186 lines
8.3 KiB
Diff
186 lines
8.3 KiB
Diff
diff -Naru a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/servlet/SsoPostLoginServlet.java b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/servlet/SsoPostLoginServlet.java
|
|
--- a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/servlet/SsoPostLoginServlet.java 2021-07-20 03:39:24.000000000 +0800
|
|
+++ b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/servlet/SsoPostLoginServlet.java 2022-06-06 14:16:06.807214000 +0800
|
|
@@ -8,6 +8,7 @@
|
|
|
|
import javax.naming.InitialContext;
|
|
import javax.naming.NamingException;
|
|
+import javax.servlet.ServletException;
|
|
import javax.servlet.http.HttpServlet;
|
|
import javax.servlet.http.HttpServletRequest;
|
|
import javax.servlet.http.HttpServletResponse;
|
|
@@ -41,7 +42,7 @@
|
|
}
|
|
|
|
@Override
|
|
- public void init() {
|
|
+ public void init() throws ServletException {
|
|
String strVal = getServletConfig().getInitParameter("login-as-admin");
|
|
if (strVal == null) {
|
|
throw new RuntimeException("No login-as-admin init parameter specified for SsoPostLoginServlet.");
|
|
@@ -61,9 +62,8 @@
|
|
@Override
|
|
protected void service(HttpServletRequest request, HttpServletResponse response) throws IOException {
|
|
log.debug("Entered SsoPostLoginServlet");
|
|
- String username;
|
|
+ String username = null;
|
|
String profile = null;
|
|
- String authzName;
|
|
InitialContext ctx = null;
|
|
try {
|
|
String error_description = request.getParameter("error_description");
|
|
@@ -90,12 +90,12 @@
|
|
Map<String, Object> payload = (Map<String, Object>) jsonResponse.get("ovirt");
|
|
|
|
username = (String) jsonResponse.get("user_id");
|
|
+ profile = "";
|
|
int index = username.lastIndexOf("@");
|
|
if (index != -1) {
|
|
profile = username.substring(index + 1);
|
|
username = username.substring(0, index);
|
|
}
|
|
- authzName = (String) jsonResponse.get("user_authz");
|
|
|
|
try {
|
|
ctx = new InitialContext();
|
|
@@ -120,14 +120,12 @@
|
|
"Unable to login user %s@%s with profile [%s]" +
|
|
" because the maximum number of allowed sessions %s is exceeded",
|
|
username,
|
|
- authzName,
|
|
profile,
|
|
maxUserSessions));
|
|
}
|
|
throw new RuntimeException(String.format(
|
|
"The user %s@%s with profile [%s] is not authorized to perform login",
|
|
username,
|
|
- authzName,
|
|
profile));
|
|
} else {
|
|
HttpSession httpSession = request.getSession(true);
|
|
@@ -143,9 +141,7 @@
|
|
} catch (RuntimeException ex) {
|
|
throw ex;
|
|
} catch (Exception ex) {
|
|
- throw new RuntimeException(
|
|
- String.format("User login failure: %s@%s with profile [%s]", username, authzName, profile),
|
|
- ex);
|
|
+ throw new RuntimeException(String.format("User login failure: %s", username), ex);
|
|
} finally {
|
|
try {
|
|
if (ctx != null) {
|
|
diff -Naru a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/SsoUtils.java b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/SsoUtils.java
|
|
--- a/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/SsoUtils.java 2021-07-20 03:39:24.000000000 +0800
|
|
+++ b/backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/SsoUtils.java 2022-06-06 14:19:02.265717000 +0800
|
|
@@ -33,7 +33,7 @@
|
|
public static String createUserSession(HttpServletRequest req,
|
|
Map<String, Object> jsonResponse,
|
|
boolean loginAsAdmin) throws Exception {
|
|
- String engineSessionId;
|
|
+ String engineSessionId = null;
|
|
if (!FiltersHelper.isStatusOk(jsonResponse)) {
|
|
throw new RuntimeException((String) jsonResponse.get("MESSAGE"));
|
|
}
|
|
@@ -46,7 +46,6 @@
|
|
profile = username.substring(index + 1);
