implement user restriction based on whitelisting

author: Thomas Lenz <tlenz@iaik.tugraz.at> 2018-06-05 10:44:40 +0200
committer: Thomas Lenz <tlenz@iaik.tugraz.at> 2018-06-05 10:44:40 +0200
commit: 709197ce12c5502f86e16da1167b97ca318f47fa (patch)
tree: 17a96fd5d68ddd9eb6390989bcd4590ade8de46d /id/server/modules
parent: ecf9de84e76dde785ced8c1632c7909d1d57f94a (diff)
download: moa-id-spss-709197ce12c5502f86e16da1167b97ca318f47fa.tar.gz
moa-id-spss-709197ce12c5502f86e16da1167b97ca318f47fa.tar.bz2
moa-id-spss-709197ce12c5502f86e16da1167b97ca318f47fa.zip
3 files changed, 21 insertions, 11 deletions
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml
index 74792ed72..48c7b6a07 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml
@@ -15,7 +15,8 @@
 	<pd:Task id="prepareAuthBlockSignature" class="PrepareAuthBlockSignatureTask" />
 	<pd:Task id="prepareGetMISMandate" 			class="PrepareGetMISMandateTask" />
 	<pd:Task id="finalizeAuthentication" 		class="FinalizeAuthenticationTask" />
-	<pd:Task id="getForeignID"              class="GetForeignIDTask"              async="true" />
+	<pd:Task id="getForeignID"              class="GetForeignIDTask"              async="true" />	
+	<pd:Task id="userRestrictionTask" class="UserRestrictionTask" />
 
 	<!-- Process is triggered either by GenerateIFrameTemplateServlet (upon bku selection) or by AuthenticationManager (upon legacy authentication start using legacy parameters. -->
 	<pd:StartEvent id="start" />
@@ -39,13 +40,15 @@
 	<pd:Transition from="verifyCertificate"         to="getForeignID" />
 	
 	<pd:Transition from="verifyAuthBlock"           to="prepareGetMISMandate" conditionExpression="ctx['useMandate']" />
-	<pd:Transition from="verifyAuthBlock"           to="finalizeAuthentication" />
+	<pd:Transition from="verifyAuthBlock"           to="userRestrictionTask" />
 	
 	<pd:Transition from="prepareGetMISMandate"      to="getMISMandate" />
 		
-	<pd:Transition from="getMISMandate"           	to="finalizeAuthentication" />
-	<pd:Transition from="getForeignID"              to="finalizeAuthentication" />
+	<pd:Transition from="getMISMandate"           	to="userRestrictionTask" />
+	<pd:Transition from="getForeignID"              to="userRestrictionTask" />
 	
+	
+	<pd:Transition from="userRestrictionTask"           to="finalizeAuthentication" />
 	<pd:Transition from="finalizeAuthentication"    to="end" />
 		
 	<pd:EndEvent id="end" />
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml
index d41e8a017..60fd120d0 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml
@@ -17,6 +17,8 @@
 	<pd:Task id="finalizeAuthentication" 		class="FinalizeAuthenticationTask" />
 	<pd:Task id="getForeignID"              class="GetForeignIDTask"              async="true" />
 	
+	<pd:Task id="userRestrictionTask" class="UserRestrictionTask" />
+	
 	<!-- ELGA Mandate-Service Tasks -->
 	<pd:Task id="redirectToMandateSelectionTask"    class="RedirectToMandateSelectionTask" />
 	<pd:Task id="selectMandateServiceTask"    			class="SelectMandateServiceTask" async="true"/>
@@ -47,7 +49,7 @@
 	<pd:Transition from="verifyCertificate"         to="getForeignID" />
 	
 	<pd:Transition from="verifyAuthBlock"           to="redirectToMandateSelectionTask" conditionExpression="ctx['useMandate']" />
-	<pd:Transition from="verifyAuthBlock"           to="finalizeAuthentication" />
+	<pd:Transition from="verifyAuthBlock"           to="userRestrictionTask" />
 	
