aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2017-09-20 12:15:20 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2017-09-20 12:15:20 +0200
commit3c81d3fef06204f2259b6c0377c8a2a00974c614 (patch)
treeaf3f4bf763b113e378bde5a9454023e0ca5c0141 /id/server/idserverlib/src/main/java/at/gv/egovernment/moa
parent22ccfa1baf256635268a3a65ac59d5a415d19356 (diff)
downloadmoa-id-spss-3c81d3fef06204f2259b6c0377c8a2a00974c614.tar.gz
moa-id-spss-3c81d3fef06204f2259b6c0377c8a2a00974c614.tar.bz2
moa-id-spss-3c81d3fef06204f2259b6c0377c8a2a00974c614.zip
make SAML2 http POST-Binding template and mandate-service selection-template configurable for every online application
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java22
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAIDHTTPPostEncoder.java114
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java53
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java11
15 files changed, 217 insertions, 59 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java
index c582050ad..710008714 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java
@@ -32,7 +32,7 @@ import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration;
import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder;
-import at.gv.egovernment.moa.id.auth.frontend.builder.ServiceProviderSpecificGUIFormBuilderConfiguration;
+import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithDBLoad;
import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
@@ -68,10 +68,10 @@ public class GenerateBKUSelectionFrameTask extends AbstractAuthServletTask {
throw new AuthenticationException("auth.00", new Object[] { pendingReq.getOAURL() });
}
-
- IGUIBuilderConfiguration config = new ServiceProviderSpecificGUIFormBuilderConfiguration(
+
+ IGUIBuilderConfiguration config = new SPSpecificGUIBuilderConfigurationWithDBLoad(
pendingReq,
- ServiceProviderSpecificGUIFormBuilderConfiguration.VIEW_BKUSELECTION,
+ SPSpecificGUIBuilderConfigurationWithDBLoad.VIEW_BKUSELECTION,
GeneralProcessEngineSignalController.ENDPOINT_BKUSELECTION_EVALUATION);
guiBuilder.build(response, config, "BKU-Selection form");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java
index ca99e9ba3..475009cf2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java
@@ -31,7 +31,7 @@ import org.springframework.stereotype.Component;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration;
import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder;
-import at.gv.egovernment.moa.id.auth.frontend.builder.ServiceProviderSpecificGUIFormBuilderConfiguration;
+import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithDBLoad;
import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
@@ -67,10 +67,10 @@ public class GenerateSSOConsentEvaluatorFrameTask extends AbstractAuthServletTas
//store pending request
requestStoreage.storePendingRequest(pendingReq);
- //build consents evaluator form
- IGUIBuilderConfiguration config = new ServiceProviderSpecificGUIFormBuilderConfiguration(
+ //build consents evaluator form
+ IGUIBuilderConfiguration config = new SPSpecificGUIBuilderConfigurationWithDBLoad(
pendingReq,
- ServiceProviderSpecificGUIFormBuilderConfiguration.VIEW_SENDASSERTION,
+ SPSpecificGUIBuilderConfigurationWithDBLoad.VIEW_SENDASSERTION,
GeneralProcessEngineSignalController.ENDPOINT_SENDASSERTION_EVALUATION);
guiBuilder.build(response, config, "SendAssertion-Evaluation");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java
index 9b658d81b..416e787a7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java
@@ -34,7 +34,7 @@ import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder;
-import at.gv.egovernment.moa.id.auth.frontend.builder.ServiceProviderSpecificGUIFormBuilderConfiguration;
+import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithDBLoad;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.IRequest;
@@ -71,17 +71,17 @@ public class GUILayoutBuilderServlet extends AbstractController {
IRequest pendingReq = extractPendingRequest(req);
//initialize GUI builder configuration
- ServiceProviderSpecificGUIFormBuilderConfiguration config = null;
+ SPSpecificGUIBuilderConfigurationWithDBLoad config = null;
if (pendingReq != null)
