make SAML2 http POST-Binding template and mandate-service selection-template configurable for every online application

5 files changed, 230 insertions, 16 deletions

diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/ServiceProviderSpecificGUIFormBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java
index 8244d630d..4bb4b0e27 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/ServiceProviderSpecificGUIFormBuilderConfiguration.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java
@@ -39,7 +39,7 @@ import at.gv.egovernment.moa.util.MiscUtil;
  * @author tlenz
  *
  */
-public class ServiceProviderSpecificGUIFormBuilderConfiguration extends AbstractGUIFormBuilderConfiguration {
+public abstract class AbstractServiceProviderSpecificGUIFormBuilderConfiguration extends AbstractGUIFormBuilderConfiguration {
 
 	public static final String VIEW_BKUSELECTION = "loginFormFull.html";
 	public static final String VIEW_SENDASSERTION = "sendAssertionFormFull.html";	
@@ -53,7 +53,7 @@ public class ServiceProviderSpecificGUIFormBuilderConfiguration extends Abstract
 	public static final String PARAM_OANAME = "OAName";
 	public static final String PARAM_COUNTRYLIST = "countryList";
 	
-	private IRequest pendingReq = null;
+	protected IRequest pendingReq = null;
 	
 	/**
 	 * @param authURL PublicURLPrefix of the IDP but never null
@@ -61,7 +61,7 @@ public class ServiceProviderSpecificGUIFormBuilderConfiguration extends Abstract
 	 * @param formSubmitEndpoint EndPoint on which the form should be submitted, 
 	 * 			or null if the form must not submitted
 	 */
-	public ServiceProviderSpecificGUIFormBuilderConfiguration(String authURL, String viewName, 
+	public AbstractServiceProviderSpecificGUIFormBuilderConfiguration(String authURL, String viewName, 
 			String formSubmitEndpoint) {
 		super(authURL, viewName, formSubmitEndpoint);
 		
@@ -73,7 +73,7 @@ public class ServiceProviderSpecificGUIFormBuilderConfiguration extends Abstract
 	 * @param formSubmitEndpoint EndPoint on which the form should be submitted, 
 	 * 			or null if the form must not submitted
 	 */
-	public ServiceProviderSpecificGUIFormBuilderConfiguration(IRequest pendingReq, String viewName, 
+	public AbstractServiceProviderSpecificGUIFormBuilderConfiguration(IRequest pendingReq, String viewName, 
 			String formSubmitEndpoint) {
 		super(pendingReq.getAuthURL(), viewName, formSubmitEndpoint);
 		this.pendingReq = pendingReq;
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java
index e8cd60afb..285c90163 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java
@@ -78,24 +78,16 @@ public class GUIFormBuilderImpl implements IGUIFormBuilder {
 		build(httpResp, config, getInternalContentType(config), loggerName);
 		
 	}
-	
-	
+		
 	@Override
 	public void build(HttpServletResponse httpResp, IGUIBuilderConfiguration config, 
 			String contentType, String loggerName) throws GUIBuildException {
 		
 		InputStream is = null;
 		try {
-			String viewName = config.getViewName();
+			String viewName = config.getViewName();			
+			is = getTemplateInputStream(config);
 			
-			//load Tempate
-			 is = getInternalTemplate(config);
-			if (is == null) {
-				Logger.warn("No GUI with viewName:" + viewName + " FOUND.");
-				throw new GUIBuildException("No GUI with viewName:" + viewName + " FOUND.");
-			
-			}
-
 			//build Velocity Context from input paramters
 			VelocityContext context = buildContextFromViewParams(config.getViewParameters());
 
@@ -137,6 +129,35 @@ public class GUIFormBuilderImpl implements IGUIFormBuilder {
 		
