aboutsummaryrefslogtreecommitdiff
path: root/id.server/src/at/gv/egovernment/moa/id/proxy
diff options
context:
space:
mode:
authorrudolf <rudolf@d688527b-c9ab-4aba-bd8d-4036d912da1d>2004-03-15 16:07:52 +0000
committerrudolf <rudolf@d688527b-c9ab-4aba-bd8d-4036d912da1d>2004-03-15 16:07:52 +0000
commit56ed4518d7978c064af5f240494bf587136c93b0 (patch)
treef7d9a57b7915d3b269d2550c9282138b624efa57 /id.server/src/at/gv/egovernment/moa/id/proxy
parent747a8963ec0ffde4c6883dd1c42ad758a88b084c (diff)
downloadmoa-id-spss-56ed4518d7978c064af5f240494bf587136c93b0.tar.gz
moa-id-spss-56ed4518d7978c064af5f240494bf587136c93b0.tar.bz2
moa-id-spss-56ed4518d7978c064af5f240494bf587136c93b0.zip
RSCH
git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@99 d688527b-c9ab-4aba-bd8d-4036d912da1d
Diffstat (limited to 'id.server/src/at/gv/egovernment/moa/id/proxy')
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java2
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java31
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java28
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/NotAllowedException.java39
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/OldXMLLoginParameterResolver.java16
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolver.java12
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java17
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java35
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java189
9 files changed, 238 insertions, 131 deletions
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java b/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java
index 2ac8fe28e..bdadcbb81 100644
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java
+++ b/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java
@@ -36,7 +36,7 @@ public class DefaultConnectionBuilder implements ConnectionBuilder {
disableHostnameVerification = BoolUtils.valueOf(
ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter(
"ProxyComponent.DisableHostnameVerification"));
- //TODO undocumented feature
+ //TODO MOA-ID BRZ undocumented feature
if (disableHostnameVerification)
Logger.warn("ProxyComponent.DisableHostnameVerification: " + disableHostnameVerification);
}
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java b/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java
index 033a74934..77f6652f3 100644
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java
+++ b/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java
@@ -1,6 +1,7 @@
package at.gv.egovernment.moa.id.proxy;
import java.io.IOException;
+import java.io.UnsupportedEncodingException;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
@@ -8,6 +9,7 @@ import java.util.Map;
import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.URLEncoder;
/**
* Implementation of interface <code>LoginParameterResolver</code>
@@ -79,7 +81,14 @@ public class DefaultLoginParameterResolver implements LoginParameterResolver {
for (Iterator iter = oaConf.getParamAuthMapping().keySet().iterator(); iter.hasNext();) {
String key = (String) iter.next();
String predicate = (String) oaConf.getParamAuthMapping().get(key);
- String resolvedValue = resolveValue(predicate, authData, clientIPAddress);
+ String resolvedValue;
+ try {
+ resolvedValue =
+ URLEncoder.encode(resolveValue(predicate, authData, clientIPAddress), "ISO-8859-1");
+ } catch (UnsupportedEncodingException e) {
+ //ISO-8859-1 is supported
+ resolvedValue = null;
+ }
result.put(key, resolvedValue);
}
}
@@ -97,27 +106,29 @@ public class DefaultLoginParameterResolver implements LoginParameterResolver {
private static String resolveValue(String predicate, AuthenticationData authData, String clientIPAddress) {
if (predicate.equals(MOAGivenName))
return authData.getGivenName();
- else if (predicate.equals(MOAFamilyName))
+ if (predicate.equals(MOAFamilyName))
return authData.getFamilyName();
- else if (predicate.equals(MOADateOfBirth))
+ if (predicate.equals(MOADateOfBirth))
return authData.getDateOfBirth();
- else if (predicate.equals(MOAVPK))
- return authData.getVPK();
- else if (predicate.equals(MOAPublicAuthority))
+ if (predicate.equals(MOABPK))
+ return authData.getPBK();
+ if (predicate.equals(MOAPublicAuthority))
if (authData.isPublicAuthority())
return "true";
else
return "false";
- else if (predicate.equals(MOABKZ))
+ if (predicate.equals(MOABKZ))
return authData.getPublicAuthorityCode();
- else if (predicate.equals(MOAQualifiedCertificate))
+ if (predicate.equals(MOAQualifiedCertificate))
