Example 46 with AuthToken
use of com.zimbra.cs.account.AuthToken in project zm-mailbox by Zimbra.
the class ProxyTarget method execute.
public Pair<Element, Element> execute(Element request, ZimbraSoapContext zsc) throws ServiceException {
if (zsc == null)
return new Pair<Element, Element>(null, dispatch(request));
SoapProtocol proto = request instanceof Element.JSONElement ? SoapProtocol.SoapJS : SoapProtocol.Soap12;
if (proto == SoapProtocol.Soap12 && zsc.getRequestProtocol() == SoapProtocol.Soap11) {
proto = SoapProtocol.Soap11;
}
/* Bug 77604 When a user has been configured to change their password on next login, the resulting proxied
* ChangePasswordRequest was failing because account was specified in context but no authentication token
* was supplied. The server handler rejects a context which has account information but no authentication
* info - see ZimbraSoapContext constructor - solution is to exclude the account info from the context.
*/
boolean excludeAccountDetails = AccountConstants.CHANGE_PASSWORD_REQUEST.equals(request.getQName());
Element envelope = proto.soapEnvelope(request, zsc.toProxyContext(proto, excludeAccountDetails));
SoapHttpTransport transport = null;
try {
transport = new SoapHttpTransport(mURL);
transport.setTargetAcctId(zsc.getRequestedAccountId());
if (mMaxAttempts > 0)
transport.setRetryCount(mMaxAttempts);
if (mTimeout >= 0)
transport.setTimeout((int) Math.min(mTimeout, Integer.MAX_VALUE));
transport.setResponseProtocol(zsc.getResponseProtocol());
AuthToken authToken = AuthToken.getCsrfUnsecuredAuthToken(zsc.getAuthToken());
if (authToken != null && !StringUtil.isNullOrEmpty(authToken.getProxyAuthToken())) {
transport.setAuthToken(authToken.getProxyAuthToken());
}
if (ZimbraLog.soap.isDebugEnabled()) {
ZimbraLog.soap.debug("Proxying request: proxy=%s targetAcctId=%s", toString(), zsc.getRequestedAccountId());
}
disableCsrfFlagInAuthToken(envelope, authToken, request.getQName());
Element response = transport.invokeRaw(envelope);
Element body = transport.extractBodyElement(response);
return new Pair<Element, Element>(transport.getZimbraContext(), body);
} catch (IOException e) {
throw ServiceException.PROXY_ERROR(e, mURL);
} finally {
if (transport != null)
transport.shutdown();
}
}
Also used :
Element(com.zimbra.common.soap.Element)
SoapProtocol(com.zimbra.common.soap.SoapProtocol)
AuthToken(com.zimbra.cs.account.AuthToken)
SoapHttpTransport(com.zimbra.common.soap.SoapHttpTransport)
IOException(java.io.IOException)
Pair(com.zimbra.common.util.Pair)
Example 47 with AuthToken
use of com.zimbra.cs.account.AuthToken in project zm-mailbox by Zimbra.
the class ExternalUserProvServlet method doGet.
