diff options
33 files changed, 709 insertions, 272 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java index cf5615a13..8279b28d8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java @@ -93,7 +93,7 @@ public class MOAIDAuthInitializer { // Mapping OpenSSL - Java // OpenSSL Java // http://www.openssl.org/docs/apps/ciphers.html http://docs.oracle.com/javase/6/docs/technotes/guides/security/SunProviders.html -// via “openssl ciphers -tls1 HIGH –v” +// via !openssl ciphers -tls1 HIGH !v! // // ADH-AES256-SHA TLS_DH_anon_WITH_AES_256_CBC_SHA // DHE-RSA-AES256-SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java index 2da7db2b2..245ab206d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java @@ -180,8 +180,8 @@ public class CreateXMLSignatureRequestBuilder implements Constants { // request += "</style>"; request += "</head>"; request += "<body>"; - request += "<h4 class=\"h4style\">Anmeldedaten für (Requesting Application Access for):</h4>"; - request += "<p class=\"titlestyle\">Persönliche Daten (Personal Data)</p>"; + request += "<h4 class=\"h4style\">Anmeldedaten für (Requesting Application Access for):</h4>"; + request += "<p class=\"titlestyle\">Persönliche Daten (Personal Data)</p>"; request += "<table class=\"parameters\">"; request += "<tr>"; request += "<td class=\"italicstyle\">Name:</td>"; @@ -201,7 +201,7 @@ public class CreateXMLSignatureRequestBuilder implements Constants { request += "</tr>"; request += "<tr>"; request += "<td class=\"italicstyle\">Land (Country):</td>"; - request += "<td class=\"normalstyle\">Österreich (Austria)</td>"; + request += "<td class=\"normalstyle\">Österreich (Austria)</td>"; request += "</tr>"; request += "</table>"; request += "<p class=\"titlestyle\">Technische Parameter (Technical Parameters)</p>"; @@ -253,14 +253,14 @@ public class CreateXMLSignatureRequestBuilder implements Constants { request += "</tr>"; request += "</table>"; - request += "<p class=\"normalstyle\">Mit der Anmeldung erfolgt eine Abfrage des Ergänzungsregister für " + - "natürliche Personen (ERnP), damit ich meinen elektronischen " + - "Identitätsnachweis (meine elektronische Identitätskarte) unmittelbar " + - "als Österreichische Bürgerkarte verwenden kann. Ich bin nicht im " + + request += "<p class=\"normalstyle\">Mit der Anmeldung erfolgt eine Abfrage des Ergänzungsregister für " + + "natürliche Personen (ERnP), damit ich meinen elektronischen " + + "Identitätsnachweis (meine elektronische Identitätskarte) unmittelbar " + + "als Österreichische Bürgerkarte verwenden kann. Ich bin nicht im " + "Zentralen Melderegister eingetragen und stimme, sofern ich nicht im " + "ERnP eingetragen bin, einer Eintragung ins ERnP zu. Ich nehme zur " + - "Kenntnis, dass die Eintragung ins ERnP ausschließlich der Aufzeichnung " + - "jener Daten, die für die eindeutige Identität notwendig sind, dient.</p>"; + "Kenntnis, dass die Eintragung ins ERnP ausschließlich der Aufzeichnung " + + "jener Daten, die für die eindeutige Identität notwendig sind, dient.</p>"; request += "<p class=\"normalstyle\">I affirm that I am not registered with the Austrian Central " + "Register of Residents or the Supplementary Register for Natural Persons. I therefore " + @@ -277,7 +277,7 @@ public class CreateXMLSignatureRequestBuilder implements Constants { // "Residents Registry and that I am not obliged to register with the Austrian " + // "Central Residents Registry according to Austrian law.<br/>" + // "In the event I am not yet registered with the Supplementary Register, I " + -// "explicitly grant to do so according to §6 (5) E-Government Act (EGovG, idF: " + +// "explicitly grant to do so according to §6 (5) E-Government Act (EGovG, idF: " + // "BGBl. I Nr. 7/2008 und BGBl. I Nr. 59/2008).</p>"; request += "</body>"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilderForeign.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilderForeign.java index 6368713db..650f1578d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilderForeign.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilderForeign.java @@ -123,19 +123,19 @@ public class CreateXMLSignatureRequestBuilderForeign extends Builder { out.write("<");
else if (ch == '>')
out.write(">");
- else if (ch == 'ä')
+ else if (ch == 'ä')
out.write("ä");
- else if (ch == 'ö')
+ else if (ch == 'ö')
out.write("ö");
- else if (ch == 'ü')
+ else if (ch == 'ü')
out.write("ü");
- else if (ch == 'Ä')
+ else if (ch == 'Ä')
out.write("Ä");
- else if (ch == 'Ö')
+ else if (ch == 'Ö')
out.write("Ö");
- else if (ch == 'Ü')
+ else if (ch == 'Ü')
out.write("Ü");
- else if (ch == 'ß')
+ else if (ch == 'ß')
out.write("ß");
else
out.write(ch);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java index d40cd1909..bd8d52031 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java @@ -154,19 +154,19 @@ public class GetIdentityLinkFormBuilder extends Builder { out.write("<"); else if (ch == '>') out.write(">"); - else if (ch == 'ä') + else if (ch == 'ä') out.write("ä"); - else if (ch == 'ö') + else if (ch == 'ö') out.write("ö"); - else if (ch == 'ü') + else if (ch == 'ü') out.write("ü"); - else if (ch == 'Ä') + else if (ch == 'Ä') out.write("Ä"); - else if (ch == 'Ö') + else if (ch == 'Ö') out.write("Ö"); - else if (ch == 'Ü') + else if (ch == 'Ãœ') out.write("Ü"); - else if (ch == 'ß') + else if (ch == 'ß') out.write("ß"); else out.write(ch); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java index 029aeadc2..2133d0455 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java @@ -32,6 +32,7 @@ import javax.servlet.ServletConfig; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; import javax.swing.text.StyleContext.SmallAttributeSet; import org.apache.commons.lang.StringEscapeUtils; @@ -47,6 +48,8 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.config.stork.CPEPS; import at.gv.egovernment.moa.id.config.stork.STORKConfig; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol; import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; @@ -98,6 +101,8 @@ public class StartAuthenticationServlet extends AuthServlet { } authURL = authURL.concat(req.getContextPath() + "/"); + HttpSession httpSession = req.getSession(); + String target = req.getParameter(PARAM_TARGET); String sourceID = req.getParameter(PARAM_SOURCEID); String oaURL = req.getParameter(PARAM_OA); @@ -106,8 +111,11 @@ public class StartAuthenticationServlet extends AuthServlet { String sessionID = req.getParameter(PARAM_SESSIONID); String useMandate = req.getParameter(PARAM_USEMANDATE); String ccc = req.getParameter(PARAM_CCC); - String modul = req.getParameter(PARAM_MODUL); - String action = req.getParameter(PARAM_ACTION); + + IRequest request = RequestStorage.getPendingRequest(httpSession); + + String modul = request.requestedModule();//req.getParameter(PARAM_MODUL); + String action = request.requestedAction();//req.getParameter(PARAM_ACTION); // escape parameter strings //TODO: use URLEncoder.encode!! @@ -150,6 +158,8 @@ public class StartAuthenticationServlet extends AuthServlet { action = SAML1Protocol.GETARTIFACT; } + Logger.info("Start Authentication Module: " + modul + " Action: " + action); + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); if (oaParam == null) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java index dfad29e50..8d2f95cce 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java @@ -208,7 +208,7 @@ public class CreateXMLSignatureResponseValidator { } if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { foundOA = true; - if (!oaURL.equals((String)samlAttribute.getValue())) { // CHECKS für die AttributeVALUES fehlen noch + if (!oaURL.equals((String)samlAttribute.getValue())) { // CHECKS für die AttributeVALUES fehlen noch throw new ValidateException("validator.16", new Object[] {":gefunden wurde '" + oaURL + "', erwartet wurde '" + samlAttribute.getValue()}); } } else { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java index 576d9c358..88c4a8feb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java @@ -168,9 +168,9 @@ public class ParepInputProcessorImpl implements ParepInputProcessor{ if (!locErrortext.endsWith(": ")) locErrortext = locErrortext + ", ";
locErrortext = locErrortext + "Vorname";
}
- // Auf existierendes Datum prüfen
+ // Auf existierendes Datum prüfen
SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd");
- format.setLenient(false); // Wir wollen keine künstliche Pareserintelligenz, nur Datum prüfen
+ format.setLenient(false); // Wir wollen keine künstliche Pareserintelligenz, nur Datum prüfen
try {
format.parse(dateOfBirth);
}
@@ -192,7 +192,7 @@ public class ParepInputProcessorImpl implements ParepInputProcessor{ }
if (ParepUtils.isEmpty(cbIdentificationValue)) {
if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", ";
- locErrortext = locErrortext + "Ordnungsnummer im ausgewählten Register";
+ locErrortext = locErrortext + "Ordnungsnummer im ausgewählten Register";
}
}
}
@@ -200,7 +200,7 @@ public class ParepInputProcessorImpl implements ParepInputProcessor{ request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName,
cbIdentificationType, cbIdentificationValue);
if (formNecessary) {
- // Daten noch nicht vollständig oder anderer Fehler
+ // Daten noch nicht vollständig oder anderer Fehler
if (locErrortext.endsWith("fehlen: ")) locErrortext ="";
String error = "";
if (!ParepUtils.isEmpty(extErrortext)) {
@@ -293,7 +293,7 @@ public class ParepInputProcessorImpl implements ParepInputProcessor{ form = ParepUtils.replaceAll(form, "<rpdobyear>", rpDateOfBirth.substring(0,4));
