diff options
| author | rudolf <rudolf@d688527b-c9ab-4aba-bd8d-4036d912da1d> | 2004-03-15 16:07:52 +0000 |
|---|---|---|
| committer | rudolf <rudolf@d688527b-c9ab-4aba-bd8d-4036d912da1d> | 2004-03-15 16:07:52 +0000 |
| commit | 56ed4518d7978c064af5f240494bf587136c93b0 (patch) | |
| tree | f7d9a57b7915d3b269d2550c9282138b624efa57 /id.server/src/at/gv/egovernment/moa/id/proxy | |
| parent | 747a8963ec0ffde4c6883dd1c42ad758a88b084c (diff) | |
| download | moa-id-spss-56ed4518d7978c064af5f240494bf587136c93b0.tar.gz moa-id-spss-56ed4518d7978c064af5f240494bf587136c93b0.tar.bz2 moa-id-spss-56ed4518d7978c064af5f240494bf587136c93b0.zip | |
RSCH
git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@99 d688527b-c9ab-4aba-bd8d-4036d912da1d
Diffstat (limited to 'id.server/src/at/gv/egovernment/moa/id/proxy')
9 files changed, 238 insertions, 131 deletions
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java b/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java index 2ac8fe28e..bdadcbb81 100644 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java +++ b/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java @@ -36,7 +36,7 @@ public class DefaultConnectionBuilder implements ConnectionBuilder { disableHostnameVerification = BoolUtils.valueOf( ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter( "ProxyComponent.DisableHostnameVerification")); - //TODO undocumented feature + //TODO MOA-ID BRZ undocumented feature if (disableHostnameVerification) Logger.warn("ProxyComponent.DisableHostnameVerification: " + disableHostnameVerification); } diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java b/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java index 033a74934..77f6652f3 100644 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java +++ b/id.server/src/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java @@ -1,6 +1,7 @@ package at.gv.egovernment.moa.id.proxy; import java.io.IOException; +import java.io.UnsupportedEncodingException; import java.util.HashMap; import java.util.Iterator; import java.util.Map; @@ -8,6 +9,7 @@ import java.util.Map; import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.URLEncoder; /** * Implementation of interface <code>LoginParameterResolver</code> @@ -79,7 +81,14 @@ public class DefaultLoginParameterResolver implements LoginParameterResolver { for (Iterator iter = oaConf.getParamAuthMapping().keySet().iterator(); iter.hasNext();) { String key = (String) iter.next(); String predicate = (String) oaConf.getParamAuthMapping().get(key); - String resolvedValue = resolveValue(predicate, authData, clientIPAddress); + String resolvedValue; + try { + resolvedValue = + URLEncoder.encode(resolveValue(predicate, authData, clientIPAddress), "ISO-8859-1"); + } catch (UnsupportedEncodingException e) { + //ISO-8859-1 is supported + resolvedValue = null; + } result.put(key, resolvedValue); } } @@ -97,27 +106,29 @@ public class DefaultLoginParameterResolver implements LoginParameterResolver { private static String resolveValue(String predicate, AuthenticationData authData, String clientIPAddress) { if (predicate.equals(MOAGivenName)) return authData.getGivenName(); - else if (predicate.equals(MOAFamilyName)) + if (predicate.equals(MOAFamilyName)) return authData.getFamilyName(); - else if (predicate.equals(MOADateOfBirth)) + if (predicate.equals(MOADateOfBirth)) return authData.getDateOfBirth(); - else if (predicate.equals(MOAVPK)) - return authData.getVPK(); - else if (predicate.equals(MOAPublicAuthority)) + if (predicate.equals(MOABPK)) + return authData.getPBK(); + if (predicate.equals(MOAPublicAuthority)) if (authData.isPublicAuthority()) return "true"; else return "false"; - else if (predicate.equals(MOABKZ)) + if (predicate.equals(MOABKZ)) return authData.getPublicAuthorityCode(); - else if (predicate.equals(MOAQualifiedCertificate)) + if (predicate.equals(MOAQualifiedCertificate)) if (authData.isQualifiedCertificate()) return "true"; else return "false"; - else if (predicate.equals(MOAZMRZahl)) + if (predicate.equals(MOAStammzahl)) return