aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2016-03-14 12:21:04 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2016-03-14 12:21:04 +0100
commit9b1c1a0ec916bd7dd19b536f98276f25c8848153 (patch)
tree207bd60246176c4d4c8f158308b5d26fa3f90fb7
parenta5c361d60ab4103026cdaac1818ecec52611be5d (diff)
downloadmoa-id-spss-9b1c1a0ec916bd7dd19b536f98276f25c8848153.tar.gz
moa-id-spss-9b1c1a0ec916bd7dd19b536f98276f25c8848153.tar.bz2
moa-id-spss-9b1c1a0ec916bd7dd19b536f98276f25c8848153.zip
switch to SAML2 'well-known-location' method as preferred solution to initalize ELGA mandate-service metadata-provider
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java2
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java10
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java59
3 files changed, 48 insertions, 23 deletions
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java
index 753d3336c..c2efe5bfc 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java
@@ -57,7 +57,7 @@ public class ELGAMandatesAuthModuleImpl extends DefaultCitizenCardAuthModuleImpl
//check if BKU authentication is selected and ELGA-MandateService is configurated
if (MiscUtil.isNotEmpty(selectedProcessID)) {
if (MiscUtil.isNotEmpty(authConfig.getBasicMOAIDConfiguration(
- ELGAMandatesAuthConstants.CONFIG_PROPS_METADATAURL)))
+ ELGAMandatesAuthConstants.CONFIG_PROPS_ENTITYID)))
return "DefaultAuthenticationWithELGAMandates";
}
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
index 26fd5fe5b..5d98eb46e 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
@@ -82,6 +82,16 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask {
}
+ //load metadata with metadataURL, as backup
+ String metadataURL = authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_METADATAURL);
+ if (MiscUtil.isNotEmpty(metadataURL)) {
+ Logger.warn("Use not recommended metadata-provider initialization!"
+ + " SAML2 'Well-Known-Location' is the preferred methode.");
+ Logger.info("Initialize ELGA Mandate-Service metadata-provider with URL:" + metadataURL);
+ metadataService.initialize(metadataURL);
+
+ }
+
//load IDP SAML2 entitydescriptor
EntityDescriptor entityDesc = metadataService.getEntityDescriptor(elgaMandateServiceEntityID);
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
index 1c564b20d..c9485104b 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
@@ -57,6 +57,19 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide
private HTTPMetadataProvider metadataProvider = null;
+
+ public void initialize(String metadataURL) throws MetadataProviderException {
+ if (metadataProvider == null) {
+ internalInitialize(metadataURL);
+
+ } else {
+ Logger.info("ELGA Mandate-Service metadata-provider is already initialized.");
+
+ }
+
+ }
+
+
/* (non-Javadoc)
* @see org.opensaml.saml2.metadata.provider.MetadataProvider#requireValidMetadata()
*/
@@ -138,7 +151,7 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide
@Override
public EntityDescriptor getEntityDescriptor(String entityID) throws MetadataProviderException {
if (metadataProvider == null)
- initialize(entityID);
+ internalInitialize(entityID);
try {
EntityDescriptor entityDesc = metadataProvider.getEntityDescriptor(entityID);
@@ -162,7 +175,7 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide
@Override
public List<RoleDescriptor> getRole(String entityID, QName roleName) throws MetadataProviderException {
if (metadataProvider == null)
- initialize(entityID);
+ internalInitialize(entityID);
return metadataProvider.getRole(entityID, roleName);
}
@@ -174,35 +187,37 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide
public RoleDescriptor getRole(String entityID, QName roleName, String supportedProtocol)
throws MetadataProviderException {
if (metadataProvider == null)
- initialize(entityID);
+ internalInitialize(entityID);
return metadataProvider.getRole(entityID, roleName, supportedProtocol);
}
- private void initialize(String entityID) throws MetadataProviderException {
- Logger.info("Initialize PVP MetadataProvider to connect ELGA Mandate-Service");
+ private synchronized void internalInitialize(String metdataURL) throws MetadataProviderException {
+ if (metadataProvider == null) {
+ Logger.info("Initialize PVP MetadataProvider to connect ELGA Mandate-Service");
- String trustProfileID = authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_METADATA_TRUSTPROFILE);
- if (MiscUtil.isEmpty(trustProfileID)) {
- Logger.error("Create ELGA Mandate-Service Client FAILED: No trustProfileID to verify PVP metadata." );
- throw new MetadataProviderException("No trustProfileID to verify PVP metadata.");
- }
+ String trustProfileID = authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_METADATA_TRUSTPROFILE);
+ if (MiscUtil.isEmpty(trustProfileID)) {
+ Logger.error("Create ELGA Mandate-Service Client FAILED: No trustProfileID to verify PVP metadata." );
+ throw new MetadataProviderException("No trustProfileID to verify PVP metadata.");
+ }
- //create metadata validation filter chain
- MetadataFilterChain filter = new MetadataFilterChain();
- filter.addFilter(new SchemaValidationFilter(true));
- filter.addFilter(new MOASPMetadataSignatureFilter(trustProfileID));
+ //create metadata validation filter chain
+ MetadataFilterChain filter = new MetadataFilterChain();
+ filter.addFilter(new SchemaValidationFilter(true));
+ filter.addFilter(new MOASPMetadataSignatureFilter(trustProfileID));
- metadataProvider = createNewHTTPMetaDataProvider(entityID,
- filter,
- ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING);
+ metadataProvider = createNewHTTPMetaDataProvider(metdataURL,
+ filter,
+ ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING);
- if (metadataProvider == null) {
- Logger.error("Create ELGA Mandate-Service Client FAILED.");
- throw new MetadataProviderException("Can not initialize ELGA Mandate-Service metadaa provider.");
+ if (metadataProvider == null) {
+ Logger.error("Create ELGA Mandate-Service Client FAILED.");
+ throw new MetadataProviderException("Can not initialize ELGA Mandate-Service metadaa provider.");
- }
+ }
- metadataProvider.setRequireValidMetadata(true);
+ metadataProvider.setRequireValidMetadata(true);
+ }
}
}