Examples with ExtMap org.ovirt.engine.api.extensions.ExtMap used on opensource projects

Example 6 with ExtMap

use of org.ovirt.engine.api.extensions.ExtMap in project ovirt-engine by oVirt.

the class NegotiateAuthUtils method cacheNegotiatingProfiles.

private void cacheNegotiatingProfiles(final Collection<AuthenticationProfile> availableProfiles) {
    schemes = new HashSet<>();
    profiles = new ArrayList<>();
    for (AuthenticationProfile profile : availableProfiles) {
        ExtMap authnContext = profile.getAuthn().getContext();
        if ((authnContext.<Long>get(Authn.ContextKeys.CAPABILITIES).longValue() & caps) != 0) {
            profiles.add(profile);
            schemes.addAll(authnContext.<Collection<String>>get(Authn.ContextKeys.HTTP_AUTHENTICATION_SCHEME, Collections.<String>emptyList()));
        }
    }
    Collections.sort(profiles, Comparator.comparing(AuthenticationProfile::getNegotiationPriority));
}

Example 7 with ExtMap

use of org.ovirt.engine.api.extensions.ExtMap in project ovirt-engine by oVirt.

the class NegotiateAuthUtils method doAuth.

private AuthResult doAuth(HttpServletRequest req, HttpServletResponse rsp, Deque<AuthenticationProfile> stack) throws IOException, ServletException {
    log.debug("Performing external authentication");
    AuthResult retVal = new AuthResult(Authn.AuthResult.NEGOTIATION_UNAUTHORIZED);
    String token = null;
    boolean stop = false;
    try {
        while (!stop && !stack.isEmpty()) {
            AuthenticationProfile profile = stack.peek();
            ExtMap output = profile.getAuthn().invoke(new ExtMap().mput(Base.InvokeKeys.COMMAND, Authn.InvokeCommands.AUTHENTICATE_NEGOTIATE).mput(Authn.InvokeKeys.HTTP_SERVLET_REQUEST, req).mput(Authn.InvokeKeys.HTTP_SERVLET_RESPONSE, rsp));
            retVal.setStatus(output.<Integer>get(Authn.InvokeKeys.RESULT));
            switch(output.<Integer>get(Authn.InvokeKeys.RESULT)) {
                case Authn.AuthResult.SUCCESS:
                    try {
                        ExtMap authRecord = output.get(Authn.InvokeKeys.AUTH_RECORD);
                        if (profile.getMapper() != null) {
                            authRecord = profile.getMapper().invoke(new ExtMap().mput(Base.InvokeKeys.COMMAND, Mapping.InvokeCommands.MAP_AUTH_RECORD).mput(Authn.InvokeKeys.AUTH_RECORD, authRecord), true).get(Authn.InvokeKeys.AUTH_RECORD, authRecord);
                        }
                        ExtMap outputMap = profile.getAuthz().invoke(new ExtMap().mput(Base.InvokeKeys.COMMAND, Authz.InvokeCommands.FETCH_PRINCIPAL_RECORD).mput(Authn.InvokeKeys.AUTH_RECORD, authRecord).mput(Authz.InvokeKeys.QUERY_FLAGS, Authz.QueryFlags.RESOLVE_GROUPS | Authz.QueryFlags.RESOLVE_GROUPS_RECURSIVE));
                        SsoSession ssoSession = SsoUtils.persistAuthInfoInContextWithToken(req, null, profile.getName(), authRecord, outputMap.get(Authz.InvokeKeys.PRINCIPAL_RECORD));
                        log.info("User {}@{} successfully logged in with scopes : {} ", SsoUtils.getUserId(outputMap.get(Authz.InvokeKeys.PRINCIPAL_RECORD)), profile.getName(), ssoSession.getScope());
                        token = (String) req.getAttribute(SsoConstants.HTTP_REQ_ATTR_ACCESS_TOKEN);
                        stack.clear();
                    } catch (Exception e) {
                        log.debug("Cannot fetch principal, trying other authn extension.");
                        stack.pop();
                    }
                    break;
                case Authn.AuthResult.NEGOTIATION_UNAUTHORIZED:
                    stack.pop();
                    break;
                case Authn.AuthResult.NEGOTIATION_INCOMPLETE:
                    stop = true;
                    break;
                default:
                    log.error("Unexpected authentication result. AuthResult code: {}", output.<Integer>get(Authn.InvokeKeys.RESULT));
                    stack.pop();
                    break;
            }
        }
        if (!stack.isEmpty()) {
            req.getSession(true).setAttribute(STACK_ATTR, stack);
        } else {
            req.getSession(true).removeAttribute(STACK_ATTR);
        }
    } catch (Exception ex) {
        log.error("External Authentication Failed: {}", ex.getMessage());
        log.debug("External Authentication Failed", ex);
        token = null;
    }
    log.debug("External Authentication result: {}", StringUtils.isNotEmpty(token));
    retVal.setToken(token);
    return retVal;
}

Example 8 with ExtMap

use of org.ovirt.engine.api.extensions.ExtMap in project ovirt-engine by oVirt.

the class SsoUtils method prepareGroupMembershipsForJson.

