aboutsummaryrefslogtreecommitdiff
path: root/id/ConfigWebTool
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2013-09-19 16:19:00 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2013-09-19 16:19:00 +0200
commita27cf61551c129aee48ea533ad73f2ade37a757a (patch)
treec97a1ccc7b3afdec906c609de165b582db2b3149 /id/ConfigWebTool
parent2c7d70f182b554321b6baf3e225139a883d61035 (diff)
downloadmoa-id-spss-a27cf61551c129aee48ea533ad73f2ade37a757a.tar.gz
moa-id-spss-a27cf61551c129aee48ea533ad73f2ade37a757a.tar.bz2
moa-id-spss-a27cf61551c129aee48ea533ad73f2ade37a757a.zip
ConfigWebTool Version 0.9.5
--PVP2 Login --PVP2 Users to UserDatabase functionality --Mailaddress verification --Mail status messages to users and admin --add List with OpenRequests for admins --change OA Target configuration --add cleanUp Thread to remove old unused UserAccount requests --update UserDatabase to support PVP2 logins --add formID element validate received forms -- add first classes for STORK configuration make some Bugfixes
Diffstat (limited to 'id/ConfigWebTool')
-rw-r--r--id/ConfigWebTool/pom.xml10
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java24
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/AuthenticatedUser.java64
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/AttributeListBuilder.java50
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/Authenticate.java245
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/BuildMetadata.java288
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java60
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java372
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java5
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/StorkAttributes.java28
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/UserDatabaseFrom.java82
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java169
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/exception/ConfigurationException.java6
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java4
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/DateTimeHelper.java37
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java53
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java254
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java54
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java413
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java143
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java612
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java61
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MainAction.java15
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/OpenAdminRequestsAction.java106
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java369
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/SAML2Utils.java82
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/UserRequestCleaner.java71
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/CompanyNumberValidator.java10
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/TargetValidator.java84
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java166
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/ValidationHelper.java124
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java2
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAGeneralConfigValidation.java277
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java62
-rw-r--r--id/ConfigWebTool/src/main/resources/applicationResources.properties47
-rw-r--r--id/ConfigWebTool/src/main/resources/struts.xml56
-rw-r--r--id/ConfigWebTool/src/main/resources/templates/pvp_postbinding_template.html51
-rw-r--r--id/ConfigWebTool/src/main/webapp/WEB-INF/web.xml24
-rw-r--r--id/ConfigWebTool/src/main/webapp/css/index.css64
-rw-r--r--id/ConfigWebTool/src/main/webapp/error.jsp6
-rw-r--r--id/ConfigWebTool/src/main/webapp/index.jsp31
-rw-r--r--id/ConfigWebTool/src/main/webapp/js/common.js55
-rw-r--r--id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp3
-rw-r--r--id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp256
-rw-r--r--id/ConfigWebTool/src/main/webapp/jsp/edituser.jsp129
-rw-r--r--id/ConfigWebTool/src/main/webapp/jsp/importexport.jsp4
-rw-r--r--id/ConfigWebTool/src/main/webapp/jsp/mainpage.jsp8
-rw-r--r--id/ConfigWebTool/src/main/webapp/jsp/newUserRequest.jsp57
-rw-r--r--id/ConfigWebTool/src/main/webapp/jsp/openadminrequests.jsp51
-rw-r--r--id/ConfigWebTool/src/main/webapp/jsp/snippets/header_userinfos.jsp11
-rw-r--r--id/ConfigWebTool/src/main/webapp/jsp/snippets/main_menu.jsp10
-rw-r--r--id/ConfigWebTool/src/main/webapp/jsp/snippets/user_list.jsp23
-rw-r--r--id/ConfigWebTool/src/main/webapp/jsp/snippets/userfields.jsp144
-rw-r--r--id/ConfigWebTool/src/main/webapp/jsp/usermanagement.jsp3
54 files changed, 4728 insertions, 707 deletions
diff --git a/id/ConfigWebTool/pom.xml b/id/ConfigWebTool/pom.xml
index 85f0f05ef..be50f2344 100644
--- a/id/ConfigWebTool/pom.xml
+++ b/id/ConfigWebTool/pom.xml
@@ -2,11 +2,15 @@
<modelVersion>4.0.0</modelVersion>
<groupId>MOA.id</groupId>
<artifactId>ConfigurationInterface</artifactId>
- <version>0.9.1</version>
+ <version>0.9.5</version>
<packaging>war</packaging>
<name>MOA-ID 2.0 Configuration Tool</name>
<description>Web based Configuration Tool for MOA-ID 2.x</description>
+ <properties>
+ <repositoryPath>${basedir}/repository</repositoryPath>
+ </properties>
+
<dependencies>
<dependency>
<groupId>javax.servlet</groupId>
@@ -25,12 +29,12 @@
<dependency>
<groupId>MOA.id.server</groupId>
<artifactId>moa-id-commons</artifactId>
- <version>1.9.95-SNAPSHOT</version>
+ <version>1.9.96-SNAPSHOT</version>
</dependency>
<dependency>
<groupId>MOA.id.server</groupId>
<artifactId>moa-id-lib</artifactId>
- <version>1.9.95-SNAPSHOT</version>
+ <version>1.9.96-SNAPSHOT</version>
</dependency>
<dependency>
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java
index d088edf34..47e6e83d5 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java
@@ -1,29 +1,49 @@
package at.gv.egovernment.moa.id.configuration;
public class Constants {
+ public static final String FILEPREFIX = "file:";
+
+ public static final String SERVLET_PVP2ASSERTION = "pvp2login.action";
+ public static final String SERVLET_ACCOUNTVERIFICATION = "mailAddressVerification.action";
+
public static final String STRUTS_SUCCESS = "success";
public static final String STRUTS_ERROR = "error";
public static final String STRUTS_ERROR_VALIDATION = "error_validation";
public static final String STRUTS_OA_EDIT = "editOA";
public static final String STRUTS_REAUTHENTICATE = "reauthentication";
public static final String STRUTS_NOTALLOWED = "notallowed";
+ public static final String STRUTS_NEWUSER = "newuser";
+ public static final String STRUTS_SSOLOGOUT = "ssologout";
public static final String SESSION_AUTH = "authsession";
public static final String SESSION_AUTH_ERROR = "authsessionerror";
public static final String SESSION_OAID = "oadbidentifier";
+ public static final String SESSION_FORMID = "formId";
+ public static final String SESSION_FORM = "form";
+ public static final String SESSION_PVP2REQUESTID = "pvp2requestid";
+ public static final String SESSION_RETURNAREA = "returnarea";
+
+ public static enum STRUTS_RETURNAREA_VALUES {adminRequestsInit, main, usermanagementInit};
public static final String REQUEST_OAID = "oaid";
+ public static final String REQUEST_USERREQUESTTOKKEN = "tokken";
public static final String BKU_ONLINE = "bkuonline";
public static final String BKU_LOCAL = "bkulocal";
public static final String BKU_HANDY = "bkuhandy";
-
public static final String MOA_CONFIG_BUSINESSSERVICE = "businessService";
-
public static final String MOA_CONFIG_PROTOCOL_SAML1 = "id_saml1";
public static final String MOA_CONFIG_PROTOCOL_PVP2 = "id_pvp2x";
public static final String DEFAULT_LOCALBKU_URL = "https://127.0.0.1:3496/https-security-layer-request";
public static final String DEFAULT_HANDYBKU_URL = "https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx";
+
+ public static final String PUBLICSERVICE_URL_POSTFIX = ".gv.at";
+
+ public static final String IDENIFICATIONTYPE_FN = "FN";
+ public static final String IDENIFICATIONTYPE_ERSB = "ERSB";
+ public static final String IDENIFICATIONTYPE_ZVR = "ZVR";
+
+ public static final String PREFIX_WPBK = "urn:publicid:gv.at:wbpk+";
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/AuthenticatedUser.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/AuthenticatedUser.java
index 8f75a357c..009a13f4b 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/AuthenticatedUser.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/AuthenticatedUser.java
@@ -2,14 +2,19 @@ package at.gv.egovernment.moa.id.configuration.auth;
import java.util.Date;
+import at.gv.egovernment.moa.id.configuration.helper.DateTimeHelper;
+
public class AuthenticatedUser {
private boolean isAuthenticated = false;
private boolean isAdmin = false;
+ private boolean isPVP2Login = false;
+ private boolean isMandateUser = false;
private long userID;
private String givenName;
private String familyName;
+ private String institute;
private String userName;
private Date lastLogin;
@@ -17,18 +22,26 @@ public class AuthenticatedUser {
}
- public AuthenticatedUser(long userID, String givenName, String familyName, String userName,
- boolean isAuthenticated, boolean isAdmin) {
+ public AuthenticatedUser(long userID, String givenName, String familyName, String institute,
+ String userName, boolean isAuthenticated, boolean isAdmin, boolean isMandateUser,
+ boolean isPVP2Login) {
this.familyName = familyName;
this.givenName = givenName;
this.userName = userName;
this.userID = userID;
+ this.institute = institute;
this.isAdmin = isAdmin;
this.isAuthenticated = isAuthenticated;
+ this.isMandateUser = isMandateUser;
+ this.isPVP2Login = isPVP2Login;
this.lastLogin = new Date();
}
+ public String getFormatedLastLogin() {
+ return DateTimeHelper.getDateTime(lastLogin);
+ }
+
/**
* @return the isAuthenticated
*/
@@ -105,7 +118,7 @@ public class AuthenticatedUser {
public Date getLastLogin() {
return lastLogin;
}
-
+
/**
* @param lastLogin the lastLogin to set
*/
@@ -126,8 +139,49 @@ public class AuthenticatedUser {
public void setUserName(String userName) {
this.userName = userName;
}
+
+ /**
+ * @return the institute
+ */
+ public String getInstitute() {
+ return institute;
+ }
+
+ /**
+ * @param institute the institute to set
+ */
+ public void setInstitute(String institute) {
+ this.institute = institute;
+ }
+
+ /**
+ * @return the isPVP2Login
+ */
+ public boolean isPVP2Login() {
+ return isPVP2Login;
+ }
+
+ /**
+ * @param isPVP2Login the isPVP2Login to set
+ */
+ public void setPVP2Login(boolean isPVP2Login) {
+ this.isPVP2Login = isPVP2Login;
+ }
+
+ /**
+ * @return the isMandateUser
+ */
+ public boolean isMandateUser() {
+ return isMandateUser;
+ }
+
+ /**
+ * @param isMandateUser the isMandateUser to set
+ */
+ public void setMandateUser(boolean isMandateUser) {
+ this.isMandateUser = isMandateUser;
+ }
-
-
+
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/AttributeListBuilder.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/AttributeListBuilder.java
new file mode 100644
index 000000000..199e89d7c
--- /dev/null
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/AttributeListBuilder.java
@@ -0,0 +1,50 @@
+package at.gv.egovernment.moa.id.configuration.auth.pvp2;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.metadata.RequestedAttribute;
+
+import at.gv.egovernment.moa.id.configuration.utils.SAML2Utils;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+
+public class AttributeListBuilder implements PVPConstants{
+
+ protected static RequestedAttribute buildReqAttribute(String name, String friendlyName, boolean required) {
+ RequestedAttribute attribute = SAML2Utils.createSAMLObject(RequestedAttribute.class);
+ attribute.setIsRequired(required);
+ attribute.setName(name);
+ attribute.setFriendlyName(friendlyName);
+ attribute.setNameFormat(Attribute.URI_REFERENCE);
+ return attribute;
+ }
+
+ public static List<RequestedAttribute> getRequestedAttributes() {
+ List<RequestedAttribute> requestedAttributes = new ArrayList<RequestedAttribute>();
+
+ requestedAttributes.add(buildReqAttribute(PVP_VERSION_NAME, PVP_VERSION_FRIENDLY_NAME, true));
+ requestedAttributes.add(buildReqAttribute(PRINCIPAL_NAME_NAME, PRINCIPAL_NAME_FRIENDLY_NAME, true));
+ requestedAttributes.add(buildReqAttribute(GIVEN_NAME_NAME, GIVEN_NAME_FRIENDLY_NAME, true));
+ requestedAttributes.add(buildReqAttribute(BIRTHDATE_NAME, BIRTHDATE_FRIENDLY_NAME, false));
+ requestedAttributes.add(buildReqAttribute(BPK_NAME, BPK_FRIENDLY_NAME, true));
+ requestedAttributes.add(buildReqAttribute(EID_CITIZEN_QAA_LEVEL_NAME, EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME, true));
+ requestedAttributes.add(buildReqAttribute(EID_ISSUING_NATION_NAME, EID_ISSUING_NATION_FRIENDLY_NAME, true));
+ requestedAttributes.add(buildReqAttribute(EID_SECTOR_FOR_IDENTIFIER_NAME, EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, true));
+
+ requestedAttributes.add(buildReqAttribute(MANDATE_TYPE_NAME, MANDATE_TYPE_FRIENDLY_NAME, false));
+ requestedAttributes.add(buildReqAttribute(MANDATE_LEG_PER_FULL_NAME_NAME, MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME, false));
+ requestedAttributes.add(buildReqAttribute(MANDATE_LEG_PER_SOURCE_PIN_NAME, MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, false));
+ requestedAttributes.add(buildReqAttribute(MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, false));
+
+ requestedAttributes.add(buildReqAttribute(MANDATE_NAT_PER_BIRTHDATE_NAME, MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME, false));
+ requestedAttributes.add(buildReqAttribute(MANDATE_NAT_PER_BPK_NAME, MANDATE_NAT_PER_BPK_FRIENDLY_NAME, false));
+ requestedAttributes.add(buildReqAttribute(MANDATE_NAT_PER_FAMILY_NAME_NAME, MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME, false));
+ requestedAttributes.add(buildReqAttribute(MANDATE_NAT_PER_GIVEN_NAME_NAME, MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, false));
+
+ requestedAttributes.add(buildReqAttribute(MANDATE_REFERENCE_VALUE_NAME, MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, false));
+ requestedAttributes.add(buildReqAttribute(MANDATE_PROF_REP_OID_NAME, MANDATE_PROF_REP_OID_FRIENDLY_NAME, false));
+ requestedAttributes.add(buildReqAttribute(MANDATE_PROF_REP_DESC_NAME, MANDATE_PROF_REP_DESC_FRIENDLY_NAME, false));
+ return requestedAttributes;
+ }
+}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/Authenticate.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/Authenticate.java
new file mode 100644
index 000000000..ed496ae16
--- /dev/null
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/Authenticate.java
@@ -0,0 +1,245 @@
+package at.gv.egovernment.moa.id.configuration.auth.pvp2;
+
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.security.KeyStore;
+import java.security.PrivateKey;
+import java.security.cert.Certificate;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Set;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.TransformerException;
+
+import org.apache.velocity.app.VelocityEngine;
+import org.apache.velocity.runtime.RuntimeConstants;
+import org.joda.time.DateTime;
+import org.opensaml.Configuration;
+import org.opensaml.common.SAMLObject;
+import org.opensaml.common.binding.BasicSAMLMessageContext;
+import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;
+import org.opensaml.saml2.core.AuthnContextClassRef;
+import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
+import org.opensaml.saml2.core.AuthnRequest;
+import org.opensaml.saml2.core.Issuer;
+import org.opensaml.saml2.core.NameID;
+import org.opensaml.saml2.core.NameIDPolicy;
+import org.opensaml.saml2.core.NameIDType;
+import org.opensaml.saml2.core.RequestedAuthnContext;
+import org.opensaml.saml2.core.Subject;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.SingleSignOnService;
+import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder;
+import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
+import org.opensaml.security.MetadataCredentialResolver;
+import org.opensaml.security.MetadataCredentialResolverFactory;
+import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.Marshaller;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.security.credential.BasicCredential;
+import org.opensaml.xml.security.credential.UsageType;
+import org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter;
+import org.opensaml.xml.security.x509.X509Credential;
+import org.opensaml.xml.signature.Signature;
+import org.opensaml.xml.signature.SignatureConstants;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.w3c.dom.Document;
+
+import at.gv.egovernment.moa.id.configuration.Constants;
+import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
+import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException;
+import at.gv.egovernment.moa.id.configuration.utils.SAML2Utils;
+import at.gv.egovernment.moa.util.MiscUtil;
+import at.iaik.commons.util.ConfigException;
+
+
+/**
+ * Servlet implementation class Authenticate
+ */
+public class Authenticate extends HttpServlet {
+ private static final long serialVersionUID = 1L;
+
+ private static final Logger log = LoggerFactory
+ .getLogger(Authenticate.class);
+ /**
+ * @see HttpServlet#HttpServlet()
+ */
+ public Authenticate() {
+ super();
+ DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+ factory.setNamespaceAware(true);
+ try {
+ builder = factory.newDocumentBuilder();
+ } catch (ParserConfigurationException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ }
+
+ DocumentBuilder builder;
+
+ public Document asDOMDocument(XMLObject object) throws IOException,
+ MarshallingException, TransformerException {
+ Document document = builder.newDocument();
+ Marshaller out = Configuration.getMarshallerFactory().getMarshaller(
+ object);
+ out.marshall(object, document);
+ return document;
+ }
+
+ protected void process(HttpServletRequest request,
+ HttpServletResponse response, Map<String,String> legacyParameter) throws ServletException, IOException {
+ try {
+
+ ConfigurationProvider config = ConfigurationProvider.getInstance();
+ config.initializePVP2Login();
+
+ AuthnRequest authReq = SAML2Utils
+ .createSAMLObject(AuthnRequest.class);
+ SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator();
+ authReq.setID(gen.generateIdentifier());
+
+ HttpSession session = request.getSession();
+ if (session != null) {
+ session.setAttribute(Constants.SESSION_PVP2REQUESTID, authReq.getID());
+ }
+
+ authReq.setAssertionConsumerServiceIndex(0);
+ authReq.setAttributeConsumingServiceIndex(0);
+ authReq.setIssueInstant(new DateTime());
+ Subject subject = SAML2Utils.createSAMLObject(Subject.class);
+ NameID name = SAML2Utils.createSAMLObject(NameID.class);
+ Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
+
+ String serviceURL = config.getPublicUrlPreFix(request);
+ if (!serviceURL.endsWith("/"))
+ serviceURL = serviceURL + "/";
+ name.setValue(serviceURL);
+ issuer.setValue(serviceURL);
+
+ subject.setNameID(name);
+ authReq.setSubject(subject);
+ issuer.setFormat(NameIDType.ENTITY);
+ authReq.setIssuer(issuer);
+ NameIDPolicy policy = SAML2Utils
+ .createSAMLObject(NameIDPolicy.class);
+ policy.setAllowCreate(true);
+ policy.setFormat(NameID.PERSISTENT);
+ authReq.setNameIDPolicy(policy);
+
+ String entityname = config.getPVP2IDPMetadataEntityName();
+ if (MiscUtil.isEmpty(entityname)) {
+ log.info("No IDP EntityName configurated");
+ throw new ConfigurationException("No IDP EntityName configurated");
+ }
+
+ HTTPMetadataProvider idpmetadata = config.getMetaDataProvier();
+ EntityDescriptor idpEntity = idpmetadata.getEntityDescriptor(entityname);
+ if (idpEntity == null) {
+ log.info("IDP EntityName is not found in IDP Metadata");
+ throw new ConfigurationException("IDP EntityName is not found in IDP Metadata");
+ }
+
+ SingleSignOnService redirectEndpoint = null;
+ for (SingleSignOnService sss :
+ idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleSignOnServices()) {
+
+ if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) { //Get the service address for the binding you wish to use
+ redirectEndpoint = sss;
+ }
+ }
+
+ authReq.setDestination(redirectEndpoint.getLocation());
+
+ RequestedAuthnContext reqAuthContext =
+ SAML2Utils.createSAMLObject(RequestedAuthnContext.class);
+
+ AuthnContextClassRef authnClassRef =
+ SAML2Utils.createSAMLObject(AuthnContextClassRef.class);
+
+ authnClassRef.setAuthnContextClassRef("http://www.stork.gov.eu/1.0/citizenQAALevel/4");
+
+ reqAuthContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM);
+
+ reqAuthContext.getAuthnContextClassRefs().add(authnClassRef);
+
+ authReq.setRequestedAuthnContext(reqAuthContext);
+
+ KeyStore keyStore = config.getPVP2KeyStore();
+
+ X509Credential authcredential = new KeyStoreX509CredentialAdapter(
+ keyStore,
+ config.getPVP2KeystoreAuthRequestKeyAlias(),
+ config.getPVP2KeystoreAuthRequestKeyPassword().toCharArray());
+
+ Signature signer = SAML2Utils.createSAMLObject(Signature.class);
+ signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);
+ signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
+ signer.setSigningCredential(authcredential);
+
+ authReq.setSignature(signer);
+
+ VelocityEngine engine = new VelocityEngine();
+ engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8");
+ engine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8");
+ engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8");
+ engine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath");
+ engine.setProperty("classpath.resource.loader.class",
+ "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader");
+ engine.init();
+
+ HTTPPostEncoder encoder = new HTTPPostEncoder(engine,
+ "templates/pvp_postbinding_template.html");
+ HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
+ response, true);
+ BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
+ SingleSignOnService service = new SingleSignOnServiceBuilder()
+ .buildObject();
+ service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
+ service.setLocation(redirectEndpoint.getLocation());;
+
+ context.setOutboundSAMLMessageSigningCredential(authcredential);
+ context.setPeerEntityEndpoint(service);
+ context.setOutboundSAMLMessage(authReq);
+ context.setOutboundMessageTransport(responseAdapter);
+
+ encoder.encode(context);
+
+ } catch (Exception e) {
+ log.warn("Authentication Request can not be generated", e);
+ throw new ServletException("Authentication Request can not be generated.", e);
+ }
+ }
+
+ /**
+ * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
+ * response)
+ */
+ protected void doGet(HttpServletRequest request,
+ HttpServletResponse response) throws ServletException, IOException {
+
+ process(request, response, null);
+ }
+
+ /**
+ * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse
+ * response)
+ */
+ protected void doPost(HttpServletRequest request,
+ HttpServletResponse response) throws ServletException, IOException {
+ process(request, response, null);
+ }
+
+}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/BuildMetadata.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/BuildMetadata.java
new file mode 100644
index 000000000..fa02443dc
--- /dev/null
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/BuildMetadata.java
@@ -0,0 +1,288 @@
+package at.gv.egovernment.moa.id.configuration.auth.pvp2;
+
+import java.io.IOException;
+import java.io.StringWriter;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerConfigurationException;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.TransformerFactoryConfigurationError;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+
+import org.apache.log4j.Logger;
+import org.opensaml.Configuration;
+import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.NameIDType;
+import org.opensaml.saml2.metadata.AssertionConsumerService;
+import org.opensaml.saml2.metadata.AttributeConsumingService;
+import org.opensaml.saml2.metadata.EntitiesDescriptor;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.KeyDescriptor;
+import org.opensaml.saml2.metadata.LocalizedString;
+import org.opensaml.saml2.metadata.NameIDFormat;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.saml2.metadata.ServiceName;
+import org.opensaml.xml.io.Marshaller;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.security.SecurityException;
+import org.opensaml.xml.security.credential.Credential;
+import org.opensaml.xml.security.credential.UsageType;
+import org.opensaml.xml.security.keyinfo.KeyInfoGenerator;
+import org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter;
+import org.opensaml.xml.security.x509.X509Credential;
+import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory;
+import org.opensaml.xml.signature.Signature;
+import org.opensaml.xml.signature.SignatureConstants;
+import org.opensaml.xml.signature.SignatureException;
+import org.opensaml.xml.signature.Signer;
+import org.w3c.dom.Document;
+
+import at.gv.egovernment.moa.id.configuration.Constants;
+import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
+import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException;
+import at.gv.egovernment.moa.id.configuration.utils.SAML2Utils;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * Servlet implementation class BuildMetadata
+ */
+public class BuildMetadata extends HttpServlet {
+ private static final long serialVersionUID = 1L;
+
+ private static final Logger log = Logger.getLogger(BuildMetadata.class);
+
+ /**
+ * @see HttpServlet#HttpServlet()
+ */
+ public BuildMetadata() {
+ super();
+ }
+
+ protected static Signature getSignature(Credential credentials) {
+ Signature signer = SAML2Utils.createSAMLObject(Signature.class);
+ signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
+ signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
+ signer.setSigningCredential(credentials);
+ return signer;
+ }
+
+ /**
+ * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
+ * response)
+ */
+ protected void doGet(HttpServletRequest request,
+ HttpServletResponse response) throws ServletException, IOException {
+ try {
+ ConfigurationProvider config = ConfigurationProvider.getInstance();
+
+ //config.initializePVP2Login();
+
+ SecureRandomIdentifierGenerator idGen = new SecureRandomIdentifierGenerator();
+
+ EntitiesDescriptor spEntitiesDescriptor = SAML2Utils.