authData.getIdentificationValue(); - else if (predicate.equals(MOAIPAddress)) + if (predicate.equals(MOAIdentificationValueType)) + return authData.getIdentificationType(); + if (predicate.equals(MOAIPAddress)) return clientIPAddress; else return null; } diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java b/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java index 434a4f674..c391fc16f 100644 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java +++ b/id.server/src/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java @@ -15,25 +15,27 @@ import at.gv.egovernment.moa.id.data.AuthenticationData; */ public interface LoginParameterResolver { - /** Constants used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code>, + /** Constants used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code>, * naming predicates used by the <code>LoginParameterResolver</code>. */ public static final String MOAGivenName = "MOAGivenName"; - /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */ + /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */ public static final String MOAFamilyName = "MOAFamilyName"; - /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */ + /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */ public static final String MOADateOfBirth = "MOADateOfBirth"; - /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */ - public static final String MOAVPK = "MOAVPK"; - /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */ + /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */ + public static final String MOABPK = "MOABPK"; + /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */ public static final String MOAPublicAuthority = "MOAPublicAuthority"; - /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */ + /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */ public static final String MOABKZ = "MOABKZ"; - /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */ + /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */ public static final String MOAQualifiedCertificate = "MOAQualifiedCertificate"; - /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */ - public static final String MOAZMRZahl = "MOAZMRZahl"; - /** Constant used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code> */ + /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */ + public static final String MOAStammzahl = "MOAStammzahl"; + /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */ + public static final String MOAIdentificationValueType = "MOAIdentificationValueType"; + /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */ public static final String MOAIPAddress = "MOAIPAddress"; /** @@ -52,7 +54,7 @@ public interface LoginParameterResolver { public Map getAuthenticationHeaders( OAConfiguration oaConf, AuthenticationData authData, - String clientIPAddress) throws LoginParameterResolverException; + String clientIPAddress) throws LoginParameterResolverException, NotAllowedException; /** * Returns request parameters to be added to a URLConnection. @@ -70,6 +72,6 @@ public interface LoginParameterResolver { AuthenticationData authData, String clientIPAddress) throws LoginParameterResolverException; - public void configure(String configuration) throws LoginParameterResolverException; + public void configure(String configuration) throws LoginParameterResolverException, NotAllowedException; } diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/NotAllowedException.java b/id.server/src/at/gv/egovernment/moa/id/proxy/NotAllowedException.java new file mode 100644 index 000000000..849160a7b --- /dev/null +++ b/id.server/src/at/gv/egovernment/moa/id/proxy/NotAllowedException.java @@ -0,0 +1,39 @@ +package at.gv.egovernment.moa.id.proxy; + +import at.gv.egovernment.moa.id.MOAIDException; + +/** + * Exception thrown while proxying a request to the online application + * Reason for this exception: the dedicated LoginParameterResolver does + * not allow access to the desired ressource. + * + * @author Rudolf Schamberger + * @version $Id$ + */ +public class NotAllowedException