diff options
Diffstat (limited to 'id/ConfigWebTool/src/main/java/at')
26 files changed, 340 insertions, 286 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java index 79a966b81..513f046f1 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java @@ -55,6 +55,8 @@ public class Constants { public static final String SESSION_BKUSELECTIONTEMPLATE = "bkuSelectionTemplate"; public static final String SESSION_SENDASSERTIONTEMPLATE = "sendAssertionTemplate"; + public static final String SESSION_I18n = "WW_TRANS_I18N_LOCALE"; + public static enum STRUTS_RETURNAREA_VALUES {adminRequestsInit, main, usermanagementInit}; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java index 2dce3534f..e4cf5367d 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java @@ -380,7 +380,7 @@ public class ConfigurationProvider { public String getDefaultLanguage() { try { - return props.getProperty("general.defaultlanguage").toLowerCase(); + return props.getProperty("general.defaultlanguage", "de").toLowerCase(); } catch (Exception ex) { return "de"; } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAOAuth20Config.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAOAuth20Config.java index 347628481..3617c192e 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAOAuth20Config.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAOAuth20Config.java @@ -26,6 +26,8 @@ import java.util.ArrayList; import java.util.List; import java.util.UUID; +import javax.servlet.http.HttpServletRequest; + import org.apache.commons.lang.StringUtils; import org.apache.log4j.Logger; @@ -46,7 +48,7 @@ public class OAOAuth20Config { public OAOAuth20Config() { } - public List<String> parse(OnlineApplication dbOAConfig) { + public List<String> parse(OnlineApplication dbOAConfig, HttpServletRequest request) { List<String> errors = new ArrayList<String>(); AuthComponentOA authdata = dbOAConfig.getAuthComponentOA(); @@ -68,7 +70,7 @@ public class OAOAuth20Config { if (StringUtils.isNotEmpty(config.getOAuthRedirectUri()) && OAuth20Util.isUrl(config.getOAuthRedirectUri())) { this.redirectUri = config.getOAuthRedirectUri(); } else { - errors.add(LanguageHelper.getErrorString("error.oa.oauth.redirecturi")); + errors.add(LanguageHelper.getErrorString("error.oa.oauth.redirecturi", request)); } } else { this.generateClientSecret(); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAPVP2Config.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAPVP2Config.java index 843844e22..a61e1ea96 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAPVP2Config.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAPVP2Config.java @@ -29,6 +29,8 @@ import java.security.cert.CertificateException; import java.util.ArrayList; import java.util.List; +import javax.servlet.http.HttpServletRequest; + import org.apache.log4j.Logger; import iaik.x509.X509Certificate; @@ -54,7 +56,7 @@ public class OAPVP2Config { public OAPVP2Config() { } - public List<String> parse(OnlineApplication dbOAConfig) { + public List<String> parse(OnlineApplication dbOAConfig, HttpServletRequest request) { List<String> errors = new ArrayList<String>(); AuthComponentOA authdata = dbOAConfig.getAuthComponentOA(); @@ -72,7 +74,7 @@ public class OAPVP2Config { } } catch (CertificateException e) { log.warn("PVP2 certificate can not be loaded from Online-Applikation with ID " + dbOAConfig.getPublicURLPrefix()); - errors.add(LanguageHelper.getErrorString("error.oa.pvp2.certificate")); + errors.add(LanguageHelper.getErrorString("error.oa.pvp2.certificate", request)); } } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java index b99a7d5c0..03d2d6d1e 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java @@ -25,6 +25,8 @@ package at.gv.egovernment.moa.id.configuration.data.oa; import java.util.ArrayList; import java.util.List; +import org.apache.log4j.Logger; + import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin; import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; @@ -33,11 +35,13 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.OASTORK; import at.gv.egovernment.moa.id.commons.db.dao.config.OAStorkAttribute; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute; -import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.id.configuration.helper.MailHelper; import at.gv.egovernment.moa.id.protocols.stork2.AttributeProviderFactory; public class OASTORKConfig { + private static final Logger log = Logger.getLogger(OASTORKConfig.class); + private boolean isStorkLogonEnabled = false; private int qaa; @@ -113,7 +117,7 @@ public class OASTORKConfig { if (attributeProviderPlugins.isEmpty()) attributeProviderPlugins.add(new AttributeProviderPlugin()); } catch (NullPointerException ex) { - Logger.error("Nullpointerexception encountered in Configurationinterface"); + log.error("Nullpointerexception encountered in Configurationinterface", ex); } } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/exception/ConfigurationException.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/exception/ConfigurationException.java index 358151d23..ebabd600d 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/exception/ConfigurationException.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/exception/ConfigurationException.java @@ -29,11 +29,11 @@ public class ConfigurationException extends Exception { private static final long serialVersionUID = 1L; public ConfigurationException(String errorname) { - super(LanguageHelper.getErrorString(errorname)); + super(LanguageHelper.getErrorString(errorname, null)); } public ConfigurationException(String errorname, Throwable e) { - super(LanguageHelper.getErrorString(errorname), e); + super(LanguageHelper.getErrorString(errorname, null), e); } public ConfigurationException(Throwable e) { diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/LanguageHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/LanguageHelper.java index c743036aa..263743dd0 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/LanguageHelper.