+ createSAMLObject(EntitiesDescriptor.class);
+
+ String name = config.getPVP2MetadataEntitiesName();
+ if (MiscUtil.isEmpty(name)) {
+ log.info("NO Metadata EntitiesName configurated");
+ throw new ConfigurationException("NO Metadata EntitiesName configurated");
+ }
+
+ spEntitiesDescriptor.setName(name);
+ spEntitiesDescriptor.setID(idGen.generateIdentifier());
+
+ EntityDescriptor spEntityDescriptor = SAML2Utils
+ .createSAMLObject(EntityDescriptor.class);
+
+ spEntitiesDescriptor.getEntityDescriptors().add(spEntityDescriptor);
+
+ String serviceURL = config.getPublicUrlPreFix(request);
+ if (!serviceURL.endsWith("/"))
+ serviceURL = serviceURL + "/";
+
+ log.debug("Set OnlineApplicationURL to " + serviceURL);
+ spEntityDescriptor.setEntityID(serviceURL);
+
+ SPSSODescriptor spSSODescriptor = SAML2Utils
+ .createSAMLObject(SPSSODescriptor.class);
+
+ spSSODescriptor.setAuthnRequestsSigned(true);
+ spSSODescriptor.setWantAssertionsSigned(true);
+
+ X509KeyInfoGeneratorFactory keyInfoFactory = new X509KeyInfoGeneratorFactory();
+ keyInfoFactory.setEmitEntityCertificate(true);
+ KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance();
+
+ KeyStore keyStore = config.getPVP2KeyStore();
+
+ X509Credential signingcredential = new KeyStoreX509CredentialAdapter(
+ keyStore,
+ config.getPVP2KeystoreMetadataKeyAlias(),
+ config.getPVP2KeystoreMetadataKeyPassword().toCharArray());
+
+
+ log.debug("Set Metadata key information");
+ //Set MetaData Signing key
+ KeyDescriptor entitiesSignKeyDescriptor = SAML2Utils
+ .createSAMLObject(KeyDescriptor.class);
+ entitiesSignKeyDescriptor.setUse(UsageType.SIGNING);
+ entitiesSignKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(signingcredential));
+ Signature entitiesSignature = getSignature(signingcredential);
+
+ X509Credential authcredential = new KeyStoreX509CredentialAdapter(
+ keyStore,
+ config.getPVP2KeystoreAuthRequestKeyAlias(),
+ config.getPVP2KeystoreAuthRequestKeyPassword().toCharArray());
+
+
+ //Set AuthRequest Signing certificate
+ KeyDescriptor signKeyDescriptor = SAML2Utils
+ .createSAMLObject(KeyDescriptor.class);
+ signKeyDescriptor.setUse(UsageType.SIGNING);
+ signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authcredential));
+ spEntitiesDescriptor.setSignature(entitiesSignature);
+ spSSODescriptor.getKeyDescriptors().add(signKeyDescriptor);
+
+ NameIDFormat persistentnameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
+ persistentnameIDFormat.setFormat(NameIDType.PERSISTENT);
+
+ spSSODescriptor.getNameIDFormats().add(persistentnameIDFormat);
+
+ NameIDFormat transientnameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
+ transientnameIDFormat.setFormat(NameIDType.TRANSIENT);
+
+ spSSODescriptor.getNameIDFormats().add(transientnameIDFormat);
+
+ NameIDFormat unspecifiednameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
+ unspecifiednameIDFormat.setFormat(NameIDType.UNSPECIFIED);
+
+ spSSODescriptor.getNameIDFormats().add(unspecifiednameIDFormat);
+
+ AssertionConsumerService postassertionConsumerService =
+ SAML2Utils.createSAMLObject(AssertionConsumerService.class);
+
+ postassertionConsumerService.setIndex(0);
+ postassertionConsumerService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
+ postassertionConsumerService.setLocation(serviceURL + Constants.SERVLET_PVP2ASSERTION);
+
+ spSSODescriptor.getAssertionConsumerServices().add(postassertionConsumerService);
+
+ spSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
+
+ spEntityDescriptor.getRoleDescriptors().add(spSSODescriptor);
+
+ spSSODescriptor.setWantAssertionsSigned(true);
+ spSSODescriptor.setAuthnRequestsSigned(true);
+ AttributeConsumingService attributeService =
+ SAML2Utils.createSAMLObject(AttributeConsumingService.class);
+
+ attributeService.setIndex(0);
+ attributeService.setIsDefault(true);
+ ServiceName serviceName = SAML2Utils.createSAMLObject(ServiceName.class);
+ serviceName.setName(new LocalizedString("Default Service", "de"));
+ attributeService.getNames().add(serviceName);
+
+ attributeService.getRequestAttributes().addAll(AttributeListBuilder.getRequestedAttributes());
+
+ spSSODescriptor.getAttributeConsumingServices().add(attributeService);
+
+ DocumentBuilder builder;
+ DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+
+ builder = factory.newDocumentBuilder();
+ Document document = builder.newDocument();
+ Marshaller out = Configuration.getMarshallerFactory().getMarshaller(spEntitiesDescriptor);
+ out.marshall(spEntitiesDescriptor, document);
+
+ Signer.signObject(entitiesSignature);
+
+ Transformer transformer = TransformerFactory.newInstance().newTransformer();
+
+ StringWriter sw = new StringWriter();
+ StreamResult sr = new StreamResult(sw);
+ DOMSource source = new DOMSource(document);
+ transformer.transform(source, sr);
+ sw.close();
+
+ String metadataXML = sw.toString();
+
+ response.setContentType("text/xml");
+ response.getOutputStream().write(metadataXML.getBytes());
+
+ response.getOutputStream().close();
+
+ } catch (ConfigurationException e) {
+ log.warn("Configuration can not be loaded.", e);
+ throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
+
+ } catch (NoSuchAlgorithmException e) {
+ log.warn("Requested Algorithm could not found.", e);
+ throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
+
+ } catch (KeyStoreException e) {
+ log.warn("Requested KeyStoreType is not implemented.", e);
+ throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
+
+ } catch (CertificateException e) {
+ log.warn("KeyStore can not be opend or userd.", e);
+ throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
+
+ } catch (SecurityException e) {
+ log.warn("KeyStore can not be opend or used", e);
+ throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
+
+ } catch (ParserConfigurationException e) {
+ log.warn("PVP2 Metadata createn error", e);
+ throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
+
+ } catch (MarshallingException e) {
+ log.warn("PVP2 Metadata createn error", e);
+ throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
+
+ } catch (SignatureException e) {
+ log.warn("PVP2 Metadata can not be signed", e);
+ throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
+
+ } catch (TransformerConfigurationException e) {
+ log.warn("PVP2 Metadata createn error", e);
+ throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
+
+ } catch (TransformerFactoryConfigurationError e) {
+ log.warn("PVP2 Metadata createn error", e);
+ throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
+
+ } catch (TransformerException e) {
+ log.warn("PVP2 Metadata createn error", e);
+ throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
+ }
+
+ catch (Exception e) {
+ log.warn("Unspecific PVP2 Metadata createn error", e);
+ throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
+ }
+
+ }
+
+ /**
+ * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse
+ * response)
+ */
+ protected void doPost(HttpServletRequest request,
+ HttpServletResponse response) throws ServletException, IOException {
+ }
+
+}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java
new file mode 100644
index 000000000..d08354c43
--- /dev/null
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java
@@ -0,0 +1,60 @@
+package at.gv.egovernment.moa.id.configuration.auth.pvp2;
+
+import java.util.Iterator;
+
+import org.opensaml.saml2.metadata.EntitiesDescriptor;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.provider.FilterException;
+import org.opensaml.saml2.metadata.provider.MetadataFilter;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.security.x509.BasicX509Credential;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.EntityVerifier;
+
+public class MetaDataVerificationFilter implements MetadataFilter {
+
+ BasicX509Credential credential;
+
+ public MetaDataVerificationFilter(BasicX509Credential credential) {
+ this.credential = credential;
+ }
+
+
+ public void doFilter(XMLObject metadata) throws FilterException {
+ if (metadata instanceof EntitiesDescriptor) {
+ EntitiesDescriptor entitiesDescriptor = (EntitiesDescriptor) metadata;
+
+ if(entitiesDescriptor.getSignature() == null) {
+ throw new FilterException("Root element of metadata file has to be signed", null);
+ }
+ try {
+ processEntitiesDescriptor(entitiesDescriptor);
+
+ } catch (MOAIDException e) {
+ throw new FilterException("Invalid Metadata file Root element is no EntitiesDescriptor", null);
+ }
+ }
+ }
+
+ private void processEntitiesDescriptor(EntitiesDescriptor desc) throws MOAIDException {
+ Iterator<EntitiesDescriptor> entID = desc.getEntitiesDescriptors().iterator();
+
+ if(desc.getSignature() != null) {
+ EntityVerifier.verify(desc, this.credential);
+ }
+
+ while(entID.hasNext()) {
+ processEntitiesDescriptor(entID.next());
+ }
+
+ Iterator<EntityDescriptor> entIT = desc.getEntityDescriptors().iterator();
+
+ while(entIT.hasNext()) {
+ EntityDescriptor entity = entIT.next();
+ if (entity.getSignature() != null)
+ EntityVerifier.verify(entity);
+ }
+ }
+
+}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
index aeadbd0bb..f08632d83 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
@@ -1,24 +1,55 @@
package at.gv.egovernment.moa.id.configuration.config;
+import iaik.x509.X509Certificate;
+
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
+import java.io.InputStream;
+import java.net.MalformedURLException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
import java.util.Properties;
+import java.util.Timer;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.log4j.Logger;
+import org.opensaml.DefaultBootstrap;
+import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
+import org.opensaml.xml.parse.BasicParserPool;
+import org.opensaml.xml.security.x509.BasicX509Credential;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.configuration.Constants;
+import at.gv.egovernment.moa.id.configuration.auth.pvp2.MetaDataVerificationFilter;
import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException;
-import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.id.configuration.utils.UserRequestCleaner;
+import at.gv.egovernment.moa.util.MiscUtil;
public class ConfigurationProvider {
+ private static final Logger log = Logger.getLogger(ConfigurationProvider.class);
+
private static final String SYSTEM_PROP_CONFIG = "moa.id.webconfig";
private static ConfigurationProvider instance;
private Properties props;
private String configFileName;
+ private String configRootDir;
+
+ private HTTPMetadataProvider idpMetadataProvider = null;
+ private KeyStore keyStore = null;
+
+ private String publicURLPreFix = null;
+
+ private boolean pvp2logininitialzied = false;
public static ConfigurationProvider getInstance() throws ConfigurationException {
if (instance == null) {
@@ -39,10 +70,14 @@ public class ConfigurationProvider {
if (configFileName == null) {
throw new ConfigurationException("config.01");
}
- Logger.info("Loading MOA-ID-AUTH configuration " + configFileName);
+
+ // determine the directory of the root config file
+ configRootDir = new File(configFileName).getParent();
+
+ log.info("Loading MOA-ID-AUTH configuration " + configFileName);
//Initial Hibernate Framework
- Logger.trace("Initializing Hibernate framework.");
+ log.trace("Initializing Hibernate framework.");
//Load MOAID-2.0 properties file
File propertiesFile = new File(configFileName);
@@ -60,26 +95,349 @@ public class ConfigurationProvider {
//Initial config Database
ConfigurationDBUtils.initHibernate(props);
}
- Logger.trace("Hibernate initialization finished.");
+ log.trace("Hibernate initialization finished.");
+ DefaultBootstrap.bootstrap();
+ log.info("OPENSAML initialized");
+
+ //TODO: start CleanUP Thread
+ UserRequestCleaner.start();
-
+
} catch (FileNotFoundException e) {
throw new ConfigurationException("config.01", e);
+
} catch (IOException e) {
throw new ConfigurationException("config.02", e);
+
} catch (MOADatabaseException e) {
throw new ConfigurationException("config.03", e);
+
+ } catch (org.opensaml.xml.ConfigurationException e) {
+ throw new ConfigurationException("config.04", e);
}
}
+ public String getPublicUrlPreFix(HttpServletRequest request) {
+ publicURLPreFix = props.getProperty("general.publicURLContext");
+
+ if (MiscUtil.isEmpty(publicURLPreFix) && request != null) {
+ String url = request.getRequestURL().toString();
+ String contextpath = request.getContextPath();
+ int index = url.indexOf(contextpath);
+ publicURLPreFix = url.substring(0, index + contextpath.length() + 1);
+ }
+
+ return publicURLPreFix;
+ }
+
+ public int getUserRequestCleanUpDelay() {
+ String delay = props.getProperty("general.userrequests.cleanup.delay");
+ return Integer.getInteger(delay, 12);
+ }
+
+ public String getContactMailAddress() {
+ return props.getProperty("general.contact.mail");
+ }
+
+ public String getSSOLogOutURL() {
+ return props.getProperty("general.login.pvp2.idp.sso.logout.url");
+ }
+
+ public KeyStore getPVP2KeyStore() throws ConfigurationException, IOException, NoSuchAlgorithmException, CertificateException, KeyStoreException {
+ if (keyStore == null) {
+ String keystoretype = getPVP2MetadataKeystoreType();
+ if (MiscUtil.isEmpty(keystoretype)) {
+ log.debug("No KeyStoreType defined. Using default KeyStoreType.");
+ keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
+
+ } else {
+ log.debug("Using " + keystoretype + " KeyStoreType.");
+ keyStore = KeyStore.getInstance(keystoretype);
+
+ }
+
+
+ String file = getPVP2MetadataKeystoreURL();
+ log.debug("Load KeyStore from URL " + file);
+ if (MiscUtil.isEmpty(file)) {
+ log.info("Metadata KeyStoreURL is empty");
+ throw new ConfigurationException("Metadata KeyStoreURL is empty");
+ }
+
+ FileInputStream inputStream = new FileInputStream(file);
+ keyStore.load(inputStream, getPVP2MetadataKeystorePassword().toCharArray());
+ inputStream.close();
+ }
+
+ return keyStore;
+
+ }
+
+ public String getConfigFile() {
+ return configFileName;
+ }
+
+ public String getConfigRootDir() {
+ return configRootDir;
+ }
+
public boolean isLoginDeaktivated() {
String result = props.getProperty("general.login.deaktivate", "false");
return Boolean.parseBoolean(result);
}
- public String getConfigFile() {
- return configFileName;
+ public boolean isOATargetVerificationDeaktivated() {
+ String result = props.getProperty("general.OATargetVerification.deaktivate", "false");
+ return Boolean.parseBoolean(result);
+ }
+
+ //PVP2 Login configuration
+
+ public void initializePVP2Login() throws ConfigurationException {
+ if (!pvp2logininitialzied)
+ initalPVP2Login();
+ }
+
+ public boolean isPVP2LoginActive() {
+ if (!pvp2logininitialzied)
+ return false;
+
+ String result = props.getProperty("general.login.pvp2.isactive", "false");
+ return Boolean.parseBoolean(result);
+ }
+
+ public boolean isPVP2LoginBusinessService() {
+ String result = props.getProperty("general.login.pvp2.isbusinessservice", "false");
+ return Boolean.parseBoolean(result);
+ }
+
+ public String getPVP2LoginTarget() {
+ return props.getProperty("general.login.pvp2.target");
+ }
+
+ public String getPVP2LoginIdenificationValue() {
+ return props.getProperty("general.login.pvp2.identificationvalue");
+ }
+
+ public String getPVP2MetadataEntitiesName() {
+ return props.getProperty("general.login.pvp2.metadata.entities.name");
+ }
+
+ public String getPVP2MetadataKeystoreURL() {
+ return props.getProperty("general.login.pvp2.keystore.url");
+ }
+
+ public String getPVP2MetadataKeystorePassword() {
+ return props.getProperty("general.login.pvp2.keystore.password");
+ }
+
+ public String getPVP2MetadataKeystoreType() {
+ return props.getProperty("general.login.pvp2.keystore.type");
+ }
+
+ public String getPVP2KeystoreMetadataKeyAlias() {
+ return props.getProperty("general.login.pvp2.keystore.metadata.key.alias");
+ }
+
+ public String getPVP2KeystoreMetadataKeyPassword() {
+ return props.getProperty("general.login.pvp2.keystore.metadata.key.password");
+ }
+
+ public String getPVP2KeystoreAuthRequestKeyAlias() {
+ return props.getProperty("general.login.pvp2.keystore.authrequest.key.alias");
+ }
+
+ public String getPVP2KeystoreAuthRequestKeyPassword() {
+ return props.getProperty("general.login.pvp2.keystore.authrequest.key.password");
+ }
+
+ public String getPVP2IDPMetadataURL() {
+ return props.getProperty("general.login.pvp2.idp.metadata.url");
+ }
+
+ public String getPVP2IDPMetadataCertificate() {
+ return props.getProperty("general.login.pvp2.idp.metadata.certificate");
+ }
+
+ public String getPVP2IDPMetadataEntityName() {
+ return props.getProperty("general.login.pvp2.idp.metadata.entityID");
+ }
+
+ public HTTPMetadataProvider getMetaDataProvier() {
+ return idpMetadataProvider;
+ }
+
+
+ //SMTP Server
+ public String getSMTPMailHost() {
+ return props.getProperty("general.mail.host");
+ }
+
+ public String getSMTPMailPort() {
+ return props.getProperty("general.mail.host.port");
+ }
+
+ public String getSMTPMailUsername() {
+ return props.getProperty("general.mail.host.username");
+ }
+
+ public String getSMTPMailPassword() {
+ return props.getProperty("general.mail.host.password");
+ }
+
+ //Mail Configuration
+ public String getMailFromName() {
+ return props.getProperty("general.mail.from.name");
+ }
+
+ public String getMailFromAddress() {
+ return props.getProperty("general.mail.from.address");
+ }
+
+ public String getMailUserAcountVerificationSubject() {
+ return props.getProperty("general.mail.useraccountrequest.verification.subject");
+ }
+
+ public String getMailUserAcountVerificationTemplate() throws ConfigurationException {
+ String url = props.getProperty("general.mail.useraccountrequest.verification.template");
+
+ if (MiscUtil.isNotEmpty(url)) {
+ if (url.startsWith(Constants.FILEPREFIX))
+ return url;
+
+ else
+ return configRootDir + "/" + url;
+
+ } else {
+ log.warn("MailUserAcountVerificationTemplate is empty");
+ throw new ConfigurationException("MailUserAcountVerificationTemplate is empty");
+
+ }
+ }
+
+ public String getMailUserAcountActivationSubject() {
+ return props.getProperty("general.mail.useraccountrequest.isactive.subject");
+ }
+
+ public String getMailUserAcountActivationTemplate() throws ConfigurationException {
+ String url = props.getProperty("general.mail.useraccountrequest.isactive.template");
+
+ if (MiscUtil.isNotEmpty(url)) {
+ if (url.startsWith(Constants.FILEPREFIX))
+ return url;
+
+ else
+ return configRootDir + "/" + url;
+
+ } else {
+ log.warn("MailUserAcountVerificationTemplate is empty");
+ throw new ConfigurationException("MailUserAcountActivationTemplate is empty");
+
+ }
+ }
+
+ public String getMailOAActivationSubject() {
+ return props.getProperty("general.mail.createOArequest.isactive.subject");
+ }
+
+ public String getMailOAActivationTemplate() throws ConfigurationException {
+ String url = props.getProperty("general.mail.createOArequest.isactive.template");
+
+ if (MiscUtil.isNotEmpty(url)) {
+ if (url.startsWith(Constants.FILEPREFIX))
+ return url;
+
+ else
+ return configRootDir + "/" + url;
+
+ } else {
+ log.warn("MailOAActivationTemplate is empty");
+ throw new ConfigurationException("MailOAActivationTemplate is empty");
+
+ }
+ }
+
+ public String getMailUserAcountRevocationTemplate() throws ConfigurationException {
+ String url = props.getProperty("general.mail.useraccountrequest.rejected.template");
+
+ if (MiscUtil.isNotEmpty(url)) {
+ if (url.startsWith(Constants.FILEPREFIX))
+ return url;
+
+ else
+ return configRootDir + "/" + url;
+
+ } else {
+ log.warn("MailUserAcountVerificationTemplate is empty");
+ throw new ConfigurationException("MailUserAcountRevocationTemplate is empty");
+
+ }
+ }
+
+ public String getMailAdminSubject() {
+ return props.getProperty("general.mail.admin.subject");
+ }
+
+ public String getMailAdminTemplate() throws ConfigurationException {
+ String url = props.getProperty("general.mail.admin.adresses.template");
+
+ if (MiscUtil.isNotEmpty(url)) {
+ if (url.startsWith(Constants.FILEPREFIX))
+ return url;
+
+ else
+ return configRootDir + "/" + url;
+
+ } else {
+ log.warn("MailUserAcountVerificationTemplate is empty");
+ throw new ConfigurationException("MailAdminTemplate is empty");
+
+ }
+ }
+
+ public String getMailAdminAddress() {
+ return props.getProperty("general.mail.admin.adress");
+ }
+
+
+ private void initalPVP2Login() throws ConfigurationException {
+ try {
+
+ String metadataCert = getPVP2IDPMetadataCertificate();
+ if (MiscUtil.isEmpty(metadataCert)) {
+ log.info("NO IDP Certificate to verify IDP Metadata");
+ throw new ConfigurationException("NO IDP Certificate to verify IDP Metadata");
+ }
+
+ InputStream certstream = new FileInputStream(metadataCert);
+ X509Certificate cert = new X509Certificate(certstream);
+ BasicX509Credential idpCredential = new BasicX509Credential();
+ idpCredential.setEntityCertificate(cert);
+
+ log.debug("IDP Certificate loading finished");
+
+ String metadataurl = getPVP2IDPMetadataURL();
+ if (MiscUtil.isEmpty(metadataurl)) {
+ log.info("NO IDP Metadata URL.");
+ throw new ConfigurationException("NO IDP Metadata URL.");
+ }
+
+ idpMetadataProvider = new HTTPMetadataProvider(new Timer(), new HttpClient(), metadataurl);
+ idpMetadataProvider.setRequireValidMetadata(true);
+ idpMetadataProvider.setParserPool(new BasicParserPool());
+ idpMetadataProvider.setMetadataFilter(new MetaDataVerificationFilter(idpCredential));
+ idpMetadataProvider.setMaxRefreshDelay(1000 * 3600 * 12 ); //refresh Metadata every 12h
+ idpMetadataProvider.initialize();
+
+ pvp2logininitialzied = true;
+
+ } catch (Exception e) {
+ log.warn("PVP2 authentification can not be initialized.");
+ throw new ConfigurationException("PVP2 authentification can not be initialized.", e);
+ }
+
+
}
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java
new file mode 100644
index 000000000..d0b108e1e
--- /dev/null
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java
@@ -0,0 +1,5 @@
+package at.gv.egovernment.moa.id.configuration.data;
+
+public class GeneralStorkConfig {
+
+}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/StorkAttributes.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/StorkAttributes.java
new file mode 100644
index 000000000..b1857aea1
--- /dev/null
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/StorkAttributes.java
@@ -0,0 +1,28 @@
+package at.gv.egovernment.moa.id.configuration.data;
+
+public class StorkAttributes {
+
+
+ public AttributValues eIdentifier;
+
+
+ public void parse() {
+ eIdentifier = AttributValues.MANDATORY;
+ }
+
+
+ public enum AttributValues {
+ MANDATORY, OPTIONAL, NOT;
+
+ public String getValue() {
+ if (this == MANDATORY)
+ return MANDATORY.name();
+ if (this == OPTIONAL)
+ return OPTIONAL.name();
+ else
+ return NOT.name();
+ }
+ }
+
+}
+
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/UserDatabaseFrom.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/UserDatabaseFrom.java
index 881cdf277..ab08b458a 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/UserDatabaseFrom.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/UserDatabaseFrom.java
@@ -2,7 +2,6 @@ package at.gv.egovernment.moa.id.configuration.data;
import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
import at.gv.egovernment.moa.util.MiscUtil;
-import at.gv.util.data.BPK;
public class UserDatabaseFrom {
@@ -18,10 +17,14 @@ public class UserDatabaseFrom {
private boolean active = false;
private boolean admin = false;
private boolean passwordActive;
+ private boolean isusernamepasswordallowed = false;
+ private boolean isadminrequest = true;
+ private boolean ismandateuser = false;
+ private boolean isPVPGenerated;
private String userID = null;
public UserDatabaseFrom() {
-
+
}
public UserDatabaseFrom(UserDatabase db) {
@@ -41,6 +44,26 @@ public class UserDatabaseFrom {
active = db.isIsActive();
admin = db.isIsAdmin();
+ if (db.isIsUsernamePasswordAllowed() != null)
+ isusernamepasswordallowed = db.isIsUsernamePasswordAllowed();
+ else
+ isusernamepasswordallowed = true;
+
+ if (db.isIsAdminRequest() != null)
+ isadminrequest = db.isIsAdminRequest();
+ else
+ isadminrequest = false;
+
+ if (db.isIsMandateUser() != null)
+ ismandateuser = db.isIsMandateUser();
+ else
+ ismandateuser = false;
+
+ if (db.isIsPVP2Generated() != null)
+ isPVPGenerated = db.isIsPVP2Generated();
+ else
+ isPVPGenerated = false;
+
userID = String.valueOf(db.getHjid());
}
@@ -247,7 +270,62 @@ public class UserDatabaseFrom {
public void setPassword_second(String password_second) {
this.password_second = password_second;
}
+
+ /**
+ * @return the isusernamepasswordallowed
+ */
+ public boolean isIsusernamepasswordallowed() {
+ return isusernamepasswordallowed;
+ }
+
+ /**
+ * @param isusernamepasswordallowed the isusernamepasswordallowed to set
+ */
+ public void setIsusernamepasswordallowed(boolean isusernamepasswordallowed) {
+ this.isusernamepasswordallowed = isusernamepasswordallowed;
+ }
+
+ /**
+ * @return the ismandateuser
+ */
+ public boolean isIsmandateuser() {
+ return ismandateuser;
+ }
+ /**
+ * @param ismandateuser the ismandateuser to set
+ */
+ public void setIsmandateuser(boolean ismandateuser) {
+ this.ismandateuser = ismandateuser;
+ }
+
+ /**
+ * @return the isadminrequest
+ */
+ public boolean isIsadminrequest() {
+ return isadminrequest;
+ }
+
+ /**
+ * @param isadminrequest the isadminrequest to set
+ */
+ public void setIsadminrequest(boolean isadminrequest) {
+ this.isadminrequest = isadminrequest;
+ }
+
+ /**
+ * @return the isPVPGenerated
+ */
+ public boolean isPVPGenerated() {
+ return isPVPGenerated;
+ }
+
+ /**
+ * @param isPVPGenerated the isPVPGenerated to set
+ */
+ public void setPVPGenerated(boolean isPVPGenerated) {
+ this.isPVPGenerated = isPVPGenerated;
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java
index 57ae4863a..2b4ea53c1 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java
@@ -1,9 +1,11 @@
package at.gv.egovernment.moa.id.configuration.data.oa;
import java.util.ArrayList;
+import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import java.util.Set;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA;
@@ -18,6 +20,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType;
import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType;
import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType;
import at.gv.egovernment.moa.id.configuration.Constants;
+import at.gv.egovernment.moa.id.configuration.validation.TargetValidator;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -35,19 +38,21 @@ public class OAGeneralConfig {
private boolean businessService = false;
private String target = null;
+ private String target_subsector = null;
+ private String target_admin = null;
+ private static List<String> targetList = null;
private String targetFriendlyName = null;
+ private boolean isAdminTarget = false;
private String identificationNumber = null;
private String identificationType = null;
+ private static List<String> identificationTypeList = null;
private String aditionalAuthBlockText = null;
private String mandateProfiles = null;
private boolean isActive = false;
- private String slVersion = null;
- private boolean useIFrame = false;
- private boolean useUTC = false;
private boolean calculateHPI = false;
private String keyBoxIdentifier = null;
@@ -56,6 +61,8 @@ public class OAGeneralConfig {
private boolean legacy = false;
List<String> SLTemplates = null;
+ private boolean isHideBPKAuthBlock = false;
+
private Map<String, byte[]> transformations;
@@ -69,6 +76,14 @@ public class OAGeneralConfig {
bkuLocalURL = Constants.DEFAULT_LOCALBKU_URL;
bkuHandyURL = Constants.DEFAULT_HANDYBKU_URL;
+
+ targetList = TargetValidator.getListOfTargets();
+ target = "";
+
+ identificationTypeList = Arrays.asList(
+ Constants.IDENIFICATIONTYPE_FN,
+ Constants.IDENIFICATIONTYPE_ZVR,
+ Constants.IDENIFICATIONTYPE_ERSB);
}
@@ -81,8 +96,32 @@ public class OAGeneralConfig {
keyBoxIdentifier = dbOAConfig.getKeyBoxIdentifier().value();
identifier = dbOAConfig.getPublicURLPrefix();
- target = dbOAConfig.getTarget();
- targetFriendlyName = dbOAConfig.getTargetFriendlyName();
+
+ String target_full = dbOAConfig.getTarget();
+
+ if (MiscUtil.isNotEmpty(target_full)) {
+ String[] target_split = target_full.split("-");
+
+ if (TargetValidator.isValidTarget(target_full)) {
+ target = dbOAConfig.getTarget();
+ if (target_split.length > 1)
+ target_subsector = target_split[1];
+
+ } else {
+ if (TargetValidator.isValidTarget(target_split[0])) {
+ target = target_split[0];
+ if (target_split.length > 1)
+ target_subsector = target_split[1];
+
+ } else {
+ target = "";
+ target_subsector = null;
+ target_admin = target_full;
+ isAdminTarget = true;
+ }
+ }
+ targetFriendlyName = dbOAConfig.getTargetFriendlyName();
+ }
if (dbOAConfig.getType().equals(Constants.MOA_CONFIG_BUSINESSSERVICE))
businessService = true;
@@ -127,7 +166,15 @@ public class OAGeneralConfig {
IdentificationNumber idnumber = oaauth.getIdentificationNumber();
if (idnumber != null) {
- identificationNumber = idnumber.getValue();
+ String number = idnumber.getValue();
+ if (MiscUtil.isNotEmpty(number)) {
+ String[] split = number.split("\\+");
+
+ if (Constants.PREFIX_WPBK.startsWith(split[0]) && split.length >= 2) {
+ identificationType = split[1];
+ identificationNumber = split[2];
+ }
+ }
}
Mandates mandates = oaauth.getMandates();
@@ -135,8 +182,6 @@ public class OAGeneralConfig {
mandateProfiles = mandates.getProfiles();
}
- slVersion = oaauth.getSlVersion();
-
TemplatesType templates = oaauth.getTemplates();
if (templates != null) {
aditionalAuthBlockText = templates.getAditionalAuthBlockText();
@@ -162,11 +207,9 @@ public class OAGeneralConfig {
transformations.put(el.getFilename(), el.getTransformation());
}
- useIFrame = oaauth.isUseIFrame();
- useUTC = oaauth.isUseUTC();
}
-
+ isHideBPKAuthBlock = dbOAConfig.isRemoveBPKFromAuthBlock();
}
@@ -243,30 +286,6 @@ public class OAGeneralConfig {
this.isActive = isActive;
}
- public String getSlVersion() {
- return slVersion;
- }
-
- public void setSlVersion(String slVersion) {
- this.slVersion = slVersion;
- }
-
- public boolean isUseIFrame() {
- return useIFrame;
- }
-
- public void setUseIFrame(boolean useIFrame) {
- this.useIFrame = useIFrame;
- }
-
- public boolean isUseUTC() {
- return useUTC;
- }
-
- public void setUseUTC(boolean useUTC) {
- this.useUTC = useUTC;
- }
-
public boolean isBusinessService() {
return businessService;
}
@@ -461,6 +480,84 @@ public class OAGeneralConfig {
SLTemplates.add(sLTemplateURL3);
}
-
+
+ /**
+ * @return the target_subsector
+ */
+ public String getTarget_subsector() {
+ return target_subsector;
+ }
+
+
+ /**
+ * @param target_subsector the target_subsector to set
+ */
+ public void setTarget_subsector(String target_subsector) {
+ this.target_subsector = target_subsector;
+ }
+
+
+ /**
+ * @return the target_admin
+ */
+ public String getTarget_admin() {
+ return target_admin;
+ }
+
+
+ /**
+ * @param target_admin the target_admin to set
+ */
+ public void setTarget_admin(String target_admin) {
+ this.target_admin = target_admin;
+ }
+
+
+ /**
+ * @return the targetList
+ */
+ public List<String> getTargetList() {
+ return targetList;
+ }
+
+
+ /**
+ * @return the identificationTypeList
+ */
+ public List<String> getIdentificationTypeList() {
+ return identificationTypeList;
+ }
+
+
+ /**
+ * @return the isAdminTarget
+ */
+ public boolean isAdminTarget() {
+ return isAdminTarget;
+ }
+
+
+ /**
+ * @param isAdminTarget the isAdminTarget to set
+ */
+ public void setAdminTarget(boolean isAdminTarget) {
+ this.isAdminTarget = isAdminTarget;
+ }
+
+
+ /**
+ * @return the isHideBPKAuthBlock
+ */
+ public boolean isHideBPKAuthBlock() {
