Wählen Sie Ihr Land / Select your country

- + - +

Wenn Sie Ihr Land in dieser Aufzählung nicht entdecken ...

Information zur Anmeldung über Europäische eIDs

fived part - sixed part + sixed part

eIDAS-Login Länderauswahl

LanguageSelectionBlock

Select your country

- + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - +

eIDAS-Login Länderauswahl

Zentraler eIDAS Knoten der Republik Österreich

Betrieben durch das Bundesministerium für Inneres

+ +

Zuordnung Ihrer Anmeldeinformationen

+ +

Ihre Anmeldeinformationen konnten nicht eindeutig in das österreichische eID System integriert werden. + Für eine eindeutig Integration sind weitere Informationen erforderlich.

+ + +

+ + + + + + +

Information zur Anmeldung über Europäische eIDs

+ first part + Bundesministerium für Inneres + second part +

+ +

+ third part + eIDAS-Verordnung der Europäischen Union + fourth part +

+ +

fived part + + sixed part +

+ +

ressourceLocations) { - final ReloadableResourceBundleMessageSource messageSource = - new ReloadableResourceBundleMessageSource(); - - // add default message source - messageSource.setBasename(DEFAULT_MESSAGE_SOURCE); - - if (ressourceLocations != null) { - // load more message sources - for (final IMessageSourceLocation el : ressourceLocations) { - if (el.getMessageSourceLocation() != null) { - for (final String source : el.getMessageSourceLocation()) { - messageSource.addBasenames(source); - log.debug("Add additional messageSources: {}", el.getMessageSourceLocation().toArray()); - - } - } - } - } - - messageSource.setDefaultEncoding("UTF-8"); - return messageSource; - - } - - /** - * Get full message source with internal and external message-properties files. - * - * @param ressourceLocations List of source-locations - * @return - */ - @Bean - public ReloadableResourceBundleMessageSource messageSource( - @Autowired(required = false) final List ressourceLocations) { - final ReloadableResourceBundleMessageSource messageSource = - new ReloadableResourceBundleMessageSource(); - messageSource.setDefaultEncoding("UTF-8"); - messageSource.setParentMessageSource(internalMessageSource(ressourceLocations)); - - final String staticResources = basicConfig - .getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_WEBCONTENT_PROPERTIES_PATH); - try { - if (StringUtils.isNotEmpty(staticResources)) { - final String absPath = - FileUtils.makeAbsoluteUrl(staticResources, basicConfig.getConfigurationRootDirectory()); - messageSource.setBasename(absPath); - - } else { - log.debug("No Ressourcefolder for dynamic Web content templates"); - - } - - } catch (final MalformedURLException e) { - log.warn("Can NOT initialize ressourcefolder for dynamic Web content templates", e); - - } - - return messageSource; - - } - - /** - * Get a Tyhmeleaf Template-Resolver with external configuration path. - * - * @return - */ - @Bean(name = "templateResolver") - public FileTemplateResolver templateResolver() { - final String staticResources = basicConfig - .getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_WEBCONTENT_TEMPLATES_PATH); - try { - if (StringUtils.isNotEmpty(staticResources)) { - String absPath = - FileUtils.makeAbsoluteUrl(staticResources, basicConfig.getConfigurationRootDirectory()); - if (!absPath.endsWith("/")) { - absPath += "/"; - - } - - if (absPath.startsWith("file:")) { - absPath = absPath.substring("file:".length()); - - } - - final FileTemplateResolver viewResolver = new FileTemplateResolver(); - viewResolver.setPrefix(absPath); - viewResolver.setSuffix(".html"); - viewResolver.setTemplateMode("HTML"); - viewResolver.setCacheable(false); - - log.info("Add Ressourcefolder: {} for dynamic Web content templates", absPath); - return viewResolver; - - } else { - log.debug("No Ressourcefolder for dynamic Web content templates"); - - } - - } catch (final MalformedURLException e) { - log.warn("Can NOT initialize ressourcefolder for dynamic Web content templates", e); - - } - - throw new RuntimeException("Can NOT initialize HTML template resolver"); - - } -} diff --git a/connector/src/main/java/at/asitplus/eidas/specific/connector/controller/ProcessEngineSignalController.java b/connector/src/main/java/at/asitplus/eidas/specific/connector/controller/ProcessEngineSignalController.java index 1bf1ad67..6e2879a8 100644 --- a/connector/src/main/java/at/asitplus/eidas/specific/connector/controller/ProcessEngineSignalController.java +++ b/connector/src/main/java/at/asitplus/eidas/specific/connector/controller/ProcessEngineSignalController.java @@ -46,7 +46,8 @@ import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalContr public class ProcessEngineSignalController extends AbstractProcessEngineSignalController { @RequestMapping(value = { - MsEidasNodeConstants.ENDPOINT_COUNTRYSELECTION + MsEidasNodeConstants.ENDPOINT_COUNTRYSELECTION, + MsEidasNodeConstants.ENDPOINT_OTHER_LOGIN_METHOD_SELECTION }, method = { RequestMethod.POST, RequestMethod.GET }) public void performGenericAuthenticationProcess(HttpServletRequest req, HttpServletResponse resp) diff --git a/connector/src/main/resources/specific_eIDAS_connector.beans.xml b/connector/src/main/resources/specific_eIDAS_connector.beans.xml index 4608086e..ec16a7d2 100644 --- a/connector/src/main/resources/specific_eIDAS_connector.beans.xml +++ b/connector/src/main/resources/specific_eIDAS_connector.beans.xml @@ -13,9 +13,6 @@ - - diff --git a/connector/src/test/resources/spring/SpringTest_connector.beans.xml b/connector/src/test/resources/spring/SpringTest_connector.beans.xml index ac5455d3..81fff7dd 100644 --- a/connector/src/test/resources/spring/SpringTest_connector.beans.xml +++ b/connector/src/test/resources/spring/SpringTest_connector.beans.xml @@ -19,7 +19,7 @@ class="at.gv.egiz.eaaf.core.impl.idp.auth.services.DefaultErrorService"/> + class="at.asitplus.eidas.specific.connector.gui.config.StaticResourceConfiguration" /> diff --git a/connector_lib/pom.xml b/connector_lib/pom.xml index 8ed561f3..a8a88e71 100644 --- a/connector_lib/pom.xml +++ b/connector_lib/pom.xml @@ -27,6 +27,14 @@ org.springframework spring-webmvc + + org.thymeleaf + thymeleaf-spring5 + + + org.hibernate.validator + hibernate-validator + javax.validation validation-api @@ -37,6 +45,8 @@ javax.servlet-api provided + + diff --git a/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/gui/config/StaticResourceConfiguration.java b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/gui/config/StaticResourceConfiguration.java new file mode 100644 index 00000000..1f357674 --- /dev/null +++ b/connector_lib/src/main/java/at/asitplus/eidas/specific/connector/gui/config/StaticResourceConfiguration.java @@ -0,0 +1,207 @@ +/* + * Copyright 2019 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.asitplus.eidas.specific.connector.gui.config; + +import java.net.MalformedURLException; +import java.util.List; + +import org.apache.commons.lang3.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.support.ReloadableResourceBundleMessageSource; +import org.springframework.web.servlet.config.annotation.EnableWebMvc; +import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry; +import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; +import org.thymeleaf.templateresolver.FileTemplateResolver; + +import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.logging.IMessageSourceLocation; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; + +/** + * Spring configurator for Web resources. + * + * @author tlenz + * + */ +@Configuration +@EnableWebMvc +public class StaticResourceConfiguration implements WebMvcConfigurer { + private static final Logger log = LoggerFactory.getLogger(StaticResourceConfiguration.class); + private static final String[] CLASSPATH_RESOURCE_LOCATIONS = { + "/" + }; + + private static final String DEFAULT_MESSAGE_SOURCE = "classpath:properties/status_messages"; + + @Autowired + private IConfiguration basicConfig; + + @Override + public void addResourceHandlers(ResourceHandlerRegistry registry) { + final String staticResources = basicConfig.getBasicConfiguration( + MsEidasNodeConstants.PROP_CONFIG_WEBCONTENT_STATIC_PATH); + try { + if (StringUtils.isNotEmpty(staticResources)) { + String absPath = FileUtils.makeAbsoluteUrl(staticResources, basicConfig + .getConfigurationRootDirectory()); + if (!absPath.endsWith("/")) { + absPath += "/"; + } + + registry.addResourceHandler("/static/**").addResourceLocations(absPath); + log.info("Add Ressourcefolder: " + absPath + " for static Web content"); + + } else { + log.debug("No Ressourcefolder for static Web content"); + } + + } catch (final MalformedURLException e) { + log.warn("Can NOT initialize ressourcefolder for static Web content", e); + + } + + registry.addResourceHandler("/**").addResourceLocations(CLASSPATH_RESOURCE_LOCATIONS); + + } + + /** + * Get a message source with only internal message properties. + * + * @param ressourceLocations List of source-locations + * @return + */ + @Bean + public ReloadableResourceBundleMessageSource internalMessageSource( + @Autowired(required = false) final List ressourceLocations) { + final ReloadableResourceBundleMessageSource messageSource = + new ReloadableResourceBundleMessageSource(); + + // add default message source + messageSource.setBasename(DEFAULT_MESSAGE_SOURCE); + + if (ressourceLocations != null) { + // load more message sources + for (final IMessageSourceLocation el : ressourceLocations) { + if (el.getMessageSourceLocation() != null) { + for (final String source : el.getMessageSourceLocation()) { + messageSource.addBasenames(source); + log.debug("Add additional messageSources: {}", el.getMessageSourceLocation().toArray()); + + } + } + } + } + + messageSource.setDefaultEncoding("UTF-8"); + return messageSource; + + } + + /** + * Get full message source