aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2015-07-21 15:30:40 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2015-07-21 15:30:40 +0200
commit4795b273bb734f04056babe963d8588ffbf50fb0 (patch)
tree4c38c2a7b957608ad21034ec40b96466d3f3f98e
parenta10034425b325acaf9796183d1206979664e483d (diff)
downloadmoa-id-spss-4795b273bb734f04056babe963d8588ffbf50fb0.tar.gz
moa-id-spss-4795b273bb734f04056babe963d8588ffbf50fb0.tar.bz2
moa-id-spss-4795b273bb734f04056babe963d8588ffbf50fb0.zip
fix MOA-ID-Auth problems
-rw-r--r--id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesReversionLogTask.java162
-rw-r--r--id/server/data/deploy/conf/moa-id-configuration/userdatabase.properties14
-rw-r--r--id/server/data/deploy/conf/moa-id/logback_config.xml71
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java21
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java28
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java59
-rw-r--r--id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml15
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties3
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties1
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java4
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationUtil.java2
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java6
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/MOAIDConfigurationImpl.java4
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java24
-rw-r--r--id/server/moa-id-commons/src/main/resources/configuration.beans.xml34
-rw-r--r--id/server/moa-id-commons/src/main/resources/moaid.migration.beans.xml13
19 files changed, 392 insertions, 79 deletions
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesReversionLogTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesReversionLogTask.java
new file mode 100644
index 000000000..da441de4b
--- /dev/null
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesReversionLogTask.java
@@ -0,0 +1,162 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.config.webgui.validation.task.impl;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.UUID;
+import java.util.regex.Pattern;
+
+import org.apache.commons.lang.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.gv.egiz.components.configuration.api.Configuration;
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
+import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
+import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
+import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException;
+import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier;
+import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper;
+import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator;
+import at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public class ServicesReversionLogTask extends AbstractTaskValidator implements IDynamicLoadableTaskValidator {
+ private static final Logger log = LoggerFactory.getLogger(ServicesReversionLogTask.class);
+ private static final List<String> KEYWHITELIST;
+
+ static {
+ ArrayList<String> temp = new ArrayList<String>();
+ KEYWHITELIST = Collections.unmodifiableList(temp);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix()
+ */
+ @Override
+ public String getKeyPrefix() {
+ return MOAIDConfigurationConstants.SERVICE_REVERSION;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName()
+ */
+ @Override
+ public String getName() {
+ return "Service - Reversion Logging Task";
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration)
+ */
+ @Override
+ public Map<String, String> postProcessing(Map<String, String> input,
+ List<String> keysToDelete, Configuration dbconfig) {
+ Map<String, String> newConfigValues = new HashMap<String, String>();
+
+ String eventCodes = input.get(MOAIDConfigurationConstants.SERVICE_REVERSION_LOGS_EVENTCODES);
+ if (MiscUtil.isNotEmpty(eventCodes)) {
+ newConfigValues.put(MOAIDConfigurationConstants.SERVICE_REVERSION_LOGS_EVENTCODES,
+ KeyValueUtils.normalizeCSVValueString(eventCodes));
+
+ }
+
+ if (newConfigValues.isEmpty())
+ return null;
+ else
+ return newConfigValues;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map)
+ */
+ @Override
+ protected void taskValidate(Map<String, String> input)
+ throws ConfigurationTaskValidationException {
+ List<ValidationObjectIdentifier> errors = new ArrayList<ValidationObjectIdentifier>();
+
+ String isEnabled = input.get(MOAIDConfigurationConstants.SERVICE_REVERSION_LOGS_ENABLED);
+ String eventCodes = input.get(MOAIDConfigurationConstants.SERVICE_REVERSION_LOGS_EVENTCODES);
+
+ if (Boolean.parseBoolean(isEnabled) && MiscUtil.isEmpty(eventCodes)) {
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_REVERSION_LOGS_ENABLED,
+ "Reversion - Logger Enabled",
+ LanguageHelper.getErrorString("error.oa.reversion.log.enabled")));
+
+ }
+
+ if (MiscUtil.isNotEmpty(eventCodes)) {
+ String[] codes = eventCodes.split(",");
+ for (String el: codes) {
+ try {
+ Integer.parseInt(el.trim());
+
+ } catch (NumberFormatException e) {
+ log.info("", e);
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.SERVICE_REVERSION_LOGS_EVENTCODES,
+ "Reversion - Logger Enabled",
+ LanguageHelper.getErrorString("error.oa.reversion.log.eventcodes")));
+ break;
+
+ }
+
+ }
+
+ }
+
+
+ if (!errors.isEmpty())
+ throw new ConfigurationTaskValidationException(errors);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys()
+ */
+ @Override
+ public List<Pattern> getAllAllowedPatterns() {
+ return generatePatternsFromKeys(KEYWHITELIST);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator#getModulValidatorPrefix()
+ */
+ @Override
+ public List<String> getModulValidatorPrefix() {
+ return Arrays.asList(
+ MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES_OA
+ );
+ }
+
+}
diff --git a/id/server/data/deploy/conf/moa-id-configuration/userdatabase.properties b/id/server/data/deploy/conf/moa-id-configuration/userdatabase.properties
new file mode 100644
index 000000000..6e03d3c12
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id-configuration/userdatabase.properties
@@ -0,0 +1,14 @@
+#Auto generated configuration file.
