merge

12 files changed, 89 insertions, 26 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index a8c4daad7..1bb829bab 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -571,11 +571,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
         String authBlock = buildAuthenticationBlock(session, oaParam);
 
         // builds the <CreateXMLSignatureRequest>
-        List<String> transformsInfos = oaParam.getTransformsInfos();
-        if ((transformsInfos == null) || (transformsInfos.size() == 0)) {
-            // no OA specific transforms specified, use default ones
-            transformsInfos = authConf.getTransformsInfos();
-        }
+        List<String> transformsInfos = authConf.getTransformsInfos();
+        
         String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder()
                 .build(authBlock, oaParam.getKeyBoxIdentifier(),
                         transformsInfos);
@@ -1949,7 +1946,9 @@ public class AuthenticationServer implements MOAIDAuthConstants {
             StringWriter writer = new StringWriter();
             template.merge(context, writer);
 
+            resp.setContentType("text/html;charset=UTF-8");            
             resp.getOutputStream().write(writer.toString().getBytes());
+
         } catch (Exception e) {
             Logger.error("Error sending STORK SAML AuthnRequest.", e);
             httpSession.invalidate();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
index 0a0355bd7..6f30e98df 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
@@ -187,8 +187,12 @@ public class GenerateIFrameTemplateServlet extends AuthServlet {
 	          
 	    catch (MOAIDException ex) {
 	    	handleError(null, ex, req, resp, pendingRequestID);
+	    	
+	    } catch (Exception e) {
+	    	Logger.error("BKUSelectionServlet has an interal Error.", e);
+	    	
 	    }
-	    
+	       	    
 	    finally {
 	    	ConfigurationDBUtils.closeSession();
 	    }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
index e9afb2e68..17dd9e343 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
@@ -260,11 +260,12 @@ public class GetForeignIDServlet extends AuthServlet {
 	    	    		      

 	    }

 	    catch (MOAIDException ex) {

-	      handleError(null, ex, req, resp, pendingRequestID);

-		} catch (Exception e1) {
-			// TODO Auto-generated catch block
-			e1.printStackTrace();
-		}

+	    	handleError(null, ex, req, resp, pendingRequestID);

+	      

+	    } catch (Exception e) {

+	    	Logger.error("GetForeignIDServlet has an interal Error.", e);

+	    	

+	    }	       

   }

     

   

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
index 5733cee85..a776bbe9a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
@@ -246,16 +246,23 @@ public class GetMISSessionIDServlet extends AuthServlet {
 
 		} catch (MOAIDException ex) {
 			handleError(null, ex, req, resp, pendingRequestID);
+			
 		} catch (GeneralSecurityException ex) {
 			handleError(null, ex, req, resp, pendingRequestID);
+			
 		} catch (PKIException e) {
 			handleError(null, e, req, resp, pendingRequestID);
+			
 		} catch (SAXException e) {
 			handleError(null, e, req, resp, pendingRequestID);
+			
 		} catch (ParserConfigurationException e) {
 			handleError(null, e, req, resp, pendingRequestID);
-		}
-		
+			
+	    } catch (Exception e) {
+	    	Logger.error("MISMandateValidation has an interal Error.", e);
+	       
+	    }
 	    finally {
 	    	ConfigurationDBUtils.closeSession();
 	    }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
index 84732d4ce..fc4ec305d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
@@ -54,6 +54,9 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
 import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
 import at.gv.egovernment.moa.id.moduls.RequestStorage;
@@ -86,6 +89,16 @@ public class LogOutServlet extends AuthServlet {
 			//set default redirect Target
 			Logger.debug("Set default RedirectURL back to MOA-ID-Auth");
 			redirectUrl = AuthConfigurationProvider.getInstance().getPublicURLPrefix();
+			
+		} else {
+			//return an error if RedirectURL is not a active Online-Applikation
+			OnlineApplication oa = ConfigurationDBRead.getActiveOnlineApplication(redirectUrl);			
+			if (oa == null) {		
+				Logger.info("RedirctURL does not match to OA configuration. Set default RedirectURL back to MOA-ID-Auth");
+				redirectUrl = AuthConfigurationProvider.getInstance().getPublicURLPrefix();
+				
+			}
+			
 		}
 		
 		if (ssomanager.isValidSSOSession(ssoid, req)) {
@@ -108,7 +121,12 @@ public class LogOutServlet extends AuthServlet {
 		ssomanager.deleteSSOSessionID(req, resp);
 		
 	} catch (Exception e) {
-		Logger.warn(LogOutServlet.class.getName() + " has an LogOut Error. Redirect to Applikation " + redirectUrl, e);
+		resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Request not allowed.");
+		return;
+		
+	} finally {
+		ConfigurationDBUtils.closeSession();
+		
 	}
 		
 	//Redirect to Application
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
index 328a441cd..d6db64a85 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
@@ -384,9 +384,14 @@ public class PEPSConnectorServlet extends AuthServlet {
 			

 		} catch (AuthenticationException e) {

 			handleError(null, e, request, response, pendingRequestID);

+			

 		} catch (MOAIDException e) {

 			handleError(null, e, request, response, pendingRequestID);

-		}

+			

+	    } catch (Exception e) {

+	    	Logger.error("PEPSConnector has an interal Error.", e);

+	    }

+	       

 		

 	    finally {

 	    	ConfigurationDBUtils.closeSession();

