diff options
Diffstat (limited to 'eaaf_core')
4 files changed, 66 insertions, 33 deletions
diff --git a/eaaf_core/checks/spotbugs-exclude.xml b/eaaf_core/checks/spotbugs-exclude.xml index aa11a955..44642450 100644 --- a/eaaf_core/checks/spotbugs-exclude.xml +++ b/eaaf_core/checks/spotbugs-exclude.xml @@ -26,6 +26,12 @@ <Bug pattern="SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING" /> </Match> <Match> + <!-- the ErrorToken is only single-used as same as a CSRF token --> + <Class name="at.gv.egiz.eaaf.core.impl.idp.controller.ProtocolFinalizationController"/> + <Method name="errorRedirect" /> + <Bug pattern="SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING" /> + </Match> + <Match> <!-- Only used to evaluate expressions from pre-compiled process-flows --> <OR> <Class name="at.gv.egiz.eaaf.core.impl.idp.process.springweb.SpringWebExpressionEvaluator"/> diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ErrorTicketService.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ErrorTicketService.java index 3471aebe..673b53c2 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ErrorTicketService.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ErrorTicketService.java @@ -86,12 +86,19 @@ public class ErrorTicketService { // log.error("working: " + propertyMap.get("auth.00")); } catch (Exception e) { - log.error("Error: something went wrong"); - throw new EaafException("Error: Parsing errorhandling actions failed"); + log.error("Error: something went wrong", e); + throw new EaafException("Error: Parsing errorhandling actions failed", new Object[]{}, e); } } } + /** + * creates error handling data. + * @param throwable error + * @param req http request + * @return eror handle Data + * @throws EaafException In case of an internal error + */ public HandleData createHandleData(Throwable throwable, HttpServletRequest req) throws EaafException { HandleData data = new HandleData(throwable, req); extractErrorCode(data); @@ -138,25 +145,30 @@ public class ErrorTicketService { data.actionType = ActionType.NOTICKET_REDIRECT; data.generateRedirect(); - } else {// ActionType.NOTICKET_NOREDIRECT -> nothing to be done + } else { // ActionType.NOTICKET_NOREDIRECT -> nothing to be done data.actionType = ActionType.NOTICKET_NOREDIRECT; } } else { data.generateSupportTicket(); - throw new EaafException("internal.configuration.00", new Object[] {data.errorCode + "in on_error_action" + - ".properties"}); + throw new EaafException("internal.configuration.00", + new Object[]{data.errorCode + "in on_error_action" + ".properties"}); } } - public class HandleData { + static class HandleData { private final HttpServletRequest req; - @Getter private String supportTicket; - @Getter private String redirectUrl; - @Getter private final Throwable throwable; - @Getter private String errorCode; - @Getter private ActionType actionType; + @Getter + private String supportTicket; + @Getter + private String redirectUrl; + @Getter + private final Throwable throwable; + @Getter + private String errorCode; + @Getter + private ActionType actionType; private HandleData(Throwable throwable, HttpServletRequest req) { @@ -166,30 +178,35 @@ public class ErrorTicketService { private void generateRedirect() { redirectUrl = ServletUtils.getBaseUrl(req); - redirectUrl += "/" + ProtocolFinalizationController.ENDPOINT_ERROR_REDIRECT - + "?" + EaafConstants.PARAM_HTTP_ERROR_CODE + "=" + - StringEscapeUtils.escapeHtml4(req.getParameter(EaafConstants.PARAM_HTTP_ERROR_CODE));; + redirectUrl += + "/" + ProtocolFinalizationController.ENDPOINT_ERROR_REDIRECT + "?" + EaafConstants.PARAM_HTTP_ERROR_CODE + "=" + + StringEscapeUtils.escapeHtml4(req.getParameter(EaafConstants.PARAM_HTTP_ERROR_CODE)); } private void generateSupportTicket() { - String randomCode = RandomStringUtils.randomAlphanumeric(4).toUpperCase() + '-' + - RandomStringUtils.randomAlphanumeric(4).toUpperCase() + '-' + - RandomStringUtils.randomAlphanumeric(4).toUpperCase(); + String randomCode = + RandomStringUtils.randomAlphanumeric(4).toUpperCase() + '-' + RandomStringUtils.randomAlphanumeric(4) + .toUpperCase() + '-' + RandomStringUtils.randomAlphanumeric(4).toUpperCase(); supportTicket = randomCode; } + /** + * Logs error to technical log. + */ public void log_error() { if (supportTicket != null) { - log.error(TICKET_LOG_MSG, supportTicket, errorCode, throwable.getMessage(), - throwable); + log.error(TICKET_LOG_MSG, supportTicket, errorCode, throwable.getMessage(), throwable); } else { log.error(TECH_LOG_MSG, errorCode, throwable.getMessage(), throwable); } } + /** + * Logs info to technical log. + */ public void log_info() { if (supportTicket != null) { @@ -200,6 +217,9 @@ public class ErrorTicketService { } } + /** + * Logs warn to technical log. + */ public void log_warn() { if (supportTicket != null) { diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java index bb6f45d0..6cbd72a5 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java @@ -77,7 +77,6 @@ import javax.servlet.http.HttpServletResponse; import java.io.IOException; import java.util.HashSet; -import static at.gv.egiz.eaaf.core.api.IStatusMessenger.CODES_INTERNAL_ERROR_GENERIC; @Service public class ProtocolAuthenticationService implements IProtocolAuthenticationService { @@ -203,8 +202,8 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer