Examples with AuthToken com.zimbra.cs.account.AuthToken used on opensource projects

Search in sources :

Example 91 with AuthToken

use of com.zimbra.cs.account.AuthToken in project zm-mailbox by Zimbra.

the class CsrfUtil method getAuthTokenFromReq.

/**
   *
   * @param req
   * @return
   */
public static AuthToken getAuthTokenFromReq(HttpServletRequest req) {
    AuthToken at = null;
    try {
        boolean isAdminRequest = AuthUtil.isAdminRequest(req);
        at = AuthProvider.getAuthToken(req, isAdminRequest);
    } catch (ServiceException | AuthTokenException e) {
        ZimbraLog.security.info("Error extracting auth token from the request. " + e.getMessage());
    }
    return at;
}
Also used : ServiceException(com.zimbra.common.service.ServiceException) AuthTokenException(com.zimbra.cs.account.AuthTokenException) ZimbraAuthToken(com.zimbra.cs.account.ZimbraAuthToken) AuthToken(com.zimbra.cs.account.AuthToken)

Example 92 with AuthToken

use of com.zimbra.cs.account.AuthToken in project zm-mailbox by Zimbra.

the class CsrfUtil method getAuthTokenFromResponse.

/**
     * @param resp
     * @return
     * @throws AuthTokenException
     */
public static AuthToken getAuthTokenFromResponse(HttpServletResponse resp) throws AuthTokenException {
    List<String> headers = (List<String>) resp.getHeaders("Set-Cookie");
    AuthToken at = null;
    for (String s : headers) {
        if (!StringUtil.isNullOrEmpty(s) && s.contains("ZM_AUTH_TOKEN")) {
            String[] temp = s.split("=");
            int index = temp[1].indexOf(";");
            String token = temp[1].substring(0, index);
            at = AuthToken.getAuthToken(token);
        }
    }
    return at;
}
Also used : ZimbraAuthToken(com.zimbra.cs.account.ZimbraAuthToken) AuthToken(com.zimbra.cs.account.AuthToken) List(java.util.List)

Example 93 with AuthToken

use of com.zimbra.cs.account.AuthToken in project zm-mailbox by Zimbra.

the class TestCookieReuse method testReuseUserCookieWithCsrf.

/**
     * Verify that we CAN make a GET request by reusing a valid CSRF-enabled cookie
     */
@Test
public void testReuseUserCookieWithCsrf() throws Exception {
    AuthToken at = AuthProvider.getAuthToken(TestUtil.getAccount(USER_NAME));
    ZMailbox mbox = TestUtil.getZMailbox(USER_NAME);
    URI uri = mbox.getRestURI("Inbox?fmt=rss&thief=true");
    at.setCsrfTokenEnabled(true);
    GetMethod get = new GetMethod(uri.toString());
    HttpClient eve = ZimbraHttpConnectionManager.getInternalHttpConnMgr().newHttpClient();
    HttpState state = HttpClientUtil.newHttpState(new ZAuthToken(at.getEncoded()), uri.getHost(), false);
    eve.setState(state);
    eve.getParams().setCookiePolicy(CookiePolicy.BROWSER_COMPATIBILITY);
    int statusCode = HttpClientUtil.executeMethod(eve, get);
    Assert.assertEquals("This request should succeed. Getting status code " + statusCode + " Response: " + get.getResponseBodyAsString(), HttpStatus.SC_OK, statusCode);
}
Also used : ZMailbox(com.zimbra.client.ZMailbox) HttpClient(org.apache.commons.httpclient.HttpClient) GetMethod(org.apache.commons.httpclient.methods.GetMethod) HttpState(org.apache.commons.httpclient.HttpState) AuthToken(com.zimbra.cs.account.AuthToken) ZAuthToken(com.zimbra.common.auth.ZAuthToken) ZimbraAuthToken(com.zimbra.cs.account.ZimbraAuthToken) URI(java.net.URI) ZAuthToken(com.zimbra.common.auth.ZAuthToken) Test(org.junit.Test)

Example 94 with AuthToken

use of com.zimbra.cs.account.AuthToken in project zm-mailbox by Zimbra.

the class TestCookieReuse method testReuseAdminCookieWithoutCsrf.