extends MOAIDException { + + /** + * Constructor for NotAllowedException. + * @param messageId + * @param parameters + */ + public NotAllowedException( + String messageId, + Object[] parameters) { + super(messageId, parameters); + } + + /** + * Constructor for NotAllowedException. + * @param messageId + * @param parameters + * @param wrapped + */ + public NotAllowedException( + String messageId, + Object[] parameters, + Throwable wrapped) { + super(messageId, parameters, wrapped); + } + +} diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/OldXMLLoginParameterResolver.java b/id.server/src/at/gv/egovernment/moa/id/proxy/OldXMLLoginParameterResolver.java index c53ed30a6..9766ef57b 100644 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/OldXMLLoginParameterResolver.java +++ b/id.server/src/at/gv/egovernment/moa/id/proxy/OldXMLLoginParameterResolver.java @@ -11,9 +11,9 @@ import org.w3c.dom.*; // Referenced classes of package at.gv.egovernment.moa.id.proxy: // LoginParameterResolver -// Old Implementation of XMLLoginParameterResolver (used to migrate old labs applications rapidely to -// version 1.1.1 of MOA-ID -// TODO RS migrate this to XMLLoginParameterResolver +// Old Implementation of XMLLoginParameterResolver +// +// TODO MOA-ID CIO internal: migrate this to XMLLoginParameterResolver public class OldXMLLoginParameterResolver @@ -98,7 +98,7 @@ public class OldXMLLoginParameterResolver { String famName = resolveValue("MOAFamilyName", authData, clientIPAddress); String givenName = resolveValue("MOAGivenName", authData, clientIPAddress); - String bPK = resolveValue("MOAVPK", authData, clientIPAddress); + String bPK = resolveValue("MOABPK", authData, clientIPAddress); String userid = ""; String password = ""; LPRParams params = null; @@ -193,8 +193,8 @@ public class OldXMLLoginParameterResolver return authData.getFamilyName(); if(predicate.equals("MOADateOfBirth")) return authData.getDateOfBirth(); - if(predicate.equals("MOAVPK")) - return authData.getVPK(); + if(predicate.equals("MOABPK")) + return authData.getPBK(); if(predicate.equals("MOAPublicAuthority")) if(authData.isPublicAuthority()) return "true"; @@ -207,8 +207,10 @@ public class OldXMLLoginParameterResolver return "true"; else return "false"; - if(predicate.equals("MOAZMRZahl")) + if(predicate.equals("MOAStammzahl")) return authData.getIdentificationValue(); + if (predicate.equals(MOAIdentificationValueType)) + return authData.getIdentificationType(); if(predicate.equals("MOAIPAddress")) return clientIPAddress; else diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolver.java b/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolver.java index 3f7a6872c..3958bb206 100644 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolver.java +++ b/id.server/src/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolver.java @@ -184,7 +184,7 @@ public class XMLLoginParameterResolver implements LoginParameterResolver { String famName = resolveValue("MOAFamilyName", authData, clientIPAddress); String givenName = resolveValue("MOAGivenName", authData, clientIPAddress); String dateOfBirth = resolveValue("MOADateOfBirth", authData, clientIPAddress); - String bPK = resolveValue("MOAVPK", authData, clientIPAddress); + String bPK = resolveValue("MOABPK", authData, clientIPAddress); String userid = ""; String password = ""; LPRParams params = null; @@ -247,7 +247,7 @@ public class XMLLoginParameterResolver implements LoginParameterResolver { String famName = resolveValue("MOAFamilyName", authData, clientIPAddress); String givenName = resolveValue("MOAGivenName", authData, clientIPAddress); String dateOfBirth = resolveValue("MOADateOfBirth", authData, clientIPAddress); - String bPK = resolveValue("MOAVPK", authData, clientIPAddress); + String bPK = resolveValue("MOABPK", authData, clientIPAddress); String userid = ""; String password = ""; LPRParams params = null; @@ -293,8 +293,8 @@ public class XMLLoginParameterResolver implements LoginParameterResolver { return authData.getFamilyName(); if (predicate.equals("MOADateOfBirth")) return