aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2014-03-19 12:17:32 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2014-03-19 12:17:32 +0100
commit76b43178f068650e8df40c3f7eb4993ff709499c (patch)
tree4b3a6eea8842115c532788bf09034b791f40ca06 /id/server/idserverlib/src/main/java
parent0ebfb92d43e8333705c8058039d2334476d61f6c (diff)
downloadmoa-id-spss-76b43178f068650e8df40c3f7eb4993ff709499c.tar.gz
moa-id-spss-76b43178f068650e8df40c3f7eb4993ff709499c.tar.bz2
moa-id-spss-76b43178f068650e8df40c3f7eb4993ff709499c.zip
Add advanced parameter validation. Redirect is only allowed if Redirect URL maps to OA configuration.
Load redirectTarget from OA configuration.
Diffstat (limited to 'id/server/idserverlib/src/main/java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/RedirectFormBuilder.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java22
2 files changed, 23 insertions, 5 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/RedirectFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/RedirectFormBuilder.java
index e2a736330..2a5c8d418 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/RedirectFormBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/RedirectFormBuilder.java
@@ -31,7 +31,8 @@ import at.gv.egovernment.moa.logging.Logger;
public class RedirectFormBuilder {
- private static String URL = "#URL#";
+ private static String URL = "#URL#";
+ private static String TARGET = "#TARGET#";
private static String template;
private static String getTemplate() {
@@ -53,9 +54,10 @@ public class RedirectFormBuilder {
return template;
}
- public static String buildLoginForm(String url) {
+ public static String buildLoginForm(String url, String redirectTarget) {
String value = getTemplate();
value = value.replace(URL, url);
+ value = value.replace(TARGET, redirectTarget);
return value;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
index 02028bf1a..671151bbe 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
@@ -54,14 +54,30 @@ public class RedirectServlet extends AuthServlet{
String target = req.getParameter(PARAM_TARGET);
String artifact = req.getParameter(PARAM_SAMLARTIFACT);
+ if (MiscUtil.isEmpty(artifact)) {
+ resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Parameters not valid");
+ return;
+ }
+
Logger.debug("Check URL against online-applications");
+ OnlineApplication oa = null;
+ String redirectTarget = "_parent";
try {
- OnlineApplication oa = ConfigurationDBRead.getActiveOnlineApplication(url);
+ oa = ConfigurationDBRead.getActiveOnlineApplication(url);
if (oa == null) {
- resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Request not allowed.");
+ resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Parameters not valid");
return;
+ } else {
+ try {
+ redirectTarget = oa.getAuthComponentOA().getTemplates().getBKUSelectionCustomization().getAppletRedirectTarget();
+
+ } catch (Exception e) {
+ Logger.debug("Use default redirectTarget.");
+ }
+
}
+
} catch (Throwable e) {
resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Request not allowed.");
return;
@@ -85,7 +101,7 @@ public class RedirectServlet extends AuthServlet{
URLEncoder.encode(artifact, "UTF-8"));
url = resp.encodeRedirectURL(url);
- String redirect_form = RedirectFormBuilder.buildLoginForm(url);
+ String redirect_form = RedirectFormBuilder.buildLoginForm(url, redirectTarget);
resp.setContentType("text/html;charset=UTF-8");
PrintWriter out = new PrintWriter(resp.getOutputStream());