Examples with ExtMap org.ovirt.engine.api.extensions.ExtMap used on opensource projects

Example 41 with ExtMap

use of org.ovirt.engine.api.extensions.ExtMap in project ovirt-engine by oVirt.

the class DirectoryUtils method mapPrincipalRecordToDirectoryUser.

public DirectoryUser mapPrincipalRecordToDirectoryUser(final String authzName, final ExtMap principalRecord) {
    DirectoryUser directoryUser = null;
    if (principalRecord != null) {
        directoryUser = new DirectoryUser(authzName, principalRecord.get(Authz.PrincipalRecord.NAMESPACE), principalRecord.get(Authz.PrincipalRecord.ID), principalRecord.get(Authz.PrincipalRecord.NAME), principalRecord.get(Authz.PrincipalRecord.PRINCIPAL), principalRecord.get(Authz.PrincipalRecord.DISPLAY_NAME));
        directoryUser.setDepartment(principalRecord.get(Authz.PrincipalRecord.DEPARTMENT));
        directoryUser.setFirstName(principalRecord.get(Authz.PrincipalRecord.FIRST_NAME));
        directoryUser.setLastName(principalRecord.get(Authz.PrincipalRecord.LAST_NAME));
        directoryUser.setEmail(principalRecord.get(Authz.PrincipalRecord.EMAIL));
        directoryUser.setTitle(principalRecord.get(Authz.PrincipalRecord.TITLE));
        directoryUser.setPrincipal(principalRecord.get(Authz.PrincipalRecord.PRINCIPAL));
        List<DirectoryGroup> directoryGroups = new ArrayList<>();
        Collection<ExtMap> groups = principalRecord.get(Authz.PrincipalRecord.GROUPS);
        if (groups != null) {
            for (ExtMap group : groups) {
                directoryGroups.add(mapGroupRecordToDirectoryGroup(authzName, group));
            }
        }
        directoryUser.setGroups(directoryGroups);
    }
    return directoryUser;
}

Example 42 with ExtMap

use of org.ovirt.engine.api.extensions.ExtMap in project ovirt-engine by oVirt.

the class GetDirectoryGroupsForUserQuery method getDirectoryUser.

private Collection<DirectoryGroup> getDirectoryUser(DbUser dbUser) {
    Collection<DirectoryGroup> groups = new ArrayList<>();
    Map<String, Object> response = SsoOAuthServiceUtils.findPrincipalsByIds(getSessionDataContainer().getSsoAccessToken(getParameters().getSessionId()), dbUser.getDomain(), dbUser.getNamespace(), Arrays.asList(dbUser.getExternalId()), true, true);
    Collection<ExtMap> principalRecords = Collections.emptyList();
    if (response.containsKey("result")) {
        principalRecords = (Collection<ExtMap>) response.get("result");
    }
    if (!principalRecords.isEmpty()) {
        ExtMap principalRecord = principalRecords.iterator().next();
        directoryUtils.flatGroups(principalRecord);
        for (ExtMap group : principalRecord.<Collection<ExtMap>>get(PrincipalRecord.GROUPS, Collections.<ExtMap>emptyList())) {
            groups.add(directoryUtils.mapGroupRecordToDirectoryGroup(dbUser.getDomain(), group));
        }
    }
    return groups;
}

Example 43 with ExtMap

use of org.ovirt.engine.api.extensions.ExtMap in project ovirt-engine by oVirt.

the class SsoRestApiNegotiationFilter method cacheNegotiatingProfiles.

private synchronized void cacheNegotiatingProfiles() {
    schemes = new ArrayList<>();
    profiles = new ArrayList<>();
    for (AuthenticationProfile profile : AuthenticationProfileRepository.getInstance().getProfiles()) {
        ExtMap authnContext = profile.getAuthn().getContext();
        if ((authnContext.<Long>get(Authn.ContextKeys.CAPABILITIES).longValue() & caps) != 0) {
            profiles.add(profile);
            schemes.addAll(authnContext.<Collection<String>>get(Authn.ContextKeys.HTTP_AUTHENTICATION_SCHEME, Collections.<String>emptyList()));
        }
    }
    Collections.sort(profiles, Comparator.comparing(AuthenticationProfile::getNegotiationPriority));
}

Example 44 with ExtMap

use of org.ovirt.engine.api.extensions.ExtMap in project ovirt-engine by oVirt.

the class SsoRestApiNegotiationFilter method doAuth.

