fix refactoring problems

author: Thomas Lenz <tlenz@iaik.tugraz.at> 2016-02-22 14:26:53 +0100
committer: Thomas Lenz <tlenz@iaik.tugraz.at> 2016-02-22 14:26:53 +0100
commit: 40fb77ef20069a54bd348149d04adeb246ec2f86 (patch)
tree: 76102238b7a3f9fdd99d9d984233f87fe2b11b81 /id/server/modules
parent: 4215d7ef6970f34f5f0e1f65ecd8253dd6827203 (diff)
download: moa-id-spss-40fb77ef20069a54bd348149d04adeb246ec2f86.tar.gz
moa-id-spss-40fb77ef20069a54bd348149d04adeb246ec2f86.tar.bz2
moa-id-spss-40fb77ef20069a54bd348149d04adeb246ec2f86.zip
5 files changed, 50 insertions, 23 deletions
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferGUIServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferGUIServlet.java
index fae1b6f4d..0bc4a4839 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferGUIServlet.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferGUIServlet.java
@@ -108,7 +108,7 @@ public class SSOTransferGUIServlet extends AuthServlet {
 							String token = Random.nextRandom();
 							AssertionStorage.getInstance().put(token, encodedSSOContainer);
 							
-							String containerURL = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix()
+							String containerURL = authURL
 									+ SSOTransferConstants.SERVLET_SSOTRANSFER_TO_SMARTPHONE
 									+ "?"+ SSOTransferConstants.REQ_PARAM_TOKEN + "=" + token;
 							
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java
index 2f8b8fe2c..b82417ae6 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java
@@ -22,7 +22,12 @@
  */
 package at.gv.egovernment.moa.id.auth.modules.ssotransfer.servlet;
 
+import java.io.IOException;
+
+import javax.servlet.ServletException;
 import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 
 import at.gv.egovernment.moa.id.auth.servlet.ProcessEngineSignalServlet;
 import at.gv.egovernment.moa.logging.Logger;
@@ -42,4 +47,14 @@ public class SSOTransferSignalServlet extends ProcessEngineSignalServlet {
 		
 	}
 	
+	protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
+		Logger.debug("Receive http-POST request.");
+		super.doPost(req, resp);
+		
+	}
+	
+	protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
+		Logger.debug("Receive http-GET request.");
+		super.doPost(req, resp);
+	}
 }
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java
index cebf8431b..67566afe5 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java
@@ -24,35 +24,25 @@ package at.gv.egovernment.moa.id.auth.modules.ssotransfer.task;
 
 import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_SESSIONID;
 
-import java.io.ByteArrayOutputStream;
-
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.apache.velocity.VelocityContext;
 
-import net.glxn.qrgen.QRCode;
-import net.glxn.qrgen.image.ImageType;
-
-import com.google.gson.JsonObject;
-
 import at.gv.egovernment.moa.id.auth.BaseAuthenticationServer;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.moduls.RequestStorage;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.id.util.HTTPUtils;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
-import at.gv.egovernment.moa.id.util.Random;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.Base64Utils;
 
 /**
  * @author tlenz
@@ -69,6 +59,15 @@ public class InitializeRestoreSSOSessionTask extends AbstractAuthServletTask {
 			throws TaskExecutionException {
 
 		try {
+			//create first step of SSO Transfer GUI
+			String authURL = HTTPUtils.extractAuthURLFromRequest(request);
+			if (!AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix().
+					contains(authURL)) {						
+				Logger.warn("Requested URL is not allowed.");;
+				response.sendError(500, "Requested URL is not allowed.");
+				
+			}
+						
 			String sessionID = (String) executionContext.get(PARAM_SESSIONID);
 			String pendingRequestID = (String) executionContext.get("pendingRequestID");
 		
@@ -79,7 +78,7 @@ public class InitializeRestoreSSOSessionTask extends AbstractAuthServletTask {
 			AuthenticationSession moasession = BaseAuthenticationServer.getSession(sessionID);			
 			IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID);
 			
-			VelocityContext context = GUIUtils.buildSSOTransferGUI(moasession);
+			VelocityContext context = GUIUtils.buildSSOTransferGUI(authURL, moasession);
 			GUIUtils.printSSOTransferGUI(context, response);
 			
 			
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
index 270264099..006b27167 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
@@ -49,11 +49,13 @@ import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.moduls.RequestStorage;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
 import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.HTTPUtils;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -73,12 +75,13 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask {
 			throws TaskExecutionException {
 		
