aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--id.server/lib/commons-fileupload-1.1.1/commons-fileupload-1.1.1.jarbin0 -> 31909 bytes
-rw-r--r--id.server/lib/commons-io-1.1/commons-io-1.1.jarbin0 -> 61562 bytes
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java74
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java12
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java12
5 files changed, 82 insertions, 16 deletions
diff --git a/id.server/lib/commons-fileupload-1.1.1/commons-fileupload-1.1.1.jar b/id.server/lib/commons-fileupload-1.1.1/commons-fileupload-1.1.1.jar
new file mode 100644
index 000000000..fc5763d0d
--- /dev/null
+++ b/id.server/lib/commons-fileupload-1.1.1/commons-fileupload-1.1.1.jar
Binary files differ
diff --git a/id.server/lib/commons-io-1.1/commons-io-1.1.jar b/id.server/lib/commons-io-1.1/commons-io-1.1.jar
new file mode 100644
index 000000000..624fc1a72
--- /dev/null
+++ b/id.server/lib/commons-io-1.1/commons-io-1.1.jar
Binary files differ
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
index 9884c80f8..70e53d83e 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
@@ -5,6 +5,7 @@ import java.io.IOException;
import java.io.InputStream;
import java.util.Enumeration;
import java.util.HashMap;
+import java.util.List;
import java.util.Map;
import javax.servlet.RequestDispatcher;
@@ -15,6 +16,12 @@ import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.fileupload.FileItem;
+import org.apache.commons.fileupload.FileItemFactory;
+import org.apache.commons.fileupload.FileUploadException;
+import org.apache.commons.fileupload.disk.DiskFileItemFactory;
+import org.apache.commons.fileupload.servlet.ServletFileUpload;
+
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.logging.Logger;
@@ -101,30 +108,69 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
Logger.debug("Parameter " + parname + req.getParameter(parname));
}
}
+
/**
- * Parses the request input stream for parameters,
- * assuming parameters are encoded UTF-8.
+ * Parses the request input stream for parameters, assuming parameters are encoded UTF-8
+ * (no standard exists how browsers should encode them).
+ *
* @param req servlet request
+ *
* @return mapping parameter name -> value
+ *
+ * @throws IOException if parsing request parameters fails.
+ *
+ * @throws FileUploadException if parsing request parameters fails.
*/
- protected Map getParameters(HttpServletRequest req) throws IOException {
+ protected Map getParameters(HttpServletRequest req)
+ throws IOException, FileUploadException {
+
Map parameters = new HashMap();
- InputStream in = req.getInputStream();
- String paramName;
- String paramValueURLEncoded;
- do {
- paramName = new String(readBytesUpTo(in, '='));
- if (paramName.length() > 0) {
- paramValueURLEncoded = readBytesUpTo(in, '&');
- String paramValue = URLDecoder.decode(paramValueURLEncoded, "UTF-8");
- parameters.put(paramName, paramValue);
+
+
+ if (ServletFileUpload.isMultipartContent(req))
+ {
+ // request is encoded as mulitpart/form-data
+ FileItemFactory factory = new DiskFileItemFactory();
+ ServletFileUpload upload = null;;
+ upload = new ServletFileUpload(factory);
+ List items = null;
+ items = upload.parseRequest(req);
+ for (int i = 0; i < items.size(); i++)
+ {
+ FileItem item = (FileItem) items.get(i);
+ if (item.isFormField())
+ {
+ // Process only form fields - no file upload items
+ parameters.put(item.getFieldName(), item.getString("UTF-8"));
+ Logger.debug("Processed multipart/form-data request parameter: \nName: " +
+ item.getFieldName() + "\nValue: " +
+ item.getString("UTF-8"));
+ }
}
}
- while (paramName.length() > 0);
- in.close();
+ else
+ {
+ // request is encoded as application/x-www-urlencoded
+ InputStream in = req.getInputStream();
+
+ String paramName;
+ String paramValueURLEncoded;
+ do {
+ paramName = new String(readBytesUpTo(in, '='));
+ if (paramName.length() > 0) {
+ paramValueURLEncoded = readBytesUpTo(in, '&');
+ String paramValue = URLDecoder.decode(paramValueURLEncoded, "UTF-8");
+ parameters.put(paramName, paramValue);
+ }
+ }
+ while (paramName.length() > 0);
+ in.close();
+ }
+
return parameters;
}
+
/**
* Reads bytes up to a delimiter, consuming the delimiter.
* @param in input stream
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
index 744dc5bc8..50502d199 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
@@ -8,6 +8,8 @@ import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.fileupload.FileUploadException;
+
import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
@@ -67,7 +69,15 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
throws ServletException, IOException {
Logger.debug("POST VerifyAuthenticationBlock");
- Map parameters = getParameters(req);
+ Map parameters;
+ try
+ {
+ parameters = getParameters(req);
+ } catch (FileUploadException e)
+ {
+ Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
+ throw new IOException(e.getMessage());
+ }
String sessionID = req.getParameter(PARAM_SESSIONID);
String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE);
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
index a69d71181..9d5c4b191 100644
--- a/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
+++ b/id.server/src/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
@@ -8,6 +8,8 @@ import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.fileupload.FileUploadException;
+
import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
@@ -63,7 +65,15 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
throws ServletException, IOException {
Logger.debug("POST VerifyIdentityLink");
- Map parameters = getParameters(req);
+ Map parameters;
+ try
+ {
+ parameters = getParameters(req);
+ } catch (FileUploadException e)
+ {
+ Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
+ throw new IOException(e.getMessage());
+ }
String sessionID = req.getParameter(PARAM_SESSIONID);
String infoboxReadResponse = (String)parameters.get(PARAM_XMLRESPONSE);