aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndreas Fitzek <andreas.fitzek@iaik.tugraz.at>2013-06-18 11:12:04 +0200
committerAndreas Fitzek <andreas.fitzek@iaik.tugraz.at>2013-06-18 11:12:04 +0200
commit2f0511d495a107b3a48b378084f0bbc74d7d5fb7 (patch)
tree8a6df12bdb6a26545d2849d008611a4c4515a479
parente950948eb691581e58607e633847e6f4b93769f9 (diff)
downloadmoa-id-spss-2f0511d495a107b3a48b378084f0bbc74d7d5fb7.tar.gz
moa-id-spss-2f0511d495a107b3a48b378084f0bbc74d7d5fb7.tar.bz2
moa-id-spss-2f0511d495a107b3a48b378084f0bbc74d7d5fb7.zip
Fixing issue #2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java554
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java51
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java34
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java15
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ExceptionStoreImpl.java36
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IExceptionStore.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java15
11 files changed, 479 insertions, 254 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
index 16041f8cb..187cf4fdb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
@@ -21,7 +21,6 @@
* that you distribute must include a readable copy of the "NOTICE" text file.
*/
-
package at.gv.egovernment.moa.id.auth.servlet;
import java.io.ByteArrayOutputStream;
@@ -47,228 +46,312 @@ import org.apache.commons.fileupload.disk.DiskFileItemFactory;
import org.apache.commons.fileupload.servlet.ServletFileUpload;
import at.gv.egovernment.moa.id.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.WrongParametersException;
-import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.storage.ExceptionStoreImpl;
+import at.gv.egovernment.moa.id.storage.IExceptionStore;
+import at.gv.egovernment.moa.id.util.ServletUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.BoolUtils;
import at.gv.egovernment.moa.util.URLDecoder;
-import at.gv.egovernment.moa.util.URLEncoder;
/**
- * Base class for MOA-ID Auth Servlets, providing standard error handling
- * and constant names.
+ * Base class for MOA-ID Auth Servlets, providing standard error handling and
+ * constant names.
*
* @author Paul Ivancsics
* @version $Id$
*/
public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
-
- /**
+ /**
*
*/
private static final long serialVersionUID = -6929905344382283738L;
-
-
+ protected static final String ERROR_CODE_PARAM = "errorid";
+
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
- Logger.debug("GET " + this.getServletName());
+ throws ServletException, IOException {
+ Logger.debug("GET " + this.getServletName());
this.setNoCachingHeadersInHttpRespone(req, resp);
-}
-/**
- * Handles an error. <br>>
- * <ul>
- * <li>Logs the error</li>
- * <li>Places error message and exception thrown into the request
- * as request attributes (to be used by <code>"/errorpage-auth.jsp"</code>)</li>
- * <li>Sets HTTP status 500 (internal server error)</li>
- * </ul>
- *
- * @param errorMessage error message
- * @param exceptionThrown exception thrown
- * @param req servlet request
- * @param resp servlet response
- */
- protected void handleError(
- String errorMessage, Throwable exceptionThrown, HttpServletRequest req, HttpServletResponse resp) {
+ }
-
- if(null != errorMessage) {
+ protected void handleErrorNoRedirect(String errorMessage, Throwable exceptionThrown,
+ HttpServletRequest req, HttpServletResponse resp) {
+
+ if (null != errorMessage) {
Logger.error(errorMessage);
- req.setAttribute("ErrorMessage", errorMessage );
+ req.setAttribute("ErrorMessage", errorMessage);
}
-
-
+
if (null != exceptionThrown) {
- if(null == errorMessage) errorMessage = exceptionThrown.getMessage();
+ if (null == errorMessage)
+ errorMessage = exceptionThrown.getMessage();
Logger.error(errorMessage, exceptionThrown);
req.setAttribute("ExceptionThrown", exceptionThrown);
}
-
+
if (Logger.isDebugEnabled()) {
- req.setAttribute("LogLevel", "debug");
+ req.setAttribute("LogLevel", "debug");
}
-
- //forward this to errorpage-auth.jsp where the HTML error page is generated
+
+ // forward this to errorpage-auth.jsp where the HTML error page is
+ // generated
ServletContext context = getServletContext();
- RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage-auth.jsp");
- try {
-
- resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
- resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
- resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
- resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
-
- dispatcher.forward(req, resp);
- } catch (ServletException e) {
- Logger.error(e);
- } catch (IOException e) {
+ RequestDispatcher dispatcher = context
+ .getRequestDispatcher("/errorpage-auth.jsp");
+ try {
+
+ resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,
+ MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+ resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,
+ MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+ resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
+ MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+ resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
+ MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+
+ dispatcher.forward(req, resp);
+ } catch (ServletException e) {
Logger.error(e);
- }
-
+ } catch (IOException e) {
+ Logger.error(e);
+ }
}
- /**
- * Handles a <code>WrongParametersException</code>.