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/LanguageHelper.java @@ -23,9 +23,10 @@ package at.gv.egovernment.moa.id.configuration.helper; +import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; -import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; import javax.servlet.http.HttpServletRequest; import java.text.MessageFormat; @@ -33,66 +34,30 @@ import java.util.Locale; import java.util.ResourceBundle; +import org.apache.log4j.Logger; + + public class LanguageHelper { - private static ResourceBundle errorRes_DE = ResourceBundle.getBundle("applicationResources_de", Locale.GERMAN); - private static ResourceBundle guiRes_DE = ResourceBundle.getBundle("applicationResources_de", Locale.GERMAN); - - private static ResourceBundle errorRes_EN = ResourceBundle.getBundle("applicationResources_en", Locale.ENGLISH); - private static ResourceBundle guiRes_EN = ResourceBundle.getBundle("applicationResources_en", Locale.ENGLISH); - - private static String errorLanguage(String code) { - Logger.setHierarchy("moa.id.configuration"); - try { - ConfigurationProvider configurationProvider = ConfigurationProvider.getInstance(); - if (configurationProvider.getDefaultLanguage().equals("en")) { - return errorRes_EN.getString(code); - } else { - return errorRes_DE.getString(code); - } - } catch (ConfigurationException e) { - Logger.error("Configuration exception while getting ConfigurationProvider instance"); - e.printStackTrace(); - return errorRes_DE.getString(code); - } catch (Exception ex) { - Logger.error("General exception while returning translated message"); - return errorRes_DE.getString(code); - } + private static Logger log = Logger.getLogger(LanguageHelper.class); + + private static String errorLanguage(String code, Locale locale) { + return ResourceBundle.getBundle("applicationResources", locale).getString(code); + } - private static String guiLanguage(String code) { - Logger.setHierarchy("moa.id.configuration"); - try { - ConfigurationProvider configurationProvider = ConfigurationProvider.getInstance(); - if (configurationProvider.getDefaultLanguage().equals("en")) { - return guiRes_EN.getString(code); - } else { - return guiRes_DE.getString(code); - } - } catch (ConfigurationException e) { - Logger.error("Configuration exception while getting ConfigurationProvider instance"); - e.printStackTrace(); - return guiRes_DE.getString(code); - } catch (Exception ex) { - Logger.error("General exception while returning translated message"); - return guiRes_DE.getString(code); - } + private static String guiLanguage(String code, Locale locale) { + return ResourceBundle.getBundle("applicationResources", locale).getString(code); + } public static String getGUIString(String code, HttpServletRequest request) { - return guiLanguage(code); + return guiLanguage(code, getLangFromRequest(request)); } - public static String getGUIString(String code) { - return guiLanguage(code); - } public static String getErrorString(String code, HttpServletRequest request) { - return errorLanguage(code); - } - - public static String getErrorString(String code) { - return errorLanguage(code); + return errorLanguage(code, getLangFromRequest(request)); } public static String getGUIString(String code, String parameter, HttpServletRequest request) { @@ -104,9 +69,34 @@ public class LanguageHelper { return MessageFormat.format(getGUIString(code, request), parameter); } - public static String getErrorString(String code, Object[] parameter) { - - return MessageFormat.format(getGUIString(code), parameter); + + private static Locale getLangFromRequest(HttpServletRequest request) { + + Locale defaultLanguage = Locale.forLanguageTag("de"); + + try { + ConfigurationProvider configurationProvider = ConfigurationProvider.getInstance(); + defaultLanguage = Locale.forLanguageTag(configurationProvider.getDefaultLanguage()); + + } catch (ConfigurationException e) { + log.error("Configuration exception while getting ConfigurationProvider instance", e); + } + + + if (request == null) { + return defaultLanguage; + + } else { + Object obj = request.getSession().getAttribute(Constants.SESSION_I18n); + + if (obj != null && obj instanceof Locale) { + return (Locale) obj; + + } else + return defaultLanguage; + + } + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java index b77b47d15..5bb3f5143 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java @@ -163,9 +163,9 @@ public class EditGeneralConfigAction extends ActionSupport MOAConfigValidator validator = new MOAConfigValidator(); - List<String> errors = validator.validate(moaconfig); + List<String> errors = validator.validate(moaconfig, request); - errors.addAll(new StorkConfigValidator().validate(storkconfig)); + errors.addAll(new StorkConfigValidator().validate(storkconfig, request)); if (errors.size() > 0) { log.info("General MOA-ID configuration has some errors."); @@ -191,7 +191,7 @@ public class EditGeneralConfigAction extends ActionSupport } - addActionMessage(LanguageHelper.getGUIString("webpages.moaconfig.save.success")); + addActionMessage(LanguageHelper.getGUIString("webpages.moaconfig.save.success", request)); return Constants.STRUTS_SUCCESS; } @@ -650,7 +650,7 @@ public class EditGeneralConfigAction extends ActionSupport } catch (MOADatabaseException e) { log.warn("MOAID Configuration can not be stored in Database", e); - return LanguageHelper.getErrorString("error.db.oa.store"); + return LanguageHelper.getErrorString("error.db.oa.store", request); } ConfigurationDBUtils.closeSession(); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java index 0ff60a656..2e8ec29de 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java @@ -125,7 +125,7 @@ public class EditOAAction extends ActionSupport implements ServletRequestAware, if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) { log.info("Online-Applikation managemant disabled. Mail address is not verified."); - addActionError(LanguageHelper.getErrorString("error.editoa.mailverification")); + addActionError(LanguageHelper.getErrorString("error.editoa.mailverification", request)); return Constants.STRUTS_SUCCESS; } @@ -146,7 +146,7 @@ public class EditOAAction extends ActionSupport implements ServletRequestAware, generalOA.parse(onlineapplication); ssoOA.parse(onlineapplication); saml1OA.parse(onlineapplication); - oauth20OA.parse(onlineapplication); + oauth20OA.parse(onlineapplication, request); session.setAttribute(Constants.SESSION_OAUTH20SECRET, this.oauth20OA.getClientSecret()); storkOA.parse(onlineapplication); @@ -157,7 +157,7 @@ public class EditOAAction extends ActionSupport implements ServletRequestAware, session.setAttribute(Constants.SESSION_BKUFORMPREVIEW, map); - List<String> errors = pvp2OA.parse(onlineapplication); + List<String> errors = pvp2OA.parse(onlineapplication, request); if (errors.size() > 0) { for (String el : errors) @@ -200,7 +200,7 @@ public class EditOAAction extends ActionSupport implements ServletRequestAware, if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) { log.info("Online-Applikation managemant disabled. Mail address is not verified."); - addActionError(LanguageHelper.getErrorString("error.editoa.mailverification")); + addActionError(LanguageHelper.getErrorString("error.editoa.mailverification", request)); return Constants.STRUTS_SUCCESS; } @@ -263,7 +263,7 @@ public class EditOAAction extends ActionSupport implements ServletRequestAware, UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID()); if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) { log.info("Online-Applikation managemant disabled. Mail address is not verified."); - addActionError(LanguageHelper.getErrorString("error.editoa.mailverification")); + addActionError(LanguageHelper.getErrorString("error.editoa.mailverification", request)); return Constants.STRUTS_SUCCESS; } @@ -291,14 +291,14 @@ public class EditOAAction extends ActionSupport implements ServletRequestAware, String oaidentifier = generalOA.getIdentifier(); if (MiscUtil.isEmpty(oaidentifier)) { log.info("Empty OA identifier"); - errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.empty")); + errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.empty", request)); } else { if (!ValidationHelper.validateURL(oaidentifier)) { log.warn("OnlineapplikationIdentifier is not a valid URL: " + oaidentifier); errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.valid", - new Object[]{ValidationHelper.getNotValidOAIdentifierCharacters()})); + new Object[]{ValidationHelper.getNotValidOAIdentifierCharacters()}, request)); } else { if (oaid == -1) { @@ -306,7 +306,7 @@ public class EditOAAction extends ActionSupport implements ServletRequestAware, newOA = true; if (onlineapplication != null) { log.info("The OAIdentifier is not unique"); - errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.notunique")); + errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.notunique", request)); } } else { @@ -315,7 +315,7 @@ public class EditOAAction extends ActionSupport implements ServletRequestAware, if (ConfigurationDBRead.getOnlineApplication(oaidentifier) != null) { log.info("The OAIdentifier is not unique"); - errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.notunique")); + errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.notunique", request)); } } } @@ -335,17 +335,17 @@ public class EditOAAction extends ActionSupport implements ServletRequestAware, OAOAUTH20ConfigValidation validatior_oauth20 = new OAOAUTH20ConfigValidation(); OAFileUploadValidation valiator_fileUpload = new OAFileUploadValidation(); - errors.addAll(validatior_general.validate(generalOA, authUser.isAdmin())); - errors.addAll(validatior_pvp2.validate(pvp2OA)); - errors.addAll(validatior_saml1.validate(saml1OA, generalOA)); - errors.addAll(validatior_sso.validate(ssoOA, authUser.isAdmin())); - errors.addAll(validator_stork.validate(storkOA)); - errors.addAll(validator_form.validate(formOA)); - errors.addAll(validatior_oauth20.validate(oauth20OA)); + errors.addAll(validatior_general.validate(generalOA, authUser.isAdmin(), request)); + errors.addAll(validatior_pvp2.validate(pvp2OA, request)); + errors.addAll(validatior_saml1.validate(saml1OA, generalOA, request)); + errors.addAll(validatior_sso.validate(ssoOA, authUser.isAdmin(), request)); + errors.addAll(validator_stork.validate(storkOA, request)); + errors.addAll(validator_form.validate(formOA, request)); + errors.addAll(validatior_oauth20.validate(oauth20OA, request)); //validate BKU-selection template List<String> templateError = valiator_fileUpload.validate(generalOA.getBkuSelectionFileUploadFileName() - , generalOA.getBkuSelectionFileUpload(), "validation.general.bkuselection", bkuSelectionForm); + , generalOA.getBkuSelectionFileUpload(), "validation.general.bkuselection", bkuSelectionForm, request); if (templateError != null && templateError.size() == 0) { if (bkuSelectionForm != null && bkuSelectionForm.size() > 0) session.setAttribute(Constants.SESSION_BKUSELECTIONTEMPLATE, bkuSelectionForm); @@ -360,7 +360,7 @@ public class EditOAAction extends ActionSupport implements ServletRequestAware, //validate send-assertion template templateError = valiator_fileUpload.validate(generalOA.getSendAssertionFileUploadFileName() - , generalOA.getSendAssertionFileUpload(), "validation.general.sendassertion", sendAssertionForm); + , generalOA.getSendAssertionFileUpload(), "validation.general.sendassertion", sendAssertionForm, request); if (templateError != null && templateError.size() == 0) { if (sendAssertionForm != null && sendAssertionForm.size() > 0) session.setAttribute(Constants.SESSION_SENDASSERTIONTEMPLATE, sendAssertionForm); @@ -377,7 +377,7 @@ public class EditOAAction extends ActionSupport implements ServletRequestAware, // Do not allow SSO in combination with special BKUSelection features if (ssoOA.isUseSSO() && (formOA.isOnlyMandateAllowed() || !formOA.isShowMandateLoginButton())) { log.warn("Special BKUSelection features can not be used in combination with SSO"); - errors.add(LanguageHelper.getErrorString("validation.general.bkuselection.specialfeatures.valid")); + errors.add(LanguageHelper.getErrorString("validation.general.bkuselection.specialfeatures.valid", request)); } if (errors.size() > 0) { @@ -568,14 +568,14 @@ public class EditOAAction extends ActionSupport implements ServletRequestAware, UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID()); if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) { log.info("Online-Applikation managemant disabled. Mail address is not