aboutsummaryrefslogtreecommitdiff
path: root/id/server/modules/moa-id-modules-saml1/src
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2016-02-15 18:12:06 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2016-02-15 18:12:06 +0100
commit1b7401488933f031a68dfe929b25db86279b52d2 (patch)
tree5b6126d66845e97d962e080396b740b2935deb07 /id/server/modules/moa-id-modules-saml1/src
parentff8ae7727e4de105a1179288b129429a29bc07ca (diff)
downloadmoa-id-spss-1b7401488933f031a68dfe929b25db86279b52d2.tar.gz
moa-id-spss-1b7401488933f031a68dfe929b25db86279b52d2.tar.bz2
moa-id-spss-1b7401488933f031a68dfe929b25db86279b52d2.zip
First untested part: Refactor authentication modules and process management to Spring
Diffstat (limited to 'id/server/modules/moa-id-modules-saml1/src')
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java17
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java25
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java19
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java97
4 files changed, 78 insertions, 80 deletions
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
index 7f3c353f1..b4c8c37d4 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
@@ -27,6 +27,9 @@ import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
@@ -43,8 +46,11 @@ import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.URLEncoder;
import eu.eidas.auth.commons.IPersonalAttributeList;
+@Service("SAML1_GetArtifactAction")
public class GetArtifactAction implements IAction {
+ @Autowired private SAML1AuthenticationServer saml1server;
+
public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq,
HttpServletResponse httpResp, IAuthData obj) throws AuthenticationException {
@@ -69,15 +75,13 @@ public class GetArtifactAction implements IAction {
try {
OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance()
.getOnlineApplicationParameter(oaURL);
-
- SAML1AuthenticationServer saml1server = SAML1AuthenticationServer.getInstace();
-
+
// add other stork attributes to MOA assertion if available
IPersonalAttributeList storkAttributes = authData.getGenericData(
AuthenticationSessionStorageConstants.STORK_ATTRIBUTELIST,
IPersonalAttributeList.class);
if(null != storkAttributes) {
- List<ExtendedSAMLAttribute> moaExtendedSAMLAttibutes = SAML1AuthenticationServer.addAdditionalSTORKAttributes(storkAttributes);
+ List<ExtendedSAMLAttribute> moaExtendedSAMLAttibutes = saml1server.addAdditionalSTORKAttributes(storkAttributes);
authData.getExtendedSAMLAttributesOA().addAll(moaExtendedSAMLAttibutes);
Logger.info("MOA assertion assembled and SAML Artifact generated.");
}
@@ -88,7 +92,8 @@ public class GetArtifactAction implements IAction {
String url = req.getAuthURL() + "/RedirectServlet";
url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(oaURL, "UTF-8"));
if (!oaParam.getBusinessService())
- url = addURLParameter(url, MOAIDAuthConstants.PARAM_TARGET, URLEncoder.encode(req.getTarget(), "UTF-8"));
+ url = addURLParameter(url, MOAIDAuthConstants.PARAM_TARGET,
+ URLEncoder.encode(req.getGenericData(SAML1Protocol.REQ_DATA_TARGET, String.class), "UTF-8"));
url = addURLParameter(url, MOAIDAuthConstants.PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
url = httpResp.encodeRedirectURL(url);
@@ -100,7 +105,7 @@ public class GetArtifactAction implements IAction {
String redirectURL = oaURL;
if (!oaParam.getBusinessService()) {
redirectURL = addURLParameter(redirectURL, MOAIDAuthConstants.PARAM_TARGET,
- URLEncoder.encode(req.getTarget(), "UTF-8"));
+ URLEncoder.encode(req.getGenericData(SAML1Protocol.REQ_DATA_TARGET, String.class), "UTF-8"));
}
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
index 2b4aaf458..7e46e53fe 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
@@ -54,7 +54,6 @@ import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
import at.gv.egovernment.moa.id.auth.builder.SAMLResponseBuilder;
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.util.ErrorResponseUtils;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
@@ -134,11 +133,14 @@ public class GetAuthenticationDataService implements Constants {
Element samlArtifactElem = (Element)samlArtifactList.item(0);
requestID = request.getAttribute("RequestID");
String samlArtifact = DOMUtils.getText(samlArtifactElem);
- SAML1AuthenticationServer saml1server = SAML1AuthenticationServer.getInstace();
+
+