+#Fri Jul 17 11:09:29 CEST 2015
+users.0.surname=Administrator
+users.0.roles.0.id=0
+roles.0.name=Administrators
+users=User List
+users.0.__LI.0=users
+users.0.roles.0.isMember=true
+roles.0.id=0
+roles=Role List
+users.0.id=0
+users.0.roles.0.name=Administrators
+users.0.firstname=Administrator
+roles.0.__LI.0=roles
diff --git a/id/server/data/deploy/conf/moa-id/logback_config.xml b/id/server/data/deploy/conf/moa-id/logback_config.xml
new file mode 100644
index 000000000..c00e62e52
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/logback_config.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!-- For assistance related to logback-translator or configuration -->
+<!-- files in general, please contact the logback user mailing list -->
+<!-- at http://www.qos.ch/mailman/listinfo/logback-user -->
+<!-- -->
+<!-- For professional support please see -->
+<!-- http://www.qos.ch/shop/products/professionalSupport -->
+<!-- -->
+<configuration>
+ <!-- Errors were reported during translation. -->
+ <!-- No class found for appender CONFIGTOOL R -->
+ <!-- Could not find transformer for null -->
+ <appender name="R" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender-->
+ <File>${catalina.base}/logs/moa-id.log</File>
+ <encoder>
+ <pattern>%5p | %d{dd HH:mm:ss,SSS} | %X{transactionId} | %t | %m%n</pattern>
+ </encoder>
+ <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <maxIndex>1</maxIndex>
+ <FileNamePattern>${catalina.base}/logs/moa-id.log.%i</FileNamePattern>
+ </rollingPolicy>
+ <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <MaxFileSize>10000KB</MaxFileSize>
+ </triggeringPolicy>
+ </appender>
+ <appender name="CONFIGTOOL R">
+ <!--No layout specified for appender named [CONFIGTOOL R] of class [null]-->
+ </appender>
+ <appender name="CONFIGTOOL" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender-->
+ <File>${catalina.base}/logs/moa-id-webgui.log</File>
+ <encoder>
+ <pattern>%5p | %d{dd HH:mm:ss,SSS} | %X{transactionId} | %t | %m%n</pattern>
+ </encoder>
+ <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <maxIndex>1</maxIndex>
+ <FileNamePattern>${catalina.base}/logs/moa-id-webgui.log.%i</FileNamePattern>
+ </rollingPolicy>
+ <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <MaxFileSize>10000KB</MaxFileSize>
+ </triggeringPolicy>
+ </appender>
+ <appender name="stdout" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <pattern>%5p | %d{dd HH:mm:ss,SSS} | %X{transactionId} |%20.20c | %10t | %m%n</pattern>
+ </encoder>
+ </appender>
+ <logger name="eu.stork" level="info"/>
+ <logger name="iaik.server" level="info"/>
+ <logger name="at.gv.egovernment.moa.id" level="info">
+ <appender-ref ref="R"/>
+ </logger>
+ <logger name="at.gv.egovernment.moa.id.commons" level="info">
+ <appender-ref ref="CONFIGTOOL R"/>
+ </logger>
+ <logger name="org.hibernate" level="warn"/>
+ <logger name="at.gv.egiz.components.configuration" level="info">
+ <appender-ref ref="CONFIGTOOL"/>
+ </logger>
+ <logger name="at.gv.egovernment.moa.id.proxy" level="info"/>
+ <logger name="at.gv.egovernment.moa.id.config.webgui" level="info">
+ <appender-ref ref="CONFIGTOOL"/>
+ </logger>
+ <logger name="at.gv.egovernment.moa.spss" level="info"/>
+ <logger name="at.gv.egovernment.moa" level="info"/>
+ <root level="info">
+ <appender-ref ref="stdout"/>
+ </root>
+</configuration>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
index 65e3b10d7..e1086bbd1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
@@ -22,6 +22,7 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.config.auth.PropertyBasedAuthConfigurationProvider;
import at.gv.egovernment.moa.id.iaik.config.LoggerConfigImpl;
