Merge branch 'eSense_eIDAS_development' into moa-id-3.2_(OPB)

Conflicts: id/server/idserverlib/pom.xml id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java
author: Thomas Lenz <tlenz@iaik.tugraz.at> 2016-01-22 13:52:48 +0100
committer: Thomas Lenz <tlenz@iaik.tugraz.at> 2016-01-22 13:52:48 +0100
commit: 5b0754bddacd5bc7586b56c5a93e78f67d5cb060 (patch)
tree: a318ee77db5ac52afd2fda9412e7bcc7deab362d /id/ConfigWebTool/src/main/java/at
parent: e2ca81976097a5f83183e091ec6a5c9a6afb5269 (diff)
parent: 1672ef1dc32bf37c966660c33e422729addd5b41 (diff)
download: moa-id-spss-5b0754bddacd5bc7586b56c5a93e78f67d5cb060.tar.gz
moa-id-spss-5b0754bddacd5bc7586b56c5a93e78f67d5cb060.tar.bz2
moa-id-spss-5b0754bddacd5bc7586b56c5a93e78f67d5cb060.zip
1 files changed, 3 insertions, 2 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java
index b69d37d57..b73859d81 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java
@@ -90,12 +90,13 @@ public class StorkConfigValidator {
 		// check attributes
 		if (MiscUtil.isNotEmpty(form.getAttributes())) {
 			for(StorkAttribute check : form.getAttributes()) {
-				if (ValidationHelper.containsPotentialCSSCharacter(check.getName(), true)) {
+				String tmp = check.getName().replace("eidas/attributes/", ""); // since eIDaS attributes come with a "/", we need to exclude them from validation. TODO Or should we require the admin to escape them in the UI?
+				if (ValidationHelper.containsPotentialCSSCharacter(tmp, true)) { 
 					log.warn("default attributes contains potentail XSS characters: " + check);
 					errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes",
 							new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}, request ));
 				}
-				if(!check.getName().toLowerCase().matches("^[a-z0-9]*$")) {
+				if(!tmp.toLowerCase().matches("^[A-Za-z]*$")) {
 						log.warn("default attributes do not match the requested format : " + check);
 						errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes",
 								new Object[] {check}, request ));
author	Thomas Lenz <tlenz@iaik.tugraz.at>	2016-01-22 13:52:48 +0100
committer	Thomas Lenz <tlenz@iaik.tugraz.at>	2016-01-22 13:52:48 +0100
commit	5b0754bddacd5bc7586b56c5a93e78f67d5cb060 (patch)
tree	a318ee77db5ac52afd2fda9412e7bcc7deab362d /id/ConfigWebTool/src/main/java/at
parent	e2ca81976097a5f83183e091ec6a5c9a6afb5269 (diff)
parent	1672ef1dc32bf37c966660c33e422729addd5b41 (diff)
download	moa-id-spss-5b0754bddacd5bc7586b56c5a93e78f67d5cb060.tar.gz moa-id-spss-5b0754bddacd5bc7586b56c5a93e78f67d5cb060.tar.bz2 moa-id-spss-5b0754bddacd5bc7586b56c5a93e78f67d5cb060.zip