+ //SAML1AuthenticationServer saml1server = SAML1AuthenticationServer.getInstace();
try {
-
- samlAssertion = saml1server.getSaml1AuthenticationData(samlArtifact);
+
+ samlAssertion = "Find a solution to integrate Axis 1 into Spring";
+ //samlAssertion = saml1server.getSaml1AuthenticationData(samlArtifact);
// success
statusCode = "samlp:Success";
@@ -148,7 +150,8 @@ public class GetAuthenticationDataService implements Constants {
catch (ClassCastException ex) {
try {
- Throwable error = saml1server.getErrorResponse(samlArtifact);
+ //Throwable error = saml1server.getErrorResponse(samlArtifact);
+ Throwable error = new Exception("Find a solution to integrate Axis 1 into Spring");
statusCode = "samlp:Responder";
ErrorResponseUtils errorUtils = ErrorResponseUtils.getInstance();
@@ -171,12 +174,12 @@ public class GetAuthenticationDataService implements Constants {
}
- catch (AuthenticationException ex) {
- //no authentication data for given SAML artifact
- statusCode = "samlp:Requester";
- subStatusCode = "samlp:ResourceNotRecognized";
- statusMessage = ex.toString();
- }
+// catch (AuthenticationException ex) {
+// //no authentication data for given SAML artifact
+// statusCode = "samlp:Requester";
+// subStatusCode = "samlp:ResourceNotRecognized";
+// statusMessage = ex.toString();
+// }
}
}
catch (Throwable t) {
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index 5312d779c..1d06bb48a 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -35,6 +35,8 @@ import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.TransformerException;
import org.apache.commons.lang3.StringEscapeUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
import org.w3c.dom.Element;
import org.xml.sax.SAXException;
@@ -60,7 +62,7 @@ import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.config.auth.data.SAML1ConfigurationParameters;
import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.storage.AssertionStorage;
+import at.gv.egovernment.moa.id.storage.ITransactionStorage;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
@@ -77,19 +79,10 @@ import eu.eidas.auth.commons.IPersonalAttributeList;
import eu.eidas.auth.commons.PersonalAttribute;
//import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
+@Service("SAML1AuthenticationServer")
public class SAML1AuthenticationServer extends AuthenticationServer {
-
- private static SAML1AuthenticationServer instance;
-
- public static SAML1AuthenticationServer getInstace() {
- if (instance == null)
- instance = new SAML1AuthenticationServer();
- return instance;
- }
-
- private static AssertionStorage authenticationDataStore = AssertionStorage.getInstance();
-
+ @Autowired private ITransactionStorage authenticationDataStore;
/**
* time out in milliseconds used by {@link cleanup} for authentication data
@@ -129,7 +122,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
* @param iPersonalAttributeList STORK attribute list
* @return
*/
- public static List<ExtendedSAMLAttribute> addAdditionalSTORKAttributes(IPersonalAttributeList iPersonalAttributeList) {
+ public List<ExtendedSAMLAttribute> addAdditionalSTORKAttributes(IPersonalAttributeList iPersonalAttributeList) {
List<ExtendedSAMLAttribute> moaExtendedSAMLAttributeList = new Vector<ExtendedSAMLAttribute>();
if(null == iPersonalAttributeList)
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
index 6573270e4..417bf4dc9 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -22,18 +22,20 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.saml1;
+import java.io.IOException;
import java.util.Arrays;
-import java.util.HashMap;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringEscapeUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException;
@@ -42,17 +44,23 @@ import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.config.auth.data.SAML1ConfigurationParameters;
-import at.gv.egovernment.moa.id.moduls.IAction;
-import at.gv.egovernment.moa.id.moduls.IModulInfo;
import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController;
+import at.gv.egovernment.moa.id.protocols.pvp2x.AuthenticationAction;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.URLEncoder;
-public class SAML1Protocol extends MOAIDAuthConstants implements IModulInfo {
+@Controller
+public class SAML1Protocol extends AbstractProtocolModulController {
+ @Autowired private SAML1AuthenticationServer saml1AuthServer;
+
+ public static final String REQ_DATA_SOURCEID = "sourceID";
