diff options
| author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2014-04-17 07:58:01 +0200 |
|---|---|---|
| committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2014-04-17 07:58:01 +0200 |
| commit | 432441f6debd593f86075d1995fdb1d48cbd8b36 (patch) | |
| tree | 85e6d2142da75d2deeb9ed9564f1c87c087de93a /id/server/idserverlib | |
| parent | fb85746274a04f77ac3a76b1a790fbe210148ee6 (diff) | |
| download | moa-id-spss-432441f6debd593f86075d1995fdb1d48cbd8b36.tar.gz moa-id-spss-432441f6debd593f86075d1995fdb1d48cbd8b36.tar.bz2 moa-id-spss-432441f6debd593f86075d1995fdb1d48cbd8b36.zip | |
compare SAML2 destination URL with expected URL
Diffstat (limited to 'id/server/idserverlib')
3 files changed, 35 insertions, 4 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java index 1d6b227d6..3094abba8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java @@ -26,9 +26,23 @@ import org.opensaml.common.binding.decoding.URIComparator; public class MOAURICompare implements URIComparator { + /** + * @param idpssoPostService + */ + + private String serviceURL = ""; + + public MOAURICompare(String serviceURL) { + this.serviceURL = serviceURL; + } + public boolean compare(String uri1, String uri2) { - // TODO: implement proper equalizer for rewritten URLS - return true; + + if (this.serviceURL.equals(uri1)) + return true; + + else + return false; } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java index a7633952a..645d15086 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java @@ -48,6 +48,8 @@ import org.opensaml.xml.security.credential.Credential; import org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter; import org.opensaml.xml.security.x509.X509Credential; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface; @@ -142,7 +144,12 @@ public class PostBinding implements IDecoder, IEncoder { BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); messageContext .setInboundMessageTransport(new HttpServletRequestAdapter(req)); - decode.setURIComparator(new MOAURICompare()); + try { + decode.setURIComparator(new MOAURICompare(PVPConfiguration.getInstance().getIDPSSOPostService())); + + } catch (ConfigurationException e) { + throw new SecurityException(e); + } decode.decode(messageContext); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java index 9254ec279..68069f3a5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java @@ -51,7 +51,9 @@ import org.opensaml.xml.security.SecurityException; import org.opensaml.xml.security.credential.Credential; import org.opensaml.xml.security.x509.X509Credential; +import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; +import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; @@ -132,7 +134,15 @@ public class RedirectBinding implements IDecoder, IEncoder { HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder( new BasicParserPool()); - decode.setURIComparator(new MOAURICompare()); + + try { + decode.setURIComparator(new MOAURICompare(PVPConfiguration.getInstance().getIDPSSORedirectService())); + + } catch (ConfigurationException e) { + throw new SecurityException(e); + + } + BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); messageContext .setInboundMessageTransport(new HttpServletRequestAdapter(req)); |