 	<pd:Transition from="redirectToMandateSelectionTask"   to="prepareGetMISMandate" conditionExpression="ctx['useMISMandate']" />	
 	<pd:Transition from="redirectToMandateSelectionTask"   to="selectMandateServiceTask" />		
@@ -60,13 +62,14 @@
 
 			
 	<pd:Transition from="requestELGAMandateTask"      		to="receiveElgaMandateResponseTask" />
-	<pd:Transition from="receiveElgaMandateResponseTask"  to="finalizeAuthentication" />
+	<pd:Transition from="receiveElgaMandateResponseTask"  to="userRestrictionTask" />
 	
 	<pd:Transition from="prepareGetMISMandate"      to="getMISMandate" />	
-	<pd:Transition from="getMISMandate"           	to="finalizeAuthentication" />
-	
-	<pd:Transition from="getForeignID"              to="finalizeAuthentication" />
+	<pd:Transition from="getMISMandate"           	to="userRestrictionTask" />
 	
+	<pd:Transition from="getForeignID"              to="userRestrictionTask" />
+		
+	<pd:Transition from="userRestrictionTask"       to="finalizeAuthentication" />
 	<pd:Transition from="finalizeAuthentication"    to="end" />
 		
 	<pd:EndEvent id="end" />
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/sl20.Authentication.process.xml b/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/sl20.Authentication.process.xml
index 4975dc2d7..673144b06 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/sl20.Authentication.process.xml
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/sl20.Authentication.process.xml
@@ -3,16 +3,20 @@
 
 	<pd:Task id="createQualifiedeIDRequest" class="CreateQualeIDRequestTask" />
 	<pd:Task id="receiveQualifiedeID" class="ReceiveQualeIDResponseTask"  async="true"/>
-	<pd:Task id="verifyQualifiedeIDTask" class="VerifyQualifiedeIDTask" async="true"/>	
+	<pd:Task id="verifyQualifiedeIDTask" class="VerifyQualifiedeIDTask" async="true"/>
+	<pd:Task id="userRestrictionTask" class="UserRestrictionTask" />	
 	<pd:Task id="finalizeAuthentication" class="FinalizeAuthenticationTask" />
 
 	<pd:StartEvent id="start" />
 	<pd:Transition from="start" to="createQualifiedeIDRequest" />	
 	<pd:Transition from="createQualifiedeIDRequest" to="receiveQualifiedeID" />	
 	<pd:Transition from="receiveQualifiedeID" to="verifyQualifiedeIDTask" />
-	<pd:Transition from="verifyQualifiedeIDTask" to="finalizeAuthentication" />			
+	<pd:Transition from="verifyQualifiedeIDTask" to="userRestrictionTask" />			
+	<pd:Transition from="userRestrictionTask" to="finalizeAuthentication" />
 	<pd:Transition from="finalizeAuthentication"    to="end" />
 	
+	
+	
 	<pd:EndEvent id="end" />
 
 </pd:ProcessDefinition>
author	Thomas Lenz <tlenz@iaik.tugraz.at>	2018-06-05 10:44:40 +0200
committer	Thomas Lenz <tlenz@iaik.tugraz.at>	2018-06-05 10:44:40 +0200
commit	709197ce12c5502f86e16da1167b97ca318f47fa (patch)
tree	17a96fd5d68ddd9eb6390989bcd4590ade8de46d /id/server/modules
parent	ecf9de84e76dde785ced8c1632c7909d1d57f94a (diff)
download	moa-id-spss-709197ce12c5502f86e16da1167b97ca318f47fa.tar.gz moa-id-spss-709197ce12c5502f86e16da1167b97ca318f47fa.tar.bz2 moa-id-spss-709197ce12c5502f86e16da1167b97ca318f47fa.zip