diff options
Diffstat (limited to 'id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java')
-rw-r--r-- | id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java | 574 |
1 files changed, 574 insertions, 0 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java new file mode 100644 index 000000000..1c498ecc2 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java @@ -0,0 +1,574 @@ +package at.gv.egovernment.moa.id.configuration.struts.action; + +import java.io.IOException; +import java.math.BigInteger; +import java.security.cert.CertificateException; +import java.util.ArrayList; +import java.util.List; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.log4j.Logger; +import org.apache.struts2.interceptor.ServletRequestAware; +import org.apache.struts2.interceptor.ServletResponseAware; + +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; +import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; +import at.gv.egovernment.moa.id.commons.db.dao.config.BKUURLS; +import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; +import at.gv.egovernment.moa.id.commons.db.dao.config.MOAKeyBoxSelector; +import at.gv.egovernment.moa.id.commons.db.dao.config.Mandates; +import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; +import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1; +import at.gv.egovernment.moa.id.commons.db.dao.config.OASSO; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.commons.db.dao.config.STORK; +import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType; +import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType; +import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType; +import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.configuration.Constants; +import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; +import at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig; +import at.gv.egovernment.moa.id.configuration.data.oa.OAPVP2Config; +import at.gv.egovernment.moa.id.configuration.data.oa.OASAML1Config; +import at.gv.egovernment.moa.id.configuration.data.oa.OASSOConfig; +import at.gv.egovernment.moa.id.configuration.data.oa.OASTORKConfig; +import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; +import at.gv.egovernment.moa.id.configuration.validation.oa.OAGeneralConfigValidation; +import at.gv.egovernment.moa.id.configuration.validation.oa.OAPVP2ConfigValidation; +import at.gv.egovernment.moa.id.configuration.validation.oa.OASAML1ConfigValidation; +import at.gv.egovernment.moa.id.configuration.validation.oa.OASSOConfigValidation; +import at.gv.egovernment.moa.id.configuration.validation.oa.OASTORKConfigValidation; +import at.gv.egovernment.moa.util.MiscUtil; + +import com.opensymphony.xwork2.ActionSupport; + +public class EditOAAction extends ActionSupport implements ServletRequestAware, +ServletResponseAware { + + private final Logger log = Logger.getLogger(EditOAAction.class); + + private static final long serialVersionUID = 1L; + + private HttpServletRequest request; + private HttpServletResponse response; + + private AuthenticatedUser authUser; + + private String oaidobj; + private boolean newOA; + + private OAGeneralConfig generalOA = new OAGeneralConfig(); + private OAPVP2Config pvp2OA = new OAPVP2Config(); + private OASAML1Config saml1OA = new OASAML1Config(); + private OASSOConfig ssoOA = new OASSOConfig(); + private OASTORKConfig storkOA; + + //STRUTS actions + public String inital() { + + Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + + if (authUserObj != null && authUserObj instanceof AuthenticatedUser) { + authUser = (AuthenticatedUser) authUserObj; + } else + return Constants.STRUTS_REAUTHENTICATE; + + long oaid = -1; + + if (!ValidationHelper.validateOAID(oaidobj)) { + addActionError(LanguageHelper.getErrorString("errors.edit.oa.oaid", request)); + return Constants.STRUTS_ERROR; + } + oaid = Long.valueOf(oaidobj); + + request.getSession().setAttribute(Constants.SESSION_OAID, oaid); + + OnlineApplication onlineapplication = ConfigurationDBRead.getOnlineApplication(oaid); + + generalOA.parse(onlineapplication); + ssoOA.parse(onlineapplication); + saml1OA.parse(onlineapplication); + List<String> errors = pvp2OA.parse(onlineapplication); + + if (errors.size() > 0) { + for (String el : errors) + addActionError(el); + } + + ConfigurationDBUtils.closeSession(); + + newOA = false; + + return Constants.STRUTS_OA_EDIT; + } + + public String newOA() { + log.debug("insert new Online-Application"); + + request.getSession().setAttribute(Constants.SESSION_OAID, null); + + Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + + if (authUserObj != null && authUserObj instanceof AuthenticatedUser) { + authUser = (AuthenticatedUser) authUserObj; + } else + return Constants.STRUTS_REAUTHENTICATE; + + newOA = true; + + return Constants.STRUTS_OA_EDIT; + } + + public String saveOA() { + + Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + + if (authUserObj != null && authUserObj instanceof AuthenticatedUser) { + authUser = (AuthenticatedUser) authUserObj; + } else + return Constants.STRUTS_REAUTHENTICATE; + + OnlineApplication onlineapplication = null; + List<String> errors = new ArrayList<String>(); + + Object oadbid = request.getSession().getAttribute(Constants.SESSION_OAID); + Long oaid = (long) -1; + + if (oadbid != null ) { + try { + oaid = (Long) oadbid; + if (oaid < 0 || oaid > Long.MAX_VALUE) { + addActionError(LanguageHelper.getErrorString("errors.edit.oa.oaid", request)); + return Constants.STRUTS_ERROR; + } + + } catch (Throwable t) { + addActionError(LanguageHelper.getErrorString("errors.edit.oa.oaid", request)); + return Constants.STRUTS_ERROR; + } + } + + //valid DBID and check entry + String oaidentifier = generalOA.getIdentifier(); + if (MiscUtil.isEmpty(oaidentifier)) { + log.info("Empty OA identifier"); + errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.empty")); + + } else { + if (ValidationHelper.isValidOAIdentifier(oaidentifier)) { + log.warn("IdentificationNumber contains potentail XSS characters: " + oaidentifier); + errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.valid", + new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()} )); + } else { + + if (oaid == -1) { + onlineapplication = ConfigurationDBRead.getOnlineApplication(oaidentifier); + if (onlineapplication != null) { + log.info("The OAIdentifier is not unique"); + errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.notunique")); + } + + } else { + onlineapplication = ConfigurationDBRead.getOnlineApplication(oaid); + if (!oaidentifier.equals(onlineapplication.getPublicURLPrefix())) { + + if (ConfigurationDBRead.getOnlineApplication(oaidentifier) != null) { + log.info("The OAIdentifier is not unique"); + errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.notunique")); + } + } + } + } + } + + //check form + OAGeneralConfigValidation validatior_general = new OAGeneralConfigValidation(); + OAPVP2ConfigValidation validatior_pvp2 = new OAPVP2ConfigValidation(); + OASAML1ConfigValidation validatior_saml1 = new OASAML1ConfigValidation(); + OASSOConfigValidation validatior_sso = new OASSOConfigValidation(); + OASTORKConfigValidation validator_stork = new OASTORKConfigValidation(); + + errors.addAll(validatior_general.validate(generalOA, authUser.isAdmin())); + errors.addAll(validatior_pvp2.validate(pvp2OA)); + errors.addAll(validatior_saml1.validate(saml1OA, generalOA)); + errors.addAll(validatior_sso.validate(ssoOA, authUser.isAdmin())); + errors.addAll(validator_stork.validate(storkOA)); + + if (errors.size() > 0) { + log.info("OAConfiguration with ID " + generalOA.getIdentifier() + " has some errors."); + for (String el : errors) + addActionError(el); + + return Constants.STRUTS_ERROR_VALIDATION; + + } else { + + String error = saveOAConfigToDatabase(onlineapplication); + if (MiscUtil.isNotEmpty(error)) { + log.warn("OA configuration can not be stored!"); + addActionError(error); + return Constants.STRUTS_ERROR_VALIDATION; + } + } + + + + request.getSession().setAttribute(Constants.SESSION_OAID, null); + addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.success", generalOA.getIdentifier(), request)); + + ConfigurationDBUtils.closeSession(); + + return Constants.STRUTS_SUCCESS; + } + + public String cancleAndBackOA() { + + request.getSession().setAttribute(Constants.SESSION_OAID, null); + + addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.cancle", generalOA.getIdentifier(), request)); + + ConfigurationDBUtils.closeSession(); + + return