diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2018-05-16 09:29:09 +0200 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2018-05-16 09:29:09 +0200 |
commit | c61850c5607d066a3c322794c1220f26b31103a0 (patch) | |
tree | 8e91dbb441f5af6879c4314b38159b7ed9b4add4 /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls | |
parent | 44bce0049b598604cc1a30f419e936c6b5fc59cf (diff) | |
download | moa-id-spss-c61850c5607d066a3c322794c1220f26b31103a0.tar.gz moa-id-spss-c61850c5607d066a3c322794c1220f26b31103a0.tar.bz2 moa-id-spss-c61850c5607d066a3c322794c1220f26b31103a0.zip |
add initial version of Security-Layer 2.0 Authentication module
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index 7f183c5eb..a24683545 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -92,6 +92,7 @@ import at.gv.egovernment.moa.util.MiscUtil; public class AuthenticationManager extends MOAIDAuthConstants { private static List<String> reqParameterWhiteListeForModules = new ArrayList<String>(); + private static List<String> reqHeaderWhiteListeForModules = new ArrayList<String>(); public static final String MOA_SESSION = "MoaAuthenticationSession"; public static final String MOA_AUTHENTICATED = "MoaAuthenticated"; @@ -321,6 +322,16 @@ public class AuthenticationManager extends MOAIDAuthConstants { } + /** + * Add a request header to whitelist. All parameters that are part of the white list are added into {@link ExecutionContext} + * + * @param httpReqParam http header name, but never null + */ + public void addHeaderNameToWhiteList(String httpReqParam) { + if (MiscUtil.isNotEmpty(httpReqParam)) + reqHeaderWhiteListeForModules.add(httpReqParam.toLowerCase()); + + } /** * Checks if a authenticated MOASession already exists and if {protocolRequest} is authenticated @@ -422,6 +433,18 @@ public class AuthenticationManager extends MOAIDAuthConstants { } } + //add additional http request parameter to context + if (!reqHeaderWhiteListeForModules.isEmpty()) { + Enumeration<String> reqHeaderNames = httpReq.getHeaderNames(); + while(reqHeaderNames.hasMoreElements()) { + String paramName = reqHeaderNames.nextElement(); + if (MiscUtil.isNotEmpty(paramName) && reqHeaderWhiteListeForModules.contains(paramName.toLowerCase()) ) { + executionContext.put(paramName, + StringEscapeUtils.escapeHtml(httpReq.getHeader(paramName))); + } + } + } + //start process engine startProcessEngine(pendingReq, executionContext); |