ConfigWebTool Version 0.9.5

--PVP2 Login --PVP2 Users to UserDatabase functionality --Mailaddress verification --Mail status messages to users and admin --add List with OpenRequests for admins --change OA Target configuration --add cleanUp Thread to remove old unused UserAccount requests --update UserDatabase to support PVP2 logins --add formID element validate received forms -- add first classes for STORK configuration make some Bugfixes
author: Thomas Lenz <tlenz@iaik.tugraz.at> 2013-09-19 16:19:00 +0200
committer: Thomas Lenz <tlenz@iaik.tugraz.at> 2013-09-19 16:19:00 +0200
commit: a27cf61551c129aee48ea533ad73f2ade37a757a (patch)
tree: c97a1ccc7b3afdec906c609de165b582db2b3149 /id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java
parent: 2c7d70f182b554321b6baf3e225139a883d61035 (diff)
download: moa-id-spss-a27cf61551c129aee48ea533ad73f2ade37a757a.tar.gz
moa-id-spss-a27cf61551c129aee48ea533ad73f2ade37a757a.tar.bz2
moa-id-spss-a27cf61551c129aee48ea533ad73f2ade37a757a.zip
1 files changed, 120 insertions, 23 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java
index 1cb4fa802..d3d00186f 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java
@@ -3,26 +3,21 @@ package at.gv.egovernment.moa.id.configuration.struts.action;
 import java.io.File;
 import java.io.IOException;
 import java.io.InputStream;
-import java.io.OutputStream;
-import java.io.StringReader;
 import java.io.StringWriter;
-import java.net.MalformedURLException;
 import java.util.List;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
 import javax.xml.bind.JAXBContext;
 import javax.xml.bind.JAXBException;
 import javax.xml.bind.Marshaller;
 import javax.xml.bind.Unmarshaller;
-import javax.xml.transform.Result;
 
 import org.apache.commons.io.IOUtils;
 import org.apache.log4j.Logger;
 import org.apache.struts2.interceptor.ServletRequestAware;
 import org.apache.struts2.interceptor.ServletResponseAware;
-import org.hibernate.lob.ReaderInputStream;
-import org.w3c.dom.Node;
 
 import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
 import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
@@ -35,7 +30,7 @@ import at.gv.egovernment.moa.id.configuration.Constants;
 import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
 import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
 import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
-import at.iaik.commons.util.IOUtil;
+import at.gv.egovernment.moa.id.util.Random;
 
 import com.opensymphony.xwork2.ActionSupport;
 
@@ -51,6 +46,7 @@ implements ServletRequestAware, ServletResponseAware {
 	private HttpServletResponse response;
 	
 	private AuthenticatedUser authUser; 
+	private String formID;
 	
 	private File fileUpload = null;
 	private String fileUploadContentType = null;
@@ -59,13 +55,20 @@ implements ServletRequestAware, ServletResponseAware {
 	private InputStream fileInputStream;
 	
 	public String init() {
+		HttpSession session = request.getSession();
+		if (session == null) {
+			log.info("No http Session found.");
+			return Constants.STRUTS_ERROR;
+		}
 		
-		Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
-		
+		Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);
 		authUser = (AuthenticatedUser) authUserObj;
 		
 		if (authUser.isAdmin()) {
-							
+			
+			formID = Random.nextRandom();
+			session.setAttribute(Constants.SESSION_FORMID, formID);
+			
 			return Constants.STRUTS_SUCCESS;
 			
 		} else {
@@ -76,16 +79,39 @@ implements ServletRequestAware, ServletResponseAware {
 	}
 	
 	public String importLegacyConfig() {
-		Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
+		HttpSession session = request.getSession();
+		if (session == null) {
+			log.info("No http Session found.");
+			return Constants.STRUTS_ERROR;
+		}
 		
+		Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);
 		authUser = (AuthenticatedUser) authUserObj;
 		
+		Object formidobj = session.getAttribute(Constants.SESSION_FORMID);
+		if (formidobj != null && formidobj instanceof String) {
+			String formid = (String) formidobj;
+			if (!formid.equals(formID)) {
+				log.warn("FormIDs does not match. Some suspect Form is received from user "
+						+ authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+				return Constants.STRUTS_ERROR;
+			}			
+		} else {
+			log.warn("FormIDs does not match. Some suspect Form is received from user "
+					+ authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+			return Constants.STRUTS_ERROR;
+		}
+		session.setAttribute(Constants.SESSION_FORMID, null);
+		
 		if (authUser.isAdmin()) {
 		