- * @param req servlet request
- * @param resp servlet response
- */
- protected void handleWrongParameters(WrongParametersException ex, HttpServletRequest req, HttpServletResponse resp) {
- Logger.error(ex.toString());
- req.setAttribute("WrongParameters", ex.getMessage());
-
- // forward this to errorpage-auth.jsp where the HTML error page is generated
- ServletContext context = getServletContext();
- RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage-auth.jsp");
- try {
- resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
- resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
- resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
- resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+
+ /**
+ * Handles an error. <br>>
+ * <ul>
+ * <li>Logs the error</li>
+ * <li>Places error message and exception thrown into the request as request
+ * attributes (to be used by <code>"/errorpage-auth.jsp"</code>)</li>
+ * <li>Sets HTTP status 500 (internal server error)</li>
+ * </ul>
+ *
+ * @param errorMessage
+ * error message
+ * @param exceptionThrown
+ * exception thrown
+ * @param req
+ * servlet request
+ * @param resp
+ * servlet response
+ */
+ protected void handleError(String errorMessage, Throwable exceptionThrown,
+ HttpServletRequest req, HttpServletResponse resp) {
+
+ if (null != errorMessage) {
+ Logger.error(errorMessage);
+ req.setAttribute("ErrorMessage", errorMessage);
+ }
+
+ if (null != exceptionThrown) {
+ if (null == errorMessage)
+ errorMessage = exceptionThrown.getMessage();
+ Logger.error(errorMessage, exceptionThrown);
+ req.setAttribute("ExceptionThrown", exceptionThrown);
+ }
+
+ if (Logger.isDebugEnabled()) {
+ req.setAttribute("LogLevel", "debug");
+ }
+
+ IExceptionStore store = ExceptionStoreImpl.getStore();
+ String id = store.storeException(exceptionThrown);
+
+ String redirectURL = null;
+
+ redirectURL = ServletUtils.getBaseUrl(req);
+ redirectURL += "/dispatcher?" + ERROR_CODE_PARAM + "=" + id;
- dispatcher.forward(req, resp);
- } catch (ServletException e) {
- Logger.error(e);
- } catch (IOException e) {
- Logger.error(e);
- }
- }
-
- /**
- * Logs all servlet parameters for debugging purposes.
- */
- protected void logParameters(HttpServletRequest req) {
- for (Enumeration params = req.getParameterNames(); params.hasMoreElements(); ) {
- String parname = (String)params.nextElement();
- Logger.debug("Parameter " + parname + req.getParameter(parname));
- }
- }
-
- /**
- * Parses the request input stream for parameters, assuming parameters are encoded UTF-8
- * (no standard exists how browsers should encode them).
- *
- * @param req servlet request
- *
- * @return mapping parameter name -> value
- *
- * @throws IOException if parsing request parameters fails.
- *
- * @throws FileUploadException if parsing request parameters fails.
