aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--id/server/auth/src/main/webapp/WEB-INF/web.xml71
-rw-r--r--id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html14
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorWithLocalSigningServlet.java1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java27
5 files changed, 76 insertions, 39 deletions
diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml
index 42085b01e..fb3888a3e 100644
--- a/id/server/auth/src/main/webapp/WEB-INF/web.xml
+++ b/id/server/auth/src/main/webapp/WEB-INF/web.xml
@@ -1,8 +1,25 @@
<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN' 'http://java.sun.com/dtd/web-app_2_3.dtd'>
-<web-app>
+<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+ version="3.0">
<display-name>MOA ID Auth</display-name>
<description>MOA ID Authentication Service</description>
+
+ <!-- bootstrap loader for spring framework -->
+ <listener>
+ <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
+ </listener>
+
+ <!-- exposes request and response to the current thread -->
+ <filter>
+ <filter-name>requestContextFilter</filter-name>
+ <filter-class>org.springframework.web.filter.RequestContextFilter</filter-class>
+ </filter>
+ <filter-mapping>
+ <filter-name>requestContextFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
+
<!-- <servlet>
<servlet-name>SelectBKU</servlet-name>
<display-name>SelectBKU</display-name>
@@ -10,63 +27,63 @@
<servlet-class>at.gv.egovernment.moa.id.auth.servlet.SelectBKUServlet</servlet-class>
</servlet> -->
<servlet>
- <servlet-name>GenerateIframeTemplate</servlet-name>
- <display-name>GenerateIframeTemplate</display-name>
<description>Generate BKU Request template</description>
+ <display-name>GenerateIframeTemplate</display-name>
+ <servlet-name>GenerateIframeTemplate</servlet-name>
<servlet-class>at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet</servlet-class>
</servlet>
<servlet>
- <servlet-name>RedirectServlet</servlet-name>
<display-name>RedirectServlet</display-name>
+ <servlet-name>RedirectServlet</servlet-name>
<servlet-class>at.gv.egovernment.moa.id.auth.servlet.RedirectServlet</servlet-class>
</servlet>
<servlet>
- <servlet-name>MonitoringServlet</servlet-name>
<display-name>MonitoringServlet</display-name>
+ <servlet-name>MonitoringServlet</servlet-name>
<servlet-class>at.gv.egovernment.moa.id.auth.servlet.MonitoringServlet</servlet-class>
</servlet>
<servlet>
- <servlet-name>SSOSendAssertionServlet</servlet-name>
<display-name>SSOSendAssertionServlet</display-name>
+ <servlet-name>SSOSendAssertionServlet</servlet-name>
<servlet-class>at.gv.egovernment.moa.id.auth.servlet.SSOSendAssertionServlet</servlet-class>
</servlet>
<servlet>
- <servlet-name>LogOut</servlet-name>
- <display-name>LogOut</display-name>
<description>SSO LogOut</description>
+ <display-name>LogOut</display-name>
+ <servlet-name>LogOut</servlet-name>
<servlet-class>at.gv.egovernment.moa.id.auth.servlet.LogOutServlet</servlet-class>
</servlet>
<servlet>
- <servlet-name>IDPSLO</servlet-name>
- <display-name>IDP-SLO</display-name>
<description>IDP Single LogOut Service</description>
+ <display-name>IDP-SLO</display-name>
+ <servlet-name>IDPSLO</servlet-name>
<servlet-class>at.gv.egovernment.moa.id.auth.servlet.IDPSingleLogOutServlet</servlet-class>
</servlet>
<servlet>
- <servlet-name>VerifyIdentityLink</servlet-name>
- <display-name>VerifyIdentityLink</display-name>
<description>Verify identity link coming from security layer</description>
+ <display-name>VerifyIdentityLink</display-name>
+ <servlet-name>VerifyIdentityLink</servlet-name>
<servlet-class>at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet</servlet-class>
</servlet>
<servlet>
- <servlet-name>VerifyCertificate</servlet-name>
- <display-name>VerifyCertificate</display-name>
<description>Verify the certificate coming from security layer</description>
+ <display-name>VerifyCertificate</display-name>
+ <servlet-name>VerifyCertificate</servlet-name>
<servlet-class>at.gv.egovernment.moa.id.auth.servlet.VerifyCertificateServlet</servlet-class>
</servlet>
<servlet>
- <servlet-name>GetMISSessionID</servlet-name>
- <display-name>GetMISSessionID</display-name>
<description>Get the MIS session ID coming from security layer</description>
+ <display-name>GetMISSessionID</display-name>
