chore(core): add publicURLPrefix validation into some more modules

2 files changed, 29 insertions, 18 deletions

diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java
index bf449d44..84753408 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java
@@ -27,8 +27,6 @@ import org.apache.commons.lang3.ArrayUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.text.StringEscapeUtils;
 import org.owasp.encoder.Encode;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.ApplicationContext;
 import org.springframework.lang.NonNull;
@@ -47,6 +45,7 @@ import at.gv.egiz.eaaf.core.api.gui.ModifyableGuiBuilderConfiguration;
 import at.gv.egiz.eaaf.core.api.idp.IAction;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IAuthenticationDataBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
 import at.gv.egiz.eaaf.core.api.idp.IModulInfo;
 import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
 import at.gv.egiz.eaaf.core.api.idp.auth.IAuthenticationManager;
@@ -74,14 +73,17 @@ import at.gv.egiz.eaaf.core.impl.idp.auth.services.IErrorService.IHandleData;
 import at.gv.egiz.eaaf.core.impl.idp.auth.services.IErrorService.LogLevel;
 import at.gv.egiz.eaaf.core.impl.idp.controller.ProtocolFinalizationController;
 import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
-import at.gv.egiz.eaaf.core.impl.utils.ServletUtils;
 import jakarta.annotation.PostConstruct;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
+import lombok.extern.slf4j.Slf4j;
 
+@Slf4j
 @Service
 public class ProtocolAuthenticationService implements IProtocolAuthenticationService {
-  private static final Logger log = LoggerFactory.getLogger(ProtocolAuthenticationService.class);
+
+  @Autowired(required = true)
+  protected IConfigurationWithSP authConfig;
 
   @Autowired(required = true)
   private ApplicationContext applicationContext;
@@ -363,12 +365,19 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer
       guiBuilder.build(req, resp, parentHopGuiConfig, "iFrame-to-parent");
 
     } else {
-      // build up redirect URL
-      final String redirectUrl = generateErrorRedirectUrl(req, errorKey);
-      resp.setContentType("text/html");
-      resp.setStatus(302);
-      resp.addHeader("Location", redirectUrl);
-      log.debug("REDIRECT TO: {}", redirectUrl);
+      try {
+        // build up redirect URL
+        final String redirectUrl = generateErrorRedirectUrl(req, errorKey);
+        resp.setContentType("text/html");
+        resp.setStatus(302);
+        resp.addHeader("Location", redirectUrl);
+        log.debug("REDIRECT TO: {}", redirectUrl);
+
+      } catch (EaafException e) {
+        log.error("Can not forward to error page", e);
+        throw new GuiBuildException("Redirect URL generation error", e);
+
+      }
 
     }
   }
@@ -592,9 +601,9 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer
     return null;
   }
 
-  private String generateErrorRedirectUrl(final HttpServletRequest req, String errorKey) {
-    String redirectUrl = null;
-    redirectUrl = ServletUtils.getBaseUrl(req);
+  private String generateErrorRedirectUrl(final HttpServletRequest req, String errorKey)
+      throws EaafAuthenticationException, EaafException {
+    String redirectUrl = authConfig.validateIdpUrl(HttpUtils.extractAuthUrlFromRequest(req));
     redirectUrl += ProtocolFinalizationController.ENDPOINT_ERRORHANDLING + "?"
         + EaafConstants.PARAM_HTTP_ERROR_CODE + "=" + errorKey;
     return redirectUrl;
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/TicketErrorService.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/TicketErrorService.java
index 2f3abdfb..e8d6cb9a 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/TicketErrorService.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/TicketErrorService.java
@@ -28,16 +28,17 @@ import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.IStatusMessenger;
 import at.gv.egiz.eaaf.core.api.data.EaafConstants;
 import at.gv.egiz.eaaf.core.api.gui.ModifyableGuiBuilderConfiguration;
-import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
 import at.gv.egiz.eaaf.core.api.utils.IPendingRequestIdGenerationStrategy;
+import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException;
 import at.gv.egiz.eaaf.core.exceptions.EaafException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.data.ErrorConfig;
 import at.gv.egiz.eaaf.core.impl.gui.AbstractGuiFormBuilderConfiguration;
+import at.gv.egiz.eaaf.core.impl.http.HttpUtils;
 import at.gv.egiz.eaaf.core.impl.idp.controller.ProtocolFinalizationController;
 import at.gv.egiz.eaaf.core.impl.utils.DefaultYamlMapper;
 import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
-import at.gv.egiz.eaaf.core.impl.utils.ServletUtils;
 import jakarta.annotation.PostConstruct;
 import jakarta.servlet.http.HttpServletRequest;
 import lombok.Builder;
@@ -54,7 +55,7 @@ public abstract class TicketErrorService implements IErrorService {
 
 
   @Autowired
-  IConfiguration basicConfig;
+  IConfigurationWithSP basicConfig;
   
   @Autowired
   ResourceLoader resourceLoader;
@@ -181,8 +182,9 @@ public abstract class TicketErrorService implements IErrorService {
     }
   }
   
-  private String generateRedirect(HttpServletRequest httpReq, String errorTokenId) {
-    String redirectUrl = ServletUtils.getBaseUrl(httpReq);
+  private String generateRedirect(HttpServletRequest httpReq, String errorTokenId)
+      throws EaafAuthenticationException, EaafException {
+    String redirectUrl = basicConfig.validateIdpUrl(HttpUtils.extractAuthUrlFromRequest(httpReq));
     redirectUrl += ProtocolFinalizationController.ENDPOINT_ERROR_REDIRECT + "?"
         + EaafConstants.PARAM_HTTP_ERROR_CODE + "=" + StringEscapeUtils
         .escapeHtml4(errorTokenId);