diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2018-01-23 14:23:39 +0100 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2018-01-23 14:23:39 +0100 |
commit | 731ab39b8ef05a4e84b72fb4243d59c9f6dd48cb (patch) | |
tree | 52ce23ebe8191f99a187b9ff90af8cef01d63030 /id/server/modules | |
parent | 869a07573fb6295174fd57aced1ba888f3015910 (diff) | |
download | moa-id-spss-731ab39b8ef05a4e84b72fb4243d59c9f6dd48cb.tar.gz moa-id-spss-731ab39b8ef05a4e84b72fb4243d59c9f6dd48cb.tar.bz2 moa-id-spss-731ab39b8ef05a4e84b72fb4243d59c9f6dd48cb.zip |
update mostly all GUI forms to split JavaScript and CSS from html code to support "Content Security-Policy" http headers
Diffstat (limited to 'id/server/modules')
5 files changed, 23 insertions, 21 deletions
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index faeb0158b..f7c3db8d1 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -213,7 +213,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { try { String htmlForm = new GetIdentityLinkFormBuilder().build(template, session.getBkuURL(), infoboxReadRequest, dataURL, null, - null, pushInfobox, oaParam, appletheigth, appletwidth); + null, pushInfobox, oaParam, appletheigth, appletwidth, pendingReq.getAuthURL()); return htmlForm; diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java index ef81af94b..f7aba5e53 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java @@ -78,6 +78,9 @@ public class GetIdentityLinkFormBuilder extends Builder { // private static final String CERTINFO_DATAURL_TAG = "<CertInfoDataURL>"; /** special tag in the HTML template to be substituted for the infoboxes to be pushed from the BKU */ private static final String PUSHINFOBOX_TAG = "<PushInfobox>"; + + private static final String CONTEXTURL_TAG = "<ContextURL>"; + /** special tag in the HTML template to be substituted for the BKU URL */ /** private static int all contains the representation to replace all tags*/ private static final int ALL = -1; @@ -155,7 +158,8 @@ public class GetIdentityLinkFormBuilder extends Builder { String certInfoDataURL, String pushInfobox, IOAAuthParameters oaParam, String appletheigth, - String appletwidth) + String appletwidth, + String contextURL) throws BuildException { String htmlForm = htmlTemplate == null ? DEFAULT_HTML_TEMPLATE : htmlTemplate; @@ -163,6 +167,9 @@ public class GetIdentityLinkFormBuilder extends Builder { htmlForm = replaceTag(htmlForm, XMLREQUEST_TAG, encodeParameter(xmlRequest), true, ALL); htmlForm = replaceTag(htmlForm, DATAURL_TAG, dataURL, true, ALL); htmlForm = replaceTag(htmlForm, PUSHINFOBOX_TAG, pushInfobox, false, ALL); + + htmlForm = replaceTag(htmlForm, CONTEXTURL_TAG, contextURL, false, ALL); + //new:wird oben mitreplaced htmlForm = replaceTag(htmlForm, BKU_TAG, bkuURL); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilderTest.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilderTest.java index 7b364789b..f8c9fd75b 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilderTest.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilderTest.java @@ -48,11 +48,10 @@ package test.at.gv.egovernment.moa.id.auth.builder; import java.text.MessageFormat; -import junit.framework.TestCase; - import at.gv.egovernment.moa.id.auth.builder.CertInfoVerifyXMLSignatureRequestBuilder; import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder; import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder; +import junit.framework.TestCase; /** * @author Paul Ivancsics @@ -99,7 +98,7 @@ public class GetIdentityLinkFormBuilderTest extends TestCase { String dataURL = "https://1.2.3.4/auth/VerifyIdentityLink?MOASessionID=1234567"; String infoRequest = new CertInfoVerifyXMLSignatureRequestBuilder().build(); String infoDataURL = "https://1.2.3.4/auth/StartAuthentication?Target=gb&OA=https://oa.gv.at/"; - String form = new GetIdentityLinkFormBuilder().build(null, null, xmlRequest, dataURL, infoRequest, infoDataURL, null, null, null, null); + String form = new GetIdentityLinkFormBuilder().build(null, null, xmlRequest, dataURL, infoRequest, infoDataURL, null, null, null, null, null); String formShould = MessageFormat.format( FORM, new Object[] { BKU, xmlRequest, dataURL, infoRequest, infoDataURL }); assertEquals(formShould, form); @@ -110,7 +109,7 @@ public class GetIdentityLinkFormBuilderTest extends TestCase { String infoRequest = new CertInfoVerifyXMLSignatureRequestBuilder().build(); String infoDataURL = "https://1.2.3.4/auth/StartAuthentication?Target=gb&OA=https://oa.gv.at/"; String bkuURL = "http://bku.at/"; - String form = new GetIdentityLinkFormBuilder().build(null, bkuURL, xmlRequest, dataURL, infoRequest, infoDataURL, null, null, null, null); + String form = new GetIdentityLinkFormBuilder().build(null, bkuURL, xmlRequest, dataURL, infoRequest, infoDataURL, null, null, null, null, null); String formShould = MessageFormat.format( FORM, new Object[] { bkuURL, xmlRequest, dataURL, infoRequest, infoDataURL }); assertEquals(formShould, form); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/resources/templates/eidas_postbinding_template.vm b/id/server/modules/moa-id-module-eIDAS/src/main/resources/resources/templates/eidas_postbinding_template.vm index 0535d48b6..62ee81f99 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/resources/resources/templates/eidas_postbinding_template.vm +++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/resources/templates/eidas_postbinding_template.vm @@ -11,9 +11,10 @@ <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> + <script src="autocommit.js"></script> </head> - <body onload="document.forms[0].submit()"> + <body> <noscript> <p> <strong>Note:</strong> Since your browser does not support JavaScript, diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/resources/sso_transfer_template.html b/id/server/modules/moa-id-module-ssoTransfer/src/main/resources/sso_transfer_template.html index c2195d300..1cd676ce9 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/resources/sso_transfer_template.html +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/resources/sso_transfer_template.html @@ -5,25 +5,14 @@ <!-- MOA-ID 2.x BKUSelection Layout CSS --> <link rel="stylesheet" href="$contextPath/css/buildCSS" /> - #if($timeoutURL) - <script type="text/javascript"> - function sloTimeOut() { - window.location.href="$timeoutURL"; - - } - - </script> + #if($timeoutURL) + <script src="$contextPath/slo.js"></script> #end <title>Single Sign-On Session Transfer</title> </head> - -#if($timeoutURL) - <body onload='setTimeout(sloTimeOut, $timeout);'> -#else - <body> -#end +<body> <!--body--> <noscript> @@ -59,6 +48,12 @@ </div> #end + #if($timeoutURL) + <div> + <a id="timeoutURL" href="$timeoutURL">Click here if it does not resume after 30 seconds</a> + </div> + #end + <!--/div--> </div> </div> |