diff options
14 files changed, 339 insertions, 17 deletions
| diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java index 4da4d3907..c6b9b984a 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java @@ -40,10 +40,12 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber;  import at.gv.egovernment.moa.id.commons.db.dao.config.LegacyAllowed;  import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration;  import at.gv.egovernment.moa.id.commons.db.dao.config.MOASP; +import at.gv.egovernment.moa.id.commons.db.dao.config.OAuth;  import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineMandates;  import at.gv.egovernment.moa.id.commons.db.dao.config.Organization;  import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2;  import at.gv.egovernment.moa.id.commons.db.dao.config.Protocols; +import at.gv.egovernment.moa.id.commons.db.dao.config.SAML1;  import at.gv.egovernment.moa.id.commons.db.dao.config.SLRequestTemplates;  import at.gv.egovernment.moa.id.commons.db.dao.config.SSO;  import at.gv.egovernment.moa.id.commons.db.dao.config.STORK; @@ -81,6 +83,10 @@ public class GeneralMOAIDConfig {  	private String mandateURL = null; +	private boolean protocolActiveSAML1 = false; +	private boolean protocolActivePVP21 = true; +	private boolean protocolActiveOAuth = true; +	  	private boolean legacy_saml1 = false;  	private boolean legacy_pvp2 = false; @@ -205,8 +211,23 @@ public class GeneralMOAIDConfig {  							legacy_pvp2 = true;  					} +					SAML1 saml1 = protocols.getSAML1(); +					if (saml1 != null) { +						protocolActiveSAML1 = saml1.isIsActive(); +						 +					} +					 +					OAuth oauth = protocols.getOAuth(); +					if (oauth != null) { +						protocolActiveOAuth = saml1.isIsActive(); +						 +					} +					  					PVP2 pvp2 = protocols.getPVP2();  					if (pvp2 != null) { +						 +						protocolActivePVP21 = pvp2.isIsActive(); +						  						pvp2PublicUrlPrefix = pvp2.getPublicURLPrefix();  						pvp2IssuerName = pvp2.getIssuerName(); @@ -850,6 +871,49 @@ public class GeneralMOAIDConfig {  			this.fileUploadFileName = new ArrayList<String>();  		this.fileUploadFileName.add(fileUploadFileName);  	} + +	/** +	 * @return the protocolActiveSAML1 +	 */ +	public boolean isProtocolActiveSAML1() { +		return protocolActiveSAML1; +	} + +	/** +	 * @param protocolActiveSAML1 the protocolActiveSAML1 to set +	 */ +	public void setProtocolActiveSAML1(boolean protocolActiveSAML1) { +		this.protocolActiveSAML1 = protocolActiveSAML1; +	} + +	/** +	 * @return the protocolActivePVP21 +	 */ +	public boolean isProtocolActivePVP21() { +		return protocolActivePVP21; +	} + +	/** +	 * @param protocolActivePVP21 the protocolActivePVP21 to set +	 */ +	public void setProtocolActivePVP21(boolean protocolActivePVP21) { +		this.protocolActivePVP21 = protocolActivePVP21; +	} + +	/** +	 * @return the protocolActiveOAuth +	 */ +	public boolean isProtocolActiveOAuth() { +		return protocolActiveOAuth; +	} + +	/** +	 * @param protocolActiveOAuth the protocolActiveOAuth to set +	 */ +	public void setProtocolActiveOAuth(boolean protocolActiveOAuth) { +		this.protocolActiveOAuth = protocolActiveOAuth; +	} +	  } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java index f1a8c8694..362579c9f 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java @@ -53,10 +53,12 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.IdentityLinkSigners;  import at.gv.egovernment.moa.id.commons.db.dao.config.LegacyAllowed;  import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration;  import at.gv.egovernment.moa.id.commons.db.dao.config.MOASP; +import at.gv.egovernment.moa.id.commons.db.dao.config.OAuth;  import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineMandates;  import at.gv.egovernment.moa.id.commons.db.dao.config.Organization;  import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2;  import at.gv.egovernment.moa.id.commons.db.dao.config.Protocols; +import at.gv.egovernment.moa.id.commons.db.dao.config.SAML1;  import at.gv.egovernment.moa.id.commons.db.dao.config.SLRequestTemplates;  import at.gv.egovernment.moa.id.commons.db.dao.config.SSO;  import at.gv.egovernment.moa.id.commons.db.dao.config.STORK; @@ -271,11 +273,28 @@ public class EditGeneralConfigAction extends ActionSupport  			el.add(Constants.MOA_CONFIG_PROTOCOL_SAML1);  		legprot.setProtocolName(el); +		SAML1 saml1= dbprotocols.getSAML1(); +		if (saml1 == null) { +			