- config = new ServiceProviderSpecificGUIFormBuilderConfiguration(
+ config = new SPSpecificGUIBuilderConfigurationWithDBLoad(
pendingReq,
- ServiceProviderSpecificGUIFormBuilderConfiguration.VIEW_TEMPLATE_CSS,
+ SPSpecificGUIBuilderConfigurationWithDBLoad.VIEW_TEMPLATE_CSS,
null);
else
- config = new ServiceProviderSpecificGUIFormBuilderConfiguration(
+ config = new SPSpecificGUIBuilderConfigurationWithDBLoad(
HTTPUtils.extractAuthURLFromRequest(req),
- ServiceProviderSpecificGUIFormBuilderConfiguration.VIEW_TEMPLATE_CSS,
+ SPSpecificGUIBuilderConfigurationWithDBLoad.VIEW_TEMPLATE_CSS,
null);
//build GUI component
@@ -100,17 +100,17 @@ public class GUILayoutBuilderServlet extends AbstractController {
IRequest pendingReq = extractPendingRequest(req);
//initialize GUI builder configuration
- ServiceProviderSpecificGUIFormBuilderConfiguration config = null;
+ SPSpecificGUIBuilderConfigurationWithDBLoad config = null;
if (pendingReq != null)
- config = new ServiceProviderSpecificGUIFormBuilderConfiguration(
+ config = new SPSpecificGUIBuilderConfigurationWithDBLoad(
pendingReq,
- ServiceProviderSpecificGUIFormBuilderConfiguration.VIEW_TEMPLATE_JS,
+ SPSpecificGUIBuilderConfigurationWithDBLoad.VIEW_TEMPLATE_JS,
GeneralProcessEngineSignalController.ENDPOINT_BKUSELECTION_EVALUATION);
else
- config = new ServiceProviderSpecificGUIFormBuilderConfiguration(
+ config = new SPSpecificGUIBuilderConfigurationWithDBLoad(
HTTPUtils.extractAuthURLFromRequest(req),
- ServiceProviderSpecificGUIFormBuilderConfiguration.VIEW_TEMPLATE_JS,
+ SPSpecificGUIBuilderConfigurationWithDBLoad.VIEW_TEMPLATE_JS,
GeneralProcessEngineSignalController.ENDPOINT_BKUSELECTION_EVALUATION);
//build GUI component
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 60b8b31de..7c581d470 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -620,7 +620,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
//send SLO response to SLO request issuer
SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor(pvpReq);
LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, pvpReq, sloContainer.getSloFailedOAs());
- sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, inboundRelayState);
+ sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, inboundRelayState, pvpReq);
} else {
//print SLO information directly
@@ -656,7 +656,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
if (pvpReq != null) {
SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor(pvpReq);
LogoutResponse message = sloBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI);
- sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, inboundRelayState);
+ sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, inboundRelayState, pvpReq);
revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAIDHTTPPostEncoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAIDHTTPPostEncoder.java
new file mode 100644
index 000000000..b05e60e94
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAIDHTTPPostEncoder.java
@@ -0,0 +1,114 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.opemsaml;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.io.OutputStreamWriter;
+import java.io.Writer;
+
+import org.apache.velocity.VelocityContext;
+import org.apache.velocity.app.VelocityEngine;
+import org.opensaml.common.binding.SAMLMessageContext;
+import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;
+import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.ws.transport.http.HTTPOutTransport;
+import org.opensaml.ws.transport.http.HTTPTransportUtils;
+
+import at.gv.egovernment.moa.id.auth.frontend.builder.GUIFormBuilderImpl;
+import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOAIDHTTPPostEncoder extends HTTPPostEncoder {
+
+ private VelocityEngine velocityEngine;
+ private IGUIBuilderConfiguration guiConfig;
+ private GUIFormBuilderImpl guiBuilder;
+
+ /**
+ * @param engine
+ * @param templateId
+ */
+ public MOAIDHTTPPostEncoder(IGUIBuilderConfiguration guiConfig, GUIFormBuilderImpl guiBuilder, VelocityEngine engine) {
+ super(engine, null);
+ this.velocityEngine = engine;
+ this.guiConfig = guiConfig;
+ this.guiBuilder = guiBuilder;
+
+ }
+
+ /**
+ * Base64 and POST encodes the outbound message and writes it to the outbound transport.