+ return isHideBPKAuthBlock;
+ }
+
+
+ /**
+ * @param isHideBPKAuthBlock the isHideBPKAuthBlock to set
+ */
+ public void setHideBPKAuthBlock(boolean isHideBPKAuthBlock) {
+ this.isHideBPKAuthBlock = isHideBPKAuthBlock;
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/exception/ConfigurationException.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/exception/ConfigurationException.java
index e83bf6997..0c78f996c 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/exception/ConfigurationException.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/exception/ConfigurationException.java
@@ -1,5 +1,7 @@
package at.gv.egovernment.moa.id.configuration.exception;
+import javax.mail.MessagingException;
+
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
public class ConfigurationException extends Exception {
@@ -14,4 +16,8 @@ public class ConfigurationException extends Exception {
super(LanguageHelper.getErrorString(errorname), e);
}
+ public ConfigurationException(Throwable e) {
+ super(e);
+ }
+
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java
index 7dac458ca..9f81e1212 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java
@@ -129,7 +129,7 @@ public class AuthenticationFilter implements Filter{
if (authuser == null) {
- authuser = new AuthenticatedUser(0, "Max", "TestUser", "maxtestuser", true, true);
+ authuser = new AuthenticatedUser(0, "Max", "TestUser", null, "maxtestuser", true, true, false, false);
//authuser = new AuthenticatedUser(1, "Max", "TestUser", true, false);
httpServletRequest.getSession().setAttribute(Constants.SESSION_AUTH, authuser);
}
@@ -184,7 +184,7 @@ public class AuthenticationFilter implements Filter{
filterchain.doFilter(req, resp);
} catch (Exception e) {
-
+
// String redirectURL = "./index.action";
// HttpServletResponse httpResp = (HttpServletResponse) resp;
// redirectURL = httpResp.encodeRedirectURL(redirectURL);
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/DateTimeHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/DateTimeHelper.java
new file mode 100644
index 000000000..aed20ce9e
--- /dev/null
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/DateTimeHelper.java
@@ -0,0 +1,37 @@
+package at.gv.egovernment.moa.id.configuration.helper;
+
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.Date;
+
+import org.apache.log4j.Logger;
+
+import at.gv.egovernment.moa.util.MiscUtil;
+
+public class DateTimeHelper {
+
+ private static final Logger log = Logger.getLogger(DateTimeHelper.class);
+
+ private static final String DATETIMEPATTERN = "dd.MM.yyy HH:mm";
+
+ public static String getDateTime(Date date) {
+ SimpleDateFormat f = new SimpleDateFormat(DATETIMEPATTERN);
+ return f.format(date);
+ }
+
+ public static Date parseDateTime(String date) {
+ SimpleDateFormat f = new SimpleDateFormat(DATETIMEPATTERN);
+
+ if (MiscUtil.isNotEmpty(date)) {
+
+ try {
+ return f.parse(date);
+
+ } catch (ParseException e) {
+ log.warn("Parse DATETIME String " + date + " failed", e);
+
+ }
+ }
+ return null;
+ }
+}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java
new file mode 100644
index 000000000..d2814f6a6
--- /dev/null
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java
@@ -0,0 +1,53 @@
+package at.gv.egovernment.moa.id.configuration.helper;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
+import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
+import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
+import at.gv.egovernment.moa.id.configuration.data.OAListElement;
+
+public class FormDataHelper {
+
+ public static ArrayList<OAListElement> addFormOAs(List<OnlineApplication> dbOAs) {
+
+ ArrayList<OAListElement> formOAs = new ArrayList<OAListElement>();
+
+ for (OnlineApplication dboa : dbOAs) {
+ OAListElement listoa = new OAListElement();
+ listoa.setActive(dboa.isIsActive());
+ listoa.setDataBaseID(dboa.getHjid());
+ listoa.setOaFriendlyName(dboa.getFriendlyName());
+ listoa.setOaIdentifier(dboa.getPublicURLPrefix());
+ listoa.setOaType(dboa.getType());
+ formOAs.add(listoa);
+ }
+
+ return formOAs;
+ }
+
+ public static ArrayList<AuthenticatedUser> addFormUsers(List<UserDatabase> dbuserlist) {
+ ArrayList<AuthenticatedUser> userlist = new ArrayList<AuthenticatedUser>();
+
+ for (UserDatabase dbuser : dbuserlist) {
+
+ boolean ismandate = false;
+ if (dbuser.isIsMandateUser() != null)
+ ismandate = dbuser.isIsMandateUser();
+
+
+ userlist.add(new AuthenticatedUser(
+ dbuser.getHjid(),
+ dbuser.getGivenname(),
+ dbuser.getFamilyname(),
+ dbuser.getInstitut(),
+ dbuser.getUsername(),
+ dbuser.isIsActive(),
+ dbuser.isIsAdmin(),
+ ismandate,
+ false));
+ }
+ return userlist;
+ }
+}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java
new file mode 100644
index 000000000..3081f3929
--- /dev/null
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java
@@ -0,0 +1,254 @@
+package at.gv.egovernment.moa.id.configuration.helper;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.InputStream;
+import java.io.StringWriter;
+import java.io.UnsupportedEncodingException;
+import java.text.SimpleDateFormat;
+import java.util.Date;
+import java.util.Properties;
+
+import javax.mail.BodyPart;
+import javax.mail.Message;
+import javax.mail.MessagingException;
+import javax.mail.Session;
+import javax.mail.Transport;
+import javax.mail.internet.InternetAddress;
+import javax.mail.internet.MimeBodyPart;
+import javax.mail.internet.MimeMessage;
+import javax.mail.internet.MimeMultipart;
+
+import org.apache.commons.io.IOUtils;
+import org.apache.log4j.Logger;
+
+import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
+import at.gv.egovernment.moa.id.configuration.Constants;
+import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
+import at.gv.egovernment.moa.id.configuration.data.UserDatabaseFrom;
+import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+public class MailHelper {
+
+ private static final Logger log = Logger.getLogger(MailHelper.class);
+
+ private static final String PATTERN_GIVENNAME = "#GIVENNAME#";
+ private static final String PATTERN_FAMILYNAME = "#FAMILYNAME#";
+ private static final String PATTERN_URL = "#MANDATE_SERVICE_LINK#";
+ private static final String PATTERN_DATE = "#TODAY_DATE#";
+ private static final String PATTERN_OPENOAS = "#NUMBER_OAS#";
+ private static final String PATTERN_OPENUSERS = "#NUMBER_USERSS#";
+ private static final String PATTERN_OANAME = "#OANAME#";
+
+ public static void sendUserMailAddressVerification(UserDatabase userdb) throws ConfigurationException {
+
+ ConfigurationProvider config = ConfigurationProvider.getInstance();
+ String templateurl = config.getMailUserAcountVerificationTemplate();
+
+ String template = readTemplateFromURL(templateurl);
+
+ if (userdb.isIsMandateUser()) {
+ template = template.replace(PATTERN_GIVENNAME, userdb.getInstitut());
+ template = template.replace(PATTERN_FAMILYNAME, "");
+
+ } else {
+ template = template.replace(PATTERN_GIVENNAME, userdb.getGivenname());
+ template = template.replace(PATTERN_FAMILYNAME, userdb.getFamilyname());
+ }
+
+ SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy");
+ template = template.replace(PATTERN_DATE, dateformat.format(new Date()));
+
+ String verificationURL = config.getPublicUrlPreFix(null);
+
+ if (!verificationURL.endsWith("/"))
+ verificationURL = verificationURL + "/";
+
+ verificationURL = verificationURL + Constants.SERVLET_ACCOUNTVERIFICATION +
+ "?" + Constants.REQUEST_USERREQUESTTOKKEN +
+ "=" + userdb.getUserRequestTokken();
+ template = template.replace(PATTERN_URL, verificationURL);
+
+ sendMail(config, config.getMailUserAcountVerificationSubject(),
+ userdb.getMail(), template);
+
+ }
+
+ public static void sendAdminMail(int numOpenOAs, int numOpenUsers) throws ConfigurationException {
+ ConfigurationProvider config = ConfigurationProvider.getInstance();
+ String templateurl = config.getMailAdminTemplate();
+
+ String template = readTemplateFromURL(templateurl);
+ template = template.replace(PATTERN_OPENOAS, String.valueOf(numOpenOAs));
+ template = template.replace(PATTERN_OPENUSERS, String.valueOf(numOpenUsers));
+
+ SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy");
+ template = template.replace(PATTERN_DATE, dateformat.format(new Date()));
+
+ sendMail(config, config.getMailAdminSubject(), config.getMailAdminAddress(), template);
+
+ }
+
+ public static void sendUserAccountActivationMail(String givenname, String familyname, String institut, String mailurl) throws ConfigurationException {
+ ConfigurationProvider config = ConfigurationProvider.getInstance();
+ String templateurl = config.getMailUserAcountActivationTemplate();
+
+ String template = readTemplateFromURL(templateurl);
+ if (MiscUtil.isNotEmpty(institut)) {
+ template = template.replace(PATTERN_GIVENNAME, institut);
+ template = template.replace(PATTERN_FAMILYNAME, "");
+
+ } else {
+ template = template.replace(PATTERN_GIVENNAME, givenname);
+ template = template.replace(PATTERN_FAMILYNAME, familyname);
+ }
+
+
+ SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy");
+ template = template.replace(PATTERN_DATE, dateformat.format(new Date()));
+
+ String verificationURL = config.getPublicUrlPreFix(null);
+ if (!verificationURL.endsWith("/"))
+ verificationURL = verificationURL + "/";
+
+ template = template.replace(PATTERN_URL, verificationURL);
+
+ sendMail(config, config.getMailUserAcountActivationSubject(),
+ mailurl, template);
+ }
+
+ public static void sendUserOnlineApplicationActivationMail(String givenname, String familyname, String institut, String oaname, String mailurl) throws ConfigurationException {
+ ConfigurationProvider config = ConfigurationProvider.getInstance();
+ String templateurl = config.getMailOAActivationTemplate();
+
+ String template = readTemplateFromURL(templateurl);
+ if (MiscUtil.isNotEmpty(institut)) {
+ template = template.replace(PATTERN_GIVENNAME, institut);
+ template = template.replace(PATTERN_FAMILYNAME, "");
+
+ } else {
+ template = template.replace(PATTERN_GIVENNAME, givenname);
+ template = template.replace(PATTERN_FAMILYNAME, familyname);
+ }
+
+ template = template.replace(PATTERN_OANAME, oaname);
+
+ SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy");
+ template = template.replace(PATTERN_DATE, dateformat.format(new Date()));
+
+ String verificationURL = config.getPublicUrlPreFix(null);
+ if (!verificationURL.endsWith("/"))
+ verificationURL = verificationURL + "/";
+
+ template = template.replace(PATTERN_URL, verificationURL);
+
+ sendMail(config, config.getMailOAActivationSubject(),
+ mailurl, template);
+ }
+
+ public static void sendUserAccountRevocationMail(UserDatabase userdb) throws ConfigurationException {
+ ConfigurationProvider config = ConfigurationProvider.getInstance();
+ String templateurl = config.getMailUserAcountRevocationTemplate();
+
+ String template = readTemplateFromURL(templateurl);
+
+ if (userdb.isIsMandateUser()) {
+ template = template.replace(PATTERN_GIVENNAME, userdb.getInstitut());
+ template = template.replace(PATTERN_FAMILYNAME, "");
+
+ } else {
+ template = template.replace(PATTERN_GIVENNAME, userdb.getGivenname());
+ template = template.replace(PATTERN_FAMILYNAME, userdb.getFamilyname());
+ }
+
+ SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy");
+ template = template.replace(PATTERN_DATE, dateformat.format(new Date()));
+
+ sendMail(config, config.getMailUserAcountActivationSubject(),
+ userdb.getMail(), template);
+ }
+
+ private static String readTemplateFromURL(String templateurl) throws ConfigurationException {
+ InputStream input;
+ try {
+ File file = new File(templateurl);
+ input = new FileInputStream(file);
+ StringWriter writer = new StringWriter();
+ IOUtils.copy(input, writer);
+ input.close();
+ return writer.toString();
+
+ } catch (Exception e) {
+ log.warn("Mailtemplate can not be read from source" + templateurl);
+ throw new ConfigurationException("Mailtemplate can not be read from source" + templateurl);
+
+ }
+ }
+
+ private static void sendMail(ConfigurationProvider config, String subject, String recipient, String content) throws ConfigurationException {
+ try {
+ log.debug("Sending mail.");
+ MiscUtil.assertNotNull(subject, "subject");
+ MiscUtil.assertNotNull(recipient, "recipient");
+ MiscUtil.assertNotNull(content, "content");
+
+ Properties props = new Properties();
+ props.setProperty("mail.transport.protocol", "smtp");
+ props.setProperty("mail.host", config.getSMTPMailHost());
+ log.trace("Mail host: " + config.getSMTPMailHost());
+ if (config.getSMTPMailPort() != null) {
+ log.trace("Mail port: " + config.getSMTPMailPort());
+ props.setProperty("mail.port", config.getSMTPMailPort());
+ }
+ if (config.getSMTPMailUsername() != null) {
+ log.trace("Mail user: " + config.getSMTPMailUsername());
+ props.setProperty("mail.user", config.getSMTPMailUsername());
+ }
+ if (config.getSMTPMailPassword() != null) {
+ log.trace("Mail password: " + config.getSMTPMailPassword());
+ props.setProperty("mail.password", config.getSMTPMailPassword());
+ }
+
+ Session mailSession = Session.getDefaultInstance(props, null);
+ Transport transport = mailSession.getTransport();
+
+ MimeMessage message = new MimeMessage(mailSession);
+ message.setSubject(subject);
+ log.trace("Mail from: " + config.getMailFromName() + "/" + config.getMailFromAddress());
+ message.setFrom(new InternetAddress(config.getMailFromAddress(), config.getMailFromName()));
+ log.trace("Recipient: " + recipient);
+ message.addRecipient(Message.RecipientType.TO, new InternetAddress(recipient));
+
+ log.trace("Creating multipart content of mail.");
+ MimeMultipart multipart = new MimeMultipart("related");
+
+ log.trace("Adding first part (html)");
+ BodyPart messageBodyPart = new MimeBodyPart();
+ messageBodyPart.setContent(content, "text/html; charset=ISO-8859-15");
+ multipart.addBodyPart(messageBodyPart);
+
+// log.trace("Adding mail images");
+// messageBodyPart = new MimeBodyPart();
+// for (Image image : images) {
+// messageBodyPart.setDataHandler(new DataHandler(image));
+// messageBodyPart.setHeader("Content-ID", "<" + image.getContentId() + ">");
+// multipart.addBodyPart(messageBodyPart);
+// }
+
+ message.setContent(multipart);
+ transport.connect();
+ log.trace("Sending mail message.");
+ transport.sendMessage(message, message.getRecipients(Message.RecipientType.TO));
+ log.trace("Successfully sent.");
+ transport.close();
+
+ } catch(MessagingException e) {
+ throw new ConfigurationException(e);
+
+ } catch (UnsupportedEncodingException e) {
+ throw new ConfigurationException(e);
+
+ }
+ }
+}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java
index 3f6005b97..bad522a4b 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java
@@ -10,6 +10,7 @@ import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
import org.apache.log4j.Logger;
import org.apache.struts2.interceptor.ServletRequestAware;
@@ -53,6 +54,7 @@ import at.gv.egovernment.moa.id.configuration.data.GeneralMOAIDConfig;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
import at.gv.egovernment.moa.id.configuration.validation.moaconfig.MOAConfigValidator;
import at.gv.egovernment.moa.id.configuration.validation.moaconfig.PVP2ContactValidator;
+import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.util.MiscUtil;
import com.opensymphony.xwork2.ActionSupport;
@@ -67,12 +69,18 @@ public class EditGeneralConfigAction extends ActionSupport
private HttpServletResponse response;
private AuthenticatedUser authUser;
-
private GeneralMOAIDConfig moaconfig;
+ private String formID;
+
public String loadConfig() {
+ HttpSession session = request.getSession();
+ if (session == null) {
+ log.info("No http Session found.");
+ return Constants.STRUTS_ERROR;
+ }
- Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
+ Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);
authUser = (AuthenticatedUser) authUserObj;
if (authUser.isAdmin()) {
@@ -84,6 +92,9 @@ public class EditGeneralConfigAction extends ActionSupport
ConfigurationDBUtils.closeSession();
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+
return Constants.STRUTS_SUCCESS;
} else {
@@ -93,11 +104,30 @@ public class EditGeneralConfigAction extends ActionSupport
}
public String saveConfig() {
+ HttpSession session = request.getSession();
+ if (session == null) {
+ log.info("No http Session found.");
+ return Constants.STRUTS_ERROR;
+ }
- Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
-
+ Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);
authUser = (AuthenticatedUser) authUserObj;
+ Object formidobj = session.getAttribute(Constants.SESSION_FORMID);
+ if (formidobj != null && formidobj instanceof String) {
+ String formid = (String) formidobj;
+ if (!formid.equals(formID)) {
+ log.warn("FormIDs does not match. Some suspect Form is received from user "
+ + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+ return Constants.STRUTS_ERROR;
+ }
+ } else {
+ log.warn("FormIDs does not match. Some suspect Form is received from user "
+ + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+ return Constants.STRUTS_ERROR;
+ }
+ session.setAttribute(Constants.SESSION_FORMID, null);
+
if (authUser.isAdmin()) {
MOAConfigValidator validator = new MOAConfigValidator();
@@ -109,6 +139,8 @@ public class EditGeneralConfigAction extends ActionSupport
for (String el : errors)
addActionError(el);
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
return Constants.STRUTS_ERROR_VALIDATION;
}
@@ -505,6 +537,20 @@ public class EditGeneralConfigAction extends ActionSupport
public void setMoaconfig(GeneralMOAIDConfig moaconfig) {
this.moaconfig = moaconfig;
}
+
+ /**
+ * @return the formID
+ */
+ public String getFormID() {
+ return formID;
+ }
+
+ /**
+ * @param formID the formID to set
+ */
+ public void setFormID(String formID) {
+ this.formID = formID;
+ }
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java
index 297d80726..8d20fe118 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java
@@ -8,6 +8,7 @@ import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
import org.apache.log4j.Logger;
import org.apache.struts2.interceptor.ServletRequestAware;
@@ -38,13 +39,17 @@ import at.gv.egovernment.moa.id.configuration.data.oa.OAPVP2Config;
import at.gv.egovernment.moa.id.configuration.data.oa.OASAML1Config;
import at.gv.egovernment.moa.id.configuration.data.oa.OASSOConfig;
import at.gv.egovernment.moa.id.configuration.data.oa.OASTORKConfig;
+import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
+import at.gv.egovernment.moa.id.configuration.helper.MailHelper;
+import at.gv.egovernment.moa.id.configuration.validation.TargetValidator;
import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper;
import at.gv.egovernment.moa.id.configuration.validation.oa.OAGeneralConfigValidation;
import at.gv.egovernment.moa.id.configuration.validation.oa.OAPVP2ConfigValidation;
import at.gv.egovernment.moa.id.configuration.validation.oa.OASAML1ConfigValidation;
import at.gv.egovernment.moa.id.configuration.validation.oa.OASSOConfigValidation;
import at.gv.egovernment.moa.id.configuration.validation.oa.OASTORKConfigValidation;
+import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.util.MiscUtil;
import com.opensymphony.xwork2.ActionSupport;
@@ -63,6 +68,9 @@ ServletResponseAware {
private String oaidobj;
private boolean newOA;
+ private String formID;
+
+ private String nextPage;
private OAGeneralConfig generalOA = new OAGeneralConfig();
private OAPVP2Config pvp2OA = new OAPVP2Config();
@@ -72,11 +80,16 @@ ServletResponseAware {
//STRUTS actions
public String inital() {
+ HttpSession session = request.getSession();
+ if (session == null) {
+ log.info("No http Session found.");
+ return Constants.STRUTS_ERROR;
+ }
- Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
+ Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);
authUser = (AuthenticatedUser) authUserObj;
-
+
long oaid = -1;
if (!ValidationHelper.validateOAID(oaidobj)) {
@@ -88,8 +101,15 @@ ServletResponseAware {
OnlineApplication onlineapplication = null;;
if (authUser.isAdmin())
onlineapplication = ConfigurationDBRead.getOnlineApplication(oaid);
+
else {
UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID());
+
+ if (!userdb.isIsMailAddressVerified() && !authUser.isAdmin()) {
+ log.info("Online-Applikation managemant disabled. Mail address is not verified.");
+ addActionError(LanguageHelper.getErrorString("error.editoa.mailverification"));
+ }
+
List<OnlineApplication> oas = userdb.getOnlineApplication();
for (OnlineApplication oa : oas) {
if (oa.getHjid() == oaid) {
@@ -115,7 +135,10 @@ ServletResponseAware {
ConfigurationDBUtils.closeSession();
- request.getSession().setAttribute(Constants.SESSION_OAID, oaid);
+ session.setAttribute(Constants.SESSION_OAID, oaid);
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
newOA = false;
@@ -124,24 +147,66 @@ ServletResponseAware {
public String newOA() {
log.debug("insert new Online-Application");
+
+ HttpSession session = request.getSession();
+ if (session == null) {
+ log.info("No http Session found.");
+ return Constants.STRUTS_ERROR;
+ }
+
+ session.setAttribute(Constants.SESSION_OAID, null);
+ nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name();
- request.getSession().setAttribute(Constants.SESSION_OAID, null);
-
- Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
+ Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);
authUser = (AuthenticatedUser) authUserObj;
+ UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID());
+ if (!userdb.isIsMailAddressVerified() && !authUser.isAdmin()) {
+ log.info("Online-Applikation managemant disabled. Mail address is not verified.");
+ addActionError(LanguageHelper.getErrorString("error.editoa.mailverification"));
+ }
+
newOA = true;
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+
return Constants.STRUTS_OA_EDIT;
}
public String saveOA() {
-
- Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
+ HttpSession session = request.getSession();
+ if (session == null) {
+ log.info("No http Session found.");
+ return Constants.STRUTS_ERROR;
+ }
+ Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);
authUser = (AuthenticatedUser) authUserObj;
+ Object formidobj = session.getAttribute(Constants.SESSION_FORMID);
+ if (formidobj != null && formidobj instanceof String) {
+ String formid = (String) formidobj;
+ if (!formid.equals(formID)) {
+ log.warn("FormIDs does not match. Some suspect Form is received from user "
+ + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+ return Constants.STRUTS_ERROR;
+ }
+ } else {
+ log.warn("FormIDs does not match. Some suspect Form is received from user "
+ + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+ return Constants.STRUTS_ERROR;
+ }
+ session.setAttribute(Constants.SESSION_FORMID, null);
+
+ UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID());
+ if (!authUser.isAdmin() && !userdb.isIsMailAddressVerified()) {
+ log.info("Online-Applikation managemant disabled. Mail address is not verified.");
+ addActionError(LanguageHelper.getErrorString("error.editoa.mailverification"));
+ return Constants.STRUTS_SUCCESS;
+ }
+
OnlineApplication onlineapplication = null;
List<String> errors = new ArrayList<String>();
@@ -170,15 +235,15 @@ ServletResponseAware {
} else {
- //TODO: oaidentifier has to be a URL according to PVP2.1 specification
- if (ValidationHelper.isValidOAIdentifier(oaidentifier)) {
- log.warn("IdentificationNumber contains potentail XSS characters: " + oaidentifier);
+ if (!ValidationHelper.validateURL(oaidentifier)) {
+ log.warn("OnlineapplikationIdentifier is not a valid URL: " + oaidentifier);
errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.valid",
new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()} ));
} else {
if (oaid == -1) {
onlineapplication = ConfigurationDBRead.getOnlineApplication(oaidentifier);
+ newOA = true;
if (onlineapplication != null) {
log.info("The OAIdentifier is not unique");
errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.notunique"));
@@ -215,23 +280,108 @@ ServletResponseAware {
for (String el : errors)
addActionError(el);
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
return Constants.STRUTS_ERROR_VALIDATION;
} else {
- String error = saveOAConfigToDatabase(onlineapplication);
+ boolean newentry = false;
+
+ if (onlineapplication == null) {
+ onlineapplication = new OnlineApplication();
+ newentry = true;
+ onlineapplication.setIsActive(false);
+
+ if (!authUser.isAdmin()) {
+ onlineapplication.setIsAdminRequired(true);
+ }
+
+ } else {
+ if (!authUser.isAdmin() &&
+ !onlineapplication.getPublicURLPrefix().
+ equals(generalOA.getIdentifier())) {
+
+ onlineapplication.setIsAdminRequired(true);
+ onlineapplication.setIsActive(false);
+ log.info("User with ID " + authUser.getUserID()
+ + " change OA-PublicURLPrefix. Reaktivation is required.");
+ }
+
+ }
+
+ if ( (onlineapplication.isIsAdminRequired() == null) ||
+ (authUser.isAdmin() && generalOA.isActive()
+ && onlineapplication.isIsAdminRequired()) ) {
+
+ onlineapplication.setIsAdminRequired(false);
+
+ UserDatabase user = ConfigurationDBRead.getUsersWithOADBID(onlineapplication.getHjid());
+ if (user != null) {
+ try {
+ MailHelper.sendUserOnlineApplicationActivationMail(
+ user.getGivenname(),
+ user.getFamilyname(),
+ user.getInstitut(),
+ onlineapplication.getPublicURLPrefix(),
+ user.getMail());
+ } catch (ConfigurationException e) {
+ log.warn("Sending Mail to User " + user.getMail() + " failed", e);
+ }
+ }
+
+ }
+
+
+ String error = saveOAConfigToDatabase(onlineapplication, newentry);
if (MiscUtil.isNotEmpty(error)) {
log.warn("OA configuration can not be stored!");
- addActionError(error);
+ addActionError(error);
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
return Constants.STRUTS_ERROR_VALIDATION;
}
}
+ Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA);
+ if (nextPageAttr != null && nextPageAttr instanceof String) {
+ nextPage = (String) nextPageAttr;
+ session.setAttribute(Constants.SESSION_RETURNAREA, null);
+
+ } else {
+ nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name();
+ }
- request.getSession().setAttribute(Constants.SESSION_OAID, null);
- addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.success", generalOA.getIdentifier(), request));
+ if (onlineapplication.isIsAdminRequired()) {
+ int numoas = 0;
+ int numusers = 0;
+
+ List<OnlineApplication> openOAs = ConfigurationDBRead.getAllNewOnlineApplications();
+ if (openOAs != null)
+ numoas = openOAs.size();
+
+ List<UserDatabase> openUsers = ConfigurationDBRead.getAllNewUsers();
+ if (openUsers != null)
+ numusers = openUsers.size();
+ try {
+
+ addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.success.admin", generalOA.getIdentifier(), request));
+
+ if (numusers > 0 || numoas > 0)
+ MailHelper.sendAdminMail(numoas, numusers);
+
+ } catch (ConfigurationException e) {
+ log.warn("Sending Mail to Admin failed.", e);
+ }
+
+ } else
+ addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.success", generalOA.getIdentifier(), request));
+
+
+ request.getSession().setAttribute(Constants.SESSION_OAID, null);
ConfigurationDBUtils.closeSession();
return Constants.STRUTS_SUCCESS;
@@ -239,7 +389,22 @@ ServletResponseAware {
public String cancleAndBackOA() {
- request.getSession().setAttribute(Constants.SESSION_OAID, null);
+ HttpSession session = request.getSession();
+ if (session == null) {
+ log.info("No http Session found.");
+ return Constants.STRUTS_ERROR;
+ }
+
+ Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA);
+ if (nextPageAttr != null && nextPageAttr instanceof String) {
+ nextPage = (String) nextPageAttr;
+ session.setAttribute(Constants.SESSION_RETURNAREA, null);
+
+ } else {
+ nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name();
+ }
+
+ session.setAttribute(Constants.SESSION_OAID, null);
addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.cancle", generalOA.getIdentifier(), request));
@@ -249,15 +414,52 @@ ServletResponseAware {
}
public String deleteOA() {
+ HttpSession session = request.getSession();
+ if (session == null) {
+ log.info("No http Session found.");
+ return Constants.STRUTS_ERROR;
+ }
- Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
-
+ Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);
authUser = (AuthenticatedUser) authUserObj;
+ Object formidobj = session.getAttribute(Constants.SESSION_FORMID);
+ if (formidobj != null && formidobj instanceof String) {
+ String formid = (String) formidobj;
+ if (!formid.equals(formID)) {
+ log.warn("FormIDs does not match. Some suspect Form is received from user "
+ + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+ return Constants.STRUTS_ERROR;
+ }
+ } else {
+ log.warn("FormIDs does not match. Some suspect Form is received from user "
+ + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+ return Constants.STRUTS_ERROR;
+ }
+ session.setAttribute(Constants.SESSION_FORMID, null);
+
+ Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA);
+ if (nextPageAttr != null && nextPageAttr instanceof String) {
+ nextPage = (String) nextPageAttr;
+
+ } else {
+ nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name();
+ }
+
+ UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID());
+ if (!authUser.isAdmin() && !userdb.isIsMailAddressVerified()) {
+ log.info("Online-Applikation managemant disabled. Mail address is not verified.");
+ addActionError(LanguageHelper.getErrorString("error.editoa.mailverification"));
+ return Constants.STRUTS_SUCCESS;
+ }
+
String oaidentifier = generalOA.getIdentifier();
if (MiscUtil.isEmpty(oaidentifier)) {
log.info("Empty OA identifier");
addActionError(LanguageHelper.getErrorString("validation.general.oaidentifier.empty"));
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
return Constants.STRUTS_ERROR_VALIDATION;
} else {
@@ -265,6 +467,9 @@ ServletResponseAware {
log.warn("IdentificationNumber contains potentail XSS characters: " + oaidentifier);
addActionError(LanguageHelper.getErrorString("validation.general.oaidentifier.valid",
new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()} ));
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
return Constants.STRUTS_ERROR_VALIDATION;
}
}
@@ -310,16 +515,8 @@ ServletResponseAware {
}
- private String saveOAConfigToDatabase(OnlineApplication dboa) {
-
- boolean newentry = false;
-
- if (dboa == null) {
- dboa = new OnlineApplication();
- newentry = true;
- dboa.setIsActive(false);
- }
-
+ private String saveOAConfigToDatabase(OnlineApplication dboa, boolean newentry) {
+
AuthComponentOA authoa = dboa.getAuthComponentOA();
if (authoa == null) {
authoa = new AuthComponentOA();
@@ -331,72 +528,134 @@ ServletResponseAware {
dboa.setFriendlyName(generalOA.getFriendlyName());
dboa.setCalculateHPI(generalOA.isCalculateHPI());
- dboa.setKeyBoxIdentifier(MOAKeyBoxSelector.fromValue(generalOA.getKeyBoxIdentifier()));
+ dboa.setRemoveBPKFromAuthBlock(generalOA.isHideBPKAuthBlock());
+
+ if (authUser.isAdmin())
+ dboa.setKeyBoxIdentifier(MOAKeyBoxSelector.fromValue(generalOA.getKeyBoxIdentifier()));
+ else {
+ if (newentry)
+ dboa.setKeyBoxIdentifier(MOAKeyBoxSelector.SECURE_SIGNATURE_KEYPAIR);
+ }
+
dboa.setPublicURLPrefix(generalOA.getIdentifier());
if (generalOA.isBusinessService()) {
dboa.setType(Constants.MOA_CONFIG_BUSINESSSERVICE);
+ String num = generalOA.getIdentificationNumber().replaceAll(" ", "");
+ if (num.startsWith(Constants.IDENIFICATIONTYPE_FN))
+ num = num.substring(Constants.IDENIFICATIONTYPE_FN.length());
+
+ if (num.startsWith(Constants.IDENIFICATIONTYPE_ZVR))
+ num = num.substring(Constants.IDENIFICATIONTYPE_ZVR.length());
+
+ if (num.startsWith(Constants.IDENIFICATIONTYPE_ERSB))
