diff options
Diffstat (limited to 'eaaf_core')
4 files changed, 66 insertions, 33 deletions
| diff --git a/eaaf_core/checks/spotbugs-exclude.xml b/eaaf_core/checks/spotbugs-exclude.xml index aa11a955..44642450 100644 --- a/eaaf_core/checks/spotbugs-exclude.xml +++ b/eaaf_core/checks/spotbugs-exclude.xml @@ -26,6 +26,12 @@        <Bug pattern="SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING" />      </Match>      <Match> +      <!-- the ErrorToken is only single-used as same as a CSRF token --> +      <Class name="at.gv.egiz.eaaf.core.impl.idp.controller.ProtocolFinalizationController"/> +      <Method name="errorRedirect" /> +      <Bug pattern="SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING" /> +    </Match> +    <Match>        <!-- Only used to evaluate expressions from pre-compiled process-flows -->        <OR>          <Class name="at.gv.egiz.eaaf.core.impl.idp.process.springweb.SpringWebExpressionEvaluator"/> diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ErrorTicketService.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ErrorTicketService.java index 3471aebe..673b53c2 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ErrorTicketService.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ErrorTicketService.java @@ -86,12 +86,19 @@ public class ErrorTicketService {          //        log.error("working: " + propertyMap.get("auth.00"));        } catch (Exception e) { -        log.error("Error: something went wrong"); -        throw new EaafException("Error: Parsing errorhandling actions failed"); +        log.error("Error: something went wrong", e); +        throw new EaafException("Error: Parsing errorhandling actions failed", new Object[]{}, e);        }      }    } +  /** +   * creates error handling data. +   * @param throwable error +   * @param req http request +   * @return eror handle Data +   * @throws EaafException In case of an internal error +   */    public HandleData createHandleData(Throwable throwable, HttpServletRequest req) throws EaafException {      HandleData data = new HandleData(throwable, req);      extractErrorCode(data); @@ -138,25 +145,30 @@ public class ErrorTicketService {          data.actionType = ActionType.NOTICKET_REDIRECT;          data.generateRedirect(); -      } else {// ActionType.NOTICKET_NOREDIRECT -> nothing to be done +      } else { // ActionType.NOTICKET_NOREDIRECT -> nothing to be done          data.actionType = ActionType.NOTICKET_NOREDIRECT;        }      } else {        data.generateSupportTicket(); -      throw new EaafException("internal.configuration.00", new Object[] {data.errorCode + "in on_error_action" + -          ".properties"}); +      throw new EaafException("internal.configuration.00", +          new Object[]{data.errorCode + "in on_error_action" + ".properties"});      }    } -  public class HandleData { +  static class HandleData {      private final HttpServletRequest req; -    @Getter private String supportTicket; -    @Getter private String redirectUrl; -    @Getter private final Throwable throwable; -    @Getter private String errorCode; -    @Getter private ActionType actionType; +    @Getter +    private String supportTicket; +    @Getter +    private String redirectUrl; +    @Getter +    private final Throwable throwable; +    @Getter +    private String errorCode; +    @Getter +    private ActionType actionType;      private HandleData(Throwable throwable, HttpServletRequest req) { @@ -166,30 +178,35 @@ public class ErrorTicketService {      private void generateRedirect() {        redirectUrl = ServletUtils.getBaseUrl(req); -      redirectUrl += "/" + ProtocolFinalizationController.ENDPOINT_ERROR_REDIRECT -              + "?" + EaafConstants.PARAM_HTTP_ERROR_CODE + "=" + -          StringEscapeUtils.escapeHtml4(req.getParameter(EaafConstants.PARAM_HTTP_ERROR_CODE));; +      redirectUrl += +          "/" + ProtocolFinalizationController.ENDPOINT_ERROR_REDIRECT + "?" + EaafConstants.PARAM_HTTP_ERROR_CODE + "=" +              + StringEscapeUtils.escapeHtml4(req.getParameter(EaafConstants.PARAM_HTTP_ERROR_CODE));      }      private void generateSupportTicket() { -      String randomCode = RandomStringUtils.randomAlphanumeric(4).toUpperCase() + '-' + -          RandomStringUtils.randomAlphanumeric(4).toUpperCase() + '-' + -          RandomStringUtils.randomAlphanumeric(4).toUpperCase(); +      String randomCode = +          RandomStringUtils.randomAlphanumeric(4).toUpperCase() + '-' + RandomStringUtils.randomAlphanumeric(4) +              .toUpperCase() + '-' + RandomStringUtils.randomAlphanumeric(4).toUpperCase();        supportTicket = randomCode;      } +    /** +     *  Logs error to technical log. +     */      public void log_error() {        if (supportTicket != null) { -        log.error(TICKET_LOG_MSG, supportTicket, errorCode, throwable.getMessage(), -            throwable); +        log.error(TICKET_LOG_MSG, supportTicket, errorCode, throwable.getMessage(), throwable);        } else {          log.error(TECH_LOG_MSG, errorCode, throwable.getMessage(), throwable);        }      } +    /** +     * Logs info to technical log. +     */      public void log_info() {        if (supportTicket != null) { @@ -200,6 +217,9 @@ public class ErrorTicketService {        }      } +    /** +     * Logs warn to technical log. +     */      public void log_warn() {        if (supportTicket != null) { diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java index bb6f45d0..6cbd72a5 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java @@ -77,7 +77,6 @@ import javax.servlet.http.HttpServletResponse;  import java.io.IOException;  import java.util.HashSet; -import static at.gv.egiz.eaaf.core.api.IStatusMessenger.CODES_INTERNAL_ERROR_GENERIC;  @Service  public class ProtocolAuthenticationService implements IProtocolAuthenticationService { @@ -203,8 +202,8 