diff options
| author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2016-02-18 19:21:10 +0100 | 
|---|---|---|
| committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2016-02-18 19:21:10 +0100 | 
| commit | 9bafb2671b297d39574c346c896347f197282081 (patch) | |
| tree | 6a6b4a0a3327990e10e99395764eb80a2aea2e24 /id/server/idserverlib | |
| parent | f38bf93a9636f43246b7021c0ac48591b7afaf57 (diff) | |
| download | moa-id-spss-9bafb2671b297d39574c346c896347f197282081.tar.gz moa-id-spss-9bafb2671b297d39574c346c896347f197282081.tar.bz2 moa-id-spss-9bafb2671b297d39574c346c896347f197282081.zip | |
remove AXIS1 implemented WebService for SAML1  --> now a simple Spring controller is used as WebService endpoint
Diffstat (limited to 'id/server/idserverlib')
| -rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java | 11 | 
1 files changed, 10 insertions, 1 deletions
| diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java index 7835687e8..c5a9ad34b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java @@ -34,6 +34,7 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;  import at.gv.egovernment.moa.id.util.HTTPUtils;  import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;  import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil;  /**   * @author tlenz @@ -49,7 +50,15 @@ public class WebFrontEndSecurityInterceptor implements HandlerInterceptor {  	@Override  	public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)  			throws Exception { - +		 +		//only for SAML1 GetAuthenticationData webService functionality +		String requestedServlet = request.getServletPath();		 +		if (MiscUtil.isNotEmpty(requestedServlet) && requestedServlet.startsWith("/services/GetAuthenticationData")) { +			Logger.debug("SAML1 GetAuthenticationServices allow access without SSL"); +			return true; +			 +		} +		  		//check AuthURL  	    String authURL = HTTPUtils.extractAuthURLFromRequest(request);  		if (!authURL.startsWith("https:") && !authConfig.isHTTPAuthAllowed()) { | 
