aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2013-09-06 11:59:19 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2013-09-06 11:59:19 +0200
commit642ec4805453c5a85fc53f8bf9a7b6f886f03cb1 (patch)
tree00cba581f98887bdd2eff0d1a52089cab7670293
parent011ce9576c780cba8a0f7b321366e08b557adcf6 (diff)
downloadmoa-id-spss-642ec4805453c5a85fc53f8bf9a7b6f886f03cb1.tar.gz
moa-id-spss-642ec4805453c5a85fc53f8bf9a7b6f886f03cb1.tar.bz2
moa-id-spss-642ec4805453c5a85fc53f8bf9a7b6f886f03cb1.zip
MOA-ID Proxy updated to Version 2.0
insert "errorRedirectURL" parameter to proxy configuration if an error occurs, the user is redirected to this error page
-rw-r--r--common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.2.xsd1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigLoader.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConnectionParameter.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java18
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java26
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java19
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java78
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java88
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java3
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties3
-rw-r--r--id/server/proxy/pom.xml3
16 files changed, 197 insertions, 74 deletions
diff --git a/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.2.xsd b/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.2.xsd
index 147066241..ed0c83fc3 100644
--- a/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.2.xsd
+++ b/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.2.xsd
@@ -510,6 +510,7 @@
<xsd:attribute name="loginParameterResolverImpl" type="xsd:string" use="optional"/>
<xsd:attribute name="loginParameterResolverConfiguration" type="xsd:string" use="optional"/>
<xsd:attribute name="connectionBuilderImpl" type="xsd:string" use="optional"/>
+ <xsd:attribute name="errorRedirectURL" type="xsd:string" use="optional"/>
</xsd:complexType>
</xsd:element>
<!--xsd:element ref="pr:CorporateBody" minOccurs="0" maxOccurs="1"/-->
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java
index b358a31c9..edde15ea0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java
@@ -4,7 +4,7 @@ import java.util.Properties;
import at.gv.egovernment.moa.id.commons.db.dao.config.ConnectionParameterClientAuthType;
-public abstract class ConnectionParameter {
+public abstract class ConnectionParameter implements ConnectionParameterInterface{
protected static final String PROP_IDENTIFIER_KEYSTORE = "clientKeyStore";
protected static final String PROP_IDENTIFIER_KEYSTOREPASSWORD = "clientKeyStorePassword";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigLoader.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigLoader.java
index 56105e64d..4f4ddeb6c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigLoader.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigLoader.java
@@ -29,7 +29,7 @@ public class AuthConfigLoader implements Runnable {
instance.reloadDataBaseConfig();
date = dbdate;
}
- } catch (Exception e) {
+ } catch (Throwable e) {
Logger.warn("MOA-ID Configuration is actually not loadable. Reuse old configuration.", e);
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConnectionParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConnectionParameter.java
index 455fde9bf..c7299975e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConnectionParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConnectionParameter.java
@@ -24,6 +24,8 @@
package at.gv.egovernment.moa.id.config.legacy;
+import at.gv.egovernment.moa.id.config.ConnectionParameterInterface;
+
/**
* This bean class is used to store data for various connectionParameter
* within the MOA-ID configuration
@@ -31,7 +33,7 @@ package at.gv.egovernment.moa.id.config.legacy;
* @author Stefan Knirsch
* @version $Id$
*/
-public class ConnectionParameter {
+public class ConnectionParameter implements ConnectionParameterInterface{
/**
* Server URL
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java
index d14d570ab..6f7434cbc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java
@@ -76,6 +76,8 @@ public class OAProxyParameter extends OAParameter {
*/
private OAConfiguration oaConfiguration;
+ private String errorRedirctURL;
+
/**
* Returns the configFileURL.
