Merge branch 'moa2_0_tlenz' of gitlab.iaik.tugraz.at:afitzek/moa-idspss into moa2_0_tlenz_bs_2

10 files changed, 82 insertions, 240 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 25e73d595..ce5aa15c3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -811,9 +811,9 @@ public class AuthenticationServer implements MOAIDAuthConstants {
 
 
 		if (session.isSsoRequested()) {
-			String oaURL =new String();
+			String oaURL = new String();
 			try {
-				oaURL = AuthConfigurationProvider.getInstance().getSSOPublicUrl();
+				oaURL = AuthConfigurationProvider.getInstance().getPublicURLPrefix();
 
 				if (MiscUtil.isNotEmpty(oaURL))
 					oaURL = oaURL.replaceAll("&", "&");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
index f0de8b2e3..71d2aae37 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
@@ -205,26 +205,13 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{
 	      authURL = authURL.concat(":" + req.getServerPort());
 	    }
 	    authURL = authURL.concat(req.getContextPath() + "/");
-		
-		if (isEmpty(authURL))
-			throw new WrongParametersException("StartAuthentication",
-					"AuthURL", "auth.05");
-
-		// check if HTTP Connection may be allowed (through
-		// FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY)
-		//INFO: removed from MOA-ID 2.0 Config
-//		String boolStr = AuthConfigurationProvider
-//				.getInstance()
-//				.getGenericConfigurationParameter(
-//						AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY);
-		
-		if ((!authURL.startsWith("https:"))
-//				&& (false == BoolUtils.valueOf(boolStr))
-				)
+				
+		if (!authURL.startsWith("https:"))
 			throw new AuthenticationException("auth.07",
 					new Object[] { authURL + "*" });
 		
-		moasession.setAuthURL(authURL);
+		//set Auth URL from configuration
+		moasession.setAuthURL(AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/");
 
 		//check and set SourceID
 		if (oaParam.getSAML1Parameter() != null) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java
deleted file mode 100644
index 0c2bb66c0..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java
+++ /dev/null
@@ -1,133 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- * 
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- * 
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.auth.servlet;
-
-import java.io.IOException;
-import java.text.DateFormat;
-import java.util.Date;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
-import at.gv.egovernment.moa.id.util.HTTPRequestJSPForwarder;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * Servlet requested for updating the MOA-ID Auth configuration from configuration file
- * 
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class ConfigurationServlet extends HttpServlet {
-
-  /**
-	 * 
-	 */
-	private static final long serialVersionUID = 7455620886605337681L;
-
-/**
-   * Handle a HTTP GET request, used to indicated that the MOA
-   * configuration needs to be updated (reloaded).
-   * 
-   * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
-   */
-  public void doGet(HttpServletRequest request, HttpServletResponse response)
-    throws ServletException, IOException {
-
-	  	  
-	  response.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
-	  response.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
-	  response.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
-	  response.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
-	  
-    MOAIDMessageProvider msg = MOAIDMessageProvider.getInstance();
-
-    try {
-      MOAIDAuthInitializer.initialized=false;
-      MOAIDAuthInitializer.initialize();
-      String message = msg.getMessage("config.00", new Object[] 
-      	{ DateFormat.getTimeInstance(DateFormat.MEDIUM, Locale.GERMAN).format(new Date())} );
-            
-      Logger.info(message);
-			HTTPRequestJSPForwarder.forwardNamed(message, "/message-auth.jsp", getServletContext(), request, response);
-			
-    } catch (Throwable t) {
-      String errorMessage = msg.getMessage("config.04", null);
-      Logger.error(errorMessage, t);
-			HTTPRequestJSPForwarder.forwardNamed(errorMessage, "/message-auth.jsp", getServletContext(), request, response);
-    }
-  }
-
-  /**
-   * Do the same as <code>doGet</code>.
-   * 
-   * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
-   */
-  public void doPost(HttpServletRequest request, HttpServletResponse response)
-    throws ServletException, IOException {
-    doGet(request, response);
-  }
-	
-	/**
-	 * Calls the web application initializer.
-	 * 
-	 * @see javax.servlet.Servlet#init(ServletConfig)
-	 */
-	public void init(ServletConfig servletConfig) throws ServletException {
-		super.init(servletConfig);
-	}
-
-}
-
-
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
index deec69c7f..0a0355bd7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
@@ -57,17 +57,17 @@ public class GenerateIFrameTemplateServlet extends AuthServlet {
 	private static final long serialVersionUID = 1L;
 