with internal and external message-properties files. + * + * @param ressourceLocations List of source-locations + * @return + */ + @Bean + public ReloadableResourceBundleMessageSource messageSource( + @Autowired(required = false) final List ressourceLocations) { + final ReloadableResourceBundleMessageSource messageSource = + new ReloadableResourceBundleMessageSource(); + messageSource.setDefaultEncoding("UTF-8"); + messageSource.setParentMessageSource(internalMessageSource(ressourceLocations)); + + final String staticResources = basicConfig + .getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_WEBCONTENT_PROPERTIES_PATH); + try { + if (StringUtils.isNotEmpty(staticResources)) { + final String absPath = + FileUtils.makeAbsoluteUrl(staticResources, basicConfig.getConfigurationRootDirectory()); + messageSource.setBasename(absPath); + + } else { + log.debug("No Ressourcefolder for dynamic Web content templates"); + + } + + } catch (final MalformedURLException e) { + log.warn("Can NOT initialize ressourcefolder for dynamic Web content templates", e); + + } + + return messageSource; + + } + + /** + * Get a Tyhmeleaf Template-Resolver with external configuration path. + * + * @return + */ + @Bean(name = "templateResolver") + public FileTemplateResolver templateResolver() { + final String staticResources = basicConfig + .getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_WEBCONTENT_TEMPLATES_PATH); + try { + if (StringUtils.isNotEmpty(staticResources)) { + String absPath = + FileUtils.makeAbsoluteUrl(staticResources, basicConfig.getConfigurationRootDirectory()); + if (!absPath.endsWith("/")) { + absPath += "/"; + + } + + if (absPath.startsWith("file:")) { + absPath = absPath.substring("file:".length()); + + } + + final FileTemplateResolver viewResolver = new FileTemplateResolver(); + viewResolver.setPrefix(absPath); + viewResolver.setSuffix(".html"); + viewResolver.setTemplateMode("HTML"); + viewResolver.setCacheable(false); + + log.info("Add Ressourcefolder: {} for dynamic Web content templates", absPath); + return viewResolver; + + } else { + log.debug("No Ressourcefolder for dynamic Web content templates"); + + } + + } catch (final MalformedURLException e) { + log.warn("Can NOT initialize ressourcefolder for dynamic Web content templates", e); + + } + + throw new RuntimeException("Can NOT initialize HTML template resolver"); + + } +} diff --git a/connector_lib/src/main/resources/common_gui.beans.xml b/connector_lib/src/main/resources/common_gui.beans.xml index 969a40f7..fc19efdc 100644 --- a/connector_lib/src/main/resources/common_gui.beans.xml +++ b/connector_lib/src/main/resources/common_gui.beans.xml @@ -11,6 +11,9 @@ http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd http://www.springframework.org/schema/task http://www.springframework.org/schema/task/spring-task-3.0.xsd"> + + diff --git a/eidas_modules/authmodule-eIDAS-v2/pom.xml b/eidas_modules/authmodule-eIDAS-v2/pom.xml index 0477ee23..95ad2856 100644 --- a/eidas_modules/authmodule-eIDAS-v2/pom.xml +++ b/eidas_modules/authmodule-eIDAS-v2/pom.xml @@ -103,6 +103,12 @@ org.springframework.boot spring-boot-starter-actuator + + + org.springframework.boot + spring-boot-starter-tomcat + + org.apache.commons @@ -171,7 +177,12 @@ org.springframework.boot spring-boot-starter-test test - + + + org.springframework.boot + spring-boot-starter-tomcat + test + com.github.skjolber mockito-soap-cxf diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java index 8c3cc994..dbdda78e 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateOtherLoginMethodGuiTask.java @@ -23,6 +23,12 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; import at.asitplus.eidas.specific.connector.gui.StaticGuiBuilderConfiguration; import at.gv.egiz.eaaf.core.api.gui.IGuiBuilderConfiguration; @@ -32,11 +38,6 @@ import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import lombok.extern.slf4j.Slf4j; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Component; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; /** * Task that provides GUI for user to select an alternative login method. diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java index 0eb56d0b..8431d968 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveOtherLoginMethodGuiResponseTask.java @@ -36,7 +36,7 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SelectedLoginMethod; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.InvalidUserInputException; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; -import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.idp.controller.tasks.AbstractLocaleAuthServletTask; import lombok.extern.slf4j.Slf4j; /** @@ -62,11 +62,11 @@ import lombok.extern.slf4j.Slf4j; */ @Slf4j @Component("ReceiveOtherLoginMethodGuiResponseTask") -public class ReceiveOtherLoginMethodGuiResponseTask extends AbstractAuthServletTask { +public class