diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2016-02-25 15:45:00 +0100 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2016-02-25 15:45:00 +0100 |
commit | c5fb48eb80fc9194983041909961ac3873f7653f (patch) | |
tree | 01e2f699d9ff379dc571dc95329c1226868fe164 /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor | |
parent | 3eabe96b7e8ba03c9c6d3a17f80022436b40f45d (diff) | |
download | moa-id-spss-c5fb48eb80fc9194983041909961ac3873f7653f.tar.gz moa-id-spss-c5fb48eb80fc9194983041909961ac3873f7653f.tar.bz2 moa-id-spss-c5fb48eb80fc9194983041909961ac3873f7653f.zip |
Update GUI components
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java index c5a9ad34b..ce384d1a0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java @@ -50,7 +50,7 @@ public class WebFrontEndSecurityInterceptor implements HandlerInterceptor { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { - + //only for SAML1 GetAuthenticationData webService functionality String requestedServlet = request.getServletPath(); if (MiscUtil.isNotEmpty(requestedServlet) && requestedServlet.startsWith("/services/GetAuthenticationData")) { @@ -61,7 +61,9 @@ public class WebFrontEndSecurityInterceptor implements HandlerInterceptor { //check AuthURL String authURL = HTTPUtils.extractAuthURLFromRequest(request); - if (!authURL.startsWith("https:") && !authConfig.isHTTPAuthAllowed()) { + if (!authURL.startsWith("https:") && !authConfig.isHTTPAuthAllowed() && + !authConfig.getPublicURLPrefix().contains(authURL)) { + Logger.info("Receive request, which is not in IDP URL-Prefix whitelist."); String errorMsg = MOAIDMessageProvider.getInstance().getMessage("auth.07", new Object[] { authURL + "*" }); Logger.info(errorMsg); response.sendError( |