form = ParepUtils.replaceAll(form, "<rpdobmonth>", rpDateOfBirth.substring(5,7));
form = ParepUtils.replaceAll(form, "<rpdobday>", rpDateOfBirth.substring(8,10));
- //darf zw. phys. und jur. Person gewählt werden:
+ //darf zw. phys. und jur. Person gewählt werden:
//form = replaceAll(form, "seldisabled=\"\"", reducedSelection ? "disabled=\"true\"" : "");
form = ParepUtils.replaceAll(form, "physdisabled=\"\"", physEnabled ? "" : "disabled=\"true\"");
form = ParepUtils.replaceAll(form, "physselected=\"\"", physical ? "checked=\"checked\"" : "");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java index 5eeaa5d3d..ab7a134c8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java @@ -650,7 +650,7 @@ public class ParepUtils { if (ParepUtils.isEmpty(register)) return null;
if (register.equals("FN") || register.equals("XFN")) return "Firmenbuchnummer";
if (register.equals("VR") || register.equals("XZVR") || register.equals("XVR") || register.equals("ZVR")) return "Nummer im Vereinsregister";
- if (register.equals("ERSB") || register.equals("XERSB")) return "Nummer im Ergänzungsregister für sonstige Betroffene";
+ if (register.equals("ERSB") || register.equals("XERSB")) return "Nummer im Ergänzungsregister für sonstige Betroffene";
return null;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java index 7bd6f5e28..735117094 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java @@ -88,7 +88,7 @@ public class ParepValidator implements InfoboxValidator { private String form = null;
/** unspecified error of parep-validator (must not know more about)*/
- private final static String COMMON_ERROR = "Es ist ein Fehler bei der Überprüfung für berufsmäßige Parteienvetretung aufgetreten";
+ private final static String COMMON_ERROR = "Es ist ein Fehler bei der �berpr�fung f�r berufsm��ige Parteienvetretung aufgetreten";
/** Default class to gather remaining mandator data. */
public final static String PAREP_INPUT_PROCESSOR = "at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl";
@@ -97,7 +97,7 @@ public class ParepValidator implements InfoboxValidator { public final static String PAREP_INPUT_TEMPLATE = "/resources/templates/ParepMinTemplate.html";
/** kind of representation text in AUTH block*/
- public final static String STANDARD_REPRESENTATION_TEXT = "berufsmäßige(r) Parteienvertreter(in)";
+ public final static String STANDARD_REPRESENTATION_TEXT = "berufsm��ige(r) Parteienvertreter(in)";
/** Names of the produced SAML-attributes. */
public final static String EXT_SAML_MANDATE_RAW = "Mandate";
@@ -141,7 +141,7 @@ public class ParepValidator implements InfoboxValidator { InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null);
try {
- Logger.debug("Starte Organwalter-/berufsmäßige Parteienvertreterprüfung.");
+ Logger.debug("Starte Organwalter-/berufsmäßige Parteienvertreterprüfung.");
this.params = params;
Element mandate = extractPrimaryToken(this.params.getInfoboxTokenList());
@@ -152,7 +152,7 @@ public class ParepValidator implements InfoboxValidator { return validationResult;
}
- // Überprüfen der Identifikation (Type/Value).
+ // überprüfen der Identifikation (Type/Value).
String identificationType = this.params.getIdentificationType();
String identificationValue = this.params.getIdentificationValue();
if (this.params.getBusinessApplication()) {
@@ -165,9 +165,9 @@ public class ParepValidator implements InfoboxValidator { }
} else {
if (representationID.startsWith(MOAIDAuthConstants.PARTY_ORGAN_REPRESENTATION_OID_NUMBER)) {
- //Für Organwalter wird die Stammzahl zur Berechnung der Organwalter-bPK benötigt
+ //Für Organwalter wird die Stammzahl zur Berechnung der Organwalter-bPK benötigt
if (!Constants.URN_PREFIX_BASEID.equals(this.params.getIdentificationType())) {
- Logger.error("Für eine Vertretung durch Organwalter ist es notwendig dessen Stammzahl an das Stammzahlenregister-Gateway zu übermitteln. In der MOA-ID Konfiguration muss die Übermittlung Stammzahl aktiviert sein.");
+ Logger.error("Für eine Vertretung durch Organwalter ist es notwendig dessen Stammzahl an das Stammzahlenregister-Gateway zu �bermitteln. In der MOA-ID Konfiguration muss die �bermittlung Stammzahl aktiviert sein.");
validationResult.setErrorMessage("Die standardisierte Vollmacht wird von diesem Server nicht akzeptiert.");
return validationResult;
} else {
@@ -179,7 +179,7 @@ public class ParepValidator implements InfoboxValidator { identificationType = Constants.URN_PREFIX_CDID;
String bpkBase64 = new BPKBuilder().buildBPK(this.params.getIdentificationValue(), this.params.getTarget());
identificationValue = bpkBase64;
- Logger.debug("bPK für Parteienvertreter wurde berechnet. Parteienvertreter wird mit bPK identifiziert");
+ Logger.debug("bPK für Parteienvertreter wurde berechnet. Parteienvertreter wird mit bPK identifiziert");
} else {
Logger.debug("Parteienvertreter wird mit bPK identifiziert");
}
@@ -189,7 +189,7 @@ public class ParepValidator implements InfoboxValidator { Configure(this.params.getApplicationSpecificParams());
// check if we have a configured party representative for that
if (!parepConfiguration.isPartyRepresentative(representationID)) {
- Logger.info("Kein berufsmäßiger Parteienvertreter für MandateID \"" + representationID + "\" konfiguriert.");
+ Logger.info("Kein berufsmäßiger Parteienvertreter für MandateID \"" + representationID + "\" konfiguriert.");
validationResult.setErrorMessage("Die standardisierte Vollmacht wird von diesem Server nicht akzeptiert.");
return validationResult;
}
@@ -200,7 +200,7 @@ public class ParepValidator implements InfoboxValidator { // ParepUtils.serializeElement(request.getRepresentative(), System.out);
//ParepUtils.saveElementToFile(request.getRepresentative(), new File("c:/representative.xml"));
- Logger.debug("Prüfe vorausgefüllte Daten...");
+ Logger.debug("Prüfe vorausgefüllte Daten...");
boolean physical = true;
String familyName = "";
String givenName = "";
@@ -239,7 +239,7 @@ public class ParepValidator implements InfoboxValidator { }
if (physical) {
if (!parepConfiguration.isRepresentingPhysicalParty(representationID)) {
- validationResult.setErrorMessage("Vertretung von natürlichen Personen für diese standardisierte Vollmacht nicht erlaubt.");
+ validationResult.setErrorMessage("Vertretung von natürlichen Personen für diese standardisierte Vollmacht nicht erlaubt.");
return validationResult;
}
if (ParepUtils.isEmpty(familyName) || ParepUtils.isEmpty(givenName) || ParepUtils.isEmpty(dateOfBirth)) {
@@ -247,7 +247,7 @@ public class ParepValidator implements InfoboxValidator { }
} else {
if (!parepConfiguration.isRepresentingCorporateParty(representationID)) {
- validationResult.setErrorMessage("Vertretung von juristischen Personen für diese standardisierte Vollmacht nicht erlaubt.");
+ validationResult.setErrorMessage("Vertretung von juristischen Personen für diese standardisierte Vollmacht nicht erlaubt.");
return validationResult;
}
if (ParepUtils.isEmpty(cbFullName) || ParepUtils.isEmpty(cbIdentificationType) || ParepUtils.isEmpty(cbIdentificationValue)) {
@@ -255,7 +255,7 @@ public class ParepValidator implements InfoboxValidator { }
}
- //Zeigen wir, dass die Daten übernommen wurden:
+ //Zeigen wir, dass die Daten �bernommen wurden:
if (parepConfiguration.isAlwaysShowForm()) formNecessary=true;
// Input processor
@@ -281,7 +281,7 @@ public class ParepValidator implements InfoboxValidator { addAuthBlockExtendedSamlAttributes();
validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes());
- Logger.debug("Überprüfung der vertretenen Partei erfolgreich beendet");
+ Logger.debug("�berpr�fung der vertretenen Partei erfolgreich beendet");
validationResult.setValid(true);
return validationResult;
} catch (Exception e) {
@@ -300,8 +300,8 @@ public class ParepValidator implements InfoboxValidator { public InfoboxValidationResult validate(Map parameters) throws ValidateException {
InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null);
- Logger.debug("Intermediate processing von Organwalter-/berufsmäßige Parteienvertreterprüfung");
- Logger.debug("Prüfe im Formular ausgefüllte Daten...");
+ Logger.debug("Intermediate processing von Organwalter-/berufsmäßige Parteienvertreterprüfung");
+ Logger.debug("Prüfe im Formular ausgefüllte Daten...");
if (PAREP_DEBUG) Logger.debug("Got parameters from user input form: " + parameters.toString());
// Input processor
@@ -315,7 +315,7 @@ public class ParepValidator implements InfoboxValidator { addAuthBlockExtendedSamlAttributes();
validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes());
validationResult.setValid(true);
- Logger.debug("Intermediate processing von Organwalter-/berufsmäßige Parteienvertreterprüfung erfolgreich beendet");
+ Logger.debug("Intermediate processing von Organwalter-/berufsmäßige Parteienvertreterprüfung erfolgreich beendet");
return validationResult;
}
@@ -327,7 +327,7 @@ public class ParepValidator implements InfoboxValidator { public InfoboxValidationResult validate(Element samlAssertion) throws ValidateException {
InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null);
- Logger.debug("Post processing von Organwalter-/berufsmäßige Parteienvertreterprüfung");
+ Logger.debug("Post processing von Organwalter-/berufsm��ige Parteienvertreterpr�fung");
this.form = "";
try {
@@ -341,9 +341,9 @@ public class ParepValidator implements InfoboxValidator { // if (true) {
// if (this.params.getHideStammzahl()) {
// if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +"_origin.xml"));
-// // Achtung: Es wird hier nicht spezifikationskonform vorgegangen, damit im Kompatibilitätsmodus Personendaten ersetzt werden können.
