Example 11 with ServiceTransaction
use of edu.uiuc.ncsa.security.delegation.server.ServiceTransaction in project OA4MP by ncsa.
the class LDAPClaimsSource method main.
public static void main(String[] args) {
try {
String rawLdap = "{\"ldap\":{\"failOnError\":\"false\"," + "\"address\":\"ldap.ncsa.illinois.edu\"," + "\"port\":636," + "\"enabled\":\"true\"," + "\"authorizationType\":\"none\"," + "\"searchName\":\"eppn\"," + "\"searchAttributes\":[{" + "\"name\":\"mail\"," + "\"returnAsList\":false," + "\"returnName\":\"mail\"}," + "{\"name\":\"cn\"," + "\"returnAsList\":false," + "\"returnName\":\"name\"}," + "{\"name\":\"memberOf\"," + "\"returnAsList\":false," + "\"isGroup\":true," + "\"returnName\":\"isMemberOf\"}]," + "\"searchBase\":\"ou=People,dc=ncsa,dc=illinois,dc=edu\"," + "\"contextName\":\"\"," + "\"ssl\":{\"tlsVersion\":\"TLS\",\"useJavaTrustStore\":true}}}";
String rawLdap2 = "{\"ldap\": {\n" + " \"address\": \"registry-test.cilogon.org\",\n" + " \"port\": 636,\n" + " \"enabled\": true,\n" + " \"authorizationType\": \"simple\",\n" + " \"failOnError\": false,\n" + " \"notifyOnFail\": false,\n" + " \"password\": \"Eavjofoop4gikpecUzbooljorUryikwu\",\n" + " \"principal\": \"uid=oa4mp_user,ou=system,o=ImPACT,dc=cilogon,dc=org\",\n" + " \"searchAttributes\": [\n" + " {\n" + " \"name\": \"isMemberOf\",\n" + " \"returnAsList\": true,\n" + " \"returnName\": \"isMemberOf\"\n" + " },\n" + " {\n" + " \"name\": \"employeeNumber\",\n" + " \"returnAsList\": false,\n" + " \"returnName\": \"employeeNumber\"\n" + " }\n" + " ],\n" + " \"searchBase\": \"ou=people,o=ImPACT,dc=cilogon,dc=org\",\n" + " \"searchName\": \"username\",\n" + " \"contextName\": \"\",\n" + " \"ssl\": {\n" + " \"keystore\": {},\n" + " \"useJavaTrustStore\": true,\n" + " \"password\": \"changeit\",\n" + " \"type\": \"jks\"\n" + " }\n" + "}}";
DebugUtil.setIsEnabled(true);
ServiceTransaction st = new ServiceTransaction(BasicIdentifier.newID("foo"));
st.setUsername("jbasney@ncsa.illinois.edu");
JSONObject json = JSONObject.fromObject(rawLdap);
LDAPConfiguration cfg = LDAPConfigurationUtil.fromJSON(json);
LDAPClaimsSource claimsSource = new LDAPClaimsSource(cfg, null);
UserInfo ui = new UserInfo();
ui.getMap().put("username", "jbasney@ncsa.illinois.edu");
ui.getMap().put("eppn", "jbasney@ncsa.illinois.edu");
UserInfo ui2 = claimsSource.process(ui, st);
System.out.println("Result of LDAP query:");
System.out.println(ui2.getMap());
// getGid(cfg, "lsst_users");
} catch (Throwable t) {
t.printStackTrace();
}
}
Also used :
JSONObject(net.sf.json.JSONObject)
ServiceTransaction(edu.uiuc.ncsa.security.delegation.server.ServiceTransaction)
UserInfo(edu.uiuc.ncsa.security.oauth_2_0.UserInfo)
LDAPConfiguration(edu.uiuc.ncsa.security.oauth_2_0.server.config.LDAPConfiguration)
Example 12 with ServiceTransaction
use of edu.uiuc.ncsa.security.delegation.server.ServiceTransaction in project OA4MP by ncsa.
the class AbstractAuthorizationServlet method getAndCheckTransaction.
/*
Get the transaction associated with the authorization grant token and check that it passes sanity
checks. If so, return it, If not, throw the appropriate exception.
*/
protected ServiceTransaction getAndCheckTransaction(String token) throws IOException {
DateUtils.checkTimestamp(token);
AuthorizationGrant grant = MyProxyDelegationServlet.getServiceEnvironment().getTokenForge().getAuthorizationGrant(token);
ServiceTransaction trans = MyProxyDelegationServlet.getServiceEnvironment().getTransactionStore().get(grant);
if (trans == null) {
warn("Error: no delegation request found for " + token);
throw new GeneralException("Error: no delegation request found.");
}
checkClientApproval(trans.getClient());
return trans;
}
Also used :
GeneralException(edu.uiuc.ncsa.security.core.exceptions.GeneralException)
ServiceTransaction(edu.uiuc.ncsa.security.delegation.server.ServiceTransaction)
AuthorizationGrant(edu.uiuc.ncsa.security.delegation.token.AuthorizationGrant)
Example 13 with ServiceTransaction
use of edu.uiuc.ncsa.security.delegation.server.ServiceTransaction in project OA4MP by ncsa.
the class AbstractAuthorizationServlet method doIt.