verified."); - addActionError(LanguageHelper.getErrorString("error.editoa.mailverification")); + addActionError(LanguageHelper.getErrorString("error.editoa.mailverification", request)); return Constants.STRUTS_SUCCESS; } String oaidentifier = generalOA.getIdentifier(); if (MiscUtil.isEmpty(oaidentifier)) { log.info("Empty OA identifier"); - addActionError(LanguageHelper.getErrorString("validation.general.oaidentifier.empty")); + addActionError(LanguageHelper.getErrorString("validation.general.oaidentifier.empty", request)); formID = Random.nextRandom(); session.setAttribute(Constants.SESSION_FORMID, formID); @@ -585,7 +585,7 @@ public class EditOAAction extends ActionSupport implements ServletRequestAware, if (ValidationHelper.isValidOAIdentifier(oaidentifier)) { log.warn("IdentificationNumber contains potentail XSS characters: " + oaidentifier); addActionError(LanguageHelper.getErrorString("validation.general.oaidentifier.valid", - new Object[]{ValidationHelper.getNotValidOAIdentifierCharacters()})); + new Object[]{ValidationHelper.getNotValidOAIdentifierCharacters()}, request)); formID = Random.nextRandom(); session.setAttribute(Constants.SESSION_FORMID, formID); @@ -651,7 +651,7 @@ public class EditOAAction extends ActionSupport implements ServletRequestAware, HttpSession session = request.getSession(); if (session == null) { log.info("No http Session found."); - preview = LanguageHelper.getErrorString("error.bkuformpreview.notpossible"); + preview = LanguageHelper.getErrorString("error.bkuformpreview.notpossible", request); } else { InputStream input = null; @@ -708,13 +708,13 @@ public class EditOAAction extends ActionSupport implements ServletRequestAware, } } else { - preview = LanguageHelper.getErrorString("error.bkuformpreview.notpossible"); + preview = LanguageHelper.getErrorString("error.bkuformpreview.notpossible", request); } } catch (Exception e) { log.warn("BKUSelection Preview can not be generated.", e); - preview = LanguageHelper.getErrorString("error.bkuformpreview.notpossible"); + preview = LanguageHelper.getErrorString("error.bkuformpreview.notpossible", request); } } @@ -966,10 +966,10 @@ public class EditOAAction extends ActionSupport implements ServletRequestAware, } catch (CertificateException e) { log.info("Uploaded Certificate can not be found", e); - return LanguageHelper.getErrorString("validation.pvp2.certificate.notfound"); + return LanguageHelper.getErrorString("validation.pvp2.certificate.notfound", request); } catch (IOException e) { log.info("Uploaded Certificate can not be parsed", e); - return LanguageHelper.getErrorString("validation.pvp2.certificate.format"); + return LanguageHelper.getErrorString("validation.pvp2.certificate.format", request); } OASAML1 saml1 = authoa.getOASAML1(); @@ -1063,7 +1063,7 @@ public class EditOAAction extends ActionSupport implements ServletRequestAware, } catch (MOADatabaseException e) { log.warn("Online-Application can not be stored.", e); - return LanguageHelper.getErrorString("error.db.oa.store"); + return LanguageHelper.getErrorString("error.db.oa.store", request); } return null; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java index 655ce7a59..fb2a931fd 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java @@ -93,7 +93,7 @@ implements ServletRequestAware, ServletResponseAware { } else { log.info("No access to Import/Export for User with ID" + authUser.getUserID()); - addActionError(LanguageHelper.getErrorString("errors.notallowed")); + addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); return Constants.STRUTS_NOTALLOWED; } } @@ -128,7 +128,7 @@ implements ServletRequestAware, ServletResponseAware { //load legacy config if it is configured if (fileUpload == null) { - addActionError(LanguageHelper.getErrorString("errors.importexport.nofile")); + addActionError(LanguageHelper.getErrorString("errors.importexport.nofile", request)); formID = Random.nextRandom(); session.setAttribute(Constants.SESSION_FORMID, formID); @@ -149,7 +149,7 @@ implements ServletRequestAware, ServletResponseAware { } catch (ConfigurationException e) { log.info("Legacy configuration has an Import Error", e); - addActionError(LanguageHelper.getErrorString("errors.importexport.legacyimport", new Object[] {e.getMessage()})); + addActionError(LanguageHelper.getErrorString("errors.importexport.legacyimport", new Object[] {e.getMessage()}, request)); ConfigurationDBUtils.closeSession(); formID = Random.nextRandom(); @@ -203,12 +203,12 @@ implements ServletRequestAware, ServletResponseAware { session.setAttribute(Constants.SESSION_FORMID, formID); log.info("Legacy Configuration load is completed."); - addActionMessage(LanguageHelper.getGUIString("webpages.inportexport.success")); + addActionMessage(LanguageHelper.getGUIString("webpages.inportexport.success", request)); return Constants.STRUTS_SUCCESS; } else { log.info("No access to Import/Export for User with ID" + authUser.getUserID()); - addActionError(LanguageHelper.getErrorString("errors.notallowed")); + addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); return Constants.STRUTS_NOTALLOWED; } } @@ -253,7 +253,7 @@ implements ServletRequestAware, ServletResponseAware { if (moaidconfig == null) { log.info("No MOA-ID 2.x configruation available"); - addActionError(LanguageHelper.getErrorString("errors.importexport.export.noconfig")); + addActionError(LanguageHelper.getErrorString("errors.importexport.export.noconfig", request)); formID = Random.nextRandom(); session.setAttribute(Constants.SESSION_FORMID, formID); @@ -270,7 +270,7 @@ implements ServletRequestAware, ServletResponseAware { } catch (JAXBException e) { log.info("MOA-ID 2.x configruation could not be exported into a XML file.", e); addActionError(LanguageHelper.getErrorString("errors.importexport.export", - new Object[]{e.getMessage()})); + new Object[]{e.getMessage()}, request)); formID = Random.nextRandom(); session.setAttribute(Constants.SESSION_FORMID, formID); @@ -278,7 +278,7 @@ implements ServletRequestAware, ServletResponseAware { } catch (IOException e) { log.info("MOA-ID 2.x configruation could not be exported into a XML file.", e); addActionError(LanguageHelper.getErrorString("errors.importexport.export", - new Object[]{e.getMessage()})); + new