log.warn("PendingRequest flag for 'authenticated':{} and 'needConsent':{}", pendingReq.isAuthenticated(), pendingReq.isNeedUserConsent()); if (pendingReq.isNeedUserConsent()) { - log.error("PendingRequest NEEDS user-consent. " + - "Can NOT fininalize authentication --> Abort authentication process!"); + log.error("PendingRequest NEEDS user-consent. " + + "Can NOT fininalize authentication --> Abort authentication process!"); } else { log.error("PendingRequest is NOT authenticated --> Abort authentication process!"); @@ -236,8 +235,8 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer ErrorTicketService.HandleData errorData = errorTicketService.createHandleData(throwable, req); - if (errorData.getActionType().equals(ErrorTicketService.ActionType.NOTICKET_REDIRECT) || - errorData.getActionType().equals(ErrorTicketService.ActionType.TICKET_REDIRECT)) { + if (errorData.getActionType().equals(ErrorTicketService.ActionType.NOTICKET_REDIRECT) || errorData.getActionType() + .equals(ErrorTicketService.ActionType.TICKET_REDIRECT)) { displayException(req, resp, errorData); @@ -282,8 +281,8 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer // write errror to console logExceptionToTechnicalLog(errorData); - if (errorData.getActionType().equals(ErrorTicketService.ActionType.NOTICKET_NOREDIRECT) || - errorData.getActionType().equals(ErrorTicketService.ActionType.TICKET_NOREDIRECT)) { + if (errorData.getActionType().equals(ErrorTicketService.ActionType.NOTICKET_NOREDIRECT) || errorData.getActionType() + .equals(ErrorTicketService.ActionType.TICKET_NOREDIRECT)) { // return error to Web browser displayException(req, resp, errorData); } else { @@ -447,7 +446,8 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer // this.writeHtmlErrorResponse(httpReq, httpResp, msg, errorCode, params, externalErrorCode, null, null); // } - public void writeHtmlErrorResponse(@NonNull final HttpServletRequest httpReq, + + private void writeHtmlErrorResponse(@NonNull final HttpServletRequest httpReq, @NonNull final HttpServletResponse httpResp, @NonNull final String msg, @NonNull final String errorCode, @Nullable final Object[] params, String externalErrorCode, String url, String ticket) throws EaafException { @@ -472,7 +472,7 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer // add errorcode and errormessage if (config instanceof ModifyableGuiBuilderConfiguration) { - ModifyableGuiBuilderConfiguration c = ((ModifyableGuiBuilderConfiguration) config); + ModifyableGuiBuilderConfiguration c = (ModifyableGuiBuilderConfiguration) config; c.putCustomParameter(AbstractGuiFormBuilderConfiguration.PARAM_GROUP_MSG, PARAM_GUI_ERROMSG, msg); c.putCustomParameter(AbstractGuiFormBuilderConfiguration.PARAM_GROUP_MSG, PARAM_GUI_ERRORCODE, errorCode); c.putCustomParameter(AbstractGuiFormBuilderConfiguration.PARAM_GROUP_MSG, PARAM_GUI_EXTERNAL_ERRORCODE, @@ -508,8 +508,8 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer resp.sendError(HttpServletResponse.SC_FORBIDDEN, StringEscapeUtils.escapeHtml4(StringEscapeUtils.escapeEcmaScript(e.getMessage()))); - } else if (e instanceof AuthnRequestValidatorException || e instanceof InvalidProtocolRequestException || - e instanceof ProcessExecutionException || e instanceof ConfigurationException) { + } else if (e instanceof AuthnRequestValidatorException || e instanceof InvalidProtocolRequestException + || e instanceof ProcessExecutionException || e instanceof ConfigurationException) { // write error message writeHtmlErrorResponse(req, resp, e.getMessage(), internalErrorCode, null, statusMessager.mapInternalErrorToExternalError(internalErrorCode), errorData.getRedirectUrl(), @@ -523,7 +523,7 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer } else { // write generic message for general exceptions - final String msg = statusMessager.getMessage(CODES_INTERNAL_ERROR_GENERIC, null); + final String msg = statusMessager.getMessage(IStatusMessenger.CODES_INTERNAL_ERROR_GENERIC, null); writeHtmlErrorResponse(req, resp, msg, internalErrorCode, null, statusMessager.mapInternalErrorToExternalError(internalErrorCode), errorData.getRedirectUrl(), errorData.getSupportTicket()); @@ -544,8 +544,8 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer String redirectUrl = null; redirectUrl = ServletUtils.getBaseUrl(req); redirectUrl += - "/" + ProtocolFinalizationController.ENDPOINT_ERRORHANDLING + "?" + EaafConstants.PARAM_HTTP_ERROR_CODE + "=" + - errorKey; + "/" + ProtocolFinalizationController.ENDPOINT_ERRORHANDLING + "?" + EaafConstants.PARAM_HTTP_ERROR_CODE + "=" + + errorKey; return redirectUrl; } diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java index 26feb3db..acb9b84c 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java @@ -59,6 +59,13 @@ public class ProtocolFinalizationController extends AbstractController { @Autowired IPendingRequestIdGenerationStrategy requestIdValidationStragegy; + /** + * Handles incoming requests for redirects to IDP. + * @param req http request + * @param resp http response + * @throws EaafException In case of an internal error + * @throws IOException In case of a servlet error + */ @RequestMapping(value = ENDPOINT_ERROR_REDIRECT, method = {RequestMethod.GET, RequestMethod.POST}) public void errorRedirect(final HttpServletRequest req, final HttpServletResponse resp) throws EaafException, IOException { |