def __activate__(self, context):
self.log = context["log"]
self.request = context["request"]
self.sessionState = context["sessionState"]
self.setting = JsonSimple(context["systemConfig"].getObject("tim.notification"))
self.sessionState.set("username","admin")
# read configuration and trigger processing stream sets
# storing the return object on the map
self.dataMap = HashMap()
self.dataMap.put("indexer", context['Services'].getIndexer())
url = self.setting.getString("","url")
data = self.__wget(url)
json = JsonSimple(data)
if json.getInteger(0,["response","numFound"]) > 0 :
username = self.setting.getString("",["email","username"])
password = self.setting.getString("",["email","password"])
body = self.setting.getString("",["email","body"])
to = self.setting.getString("",["email","to"])
if self.setting.getString("",["email","testmode"]) == "true" :
body = body + "<p>TESTMODE: Was sent to " + to
to = self.setting.getString("",["email","redirect"])
email = HtmlEmail()
email.setAuthenticator(DefaultAuthenticator(username, password))
email.setHostName(self.setting.getString("localhost",["email","host"]))
email.setSmtpPort(self.setting.getInteger(25,["email","port"]))
email.setSSL(self.setting.getBoolean(False,["email","ssl"]))
email.setTLS(self.setting.getBoolean(False,["email","tls"]))
email.setFrom(self.setting.getString("",["email","from"]))
email.setSubject(self.setting.getString("Action Required in TIM",["email","subject"]))
email.addTo(to)
email.setHtmlMsg(body)
email.send()
def __activate__(self, context):
self.velocityContext = context
self.log = self.vc("log")
self.systemConfig = self.vc("systemConfig")
self.formData = context["formData"]
self.assertionText = self.formData.get("assertion")
self.session = self.vc("sessionState")
self.response = self.vc("response")
self.request = self.vc("request")
method = self.request.getMethod()
#checking access method
if method != "POST":
self.log.error("Page not accessed by a POST, method:%s" % method)
return
self.sharedKey = String(self.systemConfig.getString("", "rapidAafSso", "sharedKey"))
self.aud = self.systemConfig.getString("", "rapidAafSso", "aud")
self.iss = self.systemConfig.getString("", "rapidAafSso", "iss")
#checking signature
jwsObject = JWSObject.parse(self.assertionText)
verifier = MACVerifier(self.sharedKey.getBytes())
verifiedSignature = jwsObject.verify(verifier)
if (verifiedSignature):
self.log.debug("Verified JWS signature!")
else:
self.log.error("Invalid JWS signature!")
return
self.log.debug(jwsObject.getPayload().toString())
self.log.debug(self.session.toString())
json = JsonSimple(jwsObject.getPayload().toString())
aud = json.getString("", "aud")
iss = json.getString("", "iss")
nbf = json.getInteger(None, "nbf")
exp = json.getInteger(None, "exp")
jti = json.getString("", "jti")
#checking aud
if self.aud != aud:
self.log.error("Invalid aud: '%s' expecting: '%s'" % (aud, self.aud))
return
#checking iss
if self.iss != iss:
self.log.error("Invalid iss: '%s' expecting: '%s'" % (iss, self.iss))
return
#checking times
now = Date().getTime() / 1000
if now < nbf or now > exp:
self.log.error("Invalid timings.")
return
#checking jti
attributeDao = ApplicationContextProvider.getApplicationContext().getBean("hibernateAuthUserAttributeDao")
params = HashMap()
params.put("key", "jti")
params.put("value", jti)
attrList = attributeDao.query("getUserAttributeByKeyAndValue", params)
if attrList.size() > 0:
self.log.error("Possible replay attack, jti:'%s' found in DB." % jti)
return
self.session.put("jwt", jwsObject.getPayload().toString())
self.session.put("jwt_json", json)
self.session.put("jwt_assertion", self.assertionText)
self.session.put("jwt_exp", exp)
self.returnAddress = self.session.get("returnAddress")
if self.returnAddress is None:
self.log.debug("No return address, using portalPath.")
self.returnAddress = self.vc("portalPath")
self.log.debug("RapidAAF SSO login complete, redirect to: %s" % self.returnAddress)
self.response.sendRedirect(self.returnAddress)
