aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2015-07-21 15:30:40 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2015-07-21 15:30:40 +0200
commit4795b273bb734f04056babe963d8588ffbf50fb0 (patch)
tree4c38c2a7b957608ad21034ec40b96466d3f3f98e /id/server/idserverlib
parenta10034425b325acaf9796183d1206979664e483d (diff)
downloadmoa-id-spss-4795b273bb734f04056babe963d8588ffbf50fb0.tar.gz
moa-id-spss-4795b273bb734f04056babe963d8588ffbf50fb0.tar.bz2
moa-id-spss-4795b273bb734f04056babe963d8588ffbf50fb0.zip
fix MOA-ID-Auth problems
Diffstat (limited to 'id/server/idserverlib')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java21
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java28
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java59
-rw-r--r--id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml15
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties3
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties1
9 files changed, 102 insertions, 35 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
index 65e3b10d7..e1086bbd1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
@@ -22,6 +22,7 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.config.auth.PropertyBasedAuthConfigurationProvider;
import at.gv.egovernment.moa.id.iaik.config.LoggerConfigImpl;
+import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
import at.gv.egovernment.moa.id.util.AxisSecureSocketFactory;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.util.SSLUtils;
@@ -174,7 +175,7 @@ public class MOAIDAuthInitializer {
System.exit(-1);
}
-
+
// Starts the session cleaner thread to remove unpicked authentication data
AuthenticationSessionCleaner.start();
AuthConfigLoader.start();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
index 9386330cc..987603227 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -865,7 +865,26 @@ public boolean isRemovePBKFromAuthBlock() {
*/
@Override
public List<Integer> getReversionsLoggingEventCodes() {
- // TODO Auto-generated method stub
+ String isEnabled = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_REVERSION_LOGS_ENABLED);
+ if (MiscUtil.isNotEmpty(isEnabled) && Boolean.parseBoolean(isEnabled)) {
+ String eventCodes = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_REVERSION_LOGS_EVENTCODES);
+ if (MiscUtil.isNotEmpty(eventCodes)) {
+ String[] codes = eventCodes.split(",");
+ List<Integer> result = new ArrayList<Integer>();
+ for (String el : codes) {
+ try {
+ result.add(Integer.valueOf(el.trim()));
+
+ } catch (NumberFormatException e) {
+ Logger.warn("EventCode can not parsed to Integer.", e);
+
+ }
+ }
+ if (!result.isEmpty())
+ return result;
+
+ }
+ }
return null;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index 5584e8ca6..45eecec84 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -311,7 +311,7 @@ public class DispatcherServlet extends AuthServlet{
MiscUtil.isNotEmpty(protocolRequest.getRequestID())) {
OAAuthParameter oaParams = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(protocolRequest.getOAURL());
- if (oaParams.isSTORKPVPGateway() || !oaParams.isPerformLocalAuthenticationOnInterfederationError()) {
+ if (!oaParams.isPerformLocalAuthenticationOnInterfederationError()) {
// -> send end error to service provider
Logger.info("Federated authentication for entity " + protocolRequest.getOAURL()
+ " FAILED. Sending error message to service provider.");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 06b55fb66..f3c40707e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -400,18 +400,22 @@ public class AuthenticationManager extends MOAIDAuthConstants {
Logger.debug("Build PVP 2.1 authentication request");
//get IDP metadata
- try {
- OAAuthParameter idp = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(target.getRequestedIDP());
- OAAuthParameter sp = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(target.getOAURL());
+
+ OAAuthParameter idp = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(target.getRequestedIDP());
+ OAAuthParameter sp = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(target.getOAURL());
- if (!idp.isInderfederationIDP() || !idp.isInboundSSOInterfederationAllowed()) {
- Logger.info("Requested interfederation IDP " + target.getRequestedIDP() + " is not valid for interfederation.");
- Logger.info("Switch to local authentication on this IDP ... ");
- perfomLocalAuthentication(request, response, target);
- return;
+ if (!idp.isInderfederationIDP() || !idp.isInboundSSOInterfederationAllowed()) {
+ Logger.info("Requested interfederation IDP " + target.getRequestedIDP() + " is not valid for interfederation.");
+ Logger.debug("isInderfederationIDP:" + String.valueOf(idp.isInderfederationIDP())
+ + " isInboundSSOAllowed:" + String.valueOf(idp.isInboundSSOInterfederationAllowed()));
+ Logger.info("Switch to local authentication on this IDP ... ");
+
+ perfomLocalAuthentication(request, response, target);
+ return;
- }
+ }
+ try {
EntityDescriptor idpEntity = MOAMetadataProvider.getInstance().