private AuthResult doAuth(HttpServletRequest req, HttpServletResponse rsp, Deque<AuthenticationProfile> stack) throws IOException, ServletException {
    AuthResult authResult = new AuthResult();
    log.debug("Performing external authentication");
    boolean stop = false;
    while (!stop && !stack.isEmpty()) {
        AuthenticationProfile profile = stack.peek();
        ExtMap output = profile.getAuthn().invoke(new ExtMap().mput(Base.InvokeKeys.COMMAND, Authn.InvokeCommands.AUTHENTICATE_NEGOTIATE).mput(Authn.InvokeKeys.HTTP_SERVLET_REQUEST, req).mput(Authn.InvokeKeys.HTTP_SERVLET_RESPONSE, rsp));
        switch(output.<Integer>get(Authn.InvokeKeys.RESULT)) {
            case Authn.AuthResult.SUCCESS:
                ExtMap authRecord = output.get(Authn.InvokeKeys.AUTH_RECORD);
                authResult.authRecord = authRecord;
                authResult.username = String.format("%s@%s", authRecord.get(Authn.AuthRecord.PRINCIPAL), profile.getName());
                stack.clear();
                break;
            case Authn.AuthResult.NEGOTIATION_UNAUTHORIZED:
                stack.pop();
                break;
            case Authn.AuthResult.NEGOTIATION_INCOMPLETE:
                stop = true;
                break;
            default:
                log.error("Unexpected authentication result. AuthResult code is {}", output.<Integer>get(Authn.InvokeKeys.RESULT));
                stack.pop();
                break;
        }
    }
    log.debug("External Authentication result: {}", StringUtils.isNotEmpty(authResult.username));
    return authResult;
}

Example 45 with ExtMap

use of org.ovirt.engine.api.extensions.ExtMap in project ovirt-engine by oVirt.

the class SsoPostLoginServlet method service.

@Override
protected void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    log.debug("Entered SsoPostLoginServlet");
    String username = null;
    String profile = null;
    InitialContext ctx = null;
    try {
        String error_description = request.getParameter("error_description");
        String error = request.getParameter("error");
        if (StringUtils.isNotEmpty(error_description) && StringUtils.isNotEmpty(error)) {
            throw new RuntimeException(String.format("%s: %s", error, error_description));
        }
        String code = request.getParameter("code");
        if (StringUtils.isEmpty(code)) {
            throw new RuntimeException("No authorization code found in request");
        }
        String appUrl = request.getParameter("app_url");
        log.debug("Received app_url '{}'", appUrl);
        Map<String, Object> jsonResponse = FiltersHelper.getPayloadForAuthCode(code, "ovirt-app-admin ovirt-app-portal ovirt-app-api", URLEncoder.encode(postActionUrl, "UTF-8"));
        Map<String, Object> payload = (Map<String, Object>) jsonResponse.get("ovirt");
        username = (String) jsonResponse.get("user_id");
        profile = "";
        int index = username.lastIndexOf("@");
        if (index != -1) {
            profile = username.substring(index + 1);
            username = username.substring(0, index);
        }
        try {
            ctx = new InitialContext();
            ActionReturnValue queryRetVal = FiltersHelper.getBackend(ctx).runAction(ActionType.CreateUserSession, new CreateUserSessionParameters((String) jsonResponse.get(SessionConstants.SSO_TOKEN_KEY), (String) jsonResponse.get(SessionConstants.SSO_SCOPE_KEY), appScope, profile, username, (String) payload.get("principal_id"), (String) payload.get("email"), (String) payload.get("first_name"), (String) payload.get("last_name"), (String) payload.get("namespace"), request.getRemoteAddr(), (Collection<ExtMap>) payload.get("group_ids"), loginAsAdmin));
            if (!queryRetVal.getSucceeded()) {
                throw new RuntimeException(String.format("The user %s@%s is not authorized to perform login", username, profile));
            } else {
                HttpSession httpSession = request.getSession(true);
                httpSession.setAttribute(SessionConstants.HTTP_SESSION_ENGINE_SESSION_ID_KEY, queryRetVal.getActionReturnValue());
                httpSession.setAttribute(FiltersHelper.Constants.REQUEST_LOGIN_FILTER_AUTHENTICATION_DONE, true);
                log.debug("Redirecting to '{}'", appUrl);
                response.sendRedirect(appUrl);
            }
        } catch (RuntimeException ex) {
            throw ex;
        } catch (Exception ex) {
            throw new RuntimeException(String.format("User login failure: %s", username), ex);
        } finally {
            try {
                if (ctx != null) {
                    ctx.close();
                }
            } catch (NamingException ex) {
                log.error("Unable to close context", ex);
            }
        }
    } catch (Exception ex) {
        log.error(ex.getMessage());
        log.debug("User login failure", ex);
        String url = String.format("%s://%s:%s%s/", request.getScheme(), FiltersHelper.getRedirectUriServerName(request.getServerName()), request.getServerPort(), EngineLocalConfig.getInstance().getProperty("ENGINE_URI"));
        response.sendRedirect(new URLBuilder(url).addParameter("error_description", StringUtils.defaultIfEmpty(ex.getMessage(), "Internal Server error")).addParameter("error", "server_error").build());
    }
}