+ *
+ * @param messageContext current message context
+ * @param endpointURL endpoint URL to which to encode message
+ *
+ * @throws MessageEncodingException thrown if there is a problem encoding the message
+ */
+ protected void postEncode(SAMLMessageContext messageContext, String endpointURL) throws MessageEncodingException {
+ Logger.debug("Invoking Velocity template to create POST body");
+ InputStream is = null;
+ try {
+ //build Velocity Context from GUI input paramters
+ VelocityContext context = guiBuilder.generateVelocityContextFromConfiguration(guiConfig);
+
+ //load template
+ is = guiBuilder.getTemplateInputStream(guiConfig);
+
+ //populate velocity context with SAML2 parameters
+ populateVelocityContext(context, messageContext, endpointURL);
+
+ //populate transport parameter
+ HTTPOutTransport outTransport = (HTTPOutTransport) messageContext.getOutboundMessageTransport();
+ HTTPTransportUtils.addNoCacheHeaders(outTransport);
+ HTTPTransportUtils.setUTF8Encoding(outTransport);
+ HTTPTransportUtils.setContentType(outTransport, "text/html");
+
+ //evaluate template and write content to response
+ Writer out = new OutputStreamWriter(outTransport.getOutgoingStream(), "UTF-8");
+ velocityEngine.evaluate(context, out, "SAML2_POST_BINDING", new BufferedReader(new InputStreamReader(is)));
+ out.flush();
+
+ } catch (Exception e) {
+ Logger.error("Error invoking Velocity template", e);
+ throw new MessageEncodingException("Error creating output document", e);
+
+ } finally {
+ if (is != null) {
+ try {
+ is.close();
+
+ } catch (IOException e) {
+ Logger.error("Can NOT close GUI-Template InputStream.", e);
+ }
+ }
+
+ }
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
index 365a31fe1..643e30ac9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
@@ -39,6 +39,7 @@ import org.opensaml.saml2.core.Response;
import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.opensaml.xml.security.SecurityException;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
import org.springframework.stereotype.Service;
import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder;
@@ -79,6 +80,7 @@ public class AttributQueryAction implements IAction {
@Autowired private IDPCredentialProvider pvpCredentials;
@Autowired private AuthConfiguration authConfig;
@Autowired(required=true) private MOAMetadataProvider metadataProvider;
+ @Autowired(required=true) ApplicationContext springContext;
private final static List<String> DEFAULTSTORKATTRIBUTES = Arrays.asList(
new String[]{PVPConstants.EID_STORK_TOKEN_NAME});
@@ -141,9 +143,9 @@ public class AttributQueryAction implements IAction {
metadataProvider, issuerEntityID, attrQuery, date,
assertion, authConfig.isPVP2AssertionEncryptionActive());
- SoapBinding decoder = new SoapBinding();
+ SoapBinding decoder = springContext.getBean("PVPSOAPBinding", SoapBinding.class);
decoder.encodeRespone(httpReq, httpResp, authResponse, null, null,
- pvpCredentials.getIDPAssertionSigningCredential());
+ pvpCredentials.getIDPAssertionSigningCredential(), pendingReq);
return null;
} catch (MessageEncodingException e) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
index aac49844e..9d60ae4b2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
@@ -35,6 +35,7 @@ import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.opensaml.xml.security.SecurityException;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
import org.springframework.stereotype.Service;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
@@ -62,6 +63,7 @@ public class AuthenticationAction implements IAction {
@Autowired IDPCredentialProvider pvpCredentials;
@Autowired AuthConfiguration authConfig;
@Autowired(required=true) private MOAMetadataProvider metadataProvider;
+ @Autowired(required=true) ApplicationContext springContext;
public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq,
HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
@@ -102,11 +104,11 @@ public class AuthenticationAction implements IAction {
if (consumerService.getBinding().equals(
SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
- binding = new RedirectBinding();
+ binding = springContext.getBean("PVPRedirectBinding", RedirectBinding.class);
} else if (consumerService.getBinding().equals(
SAMLConstants.SAML2_POST_BINDING_URI)) {
- binding = new PostBinding();
+ binding = springContext.getBean("PVPPOSTBinding", PostBinding.class);
}
@@ -117,7 +119,7 @@ public class AuthenticationAction implements IAction {
try {
binding.encodeRespone(httpReq, httpResp, authResponse,
consumerService.getLocation(), moaRequest.getRelayState(),
- pvpCredentials.getIDPAssertionSigningCredential());
+ pvpCredentials.getIDPAssertionSigningCredential(), req);
//set protocol type
