aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2016-02-25 15:45:00 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2016-02-25 15:45:00 +0100
commitc5fb48eb80fc9194983041909961ac3873f7653f (patch)
tree01e2f699d9ff379dc571dc95329c1226868fe164 /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor
parent3eabe96b7e8ba03c9c6d3a17f80022436b40f45d (diff)
downloadmoa-id-spss-c5fb48eb80fc9194983041909961ac3873f7653f.tar.gz
moa-id-spss-c5fb48eb80fc9194983041909961ac3873f7653f.tar.bz2
moa-id-spss-c5fb48eb80fc9194983041909961ac3873f7653f.zip
Update GUI components
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java6
1 files changed, 4 insertions, 2 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
index c5a9ad34b..ce384d1a0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
@@ -50,7 +50,7 @@ public class WebFrontEndSecurityInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
-
+
//only for SAML1 GetAuthenticationData webService functionality
String requestedServlet = request.getServletPath();
if (MiscUtil.isNotEmpty(requestedServlet) && requestedServlet.startsWith("/services/GetAuthenticationData")) {
@@ -61,7 +61,9 @@ public class WebFrontEndSecurityInterceptor implements HandlerInterceptor {
//check AuthURL
String authURL = HTTPUtils.extractAuthURLFromRequest(request);
- if (!authURL.startsWith("https:") && !authConfig.isHTTPAuthAllowed()) {
+ if (!authURL.startsWith("https:") && !authConfig.isHTTPAuthAllowed() &&
+ !authConfig.getPublicURLPrefix().contains(authURL)) {
+ Logger.info("Receive request, which is not in IDP URL-Prefix whitelist.");
String errorMsg = MOAIDMessageProvider.getInstance().getMessage("auth.07", new Object[] { authURL + "*" });
Logger.info(errorMsg);
response.sendError(