Object[]{e.getMessage()}, request)); formID = Random.nextRandom(); session.setAttribute(Constants.SESSION_FORMID, formID); @@ -297,7 +297,7 @@ implements ServletRequestAware, ServletResponseAware { return Constants.STRUTS_SUCCESS; } else { log.info("No access to Import/Export for User with ID" + authUser.getUserID()); - addActionError(LanguageHelper.getErrorString("errors.notallowed")); + addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); return Constants.STRUTS_NOTALLOWED; } } @@ -332,7 +332,7 @@ implements ServletRequestAware, ServletResponseAware { if (authUser.isAdmin()) { if (fileUpload == null) { - addActionError(LanguageHelper.getErrorString("errors.importexport.nofile")); + addActionError(LanguageHelper.getErrorString("errors.importexport.nofile", request)); formID = Random.nextRandom(); session.setAttribute(Constants.SESSION_FORMID, formID); @@ -369,7 +369,7 @@ implements ServletRequestAware, ServletResponseAware { } catch (Exception e) { log.warn("MOA-ID XML configuration can not be loaded from File.", e); addActionError(LanguageHelper.getErrorString("errors.importexport.import", - new Object[]{e.getMessage()})); + new Object[]{e.getMessage()}, request)); formID = Random.nextRandom(); session.setAttribute(Constants.SESSION_FORMID, formID); @@ -386,12 +386,12 @@ implements ServletRequestAware, ServletResponseAware { session.setAttribute(Constants.SESSION_FORMID, formID); log.info("XML Configuration load is completed."); - addActionMessage(LanguageHelper.getGUIString("webpages.inportexport.success")); + addActionMessage(LanguageHelper.getGUIString("webpages.inportexport.success", request)); return Constants.STRUTS_SUCCESS; } else { log.info("No access to Import/Export for User with ID" + authUser.getUserID()); - addActionError(LanguageHelper.getErrorString("errors.notallowed")); + addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); return Constants.STRUTS_NOTALLOWED; } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java index 8004ab520..78812769f 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java @@ -28,6 +28,7 @@ import java.util.Date; import java.util.Enumeration; import java.util.HashMap; import java.util.List; +import java.util.Locale; import java.util.Map.Entry; import javax.servlet.http.HttpServletRequest; @@ -128,6 +129,10 @@ public class IndexAction extends ActionSupport implements ServletRequestAware, ConfigurationProvider config = ConfigurationProvider.getInstance(); pvp2LoginActiv = config.isPVP2LoginActive(); + if (request.getSession().getAttribute(Constants.SESSION_I18n) == null) + request.getSession().setAttribute(Constants.SESSION_I18n, + Locale.forLanguageTag(config.getDefaultLanguage())); + if (config.isLoginDeaktivated()) { return "loginWithOutAuth"; @@ -138,11 +143,16 @@ public class IndexAction extends ActionSupport implements ServletRequestAware, } catch (ConfigurationException e) { log.warn("An internal error occurs.", e); - addActionError(LanguageHelper.getErrorString("error.login.internal")); + addActionError(LanguageHelper.getErrorString("error.login.internal", request)); return Constants.STRUTS_ERROR; } } + public String changeLanguage() { + + return Constants.STRUTS_SUCCESS; + } + public String authenticate() { ConfigurationProvider config; @@ -163,24 +173,24 @@ public class IndexAction extends ActionSupport implements ServletRequestAware, if (ValidationHelper.containsPotentialCSSCharacter(username, false)) { log.warn("Username contains potentail XSS characters: " + username); addActionError(LanguageHelper.getErrorString("validation.edituser.username.valid", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); return Constants.STRUTS_ERROR; } } else { log.warn("Username is empty"); - addActionError(LanguageHelper.getErrorString("validation.edituser.username.empty")); + addActionError(LanguageHelper.getErrorString("validation.edituser.username.empty", request)); return Constants.STRUTS_ERROR; } if (MiscUtil.isEmpty(password)) { log.warn("Password is empty"); - addActionError(LanguageHelper.getErrorString("validation.edituser.password.empty")); + addActionError(LanguageHelper.getErrorString("validation.edituser.password.empty", request)); return Constants.STRUTS_ERROR; } else { key = AuthenticationHelper.generateKeyFormPassword(password); if (key == null) { - addActionError(LanguageHelper.getErrorString("validation.edituser.password.valid")); + addActionError(LanguageHelper.getErrorString("validation.edituser.password.valid", request)); return Constants.STRUTS_ERROR; } } @@ -189,7 +199,7 @@ public class IndexAction extends ActionSupport implements ServletRequestAware, UserDatabase dbuser = ConfigurationDBRead.getUserWithUserName(username); if (dbuser == null) { log.warn("Unknown Username"); - addActionError(LanguageHelper.getErrorString("webpages.index.login.notallowed")); + addActionError(LanguageHelper.getErrorString("webpages.index.login.notallowed", request)); return Constants.STRUTS_ERROR; } else { @@ -199,13 +209,13 @@ public class IndexAction extends ActionSupport implements ServletRequestAware, if (!dbuser.isIsActive() || !dbuser.isIsUsernamePasswordAllowed()) { log.warn("Username " + dbuser.getUsername() + " is not active or Username/Password login is not allowed"); - addActionError(LanguageHelper.getErrorString("webpages.index.login.notallowed")); + addActionError(LanguageHelper.getErrorString("webpages.index.login.notallowed", request)); return Constants.STRUTS_ERROR; } if (!dbuser.getPassword().equals(key)) { log.warn("Username " + dbuser.getUsername() + " use a false password"); - addActionError(LanguageHelper.getErrorString("webpages.index.login.notallowed")); + addActionError(LanguageHelper.getErrorString("webpages.index.login.notallowed", request)); return Constants.STRUTS_ERROR; } @@ -236,7 +246,7 @@ public class IndexAction extends ActionSupport implements ServletRequestAware, } catch (MOADatabaseException e) { log.warn("UserDatabase communicaton error", e); - addActionError(LanguageHelper.getErrorString("error.login")); + addActionError(LanguageHelper.getErrorString("error.login", request)); return Constants.STRUTS_ERROR; } finally { @@ -290,10 +300,23 @@ public class IndexAction