@@ -205,4 +207,20 @@ public class OAProxyParameter extends OAParameter {
this.oaConfiguration = oaConfiguration;
}
+/**
+ * @return the errorRedirctURL
+ */
+public String getErrorRedirctURL() {
+ return errorRedirctURL;
+}
+
+/**
+ * @param errorRedirctURL the errorRedirctURL to set
+ */
+public void setErrorRedirctURL(String errorRedirctURL) {
+ this.errorRedirctURL = errorRedirctURL;
+}
+
+
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java
index 094e7162e..d495846b6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java
@@ -69,8 +69,10 @@ public class ProxyConfigurationBuilder extends ConfigurationBuilder {
private static final String OA_PROXY_LOGIN_PARA_XPATH = CONF + "ProxyComponent/@loginParameterResolverImpl";
/** an XPATH-Expression */
private static final String OA_PROXY_LOGIN_PARA_CONF_XPATH = CONF + "ProxyComponent/@loginParameterResolverConfiguration";
- /** an XPATH-Expression */
+
private static final String OA_PROXY_CONNECTION_BUILDER_XPATH = CONF + "ProxyComponent/@connectionBuilderImpl";
+ /** an XPATH-Expression */
+ private static final String OA_PROXY_ERROR_REDIRECT_URL_XPATH = CONF + "ProxyComponent/@errorRedirectURL";
/** an XPATH-Expression */
protected static final String OACONF_LOGIN_TYPE_XPATH =
ROOTOA + CONF + "LoginType";
@@ -201,7 +203,8 @@ public class ProxyConfigurationBuilder extends ConfigurationBuilder {
oap.setLoginParameterResolverConfiguration(XPathUtils.getAttributeValue(oAElem, OA_PROXY_LOGIN_PARA_CONF_XPATH, null));
oap.setLoginParameterResolverConfiguration(FileUtils.makeAbsoluteURL(oap.getLoginParameterResolverConfiguration(), rootConfigFileDir_));
oap.setConnectionBuilderImpl(XPathUtils.getAttributeValue(oAElem,OA_PROXY_CONNECTION_BUILDER_XPATH, null));
-
+ oap.setErrorRedirctURL(XPathUtils.getAttributeValue(oAElem,OA_PROXY_ERROR_REDIRECT_URL_XPATH, null));
+
ConnectionParameter conPara = buildConnectionParameter(proxyComponentElem);
oap.setConnectionParameter(conPara);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java
index 1c9c1caa8..ac9a3ed3f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java
@@ -173,6 +173,32 @@ public class ProxyConfigurationProvider extends ConfigurationProvider {
}
}
+ public String getTrustedCACertificates() {
+
+ return trustedCACertificates;
+ }
+
+ /**
+ * @return the certstoreDirectory
+ */
+ public String getCertstoreDirectory() {
+ if (genericConfiguration.containsKey(ConfigurationProvider.DIRECTORY_CERTSTORE_PARAMETER_PROPERTY))
+ return (String)genericConfiguration.get(ConfigurationProvider.DIRECTORY_CERTSTORE_PARAMETER_PROPERTY);
+ else
+ return null;
+ }
+
+ /**
+ * @return the trustmanagerrevoationchecking
+ */
+ public boolean isTrustmanagerrevoationchecking() {
+ if (genericConfiguration.containsKey(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING))
+ return Boolean.valueOf((String)genericConfiguration.get(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING));
+ else
+ return true;
+ }
+
+
/**
* Return a bean containing all information about the ProxyComponent
* @return The ConnectionParameter for the Proxy Component
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
index 4bbd221a5..e18981032 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
@@ -130,6 +130,15 @@ public class AuthenticationData implements Serializable {
*/
Date timestamp;
+
+
+ //this method is only required for MOA-ID Proxy 2.0 Release.
+ //TODO: remove it, if MOA-ID Proxy is not supported anymore.
+ public String getWBPK() {
+ return bPK;
+ }
+
+
/**
* Constructor for AuthenticationData.
*/
@@ -176,15 +185,7 @@ public class AuthenticationData implements Serializable {
public String getBPK() {
return bPK;
}
-
-// /**
-// * Returns the wbPK.
-// * @return String the wbPK.