@Override
protected void doIt(HttpServletRequest request, HttpServletResponse response) throws Throwable {
info("*** STARTING request");
// String ag = request.getParameter(CONST(TOKEN_KEY));
String ag = getParam(request, CONST(TOKEN_KEY));
ServiceTransaction trans = null;
if (ag == null) {
throw new GeneralException("Error: Invalid request -- no token. Request rejected.");
}
trans = getAndCheckTransaction(ag);
AuthorizedState pState = new AuthorizedState(getState(request), request, response, trans);
prepare(pState);
preprocess(new TransactionState(request, response, null, trans));
switch(pState.getState()) {
case AUTHORIZATION_ACTION_OK:
// As per the spec, if the code gets to here then authentication worked.
trans.setAuthGrantValid(true);
getTransactionStore().save(trans);
// get the cert and store it. Then forward user.
try {
createRedirect(request, response, trans);
// at this point.
return;
} catch (ConnectionException ce) {
ce.printStackTrace();
request.setAttribute(RETRY_MESSAGE, getServiceEnvironment().getMessages().get(RETRY_MESSAGE));
pState.setState(AUTHORIZATION_ACTION_START);
prepare(pState);
} catch (GeneralSecurityException | NoUsableMyProxyServerFoundException t) {
// CIL-173 fix: process NoUsableMPSFound.
info("Prompting user to retry");
request.setAttribute(RETRY_MESSAGE, getServiceEnvironment().getMessages().get(RETRY_MESSAGE));
pState.setState(AUTHORIZATION_ACTION_START);
prepare(pState);
}
break;
case AUTHORIZATION_ACTION_START:
// no processing needed for initial request.
break;
default:
}
present(pState);
}
Also used :
TransactionState(edu.uiuc.ncsa.security.delegation.servlet.TransactionState)
NoUsableMyProxyServerFoundException(edu.uiuc.ncsa.myproxy.NoUsableMyProxyServerFoundException)
GeneralException(edu.uiuc.ncsa.security.core.exceptions.GeneralException)
ServiceTransaction(edu.uiuc.ncsa.security.delegation.server.ServiceTransaction)
GeneralSecurityException(java.security.GeneralSecurityException)
ConnectionException(edu.uiuc.ncsa.security.core.exceptions.ConnectionException)
Example 14 with ServiceTransaction
use of edu.uiuc.ncsa.security.delegation.server.ServiceTransaction in project OA4MP by ncsa.
the class AuthorizedServlet method getAndCheckTransaction.
/*
Get the transaction associated with the authorization grant token and check that it passes sanity
checks. If so, return it, If not, throw the appropriate exception.
*/
protected ServiceTransaction getAndCheckTransaction(ProtocolParameters p) throws Throwable {
String token = p.token;
DateUtils.checkTimestamp(token);
AuthorizationGrant grant = MyProxyDelegationServlet.getServiceEnvironment().getTokenForge().getAuthorizationGrant(token);
checkTimestamp(grant.getToken());
ServiceTransaction trans = MyProxyDelegationServlet.getServiceEnvironment().getTransactionStore().get(grant);
if (trans == null) {
warn("Error: no delegation request found for " + token);
throw new GeneralException("Error: no delegation request found.");
}
checkClientApproval(trans.getClient());
return trans;
}
Also used :
GeneralException(edu.uiuc.ncsa.security.core.exceptions.GeneralException)
ServiceTransaction(edu.uiuc.ncsa.security.delegation.server.ServiceTransaction)
AuthorizationGrant(edu.uiuc.ncsa.security.delegation.token.AuthorizationGrant)
Aggregations
ServiceTransaction (edu.uiuc.ncsa.security.delegation.server.ServiceTransaction)14
GeneralException (edu.uiuc.ncsa.security.core.exceptions.GeneralException)9
TransactionState (edu.uiuc.ncsa.security.delegation.servlet.TransactionState)5
PAResponse (edu.uiuc.ncsa.security.delegation.server.request.PAResponse)4
AccessToken (edu.uiuc.ncsa.security.delegation.token.AccessToken)4
AuthorizationGrant (edu.uiuc.ncsa.security.delegation.token.AuthorizationGrant)3
AGResponse (edu.uiuc.ncsa.security.delegation.server.request.AGResponse)2
ATResponse (edu.uiuc.ncsa.security.delegation.server.request.ATResponse)2
PARequest (edu.uiuc.ncsa.security.delegation.server.request.PARequest)2
Verifier (edu.uiuc.ncsa.security.delegation.token.Verifier)2
MyPKCS10CertRequest (edu.uiuc.ncsa.security.util.pkcs.MyPKCS10CertRequest)2
HashMap (java.util.HashMap)2
NoUsableMyProxyServerFoundException (edu.uiuc.ncsa.myproxy.NoUsableMyProxyServerFoundException)1
OA2SE (edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2SE)1
OA2ServiceTransaction (edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2ServiceTransaction)1
ConnectionException (edu.uiuc.ncsa.security.core.exceptions.ConnectionException)1
InvalidTimestampException (edu.uiuc.ncsa.security.core.exceptions.InvalidTimestampException)1
TransactionNotFoundException (edu.uiuc.ncsa.security.core.exceptions.TransactionNotFoundException)1
UnapprovedClientException (edu.uiuc.ncsa.security.delegation.server.UnapprovedClientException)1
AGRequest (edu.uiuc.ncsa.security.delegation.server.request.AGRequest)1