- */
- protected Map getParameters(HttpServletRequest req)
- throws IOException, FileUploadException {
-
- Map parameters = new HashMap();
-
-
- if (ServletFileUpload.isMultipartContent(req))
- {
- // request is encoded as mulitpart/form-data
- FileItemFactory factory = new DiskFileItemFactory();
- ServletFileUpload upload = null;
- upload = new ServletFileUpload(factory);
- List items = null;
- items = upload.parseRequest(req);
- for (int i = 0; i < items.size(); i++)
- {
- FileItem item = (FileItem) items.get(i);
- if (item.isFormField())
- {
- // Process only form fields - no file upload items
- String logString = item.getString("UTF-8");
-
- // TODO use RegExp
- String startS = "<pr:Identification><pr:Value>";
- String endS = "</pr:Value><pr:Type>urn:publicid:gv.at:baseid</pr:Type>";
- String logWithMaskedBaseid = logString;
- int start = logString.indexOf(startS);
- if (start > -1) {
- int end = logString.indexOf(endS);
- if (end > -1) {
- logWithMaskedBaseid = logString.substring(0, start);
- logWithMaskedBaseid += startS;
- logWithMaskedBaseid += "xxxxxxxxxxxxxxxxxxxxxxxx";
- logWithMaskedBaseid += logString.substring(end, logString.length());
- }
- }
- parameters.put(item.getFieldName(), item.getString("UTF-8"));
- Logger.debug("Processed multipart/form-data request parameter: \nName: " +
- item.getFieldName() + "\nValue: " +
- logWithMaskedBaseid);
- }
- }
- }
-
- else
- {
- // request is encoded as application/x-www-urlencoded
- InputStream in = req.getInputStream();
-
- String paramName;
- String paramValueURLEncoded;
- do {
- paramName = new String(readBytesUpTo(in, '='));
- if (paramName.length() > 0) {
- paramValueURLEncoded = readBytesUpTo(in, '&');
- String paramValue = URLDecoder.decode(paramValueURLEncoded, "UTF-8");
- parameters.put(paramName, paramValue);
- }
- }
- while (paramName.length() > 0);
- in.close();
- }
-
- return parameters;
- }
-
- /**
- * Reads bytes up to a delimiter, consuming the delimiter.
- * @param in input stream
- * @param delimiter delimiter character
- * @return String constructed from the read bytes
- * @throws IOException
- */
- protected String readBytesUpTo(InputStream in, char delimiter) throws IOException {
- ByteArrayOutputStream bout = new ByteArrayOutputStream();
- boolean done = false;
- int b;
- while (! done && (b = in.read()) >= 0) {
- if (b == delimiter)
- done = true;
- else
- bout.write(b);
- }
- return bout.toString();
- }
+ resp.setContentType("text/html");
+ resp.setStatus(302);
+ resp.addHeader("Location", redirectURL);
+ Logger.debug("REDIRECT TO: " + redirectURL);
+
+ return;
+ /*
+ // forward this to errorpage-auth.jsp where the HTML error page is
+ // generated
+ ServletContext context = getServletContext();
+ RequestDispatcher dispatcher = context
+ .getRequestDispatcher("/errorpage-auth.jsp");
+ try {
+
+ resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,
+ MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+ resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,
+ MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+ resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
+ MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+ resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
+ MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+
+ dispatcher.forward(req, resp);
+ } catch (ServletException e) {
+ Logger.error(e);
+ } catch (IOException e) {
+ Logger.error(e);
+ }
+ */
+ }
+
+ /**
+ * Handles a <code>WrongParametersException</code>.
+ *
+ * @param req
+ * servlet request
+ * @param resp
+ * servlet response
+ */
+ protected void handleWrongParameters(WrongParametersException ex,
+ HttpServletRequest req, HttpServletResponse resp) {
+ Logger.error(ex.toString());
+ req.setAttribute("WrongParameters", ex.getMessage());
+
+ // forward this to errorpage-auth.jsp where the HTML error page is
+ // generated
+ ServletContext context = getServletContext();
+ RequestDispatcher dispatcher = context
+ .getRequestDispatcher("/errorpage-auth.jsp");
+ try {
+ resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,
+ MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+ resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,
+ MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+ resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
+ MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+ resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
+ MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+
+ dispatcher.forward(req, resp);
+ } catch (ServletException e) {
+ Logger.error(e);
+ } catch (IOException e) {
+ Logger.error(e);
+ }
+ }
+
+ /**
+ * Logs all servlet parameters for debugging purposes.
