* Update DOMUtils

* Update MOA-SPSS Konfiguration Dokumentation
* Update Resolver

git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1240 d688527b-c9ab-4aba-bd8d-4036d912da1d

8 files changed, 39 insertions, 27 deletions

diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
index 1211b5e94..40416f121 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
@@ -408,7 +408,7 @@ public class ConfigurationPartsBuilder {
 	  
 	  Element permitExtElem = null;
 	  while ((permitExtElem = (Element) permitExtIter.nextNode()) != null) {
-	      String host = getElementValue(permitExtElem, CONF + "Host", null);
+	      String host = getElementValue(permitExtElem, CONF + "IP", null);
 	      String port = getElementValue(permitExtElem, CONF + "Port", null);
 	      
 	      
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java
index 0d100676b..148be664b 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java
@@ -72,7 +72,6 @@ import at.gv.egovernment.moa.spss.util.MessageProvider;
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.EntityResolverChain;
-import at.gv.egovernment.moa.util.MOAEntityResolver;
 import at.gv.egovernment.moa.util.MOAErrorHandler;
 import at.gv.egovernment.moa.util.StreamEntityResolver;
 import at.gv.egovernment.moa.util.StreamUtils;
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ExternalURIResolver.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ExternalURIResolver.java
index e09ade231..84172a4d5 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ExternalURIResolver.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ExternalURIResolver.java
@@ -101,7 +101,7 @@ public class ExternalURIResolver {
     try {
       // create the URL
       url = new URL(uriStr);
-      System.out.println("ExternalURIResolver: " + url);
+      //System.out.println("ExternalURIResolver: " + url);
       ExternalURIVerifier.verify(url.getHost(), url.getPort());
       
     } catch (MalformedURLException e) {
@@ -113,6 +113,8 @@ public class ExternalURIResolver {
       connection = url.openConnection();
       if ("http".equals(url.getProtocol())) {
         HttpURLConnection httpConnection = (HttpURLConnection) connection;
+        // disallow redirects
+        httpConnection.setInstanceFollowRedirects(false);
 
         httpConnection.connect();
         if (httpConnection.getResponseCode() != HttpURLConnection.HTTP_OK) {
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/ServiceUtils.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/ServiceUtils.java
index a088916a9..1bb125c74 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/ServiceUtils.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/ServiceUtils.java
@@ -29,10 +29,12 @@ import java.io.ByteArrayInputStream;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.util.MOASPSSEntityResolver;
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.egovernment.moa.util.DOMUtils;
-
-import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.util.MOAEntityResolver;
+import at.gv.egovernment.moa.util.MOAErrorHandler;
 
 /**
  * Helper methods for the Service classes.
@@ -56,7 +58,8 @@ public class ServiceUtils {
       DOMUtils.validateElement(
         request[0],
         Constants.ALL_SCHEMA_LOCATIONS,
-        null);
+        null,
+        new MOASPSSEntityResolver());
     } catch (Exception e) {
       throw new MOAApplicationException(
         "1100",
@@ -78,12 +81,18 @@ public class ServiceUtils {
 
     try {
       byte[] requestBytes = DOMUtils.serializeNode(request, "UTF-8");
-      Document validatedRequest =
-        DOMUtils.parseDocument(
-          new ByteArrayInputStream(requestBytes),
-          true,
-          Constants.ALL_SCHEMA_LOCATIONS,
-          null);
+      Document validatedRequest = DOMUtils.parseDocument(new ByteArrayInputStream(requestBytes),
+    	          true,
+    	          Constants.ALL_SCHEMA_LOCATIONS,
+    	          null,
+    		      new MOASPSSEntityResolver(),
+    		      new MOAErrorHandler());
+    	  
+//        DOMUtils.parseDocument(
+//          new ByteArrayInputStream(requestBytes),
+//          true,
+//          Constants.ALL_SCHEMA_LOCATIONS,
+//          null);
       return validatedRequest.getDocumentElement();
     } catch (Exception e) {
       throw new MOAApplicationException(
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureCreationService.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureCreationService.java
index 3304e262f..7a7bb88bb 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureCreationService.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureCreationService.java
@@ -94,6 +94,7 @@ public class SignatureCreationService {
 
       //since Axis (1.1 ff) has problem with namespaces we take the raw request stored by the Axishandler.
       TransactionContext context = TransactionContextManager.getInstance().getTransactionContext();
+  
       // validate the request
       reparsedReq = ServiceUtils.reparseRequest(request[0]);//context.getRequest());
 
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/ExternalURIVerifier.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/ExternalURIVerifier.java
index 1f1282e66..dafb89f16 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/ExternalURIVerifier.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/ExternalURIVerifier.java
@@ -5,6 +5,8 @@ import java.net.UnknownHostException;
 import java.util.Iterator;

 import java.util.List;

 

+import at.gv.egovernment.moa.logging.LogMsg;