+import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
import at.gv.egovernment.moa.id.util.AxisSecureSocketFactory;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.util.SSLUtils;
@@ -174,7 +175,7 @@ public class MOAIDAuthInitializer {
System.exit(-1);
}
-
+
// Starts the session cleaner thread to remove unpicked authentication data
AuthenticationSessionCleaner.start();
AuthConfigLoader.start();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
index 9386330cc..987603227 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -865,7 +865,26 @@ public boolean isRemovePBKFromAuthBlock() {
*/
@Override
public List<Integer> getReversionsLoggingEventCodes() {
- // TODO Auto-generated method stub
+ String isEnabled = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_REVERSION_LOGS_ENABLED);
+ if (MiscUtil.isNotEmpty(isEnabled) && Boolean.parseBoolean(isEnabled)) {
+ String eventCodes = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_REVERSION_LOGS_EVENTCODES);
+ if (MiscUtil.isNotEmpty(eventCodes)) {
+ String[] codes = eventCodes.split(",");
+ List<Integer> result = new ArrayList<Integer>();
+ for (String el : codes) {
+ try {
+ result.add(Integer.valueOf(el.trim()));
+
+ } catch (NumberFormatException e) {
+ Logger.warn("EventCode can not parsed to Integer.", e);
+
+ }
+ }
+ if (!result.isEmpty())
+ return result;
+
+ }
+ }
return null;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index 5584e8ca6..45eecec84 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -311,7 +311,7 @@ public class DispatcherServlet extends AuthServlet{
MiscUtil.isNotEmpty(protocolRequest.getRequestID())) {
OAAuthParameter oaParams = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(protocolRequest.getOAURL());
- if (oaParams.isSTORKPVPGateway() || !oaParams.isPerformLocalAuthenticationOnInterfederationError()) {
+ if (!oaParams.isPerformLocalAuthenticationOnInterfederationError()) {
// -> send end error to service provider
Logger.info("Federated authentication for entity " + protocolRequest.getOAURL()
+ " FAILED. Sending error message to service provider.");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 06b55fb66..f3c40707e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -400,18 +400,22 @@ public class AuthenticationManager extends MOAIDAuthConstants {
Logger.debug("Build PVP 2.1 authentication request");
//get IDP metadata
- try {
- OAAuthParameter idp = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(target.getRequestedIDP());
- OAAuthParameter sp = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(target.getOAURL());
+
+ OAAuthParameter idp = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(target.getRequestedIDP());
+ OAAuthParameter sp = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(target.getOAURL());
- if (!idp.isInderfederationIDP() || !idp.isInboundSSOInterfederationAllowed()) {
- Logger.info("Requested interfederation IDP " + target.getRequestedIDP() + " is not valid for interfederation.");
- Logger.info("Switch to local authentication on this IDP ... ");
- perfomLocalAuthentication(request, response, target);
- return;
+ if (!idp.isInderfederationIDP() || !idp.isInboundSSOInterfederationAllowed()) {
+ Logger.info("Requested interfederation IDP " + target.getRequestedIDP() + " is not valid for interfederation.");
+ Logger.debug("isInderfederationIDP:" + String.valueOf(idp.isInderfederationIDP())
+ + " isInboundSSOAllowed:" + String.valueOf(idp.isInboundSSOInterfederationAllowed()));
+ Logger.info("Switch to local authentication on this IDP ... ");
+
+ perfomLocalAuthentication(request, response, target);
+ return;
- }
+ }
+ try {
EntityDescriptor idpEntity = MOAMetadataProvider.getInstance().
