summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--eaaf_core/checks/spotbugs-exclude.xml6
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ErrorTicketService.java58
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java25
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java7
4 files changed, 64 insertions, 32 deletions
diff --git a/eaaf_core/checks/spotbugs-exclude.xml b/eaaf_core/checks/spotbugs-exclude.xml
index d1cc43e3..70f27b81 100644
--- a/eaaf_core/checks/spotbugs-exclude.xml
+++ b/eaaf_core/checks/spotbugs-exclude.xml
@@ -19,6 +19,12 @@
<Bug pattern="SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING" />
</Match>
<Match>
+ <!-- the ErrorToken is only single-used as same as a CSRF token -->
+ <Class name="at.gv.egiz.eaaf.core.impl.idp.controller.ProtocolFinalizationController"/>
+ <Method name="errorRedirect" />
+ <Bug pattern="SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING" />
+ </Match>
+ <Match>
<!-- Only used to evaluate expressions from pre-compiled process-flows -->
<OR>
<Class name="at.gv.egiz.eaaf.core.impl.idp.process.springweb.SpringWebExpressionEvaluator"/>
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ErrorTicketService.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ErrorTicketService.java
index 3471aebe..673b53c2 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ErrorTicketService.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ErrorTicketService.java
@@ -86,12 +86,19 @@ public class ErrorTicketService {
// log.error("working: " + propertyMap.get("auth.00"));
} catch (Exception e) {
- log.error("Error: something went wrong");
- throw new EaafException("Error: Parsing errorhandling actions failed");
+ log.error("Error: something went wrong", e);
+ throw new EaafException("Error: Parsing errorhandling actions failed", new Object[]{}, e);
}
}
}
+ /**
+ * creates error handling data.
+ * @param throwable error
+ * @param req http request
+ * @return eror handle Data
+ * @throws EaafException In case of an internal error
+ */
public HandleData createHandleData(Throwable throwable, HttpServletRequest req) throws EaafException {
HandleData data = new HandleData(throwable, req);
extractErrorCode(data);
@@ -138,25 +145,30 @@ public class ErrorTicketService {
data.actionType = ActionType.NOTICKET_REDIRECT;
data.generateRedirect();
- } else {// ActionType.NOTICKET_NOREDIRECT -> nothing to be done
+ } else { // ActionType.NOTICKET_NOREDIRECT -> nothing to be done
data.actionType = ActionType.NOTICKET_NOREDIRECT;
}
} else {
data.generateSupportTicket();
- throw new EaafException("internal.configuration.00", new Object[] {data.errorCode + "in on_error_action" +
- ".properties"});
+ throw new EaafException("internal.configuration.00",
+ new Object[]{data.errorCode + "in on_error_action" + ".properties"});
}
}
- public class HandleData {
+ static class HandleData {
private final HttpServletRequest req;
- @Getter private String supportTicket;
- @Getter private String redirectUrl;
- @Getter private final Throwable throwable;
- @Getter private String errorCode;
- @Getter private ActionType actionType;
+ @Getter
+ private String supportTicket;
+ @Getter
+ private String redirectUrl;
+ @Getter
+ private final Throwable throwable;
+ @Getter
+ private String errorCode;
+ @Getter
+ private ActionType actionType;
private HandleData(Throwable throwable, HttpServletRequest req) {
@@ -166,30 +178,35 @@ public class ErrorTicketService {
private void generateRedirect() {
redirectUrl = ServletUtils.getBaseUrl(req);
- redirectUrl += "/" + ProtocolFinalizationController.ENDPOINT_ERROR_REDIRECT
- + "?" + EaafConstants.PARAM_HTTP_ERROR_CODE + "=" +
- StringEscapeUtils.escapeHtml4(req.getParameter(EaafConstants.PARAM_HTTP_ERROR_CODE));;
+ redirectUrl +=
+ "/" + ProtocolFinalizationController.ENDPOINT_ERROR_REDIRECT + "?" + EaafConstants.PARAM_HTTP_ERROR_CODE + "="
+ + StringEscapeUtils.escapeHtml4(req.getParameter(EaafConstants.PARAM_HTTP_ERROR_CODE));
}
private void generateSupportTicket() {
- String randomCode = RandomStringUtils.randomAlphanumeric(4).toUpperCase() + '-' +
- RandomStringUtils.randomAlphanumeric(4).toUpperCase() + '-' +
- RandomStringUtils.randomAlphanumeric(4).toUpperCase();
+ String randomCode =
+ RandomStringUtils.randomAlphanumeric(4).toUpperCase() + '-' + RandomStringUtils.randomAlphanumeric(4)
+ .toUpperCase() + '-' + RandomStringUtils.randomAlphanumeric(4).toUpperCase();
supportTicket = randomCode;
}
+ /**
+ * Logs error to technical log.
+ */
public void log_error() {
if (supportTicket != null) {
- log.error(TICKET_LOG_MSG, supportTicket, errorCode, throwable.getMessage(),
- throwable);
+ log.error(TICKET_LOG_MSG, supportTicket, errorCode, throwable.getMessage(), throwable);
} else {
log.error(TECH_LOG_MSG, errorCode, throwable.getMessage(), throwable);
}
}
+ /**
+ * Logs info to technical log.
+ */
public void log_info() {
if (supportTicket != null) {
@@ -200,6 +217,9 @@ public class ErrorTicketService {
}
}
+ /**
+ * Logs warn to technical log.
