Example 31 with AuthToken
use of com.zimbra.cs.account.AuthToken in project zm-mailbox by Zimbra.
the class AuthProvider method getAuthToken.
public static AuthToken getAuthToken(Account acct) throws AuthProviderException {
List<AuthProvider> providers = getProviders();
AuthProviderException authProviderExp = null;
for (AuthProvider ap : providers) {
try {
AuthToken at = ap.authToken(acct);
if (at == null) {
authProviderExp = AuthProviderException.FAILURE("auth provider " + ap.getName() + " returned null");
} else {
return at;
}
} catch (AuthProviderException e) {
if (e.canIgnore()) {
logger().debug(ap.getName() + ":" + e.getMessage());
} else {
authProviderExp = e;
}
}
}
if (null != authProviderExp) {
throw authProviderExp;
}
throw AuthProviderException.FAILURE("cannot get authtoken from account " + acct.getName());
}
Also used :
AuthToken(com.zimbra.cs.account.AuthToken)
Example 32 with AuthToken
use of com.zimbra.cs.account.AuthToken in project zm-mailbox by Zimbra.
the class ZimbraQoSFilter method extractUserId.
public static String extractUserId(ServletRequest request) {
try {
if (request instanceof HttpServletRequest) {
HttpServletRequest req = (HttpServletRequest) request;
boolean isAdminRequest = AuthUtil.isAdminRequest(req);
AuthToken at = AuthProvider.getAuthToken(req, isAdminRequest);
if (at != null)
return at.getAccountId();
// Check if this is Http Basic Authentication, if so return authorization string.
String auth = req.getHeader("Authorization");
if (auth != null) {
return auth;
}
}
} catch (Exception e) {
// ignore
ZimbraLog.misc.debug("error while extracting authtoken", e);
}
return null;
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
AuthToken(com.zimbra.cs.account.AuthToken)
ServletException(javax.servlet.ServletException)
IOException(java.io.IOException)
Example 33 with AuthToken
use of com.zimbra.cs.account.AuthToken in project zm-mailbox by Zimbra.
the class CsrfFilter method doFilter.
/*
* (non-Javadoc)
*
* @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest,
* javax.servlet.ServletResponse, javax.servlet.FilterChain)
*/
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
ZimbraLog.clearContext();
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse resp = (HttpServletResponse) response;
req.setAttribute(CSRF_SALT, nonceGen.nextInt() + 1);
if (ZimbraLog.misc.isDebugEnabled()) {
ZimbraLog.misc.debug("CSRF Request URI: " + req.getRequestURI());
}
boolean csrfCheckEnabled = Boolean.FALSE;
boolean csrfRefererCheckEnabled = Boolean.FALSE;
Provisioning prov = Provisioning.getInstance();
try {
csrfCheckEnabled = prov.getConfig().isCsrfTokenCheckEnabled();
csrfRefererCheckEnabled = prov.getConfig().isCsrfRefererCheckEnabled();
} catch (ServiceException e) {
ZimbraLog.misc.info("Error in CSRF filter." + e.getMessage(), e);
}
if (ZimbraLog.misc.isDebugEnabled()) {
ZimbraLog.misc.debug("CSRF filter was initialized : " + "CSRFcheck enabled: " + csrfCheckEnabled + "CSRF referer check enabled: " + csrfRefererCheckEnabled + ", CSRFAllowedRefHost: [" + Joiner.on(", ").join(this.allowedRefHosts) + "]" + ", CSRFTokenValidity " + this.maxCsrfTokenValidityInMs + "ms.");
}
if (ZimbraLog.misc.isTraceEnabled()) {
Enumeration<String> hdrNames = req.getHeaderNames();
ZimbraLog.misc.trace("Soap request headers.");
while (hdrNames.hasMoreElements()) {
String name = hdrNames.nextElement();
// we do not want to print cookie headers for security reasons.
if (name.contains(HttpHeaders.COOKIE))
continue;
ZimbraLog.misc.trace(name + "=" + req.getHeader(name));
}
}
if (csrfRefererCheckEnabled) {
if (!allowReqBasedOnRefererHeaderCheck(req)) {
ZimbraLog.misc.info("CSRF referer check failed");
resp.sendError(HttpServletResponse.SC_FORBIDDEN);
return;
}
}
if (!csrfCheckEnabled) {
req.setAttribute(CSRF_TOKEN_CHECK, Boolean.FALSE);
chain.doFilter(req, resp);
} else {
req.setAttribute(Provisioning.A_zimbraCsrfTokenCheckEnabled, Boolean.TRUE);
AuthToken authToken = CsrfUtil.getAuthTokenFromReq(req);
if (CsrfUtil.doCsrfCheck(req, authToken)) {
// post request and Auth token is CSRF enabled
req.setAttribute(CSRF_TOKEN_CHECK, Boolean.TRUE);
} else {
req.setAttribute(CSRF_TOKEN_CHECK, Boolean.FALSE);
ZimbraLog.misc.debug("CSRF check will not be done for URI : %s", req.getRequestURI());
}
chain.doFilter(req, resp);
}
try {
// We need virtual host information in DefangFilter
// Set them in ThreadLocal here
RequestContext reqCtxt = new RequestContext();
String host = CsrfUtil.getRequestHost(req);
reqCtxt.setVirtualHost(host);
ZThreadLocal.setContext(reqCtxt);
} finally {
// Unset the variables set in thread local
ZThreadLocal.unset();
}
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ServiceException(com.zimbra.common.service.ServiceException)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
AuthToken(com.zimbra.cs.account.AuthToken)
RequestContext(com.zimbra.soap.RequestContext)
Provisioning(com.zimbra.cs.account.Provisioning)
Example 34 with AuthToken
use of com.zimbra.cs.account.AuthToken in project zm-mailbox by Zimbra.
the class TestAuthentication method testAuthViaPreauthToken.