+ num = num.substring(Constants.IDENIFICATIONTYPE_ERSB.length());
+
IdentificationNumber idnumber = new IdentificationNumber();
- idnumber.setValue(generalOA.getIdentificationNumber());
+ idnumber.setValue(
+ Constants.PREFIX_WPBK +
+ generalOA.getIdentificationType() +
+ "+" +
+ num);
+
authoa.setIdentificationNumber(idnumber);
}
else {
dboa.setType(null);
- dboa.setTarget(generalOA.getTarget());
- dboa.setTargetFriendlyName(generalOA.getTargetFriendlyName());
+ if (authUser.isAdmin()) {
+ if (MiscUtil.isNotEmpty(generalOA.getTarget_admin()) &&
+ generalOA.isAdminTarget() ) {
+ dboa.setTarget(generalOA.getTarget_admin());
+ dboa.setTargetFriendlyName(generalOA.getTargetFriendlyName());
+
+ } else {
+ String target_full = generalOA.getTarget();
+ String[] target_split = target_full.split("-");
+ if (MiscUtil.isNotEmpty(generalOA.getTarget_subsector()))
+ dboa.setTarget(target_split[0] + "-" + generalOA.getTarget_subsector());
+ else
+ dboa.setTarget(target_full);
+
+ String targetname = TargetValidator.getTargetFriendlyName(target_full);
+ if (MiscUtil.isNotEmpty(targetname))
+ dboa.setTargetFriendlyName(targetname);
+ else
+ dboa.setTargetFriendlyName(TargetValidator.getTargetFriendlyName(target_split[0]));
+ }
+
+ } else {
+ if (MiscUtil.isNotEmpty(generalOA.getTarget())) {
+ String target_full = generalOA.getTarget();
+ String[] target_split = target_full.split("-");
+ dboa.setTarget(target_split[0] + "-" + generalOA.getTarget_subsector());
+
+ if (MiscUtil.isNotEmpty(generalOA.getTarget_subsector()))
+ dboa.setTarget(target_split[0] + "-" + generalOA.getTarget_subsector());
+
+ else
+ dboa.setTarget(target_full);
+
+ String targetname = TargetValidator.getTargetFriendlyName(target_full);
+ if (MiscUtil.isNotEmpty(targetname))
+ dboa.setTargetFriendlyName(targetname);
+ else
+ dboa.setTargetFriendlyName(TargetValidator.getTargetFriendlyName(target_split[0]));
+ }
+ }
}
BKUURLS bkuruls = new BKUURLS();
authoa.setBKUURLS(bkuruls);
- bkuruls.setHandyBKU(generalOA.getBkuHandyURL());
- bkuruls.setLocalBKU(generalOA.getBkuLocalURL());
- bkuruls.setOnlineBKU(generalOA.getBkuOnlineURL());
+ if (authUser.isAdmin()) {
+ bkuruls.setHandyBKU(generalOA.getBkuHandyURL());
+ bkuruls.setLocalBKU(generalOA.getBkuLocalURL());
+ bkuruls.setOnlineBKU(generalOA.getBkuOnlineURL());
+ }
Mandates mandates = new Mandates();
mandates.setProfiles(generalOA.getMandateProfiles());
authoa.setMandates(mandates);
-
- authoa.setSlVersion(generalOA.getSlVersion());
- authoa.setUseIFrame(generalOA.isUseIFrame());
- authoa.setUseUTC(generalOA.isUseUTC());
-
+
TemplatesType templates = authoa.getTemplates();
if (templates == null) {
templates = new TemplatesType();
authoa.setTemplates(templates);
}
- templates.setAditionalAuthBlockText(generalOA.getAditionalAuthBlockText());
- List<TemplateType> template = templates.getTemplate();
- if (generalOA.isLegacy()) {
+ if (authUser.isAdmin()) {
+ templates.setAditionalAuthBlockText(generalOA.getAditionalAuthBlockText());
+
+ List<TemplateType> template = templates.getTemplate();
+ if (generalOA.isLegacy()) {
- if (template == null)
- template = new ArrayList<TemplateType>();
- else
- template.clear();
+ if (template == null)
+ template = new ArrayList<TemplateType>();
+ else
+ template.clear();
- if (MiscUtil.isNotEmpty(generalOA.getSLTemplateURL1())) {
- TemplateType el = new TemplateType();
- el.setURL(generalOA.getSLTemplateURL1());
- template.add(el);
- }
- if (MiscUtil.isNotEmpty(generalOA.getSLTemplateURL2())) {
- TemplateType el = new TemplateType();
- el.setURL(generalOA.getSLTemplateURL2());
- template.add(el);
- }
- if (MiscUtil.isNotEmpty(generalOA.getSLTemplateURL3())) {
- TemplateType el = new TemplateType();
- el.setURL(generalOA.getSLTemplateURL3());
- template.add(el);
+ if (MiscUtil.isNotEmpty(generalOA.getSLTemplateURL1())) {
+ TemplateType el = new TemplateType();
+ el.setURL(generalOA.getSLTemplateURL1());
+ template.add(el);
+ }
+ if (MiscUtil.isNotEmpty(generalOA.getSLTemplateURL2())) {
+ TemplateType el = new TemplateType();
+ el.setURL(generalOA.getSLTemplateURL2());
+ template.add(el);
+ }
+ if (MiscUtil.isNotEmpty(generalOA.getSLTemplateURL3())) {
+ TemplateType el = new TemplateType();
+ el.setURL(generalOA.getSLTemplateURL3());
+ template.add(el);
+ }
+
+ } else {
+ if (template != null && template.size() > 0)
+ template.clear();
}
-
- } else {
- if (template != null && template.size() > 0)
- template.clear();
}
//set default transformation if it is empty
@@ -609,4 +868,28 @@ ServletResponseAware {
this.newOA = newOA;
}
+ /**
+ * @return the nextPage
+ */
+ public String getNextPage() {
+ return nextPage;
+ }
+
+ /**
+ * @return the formID
+ */
+ public String getFormID() {
+ return formID;
+ }
+
+ /**
+ * @param formID the formID to set
+ */
+ public void setFormID(String formID) {
+ this.formID = formID;
+ }
+
+
+
+
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java
index 1cb4fa802..d3d00186f 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java
@@ -3,26 +3,21 @@ package at.gv.egovernment.moa.id.configuration.struts.action;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
-import java.io.OutputStream;
-import java.io.StringReader;
import java.io.StringWriter;
-import java.net.MalformedURLException;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Marshaller;
import javax.xml.bind.Unmarshaller;
-import javax.xml.transform.Result;
import org.apache.commons.io.IOUtils;
import org.apache.log4j.Logger;
import org.apache.struts2.interceptor.ServletRequestAware;
import org.apache.struts2.interceptor.ServletResponseAware;
-import org.hibernate.lob.ReaderInputStream;
-import org.w3c.dom.Node;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
@@ -35,7 +30,7 @@ import at.gv.egovernment.moa.id.configuration.Constants;
import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
-import at.iaik.commons.util.IOUtil;
+import at.gv.egovernment.moa.id.util.Random;
import com.opensymphony.xwork2.ActionSupport;
@@ -51,6 +46,7 @@ implements ServletRequestAware, ServletResponseAware {
private HttpServletResponse response;
private AuthenticatedUser authUser;
+ private String formID;
private File fileUpload = null;
private String fileUploadContentType = null;
@@ -59,13 +55,20 @@ implements ServletRequestAware, ServletResponseAware {
private InputStream fileInputStream;
public String init() {
+ HttpSession session = request.getSession();
+ if (session == null) {
+ log.info("No http Session found.");
+ return Constants.STRUTS_ERROR;
+ }
- Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
-
+ Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);
authUser = (AuthenticatedUser) authUserObj;
if (authUser.isAdmin()) {
-
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+
return Constants.STRUTS_SUCCESS;
} else {
@@ -76,16 +79,39 @@ implements ServletRequestAware, ServletResponseAware {
}
public String importLegacyConfig() {
- Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
+ HttpSession session = request.getSession();
+ if (session == null) {
+ log.info("No http Session found.");
+ return Constants.STRUTS_ERROR;
+ }
+ Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);
authUser = (AuthenticatedUser) authUserObj;
+ Object formidobj = session.getAttribute(Constants.SESSION_FORMID);
+ if (formidobj != null && formidobj instanceof String) {
+ String formid = (String) formidobj;
+ if (!formid.equals(formID)) {
+ log.warn("FormIDs does not match. Some suspect Form is received from user "
+ + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+ return Constants.STRUTS_ERROR;
+ }
+ } else {
+ log.warn("FormIDs does not match. Some suspect Form is received from user "
+ + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+ return Constants.STRUTS_ERROR;
+ }
+ session.setAttribute(Constants.SESSION_FORMID, null);
+
if (authUser.isAdmin()) {
//load legacy config if it is configured
if (fileUpload == null) {
addActionError(LanguageHelper.getErrorString("errors.importexport.nofile"));
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
return Constants.STRUTS_ERROR_VALIDATION;
}
@@ -97,6 +123,9 @@ implements ServletRequestAware, ServletResponseAware {
} catch (org.opensaml.xml.ConfigurationException e1) {
log.info("Legacy configuration has an Import Error", e1);
addActionError(LanguageHelper.getErrorString("errors.importexport.legacyimport", new Object[] {e1.getMessage()}));
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
return Constants.STRUTS_ERROR_VALIDATION;
}
log.debug("OpenSAML successfully initialized");
@@ -108,26 +137,24 @@ implements ServletRequestAware, ServletResponseAware {
try {
log.warn("WARNING! The legacy import deletes the hole old config");
- String rootConfigFileDir = new File(ConfigurationProvider.getInstance().getConfigFile()).getParent();
-
- try {
- rootConfigFileDir = new File(rootConfigFileDir).toURL().toString();
-
- } catch (MalformedURLException t) {
- log.warn("RootConfiguration Directory is not found");
- rootConfigFileDir = "";
- }
-
+ String rootConfigFileDir = ConfigurationProvider.getInstance().getConfigRootDir();
+
moaconfig = BuildFromLegacyConfig.build(fileUpload, rootConfigFileDir, moaidconfig);
} catch (ConfigurationException e) {
log.info("Legacy configuration has an Import Error", e);
addActionError(LanguageHelper.getErrorString("errors.importexport.legacyimport", new Object[] {e.getMessage()}));
ConfigurationDBUtils.closeSession();
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
return Constants.STRUTS_ERROR_VALIDATION;
} catch (at.gv.egovernment.moa.id.configuration.exception.ConfigurationException e) {
ConfigurationDBUtils.closeSession();
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
return Constants.STRUTS_ERROR_VALIDATION;
}
@@ -155,6 +182,9 @@ implements ServletRequestAware, ServletResponseAware {
} catch (MOADatabaseException e) {
log.warn("General MOA-ID config can not be stored in Database");
addActionError(e.getMessage());
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
return Constants.STRUTS_ERROR_VALIDATION;
}
@@ -174,10 +204,30 @@ implements ServletRequestAware, ServletResponseAware {
}
public String downloadXMLConfig() {
- Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
+ HttpSession session = request.getSession();
+ if (session == null) {
+ log.info("No http Session found.");
+ return Constants.STRUTS_ERROR;
+ }
+ Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);
authUser = (AuthenticatedUser) authUserObj;
+ Object formidobj = session.getAttribute(Constants.SESSION_FORMID);
+ if (formidobj != null && formidobj instanceof String) {
+ String formid = (String) formidobj;
+ if (!formid.equals(formID)) {
+ log.warn("FormIDs does not match. Some suspect Form is received from user "
+ + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+ return Constants.STRUTS_ERROR;
+ }
+ } else {
+ log.warn("FormIDs does not match. Some suspect Form is received from user "
+ + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+ return Constants.STRUTS_ERROR;
+ }
+ session.setAttribute(Constants.SESSION_FORMID, null);
+
if (authUser.isAdmin()) {
log.info("Write MOA-ID 2.x xml config");
@@ -194,6 +244,9 @@ implements ServletRequestAware, ServletResponseAware {
if (moaidconfig == null) {
log.info("No MOA-ID 2.x configruation available");
addActionError(LanguageHelper.getErrorString("errors.importexport.export.noconfig"));
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
return Constants.STRUTS_ERROR_VALIDATION;
}
@@ -208,11 +261,17 @@ implements ServletRequestAware, ServletResponseAware {
log.info("MOA-ID 2.x configruation could not be exported into a XML file.", e);
addActionError(LanguageHelper.getErrorString("errors.importexport.export",
new Object[]{e.getMessage()}));
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
return Constants.STRUTS_ERROR_VALIDATION;
} catch (IOException e) {
log.info("MOA-ID 2.x configruation could not be exported into a XML file.", e);
addActionError(LanguageHelper.getErrorString("errors.importexport.export",
new Object[]{e.getMessage()}));
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
return Constants.STRUTS_ERROR_VALIDATION;
}
@@ -230,10 +289,30 @@ implements ServletRequestAware, ServletResponseAware {
public String importXMLConfig() {
- Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
+ HttpSession session = request.getSession();
+ if (session == null) {
+ log.info("No http Session found.");
+ return Constants.STRUTS_ERROR;
+ }
+ Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);
authUser = (AuthenticatedUser) authUserObj;
+ Object formidobj = session.getAttribute(Constants.SESSION_FORMID);
+ if (formidobj != null && formidobj instanceof String) {
+ String formid = (String) formidobj;
+ if (!formid.equals(formID)) {
+ log.warn("FormIDs does not match. Some suspect Form is received from user "
+ + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+ return Constants.STRUTS_ERROR;
+ }
+ } else {
+ log.warn("FormIDs does not match. Some suspect Form is received from user "
+ + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+ return Constants.STRUTS_ERROR;
+ }
+ session.setAttribute(Constants.SESSION_FORMID, null);
+
if (authUser.isAdmin()) {
if (fileUpload == null) {
@@ -271,6 +350,9 @@ implements ServletRequestAware, ServletResponseAware {
log.warn("MOA-ID XML configuration can not be loaded from File.", e);
addActionError(LanguageHelper.getErrorString("errors.importexport.import",
new Object[]{e.getMessage()}));
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
return Constants.STRUTS_ERROR_VALIDATION;
}
@@ -360,4 +442,19 @@ implements ServletRequestAware, ServletResponseAware {
public InputStream getFileInputStream() {
return fileInputStream;
}
+
+ /**
+ * @return the formID
+ */
+ public String getFormID() {
+ return formID;
+ }
+
+ /**
+ * @param formID the formID to set
+ */
+ public void setFormID(String formID) {
+ this.formID = formID;
+ }
+
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java
index 6078caa87..545a84800 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java
@@ -1,34 +1,77 @@
package at.gv.egovernment.moa.id.configuration.struts.action;
+import java.util.ArrayList;
import java.util.Date;
+import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
+import org.apache.commons.lang.StringEscapeUtils;
import org.apache.log4j.Logger;
import org.apache.struts2.interceptor.ServletRequestAware;
import org.apache.struts2.interceptor.ServletResponseAware;
+import org.joda.time.DateTime;
+import org.opensaml.common.SAMLObject;
+import org.opensaml.common.binding.BasicSAMLMessageContext;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.binding.decoding.HTTPPostDecoder;
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.core.AttributeStatement;
+import org.opensaml.saml2.core.Conditions;
+import org.opensaml.saml2.core.NameID;
+import org.opensaml.saml2.core.Response;
+import org.opensaml.saml2.core.StatusCode;
+import org.opensaml.saml2.core.Subject;
+import org.opensaml.saml2.core.SubjectConfirmation;
+import org.opensaml.saml2.core.SubjectConfirmationData;
+import org.opensaml.saml2.metadata.IDPSSODescriptor;
+import org.opensaml.security.MetadataCredentialResolver;
+import org.opensaml.security.MetadataCredentialResolverFactory;
+import org.opensaml.security.MetadataCriteria;
+import org.opensaml.security.SAMLSignatureProfileValidator;
+import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
+import org.opensaml.xml.parse.BasicParserPool;
+import org.opensaml.xml.security.CriteriaSet;
+import org.opensaml.xml.security.credential.UsageType;
+import org.opensaml.xml.security.criteria.EntityIDCriteria;
+import org.opensaml.xml.security.criteria.UsageCriteria;
+import org.opensaml.xml.security.keyinfo.BasicProviderKeyInfoCredentialResolver;
+import org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver;
+import org.opensaml.xml.security.keyinfo.KeyInfoProvider;
+import org.opensaml.xml.security.keyinfo.provider.DSAKeyValueProvider;
+import org.opensaml.xml.security.keyinfo.provider.InlineX509DataProvider;
+import org.opensaml.xml.security.keyinfo.provider.RSAKeyValueProvider;
+import org.opensaml.xml.signature.Signature;
+import org.opensaml.xml.signature.impl.ExplicitKeySignatureTrustEngine;
import com.opensymphony.xwork2.ActionSupport;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.configuration.Constants;
import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
+import at.gv.egovernment.moa.id.configuration.data.UserDatabaseFrom;
import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException;
import at.gv.egovernment.moa.id.configuration.helper.AuthenticationHelper;
+import at.gv.egovernment.moa.id.configuration.helper.DateTimeHelper;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
-import at.gv.egovernment.moa.id.configuration.validation.UserDatabaseFormValidator;
+import at.gv.egovernment.moa.id.configuration.helper.MailHelper;
import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.util.MiscUtil;
public class IndexAction extends ActionSupport implements ServletRequestAware,
ServletResponseAware {
+ private static final long serialVersionUID = -2781497863862504896L;
+
private static final Logger log = Logger.getLogger(IndexAction.class);
private HttpServletRequest request;
@@ -36,6 +79,11 @@ public class IndexAction extends ActionSupport implements ServletRequestAware,
private String password;
private String username;
+ private UserDatabaseFrom user = null;
+ private AuthenticatedUser authUser = null;
+ private String formID;
+
+ private String ssologouturl;
public String start() {
@@ -80,12 +128,12 @@ public class IndexAction extends ActionSupport implements ServletRequestAware,
return Constants.STRUTS_ERROR;
} else {
- if (!dbuser.isIsActive()) {
- log.warn("Username " + dbuser.getUsername() + " is not active");
+ if (!dbuser.isIsActive() || !dbuser.isIsUsernamePasswordAllowed()) {
+ log.warn("Username " + dbuser.getUsername() + " is not active or Username/Password login is not allowed");
addActionError(LanguageHelper.getErrorString("webpages.index.login.notallowed"));
return Constants.STRUTS_ERROR;
}
-
+
if (!dbuser.getPassword().equals(key)) {
log.warn("Username " + dbuser.getUsername() + " use a false password");
addActionError(LanguageHelper.getErrorString("webpages.index.login.notallowed"));
@@ -96,13 +144,18 @@ public class IndexAction extends ActionSupport implements ServletRequestAware,
dbuser.getHjid(),
dbuser.getGivenname(),
dbuser.getFamilyname(),
+ dbuser.getInstitut(),
dbuser.getUsername(),
true,
- dbuser.isIsAdmin());
+ dbuser.isIsAdmin(),
+ dbuser.isIsMandateUser(),
+ false);
- authuser.setLastLogin(dbuser.getLastLoginItem());
+ Date date = DateTimeHelper.parseDateTime(dbuser.getLastLogin());
+ if (date != null)
+ authuser.setLastLogin(date);;
- dbuser.setLastLoginItem(new Date());
+ dbuser.setLastLogin(DateTimeHelper.getDateTime(new Date()));
try {
ConfigurationDBUtils.saveOrUpdate(dbuser);
@@ -120,13 +173,515 @@ public class IndexAction extends ActionSupport implements ServletRequestAware,
}
}
+ public String pvp2login() {
+
+ String method = request.getMethod();
+ HttpSession session = request.getSession();
+ if (session == null) {
+ log.info("NO HTTP Session");
+ return Constants.STRUTS_ERROR;
+ }
+
+ String authID = (String) session.getAttribute(Constants.SESSION_PVP2REQUESTID);
+ session.setAttribute(Constants.SESSION_PVP2REQUESTID, null);
+
+ if (method.equals("POST")) {
+
+ try {
+ ConfigurationProvider config = ConfigurationProvider.getInstance();
+
+ //Decode with HttpPost Binding
+ HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool());
+ BasicSAMLMessageContext<Response, ?, ?> messageContext = new BasicSAMLMessageContext<Response, SAMLObject, SAMLObject>();
+ messageContext
+ .setInboundMessageTransport(new HttpServletRequestAdapter(
+ request));
+ decode.decode(messageContext);
+
+ Response samlResponse = (Response) messageContext.getInboundMessage();
+
+ Signature sign = samlResponse.getSignature();
+ if (sign == null) {
+ log.info("Only http POST Requests can be used");
+ addActionError(LanguageHelper.getErrorString("error.login"));
+ return Constants.STRUTS_ERROR;
+ }
+
+ //Validate Signature
+ SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator();
+ profileValidator.validate(sign);
+
+ //Verify Signature
+ List<KeyInfoProvider> keyInfoProvider = new ArrayList<KeyInfoProvider>();
+ keyInfoProvider.add(new DSAKeyValueProvider());
+ keyInfoProvider.add(new RSAKeyValueProvider());
+ keyInfoProvider.add(new InlineX509DataProvider());
+
+ KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver(
+ keyInfoProvider);
+
+ MetadataCredentialResolverFactory credentialResolverFactory = MetadataCredentialResolverFactory.getFactory();
+ MetadataCredentialResolver credentialResolver = credentialResolverFactory.getInstance(config.getMetaDataProvier());
+
+ CriteriaSet criteriaSet = new CriteriaSet();
+ criteriaSet.add(new MetadataCriteria(IDPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS));
+ criteriaSet.add(new EntityIDCriteria(config.getPVP2IDPMetadataEntityName()));
+ criteriaSet.add(new UsageCriteria(UsageType.SIGNING));
+
+ ExplicitKeySignatureTrustEngine trustEngine = new ExplicitKeySignatureTrustEngine(credentialResolver, keyInfoResolver);
+ trustEngine.validate(sign, criteriaSet);
+
+ log.info("PVP2 Assertion is valid");
+
+ if (samlResponse.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) {
+
+ List<org.opensaml.saml2.core.Assertion> saml2assertions = samlResponse.getAssertions();
+
+ if (MiscUtil.isEmpty(authID)) {
+ log.info("NO AuthRequestID");
+ return Constants.STRUTS_ERROR;
+ }
+
+ for (org.opensaml.saml2.core.Assertion saml2assertion : saml2assertions) {
+
+ Subject subject = saml2assertion.getSubject();
+ List<SubjectConfirmation> subjectconformlist = subject.getSubjectConfirmations();
+ for (SubjectConfirmation el : subjectconformlist) {
+ if (el.getMethod().equals(SubjectConfirmation.METHOD_BEARER)) {
+ SubjectConfirmationData date = el.getSubjectConfirmationData();
+
+ if (!authID.equals(date.getInResponseTo())) {
+ log.warn("PVPRequestID does not match PVP2 Assertion ID!");
+ return Constants.STRUTS_ERROR;
+
+ }
+ }
+ }
+
+ Conditions conditions = saml2assertion.getConditions();
+ DateTime notbefore = conditions.getNotBefore();
+ DateTime notafter = conditions.getNotOnOrAfter();
+ if ( notbefore.isAfterNow() || notafter.isBeforeNow() ) {
+ log.warn("PVP2 Assertion is out of Date");
+ return Constants.STRUTS_ERROR;
+
+ }
+
+ NameID nameID = subject.getNameID();
+ if (nameID == null) {
+ log.warn("No NameID element in PVP2 assertion!");
+ return Constants.STRUTS_ERROR;
+ }
+
+ String bpkwbpk = nameID.getNameQualifier() + "+" + nameID.getValue();
+
+ //search user
+ UserDatabase dbuser = ConfigurationDBRead.getUserWithUserBPKWBPK(bpkwbpk);
+ if (dbuser == null) {
+ log.info("No user found with bpk/wbpk " + bpkwbpk);
+
+ //read PVP2 assertion attributes;
+ user = new UserDatabaseFrom();
+ user.setActive(false);
+ user.setAdmin(false);
+ user.setBpk(bpkwbpk);
+ user.setIsusernamepasswordallowed(false);
+ user.setIsmandateuser(false);
+ user.setPVPGenerated(true);
+
+ authUser = new AuthenticatedUser();
+ authUser.setAdmin(false);
+ authUser.setAuthenticated(false);
+ authUser.setLastLogin(null);
+ authUser.setUserID(-1);
+ authUser.setUserName(null);
+ authUser.setPVP2Login(true);
+ authUser.setMandateUser(false);
+
+ //loop through the nodes to get what we want
+ List<AttributeStatement> attributeStatements = saml2assertion.getAttributeStatements();
+ for (int i = 0; i < attributeStatements.size(); i++)
+ {
+ List<Attribute> attributes = attributeStatements.get(i).getAttributes();
+ for (int x = 0; x < attributes.size(); x++)
+ {
+ String strAttributeName = attributes.get(x).getDOM().getAttribute("Name");
+
+ if (strAttributeName.equals(PVPConstants.PRINCIPAL_NAME_NAME)) {
+ user.setFamilyName(attributes.get(x).getAttributeValues().get(0).getDOM().getTextContent());
+ authUser.setFamilyName(user.getFamilyName());
+ }
+
+ if (strAttributeName.equals(PVPConstants.GIVEN_NAME_NAME)) {
+ user.setGivenName(attributes.get(x).getAttributeValues().get(0).getDOM().getTextContent());
+ authUser.setGivenName(user.getGivenName());
+ }
+
+ if (strAttributeName.equals(PVPConstants.MANDATE_TYPE_NAME)) {
+ authUser.setMandateUser(true);
+ user.setIsmandateuser(true);
+ }
+
+ if (strAttributeName.equals(PVPConstants.MANDATE_LEG_PER_FULL_NAME_NAME)) {
+ user.setInstitut(attributes.get(x).getAttributeValues().get(0).getDOM().getTextContent());
+ authUser.setInstitute(user.getInstitut());
+ }
+ }
+ }
+
+ //set Random value
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+ session.setAttribute(Constants.SESSION_FORM, user);
+ session.setAttribute(Constants.SESSION_AUTH, authUser);
+
+ ConfigurationDBUtils.closeSession();
+
+ return Constants.STRUTS_NEWUSER;
+
+ } else {
+ if (!dbuser.isIsActive()) {
+
+ if (!dbuser.isIsMailAddressVerified()) {
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+
+ user = new UserDatabaseFrom(dbuser);
+ authUser = new AuthenticatedUser(
+ dbuser.getHjid(),
+ dbuser.getGivenname(),
+ dbuser.getFamilyname(),
+ dbuser.getInstitut(),
+ dbuser.getUsername(),
+ false,
+ false,
+ dbuser.isIsMandateUser(),
+ true);
+ session.setAttribute(Constants.SESSION_FORM, user);
+ session.setAttribute(Constants.SESSION_AUTH, authUser);
+
+ return Constants.STRUTS_NEWUSER;
+
+ }
+
+ log.info("User with bpk/wbpk " + bpkwbpk + " is not active");
+ addActionError(LanguageHelper.getErrorString("webpages.index.username.notactive"));
+ return Constants.STRUTS_ERROR;
+ }
+
+ authUser = new AuthenticatedUser(
+ dbuser.getHjid(),
+ dbuser.getGivenname(),
+ dbuser.getFamilyname(),
+ dbuser.getInstitut(),
+ dbuser.getUsername(),
+ true,
+ dbuser.isIsAdmin(),
+ dbuser.isIsMandateUser(),
+ true);
+
+ Date date = DateTimeHelper.parseDateTime(dbuser.getLastLogin());
+ if (date != null)
+ authUser.setLastLogin(date);;
+
+ dbuser.setLastLogin(DateTimeHelper.getDateTime(new Date()));
+
+ try {
+ ConfigurationDBUtils.saveOrUpdate(dbuser);
+
+ } catch (MOADatabaseException e) {
+ log.warn("UserDatabase communicaton error", e);
+ addActionError(LanguageHelper.getErrorString("error.login"));
+ return Constants.STRUTS_ERROR;
+ }
+ finally {
+ ConfigurationDBUtils.closeSession();
+ }
+ session.setAttribute(Constants.SESSION_AUTH, authUser);
+ return Constants.STRUTS_SUCCESS;
+
+ }
+ }
+
+ log.info("PVP2 Assertion was maybe not well formed, because no Assertion element could be found.");
+ addActionError(LanguageHelper.getErrorString("error.login"));
+ return Constants.STRUTS_ERROR;
+
+ } else {
+ log.info("Receive Error Assertion.");
+ return Constants.STRUTS_ERROR;
+ }
+
+ } catch (Exception e) {
+ log.warn("Only http POST Requests can be used", e);
+ addActionError(LanguageHelper.getErrorString("error.login"));
+ return Constants.STRUTS_ERROR;
+ }
+
+ } else {
+ log.info("Only http POST Requests can be used");
+ addActionError(LanguageHelper.getErrorString("error.login"));
+ return Constants.STRUTS_ERROR;
+ }
+ }
+
+ public String requestNewUser() {
+
+ HttpSession session = request.getSession();
+ if (session == null) {
+ log.warn("No active Session found");
+ return Constants.STRUTS_ERROR;
+ }
+
+ Object formidobj = session.getAttribute(Constants.SESSION_FORMID);
+ if (formidobj != null && formidobj instanceof String) {
+ String formid = (String) formidobj;
+ if (!formid.equals(formID)) {
+ log.warn("FormIDs does not match. Some suspect Form is received from user "
+ + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+ return Constants.STRUTS_ERROR;
+ }
+ } else {
+ log.warn("FormIDs does not match. Some suspect Form is received from user "
+ + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+ return Constants.STRUTS_ERROR;
+ }
+ session.setAttribute(Constants.SESSION_FORMID, null);
+
+ Object sessionformobj = session.getAttribute(Constants.SESSION_FORM);
+ if (sessionformobj != null && sessionformobj instanceof UserDatabaseFrom) {
+ UserDatabaseFrom sessionform = (UserDatabaseFrom) sessionformobj;
+
+ Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);
+ authUser = (AuthenticatedUser) authUserObj;
+
+ if (user == null) {
+ log.warn("No form transmited");
+ return Constants.STRUTS_ERROR;
+ }
+
+ //get UserID
+ String useridobj = user.getUserID();
+ long userID = -1;
+ if (MiscUtil.isEmpty(useridobj)) {
+ userID = -1;
+
+ } else {
+ if (!ValidationHelper.validateOAID(useridobj)){
+ log.warn("User with ID " + authUser.getUserID()
+ + " would access UserDatabase ID " + useridobj);
+ addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request));
+ return Constants.STRUTS_ERROR;
+ }
+ userID = Long.valueOf(useridobj);
+ }
+
+ String check;
+ if (!sessionform.isIsmandateuser()) {
+ check = user.getInstitut();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ log.warn("Organisation contains potentail XSS characters: " + check);
+ addActionError(LanguageHelper.getErrorString("validation.edituser.institut.valid",
+ new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+ }
+ } else {
+ log.warn("Organisation is empty");
+ addActionError(LanguageHelper.getErrorString("validation.edituser.institut.empty"));
+ }
+ }
+
+ check = user.getMail();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!ValidationHelper.isEmailAddressFormat(check)) {
+ log.warn("Mailaddress is not valid: " + check);
+ addActionError(LanguageHelper.getErrorString("validation.edituser.mail.valid",
+ new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+ }
+ } else {
+ log.warn("Mailaddress is empty");
+ addActionError(LanguageHelper.getErrorString("validation.edituser.mail.empty"));
+ }
+
+ check = user.getPhone();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ log.warn("Phonenumber contains potentail XSS characters: " + check);
+ addActionError(LanguageHelper.getErrorString("validation.edituser.phone.valid",
+ new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+ }
+ } else {
+ log.warn("Phonenumber is empty");
+ addActionError(LanguageHelper.getErrorString("validation.edituser.phone.empty"));
+ }
+
+ if (hasActionErrors()) {
+ log.info("Some form errors found. Send user back to form");
+
+ user.setPVPGenerated(true);
+ user.setFamilyName(sessionform.getFamilyName());
+ user.setGivenName(sessionform.getGivenName());
+ user.setIsmandateuser(sessionform.isIsmandateuser());
+ user.setBpk(sessionform.getBpk());
+
+ if (sessionform.isIsmandateuser())
+ user.setInstitut(sessionform.getInstitut());
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+
+ return Constants.STRUTS_NEWUSER;
+ }
+
+ UserDatabase dbuser;
+
+ if (userID < 0) {
+ dbuser = new UserDatabase();
+ dbuser.setBpk(sessionform.getBpk());
+ dbuser.setFamilyname(sessionform.getFamilyName());
+ dbuser.setGivenname(sessionform.getGivenName());
+
+ if (sessionform.isIsmandateuser())
+ dbuser.setInstitut(sessionform.getInstitut());
+ else
+ dbuser.setInstitut(user.getInstitut());
+
+ dbuser.setIsPVP2Generated(true);
+ dbuser.setLastLogin(DateTimeHelper.getDateTime(new Date()));
+ dbuser.setIsActive(false);
+ dbuser.setIsAdmin(false);
+ dbuser.setIsMandateUser(sessionform.isIsmandateuser());
+ dbuser.setIsUsernamePasswordAllowed(false);
+
+ } else
+ dbuser = ConfigurationDBRead.getUserWithID(userID);
+
+ dbuser.setMail(user.getMail());
+ dbuser.setPhone(user.getPhone());
+ dbuser.setIsAdminRequest(true);
+ dbuser.setIsMailAddressVerified(false);
+ dbuser.setUserRequestTokken(Random.nextRandom());
+
+ try {
+ ConfigurationDBUtils.saveOrUpdate(dbuser);
+
+ MailHelper.sendUserMailAddressVerification(dbuser);
+
+ } catch (MOADatabaseException e) {
+ log.warn("New UserRequest can not be stored in database", e);