sloInformation.setProtocolType(req.requestedModule());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index a7a249eed..216d7a8b1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -444,13 +444,13 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController {
IEncoder encoder = null;
if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
- encoder = new RedirectBinding();
+ encoder = applicationContext.getBean("PVPRedirectBinding", RedirectBinding.class);
} else if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) {
- encoder = new PostBinding();
+ encoder = applicationContext.getBean("PVPPOSTBinding", PostBinding.class);
} else if (pvpRequest.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI)) {
- encoder = new SoapBinding();
+ encoder = applicationContext.getBean("PVPSOAPBinding", SoapBinding.class);
}
if(encoder == null) {
@@ -465,7 +465,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController {
X509Credential signCred = pvpCredentials.getIDPAssertionSigningCredential();
encoder.encodeRespone(request, response, samlResponse, pvpRequest.getConsumerURL(),
- relayState, signCred);
+ relayState, signCred, protocolRequest);
return true;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
index ff703d585..f709da213 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
@@ -111,7 +111,7 @@ public class SingleLogOutAction implements IAction {
//LogoutResponse message = sloBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI);
LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, pvpReq, null);
Logger.info("Sending SLO success message to requester ...");
- sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState());
+ sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState(), pvpReq);
return null;
} else {
@@ -127,7 +127,7 @@ public class SingleLogOutAction implements IAction {
//LogoutResponse message = sloBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI);
LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, pvpReq, null);
Logger.info("Sending SLO success message to requester ...");
- sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState());
+ sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState(), pvpReq);
return null;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java
index 3b2fb3687..ccbef6e6c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java
@@ -31,6 +31,7 @@ import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.credential.Credential;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
public interface IEncoder {
@@ -43,12 +44,13 @@ public interface IEncoder {
* @param targetLocation URL, where the request should be transmit
* @param relayState token for session handling
* @param credentials Credential to sign the request object
+ * @param pendingReq Internal MOA-ID request object that contains session-state informations but never null
* @throws MessageEncodingException
* @throws SecurityException
* @throws PVP2Exception
*/
public void encodeRequest(HttpServletRequest req,
- HttpServletResponse resp, RequestAbstractType request, String targetLocation, String relayState, Credential credentials)
+ HttpServletResponse resp, RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
throws MessageEncodingException, SecurityException, PVP2Exception;
/**
@@ -59,10 +61,11 @@ public interface IEncoder {
* @param targetLocation URL, where the request should be transmit
* @param relayState token for session handling
* @param credentials Credential to sign the response object
+ * @param pendingReq Internal MOA-ID request object that contains session-state informations but never null
* @throws MessageEncodingException
* @throws SecurityException
*/
public void encodeRespone(HttpServletRequest req,
- HttpServletResponse resp, StatusResponseType response, String targetLocation, String relayState, Credential credentials)
+ HttpServletResponse resp, StatusResponseType response, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
throws MessageEncodingException, SecurityException, PVP2Exception;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
index 9977e607b..c7688c14b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
@@ -25,13 +25,11 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import org.apache.velocity.app.VelocityEngine;
import org.opensaml.common.SAMLObject;
import org.opensaml.common.binding.BasicSAMLMessageContext;
import org.opensaml.common.binding.decoding.URIComparator;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.binding.decoding.HTTPPostDecoder;
-import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;
import org.opensaml.saml2.core.RequestAbstractType;
import org.opensaml.saml2.core.StatusResponseType;
import org.opensaml.saml2.metadata.IDPSSODescriptor;
@@ -49,8 +47,17 @@ import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