+ */
public void log_warn() {
if (supportTicket != null) {
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java
index 9627e01a..5d656e76 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java
@@ -80,7 +80,6 @@ import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
import at.gv.egiz.eaaf.core.impl.utils.ServletUtils;
-import static at.gv.egiz.eaaf.core.api.IStatusMessenger.CODES_INTERNAL_ERROR_GENERIC;
@Service
public class ProtocolAuthenticationService implements IProtocolAuthenticationService {
@@ -206,8 +205,8 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer
log.warn("PendingRequest flag for 'authenticated':{} and 'needConsent':{}", pendingReq.isAuthenticated(),
pendingReq.isNeedUserConsent());
if (pendingReq.isNeedUserConsent()) {
- log.error("PendingRequest NEEDS user-consent. " +
- "Can NOT fininalize authentication --> Abort authentication process!");
+ log.error("PendingRequest NEEDS user-consent. "
+ + "Can NOT fininalize authentication --> Abort authentication process!");
} else {
log.error("PendingRequest is NOT authenticated --> Abort authentication process!");
@@ -239,8 +238,8 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer
ErrorTicketService.HandleData errorData = errorTicketService.createHandleData(throwable, req);
- if (errorData.getActionType().equals(ErrorTicketService.ActionType.NOTICKET_REDIRECT) ||
- errorData.getActionType().equals(ErrorTicketService.ActionType.TICKET_REDIRECT)) {
+ if (errorData.getActionType().equals(ErrorTicketService.ActionType.NOTICKET_REDIRECT) || errorData.getActionType()
+ .equals(ErrorTicketService.ActionType.TICKET_REDIRECT)) {
displayException(req, resp, errorData);
@@ -285,8 +284,8 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer
// write errror to console
logExceptionToTechnicalLog(errorData);
- if (errorData.getActionType().equals(ErrorTicketService.ActionType.NOTICKET_NOREDIRECT) ||
- errorData.getActionType().equals(ErrorTicketService.ActionType.TICKET_NOREDIRECT)) {
+ if (errorData.getActionType().equals(ErrorTicketService.ActionType.NOTICKET_NOREDIRECT) || errorData.getActionType()
+ .equals(ErrorTicketService.ActionType.TICKET_NOREDIRECT)) {
// return error to Web browser
displayException(req, resp, errorData);
} else {
@@ -450,7 +449,8 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer
// this.writeHtmlErrorResponse(httpReq, httpResp, msg, errorCode, params, externalErrorCode, null, null);
// }
- public void writeHtmlErrorResponse(@NonNull final HttpServletRequest httpReq,
+
+ private void writeHtmlErrorResponse(@NonNull final HttpServletRequest httpReq,
@NonNull final HttpServletResponse httpResp, @NonNull final String msg, @NonNull final String errorCode,
@Nullable final Object[] params, String externalErrorCode, String url, String ticket) throws EaafException {
@@ -475,7 +475,7 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer
// add errorcode and errormessage
if (config instanceof ModifyableGuiBuilderConfiguration) {
- ModifyableGuiBuilderConfiguration c = ((ModifyableGuiBuilderConfiguration) config);
+ ModifyableGuiBuilderConfiguration c = (ModifyableGuiBuilderConfiguration) config;
c.putCustomParameter(AbstractGuiFormBuilderConfiguration.PARAM_GROUP_MSG, PARAM_GUI_ERROMSG, msg);
c.putCustomParameter(AbstractGuiFormBuilderConfiguration.PARAM_GROUP_MSG, PARAM_GUI_ERRORCODE, errorCode);
c.putCustomParameter(AbstractGuiFormBuilderConfiguration.PARAM_GROUP_MSG, PARAM_GUI_EXTERNAL_ERRORCODE,
@@ -511,8 +511,8 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer
resp.sendError(HttpServletResponse.SC_FORBIDDEN,
StringEscapeUtils.escapeHtml4(StringEscapeUtils.escapeEcmaScript(e.getMessage())));
- } else if (e instanceof AuthnRequestValidatorException || e instanceof InvalidProtocolRequestException ||
- e instanceof ProcessExecutionException || e instanceof ConfigurationException) {
+ } else if (e instanceof AuthnRequestValidatorException || e instanceof InvalidProtocolRequestException
+ || e instanceof ProcessExecutionException || e instanceof ConfigurationException) {
// write error message
writeHtmlErrorResponse(req, resp, e.getMessage(), internalErrorCode, null,
statusMessager.mapInternalErrorToExternalError(internalErrorCode), errorData.getRedirectUrl(),
@@ -526,7 +526,7 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer
} else {
// write generic message for general exceptions
- final String msg = statusMessager.getMessage(CODES_INTERNAL_ERROR_GENERIC, null);
+ final String msg = statusMessager.getMessage(IStatusMessenger.CODES_INTERNAL_ERROR_GENERIC, null);
writeHtmlErrorResponse(req, resp, msg, internalErrorCode, null,
statusMessager.mapInternalErrorToExternalError(internalErrorCode), errorData.getRedirectUrl(),
errorData.getSupportTicket());
@@ -548,7 +548,6 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer
redirectUrl = ServletUtils.getBaseUrl(req);
redirectUrl += ProtocolFinalizationController.ENDPOINT_ERRORHANDLING + "?"
+ EaafConstants.PARAM_HTTP_ERROR_CODE + "=" + errorKey;
-
return redirectUrl;
}
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java
index 9b7b0a02..d874cff6 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java
@@ -66,6 +66,13 @@ public class ProtocolFinalizationController extends AbstractController {
@Autowired
IPendingRequestIdGenerationStrategy requestIdValidationStragegy;
+ /**
+ * Handles incoming requests for redirects to IDP.
+ * @param req http request
+ * @param resp http response
+ * @throws EaafException In case of an internal error
+ * @throws IOException In case of a servlet error
+ */
@RequestMapping(value = ENDPOINT_ERROR_REDIRECT, method = {RequestMethod.GET, RequestMethod.POST})
public void errorRedirect(final HttpServletRequest req, final HttpServletResponse resp)
throws EaafException, IOException {