-// // Würden die Stammzahlen gelöscht (geblindet) werden, würde der Identifikationswert des Vertretenen gänzlich fehlen.
-// // Im Falle einen business Anwendung berechnet MOA-ID nach Rückkehr das wbPK
+// // Achtung: Es wird hier nicht spezifikationskonform vorgegangen, damit im Kompatibilit�tsmodus Personendaten ersetzt werden k�nnen.
+// // W�rden die Stammzahlen gel�scht (geblindet) werden, w�rde der Identifikationswert des Vertretenen g�nzlich fehlen.
+// // Im Falle einen business Anwendung berechnet MOA-ID nach R�ckkehr das wbPK
// ParepUtils.HideStammZahlen(mandate, this.params.getBusinessApplication(), this.params.getTarget(), this.params.getDomainIdentifier(), false);
// }
// if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +".xml"));
@@ -403,7 +403,7 @@ public class ParepValidator implements InfoboxValidator { validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes());
validationResult.setValid(true);
- Logger.debug("Post processing von Organwalter-/berufsmäßige Parteienvertreterprüfung erfolgreich beendet");
+ Logger.debug("Post processing von Organwalter-/berufsm��ige Parteienvertreterpr�fung erfolgreich beendet");
} else {
String errorMsg = "Fehler " + response.getResultCode() + " bei Stammzahlenregister-Gateway Anfrage";
String responseInfo = response.getInfo();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetsAndSectorNames.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetsAndSectorNames.java index 1fe8f13b6..a2962e4b2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetsAndSectorNames.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetsAndSectorNames.java @@ -30,7 +30,7 @@ package at.gv.egovernment.moa.id.config; /**
* This interface contains all actual possible targets in Austria (shortcuts and friendly names)
- * Bereichskennung and Tätigkeitsbereich
+ * Bereichskennung and T�tigkeitsbereich
* @author bzwattendorfer
*
*/
@@ -38,178 +38,178 @@ public interface TargetsAndSectorNames { /** Bereichskennung AR */
public static String TARGET_AR = "AR";
- /** Tätigkeitsbereich AR */
+ /** Tätigkeitsbereich AR */
public static String TARGET_AR_SECTOR = "Arbeit";
/** Bereichskennung AS */
public static String TARGET_AS = "AS";
- /** Tätigkeitsbereich AS */
+ /** Tätigkeitsbereich AS */
public static String TARGET_AS_SECTOR = "Amtliche Statistik";
/** Bereichskennung BF */
public static String TARGET_BF = "BF";
- /** Tätigkeitsbereich BF */
+ /** Tätigkeitsbereich BF */
public static String TARGET_BF_SECTOR = "Bildung und Forschung";
/** Bereichskennung BW */
public static String TARGET_BW = "BW";
- /** Tätigkeitsbereich BW */
+ /** Tätigkeitsbereich BW */
public static String TARGET_BW_SECTOR = "Bauen und Wohnen";
/** Bereichskennung EA */
public static String TARGET_EA = "EA";
- /** Tätigkeitsbereich EA */
- public static String TARGET_EA_SECTOR = "EU und Auswärtige Angelegenheiten";
+ /** Tätigkeitsbereich EA */
+ public static String TARGET_EA_SECTOR = "EU und Auswärtige Angelegenheiten";
/** Bereichskennung EF */
public static String TARGET_EF = "EF";
- /** Tätigkeitsbereich EF */
+ /** Tätigkeitsbereich EF */
public static String TARGET_EF_SECTOR = "Ein- und Ausfuhr";
/** Bereichskennung GH */
public static String TARGET_GH = "GH";
- /** Tätigkeitsbereich GH */
+ /** Tätigkeitsbereich GH */
public static String TARGET_GH_SECTOR = "Gesundheit";
/** Bereichskennung GS */
public static String TARGET_GS = "GS";
- /** Tätigkeitsbereich GS */
+ /** Tätigkeitsbereich GS */
public static String TARGET_GS_SECTOR = "Gesellschaft und Soziales";
/** Bereichskennung GS-RE */
public static String TARGET_GS_RE = "GS-RE";
- /** Tätigkeitsbereich GS-RE */
+ /** Tätigkeitsbereich GS-RE */
public static String TARGET_GS_RE_SECTOR = "Restitution";
/** Bereichskennung JR */
public static String TARGET_JR = "JR";
- /** Tätigkeitsbereich JR */
+ /** Tätigkeitsbereich JR */
public static String TARGET_JR_SECTOR = "Justiz/Zivilrechtswesen";
/** Bereichskennung KL */
public static String TARGET_KL = "KL";
- /** Tätigkeitsbereich KL */
+ /** Tätigkeitsbereich KL */
public static String TARGET_KL_SECTOR = "Kultus";
/** Bereichskennung KU */
public static String TARGET_KU = "KU";
- /** Tätigkeitsbereich KU */
+ /** Tätigkeitsbereich KU */
public static String TARGET_KU_SECTOR = "Kunst und Kultur";
/** Bereichskennung LF */
public static String TARGET_LF = "LF";
- /** Tätigkeitsbereich LF */
+ /** Tätigkeitsbereich LF */
public static String TARGET_LF_SECTOR = "Land- und Forstwirtschaft";
/** Bereichskennung LV */
public static String TARGET_LV = "LV";
- /** Tätigkeitsbereich LV */
+ /** Tätigkeitsbereich LV */
public static String TARGET_LV_SECTOR = "Landesverteidigung";
/** Bereichskennung RT */
public static String TARGET_RT = "RT";
- /** Tätigkeitsbereich RT */
+ /** Tätigkeitsbereich RT */
public static String TARGET_RT_SECTOR = "Rundfunk und sonstige " +
"Medien sowie Telekommunikation";
/** Bereichskennung SA */
public static String TARGET_SA = "SA";
- /** Tätigkeitsbereich SA */
+ /** Tätigkeitsbereich SA */
public static String TARGET_SA_SECTOR = "Steuern und Abgaben";
/** Bereichskennung SF */
public static String TARGET_SF = "SF";
- /** Tätigkeitsbereich SF */
+ /** Tätigkeitsbereich SF */
public static String TARGET_SF_SECTOR = "Sport und Freizeit";
/** Bereichskennung SO */
public static String TARGET_SO = "SO";
- /** Tätigkeitsbereich SO */
+ /** Tätigkeitsbereich SO */
public static String TARGET_SO_SECTOR = "Sicherheit und Ordnung";
/** Bereichskennung SO-VR */
public static String TARGET_SO_VR = "SO-VR";
- /** Tätigkeitsbereich SO-VR */
+ /** Tätigkeitsbereich SO-VR */
public static String TARGET_SO_VR_SECTOR = "Vereinsregister";
/** Bereichskennung SR-RG */
public static String TARGET_SR_RG = "SR-RG";
- /** Tätigkeitsbereich SR-RG */
+ /** Tätigkeitsbereich SR-RG */
public static String TARGET_SR_RG_SECTOR = "Strafregister";
/** Bereichskennung SV */
public static String TARGET_SV = "SV";
- /** Tätigkeitsbereich SV */
+ /** Tätigkeitsbereich SV */
public static String TARGET_SV_SECTOR = "Sozialversicherung";
/** Bereichskennung UW */
public static String TARGET_UW = "UW";
- /** Tätigkeitsbereich UW */
+ /** Tätigkeitsbereich UW */
public static String TARGET_UW_SECTOR = "Umwelt";
/** Bereichskennung VT */
public static String TARGET_VT = "VT";
- /** Tätigkeitsbereich VT */
+ /** Tätigkeitsbereich VT */
public static String TARGET_VT_SECTOR = "Verkehr und Technik";
/** Bereichskennung VV */
public static String TARGET_VV = "VV";
- /** Tätigkeitsbereich VV */
- public static String TARGET_VV_SECTOR = "Vermögensverwaltung";
+ /** Tätigkeitsbereich VV */
+ public static String TARGET_VV_SECTOR = "Vermögensverwaltung";
/** Bereichskennung WT */
public static String TARGET_WT = "WT";
- /** Tätigkeitsbereich WT */
+ /** Tätigkeitsbereich WT */
public static String TARGET_WT_SECTOR = "Wirtschaft";
/** Bereichskennung ZP */
public static String TARGET_ZP = "ZP";
- /** Tätigkeitsbereich ZP */
- public static String TARGET_ZP_SECTOR = "Personenidentität und Bürgerrechte (zur Person)";
+ /** Tätigkeitsbereich ZP */
+ public static String TARGET_ZP_SECTOR = "Personenidentität und Bürgerrechte (zur Person)";
/** Bereichskennung BR */
public static String TARGET_BR = "BR";
- /** Tätigkeitsbereich BR */
- public static String TARGET_BR_SECTOR = "Bereichsübergreifender Rechtsschutz";
+ /** Tätigkeitsbereich BR */
+ public static String TARGET_BR_SECTOR = "Bereichsübergreifender Rechtsschutz";
/** Bereichskennung HR */
public static String TARGET_HR = "HR";
- /** Tätigkeitsbereich HR */
+ /** Tätigkeitsbereich HR */
public static String TARGET_HR_SECTOR = "Zentrales Rechnungswesen";
/** Bereichskennung KI */
public static String TARGET_KI = "KI";
- /** Tätigkeitsbereich KI */
+ /** Tätigkeitsbereich KI */
public static String TARGET_KI_SECTOR = "Auftraggeberinterne allgemeine Kanzleiindizes";
/** Bereichskennung OI */
public static String TARGET_OI = "OI";
- /** Tätigkeitsbereich OI */
- public static String TARGET_OI_SECTOR = "Öffentlichkeitsarbeit";
+ /** Tätigkeitsbereich OI */
+ public static String TARGET_OI_SECTOR = "öffentlichkeitsarbeit";
/** Bereichskennung PV */
public static String TARGET_PV = "PV";
- /** Tätigkeitsbereich PV */
+ /** Tätigkeitsbereich PV */
public static String TARGET_PV_SECTOR = "Personalverwaltung";