+ return Constants.STRUTS_ERROR;
+
+ } catch (ConfigurationException e) {
+ log.warn("Sending of mailaddress verification mail failed.", e);
+ addActionError(LanguageHelper.getErrorString("error.mail.send"));
+ return Constants.STRUTS_NEWUSER;
+ }
+
+ finally {
+ session.setAttribute(Constants.SESSION_FORM, null);
+ session.setAttribute(Constants.SESSION_AUTH, null);
+ ConfigurationDBUtils.closeSession();
+ }
+
+ addActionMessage(LanguageHelper.getGUIString("webpages.edituser.changemailaddress.verify"));
+
+ session.invalidate();
+
+ return Constants.STRUTS_SUCCESS;
+
+ } else {
+ log.warn("No SessionForm found");
+ return Constants.STRUTS_ERROR;
+ }
+
+ }
+
+ public String mailAddressVerification() {
+
+ String userrequesttokken = request.getParameter(Constants.REQUEST_USERREQUESTTOKKEN);
+ if (MiscUtil.isNotEmpty(userrequesttokken)) {
+
+ userrequesttokken = StringEscapeUtils.escapeHtml(userrequesttokken);
+
+ try {
+ Long.parseLong(userrequesttokken);
+
+ } catch (NumberFormatException e) {
+ log.warn("Verificationtokken has no number format.");
+ return Constants.STRUTS_ERROR;
+ }
+
+ UserDatabase dbuser = ConfigurationDBRead.getNewUserWithTokken(userrequesttokken);
+ if (dbuser != null) {
+ dbuser.setUserRequestTokken(null);
+ dbuser.setIsMailAddressVerified(true);
+
+ if (dbuser.isIsActive())
+ dbuser.setIsAdminRequest(false);
+
+ try {
+ ConfigurationDBUtils.saveOrUpdate(dbuser);
+
+ int numoas = 0;
+ int numusers = 0;
+
+ List<OnlineApplication> openOAs = ConfigurationDBRead.getAllNewOnlineApplications();
+ if (openOAs != null)
+ numoas = openOAs.size();
+
+ List<UserDatabase> openUsers = ConfigurationDBRead.getAllNewUsers();
+ if (openUsers != null)
+ numusers = openUsers.size();
+
+ if (numusers > 0 || numoas > 0)
+ MailHelper.sendAdminMail(numoas, numusers);
+
+ } catch (MOADatabaseException e) {
+ log.warn("Userinformation can not be stored in Database.", e);
+ addActionError(LanguageHelper.getErrorString("error.mail.verification"));
+
+ } catch (ConfigurationException e) {
+ log.warn("Send mail to admin failed.", e);
+ }
+
+ finally {
+ ConfigurationDBUtils.closeSession();
+ }
+
+ addActionMessage(LanguageHelper.getGUIString("validation.newuser.mailaddress"));
+ return Constants.STRUTS_SUCCESS;
+ }
+ }
+
+ return Constants.STRUTS_ERROR;
+ }
+
public String logout() {
HttpSession session = request.getSession();
+
+ Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);
+ authUser = (AuthenticatedUser) authUserObj;
if (session != null)
session.invalidate();
+ try {
+ ConfigurationProvider config = ConfigurationProvider.getInstance();
+ String ssologout = config.getSSOLogOutURL();
+
+ if (MiscUtil.isNotEmpty(ssologout) && authUser != null && authUser.isPVP2Login()) {
+ ssologouturl = ssologout + config.getPublicUrlPreFix(request);
+ return Constants.STRUTS_SSOLOGOUT;
+
+ }
+
+ } catch (ConfigurationException e) {
+ log.warn("Configuration can not be loaded.", e);
+
+ }
+
return Constants.STRUTS_SUCCESS;
}
@@ -164,7 +719,46 @@ public class IndexAction extends ActionSupport implements ServletRequestAware,
public void setUsername(String username) {
this.username = username;
}
-
-
+ /**
+ * @return the authUser
+ */
+ public AuthenticatedUser getAuthUser() {
+ return authUser;
+ }
+
+ /**
+ * @return the user
+ */
+ public UserDatabaseFrom getUser() {
+ return user;
+ }
+
+ /**
+ * @param user the user to set
+ */
+ public void setUser(UserDatabaseFrom user) {
+ this.user = user;
+ }
+
+ /**
+ * @return the ssologouturl
+ */
+ public String getSsologouturl() {
+ return ssologouturl;
+ }
+
+ /**
+ * @return the formID
+ */
+ public String getFormID() {
+ return formID;
+ }
+
+ /**
+ * @param formID the formID to set
+ */
+ public void setFormID(String formID) {
+ this.formID = formID;
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java
index f5f265ea6..da3c99714 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java
@@ -5,6 +5,7 @@ import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
import org.apache.log4j.Logger;
import org.apache.struts2.interceptor.ServletRequestAware;
@@ -22,6 +23,7 @@ import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
import at.gv.egovernment.moa.id.configuration.data.OAListElement;
import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException;
+import at.gv.egovernment.moa.id.configuration.helper.FormDataHelper;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -48,8 +50,13 @@ public class ListOAsAction extends ActionSupport implements ServletRequestAware,
public String listAllOnlineAppliactions() {
+ HttpSession session = request.getSession();
+ if (session == null) {
+ log.info("No http Session found.");
+ return Constants.STRUTS_ERROR;
+ }
- Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
+ Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);
authUser = (AuthenticatedUser) authUserObj;
@@ -65,8 +72,16 @@ public class ListOAsAction extends ActionSupport implements ServletRequestAware,
dbOAs = authUserDB.getOnlineApplication();
}
- addFormOAs(dbOAs);
-
+ if (dbOAs == null || dbOAs.size() == 0) {
+ addActionError(LanguageHelper.getErrorString("errors.listOAs.noOA"));
+
+ } else {
+ formOAs = FormDataHelper.addFormOAs(dbOAs);
+ }
+
+ session.setAttribute(Constants.SESSION_RETURNAREA,
+ Constants.STRUTS_RETURNAREA_VALUES.main.name());
+
ConfigurationDBUtils.closeSession();
return Constants.STRUTS_SUCCESS;
@@ -86,8 +101,13 @@ public class ListOAsAction extends ActionSupport implements ServletRequestAware,
}
public String searchOA() {
+ HttpSession session = request.getSession();
+ if (session == null) {
+ log.info("No http Session found.");
+ return Constants.STRUTS_ERROR;
+ }
- Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
+ Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);
authUser = (AuthenticatedUser) authUserObj;
@@ -125,32 +145,23 @@ public class ListOAsAction extends ActionSupport implements ServletRequestAware,
}
}
- addFormOAs(dbOAs);
-
- ConfigurationDBUtils.closeSession();
-
- return Constants.STRUTS_SUCCESS;
- }
-
- private void addFormOAs(List<OnlineApplication> dbOAs) {
-
- formOAs = new ArrayList<OAListElement>();
if (dbOAs == null || dbOAs.size() == 0) {
- addActionError(LanguageHelper.getErrorString("errors.listOAs.noOA", request));
+ log.debug("No OAs found with Identifier " + friendlyname);
+ addActionError(LanguageHelper.getErrorString("errors.listOAs.noOA"));
} else {
- for (OnlineApplication dboa : dbOAs) {
- OAListElement listoa = new OAListElement();
- listoa.setActive(dboa.isIsActive());
- listoa.setDataBaseID(dboa.getHjid());
- listoa.setOaFriendlyName(dboa.getFriendlyName());
- listoa.setOaIdentifier(dboa.getPublicURLPrefix());
- listoa.setOaType(dboa.getType());
- formOAs.add(listoa);
- }
+
+ formOAs = FormDataHelper.addFormOAs(dbOAs);
+ session.setAttribute(Constants.SESSION_RETURNAREA,
+ Constants.STRUTS_RETURNAREA_VALUES.main.name());
+
}
- }
+
+ ConfigurationDBUtils.closeSession();
+ return Constants.STRUTS_SUCCESS;
+ }
+
public void setServletResponse(HttpServletResponse arg0) {
this.response = arg0;
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MainAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MainAction.java
index aeafe9548..c80d5484d 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MainAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MainAction.java
@@ -2,7 +2,9 @@ package at.gv.egovernment.moa.id.configuration.struts.action;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+import org.apache.log4j.Logger;
import org.apache.struts2.interceptor.ServletRequestAware;
import org.apache.struts2.interceptor.ServletResponseAware;
@@ -14,6 +16,8 @@ import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException;
public class MainAction implements ServletRequestAware,
ServletResponseAware {
+ private static final Logger log = Logger.getLogger(MainAction.class);
+
private HttpServletRequest request;
private HttpServletResponse response;
@@ -30,8 +34,17 @@ public class MainAction implements ServletRequestAware,
public String generateMainFrame() {
- Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
+ HttpSession session = request.getSession();
+ if (session == null) {
+ log.info("No http Session found.");
+ return Constants.STRUTS_ERROR;
+ }
+
+ Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);
authUser = (AuthenticatedUser) authUserObj;
+
+ session.setAttribute(Constants.SESSION_RETURNAREA, null);
+
return Constants.STRUTS_SUCCESS;
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/OpenAdminRequestsAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/OpenAdminRequestsAction.java
new file mode 100644
index 000000000..aa36d768a
--- /dev/null
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/OpenAdminRequestsAction.java
@@ -0,0 +1,106 @@
+package at.gv.egovernment.moa.id.configuration.struts.action;
+
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.apache.log4j.Logger;
+import org.apache.struts2.interceptor.ServletRequestAware;
+import org.apache.struts2.interceptor.ServletResponseAware;
+
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
+import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
+import at.gv.egovernment.moa.id.configuration.Constants;
+import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
+import at.gv.egovernment.moa.id.configuration.data.OAListElement;
+import at.gv.egovernment.moa.id.configuration.helper.FormDataHelper;
+
+import com.opensymphony.xwork2.ActionSupport;
+
+public class OpenAdminRequestsAction extends ActionSupport
+ implements ServletRequestAware, ServletResponseAware {
+
+ private static final Logger log = Logger.getLogger(OpenAdminRequestsAction.class);
+
+ private static final long serialVersionUID = 1L;
+
+ private HttpServletRequest request;
+ private HttpServletResponse response;
+
+ private AuthenticatedUser authUser = null;
+ private List<OAListElement> formOAs = null;
+ private List<AuthenticatedUser> userlist = null;
+
+
+ public String init() {
+
+ HttpSession session = request.getSession();
+ if (session == null) {
+ log.info("No http Session found.");
+ return Constants.STRUTS_ERROR;
+ }
+
+ Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);
+
+ authUser = (AuthenticatedUser) authUserObj;
+
+ if (authUser.isAdmin()) {
+
+ List<OnlineApplication> dbOAs = ConfigurationDBRead.getAllNewOnlineApplications();
+ if (dbOAs != null) {
+ formOAs = FormDataHelper.addFormOAs(dbOAs);
+ }
+
+ List<UserDatabase> dbUsers = ConfigurationDBRead.getAllNewUsers();
+ if (dbUsers != null){
+ userlist = FormDataHelper.addFormUsers(dbUsers);
+ }
+
+ session.setAttribute(Constants.SESSION_RETURNAREA,
+ Constants.STRUTS_RETURNAREA_VALUES.adminRequestsInit.name());
+
+ return Constants.STRUTS_SUCCESS;
+ } else {
+ log.info("Access to OpenAdminRequest area is not allowed for user with ID" + authUser.getUserID());
+ return Constants.STRUTS_NOTALLOWED;
+ }
+
+ }
+
+
+ public void setServletResponse(HttpServletResponse response) {
+ this.response = response;
+ }
+
+ public void setServletRequest(HttpServletRequest request) {
+ this.request = request;
+ }
+
+
+ /**
+ * @return the authUser
+ */
+ public AuthenticatedUser getAuthUser() {
+ return authUser;
+ }
+
+
+ /**
+ * @return the formOAs
+ */
+ public List<OAListElement> getFormOAs() {
+ return formOAs;
+ }
+
+
+ /**
+ * @return the userlist
+ */
+ public List<AuthenticatedUser> getUserlist() {
+ return userlist;
+ }
+
+}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java
index 2a9ec038f..6bc90a417 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java
@@ -1,11 +1,12 @@
package at.gv.egovernment.moa.id.configuration.struts.action;
-import java.util.ArrayList;
-import java.util.Date;
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
import org.apache.log4j.Logger;
import org.apache.struts2.interceptor.ServletRequestAware;
@@ -18,10 +19,14 @@ import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.configuration.Constants;
import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
import at.gv.egovernment.moa.id.configuration.data.UserDatabaseFrom;
+import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException;
import at.gv.egovernment.moa.id.configuration.helper.AuthenticationHelper;
+import at.gv.egovernment.moa.id.configuration.helper.FormDataHelper;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
+import at.gv.egovernment.moa.id.configuration.helper.MailHelper;
import at.gv.egovernment.moa.id.configuration.validation.UserDatabaseFormValidator;
import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper;
+import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.util.MiscUtil;
import com.opensymphony.xwork2.ActionSupport;
@@ -43,30 +48,34 @@ public class UserManagementAction extends ActionSupport
private String useridobj = null;
private static boolean newUser = false;
+ private InputStream stream;
+ private String nextPage;
+ private String formID;
public String init() {
- Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
+ HttpSession session = request.getSession();
+ if (session == null) {
+ log.info("No http Session found.");
+ return Constants.STRUTS_ERROR;
+ }
+ Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);
authUser = (AuthenticatedUser) authUserObj;
-
+
if (authUser.isAdmin()) {
+ log.info("Show NewserRequests");
+
log.info("Show UserList");
List<UserDatabase> dbuserlist = ConfigurationDBRead.getAllUsers();
+
if (dbuserlist != null) {
- userlist = new ArrayList<AuthenticatedUser>();
-
- for (UserDatabase dbuser : dbuserlist) {
- userlist.add(new AuthenticatedUser(
- dbuser.getHjid(),
- dbuser.getGivenname(),
- dbuser.getFamilyname(),
- dbuser.getUsername(),
- dbuser.isIsActive(),
- dbuser.isIsAdmin()));
- }
+ userlist = FormDataHelper.addFormUsers(dbuserlist);
}
+
+ session.setAttribute(Constants.SESSION_RETURNAREA,
+ Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name());
ConfigurationDBUtils.closeSession();
return Constants.STRUTS_SUCCESS;
@@ -79,20 +88,37 @@ public class UserManagementAction extends ActionSupport
}
user = new UserDatabaseFrom(dbuser);
ConfigurationDBUtils.closeSession();
+
+ session.setAttribute(Constants.SESSION_RETURNAREA,
+ Constants.STRUTS_RETURNAREA_VALUES.main.name());
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+
return Constants.STRUTS_NOTALLOWED;
}
}
public String createuser() {
- Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
+ HttpSession session = request.getSession();
+ if (session == null) {
+ log.info("No http Session found.");
+ return Constants.STRUTS_ERROR;
+ }
+
+ Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);
authUser = (AuthenticatedUser) authUserObj;
+ nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name();
if (authUser.isAdmin()) {
user = new UserDatabaseFrom();
newUser = true;
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
return Constants.STRUTS_SUCCESS;
} else {
@@ -101,10 +127,27 @@ public class UserManagementAction extends ActionSupport
}
public String edituser() {
- Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
+ HttpSession session = request.getSession();
+ if (session == null) {
+ log.info("No http Session found.");
+ return Constants.STRUTS_ERROR;
+ }
+ Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);
authUser = (AuthenticatedUser) authUserObj;
+ Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA);
+ if (nextPageAttr != null && nextPageAttr instanceof String
+ && MiscUtil.isNotEmpty((String)nextPageAttr) ) {
+ nextPage = (String) nextPageAttr;
+
+ } else {
+ nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name();
+ }
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+
if (authUser.isAdmin()) {
long userid = -1;
@@ -136,11 +179,31 @@ public class UserManagementAction extends ActionSupport
}
}
- public String saveuser() {
- Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
+ public String saveuser() {
+ HttpSession session = request.getSession();
+ if (session == null) {
+ log.info("No http Session found.");
+ return Constants.STRUTS_ERROR;
+ }
+ Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);
authUser = (AuthenticatedUser) authUserObj;
+ Object formidobj = session.getAttribute(Constants.SESSION_FORMID);
+ if (formidobj != null && formidobj instanceof String) {
+ String formid = (String) formidobj;
+ if (!formid.equals(formID)) {
+ log.warn("FormIDs does not match. Some suspect Form is received from user "
+ + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+ return Constants.STRUTS_ERROR;
+ }
+ } else {
+ log.warn("FormIDs does not match. Some suspect Form is received from user "
+ + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+ return Constants.STRUTS_ERROR;
+ }
+ session.setAttribute(Constants.SESSION_FORMID, null);
+
String useridobj = user.getUserID();
long userID = -1;
if (MiscUtil.isEmpty(useridobj)) {
@@ -156,9 +219,30 @@ public class UserManagementAction extends ActionSupport
userID = Long.valueOf(useridobj);
}
+ UserDatabase dbuser = ConfigurationDBRead.getUserWithID(userID);
+
+ if( dbuser == null) {
+ dbuser = new UserDatabase();
+ dbuser.setIsMandateUser(false);
+ dbuser.setIsAdminRequest(false);
+ dbuser.setIsPVP2Generated(false);
+ dbuser.setUserRequestTokken(null);
+ dbuser.setIsMailAddressVerified(false);
+ dbuser.setUsername(user.getUsername());
+ }
+
List<String> errors;
UserDatabaseFormValidator validator = new UserDatabaseFormValidator();
- errors = validator.validate(user, userID);
+
+ boolean ispvp2 = false;
+ boolean ismandate = false;
+ if (dbuser.isIsPVP2Generated() != null)
+ ispvp2 = dbuser.isIsPVP2Generated();
+
+ if (dbuser.isIsMandateUser() != null)
+ ismandate = dbuser.isIsMandateUser();
+
+ errors = validator.validate(user, userID, ispvp2, ismandate);
if (errors.size() > 0) {
log.info("UserDataForm has some erros.");
@@ -169,6 +253,14 @@ public class UserManagementAction extends ActionSupport
if (MiscUtil.isEmpty(user.getUsername()))
newUser = true;
+ user.setIsmandateuser(ismandate);
+ user.setPVPGenerated(ispvp2);
+ if (dbuser.isIsUsernamePasswordAllowed() != null)
+ user.setIsusernamepasswordallowed(dbuser.isIsUsernamePasswordAllowed());
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+
return Constants.STRUTS_ERROR_VALIDATION;
}
@@ -181,8 +273,49 @@ public class UserManagementAction extends ActionSupport
}
}
-
- String error = saveFormToDB();
+
+ if (!user.getMail().equals(dbuser.getMail()) && !authUser.isAdmin()) {
+ dbuser.setIsMailAddressVerified(false);
+ dbuser.setUserRequestTokken(Random.nextRandom());
+
+ try {
+ MailHelper.sendUserMailAddressVerification(dbuser);
+ addActionMessage(LanguageHelper.getGUIString("webpages.edituser.changemailaddress.verify"));
+
+ } catch (ConfigurationException e) {
+ log.warn("Sending of mailaddress verification mail failed.", e);
+ addActionError(LanguageHelper.getErrorString("error.mail.send"));
+ }
+ }
+
+ Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA);
+ if (nextPageAttr != null && nextPageAttr instanceof String
+ && MiscUtil.isNotEmpty((String)nextPageAttr) ) {
+ nextPage = (String) nextPageAttr;
+
+ if (nextPage.equals(Constants.STRUTS_RETURNAREA_VALUES.adminRequestsInit.name()) &&
+ user.isActive()) {
+ dbuser.setIsAdminRequest(false);
+ try {
+ if (dbuser.isIsMandateUser())
+ MailHelper.sendUserAccountActivationMail(dbuser.getGivenname(), dbuser.getFamilyname(),
+ dbuser.getInstitut(), user.getMail());
+ else
+ MailHelper.sendUserAccountActivationMail(dbuser.getGivenname(), dbuser.getFamilyname(),
+ null, user.getMail());
+
+ } catch (ConfigurationException e) {
+ log.warn("Send UserAccountActivation mail failed", e);
+ }
+ }
+ session.setAttribute(Constants.SESSION_RETURNAREA, null);
+
+ } else {
+ nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name();
+ }
+
+ String error = saveFormToDB(dbuser);
+
if (error != null) {
log.warn("UserData can not be stored in Database");
addActionError(error);
@@ -194,10 +327,30 @@ public class UserManagementAction extends ActionSupport
}
public String deleteuser() {
- Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
+ HttpSession session = request.getSession();
+ if (session == null) {
+ log.info("No http Session found.");
+ return Constants.STRUTS_ERROR;
+ }
+ Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);
authUser = (AuthenticatedUser) authUserObj;
-
+
+ Object formidobj = session.getAttribute(Constants.SESSION_FORMID);
+ if (formidobj != null && formidobj instanceof String) {
+ String formid = (String) formidobj;
+ if (!formid.equals(formID)) {
+ log.warn("FormIDs does not match. Some suspect Form is received from user "
+ + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+ return Constants.STRUTS_ERROR;
+ }
+ } else {
+ log.warn("FormIDs does not match. Some suspect Form is received from user "
+ + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+ return Constants.STRUTS_ERROR;
+ }
+ session.setAttribute(Constants.SESSION_FORMID, null);
+
String useridobj = user.getUserID();
long userID = -1;
if (MiscUtil.isEmpty(useridobj)) {
@@ -222,6 +375,16 @@ public class UserManagementAction extends ActionSupport
}
}
+ Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA);
+ if (nextPageAttr != null && nextPageAttr instanceof String
+ && MiscUtil.isNotEmpty((String)nextPageAttr) ) {
+ nextPage = (String) nextPageAttr;
+ session.setAttribute(Constants.SESSION_RETURNAREA, null);
+
+ } else {
+ nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name();
+ }
+
UserDatabase dbuser = ConfigurationDBRead.getUserWithID(userID);
if (dbuser != null) {
dbuser.setOnlineApplication(null);
@@ -230,8 +393,22 @@ public class UserManagementAction extends ActionSupport
ConfigurationDBUtils.saveOrUpdate(dbuser);
ConfigurationDBUtils.delete(dbuser);
+ if (authUser.isAdmin()) {
+ MailHelper.sendUserAccountRevocationMail(dbuser);
+ }
+
+ if (dbuser.getHjid() == authUser.getUserID()) {
+ ConfigurationDBUtils.closeSession();
+ return Constants.STRUTS_REAUTHENTICATE;
+ }
+
} catch (MOADatabaseException e) {
- log.warn("UserData can not be deleted from Database");
+ log.warn("UserData can not be deleted from Database", e);
+ addActionError(e.getMessage());
+ return Constants.STRUTS_SUCCESS;
+
+ } catch (ConfigurationException e) {
+ log.warn("Information mail sending failed.", e);
addActionError(e.getMessage());
return Constants.STRUTS_SUCCESS;
}
@@ -242,39 +419,93 @@ public class UserManagementAction extends ActionSupport
}
ConfigurationDBUtils.closeSession();
+
return Constants.STRUTS_SUCCESS;
}
- private String saveFormToDB() {
+ public String sendVerificationMail () {
+ HttpSession session = request.getSession();
+ if (session == null) {
+ log.info("No http Session found.");
+ return Constants.STRUTS_ERROR;
+ }
- UserDatabase dbuser = ConfigurationDBRead.getUserWithUserName(user.getUsername());
+ String message = LanguageHelper.getErrorString("error.mail.verification");
- if( dbuser == null) {
- dbuser = new UserDatabase();
+ Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);
+ authUser = (AuthenticatedUser) authUserObj;
+
+ if (authUser != null) {
+ UserDatabase dbuser = ConfigurationDBRead.getUserWithID(authUser.getUserID());
+
+ if (dbuser != null) {
+ dbuser.setIsMailAddressVerified(false);
+ dbuser.setUserRequestTokken(Random.nextRandom());
+
+ try {
+ ConfigurationDBUtils.saveOrUpdate(dbuser);
+
+ MailHelper.sendUserMailAddressVerification(dbuser);
+
+ message = LanguageHelper.getErrorString("webpages.edituser.verify.mail.message");
+
+ } catch (ConfigurationException e) {
+ log.warn("Sending of mailaddress verification mail failed.", e);
+ message = LanguageHelper.getErrorString("error.mail.send");
+
+ } catch (MOADatabaseException e) {
+ log.warn("Access UserInformationDatabase failed.", e);
+ }
+ }
}
- dbuser.setBpk(user.getBpk());
- dbuser.setFamilyname(user.getFamilyName());
- dbuser.setGivenname(user.getGivenName());
- dbuser.setInstitut(user.getInstitut());
+ stream = new ByteArrayInputStream(message.getBytes());
+
+ return SUCCESS;
+ }
+
+ private String saveFormToDB(UserDatabase dbuser) {
+
dbuser.setMail(user.getMail());
dbuser.setPhone(user.getPhone());
- dbuser.setUsername(user.getUsername());
- if (authUser.isAdmin()) {
- dbuser.setIsActive(user.isActive());
- dbuser.setIsAdmin(user.isAdmin());
+ if (authUser.isAdmin() || dbuser.isIsUsernamePasswordAllowed()) {
+ dbuser.setIsUsernamePasswordAllowed(user.isIsusernamepasswordallowed());
+
+ if (authUser.isAdmin()) {
+ dbuser.setIsActive(user.isActive());
+ dbuser.setIsAdmin(user.isAdmin());
+
+ }
}
- if (MiscUtil.isNotEmpty(user.getPassword())) {
- String key = AuthenticationHelper.generateKeyFormPassword(user.getPassword());
- if (key == null) {
- return LanguageHelper.getErrorString("errors.edit.user.save");
+ if (dbuser.isIsPVP2Generated() == null || !dbuser.isIsPVP2Generated()) {
+ dbuser.setFamilyname(user.getFamilyName());
+ dbuser.setGivenname(user.getGivenName());
+ dbuser.setInstitut(user.getInstitut());
+
+ if (authUser.isAdmin())
+ dbuser.setBpk(user.getBpk());
+
+ } else {
+ if (!dbuser.isIsMandateUser())
+ dbuser.setInstitut(user.getInstitut());
+ }
+
+ if (dbuser.isIsUsernamePasswordAllowed()) {
+
+ if (MiscUtil.isNotEmpty(user.getUsername()) && MiscUtil.isEmpty(dbuser.getUsername()))
+ dbuser.setUsername(user.getUsername());
+
+ if (MiscUtil.isNotEmpty(user.getPassword())) {
+ String key = AuthenticationHelper.generateKeyFormPassword(user.getPassword());
+ if (key == null) {
+ return LanguageHelper.getErrorString("errors.edit.user.save");
+ }
+ dbuser.setPassword(key);
}
- dbuser.setPassword(key);
}
-
try {
ConfigurationDBUtils.saveOrUpdate(dbuser);
} catch (MOADatabaseException e) {
@@ -284,27 +515,7 @@ public class UserManagementAction extends ActionSupport
return null;
}
-
-// public String createTestUser() throws MOADatabaseException {
-//
-// UserDatabase user = new UserDatabase();
-// user.setBpk("");
-// user.setFamilyname("Max");
-// user.setGivenname("Mustermann");
-// user.setIsActive(true);
-// user.setIsAdmin(false);
-// user.setInstitut("EGIZ");
-// user.setLastLoginItem(new Date());
-// user.setMail("masdf@amfasdf.com");
-// user.setPhone("00660011542");
-// user.setUsername("testuser");
-//
-// ConfigurationDBUtils.save(user);
-//
-// return Constants.STRUTS_SUCCESS;
-// }
-
-
+
public void setServletResponse(HttpServletResponse response) {
this.response = response;
@@ -370,7 +581,33 @@ public class UserManagementAction extends ActionSupport
public boolean isNewUser() {
return newUser;
}
-
-
+
+ /**
+ * @return the nextPage
+ */
+ public String getNextPage() {
+ return nextPage;
+ }
+
+ /**
+ * @return the stream
+ */
+ public InputStream getStream() {
+ return stream;
+ }
+
+ /**
+ * @return the formID
+ */
+ public String getFormID() {
+ return formID;
+ }
+
+ /**
+ * @param formID the formID to set
+ */
+ public void setFormID(String formID) {
+ this.formID = formID;
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/SAML2Utils.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/SAML2Utils.java
new file mode 100644
index 000000000..ede8c09a8
--- /dev/null
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/SAML2Utils.java
@@ -0,0 +1,82 @@
+package at.gv.egovernment.moa.id.configuration.utils;
+
+import java.io.IOException;
+import java.util.Iterator;
+import java.util.Map;
+
+import javax.xml.namespace.QName;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.TransformerException;
+
+import org.opensaml.Configuration;
+import org.opensaml.DefaultBootstrap;
+import org.opensaml.xml.ConfigurationException;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.XMLObjectBuilder;
+import org.opensaml.xml.XMLObjectBuilderFactory;
+import org.opensaml.xml.io.Marshaller;
+import org.opensaml.xml.io.MarshallingException;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+
+public class SAML2Utils {
+
+ static {
+ DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+ factory.setNamespaceAware(true);
+ factory.setValidating(false);
+ try {
+ builder = factory.newDocumentBuilder();
+ } catch (ParserConfigurationException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ }
+
+ private static DocumentBuilder builder;
+
+ public static <T> T createSAMLObject(final Class<T> clazz) {
+ try {
+
+ XMLObjectBuilderFactory builderFactory = Configuration
+ .getBuilderFactory();
+
+ QName defaultElementName = (QName) clazz.getDeclaredField(
+ "DEFAULT_ELEMENT_NAME").get(null);
+ Map<QName, XMLObjectBuilder> builder = builderFactory.getBuilders();
+ Iterator<QName> it = builder.keySet().iterator();
+
+ while (it.hasNext()) {
+ QName qname = it.next();
+ if (qname.equals(defaultElementName)) {
+ System.out.printf("Builder for: %s\n", qname.toString());
+ }
+ }
+ XMLObjectBuilder xmlBuilder = builderFactory
+ .getBuilder(defaultElementName);
+
+ T object = (T) xmlBuilder.buildObject(defaultElementName);
+ return object;
+ } catch (Throwable e) {
+ System.out.printf("Failed to create object for: %s\n",
+ clazz.toString());
+ e.printStackTrace();
+ return null;
+ }
+ }
+
+ public static org.w3c.dom.Document asDOMDocument(XMLObject object) throws IOException,
+ MarshallingException, TransformerException {
+ org.w3c.dom.Document document = builder.newDocument();
+ Marshaller out = Configuration.getMarshallerFactory().getMarshaller(
+ object);
+ out.marshall(object, document);
+ return document;
+ }
+
+
+
+}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/UserRequestCleaner.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/UserRequestCleaner.java
new file mode 100644
index 000000000..96e99e8c7
--- /dev/null
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/UserRequestCleaner.java
@@ -0,0 +1,71 @@
+package at.gv.egovernment.moa.id.configuration.utils;
+
+import java.util.Calendar;
+import java.util.Date;
+import java.util.List;
+
+import org.apache.log4j.Logger;
+
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
+import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
+import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException;
+import at.gv.egovernment.moa.id.configuration.helper.DateTimeHelper;
+
+
+public class UserRequestCleaner implements Runnable {
+
+ private static final Logger log = Logger.getLogger(UserRequestCleaner.class);
+
+ private static final long SESSION_CLEANUP_INTERVAL = 60 * 60; // 60 min
+
+ public void run() {
+ while (true) {
+ try {
+ ConfigurationProvider config = ConfigurationProvider.getInstance();
+
+ List<UserDatabase> userrequests = ConfigurationDBRead.getAllOpenUsersRequests();
+ if (userrequests != null) {
+ Calendar cal = Calendar.getInstance();
+ cal.add(Calendar.HOUR, config.getUserRequestCleanUpDelay()*-1);
+ Date cleanupdate = cal.getTime();
+
+ for(UserDatabase dbuser : userrequests) {
+ Date requestdate = DateTimeHelper.parseDateTime(dbuser.getLastLogin());
+
+ if (requestdate != null && requestdate.after(cleanupdate)) {
+ log.info("Remove UserRequest from Database");
+ ConfigurationDBUtils.delete(dbuser);
+ }
+
+ }
+ }
+
+ Thread.sleep(SESSION_CLEANUP_INTERVAL * 1000);
+
+ } catch (ConfigurationException e) {
+ log.info("UserRequestCleaner can not load configuration", e);
+
+ } catch (InterruptedException e) {
+
+ } finally {
+ ConfigurationDBUtils.closeSession();
+
+ }
+ }
+ }
+
+ /**
+ * start the sessionCleaner
+ */
+ public static void start() {
+ // start the session cleanup thread
+ Thread sessionCleaner = new Thread(new UserRequestCleaner());
+ sessionCleaner.setName("UserRequestCleaner");
+ sessionCleaner.setDaemon(true);
+ sessionCleaner.setPriority(Thread.MIN_PRIORITY);
+ sessionCleaner.start();
+ }
+
+}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/CompanyNumberValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/CompanyNumberValidator.java