/**
* test auth request with preauth in SOAP instead of login/password
* @throws Exception
*/
public void testAuthViaPreauthToken() throws Exception {
long timestamp = System.currentTimeMillis();
long expires = timestamp + 60000;
String domainPreAuthKey = setUpAndReturnDomainAuthKey();
Account a = TestUtil.getAccount(USER_NAME);
AccountSelector acctSel = new AccountSelector(com.zimbra.soap.type.AccountBy.name, a.getName());
SoapHttpTransport transport = new SoapHttpTransport(TestUtil.getSoapUrl());
AuthRequest req = new AuthRequest(acctSel);
HashMap<String, String> params = new HashMap<String, String>();
params.put("account", a.getName());
params.put("by", "name");
params.put("timestamp", timestamp + "");
params.put("expires", expires + "");
PreAuth preAuth = new PreAuth().setExpires(expires).setTimestamp(timestamp).setValue(PreAuthKey.computePreAuth(params, domainPreAuthKey));
req = req.setPreauth(preAuth);
Element resp = transport.invoke(JaxbUtil.jaxbToElement(req, SoapProtocol.SoapJS.getFactory()));
AuthResponse authResp = JaxbUtil.elementToJaxb(resp);
assertTrue("Lifetime is invalid", authResp.getLifetime() < expires - timestamp);
String newAuthToken = authResp.getAuthToken();
assertNotNull("should have received a new authtoken", newAuthToken);
assertTrue("should have a received a non-empty authtoken", newAuthToken.length() > 0);
AuthToken at = ZimbraAuthToken.getAuthToken(newAuthToken);
assertTrue("new auth token should be registered", at.isRegistered());
assertFalse("new auth token should not be expired yet", at.isExpired());
}
Also used :
Account(com.zimbra.cs.account.Account)
AuthRequest(com.zimbra.soap.account.message.AuthRequest)
PreAuth(com.zimbra.soap.account.type.PreAuth)
HashMap(java.util.HashMap)
Element(com.zimbra.common.soap.Element)
AccountSelector(com.zimbra.soap.type.AccountSelector)
ZimbraAuthToken(com.zimbra.cs.account.ZimbraAuthToken)
AuthToken(com.zimbra.cs.account.AuthToken)
SoapHttpTransport(com.zimbra.common.soap.SoapHttpTransport)
AuthResponse(com.zimbra.soap.account.message.AuthResponse)
Example 35 with AuthToken
use of com.zimbra.cs.account.AuthToken in project zm-mailbox by Zimbra.
the class TestPreAuthServlet method testShouldNotAllowPreAuthGetCookieReuse.
public void testShouldNotAllowPreAuthGetCookieReuse() throws Exception {
Account account = TestUtil.getAccount("user1");
AuthToken authToken = new ZimbraAuthToken(account);
System.out.println(authToken.isRegistered());
HttpClient client = new HttpClient();
Server localServer = Provisioning.getInstance().getLocalServer();
String protoHostPort = "http://localhost:" + localServer.getIntAttr(Provisioning.A_zimbraMailPort, 0);
String url = protoHostPort + PRE_AUTH_URL;
//allow first request
HttpMethod method = new GetMethod(url);
NameValuePair[] queryStringPairArray = new NameValuePair[] { new NameValuePair("isredirect", "1"), new NameValuePair("authtoken", authToken.getEncoded()) };
method.setQueryString(queryStringPairArray);
int respCode = HttpClientUtil.executeMethod(client, method);
//reject second request
method = new GetMethod(url);
method.setQueryString(queryStringPairArray);
respCode = HttpClientUtil.executeMethod(client, method);
Assert.assertEquals(400, respCode);
}
Also used :
Account(com.zimbra.cs.account.Account)
NameValuePair(org.apache.commons.httpclient.NameValuePair)
Server(com.zimbra.cs.account.Server)
ZimbraAuthToken(com.zimbra.cs.account.ZimbraAuthToken)
HttpClient(org.apache.commons.httpclient.HttpClient)
GetMethod(org.apache.commons.httpclient.methods.GetMethod)
ZimbraAuthToken(com.zimbra.cs.account.ZimbraAuthToken)
AuthToken(com.zimbra.cs.account.AuthToken)
HttpMethod(org.apache.commons.httpclient.HttpMethod)
Aggregations
AuthToken (com.zimbra.cs.account.AuthToken)98
ServiceException (com.zimbra.common.service.ServiceException)46
Account (com.zimbra.cs.account.Account)44
ZimbraAuthToken (com.zimbra.cs.account.ZimbraAuthToken)27
AuthTokenException (com.zimbra.cs.account.AuthTokenException)26
Element (com.zimbra.common.soap.Element)24
Provisioning (com.zimbra.cs.account.Provisioning)23
ZMailbox (com.zimbra.client.ZMailbox)19
ZAuthToken (com.zimbra.common.auth.ZAuthToken)18
IOException (java.io.IOException)14
Server (com.zimbra.cs.account.Server)12
ZimbraSoapContext (com.zimbra.soap.ZimbraSoapContext)12
HttpClient (org.apache.commons.httpclient.HttpClient)12
HashMap (java.util.HashMap)11
GetMethod (org.apache.commons.httpclient.methods.GetMethod)11
Test (org.junit.Test)11
SoapHttpTransport (com.zimbra.common.soap.SoapHttpTransport)10
ServletException (javax.servlet.ServletException)10
AuthFailedServiceException (com.zimbra.cs.account.AccountServiceException.AuthFailedServiceException)8
MailServiceException (com.zimbra.cs.mailbox.MailServiceException)8
