diff options
| author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2014-04-02 12:14:22 +0200 |
|---|---|---|
| committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2014-04-02 12:14:22 +0200 |
| commit | b93dce9835884f005ff262de4882ffbca167fc04 (patch) | |
| tree | eed0551650051bca86f9011dfb6961068be2977d /id/ConfigWebTool/src/main/java | |
| parent | 07e74546f01f69545b77518e0e651b43a4e04e91 (diff) | |
| download | moa-id-spss-b93dce9835884f005ff262de4882ffbca167fc04.tar.gz moa-id-spss-b93dce9835884f005ff262de4882ffbca167fc04.tar.bz2 moa-id-spss-b93dce9835884f005ff262de4882ffbca167fc04.zip | |
check response desination URL
Diffstat (limited to 'id/ConfigWebTool/src/main/java')
| -rw-r--r-- | id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java index 8004ab520..12bd4aff9 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java @@ -290,6 +290,19 @@ public class IndexAction extends ActionSupport implements ServletRequestAware, } + //check response destination + String serviceURL = config.getPublicUrlPreFix(request); + if (!serviceURL.endsWith("/")) + serviceURL = serviceURL + "/"; + + String responseDestination = samlResponse.getDestination(); + if (MiscUtil.isEmpty(responseDestination) || + !responseDestination.equals(serviceURL + Constants.SERVLET_PVP2ASSERTION)) { + log.warn("PVPResponse destination does not match requested destination"); + return Constants.STRUTS_ERROR; + } + + //check if response is signed Signature sign = samlResponse.getSignature(); if (sign == null) { log.info("Only http POST Requests can be used"); |