if (authData.isQualifiedCertificate())
return "true";
else
return "false";
- else if (predicate.equals(MOAZMRZahl))
+ if (predicate.equals(MOAStammzahl))
return authData.getIdentificationValue();
- else if (predicate.equals(MOAIPAddress))
+ if (predicate.equals(MOAIdentificationValueType))
+ return authData.getIdentificationType();
+ if (predicate.equals(MOAIPAddress))
return clientIPAddress;
else return null;
}
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java b/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java
index 434a4f674..c391fc16f 100644
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java
+++ b/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java
@@ -15,25 +15,27 @@ import at.gv.egovernment.moa.id.data.AuthenticationData;
*/
public interface LoginParameterResolver {
- /** Constants used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code>,
+ /** Constants used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code>,
* naming predicates used by the <code>LoginParameterResolver</code>. */
public static final String MOAGivenName = "MOAGivenName";
- /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */
+ /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */
public static final String MOAFamilyName = "MOAFamilyName";
- /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */
+ /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */
public static final String MOADateOfBirth = "MOADateOfBirth";
- /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */
- public static final String MOAVPK = "MOAVPK";
- /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */
+ /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */
+ public static final String MOABPK = "MOABPK";
+ /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */
public static final String MOAPublicAuthority = "MOAPublicAuthority";
- /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */
+ /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */
public static final String MOABKZ = "MOABKZ";
- /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */
+ /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */
public static final String MOAQualifiedCertificate =
"MOAQualifiedCertificate";
- /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */
- public static final String MOAZMRZahl = "MOAZMRZahl";
- /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */
+ /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */
+ public static final String MOAStammzahl = "MOAStammzahl";
+ /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */
+ public static final String MOAIdentificationValueType = "MOAIdentificationValueType";
+ /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */
public static final String MOAIPAddress = "MOAIPAddress";
/**
@@ -52,7 +54,7 @@ public interface LoginParameterResolver {
public Map getAuthenticationHeaders(
OAConfiguration oaConf,
AuthenticationData authData,
- String clientIPAddress) throws LoginParameterResolverException;
+ String clientIPAddress) throws LoginParameterResolverException, NotAllowedException;
/**
* Returns request parameters to be added to a URLConnection.
@@ -70,6 +72,6 @@ public interface LoginParameterResolver {
AuthenticationData authData,
String clientIPAddress) throws LoginParameterResolverException;
- public void configure(String configuration) throws LoginParameterResolverException;
+ public void configure(String configuration) throws LoginParameterResolverException, NotAllowedException;
}
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/NotAllowedException.java b/id.server/src/at/gv/egovernment/moa/id/proxy/NotAllowedException.java
new file mode 100644
index 000000000..849160a7b
--- /dev/null
+++ b/id.server/src/at/gv/egovernment/moa/id/proxy/NotAllowedException.java
@@ -0,0 +1,39 @@
+package at.gv.egovernment.moa.id.proxy;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+
+/**
+ * Exception thrown while proxying a request to the online application
+ * Reason for this exception: the dedicated LoginParameterResolver does
+ * not allow access to the desired ressource.
+ *
+ * @author Rudolf Schamberger
+ * @version $Id$
+ */
+public class NotAllowedException extends MOAIDException {
+
+ /**
+ * Constructor for NotAllowedException.
+ * @param messageId
+ * @param parameters
+ */
+ public NotAllowedException(
+ String messageId,
+ Object[] parameters) {
+ super(messageId, parameters);
+ }
+
+ /**
+ * Constructor for NotAllowedException.
