aboutsummaryrefslogtreecommitdiff
path: root/eidas_modules/authmodule-eIDAS-v2/src
diff options
context:
space:
mode:
authorThomas <>2022-03-09 13:13:35 +0100
committerThomas <>2022-03-09 13:13:35 +0100
commit1ad67c91820de1c7f2b2541f8e39752baac197d2 (patch)
treeefec25c4326cd9b778567dca1185f3f7eae6ed47 /eidas_modules/authmodule-eIDAS-v2/src
parentd8247d4de494c176f78658fa2c0a38ac9ceab0aa (diff)
downloadNational_eIDAS_Gateway-1ad67c91820de1c7f2b2541f8e39752baac197d2.tar.gz
National_eIDAS_Gateway-1ad67c91820de1c7f2b2541f8e39752baac197d2.tar.bz2
National_eIDAS_Gateway-1ad67c91820de1c7f2b2541f8e39752baac197d2.zip
chore(core): add support for multiple ms-connector stages into matching by alternative eIDAS auth.
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src')
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseAlternativeTask.java62
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml4
2 files changed, 56 insertions, 10 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseAlternativeTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseAlternativeTask.java
index aa04f55e..828fe7bb 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseAlternativeTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseAlternativeTask.java
@@ -23,6 +23,18 @@
package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks;
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang3.StringUtils;
+import org.jetbrains.annotations.NotNull;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
+import org.springframework.stereotype.Component;
+import org.springframework.web.util.UriComponentsBuilder;
+
import at.asitplus.eidas.specific.connector.MsEidasNodeConstants;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException;
@@ -35,14 +47,14 @@ import at.gv.egiz.eaaf.core.exceptions.EaafException;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import eu.eidas.auth.commons.EidasParameterKeys;
import eu.eidas.auth.commons.light.ILightResponse;
+import eu.eidas.auth.commons.tx.BinaryLightToken;
+import eu.eidas.specificcommunication.BinaryLightTokenHelper;
+import eu.eidas.specificcommunication.SpecificCommunicationDefinitionBeanNames;
+import eu.eidas.specificcommunication.exception.SpecificCommunicationException;
+import eu.eidas.specificcommunication.protocol.SpecificCommunicationService;
import lombok.extern.slf4j.Slf4j;
-import org.jetbrains.annotations.NotNull;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Component;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
/**
@@ -68,6 +80,10 @@ import javax.servlet.http.HttpServletResponse;
public class ReceiveAuthnResponseAlternativeTask extends AbstractAuthServletTask {
@SuppressWarnings("SpringJavaInjectionPointsAutowiringInspection")
+
+ @Autowired
+ ApplicationContext context;
+
@Autowired
private IConfiguration basicConfig;
@@ -79,9 +95,19 @@ public class ReceiveAuthnResponseAlternativeTask extends AbstractAuthServletTask
HttpServletResponse response) throws TaskExecutionException {
try {
final ILightResponse eidasResponse = extractEidasResponse(request);
- checkStatusCode(eidasResponse);
- validateMsSpecificResponse(executionContext, eidasResponse);
- storeInSession(eidasResponse);
+
+ String stagingEndpoint = pendingReq.getRawData(
+ MsEidasNodeConstants.EXECCONTEXT_PARAM_MSCONNECTOR_STAGING, String.class);
+ if (StringUtils.isNotEmpty(stagingEndpoint)) {
+ log.info("Find ms-connector staging to: {}. Forwarding to that endpoint ... ", stagingEndpoint);
+ forwardToOtherStage(response, executionContext, eidasResponse, stagingEndpoint);
+
+ } else {
+ checkStatusCode(eidasResponse);
+ validateMsSpecificResponse(executionContext, eidasResponse);
+ storeInSession(eidasResponse);
+
+ }
} catch (final Exception e) {
log.warn("eIDAS Response processing FAILED.", e);
throw new TaskExecutionException(pendingReq, e.getMessage(),
@@ -127,5 +153,23 @@ public class ReceiveAuthnResponseAlternativeTask extends AbstractAuthServletTask
authProcessData.setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE_ALTERNATIVE, eidasResponse);
requestStoreage.storePendingRequest(pendingReq);
}
+
+ private void forwardToOtherStage(HttpServletResponse response, ExecutionContext executionContext,
+ ILightResponse eidasResponse, String stagingEndpoint) throws SpecificCommunicationException, IOException {
+ executionContext.put(MsEidasNodeConstants.EXECCONTEXT_PARAM_MSCONNECTOR_STAGING, true);
+
+ final SpecificCommunicationService specificConnectorCommunicationService =
+ (SpecificCommunicationService) context.getBean(
+ SpecificCommunicationDefinitionBeanNames.SPECIFIC_CONNECTOR_COMMUNICATION_SERVICE.toString());
+ BinaryLightToken token = specificConnectorCommunicationService.putResponse(eidasResponse);
+ final String tokenBase64 = BinaryLightTokenHelper.encodeBinaryLightTokenBase64(token);
+
+ final UriComponentsBuilder redirectUrl = UriComponentsBuilder.fromHttpUrl(stagingEndpoint);
+ redirectUrl.queryParam(EidasParameterKeys.TOKEN.toString(), tokenBase64);
+
+ log.debug("Forward to other stage .... ");
+ response.sendRedirect(redirectUrl.build().encode().toString());
+
+ }
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml
index 6ca21550..52a056f0 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml
@@ -47,7 +47,9 @@
from="receiveOtherLoginMethodGuiResponseTask" to="createNewErnpEntryTask" />
<!-- alternative eIDAS authentication -->
- <pd:Transition from="generateAlternativeEidasAuthnRequest" to="receiveAlternativeEidasAuthnRequest" />
+ <pd:Transition from="generateAlternativeEidasAuthnRequest" to="receiveAlternativeEidasAuthnRequest" />
+ <pd:Transition conditionExpression="ctx['msConnectorStaging']"
+ from="receiveAlternativeEidasAuthnRequest" to="end" />
<pd:Transition from="receiveAlternativeEidasAuthnRequest" to="alternativeRegisterSearch" />
<pd:Transition conditionExpression="ctx['TASK_GenerateOtherLoginMethodGuiTask']"
from="alternativeRegisterSearch" to="generateOtherLoginMethodGuiTask" />