* Update ParameterÃ¼berprÃ¼fung Templates

* Update Beispiel-Konfigurationen * Update ContentType fÃ¼r InfoBoxReadRequest (Zertifikat) bei Online-Mandates git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1202 d688527b-c9ab-4aba-bd8d-4036d912da1d
author: kstranacher <kstranacher@d688527b-c9ab-4aba-bd8d-4036d912da1d> 2011-04-07 19:22:50 +0000
committer: kstranacher <kstranacher@d688527b-c9ab-4aba-bd8d-4036d912da1d> 2011-04-07 19:22:50 +0000
commit: 07449c789f2561bb768d111e5b7d2c14e5dec26f (patch)
tree: 36a6606e2e764196d5af7d2dd86a76bd8dffdf93 /id/server/idserverlib
parent: 48241a89651341097fcc77aac4cc0333820f330d (diff)
download: moa-id-spss-07449c789f2561bb768d111e5b7d2c14e5dec26f.tar.gz
moa-id-spss-07449c789f2561bb768d111e5b7d2c14e5dec26f.tar.bz2
moa-id-spss-07449c789f2561bb768d111e5b7d2c14e5dec26f.zip
4 files changed, 55 insertions, 15 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
index d101df1fa..0014d2647 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
@@ -110,7 +110,7 @@ public class VerifyCertificateServlet extends AuthServlet {
 	    
 	    // escape parameter strings
 		sessionID = StringEscapeUtils.escapeHtml(sessionID);
-		
+				
 	    AuthenticationSession session = null;
 	    try {
 	       // check parameter
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
index 23861d290..740c85942 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
@@ -108,6 +108,7 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
       throw new IOException(e.getMessage());
     }
     String sessionID = req.getParameter(PARAM_SESSIONID);
+       
 
     // escape parameter strings
 	sessionID = StringEscapeUtils.escapeHtml(sessionID);
@@ -178,7 +179,10 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
                    session.getSessionID());
            
           
-     		   ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
+     		  //Logger.debug("ContentType set to: application/x-www-form-urlencoded (ServletUtils)");
+     		  //ServletUtils.writeCreateXMLSignatureRequestURLEncoded(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
+     		  Logger.debug("ContentType set to: text/xml;charset=UTF-8 (ServletUtils)");
+     		  ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
     			
     		}
     		else {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
index d35fc875d..a1e039661 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
@@ -270,8 +270,12 @@ public class ParamValidatorUtils {
     	  // check if template url starts with http or https 
     	  if (template.startsWith("http") || template.startsWith("https")) {
     	
-    		  // check if template url is from same server
-    		  if (template.contains(req.getServerName())) {
+    		  // check if template url is from same server    		  
+    		  String name = req.getServerName();
+    		  String httpName = "http://" + name;
+    		  String httpsName = "https://" + name;
+    		  
+    		  if (template.startsWith(httpName) || template.startsWith(httpsName)) {
     			 new URL(template);
     			 Logger.debug("Parameter Template bzw. bkuSelectionTemplateURL erfolgreich überprüft");
      	         return true;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java
index 24e5ff3d0..c3d548d54 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java
@@ -18,16 +18,17 @@
  */
 package at.gv.egovernment.moa.id.util;
 
-import java.io.IOException;
-import java.io.OutputStream;
-
-import javax.servlet.http.HttpServletResponse;
-
-import at.gv.egovernment.moa.id.MOAIDException;
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.logging.Logger;
+import java.io.IOException;
+import java.io.OutputStream;
+import java.net.URLEncoder;
+
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.logging.Logger;
 
 /**
  * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
@@ -96,7 +97,7 @@ public class ServletUtils {
       
       //TODO test impact of explicit setting charset with older versions of BKUs (HotSign)
       resp.setContentType("text/xml;charset=UTF-8");
-      
+            
       OutputStream out = resp.getOutputStream();
       out.write(createXMLSignatureRequestOrRedirect.getBytes("UTF-8"));
       out.flush();
@@ -104,5 +105,36 @@ public class ServletUtils {
       Logger.debug("Finished POST " + servletName);
     
   }
+
+  /**
+   * Writes out whether the CreateXMLSignatureRequest or a Redirect for form input processing 
+   * depending on the requests starting text.
+   * 
+   * @param resp The httpServletResponse
+   * @param session The current AuthenticationSession
+   * @param createXMLSignatureRequestOrRedirect The request
+   * @param servletGoal The servlet to which the redirect should happen
+   * @param servletName The servlet name for debug purposes
+   * @throws MOAIDException
+   * @throws IOException
+   */
+  public static void writeCreateXMLSignatureRequestURLEncoded(HttpServletResponse resp, AuthenticationSession session, String createXMLSignatureRequestOrRedirect, String servletGoal, String servletName, String dataURL) 
+  throws MOAIDException,
+         IOException { 
+	  resp.setStatus(200);
+	  Logger.debug("ContentType set to: application/x-www-form-urlencoded");
+	
+	  resp.setContentType("application/x-www-form-urlencoded");
+	  
+	  String content = "XMLRequest=" + URLEncoder.encode(createXMLSignatureRequestOrRedirect, "UTF-8") + "&" + 
+	  					"DataURL=" + URLEncoder.encode(dataURL, "UTF-8");
+      
+      OutputStream out = resp.getOutputStream();
+      out.write(content.getBytes("UTF-8"));
+      out.flush();
+      out.close();
+      Logger.debug("Finished POST " + servletName);
+    
+  }
 
 }
author	kstranacher <kstranacher@d688527b-c9ab-4aba-bd8d-4036d912da1d>	2011-04-07 19:22:50 +0000
committer	kstranacher <kstranacher@d688527b-c9ab-4aba-bd8d-4036d912da1d>	2011-04-07 19:22:50 +0000
commit	07449c789f2561bb768d111e5b7d2c14e5dec26f (patch)
tree	36a6606e2e764196d5af7d2dd86a76bd8dffdf93 /id/server/idserverlib
parent	48241a89651341097fcc77aac4cc0333820f330d (diff)
download	moa-id-spss-07449c789f2561bb768d111e5b7d2c14e5dec26f.tar.gz moa-id-spss-07449c789f2561bb768d111e5b7d2c14e5dec26f.tar.bz2 moa-id-spss-07449c789f2561bb768d111e5b7d2c14e5dec26f.zip