+ * @param messageId
+ * @param parameters
+ * @param wrapped
+ */
+ public NotAllowedException(
+ String messageId,
+ Object[] parameters,
+ Throwable wrapped) {
+ super(messageId, parameters, wrapped);
+ }
+
+}
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/OldXMLLoginParameterResolver.java b/id.server/src/at/gv/egovernment/moa/id/proxy/OldXMLLoginParameterResolver.java
index c53ed30a6..9766ef57b 100644
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/OldXMLLoginParameterResolver.java
+++ b/id.server/src/at/gv/egovernment/moa/id/proxy/OldXMLLoginParameterResolver.java
@@ -11,9 +11,9 @@ import org.w3c.dom.*;
// Referenced classes of package at.gv.egovernment.moa.id.proxy:
// LoginParameterResolver
-// Old Implementation of XMLLoginParameterResolver (used to migrate old labs applications rapidely to
-// version 1.1.1 of MOA-ID
-// TODO RS migrate this to XMLLoginParameterResolver
+// Old Implementation of XMLLoginParameterResolver
+//
+// TODO MOA-ID CIO internal: migrate this to XMLLoginParameterResolver
public class OldXMLLoginParameterResolver
@@ -98,7 +98,7 @@ public class OldXMLLoginParameterResolver
{
String famName = resolveValue("MOAFamilyName", authData, clientIPAddress);
String givenName = resolveValue("MOAGivenName", authData, clientIPAddress);
- String bPK = resolveValue("MOAVPK", authData, clientIPAddress);
+ String bPK = resolveValue("MOABPK", authData, clientIPAddress);
String userid = "";
String password = "";
LPRParams params = null;
@@ -193,8 +193,8 @@ public class OldXMLLoginParameterResolver
return authData.getFamilyName();
if(predicate.equals("MOADateOfBirth"))
return authData.getDateOfBirth();
- if(predicate.equals("MOAVPK"))
- return authData.getVPK();
+ if(predicate.equals("MOABPK"))
+ return authData.getPBK();
if(predicate.equals("MOAPublicAuthority"))
if(authData.isPublicAuthority())
return "true";
@@ -207,8 +207,10 @@ public class OldXMLLoginParameterResolver
return "true";
else
return "false";
- if(predicate.equals("MOAZMRZahl"))
+ if(predicate.equals("MOAStammzahl"))
return authData.getIdentificationValue();
+ if (predicate.equals(MOAIdentificationValueType))
+ return authData.getIdentificationType();
if(predicate.equals("MOAIPAddress"))
return clientIPAddress;
else
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolver.java b/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolver.java
index 3f7a6872c..3958bb206 100644
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolver.java
+++ b/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolver.java
@@ -184,7 +184,7 @@ public class XMLLoginParameterResolver implements LoginParameterResolver {
String famName = resolveValue("MOAFamilyName", authData, clientIPAddress);
String givenName = resolveValue("MOAGivenName", authData, clientIPAddress);
String dateOfBirth = resolveValue("MOADateOfBirth", authData, clientIPAddress);
- String bPK = resolveValue("MOAVPK", authData, clientIPAddress);
+ String bPK = resolveValue("MOABPK", authData, clientIPAddress);
String userid = "";
String password = "";
LPRParams params = null;
@@ -247,7 +247,7 @@ public class XMLLoginParameterResolver implements LoginParameterResolver {
String famName = resolveValue("MOAFamilyName", authData, clientIPAddress);
String givenName = resolveValue("MOAGivenName", authData, clientIPAddress);
String dateOfBirth = resolveValue("MOADateOfBirth", authData, clientIPAddress);
- String bPK = resolveValue("MOAVPK", authData, clientIPAddress);
+ String bPK = resolveValue("MOABPK", authData, clientIPAddress);
String userid = "";
String password = "";
LPRParams params = null;
@@ -293,8 +293,8 @@ public class XMLLoginParameterResolver implements LoginParameterResolver {
return authData.getFamilyName();
if (predicate.equals("MOADateOfBirth"))
return authData.getDateOfBirth();
- if (predicate.equals("MOAVPK"))
- return authData.getVPK();
+ if (predicate.equals("MOABPK"))
+ return authData.getPBK();
if (predicate.equals("MOAPublicAuthority"))
if (authData.isPublicAuthority())
return "true";
@@ -307,8 +307,10 @@ public class XMLLoginParameterResolver implements LoginParameterResolver {
return "true";
else
return "false";
- if (predicate.equals("MOAZMRZahl"))
+ if (predicate.equals("MOAStammzahl"))
return authData.getIdentificationValue();
+ if (predicate.equals(MOAIdentificationValueType))
+ return authData.getIdentificationType();
if (predicate.equals("MOAIPAddress"))
return clientIPAddress;
else