-// */
-// public String getWBPK() {
-// return wbPK;
-// }
-
+
/**
* Returns useUTC
* @return useUTC
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java
index bb6b0a476..be8768845 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java
@@ -69,7 +69,7 @@ public class LoginParameterResolverFactory {
if (className != null) {
try {
Class lprClass = Class.forName(className);
- LoginParameterResolver lpr = (LoginParameterResolver)Class.forName(className).newInstance();
+ LoginParameterResolver lpr = (LoginParameterResolver)Class.forName(className).newInstance();
Class[] argumentTypes = { String.class, Boolean.class };
Method confMethod = lprClass.getMethod( "configure", argumentTypes );
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java
index e075c99ef..df19956e7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java
@@ -91,10 +91,8 @@ public class MOAIDProxyInitializer {
ConnectionParameter connParamAuth = proxyConf.getAuthComponentConnectionParameter();
if (connParamAuth!=null) {
if (connParamAuth.isHTTPSURL()) {
-
- //TODO: einkommentieren!!!!
- //SSLSocketFactory ssf = SSLUtils.getSSLSocketFactory(proxyConf, connParamAuth);
- //AxisSecureSocketFactory.initialize(ssf);
+ SSLSocketFactory ssf = SSLUtils.getSSLSocketFactory(proxyConf, connParamAuth);
+ AxisSecureSocketFactory.initialize(ssf);
}
} else {
throw new ConfigurationException("config.16", null);
@@ -107,9 +105,7 @@ public class MOAIDProxyInitializer {
OAProxyParameter oaParam = oaParams[i];
ConnectionParameter oaConnParam = oaParam.getConnectionParameter();
if (oaConnParam.isHTTPSURL());
-
- //TODO: einkommentieren!!!!
- //SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam);
+ SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam);
}
// Initializes the ConnectionBuilderFactory from configuration data
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java
index 6cb7ffdfc..e87d9d1c0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java
@@ -38,6 +38,7 @@ import org.w3c.dom.Element;
import at.gv.egovernment.moa.id.AuthenticationException;
import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.ParseException;
import at.gv.egovernment.moa.id.ServiceException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
@@ -49,6 +50,7 @@ import at.gv.egovernment.moa.id.proxy.builder.SAMLRequestBuilder;
import at.gv.egovernment.moa.id.proxy.parser.SAMLResponseParser;
import at.gv.egovernment.moa.id.proxy.servlet.ProxyException;
import at.gv.egovernment.moa.id.util.Random;
+import at.gv.egovernment.moa.logging.Logger;
/**
* Invoker of
@@ -81,49 +83,63 @@ public class GetAuthenticationDataInvoker {
* either via API call or via web service call.
* @param samlArtifact SAML artifact to be used as a parameter
* @return AuthenticationData
+ * @throws MOAIDException
*/
public AuthenticationData getAuthenticationData(String samlArtifact)
- throws ConfigurationException, ProxyException, BuildException, ServiceException, ParseException, AuthenticationException {
+ throws MOAIDException {
ConnectionParameter authConnParam =
ProxyConfigurationProvider.getInstance().getAuthComponentConnectionParameter();
- if (authConnParam == null) {
- try {
- if (apiServer == null) {
- Class serverClass = Class.forName("at.gv.egovernment.moa.id.auth.AuthenticationServer");
- Method getInstanceMethod = serverClass.getMethod("getInstance", (Class[]) null);
- apiServer = getInstanceMethod.invoke(null, (Object[]) null);
- apiMethod = serverClass.getMethod(
- "getAuthenticationData", new Class[] {String.class});
- }
- AuthenticationData authData = (AuthenticationData)apiMethod.invoke(apiServer, new Object[] {samlArtifact});
- return authData;
- }
- catch (InvocationTargetException ex) {
- Throwable targetEx = ex.getTargetException();
- if (targetEx instanceof AuthenticationException)
- throw (AuthenticationException) targetEx;
