aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java9
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/ValidationHelper.java4
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java6
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAGeneralConfigValidation.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java19
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java19
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java20
8 files changed, 63 insertions, 21 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java
index b0de196ca..fd4030937 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java
@@ -934,17 +934,20 @@ public class EditOAAction extends ActionSupport implements ServletRequestAware,
TemplateType el = new TemplateType();
el.setURL(generalOA.getSLTemplateURL1());
template.add(el);
- }
+ } else
+ template.add(new TemplateType());
if (MiscUtil.isNotEmpty(generalOA.getSLTemplateURL2())) {
TemplateType el = new TemplateType();
el.setURL(generalOA.getSLTemplateURL2());
template.add(el);
- }
+ }else
+ template.add(new TemplateType());
if (MiscUtil.isNotEmpty(generalOA.getSLTemplateURL3())) {
TemplateType el = new TemplateType();
el.setURL(generalOA.getSLTemplateURL3());
template.add(el);
- }
+ }else
+ template.add(new TemplateType());
} else {
if (template != null && template.size() > 0) template.clear();
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/ValidationHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/ValidationHelper.java
index 46d9f4db8..b0e4804a8 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/ValidationHelper.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/ValidationHelper.java
@@ -172,14 +172,14 @@ public class ValidationHelper {
log.debug("Validate URL " + urlString);
- if (urlString.startsWith("http") || urlString.startsWith("https")) {
+ //if (urlString.startsWith("http") || urlString.startsWith("https")) {
try {
new URL(urlString);
return true;
} catch (MalformedURLException e) {
}
- }
+ //}
return false;
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java
index d7d97e5d4..1c7da7079 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java
@@ -247,7 +247,7 @@ public class MOAConfigValidator {
log.info("Empty SLRequestTemplate Handy-BKU");
errors.add(LanguageHelper.getErrorString("validation.general.slrequest.handy.empty"));
} else {
- if (!ValidationHelper.validateURL(check)) {
+ if (ValidationHelper.isNotValidIdentityLinkSigner(check)) {
log.info("SLRequestTemplate Handy-BKU is not valid");
errors.add(LanguageHelper.getErrorString("validation.general.slrequest.handy.valid"));
}
@@ -258,7 +258,7 @@ public class MOAConfigValidator {
log.info("Empty SLRequestTemplate local BKU");
errors.add(LanguageHelper.getErrorString("validation.general.slrequest.local.empty"));
} else {
- if (!ValidationHelper.validateURL(check)) {
+ if (ValidationHelper.isNotValidIdentityLinkSigner(check)) {
log.info("SLRequestTemplate local BKU is not valid");
errors.add(LanguageHelper.getErrorString("validation.general.slrequest.local.valid"));
}
@@ -269,7 +269,7 @@ public class MOAConfigValidator {
log.info("Empty SLRequestTemplate Online-BKU");
errors.add(LanguageHelper.getErrorString("validation.general.slrequest.online.empty"));
} else {
- if (!ValidationHelper.validateURL(check)) {
+ if (ValidationHelper.isNotValidIdentityLinkSigner(check)) {
log.info("SLRequestTemplate Online-BKU is not valid");
errors.add(LanguageHelper.getErrorString("validation.general.slrequest.online.valid"));
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAGeneralConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAGeneralConfigValidation.java
index c84c44de4..d3a2241d3 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAGeneralConfigValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAGeneralConfigValidation.java
@@ -133,19 +133,19 @@ public class OAGeneralConfigValidation {
} else {
check = form.getSLTemplateURL1();
if (MiscUtil.isNotEmpty(check) &&
- !ValidationHelper.validateURL(check) ) {
+ ValidationHelper.isNotValidIdentityLinkSigner(check) ) {
log.info("First OA-specific SecurityLayer Templates is not valid");
errors.add(LanguageHelper.getErrorString("validation.general.sltemplate1.valid"));
}
check = form.getSLTemplateURL2();
if (MiscUtil.isNotEmpty(check) &&
- !ValidationHelper.validateURL(check) ) {
+ ValidationHelper.isNotValidIdentityLinkSigner(check) ) {
log.info("Second OA-specific SecurityLayer Templates is not valid");
errors.add(LanguageHelper.getErrorString("validation.general.sltemplate2.valid"));
}
check = form.getSLTemplateURL3();
if (MiscUtil.isNotEmpty(check) &&
- !ValidationHelper.validateURL(check) ) {
+ ValidationHelper.isNotValidIdentityLinkSigner(check) ) {
log.info("Third OA-specific SecurityLayer Templates is not valid");