Constants.STRUTS_SUCCESS; + } + + public String deleteOA() { + + String oaidentifier = generalOA.getIdentifier(); + if (MiscUtil.isEmpty(oaidentifier)) { + log.info("Empty OA identifier"); + addActionError(LanguageHelper.getErrorString("validation.general.oaidentifier.empty")); + return Constants.STRUTS_ERROR_VALIDATION; + + } else { + if (ValidationHelper.isValidOAIdentifier(oaidentifier)) { + log.warn("IdentificationNumber contains potentail XSS characters: " + oaidentifier); + addActionError(LanguageHelper.getErrorString("validation.general.oaidentifier.valid", + new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()} )); + return Constants.STRUTS_ERROR_VALIDATION; + } + } + + OnlineApplication onlineapplication = ConfigurationDBRead.getOnlineApplication(oaidentifier); + + request.getSession().setAttribute(Constants.SESSION_OAID, null); + if (ConfigurationDBUtils.delete(onlineapplication)) { + + if (!authUser.isAdmin()) { + UserDatabase user = ConfigurationDBRead.getUserWithID(authUser.getUserID()); + List<OnlineApplication> useroas = user.getRegistratedOAs(); + + for (OnlineApplication oa : useroas) { + if (oa.getHjid().equals(onlineapplication.getHjid())) { + useroas.remove(oa); + } + } + + try { + ConfigurationDBUtils.saveOrUpdate(user); + + } catch (MOADatabaseException e) { + log.warn("User information can not be updated in database", e); + addActionError(LanguageHelper.getGUIString("error.db.oa.store", request)); + return Constants.STRUTS_ERROR; + } + } + + ConfigurationDBUtils.closeSession(); + + addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.delete.message", generalOA.getIdentifier(), request)); + + return Constants.STRUTS_SUCCESS; + + } else { + ConfigurationDBUtils.closeSession(); + addActionError(LanguageHelper.getGUIString("webpages.oaconfig.delete.error", generalOA.getIdentifier(), request)); + return Constants.STRUTS_SUCCESS; + } + + + + } + + private String saveOAConfigToDatabase(OnlineApplication dboa) { + + boolean newentry = false; + + if (dboa == null) { + dboa = new OnlineApplication(); + newentry = true; + dboa.setIsActive(false); + } + + AuthComponentOA authoa = dboa.getAuthComponentOA(); + if (authoa == null) { + authoa = new AuthComponentOA(); + dboa.setAuthComponentOA(authoa); + } + + if (authUser.isAdmin()) + dboa.setIsActive(generalOA.isActive()); + + dboa.setFriendlyName(generalOA.getFriendlyName()); + dboa.setCalculateHPI(generalOA.isCalculateHPI()); + dboa.setKeyBoxIdentifier(MOAKeyBoxSelector.fromValue(generalOA.getKeyBoxIdentifier())); + dboa.setPublicURLPrefix(generalOA.getIdentifier()); + + if (generalOA.isBusinessService()) { + dboa.setType(Constants.MOA_CONFIG_BUSINESSSERVICE); + + IdentificationNumber idnumber = new IdentificationNumber(); + idnumber.setValue(generalOA.getIdentificationNumber()); + authoa.setIdentificationNumber(idnumber); + + } + else { + dboa.setType(null); + dboa.setTarget(generalOA.getTarget()); + dboa.setTargetFriendlyName(generalOA.getTargetFriendlyName()); + + } + + BKUURLS bkuruls = new BKUURLS(); + authoa.setBKUURLS(bkuruls); + bkuruls.setHandyBKU(generalOA.getBkuHandyURL()); + bkuruls.setLocalBKU(generalOA.getBkuLocalURL()); + bkuruls.setOnlineBKU(generalOA.getBkuOnlineURL()); + + Mandates mandates = new Mandates(); + mandates.setProfiles(generalOA.getMandateProfiles()); + authoa.setMandates(mandates); + + authoa.setSlVersion(generalOA.getSlVersion()); + authoa.setUseIFrame(generalOA.isUseIFrame()); + authoa.setUseUTC(generalOA.isUseUTC()); + + TemplatesType templates = authoa.getTemplates(); + if (templates == null) { + templates = new TemplatesType(); + authoa.setTemplates(templates); + } + templates.setAditionalAuthBlockText(generalOA.getAditionalAuthBlockText()); + + TemplateType template = templates.getTemplate(); + if (template == null) { + //TODO: if OA specific templateURL is required + + } + + //set default transformation if it is empty + List<TransformsInfoType> transformsInfo = authoa.getTransformsInfo(); + if (transformsInfo == null) { + //TODO: set OA specific transformation if it is required + + } + + OAPVP2 pvp2 = authoa.getOAPVP2(); + if (pvp2 == null) { + pvp2 = new