diff options
author | Thomas <> | 2022-03-09 13:13:35 +0100 |
---|---|---|
committer | Thomas <> | 2022-03-09 13:13:35 +0100 |
commit | 1ad67c91820de1c7f2b2541f8e39752baac197d2 (patch) | |
tree | efec25c4326cd9b778567dca1185f3f7eae6ed47 | |
parent | d8247d4de494c176f78658fa2c0a38ac9ceab0aa (diff) | |
download | National_eIDAS_Gateway-1ad67c91820de1c7f2b2541f8e39752baac197d2.tar.gz National_eIDAS_Gateway-1ad67c91820de1c7f2b2541f8e39752baac197d2.tar.bz2 National_eIDAS_Gateway-1ad67c91820de1c7f2b2541f8e39752baac197d2.zip |
chore(core): add support for multiple ms-connector stages into matching by alternative eIDAS auth.
2 files changed, 56 insertions, 10 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseAlternativeTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseAlternativeTask.java index aa04f55e..828fe7bb 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseAlternativeTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseAlternativeTask.java @@ -23,6 +23,18 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; +import java.io.IOException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang3.StringUtils; +import org.jetbrains.annotations.NotNull; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; +import org.springframework.stereotype.Component; +import org.springframework.web.util.UriComponentsBuilder; + import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException; @@ -35,14 +47,14 @@ import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import eu.eidas.auth.commons.EidasParameterKeys; import eu.eidas.auth.commons.light.ILightResponse; +import eu.eidas.auth.commons.tx.BinaryLightToken; +import eu.eidas.specificcommunication.BinaryLightTokenHelper; +import eu.eidas.specificcommunication.SpecificCommunicationDefinitionBeanNames; +import eu.eidas.specificcommunication.exception.SpecificCommunicationException; +import eu.eidas.specificcommunication.protocol.SpecificCommunicationService; import lombok.extern.slf4j.Slf4j; -import org.jetbrains.annotations.NotNull; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Component; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; /** @@ -68,6 +80,10 @@ import javax.servlet.http.HttpServletResponse; public class ReceiveAuthnResponseAlternativeTask extends AbstractAuthServletTask { @SuppressWarnings("SpringJavaInjectionPointsAutowiringInspection") + + @Autowired + ApplicationContext context; + @Autowired private IConfiguration basicConfig; @@ -79,9 +95,19 @@ public class ReceiveAuthnResponseAlternativeTask extends AbstractAuthServletTask HttpServletResponse response) throws TaskExecutionException { try { final ILightResponse eidasResponse = extractEidasResponse(request); - checkStatusCode(eidasResponse); - validateMsSpecificResponse(executionContext, eidasResponse); - storeInSession(eidasResponse); + + String stagingEndpoint = pendingReq.getRawData( + MsEidasNodeConstants.EXECCONTEXT_PARAM_MSCONNECTOR_STAGING, String.class); + if (StringUtils.isNotEmpty(stagingEndpoint)) { + log.info("Find ms-connector staging to: {}. Forwarding to that endpoint ... ", stagingEndpoint); + forwardToOtherStage(response, executionContext, eidasResponse, stagingEndpoint); + + } else { + checkStatusCode(eidasResponse); + validateMsSpecificResponse(executionContext, eidasResponse); + storeInSession(eidasResponse); + + } } catch (final Exception e) { log.warn("eIDAS Response processing FAILED.", e); throw new TaskExecutionException(pendingReq, e.getMessage(), @@ -127,5 +153,23 @@ public class ReceiveAuthnResponseAlternativeTask extends AbstractAuthServletTask authProcessData.setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE_ALTERNATIVE, eidasResponse); requestStoreage.storePendingRequest(pendingReq); } + + private void forwardToOtherStage(HttpServletResponse response, ExecutionContext executionContext, + ILightResponse eidasResponse, String stagingEndpoint) throws SpecificCommunicationException, IOException { + executionContext.put(MsEidasNodeConstants.EXECCONTEXT_PARAM_MSCONNECTOR_STAGING, true); + + final SpecificCommunicationService specificConnectorCommunicationService = + (SpecificCommunicationService) context.getBean( + SpecificCommunicationDefinitionBeanNames.SPECIFIC_CONNECTOR_COMMUNICATION_SERVICE.toString()); + BinaryLightToken token = specificConnectorCommunicationService.putResponse(eidasResponse); + final String tokenBase64 = BinaryLightTokenHelper.encodeBinaryLightTokenBase64(token); + + final UriComponentsBuilder redirectUrl = UriComponentsBuilder.fromHttpUrl(stagingEndpoint); + redirectUrl.queryParam(EidasParameterKeys.TOKEN.toString(), tokenBase64); + + log.debug("Forward to other stage .... "); + response.sendRedirect(redirectUrl.build().encode().toString()); + + } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml index 6ca21550..52a056f0 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml @@ -47,7 +47,9 @@ from="receiveOtherLoginMethodGuiResponseTask" to="createNewErnpEntryTask" /> <!-- alternative eIDAS authentication --> - <pd:Transition from="generateAlternativeEidasAuthnRequest" to="receiveAlternativeEidasAuthnRequest" /> + <pd:Transition from="generateAlternativeEidasAuthnRequest" to="receiveAlternativeEidasAuthnRequest" /> + <pd:Transition conditionExpression="ctx['msConnectorStaging']" + from="receiveAlternativeEidasAuthnRequest" to="end" /> <pd:Transition from="receiveAlternativeEidasAuthnRequest" to="alternativeRegisterSearch" /> <pd:Transition conditionExpression="ctx['TASK_GenerateOtherLoginMethodGuiTask']" from="alternativeRegisterSearch" to="generateOtherLoginMethodGuiTask" /> |