- else
- throw new ProxyException("proxy.09", new Object[] {targetEx.toString()});
- }
- catch (Throwable ex) {
- throw new ProxyException("proxy.09", new Object[] {ex.toString()});
- }
- }
- else {
+
+ //Removed for MOA-ID 2.x
+// if (authConnParam == null) {
+// try {
+// if (apiServer == null) {
+// Class serverClass = Class.forName("at.gv.egovernment.moa.id.auth.AuthenticationServer");
+// Method getInstanceMethod = serverClass.getMethod("getInstance", (Class[]) null);
+// apiServer = getInstanceMethod.invoke(null, (Object[]) null);
+// apiMethod = serverClass.getMethod(
+// "getAuthenticationData", new Class[] {String.class});
+// }
+// AuthenticationData authData = (AuthenticationData)apiMethod.invoke(apiServer, new Object[] {samlArtifact});
+// return authData;
+// }
+// catch (InvocationTargetException ex) {
+// Throwable targetEx = ex.getTargetException();
+// if (targetEx instanceof AuthenticationException)
+// throw (AuthenticationException) targetEx;
+// else
+// throw new ProxyException("proxy.09", new Object[] {targetEx.toString()});
+// }
+// catch (Throwable ex) {
+// throw new ProxyException("proxy.09", new Object[] {ex.toString()});
+// }
+// }
+// else {
Element samlpRequest = new SAMLRequestBuilder().build(Random.nextRandom(), samlArtifact);
Element samlpResponse = getAuthenticationData(samlpRequest);
SAMLResponseParser srp = new SAMLResponseParser(samlpResponse);
SAMLStatus status = srp.parseStatusCode();
if (! "samlp:Success".equals(status.getStatusCode())) {
- // on error status throw exception
- String code = status.getStatusCode();
- if (status.getSubStatusCode() != null && status.getSubStatusCode().length() > 0)
- code += "(" + status.getSubStatusCode() + ")";
- throw new ServiceException("service.02", new Object[] {code, status.getStatusMessage()});
+ if ("samlp:Responder".equals(status.getStatusCode())) {
+ Logger.info("MOA-ID authentication process failed.");
+ String code = status.getStatusCode();
+ if (status.getSubStatusCode() != null && status.getSubStatusCode().length() > 0)
+ code += "(" + status.getSubStatusCode() + ")";
+
+ throw new MOAIDException("proxy.17", new Object[] {status.getStatusMessage()});
+
+ } else {
+ // on error status throw exception
+ String code = status.getStatusCode();
+ if (status.getSubStatusCode() != null && status.getSubStatusCode().length() > 0)
+ code += "(" + status.getSubStatusCode() + ")";
+
+ throw new ServiceException("service.02", new Object[] {code, status.getStatusMessage()});
+ }
}
return srp.parseAuthenticationData();
- }
+// }
}
/**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java
index 1589f1440..0f3f4b692 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java
@@ -144,11 +144,10 @@ public class AuthenticationDataAssertionParser implements Constants {
XPathUtils.getAttributeValue(samlAssertion, ISSUE_INSTANT_XPATH, ""));
String pkValue = XPathUtils.getElementValue(samlAssertion, PK_XPATH, "");
-
- //TODO: set pBK and Type
if (XPathUtils.getAttributeValue(samlAssertion, NAME_QUALIFIER_XPATH, "").equalsIgnoreCase(URN_PREFIX_BPK)) {
//bPK
- authData.setBPK(Constants.URN_PREFIX_BPK);
+ authData.setBPK(pkValue);
+ authData.setBPKType(Constants.URN_PREFIX_BPK);
} else {
//wbPK
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
index ddaab7a28..f3f6c55c1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
@@ -30,6 +30,7 @@ import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.StringWriter;
+import java.io.UnsupportedEncodingException;
import java.net.HttpURLConnection;
import java.util.Enumeration;
import java.util.HashMap;
@@ -54,6 +55,7 @@ import at.gv.egovernment.moa.id.BuildException;
import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.ParseException;
import at.gv.egovernment.moa.id.ServiceException;
+import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter;