ReceiveOtherLoginMethodGuiResponseTask extends AbstractLocaleAuthServletTask { @Override - public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) - throws TaskExecutionException { + public void executeWithLocale(ExecutionContext executionContext, HttpServletRequest request, + HttpServletResponse response) throws TaskExecutionException { try { SelectedLoginMethod selection = SelectedLoginMethod.valueOf(extractUserSelection(request)); executionContext.put(Constants.REQ_SELECTED_LOGIN_METHOD_PARAMETER, selection); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateOtherLoginMethodGuiTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateOtherLoginMethodGuiTaskTest.java new file mode 100644 index 00000000..0b169ca4 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateOtherLoginMethodGuiTaskTest.java @@ -0,0 +1,143 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks; + +import java.io.UnsupportedEncodingException; +import java.text.MessageFormat; +import java.util.Locale; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.i18n.LocaleContextHolder; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.test.context.web.WebAppConfiguration; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SelectedLoginMethod; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateOtherLoginMethodGuiTask; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration(locations = { + "/SpringTest-context_tasks_test.xml", + "/SpringTest-context_basic_mapConfig.xml", + "/common_gui.beans.xml" +}) +@WebAppConfiguration +public class GenerateOtherLoginMethodGuiTaskTest { + + private static final String TEST_PATTER_REQ_PARAM = + ""; + + @Autowired GenerateOtherLoginMethodGuiTask task; + + private ExecutionContextImpl executionContext = new ExecutionContextImpl(); + private TestRequestImpl pendingReq; + private MockHttpServletRequest httpReq; + private MockHttpServletResponse httpResp; + + /** + * jUnit test set-up. + * + */ + @Before + public void initialize() { + httpReq = new MockHttpServletRequest("POST", "https://localhost/ms_connector"); + httpResp = new MockHttpServletResponse(); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); + + pendingReq = new TestRequestImpl(); + pendingReq.setAuthUrl("https://localhost/ms_connector"); + pendingReq.setPendingReqId(RandomStringUtils.randomAlphanumeric(10)); + + LocaleContextHolder.resetLocaleContext(); + } + + @Test + public void validHtmlResponseWithOutLocale() throws TaskExecutionException, UnsupportedEncodingException { + + task.execute(pendingReq, executionContext); + + //result validation + String html = doBasicValidation(); + + Assert.assertTrue("No english text", + html.contains("Information on Logins with European eIDs")); + + } + + @Test + public void validHtmlResponseWithDE() throws TaskExecutionException, UnsupportedEncodingException { + LocaleContextHolder.setLocale(Locale.GERMAN); + httpReq.addHeader("Accept-Language", "de"); + + task.execute(pendingReq, executionContext); + + //result validation + String html = doBasicValidation(); + + Assert.assertTrue("No english text", + html.contains("Information zur Anmeldung über Europäische eIDs")); + + } + + @Test + public void validHtmlResponseWithEN() throws TaskExecutionException, UnsupportedEncodingException { + LocaleContextHolder.setLocale(Locale.ENGLISH); + + task.execute(pendingReq, executionContext); + + //result validation + String html = doBasicValidation(); + + Assert.assertTrue("No english text", + html.contains("Information on Logins with European eIDs")); + + } + + @Test + public void validHtmlResponseWithFR() throws TaskExecutionException, UnsupportedEncodingException { + LocaleContextHolder.setLocale(Locale.FRANCE); + httpReq.addHeader("Accept-Language", "fr"); + + task.execute(pendingReq, executionContext); + + //result validation + String html = doBasicValidation(); + + Assert.assertTrue("No english text", + html.contains("Information on Logins with European eIDs")); + + } + + private String doBasicValidation() throws UnsupportedEncodingException { + Assert.assertEquals("Wrong http StatusCode", 200, httpResp.getStatus()); + Assert.assertEquals("Wrong http ContentType", "text/html;charset=UTF-8", httpResp.getContentType()); + + String html = httpResp.getContentAsString(); + Assert.assertNotNull("html result is null", html); + Assert.assertFalse("html result is empty", html.isEmpty()); + + Assert.assertTrue("Missing IDA Login", + html.contains(MessageFormat.format(TEST_PATTER_REQ_PARAM, SelectedLoginMethod.MOBILE_PHONE_SIGNATURE_LOGIN))); + Assert.assertTrue("Missing residence infos", + html.contains(MessageFormat.format(TEST_PATTER_REQ_PARAM, SelectedLoginMethod.NO_OTHER_LOGIN))); + + Assert.assertTrue("No language selector with pendingRequestId", + html.contains("/otherLoginMethod?pendingid=" + pendingReq.getPendingRequestId())); + Assert.assertTrue("No country-selection form", + html.contains("