index 820aa7c57..466867367 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/CompanyNumberValidator.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/CompanyNumberValidator.java
@@ -2,17 +2,17 @@ package at.gv.egovernment.moa.id.configuration.validation;
import org.apache.commons.lang.StringUtils;
+import at.gv.egovernment.moa.id.configuration.Constants;
+
public class CompanyNumberValidator implements IdentificationNumberValidator {
public boolean validate(String commercialRegisterNumber) {
String normalizedNumber = commercialRegisterNumber.replaceAll(" ", "");
- if(normalizedNumber.startsWith("FN")) {
+ if(normalizedNumber.startsWith(Constants.IDENIFICATIONTYPE_FN))
normalizedNumber = normalizedNumber.substring(2);
- return checkCommercialRegisterNumber(normalizedNumber);
-
- } else
- return true;
+
+ return checkCommercialRegisterNumber(normalizedNumber);
}
private boolean checkCommercialRegisterNumber(String commercialRegisterNumber) {
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/TargetValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/TargetValidator.java
new file mode 100644
index 000000000..65e8a549e
--- /dev/null
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/TargetValidator.java
@@ -0,0 +1,84 @@
+package at.gv.egovernment.moa.id.configuration.validation;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import at.gv.egovernment.moa.util.MiscUtil;
+
+
+public class TargetValidator {
+
+ private static Map<String, String> targetList = null;
+
+ static {
+ targetList = new HashMap<String, String>();
+ targetList.put("AR", "Arbeit");
+ targetList.put("AS", "Amtliche Statistik");
+ targetList.put("BF", "Bildung und Forschung");
+ targetList.put("BW", "Bauen und Wohnen");
+ targetList.put("EA", "EU und Auswärtige Angelegenheiten");
+ targetList.put("EF", "Ein- und Ausfuhr");
+ targetList.put("GH", "Gesundheit");
+ targetList.put("GS", "Gesellschaft und Soziales");
+ targetList.put("GS-RE", "Restitution");
+ targetList.put("JR", "Justiz/Zivilrechtswesen");
+ targetList.put("KL", "Kultus");
+ targetList.put("KU", "Kunst und Kultur");
+ targetList.put("LF", "Land- und Forstwirtschaft");
+ targetList.put("LV", "Landesverteidigung");
+ targetList.put("RT", "Rundfunk und sonstige Medien sowie Telekommunikation");
+ targetList.put("SA", "Steuern und Abgaben");
+ targetList.put("SA", "Sport und Freizeit");
+ targetList.put("SO", "Sicherheit und Ordnung");
+ targetList.put("SO-VR", "Vereinsregister");
+ targetList.put("SR-RG", "Strafregister");
+ targetList.put("SV", "Sozialversicherung");
+ targetList.put("UW", "Umwelt");
+ targetList.put("VT", "Verkehr und Technik");
+ targetList.put("VV", "Vermögensverwaltung");
+ targetList.put("WT", "Wirtschaft");
+ targetList.put("ZP", "Personenidentität und Bürgerrechte(zur Person)");
+ targetList.put("BR", "Bereichsübergreifender Rechtsschutz");
+ targetList.put("HR", "Zentrales Rechnungswesen");
+ targetList.put("KI", "Auftraggeberinterne allgemeine Kanzleiindizes");
+ targetList.put("OI", "Öffentlichkeitsarbeit");
+ targetList.put("PV", "Personalverwaltung");
+ targetList.put("RD", "Zentraler Rechtsdienst");
+ targetList.put("VS", "Zentrale Durchführung von Verwaltungsstrafverfahren");
+ targetList.put("VS-RG", "Zentrales Verwaltungsstrafregister");
+ targetList.put("ZU", "Zustellungen");
+ }
+
+ public static List<String> getListOfTargets() {
+ Map<String, String> list = new HashMap<String, String>();
+ list.put("", "");
+ list.putAll(targetList);
+
+ List<String> sortedList = new ArrayList<String>();
+ sortedList.addAll(list.keySet());
+ Collections.sort(sortedList);
+
+ return sortedList;
+
+ }
+
+ public static String getTargetFriendlyName(String target) {
+ String name = targetList.get(target);
+
+ if (MiscUtil.isNotEmpty(name))
+ return name;
+ else
+ return null;
+ }
+
+ public static boolean isValidTarget(String target) {
+ return targetList.containsKey(target);
+ }
+
+
+}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java
index 276b0b4c8..88e1e6cf5 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java
@@ -16,44 +16,50 @@ public class UserDatabaseFormValidator {
private static final Logger log = Logger.getLogger(UserDatabaseFormValidator.class);
- public List<String> validate(UserDatabaseFrom form, long userID) {
+ public List<String> validate(UserDatabaseFrom form, long userID, boolean isPVP2Generated, boolean isMandateUser) {
List<String> errors = new ArrayList<String>();
-
- String check = form.getGivenName();
- if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
- log.warn("GivenName contains potentail XSS characters: " + check);
- errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
- }
- } else {
- log.warn("GivenName is empty");
- errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.empty"));
- }
+ String check = null;
- check = form.getFamilyName();
- if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
- log.warn("FamilyName contains potentail XSS characters: " + check);
- errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+ if (!isPVP2Generated) {
+ check = form.getGivenName();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ log.warn("GivenName contains potentail XSS characters: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.valid",
+ new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+ }
+ } else {
+ log.warn("GivenName is empty");
+ errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.empty"));
+ }
+
+
+ check = form.getFamilyName();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ log.warn("FamilyName contains potentail XSS characters: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.valid",
+ new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+ }
+ } else {
+ log.warn("FamilyName is empty");
+ errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.empty"));
}
- } else {
- log.warn("FamilyName is empty");
- errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.empty"));
}
-
- check = form.getInstitut();
- if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
- log.warn("Organisation contains potentail XSS characters: " + check);
- errors.add(LanguageHelper.getErrorString("validation.edituser.institut.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+
+ if (!isMandateUser) {
+ check = form.getInstitut();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ log.warn("Organisation contains potentail XSS characters: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.edituser.institut.valid",
+ new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+ }
+ } else {
+ log.warn("Organisation is empty");
+ errors.add(LanguageHelper.getErrorString("validation.edituser.institut.empty"));
}
- } else {
- log.warn("Organisation is empty");
- errors.add(LanguageHelper.getErrorString("validation.edituser.institut.empty"));
}
check = form.getMail();
@@ -80,67 +86,67 @@ public class UserDatabaseFormValidator {
errors.add(LanguageHelper.getErrorString("validation.edituser.phone.empty"));
}
- check = form.getUsername();
- if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
- log.warn("Username contains potentail XSS characters: " + check);
- errors.add(LanguageHelper.getErrorString("validation.edituser.username.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
-
- } else {
- UserDatabase dbuser = ConfigurationDBRead.getUserWithUserName(check);
- if (dbuser != null && userID != dbuser.getHjid()) {
- log.warn("Username " + check + " exists in UserDatabase");
- errors.add(LanguageHelper.getErrorString("validation.edituser.username.duplicate"));
- form.setUsername("");
- }
- }
- } else {
- if (userID == -1) {
- log.warn("Username is empty");
- errors.add(LanguageHelper.getErrorString("validation.edituser.username.empty"));
+ if (form.isIsusernamepasswordallowed()) {
+ check = form.getUsername();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ log.warn("Username contains potentail XSS characters: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.edituser.username.valid",
+ new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+
+ } else {
+ UserDatabase dbuser = ConfigurationDBRead.getUserWithUserName(check);
+ if (dbuser != null && userID != dbuser.getHjid()) {
+ log.warn("Username " + check + " exists in UserDatabase");
+ errors.add(LanguageHelper.getErrorString("validation.edituser.username.duplicate"));
+ form.setUsername("");
+ }
+ }
} else {
- UserDatabase dbuser = ConfigurationDBRead.getUserWithID(userID);
- if (dbuser == null) {
+ if (userID == -1) {
log.warn("Username is empty");
errors.add(LanguageHelper.getErrorString("validation.edituser.username.empty"));
} else {
- form.setUsername(dbuser.getUsername());
+ UserDatabase dbuser = ConfigurationDBRead.getUserWithID(userID);
+ if (dbuser == null) {
+ log.warn("Username is empty");
+ errors.add(LanguageHelper.getErrorString("validation.edituser.username.empty"));
+ } else {
+ form.setUsername(dbuser.getUsername());
+ }
}
}
- }
-
- check = form.getPassword();
- if (MiscUtil.isEmpty(check)) {
- if (userID == -1) {
- log.warn("Password is empty");
- errors.add(LanguageHelper.getErrorString("validation.edituser.password.empty"));
- } else {
- UserDatabase dbuser = ConfigurationDBRead.getUserWithID(userID);
- if (dbuser == null || MiscUtil.isEmpty(dbuser.getPassword())) {
+ check = form.getPassword();
+
+ if (MiscUtil.isEmpty(check)) {
+ if (userID == -1) {
log.warn("Password is empty");
errors.add(LanguageHelper.getErrorString("validation.edituser.password.empty"));
- }
- }
-
- } else {
-
- if (check.equals(form.getPassword_second())) {
-
- String key = AuthenticationHelper.generateKeyFormPassword(check);
- if (key == null) {
- errors.add(LanguageHelper.getErrorString("validation.edituser.password.valid"));
+ } else {
+ UserDatabase dbuser = ConfigurationDBRead.getUserWithID(userID);
+ if (dbuser == null || MiscUtil.isEmpty(dbuser.getPassword())) {
+ log.warn("Password is empty");
+ errors.add(LanguageHelper.getErrorString("validation.edituser.password.empty"));
+ }
}
- }
- else {
- errors.add(LanguageHelper.getErrorString("validation.edituser.password.equal"));
+ } else {
+
+ if (check.equals(form.getPassword_second())) {
+
+ String key = AuthenticationHelper.generateKeyFormPassword(check);
+ if (key == null) {
+ errors.add(LanguageHelper.getErrorString("validation.edituser.password.valid"));
+ }
+
+ }
+ else {
+ errors.add(LanguageHelper.getErrorString("validation.edituser.password.equal"));
+ }
}
}
-
-
-
+
check = form.getBpk();
if (MiscUtil.isNotEmpty(check)) {
if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/ValidationHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/ValidationHelper.java
index aeac75e44..eadf15f84 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/ValidationHelper.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/ValidationHelper.java
@@ -1,18 +1,122 @@
package at.gv.egovernment.moa.id.configuration.validation;
+import iaik.asn1.ObjectID;
+import iaik.utils.Util;
+import iaik.x509.X509Certificate;
+import iaik.x509.X509ExtensionInitException;
+
+import java.io.IOException;
import java.net.MalformedURLException;
+import java.net.Socket;
import java.net.URL;
+import java.net.UnknownHostException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateException;
import java.text.ParseException;
import java.text.SimpleDateFormat;
+import java.util.ArrayList;
+import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSession;
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
+
import org.apache.log4j.Logger;
+import at.gv.egovernment.moa.id.util.SSLUtils;
+import at.gv.egovernment.moa.util.Constants;
+
public class ValidationHelper {
private static final Logger log = Logger.getLogger(ValidationHelper.class);
+ public static boolean isPublicServiceAllowed(String identifier) {
+
+ SSLSocket socket = null;
+
+ try {
+ URL url = new URL(identifier);
+ String host = url.getHost();
+
+ if (host.endsWith("/"))
+ host = host.substring(0, host.length()-1);
+
+ if (url.getHost().endsWith(at.gv.egovernment.moa.id.configuration.Constants.PUBLICSERVICE_URL_POSTFIX)) {
+ log.debug("PublicURLPrefix with .gv.at Domain found.");
+ return true;
+
+ } else {
+ SSLSocketFactory factory = HttpsURLConnection.getDefaultSSLSocketFactory();
+ socket = (SSLSocket) factory.createSocket(url.getHost(), url.getPort());
+ socket.startHandshake();
+
+ SSLSession session = socket.getSession();
+ Certificate[] servercerts = session.getPeerCertificates();
+ X509Certificate[] iaikChain = new X509Certificate[servercerts.length];
+ for (int i=0; i<servercerts.length; i++) {
+ iaikChain[i] = new X509Certificate(servercerts[i].getEncoded());
+ }
+
+
+ X509Certificate cert = Util.arrangeCertificateChain(iaikChain, false)[0];
+
+ if (cert != null) {
+ ObjectID vwOID = new ObjectID("1.2.40.0.10.1.1.1"); // Verwaltungseigenschaft
+ ObjectID dOID = new ObjectID("1.2.40.0.10.1.1.2"); // Dienstleistereigenschaft
+
+
+ if ((cert.getExtension(vwOID) == null) && (cert.getExtension(dOID) == null)) {
+ return false;
+
+ } else {
+ log.info("Found correct X509 Extension in server certificate. PublicService is allowed");
+ return true;
+ }
+ }
+
+ return false;
+ }
+
+ } catch (MalformedURLException e) {
+ log.warn("PublicURLPrefix can not parsed to URL", e);
+ return false;
+
+ } catch (UnknownHostException e) {
+ log.warn("Can not connect to PublicURLPrefix Server", e);
+ return false;
+
+ } catch (IOException e) {
+ log.warn("Can not connect to PublicURLPrefix Server", e);
+ return false;
+
+ } catch (CertificateEncodingException e) {
+ log.warn("Can not parse X509 server certificate", e);
+ return false;
+
+ } catch (CertificateException e) {
+ log.warn("Can not read X509 server certificate", e);
+ return false;
+
+ } catch (X509ExtensionInitException e) {
+ log.warn("Can not read X509 server certificate extension", e);
+ return false;
+ }
+
+ finally {
+ if (socket != null)
+ try {
+ socket.close();
+ } catch (IOException e) {
+ log.warn("SSL Socket can not be closed.", e);
+ }
+ }
+ }
+
public static boolean validateOAID(String oaIDObj) {
if (oaIDObj != null) {
try {
@@ -62,7 +166,7 @@ public class ValidationHelper {
return false;
}
- public static boolean isValidTarget(String target) {
+ public static boolean isValidAdminTarget(String target) {
log.debug("Ueberpruefe Parameter Target");
@@ -76,10 +180,24 @@ public class ValidationHelper {
else {
log.error("Fehler Ueberpruefung Parameter Target. Target entspricht nicht den Kriterien (nur Zeichen a-z, A-Z und -, sowie 1-5 Zeichen lang)");
return false;
- }
-
+ }
}
+ public static boolean isValidTarget(String target) {
+
+ log.debug("Ueberpruefe Parameter Target");
+
+ if (TargetValidator.isValidTarget(target)) {
+ log.debug("Parameter Target erfolgreich ueberprueft");
+ return true;
+ }
+ else {
+ log.error("Fehler Ueberpruefung Parameter Target. Target entspricht nicht den Kriterien (nur Zeichen a-z, A-Z und -, sowie 1-5 Zeichen lang)");
+ return false;
+ }
+
+ }
+
public static boolean isValidSourceID(String sourceID) {
log.debug("Ueberpruefe Parameter sourceID");
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java
index f51095cac..5fc5189d9 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java
@@ -292,7 +292,7 @@ public class MOAConfigValidator {
errors.add(LanguageHelper.getErrorString("validation.general.sso.target.empty"));
} else {
- if (!ValidationHelper.isValidTarget(check)) {
+ if (!ValidationHelper.isValidAdminTarget(check)) {
log.info("Not valid SSO Target");
errors.add(LanguageHelper.getErrorString("validation.general.sso.target.valid"));
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAGeneralConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAGeneralConfigValidation.java
index fa992674e..99371a0e7 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAGeneralConfigValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAGeneralConfigValidation.java
@@ -7,7 +7,10 @@ import java.util.Map;
import org.apache.log4j.Logger;
import at.gv.egovernment.moa.id.commons.db.dao.config.MOAKeyBoxSelector;
+import at.gv.egovernment.moa.id.configuration.Constants;
+import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
import at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig;
+import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
import at.gv.egovernment.moa.id.configuration.validation.CompanyNumberValidator;
import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper;
@@ -20,51 +23,56 @@ public class OAGeneralConfigValidation {
public List<String> validate(OAGeneralConfig form, boolean isAdmin) {
List<String> errors = new ArrayList<String>();
+ String check;
- //validate aditionalAuthBlockText
- String check = form.getAditionalAuthBlockText();
- if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
- log.warn("AditionalAuthBlockText contains potentail XSS characters: " + check);
- errors.add(LanguageHelper.getErrorString("validation.general.aditionalauthblocktext",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+ if (isAdmin) {
+ //validate aditionalAuthBlockText
+ check = form.getAditionalAuthBlockText();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ log.warn("AditionalAuthBlockText contains potentail XSS characters: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.general.aditionalauthblocktext",
+ new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+ }
}
}
//Check BKU URLs
- check =form.getBkuHandyURL();
- if (MiscUtil.isEmpty(check)) {
- log.info("Empty Handy-BKU URL");
- errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.empty"));
-
- } else {
- if (!ValidationHelper.validateURL(check)) {
- log.info("Not valid Handy-BKU URL");
- errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.valid"));
+ if (isAdmin) {
+ check =form.getBkuHandyURL();
+ if (MiscUtil.isEmpty(check)) {
+ log.info("Empty Handy-BKU URL");
+ errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.empty"));
+
+ } else {
+ if (!ValidationHelper.validateURL(check)) {
+ log.info("Not valid Handy-BKU URL");
+ errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.valid"));
+ }
}
- }
-
- check =form.getBkuLocalURL();
- if (MiscUtil.isEmpty(check)) {
- log.info("Empty Local-BKU URL");
- errors.add(LanguageHelper.getErrorString("validation.general.bku.local.empty"));
- } else {
- if (!ValidationHelper.validateURL(check)) {
- log.info("Not valid Online-BKU URL");
- errors.add(LanguageHelper.getErrorString("validation.general.bku.local.valid"));
+ check =form.getBkuLocalURL();
+ if (MiscUtil.isEmpty(check)) {
+ log.info("Empty Local-BKU URL");
+ errors.add(LanguageHelper.getErrorString("validation.general.bku.local.empty"));
+
+ } else {
+ if (!ValidationHelper.validateURL(check)) {
+ log.info("Not valid Online-BKU URL");
+ errors.add(LanguageHelper.getErrorString("validation.general.bku.local.valid"));
+ }
}
- }
-
- check =form.getBkuOnlineURL();
- if (MiscUtil.isEmpty(check)) {
- log.info("Empty Online-BKU URL");
- errors.add(LanguageHelper.getErrorString("validation.general.bku.online.empty"));
- } else {
- if (!ValidationHelper.validateURL(check)) {
- log.info("Not valid Online-BKU URL");
- errors.add(LanguageHelper.getErrorString("validation.general.bku.online.valid"));
+ check =form.getBkuOnlineURL();
+ if (MiscUtil.isEmpty(check)) {
+ log.info("Empty Online-BKU URL");
+ errors.add(LanguageHelper.getErrorString("validation.general.bku.online.empty"));
+
+ } else {
+ if (!ValidationHelper.validateURL(check)) {
+ log.info("Not valid Online-BKU URL");
+ errors.add(LanguageHelper.getErrorString("validation.general.bku.online.valid"));
+ }
}
}
@@ -78,47 +86,49 @@ public class OAGeneralConfigValidation {
}
}
- //check KeyBoxIdentifier
- check = form.getKeyBoxIdentifier();
- if (MiscUtil.isEmpty(check)) {
- log.info("Empty KeyBoxIdentifier");
- errors.add(LanguageHelper.getErrorString("validation.general.keyboxidentifier.empty"));
- } else {
- Map<String, String> list = form.getKeyBoxIdentifierList();
- if (!list.containsKey(check)) {
- log.info("Not valid KeyBoxIdentifier " + check);
- errors.add(LanguageHelper.getErrorString("validation.general.keyboxidentifier.valid"));
- }
- }
-
- //check LegacyMode SLTemplates
- if (form.isLegacy()) {
- if (MiscUtil.isEmpty(form.getSLTemplateURL1()) &&
- MiscUtil.isEmpty(form.getSLTemplateURL2()) &&
- MiscUtil.isEmpty(form.getSLTemplateURL3()) ) {
- log.info("Empty OA-specific SecurityLayer Templates");
- errors.add(LanguageHelper.getErrorString("validation.general.sltemplates.empty"));
-
+ if (isAdmin) {
+ //check KeyBoxIdentifier
+ check = form.getKeyBoxIdentifier();
+ if (MiscUtil.isEmpty(check)) {
+ log.info("Empty KeyBoxIdentifier");
+ errors.add(LanguageHelper.getErrorString("validation.general.keyboxidentifier.empty"));
} else {
- check = form.getSLTemplateURL1();
- if (MiscUtil.isNotEmpty(check) &&
- !ValidationHelper.validateURL(check) ) {
- log.info("First OA-specific SecurityLayer Templates is not valid");
- errors.add(LanguageHelper.getErrorString("validation.general.sltemplate1.valid"));
- }
- check = form.getSLTemplateURL2();
- if (MiscUtil.isNotEmpty(check) &&
- !ValidationHelper.validateURL(check) ) {
- log.info("Second OA-specific SecurityLayer Templates is not valid");
- errors.add(LanguageHelper.getErrorString("validation.general.sltemplate2.valid"));
- }
- check = form.getSLTemplateURL3();
- if (MiscUtil.isNotEmpty(check) &&
- !ValidationHelper.validateURL(check) ) {
- log.info("Third OA-specific SecurityLayer Templates is not valid");
- errors.add(LanguageHelper.getErrorString("validation.general.sltemplate3.valid"));
+ Map<String, String> list = form.getKeyBoxIdentifierList();
+ if (!list.containsKey(check)) {
+ log.info("Not valid KeyBoxIdentifier " + check);
+ errors.add(LanguageHelper.getErrorString("validation.general.keyboxidentifier.valid"));
}
- }
+ }
+
+ //check LegacyMode SLTemplates
+ if (form.isLegacy()) {
+ if (MiscUtil.isEmpty(form.getSLTemplateURL1()) &&
+ MiscUtil.isEmpty(form.getSLTemplateURL2()) &&
+ MiscUtil.isEmpty(form.getSLTemplateURL3()) ) {
+ log.info("Empty OA-specific SecurityLayer Templates");
+ errors.add(LanguageHelper.getErrorString("validation.general.sltemplates.empty"));
+
+ } else {
+ check = form.getSLTemplateURL1();
+ if (MiscUtil.isNotEmpty(check) &&
+ !ValidationHelper.validateURL(check) ) {
+ log.info("First OA-specific SecurityLayer Templates is not valid");
+ errors.add(LanguageHelper.getErrorString("validation.general.sltemplate1.valid"));
+ }
+ check = form.getSLTemplateURL2();
+ if (MiscUtil.isNotEmpty(check) &&
+ !ValidationHelper.validateURL(check) ) {
+ log.info("Second OA-specific SecurityLayer Templates is not valid");
+ errors.add(LanguageHelper.getErrorString("validation.general.sltemplate2.valid"));
+ }
+ check = form.getSLTemplateURL3();
+ if (MiscUtil.isNotEmpty(check) &&
+ !ValidationHelper.validateURL(check) ) {
+ log.info("Third OA-specific SecurityLayer Templates is not valid");
+ errors.add(LanguageHelper.getErrorString("validation.general.sltemplate3.valid"));
+ }
+ }
+ }
}
//check Mandate Profiles
@@ -130,23 +140,18 @@ public class OAGeneralConfigValidation {
new Object[] {ValidationHelper.getPotentialCSSCharacter(true)} ));
}
}
-
- //check SL Version
- check = form.getSlVersion();
- if (MiscUtil.isEmpty(check)) {
- log.info("Empty SLVersion. Set SLVersion to 1.2");
- form.setSlVersion("1.2");
-
- } else {
- if (!ValidationHelper.validateNumber(check)) {
- log.info("Not valid SLVersion");
- errors.add(LanguageHelper.getErrorString("validation.general.slversion"));
- }
- }
-
+
boolean businessservice = form.isBusinessService();
if (businessservice) {
+
+ //check identification type
+ check = form.getIdentificationType();
+ if (!form.getIdentificationTypeList().contains(check)) {
+ log.info("IdentificationType is not known.");
+ errors.add(LanguageHelper.getErrorString("validation.general.identificationtype.valid"));
+ }
+
//check identification number
check = form.getIdentificationNumber();
if (MiscUtil.isEmpty(check)) {
@@ -160,49 +165,85 @@ public class OAGeneralConfigValidation {
new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
}
- if (check.startsWith("FN")) {
+ if (form.getIdentificationType().equals(Constants.IDENIFICATIONTYPE_FN)) {
CompanyNumberValidator val = new CompanyNumberValidator();
- if (val.validate(check)) {
+ if (!val.validate(check)) {
log.info("Not valid CompanyNumber");
errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.fn.valid"));
}
}
}
-
- try {
- float slversion = Float.valueOf(form.getSlVersion());
- if (slversion < 1.2) {
- log.info("BusinessService Applications requires SLVersion >= 1.2");
- errors.add(LanguageHelper.getErrorString("validation.general.slversion.business"));
- form.setSlVersion("1.2");
- }
-
- } catch (NumberFormatException e) {
- }
-
+
} else {
- //check targetFrindlyName();
- check = form.getTargetFriendlyName();
+
+ check = form.getTarget_subsector();
if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
- log.warn("TargetFriendlyName contains potentail XSS characters: " + check);
- errors.add(LanguageHelper.getErrorString("validation.general.targetfriendlyname",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+ if (!ValidationHelper.isValidAdminTarget(check)) {
+ log.info("Not valid Target-Subsector");
+ errors.add(LanguageHelper.getErrorString("validation.general.target.subsector.valid"));
}
}
- //check Target
- check = form.getTarget();
- if (MiscUtil.isEmpty(check)) {
- log.info("Empty Target");
- errors.add(LanguageHelper.getErrorString("validation.general.target.empty"));
+
+ if (!isAdmin) {
+ //check PublicURL Prefix allows PublicService
+ if (!ValidationHelper.isPublicServiceAllowed(form.getIdentifier())) {
+ log.warn("PublicURLPrefix does not allow PublicService: " + form.getIdentifier());
+ errors.add(LanguageHelper.getErrorString("validation.general.target.publicserviceurl",
+ new Object[] {form.getIdentifier()} ));
+ form.setBusinessService(true);
+ return errors;
+
+ }
+
+ //check Target
+ check = form.getTarget();
+ if (MiscUtil.isEmpty(check)) {
+ log.info("Empty Target");
+ errors.add(LanguageHelper.getErrorString("validation.general.target.empty"));
+
+ } else {
+ if (!ValidationHelper.isValidTarget(check)) {
+ log.info("Not valid Target");
+ errors.add(LanguageHelper.getErrorString("validation.general.target.valid"));
+ }
+ }
} else {
- if (!ValidationHelper.isValidTarget(check)) {
- log.info("Not valid Target");
- errors.add(LanguageHelper.getErrorString("validation.general.target.valid"));
+
+ //check targetFrindlyName();
+ check = form.getTargetFriendlyName();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ log.warn("TargetFriendlyName contains potentail XSS characters: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.general.targetfriendlyname",
+ new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+ }
}
- }
+
+ if (MiscUtil.isEmpty(form.getTarget()) && MiscUtil.isEmpty(form.getTarget_admin())) {
+ log.info("Empty Target");
+ errors.add(LanguageHelper.getErrorString("validation.general.target.empty"));
+ }
+
+ //check Target
+ check = form.getTarget();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!ValidationHelper.isValidTarget(check)) {
+ log.info("Not valid Target");
+ errors.add(LanguageHelper.getErrorString("validation.general.target.valid"));
+ }
+ }
+
+ //check Admin Target
+ check = form.getTarget_admin();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!ValidationHelper.isValidAdminTarget(check)) {
+ log.info("Not valid Target");
+ errors.add(LanguageHelper.getErrorString("validation.general.target.admin.valid"));
+ }
+ }
+ }
}
return errors;
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
index 4a1ef9261..e6ff0a166 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
@@ -1,15 +1,22 @@
package at.gv.egovernment.moa.id.configuration.validation.oa;
import java.io.IOException;
+import java.net.URL;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.List;
import org.apache.log4j.Logger;
+import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
+import org.opensaml.saml2.metadata.provider.MetadataFilter;
+import org.opensaml.saml2.metadata.provider.MetadataProviderException;
+import org.opensaml.xml.parse.BasicParserPool;
import at.gv.egovernment.moa.id.configuration.data.oa.OAPVP2Config;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.MetadataSignatureFilter;
+import at.gv.egovernment.moa.util.FileUtils;
import at.gv.egovernment.moa.util.MiscUtil;
public class OAPVP2ConfigValidation {
@@ -19,24 +26,59 @@ public class OAPVP2ConfigValidation {
public List<String> validate(OAPVP2Config form) {
List<String> errors = new ArrayList<String>();
-
- String url = form.getMetaDataURL();
- if (MiscUtil.isNotEmpty(url) && !ValidationHelper.validateURL(url)) {
- log.info("MetaDataURL has no valid form.");
- errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.valid"));
- }
-
try {
+ byte[] metadata = null;
+ byte[] cert = null;
+
+ String check = form.getMetaDataURL();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!ValidationHelper.validateURL(check)) {
+ log.info("MetaDataURL has no valid form.");
+ errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.valid"));
+
+ } else {
+ metadata = FileUtils.readURL(check);
+ if (MiscUtil.isEmpty(metadata)) {
+ log.info("Filecontent can not be read form MetaDataURL.");
+ errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.read"));
+ }
+ }
+ }
+
if (form.getFileUpload() != null)
- form.getCertificate();
+ cert = form.getCertificate();
+
+// else {
+// if (metadata != null) {
+// log.info("No certificate to verify the Metadata defined.");
+// errors.add(LanguageHelper.getErrorString("validation.pvp2.certificate.notfound"));
+// }
+// }
+
+// if (cert != null && metadata != null) {
+// HTTPMetadataProvider httpProvider = new HTTPMetadataProvider(
+// check, 20000);
+// httpProvider.setParserPool(new BasicParserPool());
+// httpProvider.setRequireValidMetadata(true);
+// MetadataFilter filter = new MetadataSignatureFilter(
+// check, cert);
+// httpProvider.setMetadataFilter(filter);
+// httpProvider.initialize();
+//
+// }
+
} catch (CertificateException e) {
log.info("Uploaded Certificate can not be found", e);
errors.add(LanguageHelper.getErrorString("validation.pvp2.certificate.notfound"));
} catch (IOException e) {
- log.info("Uploaded Certificate can not be parsed", e);
- errors.add(LanguageHelper.getErrorString("validation.pvp2.certificate.format"));
+ log.info("Metadata can not be loaded from URL", e);
+ errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.read"));
+
+// } catch (MetadataProviderException e) {
+// log.info("MetaDate verification failed");
+// errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify"));
}
return errors;
diff --git a/id/ConfigWebTool/src/main/resources/applicationResources.properties b/id/ConfigWebTool/src/main/resources/applicationResources.properties
index b12c82b9e..eaa9b981a 100644
--- a/id/ConfigWebTool/src/main/resources/applicationResources.properties
+++ b/id/ConfigWebTool/src/main/resources/applicationResources.properties
@@ -4,8 +4,10 @@ title=MOA-ID 2.x Configuration Tool
config.01=Configfile is not found.
config.02=Configfile is not readable.
config.03=Hibernate Database connector can not be initialized
+config.04=OpenSAML (PVP2 Login) can not be initialized
error.title=Fehler:
+error.general.text=W\u00E4hrend der Verarbeitung ist ein interner Fehler auftetreten. Bitte Versuchen Sie es nocheinmal oder kontaktieren Sie den Administrator.
errors.listOAs.noOA=Es wurden keine Online-Applikationen in der Datenbank gefunden.
errors.edit.oa.oaid=Es wurde keine g\u00FCtige Online-Applikations-ID \u00FCbergeben.
errors.edit.oa.oaid.allowed=Sie besitzen nicht die ben\u00F6tigen Rechte um auf diese Online-Applikation zuzugreifen.