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
String param = req.getParameter("p");
if (param == null) {
throw new ServletException("request missing param");
}
Map<Object, Object> tokenMap = validatePrelimToken(param);
Map<String, String> reqHeaders = new HashMap<String, String>();
String ownerId = (String) tokenMap.get("aid");
String folderId = (String) tokenMap.get("fid");
String extUserEmail = (String) tokenMap.get("email");
Provisioning prov = Provisioning.getInstance();
Account grantee;
try {
Account owner = prov.getAccountById(ownerId);
Domain domain = prov.getDomain(owner);
grantee = prov.getAccountByName(mapExtEmailToAcctName(extUserEmail, domain));
if (grantee == null) {
// external virtual account not created yet
if (prov.isOctopus() && DebugConfig.skipVirtualAccountRegistrationPage) {
// provision using 'null' password and display name
// UI will ask the user to set these post provisioning
provisionVirtualAccountAndRedirect(req, resp, null, null, ownerId, extUserEmail);
} else {
resp.addCookie(new Cookie("ZM_PRELIM_AUTH_TOKEN", param));
req.setAttribute("extuseremail", extUserEmail);
if (WebClientServiceUtil.isServerInSplitMode()) {
reqHeaders.put("extuseremail", extUserEmail);
reqHeaders.put("ZM_PRELIM_AUTH_TOKEN", param);
String htmlresp = WebClientServiceUtil.sendServiceRequestToOneRandomUiNode(EXT_USER_PROV_ON_UI_NODE, reqHeaders);
resp.getWriter().print(htmlresp);
} else {
ServletContext context = getServletContext().getContext("/zimbra");
if (context != null) {
RequestDispatcher dispatcher = context.getRequestDispatcher(PUBLIC_EXTUSERPROV_JSP);
dispatcher.forward(req, resp);
} else {
logger.warn("Could not access servlet context url /zimbra");
throw ServiceException.TEMPORARILY_UNAVAILABLE();
}
}
}
} else {
// create a new mountpoint in the external user's mailbox if not already created
String[] sharedItems = owner.getSharedItem();
int sharedFolderId = Integer.valueOf(folderId);
String sharedFolderPath = null;
MailItem.Type sharedFolderView = null;
for (String sharedItem : sharedItems) {
ShareInfoData sid = AclPushSerializer.deserialize(sharedItem);
if (sid.getItemId() == sharedFolderId && extUserEmail.equalsIgnoreCase(sid.getGranteeId())) {
sharedFolderPath = sid.getPath();
sharedFolderView = sid.getFolderDefaultViewCode();
break;
}
}
if (sharedFolderPath == null) {
throw new ServletException("share not found");
}
String mountpointName = getMountpointName(owner, grantee, sharedFolderPath);
ZMailbox.Options options = new ZMailbox.Options();
options.setNoSession(true);
options.setAuthToken(AuthProvider.getAuthToken(grantee).toZAuthToken());
options.setUri(AccountUtil.getSoapUri(grantee));
ZMailbox zMailbox = new ZMailbox(options);
ZMountpoint zMtpt = null;
try {
zMtpt = zMailbox.createMountpoint(String.valueOf(getMptParentFolderId(sharedFolderView, prov)), mountpointName, ZFolder.View.fromString(sharedFolderView.toString()), ZFolder.Color.DEFAULTCOLOR, null, ZMailbox.OwnerBy.BY_ID, ownerId, ZMailbox.SharedItemBy.BY_ID, folderId, false);
} catch (ServiceException e) {
logger.debug("Error in attempting to create mountpoint. Probably it already exists.", e);
}
if (zMtpt != null) {
if (sharedFolderView == MailItem.Type.APPOINTMENT) {
// make sure that the mountpoint is checked in the UI by default
FolderActionSelector actionSelector = new FolderActionSelector(zMtpt.getId(), "check");
FolderActionRequest actionRequest = new FolderActionRequest(actionSelector);
try {
zMailbox.invokeJaxb(actionRequest);