saml1 = new SAML1(); +			dbprotocols.setSAML1(saml1); +		} +		saml1.setIsActive(moaconfig.isProtocolActiveSAML1()); +		 +		OAuth oauth= dbprotocols.getOAuth(); +		if (oauth == null) { +			oauth = new OAuth(); +			dbprotocols.setOAuth(oauth); +		} +		oauth.setIsActive(moaconfig.isProtocolActiveOAuth()); +		  		PVP2 pvp2 = dbprotocols.getPVP2();  		if (pvp2 == null) {  			pvp2 = new PVP2();  			dbprotocols.setPVP2(pvp2);  		} +		 +		pvp2.setIsActive(moaconfig.isProtocolActivePVP21()); +		  		if (MiscUtil.isNotEmpty(moaconfig.getPvp2IssuerName()))  			pvp2.setIssuerName(moaconfig.getPvp2IssuerName());  		if (MiscUtil.isNotEmpty(moaconfig.getPvp2PublicUrlPrefix())) diff --git a/id/ConfigWebTool/src/main/resources/applicationResources.properties b/id/ConfigWebTool/src/main/resources/applicationResources.properties index 456c37ff1..454175125 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources.properties @@ -124,9 +124,11 @@ webpages.moaconfig.sso.FriendlyName=SSO Service Name  webpages.moaconfig.services.sso.Target=SSO Service Target  webpages.moaconfig.services.sso.SpecialText=SSO AuthBlockText  webpages.moaconfig.protocols.header=Protokolle  +webpages.moaconfig.protocols.allowed.header=Protokolle aktivieren  webpages.moaconfig.protocols.legacy.header=Legacy Modus aktivieren  webpages.moaconfig.protocols.legacy.saml1=SAML1  webpages.moaconfig.protocols.legacy.pvp2=PVP2.1 +webpages.moaconfig.protocols.oauth=OpenID Connect  webpages.moaconfig.protocols.pvp2.header=PVP2 Konfiguration  webpages.moaconfig.protocols.pvp2.PublicUrlPrefix=PVP2 Service URL-Prefix  webpages.moaconfig.protocols.pvp2.IssuerName=PVP Service Name diff --git a/id/ConfigWebTool/src/main/webapp/css/index.css b/id/ConfigWebTool/src/main/webapp/css/index.css index 14591f1dc..79f8b4e72 100644 --- a/id/ConfigWebTool/src/main/webapp/css/index.css +++ b/id/ConfigWebTool/src/main/webapp/css/index.css @@ -1,10 +1,14 @@  @CHARSET "UTF-8"; +body { +	font-size: 1em; +} +  #header_area {  	padding-bottom: 10px;  	background-color: #6FA5D4;  	display: block; -	font-size: 20px; +	font-size: 1.2em;    /* margin-left: 25px; */    padding-top: 10px;    padding-left: 25px; @@ -12,7 +16,7 @@  }  #header_area>div { -	font-size: 20px; +	font-size: 1.2em;    margin-left: 25px;    padding-top: 8px;  } @@ -69,7 +73,7 @@  .menu_element {  	margin-top: 15px;  	margin-bottom: 15px; -	font-size: 20px; +	font-size: 1.2em;  	display: block;  /* 	background-color: red; */  	background-color: #6FA5D4; @@ -96,7 +100,7 @@  }  #message_area label { -	font-size: 18px; +	font-size: 1.1em;  	font-weight: bold;  } @@ -105,7 +109,7 @@  }  #error_area label{ -	font-size: 18px; +	font-size: 1.1em;  	font-weight: bold;  } @@ -220,6 +224,11 @@     margin-left: 10px;  } +#moageneral_active_protocol>.wwgrp { +	float: left; +	clear: none; +} +  #moageneral_legacy_protocol>.wwgrp {  	clear: none;  } @@ -318,7 +327,7 @@ div .wwgrp br {  	border-bottom-style: none;  	display: table-header-group;  	font-weight: bold; -	font-size: 18px; +	font-size: 1.1em;  }  .listFirst { @@ -371,7 +380,7 @@ div .wwgrp br {      padding-left: 30px;      position: relative;      top: 15px; -    font-size: 20px; +    font-size: 1.2em;  		text-align: center;     	padding-top: 10px;     	border-radius: 3px; diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp index 05f4a1106..de2548535 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp @@ -228,7 +228,31 @@  						<div class="oa_config_block">  							<h3><%=LanguageHelper.getGUIString("webpages.moaconfig.protocols.header", request) %></h3> -													 + +							<div id="moageneral_active_protocol" class="moageneral_protocol_area"> +								<h4><%=LanguageHelper.getGUIString("webpages.moaconfig.protocols.allowed.header", request) %></h4> +								<s:checkbox name="moaconfig.protocolActiveSAML1"  +									value="%{moaconfig.protocolActiveSAML1}" +									labelposition="left" +									key="webpages.moaconfig.protocols.legacy.saml1" +									cssClass="checkbox"> +								</s:checkbox> +								<s:checkbox name="moaconfig.protocolActivePVP21"  +									value="%{moaconfig.protocolActivePVP21}" +									labelposition="left" +									key="webpages.moaconfig.protocols.legacy.pvp2" +									cssClass="checkbox"> +								</s:checkbox> +								<s:checkbox name="moaconfig.protocolActiveOAuth"  +									value="%{moaconfig.protocolActiveOAuth}" +									