getEntityDescriptor(target.getRequestedIDP());
@@ -556,7 +560,11 @@ public class AuthenticationManager extends MOAIDAuthConstants {
if (requiredLocalAuthentication) {
Logger.info("Switch to local authentication on this IDP ... ");
- perfomLocalAuthentication(request, response, target);
+ if (idp.isPerformLocalAuthenticationOnInterfederationError())
+ perfomLocalAuthentication(request, response, target);
+
+ else
+ throw new AuthenticationException("auth.29", new String[]{target.getRequestedIDP()});
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
index de58c34a1..87a63a8a0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
@@ -115,10 +115,7 @@ public class PVPConfiguration {
//generalpvpconfigdb = AuthConfigurationProvider.getInstance().getGeneralPVP2DBConfig();
props = AuthConfigurationProviderFactory.getInstance().getGeneralPVP2ProperiesConfig();
rootDir = AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir();
-
- //load PVP2X metadata for all active online applications
- MOAMetadataProvider.getInstance();
-
+
} catch (ConfigurationException e) {
e.printStackTrace();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
index 389b9825f..824c9be0b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -26,14 +26,11 @@ import java.io.IOException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Collection;
-import java.util.Collections;
-import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
-import java.util.concurrent.CopyOnWriteArrayList;
import java.util.Timer;
import javax.net.ssl.SSLHandshakeException;
@@ -49,7 +46,6 @@ import org.opensaml.saml2.metadata.provider.MetadataFilter;
import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.saml2.metadata.provider.ObservableMetadataProvider;
-import org.opensaml.saml2.metadata.provider.ObservableMetadataProvider.Observer;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.parse.BasicParserPool;
@@ -74,7 +70,6 @@ public class MOAMetadataProvider implements ObservableMetadataProvider{
private static MOAMetadataProvider instance = null;
private static Object mutex = new Object();
- private List<ObservableMetadataProvider.Observer> observers;
public static MOAMetadataProvider getInstance() {
@@ -338,8 +333,7 @@ public class MOAMetadataProvider implements ObservableMetadataProvider{
Logger.warn("MetadataProvider can not be destroyed.");
}
}
-
- this.observers = Collections.emptyList();
+
instance = null;
} else {
Logger.warn("ReInitalize MOAMetaDataProvider is not possible! MOA-ID Instance has to be restarted manualy");
@@ -348,14 +342,12 @@ public class MOAMetadataProvider implements ObservableMetadataProvider{
private MOAMetadataProvider() {
ChainingMetadataProvider chainProvider = new ChainingMetadataProvider();
- this.observers = new CopyOnWriteArrayList<Observer>();
Logger.info("Loading metadata");
Map<String, MetadataProvider> providersinuse = new HashMap<String, MetadataProvider>();
try {
- //TODO: database search does not work!!!!!
Map<String, String> allOAs = AuthConfigurationProviderFactory.getInstance().getConfigurationWithWildCard(
- MOAIDConfigurationConstants.PREFIX_SERVICES
+ MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES
+ ".%."
+ MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER);
@@ -373,7 +365,7 @@ public class MOAMetadataProvider implements ObservableMetadataProvider{
try {
String certBase64 = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);
- if (MiscUtil.isNotEmpty(certBase64) || MiscUtil.isNotEmpty(metadataurl)) {
+ if (MiscUtil.isNotEmpty(certBase64) && MiscUtil.isNotEmpty(metadataurl)) {
byte[] cert = Base64Utils.decode(certBase64, false);
@@ -543,14 +535,53 @@ public class MOAMetadataProvider implements ObservableMetadataProvider{
return internalProvider.getMetadata();
}
- public EntitiesDescriptor getEntitiesDescriptor(String name)
+ public EntitiesDescriptor getEntitiesDescriptor(String entitiesID)
throws MetadataProviderException {
- return internalProvider.getEntitiesDescriptor(name);