 	public void init(ServletConfig servletConfig) throws ServletException {
-		    try {
-		      super.init(servletConfig);
-		      MOAIDAuthInitializer.initialize();
-		      Logger.debug("default platform file.encoding: " + System.getProperty("file.encoding"));
-		      Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null));
-		    }
-		    catch (Exception ex) {
-		      Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex);
-		      throw new ServletException(ex);
-		    }
-		  }
+//		    try {
+//		      super.init(servletConfig);
+//		      MOAIDAuthInitializer.initialize();
+//		      Logger.debug("default platform file.encoding: " + System.getProperty("file.encoding"));
+//		      Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null));
+//		    }
+//		    catch (Exception ex) {
+//		      Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex);
+//		      throw new ServletException(ex);
+//		    }
+	}
 	  
 	protected void doGet(HttpServletRequest req, HttpServletResponse resp)
 			throws ServletException, IOException {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
index c87a17c7f..f3495966a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
@@ -123,15 +123,15 @@ public class LogOutServlet extends AuthServlet {
    * @see javax.servlet.Servlet#init(ServletConfig)
    */
   public void init(ServletConfig servletConfig) throws ServletException {
-  	try {
-      super.init(servletConfig);
-      MOAIDAuthInitializer.initialize();
-  		Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null));
-  	}
-  	catch (Exception ex) {
-  		Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex);
-  		throw new ServletException(ex);
-  	}
+//  	try {
+//      super.init(servletConfig);
+//      MOAIDAuthInitializer.initialize();
+//  		Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null));
+//  	}
+//  	catch (Exception ex) {
+//  		Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex);
+//  		throw new ServletException(ex);
+//  	}
   }  
 
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
index 5471c03f5..b2c47fac0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
@@ -417,7 +417,7 @@ public class CreateXMLSignatureResponseValidator {
     
 	String oaURL;
     try {
-		oaURL = AuthConfigurationProvider.getInstance().getSSOPublicUrl();
+		oaURL = AuthConfigurationProvider.getInstance().getPublicURLPrefix();
 	} catch (ConfigurationException e1) {
 		oaURL = new String();
 	} 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
index c0f47d781..1a3c1b0a1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -212,6 +212,8 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
   
   private static Date date = null;
   
+  private String publicURLPreFix = null;
+  
  /**
    * Return the single instance of configuration data.
    * 
@@ -487,32 +489,41 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
   	//set TrustManagerRevocationChecking
   	setTrustManagerRevocationChecking();
   	
-  	//set TimeOuts
-		if (auth.getGeneralConfiguration() != null)  {
-	  		if (auth.getGeneralConfiguration().getTimeOuts() != null) {
-	  			
-	  			timeouts = new TimeOuts();
-	  			if (auth.getGeneralConfiguration().getTimeOuts().getAssertion() == null)
-	  				timeouts.setAssertion(new BigInteger("120"));
-	  			else
-	  				timeouts.setAssertion(auth.getGeneralConfiguration().getTimeOuts().getAssertion());
-	  			
-	  			if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated() == null)
-	  				timeouts.setMOASessionCreated(new BigInteger("2700"));
-	  			else
-	  				timeouts.setMOASessionCreated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated());
-	  			
-	  			if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated() == null)
-	  				timeouts.setMOASessionUpdated(new BigInteger("1200"));
-	  			else
-	  				timeouts.setMOASessionUpdated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated());
-	  		}
-	  	}
-	  	else {
-	  		Logger.warn("Error in MOA-ID Configuration. No TimeOuts defined.");
-	  		throw new ConfigurationException("config.02", null);
-	  	}
+  	//set default timeouts
+  	timeouts = new TimeOuts();
+  	timeouts.setAssertion(new BigInteger("300"));
+  	timeouts.setMOASessionCreated(new BigInteger("2700"));
+  	timeouts.setMOASessionUpdated(new BigInteger("1200"));
   	
+  	//search timeouts in config
+	if (auth.getGeneralConfiguration() != null)  {
+  		if (auth.getGeneralConfiguration().getTimeOuts() != null) {
+  			if (auth.getGeneralConfiguration().getTimeOuts().getAssertion() != null)
+  				timeouts.setAssertion(auth.getGeneralConfiguration().getTimeOuts().getAssertion());
+  			
+  			if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated() != null)
+  				timeouts.setMOASessionCreated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated());
+  			
+  			if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated() != null)
+  				timeouts.setMOASessionUpdated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated());
+  			
+  		} else {
+	  		Logger.info("No TimeOuts defined. Use default values");
+	  	}
+  	}
+
+    // sets the authentication session and authentication data time outs
+    AuthenticationServer.getInstance()
+             .setSecondsSessionTimeOutCreated(timeouts.getMOASessionCreated().longValue());
+
+    AuthenticationServer.getInstance()
+    		.setSecondsSessionTimeOutUpdated(timeouts.getMOASessionUpdated().longValue());
+    
+    AuthenticationServer.getInstance()
+    		.setSecondsAuthDataTimeOut(timeouts.getAssertion().longValue());
+
+		
+		
 		//set PVP2 general config
 		Protocols protocols = auth.getProtocols();
 			if (protocols != null) {
@@ -569,39 +580,21 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
 		}
 				
