aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2016-02-10 13:13:48 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2016-02-10 13:13:48 +0100
commit8b29eb9a19c4dcf6e30e34e41b8c6db61a21adb6 (patch)
tree782b07c818bffa60068a3409477f198d953aaf39
parent3f752412b85561e4207cd6fd7c2872da68e5133f (diff)
parentd1a26145ba00478249a8f006d74be49f857b1f34 (diff)
downloadmoa-id-spss-8b29eb9a19c4dcf6e30e34e41b8c6db61a21adb6.tar.gz
moa-id-spss-8b29eb9a19c4dcf6e30e34e41b8c6db61a21adb6.tar.bz2
moa-id-spss-8b29eb9a19c4dcf6e30e34e41b8c6db61a21adb6.zip
Merge branch 'moa-id-3.0.0-snapshot' into moa-id-3.2_(OPB)
Conflicts: id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
-rw-r--r--common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java2
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties4
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java12
5 files changed, 22 insertions, 6 deletions
diff --git a/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java b/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
index 2b816ed4c..0a07fc4a7 100644
--- a/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
+++ b/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
@@ -246,6 +246,10 @@ public class DOMUtils {
parser.setFeature(CREATE_ENTITY_REF_NODES_FEATURE, false);
parser.setFeature(EXTERNAL_GENERAL_ENTITIES_FEATURE, false);
parser.setFeature(EXTERNAL_PARAMETER_ENTITIES_FEATURE, false);
+
+ //fix XXE problem
+ parser.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+
if (validating) {
if (externalSchemaLocations != null) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java
index 8add03da7..712ebb731 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java
@@ -59,6 +59,12 @@ public class FinalizeAuthenticationTask extends AbstractAuthServletTask {
IRequest pendingReq = RequestStorage.getPendingRequest(
(String) executionContext.get("pendingRequestID"));
+ if (pendingReq == null) {
+ Logger.info("No PendingRequest with Id: " + executionContext.get("pendingRequestID") + " Maybe, a transaction timeout occure.");
+ throw new MOAIDException("auth.28", new Object[]{executionContext.get("pendingRequestID")});
+
+ }
+
//get Session from context
String moasessionid = (String) executionContext.get(PARAM_SESSIONID);
AuthenticationSession session = null;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index ee5685e5f..c0ec086ed 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -296,6 +296,8 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo {
}
} catch (PVP2Exception e) {
+ String samlRequest = request.getParameter("SAMLRequest");
+ Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
throw e;
} catch (SecurityPolicyException e) {
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
index 342d54f7f..abd5d15f3 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
@@ -181,7 +181,11 @@ stork.21=1205
pvp2.01=6100
pvp2.06=6100
+pvp2.10=6100
+pvp2.11=6100
+pvp2.12=6100
pvp2.13=9199
+pvp2.15=6105
pvp2.16=6101
pvp2.17=6102
pvp2.20=6103
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index 421d00cbe..5312d779c 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -107,7 +107,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
samlArtifact, ex.toString() });
}
Throwable error = null;
- synchronized (authenticationDataStore) {
+ //synchronized (authenticationDataStore) {
try {
error = authenticationDataStore
.get(samlArtifact, Throwable.class);
@@ -119,7 +119,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
throw new AuthenticationException("1206", new Object[] { samlArtifact });
}
- }
+ //}
return error;
}
@@ -178,7 +178,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
samlArtifact, ex.toString() });
}
String authData = null;
- synchronized (authenticationDataStore) {
+ //synchronized (authenticationDataStore) {
// System.out.println("assertionHandle: " + assertionHandle);
try {
@@ -189,7 +189,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
Logger.error("Assertion not found for SAML Artifact: " + samlArtifact);
throw new AuthenticationException("1206", new Object[] { samlArtifact });
}
- }
+ //}
authenticationDataStore.remove(samlArtifact);
@@ -616,11 +616,11 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
new Object[] { samlArtifact });
parser.parseAssertionHandle();
- synchronized (authenticationDataStore) {
+ //synchronized (authenticationDataStore) {
Logger.debug("Assertion stored for SAML Artifact: "
+ samlArtifact);
authenticationDataStore.put(samlArtifact, samlAssertion);
- }
+ //}
} catch (AuthenticationException ex) {
throw ex;