Siehe Bug 228.

git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@738 d688527b-c9ab-4aba-bd8d-4036d912da1d

5 files changed, 82 insertions, 16 deletions

diff --git a/id.server/lib/commons-fileupload-1.1.1/commons-fileupload-1.1.1.jar b/id.server/lib/commons-fileupload-1.1.1/commons-fileupload-1.1.1.jar
new file mode 100644
index 000000000..fc5763d0d
--- /dev/null
+++ b/id.server/lib/commons-fileupload-1.1.1/commons-fileupload-1.1.1.jar
diff --git a/id.server/lib/commons-io-1.1/commons-io-1.1.jar b/id.server/lib/commons-io-1.1/commons-io-1.1.jar
new file mode 100644
index 000000000..624fc1a72
--- /dev/null
+++ b/id.server/lib/commons-io-1.1/commons-io-1.1.jar
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
index 9884c80f8..70e53d83e 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
@@ -5,6 +5,7 @@ import java.io.IOException;
 import java.io.InputStream;
 import java.util.Enumeration;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
 
 import javax.servlet.RequestDispatcher;
@@ -15,6 +16,12 @@ import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.commons.fileupload.FileItem;
+import org.apache.commons.fileupload.FileItemFactory;
+import org.apache.commons.fileupload.FileUploadException;
+import org.apache.commons.fileupload.disk.DiskFileItemFactory;
+import org.apache.commons.fileupload.servlet.ServletFileUpload;
+
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.WrongParametersException;
 import at.gv.egovernment.moa.logging.Logger;
@@ -101,30 +108,69 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
       Logger.debug("Parameter " + parname + req.getParameter(parname));    
     }
   }
+  
   /**
-     * Parses the request input stream for parameters,
-     * assuming parameters are encoded UTF-8.
+     * Parses the request input stream for parameters, assuming parameters are encoded UTF-8
+     * (no standard exists how browsers should encode them).
+     * 
      * @param req servlet request
+     * 
      * @return mapping parameter name -> value
+     * 
+     * @throws IOException if parsing request parameters fails.
+     * 
+     * @throws FileUploadException if parsing request parameters fails.
      */
-  protected Map getParameters(HttpServletRequest req) throws IOException {
+  protected Map getParameters(HttpServletRequest req) 
+    throws IOException, FileUploadException {
+    
     Map parameters = new HashMap();
-    InputStream in = req.getInputStream();
-    String paramName;
-    String paramValueURLEncoded;
-    do {
-      paramName = new String(readBytesUpTo(in, '='));
-      if (paramName.length() > 0) {
-        paramValueURLEncoded = readBytesUpTo(in, '&');
-        String paramValue = URLDecoder.decode(paramValueURLEncoded, "UTF-8");
-        parameters.put(paramName, paramValue);
+
+ 
+    if (ServletFileUpload.isMultipartContent(req))
+    {
+      // request is encoded as mulitpart/form-data
+      FileItemFactory factory = new DiskFileItemFactory();
+      ServletFileUpload upload = null;;
+      upload = new ServletFileUpload(factory);
+      List items = null;
+      items = upload.parseRequest(req);
+      for (int i = 0; i < items.size(); i++)
+      {
+        FileItem item = (FileItem) items.get(i);
+        if (item.isFormField())
+        {
+          // Process only form fields - no file upload items
+          parameters.put(item.getFieldName(), item.getString("UTF-8"));
+          Logger.debug("Processed multipart/form-data request parameter: \nName: " +
+              item.getFieldName() + "\nValue: " + 
+              item.getString("UTF-8"));
+        }
       }
     }
-    while (paramName.length() > 0);
-    in.close();
     
+    else
+    {
+      // request is encoded as application/x-www-urlencoded
+      InputStream in = req.getInputStream();
+
+      String paramName;
+      String paramValueURLEncoded;
+      do {
+        paramName = new String(readBytesUpTo(in, '='));
+        if (paramName.length() > 0) {
+          paramValueURLEncoded = readBytesUpTo(in, '&');
+          String paramValue = URLDecoder.decode(paramValueURLEncoded, "UTF-8");
+          parameters.put(paramName, paramValue);
+        }
+      }
+      while (paramName.length() > 0);
+      in.close();
+    }
+
     return parameters;
   }
+  
   /**
      * Reads bytes up to a delimiter, consuming the delimiter.
      * @param in input stream
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
index 744dc5bc8..50502d199 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
@@ -8,6 +8,8 @@ import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.commons.fileupload.FileUploadException;
+
 import at.gv.egovernment.moa.id.MOAIDException;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
@@ -67,7 +69,15 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
     throws ServletException, IOException {
 
 		Logger.debug("POST VerifyAuthenticationBlock");
-    Map parameters = getParameters(req);
+    Map parameters;
+    try 
+    {
+      parameters = getParameters(req);
+    } catch (FileUploadException e) 
+    {
+      Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
+      throw new IOException(e.getMessage());
+    }
 		String sessionID = req.getParameter(PARAM_SESSIONID);
 		String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE);
 		
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
index a69d71181..9d5c4b191 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
@@ -8,6 +8,8 @@ import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.commons.fileupload.FileUploadException;
+
 import at.gv.egovernment.moa.id.MOAIDException;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
 import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
@@ -63,7 +65,15 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
     throws ServletException, IOException {
 
 		Logger.debug("POST VerifyIdentityLink");
-    Map parameters = getParameters(req);
+    Map parameters;
+    try 
+    {
+      parameters = getParameters(req);
+    } catch (FileUploadException e) 
+    {
+      Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
+      throw new IOException(e.getMessage());
+    }
     String sessionID = req.getParameter(PARAM_SESSIONID);
     String infoboxReadResponse = (String)parameters.get(PARAM_XMLRESPONSE);