 		//set alternativeSourceID
-		if (auth.getGeneralConfiguration() != null)
+		if (auth.getGeneralConfiguration() != null) {
 			
 			//TODO: can be removed in a further version, because it is moved to SAML1 config
 			if (MiscUtil.isEmpty(alternativesourceid))
 				alternativesourceid =  auth.getGeneralConfiguration().getAlternativeSourceID();
-		
-	        // sets the authentication session and authentication data time outs
-	        BigInteger param = auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated();
-	        
-	        if (param != null) {
-	                long sessionTimeOut = param.longValue();
-	            if (sessionTimeOut > 0)
-	                    AuthenticationServer.getInstance()
-	                            .setSecondsSessionTimeOutCreated(sessionTimeOut);
-	        }
-	        
-	        param = auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated();
-	        if (param != null) {
-	                long sessionTimeOut = param.longValue();
-	            if (sessionTimeOut > 0)
-	                    AuthenticationServer.getInstance()
-	                            .setSecondsSessionTimeOutUpdated(sessionTimeOut);
-	        }
-	        
-	        param = auth.getGeneralConfiguration().getTimeOuts().getAssertion();
-	        if (param != null) {
-	            long authDataTimeOut = param.longValue();
-	            if (authDataTimeOut > 0)
-	                    AuthenticationServer.getInstance()
-	                            .setSecondsAuthDataTimeOut(authDataTimeOut);
-	        }
-
-		else {
+		    
+			if (MiscUtil.isNotEmpty(auth.getGeneralConfiguration().getPublicURLPreFix()))
+				publicURLPreFix = auth.getGeneralConfiguration().getPublicURLPreFix();
+			
+			else {
+				Logger.error("No Public URL Prefix configured.");
+				throw new ConfigurationException("config.05", new Object[]{"Public URL Prefix"});
+			}
+				
+		} else {
 			  Logger.warn("Error in MOA-ID Configuration. No GeneralConfig defined.");
 			  throw new ConfigurationException("config.02", null);
 	    } 			
@@ -947,16 +940,6 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
 	return new String();
   }
   
-  public String getSSOPublicUrl() {
-	if (ssoconfig!= null) {
-		String url = ssoconfig.getPublicURL();		
-		if (MiscUtil.isEmpty(url))
-			url = new String();		
-		return url;
-	}		  
-	return new String();
-  }
-  
   public String getMOASessionEncryptionKey() {
 	  
 	  String prop = props.getProperty("configuration.moasession.key");  
@@ -1005,6 +988,10 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
 	  return Boolean.valueOf(prop);
   }
   
+  public String getPublicURLPrefix() {
+	  return publicURLPreFix;
+  }
+  
   /**
    * Retruns the STORK Configuration
    * @return STORK Configuration
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index a45eb2b9e..3af8bcfe5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -86,7 +86,7 @@ public class DispatcherServlet extends AuthServlet{
 							null), ex);
 			throw new ServletException(ex);
 		}
-		Logger.info("Dispatcher Servlet initialization");
+		Logger.info("Dispatcher Servlet initialization finished.");
 	}
 
 	protected void processRequest(HttpServletRequest req,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 90863890f..666224b3a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -238,8 +238,9 @@ public class AuthenticationManager extends AuthServlet {
 			//Build authentication form
 			
 			
+			String publicURLPreFix = AuthConfigurationProvider.getInstance().getPublicURLPrefix();
 			String loginForm = LoginFormBuilder.buildLoginForm(target.requestedModule(), 
-					target.requestedAction(), oaParam, request.getContextPath(), moasession.getSessionID());
+					target.requestedAction(), oaParam, publicURLPreFix, moasession.getSessionID());
 			
 			//store MOASession
 			try {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
index bf82efb79..ebfffb648 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
@@ -124,7 +124,7 @@ public class PVPConfiguration {
 	}
 	
 	public String getIDPPublicPath() throws ConfigurationException {
-		String publicPath = AuthConfigurationProvider.getInstance().getGeneralPVP2DBConfig().getPublicURLPrefix();
+		String publicPath = AuthConfigurationProvider.getInstance().getPublicURLPrefix();
 		if(publicPath != null) {
 			if(publicPath.endsWith("/")) {
 				int length = publicPath.length();