authData.getDateOfBirth(); - if (predicate.equals("MOAVPK")) - return authData.getVPK(); + if (predicate.equals("MOABPK")) + return authData.getPBK(); if (predicate.equals("MOAPublicAuthority")) if (authData.isPublicAuthority()) return "true"; @@ -307,8 +307,10 @@ public class XMLLoginParameterResolver implements LoginParameterResolver { return "true"; else return "false"; - if (predicate.equals("MOAZMRZahl")) + if (predicate.equals("MOAStammzahl")) return authData.getIdentificationValue(); + if (predicate.equals(MOAIdentificationValueType)) + return authData.getIdentificationType(); if (predicate.equals("MOAIPAddress")) return clientIPAddress; else diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java b/id.server/src/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java index ce0743b3d..a78a8d587 100644 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java +++ b/id.server/src/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java @@ -40,7 +40,7 @@ public class AuthenticationDataAssertionParser implements Constants { private static String ATTRIBUTESTATEMENT_XPATH = SAML + "AttributeStatement/"; /** Prefix for Element NameIdentifier in an Xpath-expression */ - private static String VPK_XPATH = + private static String BPK_XPATH = ATTRIBUTESTATEMENT_XPATH + SAML + "Subject/" + SAML + "NameIdentifier"; @@ -51,10 +51,15 @@ public class AuthenticationDataAssertionParser implements Constants { SAML + "AttributeValue/" + PR + "Person/"; /** Prefix for Element Value in an Xpath-expression */ - private static String ZMRZAHL_XPATH = + private static String IDENTIFICATION_VALUE_XPATH = PERSONDATA_XPATH + PR + "Identification/" + PR + "Value"; + private static String IDENTIFICATION_TYPE_XPATH = + PERSONDATA_XPATH + + PR + "Identification/" + + PR + "Type"; + /** Prefix for Element GivenName in an Xpath-expression */ private static String GIVEN_NAME_XPATH = PERSONDATA_XPATH + @@ -112,10 +117,12 @@ public class AuthenticationDataAssertionParser implements Constants { XPathUtils.getAttributeValue(samlAssertion, ISSUER_XPATH, "")); authData.setIssueInstant( XPathUtils.getAttributeValue(samlAssertion, ISSUE_INSTANT_XPATH, "")); - authData.setVPK( - XPathUtils.getElementValue(samlAssertion, VPK_XPATH, "")); + authData.setPBK( + XPathUtils.getElementValue(samlAssertion, BPK_XPATH, "")); authData.setIdentificationValue( - XPathUtils.getElementValue(samlAssertion, ZMRZAHL_XPATH, "")); + XPathUtils.getElementValue(samlAssertion, IDENTIFICATION_VALUE_XPATH, "")); + authData.setIdentificationType( + XPathUtils.getElementValue(samlAssertion, IDENTIFICATION_TYPE_XPATH, "")); authData.setGivenName( XPathUtils.getElementValue(samlAssertion, GIVEN_NAME_XPATH, "")); authData.setFamilyName( diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java b/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java index d6ec4951b..4ab2e2cf7 100644 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java +++ b/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java @@ -1,17 +1,18 @@ package at.gv.egovernment.moa.id.proxy.servlet; import java.io.IOException; -import java.io.PrintWriter; import java.text.DateFormat; import java.util.Date; import java.util.Locale; +import javax.servlet.ServletConfig; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import at.gv.egovernment.moa.id.proxy.MOAIDProxyInitializer; +import at.gv.egovernment.moa.id.util.HTTPRequestJSPForwarder; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.logging.Logger; @@ -22,9 +23,6 @@ import at.gv.egovernment.moa.logging.Logger; * @version $Id$ */ public class ConfigurationServlet extends HttpServlet { - /** The standard String for DTD Doc-type */ - private static final String DOC_TYPE = - "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\">\n"; /** * Handle a HTTP GET request, used to indicated that the MOA @@ -36,13 +34,6 @@ public class ConfigurationServlet extends HttpServlet { throws ServletException, IOException { MOAIDMessageProvider msg = MOAIDMessageProvider.getInstance(); - PrintWriter out; - - response.setContentType("text/html"); - out = response.getWriter(); - out.println(DOC_TYPE); - out.println("<head><title>MOA configuration update</title></head>"); - out.println("<body bgcolor=\"#FFFFFF\">"); try { MOAIDProxyInitializer.initialize(); @@ -50,21 +41,12 @@ public class ConfigurationServlet extends HttpServlet { { DateFormat.getTimeInstance(DateFormat.MEDIUM, Locale.GERMAN).format(new Date())} ); Logger.info(message); - //TODO low-priority: change to ErrorPage - out.println("<p><b>"); - out.println(message); - out.println("</b></p>"); + HTTPRequestJSPForwarder.forwardNamed(message, "/message-proxy.jsp", getServletContext(), request, response); } catch (Throwable t) { String errorMessage = msg.getMessage("config.04", null); Logger.error(errorMessage, t); - out.println("<p><b>"); - out.println(errorMessage); - out.println("</b></p>"); + HTTPRequestJSPForwarder.forwardNamed(errorMessage, "/message-proxy.jsp", getServletContext(), request, response); } - out.println("</body>"); - - out.flush(); - out.close(); } /** @@ -77,4 +59,13 @@ public class ConfigurationServlet extends HttpServlet { doGet(request, response); } +/** + * Calls the web application initializer. + * + * @see javax.servlet.Servlet#init(ServletConfig) + */ +public void init(ServletConfig servletConfig) throws ServletException { + super.init(servletConfig); } + +}
\ No newline at end of file diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java index 362849fb1..7980778d9 100644 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java +++ b/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java @@ -3,7 +3,6 @@ package at.gv.egovernment.moa.id.proxy.servlet; import java.io.BufferedInputStream; import java.io.BufferedOutputStream; import java.io.IOException; -import java.io.OutputStream; import java.io.PrintWriter; import java.io.StringWriter; import java.net.HttpURLConnection; @@ -14,7 +13,9 @@ import java.util.Iterator; import java.util.Map; import javax.net.ssl.SSLSocketFactory; +import javax.servlet.RequestDispatcher; import javax.servlet.ServletConfig; +import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; @@ -39,6 +40,7 @@ import at.gv.egovernment.moa.id.proxy.LoginParameterResolver; import at.gv.egovernment.moa.id.proxy.LoginParameterResolverException; import at.gv.egovernment.moa.id.proxy.LoginParameterResolverFactory; import at.gv.egovernment.moa.id.proxy.MOAIDProxyInitializer; +import at.gv.egovernment.moa.id.proxy.NotAllowedException; import at.gv.egovernment.moa.id.proxy.invoke.GetAuthenticationDataInvoker; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.SSLUtils; @@ -67,6 +69,8 @@ public class ProxyServlet extends HttpServlet { private static final String ATT_LOGIN_HEADERS = "LoginHeaders"; /** Name of the Attribute for the LoginParameters */ private static final String ATT_LOGIN_PARAMETERS = "LoginParameters"; + /** Name of the Attribute for the SAMLARTIFACT */ + private static final String ATT_SAML_ARTIFACT = "SamlArtifact"; /** * @see javax.servlet.http.HttpServlet#service(HttpServletRequest, HttpServletResponse) @@ -75,17 +79,25 @@ public class ProxyServlet extends HttpServlet { Logger.debug("getRequestURL:" + req.getRequestURL().toString()); try { - if (req.getParameter(PARAM_SAMLARTIFACT) != null && req.getParameter(PARAM_TARGET) != null) - login(req, resp); + if (req.getParameter(PARAM_SAMLARTIFACT) != null && req.getParameter(PARAM_TARGET) != null) { + + // check if SAML Artifact was already used in this session (in case of page reload) + HttpSession session = req.getSession(); + if(null != session && req.getParameter(PARAM_SAMLARTIFACT).equals(session.getAttribute(ATT_SAML_ARTIFACT))) { + tunnelRequest(req, resp); + } else + // it is the first time that the SAML Artifact was used + login(req, resp); + } else tunnelRequest(req, resp); } catch (MOAIDException ex) { - handleError(resp, ex.toString(), ex); + handleError(ex.getMessage(), ex, req, resp); } catch (Throwable ex) { - handleError(resp, ex.toString(), ex); - } + handleError(ex.getMessage(), ex, req, resp); + } } /** @@ -113,8 +125,15 @@ public