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java b/id.server/src/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java
index ce0743b3d..a78a8d587 100644
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java
+++ b/id.server/src/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java
@@ -40,7 +40,7 @@ public class AuthenticationDataAssertionParser implements Constants {
private static String ATTRIBUTESTATEMENT_XPATH =
SAML + "AttributeStatement/";
/** Prefix for Element NameIdentifier in an Xpath-expression */
- private static String VPK_XPATH =
+ private static String BPK_XPATH =
ATTRIBUTESTATEMENT_XPATH +
SAML + "Subject/" +
SAML + "NameIdentifier";
@@ -51,10 +51,15 @@ public class AuthenticationDataAssertionParser implements Constants {
SAML + "AttributeValue/" +
PR + "Person/";
/** Prefix for Element Value in an Xpath-expression */
- private static String ZMRZAHL_XPATH =
+ private static String IDENTIFICATION_VALUE_XPATH =
PERSONDATA_XPATH +
PR + "Identification/" +
PR + "Value";
+ private static String IDENTIFICATION_TYPE_XPATH =
+ PERSONDATA_XPATH +
+ PR + "Identification/" +
+ PR + "Type";
+
/** Prefix for Element GivenName in an Xpath-expression */
private static String GIVEN_NAME_XPATH =
PERSONDATA_XPATH +
@@ -112,10 +117,12 @@ public class AuthenticationDataAssertionParser implements Constants {
XPathUtils.getAttributeValue(samlAssertion, ISSUER_XPATH, ""));
authData.setIssueInstant(
XPathUtils.getAttributeValue(samlAssertion, ISSUE_INSTANT_XPATH, ""));
- authData.setVPK(
- XPathUtils.getElementValue(samlAssertion, VPK_XPATH, ""));
+ authData.setPBK(
+ XPathUtils.getElementValue(samlAssertion, BPK_XPATH, ""));
authData.setIdentificationValue(
- XPathUtils.getElementValue(samlAssertion, ZMRZAHL_XPATH, ""));
+ XPathUtils.getElementValue(samlAssertion, IDENTIFICATION_VALUE_XPATH, ""));
+ authData.setIdentificationType(
+ XPathUtils.getElementValue(samlAssertion, IDENTIFICATION_TYPE_XPATH, ""));
authData.setGivenName(
XPathUtils.getElementValue(samlAssertion, GIVEN_NAME_XPATH, ""));
authData.setFamilyName(
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java b/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java
index d6ec4951b..4ab2e2cf7 100644
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java
+++ b/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java
@@ -1,17 +1,18 @@
package at.gv.egovernment.moa.id.proxy.servlet;
import java.io.IOException;
-import java.io.PrintWriter;
import java.text.DateFormat;
import java.util.Date;
import java.util.Locale;
+import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import at.gv.egovernment.moa.id.proxy.MOAIDProxyInitializer;
+import at.gv.egovernment.moa.id.util.HTTPRequestJSPForwarder;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.logging.Logger;
@@ -22,9 +23,6 @@ import at.gv.egovernment.moa.logging.Logger;
* @version $Id$
*/
public class ConfigurationServlet extends HttpServlet {
- /** The standard String for DTD Doc-type */
- private static final String DOC_TYPE =
- "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\">\n";
/**
* Handle a HTTP GET request, used to indicated that the MOA
@@ -36,13 +34,6 @@ public class ConfigurationServlet extends HttpServlet {
throws ServletException, IOException {
MOAIDMessageProvider msg = MOAIDMessageProvider.getInstance();
- PrintWriter out;
-
- response.setContentType("text/html");
- out = response.getWriter();
- out.println(DOC_TYPE);
- out.println("<head><title>MOA configuration update</title></head>");
- out.println("<body bgcolor=\"#FFFFFF\">");
try {
MOAIDProxyInitializer.initialize();
@@ -50,21 +41,12 @@ public class ConfigurationServlet extends HttpServlet {
{ DateFormat.getTimeInstance(DateFormat.MEDIUM, Locale.GERMAN).format(new Date())} );
Logger.info(message);
- //TODO low-priority: change to ErrorPage
- out.println("<p><b>");
- out.println(message);
- out.println("</b></p>");
+ HTTPRequestJSPForwarder.forwardNamed(message, "/message-proxy.jsp", getServletContext(), request, response);
} catch (Throwable t) {
String errorMessage = msg.getMessage("config.04", null);
Logger.error(errorMessage, t);
- out.println("<p><b>");
- out.println(errorMessage);
- out.println("</b></p>");
+ HTTPRequestJSPForwarder.forwardNamed(errorMessage, "/message-proxy.jsp", getServletContext(), request, response);
}
- out.println("</body>");
-
- out.flush();
- out.close();
}
/**
@@ -77,4 +59,13 @@ public class ConfigurationServlet extends HttpServlet {
doGet(request, response);
}
+/**
+ * Calls the web application initializer.
