diff options
| author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2013-08-12 13:31:30 +0200 |
|---|---|---|
| committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2013-08-12 13:31:30 +0200 |
| commit | 7c6ecaa8adb365a6c670cb86bb68be94136dc6a0 (patch) | |
| tree | f69c954a387513aa14adf86d4bf9a81a59b80c36 | |
| parent | 45e170310a012dca93d5e5d4dc0b54e6b0808e95 (diff) | |
| download | moa-id-spss-7c6ecaa8adb365a6c670cb86bb68be94136dc6a0.tar.gz moa-id-spss-7c6ecaa8adb365a6c670cb86bb68be94136dc6a0.tar.bz2 moa-id-spss-7c6ecaa8adb365a6c670cb86bb68be94136dc6a0.zip | |
Bugfixes:
@ConfigurationTool
- AuthenticationFilter: handle of non authenticated requests after restart
- Legacy Import: update legacy Configuration import process
@MOA-ID
- Change Legacy Configuration import
15 files changed, 488 insertions, 597 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java index 07f599284..aeadbd0bb 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java @@ -18,6 +18,7 @@ public class ConfigurationProvider { private static ConfigurationProvider instance; private Properties props; + private String configFileName; public static ConfigurationProvider getInstance() throws ConfigurationException { if (instance == null) { @@ -33,7 +34,7 @@ public class ConfigurationProvider { private void inizialize() throws ConfigurationException { - String configFileName = System.getProperty(SYSTEM_PROP_CONFIG); + configFileName = System.getProperty(SYSTEM_PROP_CONFIG); if (configFileName == null) { throw new ConfigurationException("config.01"); @@ -77,4 +78,8 @@ public class ConfigurationProvider { String result = props.getProperty("general.login.deaktivate", "false"); return Boolean.parseBoolean(result); } + + public String getConfigFile() { + return configFileName; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java index d14e12df5..59954df7f 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java @@ -52,10 +52,7 @@ public class GeneralMOAIDConfig { private String timeoutAssertion = String.valueOf(DEFAULTTIMEOUTASSERTION); private String timeoutMOASessionCreated = String.valueOf(DEFAULTTIMEOUTMOASESSIONCREATED); private String timeoutMOASessionUpdated = String.valueOf(DEFAULTTIMEOUTMOASESSIONUPDATED); - - private String identityLinkSigners = ""; - private List<String> idlSignersList = null; - + private String moaspssURL = null; private String moaspssAuthTrustProfile = null; private String moaspssAuthTransformations = ""; @@ -145,17 +142,7 @@ public class GeneralMOAIDConfig { } } - - IdentityLinkSigners idlsign = auth.getIdentityLinkSigners(); - if (idlsign != null) { - List<IdentityLinkSignersX509SubjectNameItem> idem = idlsign.getX509SubjectNameItems(); - - for (IdentityLinkSignersX509SubjectNameItem el : idem) { - identityLinkSigners += el.getItem() + LINE_DELIMITER + "\n"; - } - - } - + MOASP moaspss = auth.getMOASP(); if (moaspss != null) { ConnectionParameterClientAuthType con = moaspss.getConnectionParameter(); @@ -362,20 +349,6 @@ public class GeneralMOAIDConfig { } /** - * @return the identityLinkSigners - */ - public String getIdentityLinkSigners() { - return identityLinkSigners; - } - - /** - * @param identityLinkSigners the identityLinkSigners to set - */ - public void setIdentityLinkSigners(String identityLinkSigners) { - this.identityLinkSigners = identityLinkSigners; - } - - /** * @return the moaspssURL */ public String getMoaspssURL() { @@ -824,20 +797,6 @@ public class GeneralMOAIDConfig { } /** - * @return the idlSignersList - */ - public List<String> getIdlSignersList() { - return idlSignersList; - } - - /** - * @param idlSignersList the idlSignersList to set - */ - public void setIdlSignersList(List<String> idlSignersList) { - this.idlSignersList = idlSignersList; - } - - /** * @return the authTransformList */ public List<String> getAuthTransformList() { diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java index d90e6f9b1..7dac458ca 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java @@ -148,6 +148,10 @@ public class AuthenticationFilter implements Filter{ } else { //check login Daten + + //loginPageForward = true; + + if (MiscUtil.isNotEmpty(getAuthenticatedPage())) { log.debug("Unable to find authentication data. Authenticated page is given so there is no need to save original request url. " + (loginPageForward ? "Forwarding" : "Redirecting") + " to login page \"" + loginPage + "\"."); @@ -166,9 +170,11 @@ public class AuthenticationFilter implements Filter{ if (loginPageForward) { RequestDispatcher dispatcher = req.getRequestDispatcher(loginPage); dispatcher.forward(httpServletRequest, httpServletResponse); + return; } else { httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(loginPage)); + return; } @@ -179,13 +185,13 @@ public class AuthenticationFilter implements Filter{ } catch (Exception e) { - String redirectURL = "./index.action"; - HttpServletResponse httpResp = (HttpServletResponse) resp; - redirectURL = httpResp.encodeRedirectURL(redirectURL); - resp.setContentType("text/html"); - ((HttpServletResponse) resp).setStatus(302); - httpResp.addHeader("Location", redirectURL); - log.warn("A Filter Error occurs -> Redirect to Login-Form"); +// String redirectURL = "./index.action"; +// HttpServletResponse httpResp = (HttpServletResponse) resp; +// redirectURL = httpResp.encodeRedirectURL(redirectURL); +// resp.setContentType("text/html"); +// ((HttpServletResponse) resp).setStatus(302); +// httpResp.addHeader("Location", redirectURL); +// log.warn("A Filter Error occurs -> Redirect to Login-Form"); } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java index 6cea7d33f..da87a197f 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java @@ -72,66 +72,58 @@ public class EditGeneralConfigAction extends ActionSupport public String loadConfig() { Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); - - if (authUserObj != null && authUserObj instanceof AuthenticatedUser) { - authUser = (AuthenticatedUser) authUserObj; + authUser = (AuthenticatedUser) authUserObj; - if (authUser.isAdmin()) { - - MOAIDConfiguration dbconfig = ConfigurationDBRead.getMOAIDConfiguration(); - - moaconfig = new GeneralMOAIDConfig(); - moaconfig.parse(dbconfig); - - ConfigurationDBUtils.closeSession(); - - return Constants.STRUTS_SUCCESS; + if (authUser.isAdmin()) { - } else { - addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); - return Constants.STRUTS_NOTALLOWED; - } + MOAIDConfiguration dbconfig = ConfigurationDBRead.getMOAIDConfiguration(); + + moaconfig = new GeneralMOAIDConfig(); + moaconfig.parse(dbconfig); - } else - return Constants.STRUTS_REAUTHENTICATE; + ConfigurationDBUtils.closeSession(); + + return Constants.STRUTS_SUCCESS; + + } else { + addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); + return Constants.STRUTS_NOTALLOWED; + } } public String saveConfig() { Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); - if (authUserObj != null && authUserObj instanceof AuthenticatedUser) { - authUser = (AuthenticatedUser) authUserObj; + authUser = (AuthenticatedUser) authUserObj; + + if (authUser.isAdmin()) { - if (authUser.isAdmin()) { - - MOAConfigValidator validator = new MOAConfigValidator(); - - List<String> errors = validator.validate(moaconfig); + MOAConfigValidator validator = new MOAConfigValidator(); + + List<String> errors = validator.validate(moaconfig); - if (errors.size() > 0) { - log.info("General MOA-ID configuration has some erros."); - for (String el : errors) - addActionError(el); - - return Constants.STRUTS_ERROR_VALIDATION; - } - - String error = saveFormToDatabase(); - - if (error != null) { - log.warn("General MOA-ID config can not be stored in Database"); - addActionError(error); - return Constants.STRUTS_SUCCESS; - } + if (errors.size() > 0) { + log.info("General MOA-ID configuration has some erros."); + for (String el : errors) + addActionError(el); - } else { - addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); - return Constants.STRUTS_NOTALLOWED; + return Constants.STRUTS_ERROR_VALIDATION; + } + + String error = saveFormToDatabase(); + + if (error != null) { + log.warn("General MOA-ID config can not be stored in Database"); + addActionError(error); + return Constants.STRUTS_SUCCESS; } - } else - return Constants.STRUTS_REAUTHENTICATE; + } else { + addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); + return Constants.STRUTS_NOTALLOWED; + } + addActionMessage(LanguageHelper.getGUIString("webpages.moaconfig.save.success")); return Constants.STRUTS_SUCCESS; @@ -141,10 +133,7 @@ public class EditGeneralConfigAction extends ActionSupport Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); - if (authUserObj != null && authUserObj instanceof AuthenticatedUser) { - authUser = (AuthenticatedUser) authUserObj; - } else - return Constants.STRUTS_REAUTHENTICATE; + authUser = (AuthenticatedUser) authUserObj; return Constants.STRUTS_SUCCESS; } @@ -349,10 +338,7 @@ public class EditGeneralConfigAction extends ActionSupport idlsigners = new IdentityLinkSigners(); dbauth.setIdentityLinkSigners(idlsigners); } - if (moaconfig.getIdlSignersList().size() > 0) { - idlsigners.setX509SubjectName(moaconfig.getIdlSignersList()); - } - + ForeignIdentities dbforeign = dbauth.getForeignIdentities(); if (dbforeign == null) { dbforeign = new ForeignIdentities(); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java index 7be62d362..0f2a40aa7 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java @@ -75,11 +75,8 @@ ServletResponseAware { Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); - if (authUserObj != null && authUserObj instanceof AuthenticatedUser) { - authUser = (AuthenticatedUser) authUserObj; - } else - return Constants.STRUTS_REAUTHENTICATE; - + authUser = (AuthenticatedUser) authUserObj; + long oaid = -1; if (!ValidationHelper.validateOAID(oaidobj)) { @@ -132,11 +129,8 @@ ServletResponseAware { Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); - if (authUserObj != null && authUserObj instanceof AuthenticatedUser) { - authUser = (AuthenticatedUser) authUserObj; - } else - return Constants.STRUTS_REAUTHENTICATE; - + authUser = (AuthenticatedUser) authUserObj; + newOA = true; return Constants.STRUTS_OA_EDIT; @@ -146,11 +140,8 @@ ServletResponseAware { Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); - if (authUserObj != null && authUserObj instanceof AuthenticatedUser) { - authUser = (AuthenticatedUser) authUserObj; - } else - return Constants.STRUTS_REAUTHENTICATE; - + authUser = (AuthenticatedUser) authUserObj; + OnlineApplication onlineapplication = null; List<String> errors = new ArrayList<String>(); @@ -260,11 +251,8 @@ ServletResponseAware { public String deleteOA() { Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); - - if (authUserObj != null && authUserObj instanceof AuthenticatedUser) { - authUser = (AuthenticatedUser) authUserObj; - } else - return Constants.STRUTS_REAUTHENTICATE; + + authUser = (AuthenticatedUser) authUserObj; String oaidentifier = generalOA.getIdentifier(); if (MiscUtil.isEmpty(oaidentifier)) { diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java index b683a95f9..1cb4fa802 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java @@ -6,6 +6,7 @@ import java.io.InputStream; import java.io.OutputStream; import java.io.StringReader; import java.io.StringWriter; +import java.net.MalformedURLException; import java.util.List; import javax.servlet.http.HttpServletRequest; @@ -32,6 +33,7 @@ import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.legacy.BuildFromLegacyConfig; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; +import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.iaik.commons.util.IOUtil; @@ -60,232 +62,233 @@ implements ServletRequestAware, ServletResponseAware { Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); - if (authUserObj != null && authUserObj instanceof AuthenticatedUser) { - authUser = (AuthenticatedUser) authUserObj; - - if (authUser.isAdmin()) { - - return Constants.STRUTS_SUCCESS; - - } else { - log.info("No access to Import/Export for User with ID" + authUser.getUserID()); - addActionError(LanguageHelper.getErrorString("errors.notallowed")); - return Constants.STRUTS_NOTALLOWED; - } - } - return Constants.STRUTS_REAUTHENTICATE; + authUser = (AuthenticatedUser) authUserObj; + if (authUser.isAdmin()) { + + return Constants.STRUTS_SUCCESS; + + } else { + log.info("No access to Import/Export for User with ID" + authUser.getUserID()); + addActionError(LanguageHelper.getErrorString("errors.notallowed")); + return Constants.STRUTS_NOTALLOWED; + } } public String importLegacyConfig() { Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); - if (authUserObj != null && authUserObj instanceof AuthenticatedUser) { - authUser = (AuthenticatedUser) authUserObj; - - if (authUser.isAdmin()) { - - //load legacy config if it is configured + authUser = (AuthenticatedUser) authUserObj; + + if (authUser.isAdmin()) { + + //load legacy config if it is configured + + if (fileUpload == null) { + addActionError(LanguageHelper.getErrorString("errors.importexport.nofile")); + return Constants.STRUTS_ERROR_VALIDATION; + } - if (fileUpload == null) { - addActionError(LanguageHelper.getErrorString("errors.importexport.nofile")); - return Constants.STRUTS_ERROR_VALIDATION; - } + //Initialize OpenSAML for STORK + log.info("Starting initialization of OpenSAML..."); + try { + STORKBootstrap.bootstrap(); - //Initialize OpenSAML for STORK - log.info("Starting initialization of OpenSAML..."); - try { - STORKBootstrap.bootstrap(); - - } catch (org.opensaml.xml.ConfigurationException e1) { - log.info("Legacy configuration has an Import Error", e1); - addActionError(LanguageHelper.getErrorString("errors.importexport.legacyimport", new Object[] {e1.getMessage()})); - return Constants.STRUTS_ERROR_VALIDATION; - } - log.debug("OpenSAML successfully initialized"); + } catch (org.opensaml.xml.ConfigurationException e1) { + log.info("Legacy configuration has an Import Error", e1); + addActionError(LanguageHelper.getErrorString("errors.importexport.legacyimport", new Object[] {e1.getMessage()})); + return Constants.STRUTS_ERROR_VALIDATION; + } + log.debug("OpenSAML successfully initialized"); + try { + + MOAIDConfiguration moaidconfig = ConfigurationDBRead.getMOAIDConfiguration(); + + MOAIDConfiguration moaconfig; try { + log.warn("WARNING! The legacy import deletes the hole old config"); - MOAIDConfiguration moaidconfig = ConfigurationDBRead.getMOAIDConfiguration(); + String rootConfigFileDir = new File(ConfigurationProvider.getInstance().getConfigFile()).getParent(); - MOAIDConfiguration moaconfig; try { - log.warn("WARNING! The legacy import deletes the hole old config"); - - moaconfig = BuildFromLegacyConfig.build(fileUpload, "", moaidconfig); - - } catch (ConfigurationException e) { - log.info("Legacy configuration has an Import Error", e); - addActionError(LanguageHelper.getErrorString("errors.importexport.legacyimport", new Object[] {e.getMessage()})); - ConfigurationDBUtils.closeSession(); - return Constants.STRUTS_ERROR_VALIDATION; + rootConfigFileDir = new File(rootConfigFileDir).toURL().toString(); + + } catch (MalformedURLException t) { + log.warn("RootConfiguration Directory is not found"); + rootConfigFileDir = ""; } - //check if XML config should be use - log.warn("WARNING! MOA-ID 2.0 is started with XML configuration. This setup overstrike the actual configuration in the Database!"); + moaconfig = BuildFromLegacyConfig.build(fileUpload, rootConfigFileDir, moaidconfig); + } catch (ConfigurationException e) { + log.info("Legacy configuration has an Import Error", e); + addActionError(LanguageHelper.getErrorString("errors.importexport.legacyimport", new Object[] {e.getMessage()})); + ConfigurationDBUtils.closeSession(); + return Constants.STRUTS_ERROR_VALIDATION; - if (moaidconfig != null) - ConfigurationDBUtils.delete(moaidconfig); - - List<OnlineApplication> oas = ConfigurationDBRead.getAllOnlineApplications(); - if (oas != null && oas.size() > 0) { - for (OnlineApplication oa : oas) - ConfigurationDBUtils.delete(oa); - } - - - oas = moaconfig.getOnlineApplication(); - for (OnlineApplication oa : oas) - ConfigurationDBUtils.save(oa); - - moaconfig.setOnlineApplication(null); - ConfigurationDBUtils.save(moaconfig); - - } catch (MOADatabaseException e) { - log.warn("General MOA-ID config can not be stored in Database"); - addActionError(e.getMessage()); + } catch (at.gv.egovernment.moa.id.configuration.exception.ConfigurationException e) { + ConfigurationDBUtils.closeSession(); return Constants.STRUTS_ERROR_VALIDATION; } - finally { - ConfigurationDBUtils.closeSession(); + //check if XML config should be use + log.warn("WARNING! MOA-ID 2.0 is started with XML configuration. This setup overstrike the actual configuration in the Database!"); + + + if (moaidconfig != null) + ConfigurationDBUtils.delete(moaidconfig); + + List<OnlineApplication> oas = ConfigurationDBRead.getAllOnlineApplications(); + if (oas != null && oas.size() > 0) { + for (OnlineApplication oa : oas) + ConfigurationDBUtils.delete(oa); } + - log.info("Legacy Configuration load is completed."); - addActionMessage(LanguageHelper.getGUIString("webpages.inportexport.success")); - return Constants.STRUTS_SUCCESS; + oas = moaconfig.getOnlineApplication(); + for (OnlineApplication oa : oas) + ConfigurationDBUtils.save(oa); + + moaconfig.setOnlineApplication(null); + ConfigurationDBUtils.save(moaconfig); - } else { - log.info("No access to Import/Export for User with ID" + authUser.getUserID()); - addActionError(LanguageHelper.getErrorString("errors.notallowed")); - return Constants.STRUTS_NOTALLOWED; + } catch (MOADatabaseException e) { + log.warn("General MOA-ID config can not be stored in Database"); + addActionError(e.getMessage()); + return Constants.STRUTS_ERROR_VALIDATION; + } + + finally { + ConfigurationDBUtils.closeSession(); } + + log.info("Legacy Configuration load is completed."); + addActionMessage(LanguageHelper.getGUIString("webpages.inportexport.success")); + return Constants.STRUTS_SUCCESS; + + } else { + log.info("No access to Import/Export for User with ID" + authUser.getUserID()); + addActionError(LanguageHelper.getErrorString("errors.notallowed")); + return Constants.STRUTS_NOTALLOWED; } - return Constants.STRUTS_REAUTHENTICATE; } public String downloadXMLConfig() { Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); - if (authUserObj != null && authUserObj instanceof AuthenticatedUser) { - authUser = (AuthenticatedUser) authUserObj; - - if (authUser.isAdmin()) { - - log.info("Write MOA-ID 2.x xml config"); - JAXBContext jc; - try { - jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config"); + authUser = (AuthenticatedUser) authUserObj; - Marshaller m = jc.createMarshaller(); - m.