import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
@@ -72,6 +74,8 @@ import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.util.SSLUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.MiscUtil;
+import at.gv.egovernment.moa.util.URLEncoder;
/**
* Servlet requested for logging in at an online application,
@@ -88,6 +92,8 @@ public class ProxyServlet extends HttpServlet {
private static final String PARAM_TARGET = "Target";
/** Name of the Parameter for the SAMLArtifact */
private static final String PARAM_SAMLARTIFACT = "SAMLArtifact";
+ /** Name of the Parameter for the ErrorMessage */
+ private static final String PARAM_ERRORMASSAGE = "error";
/** Name of the Attribute for marking the session as authenticated*/
private static final String ATT_AUTHDATAFETCHED = "AuthDataFetched";
@@ -191,6 +197,13 @@ public class ProxyServlet extends HttpServlet {
if (session.getAttribute(ATT_BROWSERREQU)==null) {
+ // read configuration data
+ ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.getInstance();
+ OAProxyParameter oaParam = proxyConf.getOnlineApplicationParameter(urlRequested);
+ if (oaParam == null) {
+ throw new ProxyException("proxy.02", new Object[] { urlRequested });
+ }
+
samlArtifact = req.getParameter(PARAM_SAMLARTIFACT);
Logger.debug("moa-id-proxy login " + PARAM_SAMLARTIFACT + ": " + samlArtifact);
// String target = req.getParameter(PARAM_TARGET); parameter given but not processed
@@ -200,19 +213,26 @@ public class ProxyServlet extends HttpServlet {
AuthenticationData authData;
try {
authData = new GetAuthenticationDataInvoker().getAuthenticationData(samlArtifact);
+
} catch (ServiceException ex) {
- throw new ProxyException("proxy.14", new Object[] {ex.getMessage()}, ex);
+ throw new ProxyException("proxy.14", new Object[] {ex.getMessage()}, ex);
+
} catch (ProxyException ex) {
throw new ProxyException("proxy.14", new Object[] {ex.getMessage()}, ex);
- }
+
+ } catch (MOAIDException ex) {
+ String errorURL = oaParam.getErrorRedirctURL();
+ if (MiscUtil.isNotEmpty(errorURL)) {
+ generateErrorAndRedirct(resp, errorURL, ex.getMessage());
+ return;
+
+ } else {
+ Logger.info("No ErrorRedirectURL defined. The error is shown on MOA-ID Proxy errorpage.");
+ throw new ProxyException("proxy.14", new Object[] {ex.getMessage()}, ex);
+ }
+ }
session.setAttribute(ATT_AUTHDATAFETCHED, "true");
-
- // read configuration data
- ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.getInstance();
- OAProxyParameter oaParam = proxyConf.getOnlineApplicationParameter(urlRequested);
- if (oaParam == null) {
- throw new ProxyException("proxy.02", new Object[] { urlRequested });
- }
+
publicURLPrefix = oaParam.getPublicURLPrefix();
Logger.debug("OA: " + publicURLPrefix);
oaConf = oaParam.getOaConfiguration();
@@ -257,17 +277,32 @@ public class ProxyServlet extends HttpServlet {
loginHeaders.remove("param3");
}
} catch (LoginParameterResolverException ex) {
- throw new ProxyException("proxy.13", new Object[] { publicURLPrefix });
+ String errorURL = oaParam.getErrorRedirctURL();
+ if (MiscUtil.isNotEmpty(errorURL)) {
+ generateErrorAndRedirct(resp, errorURL,
+ MOAIDMessageProvider.getInstance().getMessage("proxy.13",
+ new Object[] { publicURLPrefix }));
+ return;
+
+ } else
+ throw new ProxyException("proxy.13", new Object[] { publicURLPrefix });
+
} catch (NotAllowedException e) {
- throw new ProxyException("proxy.15", new Object[] { });
+ String errorURL = oaParam.getErrorRedirctURL();
+ if (MiscUtil.isNotEmpty(errorURL)) {
+ generateErrorAndRedirct(resp, errorURL,
+ MOAIDMessageProvider.getInstance().getMessage("proxy.15",
+ new Object[] { }));
+ return;
+
+ } else
+ throw new ProxyException("proxy.15", new Object[] { });
}
// setup SSLSocketFactory for communication with the online application
if (oaConnParam.isHTTPSURL()) {
- try {
-
- //TODO: einkommentieren!!!!