+ *
+ * @see javax.servlet.Servlet#init(ServletConfig)
+ */
+public void init(ServletConfig servletConfig) throws ServletException {
+ super.init(servletConfig);
}
+
+} \ No newline at end of file
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
index 362849fb1..7980778d9 100644
--- a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
+++ b/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
@@ -3,7 +3,6 @@ package at.gv.egovernment.moa.id.proxy.servlet;
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.IOException;
-import java.io.OutputStream;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.net.HttpURLConnection;
@@ -14,7 +13,9 @@ import java.util.Iterator;
import java.util.Map;
import javax.net.ssl.SSLSocketFactory;
+import javax.servlet.RequestDispatcher;
import javax.servlet.ServletConfig;
+import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
@@ -39,6 +40,7 @@ import at.gv.egovernment.moa.id.proxy.LoginParameterResolver;
import at.gv.egovernment.moa.id.proxy.LoginParameterResolverException;
import at.gv.egovernment.moa.id.proxy.LoginParameterResolverFactory;
import at.gv.egovernment.moa.id.proxy.MOAIDProxyInitializer;
+import at.gv.egovernment.moa.id.proxy.NotAllowedException;
import at.gv.egovernment.moa.id.proxy.invoke.GetAuthenticationDataInvoker;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.util.SSLUtils;
@@ -67,6 +69,8 @@ public class ProxyServlet extends HttpServlet {
private static final String ATT_LOGIN_HEADERS = "LoginHeaders";
/** Name of the Attribute for the LoginParameters */
private static final String ATT_LOGIN_PARAMETERS = "LoginParameters";
+ /** Name of the Attribute for the SAMLARTIFACT */
+ private static final String ATT_SAML_ARTIFACT = "SamlArtifact";
/**
* @see javax.servlet.http.HttpServlet#service(HttpServletRequest, HttpServletResponse)
@@ -75,17 +79,25 @@ public class ProxyServlet extends HttpServlet {
Logger.debug("getRequestURL:" + req.getRequestURL().toString());
try {
- if (req.getParameter(PARAM_SAMLARTIFACT) != null && req.getParameter(PARAM_TARGET) != null)
- login(req, resp);
+ if (req.getParameter(PARAM_SAMLARTIFACT) != null && req.getParameter(PARAM_TARGET) != null) {
+
+ // check if SAML Artifact was already used in this session (in case of page reload)
+ HttpSession session = req.getSession();
+ if(null != session && req.getParameter(PARAM_SAMLARTIFACT).equals(session.getAttribute(ATT_SAML_ARTIFACT))) {
+ tunnelRequest(req, resp);
+ } else
+ // it is the first time that the SAML Artifact was used
+ login(req, resp);
+ }
else
tunnelRequest(req, resp);
}
catch (MOAIDException ex) {
- handleError(resp, ex.toString(), ex);
+ handleError(ex.getMessage(), ex, req, resp);
}
catch (Throwable ex) {
- handleError(resp, ex.toString(), ex);
- }
+ handleError(ex.getMessage(), ex, req, resp);
+ }
}
/**
@@ -113,8 +125,15 @@ public class ProxyServlet extends HttpServlet {
// String target = req.getParameter(PARAM_TARGET); parameter given but not processed
// get authentication data from the MOA-ID Auth component
- AuthenticationData authData = new GetAuthenticationDataInvoker().getAuthenticationData(samlArtifact);
-
+ AuthenticationData authData;
+ try {
+ authData = new GetAuthenticationDataInvoker().getAuthenticationData(samlArtifact);
+ } catch (ServiceException ex) {
+ throw new ProxyException("proxy.14", new Object[] {ex});
+ } catch (ProxyException ex) {
+ throw new ProxyException("proxy.14", new Object[] {ex});
+ }
+
String urlRequested = req.getRequestURL().toString();
// read configuration data
@@ -129,29 +148,34 @@ public class ProxyServlet extends HttpServlet {
ConnectionParameter oaConnParam = oaParam.getConnectionParameter();
