diff options
Diffstat (limited to 'id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java')
-rw-r--r-- | id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java | 189 |
1 files changed, 121 insertions, 68 deletions
diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java index 362849fb1..7980778d9 100644 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java +++ b/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java @@ -3,7 +3,6 @@ package at.gv.egovernment.moa.id.proxy.servlet; import java.io.BufferedInputStream; import java.io.BufferedOutputStream; import java.io.IOException; -import java.io.OutputStream; import java.io.PrintWriter; import java.io.StringWriter; import java.net.HttpURLConnection; @@ -14,7 +13,9 @@ import java.util.Iterator; import java.util.Map; import javax.net.ssl.SSLSocketFactory; +import javax.servlet.RequestDispatcher; import javax.servlet.ServletConfig; +import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; @@ -39,6 +40,7 @@ import at.gv.egovernment.moa.id.proxy.LoginParameterResolver; import at.gv.egovernment.moa.id.proxy.LoginParameterResolverException; import at.gv.egovernment.moa.id.proxy.LoginParameterResolverFactory; import at.gv.egovernment.moa.id.proxy.MOAIDProxyInitializer; +import at.gv.egovernment.moa.id.proxy.NotAllowedException; import at.gv.egovernment.moa.id.proxy.invoke.GetAuthenticationDataInvoker; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.SSLUtils; @@ -67,6 +69,8 @@ public class ProxyServlet extends HttpServlet { private static final String ATT_LOGIN_HEADERS = "LoginHeaders"; /** Name of the Attribute for the LoginParameters */ private static final String ATT_LOGIN_PARAMETERS = "LoginParameters"; + /** Name of the Attribute for the SAMLARTIFACT */ + private static final String ATT_SAML_ARTIFACT = "SamlArtifact"; /** * @see javax.servlet.http.HttpServlet#service(HttpServletRequest, HttpServletResponse) @@ -75,17 +79,25 @@ public class ProxyServlet extends HttpServlet { Logger.debug("getRequestURL:" + req.getRequestURL().toString()); try { - if (req.getParameter(PARAM_SAMLARTIFACT) != null && req.getParameter(PARAM_TARGET) != null) - login(req, resp); + if (req.getParameter(PARAM_SAMLARTIFACT) != null && req.getParameter(PARAM_TARGET) != null) { + + // check if SAML Artifact was already used in this session (in case of page reload) + HttpSession session = req.getSession(); + if(null != session && req.getParameter(PARAM_SAMLARTIFACT).equals(session.getAttribute(ATT_SAML_ARTIFACT))) { + tunnelRequest(req, resp); + } else + // it is the first time that the SAML Artifact was used + login(req, resp); + } else tunnelRequest(req, resp); } catch (MOAIDException ex) { - handleError(resp, ex.toString(), ex); + handleError(ex.getMessage(), ex, req, resp); } catch (Throwable ex) { - handleError(resp, ex.toString(), ex); - } + handleError(ex.getMessage(), ex, req, resp); + } } /** @@ -113,8 +125,15 @@ public class ProxyServlet extends HttpServlet { // String target = req.getParameter(PARAM_TARGET); parameter given but not processed // get authentication data from the MOA-ID Auth component - AuthenticationData authData = new GetAuthenticationDataInvoker().getAuthenticationData(samlArtifact); - + AuthenticationData authData; + try { + authData = new GetAuthenticationDataInvoker().getAuthenticationData(samlArtifact); + } catch (ServiceException ex) { + throw new ProxyException("proxy.14", new Object[] {ex}); + } catch (ProxyException ex) { + throw new ProxyException("proxy.14", new Object[] {ex}); + } + String urlRequested = req.getRequestURL().toString(); // read configuration data @@ -129,29 +148,34 @@ public class ProxyServlet extends HttpServlet { ConnectionParameter oaConnParam = oaParam.getConnectionParameter(); String realURLPrefix = oaConnParam.getUrl(); - // resolve login parameters to be forwarded to online application - LoginParameterResolver lpr = LoginParameterResolverFactory.getLoginParameterResolver(publicURLPrefix); + // resolve login parameters to be forwarded to online application + LoginParameterResolver lpr = + LoginParameterResolverFactory.getLoginParameterResolver(publicURLPrefix); String clientIPAddress = req.getRemoteAddr(); Map loginHeaders = null; Map loginParameters = null; try { - if (oaConf.getAuthType().equals(OAConfiguration.PARAM_AUTH)) - loginParameters = lpr.getAuthenticationParameters(oaConf, authData, clientIPAddress); - else - loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, clientIPAddress); - - } catch (LoginParameterResolverException ex) { - throw new ProxyException("proxy.13", new Object[] { publicURLPrefix }); - } + if (oaConf.getAuthType().equals(OAConfiguration.PARAM_AUTH)) + loginParameters = lpr.getAuthenticationParameters(oaConf, authData, clientIPAddress); + else + loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, clientIPAddress); + + } catch (LoginParameterResolverException ex) { + throw new ProxyException("proxy.13", new Object[] { publicURLPrefix }); + } catch (NotAllowedException e) { + throw new ProxyException("proxy.15", new Object[] { }); + } // setup SSLSocketFactory for communication with the online application SSLSocketFactory ssf = null; if (oaConnParam.isHTTPSURL()) { try { ssf = SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam); - } - catch (Throwable ex) { - throw new ProxyException("proxy.05", new Object[] { oaConnParam.getUrl(), ex.toString()}, ex); + } catch (Throwable ex) { + throw new ProxyException( + "proxy.05", + new Object[] { oaConnParam.getUrl(), ex.toString()}, + ex); } } @@ -160,6 +184,7 @@ public class ProxyServlet extends HttpServlet { String loginType = oaConf.getLoginType(); Logger.debug("Login type: " + loginType); if (loginType.equals(OAConfiguration.LOGINTYPE_STATELESS)) { + HttpSession session = req.getSession(); int sessionTimeOut = oaParam.getSessionTimeOut(); if (sessionTimeOut == 0) @@ -170,24 +195,40 @@ public class ProxyServlet extends HttpServlet { session.setAttribute(ATT_SSL_SOCKET_FACTORY, ssf); session.setAttribute(ATT_LOGIN_HEADERS, loginHeaders); session.setAttribute(ATT_LOGIN_PARAMETERS, loginParameters); + session.setAttribute(ATT_SAML_ARTIFACT, samlArtifact); Logger.debug("moa-id-proxy: HTTPSession angelegt"); } - - // tunnel request to the online application - int respcode = tunnelRequest(req, resp, loginHeaders, loginParameters, publicURLPrefix, realURLPrefix, ssf); - if (respcode == 401) - { - Logger.debug("Got 401, trying again"); - respcode = tunnelRequest(req, resp, loginHeaders, loginParameters, publicURLPrefix, realURLPrefix, ssf); - if (respcode == 401) - throw new ProxyException("proxy.12", new Object[] { realURLPrefix}); - } - } - catch (ProxyException ex) { - throw new ProxyException("proxy.12", new Object[] { realURLPrefix}); - } - catch (Throwable ex) { + + // tunnel request to the online application + int respcode = + tunnelRequest( + req, + resp, + loginHeaders, + loginParameters, + publicURLPrefix, + realURLPrefix, + ssf); + if (respcode == 401) { + Logger.debug("Got 401, trying again"); + + respcode = + tunnelRequest( + req, + resp, + loginHeaders, + loginParameters, + publicURLPrefix, + realURLPrefix, + ssf); + if (respcode == 401) + throw new ProxyException("proxy.12", new Object[] { realURLPrefix }); + } + } catch (ProxyException ex) { + throw new ProxyException("proxy.12", new Object[] { realURLPrefix }); + + } catch (Throwable