add initial version of a virtual IDP REST URL rewrite filter

3 files changed, 203 insertions, 6 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/VHostUrlRewriteServletFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/VHostUrlRewriteServletFilter.java
new file mode 100644
index 000000000..93d74d7ef
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/VHostUrlRewriteServletFilter.java
@@ -0,0 +1,185 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.servlet.interceptor;
+
+import java.io.IOException;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.util.List;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+
+import org.springframework.context.ApplicationContext;
+
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.util.HTTPUtils;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+public class VHostUrlRewriteServletFilter implements Filter {
+
+	private static final String VHOST_PATH = "/vhost/";
+	private static final String AUTHURL = "authURL";
+	
+	
+	private ApplicationContext context = null;
+	
+	public VHostUrlRewriteServletFilter(ApplicationContext context) {
+		Logger.info("Register vHost Servelt Filter");
+		this.context = context;
+		
+	}
+	
+	/* (non-Javadoc)
+	 * @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
+	 */
+	@Override
+	public void init(FilterConfig filterConfig) throws ServletException {
+
+	}
+
+	/* (non-Javadoc)
+	 * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)
+	 */
+	@Override
+	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
+			throws IOException, ServletException {
+		 HttpServletRequest httpReq = (HttpServletRequest) request;		 
+		 try {
+			 AuthConfiguration authConfig = context.getBean(AuthConfiguration.class); 
+			 List<String> configuredPublicURLPrefix = authConfig.getPublicURLPrefix();
+		
+			 //check if End-Point is valid		
+			 String publicURLString = HTTPUtils.extractAuthURLFromRequest(httpReq);
+			 URL publicURL;
+			 try {
+				 publicURL = new URL(publicURLString);
+					
+			 } catch (MalformedURLException e) {
+				 Logger.error("IDP AuthenticationServiceURL Prefix is not a valid URL." + publicURLString, e);
+				 throw new ConfigurationException("1299", null, e);
+					
+			 }
+			 
+			 //check if virtual IDPs are enabled
+			 if (!authConfig.isVirtualIDPsEnabled()) {
+				 Logger.trace("Virtual IDPs are disabled. Use default IDP PublicURLPrefix from configuration: " + configuredPublicURLPrefix.get(0));
+				 httpReq.setAttribute(AUTHURL, configuredPublicURLPrefix.get(0));
+				 chain.doFilter(request, response);
+				
+			 } else {				 
+				String authURLString = HTTPUtils.extractAuthServletPathFromRequest(httpReq);
+				 URL authURL;
+				 try {
+					 authURL = new URL(authURLString);
+						
+				 } catch (MalformedURLException e) {
+					 Logger.error("IDP AuthenticationServiceURL Prefix is not a valid URL." + authURLString, e);
+					 throw new ConfigurationException("1299", null, e);
+						
+				 } 
+								
+				Logger.debug("Extract AuthenticationServiceURL: " + authURLString);
+				URL resultURL = null;
+					
+				for (String el : configuredPublicURLPrefix) {
+					try {
+						URL configuredURL = new URL(el);
+
+						//get Ports from URL
+						int configPort = configuredURL.getPort();					
+						if (configPort == -1)
+							configPort = configuredURL.getDefaultPort();
+							
+						int authURLPort = authURL.getPort();
+						if (authURLPort == -1)
+							authURLPort = authURL.getDefaultPort();
+							
+						//check AuthURL against ConfigurationURL
+						if (configuredURL.getHost().equals(authURL.getHost()) &&
+								configPort == authURLPort &&
+								authURL.getPath().startsWith(configuredURL.getPath())) {
+							Logger.debug("Select configurated PublicURLPrefix: " + configuredURL 
+									+ " for authURL: " + authURLString);
+							resultURL = configuredURL;
+						}
+							
+					} catch (MalformedURLException e) {
+							Logger.error("Configurated IDP PublicURLPrefix is not a valid URL." + el);
+							
+					}				
+				}
+								
+				if (resultURL == null) {
+					Logger.warn("Extract AuthenticationServiceURL: " + authURL + " is NOT found in configuration.");
+					throw new ConfigurationException("config.25", new Object[]{authURLString});
+						
+				} else {
+					httpReq.setAttribute(AUTHURL, resultURL.toExternalForm());
+						
+				}
+				 				 				 
+				String servletPath = httpReq.getServletPath();				 								 
+				if (servletPath.startsWith(VHOST_PATH)) {
+					Logger.trace("Found V-IDP selection via REST URL ... ");
+					String vHostDescriptor = resultURL.toExternalForm().substring(0, publicURLString.length());
+					String requestedServlet = authURLString.substring(0, vHostDescriptor.length());
+					String newURL = publicURL.toExternalForm().concat(requestedServlet);
+					httpReq.setAttribute(AUTHURL, newURL);
+					httpReq.getRequestDispatcher(newURL).forward(httpReq, response);
+										 
+				} else {
+					Logger.trace("Found V-IDP selection via Domain ...");
+					chain.doFilter(request, response);
+					
+				}
+				 				
+			 }
+		 
+		 } catch (ConfigurationException e) {
+			 
+			 
+		 }
+		 		 			     
+	}
+
+	/* (non-Javadoc)
+	 * @see javax.servlet.Filter#destroy()
+	 */
+	@Override
+	public void destroy() {
+		// TODO Auto-generated method stub
+
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java
index d2499af9d..4cb6af127 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java
@@ -173,6 +173,17 @@ public class HTTPUtils {
 		
 	}
 	
+	/**
+	 * Extract the IDP requested URL from authrequest
+	 * 
+	 * @param req HttpServletRequest
+	 * @return RequestURL <String> which ends always without /
+	 */ 
+	public static String extractAuthServletPathFromRequest(HttpServletRequest req) {
+	    return extractAuthURLFromRequest(req).concat(req.getServletPath());
+	 	
+	}
+	
 	public static String addURLParameter(String url, String paramname,
 			String paramvalue) {
 		String param = paramname + "=" + paramvalue;
diff --git a/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java b/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java
index 636a3ed03..327d659ec 100644
--- a/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java
+++ b/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java
@@ -98,9 +98,7 @@ public class MOAIDAuthSpringInitializer implements WebApplicationInitializer {
 							MOAIDAuthSpringInitializer.class));
 				}
 			}
-			
-			
-			
+						
 			Logger.debug("Refreshing context "+ rootContext);
 			rootContext.refresh();
 
@@ -108,8 +106,7 @@ public class MOAIDAuthSpringInitializer implements WebApplicationInitializer {
 
 			Logger.trace("Final Beans in "+ rootContext);
 			dumpBeanDefinitions(rootContext);
-			
-			
+											
 			Logger.info("Registering dispatcher configuration");
 			ServletRegistration.Dynamic dispatcher = servletContext.addServlet(
 					"dispatcher", new DispatcherServlet(rootContext));
@@ -123,7 +120,11 @@ public class MOAIDAuthSpringInitializer implements WebApplicationInitializer {
 			
 			Logger.info("=============== Register RequestContextListener! ===============");
 			servletContext.addListener(new RequestContextListener());
-
+			
+//			Logger.info("=============== Register RequestFilter! ===============");
+//			servletContext.addFilter("vHost RequestFilter", new VHostUrlRewriteServletFilter(rootContext))
+//				.addMappingForUrlPatterns(null, false, "/*");
+						
 			Logger.info("Basic Context initalisation finished --> Start MOA-ID-Auth initialisation process ...");
 			MOAIDAuthInitializer.initialize(rootContext);
 			Logger.info(MOAIDMessageProvider.getInstance().getMessage(