/** Bereichskennung RD */
public static String TARGET_RD = "RD";
- /** Tätigkeitsbereich RD */
+ /** Tätigkeitsbereich RD */
public static String TARGET_RD_SECTOR = "Zentraler Rechtsdienst";
/** Bereichskennung VS */
public static String TARGET_VS = "VS";
- /** Tätigkeitsbereich VS */
- public static String TARGET_VS_SECTOR = "Zentrale Durchführung von Verwaltungsstrafverfahren";
+ /** Tätigkeitsbereich VS */
+ public static String TARGET_VS_SECTOR = "Zentrale Durchführung von Verwaltungsstrafverfahren";
/** Bereichskennung VS-RG */
public static String TARGET_VS_RG = "VS-RG";
- /** Tätigkeitsbereich VS-RG */
+ /** Tätigkeitsbereich VS-RG */
public static String TARGET_VS_RG_SECTOR = "Zentrales Verwaltungsstrafregister";
/** Bereichskennung ZU */
public static String TARGET_ZU = "ZU";
- /** Tätigkeitsbereich ZU */
+ /** Tätigkeitsbereich ZU */
public static String TARGET_ZU_SECTOR = "Zustellungen";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java index bf8cbcdce..219b0f8ba 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java @@ -131,7 +131,7 @@ public class ProxyConfigurationBuilder extends ConfigurationBuilder { String name = XPathUtils.getAttributeValue(paramAuthElem, "@Name", null); String value = XPathUtils.getAttributeValue(paramAuthElem, "@Value", null); if (paramAuthMap.containsKey(name)) - throw new ConfigurationException("config.06", new Object[]{"Doppelter Wert für Parameter per HeaderAuthentication"}); + throw new ConfigurationException("config.06", new Object[]{"Doppelter Wert für Parameter per HeaderAuthentication"}); paramAuthMap.put(name, value); } oaConfiguration.setParamAuthMapping(paramAuthMap); @@ -153,7 +153,7 @@ public class ProxyConfigurationBuilder extends ConfigurationBuilder { XPathUtils.getAttributeValue(headerAuthElem, "@Value", null); // Contains Key (Neue Config-Exception: doppelte werte) if (headerAuthMap.containsKey(name)) - throw new ConfigurationException("config.06", new Object[]{"Doppelter Wert für Parameter per HeaderAuthentication"}); + throw new ConfigurationException("config.06", new Object[]{"Doppelter Wert für Parameter per HeaderAuthentication"}); headerAuthMap.put(name, value); } oaConfiguration.setHeaderAuthMapping(headerAuthMap); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/AuthDispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/AuthDispatcherServlet.java index 262854b50..e04600b42 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/AuthDispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/AuthDispatcherServlet.java @@ -17,9 +17,11 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; import at.gv.egovernment.moa.id.moduls.AuthenticationManager; +import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IModulInfo; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.moduls.ModulStorage; +import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException; import at.gv.egovernment.moa.id.moduls.ServletInfo; import at.gv.egovernment.moa.id.moduls.ServletType; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; @@ -34,7 +36,7 @@ public class AuthDispatcherServlet extends AuthServlet { public static final String PARAM_TARGET_PATH = "mod"; public static final String PARAM_TARGET_PROTOCOL = "action"; - public static final String PARAM_DISPATCHER_TARGETS = "DispatcherTargets"; +/* public static final String PARAM_DISPATCHER_TARGETS = "DispatcherTargets"; public static final String PARAM_DISPATCHER_TYPE = "DispatcherType"; public static final String PARAM_DISPATCHER_TYPE_UNAUTH = "UNAUTH"; public static final String PARAM_DISPATCHER_TYPE_AUTH = "AUTH"; @@ -103,7 +105,7 @@ public class AuthDispatcherServlet extends AuthServlet { + modulInfo.getClass().getName() + " FAILED!!", e); } } - +*/ @Override public void init(ServletConfig config) throws ServletException { try { @@ -118,7 +120,7 @@ public class AuthDispatcherServlet extends AuthServlet { throw new ServletException(ex); } Logger.info("Auth dispatcher Servlet initialization"); - +/* List<IModulInfo> modules = ModulStorage.getAllModules(); Iterator<IModulInfo> it = modules.iterator(); while (it.hasNext()) { @@ -130,7 +132,7 @@ public class AuthDispatcherServlet extends AuthServlet { Logger.error("Registering Class " + targetClass + " FAILED!!", e); } - } + }*/ } protected void processRequest(HttpServletRequest req, @@ -160,23 +162,49 @@ public class AuthDispatcherServlet extends AuthServlet { } Logger.debug("dispatching to " + path + " protocol " + protocol); - +/* if (path != null && protocol != null && endpointMap.containsKey(path)) { + IModulInfo info = ModulStorage.getModuleByPath(path); + if (info == null) { resp.sendError(HttpServletResponse.SC_NOT_FOUND); Logger.error("Path " + path + " has no module registered"); return; } - + + IAction action = info.getAction(protocol); + + if (action == null) { + resp.sendError(HttpServletResponse.SC_NOT_FOUND); + Logger.error("Action " + protocol + " is not available!"); + return; + } + + + + try { IRequest configuration = info.preProcess(req, resp, protocol); + if(configuration.forceAuth()) { + session.setAttribute(PARAM_TARGET_PATH, path); + session.setAttribute(PARAM_TARGET_PROTOCOL, protocol); + + AuthenticationManager.doAuthentication(req, resp, + configuration); + return; + } + if (!AuthenticationManager.isAuthenticated(req, resp)) { session.setAttribute(PARAM_TARGET_PATH, path); session.setAttribute(PARAM_TARGET_PROTOCOL, protocol); + if(configuration.isPassiv()) { + throw new NoPassivAuthenticationException(); + } + AuthenticationManager.doAuthentication(req, resp, configuration); return; @@ -201,13 +229,20 @@ public class AuthDispatcherServlet extends AuthServlet { resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); } } - } + } + catch (Throwable e) { + // Try handle module specific, if not possible rethrow + if(!info.generateErrorMessage(e, req, resp)) { + throw e; + } + } + }*/ resp.sendError(HttpServletResponse.SC_NOT_FOUND); - } catch (WrongParametersException ex) { + }/* catch (WrongParametersException ex) { handleWrongParameters(ex, req, resp); } catch (MOAIDException ex) { handleError(null, ex, req, resp); - } catch (Throwable e) { + } */catch (Throwable e) { e.printStackTrace(); resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index 48f44f97b..72ade4f25 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -1,103 +1,95 @@ package at.gv.egovernment.moa.id.entrypoints; import java.io.IOException; -import java.util.HashMap; -import java.util.Iterator; -import java.util.List; import javax.servlet.ServletConfig; import javax.servlet.ServletException; -import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; +import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; +import at.gv.egovernment.moa.id.moduls.AuthenticationManager; +import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IModulInfo; +import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.moduls.ModulStorage; -import at.gv.egovernment.moa.id.moduls.ServletInfo; -import at.gv.egovernment.moa.id.moduls.ServletType; +import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException; +import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.logging.Logger; -public class DispatcherServlet extends HttpServlet { +public class DispatcherServlet extends AuthServlet { /** * */ private static final long serialVersionUID = 1L; - public static final String PARAM_TARGET_PATH = "mod"; - public static final String PARAM_TARGET_PROTOCOL = "action"; - public static final String PARAM_DISPATCHER_TARGETS = "DispatcherTargets"; - public static final String PARAM_DISPATCHER_TYPE = "DispatcherType"; - public static final String PARAM_DISPATCHER_TYPE_UNAUTH = "UNAUTH"; - public static final String PARAM_DISPATCHER_TYPE_AUTH = "AUTH"; - public static String SYSTEM_NEWLINE = System.getProperty("line.separator"); - - private HashMap<String, HashMap<String, HttpServlet>> endpointMap = new HashMap<String, HashMap<String, HttpServlet>>(); - - private void registerModule(IModulInfo modulInfo) { - - HashMap<String, HttpServlet> tempMap = new HashMap<String, HttpServlet>(); - - try { - - String path = modulInfo.getPath(); - - if (path == null) { - throw new Exception(String.format( - "%s does not return a valid target path!", - new