/**
     * Verify that we CAN make an admin GET request by re-using a valid non-csrf-enabled cookie
     */
@Test
public void testReuseAdminCookieWithoutCsrf() throws Exception {
    AuthToken at = AuthProvider.getAdminAuthToken();
    at.setCsrfTokenEnabled(false);
    int port = 7071;
    try {
        port = Provisioning.getInstance().getLocalServer().getIntAttr(Provisioning.A_zimbraAdminPort, 0);
    } catch (ServiceException e) {
        ZimbraLog.test.error("Unable to get admin SOAP port", e);
    }
    String host = Provisioning.getInstance().getLocalServer().getName();
    String getServerConfigURL = "https://localhost:" + port + "/service/collectconfig/?host=" + host;
    HttpClient eve = ZimbraHttpConnectionManager.getInternalHttpConnMgr().newHttpClient();
    HttpState state = new HttpState();
    at.encode(state, true, "localhost");
    eve.setState(state);
    GetMethod get = new GetMethod(getServerConfigURL);
    int statusCode = HttpClientUtil.executeMethod(eve, get);
    Assert.assertEquals("This request should succeed. Getting status code " + statusCode, HttpStatus.SC_OK, statusCode);
}
Also used : ServiceException(com.zimbra.common.service.ServiceException) HttpClient(org.apache.commons.httpclient.HttpClient) HttpState(org.apache.commons.httpclient.HttpState) GetMethod(org.apache.commons.httpclient.methods.GetMethod) AuthToken(com.zimbra.cs.account.AuthToken) ZAuthToken(com.zimbra.common.auth.ZAuthToken) ZimbraAuthToken(com.zimbra.cs.account.ZimbraAuthToken) Test(org.junit.Test)

Example 95 with AuthToken

use of com.zimbra.cs.account.AuthToken in project zm-mailbox by Zimbra.

the class TestCookieReuse method testAdminTokenDeregistration.

/**
     * test de-registering an admin authtoken
     * @throws Exception
     */
@Test
public void testAdminTokenDeregistration() throws Exception {
    AuthToken at = AuthProvider.getAdminAuthToken();
    Assert.assertTrue("token should be registered", at.isRegistered());
    at.deRegister();
    Assert.assertFalse("token should not be registered", at.isRegistered());
}
Also used : AuthToken(com.zimbra.cs.account.AuthToken) ZAuthToken(com.zimbra.common.auth.ZAuthToken) ZimbraAuthToken(com.zimbra.cs.account.ZimbraAuthToken) Test(org.junit.Test)

Aggregations

AuthToken (com.zimbra.cs.account.AuthToken)98 ServiceException (com.zimbra.common.service.ServiceException)46 Account (com.zimbra.cs.account.Account)44 ZimbraAuthToken (com.zimbra.cs.account.ZimbraAuthToken)27 AuthTokenException (com.zimbra.cs.account.AuthTokenException)26 Element (com.zimbra.common.soap.Element)24 Provisioning (com.zimbra.cs.account.Provisioning)23 ZMailbox (com.zimbra.client.ZMailbox)19 ZAuthToken (com.zimbra.common.auth.ZAuthToken)18 IOException (java.io.IOException)14 Server (com.zimbra.cs.account.Server)12 ZimbraSoapContext (com.zimbra.soap.ZimbraSoapContext)12 HttpClient (org.apache.commons.httpclient.HttpClient)12 HashMap (java.util.HashMap)11 GetMethod (org.apache.commons.httpclient.methods.GetMethod)11 Test (org.junit.Test)11 SoapHttpTransport (com.zimbra.common.soap.SoapHttpTransport)10 ServletException (javax.servlet.ServletException)10 AuthFailedServiceException (com.zimbra.cs.account.AccountServiceException.AuthFailedServiceException)8 MailServiceException (com.zimbra.cs.mailbox.MailServiceException)8
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial