diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2015-07-21 15:30:40 +0200 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2015-07-21 15:30:40 +0200 |
commit | 4795b273bb734f04056babe963d8588ffbf50fb0 (patch) | |
tree | 4c38c2a7b957608ad21034ec40b96466d3f3f98e /id | |
parent | a10034425b325acaf9796183d1206979664e483d (diff) | |
download | moa-id-spss-4795b273bb734f04056babe963d8588ffbf50fb0.tar.gz moa-id-spss-4795b273bb734f04056babe963d8588ffbf50fb0.tar.bz2 moa-id-spss-4795b273bb734f04056babe963d8588ffbf50fb0.zip |
fix MOA-ID-Auth problems
Diffstat (limited to 'id')
19 files changed, 392 insertions, 79 deletions
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesReversionLogTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesReversionLogTask.java new file mode 100644 index 000000000..da441de4b --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesReversionLogTask.java @@ -0,0 +1,162 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.task.impl; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.UUID; +import java.util.regex.Pattern; + +import org.apache.commons.lang.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; +import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; +import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class ServicesReversionLogTask extends AbstractTaskValidator implements IDynamicLoadableTaskValidator { + private static final Logger log = LoggerFactory.getLogger(ServicesReversionLogTask.class); + private static final List<String> KEYWHITELIST; + + static { + ArrayList<String> temp = new ArrayList<String>(); + KEYWHITELIST = Collections.unmodifiableList(temp); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return MOAIDConfigurationConstants.SERVICE_REVERSION; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName() + */ + @Override + public String getName() { + return "Service - Reversion Logging Task"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration) + */ + @Override + public Map<String, String> postProcessing(Map<String, String> input, + List<String> keysToDelete, Configuration dbconfig) { + Map<String, String> newConfigValues = new HashMap<String, String>(); + + String eventCodes = input.get(MOAIDConfigurationConstants.SERVICE_REVERSION_LOGS_EVENTCODES); + if (MiscUtil.isNotEmpty(eventCodes)) { + newConfigValues.put(MOAIDConfigurationConstants.SERVICE_REVERSION_LOGS_EVENTCODES, + KeyValueUtils.normalizeCSVValueString(eventCodes)); + + } + + if (newConfigValues.isEmpty()) + return null; + else + return newConfigValues; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) + */ + @Override + protected void taskValidate(Map<String, String> input) + throws ConfigurationTaskValidationException { + List<ValidationObjectIdentifier> errors = new ArrayList<ValidationObjectIdentifier>(); + + String isEnabled = input.get(MOAIDConfigurationConstants.SERVICE_REVERSION_LOGS_ENABLED); + String eventCodes = input.get(MOAIDConfigurationConstants.SERVICE_REVERSION_LOGS_EVENTCODES); + + if (Boolean.parseBoolean(isEnabled) && MiscUtil.isEmpty(eventCodes)) { + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_REVERSION_LOGS_ENABLED, + "Reversion - Logger Enabled", + LanguageHelper.getErrorString("error.oa.reversion.log.enabled"))); + + } + + if (MiscUtil.isNotEmpty(eventCodes)) { + String[] codes = eventCodes.split(","); + for (String el: codes) { + try { + Integer.parseInt(el.trim()); + + } catch (NumberFormatException e) { + log.info("", e); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_REVERSION_LOGS_EVENTCODES, + "Reversion - Logger Enabled", + LanguageHelper.getErrorString("error.oa.reversion.log.eventcodes"))); + break; + + } + + } + + } + + + if (!errors.isEmpty()) + throw new ConfigurationTaskValidationException(errors); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys() + */ + @Override + public List<Pattern> getAllAllowedPatterns() { + return generatePatternsFromKeys(KEYWHITELIST); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator#getModulValidatorPrefix() + */ + @Override + public List<String> getModulValidatorPrefix() { + return Arrays.asList( + MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES_OA + ); + } + +} diff --git a/id/server/data/deploy/conf/moa-id-configuration/userdatabase.properties b/id/server/data/deploy/conf/moa-id-configuration/userdatabase.properties new file mode 100644 index 000000000..6e03d3c12 --- /dev/null +++ b/id/server/data/deploy/conf/moa-id-configuration/userdatabase.properties @@ -0,0 +1,14 @@ +#Auto generated configuration file. +#Fri Jul 17 11:09:29 CEST 2015 +users.0.surname=Administrator +users.0.roles.0.id=0 +roles.0.name=Administrators +users=User List +users.0.__LI.0=users +users.0.roles.0.isMember=true +roles.0.id=0 +roles=Role List +users.0.id=0 +users.0.roles.0.name=Administrators +users.0.firstname=Administrator +roles.0.__LI.0=roles diff --git a/id/server/data/deploy/conf/moa-id/logback_config.xml b/id/server/data/deploy/conf/moa-id/logback_config.xml new file mode 100644 index 000000000..c00e62e52 --- /dev/null +++ b/id/server/data/deploy/conf/moa-id/logback_config.xml @@ -0,0 +1,71 @@ +<?xml version="1.0" encoding="UTF-8"?> + +<!-- For assistance related to logback-translator or configuration --> +<!-- files in general, please contact the logback user mailing list --> +<!-- at http://www.qos.ch/mailman/listinfo/logback-user --> +<!-- --> +<!-- For professional support please see --> +<!-- http://www.qos.ch/shop/products/professionalSupport --> +<!-- --> +<configuration> + <!-- Errors were reported during translation. --> + <!-- No class found for appender CONFIGTOOL R --> + <!-- Could not find transformer for null --> + <appender name="R" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender--> + <File>${catalina.base}/logs/moa-id.log</File> + <encoder> + <pattern>%5p | %d{dd HH:mm:ss,SSS} | %X{transactionId} | %t | %m%n</pattern> + </encoder> + <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> + <maxIndex>1</maxIndex> + <FileNamePattern>${catalina.base}/logs/moa-id.log.%i</FileNamePattern> + </rollingPolicy> + <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> + <MaxFileSize>10000KB</MaxFileSize> + </triggeringPolicy> + </appender> + <appender name="CONFIGTOOL R"> + <!--No layout specified for appender named [CONFIGTOOL R] of class [null]--> + </appender> + <appender name="CONFIGTOOL" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender--> + <File>${catalina.base}/logs/moa-id-webgui.log</File> + <encoder> + <pattern>%5p | %d{dd HH:mm:ss,SSS} | %X{transactionId} | %t | %m%n</pattern> + </encoder> + <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> + <maxIndex>1</maxIndex> + <FileNamePattern>${catalina.base}/logs/moa-id-webgui.log.%i</FileNamePattern> + </rollingPolicy> + <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> + <MaxFileSize>10000KB</MaxFileSize> + </triggeringPolicy> + </appender> + <appender name="stdout" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <pattern>%5p | %d{dd HH:mm:ss,SSS} | %X{transactionId} |%20.20c | %10t | %m%n</pattern> + </encoder> + </appender> + <logger name="eu.stork" level="info"/> + <logger name="iaik.server" level="info"/> + <logger name="at.gv.egovernment.moa.id" level="info"> + <appender-ref ref="R"/> + </logger> + <logger name="at.gv.egovernment.moa.id.commons" level="info"> + <appender-ref ref="CONFIGTOOL R"/> + </logger> + <logger name="org.hibernate" level="warn"/> + <logger name="at.gv.egiz.components.configuration" level="info"> + <appender-ref ref="CONFIGTOOL"/> + </logger> + <logger name="at.gv.egovernment.moa.id.proxy" level="info"/> + <logger name="at.gv.egovernment.moa.id.config.webgui" level="info"> + <appender-ref ref="CONFIGTOOL"/> + </logger> + <logger name="at.gv.egovernment.moa.spss" level="info"/> + <logger name="at.gv.egovernment.moa" level="info"/> + <root level="info"> + <appender-ref ref="stdout"/> + </root> +</configuration> diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java index 65e3b10d7..e1086bbd1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java @@ -22,6 +22,7 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.PropertyBasedAuthConfigurationProvider; import at.gv.egovernment.moa.id.iaik.config.LoggerConfigImpl; +import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; import at.gv.egovernment.moa.id.util.AxisSecureSocketFactory; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.SSLUtils; @@ -174,7 +175,7 @@ public class MOAIDAuthInitializer { System.exit(-1); } - + // Starts the session cleaner thread to remove unpicked authentication data AuthenticationSessionCleaner.start(); AuthConfigLoader.start(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index 9386330cc..987603227 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -865,7 +865,26 @@ public boolean isRemovePBKFromAuthBlock() { */ @Override public List<Integer> getReversionsLoggingEventCodes() { - // TODO Auto-generated method stub + String isEnabled = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_REVERSION_LOGS_ENABLED); + if (MiscUtil.isNotEmpty(isEnabled) && Boolean.parseBoolean(isEnabled)) { + String eventCodes = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_REVERSION_LOGS_EVENTCODES); + if (MiscUtil.isNotEmpty(eventCodes)) { + String[] codes = eventCodes.split(","); + List<Integer> result = new ArrayList<Integer>(); + for (String el : codes) { + try { + result.add(Integer.valueOf(el.trim())); + + } catch (NumberFormatException e) { + Logger.warn("EventCode can not parsed to Integer.", e); + + } + } + if (!result.isEmpty()) + return result; + + } + } return null; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index 5584e8ca6..45eecec84 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -311,7 +311,7 @@ public class DispatcherServlet extends AuthServlet{ MiscUtil.isNotEmpty(protocolRequest.getRequestID())) { OAAuthParameter oaParams = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(protocolRequest.getOAURL()); - if (oaParams.isSTORKPVPGateway() || !oaParams.isPerformLocalAuthenticationOnInterfederationError()) { + if (!oaParams.isPerformLocalAuthenticationOnInterfederationError()) { // -> send end error to service provider Logger.info("Federated authentication for entity " + protocolRequest.getOAURL() + " FAILED. Sending error message to service provider."); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index 06b55fb66..f3c40707e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -400,18 +400,22 @@ public class AuthenticationManager extends MOAIDAuthConstants { Logger.debug("Build PVP 2.1 authentication request"); //get IDP metadata - try { - OAAuthParameter idp = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(target.getRequestedIDP()); - OAAuthParameter sp = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(target.getOAURL()); + + OAAuthParameter idp = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(target.getRequestedIDP()); + OAAuthParameter sp = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(target.getOAURL()); - if (!idp.isInderfederationIDP() || !idp.isInboundSSOInterfederationAllowed()) { - Logger.info("Requested interfederation IDP " + target.getRequestedIDP() + " is not valid for interfederation."); - Logger.info("Switch to local authentication on this IDP ... "); - perfomLocalAuthentication(request, response, target); - return; + if (!idp.isInderfederationIDP() || !idp.isInboundSSOInterfederationAllowed()) { + Logger.info("Requested interfederation IDP " + target.getRequestedIDP() + " is not valid for interfederation."); + Logger.debug("isInderfederationIDP:" + String.valueOf(idp.isInderfederationIDP()) + + " isInboundSSOAllowed:" + String.valueOf(idp.isInboundSSOInterfederationAllowed())); + Logger.info("Switch to local authentication on this IDP ... "); + + perfomLocalAuthentication(request, response, target); + return; - } + } + try { EntityDescriptor idpEntity = MOAMetadataProvider.getInstance(). getEntityDescriptor(target.getRequestedIDP()); @@ -556,7 +560,11 @@ public class AuthenticationManager extends MOAIDAuthConstants { if (requiredLocalAuthentication) { Logger.info("Switch to local authentication on this IDP ... "); - perfomLocalAuthentication(request, response, target); + if (idp.isPerformLocalAuthenticationOnInterfederationError()) + perfomLocalAuthentication(request, response, target); + + else + throw new AuthenticationException("auth.29", new String[]{target.getRequestedIDP()}); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java index de58c34a1..87a63a8a0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java @@ -115,10 +115,7 @@ public class PVPConfiguration { //generalpvpconfigdb = AuthConfigurationProvider.getInstance().getGeneralPVP2DBConfig(); props = AuthConfigurationProviderFactory.getInstance().getGeneralPVP2ProperiesConfig(); rootDir = AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir(); - - //load PVP2X metadata for all active online applications - MOAMetadataProvider.getInstance(); - + } catch (ConfigurationException e) { e.printStackTrace(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java index 389b9825f..824c9be0b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java @@ -26,14 +26,11 @@ import java.io.IOException; import java.security.cert.CertificateException; import java.util.ArrayList; import java.util.Collection; -import java.util.Collections; -import java.util.Date; import java.util.HashMap; import java.util.Iterator; import java.util.List; import java.util.Map; import java.util.Map.Entry; -import java.util.concurrent.CopyOnWriteArrayList; import java.util.Timer; import javax.net.ssl.SSLHandshakeException; @@ -49,7 +46,6 @@ import org.opensaml.saml2.metadata.provider.MetadataFilter; import org.opensaml.saml2.metadata.provider.MetadataProvider; import org.opensaml.saml2.metadata.provider.MetadataProviderException; import org.opensaml.saml2.metadata.provider.ObservableMetadataProvider; -import org.opensaml.saml2.metadata.provider.ObservableMetadataProvider.Observer; import org.opensaml.xml.XMLObject; import org.opensaml.xml.parse.BasicParserPool; @@ -74,7 +70,6 @@ public class MOAMetadataProvider implements ObservableMetadataProvider{ private static MOAMetadataProvider instance = null; private static Object mutex = new Object(); - private List<ObservableMetadataProvider.Observer> observers; public static MOAMetadataProvider getInstance() { @@ -338,8 +333,7 @@ public class MOAMetadataProvider implements ObservableMetadataProvider{ Logger.warn("MetadataProvider can not be destroyed."); } } - - this.observers = Collections.emptyList(); + instance = null; } else { Logger.warn("ReInitalize MOAMetaDataProvider is not possible! MOA-ID Instance has to be restarted manualy"); @@ -348,14 +342,12 @@ public class MOAMetadataProvider implements ObservableMetadataProvider{ private MOAMetadataProvider() { ChainingMetadataProvider chainProvider = new ChainingMetadataProvider(); - this.observers = new CopyOnWriteArrayList<Observer>(); Logger.info("Loading metadata"); Map<String, MetadataProvider> providersinuse = new HashMap<String, MetadataProvider>(); try { - //TODO: database search does not work!!!!! Map<String, String> allOAs = AuthConfigurationProviderFactory.getInstance().getConfigurationWithWildCard( - MOAIDConfigurationConstants.PREFIX_SERVICES + MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES + ".%." + MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER); @@ -373,7 +365,7 @@ public class MOAMetadataProvider implements ObservableMetadataProvider{ try { String certBase64 = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE); - if (MiscUtil.isNotEmpty(certBase64) || MiscUtil.isNotEmpty(metadataurl)) { + if (MiscUtil.isNotEmpty(certBase64) && MiscUtil.isNotEmpty(metadataurl)) { byte[] cert = Base64Utils.decode(certBase64, false); @@ -543,14 +535,53 @@ public class MOAMetadataProvider implements ObservableMetadataProvider{ return internalProvider.getMetadata(); } - public EntitiesDescriptor getEntitiesDescriptor(String name) + public EntitiesDescriptor getEntitiesDescriptor(String entitiesID) throws MetadataProviderException { - return internalProvider.getEntitiesDescriptor(name); + EntitiesDescriptor entitiesDesc = null; + try { + entitiesDesc = internalProvider.getEntitiesDescriptor(entitiesID); + + if (entitiesDesc == null) { + Logger.debug("Can not find PVP metadata for entityID: " + entitiesID + + " Start refreshing process ..."); + if (refreshMetadataProvider(entitiesID)) + return internalProvider.getEntitiesDescriptor(entitiesID); + + } + + } catch (MetadataProviderException e) { + Logger.debug("Can not find PVP metadata for entityID: " + entitiesID + + " Start refreshing process ..."); + if (refreshMetadataProvider(entitiesID)) + return internalProvider.getEntitiesDescriptor(entitiesID); + + } + + return entitiesDesc; } public EntityDescriptor getEntityDescriptor(String entityID) throws MetadataProviderException { - return internalProvider.getEntityDescriptor(entityID); + EntityDescriptor entityDesc = null; + try { + entityDesc = internalProvider.getEntityDescriptor(entityID); + if (entityDesc == null) { + Logger.debug("Can not find PVP metadata for entityID: " + entityID + + " Start refreshing process ..."); + if (refreshMetadataProvider(entityID)) + return internalProvider.getEntityDescriptor(entityID); + + } + + } catch (MetadataProviderException e) { + Logger.debug("Can not find PVP metadata for entityID: " + entityID + + " Start refreshing process ..."); + if (refreshMetadataProvider(entityID)) + return internalProvider.getEntityDescriptor(entityID); + + } + + return entityDesc; } public List<RoleDescriptor> getRole(String entityID, QName roleName) diff --git a/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml b/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml index f2b2f5adf..206fde87d 100644 --- a/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml +++ b/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml @@ -19,13 +19,22 @@ <property name="url" value="${configuration.hibernate.connection.url}"/> <property name="username" value="${configuration.hibernate.connection.username}" /> <property name="password" value="${configuration.hibernate.connection.password}" /> - <property name="testOnBorrow" value="true" /> + + <property name="connectionProperties" value="${configuration.dbcp.connectionProperties}" /> + <property name="initialSize" value="${configuration.dbcp.initialSize}" /> + <property name="maxActive" value="${configuration.dbcp.maxActive}" /> + <property name="maxIdle" value="${configuration.dbcp.maxIdle}" /> + <property name="minIdle" value="${configuration.dbcp.minIdle}" /> + <property name="maxWait" value="${configuration.dbcp.maxWaitMillis}" /> + <property name="testOnBorrow" value="${configuration.dbcp.testOnBorrow}" /> + <property name="testOnReturn" value="${configuration.dbcp.testOnReturn}" /> + <property name="testWhileIdle" value="${configuration.dbcp.testWhileIdle}" /> <property name="validationQuery" value="SELECT 1" /> </bean> <bean id="jpaVendorAdapter" class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter"> - <property name="showSql" value="true" /> - <property name="generateDdl" value="${jpaVendorAdapter.generateDdl}" /> + <property name="showSql" value="${configuration.hibernate.show_sql}" /> + <property name="generateDdl" value="${configuration.jpaVendorAdapter.generateDdl}" /> <property name="databasePlatform" value="${configuration.hibernate.dialect}" /> </bean> diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index f5f9f5979..aca37f072 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -44,8 +44,9 @@ auth.23=Das BKU-Selektion Template entspricht nicht der Spezifikation von MOA-ID auth.24=Das Send-Assertion Template entspricht nicht der Spezifikation von MOA-ID 2.x.
auth.25=Fehler beim validieren der SZR-Gateway Response.
auth.26=SessionID unbekannt.
-auth.27=Federated authentication FAILED.
+auth.27=Federated authentication FAILED! Assertion from {0} IDP is not valid.
auth.28=Transaktion {0} kann nicht weitergef\u00FChrt werden. Wahrscheinlich wurde ein TimeOut erreicht.