+ <servlet-name>GetMISSessionID</servlet-name>
<servlet-class>at.gv.egovernment.moa.id.auth.servlet.GetMISSessionIDServlet</servlet-class>
</servlet>
<servlet>
- <servlet-name>GetForeignID</servlet-name>
- <display-name>GetForeignID</display-name>
<description>Gets the foreign eID from security layer</description>
+ <display-name>GetForeignID</display-name>
+ <servlet-name>GetForeignID</servlet-name>
<servlet-class>at.gv.egovernment.moa.id.auth.servlet.GetForeignIDServlet</servlet-class>
</servlet>
<!-- <servlet>
@@ -76,9 +93,9 @@
<servlet-class>at.gv.egovernment.moa.id.auth.servlet.ProcessValidatorInputServlet</servlet-class>
</servlet> -->
<servlet>
- <servlet-name>VerifyAuthBlock</servlet-name>
- <display-name>VerifyAuthBlock</display-name>
<description>Verify AUTH block coming from security layer</description>
+ <display-name>VerifyAuthBlock</display-name>
+ <servlet-name>VerifyAuthBlock</servlet-name>
<servlet-class>at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet</servlet-class>
</servlet>
<!-- <servlet>
@@ -89,8 +106,8 @@
<servlet-class>at.gv.egovernment.moa.id.auth.servlet.ConfigurationServlet</servlet-class>
</servlet> -->
<servlet>
- <servlet-name>AxisServlet</servlet-name>
<display-name>Apache-Axis Servlet</display-name>
+ <servlet-name>AxisServlet</servlet-name>
<servlet-class>org.apache.axis.transport.http.AxisServlet</servlet-class>
</servlet>
@@ -100,18 +117,18 @@
<servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class>
</servlet> -->
<servlet>
- <servlet-name>PEPSConnectorServlet</servlet-name>
- <display-name>PEPSConnectorServlet</display-name>
<description>Servlet receiving STORK SAML Response Messages from
different C-PEPS</description>
+ <display-name>PEPSConnectorServlet</display-name>
+ <servlet-name>PEPSConnectorServlet</servlet-name>
<servlet-class>
at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet</servlet-class>
</servlet>
<servlet>
- <servlet-name>PEPSConnectorWithLocalSigningServlet</servlet-name>
- <display-name>PEPSConnectorWithLocalSigningServlet</display-name>
<description>Servlet receiving STORK SAML Response Messages from
different C-PEPS</description>
+ <display-name>PEPSConnectorWithLocalSigningServlet</display-name>
+ <servlet-name>PEPSConnectorWithLocalSigningServlet</servlet-name>
<servlet-class>
at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorWithLocalSigningServlet</servlet-class>
</servlet>
@@ -124,8 +141,8 @@
<load-on-startup>1</load-on-startup>
</servlet>-->
<servlet>
- <servlet-name>DispatcherServlet</servlet-name>
<display-name>Dispatcher Servlet</display-name>
+ <servlet-name>DispatcherServlet</servlet-name>
<servlet-class>at.gv.egovernment.moa.id.entrypoints.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html b/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html
index 7e2ddc491..f19cc5320 100644
--- a/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html
+++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html
@@ -794,13 +794,13 @@
<div id="localBKU">
<form method="get" id="moaidform" action="#AUTH_URL#"
class="verticalcenter" target="_parent">
- <input type="hidden" name="bkuURI" value="#LOCAL#"> <input
- type="hidden" name="useMandate" id="useMandate"> <input
- type="hidden" name="SSO" id="useSSO"> <input
- type="hidden" name="CCC" id="ccc"> <input type="hidden"
- name="MODUL" value="#MODUL#"> <input type="hidden"
- name="ACTION" value="#ACTION#"> <input type="hidden"
- name="MOASessionID" value="#SESSIONID#">
+ <input type="hidden" name="bkuURI" value="#LOCAL#">
+ <input type="hidden" name="useMandate" id="useMandate">
+ <input type="hidden" name="SSO" id="useSSO">
+ <input type="hidden" name="CCC" id="ccc">
+ <input type="hidden" name="MODUL" value="#MODUL#">
+ <input type="hidden" name="ACTION" value="#ACTION#">
+ <input type="hidden" name="MOASessionID" value="#SESSIONID#">
<input type="submit" value=">lokale Bürgerkartenumgebung" tabindex="4"
role="button" class="hell"
onclick="setMandateSelection();"
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
index 9e2e845b5..20c32a3ec 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
@@ -197,6 +197,7 @@ public class GetMISSessionIDServlet extends AuthServlet {
// for now: list contains only one element
MISMandate mandate = (MISMandate) list.get(0);
+ // TODO[tlenz]: UTF-8 ?
