diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2016-01-19 08:39:10 +0100 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2016-01-19 08:39:10 +0100 |
commit | 6dc744a3190a86055ec1e546f0de0a3ad198091f (patch) | |
tree | 39f2485081eeeb02b4f249a67d0ff324edd5f1bf /id/server/idserverlib/src/main/java/at/gv/egovernment | |
parent | 7351616b2a081bcc6351644b49ea4a3ba0ec5ef2 (diff) | |
download | moa-id-spss-6dc744a3190a86055ec1e546f0de0a3ad198091f.tar.gz moa-id-spss-6dc744a3190a86055ec1e546f0de0a3ad198091f.tar.bz2 moa-id-spss-6dc744a3190a86055ec1e546f0de0a3ad198091f.zip |
add additional virtual IDP PublicURL Prefix validation
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java index a7027fcf1..cdaade1bb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java @@ -32,14 +32,12 @@ import javax.servlet.http.HttpServletRequest; import org.opensaml.saml2.core.Attribute; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.ConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; public abstract class RequestImpl implements IRequest, Serializable{ @@ -81,7 +79,7 @@ public abstract class RequestImpl implements IRequest, Serializable{ List<String> configuredPublicURLPrefix = config.getPublicURLPrefix(); if (!config.isVirtualIDPsEnabled()) { - Logger.debug("Virtual IDPs are disabled. Use default IDP PublicURLPrefix from configuration: " + configuredPublicURLPrefix.get(0)); + Logger.trace("Virtual IDPs are disabled. Use default IDP PublicURLPrefix from configuration: " + configuredPublicURLPrefix.get(0)); this.authURL = configuredPublicURLPrefix.get(0); } else { @@ -91,7 +89,19 @@ public abstract class RequestImpl implements IRequest, Serializable{ for (String el : configuredPublicURLPrefix) { try { URL configuredURL = new URL(el); - if (configuredURL.getHost().equals(authURL.getHost()) && + + //get Ports from URL + int configPort = configuredURL.getPort(); + if (configPort == -1) + configPort = configuredURL.getDefaultPort(); + + int authURLPort = authURL.getPort(); + if (authURLPort == -1) + authURLPort = authURL.getDefaultPort(); + + //check AuthURL against ConfigurationURL + if (configuredURL.getHost().equals(authURL.getHost()) && + configPort == authURLPort && configuredURL.getPath().equals(authURL.getPath())) { Logger.debug("Select configurated PublicURLPrefix: " + configuredURL + " for authURL: " + authURLString); |