- Update Parameterüberprüfung

- Update MOA-Template zur Bürgerkartenauswahl
- Änderung der Konfiguration für:
	- Angabe einer Liste von vertrauenswürdigen BKUs (aufgrund Parameterprüfung)
- Fixed Bug #552 (http://egovlabs.gv.at/tracker/index.php?func=detail&aid=552&group_id=6&atid=105)
- Fixed Bug #551 (http://egovlabs.gv.at/tracker/index.php?func=detail&aid=551&group_id=6&atid=105)
- Fixed Bug #550 (http://egovlabs.gv.at/tracker/index.php?func=detail&aid=550&group_id=6&atid=105)


git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1198 d688527b-c9ab-4aba-bd8d-4036d912da1d

1 files changed, 15 insertions, 1 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
index 1b96ce8a4..76c5476ae 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
@@ -17,12 +17,14 @@ import javax.xml.parsers.ParserConfigurationException;
 

 import org.apache.axis.encoding.Base64;

 import org.apache.commons.fileupload.FileUploadException;

+import org.apache.commons.lang.StringEscapeUtils;

 import org.w3c.dom.Document;

 import org.w3c.dom.Element;

 import org.w3c.dom.Text;

 

 import at.gv.egovernment.moa.id.MOAIDException;

 import at.gv.egovernment.moa.id.auth.AuthenticationServer;

+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;

 import at.gv.egovernment.moa.id.auth.WrongParametersException;

 import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;

 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;

@@ -64,7 +66,10 @@ public class VerifyCertificateServlet extends AuthServlet {
     	

 		Logger.debug("GET VerifyCertificateServlet");

 		

-		

+		resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);

+		resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);

+		resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);

+		resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);

   }

 

   /**

@@ -84,6 +89,11 @@ public class VerifyCertificateServlet extends AuthServlet {
 

 		Logger.debug("POST VerifyCertificateServlet");

 		

+		resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);

+		resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);

+		resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);

+		resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);

+		

 		Map parameters;

 	    try 

 	    {

@@ -94,6 +104,10 @@ public class VerifyCertificateServlet extends AuthServlet {
 	      throw new IOException(e.getMessage());

 	     	}

 	    String sessionID = req.getParameter(PARAM_SESSIONID);

+	    

+	    // escape parameter strings

+		sessionID = StringEscapeUtils.escapeHtml(sessionID);

+		

 	    AuthenticationSession session = null;

 	    try {

 	       // check parameter