+ */
+ protected void logParameters(HttpServletRequest req) {
+ for (Enumeration params = req.getParameterNames(); params
+ .hasMoreElements();) {
+ String parname = (String) params.nextElement();
+ Logger.debug("Parameter " + parname + req.getParameter(parname));
+ }
+ }
+
+ /**
+ * Parses the request input stream for parameters, assuming parameters are
+ * encoded UTF-8 (no standard exists how browsers should encode them).
+ *
+ * @param req
+ * servlet request
+ *
+ * @return mapping parameter name -> value
+ *
+ * @throws IOException
+ * if parsing request parameters fails.
+ *
+ * @throws FileUploadException
+ * if parsing request parameters fails.
+ */
+ protected Map getParameters(HttpServletRequest req) throws IOException,
+ FileUploadException {
+
+ Map parameters = new HashMap();
+
+ if (ServletFileUpload.isMultipartContent(req)) {
+ // request is encoded as mulitpart/form-data
+ FileItemFactory factory = new DiskFileItemFactory();
+ ServletFileUpload upload = null;
+ upload = new ServletFileUpload(factory);
+ List items = null;
+ items = upload.parseRequest(req);
+ for (int i = 0; i < items.size(); i++) {
+ FileItem item = (FileItem) items.get(i);
+ if (item.isFormField()) {
+ // Process only form fields - no file upload items
+ String logString = item.getString("UTF-8");
+
+ // TODO use RegExp
+ String startS = "<pr:Identification><pr:Value>";
+ String endS = "</pr:Value><pr:Type>urn:publicid:gv.at:baseid</pr:Type>";
+ String logWithMaskedBaseid = logString;
+ int start = logString.indexOf(startS);
+ if (start > -1) {
+ int end = logString.indexOf(endS);
+ if (end > -1) {
+ logWithMaskedBaseid = logString.substring(0, start);
+ logWithMaskedBaseid += startS;
+ logWithMaskedBaseid += "xxxxxxxxxxxxxxxxxxxxxxxx";
+ logWithMaskedBaseid += logString.substring(end,
+ logString.length());
+ }
+ }
+ parameters
+ .put(item.getFieldName(), item.getString("UTF-8"));
+ Logger.debug("Processed multipart/form-data request parameter: \nName: "
+ + item.getFieldName()
+ + "\nValue: "
+ + logWithMaskedBaseid);
+ }
+ }
+ }
+
+ else {
+ // request is encoded as application/x-www-urlencoded
+ InputStream in = req.getInputStream();
+
+ String paramName;
+ String paramValueURLEncoded;
+ do {
+ paramName = new String(readBytesUpTo(in, '='));
+ if (paramName.length() > 0) {
+ paramValueURLEncoded = readBytesUpTo(in, '&');
+ String paramValue = URLDecoder.decode(paramValueURLEncoded,
+ "UTF-8");
+ parameters.put(paramName, paramValue);
+ }
+ } while (paramName.length() > 0);
+ in.close();
+ }
+
+ return parameters;
+ }
+
+ /**
+ * Reads bytes up to a delimiter, consuming the delimiter.
+ *
+ * @param in
+ * input stream
+ * @param delimiter
+ * delimiter character
+ * @return String constructed from the read bytes
+ * @throws IOException
+ */
+ protected String readBytesUpTo(InputStream in, char delimiter)
+ throws IOException {
+ ByteArrayOutputStream bout = new ByteArrayOutputStream();
+ boolean done = false;
+ int b;
+ while (!done && (b = in.read()) >= 0) {
+ if (b == delimiter)
+ done = true;
+ else
+ bout.write(b);
+ }
+ return bout.toString();
+ }
+
/**
* Calls the web application initializer.