+auth.29=Federated authentication FAILED! Can not build authentication request for IDP {0}
init.00=MOA ID Authentisierung wurde erfolgreich gestartet
init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround\: SSL ist m\u00F6glicherweise nicht verf\u00FCgbar
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties index 79d6d5eef..fa332f0c7 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties @@ -26,6 +26,7 @@ auth.25=1109 auth.26=1100 auth.27=4401 auth.28=1100 +auth.29=4401 init.00=9199 init.01=9199 diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java index e084c07e5..b97813681 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java @@ -81,8 +81,8 @@ public class MOAIDConstants { ALLOWED_WBPK_PREFIXES = Collections.unmodifiableList(awbpk); List<String> keyboxIDs = new ArrayList<String>(); - awbpk.add(KEYBOXIDENTIFIER_SECURE); - awbpk.add(KEYBOXIDENTIFIER_CERTIFIED); + keyboxIDs.add(KEYBOXIDENTIFIER_SECURE); + keyboxIDs.add(KEYBOXIDENTIFIER_CERTIFIED); ALLOWED_KEYBOXIDENTIFIER = Collections.unmodifiableList(keyboxIDs); List<String> redirectTargets = new ArrayList<String>(); diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationUtil.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationUtil.java index 762ae44a0..a9d8d92da 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationUtil.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationUtil.java @@ -52,7 +52,7 @@ public class ConfigurationUtil { try (FileOutputStream outStream = new FileOutputStream(outFile);) { // get config from xml file - JAXBContext jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config"); + JAXBContext jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config.deprecated"); Unmarshaller m = jc.createUnmarshaller(); MOAIDConfiguration config = (MOAIDConfiguration) m.unmarshal(inStream); diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java index bd5c9e73c..ad34360d8 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java @@ -112,8 +112,7 @@ public final class MOAIDConfigurationConstants extends MOAIDConstants { public static final String SERVICE_AUTH_MANDATES_OVS_PROFILES = SERVICE_AUTH_MANDATES_OVS + ".profiles"; public static final String SERVICE_AUTH_MANDATES_HVB = SERVICE_AUTH_MANDATES + ".hvb"; public static final String SERVICE_AUTH_MANDATES_HVB_USE = SERVICE_AUTH_MANDATES_HVB + ".use"; - - + public static final String SERVICE_AUTH_FOREIGNBPK = AUTH + "." + FOREIGNBPK; public static final String SERVICE_AUTH_FOREIGNBPK_DECRYPT = SERVICE_AUTH_FOREIGNBPK + ".decrypt"; public static final String SERVICE_AUTH_FOREIGNBPK_DECRYPT_IV = SERVICE_AUTH_FOREIGNBPK_DECRYPT + ".iv"; @@ -175,7 +174,8 @@ public final class MOAIDConfigurationConstants extends MOAIDConstants { public static final String SERVICE_INTERFEDERATION_FORWARD_PROTOCOL = INTERFEDERATION + ".forward.protocol"; public static final String SERVICE_REVERSION = "reversion"; - public static final String SERVICE_REVERSION_EVENTCODES = SERVICE_REVERSION + ".eventcodes"; + public static final String SERVICE_REVERSION_LOGS_ENABLED = SERVICE_REVERSION + ".log.enabled"; + public static final String SERVICE_REVERSION_LOGS_EVENTCODES = SERVICE_REVERSION + ".log.eventcodes"; diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/MOAIDConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/MOAIDConfigurationImpl.java index 805bcb33e..20e2ba598 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/MOAIDConfigurationImpl.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/MOAIDConfigurationImpl.java @@ -144,7 +144,7 @@ public class MOAIDConfigurationImpl extends DatabaseConfigPropertyImpl implement //load all online application key/value pairs from database String oaType = KeyValueUtils.getFirstChildAfterPrefix(oaIdKey, MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES); String oaKey = KeyValueUtils.getPrefixFromKey(oaIdKey, MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER); - + TypedQuery<ConfigProperty> oaConfigQuery = em.createQuery("select dbconfig from ConfigProperty dbconfig where dbconfig.key like :key", ConfigProperty.class); oaConfigQuery.setParameter("key", oaKey + ".