aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFlorian Reimair <florian.reimair@iaik.tugraz.at>2015-05-05 16:10:56 +0200
committerFlorian Reimair <florian.reimair@iaik.tugraz.at>2015-05-05 16:10:56 +0200
commit4df561f9f19966c92cd658efa0cd3942a0a091d4 (patch)
tree8bfd831045f1cf9478536a3192df1956937483c1
parent7d8b6f80bb6faf33c4a19aac2d23784a8dbbddc2 (diff)
downloadmoa-id-spss-4df561f9f19966c92cd658efa0cd3942a0a091d4.tar.gz
moa-id-spss-4df561f9f19966c92cd658efa0cd3942a0a091d4.tar.bz2
moa-id-spss-4df561f9f19966c92cd658efa0cd3942a0a091d4.zip
moved consent request before attributes are being collected
-rw-r--r--id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java42
4 files changed, 38 insertions, 25 deletions
diff --git a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml
index 54debca81..8f01ca22b 100644
--- a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml
+++ b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml
@@ -74,7 +74,7 @@
<to type="forward">/dispatcher?mod=id_stork2&amp;action=AttributeCollector&amp;%{query-string}</to>
</rule>
<rule match-type="regex">
- <from>^/stork2/CompleteAuthentication$</from>
+ <from>^/stork2/GetConsent$</from>
<to type="forward">/dispatcher?mod=id_stork2&amp;action=ConsentEvaluator&amp;%{query-string}</to>
</rule>
<rule match-type="regex">
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
index 1e6cf6910..704f8b8a9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
@@ -26,12 +26,8 @@ import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin;
-import at.gv.egovernment.moa.id.commons.db.dao.config.OAStorkAttribute;
-import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
@@ -186,7 +182,8 @@ public class AttributeCollector implements IAction {
List<PersonalAttribute> missingAttributes = new ArrayList<PersonalAttribute>();
for (PersonalAttribute current : requestAttributeList)
if (!responseAttributeList.containsKey(current.getName()))
- missingAttributes.add(current);
+ if(null == current.getStatus() || (null != current.getStatus() && !current.getStatus().equals(AttributeStatusType.WITHHELD.value())))
+ missingAttributes.add(current);
Logger.info("collecting attributes...");
Logger.debug("found " + missingAttributes.size() + " missing attributes");
@@ -253,10 +250,7 @@ public class AttributeCollector implements IAction {
Logger.info("collecting attributes done");
// ask for consent if necessary
- if(oaParam.isRequireConsentForStorkAttributes())
- new ConsentEvaluator().requestConsent(container, response, oaParam);
- else
- new ConsentEvaluator().generateSTORKResponse(response, container);
+ new ConsentEvaluator().generateSTORKResponse(response, container);
return null; // AssertionId
// TODO
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
index 859f4900b..e0c4b3d16 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
@@ -163,7 +163,12 @@ public class AuthenticationRequest implements IAction {
Logger.debug("Data container prepared");
- return (new AttributeCollector()).processRequest(container, httpReq, httpResp, authData, oaParam);
+ if(oaParam.isRequireConsentForStorkAttributes())
+ new ConsentEvaluator().requestConsent(container, httpReq, httpResp, authData, oaParam);
+ else
+ new AttributeCollector().processRequest(container, httpReq, httpResp, authData, oaParam);
+
+ return null;
}
// // check if we are getting request for citizen of some other country
// else if (req instanceof MOASTORKRequest) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
index 2c5728798..51e731e8a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
@@ -23,13 +23,17 @@
package at.gv.egovernment.moa.id.protocols.stork2;
import java.io.StringWriter;
+
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+
import java.util.ArrayList;
import java.util.HashMap;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import java.util.Map.Entry;
+
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
@@ -39,14 +43,13 @@ import at.gv.egovernment.moa.id.util.VelocityProvider;