String realURLPrefix = oaConnParam.getUrl();
- // resolve login parameters to be forwarded to online application
- LoginParameterResolver lpr = LoginParameterResolverFactory.getLoginParameterResolver(publicURLPrefix);
+ // resolve login parameters to be forwarded to online application
+ LoginParameterResolver lpr =
+ LoginParameterResolverFactory.getLoginParameterResolver(publicURLPrefix);
String clientIPAddress = req.getRemoteAddr();
Map loginHeaders = null;
Map loginParameters = null;
try {
- if (oaConf.getAuthType().equals(OAConfiguration.PARAM_AUTH))
- loginParameters = lpr.getAuthenticationParameters(oaConf, authData, clientIPAddress);
- else
- loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, clientIPAddress);
-
- } catch (LoginParameterResolverException ex) {
- throw new ProxyException("proxy.13", new Object[] { publicURLPrefix });
- }
+ if (oaConf.getAuthType().equals(OAConfiguration.PARAM_AUTH))
+ loginParameters = lpr.getAuthenticationParameters(oaConf, authData, clientIPAddress);
+ else
+ loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, clientIPAddress);
+
+ } catch (LoginParameterResolverException ex) {
+ throw new ProxyException("proxy.13", new Object[] { publicURLPrefix });
+ } catch (NotAllowedException e) {
+ throw new ProxyException("proxy.15", new Object[] { });
+ }
// setup SSLSocketFactory for communication with the online application
SSLSocketFactory ssf = null;
if (oaConnParam.isHTTPSURL()) {
try {
ssf = SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam);
- }
- catch (Throwable ex) {
- throw new ProxyException("proxy.05", new Object[] { oaConnParam.getUrl(), ex.toString()}, ex);
+ } catch (Throwable ex) {
+ throw new ProxyException(
+ "proxy.05",
+ new Object[] { oaConnParam.getUrl(), ex.toString()},
+ ex);
}
}
@@ -160,6 +184,7 @@ public class ProxyServlet extends HttpServlet {
String loginType = oaConf.getLoginType();
Logger.debug("Login type: " + loginType);
if (loginType.equals(OAConfiguration.LOGINTYPE_STATELESS)) {
+
HttpSession session = req.getSession();
int sessionTimeOut = oaParam.getSessionTimeOut();
if (sessionTimeOut == 0)
@@ -170,24 +195,40 @@ public class ProxyServlet extends HttpServlet {
session.setAttribute(ATT_SSL_SOCKET_FACTORY, ssf);
session.setAttribute(ATT_LOGIN_HEADERS, loginHeaders);
session.setAttribute(ATT_LOGIN_PARAMETERS, loginParameters);
+ session.setAttribute(ATT_SAML_ARTIFACT, samlArtifact);
Logger.debug("moa-id-proxy: HTTPSession angelegt");
}
-
- // tunnel request to the online application
- int respcode = tunnelRequest(req, resp, loginHeaders, loginParameters, publicURLPrefix, realURLPrefix, ssf);
- if (respcode == 401)
- {
- Logger.debug("Got 401, trying again");
- respcode = tunnelRequest(req, resp, loginHeaders, loginParameters, publicURLPrefix, realURLPrefix, ssf);
- if (respcode == 401)
- throw new ProxyException("proxy.12", new Object[] { realURLPrefix});
- }
- }
- catch (ProxyException ex) {
- throw new ProxyException("proxy.12", new Object[] { realURLPrefix});
- }
- catch (Throwable ex) {
+
+ // tunnel request to the online application
+ int respcode =
+ tunnelRequest(
+ req,
+ resp,
+ loginHeaders,
+ loginParameters,
+ publicURLPrefix,
+ realURLPrefix,
+ ssf);
+ if (respcode == 401) {
+ Logger.debug("Got 401, trying again");
+
+ respcode =
+ tunnelRequest(
+ req,
+ resp,
+ loginHeaders,
+ loginParameters,
+ publicURLPrefix,
+ realURLPrefix,
+ ssf);
+ if (respcode == 401)
+ throw new ProxyException("proxy.12", new Object[] { realURLPrefix });
+ }
+ } catch (ProxyException ex) {
+ throw new ProxyException("proxy.12", new Object[] { realURLPrefix });
+
+ } catch (Throwable ex) {