")); + + return html; + + } +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1.properties b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1.properties index f5895f76..9e6876f4 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1.properties +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1.properties @@ -19,9 +19,9 @@ eidas.ms.revisionlog.write.MDS.into.revisionlog=true eidas.ms.revisionlog.logIPAddressOfUser=true ##Directory for static Web content -eidas.ms.webcontent.static.directory=webcontent/ -eidas.ms.webcontent.templates=templates/ -eidas.ms.webcontent.properties=properties/messages +eidas.ms.webcontent.static.directory=../../../../../../basicConfig/webcontent/ +eidas.ms.webcontent.templates=../../../../../../basicConfig/templates/ +eidas.ms.webcontent.properties=../../../../../../basicConfig/properties/messages ## extended validation of pending-request Id's eidas.ms.core.pendingrequestid.maxlifetime=300 -- cgit v1.2.3 From 09af792ce3ed3df430f8d7ae6099f284756147a0 Mon Sep 17 00:00:00 2001 From: Christian Kollmann Date: Mon, 12 Jul 2021 11:00:48 +0200 Subject: Add option to provide alternative eIDAS login for matching process --- basicConfig/templates/other_login_method.html | 5 +- .../specific/modules/auth/eidas/v2/Constants.java | 38 ++-- .../auth/eidas/v2/tasks/AlternativeSearchTask.java | 214 +++++++++++++++++++++ .../eidas/v2/tasks/GenerateAuthnRequestTask.java | 1 - .../auth/eidas/v2/tasks/InitialSearchTask.java | 22 +-- .../tasks/ReceiveAuthnResponseAlternativeTask.java | 131 +++++++++++++ .../eidas/v2/tasks/ReceiveAuthnResponseTask.java | 1 - .../resources/eIDAS.Authentication.process.xml | 38 ++-- .../src/main/resources/eidas_v2_auth.beans.xml | 11 +- 9 files changed, 413 insertions(+), 48 deletions(-) create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/AlternativeSearchTask.java create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveAuthnResponseAlternativeTask.java (limited to 'basicConfig') diff --git a/basicConfig/templates/other_login_method.html b/basicConfig/templates/other_login_method.html index 1e2fb8f3..035c359f 100644 --- a/basicConfig/templates/other_login_method.html +++ b/basicConfig/templates/other_login_method.html @@ -167,12 +167,11 @@ form { - - +

diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java index 5edde8a4..70bade43 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java @@ -29,7 +29,7 @@ public class Constants { //TODO: should we make it configurable? public static final String MATCHING_INTERNAL_BPK_TARGET = EaafConstants.URN_PREFIX_CDID + "ZP"; - + public static final String ERRORCODE_00 = "module.eidasauth.00"; public static final String DATA_REQUESTERID = "req_requesterId"; @@ -37,6 +37,7 @@ public class Constants { public static final String DATA_REQUESTED_LOA_LIST = "req_requestedLoA"; public static final String DATA_REQUESTED_LOA_COMPERISON = "req_requestedLoAComperision"; public static final String DATA_FULL_EIDAS_RESPONSE = "resp_fulleIDASResponse"; + public static final String DATA_FULL_EIDAS_RESPONSE_ALTERNATIVE = "resp_fulleIDASResponseAlternative"; /** * Stored when one match from register was found. @@ -115,7 +116,7 @@ public class Constants { public static final String CONIG_PROPS_EIDAS_ZMRCLIENT_SSL_KEYS_ALIAS = CONIG_PROPS_EIDAS_ZMRCLIENT + ".ssl.key.alias"; public static final String CONIG_PROPS_EIDAS_ZMRCLIENT_SSL_KEY_PASSWORD = CONIG_PROPS_EIDAS_ZMRCLIENT - + ".ssl.key.password"; + + ".ssl.key.password"; public static final String CONIG_PROPS_EIDAS_ZMRCLIENT_SSL_TRUSTSTORE_PATH = CONIG_PROPS_EIDAS_ZMRCLIENT + ".ssl.trustStore.path"; public static final String CONIG_PROPS_EIDAS_ZMRCLIENT_SSL_TRUSTSTORE_PASSWORD = CONIG_PROPS_EIDAS_ZMRCLIENT @@ -124,15 +125,15 @@ public class Constants { + ".ssl.trustStore.type"; public static final String CONIG_PROPS_EIDAS_ZMRCLIENT_SSL_TRUSTSTORE_NAME = CONIG_PROPS_EIDAS_ZMRCLIENT + ".ssl.trustStore.name"; - + public static final String CONIG_PROPS_EIDAS_ZMRCLIENT_REQ_ORGANIZATION_NR = CONIG_PROPS_EIDAS_ZMRCLIENT + ".req.organisation.behoerdennr"; public static final String CONIG_PROPS_EIDAS_ZMRCLIENT_REQ_UPDATE_REASON_CODE = CONIG_PROPS_EIDAS_ZMRCLIENT + ".req.update.reason.code"; public static final String CONIG_PROPS_EIDAS_ZMRCLIENT_REQ_UPDATE_REASON_TEXT = CONIG_PROPS_EIDAS_ZMRCLIENT + ".req.update.reason.text"; - - + + // SZR Client configuration properties public static final String CONIG_PROPS_EIDAS_SZRCLIENT = CONIG_PROPS_EIDAS_PREFIX + ".szrclient"; public static final String CONIG_PROPS_EIDAS_SZRCLIENT_USETESTSERVICE = CONIG_PROPS_EIDAS_SZRCLIENT @@ -162,7 +163,7 @@ public class Constants { public static final String CONIG_PROPS_EIDAS_SZRCLIENT_SSL_KEYS_ALIAS = CONIG_PROPS_EIDAS_SZRCLIENT + ".ssl.key.alias"; public static final String CONIG_PROPS_EIDAS_SZRCLIENT_SSL_KEY_PASSWORD = CONIG_PROPS_EIDAS_SZRCLIENT - + ".ssl.key.password"; + + ".ssl.key.password"; public static final String CONIG_PROPS_EIDAS_SZRCLIENT_SSL_TRUSTSTORE_PATH = CONIG_PROPS_EIDAS_SZRCLIENT + ".ssl.trustStore.path"; public static final String CONIG_PROPS_EIDAS_SZRCLIENT_SSL_TRUSTSTORE_PASSWORD = CONIG_PROPS_EIDAS_SZRCLIENT @@ -171,7 +172,7 @@ public class Constants { + ".ssl.trustStore.type"; public static final String CONIG_PROPS_EIDAS_SZRCLIENT_SSL_TRUSTSTORE_NAME = CONIG_PROPS_EIDAS_SZRCLIENT + ".ssl.trustStore.name"; - + public static final String CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_EDOCUMENTTYPE = CONIG_PROPS_EIDAS_SZRCLIENT + ".params.documenttype"; public static final String CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ = CONIG_PROPS_EIDAS_SZRCLIENT @@ -208,7 +209,7 @@ public class Constants { // eIDAS request parameters public static final String eIDAS_REQ_NAMEID_FORMAT = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"; - // eIDAS attribute names + // eIDAS attribute names public static final String eIDAS_ATTR_PERSONALIDENTIFIER = "PersonIdentifier"; public static final String eIDAS_ATTR_DATEOFBIRTH = "DateOfBirth"; public static final String eIDAS_ATTR_CURRENTGIVENNAME = "FirstName"; @@ -221,19 +222,19 @@ public class Constants { public static final String eIDAS_ATTR_LEGALPERSONIDENTIFIER = "LegalPersonIdentifier"; public static final String eIDAS_ATTR_LEGALNAME = "LegalName"; - + //eIDAS attribute URN public static final String eIDAS_ATTRURN_PREFIX = "http://eidas.europa.eu/attributes/"; public static final String eIDAS_ATTRURN_PREFIX_NATURAL = eIDAS_ATTRURN_PREFIX + "naturalperson/"; - - public static final String eIDAS_ATTRURN_PERSONALIDENTIFIER = + + public static final String eIDAS_ATTRURN_PERSONALIDENTIFIER = eIDAS_ATTRURN_PREFIX_NATURAL + eIDAS_ATTR_PERSONALIDENTIFIER; - public static final String eIDAS_ATTRURN_PLACEOFBIRTH = + public static final String eIDAS_ATTRURN_PLACEOFBIRTH = eIDAS_ATTRURN_PREFIX_NATURAL + eIDAS_ATTR_PLACEOFBIRTH; - public static final String eIDAS_ATTRURN_BIRTHNAME = + public static final String eIDAS_ATTRURN_BIRTHNAME = eIDAS_ATTRURN_PREFIX_NATURAL + eIDAS_ATTR_BIRTHNAME; - - + + public static final String eIDAS_REQ_PARAM_SECTOR_PUBLIC = "public"; public static final String eIDAS_REQ_PARAM_SECTOR_PRIVATE = "private"; @@ -292,9 +293,12 @@ public class Constants { "TASK_GenerateMobilePhoneSignatureRequestTask"; /** - * TODO Second eidas login. + * {@link at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateAuthnRequestTask}. */ - public static final String TRANSITION_TO_GENERATE_EIDAS_LOGIN = "TASK_TODO"; + public static final String TRANSITION_TO_GENERATE_EIDAS_LOGIN = "TASK_GenerateAlternativeEidasAuthn"; + /** + * Stores login selection from user. + */ public static final String REQ_SELECTED_LOGIN_METHOD_PARAMETER = "loginSelection"; } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/AlternativeSearchTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/AlternativeSearchTask.java new file mode 100644 index 00000000..fe3a9560 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/AlternativeSearchTask.java @@ -0,0 +1,214 @@ +/* + * Copyright 2020 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MatchedPersonResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.ICcSpecificEidProcessingService; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService.RegisterOperationStatus; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService.RegisterStatusResults; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.MatchingTaskUtils; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import com.google.common.collect.ImmutableMap; +import com.google.common.collect.ImmutableSet; +import eu.eidas.auth.commons.attribute.AttributeDefinition; +import eu.eidas.auth.commons.attribute.AttributeValue; +import eu.eidas.auth.commons.light.ILightResponse; +import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress; +import lombok.extern.slf4j.Slf4j; +import org.apache.commons.lang3.StringUtils; +import org.jetbrains.annotations.NotNull; +import org.joda.time.DateTime; +import org.springframework.stereotype.Component; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.TRANSITION_TO_CREATE_NEW_ERNP_ENTRY_TASK; +import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK; + +/** + * Searches registers (ERnP and ZMR) after alternative eIDAS authn, before adding person to SZR. + * Input: + *