|
|
username = username.substring(0, index);
|
|
}
|
|
- String authzName = (String) jsonResponse.get("user_authz");
|
|
try {
|
|
ctx = new InitialContext();
|
|
ActionReturnValue queryRetVal = FiltersHelper.getBackend(ctx).runAction(ActionType.CreateUserSession,
|
|
@@ -70,14 +69,12 @@
|
|
"Unable to login user %s@%s with profile [%s] " +
|
|
"because the maximum number of allowed sessions %s is exceeded",
|
|
username,
|
|
- authzName,
|
|
profile,
|
|
EngineLocalConfig.getInstance().getInteger("ENGINE_MAX_USER_SESSIONS")));
|
|
}
|
|
throw new RuntimeException(String.format(
|
|
"The user %s@%s with profile [%s] is not authorized to perform login",
|
|
username,
|
|
- authzName,
|
|
profile));
|
|
}
|
|
engineSessionId = queryRetVal.getActionReturnValue();
|
|
@@ -90,8 +87,8 @@
|
|
true);
|
|
}
|
|
} catch (Exception ex) {
|
|
- log.error("User '{}@{}' with profile [{}] login failed: {}", username, authzName, profile, ex.getMessage());
|
|
- log.debug("User '{}@{}' with profile [{}] login failed", username, authzName, profile, ex);
|
|
+ log.error("User '{}@{}' login failed: {}", username, profile, ex.getMessage());
|
|
+ log.debug("User '{}@{}' login failed", username, profile, ex);
|
|
throw ex;
|
|
} finally {
|
|
try {
|
|
@@ -139,7 +136,6 @@
|
|
if (StringUtils.isNotBlank(alternateFqdnString)) {
|
|
Arrays.stream(alternateFqdnString.trim().split("\\s *"))
|
|
.filter(StringUtils::isNotBlank)
|
|
- .map(String::toLowerCase)
|
|
.forEach(allowedDomains::add);
|
|
}
|
|
|
|
@@ -148,7 +144,7 @@
|
|
|
|
private static String parseHostFromUrl(String url, String urlPropertyName) {
|
|
try {
|
|
- return new URI(url).getHost().toLowerCase();
|
|
+ return new URI(url).getHost();
|
|
} catch (URISyntaxException e) {
|
|
throw new IllegalStateException(urlPropertyName + " not a valid URI: " + url);
|
|
}
|
|
diff -Naru a/backend/manager/modules/aaa/src/test/java/org/ovirt/engine/core/aaa/SsoUtilsTest.java b/backend/manager/modules/aaa/src/test/java/org/ovirt/engine/core/aaa/SsoUtilsTest.java
|
|
--- a/backend/manager/modules/aaa/src/test/java/org/ovirt/engine/core/aaa/SsoUtilsTest.java 2021-07-20 03:39:24.000000000 +0800
|
|
+++ b/backend/manager/modules/aaa/src/test/java/org/ovirt/engine/core/aaa/SsoUtilsTest.java 2022-06-06 14:20:07.028614000 +0800
|
|
@@ -38,23 +38,6 @@
|
|
}
|
|
|
|
@Test
|
|
- public void shouldMatchAppUrlDomainOnAlternateSSOEngineUrlRegardlessUpperCase() {
|
|
- // given
|
|
- EngineLocalConfig.getInstance(new HashMap<>() {
|
|
- {
|
|
- put("SSO_ENGINE_URL", "https://engine.example.com:8221/ovirt-engine");
|
|
- put("SSO_ALTERNATE_ENGINE_FQDNS", "engine1.example.com ALTERNATE-engine.example.com");
|
|
- }
|
|
- });
|
|
-
|
|
- // when
|
|
- boolean valid = SsoUtils.isDomainValid("https://alternate-engine.EXAMPLE.com:20001/somerest/api_v9");
|
|
-
|
|
- // then
|
|
- Assertions.assertTrue(valid);
|
|
- }
|
|
-
|
|
- @Test
|
|
public void shouldAllowBlankAppUrl() {
|
|
// given
|
|
EngineLocalConfig.getInstance(new HashMap<>() {
|
|
@@ -103,23 +86,6 @@
|
|
|
|
// then
|
|
Assertions.assertTrue(valid);
|
|
- }
|
|
-
|
|
- @Test
|
|
- public void shouldMatchAppUrlDomainOnSSOEngineUrlRegardlessUpperCase() {
|
|
- // given
|
|
- EngineLocalConfig.getInstance(new HashMap<>() {
|
|
- {
|
|
- put("SSO_ENGINE_URL", "https://engine.EXAMPLE.com:30003/ovirt-engine");
|
|
- put("SSO_ALTERNATE_ENGINE_FQDNS", "alternate-engine.example.com");
|
|
- }
|
|
- });
|
|
-
|
|
- // when
|
|
- boolean valid = SsoUtils.isDomainValid("https://ENGINE.example.com:20001/somerest/api_v9");
|
|
-
|
|
- // then
|
|
- Assertions.assertTrue(valid);
|
|
}
|
|
|
|
@Test
|