+ public static final String REQ_DATA_TARGET = "target";
+
public static final String NAME = SAML1Protocol.class.getName();
public static final String PATH = "id_saml1";
@@ -72,24 +80,6 @@ public class SAML1Protocol extends MOAIDAuthConstants implements IModulInfo {
PVPConstants.EID_SOURCE_PIN_TYPE_NAME
});
- private static HashMap<String, IAction> actions = new HashMap<String, IAction>();
-
- static {
-
- actions.put(GETARTIFACT, new GetArtifactAction());
-
- instance = new SAML1Protocol();
- }
-
- private static SAML1Protocol instance = null;
-
- public static SAML1Protocol getInstance() {
- if (instance == null) {
- instance = new SAML1Protocol();
- }
- return instance;
- }
-
public String getName() {
return NAME;
}
@@ -98,16 +88,29 @@ public class SAML1Protocol extends MOAIDAuthConstants implements IModulInfo {
return PATH;
}
- public IRequest preProcess(HttpServletRequest request,
- HttpServletResponse response, String action,
- String sessionId, String transactionId) throws MOAIDException {
- SAML1RequestImpl config = new SAML1RequestImpl(request);
-
+
+ @RequestMapping(value = "/StartAuthentication", method = {RequestMethod.POST, RequestMethod.GET})
+ public void PVPMetadataRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException {
if (!AuthConfigurationProviderFactory.getInstance().getAllowedProtocols().isSAML1Active()) {
Logger.info("SAML1 is deaktivated!");
throw new ProtocolNotActiveException("auth.22", new Object[] { "SAML 1" });
}
+
+ SAML1RequestImpl pendingRequest = new SAML1RequestImpl(req);
+ pendingRequest.setModule(NAME);
+
+ //preProcess SAML1 Request
+ preProcess(req, resp, pendingRequest);
+
+ performAuthentication(req, resp, pendingRequest);
+ return;
+
+ }
+
+
+ public void preProcess(HttpServletRequest request,
+ HttpServletResponse response, SAML1RequestImpl pendingRequest) throws MOAIDException {
String oaURL = (String) request.getParameter(PARAM_OA);
//oaURL = StringEscapeUtils.escapeHtml(oaURL);
@@ -135,7 +138,7 @@ public class SAML1Protocol extends MOAIDAuthConstants implements IModulInfo {
throw new WrongParametersException("StartAuthentication", PARAM_OA,
"auth.12");
- config.setOAURL(oaURL);
+ pendingRequest.setOAURL(oaURL);
Logger.info("Dispatch SAML1 Request: OAURL=" + oaURL);
@@ -157,19 +160,23 @@ public class SAML1Protocol extends MOAIDAuthConstants implements IModulInfo {
throw new InvalidProtocolRequestException("auth.00",
new Object[] { null });
}
- config.setOnlineApplicationConfiguration(oaParam);
- config.setSourceID(sourceID);
+ pendingRequest.setOnlineApplicationConfiguration(oaParam);
+ pendingRequest.setSourceID(sourceID);
- MOAReversionLogger.getInstance().logEvent(sessionId, transactionId, MOAIDEventConstants.AUTHPROTOCOL_SAML1_AUTHNREQUEST);
+ revisionsLogger.logEvent(pendingRequest, MOAIDEventConstants.AUTHPROTOCOL_SAML1_AUTHNREQUEST);
if (MiscUtil.isNotEmpty(target))
- config.setTarget(target);
+ pendingRequest.setGenericDataToSession(REQ_DATA_TARGET, target);
else
- config.setTarget(oaParam.getTarget());
-
-
- return config;
+ pendingRequest.setGenericDataToSession(REQ_DATA_TARGET, oaParam.getTarget());
+
+ //AuthnRequest needs authentication
+ pendingRequest.setNeedAuthentication(true);
+
+ //set protocol action, which should be executed after authentication
+ pendingRequest.setAction(AuthenticationAction.class.getName());
+
}
public boolean generateErrorMessage(Throwable e,
@@ -181,9 +188,8 @@ public class SAML1Protocol extends MOAIDAuthConstants implements IModulInfo {
if (!oa.getSAML1Parameter().isProvideAllErrors())
return false;
- else {
- SAML1AuthenticationServer saml1authentication = SAML1AuthenticationServer.getInstace();
- String samlArtifactBase64 = saml1authentication.BuildErrorAssertion(e, protocolRequest);
+ else {
+ String samlArtifactBase64 = saml1AuthServer.BuildErrorAssertion(e, protocolRequest);
String url = protocolRequest.getAuthURL() + "/RedirectServlet";
url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(protocolRequest.getOAURL(), "UTF-8"));
@@ -199,15 +205,6 @@ public class SAML1Protocol extends MOAIDAuthConstants implements IModulInfo {
}
}
- public IAction getAction(String action) {
- return actions.get(action);
- }
-
- public IAction canHandleRequest(HttpServletRequest request,
- HttpServletResponse response) {
- return null;
- }
-
public boolean validate(HttpServletRequest request,
HttpServletResponse response, IRequest pending) {