{@link Constants#DATA_FULL_EIDAS_RESPONSE_ALTERNATIVE}

+ * Output: + *

{@link Constants#DATA_PERSON_MATCH_RESULT} results after second search in registers with MDS
{@link Constants#DATA_RESULT_MATCHING_BPK} if one register result found

+ * Transitions: + *

{@link GenerateOtherLoginMethodGuiTask} if no results in registers were found for this user
{@link CreateIdentityLinkTask} if search in register returned one match, user is uniquely identified

+ * + * @author amarsalek + * @author ckollmann + * @author tlenz + */ +@Slf4j +@Component("AlternativeSearchTask") +@SuppressWarnings("PMD.TooManyStaticImports") +public class AlternativeSearchTask extends AbstractAuthServletTask { + + private final RegisterSearchService registerSearchService; + private final ICcSpecificEidProcessingService eidPostProcessor; + + /** + * Constructor. + * + * @param registerSearchService Service for register search access + * @param eidPostProcessor Country-Specific post processing of attributes + */ + public AlternativeSearchTask(RegisterSearchService registerSearchService, + ICcSpecificEidProcessingService eidPostProcessor) { + this.registerSearchService = registerSearchService; + this.eidPostProcessor = eidPostProcessor; + } + + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + try { + final SimpleEidasData eidasData = convertEidasAttrToSimpleData(); + step11RegisterSearchWithPersonIdentifier(executionContext, eidasData); + } catch (WorkflowException e) { + throw new TaskExecutionException(pendingReq, "Initial search failed", e); + } catch (final Exception e) { + log.error("Initial search failed", e); + throw new TaskExecutionException(pendingReq, "Initial search failed with a generic error", e); + } + } + + private void step11RegisterSearchWithPersonIdentifier( + ExecutionContext executionContext, SimpleEidasData eidasData) throws WorkflowException, EaafStorageException { + try { + log.trace("Starting step11RegisterSearchWithPersonIdentifier"); + RegisterStatusResults searchResult = registerSearchService.searchWithPersonIdentifier(eidasData); + int resultCount = searchResult.getResultCount(); + if (resultCount == 0) { + step12CountrySpecificSearch(executionContext, searchResult.getOperationStatus(), eidasData); + } else if (resultCount == 1) { + foundMatchFinalizeTask(searchResult, eidasData); + } else { + throw new WorkflowException("step11RegisterSearchWithPersonIdentifier", + "More than one entry with unique personal-identifier", true); + } + } catch (WorkflowException e) { + //TODO: what we do in case of a workflow error and manual matching are necessary?? + log.warn("Workflow error during matching step: {}. Reason: {}", e.getProcessStepName(), e.getErrorReason()); + throw e; + } + } + + private void step12CountrySpecificSearch( + ExecutionContext executionContext, RegisterOperationStatus registerOperationStatus, SimpleEidasData eidasData) + throws EaafStorageException, WorkflowException { + log.trace("Starting 'step12CountrySpecificSearch' ... "); + RegisterStatusResults searchResult = registerSearchService.searchWithCountrySpecifics( + registerOperationStatus, eidasData); + if (searchResult.getResultCount() == 0) { + log.trace("'step12CountrySpecificSearch' ends with no result. Forward to GUI based matching step ... "); + log.debug("Forward to GUI based matching steps ... "); + executionContext.put(TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK, true); + } else if (searchResult.getResultCount() == 1) { + log.trace("'step12CountrySpecificSearch' finds a person. Forward to 'step7aKittProcess' step ... "); + // TODO is step 7b kitt different from step 7a? + registerSearchService.step7aKittProcess(searchResult, eidasData); + foundMatchFinalizeTask(searchResult, eidasData); + } else { + throw new WorkflowException("step12CountrySpecificSearch", + "More than one entry with unique country-specific information", true); + } + } + + private void foundMatchFinalizeTask(RegisterStatusResults searchResult, SimpleEidasData eidasData) + throws WorkflowException, EaafStorageException { + MatchedPersonResult result = MatchedPersonResult.generateFormMatchingResult( + searchResult.getResult(), eidasData.getCitizenCountryCode()); + MatchingTaskUtils.storeFinalMatchingResult(pendingReq, result); + } + + @NotNull + private SimpleEidasData convertEidasAttrToSimpleData() + throws EidasAttributeException, EidPostProcessingException { + final ILightResponse eidasResponse = MatchingTaskUtils.getAuthProcessDataWrapper(pendingReq) + .getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE_ALTERNATIVE, ILightResponse.class); + Map simpleMap = convertEidasAttrToSimpleMap(eidasResponse.getAttributes().getAttributeMap()); + return eidPostProcessor.postProcess(simpleMap); + } + + private Map convertEidasAttrToSimpleMap( + ImmutableMap, ImmutableSet>> attributeMap) { + final Map result = new HashMap<>(); + for (final AttributeDefinition el : attributeMap.keySet()) { + final Class parameterizedType = el.getParameterizedType(); + if (DateTime.class.equals(parameterizedType)) { + final DateTime attribute = EidasResponseUtils.translateDateAttribute(el, attributeMap.get(el).asList()); + if (attribute != null) { + result.put(el.getFriendlyName(), attribute); + log.trace("Find attr '{}' with value: {}", el.getFriendlyName(), attribute); + } else { + log.info("Ignore empty 'DateTime' attribute"); + } + } else if (PostalAddress.class.equals(parameterizedType)) { + final PostalAddress addressAttribute = EidasResponseUtils + .translateAddressAttribute(el, attributeMap.get(el).asList()); + if (addressAttribute != null) { + result.put(el.getFriendlyName(), addressAttribute); + log.trace("Find attr '{}' with value: {}", el.getFriendlyName(), addressAttribute); + } else { + log.info("Ignore empty 'PostalAddress' attribute"); + } + } else { + final List natPersonIdObj = EidasResponseUtils.translateStringListAttribute(el, attributeMap.get(el)); + final String stringAttr = natPersonIdObj.get(0); + if (StringUtils.isNotEmpty(stringAttr)) { + result.put(el.getFriendlyName(), stringAttr); + log.trace("Find attr '{}' with value: {}", el.getFriendlyName(), stringAttr); + } else { + log.info("Ignore empty 'String' attribute"); + } + } + } + log.debug("Receive #{} attributes with names: {}", result.size(), result.keySet()); + return result; + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java index 33d3f175..da9c8174 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/GenerateAuthnRequestTask.java @@ -64,7 +64,6 @@ import java.util.UUID; /** * Generates the authn request to the eIDAS Node. This is the first task in the process. - *

* Input: *

none

{@link Constants#DATA_FULL_EIDAS_RESPONSE}

none

{@link Constants#DATA_FULL_EIDAS_RESPONSE_ALTERNATIVE} the full response details

{@link InitialSearchTask} to perform search in registers

* Input: *

none

+ + + @@ -24,26 +27,35 @@ - - + + - - - - - - - + + + + + + + + + - + - - - + + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml index 09e0234d..5a113550 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml @@ -100,8 +100,12 @@ scope="prototype" /> + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveAuthnResponseTask" + scope="prototype" /> + + +