*
@@ -277,51 +360,70 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
public void init(ServletConfig servletConfig) throws ServletException {
super.init(servletConfig);
}
-
+
/**
* Set response headers to avoid caching
- * @param request HttpServletRequest
- * @param response HttpServletResponse
+ *
+ * @param request
+ * HttpServletRequest
+ * @param response
+ * HttpServletResponse
*/
- protected void setNoCachingHeadersInHttpRespone(HttpServletRequest request, HttpServletResponse response) {
- response.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
- response.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
- response.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
- response.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
-
+ protected void setNoCachingHeadersInHttpRespone(HttpServletRequest request,
+ HttpServletResponse response) {
+ response.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,
+ MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+ response.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,
+ MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+ response.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
+ MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+ response.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
+ MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+
}
-
+
+ /**
+ * Adds a parameter to a URL.
+ *
+ * @param url
+ * the URL
+ * @param paramname
+ * parameter name
+ * @param paramvalue
+ * parameter value
+ * @return the URL with parameter added
+ */
+ protected static String addURLParameter(String url, String paramname,
+ String paramvalue) {
+ String param = paramname + "=" + paramvalue;
+ if (url.indexOf("?") < 0)
+ return url + "?" + param;
+ else
+ return url + "&" + param;
+ }
+
/**
- * Adds a parameter to a URL.
- * @param url the URL
- * @param paramname parameter name
- * @param paramvalue parameter value
- * @return the URL with parameter added
- */
- protected static String addURLParameter(String url, String paramname, String paramvalue) {
- String param = paramname + "=" + paramvalue;
- if (url.indexOf("?") < 0)
- return url + "?" + param;
- else
- return url + "&" + param;
- }
-
- /**
- * Checks if HTTP requests are allowed
- * @param authURL requestURL
- * @throws AuthenticationException if HTTP requests are not allowed
- * @throws ConfigurationException
- */
- protected void checkIfHTTPisAllowed(String authURL) throws AuthenticationException, ConfigurationException {
+ * Checks if HTTP requests are allowed
+ *
+ * @param authURL
+ * requestURL
+ * @throws AuthenticationException
+ * if HTTP requests are not allowed
+ * @throws ConfigurationException
+ */
+ protected void checkIfHTTPisAllowed(String authURL)
+ throws AuthenticationException, ConfigurationException {
// check if HTTP Connection may be allowed (through
- // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY)
- String boolStr = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter(
- AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY);
- if ((!authURL.startsWith("https:"))
- && (false == BoolUtils.valueOf(boolStr)))
- throw new AuthenticationException("auth.07",
- new Object[] { authURL + "*" });
-
- }
+ // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY)
+ String boolStr = AuthConfigurationProvider
+ .getInstance()
+ .getGenericConfigurationParameter(
+ AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY);
+ if ((!authURL.startsWith("https:"))
+ && (false == BoolUtils.valueOf(boolStr)))
+ throw new AuthenticationException("auth.07", new Object[] { authURL
+ + "*" });
+
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index 5fa0dfcc3..c3f835edb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -3,13 +3,16 @@ package at.gv.egovernment.moa.id.entrypoints;
import java.io.IOException;