- //ssf = SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam);
+ try {
+ ssf = SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam);
} catch (Throwable ex) {
throw new ProxyException(
"proxy.05",
@@ -923,5 +958,28 @@ private static void copyStream(InputStream source, OutputStream destination, byt
}
}
+private static void generateErrorAndRedirct(HttpServletResponse resp, String errorURL, String message) {
+ try {
+ errorURL = addURLParameter(errorURL, PARAM_ERRORMASSAGE,
+ URLEncoder.encode(message, "UTF-8"));
+
+ } catch (UnsupportedEncodingException e) {
+ errorURL = addURLParameter(errorURL, PARAM_ERRORMASSAGE, "Fehlermeldung%20konnte%20nicht%20%C3%BCbertragen%20werden.");
+ }
+
+ errorURL = resp.encodeRedirectURL(errorURL);
+ resp.setContentType("text/html");
+ resp.setStatus(302);
+ resp.addHeader("Location", errorURL);
+}
+
+protected static String addURLParameter(String url, String paramname,
+ String paramvalue) {
+ String param = paramname + "=" + paramvalue;
+ if (url.indexOf("?") < 0)
+ return url + "?" + param;
+ else
+ return url + "&" + param;
+}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
index a6619fc11..0130046de 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
@@ -55,6 +55,7 @@ import org.apache.regexp.RESyntaxException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.ConfigurationProvider;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.ConnectionParameterInterface;
import at.gv.egovernment.moa.id.iaik.config.PKIConfigurationImpl;
import at.gv.egovernment.moa.id.iaik.pki.PKIProfileImpl;
import at.gv.egovernment.moa.id.iaik.pki.jsse.MOAIDTrustManager;
@@ -106,7 +107,7 @@ public class SSLUtils {
*/
public static SSLSocketFactory getSSLSocketFactory(
ConfigurationProvider conf,
- ConnectionParameter connParam)
+ ConnectionParameterInterface connParam)
throws IOException, GeneralSecurityException, ConfigurationException, PKIException {
Logger.debug("Get SSLSocketFactory for " + connParam.getUrl());
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 41c3cf6fe..9b945952d 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -108,8 +108,9 @@ proxy.11=Beim Weiterleiten der Verbindung zur Anwendung ist ein Fehler aufgetret
proxy.12=Fehler bei der Anmeldung. <br>Eine Anmeldung an der Anwendung <b>{0}</b> war nicht m&ouml;glich. <br>Pr&uuml;fen Sie bitte ihre Berechtigung.
proxy.13=Fehler beim Aufruf des LoginParameterResolvers zu URL-Pr\uFFFDfix\: {0}
proxy.14=<p> Folgende Ursachen k\u00F6nnen zu dem Fehler gef\u00FChrt haben\:</p><ol><li>Sie sind nicht mehr angemeldet (Verbindungen werden aus Sicherheitsgr\u00FCnden bei l\u00E4ngerer Inaktivit\u00E4t beendet.)<br>Melden Sie sich bitte erneut an.</li><li> Die Kommunikation mit dem Server schlug fehl.<br> </li></ol>
-proxy.15=Auf die gew\u00FCnschte Seite kann nicht zugegriffen werden, Sie besitzen nicht die ben?tigte Berechtigung.
+proxy.15=Auf die gew\u00FCnschte Seite kann nicht zugegriffen werden, Sie besitzen nicht die ben&ouml;tigte Berechtigung.
proxy.16=Fehler bei der Anmeldung. <br>Eine Anmeldung an der Anwendung <b>{0}</b> war nicht m&ouml;glich. Die maximale Anzahl von {1} ung&uuml;ltigen Loginversuchen wurde &uuml;berschritten.<br>Pr&uuml;fen Sie bitte ihre Berechtigung.
+proxy.17=Bei der Anmeldung an MOA-ID ist ein Fehler aufgetreten: {0}
validator.00=Kein SAML:Assertion Objekt gefunden {0}
validator.01=Im Subject kommt mehr als ein Element des Typs PhysicalPersonType vor {0}
diff --git a/id/server/proxy/pom.xml b/id/server/proxy/pom.xml
index ca91c6139..3cf7a3316 100644
--- a/id/server/proxy/pom.xml
+++ b/id/server/proxy/pom.xml
@@ -13,7 +13,7 @@
<groupId>MOA.id.server</groupId>
<artifactId>moa-id-proxy</artifactId>
<packaging>war</packaging>
- <version>1.5.2</version>
+ <version>1.9.90-SNAPSHOT</version>
<name>MOA ID-Proxy WebService</name>
<build>
@@ -63,6 +63,7 @@
<dependency>
<groupId>MOA.id.server</groupId>
<artifactId>moa-id-lib</artifactId>
+ <version>1.9.90-SNAPSHOT</version>
<!--version>${project.version}</version-->
</dependency>
<!-- transitive dependencies we don't want to include into the war -->