 			//load legacy config if it is configured
 		
 			if (fileUpload == null) {
 				addActionError(LanguageHelper.getErrorString("errors.importexport.nofile"));
+				
+				formID = Random.nextRandom();
+				session.setAttribute(Constants.SESSION_FORMID, formID);
 				return Constants.STRUTS_ERROR_VALIDATION;
 			}
 			
@@ -97,6 +123,9 @@ implements ServletRequestAware, ServletResponseAware {
 			} catch (org.opensaml.xml.ConfigurationException e1) {
 				log.info("Legacy configuration has an Import Error", e1);
 				addActionError(LanguageHelper.getErrorString("errors.importexport.legacyimport", new Object[] {e1.getMessage()}));
+				
+				formID = Random.nextRandom();
+				session.setAttribute(Constants.SESSION_FORMID, formID);
 				return Constants.STRUTS_ERROR_VALIDATION;
 			}
 			log.debug("OpenSAML successfully initialized");
@@ -108,26 +137,24 @@ implements ServletRequestAware, ServletResponseAware {
 				try {
 					log.warn("WARNING! The legacy import deletes the hole old config");
 			
-					String rootConfigFileDir = new File(ConfigurationProvider.getInstance().getConfigFile()).getParent();	
-					
-					try {
-					  rootConfigFileDir = new File(rootConfigFileDir).toURL().toString();
-					  
-					} catch (MalformedURLException t) {
-						log.warn("RootConfiguration Directory is not found");
-						rootConfigFileDir = "";
-					}
-					
+					String rootConfigFileDir = ConfigurationProvider.getInstance().getConfigRootDir();	
+										
 					moaconfig = BuildFromLegacyConfig.build(fileUpload, rootConfigFileDir, moaidconfig);
 				
 				} catch (ConfigurationException e) {
 					log.info("Legacy configuration has an Import Error", e);
 					addActionError(LanguageHelper.getErrorString("errors.importexport.legacyimport", new Object[] {e.getMessage()}));
 					ConfigurationDBUtils.closeSession();
+					
+					formID = Random.nextRandom();
+					session.setAttribute(Constants.SESSION_FORMID, formID);
 					return Constants.STRUTS_ERROR_VALIDATION;
 					
 				} catch (at.gv.egovernment.moa.id.configuration.exception.ConfigurationException e) {
 					ConfigurationDBUtils.closeSession();
+					
+					formID = Random.nextRandom();
+					session.setAttribute(Constants.SESSION_FORMID, formID);
 					return Constants.STRUTS_ERROR_VALIDATION;
 				}
 				
@@ -155,6 +182,9 @@ implements ServletRequestAware, ServletResponseAware {
 			} catch (MOADatabaseException e) {
 				log.warn("General MOA-ID config can not be stored in Database");
 				addActionError(e.getMessage());
+				
+				formID = Random.nextRandom();
+				session.setAttribute(Constants.SESSION_FORMID, formID);
 				return Constants.STRUTS_ERROR_VALIDATION;
 			}
 			
@@ -174,10 +204,30 @@ implements ServletRequestAware, ServletResponseAware {
 	}
 	
 	public String downloadXMLConfig() {
-		Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
+		HttpSession session = request.getSession();
+		if (session == null) {
+			log.info("No http Session found.");
+			return Constants.STRUTS_ERROR;
+		}
 		
+		Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);
 		authUser = (AuthenticatedUser) authUserObj;
 		
+		Object formidobj = session.getAttribute(Constants.SESSION_FORMID);
+		if (formidobj != null && formidobj instanceof String) {
+			String formid = (String) formidobj;
+			if (!formid.equals(formID)) {
+				log.warn("FormIDs does not match. Some suspect Form is received from user "
+						+ authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+				return Constants.STRUTS_ERROR;
+			}			
+		} else {
+			log.warn("FormIDs does not match. Some suspect Form is received from user "
+					+ authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+			return Constants.STRUTS_ERROR;
+		}
+		session.setAttribute(Constants.SESSION_FORMID, null);
+		
 		if (authUser.isAdmin()) {
 						
 			log.info("Write MOA-ID 2.x xml config");
@@ -194,6 +244,9 @@ implements ServletRequestAware, ServletResponseAware {
 				if (moaidconfig == null) {
 					log.info("No MOA-ID 2.x configruation available");
 					addActionError(LanguageHelper.getErrorString("errors.importexport.export.noconfig"));
+					
+					formID = Random.nextRandom();
+					session.setAttribute(Constants.SESSION_FORMID, formID);
 					return Constants.STRUTS_ERROR_VALIDATION;
 				}
 				