@@ -21,6 +23,11 @@ errors.edit.user.userid=Es wurde keine g\u00FCtige User ID \u00FCbergeben.
errors.edit.user.save=Der Benutzer konnte nicht in die Datenbank eingetragen werden.
errors.edit.user.notallowed=Das Bearbeiten fremder Benutzereinstellungen ist nur dem Admin erlaubt.
error.login=Der Anmeldevorgang durch einen internen Fehler unterbrochen. Bitte Versuchen sie es noch einmal.
+error.mail.send=An die angegebene Mailadresse konnte keine Nachticht versendet werden.
+error.mail.verification=Der Verifikationsvorgang wurde durch einen internen Fehler unterbrochen. Bitte Versuchen sie es noch einmal.
+error.editoa.mailverification=Die Verwaltung von Online-Applikationen ist vor\u00FCbergehend deaktiviert, da die Mailadresse des Benutzeraccounts noch nicht verifiziert wurde.
+
+mail.userrequest.subject=Accountanforderung MOA-ID 2.x Konfigurationstool
webpages.error.header=Es ist ein Fehler aufgetreten
@@ -28,6 +35,7 @@ webpages.index.header=Willkommen bei der MOA-ID 2.x Konfigurationsapplikation
webpages.index.desciption.head=Um dieses Service nutzen zu k\u00F6nnen m\u00FCssen sie sich einloggen.
webpages.index.login=Anmelden
webpages.index.logout=Abmelden
+webpages.index.login.pvp2=Anmeldung mit B\u00FCrgerkarte oder Handy-Signature
webpages.index.login.notallowed=Entweder sind Benutzername oder Passwort sind nicht korrekt oder der Account wurde noch nicht aktiviert.
webpages.index.username.unkown=Der Benutzer ist nicht bekannt.
webpages.index.username.notactive=Der Benutzer wurde durch den Administrator noch nicht freigeschalten.
@@ -47,8 +55,8 @@ webpages.inportexport.descripten=ACHTUNG\: Die importierte Konfiguration ersetzt
webpages.usermanagement.newuser=Neuen Benutzer erstellen
webpages.usermanagement.header=Benutzerverwaltung
webpages.listUsers.list.header=Liste aller vorhandenen Benutzer
-webpages.listUsers.list.first=Vorname
-webpages.listUsers.list.second=Familienname
+webpages.listUsers.list.first=Familien-/Firmenname
+webpages.listUsers.list.second=Vorname
webpages.listUsers.list.third=Benutzername
webpages.edituser.header=Benutzerdaten
webpages.edituser.givenname=Vorname
@@ -65,6 +73,11 @@ webpages.edituser.role.header=Rechte und Role
webpages.edituser.active=Benutzer ist aktiviert
webpages.edituser.admin=Benutzer ist Admin
webpages.edit.delete.user=Benutzer l\u00F6schen
+webpages.edit.newUser=Neuen Benutzer anfordern
+webpages.edituser.isusernamepasswordallowed=Benutzername/Passwort erlauben
+webpages.edituser.changemailaddress.verify=Bevor Sie Online-Applikationen verwalten k\u00F6nnen muss Ihre Mailadresse verifzieren werden. Eine entsprechende Mail wurde bereits an Ihr angegebenes Postfach versendet.
+webpages.edituser.verify.mail.button=Mailadresse pr\u00FCfen
+webpages.edituser.verify.mail.message=Es wurde eine Verifikationsmail an Ihr Postfach versendet
webpages.mainpage.menu.oa.insert=Neue Applikation anlegen
webpages.mainpage.menu.oa.display=Meine Applikationen
@@ -73,6 +86,7 @@ webpages.mainpage.menu.general.user=Meine Daten
webpages.mainpage.menu.general.importexport=Importieren/Exportieren
webpages.mainpage.menu.general.config.moaid=Allgemeine Konfiguration
webpages.mainpage.menu.general.usermanagement=Benutzerverwaltung
+webpages.mainpage.menu.general.adminrequests=Offene Anfragen
webpages.moaconfig.save.success=Die MOA-ID Konfiguration wurde erfolgreich gespeichert.
webpages.moaconfig.header=Allgemeine Konfiguration
@@ -151,15 +165,22 @@ webpages.oaconfig.general.mandate.profiles=Profile
webpages.oaconfig.general.friendlyname=Name der Online-Applikation
webpages.oaconfig.general.isbusinessservice=Privatwirtschaftliche Applikation
webpages.oaconfig.general.public.header=&Ouml;ffentlicher Bereich
-webpages.oaconfig.general.target.friendlyname=Bezeichnung des Bereichs
+webpages.oaconfig.general.target.friendlyname=Bezeichnung des Bereichs (Frei w\u00E4hlbar)
+webpages.oaconfig.general.target.admin.checkbox=Anderen Bereich frei definieren
+webpages.oaconfig.general.target.admin=Bereich (Frei w\u00E4hlbar)
+webpages.oaconfig.general.target.friendlyname.disabled=Bezeichnung des Bereichs (vom Administrator eingestellt)
+webpages.oaconfig.general.target.admin.disabled=Bereich (vom Administrator eingestellt)
webpages.oaconfig.general.target=Bereich (Target)
+webpages.oaconfig.general.target.subsector=Sub-Bereich
webpages.oaconfig.general.business.header=Privatwirtschaftlicher Bereich
-webpages.oaconfig.general.business.value=Identificationsnummer
+webpages.oaconfig.general.business.value=Identifikationsnummer
+webpages.oaconfig.general.business.type=Type der Identifikationsnummer
webpages.oaconfig.general.aditional.header=Zus&auml;tzliche allgemeine Einstellungen
webpages.oaconfig.general.aditional.authblocktext=AuthblockText
webpages.oaconfig.general.aditional.iframe=B\u00FCrgerkartenauswahl im IFrame
webpages.oaconfig.general.aditional.useUTC=UTC Zeit verwenden
webpages.oaconfig.general.aditional.calculateHPI="TODO!"
+webpages.oaconfig.general.isHideBPKAuthBlock=bPK/wbPK im AuthBlock ausblenden
webpages.oaconfig.menu.saml1.show=SAML1 Konfiguration einblenden
webpages.oaconfig.menu.saml1.hidden=SAML1 Konfiguration ausblenden
@@ -191,6 +212,7 @@ webpages.oaconfig.pvp2.certifcate.info=Infos zum Zertifikat
message.title=Meldung:
webpages.oaconfig.success=Die Online-Applikation {0} konnte erfolgreich gespeichert werden.
+webpages.oaconfig.success.admin=Die Online-Applikation {0} konnte erfolgreich gespeichert werden. Es ist jedoch eine Aktivierung durch den Administrator erforderlich.
webpages.oaconfig.cancle=Die Bearbeitung der Online-Applikation {0} wurde abgebrochen.
webpages.oaconfig.delete.message=Die Online-Applikation {0} wurde erfolgreich gel\u00F6scht.
@@ -203,6 +225,13 @@ webpages.edit.delete=Online-Applikation l\u00F6schen
webpages.header.info=Sie sind angemeldet als:
webpages.header.lastlogin=Letzte Anmeldung am:
+webpages.openadminrequests.header=Offene Antr\u00E4ge
+webpages.openadminrequests.users.header=Benutzeraccounts
+webpages.openadminrequests.oas.header=Online-Applikationen
+
+
+validation.newuser.mailaddress=Die Validierung der Mailadresse konnte erfolgreich durchgef\u00FChrt werden.
+
validation.edituser.familyname.empty=Der Familienname ist leer.
validation.edituser.familyname.valid=Der Familienname enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0}
validation.edituser.givenname.empty=Der Vorname ist leer.
@@ -287,18 +316,24 @@ validation.general.sltemplate3.valid=Die dritte SecurityLayer Template URL hat k
validation.general.mandate.profiles=Die Liste von Vollmachtsprofilen enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0}
validation.general.target.empty=Der Target f\u00FCr die Online-Applikation ist leer.
validation.general.target.valid=Der Target f\u00FCr die Online-Applikation hat kein g\u00FCltiges Format.
+validation.general.target.subsector.valid=Der Target-Subsektor hat kein g\u00FCltiges Format.
+validation.general.target.admin.valid=Der Admin-Target f\u00FCr die Online-Applikation hat kein g\u00FCltiges Format.
+validation.general.target.publicserviceurl=Die Domain des eindeutigen Identifiers f\u00FCr die Online-Applikation erlaubt nur Applikationen aus dem privatwirtschaftlichen Bereich.
validation.general.slversion=Die SecurtiyLayer Version ist kein Zahlenformat.
validation.general.slversion.business=Im privatwirtschaftlichen Bereich muss die SecurityLayerversion mindestes 1.2 betragen. Die SLVersion wurde auf 1.2 ge\u00E4ndert.
validation.general.targetfriendlyname=Der Name des Bereichs (Target) enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0}
+validation.general.identificationtype.valid=Der Identifikationstype wird nicht unterst\u00FCtzt.
validation.general.identificationnumber.empty=Im privatwirtschaftlichen Bereich ist eine Identifikationsnummer erforderlich.
validation.general.identificationnumber.valid=Die Identifikationsnummer f\u00FCr den privatwirtschaftlichen Bereich enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0}
-validation.general.identificationnumber.fa.valid=Die Firmenbuchnummer hat kein g\u00FCltiges Format.
+validation.general.identificationnumber.fn.valid=Die Firmenbuchnummer hat kein g\u00FCltiges Format.
validation.general.oaidentifier.empty=Es wurde kein eindeutiger Identifier f\u00FCr die Online-Applikation angegeben.
-validation.general.oaidentifier.valid=Der eindeutige Identifier f\u00FCr die Online-Applikation enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0}
+validation.general.oaidentifier.valid=Der eindeutige Identifier f\u00FCr die Online-Applikation ist keine g\u00FCltige URL.
validation.general.oaidentifier.notunique=Der gew\u00E4hlte eindeutige Identifier ist bereits vorhanden. Eine Eintragung der Online-Applikation ist nicht m\u00F6glich.
validation.pvp2.metadataurl.empty=Keine Metadaten URL angegeben.
validation.pvp2.metadataurl.valid=Die Metadaten URL wei\u00DFt kein g\u00FCltiges URL Format auf.
+validation.pvp2.metadataurl.read=Unter der angegebenen Metadaten URL konnten keine Informationen abgerufen werden.
+validation.pvp2.metadata.verify=Die Metadaten konnten nicht mit dem angegebenen Zertifikat verifziert werden.
validation.pvp2.certificate.format=Das angegebene PVP2 Zertifikat wei\u00DFt kein g\u00FCltiges Format auf.
validation.pvp2.certificate.notfound=Kein PVP2 Zertifikat eingef\u00FCgt.
diff --git a/id/ConfigWebTool/src/main/resources/struts.xml b/id/ConfigWebTool/src/main/resources/struts.xml
index 3b33bffcb..ce4b408b4 100644
--- a/id/ConfigWebTool/src/main/resources/struts.xml
+++ b/id/ConfigWebTool/src/main/resources/struts.xml
@@ -25,11 +25,35 @@
<interceptor-ref name="defaultStack"/>
</action>
+ <action name="pvp2login" method="pvp2login" class="at.gv.egovernment.moa.id.configuration.struts.action.IndexAction">
+ <result name="success" type="redirectAction">
+ <param name="actionName">main</param>
+ <param name="namespace">/secure</param>
+ </result>
+ <result name="newuser">/jsp/newUserRequest.jsp</result>
+ <result name="error">/index.jsp</result>
+ <interceptor-ref name="defaultStack"/>
+ </action>
+
+ <action name="requestNewUser" method="requestNewUser" class="at.gv.egovernment.moa.id.configuration.struts.action.IndexAction">
+ <result name="newuser">/jsp/newUserRequest.jsp</result>
+ <result name="success">/index.jsp</result>
+ <result name="error">/index.jsp</result>
+ <interceptor-ref name="defaultStack"/>
+ </action>
+
+ <action name="mailAddressVerification" method="mailAddressVerification" class="at.gv.egovernment.moa.id.configuration.struts.action.IndexAction">
+ <result name="error">/index.jsp</result>
+ <result name="success">/index.jsp</result>
+ <interceptor-ref name="defaultStack"/>
+ </action>
+
<action name="logout" method="logout" class="at.gv.egovernment.moa.id.configuration.struts.action.IndexAction">
<result name="success" type="redirectAction">
<param name="actionName">index</param>
<param name="namespace">/</param>
</result>
+ <result name="ssologout" type="redirect">${ssologouturl}</result>
<interceptor-ref name="defaultStack"/>
</action>
@@ -110,7 +134,7 @@
</action>
<action name="saveOA" method="saveOA" class="at.gv.egovernment.moa.id.configuration.struts.action.EditOAAction">
- <result name="success" type="chain">main</result>
+ <result name="success" type="chain">${nextPage}</result>
<result name="error_validation">/jsp/editOAGeneral.jsp</result>
<result name="error">/error.jsp</result>
<result name="reauthentication" type="redirectAction">
@@ -121,7 +145,7 @@
</action>
<action name="cancleandbackOA" method="cancleAndBackOA" class="at.gv.egovernment.moa.id.configuration.struts.action.EditOAAction">
- <result type="chain">main</result>
+ <result type="chain">${nextPage}</result>
<result name="reauthentication" type="redirectAction">
<param name="actionName">logout</param>
<param name="namespace">/</param>
@@ -130,7 +154,7 @@
</action>
<action name="deleteOA" method="deleteOA" class="at.gv.egovernment.moa.id.configuration.struts.action.EditOAAction">
- <result type="chain">main</result>
+ <result name="success" type="chain">${nextPage}</result>
<result name="error_validation">/jsp/editOAGeneral.jsp</result>
<result name="reauthentication" type="redirectAction">
<param name="actionName">logout</param>
@@ -190,6 +214,7 @@
<param name="namespace">/</param>
</result>
<result name="notallowed">/jsp/mainpage.jsp</result>
+ <result name="error">/error.jsp</result>
<interceptor-ref name="defaultStack"/>
</action>
@@ -201,6 +226,7 @@
<param name="namespace">/</param>
</result>
<result name="notallowed">/jsp/mainpage.jsp</result>
+ <result name="error">/error.jsp</result>
<interceptor-ref name="defaultStack"/>
</action>
@@ -217,6 +243,7 @@
</result>
<result name="error_validation">/jsp/importexport.jsp</result>
<result name="notallowed">/jsp/mainpage.jsp</result>
+ <result name="error">/error.jsp</result>
<interceptor-ref name="defaultStack"/>
</action>
@@ -253,7 +280,7 @@
</action>
<action name="deleteUser" method="deleteuser" class="at.gv.egovernment.moa.id.configuration.struts.action.UserManagementAction">
- <result name="success" type="chain">usermanagementInit</result>
+ <result name="success" type="chain">${nextPage}</result>
<result name="notallowed" type="chain">main</result>
<result name="error">/error.jsp</result>
<result name="reauthentication" type="redirectAction">
@@ -264,7 +291,7 @@
</action>
<action name="saveUser" method="saveuser" class="at.gv.egovernment.moa.id.configuration.struts.action.UserManagementAction">
- <result name="success" type="chain">usermanagementInit</result>
+ <result name="success" type="chain">${nextPage}</result>
<result name="error_validation">/jsp/edituser.jsp</result>
<result name="notallowed" type="chain">main</result>
<result name="error">/error.jsp</result>
@@ -275,6 +302,25 @@
<interceptor-ref name="defaultStack"/>
</action>
+ <action name="sendVerificationMail" method="sendVerificationMail" class="at.gv.egovernment.moa.id.configuration.struts.action.UserManagementAction">
+ <result type="stream">
+ <param name="contentType">text/html</param>
+ <param name="inputName">stream</param>
+ </result>
+ <interceptor-ref name="defaultStack"/>
+ </action>
+
+ <action name="adminRequestsInit" method="init" class="at.gv.egovernment.moa.id.configuration.struts.action.OpenAdminRequestsAction">
+ <result name="success">/jsp/openadminrequests.jsp</result>
+ <result name="notallowed" type="chain">main</result>
+ <result name="error">/error.jsp</result>
+ <result name="reauthentication" type="redirectAction">
+ <param name="actionName">logout</param>
+ <param name="namespace">/</param>
+ </result>
+ <interceptor-ref name="defaultStack"/>
+ </action>
+
</package>
</struts> \ No newline at end of file
diff --git a/id/ConfigWebTool/src/main/resources/templates/pvp_postbinding_template.html b/id/ConfigWebTool/src/main/resources/templates/pvp_postbinding_template.html
new file mode 100644
index 000000000..1215c2b58
--- /dev/null
+++ b/id/ConfigWebTool/src/main/resources/templates/pvp_postbinding_template.html
@@ -0,0 +1,51 @@
+##
+## Velocity Template for SAML 2 HTTP-POST binding
+##
+## Velocity context may contain the following properties
+## action - String - the action URL for the form
+## RelayState - String - the relay state for the message
+## SAMLRequest - String - the Base64 encoded SAML Request
+## SAMLResponse - String - the Base64 encoded SAML Response
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
+
+ <body onload="document.forms[0].submit()">
+ <noscript>
+ <p>
+ <strong>Note:</strong> Since your browser does not support JavaScript,
+ you must press the Continue button once to proceed.
+ </p>
+ </noscript>
+
+
+ <div id="alert">Your login is being processed. Thank you for waiting.</div>
+
+ <style type="text/css">
+ <!--
+ #alert {
+ margin:100px 250px;
+ font-family: Verdana, Arial, Helvetica, sans-serif;
+ font-size:14px;
+ font-weight:normal;
+ }
+ -->
+ </style>
+
+ <form action="${action}" method="post">
+ <div>
+ #if($RelayState)<input type="hidden" name="RelayState" value="${RelayState}"/>#end
+
+ #if($SAMLRequest)<input type="hidden" name="SAMLRequest" value="${SAMLRequest}"/>#end
+
+ #if($SAMLResponse)<input type="hidden" name="SAMLResponse" value="${SAMLResponse}"/>#end
+
+ </div>
+ <noscript>
+ <div>
+ <input type="submit" value="Continue"/>
+ </div>
+ </noscript>
+ </form>
+
+ </body>
+</html> \ No newline at end of file
diff --git a/id/ConfigWebTool/src/main/webapp/WEB-INF/web.xml b/id/ConfigWebTool/src/main/webapp/WEB-INF/web.xml
index 7b27b0c4d..a44cf8ce5 100644
--- a/id/ConfigWebTool/src/main/webapp/WEB-INF/web.xml
+++ b/id/ConfigWebTool/src/main/webapp/WEB-INF/web.xml
@@ -24,7 +24,7 @@
</init-param>
<init-param>
<param-name>allowed</param-name>
- <param-value>^.*((/index.action)|(/error.action)|(/authenticate.action)|(/logout.action)|(/jsp/.*)|(/css/.*)|(/images/.*)|(/js/.*))$</param-value>
+ <param-value>^.*((/index.action)|(/error.action)|(/authenticate.action)|(/pvp2login.action.*)|(/mailAddressVerification.action.*)|(/logout.action)|(/jsp/.*)|(/css/.*)|(/servlet/.*)|(/images/.*)|(/js/.*))$</param-value>
</init-param>
</filter>
<filter-mapping>
@@ -61,6 +61,28 @@
</init-param>
</filter>
+ <servlet>
+ <servlet-name>pvp2login</servlet-name>
+ <display-name>pvp2login</display-name>
+ <servlet-class>at.gv.egovernment.moa.id.configuration.auth.pvp2.Authenticate</servlet-class>
+ </servlet>
+
+ <servlet>
+ <servlet-name>buildmetadata</servlet-name>
+ <display-name>buildmetadata</display-name>
+ <servlet-class>at.gv.egovernment.moa.id.configuration.auth.pvp2.BuildMetadata</servlet-class>
+ </servlet>
+
+ <servlet-mapping>
+ <servlet-name>buildmetadata</servlet-name>
+ <url-pattern>/servlet/metadata</url-pattern>
+ </servlet-mapping>
+
+ <servlet-mapping>
+ <servlet-name>pvp2login</servlet-name>
+ <url-pattern>/servlet/pvp2login</url-pattern>
+ </servlet-mapping>
+
<!-- <filter-mapping>
<filter-name>sitemash</filter-name>
<url-pattern>/*</url-pattern>
diff --git a/id/ConfigWebTool/src/main/webapp/css/index.css b/id/ConfigWebTool/src/main/webapp/css/index.css
index 6eeb6a4ee..6733efd4d 100644
--- a/id/ConfigWebTool/src/main/webapp/css/index.css
+++ b/id/ConfigWebTool/src/main/webapp/css/index.css
@@ -22,6 +22,34 @@
padding-right: 25px;
}
+#passwordlogin {
+ float: left;
+}
+
+#bkulogin {
+ float: left;
+ margin-left: 50px;
+}
+
+#bkuloginbutton {
+ background:-moz-linear-gradient(bottom,#b3b3b3,#f1f1f1); /* Firefox */
+ background:-webkit-gradient(linear,left top,left bottom,from(#b3b3b3),to(#f1f1f1)); /* Chrome, Safari */
+ filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#b3b3b3',endColorstr='#f1f1f1');
+
+ display: block;
+ padding-top: 10px;
+ padding-bottom: 10px;
+ text-align: center;
+ width: 200px;
+ /* background-color: gold; */
+ border-radius: 10px;
+ box-shadow: 8px 8px 8px #666;
+ border-style: solid;
+ border-color: black;
+ border-width: 2px;
+
+}
+
#menu_area {
margin-top: 25px;
border-color: black;
@@ -106,6 +134,10 @@
display: none;
}
+#mail_area input {
+ float: right;
+}
+
.oa_protocol_area {
clear: both;
margin-left: 25px;
@@ -147,6 +179,7 @@
margin-top: 6px;
}
+
.oa_config_block h3 {
padding-top: 25px;
}
@@ -193,6 +226,10 @@
margin-right: 50px;
}
+#oa_config_businessservice .wwgrp {
+ clear: none;
+}
+
div .wwgrp br {
display: none;
}
@@ -202,6 +239,15 @@ div .wwgrp br {
}
+.textfield_middle {
+ width: 100px;
+
+}
+
+.textfield_mail {
+ width: 400px;
+}
+
.textfield_long {
width: 600px;
@@ -212,7 +258,13 @@ div .wwgrp br {
height: 200px;
text-align: left;
}
-
+
+.selectfield {
+ width: 80px;
+ float: left;
+ margin-right: 5px;
+}
+
.checkbox{
margin-top: 7px;
}
@@ -271,13 +323,19 @@ div .wwgrp br {
width: 200px;
}
-.userListThird {
+.userListFirstSecond {
position: relative;
+ width: 400px;
float: left;
}
-.disabled {
+.userListThird {
+ position: relative;
+ float: left;
+}
+#usernamepassword_area {
+ display: none;
}
#footer_area {
diff --git a/id/ConfigWebTool/src/main/webapp/error.jsp b/id/ConfigWebTool/src/main/webapp/error.jsp
index 97dc218e7..8993c1102 100644
--- a/id/ConfigWebTool/src/main/webapp/error.jsp
+++ b/id/ConfigWebTool/src/main/webapp/error.jsp
@@ -1,3 +1,4 @@
+<%@page import="at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider"%>
<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%>
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
@@ -11,10 +12,11 @@
<title><%=LanguageHelper.getGUIString("title", request) %></title>
</head>
- <body>
- <h1><%=LanguageHelper.getGUIString("webpages.error.header", request) %></h1>
+ <body style="text-align: center;">
+ <h1 style="color: red;"><%=LanguageHelper.getGUIString("webpages.error.header", request) %></h1>
<div id="information_area">
+ <p><%=LanguageHelper.getGUIString("error.general.text", request) %></p>
<s:if test="hasActionErrors()">
<div id="error_area">
<label><%=LanguageHelper.getGUIString("error.title", request) %></label>
diff --git a/id/ConfigWebTool/src/main/webapp/index.jsp b/id/ConfigWebTool/src/main/webapp/index.jsp
index 4e49eac75..f4c853792 100644
--- a/id/ConfigWebTool/src/main/webapp/index.jsp
+++ b/id/ConfigWebTool/src/main/webapp/index.jsp
@@ -13,42 +13,55 @@
<body>
<h1><%=LanguageHelper.getGUIString("webpages.index.header", request) %></h1>
-
+
<div id="information_area">
+
+ <s:if test="hasActionMessages()">
+ <div id="message_area">
+ <label><%=LanguageHelper.getGUIString("message.title", request) %></label>
+ <s:actionmessage/>
+ </div>
+ </s:if>
+
<s:if test="hasActionErrors()">
<div id="error_area">
- <label><%=LanguageHelper.getGUIString("error.title", request) %></label>
- <s:actionerror/>
- </div>
- </s:if>
+ <label><%=LanguageHelper.getGUIString("error.title", request) %></label>
+ <s:actionerror/>
+ </div>
+ </s:if>
<div id="information_area">
<p><%=LanguageHelper.getGUIString("webpages.index.desciption.head", request) %></p>
<div class="oa_config_block">
- <s:form namespace="/" method="POST" enctype="multipart/form-data">
+ <s:form id="passwordlogin" namespace="/" method="POST" enctype="multipart/form-data">
<s:textfield name="username"
value="%{username}"
labelposition="left"
key="webpages.edituser.username"
- cssClass="textfield_long"
+ cssClass="textfield_mail"
maxlength="16">
</s:textfield>
<s:password name="password"
labelposition="left"
key="webpages.edituser.password"
- cssClass="textfield_long"
+ cssClass="textfield_mail"
maxlength="16">
</s:password>
<s:submit key="webpages.index.login" action="authenticate"/>
</s:form>
+
+ <div id="bkulogin">
+ <a id="bkuloginbutton" href="servlet/pvp2login"><%=LanguageHelper.getGUIString("webpages.index.login.pvp2", request) %></a>
+ </div>
+
</div>
-
+
</div>
</body>
diff --git a/id/ConfigWebTool/src/main/webapp/js/common.js b/id/ConfigWebTool/src/main/webapp/js/common.js
index 249cb37fa..0b69854da 100644
--- a/id/ConfigWebTool/src/main/webapp/js/common.js
+++ b/id/ConfigWebTool/src/main/webapp/js/common.js
@@ -63,9 +63,64 @@ function oaLegacyService() {
}
}
+function AdminTarget() {
+ if ($('#adminTarget').attr('checked') == 'checked') {
+
+ $('#admin_target_area').css('display', "block");
+
+ } else {
+
+ $('#admin_target_area').css('display', "none");
+
+ }
+}
+function HideAdminTarget() {
+ $('#adminTarget').removeAttr("checked");
+ $('#admin_target_area').css('display', "none");
+}
+function UseUserNamePassword() {
+ if ($('#isusernamepasswordallowed').size() == 0) {
+ $('#usernamepassword_area').css('display', "none");
+ return;
+ }
+
+ if ($('#isusernamepasswordallowed').attr('checked') == 'checked') {
+ if ($('#editUser_user_username').val() == "") {
+ $('#editUser_user_username').removeAttr("disabled");
+ }
+ $('#usernamepassword_area').css('display', "block");
+
+ } else {
+ $('#editUser_user_username').prop("disabled", "disabled");
+ $('#usernamepassword_area').css('display', "none");
+
+ }
+}
+function sendVerificationMail() {
+ $.ajax({
+ xhr: function() {
+ var xhr = new window.XMLHttpRequest();
+ return xhr;
+ },
+ type: "GET",
+ url: "servlet/sendVerificationMail.action",
+ data: "",
+ success: function (msg) {
+ alert(msg);
+ },
+ error: function () {
+ alert('Anfrage konnte nicht gesendet werden!');
+ },
+ });
+}
+function userOnLoad() {
+ UseUserNamePassword();
+ return true;
+}
function oaOnLoad() {
oaBusinessService();
oaSSOService();
oaLegacyService();
+ AdminTarget();
return true;
} \ No newline at end of file
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp
index 2b24f0b89..05f4a1106 100644
--- a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp
+++ b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp
@@ -341,6 +341,9 @@
<br>
<br>
+
+ <s:hidden name="formID"
+ value="%{formID}"></s:hidden>
<div id="button_area">
<s:submit key="webpages.edit.back" action="backGeneralConfig"/>
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp
index 60f253222..68d47d6b8 100644
--- a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp
+++ b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp
@@ -71,102 +71,177 @@
<div id="oa_config_businessservice" class="oa_config_block">
<h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.business.header", request) %></h3>
- <s:textfield name="generalOA.identificationNumber"
+<%-- <s:select list="generalOA.identificationTypeList"
+ key="webpages.oaconfig.general.business.type"
+ labelposition="left"
+ cssClass="selectfield"
+ value="%{generalOA.identificationType}"
+ name="generalOA.identificationType">
+ </s:select> --%>
+
+ <s:select list="generalOA.identificationTypeList"
+ key="webpages.oaconfig.general.business.value"
+ labelposition="left"
+ cssClass="selectfield"
+ value="%{generalOA.identificationType}"
+ name="generalOA.identificationType">
+ </s:select>
+
+<%-- <s:textfield name="generalOA.identificationNumber"
value="%{generalOA.identificationNumber}"
labelposition="left"
key="webpages.oaconfig.general.business.value"
- cssClass="textfield_long">
+ cssClass="selectfield">
+ </s:textfield> --%>
+
+ <s:textfield name="generalOA.identificationNumber"
+ value="%{generalOA.identificationNumber}"
+ cssClass="textfield_middle">
</s:textfield>
</div>
<div id="oa_config_publicservice" class="oa_config_block">
<h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.public.header", request) %></h3>