String sMandate = new String(mandate.getMandate());
if (sMandate == null || sMandate.compareToIgnoreCase("") == 0) {
Logger.error("Mandate is empty.");
@@ -206,6 +207,7 @@ public class GetMISSessionIDServlet extends AuthServlet {
//check if it is a parsable XML
byte[] byteMandate = mandate.getMandate();
+ // TODO[tlenz]: UTF-8 ?
String stringMandate = new String(byteMandate);
DOMUtils.parseDocument(stringMandate, false,
null, null).getDocumentElement();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorWithLocalSigningServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorWithLocalSigningServlet.java
index 3bc79f8bd..165445ea5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorWithLocalSigningServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorWithLocalSigningServlet.java
@@ -473,6 +473,7 @@ public class PEPSConnectorWithLocalSigningServlet extends AuthServlet {
Logger.info("Found AttributeProviderPlugin attribute:"+ap.getAttributes());
if(ap.getAttributes().equalsIgnoreCase("signedDoc"))
{
+ // FIXME[tlenz]: A servlet's class field is not thread safe.
oasisDssWebFormURL = ap.getUrl();
found = true;
Logger.info("Loaded signedDoc attribute provider url from config:"+oasisDssWebFormURL);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index 03cb6c1c4..a4c5c938f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -23,7 +23,6 @@
package at.gv.egovernment.moa.id.entrypoints;
import java.io.IOException;
-
import java.util.Iterator;
import javax.servlet.ServletConfig;
@@ -97,10 +96,13 @@ public class DispatcherServlet extends AuthServlet{
boolean useSSOOA = false;
String protocolRequestID = null;
-
try {
Logger.info("REQUEST: " + req.getRequestURI());
Logger.info("QUERY : " + req.getQueryString());
+
+
+// *** start of error handling ***
+
String errorid = req.getParameter(ERROR_CODE_PARAM);
if (errorid != null) {
@@ -117,7 +119,7 @@ public class DispatcherServlet extends AuthServlet{
pendingRequestID = (String) idObject;
}
- if (throwable != null) {
+ if (throwable != null) {
IRequest errorRequest = null;
if (pendingRequestID != null) {
@@ -173,6 +175,11 @@ public class DispatcherServlet extends AuthServlet{
return;
}
+// *** end of error handling ***
+
+
+// *** start of protocol specific stuff ***
+
Object moduleObject = req.getParameter(PARAM_TARGET_MODULE);
String module = null;
if (moduleObject != null && (moduleObject instanceof String)) {
@@ -357,7 +364,11 @@ public class DispatcherServlet extends AuthServlet{
}
}
-
+
+// *** end of protocol specific stuff ***
+
+// *** start handling authentication ***
+
AuthenticationManager authmanager = AuthenticationManager.getInstance();
String moasessionID = null;
@@ -473,7 +484,11 @@ public class DispatcherServlet extends AuthServlet{
//build authenticationdata from session information and OA configuration
authData = AuthenticationDataBuilder.buildAuthenticationData(protocolRequest, moasession);
}
-
+
+// *** end handling authentication ***
+
+// *** start finalizing authentication (SSO, final redirects, statistic logging etc) ***
+
SLOInformationInterface assertionID = moduleAction.processRequest(protocolRequest, req, resp, authData);
RequestStorage.removePendingRequest(protocolRequestID);
@@ -506,6 +521,8 @@ public class DispatcherServlet extends AuthServlet{
}
+// *** end finalizing authentication ***
+
} catch (Throwable e) {
Logger.warn("An authentication error occured: ", e);;
// Try handle module specific, if not possible rethrow