aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2016-09-30 09:22:29 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2016-09-30 09:22:29 +0200
commitd025c38a426e22b0d1ccfbb4558ff6ce78ac1d0b (patch)
tree6bd538b3faab08ecec07c1fcff47e4c84f483b47 /id/server/idserverlib/src
parent5dda0359afcdc69b11bc9a8df5c527e6c1488b6f (diff)
downloadmoa-id-spss-d025c38a426e22b0d1ccfbb4558ff6ce78ac1d0b.tar.gz
moa-id-spss-d025c38a426e22b0d1ccfbb4558ff6ce78ac1d0b.tar.bz2
moa-id-spss-d025c38a426e22b0d1ccfbb4558ff6ce78ac1d0b.zip
refactor http servlet response processing to prohibit 'chunked' transfer encoding
Diffstat (limited to 'id/server/idserverlib/src')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java17
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java10
2 files changed, 15 insertions, 12 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
index 9fdec9fbb..2976dc420 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
@@ -50,7 +50,14 @@ public class WebFrontEndSecurityInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
-
+
+ //TODO: add additional headers or checks
+ //set security headers
+ response.setHeader(MOAIDAuthConstants.HEADER_EXPIRES, MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+ response.setHeader(MOAIDAuthConstants.HEADER_PRAGMA, MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+ response.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+ response.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+
//only for SAML1 GetAuthenticationData webService functionality
String requestedServlet = request.getServletPath();
if (MiscUtil.isNotEmpty(requestedServlet) &&
@@ -85,13 +92,9 @@ public class WebFrontEndSecurityInterceptor implements HandlerInterceptor {
public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
ModelAndView modelAndView) throws Exception {
- //TODO: add additional headers or checks
- //set security headers
- response.setHeader(MOAIDAuthConstants.HEADER_EXPIRES, MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
- response.setHeader(MOAIDAuthConstants.HEADER_PRAGMA, MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
- response.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
- response.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
index b282e3a4b..851f47a68 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
@@ -63,12 +63,12 @@ public class MetadataAction implements IAction {
String metadataXML = metadatabuilder.buildPVPMetadata(metadataConfig);
Logger.debug("METADATA: " + metadataXML);
-
+
+ byte[] content = metadataXML.getBytes("UTF-8");
+ httpResp.setStatus(HttpServletResponse.SC_OK);
+ httpResp.setContentLength(content.length);
httpResp.setContentType(MediaType.XML_UTF_8.toString());
- httpResp.getOutputStream().write(metadataXML.getBytes("UTF-8"));
-
- httpResp.getOutputStream().close();
-
+ httpResp.getOutputStream().write(content);
return null;
} catch (Exception e) {