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer          log.warn("PendingRequest flag for 'authenticated':{} and 'needConsent':{}", pendingReq.isAuthenticated(),              pendingReq.isNeedUserConsent());          if (pendingReq.isNeedUserConsent()) { -          log.error("PendingRequest NEEDS user-consent. " + -              "Can NOT fininalize authentication --> Abort authentication process!"); +          log.error("PendingRequest NEEDS user-consent. " +              + "Can NOT fininalize authentication --> Abort authentication process!");          } else {            log.error("PendingRequest is NOT authenticated --> Abort authentication process!"); @@ -236,8 +235,8 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer        ErrorTicketService.HandleData errorData = errorTicketService.createHandleData(throwable, req); -      if (errorData.getActionType().equals(ErrorTicketService.ActionType.NOTICKET_REDIRECT) || -          errorData.getActionType().equals(ErrorTicketService.ActionType.TICKET_REDIRECT)) { +      if (errorData.getActionType().equals(ErrorTicketService.ActionType.NOTICKET_REDIRECT) || errorData.getActionType() +          .equals(ErrorTicketService.ActionType.TICKET_REDIRECT)) {          displayException(req, resp, errorData); @@ -282,8 +281,8 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer      // write errror to console      logExceptionToTechnicalLog(errorData); -    if (errorData.getActionType().equals(ErrorTicketService.ActionType.NOTICKET_NOREDIRECT) || -        errorData.getActionType().equals(ErrorTicketService.ActionType.TICKET_NOREDIRECT)) { +    if (errorData.getActionType().equals(ErrorTicketService.ActionType.NOTICKET_NOREDIRECT) || errorData.getActionType() +        .equals(ErrorTicketService.ActionType.TICKET_NOREDIRECT)) {        // return error to Web browser        displayException(req, resp, errorData);      } else { @@ -447,7 +446,8 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer    //    this.writeHtmlErrorResponse(httpReq, httpResp, msg, errorCode, params, externalErrorCode, null, null);    //  } -  public void writeHtmlErrorResponse(@NonNull final HttpServletRequest httpReq, + +  private void writeHtmlErrorResponse(@NonNull final HttpServletRequest httpReq,        @NonNull final HttpServletResponse httpResp, @NonNull final String msg, @NonNull final String errorCode,        @Nullable final Object[] params, String externalErrorCode, String url, String ticket) throws EaafException { @@ -472,7 +472,7 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer        // add errorcode and errormessage        if (config instanceof ModifyableGuiBuilderConfiguration) { -        ModifyableGuiBuilderConfiguration c = ((ModifyableGuiBuilderConfiguration) config); +        ModifyableGuiBuilderConfiguration c = (ModifyableGuiBuilderConfiguration) config;          c.putCustomParameter(AbstractGuiFormBuilderConfiguration.PARAM_GROUP_MSG, PARAM_GUI_ERROMSG, msg);          c.putCustomParameter(AbstractGuiFormBuilderConfiguration.PARAM_GROUP_MSG, PARAM_GUI_ERRORCODE, errorCode);          c.putCustomParameter(AbstractGuiFormBuilderConfiguration.PARAM_GROUP_MSG, PARAM_GUI_EXTERNAL_ERRORCODE, @@ -508,8 +508,8 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer        resp.sendError(HttpServletResponse.SC_FORBIDDEN,            StringEscapeUtils.escapeHtml4(StringEscapeUtils.escapeEcmaScript(e.getMessage()))); -    } else if (e instanceof AuthnRequestValidatorException || e instanceof InvalidProtocolRequestException || -        e instanceof ProcessExecutionException || e instanceof ConfigurationException) { +    } else if (e instanceof AuthnRequestValidatorException || e instanceof InvalidProtocolRequestException +        || e instanceof ProcessExecutionException || e instanceof ConfigurationException) {        // write error message        writeHtmlErrorResponse(req, resp, e.getMessage(), internalErrorCode, null,            statusMessager.mapInternalErrorToExternalError(internalErrorCode), errorData.getRedirectUrl(), @@ -523,7 +523,7 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer      } else {        // write generic message for general exceptions -      final String msg = statusMessager.getMessage(CODES_INTERNAL_ERROR_GENERIC, null); +      final String msg = statusMessager.getMessage(IStatusMessenger.CODES_INTERNAL_ERROR_GENERIC, null);        writeHtmlErrorResponse(req, resp, msg, internalErrorCode, null,            statusMessager.mapInternalErrorToExternalError(internalErrorCode), errorData.getRedirectUrl(),            errorData.getSupportTicket()); @@ -544,8 +544,8 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer      String redirectUrl = null;      redirectUrl = ServletUtils.getBaseUrl(req);      redirectUrl += -        "/" + ProtocolFinalizationController.ENDPOINT_ERRORHANDLING + "?" + EaafConstants.PARAM_HTTP_ERROR_CODE + "=" + -            errorKey; +        "/" + ProtocolFinalizationController.ENDPOINT_ERRORHANDLING + "?" + EaafConstants.PARAM_HTTP_ERROR_CODE + "=" +            + errorKey;      return redirectUrl;    } diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java index 26feb3db..acb9b84c 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java @@ -59,6 +59,13 @@ public class ProtocolFinalizationController extends AbstractController {    @Autowired    IPendingRequestIdGenerationStrategy requestIdValidationStragegy; +  /** +   * Handles incoming requests for redirects to IDP. +   * @param req  http request +   * @param resp http response +   * @throws EaafException In case of an internal error +   * @throws IOException   In case of a servlet error +   */    @RequestMapping(value = ENDPOINT_ERROR_REDIRECT, method = {RequestMethod.GET, RequestMethod.POST})    public void errorRedirect(final HttpServletRequest req, final HttpServletResponse resp)        throws EaafException, IOException { | 