 	}
 
+	/**
+	 * Generate a new {@link VelocityContext} and populate it with MOA-ID GUI parameters
+	 * 
+	 * @param config
+	 * @return
+	 */
+	public VelocityContext generateVelocityContextFromConfiguration(IGUIBuilderConfiguration config) {
+		return buildContextFromViewParams(config.getViewParameters());
+		
+	}
+	
+	/**
+	 * Load the template from different resources
+	 * 
+	 * @param config
+	 * @return An {@link InputStream} but never null. The {@link InputStream} had to be closed be the invoking method
+	 * @throws GUIBuildException
+	 */
+	public InputStream getTemplateInputStream(IGUIBuilderConfiguration config) throws GUIBuildException {			
+		InputStream is = getInternalTemplate(config);
+		if (is == null) {
+			Logger.warn("No GUI with viewName:" + config.getViewName() + " FOUND.");
+			throw new GUIBuildException("No GUI with viewName:" + config.getViewName() + " FOUND.");
+		
+		}		
+		return is;
+		
+	}
+	
 	private String getInternalContentType(IGUIBuilderConfiguration config) {
 		if (MiscUtil.isEmpty(config.getDefaultContentType()))
 			return DEFAULT_CONTENT_TYPE;
@@ -167,7 +188,7 @@ public class GUIFormBuilderImpl implements IGUIFormBuilder {
 										
