- Update Parameterüberprüfung

- Update MOA-Template zur Bürgerkartenauswahl
- Änderung der Konfiguration für:
	- Angabe einer Liste von vertrauenswürdigen BKUs (aufgrund Parameterprüfung)
- Fixed Bug #552 (http://egovlabs.gv.at/tracker/index.php?func=detail&aid=552&group_id=6&atid=105)
- Fixed Bug #551 (http://egovlabs.gv.at/tracker/index.php?func=detail&aid=551&group_id=6&atid=105)
- Fixed Bug #550 (http://egovlabs.gv.at/tracker/index.php?func=detail&aid=550&group_id=6&atid=105)


git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1198 d688527b-c9ab-4aba-bd8d-4036d912da1d

1 files changed, 22 insertions, 2 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
index 23d4eab20..c83650587 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
@@ -12,11 +12,13 @@ import javax.servlet.http.HttpServletResponse;
 import javax.xml.transform.TransformerException;

 

 import org.apache.commons.fileupload.FileUploadException;

+import org.apache.commons.lang.StringEscapeUtils;

 import org.w3c.dom.Document;

 import org.w3c.dom.Element;

 

 import at.gv.egovernment.moa.id.MOAIDException;

 import at.gv.egovernment.moa.id.auth.AuthenticationServer;

+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;

 import at.gv.egovernment.moa.id.auth.WrongParametersException;

 import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;

 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;

@@ -61,7 +63,12 @@ public class GetForeignIDServlet extends AuthServlet {
     throws ServletException, IOException { 

     	

 		Logger.debug("GET GetForeignIDServlet");

-		

+

+		resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);

+		resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);

+		resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);

+		resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);

+

 		

   }

 

@@ -87,6 +94,11 @@ public class GetForeignIDServlet extends AuthServlet {
 

 		Logger.debug("POST GetForeignIDServlet");

 		

+		resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);

+		resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);

+		resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);

+		resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);

+		

 		Map parameters;

 	    try 

 	    {

@@ -97,16 +109,24 @@ public class GetForeignIDServlet extends AuthServlet {
 	      throw new IOException(e.getMessage());

 	     	}

 	    String sessionID = req.getParameter(PARAM_SESSIONID);

+	    

+	    // escape parameter strings

+	    sessionID = StringEscapeUtils.escapeHtml(sessionID);

+	    

 	    String redirectURL = null;

 	    AuthenticationSession session = null;

 	    try {

+	    	String xmlCreateXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE);

+	    	

           // check parameter

           if (!ParamValidatorUtils.isValidSessionID(sessionID))

              throw new WrongParametersException("GetForeignID", PARAM_SESSIONID, "auth.12");

+          if (!ParamValidatorUtils.isValidXMLDocument(xmlCreateXMLSignatureResponse))

+              throw new WrongParametersException("GetForeignID", PARAM_XMLRESPONSE, "auth.12");

 

 	    	session = AuthenticationServer.getSession(sessionID);

 	    	

-	    	String xmlCreateXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE);

+	    	

 	    	

 	    	Logger.debug(xmlCreateXMLSignatureResponse);