class ProxyServlet extends HttpServlet { // String target = req.getParameter(PARAM_TARGET); parameter given but not processed // get authentication data from the MOA-ID Auth component - AuthenticationData authData = new GetAuthenticationDataInvoker().getAuthenticationData(samlArtifact); - + AuthenticationData authData; + try { + authData = new GetAuthenticationDataInvoker().getAuthenticationData(samlArtifact); + } catch (ServiceException ex) { + throw new ProxyException("proxy.14", new Object[] {ex}); + } catch (ProxyException ex) { + throw new ProxyException("proxy.14", new Object[] {ex}); + } + String urlRequested = req.getRequestURL().toString(); // read configuration data @@ -129,29 +148,34 @@ public class ProxyServlet extends HttpServlet { ConnectionParameter oaConnParam = oaParam.getConnectionParameter(); String realURLPrefix = oaConnParam.getUrl(); - // resolve login parameters to be forwarded to online application - LoginParameterResolver lpr = LoginParameterResolverFactory.getLoginParameterResolver(publicURLPrefix); + // resolve login parameters to be forwarded to online application + LoginParameterResolver lpr = + LoginParameterResolverFactory.getLoginParameterResolver(publicURLPrefix); String clientIPAddress = req.getRemoteAddr(); Map loginHeaders = null; Map loginParameters = null; try { - if (oaConf.getAuthType().equals(OAConfiguration.PARAM_AUTH)) - loginParameters = lpr.getAuthenticationParameters(oaConf, authData, clientIPAddress); - else - loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, clientIPAddress); - - } catch (LoginParameterResolverException ex) { - throw new ProxyException("proxy.13", new Object[] { publicURLPrefix }); - } + if (oaConf.getAuthType().equals(OAConfiguration.PARAM_AUTH)) + loginParameters = lpr.getAuthenticationParameters(oaConf, authData, clientIPAddress); + else + loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, clientIPAddress); + + } catch (LoginParameterResolverException ex) { + throw new ProxyException("proxy.13", new Object[] { publicURLPrefix }); + } catch (NotAllowedException e) { + throw new ProxyException("proxy.15", new Object[] { }); + } // setup SSLSocketFactory for communication with the online application SSLSocketFactory ssf = null; if (oaConnParam.isHTTPSURL()) { try { ssf = SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam); - } - catch (Throwable ex) { - throw new ProxyException("proxy.05", new Object[] { oaConnParam.getUrl(), ex.toString()}, ex); + } catch (Throwable ex) { + throw new ProxyException( + "proxy.05", + new Object[] { oaConnParam.getUrl(), ex.toString()}, + ex); } } @@ -160,6 +184,7 @@ public class ProxyServlet extends HttpServlet { String loginType = oaConf.getLoginType(); Logger.debug("Login type: " + loginType); if (loginType.equals(OAConfiguration.LOGINTYPE_STATELESS)) { + HttpSession session = req.getSession(); int sessionTimeOut = oaParam.getSessionTimeOut(); if (sessionTimeOut == 0) @@ -170,24 +195,40 @@ public class ProxyServlet extends HttpServlet { session.setAttribute(ATT_SSL_SOCKET_FACTORY, ssf); session.setAttribute(ATT_LOGIN_HEADERS, loginHeaders); session.setAttribute(ATT_LOGIN_PARAMETERS, loginParameters); + session.setAttribute(ATT_SAML_ARTIFACT, samlArtifact); Logger.debug("moa-id-proxy: HTTPSession angelegt"); } - - // tunnel request to the online application - int respcode = tunnelRequest(req, resp, loginHeaders, loginParameters, publicURLPrefix, realURLPrefix, ssf); - if (respcode == 401) - { - Logger.debug("Got 401, trying again"); - respcode = tunnelRequest(req, resp, loginHeaders, loginParameters, publicURLPrefix, realURLPrefix, ssf); - if (respcode == 401) - throw new ProxyException("proxy.12", new Object[] { realURLPrefix}); - } - } - catch (ProxyException ex) { - throw new ProxyException("proxy.12", new Object[] { realURLPrefix}); - } - catch (Throwable ex) { + + // tunnel request to the online application + int respcode = + tunnelRequest( + req, + resp, + loginHeaders, + loginParameters, + publicURLPrefix, + realURLPrefix, + ssf); + if (respcode == 401) { + Logger.debug("Got 