use of org.owasp.esapi.Encoder in project OpenAM by OpenRock.
the class FederationViewBean method populateCOTTable.
private void populateCOTTable() {
tablePopulated = true;
FSAuthDomainsModel model = (FSAuthDomainsModel) getModel();
Set circleOfTrustDescriptors = model.getCircleOfTrustDescriptors();
CCActionTableModel tableModel = (CCActionTableModel) propertySheetModel.getModel(COT_TABLE);
tableModel.clearAll();
SerializedField szCache = (SerializedField) getChild(SZ_CACHE);
if ((circleOfTrustDescriptors != null) && (!circleOfTrustDescriptors.isEmpty())) {
List cache = new ArrayList(circleOfTrustDescriptors.size());
boolean first = true;
for (Iterator iter = circleOfTrustDescriptors.iterator(); iter.hasNext(); ) {
if (first) {
first = false;
} else {
tableModel.appendRow();
}
CircleOfTrustDescriptor desc = (CircleOfTrustDescriptor) iter.next();
String name = desc.getCircleOfTrustName();
tableModel.setValue(COT_NAME_VALUE, name);
tableModel.setValue(COT_NAME_HREF, stringToHex(name));
// get entity/provider name
Set entitySet = desc.getTrustedProviders();
if ((entitySet != null) && (!entitySet.isEmpty())) {
Iterator it = entitySet.iterator();
StringBuffer sb = new StringBuffer();
Encoder encoder = ESAPI.encoder();
while (it.hasNext()) {
String entity = (String) it.next();
sb.append(encoder.encodeForHTML(entity)).append("<br>");
}
tableModel.setValue(COT_ENTITY_VALUE, sb.toString());
} else {
tableModel.setValue(COT_ENTITY_VALUE, "");
}
// get realm name
String realm = desc.getCircleOfTrustRealm();
tableModel.setValue(COT_REALM_VALUE, realm);
// get cot status
String status = desc.getCircleOfTrustStatus();
if ((status != null) && status.equals("active")) {
tableModel.setValue(COT_STATUS_VALUE, "label.active");
} else {
tableModel.setValue(COT_STATUS_VALUE, "label.inactive");
}
cache.add(name + "," + realm);
}
szCache.setValue((ArrayList) cache);
} else {
szCache.setValue(null);
}
}
use of org.owasp.esapi.Encoder in project OpenAM by OpenRock.
the class ConsumerRequest method postConsumerRegistrations.
/**
* POST method for registering a Service Consumer
* and obtaining corresponding consumer key & secret.
*
* @param formParams {@link String} containing the service
* consumer's description.
* This description takes the form of name=value pairs separated by &.
* The following parameters are supported:
* <OL>
* <LI>name - the service consumer's name.</LI>
* <LI>icon - the service consumer's URI for its icon (MUST be unique).</LI>
* <LI>service - the service consumer's URI for its service</LI>
* <LI>rsapublickey - (optional) the RSA public key of the Service Consumer.</LI>
* </OL>
* <p>
*
* Example of string:
* <pre>
* name=Service XYZ&icon=http://www.example.com/icon.jpg&service=http://www.example.com
* </pre>
*
*
* @return an HTTP response with content of the created resource.
* The location URI is set to the newly created OAuth consumer key.
* The body of the response is of the form:
* <pre>
* consumer_key=http://serviceprovider/0123456762121
* consumer_secret=12345633
* </pre>
* Both values are URL encoded.
*/
@POST
@Consumes("application/x-www-form-urlencoded")
public Response postConsumerRegistrations(MultivaluedMap<String, String> formParams) {
OAuthResourceManager oauthResMgr = OAuthResourceManager.getInstance();
try {
Consumer cons = new Consumer();
String cert = null;
String tmpsecret = null;
Boolean keyed = false;
Set<String> pnames = formParams.keySet();
Iterator<String> iter = pnames.iterator();
Encoder enc = ESAPI.encoder();
Validator validator = ESAPI.validator();
while (iter.hasNext()) {
String key = iter.next();
String val = formParams.getFirst(key);
if (key.equalsIgnoreCase(C_NAME)) {
String consumerName = enc.canonicalize(val);
if (!validator.isValidInput(C_NAME, consumerName, "HTTPParameterValue", 512, true)) {
String resp = "Invalid name entered entered. Please try again.";
return Response.ok().entity(resp).type(MediaType.APPLICATION_FORM_URLENCODED).build();
}
// Check if a consumer with the same name is already registered,
// if so, will not do the registration again.