+ EntitiesDescriptor entitiesDesc = null;
+ try {
+ entitiesDesc = internalProvider.getEntitiesDescriptor(entitiesID);
+
+ if (entitiesDesc == null) {
+ Logger.debug("Can not find PVP metadata for entityID: " + entitiesID
+ + " Start refreshing process ...");
+ if (refreshMetadataProvider(entitiesID))
+ return internalProvider.getEntitiesDescriptor(entitiesID);
+
+ }
+
+ } catch (MetadataProviderException e) {
+ Logger.debug("Can not find PVP metadata for entityID: " + entitiesID
+ + " Start refreshing process ...");
+ if (refreshMetadataProvider(entitiesID))
+ return internalProvider.getEntitiesDescriptor(entitiesID);
+
+ }
+
+ return entitiesDesc;
}
public EntityDescriptor getEntityDescriptor(String entityID)
throws MetadataProviderException {
- return internalProvider.getEntityDescriptor(entityID);
+ EntityDescriptor entityDesc = null;
+ try {
+ entityDesc = internalProvider.getEntityDescriptor(entityID);
+ if (entityDesc == null) {
+ Logger.debug("Can not find PVP metadata for entityID: " + entityID
+ + " Start refreshing process ...");
+ if (refreshMetadataProvider(entityID))
+ return internalProvider.getEntityDescriptor(entityID);
+
+ }
+
+ } catch (MetadataProviderException e) {
+ Logger.debug("Can not find PVP metadata for entityID: " + entityID
+ + " Start refreshing process ...");
+ if (refreshMetadataProvider(entityID))
+ return internalProvider.getEntityDescriptor(entityID);
+
+ }
+
+ return entityDesc;
}
public List<RoleDescriptor> getRole(String entityID, QName roleName)
diff --git a/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml b/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml
index f2b2f5adf..206fde87d 100644
--- a/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml
+++ b/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml
@@ -19,13 +19,22 @@
<property name="url" value="${configuration.hibernate.connection.url}"/>
<property name="username" value="${configuration.hibernate.connection.username}" />
<property name="password" value="${configuration.hibernate.connection.password}" />
- <property name="testOnBorrow" value="true" />
+
+ <property name="connectionProperties" value="${configuration.dbcp.connectionProperties}" />
+ <property name="initialSize" value="${configuration.dbcp.initialSize}" />
+ <property name="maxActive" value="${configuration.dbcp.maxActive}" />
+ <property name="maxIdle" value="${configuration.dbcp.maxIdle}" />
+ <property name="minIdle" value="${configuration.dbcp.minIdle}" />
+ <property name="maxWait" value="${configuration.dbcp.maxWaitMillis}" />
+ <property name="testOnBorrow" value="${configuration.dbcp.testOnBorrow}" />
+ <property name="testOnReturn" value="${configuration.dbcp.testOnReturn}" />
+ <property name="testWhileIdle" value="${configuration.dbcp.testWhileIdle}" />
<property name="validationQuery" value="SELECT 1" />
</bean>
<bean id="jpaVendorAdapter" class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter">
- <property name="showSql" value="true" />
- <property name="generateDdl" value="${jpaVendorAdapter.generateDdl}" />
+ <property name="showSql" value="${configuration.hibernate.show_sql}" />
+ <property name="generateDdl" value="${configuration.jpaVendorAdapter.generateDdl}" />
<property name="databasePlatform" value="${configuration.hibernate.dialect}" />
</bean>
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index f5f9f5979..aca37f072 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -44,8 +44,9 @@ auth.23=Das BKU-Selektion Template entspricht nicht der Spezifikation von MOA-ID
auth.24=Das Send-Assertion Template entspricht nicht der Spezifikation von MOA-ID 2.x.
auth.25=Fehler beim validieren der SZR-Gateway Response.
auth.26=SessionID unbekannt.
-auth.27=Federated authentication FAILED.
+auth.27=Federated authentication FAILED! Assertion from {0} IDP is not valid.
auth.28=Transaktion {0} kann nicht weitergef\u00FChrt werden. Wahrscheinlich wurde ein TimeOut erreicht.
