Examples with ZimbraPrincipal com.zimbra.cs.service.authenticator.SSOAuthenticator.ZimbraPrincipal used on opensource projects

Example 1 with ZimbraPrincipal

use of com.zimbra.cs.service.authenticator.SSOAuthenticator.ZimbraPrincipal in project zm-mailbox by Zimbra.

the class SpnegoAuthServlet method doGet.

@Override
public void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
    ZimbraLog.clearContext();
    addRemoteIpToLoggingContext(req);
    addUAToLoggingContext(req);
    boolean isAdminRequest = false;
    boolean isFromZCO = false;
    try {
        isAdminRequest = isOnAdminPort(req);
        isFromZCO = isFromZCO(req);
        Principal principal = req.getUserPrincipal();
        if (principal == null) {
            throw AuthFailedServiceException.AUTH_FAILED("no principal");
        }
        if (!(principal instanceof ZimbraPrincipal)) {
            throw AuthFailedServiceException.AUTH_FAILED(principal.getName(), "not ZimbraPrincipal", (Throwable) null);
        }
        ZimbraPrincipal zimbraPrincipal = (ZimbraPrincipal) principal;
        AuthToken authToken = authorize(req, AuthContext.Protocol.spnego, zimbraPrincipal, isAdminRequest);
        if (isFromZCO) {
            setAuthTokenCookieAndReturn(req, resp, authToken);
        } else {
            setAuthTokenCookieAndRedirect(req, resp, zimbraPrincipal.getAccount(), authToken);
        }
    } catch (ServiceException e) {
        if (e instanceof AuthFailedServiceException) {
            AuthFailedServiceException afe = (AuthFailedServiceException) e;
            ZimbraLog.account.info("spnego auth failed: " + afe.getMessage() + afe.getReason(", %s"));
        } else {
            ZimbraLog.account.info("spnego auth failed: " + e.getMessage());
        }
        ZimbraLog.account.debug("spnego auth failed", e);
        if (isFromZCO) {
            resp.sendError(HttpServletResponse.SC_FORBIDDEN, e.getMessage());
        } else {
            try {
                redirectToErrorPage(req, resp, isAdminRequest, Provisioning.getInstance().getConfig().getSpnegoAuthErrorURL());
            } catch (ServiceException se) {
                ZimbraLog.account.info("failed to redirect to error page: " + se.getMessage());
                resp.sendError(HttpServletResponse.SC_FORBIDDEN, e.getMessage());
            }
        }
    }
}

Example 2 with ZimbraPrincipal

use of com.zimbra.cs.service.authenticator.SSOAuthenticator.ZimbraPrincipal in project zm-mailbox by Zimbra.

the class CertAuthServlet method doGet.

@Override
public void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
    ZimbraLog.clearContext();
    addRemoteIpToLoggingContext(req);
    addUAToLoggingContext(req);
    String url = req.getRequestURI();
    Matcher matcher = allowedUrl.matcher(url);
    boolean isAdminRequest = false;
    if (!matcher.matches()) {
        String msg = "resource not allowed on the certauth servlet: " + url;
        ZimbraLog.account.error(msg);
        sendback403Message(req, resp, msg);
        return;
    } else {
        if (matcher.groupCount() > 3 && "admin".equals(matcher.group(3))) {
            isAdminRequest = true;
        }
    }
    try {
        SSOAuthenticator authenticator = new ClientCertAuthenticator(req, resp);
        ZimbraPrincipal principal = null;
        principal = authenticator.authenticate();
        AuthToken authToken = authorize(req, AuthContext.Protocol.client_certificate, principal, isAdminRequest);
        setAuthTokenCookieAndRedirect(req, resp, principal.getAccount(), authToken);
        return;
    } catch (ServiceException e) {
        String reason = "";
        if (e instanceof AuthFailedServiceException) {
            reason = ((AuthFailedServiceException) e).getReason(", %s");
        }
        ZimbraLog.account.debug("client certificate auth failed: " + e.getMessage() + reason, e);
        dispatchOnError(req, resp, isAdminRequest, e.getMessage());
    }
}