diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2018-05-16 09:29:09 +0200 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2018-05-16 09:29:09 +0200 |
commit | c61850c5607d066a3c322794c1220f26b31103a0 (patch) | |
tree | 8e91dbb441f5af6879c4314b38159b7ed9b4add4 /id/server/idserverlib/src/main/java/at/gv | |
parent | 44bce0049b598604cc1a30f419e936c6b5fc59cf (diff) | |
download | moa-id-spss-c61850c5607d066a3c322794c1220f26b31103a0.tar.gz moa-id-spss-c61850c5607d066a3c322794c1220f26b31103a0.tar.bz2 moa-id-spss-c61850c5607d066a3c322794c1220f26b31103a0.zip |
add initial version of Security-Layer 2.0 Authentication module
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv')
5 files changed, 71 insertions, 4 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java index c78361eda..583bb2ab4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java @@ -84,7 +84,9 @@ public class DataURLBuilder { dataURL = authBaseURL + authServletName; - dataURL = addParameter(dataURL, MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, sessionID); + if (sessionID != null) + dataURL = addParameter(dataURL, MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, sessionID); + return dataURL; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java index f61b9a4da..50cafb4f6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java @@ -134,7 +134,12 @@ public abstract class AbstractController extends MOAIDAuthConstants { try { //switch to protocol-finalize method to generate a protocol-specific error message - + + //log error directly in debug mode + if (Logger.isDebugEnabled()) + Logger.warn(loggedException.getMessage(), loggedException); + + //put exception into transaction store for redirect String key = Random.nextLongRandom(); if (pendingReq != null) { @@ -147,7 +152,7 @@ public abstract class AbstractController extends MOAIDAuthConstants { new ExceptionContainer(null, loggedException),-1); } - + //build up redirect URL String redirectURL = null; redirectURL = ServletUtils.getBaseUrl(req); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java index 32f103ca7..18641c090 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java @@ -55,7 +55,7 @@ public abstract class AbstractProcessEngineSignalController extends AbstractCont // wake up next task
processEngine.signal(pendingReq);
- } catch (Exception ex) {
+ } catch (Exception ex) {
handleError(null, ex, req, resp, pendingReq);
} finally {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index 7f183c5eb..a24683545 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -92,6 +92,7 @@ import at.gv.egovernment.moa.util.MiscUtil; public class AuthenticationManager extends MOAIDAuthConstants { private static List<String> reqParameterWhiteListeForModules = new ArrayList<String>(); + private static List<String> reqHeaderWhiteListeForModules = new ArrayList<String>(); public static final String MOA_SESSION = "MoaAuthenticationSession"; public static final String MOA_AUTHENTICATED = "MoaAuthenticated"; @@ -321,6 +322,16 @@ public class AuthenticationManager extends MOAIDAuthConstants { } + /** + * Add a request header to whitelist. All parameters that are part of the white list are added into {@link ExecutionContext} + * + * @param httpReqParam http header name, but never null + */ + public void addHeaderNameToWhiteList(String httpReqParam) { + if (MiscUtil.isNotEmpty(httpReqParam)) + reqHeaderWhiteListeForModules.add(httpReqParam.toLowerCase()); + + } /** * Checks if a authenticated MOASession already exists and if {protocolRequest} is authenticated @@ -422,6 +433,18 @@ public class AuthenticationManager extends MOAIDAuthConstants { } } + //add additional http request parameter to context + if (!reqHeaderWhiteListeForModules.isEmpty()) { + Enumeration<String> reqHeaderNames = httpReq.getHeaderNames(); + while(reqHeaderNames.hasMoreElements()) { + String paramName = reqHeaderNames.nextElement(); + if (MiscUtil.isNotEmpty(paramName) && reqHeaderWhiteListeForModules.contains(paramName.toLowerCase()) ) { + executionContext.put(paramName, + StringEscapeUtils.escapeHtml(httpReq.getHeader(paramName))); + } + } + } + //start process engine startProcessEngine(pendingReq, executionContext); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java index cd700c74a..611dff3b1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java @@ -89,6 +89,43 @@ public class SSLUtils { } + public static SSLSocketFactory getSSLSocketFactory( + ConfigurationProvider conf, String url ) + throws IOException, GeneralSecurityException, ConfigurationException, PKIException { + + // else create new SSLSocketFactory + String trustStoreURL = conf.getTrustedCACertificates(); + + if (trustStoreURL == null) + throw new ConfigurationException( + "config.08", new Object[] {"TrustedCACertificates"}); + + String acceptedServerCertURL = ""; + + //INFO: MOA-ID 2.x always use defaultChainingMode + + try { + SSLSocketFactory ssf = at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils.getSSLSocketFactory( + url, + null, + trustStoreURL, + acceptedServerCertURL, + AuthConfigurationProviderFactory.getInstance().getDefaultChainingMode(), + AuthConfigurationProviderFactory.getInstance().isTrustmanagerrevoationchecking(), + AuthConfigurationProviderFactory.getInstance().getRevocationMethodOrder(), + null, + null, + "pkcs12"); + + return ssf; + + } catch (SSLConfigurationException e) { + throw new ConfigurationException(e.getErrorID(), e.getParameters(), e.getE()); + + } + } + + /** * Creates an <code>SSLSocketFactory</code> which utilizes an * <code>IAIKX509TrustManager</code> for the given trust store, |