import java.util.Iterator;
+import javax.servlet.RequestDispatcher;
import javax.servlet.ServletConfig;
+import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
@@ -20,6 +23,7 @@ import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.moduls.ModulStorage;
import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException;
import at.gv.egovernment.moa.id.moduls.RequestStorage;
+import at.gv.egovernment.moa.id.storage.ExceptionStoreImpl;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.logging.Logger;
@@ -52,6 +56,46 @@ public class DispatcherServlet extends AuthServlet {
protected void processRequest(HttpServletRequest req,
HttpServletResponse resp) throws ServletException, IOException {
try {
+ String errorid = req.getParameter(ERROR_CODE_PARAM);
+ if (errorid != null) {
+
+ Throwable throwable = ExceptionStoreImpl.getStore()
+ .fetchException(errorid);
+ ExceptionStoreImpl.getStore().removeException(errorid);
+
+ if (throwable != null) {
+
+ IRequest errorRequest = RequestStorage
+ .getPendingRequest(req.getSession());
+ if (errorRequest != null) {
+ try {
+ IModulInfo handlingModule = ModulStorage
+ .getModuleByPath(errorRequest
+ .requestedModule());
+ if (handlingModule != null) {
+ if (handlingModule.generateErrorMessage(
+ throwable, req, resp, errorRequest)) {
+ return;
+ }
+ }
+ } catch (Throwable e) {
+ Logger.error(e);
+ handleErrorNoRedirect(throwable.getMessage(),
+ throwable, req, resp);
+ }
+ }
+ handleErrorNoRedirect(throwable.getMessage(), throwable,
+ req, resp);
+
+ } else {
+ // TODO: use better string
+ handleErrorNoRedirect("UNKOWN ERROR DETECTED!", null, req,
+ resp);
+ }
+
+ return;
+ }
+
Object moduleObject = req.getParameter(PARAM_TARGET_MODULE);
String module = null;
if (moduleObject != null && (moduleObject instanceof String)) {
@@ -114,8 +158,7 @@ public class DispatcherServlet extends AuthServlet {
HttpSession httpSession = req.getSession();
IRequest protocolRequest = null;
try {
- protocolRequest = RequestStorage
- .getPendingRequest(httpSession);
+ protocolRequest = RequestStorage.getPendingRequest(httpSession);
if (protocolRequest != null) {
// check if pending request is same protocol and action
@@ -183,11 +226,11 @@ public class DispatcherServlet extends AuthServlet {
}
moduleAction.processRequest(protocolRequest, req, resp);
-
+
RequestStorage.removePendingRequest(httpSession);
AuthenticationManager.logout(req, resp);
-
+
} catch (Throwable e) {
e.printStackTrace();
// Try handle module specific, if not possible rethrow
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index d2a3764cd..5f38cd05a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -14,6 +14,7 @@ import org.apache.commons.lang.StringEscapeUtils;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.core.AuthnRequest;
import org.opensaml.saml2.core.RequestAbstractType;
+import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.core.Status;
import org.opensaml.saml2.core.StatusCode;
import org.opensaml.saml2.core.StatusMessage;
@@ -31,12 +32,14 @@ import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException;
import at.gv.egovernment.moa.id.moduls.ServletInfo;
import at.gv.egovernment.moa.id.moduls.ServletType;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.ArtifactBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IDecoder;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionConsumerServiceException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine;
@@ -135,12 +138,10 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
//Logger.info("SAML : " + xml);
if(!moaRequest.isVerified()) {
- // TODO: verify samlReq
SAMLVerificationEngine engine = new SAMLVerificationEngine();
engine.verifyRequest(samlReq, TrustEngineFactory.getSignatureKnownKeysTrustEngine());
moaRequest.setVerified(true);
}
- // TODO: OAURL is AssertionConsumerService URL from entitydescriptor ...
