diff options
Diffstat (limited to 'eaaf_core_utils')
4 files changed, 196 insertions, 6 deletions
diff --git a/eaaf_core_utils/checks/spotbugs-exclude.xml b/eaaf_core_utils/checks/spotbugs-exclude.xml index c1271f91..58ed1595 100644 --- a/eaaf_core_utils/checks/spotbugs-exclude.xml +++ b/eaaf_core_utils/checks/spotbugs-exclude.xml @@ -28,5 +28,12 @@ <Bug pattern="URLCONNECTION_SSRF_FD" /> <Bug pattern="PATH_TRAVERSAL_IN" /> </OR> + </Match> + <Match> + <Class name="at.gv.egiz.eaaf.core.impl.data.ExceptionContainer" /> + <OR> + <Bug pattern="JACKSON_UNSAFE_DESERIALIZATION" /> <!-- Use custom deserialization that implements some harding --> + <Bug pattern="EI_EXPOSE_REP" /> + </OR> </Match> </FindBugsFilter>
\ No newline at end of file diff --git a/eaaf_core_utils/pom.xml b/eaaf_core_utils/pom.xml index d6743c8a..f8a39521 100644 --- a/eaaf_core_utils/pom.xml +++ b/eaaf_core_utils/pom.xml @@ -80,6 +80,21 @@ <groupId>joda-time</groupId> <artifactId>joda-time</artifactId> </dependency> + + <dependency> + <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-core</artifactId> + <scope>provided</scope> + </dependency> + <dependency> + <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-databind</artifactId> + <scope>provided</scope> + </dependency> + <dependency> + <groupId>com.fasterxml.jackson.core</groupId> + <artifactId>jackson-annotations</artifactId> + </dependency> <dependency> <groupId>org.bitbucket.b_c</groupId> diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/data/ExceptionContainer.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/data/ExceptionContainer.java new file mode 100644 index 00000000..cdb41147 --- /dev/null +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/data/ExceptionContainer.java @@ -0,0 +1,143 @@ +/* + * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a + * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European + * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in + * compliance with the Licence. You may obtain a copy of the Licence at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software distributed under the Licence + * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the Licence for the specific language governing permissions and limitations under + * the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text file for details on the + * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative + * works that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.gv.egiz.eaaf.core.impl.data; + +import java.io.Serializable; +import java.util.Collections; +import java.util.Set; +import java.util.stream.Collectors; +import java.util.stream.Stream; + +import com.fasterxml.jackson.annotation.JsonIgnore; +import com.fasterxml.jackson.annotation.JsonTypeInfo; +import com.fasterxml.jackson.databind.annotation.JsonDeserialize; +import com.fasterxml.jackson.databind.annotation.JsonSerialize; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.impl.json.EscapedJsonDeserializer; +import at.gv.egiz.eaaf.core.impl.json.EscapedJsonSerializer; +import at.gv.egiz.eaaf.core.impl.utils.EaafSerializationUtils; +import lombok.Getter; +import lombok.NoArgsConstructor; +import lombok.Setter; + +/** + * AuthProcess exception containter for Front-Channel exception handling. + * + * @author tlenz + * + */ +@Getter +@Setter +@NoArgsConstructor +public class ExceptionContainer implements Serializable { + + private static final long serialVersionUID = 5355860753609684995L; + + private static final Set<Class<?>> ALLOWED_CLASS_TYPES = Stream.of( + Throwable.class, StackTraceElement.class, StackTraceElement[].class, Collections.EMPTY_LIST.getClass()) + .collect(Collectors.toUnmodifiableSet()); + + /** + * Error that was thrown. + */ + private byte[] internalExceptionThrown = null; + + /** + * pendingReq that throws this error. + */ + @JsonTypeInfo(include = JsonTypeInfo.As.PROPERTY, use = JsonTypeInfo.Id.CLASS, property = "@class") + @JsonSerialize(using = EscapedJsonSerializer.class) + @JsonDeserialize(using = EscapedJsonDeserializer.class) + private IRequest pendingReq = null; + + /** + * Create an exception container. + * + * @param pendingReq Pending request that has an exception + * @param exception error + */ + public ExceptionContainer(final IRequest pendingReq, final Throwable exception) { + this.pendingReq = pendingReq; + this.internalExceptionThrown = EaafSerializationUtils.serialize(exception); + + } + + /** + * Get the exception that was thrown in this process. + * + * @return Processing error + */ + @JsonIgnore + public Throwable getExceptionThrown() { + return (Throwable) EaafSerializationUtils.typeSpecificDeserialize( + internalExceptionThrown, ALLOWED_CLASS_TYPES, Throwable.class); + + } + + @JsonIgnore + public IRequest getPendingRequest() { + return this.pendingReq; + + } + + /** + * Get the unique