Examples with SpnegoHttpServletResponse - net.sourceforge.spnego.SpnegoHttpServletResponse

Example 1 with SpnegoHttpServletResponse

use of net.sourceforge.spnego.SpnegoHttpServletResponse in project OpenUnison by TremoloSecurity.

the class IWAAuth method doGet.

@Override
public void doGet(HttpServletRequest request, HttpServletResponse response, AuthStep as) throws IOException, ServletException {
    String header = request.getHeader("Authorization");
    HttpSession session = ((HttpServletRequest) request).getSession();
    HashMap<String, Attribute> authParams = (HashMap<String, Attribute>) session.getAttribute(ProxyConstants.AUTH_MECH_PARAMS);
    if (header == null) {
        sendFail(request, response, as);
        return;
    }
    SpnegoPrincipal principal = null;
    for (String realm : this.domains.keySet()) {
        SpnegoAuthenticator authenticator = this.domains.get(realm);
        final SpnegoHttpServletResponse spnegoResponse = new SpnegoHttpServletResponse((HttpServletResponse) response);
        try {
            principal = authenticator.authenticate(request, spnegoResponse);
            break;
        } catch (GSSException gsse) {
            logger.error("Could not authenticate IWA user", gsse);
        } catch (Throwable t) {
            logger.error("Could not authenticate IWA user", t);
        }
    }
    if (principal == null) {
        sendFail(request, response, as);
        return;
    }
    MyVDConnection myvd = cfgMgr.getMyVD();
    UrlHolder holder = (UrlHolder) request.getAttribute(ProxyConstants.AUTOIDM_CFG);
    RequestHolder reqHolder = ((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).getHolder();
    // holder.getConfig().getAuthChains().get(urlChain);
    AuthChainType act = holder.getConfig().getAuthChains().get(reqHolder.getAuthChainName());
    AuthMechType amt = act.getAuthMech().get(as.getId());
    try {
        StringBuffer b = new StringBuffer();
        b.append("(userPrincipalName=").append(principal.toString()).append(")");
        LDAPSearchResults res = myvd.search(AuthUtil.getChainRoot(cfgMgr, act), 2, equal("userPrincipalName", principal.toString()).toString(), new ArrayList<String>());
        if (res.hasMore()) {
            logger.info("Loading user attributes");
            LDAPEntry entry = res.next();
            Iterator<LDAPAttribute> it = entry.getAttributeSet().iterator();
            AuthInfo authInfo = new AuthInfo(entry.getDN(), (String) session.getAttribute(ProxyConstants.AUTH_MECH_NAME), act.getName(), act.getLevel());
            ((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).setAuthInfo(authInfo);
            while (it.hasNext()) {
                LDAPAttribute attrib = it.next();
                Attribute attr = new Attribute(attrib.getName());
                String[] vals = attrib.getStringValueArray();
                for (int i = 0; i < vals.length; i++) {
                    attr.getValues().add(vals[i]);
                }
                authInfo.getAttribs().put(attr.getName(), attr);
            }
            as.setSuccess(true);
            request.getSession().removeAttribute("TREMOLO_IWA_CHECKED");
        } else {
            logger.info("user not found, failing");
            as.setSuccess(false);
        }
    } catch (LDAPException e) {
        logger.error("Could not authenticate user", e);
        as.setSuccess(false);
        sendFail(request, response, as);
        return;
    /*if (amt.getRequired().equals("required")) {
				session.setAttribute(AuthSys.AUTH_RES, false);
			}*/
    }
    holder.getConfig().getAuthManager().nextAuth(request, response, session, true);
}

Also used : LDAPAttribute(com.novell.ldap.LDAPAttribute) Attribute(com.tremolosecurity.saml.Attribute) HashMap(java.util.HashMap) HttpServletRequest(javax.servlet.http.HttpServletRequest) UrlHolder(com.tremolosecurity.config.util.UrlHolder) LDAPEntry(com.novell.ldap.LDAPEntry) GSSException(org.ietf.jgss.GSSException) SpnegoHttpServletResponse(net.sourceforge.spnego.SpnegoHttpServletResponse) AuthChainType(com.tremolosecurity.config.xml.AuthChainType) MyVDConnection(com.tremolosecurity.proxy.myvd.MyVDConnection) LDAPAttribute(com.novell.ldap.LDAPAttribute) HttpSession(javax.servlet.http.HttpSession) SpnegoPrincipal(net.sourceforge.spnego.SpnegoPrincipal) AuthMechType(com.tremolosecurity.config.xml.AuthMechType) SpnegoAuthenticator(net.sourceforge.spnego.SpnegoAuthenticator) LDAPSearchResults(com.novell.ldap.LDAPSearchResults) LDAPException(com.novell.ldap.LDAPException)

Aggregations

LDAPAttribute (com.novell.ldap.LDAPAttribute)1 LDAPEntry (com.novell.ldap.LDAPEntry)1 LDAPException (com.novell.ldap.LDAPException)1 LDAPSearchResults (com.novell.ldap.LDAPSearchResults)1 UrlHolder (com.tremolosecurity.config.util.UrlHolder)1 AuthChainType (com.tremolosecurity.config.xml.AuthChainType)1 AuthMechType (com.tremolosecurity.config.xml.AuthMechType)1 MyVDConnection (com.tremolosecurity.proxy.myvd.MyVDConnection)1 Attribute (com.tremolosecurity.saml.Attribute)1 HashMap (java.util.HashMap)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 HttpSession (javax.servlet.http.HttpSession)1 SpnegoAuthenticator (net.sourceforge.spnego.SpnegoAuthenticator)1 SpnegoHttpServletResponse (net.sourceforge.spnego.SpnegoHttpServletResponse)1 SpnegoPrincipal (net.sourceforge.spnego.SpnegoPrincipal)1 GSSException (org.ietf.jgss.GSSException)1