Allow only redirect to OAs from OA configuration

author: Thomas Lenz <tlenz@iaik.tugraz.at> 2014-03-31 07:48:47 +0200
committer: Thomas Lenz <tlenz@iaik.tugraz.at> 2014-03-31 07:48:47 +0200
commit: 8cb4ecdf1f2e120e4dcf3c1a4101206250028444 (patch)
tree: daee978ef5c91fdaaa507535230697579d31562d /id/server/idserverlib
parent: 3d8670eaeda9bc6898a7658a9dd7c954d40b435d (diff)
download: moa-id-spss-8cb4ecdf1f2e120e4dcf3c1a4101206250028444.tar.gz
moa-id-spss-8cb4ecdf1f2e120e4dcf3c1a4101206250028444.tar.bz2
moa-id-spss-8cb4ecdf1f2e120e4dcf3c1a4101206250028444.zip
1 files changed, 19 insertions, 1 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
index 84732d4ce..a11601daa 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
@@ -54,6 +54,9 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
 import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
 import at.gv.egovernment.moa.id.moduls.RequestStorage;
@@ -86,6 +89,16 @@ public class LogOutServlet extends AuthServlet {
 			//set default redirect Target
 			Logger.debug("Set default RedirectURL back to MOA-ID-Auth");
 			redirectUrl = AuthConfigurationProvider.getInstance().getPublicURLPrefix();
+			
+		} else {
+			//return an error if RedirectURL is not a active Online-Applikation
+			OnlineApplication oa = ConfigurationDBRead.getActiveOnlineApplication(redirectUrl);			
+			if (oa == null) {		
+				resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Parameters not valid");
+				return;
+				
+			}
+			
 		}
 		
 		if (ssomanager.isValidSSOSession(ssoid, req)) {
@@ -108,7 +121,12 @@ public class LogOutServlet extends AuthServlet {
 		ssomanager.deleteSSOSessionID(req, resp);
 		
 	} catch (Exception e) {
-		Logger.warn(LogOutServlet.class.getName() + " has an LogOut Error. Redirect to Applikation " + redirectUrl, e);
+		resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Request not allowed.");
+		return;
+		
+	} finally {
+		ConfigurationDBUtils.closeSession();
+		
 	}
 		
 	//Redirect to Application
author	Thomas Lenz <tlenz@iaik.tugraz.at>	2014-03-31 07:48:47 +0200
committer	Thomas Lenz <tlenz@iaik.tugraz.at>	2014-03-31 07:48:47 +0200
commit	8cb4ecdf1f2e120e4dcf3c1a4101206250028444 (patch)
tree	daee978ef5c91fdaaa507535230697579d31562d /id/server/idserverlib
parent	3d8670eaeda9bc6898a7658a9dd7c954d40b435d (diff)
download	moa-id-spss-8cb4ecdf1f2e120e4dcf3c1a4101206250028444.tar.gz moa-id-spss-8cb4ecdf1f2e120e4dcf3c1a4101206250028444.tar.bz2 moa-id-spss-8cb4ecdf1f2e120e4dcf3c1a4101206250028444.zip