extends ActionSupport implements ServletRequestAware, } + //check response destination + String serviceURL = config.getPublicUrlPreFix(request); + if (!serviceURL.endsWith("/")) + serviceURL = serviceURL + "/"; + + String responseDestination = samlResponse.getDestination(); + if (MiscUtil.isEmpty(responseDestination) || + !responseDestination.equals(serviceURL + Constants.SERVLET_PVP2ASSERTION)) { + log.warn("PVPResponse destination does not match requested destination"); + return Constants.STRUTS_ERROR; + } + + //check if response is signed Signature sign = samlResponse.getSignature(); if (sign == null) { log.info("Only http POST Requests can be used"); - addActionError(LanguageHelper.getErrorString("error.login")); + addActionError(LanguageHelper.getErrorString("error.login", request)); return Constants.STRUTS_ERROR; } @@ -482,7 +505,7 @@ public class IndexAction extends ActionSupport implements ServletRequestAware, } log.info("User with bpk/wbpk " + bpkwbpk + " is not active"); - addActionError(LanguageHelper.getErrorString("webpages.index.username.notactive")); + addActionError(LanguageHelper.getErrorString("webpages.index.username.notactive", request)); return Constants.STRUTS_ERROR; } @@ -513,7 +536,7 @@ public class IndexAction extends ActionSupport implements ServletRequestAware, } catch (MOADatabaseException e) { log.warn("UserDatabase communicaton error", e); - addActionError(LanguageHelper.getErrorString("error.login")); + addActionError(LanguageHelper.getErrorString("error.login", request)); return Constants.STRUTS_ERROR; } finally { @@ -528,24 +551,24 @@ public class IndexAction extends ActionSupport implements ServletRequestAware, } log.info("PVP2 Assertion was maybe not well formed, because no Assertion element could be found."); - addActionError(LanguageHelper.getErrorString("error.login.internal")); + addActionError(LanguageHelper.getErrorString("error.login.internal", request)); return Constants.STRUTS_ERROR; } else { log.info("Receive Error Assertion."); - addActionError(LanguageHelper.getErrorString("error.login")); + addActionError(LanguageHelper.getErrorString("error.login", request)); return Constants.STRUTS_ERROR; } } catch (Exception e) { log.warn("An internal error occurs.", e); - addActionError(LanguageHelper.getErrorString("error.login.internal")); + addActionError(LanguageHelper.getErrorString("error.login.internal", request)); return Constants.STRUTS_ERROR; } } else { log.info("Only http POST Requests can be used"); - addActionError(LanguageHelper.getErrorString("error.login.internal")); + addActionError(LanguageHelper.getErrorString("error.login.internal", request)); return Constants.STRUTS_ERROR; } } @@ -608,11 +631,11 @@ public class IndexAction extends ActionSupport implements ServletRequestAware, if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { log.warn("Organisation contains potentail XSS characters: " + check); addActionError(LanguageHelper.getErrorString("validation.edituser.institut.valid", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); } } else { log.warn("Organisation is empty"); - addActionError(LanguageHelper.getErrorString("validation.edituser.institut.empty")); + addActionError(LanguageHelper.getErrorString("validation.edituser.institut.empty", request)); } } @@ -621,11 +644,11 @@ public class IndexAction extends ActionSupport implements ServletRequestAware, if (!ValidationHelper.isEmailAddressFormat(check)) { log.warn("Mailaddress is not valid: " + check); addActionError(LanguageHelper.getErrorString("validation.edituser.mail.valid", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); } } else { log.warn("Mailaddress is empty"); - addActionError(LanguageHelper.getErrorString("validation.edituser.mail.empty")); + addActionError(LanguageHelper.getErrorString("validation.edituser.mail.empty", request)); } check = user.getPhone(); @@ -633,11 +656,11 @@ public class IndexAction extends ActionSupport implements ServletRequestAware, if (!ValidationHelper.validatePhoneNumber(check)) { log.warn("No valid Phone Number: " + check); addActionError(LanguageHelper.getErrorString("validation.edituser.phone.valid", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); } } else { log.warn("Phonenumber is empty"); - addActionError(LanguageHelper.getErrorString("validation.edituser.phone.empty")); + addActionError(LanguageHelper.getErrorString("validation.edituser.phone.empty", request)); } if (hasActionErrors()) { @@ -698,7 +721,7 @@ public class IndexAction extends ActionSupport implements ServletRequestAware, } catch (ConfigurationException e) { log.warn("Sending of mailaddress verification mail failed.", e); - addActionError(LanguageHelper.getErrorString("error.mail.send")); + addActionError(LanguageHelper.getErrorString("error.mail.send", request)); return Constants.STRUTS_NEWUSER; } @@ -708,7 +731,7 @@ public class IndexAction extends ActionSupport implements ServletRequestAware, ConfigurationDBUtils.closeSession(); } - addActionMessage(LanguageHelper.getGUIString("webpages.edituser.changemailaddress.verify")); + addActionMessage(LanguageHelper.getGUIString("webpages.edituser.changemailaddress.verify", request)); session.invalidate(); @@ -763,7 +786,7 @@ public class IndexAction extends ActionSupport implements ServletRequestAware, } catch (MOADatabaseException e) { log.warn("Userinformation can not be stored in Database.", e); - addActionError(LanguageHelper.getErrorString("error.mail.verification")); + addActionError(LanguageHelper.getErrorString("error.mail.verification", request)); } catch (ConfigurationException e) { log.warn("Send mail to admin failed.", e); @@ -773,7 +796,7 @@ public class IndexAction extends ActionSupport implements ServletRequestAware, ConfigurationDBUtils.closeSession(); } - addActionMessage(LanguageHelper.getGUIString("validation.newuser.mailaddress")); + addActionMessage(LanguageHelper.getGUIString("validation.newuser.mailaddress", request)); return Constants.STRUTS_SUCCESS; } } @@ -796,7 +819,7 @@ public class IndexAction extends ActionSupport implements ServletRequestAware, String ssologout = config.getSSOLogOutURL(); if (MiscUtil.isNotEmpty(ssologout) && authUser != null && authUser.isPVP2Login()) { - ssologouturl = ssologout + config.getPublicUrlPreFix(request); + ssologouturl = ssologout + config.getPublicUrlPreFix(request) + "/index.action"; return Constants.STRUTS_SSOLOGOUT; } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java index 5e6c10f0c..4beb29343 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java @@ -93,7 +93,7 @@ public class ListOAsAction extends ActionSupport implements ServletRequestAware, } if (dbOAs == null || dbOAs.size() == 0) { - addActionError(LanguageHelper.getErrorString("errors.listOAs.noOA")); + addActionError(LanguageHelper.getErrorString("errors.listOAs.noOA", request)); } else { formOAs = FormDataHelper.addFormOAs(dbOAs); @@ -167,7 +167,7 @@ public class ListOAsAction extends ActionSupport implements ServletRequestAware, if (dbOAs == null || dbOAs.size() == 0) { log.debug("No OAs found with Identifier " + friendlyname); - addActionError(LanguageHelper.getErrorString("errors.listOAs.noOA")); + addActionError(LanguageHelper.getErrorString("errors.listOAs.noOA", request)); } else { diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MainAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MainAction.java index 007d22110..bc5f3049f 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MainAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MainAction.java @@ -52,6 +52,10 @@ public class MainAction implements ServletRequestAware, // configuration = ConfigurationProvider.getInstance(); } + public String changeLanguage() { + + return Constants.STRUTS_SUCCESS; + } public String generateMainFrame() { diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java index ac3fb9938..0c475b1d5 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java @@ -264,7 +264,7 @@ public class UserManagementAction extends ActionSupport if (dbuser.isIsMandateUser() != null) ismandate = dbuser.isIsMandateUser(); - errors = validator.validate(user, userID, ispvp2, ismandate); + errors = validator.validate(user, userID, ispvp2, ismandate, request); if (errors.size() > 0) { log.info("UserDataForm has some erros."); @@ -302,11 +302,11 @@ public class UserManagementAction extends ActionSupport try { MailHelper.sendUserMailAddressVerification(dbuser); - addActionMessage(LanguageHelper.getGUIString("webpages.edituser.changemailaddress.verify")); + addActionMessage(LanguageHelper.getGUIString("webpages.edituser.changemailaddress.verify", request)); } catch (ConfigurationException e) { log.warn("Sending of mailaddress verification mail failed.", e); - addActionError(LanguageHelper.getErrorString("error.mail.send")); + addActionError(LanguageHelper.getErrorString("error.mail.send", request)); } } @@ -452,7 +452,7 @@ public class UserManagementAction extends ActionSupport return Constants.STRUTS_ERROR; } - String message = LanguageHelper.getErrorString("error.mail.verification"); + String message = LanguageHelper.getErrorString("error.mail.verification", request); Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); authUser = (AuthenticatedUser) authUserObj; @@ -469,11 +469,11 @@ public class UserManagementAction extends ActionSupport MailHelper.sendUserMailAddressVerification(dbuser); - message = LanguageHelper.getErrorString("webpages.edituser.verify.mail.message"); + message = LanguageHelper.getErrorString("webpages.edituser.verify.mail.message", request); } catch (ConfigurationException e) { log.warn("Sending of mailaddress verification mail failed.", e); - message = LanguageHelper.getErrorString("error.mail.send"); + message = LanguageHelper.getErrorString("error.mail.send", request); } catch (MOADatabaseException e) { log.warn("Access UserInformationDatabase failed.", e); @@ -531,7 +531,7 @@ public class UserManagementAction extends ActionSupport if (MiscUtil.isNotEmpty(user.getPassword())) { String key = AuthenticationHelper.generateKeyFormPassword(user.getPassword()); if (key == null) { - return LanguageHelper.getErrorString("errors.edit.user.save"); + return LanguageHelper.getErrorString("errors.edit.user.save", request); } dbuser.setPassword(key); } @@ -541,7 +541,7 @@ public class UserManagementAction extends ActionSupport ConfigurationDBUtils.saveOrUpdate(dbuser); } catch (MOADatabaseException e) { log.warn("User information can not be stored in Database.", e); - return LanguageHelper.getErrorString("errors.edit.user.save"); + return LanguageHelper.getErrorString("errors.edit.user.save", request); } return null; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java index 758aa7dc7..ae7ee3c8e 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java @@ -25,6 +25,8 @@ package at.gv.egovernment.moa.id.configuration.validation; import java.util.ArrayList; import java.util.List; +import javax.servlet.http.HttpServletRequest; + import org.apache.log4j.Logger; import at.gv.egovernment.moa.id.configuration.data.FormularCustomization; @@ -35,14 +37,14 @@ public class FormularCustomizationValitator { private static final Logger log = Logger.getLogger(FormularCustomizationValitator.class); - public List<String> validate(FormularCustomization form) { + public List<String> validate(FormularCustomization form, HttpServletRequest request) { List<String> errors = new ArrayList<String>(); String check; if (form.isOnlyMandateAllowed() && !form.isShowMandateLoginButton()) { log.warn("OnlyMandateAllowed in combination with hidden MandateLoginCheckbox is not possible."); - errors.add(LanguageHelper.getErrorString("validation.general.bkuselection.specialfeatures.combination")); + errors.add(LanguageHelper.getErrorString("validation.general.bkuselection.specialfeatures.combination", request)); } check = form.getBackGroundColor(); @@ -52,7 +54,7 @@ public class FormularCustomizationValitator { if (!ValidationHelper.isValidHexValue(check)) { log.warn("BKUSelectionBackGroundColor is not a valid hex value " + check); - errors.add(LanguageHelper.getErrorString("validation.general.form.color.background")); + errors.add(LanguageHelper.getErrorString("validation.general.form.color.background", request)); } } @@ -63,7 +65,7 @@ public class FormularCustomizationValitator { if (!ValidationHelper.isValidHexValue(check)) { log.warn("BKUSelectionFrontColor