/* * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology. * * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in * compliance with the Licence. You may obtain a copy of the Licence at: * https://joinup.ec.europa.eu/news/understanding-eupl-v12 * * Unless required by applicable law or agreed to in writing, software distributed under the Licence * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express * or implied. See the Licence for the specific language governing permissions and limitations under * the Licence. * * This product combines work with different licenses. See the "NOTICE" text file for details on the * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative * works that you distribute must include a readable copy of the "NOTICE" text file. */ package at.gv.egiz.eaaf.core.impl.idp.controller; import java.io.IOException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.text.StringEscapeUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import at.gv.egiz.components.eventlog.api.EventConstants; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.IRequestStorage; import at.gv.egiz.eaaf.core.api.IStatusMessenger; import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.data.ExceptionContainer; import at.gv.egiz.eaaf.core.exceptions.EaafException; /** * Protocol finialization end-point. * * @author tlenz * */ @Controller public class ProtocolFinalizationController extends AbstractController { private static final Logger log = LoggerFactory.getLogger(ProtocolFinalizationController.class); public static final String ENDPOINT_FINALIZEPROTOCOL = "finalizeAuthProtocol"; public static final String ENDPOINT_ERRORHANDLING = "errorHandling"; @Autowired(required = true) IRequestStorage requestStorage; /** * End-Point to handle errors. * * @param req http request * @param resp http response * @throws EaafException In case of an internal error * @throws IOException In case of a servlet error */ @RequestMapping(value = ENDPOINT_ERRORHANDLING, method = { RequestMethod.GET, RequestMethod.POST }) public void errorHandling(final HttpServletRequest req, final HttpServletResponse resp) throws EaafException, IOException { // receive an authentication error final String errorid = StringEscapeUtils.escapeHtml4(req.getParameter(EaafConstants.PARAM_HTTP_ERROR_CODE)); if (errorid != null) { IRequest pendingReq = null; try { // load stored exception from database final ExceptionContainer container = transactionStorage.get(errorid, ExceptionContainer.class); if (container != null) { // remove exception if it was found transactionStorage.remove(errorid); final Throwable throwable = container.getExceptionThrown(); pendingReq = container.getPendingRequest(); if (pendingReq != null) { // build protocol-specific error message if possible protAuthService.buildProtocolSpecificErrorResponse(throwable, req, resp, pendingReq); // remove active user-session transactionStorage.remove(pendingReq.getPendingRequestId()); return; } else { protAuthService.handleErrorNoRedirect(throwable, req, resp, true); } } else { protAuthService.handleErrorNoRedirect( new EaafException(IStatusMessenger.CODES_INTERNAL_ERROR_AUTH_NOPENDIGREQID, null), req, resp, false); } } catch (final Throwable e) { log.error(e.getMessage(), e); protAuthService.handleErrorNoRedirect(e, req, resp, false); } finally { // remove pending-request if (pendingReq != null) { requestStorage.removePendingRequest(pendingReq.getPendingRequestId()); revisionsLogger.logEvent(EventConstants.TRANSACTION_DESTROYED, pendingReq.getUniqueTransactionIdentifier()); } } } else { log.debug("Request contains NO ErrorId"); protAuthService.handleErrorNoRedirect( new EaafException(IStatusMessenger.CODES_INTERNAL_ERROR_AUTH_NOPENDIGREQID, null), req, resp, false); } } /** * End-Point to finalize authentication protocol. * * @param req http request * @param resp http response * @throws EaafException In case of an internal error * @throws IOException In case of a servlet error */ @RequestMapping(value = ENDPOINT_FINALIZEPROTOCOL, method = { RequestMethod.GET }) public void finalizeAuthProtocol(final HttpServletRequest req, final HttpServletResponse resp) throws EaafException, IOException { // read pendingRequest from http request final String pendingRequestID = StringEscapeUtils .escapeHtml4(req.getParameter(EaafConstants.PARAM_HTTP_TARGET_PENDINGREQUESTID)); final IRequest pendingReq = requestStorage.getPendingRequest(pendingRequestID); if (pendingReq == null) { log.error("No PendingRequest with ID " + pendingRequestID + " found.!"); protAuthService.handleErrorNoRedirect( new EaafException(IStatusMessenger.CODES_INTERNAL_ERROR_AUTH_TIMEOUT, new Object[] { pendingRequestID, }), req, resp, false); } else { protAuthService.finalizeAuthentication(req, resp, pendingReq); } } }