+auth.29=Federated authentication FAILED! Can not build authentication request for IDP {0}
init.00=MOA ID Authentisierung wurde erfolgreich gestartet
init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround\: SSL ist m\u00F6glicherweise nicht verf\u00FCgbar
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
index 79d6d5eef..fa332f0c7 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
@@ -26,6 +26,7 @@ auth.25=1109
auth.26=1100
auth.27=4401
auth.28=1100
+auth.29=4401
init.00=9199
init.01=9199
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java
index e084c07e5..b97813681 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java
@@ -81,8 +81,8 @@ public class MOAIDConstants {
ALLOWED_WBPK_PREFIXES = Collections.unmodifiableList(awbpk);
List<String> keyboxIDs = new ArrayList<String>();
- awbpk.add(KEYBOXIDENTIFIER_SECURE);
- awbpk.add(KEYBOXIDENTIFIER_CERTIFIED);
+ keyboxIDs.add(KEYBOXIDENTIFIER_SECURE);
+ keyboxIDs.add(KEYBOXIDENTIFIER_CERTIFIED);
ALLOWED_KEYBOXIDENTIFIER = Collections.unmodifiableList(keyboxIDs);
List<String> redirectTargets = new ArrayList<String>();
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationUtil.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationUtil.java
index 762ae44a0..a9d8d92da 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationUtil.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationUtil.java
@@ -52,7 +52,7 @@ public class ConfigurationUtil {
try (FileOutputStream outStream = new FileOutputStream(outFile);) {
// get config from xml file
- JAXBContext jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config");
+ JAXBContext jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config.deprecated");
Unmarshaller m = jc.createUnmarshaller();
MOAIDConfiguration config = (MOAIDConfiguration) m.unmarshal(inStream);
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java
index bd5c9e73c..ad34360d8 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java
@@ -112,8 +112,7 @@ public final class MOAIDConfigurationConstants extends MOAIDConstants {
public static final String SERVICE_AUTH_MANDATES_OVS_PROFILES = SERVICE_AUTH_MANDATES_OVS + ".profiles";
public static final String SERVICE_AUTH_MANDATES_HVB = SERVICE_AUTH_MANDATES + ".hvb";
public static final String SERVICE_AUTH_MANDATES_HVB_USE = SERVICE_AUTH_MANDATES_HVB + ".use";
-
-
+
public static final String SERVICE_AUTH_FOREIGNBPK = AUTH + "." + FOREIGNBPK;
public static final String SERVICE_AUTH_FOREIGNBPK_DECRYPT = SERVICE_AUTH_FOREIGNBPK + ".decrypt";
public static final String SERVICE_AUTH_FOREIGNBPK_DECRYPT_IV = SERVICE_AUTH_FOREIGNBPK_DECRYPT + ".iv";
@@ -175,7 +174,8 @@ public final class MOAIDConfigurationConstants extends MOAIDConstants {
public static final String SERVICE_INTERFEDERATION_FORWARD_PROTOCOL = INTERFEDERATION + ".forward.protocol";
public static final String SERVICE_REVERSION = "reversion";
- public static final String SERVICE_REVERSION_EVENTCODES = SERVICE_REVERSION + ".eventcodes";
+ public static final String SERVICE_REVERSION_LOGS_ENABLED = SERVICE_REVERSION + ".log.enabled";
+ public static final String SERVICE_REVERSION_LOGS_EVENTCODES = SERVICE_REVERSION + ".log.eventcodes";
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/MOAIDConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/MOAIDConfigurationImpl.java
index 805bcb33e..20e2ba598 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/MOAIDConfigurationImpl.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/MOAIDConfigurationImpl.java
@@ -144,7 +144,7 @@ public class MOAIDConfigurationImpl extends DatabaseConfigPropertyImpl implement
//load all online application key/value pairs from database
String oaType = KeyValueUtils.getFirstChildAfterPrefix(oaIdKey, MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES);
String oaKey = KeyValueUtils.getPrefixFromKey(oaIdKey, MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER);
-
+
TypedQuery<ConfigProperty> oaConfigQuery = em.createQuery("select dbconfig from ConfigProperty dbconfig where dbconfig.key like :key", ConfigProperty.class);
oaConfigQuery.setParameter("key", oaKey + ".%");
List<ConfigProperty> oaConfigResult = oaConfigQuery.getResultList();
@@ -157,7 +157,7 @@ public class MOAIDConfigurationImpl extends DatabaseConfigPropertyImpl implement
//build key/value configuration map from database entries
Map<String, String> result = getKeyValueFromDatabaseDAO(
- oaConfigResult.iterator(), oaKey, true);
+ oaConfigResult.iterator(), oaKey, true);
result.put(MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES, oaType);
return result;
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java
