Update GUI components

author: Thomas Lenz <tlenz@iaik.tugraz.at> 2016-02-25 15:45:00 +0100
committer: Thomas Lenz <tlenz@iaik.tugraz.at> 2016-02-25 15:45:00 +0100
commit: c5fb48eb80fc9194983041909961ac3873f7653f (patch)
tree: 01e2f699d9ff379dc571dc95329c1226868fe164 /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor
parent: 3eabe96b7e8ba03c9c6d3a17f80022436b40f45d (diff)
download: moa-id-spss-c5fb48eb80fc9194983041909961ac3873f7653f.tar.gz
moa-id-spss-c5fb48eb80fc9194983041909961ac3873f7653f.tar.bz2
moa-id-spss-c5fb48eb80fc9194983041909961ac3873f7653f.zip
1 files changed, 4 insertions, 2 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
index c5a9ad34b..ce384d1a0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
@@ -50,7 +50,7 @@ public class WebFrontEndSecurityInterceptor implements HandlerInterceptor {
 	@Override
 	public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
 			throws Exception {
-		
+				
 		//only for SAML1 GetAuthenticationData webService functionality
 		String requestedServlet = request.getServletPath();		
 		if (MiscUtil.isNotEmpty(requestedServlet) && requestedServlet.startsWith("/services/GetAuthenticationData")) {
@@ -61,7 +61,9 @@ public class WebFrontEndSecurityInterceptor implements HandlerInterceptor {
 		
 		//check AuthURL
 	    String authURL = HTTPUtils.extractAuthURLFromRequest(request);
-		if (!authURL.startsWith("https:") && !authConfig.isHTTPAuthAllowed()) {
+		if (!authURL.startsWith("https:") && !authConfig.isHTTPAuthAllowed() && 
+				!authConfig.getPublicURLPrefix().contains(authURL)) {
+			Logger.info("Receive request, which is not in IDP URL-Prefix whitelist.");
 			String errorMsg = MOAIDMessageProvider.getInstance().getMessage("auth.07", new Object[] { authURL + "*" });
 			Logger.info(errorMsg);
 			response.sendError(
author	Thomas Lenz <tlenz@iaik.tugraz.at>	2016-02-25 15:45:00 +0100
committer	Thomas Lenz <tlenz@iaik.tugraz.at>	2016-02-25 15:45:00 +0100
commit	c5fb48eb80fc9194983041909961ac3873f7653f (patch)
tree	01e2f699d9ff379dc571dc95329c1226868fe164 /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor
parent	3eabe96b7e8ba03c9c6d3a17f80022436b40f45d (diff)
download	moa-id-spss-c5fb48eb80fc9194983041909961ac3873f7653f.tar.gz moa-id-spss-c5fb48eb80fc9194983041909961ac3873f7653f.tar.bz2 moa-id-spss-c5fb48eb80fc9194983041909961ac3873f7653f.zip