remove AXIS1 implemented WebService for SAML1 --> now a simple Spring controller is used as WebService endpoint

1 files changed, 10 insertions, 1 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
index 7835687e8..c5a9ad34b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
@@ -34,6 +34,7 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
 import at.gv.egovernment.moa.id.util.HTTPUtils;
 import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
 import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
 
 /**
  * @author tlenz
@@ -49,7 +50,15 @@ public class WebFrontEndSecurityInterceptor implements HandlerInterceptor {
 	@Override
 	public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
 			throws Exception {
-
+		
+		//only for SAML1 GetAuthenticationData webService functionality
+		String requestedServlet = request.getServletPath();		
+		if (MiscUtil.isNotEmpty(requestedServlet) && requestedServlet.startsWith("/services/GetAuthenticationData")) {
+			Logger.debug("SAML1 GetAuthenticationServices allow access without SSL");
+			return true;
+			
+		}
+		
 		//check AuthURL
 	    String authURL = HTTPUtils.extractAuthURLFromRequest(request);
 		if (!authURL.startsWith("https:") && !authConfig.isHTTPAuthAllowed()) {