aboutsummaryrefslogtreecommitdiff
path: root/id/server/modules
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2016-09-30 09:22:29 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2016-10-07 07:44:58 +0200
commit961f785060f749ed97b0516745cb9ad2fd2704cc (patch)
tree23c10876368166f1e65a6719d31ae81784d54b8f /id/server/modules
parent58c843aa630c1e6fd2680cf019f7e270abbe9a69 (diff)
downloadmoa-id-spss-961f785060f749ed97b0516745cb9ad2fd2704cc.tar.gz
moa-id-spss-961f785060f749ed97b0516745cb9ad2fd2704cc.tar.bz2
moa-id-spss-961f785060f749ed97b0516745cb9ad2fd2704cc.zip
refactor http servlet response processing to prohibit 'chunked' transfer encoding
Diffstat (limited to 'id/server/modules')
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java9
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java33
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java5
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java6
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java5
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java6
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java8
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java10
-rw-r--r--id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java6
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java7
-rw-r--r--id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java11
11 files changed, 57 insertions, 49 deletions
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
index e47aff83b..e1495f254 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
@@ -1,7 +1,5 @@
package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
-import java.io.PrintWriter;
-
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -79,11 +77,12 @@ public class CreateIdentityLinkFormTask extends AbstractAuthServletTask {
pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_URL, moasession.getBkuURL());
if (!StringUtils.isEmpty(getIdentityLinkForm)) {
+ byte[] content = getIdentityLinkForm.getBytes("UTF-8");
resp.setContentType(MediaType.HTML_UTF_8.toString());
- PrintWriter out = new PrintWriter(resp.getOutputStream());
- out.print(getIdentityLinkForm);
- out.flush();
+ resp.setContentLength(content.length);
+ resp.getOutputStream().write(content);
Logger.debug("Finished GET " + CreateIdentityLinkFormTask.class);
+
}
} catch (WrongParametersException ex) {
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java
index 9fbdf5cd7..1f2cda680 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java
@@ -50,7 +50,6 @@
package at.gv.egovernment.moa.id.util;
import java.io.IOException;
-import java.io.OutputStream;
import java.net.URLEncoder;
import javax.servlet.http.HttpServletResponse;
@@ -93,12 +92,11 @@ public class CitizenCardServletUtils extends ServletUtils{
resp.addHeader("Location", dataURL);
//TODO test impact of explicit setting charset with older versions of BKUs (HotSign)
- resp.setContentType(MediaType.XML_UTF_8.toString());
- OutputStream out = resp.getOutputStream();
- out.write(createXMLSignatureRequestOrRedirect.getBytes("UTF-8"));
- out.flush();
- out.close();
+ byte[] content = createXMLSignatureRequestOrRedirect.getBytes("UTF-8");
+ resp.setContentType(MediaType.XML_UTF_8.toString());
+ resp.setContentLength(content.length);
+ resp.getOutputStream().write(content);
Logger.debug("Finished POST " + servletName);
} else {
@@ -129,12 +127,11 @@ public class CitizenCardServletUtils extends ServletUtils{
resp.addHeader("Location", dataURL);
//TODO test impact of explicit setting charset with older versions of BKUs (HotSign)
+
+ byte[] content = createXMLSignatureRequestOrRedirect.getBytes("UTF-8");
resp.setContentType(MediaType.XML_UTF_8.toString());
-
- OutputStream out = resp.getOutputStream();
- out.write(createXMLSignatureRequestOrRedirect.getBytes("UTF-8"));
- out.flush();
- out.close();
+ resp.setContentLength(content.length);
+ resp.getOutputStream().write(content);
Logger.debug("Finished POST " + servletName);
}
@@ -156,16 +153,14 @@ public class CitizenCardServletUtils extends ServletUtils{
IOException {
resp.setStatus(200);
Logger.debug("ContentType set to: application/x-www-form-urlencoded");
-
- resp.setContentType("application/x-www-form-urlencoded");
-
- String content = "XMLRequest=" + URLEncoder.encode(createXMLSignatureRequestOrRedirect, "UTF-8") + "&" +
+
+ String respString = "XMLRequest=" + URLEncoder.encode(createXMLSignatureRequestOrRedirect, "UTF-8") + "&" +
"DataURL=" + URLEncoder.encode(dataURL, "UTF-8");
- OutputStream out = resp.getOutputStream();
- out.write(content.getBytes("UTF-8"));
- out.flush();
- out.close();
+ byte[] content = respString.getBytes("UTF-8");
+ resp.setContentType("application/x-www-form-urlencoded");
+ resp.setContentLength(content.length);
+ resp.getOutputStream().write(content);
Logger.debug("Finished POST " + servletName);
}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
index 30c206025..84b0078b3 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -179,8 +179,11 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
Logger.debug("Sending html content: " + writer.getBuffer().toString());
+
+ byte[] content = writer.getBuffer().toString().getBytes("UTF-8");
response.setContentType(MediaType.HTML_UTF_8.toString());
- response.getOutputStream().write(writer.getBuffer().toString().getBytes("UTF-8"));
+ response.setContentLength(content.length);
+ response.getOutputStream().write(content);
revisionsLogger.logEvent(oaConfig, pendingReq,
MOAIDEventConstants.AUTHPROCESS_PEPS_REQUESTED,
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
index 24134f1d9..779d898be 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -316,9 +316,11 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController {
Logger.trace("Sending html content : " + new String(writer.getBuffer()));
