diff options
| author | Thomas <> | 2023-12-20 11:35:34 +0100 | 
|---|---|---|
| committer | Thomas <> | 2023-12-20 11:35:34 +0100 | 
| commit | 57bcf96c65d2cbc18076a305a4cc61774a03d4a3 (patch) | |
| tree | f28a22187a8a0476c32b6b0cd6807b1a2aec0596 /eaaf_core | |
| parent | e0349ae2e7460bb679c114a54d9be053199aaeae (diff) | |
| download | EAAF-Components-57bcf96c65d2cbc18076a305a4cc61774a03d4a3.tar.gz EAAF-Components-57bcf96c65d2cbc18076a305a4cc61774a03d4a3.tar.bz2 EAAF-Components-57bcf96c65d2cbc18076a305a4cc61774a03d4a3.zip | |
chore(core): add publicURLPrefix validation into some more modules
Diffstat (limited to 'eaaf_core')
2 files changed, 29 insertions, 18 deletions
| diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java index bf449d44..84753408 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java @@ -27,8 +27,6 @@ import org.apache.commons.lang3.ArrayUtils;  import org.apache.commons.lang3.StringUtils;  import org.apache.commons.text.StringEscapeUtils;  import org.owasp.encoder.Encode; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory;  import org.springframework.beans.factory.annotation.Autowired;  import org.springframework.context.ApplicationContext;  import org.springframework.lang.NonNull; @@ -47,6 +45,7 @@ import at.gv.egiz.eaaf.core.api.gui.ModifyableGuiBuilderConfiguration;  import at.gv.egiz.eaaf.core.api.idp.IAction;  import at.gv.egiz.eaaf.core.api.idp.IAuthData;  import at.gv.egiz.eaaf.core.api.idp.IAuthenticationDataBuilder; +import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;  import at.gv.egiz.eaaf.core.api.idp.IModulInfo;  import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;  import at.gv.egiz.eaaf.core.api.idp.auth.IAuthenticationManager; @@ -74,14 +73,17 @@ import at.gv.egiz.eaaf.core.impl.idp.auth.services.IErrorService.IHandleData;  import at.gv.egiz.eaaf.core.impl.idp.auth.services.IErrorService.LogLevel;  import at.gv.egiz.eaaf.core.impl.idp.controller.ProtocolFinalizationController;  import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; -import at.gv.egiz.eaaf.core.impl.utils.ServletUtils;  import jakarta.annotation.PostConstruct;  import jakarta.servlet.http.HttpServletRequest;  import jakarta.servlet.http.HttpServletResponse; +import lombok.extern.slf4j.Slf4j; +@Slf4j  @Service  public class ProtocolAuthenticationService implements IProtocolAuthenticationService { -  private static final Logger log = LoggerFactory.getLogger(ProtocolAuthenticationService.class); + +  @Autowired(required = true) +  protected IConfigurationWithSP authConfig;    @Autowired(required = true)    private ApplicationContext applicationContext; @@ -363,12 +365,19 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer        guiBuilder.build(req, resp, parentHopGuiConfig, "iFrame-to-parent");      } else { -      // build up redirect URL -      final String redirectUrl = generateErrorRedirectUrl(req, errorKey); -      resp.setContentType("text/html"); -      resp.setStatus(302); -      resp.addHeader("Location", redirectUrl); -      log.debug("REDIRECT TO: {}", redirectUrl); +      try { +        // build up redirect URL +        final String redirectUrl = generateErrorRedirectUrl(req, errorKey); +        resp.setContentType("text/html"); +        resp.setStatus(302); +        resp.addHeader("Location", redirectUrl); +        log.debug("REDIRECT TO: {}", redirectUrl); + +      } catch (EaafException e) { +        log.error("Can not forward to error page", e); +        throw new GuiBuildException("Redirect URL generation error", e); + +      }      }    } @@ -592,9 +601,9 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer      return null;    } -  private String generateErrorRedirectUrl(final HttpServletRequest req, String errorKey) { -    String redirectUrl = null; -    redirectUrl = ServletUtils.getBaseUrl(req); +  private String generateErrorRedirectUrl(final HttpServletRequest req, String errorKey) +      throws EaafAuthenticationException, EaafException { +    String redirectUrl = authConfig.validateIdpUrl(HttpUtils.extractAuthUrlFromRequest(req));      redirectUrl += ProtocolFinalizationController.ENDPOINT_ERRORHANDLING + "?"          + EaafConstants.PARAM_HTTP_ERROR_CODE + "=" + errorKey;      return redirectUrl; diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/TicketErrorService.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/TicketErrorService.java index 2f3abdfb..e8d6cb9a 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/TicketErrorService.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/TicketErrorService.java @@ -28,16 +28,17 @@ import at.gv.egiz.eaaf.core.api.IRequest;  import at.gv.egiz.eaaf.core.api.IStatusMessenger;  import at.gv.egiz.eaaf.core.api.data.EaafConstants;  import at.gv.egiz.eaaf.core.api.gui.ModifyableGuiBuilderConfiguration; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;  import at.gv.egiz.eaaf.core.api.utils.IPendingRequestIdGenerationStrategy; +import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException;  import at.gv.egiz.eaaf.core.exceptions.EaafException;  import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;  import at.gv.egiz.eaaf.core.impl.data.ErrorConfig;  import at.gv.egiz.eaaf.core.impl.gui.AbstractGuiFormBuilderConfiguration; +import at.gv.egiz.eaaf.core.impl.http.HttpUtils;  import at.gv.egiz.eaaf.core.impl.idp.controller.ProtocolFinalizationController;  import at.gv.egiz.eaaf.core.impl.utils.DefaultYamlMapper;  import at.gv.egiz.eaaf.core.impl.utils.FileUtils; -import at.gv.egiz.eaaf.core.impl.utils.ServletUtils;  import jakarta.annotation.PostConstruct;  import jakarta.servlet.http.HttpServletRequest;  import lombok.Builder; @@ -54,7 +55,7 @@ public abstract class TicketErrorService implements IErrorService {    @Autowired -  IConfiguration basicConfig; +  IConfigurationWithSP basicConfig;    @Autowired    ResourceLoader resourceLoader; @@ -181,8 +182,9 @@ public abstract class TicketErrorService implements IErrorService {      }    } -  private String generateRedirect(HttpServletRequest httpReq, String errorTokenId) { -    String redirectUrl = ServletUtils.getBaseUrl(httpReq); +  private String generateRedirect(HttpServletRequest httpReq, String errorTokenId) +      throws EaafAuthenticationException, EaafException { +    String redirectUrl = basicConfig.validateIdpUrl(HttpUtils.extractAuthUrlFromRequest(httpReq));      redirectUrl += ProtocolFinalizationController.ENDPOINT_ERROR_REDIRECT + "?"          + EaafConstants.PARAM_HTTP_ERROR_CODE + "=" + StringEscapeUtils          .escapeHtml4(errorTokenId);     | 