OAPVP2(); + authoa.setOAPVP2(pvp2); + } + + pvp2.setMetadataURL(pvp2OA.getMetaDataURL()); + try { + + if (pvp2OA.getFileUpload() != null) + pvp2.setCertificate(pvp2OA.getCertificate()); + + } catch (CertificateException e) { + log.info("Uploaded Certificate can not be found", e); + return LanguageHelper.getErrorString("validation.pvp2.certificate.notfound"); + } catch (IOException e) { + log.info("Uploaded Certificate can not be parsed", e); + return LanguageHelper.getErrorString("validation.pvp2.certificate.format"); + } + + OASAML1 saml1 = authoa.getOASAML1(); + if (saml1 == null) { + saml1 = new OASAML1(); + authoa.setOASAML1(saml1); + } + saml1.setProvideAUTHBlock(saml1OA.isProvideAuthBlock()); + saml1.setProvideCertificate(saml1OA.isProvideCertificate()); + saml1.setProvideFullMandatorData(saml1OA.isProvideFullMandateData()); + saml1.setProvideIdentityLink(saml1OA.isProvideIdentityLink()); + saml1.setProvideStammzahl(saml1OA.isProvideStammZahl()); + saml1.setUseCondition(saml1OA.isUseCondition()); + saml1.setConditionLength(BigInteger.valueOf(saml1OA.getConditionLength())); + //TODO: set sourceID + //saml1.setSourceID(""); + + OASSO sso = authoa.getOASSO(); + if (sso == null) { + sso = new OASSO(); + authoa.setOASSO(sso); + sso.setAuthDataFrame(true); + } + sso.setUseSSO(ssoOA.isUseSSO()); + + if (authUser.isAdmin()) + sso.setAuthDataFrame(ssoOA.isShowAuthDataFrame()); + + sso.setSingleLogOutURL(ssoOA.getSingleLogOutURL()); + + + STORK stork = authoa.getSTORK(); + if (stork == null) { + //TODO: make stork configurable + + } + + try { + if (newentry) { + ConfigurationDBUtils.save(dboa); + + if (!authUser.isAdmin()) { + UserDatabase user = ConfigurationDBRead.getUserWithID(authUser.getUserID()); + List<OnlineApplication> useroas = user.getRegistratedOAs(); + if (useroas == null) + useroas = new ArrayList<OnlineApplication>(); + + useroas.add(dboa); + ConfigurationDBUtils.save(user); + } + } + + else + ConfigurationDBUtils.saveOrUpdate(dboa); + + } catch (MOADatabaseException e) { + log.warn("Online-Application can not be stored.", e); + return LanguageHelper.getErrorString("error.db.oa.store"); + } + + return null; + } + + public String setGeneralOAConfig() { + + return Constants.STRUTS_SUCCESS; + } + + public String setSAML1OAConfig() { + + return Constants.STRUTS_SUCCESS; + } + + public String setPVP2OAConfig() { + + return Constants.STRUTS_SUCCESS; + } + + public String setSSOOAConfig() { + + return Constants.STRUTS_SUCCESS; + } + + public String setSTORKOAConfig() { + + return Constants.STRUTS_SUCCESS; + } + + + //Getter and Setter + public void setServletResponse(HttpServletResponse arg0) { + this.response = arg0; + + } + + public void setServletRequest(HttpServletRequest arg0) { + this.request = arg0; + + } + + public HttpServletRequest getRequest() { + return request; + } + + public void setRequest(HttpServletRequest request) { + this.request = request; + } + + public HttpServletResponse getResponse() { + return response; + } + + public void setResponse(HttpServletResponse response) { + this.response = response; + } + + public OAGeneralConfig getGeneralOA() { + return generalOA; + } + + public void setGeneralOA(OAGeneralConfig generalOA) { + this.generalOA = generalOA; + } + + public OAPVP2Config getPvp2OA() { + return pvp2OA; + } + + public void setPvp2OA(OAPVP2Config pvp2oa) { + pvp2OA = pvp2oa; + } + + public OASAML1Config getSaml1OA() { + return saml1OA; + } + + public void setSaml1OA(OASAML1Config saml1oa) { + saml1OA = saml1oa; + } + + public OASSOConfig getSsoOA() { + return ssoOA; + } + + public void setSsoOA(OASSOConfig ssoOA) { + this.ssoOA = ssoOA; + } + + public OASTORKConfig getStorkOA() { + return storkOA; + } + + public void setStorkOA(OASTORKConfig storkOA) { + this.storkOA = storkOA; + } + + /** + * @param oaidobj the oaidobj to set + */ + public void setOaidobj(String oaidobj) { + this.oaidobj = oaidobj; + } + + /** + * @return the authUser + */ + public AuthenticatedUser getAuthUser() { + return authUser; + } + + /** + * @return the newOA + */ + public boolean isNewOA() { + return newOA; + } + + /** + * @param newOA the newOA to set + */ + public void setNewOA(boolean newOA) { + this.newOA = newOA; + } + +} |