%"); List<ConfigProperty> oaConfigResult = oaConfigQuery.getResultList(); @@ -157,7 +157,7 @@ public class MOAIDConfigurationImpl extends DatabaseConfigPropertyImpl implement //build key/value configuration map from database entries Map<String, String> result = getKeyValueFromDatabaseDAO( - oaConfigResult.iterator(), oaKey, true); + oaConfigResult.iterator(), oaKey, true); result.put(MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES, oaType); return result; diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java index f20647fb0..04eb30f72 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java @@ -227,4 +227,28 @@ public class KeyValueUtils { return findNextFreeListCounter((String[]) keySet.toArray(), listPrefix); } + + /** + * Normalize a CSV encoded list of value of an key/value pair + * + * This method removes all whitespace at the begin or the + * end of CSV values + * + * @param value CSV encoded input data + * @return normalized CSV encoded data or null if {value} is null or empty + */ + public static String normalizeCSVValueString(String value) { + String normalizedCodes = null; + if (MiscUtil.isNotEmpty(value)) { + String[] codes = value.split(","); + for (String el: codes) { + if (normalizedCodes == null) + normalizedCodes = el.trim(); + else + normalizedCodes += "," + el; + + } + } + return normalizedCodes; + } } diff --git a/id/server/moa-id-commons/src/main/resources/configuration.beans.xml b/id/server/moa-id-commons/src/main/resources/configuration.beans.xml index 775d02d05..4d3caea8c 100644 --- a/id/server/moa-id-commons/src/main/resources/configuration.beans.xml +++ b/id/server/moa-id-commons/src/main/resources/configuration.beans.xml @@ -11,44 +11,10 @@ <context:annotation-config /> - <!-- context:property-placeholder location="${location}"/--> - -<!-- <bean class="at.gv.egovernment.moa.id.commons.config.persistence.JPAPropertiesWithJavaConfig"> - </bean> --> - <bean id="configPropertyDao" class="at.gv.egovernment.moa.id.commons.db.dao.config.DatabaseConfigPropertyImpl"/> <bean id="moaidconfig" class="at.gv.egovernment.moa.id.commons.config.persistence.MOAIDConfigurationImpl" /> -<!-- <property name="configPropertyDao" ref="configPropertyDao" /> - </bean> --> - - -<!-- <bean id="configRead" class="at.gv.egovernment.moa.id.commons.db.NewConfigurationDBRead"/> --> -<!-- <bean id="configWrite" class="at.gv.egovernment.moa.id.commons.db.NewConfigurationDBWrite"/> --> - -<!-- <bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource" lazy-init="true" destroy-method="close"> - <aop:scoped-proxy/> - <property name="driverClassName" value="${hibernate.connection.driver_class}" /> - <property name="url" value="${hibernate.connection.url}"/> - <property name="username" value="${hibernate.connection.username}" /> - <property name="password" value="${hibernate.connection.password}" /> - <property name="testOnBorrow" value="true" /> - <property name="validationQuery" value="SELECT 1" /> - </bean> --> - - -<!-- <bean id="jpaVendorAdapter" class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter"> - <property name="showSql" value="true" /> - <property name="generateDdl" value="${jpaVendorAdapter.generateDdl}" /> - <property name="generateDdl"> - <bean class="java.lang.Boolean"> - <constructor-arg value="${jpaVendorAdapter.generateDdl}"/> - </bean> - </property> - <property name="databasePlatform" value="${hibernate.dialect}" /> - </bean> --> - <bean name="config" id="entityManagerFactory" class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean"> <property name="dataSource" ref="dataSource" /> diff --git a/id/server/moa-id-commons/src/main/resources/moaid.migration.beans.xml b/id/server/moa-id-commons/src/main/resources/moaid.migration.beans.xml index a0923c03f..3bd122254 100644 --- a/id/server/moa-id-commons/src/main/resources/moaid.migration.beans.xml +++ b/id/server/moa-id-commons/src/main/resources/moaid.migration.beans.xml @@ -21,13 +21,22 @@ <property name="url" value="${hibernate.connection.url}"/> <property name="username" value="${hibernate.connection.username}" /> <property name="password" value="${hibernate.connection.password}" /> - <property name="testOnBorrow" value="true" /> + + <property name="connectionProperties" value="${dbcp.connectionProperties}" /> + <property name="initialSize" value="${dbcp.initialSize}" /> + <property name="maxActive" value="${dbcp.maxActive}" /> + <property name="maxIdle" value="${dbcp.maxIdle}" /> + <property name="minIdle" value="${dbcp.minIdle}" /> + <property name="maxWait" value="${dbcp.maxWaitMillis}" /> + <property name="testOnBorrow" value="${dbcp.testOnBorrow}" /> + <property name="testOnReturn" value="${dbcp.testOnReturn}" /> + <property name="testWhileIdle" value="${dbcp.testWhileIdle}" /> <property name="validationQuery" value="SELECT 1" /> </bean> <bean id="jpaVendorAdapter" class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter"> - <property name="showSql" value="true" /> + <property name="showSql" value="${hibernate.show_sql}" /> <property name="generateDdl" value="${jpaVendorAdapter.generateDdl}" /> <property name="databasePlatform" value="${hibernate.dialect}" /> </bean> |