Search in sources :

Example 1 with ClientCertAuthenticator

use of com.zimbra.cs.service.authenticator.ClientCertAuthenticator in project zm-mailbox by Zimbra.

the class CertAuthServlet method doGet.

@Override
public void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
    ZimbraLog.clearContext();
    addRemoteIpToLoggingContext(req);
    addUAToLoggingContext(req);
    String url = req.getRequestURI();
    Matcher matcher = allowedUrl.matcher(url);
    boolean isAdminRequest = false;
    if (!matcher.matches()) {
        String msg = "resource not allowed on the certauth servlet: " + url;
        ZimbraLog.account.error(msg);
        sendback403Message(req, resp, msg);
        return;
    } else {
        if (matcher.groupCount() > 3 && "admin".equals(matcher.group(3))) {
            isAdminRequest = true;
        }
    }
    try {
        SSOAuthenticator authenticator = new ClientCertAuthenticator(req, resp);
        ZimbraPrincipal principal = null;
        principal = authenticator.authenticate();
        AuthToken authToken = authorize(req, AuthContext.Protocol.client_certificate, principal, isAdminRequest);
        setAuthTokenCookieAndRedirect(req, resp, principal.getAccount(), authToken);
        return;
    } catch (ServiceException e) {
        String reason = "";
        if (e instanceof AuthFailedServiceException) {
            reason = ((AuthFailedServiceException) e).getReason(", %s");
        }
        ZimbraLog.account.debug("client certificate auth failed: " + e.getMessage() + reason, e);
        dispatchOnError(req, resp, isAdminRequest, e.getMessage());
    }
}
Also used : ClientCertAuthenticator(com.zimbra.cs.service.authenticator.ClientCertAuthenticator) AuthFailedServiceException(com.zimbra.cs.account.AccountServiceException.AuthFailedServiceException) ServiceException(com.zimbra.common.service.ServiceException) SSOAuthenticatorServiceException(com.zimbra.cs.service.authenticator.SSOAuthenticator.SSOAuthenticatorServiceException) AuthFailedServiceException(com.zimbra.cs.account.AccountServiceException.AuthFailedServiceException) Matcher(java.util.regex.Matcher) SSOAuthenticator(com.zimbra.cs.service.authenticator.SSOAuthenticator) ZimbraPrincipal(com.zimbra.cs.service.authenticator.SSOAuthenticator.ZimbraPrincipal) AuthToken(com.zimbra.cs.account.AuthToken)

Aggregations

ServiceException (com.zimbra.common.service.ServiceException)1 AuthFailedServiceException (com.zimbra.cs.account.AccountServiceException.AuthFailedServiceException)1 AuthToken (com.zimbra.cs.account.AuthToken)1 ClientCertAuthenticator (com.zimbra.cs.service.authenticator.ClientCertAuthenticator)1 SSOAuthenticator (com.zimbra.cs.service.authenticator.SSOAuthenticator)1 SSOAuthenticatorServiceException (com.zimbra.cs.service.authenticator.SSOAuthenticator.SSOAuthenticatorServiceException)1 ZimbraPrincipal (com.zimbra.cs.service.authenticator.SSOAuthenticator.ZimbraPrincipal)1 Matcher (java.util.regex.Matcher)1