From b3e812dbac60546daff66fa0f6c53e42030921bb Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 23 Jul 2018 08:53:53 +0200 Subject: add flag to deactivate request URL validation. If it is disabled, the publicURLPrefix from configuration is always used --- .../eidas/specific/connector/MSeIDASNodeConstants.java | 1 + .../connector/config/BasicConfigurationProvider.java | 16 +++++++++++----- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/connector_lib/src/main/java/at/gv/egiz/eidas/specific/connector/MSeIDASNodeConstants.java b/connector_lib/src/main/java/at/gv/egiz/eidas/specific/connector/MSeIDASNodeConstants.java index 968bd3ae..68c39a53 100644 --- a/connector_lib/src/main/java/at/gv/egiz/eidas/specific/connector/MSeIDASNodeConstants.java +++ b/connector_lib/src/main/java/at/gv/egiz/eidas/specific/connector/MSeIDASNodeConstants.java @@ -8,6 +8,7 @@ public class MSeIDASNodeConstants { // ************ configuration properties ************ public static final String PROP_CONFIG_APPLICATION_PREFIX = "eidas.ms."; public static final String PROP_CONFIG_APPLICATION_PUBLIC_URL_PREFIX = "context.url.prefix"; + public static final String PROP_CONFIG_APPLICATION_PUBLIC_URL_REQUEST_VALIDATION = "context.url.request.validation"; private static final String PROP_CONFIG_PVP2_PREFIX = "pvp2."; public static final String PROP_CONFIG_PVP2_KEYSTORE_PATH = PROP_CONFIG_PVP2_PREFIX + "keystore.path"; diff --git a/connector_lib/src/main/java/at/gv/egiz/eidas/specific/connector/config/BasicConfigurationProvider.java b/connector_lib/src/main/java/at/gv/egiz/eidas/specific/connector/config/BasicConfigurationProvider.java index 4609c73a..553cebc2 100644 --- a/connector_lib/src/main/java/at/gv/egiz/eidas/specific/connector/config/BasicConfigurationProvider.java +++ b/connector_lib/src/main/java/at/gv/egiz/eidas/specific/connector/config/BasicConfigurationProvider.java @@ -92,12 +92,18 @@ public class BasicConfigurationProvider extends AbstractConfigurationImpl{ if (urlPrefixFromConfig.endsWith("/")) urlPrefixFromConfig = urlPrefixFromConfig.substring(0, urlPrefixFromConfig.length()-1); - if (url != null && url.toExternalForm().startsWith(urlPrefixFromConfig)) + if (getBasicMOAIDConfigurationBoolean( + MSeIDASNodeConstants.PROP_CONFIG_APPLICATION_PUBLIC_URL_REQUEST_VALIDATION, false)) { + if (url != null && url.toExternalForm().startsWith(urlPrefixFromConfig)) + return urlPrefixFromConfig; + + log.info("URL: " + url + " does NOT match to allowed application prefix: " + urlPrefixFromConfig); + return null; + + } else { return urlPrefixFromConfig; - - - log.info("URL: " + url + " does NOT match to allowed application prefix: " + urlPrefixFromConfig); - return null; + + } } @Override -- cgit v1.2.3