401, trying again"); + + respcode = + tunnelRequest( + req, + resp, + loginHeaders, + loginParameters, + publicURLPrefix, + realURLPrefix, + ssf); + if (respcode == 401) + throw new ProxyException("proxy.12", new Object[] { realURLPrefix }); + } + } catch (ProxyException ex) { + throw new ProxyException("proxy.12", new Object[] { realURLPrefix }); + + } catch (Throwable ex) { throw new ProxyException("proxy.04", new Object[] { urlRequested, ex.toString()}, ex); } } @@ -202,9 +243,15 @@ public class ProxyServlet extends HttpServlet { Logger.debug("Tunnel request (stateless)"); HttpSession session = req.getSession(false); + if (session == null) throw new ProxyException("proxy.07", null); String publicURLPrefix = (String) session.getAttribute(ATT_PUBLIC_URLPREFIX); + //A sesssion is automatically created when forwarded 1st time to errorpage-proxy.jsp (with the handleError method) + //additional check if publicURLPrefix is OK, if not throw an Exception + if (publicURLPrefix == null) + throw new ProxyException("proxy.07", null); + String realURLPrefix = (String) session.getAttribute(ATT_REAL_URLPREFIX); SSLSocketFactory ssf = (SSLSocketFactory) session.getAttribute(ATT_SSL_SOCKET_FACTORY); Map loginHeaders = (Map) session.getAttribute(ATT_LOGIN_HEADERS); @@ -487,6 +534,7 @@ private boolean isTransferEncodingChunkedHeader(String headerKey, String headerV * @see javax.servlet.Servlet#init(ServletConfig) */ public void init(ServletConfig servletConfig) throws ServletException { + super.init(servletConfig); try { MOAIDProxyInitializer.initialize(); Logger.info(MOAIDMessageProvider.getInstance().getMessage("proxy.00", null)); @@ -496,42 +544,47 @@ public void init(ServletConfig servletConfig) throws ServletException { throw new ServletException(ex); } } + /** - * Handles an error in proxying the request. + * Handles an error. <br> * <ul> - * <li>Logs the error.</li> - * <li>Outputs an HTML error page.</li> + * <li>Logs the error</li> + * <li>Places error message and exception thrown into the request + * as request attributes (to be used by <code>"/errorpage-proxy.jsp"</code>)</li> + * <li>Sets HTTP status 500 (internal server error)</li> * </ul> - * @param resp the HttpServletResponse - * @param errorMessage error message to be used - * @param ex the exception to be logged + * + * @param errorMessage error message + * @param exceptionThrown exception thrown + * @param req servlet request + * @param resp servlet response */ -private void handleError(HttpServletResponse resp, String errorMessage, Throwable ex) { - Logger.error(errorMessage, ex); - String htmlCode = - "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\">" - + "<html><head><title>" - + MOAIDMessageProvider.getInstance().getMessage("proxy.10", null) - + "</title></head><body>" - + "<h1>" - + MOAIDMessageProvider.getInstance().getMessage("proxy.10", null) - + "</h1>" - + "<p>" - + MOAIDMessageProvider.getInstance().getMessage("proxy.11", null) - + "</p>" - + "<p>" - + errorMessage - + "</p>" - + "</body></html>"; - resp.setContentType("text/html"); - try { - OutputStream respOut = resp.getOutputStream(); - respOut.write(htmlCode.getBytes()); - respOut.flush(); - } - catch (IOException ioex) { - Logger.error("", ioex); - } +protected void handleError( + String errorMessage, Throwable exceptionThrown, HttpServletRequest req, HttpServletResponse resp) { + + + if(null != errorMessage) { + Logger.error(errorMessage); + req.setAttribute("ErrorMessage", errorMessage ); + } + + if (null != exceptionThrown) { + if(null == errorMessage) errorMessage = exceptionThrown.getMessage(); + Logger.error(errorMessage, exceptionThrown); + //req.setAttribute("ExceptionThrown", exceptionThrown); + } + + //forward this to errorpage-proxy.jsp wher the HTML error page is generated + ServletContext context = getServletContext(); + RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage-proxy.jsp"); + try { + dispatcher.forward(req, resp); + } catch (ServletException e) { + Logger.error(e); + } catch (IOException e) { + Logger.error(e); + } + } } |