index f20647fb0..04eb30f72 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java
@@ -227,4 +227,28 @@ public class KeyValueUtils {
return findNextFreeListCounter((String[]) keySet.toArray(), listPrefix);
}
+
+ /**
+ * Normalize a CSV encoded list of value of an key/value pair
+ *
+ * This method removes all whitespace at the begin or the
+ * end of CSV values
+ *
+ * @param value CSV encoded input data
+ * @return normalized CSV encoded data or null if {value} is null or empty
+ */
+ public static String normalizeCSVValueString(String value) {
+ String normalizedCodes = null;
+ if (MiscUtil.isNotEmpty(value)) {
+ String[] codes = value.split(",");
+ for (String el: codes) {
+ if (normalizedCodes == null)
+ normalizedCodes = el.trim();
+ else
+ normalizedCodes += "," + el;
+
+ }
+ }
+ return normalizedCodes;
+ }
}
diff --git a/id/server/moa-id-commons/src/main/resources/configuration.beans.xml b/id/server/moa-id-commons/src/main/resources/configuration.beans.xml
index 775d02d05..4d3caea8c 100644
--- a/id/server/moa-id-commons/src/main/resources/configuration.beans.xml
+++ b/id/server/moa-id-commons/src/main/resources/configuration.beans.xml
@@ -11,44 +11,10 @@
<context:annotation-config />
- <!-- context:property-placeholder location="${location}"/-->
-
-<!-- <bean class="at.gv.egovernment.moa.id.commons.config.persistence.JPAPropertiesWithJavaConfig">
- </bean> -->
-
<bean id="configPropertyDao"
class="at.gv.egovernment.moa.id.commons.db.dao.config.DatabaseConfigPropertyImpl"/>
<bean id="moaidconfig" class="at.gv.egovernment.moa.id.commons.config.persistence.MOAIDConfigurationImpl" />
-<!-- <property name="configPropertyDao" ref="configPropertyDao" />
- </bean> -->
-
-
-<!-- <bean id="configRead" class="at.gv.egovernment.moa.id.commons.db.NewConfigurationDBRead"/> -->
-<!-- <bean id="configWrite" class="at.gv.egovernment.moa.id.commons.db.NewConfigurationDBWrite"/> -->
-
-<!-- <bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource" lazy-init="true" destroy-method="close">
- <aop:scoped-proxy/>
- <property name="driverClassName" value="${hibernate.connection.driver_class}" />
- <property name="url" value="${hibernate.connection.url}"/>
- <property name="username" value="${hibernate.connection.username}" />
- <property name="password" value="${hibernate.connection.password}" />
- <property name="testOnBorrow" value="true" />
- <property name="validationQuery" value="SELECT 1" />
- </bean> -->
-
-
-<!-- <bean id="jpaVendorAdapter" class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter">
- <property name="showSql" value="true" />
- <property name="generateDdl" value="${jpaVendorAdapter.generateDdl}" />
- <property name="generateDdl">
- <bean class="java.lang.Boolean">
- <constructor-arg value="${jpaVendorAdapter.generateDdl}"/>
- </bean>
- </property>
- <property name="databasePlatform" value="${hibernate.dialect}" />
- </bean> -->
-
<bean name="config" id="entityManagerFactory" class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
<property name="dataSource" ref="dataSource" />
diff --git a/id/server/moa-id-commons/src/main/resources/moaid.migration.beans.xml b/id/server/moa-id-commons/src/main/resources/moaid.migration.beans.xml
index a0923c03f..3bd122254 100644
--- a/id/server/moa-id-commons/src/main/resources/moaid.migration.beans.xml
+++ b/id/server/moa-id-commons/src/main/resources/moaid.migration.beans.xml
@@ -21,13 +21,22 @@
<property name="url" value="${hibernate.connection.url}"/>
<property name="username" value="${hibernate.connection.username}" />
<property name="password" value="${hibernate.connection.password}" />
- <property name="testOnBorrow" value="true" />
+
+ <property name="connectionProperties" value="${dbcp.connectionProperties}" />
+ <property name="initialSize" value="${dbcp.initialSize}" />
+ <property name="maxActive" value="${dbcp.maxActive}" />
+ <property name="maxIdle" value="${dbcp.maxIdle}" />
+ <property name="minIdle" value="${dbcp.minIdle}" />
+ <property name="maxWait" value="${dbcp.maxWaitMillis}" />
+ <property name="testOnBorrow" value="${dbcp.testOnBorrow}" />
+ <property name="testOnReturn" value="${dbcp.testOnReturn}" />
+ <property name="testWhileIdle" value="${dbcp.testWhileIdle}" />
<property name="validationQuery" value="SELECT 1" />
</bean>
<bean id="jpaVendorAdapter" class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter">
- <property name="showSql" value="true" />
+ <property name="showSql" value="${hibernate.show_sql}" />
<property name="generateDdl" value="${jpaVendorAdapter.generateDdl}" />
<property name="databasePlatform" value="${hibernate.dialect}" />
</bean>