labelposition="left" +									key="webpages.moaconfig.protocols.oauth" +									cssClass="checkbox"> +								</s:checkbox> +							</div> +	 +							<br> +															  							<div id="moageneral_legacy_protocol" class="moageneral_protocol_area">  								<h4><%=LanguageHelper.getGUIString("webpages.moaconfig.protocols.legacy.header", request) %></h4>  								<s:checkbox name="moaconfig.legacy_saml1"  @@ -245,6 +269,8 @@  								</s:checkbox>  							</div> +							<br> +							  							<div class="moageneral_protocol_area">  								<h4><%=LanguageHelper.getGUIString("webpages.moaconfig.protocols.pvp2.header", request) %></h4> diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ProtocolNotActiveException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ProtocolNotActiveException.java new file mode 100644 index 000000000..fe2bcedca --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ProtocolNotActiveException.java @@ -0,0 +1,44 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.exception; + +/** + * @author tlenz + * + */ +public class ProtocolNotActiveException extends MOAIDException { + +	/** +	 *  +	 */ +	private static final long serialVersionUID = 1832697083163940710L; + +	/** +	 * @param messageId +	 * @param parameters +	 */ +	public ProtocolNotActiveException(String messageId, Object[] parameters) { +		super(messageId, parameters); +	} + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index 69a73215a..d1872b2bc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -105,6 +105,7 @@ import at.gv.egovernment.moa.id.config.ConnectionParameter;  import at.gv.egovernment.moa.id.config.ConnectionParameterForeign;  import at.gv.egovernment.moa.id.config.ConnectionParameterMOASP;  import at.gv.egovernment.moa.id.config.ConnectionParameterMandate; +import at.gv.egovernment.moa.id.config.auth.data.ProtocolAllowed;  import at.gv.egovernment.moa.id.config.legacy.BuildFromLegacyConfig;  import at.gv.egovernment.moa.id.config.stork.STORKConfig;  import at.gv.egovernment.moa.id.data.IssuerAndSerial; @@ -190,6 +191,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider {    private static String alternativesourceid = null;    private static List<String> legacyallowedprotocols = new ArrayList<String>(); +  private static ProtocolAllowed allowedProtcols = null;    private static VerifyAuthBlock verifyidl = null; @@ -246,6 +248,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider {      return instance;    } +    /**     * Constructor for AuthConfigurationProvider.     * @param fileName @@ -515,8 +518,22 @@ public class AuthConfigurationProvider extends ConfigurationProvider {  		//set PVP2 general config  		Protocols protocols = auth.getProtocols();  			if (protocols != null) { +				 +				allowedProtcols = new ProtocolAllowed(); +				 +				if (protocols.getSAML1() != null) { +					allowedProtcols.setSAML1Active(protocols.getSAML1().isIsActive()); +				} +				 +				if (protocols.getOAuth() != null) { +					allowedProtcols.setOAUTHActive(protocols.getOAuth().isIsActive()); +				} +				  				if (protocols.getPVP2() != null) { -					PVP2 el = protocols.getPVP2();; +					PVP2 el = protocols.getPVP2(); +					 +					allowedProtcols.setPVP21Active(el.isIsActive()); +					  					pvp2general =  new PVP2();  					pvp2general.setIssuerName(el.getIssuerName());	  					pvp2general.setPublicURLPrefix(el.getPublicURLPrefix()); @@ -730,6 +747,9 @@ public class AuthConfigurationProvider extends ConfigurationProvider {        return this.getGeneralProperiesConfig("protocols.oauth20.");    } +  public ProtocolAllowed getAllowedProtocols() { +	  return this.allowedProtcols; +  }    public PVP2 getGeneralPVP2DBConfig() {  	  return pvp2general; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/ProtocolAllowed.