import org.opensaml.xml.parse.BasicParserPool;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.credential.Credential;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+import at.gv.egovernment.moa.id.auth.frontend.builder.GUIFormBuilderImpl;
+import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration;
+import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithFileSystemLoad;
import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
+import at.gv.egovernment.moa.id.opemsaml.MOAIDHTTPPostEncoder;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
@@ -62,10 +69,14 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
+@Service("PVPPOSTBinding")
public class PostBinding implements IDecoder, IEncoder {
+
+ @Autowired(required=true) AuthConfiguration authConfig;
+ @Autowired(required=true) GUIFormBuilderImpl guiBuilder;
public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
- RequestAbstractType request, String targetLocation, String relayState, Credential credentials)
+ RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
throws MessageEncodingException, SecurityException {
try {
@@ -75,9 +86,18 @@ public class PostBinding implements IDecoder, IEncoder {
//load default PVP security configurations
MOADefaultBootstrap.initializeDefaultPVPConfiguration();
- VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine();
- HTTPPostEncoder encoder = new HTTPPostEncoder(engine,
- "resources/templates/pvp_postbinding_template.html");
+ //initialize POST binding encoder with template decoration
+ IGUIBuilderConfiguration guiConfig =
+ new SPSpecificGUIBuilderConfigurationWithFileSystemLoad(
+ pendingReq,
+ "pvp_postbinding_template.html",
+ MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SAML2POSTBINDING_URL,
+ null,
+ authConfig.getRootConfigFileDir());
+ MOAIDHTTPPostEncoder encoder = new MOAIDHTTPPostEncoder(guiConfig, guiBuilder,
+ VelocityProvider.getClassPathVelocityEngine());
+
+ //set OpenSAML2 process parameter into binding context dao
HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
resp, true);
BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
@@ -103,22 +123,27 @@ public class PostBinding implements IDecoder, IEncoder {
}
public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
- StatusResponseType response, String targetLocation, String relayState, Credential credentials)
+ StatusResponseType response, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
throws MessageEncodingException, SecurityException {
try {
-// X509Credential credentials = credentialProvider
-// .getIDPAssertionSigningCredential();
-
//load default PVP security configurations
MOADefaultBootstrap.initializeDefaultPVPConfiguration();
Logger.debug("create SAML POSTBinding response");
- VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine();
-
- HTTPPostEncoder encoder = new HTTPPostEncoder(engine,
- "resources/templates/pvp_postbinding_template.html");
+ //initialize POST binding encoder with template decoration
+ IGUIBuilderConfiguration guiConfig =
+ new SPSpecificGUIBuilderConfigurationWithFileSystemLoad(
+ pendingReq,
+ "pvp_postbinding_template.html",
+ MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SAML2POSTBINDING_URL,
+ null,
+ authConfig.getRootConfigFileDir());
+ MOAIDHTTPPostEncoder encoder = new MOAIDHTTPPostEncoder(guiConfig, guiBuilder,
+ VelocityProvider.getClassPathVelocityEngine());
+
+ //set OpenSAML2 process parameter into binding context dao
HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
resp, true);
BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
index 279038967..4f44a6202 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
@@ -50,7 +50,9 @@ import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
import org.opensaml.xml.parse.BasicParserPool;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.credential.Credential;
+import org.springframework.stereotype.Service;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
@@ -62,10 +64,11 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
+@Service("PVPRedirectBinding")
public class RedirectBinding implements IDecoder, IEncoder {
public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
- RequestAbstractType request, String targetLocation, String relayState, Credential credentials)
+ RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
throws MessageEncodingException, SecurityException {
// try {
@@ -100,7 +103,7 @@ public class RedirectBinding implements IDecoder, IEncoder {
public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
StatusResponseType response, String targetLocation, String relayState,
- Credential credentials) throws MessageEncodingException, SecurityException {
+ Credential credentials, IRequest pendingReq) throws MessageEncodingException, SecurityException {
// try {