} catch (ServiceException e) {
logger.warn("Error in invoking check action on calendar mountpoint", e);
}
}
HashSet<MailItem.Type> types = new HashSet<MailItem.Type>();
types.add(sharedFolderView);
enableAppFeatures(grantee, types);
}
// check if the external user is already logged-in
String zAuthTokenCookie = null;
javax.servlet.http.Cookie[] cookies = req.getCookies();
if (cookies != null) {
for (Cookie cookie : cookies) {
if (cookie.getName().equals("ZM_AUTH_TOKEN")) {
zAuthTokenCookie = cookie.getValue();
break;
}
}
}
AuthToken zAuthToken = null;
if (zAuthTokenCookie != null) {
try {
zAuthToken = AuthProvider.getAuthToken(zAuthTokenCookie);
} catch (AuthTokenException ignored) {
// auth token is not valid
}
}
if (zAuthToken != null && !zAuthToken.isExpired() && zAuthToken.isRegistered() && grantee.getId().equals(zAuthToken.getAccountId())) {
// external virtual account already logged-in
resp.sendRedirect("/");
} else if (prov.isOctopus() && !grantee.isVirtualAccountInitialPasswordSet() && DebugConfig.skipVirtualAccountRegistrationPage) {
// seems like the virtual user did not set his password during his last visit, after an account was
// provisioned for him
setCookieAndRedirect(req, resp, grantee);
} else {
req.setAttribute("virtualacctdomain", domain.getName());
if (WebClientServiceUtil.isServerInSplitMode()) {
reqHeaders.put("virtualacctdomain", domain.getName());
String htmlresp = WebClientServiceUtil.sendServiceRequestToOneRandomUiNode(PUBLIC_LOGIN_ON_UI_NODE, reqHeaders);
resp.getWriter().print(htmlresp);
} else {
RequestDispatcher dispatcher = getServletContext().getContext("/zimbra").getRequestDispatcher(PUBLIC_LOGIN_JSP);
dispatcher.forward(req, resp);
}
}
}
} catch (ServiceException e) {
throw new ServletException(e);
}
}
Also used :
ZMountpoint(com.zimbra.client.ZMountpoint)
GuestAccount(com.zimbra.cs.account.GuestAccount)
Account(com.zimbra.cs.account.Account)
SearchAccountsOptions(com.zimbra.cs.account.SearchAccountsOptions)
HashMap(java.util.HashMap)
Provisioning(com.zimbra.cs.account.Provisioning)
ServletException(javax.servlet.ServletException)
FolderActionSelector(com.zimbra.soap.mail.type.FolderActionSelector)
ZMailbox(com.zimbra.client.ZMailbox)
ServletContext(javax.servlet.ServletContext)
HashSet(java.util.HashSet)
Cookie(javax.servlet.http.Cookie)
ShareInfoData(com.zimbra.cs.account.ShareInfoData)
RequestDispatcher(javax.servlet.RequestDispatcher)
ZMountpoint(com.zimbra.client.ZMountpoint)
Mountpoint(com.zimbra.cs.mailbox.Mountpoint)
MailItem(com.zimbra.cs.mailbox.MailItem)
ServiceException(com.zimbra.common.service.ServiceException)
FolderActionRequest(com.zimbra.soap.mail.message.FolderActionRequest)
AuthTokenException(com.zimbra.cs.account.AuthTokenException)
AuthToken(com.zimbra.cs.account.AuthToken)
Domain(com.zimbra.cs.account.Domain)
Example 48 with AuthToken
use of com.zimbra.cs.account.AuthToken in project zm-mailbox by Zimbra.
the class ExternalUserProvServlet method setCookieAndRedirect.
private static void setCookieAndRedirect(HttpServletRequest req, HttpServletResponse resp, Account grantee) throws ServiceException, IOException {
AuthToken authToken = AuthProvider.getAuthToken(grantee);
authToken.encode(resp, false, req.getScheme().equals("https"));
resp.sendRedirect("/");
}
Also used :
AuthToken(com.zimbra.cs.account.AuthToken)
Example 49 with AuthToken
use of com.zimbra.cs.account.AuthToken in project zm-mailbox by Zimbra.
the class CertAuthServlet method doGet.