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/ProtocolAllowed.java new file mode 100644 index 000000000..a04fb1626 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/ProtocolAllowed.java @@ -0,0 +1,91 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.auth.data; + +/** + * @author tlenz + * + */ +public class ProtocolAllowed { + +	private boolean isSAML1Active = false; +	private boolean isPVP21Active = true; +	private boolean isOAUTHActive = true; +	 +	/** +	 *  +	 */ +	public ProtocolAllowed() { +		 +	} +	 +	/** +	 *  +	 */ +	public ProtocolAllowed(boolean saml1, boolean pvp21, boolean oauth) { +		this.isOAUTHActive = oauth; +		this.isPVP21Active = pvp21; +		this.isSAML1Active = saml1; +		 +	} +	 +	/** +	 * @return the isSAML1Active +	 */ +	public boolean isSAML1Active() { +		return isSAML1Active; +	} +	/** +	 * @param isSAML1Active the isSAML1Active to set +	 */ +	public void setSAML1Active(boolean isSAML1Active) { +		this.isSAML1Active = isSAML1Active; +	} +	/** +	 * @return the isPVP21Active +	 */ +	public boolean isPVP21Active() { +		return isPVP21Active; +	} +	/** +	 * @param isPVP21Active the isPVP21Active to set +	 */ +	public void setPVP21Active(boolean isPVP21Active) { +		this.isPVP21Active = isPVP21Active; +	} +	/** +	 * @return the isOAUTHActive +	 */ +	public boolean isOAUTHActive() { +		return isOAUTHActive; +	} +	/** +	 * @param isOAUTHActive the isOAUTHActive to set +	 */ +	public void setOAUTHActive(boolean isOAUTHActive) { +		this.isOAUTHActive = isOAUTHActive; +	} +	 +	 +	 +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index 260a4fd79..1f526caca 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -28,6 +28,7 @@ import iaik.security.ecc.provider.ECCProvider;  import iaik.security.provider.IAIK;  import java.io.IOException; +import java.io.PrintWriter;  import java.security.Security;  import java.util.Iterator;  import java.util.Map; @@ -45,6 +46,7 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;  import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;  import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;  import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException;  import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;  import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;  import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; @@ -317,20 +319,28 @@ public class DispatcherServlet extends AuthServlet{  								}  							}  						} +						 +					} catch (ProtocolNotActiveException e) { +						resp.getWriter().write(e.getMessage()); +						resp.setContentType("text/html;charset=UTF-8"); +						resp.sendError(HttpServletResponse.SC_FORBIDDEN, e.getMessage()); +						return; +						 +						  					} catch (MOAIDException e) {  						Logger.error("Failed to generate a valid protocol request!"); -						resp.sendError(HttpServletResponse.SC_BAD_REQUEST);  						resp.setContentType("text/html;charset=UTF-8"); -						resp.getWriter().write("NO valid protocol request received!"); +						resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "NO valid protocol request received!");  						return; +						  					}  					if (protocolRequest == null) {  						Logger.error("Failed to generate a valid protocol request!"); -						resp.sendError(HttpServletResponse.SC_BAD_REQUEST);  						resp.setContentType("text/html;charset=UTF-8"); -						resp.getWriter().write("NO valid protocol request received!"); +						resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "NO valid protocol request received!");  						return; +						  					}  				} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java index 1fb67a0b2..7ef5a2068 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java @@ -32,6 +32,8 @@ import javax.servlet.http.HttpServletResponse;  import org.apache.commons.lang.StringUtils;  import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;  import at.gv.egovernment.moa.id.moduls.IAction;  import at.gv.egovernment.moa.id.moduls.IModulInfo;  import at.gv.egovernment.moa.id.moduls.IRequest; @@ -77,6 +79,13 @@ public class OAuth20Protocol implements IModulInfo {  	 */  	public IRequest preProcess(HttpServletRequest request, HttpServletResponse resp, String action) throws MOAIDException {  		// validation is done inside creation +		 +		if (!AuthConfigurationProvider.getInstance().getAllowedProtocols().isOAUTHActive()) { +			Logger.info("OAuth is deaktivated!"); +			throw new ProtocolNotActiveException("auth.22", new Object[] { NAME }); +			 +		} +	  		OAuth20BaseRequest res = OAuth20BaseRequest.newInstance(action, request);  		Logger.debug("Created: " + res);  		return res; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index 82a620f6b..84c0138a5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -47,6 +47,8 @@ import org.opensaml.saml2.metadata.SPSSODescriptor;  import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;  import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;  import at.gv.egovernment.moa.id.moduls.IAction;  import