aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java32
1 files changed, 27 insertions, 5 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 7c581d470..aff2c83ad 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -23,6 +23,7 @@
package at.gv.egovernment.moa.id.moduls;
import java.io.IOException;
+import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Enumeration;
@@ -90,6 +91,7 @@ import at.gv.egovernment.moa.util.MiscUtil;
@Service("MOAID_AuthenticationManager")
public class AuthenticationManager extends MOAIDAuthConstants {
+ private static List<String> reqParameterWhiteListeForModules = new ArrayList<String>();
public static final String MOA_SESSION = "MoaAuthenticationSession";
public static final String MOA_AUTHENTICATED = "MoaAuthenticated";
@@ -309,6 +311,18 @@ public class AuthenticationManager extends MOAIDAuthConstants {
}
/**
+ * Add a request parameter to whitelist. All parameters that are part of the white list are added into {@link ExecutionContext}
+ *
+ * @param httpReqParam http parameter name, but never null
+ */
+ public void addParameterNameToWhiteList(String httpReqParam) {
+ if (MiscUtil.isNotEmpty(httpReqParam))
+ reqParameterWhiteListeForModules.add(httpReqParam);
+
+ }
+
+
+ /**
* Checks if a authenticated MOASession already exists and if {protocolRequest} is authenticated
*
* @param protocolRequest Authentication request which is actually in process
@@ -386,17 +400,25 @@ public class AuthenticationManager extends MOAIDAuthConstants {
executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_ISLEGACYREQUEST, leagacyMode);
executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_BKUSELECTION, !leagacyMode
&& MiscUtil.isEmpty(pendingReq.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class)));
+
+ //add X509 SSL client certificate if exist
+ if (httpReq.getAttribute("javax.servlet.request.X509Certificate") != null) {
+ Logger.debug("Find SSL-client-certificate on request --> Add it to context");
+ executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_SSL_CLIENT_CERTIFICATE,
+ ((X509Certificate[])httpReq.getAttribute("javax.servlet.request.X509Certificate")));
+
+ }
- //add leagcy parameters to context
- if (leagacyMode) {
+ //add additional http request parameter to context
+ if (!reqParameterWhiteListeForModules.isEmpty() || leagacyMode) {
Enumeration<String> reqParamNames = httpReq.getParameterNames();
while(reqParamNames.hasMoreElements()) {
String paramName = reqParamNames.nextElement();
if (MiscUtil.isNotEmpty(paramName) &&
- MOAIDAuthConstants.LEGACYPARAMETERWHITELIST.contains(paramName))
+ ( MOAIDAuthConstants.LEGACYPARAMETERWHITELIST.contains(paramName)
+ || reqParameterWhiteListeForModules.contains(paramName) ))
executionContext.put(paramName,
- StringEscapeUtils.escapeHtml(httpReq.getParameter(paramName)));
-
+ StringEscapeUtils.escapeHtml(httpReq.getParameter(paramName)));
}
}