aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java25
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java4
-rw-r--r--id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html4
6 files changed, 28 insertions, 18 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
index 396ffb53d..36390ba62 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
@@ -56,6 +56,7 @@ import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestValidatorException;
import at.gv.egovernment.moa.id.storage.ITransactionStorage;
import at.gv.egovernment.moa.id.util.ErrorResponseUtils;
+import at.gv.egovernment.moa.id.util.HTTPUtils;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.id.util.ServletUtils;
@@ -73,6 +74,7 @@ public abstract class AbstractController extends MOAIDAuthConstants {
private static final String HTMLTEMPLATESDIR = "htmlTemplates/";
private static final String HTMLTEMPLATEFULL = "error_message.html";
+ private static String CONTEXTPATH = "#CONTEXTPATH#";
@Autowired protected StatisticLogger statisticLogger;
@Autowired protected IRequestStorage requestStorage;
@@ -185,7 +187,7 @@ public abstract class AbstractController extends MOAIDAuthConstants {
else {
//write generic message for general exceptions
String msg = MOAIDMessageProvider.getInstance().getMessage("internal.00", null);
- writeHTMLErrorResponse(resp, msg, "9199", (Exception) throwable);
+ writeHTMLErrorResponse(req, resp, msg, "9199", (Exception) throwable);
}
@@ -224,7 +226,7 @@ public abstract class AbstractController extends MOAIDAuthConstants {
}
- private void writeHTMLErrorResponse(HttpServletResponse httpResp, String msg, String errorCode, Exception error) throws IOException {
+ private void writeHTMLErrorResponse(HttpServletRequest req, HttpServletResponse httpResp, String msg, String errorCode, Exception error) throws IOException {
VelocityContext context = new VelocityContext();
//add errorcode and errormessage
@@ -237,11 +239,11 @@ public abstract class AbstractController extends MOAIDAuthConstants {
}
- writeHTMLErrorResponse(httpResp, context);
+ writeHTMLErrorResponse(req, httpResp, context);
}
- private void writeHTMLErrorResponse(HttpServletResponse httpResp, Exception error) throws IOException {
+ private void writeHTMLErrorResponse(HttpServletRequest req, HttpServletResponse httpResp, Exception error) throws IOException {
VelocityContext context = new VelocityContext();
//add errorcode and errormessage
@@ -254,11 +256,14 @@ public abstract class AbstractController extends MOAIDAuthConstants {
}
- writeHTMLErrorResponse(httpResp, context);
+ writeHTMLErrorResponse(req, httpResp, context);
}
- private void writeHTMLErrorResponse(HttpServletResponse httpResp, VelocityContext context) throws IOException {
- try {
+ private void writeHTMLErrorResponse(HttpServletRequest req, HttpServletResponse httpResp, VelocityContext context) throws IOException {
+ try {
+ String authURL = HTTPUtils.extractAuthURLFromRequest(req);
+ context.put(CONTEXTPATH, authURL);
+
InputStream is = null;
String pathLocation = null;
try {
@@ -362,15 +367,15 @@ public abstract class AbstractController extends MOAIDAuthConstants {
} else if (e instanceof ConfigurationException) {
//send HTML formated error message
- writeHTMLErrorResponse(resp, (MOAIDException) e);
+ writeHTMLErrorResponse(req, resp, (MOAIDException) e);
} else if (e instanceof MOAIDException) {
//send HTML formated error message
- writeHTMLErrorResponse(resp, e);
+ writeHTMLErrorResponse(req, resp, e);
} else if (e instanceof ProcessExecutionException) {
//send HTML formated error message
- writeHTMLErrorResponse(resp, e);
+ writeHTMLErrorResponse(req, resp, e);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
index 513b410f1..427bb9464 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
@@ -62,7 +62,7 @@ import at.gv.egovernment.moa.util.URLEncoder;
*/
@Controller
public class IDPSingleLogOutServlet extends AbstractController {
-
+
@Autowired SSOManager ssoManager;
@Autowired AuthenticationManager authManager;
@Autowired IAuthenticationSessionStoreage authenicationStorage;
@@ -111,7 +111,9 @@ public class IDPSingleLogOutServlet extends AbstractController {
else
context.put("errorMsg",
MOAIDMessageProvider.getInstance().getMessage("slo.01", null));
-
+
+ context.put(SSOManager.CONTEXTPATH, authURL);
+
ssoManager.printSingleLogOutInfo(context, resp);
} catch (MOAIDException e) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
index c5a9ad34b..ce384d1a0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
@@ -50,7 +50,7 @@ public class WebFrontEndSecurityInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
-
+
//only for SAML1 GetAuthenticationData webService functionality
String requestedServlet = request.getServletPath();
if (MiscUtil.isNotEmpty(requestedServlet) && requestedServlet.startsWith("/services/GetAuthenticationData")) {
@@ -61,7 +61,9 @@ public class WebFrontEndSecurityInterceptor implements HandlerInterceptor {
//check AuthURL
String authURL = HTTPUtils.extractAuthURLFromRequest(request);
- if (!authURL.startsWith("https:") && !authConfig.isHTTPAuthAllowed()) {
+ if (!authURL.startsWith("https:") && !authConfig.isHTTPAuthAllowed() &&
+ !authConfig.getPublicURLPrefix().contains(authURL)) {
+ Logger.info("Receive request, which is not in IDP URL-Prefix whitelist.");
String errorMsg = MOAIDMessageProvider.getInstance().getMessage("auth.07", new Object[] { authURL + "*" });
Logger.info(errorMsg);
response.sendError(
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index d76c6d526..73d682c21 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -554,6 +554,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
context.put("redirectURLs", sloReqList);
context.put("timeoutURL", timeOutURL);
context.put("timeout", SLOTIMEOUT);
+ context.put(SSOManager.CONTEXTPATH, authURL);
ssoManager.printSingleLogOutInfo(context, httpResp);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
index 89d50425b..856410d7b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
@@ -61,10 +61,10 @@ import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@Service("MOAID_SSOManager")
-public class SSOManager {
-
+public class SSOManager {
private static final String HTMLTEMPLATESDIR = "htmlTemplates/";
private static final String HTMLTEMPLATEFULL = "slo_template.html";
+ public static String CONTEXTPATH = "#CONTEXTPATH#";
private static final String SSOCOOKIE = "MOA_ID_SSO";
private static final String SSOINTERFEDERATION = "MOA_INTERFEDERATION_SSO";
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html b/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html
index dd5d3e539..ecda6550b 100644
--- a/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html
+++ b/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html
@@ -34,7 +34,7 @@
<input type="hidden" name="mod" value="#MODUL#">
<input type="hidden" name="action" value="#ACTION#">
<input type="hidden" name="pendingid" value="#ID#">
- <input type="submit" value="Ja" class="setAssertionButton_full sendButton" role="button">
+ <input type="submit" value="Ja" class="setAssertionButton_full" role="button">
</form>
</div>
<div id="rightbutton">
@@ -43,7 +43,7 @@
<input type="hidden" name="mod" value="#MODUL#">
<input type="hidden" name="action" value="#ACTION#">
<input type="hidden" name="pendingid" value="#ID#">
- <input type="submit" value="Nein" class="setAssertionButton_full sendButton" role="button">
+ <input type="submit" value="Nein" class="setAssertionButton_full" role="button">
</form>
</div>