at.gv.egovernment.moa.id.moduls.IModulInfo;  import at.gv.egovernment.moa.id.moduls.IRequest; @@ -129,6 +131,14 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {  	public IRequest preProcess(HttpServletRequest request,  			HttpServletResponse response, String action) throws MOAIDException { +		 +		if (!AuthConfigurationProvider.getInstance().getAllowedProtocols().isPVP21Active()) { +			Logger.info("PVP2.1 is deaktivated!"); +			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); +			 +		} +		 +		  		if(METADATA.equals(action)) {  			return new PVPTargetConfiguration();  		} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java index 1c57c841e..e587ef0e1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java @@ -32,6 +32,7 @@ import org.apache.commons.lang.StringEscapeUtils;  import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;  import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;  import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException;  import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;  import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;  import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1; @@ -81,6 +82,13 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants {  	public IRequest preProcess(HttpServletRequest request,  			HttpServletResponse response, String action) throws MOAIDException {  		RequestImpl config = new RequestImpl(); +		 +		if (!AuthConfigurationProvider.getInstance().getAllowedProtocols().isSAML1Active()) { +			Logger.info("SAML1 is deaktivated!"); +			throw new ProtocolNotActiveException("auth.22", new Object[] { NAME }); +			 +		} +			  		String oaURL = (String) request.getParameter(PARAM_OA);  		//oaURL = StringEscapeUtils.escapeHtml(oaURL); diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index 3151aa657..dc698782a 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -40,6 +40,7 @@ auth.18=Keine MOASessionID vorhanden  auth.19=Die Authentifizierung kann nicht passiv durchgef\u00FChrt werden.
  auth.20=No valid MOA session found. Authentification process is abourted.
  auth.21=Der Anmeldevorgang wurde durch den Benutzer abgebrochen.
 +auth.22=Das Protokoll {0} ist deaktiviert.
  init.00=MOA ID Authentisierung wurde erfolgreich gestartet
  init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround\: SSL ist m\u00F6glicherweise nicht verf\u00FCgbar
 @@ -227,5 +228,5 @@ oauth20.04=Die Art der Anmeldung wird nicht unterstuetzt  oauth20.05=Der angegebene Benutzer ist nicht berechtigt
  oauth20.06=Die angegebene OA kann nicht verwendet werden
  oauth20.07=Angeforderter grant_type ist nicht erlaubt
 -oauth20.08=Nicht berechtigt für Token-Request
 +oauth20.08=Nicht berechtigt f�r Token-Request
  oauth20.09=Zertifikat fuer JSON Web-Token ist falsch konfiguriert. Fehler bei "{0}"
 diff --git a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd index 481f12091..e93cb5cc8 100644 --- a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd +++ b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd @@ -281,7 +281,11 @@  			<xsd:element name="Protocols">  				<xsd:complexType>  					<xsd:sequence> -						<xsd:element name="SAML1" minOccurs="0"/> +						<xsd:element name="SAML1" minOccurs="0"> +							<xsd:complexType> +								<xsd:attribute name="isActive" type="xsd:boolean" default="false"/> +							</xsd:complexType> +						</xsd:element>  						<xsd:element name="PVP2" minOccurs="0">  							<xsd:complexType>  								<xsd:sequence> @@ -298,6 +302,12 @@  									</xsd:element>  									<xsd:element ref="Contact" minOccurs="1" maxOccurs="unbounded"/>  								</xsd:sequence> +								<xsd:attribute name="isActive" type="xsd:boolean" default="true"/> +							</xsd:complexType> +						</xsd:element> +						<xsd:element name="OAuth" minOccurs="0"> +							<xsd:complexType> +								<xsd:attribute name="isActive" type="xsd:boolean" default="true"/>  							</xsd:complexType>  						</xsd:element>  						<xsd:element name="LegacyAllowed"> @@ -873,7 +883,6 @@  			</xsd:sequence>  		</xsd:complexType>  	</xsd:element> -	  	<xsd:element name="OA_PVP2">  		<xsd:complexType>  			<xsd:sequence> @@ -900,7 +909,7 @@  			</xsd:sequence>  		</xsd:complexType>  	</xsd:element> -		<xsd:element name="OA_OAUTH20"> +	<xsd:element name="OA_OAUTH20">  		<xsd:complexType>  			<xsd:sequence>  				<xsd:element name="oAuthClientId" type="xsd:string"/> | 