+import at.gv.egovernment.moa.logging.Logger;

 import at.gv.egovernment.moa.spss.MOAApplicationException;

 import at.gv.egovernment.moa.spss.server.config.ConfigurationException;

 import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;

@@ -13,7 +15,6 @@ public class ExternalURIVerifier {
 	

 	public static void verify(String host, int port) throws MOAApplicationException {

 		

-		System.out.println("ExternalURIVerifier: " + host + ":" + port);

 		

 		if (host == null)

 			return;

@@ -39,15 +40,15 @@ public class ExternalURIVerifier {
 						if (bport == null || port == -1) {

 							// check only host

 							if (ip.startsWith(bhost)) {

-								System.out.println("Blacklist check: " + host + " (" + ip + ") blacklisted");

+								Logger.debug(new LogMsg("Blacklist check: " + host + " (" + ip + ") blacklisted"));

 								throw new MOAApplicationException("4002", new Object[]{host + "(" + ip + ")"});

 							}

 						}

 						else {

 							// check host and port

 							int iport = new Integer(bport).intValue();

-							if (ip.startsWith(bhost) && (iport == port)) {								

-								System.out.println("Blacklist check: " + host + ":" + port + " (" + ip + ":" + port + " blacklisted");

+							if (ip.startsWith(bhost) && (iport == port)) {

+								Logger.debug(new LogMsg("Blacklist check: " + host + ":" + port + " (" + ip + ":" + port + " blacklisted"));

 								throw new MOAApplicationException("4002", new Object[]{host + ":" + port + " (" + ip + ":" + port + ")"});							

 							}

 								

@@ -55,11 +56,11 @@ public class ExternalURIVerifier {
 					}

 				}

 				else {					

-					System.out.println("No external URIs allowed (" + host + ")");

+					Logger.debug(new LogMsg("No external URIs allowed (" + host + ")"));

 					throw new MOAApplicationException("4001", new Object[]{host});					

 				}

 				

-				System.out.println("URI allowed: " + ip + ":" + port);

+				Logger.debug(new LogMsg("URI allowed: " + ip + ":" + port));

 			  	  

 			} catch (ConfigurationException e) {

 				throw new MOAApplicationException("config.10", null);

diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/MOASPSSEntityResolver.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/MOASPSSEntityResolver.java
index 1f12fb869..b5f72c4ab 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/MOASPSSEntityResolver.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/MOASPSSEntityResolver.java
@@ -29,6 +29,7 @@ import org.apache.xerces.util.URI;
 import org.apache.xerces.util.URI.MalformedURIException;

 import org.xml.sax.EntityResolver;

 import org.xml.sax.InputSource;

+import org.xml.sax.SAXException;

 

 import at.gv.egovernment.moa.logging.LogMsg;

 import at.gv.egovernment.moa.logging.Logger;

@@ -68,12 +69,10 @@ public class MOASPSSEntityResolver implements EntityResolver {
    * <code>null</code>, if the entity could not be found.

    * @see org.xml.sax.EntityResolver#resolveEntity(java.lang.String, java.lang.String)

    */

-  public InputSource resolveEntity(String publicId, String systemId) {

+  public InputSource resolveEntity(String publicId, String systemId) throws SAXException {

     InputStream stream;

     int slashPos;

     

-    System.out.println("MOASPSSEntityResover: " + publicId + " - " + systemId);

-

     if (Logger.isDebugEnabled()) {

       Logger.debug(

         new LogMsg("resolveEntity: p=" + publicId + " s=" + systemId));

@@ -95,21 +94,22 @@ public class MOASPSSEntityResolver implements EntityResolver {
       try {

         URI uri = new URI(systemId);

         systemId = uri.getPath();

-        System.out.println("MOASPSSEntityResover: " + uri);

         

-        if (!"file".equals(uri.getScheme()) || "".equals(systemId.trim())) {

+        if ("".equals(systemId.trim())) {

           return null;

         }

-        	

         

+//        if (!"file".equals(uri.getScheme()) || "".equals(systemId.trim())) {

+//          return null;

+//        }

+

         ExternalURIVerifier.verify(uri.getHost(), uri.getPort());

         

       } catch (MalformedURIException e) {

         return null;

       } 

       catch (MOAApplicationException e) {

-    	  e.printStackTrace();

-    	  return null;

+			throw new SAXException(e);

       }

       

       // try to get the resource from the full path

diff --git a/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties b/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties
index debb70b31..fbd0cd7c2 100644
--- a/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties
+++ b/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties
@@ -89,7 +89,7 @@
 3203=Signaturumgebung kann nicht geladen werden (Reference="{0}", LocRef-URI="{1}")

 

 4001=Externe URI {0} darf nicht geladen werden (externe URIs generell verboten)

-4002=Externe URI {0} befindet sich auf der Blackliste und darf nicht geladen werden

+4002=Externe URI {0} befindet sich auf der Blacklist und darf nicht geladen werden

 4003=IP-Adresse für {0} konnte nicht ermitteln werden