- <s:textfield name="generalOA.target"
- value="%{generalOA.target}"
- labelposition="left"
- key="webpages.oaconfig.general.target"
- cssClass="textfield_short">
- </s:textfield>
-
- <s:textfield name="generalOA.targetFriendlyName"
- value="%{generalOA.targetFriendlyName}"
- labelposition="left"
- key="webpages.oaconfig.general.target.friendlyname"
- cssClass="textfield_long">
- </s:textfield>
- </div>
-
- <div class="oa_config_block">
- <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.bku.header", request) %></h3>
+ <s:if test="authUser.isAdmin()">
+ <s:select list="generalOA.targetList"
+ key="webpages.oaconfig.general.target"
+ labelposition="left"
+ cssClass="selectfield"
+ value="%{generalOA.target}"
+ name="generalOA.target"
+ onchange="HideAdminTarget();">
+ </s:select>
+ </s:if>
+ <s:else>
+ <s:select list="generalOA.targetList"
+ key="webpages.oaconfig.general.target"
+ labelposition="left"
+ cssClass="selectfield"
+ value="%{generalOA.target}"
+ name="generalOA.target">
+ </s:select>
+ </s:else>
- <s:textfield name="generalOA.bkuOnlineURL"
- value="%{generalOA.bkuOnlineURL}"
+ <s:textfield name="generalOA.target_subsector"
+ value="%{generalOA.target_subsector}"
labelposition="left"
- key="webpages.oaconfig.general.bku.online"
- cssClass="textfield_long">
+ key="webpages.oaconfig.general.target.subsector"
+ cssClass="selectfield">
</s:textfield>
+
+
+ <s:if test="authUser.isAdmin()">
+ <s:checkbox
+ name="generalOA.AdminTarget"
+ value="%{generalOA.AdminTarget}"
+ cssClass="checkbox"
+ onclick="AdminTarget();"
+ labelposition="left"
+ key="webpages.oaconfig.general.target.admin.checkbox"
+ id="adminTarget">
+ </s:checkbox>
+
+ <div id="admin_target_area">
+ <s:textfield name="generalOA.target_admin"
+ value="%{generalOA.target_admin}"
+ labelposition="left"
+ key="webpages.oaconfig.general.target.admin"
+ cssClass="textfield_short">
+ </s:textfield>
+ <s:textfield name="generalOA.targetFriendlyName"
+ value="%{generalOA.targetFriendlyName}"
+ labelposition="left"
+ key="webpages.oaconfig.general.target.friendlyname"
+ cssClass="textfield_long">
+ </s:textfield>
+ </div>
+ </s:if>
+ <s:else>
+ <s:if test="generalOA.target_admin neq null">
+ <s:textfield name="generalOA.target_admin"
+ value="%{generalOA.target_admin}"
+ labelposition="left"
+ key="webpages.oaconfig.general.target.admin.disabled"
+ cssClass="textfield_short"
+ disabled="true">
+ </s:textfield>
+ </s:if>
+<%-- <s:if test="generalOA.targetFriendlyName neq null">
+ <s:textfield name="generalOA.targetFriendlyName"
+ value="%{generalOA.targetFriendlyName}"
+ labelposition="left"
+ key="webpages.oaconfig.general.target.friendlyname.disabled"
+ cssClass="textfield_long">
+ </s:textfield>
+ </s:if> --%>
+ </s:else>
- <s:textfield name="generalOA.bkuHandyURL"
- value="%{generalOA.bkuHandyURL}"
- labelposition="left"
- key="webpages.oaconfig.general.bku.handy"
- cssClass="textfield_long">
- </s:textfield>
- <s:textfield name="generalOA.bkuLocalURL"
- value="%{generalOA.bkuLocalURL}"
- labelposition="left"
- key="webpages.oaconfig.general.bku.local"
- cssClass="textfield_long">
- </s:textfield>
-
- <s:if test="authUser.isAdmin()">
- <s:textfield name="generalOA.slVersion"
- value="%{generalOA.slVersion}"
+ </div>
+
+ <s:if test="authUser.isAdmin()">
+ <div class="oa_config_block">
+ <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.bku.header", request) %></h3>
+
+ <s:textfield name="generalOA.bkuOnlineURL"
+ value="%{generalOA.bkuOnlineURL}"
labelposition="left"
- key="webpages.oaconfig.general.bku.slversion"
+ key="webpages.oaconfig.general.bku.online"
cssClass="textfield_long">
</s:textfield>
- </s:if>
- <s:radio list="generalOA.keyBoxIdentifierList"
- name="generalOA.keyBoxIdentifier"
- value="%{generalOA.keyBoxIdentifier}"
- labelposition="left"
- key="webpages.oaconfig.general.bku.keyboxidentifier"
- cssClass="radio">
- </s:radio>
- <s:checkbox name="generalOA.legacy"
- value="%{generalOA.legacy}"
- labelposition="left"
- key="webpages.oaconfig.general.bku.legacy"
- cssClass="checkbox"
- onclick="oaLegacyService();"
- id="OAislegacy">
- </s:checkbox>
- <div id="oa_config_sltemplates">
- <s:textfield name="generalOA.SLTemplateURL1"
- value="%{generalOA.SLTemplateURL1}"
+
+ <s:textfield name="generalOA.bkuHandyURL"
+ value="%{generalOA.bkuHandyURL}"
labelposition="left"
- key="webpages.oaconfig.general.bku.sltemplate.first"
+ key="webpages.oaconfig.general.bku.handy"
cssClass="textfield_long">
</s:textfield>
- <s:textfield name="generalOA.SLTemplateURL2"
- value="%{generalOA.SLTemplateURL2}"
+
+ <s:textfield name="generalOA.bkuLocalURL"
+ value="%{generalOA.bkuLocalURL}"
labelposition="left"
- key="webpages.oaconfig.general.bku.sltemplate.second"
+ key="webpages.oaconfig.general.bku.local"
cssClass="textfield_long">
</s:textfield>
- <s:textfield name="generalOA.SLTemplateURL3"
- value="%{generalOA.SLTemplateURL3}"
+
+ <s:radio list="generalOA.keyBoxIdentifierList"
+ name="generalOA.keyBoxIdentifier"
+ value="%{generalOA.keyBoxIdentifier}"
labelposition="left"
- key="webpages.oaconfig.general.bku.sltemplate.third"
- cssClass="textfield_long">
- </s:textfield>
+ key="webpages.oaconfig.general.bku.keyboxidentifier"
+ cssClass="radio">
+ </s:radio>
+ <s:checkbox name="generalOA.legacy"
+ value="%{generalOA.legacy}"
+ labelposition="left"
+ key="webpages.oaconfig.general.bku.legacy"
+ cssClass="checkbox"
+ onclick="oaLegacyService();"
+ id="OAislegacy">
+ </s:checkbox>
+ <div id="oa_config_sltemplates">
+ <s:textfield name="generalOA.SLTemplateURL1"
+ value="%{generalOA.SLTemplateURL1}"
+ labelposition="left"
+ key="webpages.oaconfig.general.bku.sltemplate.first"
+ cssClass="textfield_long">
+ </s:textfield>
+ <s:textfield name="generalOA.SLTemplateURL2"
+ value="%{generalOA.SLTemplateURL2}"
+ labelposition="left"
+ key="webpages.oaconfig.general.bku.sltemplate.second"
+ cssClass="textfield_long">
+ </s:textfield>
+ <s:textfield name="generalOA.SLTemplateURL3"
+ value="%{generalOA.SLTemplateURL3}"
+ labelposition="left"
+ key="webpages.oaconfig.general.bku.sltemplate.third"
+ cssClass="textfield_long">
+ </s:textfield>
+ </div>
</div>
-
-
- </div>
+ </s:if>
<div class="oa_config_block">
<h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.mandate.header", request) %></h3>
@@ -300,38 +375,33 @@
<div class="oa_config_block">
<h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.aditional.header", request) %></h3>
- <s:checkbox name="generalOA.useIFrame"
- value="%{generalOA.useIFrame}"
- labelposition="left"
- key="webpages.oaconfig.general.aditional.iframe"
- cssClass="checkbox">
- </s:checkbox>
-
- <s:checkbox name="generalOA.useUTC"
- value="%{generalOA.useUTC}"
- labelposition="left"
- key="webpages.oaconfig.general.aditional.useUTC"
- cssClass="checkbox">
- </s:checkbox>
-
<%-- <s:checkbox name="generalOA.calculateHPI"
value="%{generalOA.calculateHPI}"
labelposition="left"
key="webpages.oaconfig.general.aditional.calculateHPI"
cssClass="textfield_long">
</s:checkbox> --%>
-
- <s:textarea name="generalOA.aditionalAuthBlockText"
- value="%{generalOA.aditionalAuthBlockText}"
+
+ <s:checkbox name="generalOA.HideBPKAuthBlock"
+ value="%{generalOA.HideBPKAuthBlock}"
labelposition="left"
- key="webpages.oaconfig.general.aditional.authblocktext"
- cssClass="textfield_large">
- </s:textarea>
+ key="webpages.oaconfig.general.isHideBPKAuthBlock"
+ cssClass="checkbox">
+ </s:checkbox>
+ <s:if test="authUser.isAdmin()">
+ <s:textarea name="generalOA.aditionalAuthBlockText"
+ value="%{generalOA.aditionalAuthBlockText}"
+ labelposition="left"
+ key="webpages.oaconfig.general.aditional.authblocktext"
+ cssClass="textfield_large">
+ </s:textarea>
+ </s:if>
+
</div>
-<%-- <s:hidden name="generalOA.dbID"
- value="%{generalOA.dbID}"></s:hidden> --%>
+ <s:hidden name="formID"
+ value="%{formID}"></s:hidden>
<div id="button_area">
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/edituser.jsp b/id/ConfigWebTool/src/main/webapp/jsp/edituser.jsp
index 067bcd57d..994389de3 100644
--- a/id/ConfigWebTool/src/main/webapp/jsp/edituser.jsp
+++ b/id/ConfigWebTool/src/main/webapp/jsp/edituser.jsp
@@ -6,20 +6,29 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
+ <title><%=LanguageHelper.getGUIString("title", request) %></title>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
+
<link rel="stylesheet" type="text/css" href="../css/index.css">
- <title><%=LanguageHelper.getGUIString("title", request) %></title>
<script type="text/javascript" src="../js/common.js"></script>
<script src="../js/jquery.js"></script>
</head>
- <body>
+ <body onload="userOnLoad();">
<jsp:include page="snippets/header_userinfos.jsp"></jsp:include>
-
+
<jsp:include page="snippets/main_menu.jsp"></jsp:include>
<div id="information_area">
+
+ <s:if test="hasActionMessages()">
+ <div id="error_area">
+ <label><%=LanguageHelper.getGUIString("error.title", request) %></label>
+ <s:actionmessage/>
+ </div>
+ </s:if>
+
<s:if test="hasActionErrors()">
<div id="error_area">
<label><%=LanguageHelper.getGUIString("error.title", request) %></label>
@@ -28,118 +37,26 @@
</s:if>
<div id="list_area">
-
+
<s:form namespace="/secure" method="POST" enctype="multipart/form-data">
-
- <div class="oa_config_block">
- <h3><%=LanguageHelper.getGUIString("webpages.edituser.header", request) %></h3>
- <s:textfield name="user.givenName"
- value="%{user.givenName}"
- labelposition="left"
- key="webpages.edituser.givenname"
- cssClass="textfield_long">
- </s:textfield>
- <s:textfield name="user.familyName"
- value="%{user.familyName}"
- labelposition="left"
- key="webpages.edituser.familyName"
- cssClass="textfield_long">
- </s:textfield>
- <s:textfield name="user.institut"
- value="%{user.institut}"
- labelposition="left"
- key="webpages.edituser.institut"
- cssClass="textfield_long">
- </s:textfield>
- <s:textfield name="user.mail"
- value="%{user.mail}"
- labelposition="left"
- key="webpages.edituser.mail"
- cssClass="textfield_long">
- </s:textfield>
- <s:textfield name="user.phone"
- value="%{user.phone}"
- labelposition="left"
- key="webpages.edituser.phone"
- cssClass="textfield_long">
- </s:textfield>
- </div>
+ <jsp:include page="snippets/userfields.jsp"></jsp:include>
- <div class="oa_config_block">
- <h3><%=LanguageHelper.getGUIString("webpages.edituser.access.header", request) %></h3>
- <s:if test="isNewUser()">
- <s:textfield name="user.username"
- value="%{user.username}"
- labelposition="left"
- key="webpages.edituser.username"
- cssClass="textfield_long"
- maxlength="16">
- </s:textfield>
- </s:if>
- <s:else>
- <s:textfield name="user.username"
- value="%{user.username}"
- labelposition="left"
- key="webpages.edituser.username"
- cssClass="textfield_long"
- disabled="true"
- maxlength="16">
- </s:textfield>
- </s:else>
-
- <s:password name="user.password"
- labelposition="left"
- key="webpages.edituser.password"
- cssClass="textfield_long"
- maxlength="16">
- </s:password>
-
- <s:password name="user.password_second"
- labelposition="left"
- key="webpages.edituser.password_second"
- cssClass="textfield_long"
- maxlength="16">
- </s:password>
-
- <s:textfield name="user.bpk"
- value="%{user.bpk}"
- labelposition="left"
- key="webpages.edituser.bpk"
- cssClass="textfield_long">
- </s:textfield>
- </div>
-
- <s:if test="authUser.isAdmin()">
- <div class="oa_config_block">
- <h3><%=LanguageHelper.getGUIString("webpages.edituser.role.header", request) %></h3>
- <s:checkbox name="user.active"
- value="%{user.active}"
- labelposition="left"
- key="webpages.edituser.active"
- cssClass="checkbox">
- </s:checkbox>
- <s:checkbox name="user.admin"
- value="%{user.admin}"
- labelposition="left"
- key="webpages.edituser.admin"
- cssClass="checkbox">
- </s:checkbox>
- </div>
- </s:if>
-
- <s:hidden name="user.userID" value="%{user.userID}"></s:hidden>
+ <s:hidden name="formID" value="%{formID}"></s:hidden>
<div id="button_area">
<s:if test="authUser.isAdmin()">
- <s:submit key="webpages.edit.back" action="usermanagementInit"/>
- </s:if>
+ <s:submit key="webpages.edit.back" action="%{nextPage}"/>
+ </s:if>
+
<s:submit key="webpages.edit.save" action="saveUser"/>
- <s:if test="!isNewUser()">
- <s:submit key="webpages.edit.delete.user" action="deleteUser"/>
+ <s:if test="!isNewUser()">
+ <s:submit key="webpages.edit.delete.user" action="deleteUser"/>
</s:if>
- </div>
+ </div>
+
</s:form>
+
</div>
</div>
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/importexport.jsp b/id/ConfigWebTool/src/main/webapp/jsp/importexport.jsp
index b28bc5f57..c619e64b1 100644
--- a/id/ConfigWebTool/src/main/webapp/jsp/importexport.jsp
+++ b/id/ConfigWebTool/src/main/webapp/jsp/importexport.jsp
@@ -42,6 +42,8 @@
<h3><%=LanguageHelper.getGUIString("webpages.inportexport.legacyimport.header", request) %></h3>
<s:file name="fileUpload" key="webpages.inportexport.legacyimport.upload" cssClass="textfield_long"></s:file>
+ <s:hidden name="formID" value="%{formID}"></s:hidden>
+
<div id="button_area">
<%-- <s:submit key="webpages.edit.back" action="main"/> --%>
<s:submit key="webpages.edit.import" action="importlegacy"/>
@@ -57,6 +59,8 @@
<h3><%=LanguageHelper.getGUIString("webpages.inportexport.import.header", request) %></h3>
<s:file name="fileUpload" key="webpages.inportexport.import.upload" cssClass="textfield_long"></s:file>
+ <s:hidden name="formID" value="%{formID}"></s:hidden>
+
<div id="button_area">
<s:submit key="webpages.edit.import" action="importConfig"/>
<s:submit key="webpages.edit.export" action="exportConfig"/>
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/mainpage.jsp b/id/ConfigWebTool/src/main/webapp/jsp/mainpage.jsp
index b700970cc..c9f1e00f6 100644
--- a/id/ConfigWebTool/src/main/webapp/jsp/mainpage.jsp
+++ b/id/ConfigWebTool/src/main/webapp/jsp/mainpage.jsp
@@ -25,6 +25,14 @@
<s:actionmessage/>
</div>
</s:if>
+
+ <s:if test="hasActionErrors()">
+ <div id="error_area">
+ <label><%=LanguageHelper.getGUIString("error.title", request) %></label>
+ <s:actionerror/>
+ </div>
+ </s:if>
+
<p>Im Menü auf der rechten Seite können Sie die einzelnen Operationen wählen.</p>
</div>
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/newUserRequest.jsp b/id/ConfigWebTool/src/main/webapp/jsp/newUserRequest.jsp
new file mode 100644
index 000000000..9995f9f31
--- /dev/null
+++ b/id/ConfigWebTool/src/main/webapp/jsp/newUserRequest.jsp
@@ -0,0 +1,57 @@
+<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%>
+
+<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
+<%@ taglib prefix="s" uri="/struts-tags" %>
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+ <head>
+ <title><%=LanguageHelper.getGUIString("title", request) %></title>
+ <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
+
+ <link rel="stylesheet" type="text/css" href="./css/index.css">
+ <script type="text/javascript" src="./js/common.js"></script>
+ <script src="./js/jquery.js"></script>
+ </head>
+
+ <body>
+
+ <jsp:include page="snippets/header_userinfos.jsp"></jsp:include>
+
+ <div id="information_area">
+
+ <s:if test="!authUser.isAuthenticated()">
+ <p>Füllen sie die nachstehenden Felder aus um einen neuen Benutzer zu beantraten.</p>
+ <p>Danach erhalten sie eine Mail zur Verifzierung Ihrer Mailadresse.
+ Nach Bestätiung dieser Verifikationsmail wird der Administrator über Ihre Anfrage informiert.
+ Die Freischaltung kann somit eine gewisse Zeit in Anspruch nehmen. </p>
+
+ </s:if>
+
+ <s:if test="hasActionErrors()">
+ <div id="error_area">
+ <label><%=LanguageHelper.getGUIString("error.title", request) %></label>
+ <s:actionerror/>
+ </div>
+ </s:if>
+
+ <div id="list_area">
+
+ <s:form namespace="/" method="POST" enctype="multipart/form-data">
+ <jsp:include page="snippets/userfields.jsp"></jsp:include>
+
+ <s:hidden name="formID" value="%{formID}"></s:hidden>
+
+ <div id="button_area">
+ <s:submit key="webpages.edit.newUser" action="requestNewUser"/>
+ </div>
+
+ </s:form>
+
+ </div>
+ </div>
+
+ <jsp:include page="snippets/footer.jsp"></jsp:include>
+
+ </body>
+</html> \ No newline at end of file
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/openadminrequests.jsp b/id/ConfigWebTool/src/main/webapp/jsp/openadminrequests.jsp
new file mode 100644
index 000000000..954bf9b8b
--- /dev/null
+++ b/id/ConfigWebTool/src/main/webapp/jsp/openadminrequests.jsp
@@ -0,0 +1,51 @@
+<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%>
+
+<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
+<%@ taglib prefix="s" uri="/struts-tags" %>
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+ <head>
+ <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
+ <link rel="stylesheet" type="text/css" href="../css/index.css">
+ <title><%=LanguageHelper.getGUIString("title", request) %></title>
+ <script type="text/javascript" src="../js/common.js"></script>
+ <script src="../js/jquery.js"></script>
+ </head>
+
+ <body>
+
+ <jsp:include page="snippets/header_userinfos.jsp"></jsp:include>
+
+ <jsp:include page="snippets/main_menu.jsp"></jsp:include>
+
+ <div id="information_area">
+ <s:if test="hasActionErrors()">
+ <div id="error_area">
+ <label><%=LanguageHelper.getGUIString("error.title", request) %></label>
+ <s:actionerror/>
+ </div>
+ </s:if>
+
+ <h2><%=LanguageHelper.getGUIString("webpages.openadminrequests.header", request) %></h2>
+
+ <s:if test="authUser.isAdmin()">
+
+ <div class="oa_config_block">
+ <h3><%=LanguageHelper.getGUIString("webpages.openadminrequests.users.header", request) %></h3>
+ <jsp:include page="snippets/user_list.jsp"></jsp:include>
+ </div>
+
+ <div class="oa_config_block">
+ <h3><%=LanguageHelper.getGUIString("webpages.openadminrequests.oas.header", request) %></h3>
+ <jsp:include page="snippets/oas_list.jsp"></jsp:include>
+ </div>
+
+ </s:if>
+
+ </div>
+
+ <jsp:include page="snippets/footer.jsp"></jsp:include>
+
+ </body>
+</html> \ No newline at end of file
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/header_userinfos.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/header_userinfos.jsp
index 72affde79..e9192b46e 100644
--- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/header_userinfos.jsp
+++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/header_userinfos.jsp
@@ -5,9 +5,14 @@
<html>
<div id="header_area">
<!-- <div> -->
- <%=LanguageHelper.getGUIString("webpages.header.info", request) %>
- <s:property value="authUser.givenName"/> <s:property value="authUser.familyName"/>,&nbsp;&nbsp;&nbsp;
- <%=LanguageHelper.getGUIString("webpages.header.lastlogin", request) %> <s:property value="authUser.lastLogin"/>
+ <%=LanguageHelper.getGUIString("webpages.header.info", request) %>
+ <s:if test="authUser.isMandateUser()">
+ <s:property value="authUser.institute"/>
+ </s:if>
+ <s:else>
+ <s:property value="authUser.givenName"/> <s:property value="authUser.familyName"/>,&nbsp;&nbsp;&nbsp;
+ </s:else>
+ <%=LanguageHelper.getGUIString("webpages.header.lastlogin", request) %> <s:property value="authUser.getFormatedLastLogin()"/>
<s:url action="logout" var="logoutURL" namespace="/"/>
<a id="logoutbutton" href="<s:property value="#logoutURL" />"><%=LanguageHelper.getGUIString("webpages.index.logout", request) %></a>
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/main_menu.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/main_menu.jsp
index 26b12cdcb..4d02f4bda 100644
--- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/main_menu.jsp
+++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/main_menu.jsp
@@ -32,11 +32,13 @@
<s:url action="usermanagementInit" var="userManagementUrl" namespace="/secure"/>
<a href="<s:property value="#userManagementUrl" />"><%=LanguageHelper.getGUIString("webpages.mainpage.menu.general.usermanagement", request) %></a>
</div>
-
-<%-- <div class="menu_element">
- <a href=""><%=LanguageHelper.getGUIString("webpages.mainpage.menu.general.user", request) %></a>
- </div> --%>
+ <s:if test="authUser.isAdmin()">
+ <div class="menu_element">
+ <s:url action="adminRequestsInit" var="adminRequestsUrl" namespace="/secure"/>
+ <a href="<s:property value="#adminRequestsUrl" />"><%=LanguageHelper.getGUIString("webpages.mainpage.menu.general.adminrequests", request) %></a>
+ </div>
+ </s:if>
</div>
</html> \ No newline at end of file
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/user_list.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/user_list.jsp
index c5b67cbac..a1e8530af 100644
--- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/user_list.jsp
+++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/user_list.jsp
@@ -4,7 +4,6 @@
<html>
<s:if test="userlist && userlist.size > 0">
- <h3><%=LanguageHelper.getGUIString("webpages.listUsers.list.header", request) %></h3>
<div id="list_area">
<div id="listHeader" class="listElement">
<div class="userListFirst">
@@ -21,12 +20,22 @@
<s:iterator var="UserElement" value="userlist">
<div class="listElement" onclick="userOA(<s:property value='userID'/>);">
- <div class="userListFirst">
- <s:property value="givenName"/>
- </div>
- <div class="userListSecond">
- <s:property value="familyName"/>
- </div>
+ <s:if test="isMandateUser()">
+ <div class="userListFirstSecond">
+ <s:property value="institute"/>
+ </div>
+<!-- <div class="userListSecond">
+
+ </div>
+ --> </s:if>
+ <s:else>
+ <div class="userListFirst">
+ <s:property value="familyName"/>
+ </div>
+ <div class="userListSecond">
+ <s:property value="givenName"/>
+ </div>
+ </s:else>
<div class="userListThird">
<s:property value="userName"/>
</div>
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/userfields.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/userfields.jsp
new file mode 100644
index 000000000..7d28a9236
--- /dev/null
+++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/userfields.jsp
@@ -0,0 +1,144 @@
+<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%>
+<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
+<%@ taglib prefix="s" uri="/struts-tags" %>
+
+<html>
+ <div class="oa_config_block">
+ <h3><%=LanguageHelper.getGUIString("webpages.edituser.header", request) %></h3>
+
+ <s:if test="!user.isIsmandateuser()">
+ <s:textfield name="user.givenName"
+ value="%{user.givenName}"
+ labelposition="left"
+ key="webpages.edituser.givenname"
+ cssClass="textfield_long"
+ disabled="%{user.isPVPGenerated()}">
+ </s:textfield>
+ <s:textfield name="user.familyName"
+ value="%{user.familyName}"
+ labelposition="left"
+ key="webpages.edituser.familyName"
+ cssClass="textfield_long"
+ disabled="%{user.isPVPGenerated()}">
+ </s:textfield>
+ </s:if>
+ <s:textfield name="user.institut"
+ value="%{user.institut}"
+ labelposition="left"
+ key="webpages.edituser.institut"
+ cssClass="textfield_long"
+ disabled="%{user.isPVPGenerated() && user.isIsmandateuser()}">
+ </s:textfield>
+
+ <s:if test="authUser.isAuthenticated()">
+ <div id="mail_area">
+ <s:textfield name="user.mail"
+ value="%{user.mail}"
+ labelposition="left"
+ key="webpages.edituser.mail"
+ cssClass="textfield_mail">
+ </s:textfield>
+ <input type="button"
+ onclick="sendVerificationMail();"
+ value='<%=LanguageHelper.getGUIString("webpages.edituser.verify.mail.button", request) %>'
+ />
+ </div>
+ </s:if>
+ <s:else>
+ <s:textfield name="user.mail"
+ value="%{user.mail}"
+ labelposition="left"
+ key="webpages.edituser.mail"
+ cssClass="textfield_long">
+ </s:textfield>
+ </s:else>
+
+
+ <s:textfield name="user.phone"
+ value="%{user.phone}"
+ labelposition="left"
+ key="webpages.edituser.phone"
+ cssClass="textfield_long">
+ </s:textfield>
+ </div>
+
+ <div class="oa_config_block">
+ <h3><%=LanguageHelper.getGUIString("webpages.edituser.access.header", request) %></h3>
+
+ <div id="usernamepassword_area">
+<%-- <s:if test="user.isIsusernamepasswordallowed()"> --%>
+ <s:if test="isNewUser()">
+ <s:textfield name="user.username"
+ value="%{user.username}"
+ labelposition="left"
+ key="webpages.edituser.username"
+ cssClass="textfield_long"
+ maxlength="16">
+ </s:textfield>
+ </s:if>
+ <s:else>
+ <s:textfield name="user.username"
+ value="%{user.username}"
+ labelposition="left"
+ key="webpages.edituser.username"
+ cssClass="textfield_long"
+ disabled="true"
+ maxlength="16">
+ </s:textfield>
+ </s:else>
+
+ <s:password name="user.password"
+ labelposition="left"
+ key="webpages.edituser.password"
+ cssClass="textfield_long"
+ maxlength="16">
+ </s:password>
+
+ <s:password name="user.password_second"
+ labelposition="left"
+ key="webpages.edituser.password_second"
+ cssClass="textfield_long"
+ maxlength="16">
+ </s:password>
+ <%-- </s:if> --%>
+ </div>
+
+ <s:textfield name="user.bpk"
+ value="%{user.bpk}"
+ labelposition="left"
+ key="webpages.edituser.bpk"
+ cssClass="textfield_long"
+ disabled="%{user.isPVPGenerated()}">
+ </s:textfield>
+ </div>
+
+ <s:if test="authUser.isAdmin() || user.isIsusernamepasswordallowed()">
+ <div class="oa_config_block">
+ <h3><%=LanguageHelper.getGUIString("webpages.edituser.role.header", request) %></h3>
+ <s:if test="authUser.isAdmin()">
+ <s:checkbox name="user.active"
+ value="%{user.active}"
+ labelposition="left"
+ key="webpages.edituser.active"
+ cssClass="checkbox">
+ </s:checkbox>
+ <s:checkbox name="user.admin"
+ value="%{user.admin}"
+ labelposition="left"
+ key="webpages.edituser.admin"
+ cssClass="checkbox">
+ </s:checkbox>
+ </s:if>
+ <s:checkbox name="user.isusernamepasswordallowed"
+ value="%{user.isusernamepasswordallowed}"
+ labelposition="left"
+ key="webpages.edituser.isusernamepasswordallowed"
+ cssClass="checkbox"
+ id="isusernamepasswordallowed"
+ onclick="UseUserNamePassword();">
+ </s:checkbox>
+ </div>
+ </s:if>
+
+ <s:hidden name="user.userID" value="%{user.userID}"></s:hidden>
+</html> \ No newline at end of file
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/usermanagement.jsp b/id/ConfigWebTool/src/main/webapp/jsp/usermanagement.jsp
index a29780cff..1d5d4ac12 100644
--- a/id/ConfigWebTool/src/main/webapp/jsp/usermanagement.jsp
+++ b/id/ConfigWebTool/src/main/webapp/jsp/usermanagement.jsp
@@ -30,7 +30,8 @@
<h2><%=LanguageHelper.getGUIString("webpages.usermanagement.header", request) %></h2>
<s:if test="authUser.isAdmin()">
-
+
+ <h3><%=LanguageHelper.getGUIString("webpages.listUsers.list.header", request) %></h3>
<jsp:include page="snippets/user_list.jsp"></jsp:include>
<div id="list_area">