils.addCacheHeaders(response);
            response.getWriter().print(gson.toJson(error).trim());
            response.getWriter().flush();
        }
    } catch (Throwable t) {
        logger.error("Could not execute request", t);
        response.setStatus(500);
        ScaleError error = new ScaleError();
        error.getErrors().add("Operation not supported");
        ScaleJSUtils.addCacheHeaders(response);
        response.getWriter().print(gson.toJson(error).trim());
        response.getWriter().flush();
    }
}
Also used : Organization(com.tremolosecurity.provisioning.service.util.Organization) PortalUrlType(com.tremolosecurity.config.xml.PortalUrlType) PortalURL(com.tremolosecurity.provisioning.service.util.PortalURL) HashMap(java.util.HashMap) PortalURLs(com.tremolosecurity.provisioning.service.util.PortalURLs) ArrayList(java.util.ArrayList) Gson(com.google.gson.Gson) PortalUrlsType(com.tremolosecurity.config.xml.PortalUrlsType) XSSFRichTextString(org.apache.poi.xssf.usermodel.XSSFRichTextString) RichTextString(org.apache.poi.ss.usermodel.RichTextString) AzRuleType(com.tremolosecurity.config.xml.AzRuleType) ApprovalSummaries(com.tremolosecurity.provisioning.service.util.ApprovalSummaries) HashSet(java.util.HashSet) ApprovalSummary(com.tremolosecurity.provisioning.service.util.ApprovalSummary) AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo) PreCheckResponse(com.tremolosecurity.scalejs.data.PreCheckResponse) ScaleApprovalData(com.tremolosecurity.scalejs.data.ScaleApprovalData) ScaleError(com.tremolosecurity.scalejs.data.ScaleError) AuthController(com.tremolosecurity.proxy.auth.AuthController) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) LDAPException(com.novell.ldap.LDAPException) SQLException(java.sql.SQLException) IOException(java.io.IOException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) MalformedURLException(java.net.MalformedURLException) OrgType(com.tremolosecurity.config.xml.OrgType) WorkflowType(com.tremolosecurity.config.xml.WorkflowType) AzSys(com.tremolosecurity.proxy.auth.AzSys) JsonObject(com.google.gson.JsonObject) AzRule(com.tremolosecurity.proxy.az.AzRule) ScaleConfig(com.tremolosecurity.scalejs.cfg.ScaleConfig)

Example 5 with ScaleError

use of com.tremolosecurity.scalejs.data.ScaleError in project OpenUnison by TremoloSecurity.

the class ScalePassword method doFilter.