import at.gv.egovernment.moa.logging.Logger;
import eu.stork.peps.auth.commons.PEPSUtil;
import eu.stork.peps.auth.commons.PersonalAttribute;
-import eu.stork.peps.auth.commons.STORKAuthnResponse;
import eu.stork.peps.auth.engine.STORKSAMLEngine;
import eu.stork.peps.complex.attributes.eu.stork.names.tc.stork._1_0.assertion.AttributeStatusType;
import eu.stork.peps.exceptions.STORKSAMLEngineException;
+
import org.apache.velocity.Template;
import org.apache.velocity.VelocityContext;
import org.apache.velocity.app.VelocityEngine;
-import org.joda.time.DateTime;
import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
import javax.servlet.http.HttpServletRequest;
@@ -72,23 +75,28 @@ public class ConsentEvaluator implements IAction {
DataContainer container;
try {
container = AssertionStorage.getInstance().get(artifactId, DataContainer.class);
+ req = container.getRequest();
} catch (MOADatabaseException e) {
Logger.error("Error fetching incomplete Stork response from temporary storage. Most likely a timeout occured.", e);
throw new MOAIDException("stork.17", null);
}
// evaluate response
- for(PersonalAttribute current : container.getResponse().getPersonalAttributeList()) {
+ for(PersonalAttribute current : container.getRequest().getPersonalAttributeList()) {
if(null == httpReq.getParameter(current.getName())) {
- current.setStatus(AttributeStatusType.NOT_AVAILABLE.value());
+ current.setStatus(AttributeStatusType.WITHHELD.value());
current.setValue(new ArrayList<String>());
current.setComplexValue(new HashMap<String, String>());
}
}
- // build and send response
- generateSTORKResponse(httpResp, container);
-
+ //TODO: CHECK: req.getOAURL() should return the unique OA identifier
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(req.getOAURL());
+ if (oaParam == null)
+ throw new AuthenticationException("stork.12", new Object[]{req.getOAURL()});
+
+ new AttributeCollector().processRequest(container, httpReq, httpResp, authData, oaParam);
+
return null; // AssertionId
}
@@ -96,12 +104,19 @@ public class ConsentEvaluator implements IAction {
* Fills the given HttpResponse with the required web page.
*
* @param container the container
+ * @param authData
* @param response the response
* @param oaParam the oa param
* @return the string
* @throws MOAIDException the mOAID exception
*/
- public String requestConsent(DataContainer container, HttpServletResponse response, IOAAuthParameters oaParam) throws MOAIDException {
+ public String requestConsent(DataContainer container, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData, OAAuthParameter oaParam) throws MOAIDException {
+ //check if we need to collect consent
+ if(!oaParam.isRequireConsentForStorkAttributes()) {
+ (new AttributeCollector()).processRequest(container, httpReq, httpResp, authData, oaParam);
+ return "";
+ }
+
// prepare redirect
String newArtifactId;
try {
@@ -130,13 +145,12 @@ public class ConsentEvaluator implements IAction {
Template template = velocityEngine.getTemplate("/resources/templates/stork2_consent.html");
VelocityContext context = new VelocityContext();
- context.put("action", AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/stork2/CompleteAuthentication?" + ARTIFACT_ID + "=" + newArtifactId);
+ context.put("action", AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/stork2/GetConsent?" + ARTIFACT_ID + "=" + newArtifactId);
// assemble table
String table = "";
- for (PersonalAttribute current : container.getResponse().getPersonalAttributeList())
- if ("Available".equals(current.getStatus()))
- table += "<tr><td><input type=\"checkbox\" checked=\"yes\" name=\"" + current.getName() + "\"></td><td>" + current.getName() + "</td></tr>\n";
+ for (PersonalAttribute current : container.getRequest().getPersonalAttributeList())
+ table += "<tr><td><input type=\"checkbox\" checked=\"yes\" name=\"" + current.getName() + "\"></td><td>" + current.getName() + "</td></tr>\n";
context.put("tablecontent", table);