// X509Credential credentials = credentialProvider
// .getIDPAssertionSigningCredential();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
index 94d91694a..552b64ac6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
@@ -48,7 +48,9 @@ import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.signature.SignableXMLObject;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
@@ -60,6 +62,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
+@Service("PVPSOAPBinding")
public class SoapBinding implements IDecoder, IEncoder {
@Autowired(required=true) private MOAMetadataProvider metadataProvider;
@@ -136,13 +139,13 @@ public class SoapBinding implements IDecoder, IEncoder {
}
public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
- RequestAbstractType request, String targetLocation, String relayState, Credential credentials)
+ RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
throws MessageEncodingException, SecurityException, PVP2Exception {
}
public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
- StatusResponseType response, String targetLocation, String relayState, Credential credentials)
+ StatusResponseType response, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
throws MessageEncodingException, SecurityException, PVP2Exception {
// try {
// Credential credentials = credentialProvider
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java
index 01ef4a43d..f29418853 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java
@@ -44,6 +44,8 @@ import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.SingleSignOnService;
import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.opensaml.xml.security.SecurityException;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
import org.springframework.stereotype.Service;
import at.gv.egovernment.moa.id.commons.api.IRequest;
@@ -64,6 +66,7 @@ import at.gv.egovernment.moa.util.MiscUtil;
@Service("PVPAuthnRequestBuilder")
public class PVPAuthnRequestBuilder {
+ @Autowired(required=true) ApplicationContext springContext;
/**
* Build a PVP2.x specific authentication request
@@ -202,17 +205,17 @@ public class PVPAuthnRequestBuilder {
IEncoder binding = null;
if (endpoint.getBinding().equals(
SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
- binding = new RedirectBinding();
+ binding = springContext.getBean("PVPRedirectBinding", RedirectBinding.class);
} else if (endpoint.getBinding().equals(
SAMLConstants.SAML2_POST_BINDING_URI)) {
- binding = new PostBinding();
+ binding = springContext.getBean("PVPPOSTBinding", PostBinding.class);
}
//encode message
binding.encodeRequest(null, httpResp, authReq,
- endpoint.getLocation(), pendingReq.getRequestID(), config.getAuthnRequestSigningCredential());
+ endpoint.getLocation(), pendingReq.getRequestID(), config.getAuthnRequestSigningCredential(), pendingReq);
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
index de59e6055..4fef52aec 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
@@ -59,6 +59,7 @@ import org.opensaml.xml.signature.Signature;
import org.opensaml.xml.signature.SignatureConstants;
import org.opensaml.xml.signature.Signer;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
import org.springframework.stereotype.Service;
import org.w3c.dom.Document;
@@ -95,7 +96,9 @@ import at.gv.egovernment.moa.logging.Logger;
public class SingleLogOutBuilder {
@Autowired(required=true) private MOAMetadataProvider metadataProvider;
+ @Autowired(required=true) ApplicationContext springContext;
@Autowired private IDPCredentialProvider credentialProvider;
+
public void checkStatusCode(ISLOInformationContainer sloContainer, LogoutResponse logOutResp) {
Status status = logOutResp.getStatus();
@@ -185,15 +188,15 @@ public class SingleLogOutBuilder {
public void sendFrontChannelSLOMessage(SingleLogoutService consumerService,
LogoutResponse sloResp, HttpServletRequest req, HttpServletResponse resp,
- String relayState) throws MOAIDException {
+ String relayState, PVPTargetConfiguration pvpReq) throws MOAIDException {
IEncoder binding = null;
if (consumerService.getBinding().equals(
SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
- binding = new RedirectBinding();
+ binding = springContext.getBean("PVPRedirectBinding", RedirectBinding.class);
} else if (consumerService.getBinding().equals(
SAMLConstants.SAML2_POST_BINDING_URI)) {
- binding = new PostBinding();
+ binding = springContext.getBean("PVPPOSTBinding", PostBinding.class);
}
@@ -204,7 +207,7 @@ public class SingleLogOutBuilder {
try {
binding.encodeRespone(req, resp, sloResp,
consumerService.getLocation(), relayState,
- credentialProvider.getIDPAssertionSigningCredential());
+ credentialProvider.getIDPAssertionSigningCredential(), pvpReq);
} catch (MessageEncodingException e) {
Logger.error("Message Encoding exception", e);