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true); + if (authUser.isAdmin()) { + + log.info("Write MOA-ID 2.x xml config"); + JAXBContext jc; + try { + jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config"); + + Marshaller m = jc.createMarshaller(); + m.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true); // File test = new File(xmlconfigout); // m.marshal(moaidconfig, test); - MOAIDConfiguration moaidconfig = ConfigurationDBRead.getMOAIDConfiguration(); - - if (moaidconfig == null) { - log.info("No MOA-ID 2.x configruation available"); - addActionError(LanguageHelper.getErrorString("errors.importexport.export.noconfig")); - return Constants.STRUTS_ERROR_VALIDATION; - } - - List<OnlineApplication> oaconfigs = ConfigurationDBRead.getAllOnlineApplications(); - moaidconfig.setOnlineApplication(oaconfigs); - - StringWriter writer = new StringWriter(); - m.marshal(moaidconfig, writer); - fileInputStream = IOUtils.toInputStream(writer.toString(), "UTF-8"); - - } catch (JAXBException e) { - log.info("MOA-ID 2.x configruation could not be exported into a XML file.", e); - addActionError(LanguageHelper.getErrorString("errors.importexport.export", - new Object[]{e.getMessage()})); - return Constants.STRUTS_ERROR_VALIDATION; - } catch (IOException e) { - log.info("MOA-ID 2.x configruation could not be exported into a XML file.", e); - addActionError(LanguageHelper.getErrorString("errors.importexport.export", - new Object[]{e.getMessage()})); + MOAIDConfiguration moaidconfig = ConfigurationDBRead.getMOAIDConfiguration(); + + if (moaidconfig == null) { + log.info("No MOA-ID 2.x configruation available"); + addActionError(LanguageHelper.getErrorString("errors.importexport.export.noconfig")); return Constants.STRUTS_ERROR_VALIDATION; } - finally { - ConfigurationDBUtils.closeSession(); - } + List<OnlineApplication> oaconfigs = ConfigurationDBRead.getAllOnlineApplications(); + moaidconfig.setOnlineApplication(oaconfigs); + + StringWriter writer = new StringWriter(); + m.marshal(moaidconfig, writer); + fileInputStream = IOUtils.toInputStream(writer.toString(), "UTF-8"); - return Constants.STRUTS_SUCCESS; - } else { - log.info("No access to Import/Export for User with ID" + authUser.getUserID()); - addActionError(LanguageHelper.getErrorString("errors.notallowed")); - return Constants.STRUTS_NOTALLOWED; + } catch (JAXBException e) { + log.info("MOA-ID 2.x configruation could not be exported into a XML file.", e); + addActionError(LanguageHelper.getErrorString("errors.importexport.export", + new Object[]{e.getMessage()})); + return Constants.STRUTS_ERROR_VALIDATION; + } catch (IOException e) { + log.info("MOA-ID 2.x configruation could not be exported into a XML file.", e); + addActionError(LanguageHelper.getErrorString("errors.importexport.export", + new Object[]{e.getMessage()})); + return Constants.STRUTS_ERROR_VALIDATION; } + + finally { + ConfigurationDBUtils.closeSession(); + } + + return Constants.STRUTS_SUCCESS; + } else { + log.info("No access to Import/Export for User with ID" + authUser.getUserID()); + addActionError(LanguageHelper.getErrorString("errors.notallowed")); + return Constants.STRUTS_NOTALLOWED; } - return Constants.STRUTS_REAUTHENTICATE; } public String importXMLConfig() { Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); - if (authUserObj != null && authUserObj instanceof AuthenticatedUser) { - authUser = (AuthenticatedUser) authUserObj; + authUser = (AuthenticatedUser) authUserObj; + + if (authUser.isAdmin()) { - if (authUser.isAdmin()) { - - if (fileUpload == null) { - addActionError(LanguageHelper.getErrorString("errors.importexport.nofile")); - return Constants.STRUTS_ERROR_VALIDATION; - } + if (fileUpload == null) { + addActionError(LanguageHelper.getErrorString("errors.importexport.nofile")); + return Constants.STRUTS_ERROR_VALIDATION; + } + + log.info("Load configuration from MOA-ID 2.x XML configuration"); - log.info("Load configuration from MOA-ID 2.x XML configuration"); - - try { - JAXBContext jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config"); - Unmarshaller m = jc.createUnmarshaller(); - MOAIDConfiguration moaconfig = (MOAIDConfiguration) m.unmarshal(fileUpload); + try { + JAXBContext jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config"); + Unmarshaller m = jc.createUnmarshaller(); + MOAIDConfiguration moaconfig = (MOAIDConfiguration) m.unmarshal(fileUpload); - - log.warn("WARNING! The XML import deletes the hole old config"); - List<OnlineApplication> oas = ConfigurationDBRead.getAllOnlineApplications(); - if (oas != null && oas.size() > 0) { - for (OnlineApplication oa : oas) - ConfigurationDBUtils.delete(oa); - } - MOAIDConfiguration moaidconfig = ConfigurationDBRead.getMOAIDConfiguration(); - if (moaidconfig != null) - ConfigurationDBUtils.delete(moaidconfig); - - List<OnlineApplication> importoas = moaconfig.getOnlineApplication(); - for (OnlineApplication importoa : importoas) { - ConfigurationDBUtils.saveOrUpdate(importoa); - } - - moaconfig.setOnlineApplication(null); - ConfigurationDBUtils.saveOrUpdate(moaconfig); - - } catch (Exception e) { - log.warn("MOA-ID XML configuration can not be loaded from File.", e); - addActionError(LanguageHelper.getErrorString("errors.importexport.import", - new Object[]{e.getMessage()})); - return Constants.STRUTS_ERROR_VALIDATION; - - } - finally { - ConfigurationDBUtils.closeSession(); + log.warn("WARNING! The XML import deletes the hole old config"); + List<OnlineApplication> oas = ConfigurationDBRead.getAllOnlineApplications(); + if (oas != null && oas.size() > 0) { + for (OnlineApplication oa : oas) + ConfigurationDBUtils.delete(oa); + } + MOAIDConfiguration moaidconfig = ConfigurationDBRead.getMOAIDConfiguration(); + if (moaidconfig != null) + ConfigurationDBUtils.delete(moaidconfig); + + List<OnlineApplication> importoas = moaconfig.getOnlineApplication(); + for (OnlineApplication importoa : importoas) { + ConfigurationDBUtils.saveOrUpdate(importoa); } - log.info("XML Configuration load is completed."); - addActionMessage(LanguageHelper.getGUIString("webpages.inportexport.success")); - return Constants.STRUTS_SUCCESS; + moaconfig.setOnlineApplication(null); + ConfigurationDBUtils.saveOrUpdate(moaconfig); + + } catch (Exception e) { + log.warn("MOA-ID XML configuration can not be loaded from File.", e); + addActionError(LanguageHelper.getErrorString("errors.importexport.import", + new Object[]{e.getMessage()})); + return Constants.STRUTS_ERROR_VALIDATION; + + } - } else { - log.info("No access to Import/Export for User with ID" + authUser.getUserID()); - addActionError(LanguageHelper.getErrorString("errors.notallowed")); - return Constants.STRUTS_NOTALLOWED; + finally { + ConfigurationDBUtils.closeSession(); } - } - return Constants.STRUTS_REAUTHENTICATE; + log.info("XML Configuration load is completed."); + addActionMessage(LanguageHelper.getGUIString("webpages.inportexport.success")); + return Constants.STRUTS_SUCCESS; + + } else { + log.info("No access to Import/Export for User with ID" + authUser.getUserID()); + addActionError(LanguageHelper.getErrorString("errors.notallowed")); + return Constants.STRUTS_NOTALLOWED; + } + } /** diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java index deb48111d..f5f265ea6 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java @@ -51,98 +51,85 @@ public class ListOAsAction extends ActionSupport implements ServletRequestAware, Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); - if (authUserObj != null && authUserObj instanceof AuthenticatedUser) { - authUser = (AuthenticatedUser) authUserObj; - - List<OnlineApplication> dbOAs = null; - - if (authUser.isAdmin()) { - dbOAs = ConfigurationDBRead.getAllOnlineApplications(); - - } else { - UserDatabase authUserDB = ConfigurationDBRead.getUserWithID(authUser.getUserID()); - - if (authUserDB != null) - dbOAs = authUserDB.getOnlineApplication(); - } - - addFormOAs(dbOAs); - - ConfigurationDBUtils.closeSession(); + authUser = (AuthenticatedUser) authUserObj; + + List<OnlineApplication> dbOAs = null; + + if (authUser.isAdmin()) { + dbOAs = ConfigurationDBRead.getAllOnlineApplications(); - return Constants.STRUTS_SUCCESS; + } else { + UserDatabase authUserDB = ConfigurationDBRead.getUserWithID(authUser.getUserID()); + if (authUserDB != null) + dbOAs = authUserDB.getOnlineApplication(); } - - return Constants.STRUTS_ERROR; + + addFormOAs(dbOAs); + + ConfigurationDBUtils.closeSession(); + + return Constants.STRUTS_SUCCESS; } public String searchOAInit() { Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); - if (authUserObj != null && authUserObj instanceof AuthenticatedUser) { - authUser = (AuthenticatedUser) authUserObj; - - formOAs = null; - friendlyname = ""; - - return Constants.STRUTS_SUCCESS; + authUser = (AuthenticatedUser) authUserObj; + + formOAs = null; + friendlyname = ""; + + return Constants.STRUTS_SUCCESS; - } else { - return Constants.STRUTS_REAUTHENTICATE; - } } public String searchOA() { Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); - if (authUserObj != null && authUserObj instanceof AuthenticatedUser) { - authUser = (AuthenticatedUser) authUserObj; + authUser = (AuthenticatedUser) authUserObj; + + if (MiscUtil.isEmpty(friendlyname)) { + log.info("SearchOA textfield is empty"); + addActionError(LanguageHelper.getErrorString("validation.general.oafriendlyname.empty", request)); + return Constants.STRUTS_SUCCESS; - if (MiscUtil.isEmpty(friendlyname)) { - log.info("SearchOA textfield is empty"); - addActionError(LanguageHelper.getErrorString("validation.general.oafriendlyname.empty", request)); + } else { + if (ValidationHelper.containsPotentialCSSCharacter(friendlyname, false)) { + log.warn("SearchOA textfield contains potential XSS characters"); + addActionError(LanguageHelper.getErrorString("validation.general.oafriendlyname", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request)); return Constants.STRUTS_SUCCESS; - - } else { - if (ValidationHelper.containsPotentialCSSCharacter(friendlyname, false)) { - log.warn("SearchOA textfield contains potential XSS characters"); - addActionError(LanguageHelper.getErrorString("validation.general.oafriendlyname", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request)); - return Constants.STRUTS_SUCCESS; - } - } - - List<OnlineApplication> dbOAs = null; + } + } + + List<OnlineApplication> dbOAs = null; + + if (authUser.isAdmin()) { + dbOAs = ConfigurationDBRead.searchOnlineApplications(friendlyname); - if (authUser.isAdmin()) { - dbOAs = ConfigurationDBRead.searchOnlineApplications(friendlyname); + } else { + UserDatabase authUserDB = ConfigurationDBRead.getUserWithID(authUser.getUserID()); + if (authUserDB != null) { + List<OnlineApplication> alldbOAs = authUserDB.getOnlineApplication(); - } else { - UserDatabase authUserDB = ConfigurationDBRead.getUserWithID(authUser.getUserID()); - if (authUserDB != null) { - List<OnlineApplication> alldbOAs = authUserDB.getOnlineApplication(); - - dbOAs = new ArrayList<OnlineApplication>(); - - for (OnlineApplication el : alldbOAs) { - if (el.getPublicURLPrefix() - .toLowerCase().indexOf(friendlyname.toLowerCase()) > -1) - dbOAs.add(el); - } + dbOAs = new ArrayList<OnlineApplication>(); + + for (OnlineApplication el : alldbOAs) { + if (el.getPublicURLPrefix() + .toLowerCase().indexOf(friendlyname.toLowerCase()) > -1) + dbOAs.add(el); } } - - addFormOAs(dbOAs); - - ConfigurationDBUtils.closeSession(); - - return Constants.STRUTS_SUCCESS; } - return Constants.STRUTS_REAUTHENTICATE; + addFormOAs(dbOAs); + + ConfigurationDBUtils.closeSession(); + + return Constants.STRUTS_SUCCESS; } private void addFormOAs(List<OnlineApplication> dbOAs) { diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MainAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MainAction.java index ba9b0cc3f..aeafe9548 