diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2017-11-27 15:33:37 +0100 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2017-11-27 15:45:37 +0100 |
commit | f6ef9b2e21af5a55b9f2b360de3cff38c56904d6 (patch) | |
tree | 71c3e2dcdade53d820655a9b5f1aa1b451278f5f /id/ConfigWebTool/src/main/java | |
parent | 75c7ab602fe14d56217f268ea80e787a5316288a (diff) | |
download | moa-id-spss-f6ef9b2e21af5a55b9f2b360de3cff38c56904d6.tar.gz moa-id-spss-f6ef9b2e21af5a55b9f2b360de3cff38c56904d6.tar.bz2 moa-id-spss-f6ef9b2e21af5a55b9f2b360de3cff38c56904d6.zip |
add some more escaptions
Diffstat (limited to 'id/ConfigWebTool/src/main/java')
-rw-r--r-- | id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java | 32 |
1 files changed, 7 insertions, 25 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java index df1786402..bf75a3068 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java @@ -39,7 +39,6 @@ import org.apache.log4j.Logger; import org.joda.time.DateTime; import org.opensaml.common.SAMLObject; import org.opensaml.common.binding.BasicSAMLMessageContext; -import org.opensaml.common.xml.SAMLConstants; import org.opensaml.saml2.binding.decoding.HTTPPostDecoder; import org.opensaml.saml2.core.Attribute; import org.opensaml.saml2.core.AttributeStatement; @@ -51,34 +50,18 @@ import org.opensaml.saml2.core.StatusCode; import org.opensaml.saml2.core.Subject; import org.opensaml.saml2.encryption.Decrypter; import org.opensaml.saml2.encryption.EncryptedElementTypeEncryptedKeyResolver; -import org.opensaml.saml2.metadata.IDPSSODescriptor; -import org.opensaml.security.MetadataCredentialResolver; -import org.opensaml.security.MetadataCredentialResolverFactory; -import org.opensaml.security.MetadataCriteria; -import org.opensaml.security.SAMLSignatureProfileValidator; import org.opensaml.ws.transport.http.HttpServletRequestAdapter; import org.opensaml.xml.encryption.ChainingEncryptedKeyResolver; import org.opensaml.xml.encryption.InlineEncryptedKeyResolver; import org.opensaml.xml.encryption.SimpleRetrievalMethodEncryptedKeyResolver; import org.opensaml.xml.parse.BasicParserPool; -import org.opensaml.xml.security.CriteriaSet; -import org.opensaml.xml.security.credential.UsageType; -import org.opensaml.xml.security.criteria.EntityIDCriteria; -import org.opensaml.xml.security.criteria.UsageCriteria; -import org.opensaml.xml.security.keyinfo.BasicProviderKeyInfoCredentialResolver; -import org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver; -import org.opensaml.xml.security.keyinfo.KeyInfoProvider; import org.opensaml.xml.security.keyinfo.StaticKeyInfoCredentialResolver; -import org.opensaml.xml.security.keyinfo.provider.DSAKeyValueProvider; -import org.opensaml.xml.security.keyinfo.provider.InlineX509DataProvider; -import org.opensaml.xml.security.keyinfo.provider.RSAKeyValueProvider; import org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter; import org.opensaml.xml.security.x509.X509Credential; import org.opensaml.xml.signature.Signature; -import org.opensaml.xml.signature.impl.ExplicitKeySignatureTrustEngine; -import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; +import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException; @@ -86,7 +69,6 @@ import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.auth.AuthenticationManager; import at.gv.egovernment.moa.id.configuration.auth.pvp2.PVP2Utils; -import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.data.UserDatabaseFrom; import at.gv.egovernment.moa.id.configuration.exception.BasicActionException; import at.gv.egovernment.moa.id.configuration.helper.AuthenticationHelper; @@ -160,7 +142,7 @@ public class IndexAction extends BasicAction { if (MiscUtil.isNotEmpty(username)) { if (ValidationHelper.containsNotValidCharacter(username, false)) { - log.warn("Username contains potentail XSS characters: " + username); + log.warn("Username contains potentail XSS characters: " + StringEscapeUtils.escapeHtml(username)); addActionError(LanguageHelper.getErrorString("validation.edituser.username.valid", new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); return Constants.STRUTS_ERROR; @@ -197,13 +179,13 @@ public class IndexAction extends BasicAction { dbuser.setIsUsernamePasswordAllowed(true); if (!dbuser.isIsActive() || !dbuser.isIsUsernamePasswordAllowed()) { - log.warn("Username " + dbuser.getUsername() + " is not active or Username/Password login is not allowed"); + log.warn("Username " + StringEscapeUtils.escapeHtml(dbuser.getUsername()) + " is not active or Username/Password login is not allowed"); addActionError(LanguageHelper.getErrorString("webpages.index.login.notallowed", request)); return Constants.STRUTS_ERROR; } if (!dbuser.getPassword().equals(key)) { - log.warn("Username " + dbuser.getUsername() + " use a false password"); + log.warn("Username " + StringEscapeUtils.escapeHtml(dbuser.getUsername()) + " use a false password"); addActionError(LanguageHelper.getErrorString("webpages.index.login.notallowed", request)); return Constants.STRUTS_ERROR; } @@ -615,7 +597,7 @@ public class IndexAction extends BasicAction { check = user.getInstitut(); if (MiscUtil.isNotEmpty(check)) { if (ValidationHelper.containsNotValidCharacter(check, false)) { - log.warn("Organisation contains potentail XSS characters: " + check); + log.warn("Organisation contains potentail XSS characters: " + StringEscapeUtils.escapeHtml(check)); addActionError(LanguageHelper.getErrorString("validation.edituser.institut.valid", new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); } @@ -628,7 +610,7 @@ public class IndexAction extends BasicAction { check = user.getMail(); if (MiscUtil.isNotEmpty(check)) { if (!ValidationHelper.isEmailAddressFormat(check)) { - log.warn("Mailaddress is not valid: " + check); + log.warn("Mailaddress is not valid: " + StringEscapeUtils.escapeHtml(check)); addActionError(LanguageHelper.getErrorString("validation.edituser.mail.valid", new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); } @@ -640,7 +622,7 @@ public class IndexAction extends BasicAction { check = user.getPhone(); if (MiscUtil.isNotEmpty(check)) { if (!ValidationHelper.validatePhoneNumber(check)) { - log.warn("No valid Phone Number: " + check); + log.warn("No valid Phone Number: " + StringEscapeUtils.escapeHtml(check)); addActionError(LanguageHelper.getErrorString("validation.edituser.phone.valid", new Object[] {ValidationHelper.getNotValidCharacter(false)}, request )); } |