Map<String, String> searchMap = new HashMap<String, String>();
searchMap.put(CONSUMER_NAME, consumerName);
List<Consumer> consumers = oauthResMgr.searchConsumers(searchMap);
if ((consumers != null) && (!consumers.isEmpty())) {
String resp = "A consumer is already registered with name " + enc.encodeForHTML(consumerName) + ".";
return Response.ok().entity(resp).type(MediaType.APPLICATION_FORM_URLENCODED).build();
}
cons.setConsName(consumerName);
} else if (key.equalsIgnoreCase(C_CERT)) {
// The cert is in PEM format (no URL decode needed)
cert = val;
} else if (key.equalsIgnoreCase(C_SECRET)) {
tmpsecret = URLDecoder.decode(val);
} else if (key.equalsIgnoreCase(C_KEY)) {
keyed = true;
String consumerKey = enc.canonicalize(val);
if (!validator.isValidInput(C_KEY, consumerKey, "HTTPParameterValue", 512, true)) {
String resp = "Invalid key entered entered. Please try again.";
return Response.ok().entity(resp).type(MediaType.APPLICATION_FORM_URLENCODED).build();
}
// Check if a consumer with the same key is already registered,
// if so, will not do the registration again.
cons.setConsKey(consumerKey);
Map<String, String> searchMap = new HashMap<String, String>();
searchMap.put(CONSUMER_KEY, consumerKey);
List<Consumer> consumers = oauthResMgr.searchConsumers(searchMap);
if ((consumers != null) && (!consumers.isEmpty())) {
String resp = "A consumer is already registered with key " + enc.encodeForHTML(consumerKey) + ".";
return Response.ok().entity(resp).type(MediaType.APPLICATION_FORM_URLENCODED).build();
}
} else {
// anything else is ignored for the time being
}
}
if (cert != null) {
cons.setConsRsakey(cert);
}
if (tmpsecret != null) {
cons.setConsSecret(tmpsecret);
} else {
cons.setConsSecret(new UniqueRandomString().getString());
}
if (!keyed) {
String baseUri = context.getBaseUri().toString();
if (baseUri.endsWith("/"))
baseUri = baseUri.substring(0, baseUri.length() - 1);
URI loc = URI.create(baseUri + PathDefs.CONSUMERS_PATH + "/" + new UniqueRandomString().getString());
String consKey = loc.toString();
cons.setConsKey(consKey);
}
oauthResMgr.createConsumer(null, cons);
String resp = "consumer_key=" + URLEncoder.encode(cons.getConsKey()) + "&consumer_secret=" + URLEncoder.encode(cons.getConsSecret());
return Response.created(URI.create(cons.getConsKey())).entity(resp).type(MediaType.APPLICATION_FORM_URLENCODED).build();
} catch (OAuthServiceException e) {
Logger.getLogger(ConsumerRequest.class.getName()).log(Level.SEVERE, null, e);
throw new WebApplicationException(e);
} catch (IntrusionException e) {
Logger.getLogger(ConsumerRequest.class.getName()).log(Level.SEVERE, null, e);
throw new WebApplicationException(e);
} catch (EncodingException e) {
Logger.getLogger(ConsumerRequest.class.getName()).log(Level.SEVERE, null, e);
throw new WebApplicationException(e);
}
}
use of org.owasp.esapi.Encoder in project simba-os by cegeka.
the class ActiveDirectoryLoginModule method verifyLoginData.
@Override
protected boolean verifyLoginData() throws FailedLoginException {
String[] returnedAtts = { authenticationAttribute };
Encoder encoder = DefaultEncoder.getInstance();
String requestSearchFilter = searchFilter.replaceAll("%USERNAME%", encoder.encodeForLDAP(getUsername()));
SearchControls searchCtls = new SearchControls();
searchCtls.setReturningAttributes(returnedAtts);
searchCtls.setSearchScope(searchScope);
Hashtable<String, String> env = getEnv();
debug("Verifying credentials for user: " + getUsername());
boolean ldapUser = false;
String userCN = null;
try {
LdapContext ldapContext = getLdapContext(env);
if (ldapContext != null) {
NamingEnumeration<SearchResult> answer = ldapContext.search(searchBase, requestSearchFilter, searchCtls);
while (!ldapUser && answer.hasMoreElements()) {
SearchResult sr = answer.next();
userCN = sr.getName();
Attributes attrs = sr.getAttributes();
if (attrs != null) {
NamingEnumeration<? extends Attribute> ne = attrs.getAll();
ldapUser = ne.hasMore();
ne.close();
}
}
debug("Authentication succeeded");
if (Boolean.TRUE.equals(GlobalContext.locate(ConfigurationServiceImpl.class).getValue(SimbaConfigurationParameter.ENABLE_AD_GROUPS)) && userCN != null) {
updateUserGroups(ldapContext, userCN);
}
}
return ldapUser;
} catch (NamingException ex) {
debug("Authentication failed");
throw new FailedLoginException(ex.getMessage());
}
}
Aggregations