- response.getOutputStream().write(writer.getBuffer().toString().getBytes("UTF-8"));
+ byte[] content = writer.getBuffer().toString().getBytes("UTF-8");
response.setContentType(MediaType.TEXT_HTML.getType());
-
+ response.setContentLength(content.length);
+ response.getOutputStream().write(content);
+
return true;
} catch (Exception e1 ) {
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
index 9943cc5fb..ebd4e1e6d 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
@@ -165,8 +165,11 @@ public class eIDASAuthenticationRequest implements IAction {
Logger.trace("Sending html content : " + new String(writer.getBuffer()));
- httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes("UTF-8"));
+ byte[] content = writer.getBuffer().toString().getBytes("UTF-8");
httpResp.setContentType(MediaType.TEXT_HTML.getType());
+ httpResp.setContentLength(content.length);
+ httpResp.getOutputStream().write(content);
+
} catch (Exception e) {
Logger.error("Velocity error: " + e.getMessage());
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java
index 5720e4827..ca7401ab7 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java
@@ -82,9 +82,11 @@ public class ELGAMandateMetadataController extends AbstractController {
String xmlMetadata = metadatabuilder.buildPVPMetadata(metadataConfig);
//write response
+ byte[] content = xmlMetadata.getBytes("UTF-8");
+ resp.setStatus(HttpServletResponse.SC_OK);
+ resp.setContentLength(content.length);
resp.setContentType(MediaType.XML_UTF_8.toString());
- resp.getOutputStream().write(xmlMetadata.getBytes("UTF-8"));
- resp.getOutputStream().close();
+ resp.getOutputStream().write(content);
}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
index e6ccc67b7..118c53f6b 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
@@ -225,14 +225,14 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController {
// create response
JsonObject jsonObject = new JsonObject();
OAuth20Util.addProperytiesToJsonObject(jsonObject, params);
- String jsonResponse = jsonObject.toString();
- Logger.debug("JSON Response: " + jsonResponse);
+ byte[] jsonResponse = jsonObject.toString().getBytes("UTF-8");
+ Logger.debug("JSON Response: " + new String(jsonResponse));
// write respone to http response
response.setContentType("application/json");
+ response.setContentLength(jsonResponse.length);
response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
- response.getOutputStream().print(jsonResponse);
- response.getOutputStream().close();
+ response.getOutputStream().write(jsonResponse);
return true;
}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java
index 9d78418cd..985e1d1c5 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java
@@ -83,14 +83,14 @@ class OAuth20TokenAction implements IAction {
// create response
JsonObject jsonObject = new JsonObject();
OAuth20Util.addProperytiesToJsonObject(jsonObject, auth20SessionObject.getAuthDataSession());
- String jsonResponse = jsonObject.toString();
- Logger.debug("JSON Response: " + jsonResponse);
+ byte[] jsonResponse = jsonObject.toString().getBytes("UTF-8");
+ Logger.debug("JSON Response: " + new String(jsonResponse));
// write respone to http response
httpResp.setContentType("application/json");
- httpResp.setStatus(HttpServletResponse.SC_OK);
- httpResp.getOutputStream().print(jsonResponse);
- httpResp.getOutputStream().close();
+ httpResp.setContentLength(jsonResponse.length);
+ httpResp.setStatus(HttpServletResponse.SC_OK);
+ httpResp.getOutputStream().write(jsonResponse);
return null;
}
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java
index 02356d74a..e86d31708 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java
@@ -82,9 +82,11 @@ public class FederatedAuthMetadataController extends AbstractController {
String xmlMetadata = metadatabuilder.buildPVPMetadata(metadataConfig);
//write response
+ byte[] content = xmlMetadata.getBytes("UTF-8");
+ resp.setStatus(HttpServletResponse.SC_OK);
+ resp.setContentLength(content.length);
resp.setContentType(MediaType.XML_UTF_8.toString());
- resp.getOutputStream().write(xmlMetadata.getBytes("UTF-8"));
- resp.getOutputStream().close();
+ resp.getOutputStream().write(content);
}
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
index 893799b5d..13df30862 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
@@ -344,8 +344,11 @@ public class GetAuthenticationDataService extends AbstractController implements
VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine();
BufferedReader reader = new BufferedReader(new InputStreamReader(is ));
StringWriter writer = new StringWriter();
- engine.evaluate(context, writer, "SAML1 GetAuthenticationData", reader);
- httpResp.getOutputStream().write(writer.toString().getBytes("UTF-8"));
+ engine.evaluate(context, writer, "SAML1 GetAuthenticationData", reader);
+
+ byte[] content = writer.toString().getBytes("UTF-8");
+ httpResp.setContentLength(content.length);
+ httpResp.getOutputStream().write(content);
} catch (Exception e) {
Logger.error("SAML1 GetAuthenticationData has an error:", e);
diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java
index 70448ef09..9adf2edc3 100644
--- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java
+++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java
@@ -118,13 +118,12 @@ public class MonitoringServlet {
Logger.warn("Monitoring Servlet found some Error: " + errorMessage);
resp.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
resp.setContentType("text/html;charset=UTF-8");
- PrintWriter out;
- try {
- out = new PrintWriter(resp.getOutputStream());
+ resp.setCharacterEncoding("UTF-8");
+
+ try {
for (String error : errorMessage)
- out.write(error + "<br>");
- out.flush();
-
+ resp.getWriter().write(error + "<br>");
+
} catch (IOException e) {
Logger.warn("Internal Monitoring Servlet Error. ", e);
}