diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2016-01-19 16:07:21 +0100 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2016-01-19 16:07:21 +0100 |
commit | a6bdd89c393ca777b484ab2385975db740096c56 (patch) | |
tree | 0c2d85e6723a263473c1d1239f1c89396e100c8a /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java | |
parent | d2c8d36103e1a31775aa386a88badc295ae955de (diff) | |
download | moa-id-spss-a6bdd89c393ca777b484ab2385975db740096c56.tar.gz moa-id-spss-a6bdd89c393ca777b484ab2385975db740096c56.tar.bz2 moa-id-spss-a6bdd89c393ca777b484ab2385975db740096c56.zip |
update PVP Single LogOut request/response signature validation
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java index b7148a318..fe5cd1ac0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java @@ -63,6 +63,23 @@ public class IDPSingleLogOutServlet extends AuthServlet { protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { Logger.debug("receive IDP SingleLogOut Request"); + + String authURL = HTTPUtils.extractAuthURLFromRequest(req); + try { + if (!AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix().contains(authURL)) { + Logger.warn("Requested URL " + authURL + " is not in PublicPrefix Configuration"); + resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Request not allowed"); + return; + + } + + } catch (MOAIDException e) { + Logger.error("Internal Server Error.", e); + resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Internal Server Error"); + return; + + } + SSOManager ssomanager = SSOManager.getInstance(); String ssoid = ssomanager.getSSOSessionID(req); @@ -110,7 +127,7 @@ public class IDPSingleLogOutServlet extends AuthServlet { AuthenticationSession authSession = AuthenticationSessionStoreage .getSession(moaSessionID); if(authSession != null) { - authmanager.performSingleLogOut(req, resp, authSession, null); + authmanager.performSingleLogOut(req, resp, authSession, authURL); return; } |