getEntityDescriptor(target.getRequestedIDP());
@@ -556,7 +560,11 @@ public class AuthenticationManager extends MOAIDAuthConstants {
if (requiredLocalAuthentication) {
Logger.info("Switch to local authentication on this IDP ... ");
- perfomLocalAuthentication(request, response, target);
+ if (idp.isPerformLocalAuthenticationOnInterfederationError())
+ perfomLocalAuthentication(request, response, target);
+
+ else
+ throw new AuthenticationException("auth.29", new String[]{target.getRequestedIDP()});
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
index de58c34a1..87a63a8a0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
@@ -115,10 +115,7 @@ public class PVPConfiguration {
//generalpvpconfigdb = AuthConfigurationProvider.getInstance().getGeneralPVP2DBConfig();
props = AuthConfigurationProviderFactory.getInstance().getGeneralPVP2ProperiesConfig();
rootDir = AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir();
-
- //load PVP2X metadata for all active online applications
- MOAMetadataProvider.getInstance();
-
+
} catch (ConfigurationException e) {
e.printStackTrace();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
index 389b9825f..824c9be0b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -26,14 +26,11 @@ import java.io.IOException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Collection;
-import java.util.Collections;
-import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
-import java.util.concurrent.CopyOnWriteArrayList;
import java.util.Timer;
import javax.net.ssl.SSLHandshakeException;
@@ -49,7 +46,6 @@ import org.opensaml.saml2.metadata.provider.MetadataFilter;
import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.saml2.metadata.provider.ObservableMetadataProvider;
-import org.opensaml.saml2.metadata.provider.ObservableMetadataProvider.Observer;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.parse.BasicParserPool;
@@ -74,7 +70,6 @@ public class MOAMetadataProvider implements ObservableMetadataProvider{
private static MOAMetadataProvider instance = null;
private static Object mutex = new Object();
- private List<ObservableMetadataProvider.Observer> observers;
public static MOAMetadataProvider getInstance() {
@@ -338,8 +333,7 @@ public class MOAMetadataProvider implements ObservableMetadataProvider{
Logger.warn("MetadataProvider can not be destroyed.");
}
}
-
- this.observers = Collections.emptyList();
+
instance = null;
} else {
Logger.warn("ReInitalize MOAMetaDataProvider is not possible! MOA-ID Instance has to be restarted manualy");
@@ -348,14 +342,12 @@ public class MOAMetadataProvider implements ObservableMetadataProvider{
private MOAMetadataProvider() {
ChainingMetadataProvider chainProvider = new ChainingMetadataProvider();
- this.observers = new CopyOnWriteArrayList<Observer>();
Logger.info("Loading metadata");
Map<String, MetadataProvider> providersinuse = new HashMap<String, MetadataProvider>();
try {
- //TODO: database search does not work!!!!!
Map<String, String> allOAs = AuthConfigurationProviderFactory.getInstance().getConfigurationWithWildCard(
- MOAIDConfigurationConstants.PREFIX_SERVICES
+ MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES
+ ".%."
+ MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER);
@@ -373,7 +365,7 @@ public class MOAMetadataProvider implements ObservableMetadataProvider{
try {
String certBase64 = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);
- if (MiscUtil.isNotEmpty(certBase64) || MiscUtil.isNotEmpty(metadataurl)) {
+ if (MiscUtil.isNotEmpty(certBase64) && MiscUtil.isNotEmpty(metadataurl)) {
byte[] cert = Base64Utils.decode(certBase64, false);
@@ -543,14 +535,53 @@ public class MOAMetadataProvider implements ObservableMetadataProvider{
return internalProvider.getMetadata();
}
- public EntitiesDescriptor getEntitiesDescriptor(String name)
+ public EntitiesDescriptor getEntitiesDescriptor(String entitiesID)
throws MetadataProviderException {
- return internalProvider.getEntitiesDescriptor(name);
+ EntitiesDescriptor entitiesDesc = null;
+ try {
+ entitiesDesc = internalProvider.getEntitiesDescriptor(entitiesID);
+
+ if (entitiesDesc == null) {
+ Logger.debug("Can not find PVP metadata for entityID: " + entitiesID
+ + " Start refreshing process ...");
+ if (refreshMetadataProvider(entitiesID))
+ return internalProvider.getEntitiesDescriptor(entitiesID);
+
+ }
+
+ } catch (MetadataProviderException e) {
+ Logger.debug("Can not find PVP metadata for entityID: " + entitiesID
+ + " Start refreshing process ...");
+ if (refreshMetadataProvider(entitiesID))
+ return internalProvider.getEntitiesDescriptor(entitiesID);
+
+ }
+
+ return entitiesDesc;
}
public EntityDescriptor getEntityDescriptor(String entityID)
throws MetadataProviderException {
- return internalProvider.getEntityDescriptor(entityID);
+ EntityDescriptor entityDesc = null;
+ try {
+ entityDesc = internalProvider.getEntityDescriptor(entityID);
+ if (entityDesc == null) {
+ Logger.debug("Can not find PVP metadata for entityID: " + entityID
+ + " Start refreshing process ...");
+ if (refreshMetadataProvider(entityID))
+ return internalProvider.getEntityDescriptor(entityID);
+
+ }
+
+ } catch (MetadataProviderException e) {
+ Logger.debug("Can not find PVP metadata for entityID: " + entityID
+ + " Start refreshing process ...");
+ if (refreshMetadataProvider(entityID))
+ return internalProvider.getEntityDescriptor(entityID);
+
+ }
+
+ return entityDesc;
}
public List<RoleDescriptor> getRole(String entityID, QName roleName)
diff --git a/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml b/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml
index f2b2f5adf..206fde87d 100644
--- a/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml
+++ b/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml
@@ -19,13 +19,22 @@
<property name="url" value="${configuration.hibernate.connection.url}"/>
<property name="username" value="${configuration.hibernate.connection.username}" />
<property name="password" value="${configuration.hibernate.connection.password}" />
- <property name="testOnBorrow" value="true" />
+
+ <property name="connectionProperties" value="${configuration.dbcp.connectionProperties}" />
+ <property name="initialSize" value="${configuration.dbcp.initialSize}" />
+ <property name="maxActive" value="${configuration.dbcp.maxActive}" />
+ <property name="maxIdle" value="${configuration.dbcp.maxIdle}" />
+ <property name="minIdle" value="${configuration.dbcp.minIdle}" />
+ <property name="maxWait" value="${configuration.dbcp.maxWaitMillis}" />
+ <property name="testOnBorrow" value="${configuration.dbcp.testOnBorrow}" />
+ <property name="testOnReturn" value="${configuration.dbcp.testOnReturn}" />
+ <property name="testWhileIdle" value="${configuration.dbcp.testWhileIdle}" />
<property name="validationQuery" value="SELECT 1" />
</bean>
<bean id="jpaVendorAdapter" class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter">
- <property name="showSql" value="true" />
- <property name="generateDdl" value="${jpaVendorAdapter.generateDdl}" />
+ <property name="showSql" value="${configuration.hibernate.show_sql}" />
+ <property name="generateDdl" value="${configuration.jpaVendorAdapter.generateDdl}" />
<property name="databasePlatform" value="${configuration.hibernate.dialect}" />
</bean>
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index f5f9f5979..aca37f072 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -44,8 +44,9 @@ auth.23=Das BKU-Selektion Template entspricht nicht der Spezifikation von MOA-ID
auth.24=Das Send-Assertion Template entspricht nicht der Spezifikation von MOA-ID 2.x.
auth.25=Fehler beim validieren der SZR-Gateway Response.
auth.26=SessionID unbekannt.
-auth.27=Federated authentication FAILED.
+auth.27=Federated authentication FAILED! Assertion from {0} IDP is not valid.
auth.28=Transaktion {0} kann nicht weitergef\u00FChrt werden. Wahrscheinlich wurde ein TimeOut erreicht.
+auth.29=Federated authentication FAILED! Can not build authentication request for IDP {0}
init.00=MOA ID Authentisierung wurde erfolgreich gestartet
init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround\: SSL ist m\u00F6glicherweise nicht verf\u00FCgbar
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
index 79d6d5eef..fa332f0c7 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
@@ -26,6 +26,7 @@ auth.25=1109
auth.26=1100
auth.27=4401
auth.28=1100
+auth.29=4401
init.00=9199
init.01=9199