 		Logger.debug("Receive " + this.getClass().getName() + " request");
-		
+				
 		StringBuffer sb = new StringBuffer();
 		String receivedPostMessage = null;
 		AuthenticationSession moasession = null;
 		IRequest pendingReq = null;
-		try {
+		String authURL =null;
+		try {	
 			String sessionID = (String) request.getParameter(PARAM_SESSIONID);
 			String pendingRequestID = (String) executionContext.get("pendingRequestID");
 		
@@ -120,7 +123,7 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask {
 			    			 " | validTo:" + validTo + 
 			    		     " | entityIS:" + entityID);
 			    
-			    if (PVPConfiguration.getInstance().getIDPPublicPath().equals(entityID)) {
+			    if (PVPConfiguration.getInstance().getIDPPublicPath().contains(entityID)) {
 			    	// stored SSO session data is from this IDP - start local session reconstruction
 			    	Response ssoInformation = SSOContainerUtils.validateReceivedSSOContainer(sessionBlob);
 			    	SSOContainerUtils.parseSSOContainerToMOASessionDataObject(pendingReq, moasession, ssoInformation);
@@ -138,10 +141,12 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask {
 			    	executionContext.put(SSOTransferConstants.FLAG_SSO_SESSION_RESTORED, true);
 			    					    				    	
 			    } else {
-			    	Logger.debug("Received SSO session-data is from IDP: " + entityID 
+			    	Logger.info("Received SSO session-data is from IDP: " + entityID 
 			    			+ ". Start inderfederation process to restore SSO session ... ");
 			    	//change to inderfederated session reconstruction
 			    	
+			    	Logger.warn("Device Session Transfer with interfederation is not implemented, yet!!!!");
+			    	
 			    }
 			    						
 			 } catch (Exception e) {
@@ -173,7 +178,16 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask {
 					
 					VelocityContext context;
 					try {
-						context = GUIUtils.buildSSOTransferGUI(moasession);
+						//create first step of SSO Transfer GUI
+						authURL = HTTPUtils.extractAuthURLFromRequest(request);
+						if (!AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix().
+								contains(authURL)) {						
+							Logger.warn("Requested URL is not allowed.");;
+							response.sendError(500, "Requested URL is not allowed.");
+							
+						}	
+						
+						context = GUIUtils.buildSSOTransferGUI(authURL, moasession);
 						GUIUtils.printSSOTransferGUI(context, response);
 						
 					} catch (IOException | MOAIDException e) {
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java
index 1bbaf1dd9..310b8a813 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java
@@ -34,9 +34,6 @@ import java.net.URI;
 
 import javax.servlet.http.HttpServletResponse;
 
-import net.glxn.qrgen.QRCode;
-import net.glxn.qrgen.image.ImageType;
-
 import org.apache.velocity.VelocityContext;
 import org.apache.velocity.app.VelocityEngine;
 
@@ -51,6 +48,8 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.util.VelocityProvider;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
+import net.glxn.qrgen.QRCode;
+import net.glxn.qrgen.image.ImageType;
 
 /**
  * @author tlenz
@@ -62,9 +61,9 @@ public class GUIUtils {
 	
 	public static final int REFESH_TIMEOUT = 5 * 1000; //5 sec
 	
-	public static VelocityContext buildSSOTransferGUI(AuthenticationSession moasession) throws ConfigurationException, IOException {
+	public static VelocityContext buildSSOTransferGUI(String authURL, AuthenticationSession moasession) throws ConfigurationException, IOException {
 		String token = moasession.getSessionID();
-		String containerURL = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix()
+		String containerURL = authURL
 				+ SSOTransferConstants.SERVLET_SSOTRANSFER_FROM_SMARTPHONE
 				+ "?" + MOAIDAuthConstants.PARAM_SESSIONID + "=" + token;
author	Thomas Lenz <tlenz@iaik.tugraz.at>	2016-02-22 14:26:53 +0100
committer	Thomas Lenz <tlenz@iaik.tugraz.at>	2016-02-22 14:26:53 +0100
commit	40fb77ef20069a54bd348149d04adeb246ec2f86 (patch)
tree	76102238b7a3f9fdd99d9d984233f87fe2b11b81 /id/server/modules
parent	4215d7ef6970f34f5f0e1f65ecd8253dd6827203 (diff)
download	moa-id-spss-40fb77ef20069a54bd348149d04adeb246ec2f86.tar.gz moa-id-spss-40fb77ef20069a54bd348149d04adeb246ec2f86.tar.bz2 moa-id-spss-40fb77ef20069a54bd348149d04adeb246ec2f86.zip