aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2016-02-18 19:21:10 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2016-02-18 19:21:10 +0100
commit9bafb2671b297d39574c346c896347f197282081 (patch)
tree6a6b4a0a3327990e10e99395764eb80a2aea2e24 /id/server/idserverlib
parentf38bf93a9636f43246b7021c0ac48591b7afaf57 (diff)
downloadmoa-id-spss-9bafb2671b297d39574c346c896347f197282081.tar.gz
moa-id-spss-9bafb2671b297d39574c346c896347f197282081.tar.bz2
moa-id-spss-9bafb2671b297d39574c346c896347f197282081.zip
remove AXIS1 implemented WebService for SAML1 --> now a simple Spring controller is used as WebService endpoint
Diffstat (limited to 'id/server/idserverlib')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java11
1 files changed, 10 insertions, 1 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
index 7835687e8..c5a9ad34b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
@@ -34,6 +34,7 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
import at.gv.egovernment.moa.id.util.HTTPUtils;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
/**
* @author tlenz
@@ -49,7 +50,15 @@ public class WebFrontEndSecurityInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
-
+
+ //only for SAML1 GetAuthenticationData webService functionality
+ String requestedServlet = request.getServletPath();
+ if (MiscUtil.isNotEmpty(requestedServlet) && requestedServlet.startsWith("/services/GetAuthenticationData")) {
+ Logger.debug("SAML1 GetAuthenticationServices allow access without SSL");
+ return true;
+
+ }
+
//check AuthURL
String authURL = HTTPUtils.extractAuthURLFromRequest(request);
if (!authURL.startsWith("https:") && !authConfig.isHTTPAuthAllowed()) {