 				} catch (Exception e) {
 					//load template from classpath as backup
-					Logger.info("GUI template:" + viewName + " is not found in configuration directory. "
+					Logger.debug("GUI template:" + viewName + " is not found in configuration directory. "
 							+ " Load template from project library ... ");					
 					try  {
 						pathLocation = getInternalClasspathTemplateDir(config) + viewName;
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/IGUIFormBuilder.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/IGUIFormBuilder.java
index 198220e97..8e8a63094 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/IGUIFormBuilder.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/IGUIFormBuilder.java
@@ -64,4 +64,5 @@ public interface IGUIFormBuilder {
 	 */
 	void build(HttpServletResponse httpResp, IGUIBuilderConfiguration config, String contentType,
 			String loggerName) throws GUIBuildException;
+		
 }
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithDBLoad.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithDBLoad.java
new file mode 100644
index 000000000..13d8d3bb7
--- /dev/null
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithDBLoad.java
@@ -0,0 +1,82 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.frontend.builder;
+
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SPSpecificGUIBuilderConfigurationWithDBLoad extends AbstractServiceProviderSpecificGUIFormBuilderConfiguration {
+		
+	/**
+	 * @param authURL PublicURLPrefix of the IDP but never null
+	 * @param viewName Name of the template (with suffix) but never null
+	 * @param formSubmitEndpoint EndPoint on which the form should be submitted, 
+	 * 			or null if the form must not submitted
+	 */
+	public SPSpecificGUIBuilderConfigurationWithDBLoad(String authURL, String viewName, 
+			String formSubmitEndpoint) {
+		super(authURL, viewName, formSubmitEndpoint);
+		
+	}
+	
+	/**
+	 * @param Current processed pending-request DAO but never null
+	 * @param viewName Name of the template (with suffix) but never null
+	 * @param formSubmitEndpoint EndPoint on which the form should be submitted, 
+	 * 			or null if the form must not submitted
+	 */
+	public SPSpecificGUIBuilderConfigurationWithDBLoad(IRequest pendingReq, String viewName, 
+			String formSubmitEndpoint) {
+		super(pendingReq, viewName, formSubmitEndpoint);
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.frontend.AbstractGUIFormBuilder#getTemplate(java.lang.String)
+	 */
+	@Override
+	public InputStream getTemplate(String viewName) {		
+		if (pendingReq != null && pendingReq.getOnlineApplicationConfiguration() != null) {
+			
+			byte[] oatemplate = null;			
+			if (VIEW_BKUSELECTION.equals(viewName))				
+				oatemplate = pendingReq.getOnlineApplicationConfiguration().getBKUSelectionTemplate();
+			
+			else if (VIEW_SENDASSERTION.equals(viewName))
+				oatemplate = pendingReq.getOnlineApplicationConfiguration().getSendAssertionTemplate();
+			
+			// OA specific template requires a size of 8 bits minimum
+			if (oatemplate != null && oatemplate.length > 7)
+				return new ByteArrayInputStream(oatemplate);							
+		}
+		
+		return null;
+	}
+
+}
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithFileSystemLoad.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithFileSystemLoad.java
new file mode 100644
index 000000000..8bb6bc4e3
--- /dev/null
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithFileSystemLoad.java
@@ -0,0 +1,110 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.frontend.builder;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.InputStream;
+import java.net.MalformedURLException;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.net.URL;
+
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.FileUtils;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SPSpecificGUIBuilderConfigurationWithFileSystemLoad extends AbstractServiceProviderSpecificGUIFormBuilderConfiguration {
+	
+	private String configKeyIdentifier = null;
+	private String configRootContextDir = null;
+	
+	/**
+	 * @param authURL PublicURLPrefix of the IDP but never null
+	 * @param viewName Name of the template (with suffix) but never null
+	 * @param configKeyIdentifier Identifier of the configuration key in OA configuration that holds the filesystem URI to template 
+	 * @param formSubmitEndpoint EndPoint on which the form should be submitted 
+	 * @param configRootContextDir Path to MOA-ID-Auth configuration root directory 
+	 * 			or null if the form must not submitted
+	 */
+	public SPSpecificGUIBuilderConfigurationWithFileSystemLoad(String authURL, String viewName, 
+			String configKeyIdentifier, String formSubmitEndpoint, String configRootContextDir) {
+		super(authURL, viewName, formSubmitEndpoint);
+		this.configKeyIdentifier = configKeyIdentifier;
+		this.configRootContextDir = configRootContextDir;
+		
+	}
+	
+	/**
+	 * @param Current processed pending-request DAO but never null
+	 * @param viewName Name of the template (with suffix) but never null
+	 * @param configKeyIdentifier Identifier of the configuration key in OA configuration that holds the filesystem URI to template 
+	 * @param formSubmitEndpoint EndPoint on which the form should be submitted 
+	 * @param configRootContextDir Path to MOA-ID-Auth configuration root directory 
+	 */
+	public SPSpecificGUIBuilderConfigurationWithFileSystemLoad(IRequest pendingReq, String viewName, 
+			String configKeyIdentifier, String formSubmitEndpoint, String configRootContextDir) {
+		super(pendingReq, viewName, formSubmitEndpoint);
+		this.configKeyIdentifier = configKeyIdentifier;
+		this.configRootContextDir = configRootContextDir;
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.frontend.AbstractGUIFormBuilder#getTemplate(java.lang.String)
+	 */
+	@Override
+	public InputStream getTemplate(String viewName) {		
+		if (pendingReq != null && pendingReq.getOnlineApplicationConfiguration() != null && 
+				configKeyIdentifier != null) {
+			try {
+				String templateURL = pendingReq.getOnlineApplicationConfiguration().getConfigurationValue(configKeyIdentifier);
+				if (MiscUtil.isNotEmpty(templateURL)) {
+					String absURL = FileUtils.makeAbsoluteURL(templateURL, configRootContextDir);				
+					if (!absURL.startsWith("file:")) {
+						Logger.warn("GUI template are only loadable from filesystem! "
+								+ "(templateURL: " + absURL + ")");
+						return null;
+					}
+				
+					Logger.debug("Load template URL for view: " + viewName + " from: " + absURL);
+					URI uri = new URL(absURL).toURI();
+					return new FileInputStream(new File(uri));
+				
+				}									
+			} catch (FileNotFoundException | URISyntaxException | MalformedURLException e) {
+				Logger.warn("Template for view: " + viewName + " is NOT loadable!  -> Switch to default template", e);
+				
+			}
+		}
+		
+		return null;
+	}
+
+}