Example 1 with WorkflowRequest
use of com.tremolosecurity.scalejs.data.WorkflowRequest in project OpenUnison by TremoloSecurity.
the class ScaleMain method executeWorkflows.
private void executeWorkflows(HttpFilterRequest request, HttpFilterResponse response, Gson gson) throws Exception {
Type listType = new TypeToken<ArrayList<WorkflowRequest>>() {
}.getType();
byte[] requestBytes = (byte[]) request.getAttribute(ProxySys.MSG_BODY);
String requestString = new String(requestBytes, StandardCharsets.UTF_8);
List<WorkflowRequest> reqs = gson.fromJson(requestString, listType);
HashMap<String, String> results = new HashMap<String, String>();
for (WorkflowRequest req : reqs) {
if (req.getReason() == null || req.getReason().isEmpty()) {
results.put(req.getUuid(), "Reason is required");
} else {
HashSet<String> allowedOrgs = new HashSet<String>();
AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
OrgType ot = GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getOrg();
AzSys az = new AzSys();
this.checkOrg(allowedOrgs, ot, az, userData, request.getSession());
String orgid = null;
List<WorkflowType> wfs = GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getWorkflows().getWorkflow();
for (WorkflowType wf : wfs) {
if (wf.getName().equals(req.getName())) {
orgid = wf.getOrgid();
break;
}
}
if (orgid == null) {
results.put(req.getUuid(), "Not Found");
} else if (!allowedOrgs.contains(orgid)) {
results.put(req.getUuid(), "Unauthorized");
} else {
WFCall wfCall = new WFCall();
wfCall.setName(req.getName());
String requestReason = req.getReason().trim();
if (requestReason.length() > 255) {
logger.warn("Reason is oversized : " + requestReason.length());
requestReason = requestReason.substring(0, 255);
}
wfCall.setReason(requestReason);
wfCall.setUidAttributeName(this.scaleConfig.getUidAttributeName());
wfCall.setEncryptedParams(req.getEncryptedParams());
TremoloUser tu = new TremoloUser();
if (req.getSubjects() == null || req.getSubjects().isEmpty()) {
tu.setUid(userData.getAttribs().get(this.scaleConfig.getUidAttributeName()).getValues().get(0));
tu.getAttributes().add(new Attribute(this.scaleConfig.getUidAttributeName(), userData.getAttribs().get(this.scaleConfig.getUidAttributeName()).getValues().get(0)));
wfCall.setUser(tu);
try {
com.tremolosecurity.provisioning.workflow.ExecuteWorkflow exec = new com.tremolosecurity.provisioning.workflow.ExecuteWorkflow();
exec.execute(wfCall, GlobalEntries.getGlobalEntries().getConfigManager());
results.put(req.getUuid(), "success");
} catch (Exception e) {
logger.error("Could not update user", e);
results.put(req.getUuid(), "Error, please contact your system administrator");
}
} else {
PreCheckResponse preCheckResp = new PreCheckResponse();
checkPreCheck(request, userData, allowedOrgs, req.getName(), orgid, preCheckResp);
StringBuffer errors = new StringBuffer();
if (preCheckResp.isCanDelegate()) {
for (String subject : req.getSubjects()) {
// execute for each subject
wfCall = new WFCall();
wfCall.setName(req.getName());
wfCall.setReason(req.getReason());
wfCall.setUidAttributeName(this.scaleConfig.getUidAttributeName());
wfCall.setEncryptedParams(req.getEncryptedParams());
wfCall.setRequestor(userData.getAttribs().get(this.scaleConfig.getUidAttributeName()).getValues().get(0));
tu = new TremoloUser();
wfCall.setUser(tu);
LDAPSearchResults searchRes = GlobalEntries.getGlobalEntries().getConfigManager().getMyVD().search(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getLdapRoot(), 2, equal(this.scaleConfig.getUidAttributeName(), subject).toString(), new ArrayList<String>());
if (searchRes.hasMore()) {
LDAPEntry entry = searchRes.next();
if (entry == null) {