if(!(samlReq instanceof AuthnRequest)) {
throw new MOAIDException("Unsupported request", new Object[] {});
@@ -159,7 +160,7 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
SPSSODescriptor spSSODescriptor = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
AssertionConsumerService consumerService = spSSODescriptor.getAssertionConsumerServices().get(idx);
String oaURL = consumerService.getLocation();
-
+ String binding = consumerService.getBinding();
String entityID = moaRequest.getEntityMetadata().getEntityID();
//String oaURL = (String) request.getParameter(PARAM_OA);
@@ -168,6 +169,7 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
throw new WrongParametersException("StartAuthentication",
PARAM_OA, "auth.12");
config.setOAURL(oaURL);
+ config.setBinding(binding);
config.setRequest(moaRequest);
config.setTarget(PVPConfiguration.getInstance().getTargetForSP(entityID));
@@ -188,8 +190,13 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
throw e;
}
- StatusResponseType samlResponse =
- SAML2Utils.createSAMLObject(StatusResponseType.class);
+ if(!(protocolRequest instanceof PVPTargetConfiguration) ) {
+ throw e;
+ }
+ PVPTargetConfiguration pvpRequest = (PVPTargetConfiguration)protocolRequest;
+
+ Response samlResponse =
+ SAML2Utils.createSAMLObject(Response.class);
Status status = SAML2Utils.createSAMLObject(Status.class);
StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class);
StatusMessage statusMessage = SAML2Utils.createSAMLObject(StatusMessage.class);
@@ -213,7 +220,22 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
status.setStatusMessage(statusMessage);
}
samlResponse.setStatus(status);
- IEncoder encoder = new RedirectBinding();
+
+ IEncoder encoder = null;
+
+ if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
+ encoder = new RedirectBinding();
+ } else if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_ARTIFACT_BINDING_URI)) {
+ // TODO: not supported YET!!
+ //binding = new ArtifactBinding();
+ } else if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) {
+ encoder = new PostBinding();
+ }
+
+ if(encoder == null) {
+ // default to redirect binding
+ encoder = new RedirectBinding();
+ }
encoder.encodeRespone(request, response, samlResponse, protocolRequest.getOAURL());
return true;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
index 1f13cdfb5..d15c307a1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
@@ -5,6 +5,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
public class PVPTargetConfiguration extends RequestImpl {
MOARequest request;
+ String binding;
public MOARequest getRequest() {
return request;
@@ -13,4 +14,12 @@ public class PVPTargetConfiguration extends RequestImpl {
public void setRequest(MOARequest request) {
this.request = request;
}
+
+ public String getBinding() {
+ return binding;
+ }
+
+ public void setBinding(String binding) {
+ this.binding = binding;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
index 1b55d4b2e..048ad8b38 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
@@ -52,9 +52,6 @@ public class PostBinding implements IDecoder, IEncoder {
Credential credentials = CredentialProvider
.getIDPSigningCredential();
- Signature signer = CredentialProvider.getIDPSignature(credentials);
- response.setSignature(signer);
-
VelocityEngine engine = new VelocityEngine();
engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8");
engine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
index a4670d3fc..d90e59c35 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
@@ -25,7 +25,6 @@ import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
import org.opensaml.xml.parse.BasicParserPool;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.credential.Credential;
-import org.opensaml.xml.signature.Signature;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
@@ -38,7 +37,7 @@ public class RedirectBinding implements IDecoder, IEncoder {
public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
RequestAbstractType request, String targetLocation)
throws MessageEncodingException, SecurityException {
-
+ //TODO: implement
}
public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
@@ -48,10 +47,6 @@ public class RedirectBinding implements IDecoder, IEncoder {
Credential credentials = CredentialProvider
.getIDPSigningCredential();
- Signature signer = CredentialProvider.getIDPSignature(credentials);
- response.setSignature(signer);
-
-
HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder();
HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
resp, true);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
index 558f19b4f..ced20ce9c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
@@ -71,7 +71,7 @@ public class SoapBinding implements IDecoder, IEncoder {
StatusResponseType response, String targetLocation)
throws MessageEncodingException, SecurityException {
HTTPSOAP11Encoder encoder = new HTTPSOAP11Encoder();