sessionId for this error. + * + * @return the uniqueSessionID + */ + @JsonIgnore + public String getUniqueSessionID() { + if (this.pendingReq != null) { + return this.pendingReq.getUniqueSessionIdentifier(); + } else { + return null; + } + } + + /** + * Get the unique transactionId for this error. + * + * @return the uniqueTransactionID + */ + @JsonIgnore + public String getUniqueTransactionID() { + if (this.pendingReq != null) { + return this.pendingReq.getUniqueTransactionIdentifier(); + } else { + return null; + } + } + + /** + * Get the service-provider identifier. + * + * @return the uniqueServiceProviderId + */ + @JsonIgnore + public String getUniqueServiceProviderId() { + if (this.pendingReq != null && this.pendingReq.getServiceProviderConfiguration() != null) { + return this.pendingReq.getServiceProviderConfiguration().getUniqueIdentifier(); + } else { + return null; + } + } + +} diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/SpConfigurationImpl.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/SpConfigurationImpl.java index 2f4e18fa..fa0fe7f5 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/SpConfigurationImpl.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/SpConfigurationImpl.java @@ -25,23 +25,35 @@ import java.util.List; import java.util.Map; import java.util.Set; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; +import com.fasterxml.jackson.annotation.JsonIgnore; import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; +import lombok.Getter; +import lombok.NoArgsConstructor; +import lombok.Setter; +import lombok.extern.slf4j.Slf4j; +@Slf4j +@NoArgsConstructor public class SpConfigurationImpl implements ISpConfiguration { private static final long serialVersionUID = 688541755446463453L; - private static final Logger log = LoggerFactory.getLogger(SpConfigurationImpl.class); - private final Map<String, String> spConfiguration; - private final Set<String> targetAreasWithNoInteralBaseIdRestriction; - private final Set<String> targetAreasWithNoBaseIdTransmissionRestriction; + @Getter + @Setter + private Map<String, String> spConfiguration; + + @Getter + @Setter + private Set<String> targetAreasWithNoInteralBaseIdRestriction; + + @Getter + @Setter + private Set<String> targetAreasWithNoBaseIdTransmissionRestriction; /** * Service-provider configuration holder. @@ -71,12 +83,14 @@ public class SpConfigurationImpl implements ISpConfiguration { } } + @JsonIgnore @Override public final Map<String, String> getFullConfiguration() { return this.spConfiguration; } + @JsonIgnore @Override public final String getConfigurationValue(final String key) { if (key == null) { @@ -87,6 +101,7 @@ public class SpConfigurationImpl implements ISpConfiguration { } + @JsonIgnore @Override public final String getConfigurationValue(final String key, final String defaultValue) { final String value = getConfigurationValue(key); @@ -97,12 +112,14 @@ public class SpConfigurationImpl implements ISpConfiguration { } } + @JsonIgnore @Override public final boolean isConfigurationValue(final String key) { return isConfigurationValue(key, false); } + @JsonIgnore @Override public final boolean isConfigurationValue(final String key, final boolean defaultValue) { final String value = getConfigurationValue(key); @@ -114,6 +131,7 @@ public class SpConfigurationImpl implements ISpConfiguration { return defaultValue; } + @JsonIgnore @Override public final boolean containsConfigurationKey(final String key) { if (key == null) { @@ -124,6 +142,7 @@ public class SpConfigurationImpl implements ISpConfiguration { } + @JsonIgnore @Override public String getUniqueIdentifier() { return getConfigurationValue(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER); @@ -142,16 +161,19 @@ public class SpConfigurationImpl implements ISpConfiguration { } + @JsonIgnore @Override public final Set<String> getTargetsWithNoBaseIdInternalProcessingRestriction() { return this.targetAreasWithNoInteralBaseIdRestriction; } + @JsonIgnore @Override public final Set<String> getTargetsWithNoBaseIdTransferRestriction() { return this.targetAreasWithNoBaseIdTransmissionRestriction; } + @JsonIgnore @Override public List<String> getRequiredLoA() { log.warn( @@ -159,6 +181,7 @@ public class SpConfigurationImpl implements ISpConfiguration { return null; } + @JsonIgnore @Override public String getLoAMatchingMode() { log.warn("Method not implemented: " + SpConfigurationImpl.class.getName() @@ -166,6 +189,7 @@ public class SpConfigurationImpl implements ISpConfiguration { return null; } + @JsonIgnore @Override public String getAreaSpecificTargetIdentifier() { log.warn("Method not implemented: " + SpConfigurationImpl.class.getName() @@ -173,6 +197,7 @@ public class SpConfigurationImpl implements ISpConfiguration { return null; } + @JsonIgnore @Override public String getFriendlyName() { log.warn( |