Object[] { modulInfo.getClass().getName() })); - } - - Logger.debug("Registering: " + modulInfo.getName() + " under " - + path); - - List<ServletInfo> servletInfos = modulInfo.getServlets(); - - Iterator<ServletInfo> servletInfoIterator = servletInfos.iterator(); - - while (servletInfoIterator.hasNext()) { - - ServletInfo servletInfo = servletInfoIterator.next(); - - if (servletInfo.getType() == ServletType.UNAUTH) { - HttpServlet servlet = servletInfo.getServletInstance(); - String target = servletInfo.getTarget(); - - if (target == null) { - throw new Exception( - String.format( - "%s does not return a valid target identifier!", - new Object[] { servlet.getClass() - .getName() })); - } - - if (tempMap.containsKey(target)) { - throw new Exception(String.format( - "%s tried to overwrite %s/%s", new Object[] { - servlet.getClass().getName(), path, - target })); - } - - tempMap.put(target, servlet); - Logger.info("Registered Servlet class: " - + servlet.getClass().getName() + " OK"); - } - - } - - // when there was no error we register all servlets into the real - // endpoint map ... - if (!tempMap.isEmpty()) { - endpointMap.put(path, tempMap); - } - } catch (Throwable e) { - Logger.error("Registering Modul class: " - + modulInfo.getClass().getName() + " FAILED!!", e); - } - } + public static final String PARAM_TARGET_MODULE = "mod"; + public static final String PARAM_TARGET_ACTION = "action"; + /* + * public static final String PARAM_DISPATCHER_TARGETS = + * "DispatcherTargets"; public static final String PARAM_DISPATCHER_TYPE = + * "DispatcherType"; public static final String PARAM_DISPATCHER_TYPE_UNAUTH + * = "UNAUTH"; public static final String PARAM_DISPATCHER_TYPE_AUTH = + * "AUTH"; public static String SYSTEM_NEWLINE = + * System.getProperty("line.separator"); + */ + /* + * private HashMap<String, HashMap<String, HttpServlet>> endpointMap = new + * HashMap<String, HashMap<String, HttpServlet>>(); + * + * private void registerModule(IModulInfo modulInfo) { + * + * HashMap<String, HttpServlet> tempMap = new HashMap<String, + * HttpServlet>(); + * + * try { + * + * String path = modulInfo.getPath(); + * + * if (path == null) { throw new Exception(String.format( + * "%s does not return a valid target path!", new Object[] { + * modulInfo.getClass().getName() })); } + * + * Logger.debug("Registering: " + modulInfo.getName() + " under " + path); + * + * List<ServletInfo> servletInfos = modulInfo.getServlets(); + * + * Iterator<ServletInfo> servletInfoIterator = servletInfos.iterator(); + * + * while (servletInfoIterator.hasNext()) { + * + * ServletInfo servletInfo = servletInfoIterator.next(); + * + * if (servletInfo.getType() == ServletType.UNAUTH) { HttpServlet servlet = + * servletInfo.getServletInstance(); String target = + * servletInfo.getTarget(); + * + * if (target == null) { throw new Exception( String.format( + * "%s does not return a valid target identifier!", new Object[] { + * servlet.getClass() .getName() })); } + * + * if (tempMap.containsKey(target)) { throw new Exception(String.format( + * "%s tried to overwrite %s/%s", new Object[] { + * servlet.getClass().getName(), path, target })); } + * + * tempMap.put(target, servlet); Logger.info("Registered Servlet class: " + + * servlet.getClass().getName() + " OK"); } + * + * } + * + * // when there was no error we register all servlets into the real // + * endpoint map ... if (!tempMap.isEmpty()) { endpointMap.put(path, + * tempMap); } } catch (Throwable e) { + * Logger.error("Registering Modul class: " + modulInfo.getClass().getName() + * + " FAILED!!", e); } } + */ @Override public void init(ServletConfig config) throws ServletException { try { @@ -113,69 +105,147 @@ public class DispatcherServlet extends HttpServlet { } Logger.info("Dispatcher Servlet initialization"); - List<IModulInfo> modules = ModulStorage.getAllModules(); - Iterator<IModulInfo> it = modules.iterator(); - while (it.hasNext()) { - IModulInfo info = it.next(); - String targetClass = info.getClass().getName(); - try { - registerModule(info); - } catch (Throwable e) { - Logger.error("Registering Class " + targetClass + " FAILED!!", - e); - } - } + /* + * List<IModulInfo> modules = ModulStorage.getAllModules(); + * Iterator<IModulInfo> it = modules.iterator(); while (it.hasNext()) { + * IModulInfo info = it.next(); String targetClass = + * info.getClass().getName(); try { registerModule(info); } catch + * (Throwable e) { Logger.error("Registering Class " + targetClass + + * " FAILED!!", e); } } + */ } protected void processRequest(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { - Object pathObject = req.getParameter(PARAM_TARGET_PATH); - String path = null; - if (pathObject != null && (pathObject instanceof String)) { - path = (String) pathObject; - } + try { + Object moduleObject = req.getParameter(PARAM_TARGET_MODULE); + String module = null; + if (moduleObject != null && (moduleObject instanceof String)) { + module = (String) moduleObject; + } - if (path == null) { - path = (String) req.getAttribute(PARAM_TARGET_PATH); - } + if (module == null) { + module = (String) req.getAttribute(PARAM_TARGET_MODULE); + } - Object protocolObject = req.getParameter(PARAM_TARGET_PROTOCOL); - String protocol = null; - if (protocolObject != null && (protocolObject instanceof String)) { - protocol = (String) protocolObject; - } + Object actionObject = req.getParameter(PARAM_TARGET_ACTION); + String action = null; + if (actionObject != null && (actionObject instanceof String)) { + action = (String) actionObject; + } - if (protocol == null) { - protocol = req.getParameter(PARAM_TARGET_PROTOCOL); - } + if (action == null) { + action = req.getParameter(PARAM_TARGET_ACTION); + } + + Logger.debug("dispatching to " + module + " protocol " + action); + + IModulInfo info = ModulStorage.getModuleByPath(module); + + if (info == null) { + resp.sendError(HttpServletResponse.SC_NOT_FOUND); + Logger.error("Protocol " + module + " has no module registered"); + return; + } + + IAction moduleAction = info.getAction(action); + + if (moduleAction == null) { + resp.sendError(HttpServletResponse.SC_NOT_FOUND); + Logger.error("Action " + action + " is not available!"); + return; + } - Logger.debug("dispatching to " + path + " protocol " + protocol); - - if (path != null && protocol != null && endpointMap.containsKey(path)) { - HashMap<String, HttpServlet> pathMap = endpointMap.get(path); - Logger.debug("found path"); - if (pathMap.containsKey(protocol)) { - Logger.debug("found protocol"); - try { - HttpServlet servlet = (HttpServlet) pathMap.get(protocol); - String forward = servlet.getClass().getName(); - Logger.info("Forwarding to Servlet: " + forward); - getServletContext().getNamedDispatcher(forward).forward( - req, resp); + HttpSession httpSession = req.getSession(); + + try { + IRequest protocolRequest = RequestStorage + .getPendingRequest(httpSession); + + if (protocolRequest != null) { + // check if pending request is same protocol and action + if (!protocolRequest.requestedModule().equals(module) + || !protocolRequest.requestedAction() + .equals(action)) { + resp.sendError(HttpServletResponse.SC_CONFLICT); + Logger.error("Different Request is pending in this session!"); + return; + } + } + + if (protocolRequest == null) { + protocolRequest = info.preProcess(req, resp, action); + if(protocolRequest != null) { + protocolRequest.setAction(action); + protocolRequest.setModule(module); + } + } + + if (protocolRequest == null) { + resp.sendError(HttpServletResponse.SC_BAD_REQUEST); + Logger.error("Failed to generate a valid protocol request!"); return; - } catch (Throwable e) { - Logger.error("Failed to process request!", e); - IModulInfo info = ModulStorage.getModuleByPath(path); - if(info != null) { - if(info.generateErrorMessage(e, req, resp)) { + } + + RequestStorage.setPendingRequest(httpSession, protocolRequest); + + if (moduleAction.needAuthentication(protocolRequest, req, resp)) { + if (protocolRequest.isPassiv() + && protocolRequest.forceAuth()) { + // conflict! + throw new NoPassivAuthenticationException(); + } + + if (protocolRequest.forceAuth()) { + if (!AuthenticationManager.tryPerformAuthentication( + req, resp)) { + AuthenticationManager.doAuthentication(req, resp, + protocolRequest); + return; + } + } else if (protocolRequest.isPassiv()) { + if (AuthenticationManager.tryPerformAuthentication(req, + resp) + || AuthenticationManager.isAuthenticated(req, + resp)) { + // Passive authentication ok! + } else { + throw new NoPassivAuthenticationException(); + } + } else { + if (AuthenticationManager.tryPerformAuthentication(req, + resp) + || AuthenticationManager.isAuthenticated(req, + resp)) { + // Is authenticated .. proceed + } else { + // Start authentication! + AuthenticationManager.doAuthentication(req, resp, + protocolRequest); return; } } - resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); + } + + moduleAction.processRequest(protocolRequest, req, resp); + + RequestStorage.removePendingRequest(httpSession); + + } catch (Throwable e) { + // Try handle module specific, if not possible rethrow + if (!info.generateErrorMessage(e, req, resp)) { + throw e; } } + } catch (WrongParametersException ex) { + handleWrongParameters(ex, req, resp); + } catch (MOAIDException ex) { + handleError(null, ex, req, resp); + } catch (Throwable e) { + e.printStackTrace(); + resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); } - resp.sendError(HttpServletResponse.SC_NOT_FOUND); + } @Override diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index 0bba644bb..a45540726 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -1,7 +1,6 @@ package at.gv.egovernment.moa.id.moduls; import java.io.IOException; -import java.io.PrintWriter; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; @@ -11,9 +10,7 @@ import javax.servlet.http.HttpSession; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.WrongParametersException; -import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.entrypoints.AuthDispatcherServlet; import at.gv.egovernment.moa.id.util.HTTPSessionUtils; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; @@ -45,34 +42,58 @@ public class AuthenticationManager implements MOAIDAuthConstants { Logger.info("Checking authentication"); HttpSession session = request.getSession(); + + String moaSessionID = HTTPSessionUtils.getHTTPSessionString(session, MOA_SESSION, null); + + if(moaSessionID == null) { + Logger.info("NO MOA Session to logout"); + return false; + } + + AuthenticationSession authSession = AuthenticationSessionStore + .getSession(moaSessionID); + + if(authSession == null) { + Logger.info("NO MOA Authentication data for ID " + moaSessionID); + return false; + } + + return authSession.isAuthenticated(); + } + /** + * Checks if this request can authenticate a MOA Session + * + * @param request + * @param response + * @return + */ + public static boolean tryPerformAuthentication(HttpServletRequest request, + HttpServletResponse response) { + + HttpSession session = request.getSession(); + String sessionID = (String) request.getParameter(PARAM_SESSIONID); if (sessionID != null) { Logger.info("got MOASession: " + sessionID); AuthenticationSession authSession = AuthenticationSessionStore .getSession(sessionID); - //AuthenticationSessionStore.dumpSessionStore(); if (authSession != null) { Logger.info("MOASession found! A: " + authSession.isAuthenticated() + ", AU " + authSession.isAuthenticatedUsed()); if (authSession.isAuthenticated() && !authSession.isAuthenticatedUsed()) { - session.invalidate(); - session = request.getSession(); - // HTTPSessionUtils.setHTTPSessionBoolean(session, - // MOA_AUTHENTICATED, true); authSession.setAuthenticatedUsed(true); HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, sessionID); + return true; // got authenticated } - return authSession.isAuthenticated(); } } - return false; } - + public static void logout(HttpServletRequest request, HttpServletResponse response) { Logger.info("Logout"); @@ -109,10 +130,8 @@ public class AuthenticationManager implements MOAIDAuthConstants { throws ServletException, IOException, MOAIDException { HttpSession session = request.getSession(); Logger.info("Starting authentication ..."); - String modul = (String) session - .getAttribute(AuthDispatcherServlet.PARAM_TARGET_PATH); - String protocol = (String) session - .getAttribute(AuthDispatcherServlet.PARAM_TARGET_PROTOCOL); + String modul = target.requestedModule(); + String protocol = target.requestedAction(); if (!ParamValidatorUtils.isValidOA(target.getOAURL())) throw new WrongParametersException("StartAuthentication", PARAM_OA, diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java new file mode 100644 index 000000000..10f3ff696 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java @@ -0,0 +1,11 @@ +package at.gv.egovernment.moa.id.moduls; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; + +public interface IAction extends MOAIDAuthConstants { + public void processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp); + public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp); +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java index 64afc8880..0098ec5af 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java @@ -8,10 +8,12 @@ import javax.servlet.http.HttpServletResponse; import at.gv.egovernment.moa.id.MOAIDException; public interface IModulInfo { - public List<ServletInfo> getServlets(); + //public List<ServletInfo> getServlets(); public String getName(); public String getPath(); + public IAction getAction(String action); + public IRequest preProcess(HttpServletRequest request, HttpServletResponse response, String action) throws MOAIDException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java index f05a0f088..51e375b82 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java @@ -7,4 +7,6 @@ public interface IRequest { public boolean isSSOSupported(); public String requestedModule(); public String requestedAction(); + public void setModule(String module); + public void setAction(String action); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java index 918201dd4..9ce835c7e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java @@ -5,18 +5,18 @@ import at.gv.egovernment.moa.id.entrypoints.DispatcherServlet; public class ModulUtils { - public static final String UNAUTHDISPATCHER = "UnauthDispatcher"; - public static final String AUTHDISPATCHER = "AuthDispatcher"; + public static final String UNAUTHDISPATCHER = "dispatcher"; + public static final String AUTHDISPATCHER = "dispatcher"; public static String buildUnauthURL(String modul, String action) { return UNAUTHDISPATCHER + "?" + - DispatcherServlet.PARAM_TARGET_PATH + "=" + modul + "&" + - DispatcherServlet.PARAM_TARGET_PROTOCOL + "=" + action; + DispatcherServlet.PARAM_TARGET_MODULE + "=" + modul + "&" + + DispatcherServlet.PARAM_TARGET_ACTION + "=" + action; } public static String buildAuthURL(String modul, String action) { return AUTHDISPATCHER + - "?" + DispatcherServlet.PARAM_TARGET_PATH + "=" + modul + "&" + - DispatcherServlet.PARAM_TARGET_PROTOCOL + "=" + action; + "?" + DispatcherServlet.PARAM_TARGET_MODULE + "=" + modul + "&" + + DispatcherServlet.PARAM_TARGET_ACTION + "=" + action; } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/NoPassivAuthenticationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/NoPassivAuthenticationException.java new file mode 100644 index 000000000..286da5a91 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/NoPassivAuthenticationException.java @@ -0,0 +1,16 @@ +package at.gv.egovernment.moa.id.moduls; + +import at.gv.egovernment.moa.id.MOAIDException; + +public class NoPassivAuthenticationException extends MOAIDException { + + public NoPassivAuthenticationException() { + super("auth.18", null); + } + + /** + * + */ + private static final long serialVersionUID = 596920452166197688L; + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java new file mode 100644 index 000000000..4e7d8d2ed --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java @@ -0,0 +1,28 @@ +package at.gv.egovernment.moa.id.moduls; + +import javax.servlet.http.HttpSession; + +public class RequestStorage { + + private static final String PENDING_REQUEST = "PENDING_REQUEST"; + + public static IRequest getPendingRequest(HttpSession session) { + Object obj = session.getAttribute(PENDING_REQUEST); + if (obj != null) { + if (obj instanceof IRequest) { + return (IRequest) obj; + } else { + session.setAttribute(PENDING_REQUEST, null); + } + } + return null; + } + + public static void setPendingRequest(HttpSession