use of org.ovirt.engine.api.extensions.ExtMap in project ovirt-engine by oVirt.
the class SsoUtils method createUserSession.
public static String createUserSession(HttpServletRequest req, Map<String, Object> jsonResponse, boolean loginAsAdmin) {
String engineSessionId = null;
if (!FiltersHelper.isStatusOk(jsonResponse)) {
throw new RuntimeException((String) jsonResponse.get("MESSAGE"));
}
InitialContext ctx = null;
Map<String, Object> payload = (Map<String, Object>) jsonResponse.get("ovirt");
String username = (String) jsonResponse.get("user_id");
String profile = null;
int index = username.lastIndexOf("@");
if (index != -1) {
profile = username.substring(index + 1);
username = username.substring(0, index);
}
try {
ctx = new InitialContext();
ActionReturnValue queryRetVal = FiltersHelper.getBackend(ctx).runAction(ActionType.CreateUserSession, new CreateUserSessionParameters((String) jsonResponse.get(SessionConstants.SSO_TOKEN_KEY), (String) jsonResponse.get(SessionConstants.SSO_SCOPE_KEY), (String) jsonResponse.get(SessionConstants.SSO_SCOPE_KEY), profile, username, (String) payload.get("principal_id"), (String) payload.get("email"), (String) payload.get("first_name"), (String) payload.get("last_name"), (String) payload.get("namespace"), req == null ? "" : req.getRemoteAddr(), (Collection<ExtMap>) payload.get("group_ids"), loginAsAdmin));
if (!queryRetVal.getSucceeded()) {
throw new RuntimeException(String.format("The user %s is not authorized to perform login", username));
}
engineSessionId = queryRetVal.getActionReturnValue();
if (req != null) {
req.setAttribute(SessionConstants.HTTP_SESSION_ENGINE_SESSION_ID_KEY, engineSessionId);
req.setAttribute(FiltersHelper.Constants.REQUEST_LOGIN_FILTER_AUTHENTICATION_DONE, true);
}
} catch (Exception ex) {
log.error("User '{}@{}' login failed: {}", username, profile, ex.getMessage());
log.debug("User '{}@{}' login failed", username, profile, ex);
} finally {
try {
if (ctx != null) {
ctx.close();
}
} catch (NamingException ex) {
log.error("Unable to close context", ex);
}
}
return engineSessionId;
}
use of org.ovirt.engine.api.extensions.ExtMap in project ovirt-engine by oVirt.
the class NegotiationFilter method doAuth.
private void doAuth(HttpServletRequest req, HttpServletResponse rsp, Deque<AuthenticationProfile> stack) throws IOException, ServletException {
boolean stop = false;
while (!stop && !stack.isEmpty()) {
AuthenticationProfile profile = stack.peek();
ExtMap output = profile.getAuthn().invoke(new ExtMap().mput(Base.InvokeKeys.COMMAND, Authn.InvokeCommands.AUTHENTICATE_NEGOTIATE).mput(Authn.InvokeKeys.HTTP_SERVLET_REQUEST, req).mput(Authn.InvokeKeys.HTTP_SERVLET_RESPONSE, rsp));
switch(output.<Integer>get(Authn.InvokeKeys.RESULT)) {
case Authn.AuthResult.SUCCESS:
req.setAttribute(FiltersHelper.Constants.REQUEST_AUTH_RECORD_KEY, output.<ExtMap>get(Authn.InvokeKeys.AUTH_RECORD));
req.setAttribute(FiltersHelper.Constants.REQUEST_AUTH_TYPE_KEY, AuthType.NEGOTIATION);
req.setAttribute(FiltersHelper.Constants.REQUEST_PROFILE_KEY, profile.getName());
stack.clear();
break;
case Authn.AuthResult.NEGOTIATION_UNAUTHORIZED:
stack.pop();
break;
case Authn.AuthResult.NEGOTIATION_INCOMPLETE:
stop = true;
break;
default:
log.error("Unexpected authentication result. AuthResult code is {}", output.<Integer>get(Authn.InvokeKeys.RESULT));
stack.pop();
break;
}
}
}
use of org.ovirt.engine.api.extensions.ExtMap in project ovirt-engine by oVirt.
the class AcctUtils method reportReason.
public static void reportReason(int reportReason, String message, Object... msgArgs) {
ExtMap input = new ExtMap().mput(Acct.InvokeKeys.REASON, reportReason).mput(Acct.InvokeKeys.MESSAGE, String.format(message, msgArgs));
report(input);
}
Aggregations