aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2016-04-07 16:23:18 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2016-04-07 16:23:18 +0200
commit581d87d939820b9e74130279692f2825baff6594 (patch)
treeb22b4d1896568d99cb0c7159826e72f5ab2dd3be /id/server/idserverlib/src/main/java/at
parente5e4f2b8cc2652e47d31ace6ee35e7aeab7d814a (diff)
downloadmoa-id-spss-581d87d939820b9e74130279692f2825baff6594.tar.gz
moa-id-spss-581d87d939820b9e74130279692f2825baff6594.tar.bz2
moa-id-spss-581d87d939820b9e74130279692f2825baff6594.zip
add initial version of a virtual IDP REST URL rewrite filter
Diffstat (limited to 'id/server/idserverlib/src/main/java/at')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/VHostUrlRewriteServletFilter.java185
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java11
2 files changed, 196 insertions, 0 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/VHostUrlRewriteServletFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/VHostUrlRewriteServletFilter.java
new file mode 100644
index 000000000..93d74d7ef
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/VHostUrlRewriteServletFilter.java
@@ -0,0 +1,185 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.servlet.interceptor;
+
+import java.io.IOException;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.util.List;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+
+import org.springframework.context.ApplicationContext;
+
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.util.HTTPUtils;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+public class VHostUrlRewriteServletFilter implements Filter {
+
+ private static final String VHOST_PATH = "/vhost/";
+ private static final String AUTHURL = "authURL";
+
+
+ private ApplicationContext context = null;
+
+ public VHostUrlRewriteServletFilter(ApplicationContext context) {
+ Logger.info("Register vHost Servelt Filter");
+ this.context = context;
+
+ }
+
+ /* (non-Javadoc)
+ * @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
+ */
+ @Override
+ public void init(FilterConfig filterConfig) throws ServletException {
+
+ }
+
+ /* (non-Javadoc)
+ * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)
+ */
+ @Override
+ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
+ throws IOException, ServletException {
+ HttpServletRequest httpReq = (HttpServletRequest) request;
+ try {
+ AuthConfiguration authConfig = context.getBean(AuthConfiguration.class);
+ List<String> configuredPublicURLPrefix = authConfig.getPublicURLPrefix();
+
+ //check if End-Point is valid
+ String publicURLString = HTTPUtils.extractAuthURLFromRequest(httpReq);
+ URL publicURL;
+ try {
+ publicURL = new URL(publicURLString);
+
+ } catch (MalformedURLException e) {
+ Logger.error("IDP AuthenticationServiceURL Prefix is not a valid URL." + publicURLString, e);
+ throw new ConfigurationException("1299", null, e);
+
+ }
+
+ //check if virtual IDPs are enabled
+ if (!authConfig.isVirtualIDPsEnabled()) {
+ Logger.trace("Virtual IDPs are disabled. Use default IDP PublicURLPrefix from configuration: " + configuredPublicURLPrefix.get(0));
+ httpReq.setAttribute(AUTHURL, configuredPublicURLPrefix.get(0));
+ chain.doFilter(request, response);
+
+ } else {
+ String authURLString = HTTPUtils.extractAuthServletPathFromRequest(httpReq);
+ URL authURL;
+ try {
+ authURL = new URL(authURLString);
+
+ } catch (MalformedURLException e) {
+ Logger.error("IDP AuthenticationServiceURL Prefix is not a valid URL." + authURLString, e);
+ throw new ConfigurationException("1299", null, e);
+
+ }
+
+ Logger.debug("Extract AuthenticationServiceURL: " + authURLString);
+ URL resultURL = null;
+
+ for (String el : configuredPublicURLPrefix) {
+ try {
+ URL configuredURL = new URL(el);
+
+ //get Ports from URL
+ int configPort = configuredURL.getPort();
+ if (configPort == -1)
+ configPort = configuredURL.getDefaultPort();
+
+ int authURLPort = authURL.getPort();
+ if (authURLPort == -1)
+ authURLPort = authURL.getDefaultPort();
+
+ //check AuthURL against ConfigurationURL
+ if (configuredURL.getHost().equals(authURL.getHost()) &&
+ configPort == authURLPort &&
+ authURL.getPath().startsWith(configuredURL.getPath())) {
+ Logger.debug("Select configurated PublicURLPrefix: " + configuredURL
+ + " for authURL: " + authURLString);
+ resultURL = configuredURL;
+ }
+
+ } catch (MalformedURLException e) {
+ Logger.error("Configurated IDP PublicURLPrefix is not a valid URL." + el);
+
+ }
+ }
+
+ if (resultURL == null) {
+ Logger.warn("Extract AuthenticationServiceURL: " + authURL + " is NOT found in configuration.");
+ throw new ConfigurationException("config.25", new Object[]{authURLString});
+
+ } else {
+ httpReq.setAttribute(AUTHURL, resultURL.toExternalForm());
+
+ }
+
+ String servletPath = httpReq.getServletPath();
+ if (servletPath.startsWith(VHOST_PATH)) {
+ Logger.trace("Found V-IDP selection via REST URL ... ");
+ String vHostDescriptor = resultURL.toExternalForm().substring(0, publicURLString.length());
+ String requestedServlet = authURLString.substring(0, vHostDescriptor.length());
+ String newURL = publicURL.toExternalForm().concat(requestedServlet);
+ httpReq.setAttribute(AUTHURL, newURL);
+ httpReq.getRequestDispatcher(newURL).forward(httpReq, response);
+
+ } else {
+ Logger.trace("Found V-IDP selection via Domain ...");
+ chain.doFilter(request, response);
+
+ }
+
+ }
+
+ } catch (ConfigurationException e) {
+
+
+ }
+
+ }
+
+ /* (non-Javadoc)
+ * @see javax.servlet.Filter#destroy()
+ */
+ @Override
+ public void destroy() {
+ // TODO Auto-generated method stub
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java
index d2499af9d..4cb6af127 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java
@@ -173,6 +173,17 @@ public class HTTPUtils {
}
+ /**
+ * Extract the IDP requested URL from authrequest
+ *
+ * @param req HttpServletRequest
+ * @return RequestURL <String> which ends always without /
+ */
+ public static String extractAuthServletPathFromRequest(HttpServletRequest req) {
+ return extractAuthURLFromRequest(req).concat(req.getServletPath());
+
+ }
+
public static String addURLParameter(String url, String paramname,
String paramvalue) {
String param = paramname + "=" + paramvalue;