session, IRequest request) { + session.setAttribute(PENDING_REQUEST, request); + } + + public static void removePendingRequest(HttpSession session) { + session.setAttribute(PENDING_REQUEST, null); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java new file mode 100644 index 000000000..efdfd9c47 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java @@ -0,0 +1,21 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.moduls.IAction; +import at.gv.egovernment.moa.id.moduls.IRequest; + +public class AuthenticationAction implements IAction { + + public void processRequest(IRequest req, HttpServletRequest httpReq, + HttpServletResponse httpResp) { + System.out.println("Process PVP2 auth request!"); + } + + public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, + HttpServletResponse httpResp) { + return true; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index f58b411d1..fa5ff9ecf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -3,6 +3,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x; import iaik.pkcs.pkcs11.objects.Object; import java.util.ArrayList; +import java.util.HashMap; import java.util.Iterator; import java.util.List; @@ -11,17 +12,24 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils; import org.opensaml.saml2.core.RequestAbstractType; +import org.opensaml.saml2.core.Response; +import org.opensaml.saml2.core.Status; +import org.opensaml.saml2.core.StatusCode; +import org.opensaml.saml2.core.StatusMessage; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IModulInfo; import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException; import at.gv.egovernment.moa.id.moduls.ServletInfo; import at.gv.egovernment.moa.id.moduls.ServletType; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IDecoder; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { @@ -36,6 +44,8 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { private static List<IDecoder> decoder = new ArrayList<IDecoder>(); + private static HashMap<String, IAction> actions = new HashMap<String, IAction>(); + static { servletList.add(new ServletInfo(PVPProcessor.class, REDIRECT, ServletType.AUTH)); @@ -44,7 +54,10 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { decoder.add(new PostBinding()); decoder.add(new RedirectBinding()); - + + actions.put(REDIRECT, new AuthenticationAction()); + actions.put(POST, new AuthenticationAction()); + instance = new PVP2XProtocol(); } @@ -99,6 +112,7 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); config.setOAURL(oaURL); + config.setRequest(samlReq); request.getSession().setAttribute(PARAM_OA, oaURL); return config; @@ -110,8 +124,26 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response) { - // TODO Auto-generated method stub + Response samlResponse = SAML2Utils.createSAMLObject(Response.class); + Status status = SAML2Utils.createSAMLObject(Status.class); + StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class); + StatusMessage statusMessage = SAML2Utils.createSAMLObject(StatusMessage.class); + if(e instanceof NoPassivAuthenticationException) { + statusCode.setValue(StatusCode.NO_PASSIVE_URI); + statusMessage.setMessage(e.getLocalizedMessage()); + } else { + statusCode.setValue(StatusCode.RESPONDER_URI); + statusMessage.setMessage(e.getLocalizedMessage()); + } + + status.setStatusCode(statusCode); + status.setStatusMessage(statusMessage); + samlResponse.setStatus(status); return false; } + public IAction getAction(String action) { + return actions.get(action); + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java new file mode 100644 index 000000000..203d743be --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java @@ -0,0 +1,25 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.utils; + +import javax.xml.namespace.QName; + +import org.opensaml.Configuration; +import org.opensaml.xml.XMLObjectBuilderFactory; + +public class SAML2Utils { + + public static <T> T createSAMLObject(final Class<T> clazz) { + try { + XMLObjectBuilderFactory builderFactory = Configuration + .getBuilderFactory(); + + QName defaultElementName = (QName) clazz.getDeclaredField( + "DEFAULT_ELEMENT_NAME").get(null); + T object = (T) builderFactory.getBuilder(defaultElementName) + .buildObject(defaultElementName); + return object; + } catch (Throwable e) { + e.printStackTrace(); + return null; + } + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java new file mode 100644 index 000000000..d4ee5f46c --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java @@ -0,0 +1,127 @@ +package at.gv.egovernment.moa.id.protocols.saml1; + +import java.io.UnsupportedEncodingException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import org.apache.commons.lang.StringEscapeUtils; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.moduls.AuthenticationManager; +import at.gv.egovernment.moa.id.moduls.IAction; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.URLEncoder; + +public class GetArtifactAction implements IAction { + + public void processRequest(IRequest req, HttpServletRequest httpReq, + HttpServletResponse httpResp) { + HttpSession httpSession = httpReq.getSession(); + + AuthenticationSession session = AuthenticationManager + .getAuthenticationSession(httpSession); + + String oaURL = (String) httpReq.getAttribute(PARAM_OA); + oaURL = StringEscapeUtils.escapeHtml(oaURL); + + try { + + // check parameter + if (!ParamValidatorUtils.isValidOA(oaURL)) + throw new WrongParametersException("StartAuthentication", + PARAM_OA, "auth.12"); + + if (oaURL == null) { + oaURL = session.getOAURLRequested(); + } + + if (oaURL == null) { + throw new WrongParametersException("StartAuthentication", + PARAM_OA, "auth.12"); + } + + String samlArtifactBase64 = SAML1AuthenticationServer + .BuildSAMLArtifact(session); + + String redirectURL = oaURL; + session.getOAURLRequested(); + if (!session.getBusinessService()) { + redirectURL = addURLParameter(redirectURL, PARAM_TARGET, + URLEncoder.encode(session.getTarget(), "UTF-8")); + + } + redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, + URLEncoder.encode(samlArtifactBase64, "UTF-8")); + redirectURL = httpResp.encodeRedirectURL(redirectURL); + + httpResp.setContentType("text/html"); + httpResp.setStatus(302); + + httpResp.addHeader("Location", redirectURL); + Logger.debug("REDIRECT TO: " + redirectURL); + + // CONFIRMATION FOR SSO! + /* + * OAAuthParameter oaParam = + * AuthConfigurationProvider.getInstance(). + * getOnlineApplicationParameter(oaURL); + * + * String friendlyName = oaParam.getFriendlyName(); if(friendlyName + * == null) { friendlyName = oaURL; } + * + * + * LoginConfirmationBuilder builder = new + * LoginConfirmationBuilder(); + * builder.addParameter(PARAM_SAMLARTIFACT, samlArtifactBase64); + * String form = builder.finish(oaURL, session.getIdentityLink() + * .getName(), friendlyName); + */ + + /* + * resp.setContentType("text/html"); + * + * OutputStream out = resp.getOutputStream(); + * out.write(form.getBytes("UTF-8")); out.flush(); out.close(); + */ + + } catch (WrongParametersException ex) { + // handleWrongParameters(ex, req, httpResp); + ex.printStackTrace(); + } catch (ConfigurationException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } catch (BuildException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } catch (AuthenticationException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } catch (UnsupportedEncodingException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + } + + protected static String addURLParameter(String url, String paramname, + String paramvalue) { + String param = paramname + "=" + paramvalue; + if (url.indexOf("?") < 0) + return url + "?" + param; + else + return url + "&" + param; + } + + public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, + HttpServletResponse httpResp) { + return true; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java index ca1f9c380..fbb296a9e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java @@ -1,6 +1,7 @@ package at.gv.egovernment.moa.id.protocols.saml1; import java.util.ArrayList; +import java.util.HashMap; import java.util.List; import javax.servlet.http.HttpServletRequest; @@ -11,6 +12,7 @@ import org.apache.commons.lang.StringEscapeUtils; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IModulInfo; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.moduls.ServletInfo; @@ -27,10 +29,14 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants { private static List<ServletInfo> servletList = new ArrayList<ServletInfo>(); + private static HashMap<String, IAction> actions = new HashMap<String, IAction>(); + static { servletList.add(new ServletInfo(GetArtifactServlet.class, GETARTIFACT, ServletType.AUTH)); + actions.put(GETARTIFACT, new GetArtifactAction()); + instance = new SAML1Protocol(); } @@ -75,4 +81,8 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants { return false; } + public IAction getAction(String action) { + return actions.get(action); + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java index c1e64dd53..850f2438a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java @@ -113,7 +113,7 @@ public class DefaultConnectionBuilder implements ConnectionBuilder { //conn.setAllowUserInteraction(true); conn.setInstanceFollowRedirects(false); - // JSSE Abhängigkeit + // JSSE Abhängigkeit if (conn instanceof HttpsURLConnection && sslSocketFactory != null) { HttpsURLConnection httpsConn = (HttpsURLConnection) conn; httpsConn.setSSLSocketFactory(sslSocketFactory); @@ -187,7 +187,7 @@ public class DefaultConnectionBuilder implements ConnectionBuilder { * Hostname Verification Check */ - // JSSE Abhängigkeit + // JSSE Abhängigkeit private class HostnameNonVerifier implements HostnameVerifier { public boolean verify(String hostname, SSLSession session) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java index 29c8b3bca..49e3c09b8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java @@ -204,7 +204,7 @@ public class ElakConnectionBuilder implements ConnectionBuilder { //conn.setUseCaches(false); webDavConn.setAllowUserInteraction(true); webDavConn.setInstanceFollowRedirects(false); - // JSSE Abhängigkeit + // JSSE Abhängigkeit if (conn instanceof HttpsURLConnection && sslSocketFactory != null) { HttpsURLConnection httpsConn = (HttpsURLConnection) conn; httpsConn.setSSLSocketFactory(sslSocketFactory); @@ -258,7 +258,7 @@ public class ElakConnectionBuilder implements ConnectionBuilder { * A private class to change the standard HostName verifier to disable the * Hostname Verification Check */ -//JSSE Abhängigkeit +//JSSE Abhängigkeit private class HostnameNonVerifier implements HostnameVerifier { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java index 023b2c272..d4a3e4634 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java @@ -46,7 +46,7 @@ import at.gv.egovernment.moa.util.BoolUtils; /** * Outlook Web Access (OWA) Implementierung von <code>ConnectionBuilder</code>. - * uses the HTTP(s)Client from Ronald Tschalär. + * uses the HTTP(s)Client from Ronald Tschalär. * origin version (without https support) is available at http://www.innovation.ch/java/HTTPClient/ * * @author pdanner @@ -168,7 +168,7 @@ public class EnhancedConnectionBuilder implements ConnectionBuilder { * A private class to change the standard HostName verifier to disable the * Hostname Verification Check */ - // JSSE Abhängigkeit + // JSSE Abhängigkeit private class HostnameNonVerifier implements HostnameVerifier { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java index f2aca057a..134bd21a8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java @@ -130,7 +130,7 @@ public class AuthenticationDataAssertionParser implements Constants { try { AuthenticationData authData = new AuthenticationData(); - //ÄNDERN: NUR der Identification-Teil + //ÄNDERN: NUR der Identification-Teil authData.setSamlAssertion(DOMUtils.serializeNode(samlAssertion)); authData.setMajorVersion(new Integer( XPathUtils.getAttributeValue(samlAssertion, MAJOR_VERSION_XPATH, "-1")).intValue()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java index a55e02cdd..6a497f174 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java @@ -440,7 +440,7 @@ private int tunnelRequest(HttpServletRequest req, HttpServletResponse resp, Map } } - /* Soll auch bei anderen bindings zuerst ein passwort probiert werden können: + /* Soll auch bei anderen bindings zuerst ein passwort probiert werden k�nnen: //if we have the first Login-Try and we have Binding to Username and a predefined Password we try this one first // full binding will be covered by next block if (loginTry==1 && !OAConfiguration.BINDUNG_FULL.equals(binding)) { @@ -662,7 +662,7 @@ private int tunnelRequest(HttpServletRequest req, HttpServletResponse resp, Map } } -// // Überschrift im Browser-Passworteingabedialog setzen (sonst ist der reale host eingetragen) +// // Ãœberschrift im Browser-Passworteingabedialog setzen (sonst ist der reale host eingetragen) // if (headerKey.equalsIgnoreCase("WWW-Authenticate") && headerValue.startsWith("Basic realm=\"")) { // headerValue = "Basic realm=\"" + publicURLPrefix + "\""; // if (OAConfiguration.BINDUNG_USERNAME.equals(originBinding) || OAConfiguration.BINDUNG_NOMATCH.equals(originBinding)) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPSessionUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPSessionUtils.java index a8eef06a7..896fc6d5d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPSessionUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPSessionUtils.java @@ -1,9 +1,38 @@ package at.gv.egovernment.moa.id.util; +import java.util.Enumeration; +import java.util.HashMap; +import java.util.Iterator; +import java.util.Set; + import javax.servlet.http.HttpSession; public class HTTPSessionUtils { + public static HashMap<String, Object> extractAllProperties(HttpSession session) { + @SuppressWarnings("unchecked") + Enumeration<String> keys = (Enumeration<String>)session.getAttributeNames(); + HashMap<String, Object> properties = new HashMap<String, Object>(); + + while(keys.hasMoreElements()) { + Object keyObject = keys.nextElement(); + String key = keyObject.toString(); + Object value = session.getAttribute(key); + properties.put(key, value); + } + + return properties; + } + + public static void pushAllProperties(HttpSession session, HashMap<String, Object> properties) { + Set<String> keys = properties.keySet(); + Iterator<String> keysIterator = keys.iterator(); + while(keysIterator.hasNext()) { + String key = keysIterator.next(); + session.setAttribute(key, properties.get(key)); + } + } + public static boolean getHTTPSessionBoolean(HttpSession session, String name, boolean fallback) { Object obj = session.getAttribute(name); if(obj == null) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java index a0add1054..705b4e881 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java @@ -79,7 +79,7 @@ public class SSLUtils { */ public static void initialize() { sslSocketFactories = new HashMap(); - // JSSE Abhängigkeit + // JSSE Abhängigkeit //Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); Security.addProvider(new IAIK()); //System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java index d97953270..1f5f1ea20 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java @@ -27,13 +27,13 @@ package at.gv.egovernment.moa.id.util.client.mis.simple; public class MISMandate {
final static private String OID_NOTAR = "1.2.40.0.10.3.1";
- final static private String TEXT_NOTAR = "berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft";
+ final static private String TEXT_NOTAR = "berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft";
final static private String OID_RECHTSANWALT = "1.2.40.0.10.3.2";
- final static private String TEXT_RECHTSANWALT = "berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft";
+ final static private String TEXT_RECHTSANWALT = "berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft";
final static private String OID_ZIVILTECHNIKER = "1.2.40.0.10.3.3";
- final static private String TEXT_ZIVILTECHNIKER = "berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft";
+ final static private String TEXT_ZIVILTECHNIKER = "berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft";
final static public String OID_ORGANWALTER = "1.2.40.0.10.3.4";
final static private String TEXT_ORGANWALTER = "Organwalter";
@@ -73,7 +73,7 @@ public class MISMandate { if (this.oid.equalsIgnoreCase(OID_ORGANWALTER))
return TEXT_ORGANWALTER;
- return "Keine textuelle Beschreibung für OID " + oid;
+ return "Keine textuelle Beschreibung für OID " + oid;
}
|