@Override
public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception {
    Gson gson = new Gson();
    request.getServletRequest().setAttribute("com.tremolosecurity.unison.proxy.noRedirectOnError", "com.tremolosecurity.unison.proxy.noRedirectOnError");
    if (request.getRequestURI().endsWith("/password/config")) {
        response.setContentType("application/json");
        ScalePasswordUser ssru = new ScalePasswordUser();
        ssru.setConfig(scaleConfig);
        AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
        Attribute displayNameAttribute = userData.getAttribs().get(this.scaleConfig.getDisplayNameAttribute());
        if (displayNameAttribute != null) {
            ssru.setDisplayName(displayNameAttribute.getValues().get(0));
        } else {
            ssru.setDisplayName("Unknown");
        }
        ScaleJSUtils.addCacheHeaders(response);
        response.getWriter().println(gson.toJson(ssru).trim());
    } else if (request.getMethod().equalsIgnoreCase("POST") && request.getRequestURI().endsWith("/password/submit")) {
        AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
        String json = new String((byte[]) request.getAttribute(ProxySys.MSG_BODY));
        ScaleJSPasswordRequest sr = gson.fromJson(json, ScaleJSPasswordRequest.class);
        ScaleError errors = new ScaleError();
        if (sr.getPassword1() == null || sr.getPassword2() == null) {
            errors.getErrors().add("Passwords are missing");
        } else if (!sr.getPassword1().equals(sr.getPassword2())) {
            errors.getErrors().add("Passwords do not match");
        } else {
            List<String> valErrors = this.validator.validate(sr.getPassword1(), userData);
            if (valErrors != null && !valErrors.isEmpty()) {
                errors.getErrors().addAll(valErrors);
            }
            if (errors.getErrors().isEmpty()) {
                ConfigManager cfgMgr = GlobalEntries.getGlobalEntries().getConfigManager();
                WFCall wfCall = new WFCall();
                wfCall.setName(this.scaleConfig.getWorkflowName());
                wfCall.setReason(this.scaleConfig.getReason());
                wfCall.setUidAttributeName(this.scaleConfig.getUidAttribute());
                if (this.scaleConfig.isRunSynchronously()) {
                    wfCall.getRequestParams().put(ProvisioningParams.UNISON_EXEC_TYPE, ProvisioningParams.UNISON_EXEC_SYNC);
                } else {
                    wfCall.getRequestParams().put(ProvisioningParams.UNISON_EXEC_TYPE, ProvisioningParams.UNISON_EXEC_ASYNC);
                }
                TremoloUser tu = new TremoloUser();
                tu.setUid(userData.getAttribs().get(this.scaleConfig.getUidAttribute()).getValues().get(0));
                tu.getAttributes().add(new Attribute(this.scaleConfig.getUidAttribute(), userData.getAttribs().get(this.scaleConfig.getUidAttribute()).getValues().get(0)));
                tu.setUserPassword(sr.getPassword1());
                wfCall.setUser(tu);
                try {
                    com.tremolosecurity.provisioning.workflow.ExecuteWorkflow exec = new com.tremolosecurity.provisioning.workflow.ExecuteWorkflow();
                    exec.execute(wfCall, GlobalEntries.getGlobalEntries().getConfigManager());
                } catch (Exception e) {
                    logger.error("Could not update user", e);
                    if (this.scaleConfig.isRunSynchronously()) {
                        errors.getErrors().add("Unable to set your password, make sure it meets with complexity requirements");
                    } else {
                        errors.getErrors().add("Please contact your system administrator");
                    }
                }
            }
        }
        if (errors.getErrors().size() > 0) {
            response.setStatus(500);
            response.getWriter().print(gson.toJson(errors).trim());
            response.getWriter().flush();
        }
    }
}
Also used : AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo) WFCall(com.tremolosecurity.provisioning.service.util.WFCall) Attribute(com.tremolosecurity.saml.Attribute) Gson(com.google.gson.Gson) ScalePasswordUser(com.tremolosecurity.scalejs.password.data.ScalePasswordUser) ScaleError(com.tremolosecurity.scalejs.data.ScaleError) ScaleJSPasswordRequest(com.tremolosecurity.scalejs.password.data.ScaleJSPasswordRequest) AuthController(com.tremolosecurity.proxy.auth.AuthController) ConfigManager(com.tremolosecurity.config.util.ConfigManager) TremoloUser(com.tremolosecurity.provisioning.service.util.TremoloUser)

Aggregations

ScaleError (com.tremolosecurity.scalejs.data.ScaleError)11 AuthInfo (com.tremolosecurity.proxy.auth.AuthInfo)10 AuthController (com.tremolosecurity.proxy.auth.AuthController)9 Attribute (com.tremolosecurity.saml.Attribute)7 RichTextString (org.apache.poi.ss.usermodel.RichTextString)7 XSSFRichTextString (org.apache.poi.xssf.usermodel.XSSFRichTextString)7 ConfigManager (com.tremolosecurity.config.util.ConfigManager)6 Gson (com.google.gson.Gson)5 TremoloUser (com.tremolosecurity.provisioning.service.util.TremoloUser)5 WFCall (com.tremolosecurity.provisioning.service.util.WFCall)5 ArrayList (java.util.ArrayList)5 HashMap (java.util.HashMap)5 LDAPAttribute (com.novell.ldap.LDAPAttribute)4 OrgType (com.tremolosecurity.config.xml.OrgType)4 AzSys (com.tremolosecurity.proxy.auth.AzSys)4 ScaleAttribute (com.tremolosecurity.scalejs.cfg.ScaleAttribute)4 IOException (java.io.IOException)4 HashSet (java.util.HashSet)4 LDAPException (com.novell.ldap.LDAPException)3 LDAPSearchResults (com.novell.ldap.LDAPSearchResults)3