errors.append("Error, user " + subject + " does not exist;");
} else {
startSubjectWorkflow(errors, req, wfCall, tu, subject, entry, preCheckResp);
}
} else {
errors.append("Error, user " + subject + " does not exist;");
}
while (searchRes.hasMore()) searchRes.next();
}
if (errors.length() == 0) {
results.put(req.getUuid(), "success");
} else {
results.put(req.getUuid(), errors.toString().substring(0, errors.toString().length() - 1));
}
} else {
results.put(req.getUuid(), "Unable to submit");
logger.warn("User '" + userData.getUserDN() + "' not allowed to request for others for '" + req.getName() + "'");
}
}
}
}
}
ScaleJSUtils.addCacheHeaders(response);
response.setContentType("application/json");
response.getWriter().println(gson.toJson(results).trim());
}
Also used :
HashMap(java.util.HashMap)
Attribute(com.tremolosecurity.saml.Attribute)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
ScaleAttribute(com.tremolosecurity.scalejs.cfg.ScaleAttribute)
ArrayList(java.util.ArrayList)
XSSFRichTextString(org.apache.poi.xssf.usermodel.XSSFRichTextString)
RichTextString(org.apache.poi.ss.usermodel.RichTextString)
LDAPEntry(com.novell.ldap.LDAPEntry)
TremoloUser(com.tremolosecurity.provisioning.service.util.TremoloUser)
HashSet(java.util.HashSet)
AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo)
WFCall(com.tremolosecurity.provisioning.service.util.WFCall)
PreCheckResponse(com.tremolosecurity.scalejs.data.PreCheckResponse)
AuthController(com.tremolosecurity.proxy.auth.AuthController)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
LDAPException(com.novell.ldap.LDAPException)
SQLException(java.sql.SQLException)
IOException(java.io.IOException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
MalformedURLException(java.net.MalformedURLException)
OrgType(com.tremolosecurity.config.xml.OrgType)
ReportType(com.tremolosecurity.config.xml.ReportType)
ReportsType(com.tremolosecurity.config.xml.ReportsType)
PortalUrlsType(com.tremolosecurity.config.xml.PortalUrlsType)
ApplicationType(com.tremolosecurity.config.xml.ApplicationType)
Type(java.lang.reflect.Type)
PortalUrlType(com.tremolosecurity.config.xml.PortalUrlType)
ParamType(com.tremolosecurity.config.xml.ParamType)
AzRuleType(com.tremolosecurity.config.xml.AzRuleType)
WorkflowType(com.tremolosecurity.config.xml.WorkflowType)
LDAPSearchResults(com.novell.ldap.LDAPSearchResults)
OrgType(com.tremolosecurity.config.xml.OrgType)
WorkflowType(com.tremolosecurity.config.xml.WorkflowType)
AzSys(com.tremolosecurity.proxy.auth.AzSys)
WorkflowRequest(com.tremolosecurity.scalejs.data.WorkflowRequest)
Aggregations
LDAPAttribute (com.novell.ldap.LDAPAttribute)1
LDAPEntry (com.novell.ldap.LDAPEntry)1
LDAPException (com.novell.ldap.LDAPException)1
LDAPSearchResults (com.novell.ldap.LDAPSearchResults)1
ApplicationType (com.tremolosecurity.config.xml.ApplicationType)1
AzRuleType (com.tremolosecurity.config.xml.AzRuleType)1
OrgType (com.tremolosecurity.config.xml.OrgType)1
ParamType (com.tremolosecurity.config.xml.ParamType)1
PortalUrlType (com.tremolosecurity.config.xml.PortalUrlType)1
PortalUrlsType (com.tremolosecurity.config.xml.PortalUrlsType)1
ReportType (com.tremolosecurity.config.xml.ReportType)1
ReportsType (com.tremolosecurity.config.xml.ReportsType)1
WorkflowType (com.tremolosecurity.config.xml.WorkflowType)1
ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)1
TremoloUser (com.tremolosecurity.provisioning.service.util.TremoloUser)1
WFCall (com.tremolosecurity.provisioning.service.util.WFCall)1
AuthController (com.tremolosecurity.proxy.auth.AuthController)1
AuthInfo (com.tremolosecurity.proxy.auth.AuthInfo)1
AzSys (com.tremolosecurity.proxy.auth.AzSys)1
Attribute (com.tremolosecurity.saml.Attribute)1
