diff options
-rw-r--r-- | id.server/lib/commons-fileupload-1.1.1/commons-fileupload-1.1.1.jar | bin | 0 -> 31909 bytes | |||
-rw-r--r-- | id.server/lib/commons-io-1.1/commons-io-1.1.jar | bin | 0 -> 61562 bytes | |||
-rw-r--r-- | id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java | 74 | ||||
-rw-r--r-- | id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java | 12 | ||||
-rw-r--r-- | id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java | 12 |
5 files changed, 82 insertions, 16 deletions
diff --git a/id.server/lib/commons-fileupload-1.1.1/commons-fileupload-1.1.1.jar b/id.server/lib/commons-fileupload-1.1.1/commons-fileupload-1.1.1.jar Binary files differnew file mode 100644 index 000000000..fc5763d0d --- /dev/null +++ b/id.server/lib/commons-fileupload-1.1.1/commons-fileupload-1.1.1.jar diff --git a/id.server/lib/commons-io-1.1/commons-io-1.1.jar b/id.server/lib/commons-io-1.1/commons-io-1.1.jar Binary files differnew file mode 100644 index 000000000..624fc1a72 --- /dev/null +++ b/id.server/lib/commons-io-1.1/commons-io-1.1.jar diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java index 9884c80f8..70e53d83e 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java @@ -5,6 +5,7 @@ import java.io.IOException; import java.io.InputStream; import java.util.Enumeration; import java.util.HashMap; +import java.util.List; import java.util.Map; import javax.servlet.RequestDispatcher; @@ -15,6 +16,12 @@ import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.commons.fileupload.FileItem; +import org.apache.commons.fileupload.FileItemFactory; +import org.apache.commons.fileupload.FileUploadException; +import org.apache.commons.fileupload.disk.DiskFileItemFactory; +import org.apache.commons.fileupload.servlet.ServletFileUpload; + import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.logging.Logger; @@ -101,30 +108,69 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants { Logger.debug("Parameter " + parname + req.getParameter(parname)); } } + /** - * Parses the request input stream for parameters, - * assuming parameters are encoded UTF-8. + * Parses the request input stream for parameters, assuming parameters are encoded UTF-8 + * (no standard exists how browsers should encode them). + * * @param req servlet request + * * @return mapping parameter name -> value + * + * @throws IOException if parsing request parameters fails. + * + * @throws FileUploadException if parsing request parameters fails. */ - protected Map getParameters(HttpServletRequest req) throws IOException { + protected Map getParameters(HttpServletRequest req) + throws IOException, FileUploadException { + Map parameters = new HashMap(); - InputStream in = req.getInputStream(); - String paramName; - String paramValueURLEncoded; - do { - paramName = new String(readBytesUpTo(in, '=')); - if (paramName.length() > 0) { - paramValueURLEncoded = readBytesUpTo(in, '&'); - String paramValue = URLDecoder.decode(paramValueURLEncoded, "UTF-8"); - parameters.put(paramName, paramValue); + + + if (ServletFileUpload.isMultipartContent(req)) + { + // request is encoded as mulitpart/form-data + FileItemFactory factory = new DiskFileItemFactory(); + ServletFileUpload upload = null;; + upload = new ServletFileUpload(factory); + List items = null; + items = upload.parseRequest(req); + for (int i = 0; i < items.size(); i++) + { + FileItem item = (FileItem) items.get(i); + if (item.isFormField()) + { + // Process only form fields - no file upload items + parameters.put(item.getFieldName(), item.getString("UTF-8")); + Logger.debug("Processed multipart/form-data request parameter: \nName: " + + item.getFieldName() + "\nValue: " + + item.getString("UTF-8")); + } } } - while (paramName.length() > 0); - in.close(); + else + { + // request is encoded as application/x-www-urlencoded + InputStream in = req.getInputStream(); + + String paramName; + String paramValueURLEncoded; + do { + paramName = new String(readBytesUpTo(in, '=')); + if (paramName.length() > 0) { + paramValueURLEncoded = readBytesUpTo(in, '&'); + String paramValue = URLDecoder.decode(paramValueURLEncoded, "UTF-8"); + parameters.put(paramName, paramValue); + } + } + while (paramName.length() > 0); + in.close(); + } + return parameters; } + /** * Reads bytes up to a delimiter, consuming the delimiter. * @param in input stream diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java index 744dc5bc8..50502d199 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java @@ -8,6 +8,8 @@ import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.commons.fileupload.FileUploadException; + import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; @@ -67,7 +69,15 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { throws ServletException, IOException { Logger.debug("POST VerifyAuthenticationBlock"); - Map parameters = getParameters(req); + Map parameters; + try + { + parameters = getParameters(req); + } catch (FileUploadException e) + { + Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); + throw new IOException(e.getMessage()); + } String sessionID = req.getParameter(PARAM_SESSIONID); String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE); diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java index a69d71181..9d5c4b191 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java @@ -8,6 +8,8 @@ import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.commons.fileupload.FileUploadException; + import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; @@ -63,7 +65,15 @@ public class VerifyIdentityLinkServlet extends AuthServlet { throws ServletException, IOException { Logger.debug("POST VerifyIdentityLink"); - Map parameters = getParameters(req); + Map parameters; + try + { + parameters = getParameters(req); + } catch (FileUploadException e) + { + Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); + throw new IOException(e.getMessage()); + } String sessionID = req.getParameter(PARAM_SESSIONID); String infoboxReadResponse = (String)parameters.get(PARAM_XMLRESPONSE); |