errors.add(LanguageHelper.getErrorString("validation.general.sltemplate3.valid"));
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index d8d375db2..7608f9f93 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -242,6 +242,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
String template = null;
if (session.getTemplateURL() != null) {
try {
+
template = new String(FileUtils.readURL(session.getTemplateURL()));
} catch (IOException ex) {
throw new AuthenticationException("auth.03", new Object[] {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
index 89cc1d25e..f0de8b2e3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
@@ -38,6 +38,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.moduls.IRequest;
@@ -46,6 +47,7 @@ import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.BoolUtils;
+import at.gv.egovernment.moa.util.FileUtils;
import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.StringUtils;
import at.gv.egovernment.moa.util.URLEncoder;
@@ -232,8 +234,21 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{
}
if (MiscUtil.isEmpty(templateURL)) {
- templateURL = oaParam.getTemplateURL().get(0).getURL();
- Log.info("No SL-Template in request, load SL-Template from OA config (URL: " + templateURL + ")");
+
+ List<TemplateType> templateURLList = oaParam.getTemplateURL();
+
+ if ( templateURLList != null && templateURLList.size() > 0
+ && MiscUtil.isNotEmpty(templateURLList.get(0).getURL()) ) {
+ templateURL = FileUtils.makeAbsoluteURL(
+ oaParam.getTemplateURL().get(0).getURL(),
+ AuthConfigurationProvider.getInstance().getRootConfigFileDir());
+ Log.info("No SL-Template in request, load SL-Template from OA config (URL: " + templateURL + ")");
+
+ } else {
+ Logger.error("NO SL-Tempalte found in OA config");
+ throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12");
+
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
index d2d458e74..deec69c7f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
@@ -24,6 +24,7 @@ package at.gv.egovernment.moa.id.auth.servlet;
import java.io.IOException;
import java.io.PrintWriter;
+import java.util.List;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
@@ -40,12 +41,14 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.FileUtils;
import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.StringUtils;
@@ -122,7 +125,21 @@ public class GenerateIFrameTemplateServlet extends AuthServlet {
bkuURL = AuthConfigurationProvider.getInstance().getDefaultBKUURL(bkuid);
}
- String templateURL = AuthConfigurationProvider.getInstance().getSLRequestTemplates(bkuid);
+ //search for OA specific template
+ String templateURL = null;
+ List<TemplateType> oaTemplateURLList = oaParam.getTemplateURL();
+ if ( oaTemplateURLList != null && oaTemplateURLList.size() > 0
+ && MiscUtil.isNotEmpty(oaTemplateURLList.get(0).getURL()) ) {
+ templateURL = oaTemplateURLList.get(0).getURL();
+
+ } else {
+ templateURL = AuthConfigurationProvider.getInstance().getSLRequestTemplates(bkuid);
+ }
+
+ //make url absolut if it is a local url
+ if (MiscUtil.isNotEmpty(templateURL))
+ templateURL = FileUtils.makeAbsoluteURL(templateURL,
+ AuthConfigurationProvider.getInstance().getRootConfigFileDir());
if (oaParam.isOnlyMandateAllowed())
useMandate = "true";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
index bd6514c5c..9df283965 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
@@ -68,6 +68,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.FileUtils;
import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.StringUtils;
@@ -293,7 +294,8 @@ public class ParamValidatorUtils implements MOAIDAuthConstants{
//get OA specific template URLs
if (oaSlTemplates != null && oaSlTemplates.size() > 0) {
for (TemplateType el : oaSlTemplates)
- trustedTemplateURLs.add(el.getURL());
+ if (MiscUtil.isNotEmpty(el.getURL()))
+ trustedTemplateURLs.add(el.getURL());
}
boolean b = trustedTemplateURLs.contains(template);
@@ -308,13 +310,17 @@ public class ParamValidatorUtils implements MOAIDAuthConstants{
}
+ } else if (template.startsWith("file")){
+ new URL(template);
+ Logger.debug("Parameter Template bzw. bkuSelectionTemplateURL erfolgreich ueberprueft");
+ Logger.debug("Load SL-Layer Template from local filesystem " + template);
+ return true;
+
+ } else {
+ Logger.error("Fehler Ueberpruefung Parameter Template bzw. bkuSelectionTemplateURL. Paramter beginnt nicht mit http oder https.");
+ return false;
}
- else {
- Logger.error("Fehler Ueberpruefung Parameter Template bzw. bkuSelectionTemplateURL. Paramter beginnt nicht mit http oder https.");
- return false;
- }
-
-
+
} catch (MalformedURLException e) {
Logger.error("Fehler Ueberpruefung Parameter Template bzw. bkuSelectionTemplateURL.", e);
return false;