throw new ProxyException("proxy.04", new Object[] { urlRequested, ex.toString()}, ex);
}
}
@@ -202,9 +243,15 @@ public class ProxyServlet extends HttpServlet {
Logger.debug("Tunnel request (stateless)");
HttpSession session = req.getSession(false);
+
if (session == null)
throw new ProxyException("proxy.07", null);
String publicURLPrefix = (String) session.getAttribute(ATT_PUBLIC_URLPREFIX);
+ //A sesssion is automatically created when forwarded 1st time to errorpage-proxy.jsp (with the handleError method)
+ //additional check if publicURLPrefix is OK, if not throw an Exception
+ if (publicURLPrefix == null)
+ throw new ProxyException("proxy.07", null);
+
String realURLPrefix = (String) session.getAttribute(ATT_REAL_URLPREFIX);
SSLSocketFactory ssf = (SSLSocketFactory) session.getAttribute(ATT_SSL_SOCKET_FACTORY);
Map loginHeaders = (Map) session.getAttribute(ATT_LOGIN_HEADERS);
@@ -487,6 +534,7 @@ private boolean isTransferEncodingChunkedHeader(String headerKey, String headerV
* @see javax.servlet.Servlet#init(ServletConfig)
*/
public void init(ServletConfig servletConfig) throws ServletException {
+ super.init(servletConfig);
try {
MOAIDProxyInitializer.initialize();
Logger.info(MOAIDMessageProvider.getInstance().getMessage("proxy.00", null));
@@ -496,42 +544,47 @@ public void init(ServletConfig servletConfig) throws ServletException {
throw new ServletException(ex);
}
}
+
/**
- * Handles an error in proxying the request.
+ * Handles an error. <br>
* <ul>
- * <li>Logs the error.</li>
- * <li>Outputs an HTML error page.</li>
+ * <li>Logs the error</li>
+ * <li>Places error message and exception thrown into the request
+ * as request attributes (to be used by <code>"/errorpage-proxy.jsp"</code>)</li>
+ * <li>Sets HTTP status 500 (internal server error)</li>
* </ul>
- * @param resp the HttpServletResponse
- * @param errorMessage error message to be used
- * @param ex the exception to be logged
+ *
+ * @param errorMessage error message
+ * @param exceptionThrown exception thrown
+ * @param req servlet request
+ * @param resp servlet response
*/
-private void handleError(HttpServletResponse resp, String errorMessage, Throwable ex) {
- Logger.error(errorMessage, ex);
- String htmlCode =
- "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\">"
- + "<html><head><title>"
- + MOAIDMessageProvider.getInstance().getMessage("proxy.10", null)
- + "</title></head><body>"
- + "<h1>"
- + MOAIDMessageProvider.getInstance().getMessage("proxy.10", null)
- + "</h1>"
- + "<p>"
- + MOAIDMessageProvider.getInstance().getMessage("proxy.11", null)
- + "</p>"
- + "<p>"
- + errorMessage
- + "</p>"
- + "</body></html>";
- resp.setContentType("text/html");
- try {
- OutputStream respOut = resp.getOutputStream();
- respOut.write(htmlCode.getBytes());
- respOut.flush();
- }
- catch (IOException ioex) {
- Logger.error("", ioex);
- }
+protected void handleError(
+ String errorMessage, Throwable exceptionThrown, HttpServletRequest req, HttpServletResponse resp) {
+
+
+ if(null != errorMessage) {
+ Logger.error(errorMessage);
+ req.setAttribute("ErrorMessage", errorMessage );
+ }
+
+ if (null != exceptionThrown) {
+ if(null == errorMessage) errorMessage = exceptionThrown.getMessage();
+ Logger.error(errorMessage, exceptionThrown);
+ //req.setAttribute("ExceptionThrown", exceptionThrown);
+ }
+
+ //forward this to errorpage-proxy.jsp wher the HTML error page is generated
+ ServletContext context = getServletContext();
+ RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage-proxy.jsp");
+ try {
+ dispatcher.forward(req, resp);
+ } catch (ServletException e) {
+ Logger.error(e);
+ } catch (IOException e) {
+ Logger.error(e);
+ }
+
}
}