-
+ // TODO
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
index 9e795c51c..4f778f27b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
@@ -7,7 +7,6 @@ import javax.servlet.http.HttpServletResponse;
import org.joda.time.DateTime;
import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.core.ArtifactResponse;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.core.AttributeStatement;
@@ -21,6 +20,7 @@ import org.opensaml.saml2.core.Conditions;
import org.opensaml.saml2.core.Issuer;
import org.opensaml.saml2.core.NameID;
import org.opensaml.saml2.core.RequestedAuthnContext;
+import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.core.Subject;
import org.opensaml.saml2.core.SubjectConfirmation;
import org.opensaml.saml2.core.SubjectConfirmationData;
@@ -89,6 +89,11 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
throw new NoAuthContextException("QAA not available Only supported QAA: " + STORK_QAA_1_4, null);
}
+ AuthenticationSession authSession =
+ AuthenticationManager.getAuthenticationSession(req.getSession());
+
+ //authSession.getM
+
Assertion assertion = SAML2Utils.createSAMLObject(Assertion.class);
reqAuthnContextClassRefIt = reqAuthnContext.getAuthnContextClassRefs().iterator();
@@ -134,10 +139,6 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
AttributeConsumingService attributeConsumingService =
spSSODescriptor.getAttributeConsumingServices().get(idx);
-
- AuthenticationSession authSession =
- AuthenticationManager.getAuthenticationSession(req.getSession());
-
AttributeStatement attributeStatement = SAML2Utils.createSAMLObject(AttributeStatement.class);
Iterator<RequestedAttribute> it = attributeConsumingService.getRequestAttributes().iterator();
@@ -210,14 +211,14 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
assertion.setID(SAML2Utils.getSecureIdentifier());
assertion.setIssueInstant(new DateTime());
- ArtifactResponse authResponse = SAML2Utils.createSAMLObject(ArtifactResponse.class);
+ Response authResponse = SAML2Utils.createSAMLObject(Response.class);
Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class);
nissuer.setValue(PVPConfiguration.getInstance().getIDPIssuerName());
nissuer.setFormat(NameID.ENTITY);
authResponse.setIssuer(nissuer);
authResponse.setInResponseTo(authnRequest.getID());
- authResponse.setMessage(assertion);
+ authResponse.getAssertions().add(assertion);
authResponse.setStatus(SAML2Utils.getSuccessStatus());
aIdx = authnRequest.getAssertionConsumerServiceIndex();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ExceptionStoreImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ExceptionStoreImpl.java
new file mode 100644
index 000000000..5ea3be837
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ExceptionStoreImpl.java
@@ -0,0 +1,36 @@
+package at.gv.egovernment.moa.id.storage;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import at.gv.egovernment.moa.id.util.Random;
+
+public class ExceptionStoreImpl implements IExceptionStore {
+
+ // Just a quick implementation
+ private static IExceptionStore store;
+
+ public static IExceptionStore getStore() {
+ if(store == null) {
+ store = new ExceptionStoreImpl();
+ }
+ return store;
+ }
+
+ private Map<String, Throwable> exceptionStore = new HashMap<String, Throwable>();
+
+ public String storeException(Throwable e) {
+ String id = Random.nextRandom();
+ exceptionStore.put(id, e);
+ return id;
+ }
+
+ public Throwable fetchException(String id) {
+ return exceptionStore.get(id);
+ }
+
+ public void removeException(String id) {
+ exceptionStore.remove(id);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IExceptionStore.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IExceptionStore.java
new file mode 100644
index 000000000..5c51fff73
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IExceptionStore.java
@@ -0,0 +1,7 @@
+package at.gv.egovernment.moa.id.storage;
+
+public interface IExceptionStore {
+ public String storeException(Throwable e);
+ public Throwable fetchException(String id);
+ public void removeException(String id);
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java
index 2ff9e5210..db6d7aa53 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java
@@ -31,6 +31,7 @@ import java.io.IOException;
import java.io.OutputStream;
import java.net.URLEncoder;
+import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import at.gv.egovernment.moa.id.MOAIDException;
@@ -145,5 +146,17 @@ public class ServletUtils {
Logger.debug("Finished POST " + servletName);
}
-
+
+ public static String getBaseUrl( HttpServletRequest request ) {
+ if ( ( request.getServerPort() == 80 ) ||
+ ( request.getServerPort() == 443 ) )
+ return request.getScheme() + "://" +
+ request.getServerName() +
+ request.getContextPath();
+ else
+ return request.getScheme() + "://" +
+ request.getServerName() + ":" + request.getServerPort() +
+ request.getContextPath();
+ }
+
}