@Override
public void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
ZimbraLog.clearContext();
addRemoteIpToLoggingContext(req);
addUAToLoggingContext(req);
String url = req.getRequestURI();
Matcher matcher = allowedUrl.matcher(url);
boolean isAdminRequest = false;
if (!matcher.matches()) {
String msg = "resource not allowed on the certauth servlet: " + url;
ZimbraLog.account.error(msg);
sendback403Message(req, resp, msg);
return;
} else {
if (matcher.groupCount() > 3 && "admin".equals(matcher.group(3))) {
isAdminRequest = true;
}
}
try {
SSOAuthenticator authenticator = new ClientCertAuthenticator(req, resp);
ZimbraPrincipal principal = null;
principal = authenticator.authenticate();
AuthToken authToken = authorize(req, AuthContext.Protocol.client_certificate, principal, isAdminRequest);
setAuthTokenCookieAndRedirect(req, resp, principal.getAccount(), authToken);
return;
} catch (ServiceException e) {
String reason = "";
if (e instanceof AuthFailedServiceException) {
reason = ((AuthFailedServiceException) e).getReason(", %s");
}
ZimbraLog.account.debug("client certificate auth failed: " + e.getMessage() + reason, e);
dispatchOnError(req, resp, isAdminRequest, e.getMessage());
}
}
Also used :
ClientCertAuthenticator(com.zimbra.cs.service.authenticator.ClientCertAuthenticator)
AuthFailedServiceException(com.zimbra.cs.account.AccountServiceException.AuthFailedServiceException)
ServiceException(com.zimbra.common.service.ServiceException)
SSOAuthenticatorServiceException(com.zimbra.cs.service.authenticator.SSOAuthenticator.SSOAuthenticatorServiceException)
AuthFailedServiceException(com.zimbra.cs.account.AccountServiceException.AuthFailedServiceException)
Matcher(java.util.regex.Matcher)
SSOAuthenticator(com.zimbra.cs.service.authenticator.SSOAuthenticator)
ZimbraPrincipal(com.zimbra.cs.service.authenticator.SSOAuthenticator.ZimbraPrincipal)
AuthToken(com.zimbra.cs.account.AuthToken)
Example 50 with AuthToken
use of com.zimbra.cs.account.AuthToken in project zm-mailbox by Zimbra.
the class ContentServlet method doGet.
@Override
public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException, ServletException {
ZimbraLog.clearContext();
addRemoteIpToLoggingContext(req);
mLog.debug("request url: %s, path info: ", req.getRequestURL(), req.getPathInfo());
AuthToken authToken = getAuthTokenFromCookie(req, resp);
if (authToken == null)
return;
if (isTrue(Provisioning.A_zimbraAttachmentsBlocked, authToken.getAccountId())) {
sendbackBlockMessage(req, resp);
return;
}
String pathInfo = req.getPathInfo();
if (pathInfo != null && pathInfo.equals(PREFIX_GET)) {
getCommand(req, resp, authToken);
} else if (pathInfo != null && pathInfo.equals(PREFIX_PROXY)) {
retrieveUpload(req, resp, authToken);
} else {
resp.sendError(HttpServletResponse.SC_BAD_REQUEST, L10nUtil.getMessage(MsgKey.errInvalidRequest, req));
}
}
Also used :
AuthToken(com.zimbra.cs.account.AuthToken)
Aggregations
AuthToken (com.zimbra.cs.account.AuthToken)98
ServiceException (com.zimbra.common.service.ServiceException)46
Account (com.zimbra.cs.account.Account)44
ZimbraAuthToken (com.zimbra.cs.account.ZimbraAuthToken)27
AuthTokenException (com.zimbra.cs.account.AuthTokenException)26
Element (com.zimbra.common.soap.Element)24
Provisioning (com.zimbra.cs.account.Provisioning)23
ZMailbox (com.zimbra.client.ZMailbox)19
ZAuthToken (com.zimbra.common.auth.ZAuthToken)18
IOException (java.io.IOException)14
Server (com.zimbra.cs.account.Server)12
ZimbraSoapContext (com.zimbra.soap.ZimbraSoapContext)12
HttpClient (org.apache.commons.httpclient.HttpClient)12
HashMap (java.util.HashMap)11
GetMethod (org.apache.commons.httpclient.methods.GetMethod)11
Test (org.junit.Test)11
SoapHttpTransport (com.zimbra.common.soap.SoapHttpTransport)10
ServletException (javax.servlet.ServletException)10
AuthFailedServiceException (com.zimbra.cs.account.AccountServiceException.AuthFailedServiceException)8
MailServiceException (com.zimbra.cs.mailbox.MailServiceException)8
