diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2016-09-30 09:22:29 +0200 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2016-09-30 09:22:29 +0200 |
commit | d025c38a426e22b0d1ccfbb4558ff6ce78ac1d0b (patch) | |
tree | 6bd538b3faab08ecec07c1fcff47e4c84f483b47 /id/server/idserverlib/src/main/java/at | |
parent | 5dda0359afcdc69b11bc9a8df5c527e6c1488b6f (diff) | |
download | moa-id-spss-d025c38a426e22b0d1ccfbb4558ff6ce78ac1d0b.tar.gz moa-id-spss-d025c38a426e22b0d1ccfbb4558ff6ce78ac1d0b.tar.bz2 moa-id-spss-d025c38a426e22b0d1ccfbb4558ff6ce78ac1d0b.zip |
refactor http servlet response processing to prohibit 'chunked' transfer encoding
Diffstat (limited to 'id/server/idserverlib/src/main/java/at')
2 files changed, 15 insertions, 12 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java index 9fdec9fbb..2976dc420 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java @@ -50,7 +50,14 @@ public class WebFrontEndSecurityInterceptor implements HandlerInterceptor { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { - + + //TODO: add additional headers or checks + //set security headers + response.setHeader(MOAIDAuthConstants.HEADER_EXPIRES, MOAIDAuthConstants.HEADER_VALUE_EXPIRES); + response.setHeader(MOAIDAuthConstants.HEADER_PRAGMA, MOAIDAuthConstants.HEADER_VALUE_PRAGMA); + response.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); + response.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + //only for SAML1 GetAuthenticationData webService functionality String requestedServlet = request.getServletPath(); if (MiscUtil.isNotEmpty(requestedServlet) && @@ -85,13 +92,9 @@ public class WebFrontEndSecurityInterceptor implements HandlerInterceptor { public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception { - //TODO: add additional headers or checks - //set security headers - response.setHeader(MOAIDAuthConstants.HEADER_EXPIRES, MOAIDAuthConstants.HEADER_VALUE_EXPIRES); - response.setHeader(MOAIDAuthConstants.HEADER_PRAGMA, MOAIDAuthConstants.HEADER_VALUE_PRAGMA); - response.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); - response.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java index b282e3a4b..851f47a68 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java @@ -63,12 +63,12 @@ public class MetadataAction implements IAction { String metadataXML = metadatabuilder.buildPVPMetadata(metadataConfig); Logger.debug("METADATA: " + metadataXML); - + + byte[] content = metadataXML.getBytes("UTF-8"); + httpResp.setStatus(HttpServletResponse.SC_OK); + httpResp.setContentLength(content.length); httpResp.setContentType(MediaType.XML_UTF_8.toString()); - httpResp.getOutputStream().write(metadataXML.getBytes("UTF-8")); - - httpResp.getOutputStream().close(); - + httpResp.getOutputStream().write(content); return null; } catch (Exception e) { |