/**
 * Currently jackson doesn't provide a way how to serialize graphs with cyclic references between nodes, which
 * may happen if those cyclic dependencies exists among nested groups which is a user member of. So in order to
 * serialize to JSON successfully we do the following:
 *   1. If a principal is a direct member of a group, than put into group record key
 *      {@code Authz.PrincipalRecord.PRINCIPAL}
 *   2. Change group memberships to contain only IDs of groups and not full group records by changing list in
 *      {@code Authz.GroupRecord.GROUPS} from {@code Collection<ExtMap>} to {@code Collection<String>}
 *   3. Return all referenced group records as a set
 * The whole process needs to be reversed on engine side, see
 * {@code org.ovirt.engine.core.aaa.SsoOAuthServiceUtils.processGroupMembershipsFromJson()}
 */
public static Collection<ExtMap> prepareGroupMembershipsForJson(Collection<ExtMap> groupRecords) {
    Map<String, ExtMap> resolvedGroups = new HashMap<>();
    for (ExtMap origRecord : groupRecords) {
        if (!resolvedGroups.containsKey(origRecord.<String>get(Authz.GroupRecord.ID))) {
            ExtMap groupRecord = new ExtMap(origRecord);
            groupRecord.put(Authz.PrincipalRecord.PRINCIPAL, "");
            resolvedGroups.put(groupRecord.get(Authz.GroupRecord.ID), groupRecord);
            groupRecord.put(Authz.GroupRecord.GROUPS, processGroupMemberships(groupRecord.get(Authz.GroupRecord.GROUPS, Collections.emptyList()), resolvedGroups));
        }
    }
    return new ArrayList<>(resolvedGroups.values());
}

Example 9 with ExtMap

use of org.ovirt.engine.api.extensions.ExtMap in project ovirt-engine by oVirt.

the class ExtensionsManager method loadImpl.

private synchronized String loadImpl(Properties props, File confFile) {
    ExtensionEntry entry = new ExtensionEntry(props, confFile);
    if (!entry.enabled) {
        return null;
    }
    ExtensionEntry alreadyLoadedEntry = loadedEntries.get(entry.name);
    if (alreadyLoadedEntry != null) {
        throw new ConfigurationException(String.format("Could not load the configuration '%1$s' from file %2$s. A configuration with the same name was already loaded from file %3$s", entry.name, entry.getFileName(), alreadyLoadedEntry.getFileName()));
    }
    try {
        entry.extension = loadExtension(props);
        entry.extension.getContext().mput(Base.ContextKeys.GLOBAL_CONTEXT, globalContext).mput(TRACE_LOG_CONTEXT_KEY, traceLog).mput(Base.ContextKeys.INTERFACE_VERSION_MIN, 0).mput(Base.ContextKeys.INTERFACE_VERSION_MAX, Base.INTERFACE_VERSION_CURRENT).mput(Base.ContextKeys.LOCALE, Locale.getDefault().toString()).mput(Base.ContextKeys.CONFIGURATION_FILE, entry.file == null ? null : entry.file.getAbsolutePath()).mput(Base.ContextKeys.CONFIGURATION, props).mput(Base.ContextKeys.CONFIGURATION_SENSITIVE_KEYS, splitString(props.getProperty(Base.ConfigKeys.SENSITIVE_KEYS, ""))).mput(Base.ContextKeys.INSTANCE_NAME, entry.name).mput(Base.ContextKeys.PROVIDES, splitString(props.getProperty(Base.ConfigKeys.PROVIDES, "")));
        log.info("Loading extension '{}'", entry.name);
        ExtMap output = entry.extension.invoke(new ExtMap().mput(Base.InvokeKeys.COMMAND, Base.InvokeCommands.LOAD));
        log.info("Extension '{}' loaded", entry.name);
        entry.extension.getContext().put(TRACE_LOG_CONTEXT_KEY, LoggerFactory.getLogger(String.format("%1$s.%2$s.%3$s", traceLog.getName(), entry.extension.getContext().get(Base.ContextKeys.EXTENSION_NAME), entry.extension.getContext().get(Base.ContextKeys.INSTANCE_NAME))));
        if (output.<Integer>get(Base.InvokeKeys.RESULT) != Base.InvokeResult.SUCCESS) {
            throw new RuntimeException(String.format("Invoke of LOAD returned with error code: %1$s", output.<Integer>get(Base.InvokeKeys.RESULT)));
        }
    } catch (Exception e) {
        throw new RuntimeException(String.format("Error loading extension '%1$s': %2$s", entry.name, e.getMessage()), e);
    }
    loadedEntries.put(entry.name, entry);
    dumpConfig(entry.extension);
    setChanged();
    notifyObservers();
    return entry.name;
}

Example 10 with ExtMap

use of org.ovirt.engine.api.extensions.ExtMap in project ovirt-engine by oVirt.

the class AuthenticationUtils method changePassword.

public static void changePassword(SsoContext context, HttpServletRequest request, Credentials credentials) throws AuthenticationException {
    ExtensionProfile profile = getExtensionProfile(context, credentials.getProfile());
    String user = mapUser(profile, credentials);
    log.debug("AuthenticationUtils.changePassword invoking CREDENTIALS_CHANGE on authn");
    ExtMap outputMap = profile.authn.invoke(new ExtMap().mput(Base.InvokeKeys.COMMAND, Authn.InvokeCommands.CREDENTIALS_CHANGE).mput(Authn.InvokeKeys.USER, user).mput(Authn.InvokeKeys.CREDENTIALS, credentials.getCredentials()).mput(Authn.InvokeKeys.CREDENTIALS_NEW, credentials.getNewCredentials()));
    if (outputMap.<Integer>get(Base.InvokeKeys.RESULT) != Base.InvokeResult.SUCCESS || outputMap.<Integer>get(Authn.InvokeKeys.RESULT) != Authn.AuthResult.SUCCESS) {
        SsoUtils.getSsoSession(request).setChangePasswdCredentials(credentials);
        log.debug("AuthenticationUtils.changePassword CREDENTIALS_CHANGE on authn failed");
        throw new AuthenticationException(AuthnMessageMapper.mapMessageErrorCode(context, request, credentials.getProfile(), outputMap));
    }
    log.debug("AuthenticationUtils.changePassword CREDENTIALS_CHANGE on authn succeeded");
}