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MainAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MainAction.java @@ -31,17 +31,8 @@ public class MainAction implements ServletRequestAware, public String generateMainFrame() { Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); - - if (authUserObj != null && authUserObj instanceof AuthenticatedUser) { - authUser = (AuthenticatedUser) authUserObj; - - - - - return Constants.STRUTS_SUCCESS; - } - return Constants.STRUTS_ERROR; - + authUser = (AuthenticatedUser) authUserObj; + return Constants.STRUTS_SUCCESS; } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java index c022d0057..2a9ec038f 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java @@ -47,224 +47,202 @@ public class UserManagementAction extends ActionSupport public String init() { Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); - if (authUserObj != null && authUserObj instanceof AuthenticatedUser) { - authUser = (AuthenticatedUser) authUserObj; + authUser = (AuthenticatedUser) authUserObj; + + if (authUser.isAdmin()) { - if (authUser.isAdmin()) { - - log.info("Show UserList"); - - List<UserDatabase> dbuserlist = ConfigurationDBRead.getAllUsers(); - if (dbuserlist != null) { - userlist = new ArrayList<AuthenticatedUser>(); - - for (UserDatabase dbuser : dbuserlist) { - userlist.add(new AuthenticatedUser( - dbuser.getHjid(), - dbuser.getGivenname(), - dbuser.getFamilyname(), - dbuser.getUsername(), - dbuser.isIsActive(), - dbuser.isIsAdmin())); - } - } - - ConfigurationDBUtils.closeSession(); - return Constants.STRUTS_SUCCESS; + log.info("Show UserList"); + + List<UserDatabase> dbuserlist = ConfigurationDBRead.getAllUsers(); + if (dbuserlist != null) { + userlist = new ArrayList<AuthenticatedUser>(); - } else { - log.info("User with ID " + authUser.getUserID() + " is not admin. Show only EditUser Frame"); - UserDatabase dbuser = ConfigurationDBRead.getUserWithID(authUser.getUserID()); - if (dbuser == null) { - return Constants.STRUTS_REAUTHENTICATE; + for (UserDatabase dbuser : dbuserlist) { + userlist.add(new AuthenticatedUser( + dbuser.getHjid(), + dbuser.getGivenname(), + dbuser.getFamilyname(), + dbuser.getUsername(), + dbuser.isIsActive(), + dbuser.isIsAdmin())); } - user = new UserDatabaseFrom(dbuser); - ConfigurationDBUtils.closeSession(); - return Constants.STRUTS_NOTALLOWED; } + + ConfigurationDBUtils.closeSession(); + return Constants.STRUTS_SUCCESS; + + } else { + log.info("User with ID " + authUser.getUserID() + " is not admin. Show only EditUser Frame"); + UserDatabase dbuser = ConfigurationDBRead.getUserWithID(authUser.getUserID()); + if (dbuser == null) { + return Constants.STRUTS_REAUTHENTICATE; + } + user = new UserDatabaseFrom(dbuser); + ConfigurationDBUtils.closeSession(); + return Constants.STRUTS_NOTALLOWED; } - return Constants.STRUTS_REAUTHENTICATE; - } public String createuser() { Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); - if (authUserObj != null && authUserObj instanceof AuthenticatedUser) { - authUser = (AuthenticatedUser) authUserObj; - - if (authUser.isAdmin()) { - - user = new UserDatabaseFrom(); - - newUser = true; - return Constants.STRUTS_SUCCESS; - - } else { - return Constants.STRUTS_NOTALLOWED; - } - } - return Constants.STRUTS_REAUTHENTICATE; + authUser = (AuthenticatedUser) authUserObj; + if (authUser.isAdmin()) { + + user = new UserDatabaseFrom(); + + newUser = true; + return Constants.STRUTS_SUCCESS; + + } else { + return Constants.STRUTS_NOTALLOWED; + } } public String edituser() { Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); - if (authUserObj != null && authUserObj instanceof AuthenticatedUser) { - authUser = (AuthenticatedUser) authUserObj; + authUser = (AuthenticatedUser) authUserObj; + + if (authUser.isAdmin()) { + long userid = -1; - if (authUser.isAdmin()) { - long userid = -1; - - if (!ValidationHelper.validateOAID(useridobj)) { - addActionError(LanguageHelper.getErrorString("errors.edit.user.userid", request)); - return Constants.STRUTS_ERROR; - } - userid = Long.valueOf(useridobj); - - UserDatabase dbuser = ConfigurationDBRead.getUserWithID(userid); - if (dbuser == null) { - log.info("No User with ID " + userid + " in Database");; - addActionError(LanguageHelper.getErrorString("errors.edit.user.userid", request)); - return Constants.STRUTS_ERROR; - } - user = new UserDatabaseFrom(dbuser); - - newUser = false; - - ConfigurationDBUtils.closeSession(); - - return Constants.STRUTS_SUCCESS; - - } else { - log.info("User with ID " + authUser.getUserID() + " is not admin. Show his own EditUser Frame"); - UserDatabase dbuser = ConfigurationDBRead.getUserWithID(authUser.getUserID()); - user = new UserDatabaseFrom(dbuser); - return Constants.STRUTS_SUCCESS; + if (!ValidationHelper.validateOAID(useridobj)) { + addActionError(LanguageHelper.getErrorString("errors.edit.user.userid", request)); + return Constants.STRUTS_ERROR; } - } - return Constants.STRUTS_REAUTHENTICATE; - + userid = Long.valueOf(useridobj); + + UserDatabase dbuser = ConfigurationDBRead.getUserWithID(userid); + if (dbuser == null) { + log.info("No User with ID " + userid + " in Database");; + addActionError(LanguageHelper.getErrorString("errors.edit.user.userid", request)); + return Constants.STRUTS_ERROR; + } + user = new UserDatabaseFrom(dbuser); + + newUser = false; + + ConfigurationDBUtils.closeSession(); + + return Constants.STRUTS_SUCCESS; + + } else { + log.info("User with ID " + authUser.getUserID() + " is not admin. Show his own EditUser Frame"); + UserDatabase dbuser = ConfigurationDBRead.getUserWithID(authUser.getUserID()); + user = new UserDatabaseFrom(dbuser); + return Constants.STRUTS_SUCCESS; + } } public String saveuser() { Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); - if (authUserObj != null && authUserObj instanceof AuthenticatedUser) { - authUser = (AuthenticatedUser) authUserObj; + authUser = (AuthenticatedUser) authUserObj; - String useridobj = user.getUserID(); - long userID = -1; - if (MiscUtil.isEmpty(useridobj)) { - userID = -1; - - } else { - if (!ValidationHelper.validateOAID(useridobj)){ - log.warn("User with ID " + authUser.getUserID() - + " would