ex) { throw new ProxyException("proxy.04", new Object[] { urlRequested, ex.toString()}, ex); } } @@ -202,9 +243,15 @@ public class ProxyServlet extends HttpServlet { Logger.debug("Tunnel request (stateless)"); HttpSession session = req.getSession(false); + if (session == null) throw new ProxyException("proxy.07", null); String publicURLPrefix = (String) session.getAttribute(ATT_PUBLIC_URLPREFIX); + //A sesssion is automatically created when forwarded 1st time to errorpage-proxy.jsp (with the handleError method) + //additional check if publicURLPrefix is OK, if not throw an Exception + if (publicURLPrefix == null) + throw new ProxyException("proxy.07", null); + String realURLPrefix = (String) session.getAttribute(ATT_REAL_URLPREFIX); SSLSocketFactory ssf = (SSLSocketFactory) session.getAttribute(ATT_SSL_SOCKET_FACTORY); Map loginHeaders = (Map) session.getAttribute(ATT_LOGIN_HEADERS); @@ -487,6 +534,7 @@ private boolean isTransferEncodingChunkedHeader(String headerKey, String headerV * @see javax.servlet.Servlet#init(ServletConfig) */ public void init(ServletConfig servletConfig) throws ServletException { + super.init(servletConfig); try { MOAIDProxyInitializer.initialize(); Logger.info(MOAIDMessageProvider.getInstance().getMessage("proxy.00", null)); @@ -496,42 +544,47 @@ public void init(ServletConfig servletConfig) throws ServletException { throw new ServletException(ex); } } + /** - * Handles an error in proxying the request. + * Handles an error. <br> * <ul> - * <li>Logs the error.</li> - * <li>Outputs an HTML error page.</li> + * <li>Logs the error</li> + * <li>Places error message and exception thrown into the request + * as request attributes (to be used by <code>"/errorpage-proxy.jsp"</code>)</li> + * <li>Sets HTTP status 500 (internal server error)</li> * </ul> - * @param resp the HttpServletResponse - * @param errorMessage error message to be used - * @param ex the exception to be logged + * + * @param errorMessage error message + * @param exceptionThrown exception thrown + * @param req servlet request + * @param resp servlet response */ -private void handleError(HttpServletResponse resp, String errorMessage, Throwable ex) { - Logger.error(errorMessage, ex); - String htmlCode = - "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\">" - + "<html><head><title>" - + MOAIDMessageProvider.getInstance().getMessage("proxy.10", null) - + "</title></head><body>" - + "<h1>" - + MOAIDMessageProvider.getInstance().getMessage("proxy.10", null) - + "</h1>" - + "<p>" - + MOAIDMessageProvider.getInstance().getMessage("proxy.11", null) - + "</p>" - + "<p>" - + errorMessage - + "</p>" - + "</body></html>"; - resp.setContentType("text/html"); - try { - OutputStream respOut = resp.getOutputStream(); - respOut.write(htmlCode.getBytes()); - respOut.flush(); - } - catch (IOException ioex) { - Logger.error("", ioex); - } +protected void handleError( + String errorMessage, Throwable exceptionThrown, HttpServletRequest req, HttpServletResponse resp) { + + + if(null != errorMessage) { + Logger.error(errorMessage); + req.setAttribute("ErrorMessage", errorMessage ); + } + + if (null != exceptionThrown) { + if(null == errorMessage) errorMessage = exceptionThrown.getMessage(); + Logger.error(errorMessage, exceptionThrown); + //req.setAttribute("ExceptionThrown", exceptionThrown); + } + + //forward this to errorpage-proxy.jsp wher the HTML error page is generated + ServletContext context = getServletContext(); + RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage-proxy.jsp"); + try { + dispatcher.forward(req, resp); + } catch (ServletException e) { + Logger.error(e); + } catch (IOException e) { + Logger.error(e); + } + } } |