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
index 671151bbe..00acdc540 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
@@ -70,7 +70,9 @@ public class RedirectServlet extends AuthServlet{
 				
 			} else {
 				try {
-					redirectTarget = oa.getAuthComponentOA().getTemplates().getBKUSelectionCustomization().getAppletRedirectTarget();
+					String test = oa.getAuthComponentOA().getTemplates().getBKUSelectionCustomization().getAppletRedirectTarget();
+					if (MiscUtil.isNotEmpty(test))
+						redirectTarget = test;
 					
 				} catch (Exception e) {
 					Logger.debug("Use default redirectTarget.");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java
index 6fa7b56c6..997241822 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java
@@ -150,11 +150,17 @@ public class SSOSendAssertionServlet extends AuthServlet{
 			
 		} catch (MOADatabaseException e) {
 			handleError("SSO Session is not found", e, req, resp, id);
+			
 		} catch (WrongParametersException e) {
 			handleError("Parameter is not valid", e, req, resp, id);
+			
 		} catch (AuthenticationException e) {
 			handleError(e.getMessage(), e, req, resp, id);
-		}
+			
+	    } catch (Exception e) {
+	    	Logger.error("SSOSendAssertion has an interal Error.", e);
+	    }
+	       
 	}
 
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
index 2b46c8ff2..787dc6f10 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
@@ -303,13 +303,20 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
     
 		catch (MOAIDException ex) {
 			handleError(null, ex, req, resp, pendingRequestID);
+			
 		} catch (GeneralSecurityException e) {
 			handleError(null, e, req, resp, pendingRequestID);
+			
 		} catch (PKIException e) {
 			handleError(null, e, req, resp, pendingRequestID);
+			
 		} catch (TransformerException e) {
 			handleError(null, e, req, resp, pendingRequestID);
-		}
+			
+	    } catch (Exception e) {
+	    	Logger.error("AuthBlockValidation has an interal Error.", e);
+	    }
+	       
 		
 	    finally {
 	    	ConfigurationDBUtils.closeSession();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
index fddd0d6b9..a3397f561 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
@@ -215,9 +215,12 @@ public class VerifyCertificateServlet extends AuthServlet {
 	    	}	    		    	 

 	    }

 	    catch (MOAIDException ex) {

-

 	      handleError(null, ex, req, resp, pendingRequestID);

+	      

+	    } catch (Exception e) {

+	    	Logger.error("CertificateValidation has an interal Error.", e);

 	    }

+	       

 	    

 	    finally {

 	    	ConfigurationDBUtils.closeSession();

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
index 10a41c487..3b503f07b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
@@ -142,7 +142,8 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
     try 
     {
       parameters = getParameters(req);
-    } catch (FileUploadException e) 
+      
+    } catch (Exception e) 
     {
       Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
       throw new IOException(e.getMessage());
@@ -259,12 +260,14 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
     }
     catch (ParseException ex) {
     	handleError(null, ex, req, resp, pendingRequestID);
-    }
-    
-    catch (MOAIDException ex) {
+    	
+    } catch (MOAIDException ex) {
       handleError(null, ex, req, resp, pendingRequestID);
+      
+    } catch (Exception e) {
+    	Logger.error("IdentityLinkValidation has an interal Error.", e);
     }
-    
+        
     finally {
     	ConfigurationDBUtils.closeSession();
     }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
index 393b80d04..e6efa0256 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
@@ -119,7 +119,7 @@ public class AuthenticationSessionStoreage {
 			dbsession.setUpdated(new Date());
 			
 			MOASessionDBUtils.saveOrUpdate(dbsession);
-			Logger.info("MOASession with sessionID=" + session.getSessionID() + " is stored in Database");
+			Logger.debug("MOASession with sessionID=" + session.getSessionID() + " is stored in Database");
 			
 		} catch (MOADatabaseException e) {
 			Logger.warn("MOASession could not be stored.");
@@ -144,7 +144,7 @@ public class AuthenticationSessionStoreage {
 			dbsession.setUpdated(new Date());
 			
 			MOASessionDBUtils.saveOrUpdate(dbsession);
-			Logger.info("MOASession with sessionID=" + session.getSessionID() + " is stored in Database");
+			Logger.debug("MOASession with sessionID=" + session.getSessionID() + " is stored in Database");
 			
 		} catch (MOADatabaseException e) {
 			Logger.warn("MOASession could not be stored.");
@@ -191,6 +191,10 @@ public class AuthenticationSessionStoreage {
 			AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID());
 			
 			String id = Random.nextRandom();
+			
+			Logger.debug("Change SessionID from " + session.getSessionID() 
+					+ "to " + id);
+			
 			session.setSessionID(id);
 			
 			dbsession.setSessionid(id);
@@ -207,6 +211,8 @@ public class AuthenticationSessionStoreage {
 			
 			MOASessionDBUtils.saveOrUpdate(dbsession);
 			
+			Logger.trace("Change SessionID complete.");
+			
 			return id;
 				
 		} catch (MOADatabaseException e) {
@@ -225,6 +231,8 @@ public class AuthenticationSessionStoreage {
 			  Session session = MOASessionDBUtils.getCurrentSession();
 			  List<AuthenticatedSessionStore> result;
 			  
+			  Logger.trace("Add SSO information to session " + moaSessionID);
+			  
 			  synchronized (session) {
 				  
 				  tx = session.beginTransaction();