access UserDatabase ID " + useridobj); - addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request)); - return Constants.STRUTS_ERROR; - } - userID = Long.valueOf(useridobj); - } + String useridobj = user.getUserID(); + long userID = -1; + if (MiscUtil.isEmpty(useridobj)) { + userID = -1; - List<String> errors; - UserDatabaseFormValidator validator = new UserDatabaseFormValidator(); - errors = validator.validate(user, userID); + } else { + if (!ValidationHelper.validateOAID(useridobj)){ + log.warn("User with ID " + authUser.getUserID() + + " would access UserDatabase ID " + useridobj); + addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request)); + return Constants.STRUTS_ERROR; + } + userID = Long.valueOf(useridobj); + } + + List<String> errors; + UserDatabaseFormValidator validator = new UserDatabaseFormValidator(); + errors = validator.validate(user, userID); - if (errors.size() > 0) { - log.info("UserDataForm has some erros."); - for (String el : errors) - addActionError(el); - user.setPassword(""); - - if (MiscUtil.isEmpty(user.getUsername())) - newUser = true; - - return Constants.STRUTS_ERROR_VALIDATION; - } + if (errors.size() > 0) { + log.info("UserDataForm has some erros."); + for (String el : errors) + addActionError(el); + user.setPassword(""); - if (!authUser.isAdmin()) { - if (authUser.getUserID() != userID) { - log.warn("User with ID " + authUser.getUserID() - + " would access UserDatabase Entry " + user.getUsername()); - addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request)); - return Constants.STRUTS_ERROR; - } - + if (MiscUtil.isEmpty(user.getUsername())) + newUser = true; + + return Constants.STRUTS_ERROR_VALIDATION; + } + + if (!authUser.isAdmin()) { + if (authUser.getUserID() != userID) { + log.warn("User with ID " + authUser.getUserID() + + " would access UserDatabase Entry " + user.getUsername()); + addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request)); + return Constants.STRUTS_ERROR; } + + } - String error = saveFormToDB(); - if (error != null) { - log.warn("UserData can not be stored in Database"); - addActionError(error); - return Constants.STRUTS_SUCCESS; - } - - ConfigurationDBUtils.closeSession(); + String error = saveFormToDB(); + if (error != null) { + log.warn("UserData can not be stored in Database"); + addActionError(error); return Constants.STRUTS_SUCCESS; - } - return Constants.STRUTS_REAUTHENTICATE; + ConfigurationDBUtils.closeSession(); + return Constants.STRUTS_SUCCESS; } public String deleteuser() { Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); - if (authUserObj != null && authUserObj instanceof AuthenticatedUser) { - authUser = (AuthenticatedUser) authUserObj; - - String useridobj = user.getUserID(); - long userID = -1; - if (MiscUtil.isEmpty(useridobj)) { - userID = -1; - - } else { - if (!ValidationHelper.validateOAID(useridobj)){ - log.warn("User with ID " + authUser.getUserID() - + " would access UserDatabase ID " + useridobj); - addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request)); - return Constants.STRUTS_ERROR; - } - userID = Long.valueOf(useridobj); - } - - if (!authUser.isAdmin()) { - if (authUser.getUserID() != userID) { - log.warn("User with ID " + authUser.getUserID() - + " would access UserDatabase Entry " + user.getUsername()); - addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request)); - return Constants.STRUTS_ERROR; - } - } + authUser = (AuthenticatedUser) authUserObj; + + String useridobj = user.getUserID(); + long userID = -1; + if (MiscUtil.isEmpty(useridobj)) { + userID = -1; - UserDatabase dbuser = ConfigurationDBRead.getUserWithID(userID); - if (dbuser != null) { - dbuser.setOnlineApplication(null); - - try { - ConfigurationDBUtils.saveOrUpdate(dbuser); - ConfigurationDBUtils.delete(dbuser); + } else { + if (!ValidationHelper.validateOAID(useridobj)){ + log.warn("User with ID " + authUser.getUserID() + + " would access UserDatabase ID " + useridobj); + addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request)); + return Constants.STRUTS_ERROR; + } + userID = Long.valueOf(useridobj); + } - } catch (MOADatabaseException e) { - log.warn("UserData can not be deleted from Database"); - addActionError(e.getMessage()); - return Constants.STRUTS_SUCCESS; - } + if (!authUser.isAdmin()) { + if (authUser.getUserID() != userID) { + log.warn("User with ID " + authUser.getUserID() + + " would access UserDatabase Entry " + user.getUsername()); + addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request)); + return Constants.STRUTS_ERROR; + } + } + + UserDatabase dbuser = ConfigurationDBRead.getUserWithID(userID); + if (dbuser != null) { + dbuser.setOnlineApplication(null); + + try { + ConfigurationDBUtils.saveOrUpdate(dbuser); + ConfigurationDBUtils.delete(dbuser); - finally { - ConfigurationDBUtils.closeSession(); - } + } catch (MOADatabaseException e) { + log.warn("UserData can not be deleted from Database"); + addActionError(e.getMessage()); + return Constants.STRUTS_SUCCESS; } - ConfigurationDBUtils.closeSession(); - return Constants.STRUTS_SUCCESS; - + finally { + ConfigurationDBUtils.closeSession(); + } } - return Constants.STRUTS_REAUTHENTICATE; + ConfigurationDBUtils.closeSession(); + return Constants.STRUTS_SUCCESS; } private String saveFormToDB() { diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java index c41535d00..f51095cac 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java @@ -110,31 +110,7 @@ public class MOAConfigValidator { errors.add(LanguageHelper.getErrorString("validation.general.Defaultchainigmode.valid")); } } - - check = form.getIdentityLinkSigners(); - List<String> idllist = new ArrayList<String>(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty IdentityLinkSigners"); - errors.add(LanguageHelper.getErrorString("validation.general.IdentityLinkSigners.empty")); - } else { - String[] list = check.split(GeneralMOAIDConfig.LINE_DELIMITER); - int i = 1; - for(String el : list) { - if (ValidationHelper.isNotValidIdentityLinkSigner(el)) { - log.info("IdentityLinkSigners is not valid: " + el); - errors.add(LanguageHelper.getErrorString("validation.general.IdentityLinkSigners.valid", - new Object[] {i, ValidationHelper.getNotValidIdentityLinkSignerCharacters()} )); - - } else { - String elformat = StringHelper.formatText(el.trim()); - if (MiscUtil.isNotEmpty(elformat)) - idllist.add(elformat); - } - i++; - } - } - form.setIdlSignersList(idllist); - + check = form.getMandateURL(); if (MiscUtil.isNotEmpty(check)) { if (!ValidationHelper.validateURL(check)) { diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp index e595978ec..2b24f0b89 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp @@ -152,12 +152,12 @@ cssClass="textfield_long"> </s:textfield> - <s:textarea name="moaconfig.identityLinkSigners" +<%-- <s:textarea name="moaconfig.identityLinkSigners" value="%{moaconfig.identityLinkSigners}" labelposition="left" key="webpages.moaconfig.identitylinksigners" cssClass="textfield_large"> - </s:textarea> + </s:textarea> --%> <s:textfield name="moaconfig.moaspssAuthTrustProfile" value="%{moaconfig.moaspssAuthTrustProfile}" diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index f4cdeddb7..55a20d558 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -388,6 +388,11 @@ public class AuthConfigurationProvider extends ConfigurationProvider { moaidconfig = ConfigurationDBRead.getMOAIDConfiguration(); Logger.info("MOA-ID 2.0 is loaded."); + if (moaidconfig == null) { + Logger.warn("NO MOA-ID configuration found."); + throw new ConfigurationException("config.18", null); + } + // //TODO: only for Testing!!! // if (MiscUtil.isNotEmpty(xmlconfigout)) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java index c807fdc7d..cb35e708c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java @@ -222,16 +222,18 @@ public class BuildFromLegacyConfig { String[] transformsInfos = builder.loadTransformsInfos(transformsInfoFileNames); List<TransformsInfoType> auth_transformInfos = new ArrayList<TransformsInfoType>(); - - for (int i=0; i<transformsInfos.length; i++) { -// for (String transformInfo : transformsInfos) { - TransformsInfoType transforminfotype = new TransformsInfoType(); - transforminfotype.setFilename(transformsInfoFileNames[i]); + if (transformsInfos != null && transformsInfos.length > 0) { + for (int i=0; i<transformsInfos.length; i++) { + + TransformsInfoType transforminfotype = new TransformsInfoType(); + transforminfotype.setFilename(transformsInfoFileNames[i]); - //TODO: Transformation is stored in BASE64 - transforminfotype.setTransformation(Base64Utils.encode(transformsInfos[i].getBytes("UTF-8")).getBytes("UTF-8")); - auth_transformInfos.add(transforminfotype); - } + transforminfotype.setTransformation(Base64Utils.encode(transformsInfos[i].getBytes("UTF-8")).getBytes("UTF-8")); + auth_transformInfos.add(transforminfotype); + } + + } + SecurityLayer auth_securityLayer = new SecurityLayer(); auth_securityLayer.setTransformsInfo(auth_transformInfos); generalAuth.setSecurityLayer(auth_securityLayer); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConfigurationBuilder.java index 1dfebea03..3abc94b02 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConfigurationBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConfigurationBuilder.java @@ -28,6 +28,7 @@ import iaik.pki.pathvalidation.ChainingModes; import iaik.utils.RFC2253NameParser; import iaik.utils.RFC2253NameParserException; +import java.io.IOException; import java.math.BigInteger; import java.net.MalformedURLException; import java.net.URL; @@ -409,19 +410,21 @@ public class ConfigurationBuilder { String[] transformsInfos; - if (MiscUtil.isNotEmpty(rootConfigFileDir_)) { transformsInfos = new String[transformsInfoFileNames.length]; for (int i = 0; i < transformsInfoFileNames.length; i++) { + String fileURL = transformsInfoFileNames[i]; - - //if fileURL is relative to rootConfigFileDir make it absolute - fileURL = FileUtils.makeAbsoluteURL(fileURL, rootConfigFileDir_); - String transformsInfo = FileUtils.readURL(fileURL, DEFAULT_ENCODING); - transformsInfos[i] = transformsInfo; + try { + // if fileURL is relative to rootConfigFileDir make it absolute + fileURL = FileUtils.makeAbsoluteURL(fileURL, rootConfigFileDir_); + + String transformsInfo = FileUtils.readURL(fileURL, DEFAULT_ENCODING); + transformsInfos[i] = transformsInfo; + + } catch (IOException e) { + Logger.info("Transformation with URL " + fileURL + " can not be loaded"); + } } - - } else - transformsInfos = new String[0]; return transformsInfos; } diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index 95bcad1ec..4cfa3f83e 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -24,7 +24,8 @@ auth.03=Fehler beim Abholen einer Datei von der URL "{0}": Interne Fehlermeldung auth.04=Fehler beim Auslesen der Resource "{0}": {1}
auth.05=Fehlender Parameter "{1}" beim Aufruf von "{0}"
auth.06=Fehler beim Speichern der Anmeldedaten, fehlerhaftes SAML-Artifact Format (SAML-Artifact={0})
-auth.07=Aufruf von {0} muss mit Schema "https:" erfolgen. <br><b>Hinweis:</b> Bitte Dokumentation zu GenericConfiguration: "FrontendServlets.EnableHTTPConnection" beachten.
+#auth.07=Aufruf von {0} muss mit Schema "https:" erfolgen. <br><b>Hinweis:</b> Bitte Dokumentation zu GenericConfiguration: "FrontendServlets.EnableHTTPConnection" beachten.
+auth.07=Aufruf von {0} muss mit Schema "https:" erfolgen.
auth.08=In der B?rgerkartenumgebung ist ein Fehler aufgetreten\: <br>Fehlercode <i>{0}</i>\: {1}
auth.09=Zur Auswahlseite der B?rgertenumgebung (URL\={0}) konnte keine Verbindung hergestellt werden. \: <br>HTTP-Statuscode <i>{1}</i>
auth.10=Fehler beim Aufruf von "{0}": Parameter "{1}" fehlt
@@ -64,6 +65,7 @@ config.14=LoginParameterResolver-Fehler: {0} config.15=Das Personenbindungs-Trust-Profil (TrustProfileID = {0}) darf nicht für die Verifikation anderer Infoboxen verwendet werden.
config.16=MOA ID Proxy konnte nicht gestartet werden. Das Element ConnnectionParameter im allgemeinen Konfigurationsteil der MOA-ID-PROXY Konfigurationsdatei fehlt.
config.17=Fehler beim initialisieren von Hibernate
+config.18=Keine MOA-ID 2.x Konfiguration gefunden.
parser.00=Leichter Fehler beim Parsen: {0}
parser.01=Fehler beim Parsen: {0}
|