@@ -208,11 +261,17 @@ implements ServletRequestAware, ServletResponseAware {
 				log.info("MOA-ID 2.x configruation could not be exported into a XML file.", e);
 				addActionError(LanguageHelper.getErrorString("errors.importexport.export",
 						new Object[]{e.getMessage()}));
+				
+				formID = Random.nextRandom();
+				session.setAttribute(Constants.SESSION_FORMID, formID);
 				return Constants.STRUTS_ERROR_VALIDATION;
 			} catch (IOException e) {
 				log.info("MOA-ID 2.x configruation could not be exported into a XML file.", e);
 				addActionError(LanguageHelper.getErrorString("errors.importexport.export",
 						new Object[]{e.getMessage()}));
+				
+				formID = Random.nextRandom();
+				session.setAttribute(Constants.SESSION_FORMID, formID);
 				return Constants.STRUTS_ERROR_VALIDATION;
 			}
 			
@@ -230,10 +289,30 @@ implements ServletRequestAware, ServletResponseAware {
 	
 	
 	public String importXMLConfig() {
-		Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
+		HttpSession session = request.getSession();
+		if (session == null) {
+			log.info("No http Session found.");
+			return Constants.STRUTS_ERROR;
+		}
 		
+		Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);
 		authUser = (AuthenticatedUser) authUserObj;
 		
+		Object formidobj = session.getAttribute(Constants.SESSION_FORMID);
+		if (formidobj != null && formidobj instanceof String) {
+			String formid = (String) formidobj;
+			if (!formid.equals(formID)) {
+				log.warn("FormIDs does not match. Some suspect Form is received from user "
+						+ authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+				return Constants.STRUTS_ERROR;
+			}			
+		} else {
+			log.warn("FormIDs does not match. Some suspect Form is received from user "
+					+ authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+			return Constants.STRUTS_ERROR;
+		}
+		session.setAttribute(Constants.SESSION_FORMID, null);
+		
 		if (authUser.isAdmin()) {
 			
 			if (fileUpload == null) {
@@ -271,6 +350,9 @@ implements ServletRequestAware, ServletResponseAware {
 				log.warn("MOA-ID XML configuration can not be loaded from File.", e);
 				addActionError(LanguageHelper.getErrorString("errors.importexport.import",
 						new Object[]{e.getMessage()}));
+				
+				formID = Random.nextRandom();
+				session.setAttribute(Constants.SESSION_FORMID, formID);
 				return Constants.STRUTS_ERROR_VALIDATION;
 				
 			}
@@ -360,4 +442,19 @@ implements ServletRequestAware, ServletResponseAware {
 	public InputStream getFileInputStream() {
 		return fileInputStream;
 	}
+
+	/**
+	 * @return the formID
+	 */
+	public String getFormID() {
+		return formID;
+	}
+
+	/**
+	 * @param formID the formID to set
+	 */
+	public void setFormID(String formID) {
+		this.formID = formID;
+	}
+	
 }
author	Thomas Lenz <tlenz@iaik.tugraz.at>	2013-09-19 16:19:00 +0200
committer	Thomas Lenz <tlenz@iaik.tugraz.at>	2013-09-19 16:19:00 +0200
commit	a27cf61551c129aee48ea533ad73f2ade37a757a (patch)
tree	c97a1ccc7b3afdec906c609de165b582db2b3149 /id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java
parent	2c7d70f182b554321b6baf3e225139a883d61035 (diff)
download	moa-id-spss-a27cf61551c129aee48ea533ad73f2ade37a757a.tar.gz moa-id-spss-a27cf61551c129aee48ea533ad73f2ade37a757a.tar.bz2 moa-id-spss-a27cf61551c129aee48ea533ad73f2ade37a757a.zip