is not a valid hex value " + check); - errors.add(LanguageHelper.getErrorString("validation.general.form.color.front")); + errors.add(LanguageHelper.getErrorString("validation.general.form.color.front", request)); } } @@ -74,7 +76,7 @@ public class FormularCustomizationValitator { if (!ValidationHelper.isValidHexValue(check)) { log.warn("HeaderBackGroundColor is not a valid hex value " + check); - errors.add(LanguageHelper.getErrorString("validation.general.form.header.color.back")); + errors.add(LanguageHelper.getErrorString("validation.general.form.header.color.back", request)); } } @@ -85,7 +87,7 @@ public class FormularCustomizationValitator { if (!ValidationHelper.isValidHexValue(check)) { log.warn("HeaderFrontColor is not a valid hex value " + check); - errors.add(LanguageHelper.getErrorString("validation.general.form.header.color.front")); + errors.add(LanguageHelper.getErrorString("validation.general.form.header.color.front", request)); } } @@ -94,7 +96,7 @@ public class FormularCustomizationValitator { if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { log.warn("HeaderText contains potentail XSS characters: " + check); errors.add(LanguageHelper.getErrorString("validation.general.form.header.text", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); } } @@ -105,7 +107,7 @@ public class FormularCustomizationValitator { if (!ValidationHelper.isValidHexValue(check)) { log.warn("ButtonBackGroundColor is not a valid hex value " + check); - errors.add(LanguageHelper.getErrorString("validation.general.form.button.color.back")); + errors.add(LanguageHelper.getErrorString("validation.general.form.button.color.back", request)); } } @@ -116,7 +118,7 @@ public class FormularCustomizationValitator { if (!ValidationHelper.isValidHexValue(check)) { log.warn("ButtonBackGroundColorFocus is not a valid hex value " + check); - errors.add(LanguageHelper.getErrorString("validation.general.form.button.color.back.focus")); + errors.add(LanguageHelper.getErrorString("validation.general.form.button.color.back.focus", request)); } } @@ -127,7 +129,7 @@ public class FormularCustomizationValitator { if (!ValidationHelper.isValidHexValue(check)) { log.warn("ButtonFrontColor is not a valid hex value " + check); - errors.add(LanguageHelper.getErrorString("validation.general.form.button.color.front")); + errors.add(LanguageHelper.getErrorString("validation.general.form.button.color.front", request)); } } @@ -135,7 +137,7 @@ public class FormularCustomizationValitator { if (MiscUtil.isNotEmpty(check)) { if (!FormularCustomization.appletRedirectTargetList.contains(check)) { log.warn("AppletRedirectTarget has not valid value " + check); - errors.add(LanguageHelper.getErrorString("validation.general.form.appletredirecttarget")); + errors.add(LanguageHelper.getErrorString("validation.general.form.appletredirecttarget", request)); } } @@ -144,7 +146,7 @@ public class FormularCustomizationValitator { if (ValidationHelper.containsPotentialCSSCharacter(check, true)) { log.warn("FontType contains potentail XSS characters: " + check); errors.add(LanguageHelper.getErrorString("validation.general.form.fonttype", - new Object[] {ValidationHelper.getPotentialCSSCharacter(true)} )); + new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}, request )); } } @@ -153,7 +155,7 @@ public class FormularCustomizationValitator { if (!ValidationHelper.validateNumber(check)) { log.warn("Applet height "+ check + " is no valid number"); errors.add(LanguageHelper.getErrorString("validation.general.form.applet.height", - new Object[] {ValidationHelper.getPotentialCSSCharacter(true)} )); + new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}, request )); } } @@ -162,7 +164,7 @@ public class FormularCustomizationValitator { if (!ValidationHelper.validateNumber(check)) { log.warn("Applet width "+ check + " is no valid number"); errors.add(LanguageHelper.getErrorString("validation.general.form.applet.width", - new Object[] {ValidationHelper.getPotentialCSSCharacter(true)} )); + new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}, request )); } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java index a837ee855..3ed0157da 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java @@ -25,6 +25,8 @@ package at.gv.egovernment.moa.id.configuration.validation; import java.util.ArrayList; import java.util.List; +import javax.servlet.http.HttpServletRequest; + import org.apache.log4j.Logger; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; @@ -38,7 +40,8 @@ public class UserDatabaseFormValidator { private static final Logger log = Logger.getLogger(UserDatabaseFormValidator.class); - public List<String> validate(UserDatabaseFrom form, long userID, boolean isPVP2Generated, boolean isMandateUser) { + public List<String> validate(UserDatabaseFrom form, long userID, boolean isPVP2Generated, + boolean isMandateUser, HttpServletRequest request) { List<String> errors = new ArrayList<String>(); String check = null; @@ -49,11 +52,11 @@ public class UserDatabaseFormValidator { if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { log.warn("GivenName contains potentail XSS characters: " + check); errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.valid", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); } } else { log.warn("GivenName is empty"); - errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.empty")); + errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.empty", request)); } @@ -62,11 +65,11 @@ public class UserDatabaseFormValidator { if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { log.warn("FamilyName contains potentail XSS characters: " + check); errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.valid", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); } } else { log.warn("FamilyName is empty"); - errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.empty")); + errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.empty", request)); } } @@ -76,11 +79,11 @@ public class UserDatabaseFormValidator { if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { log.warn("Organisation contains potentail XSS characters: " + check); errors.add(LanguageHelper.getErrorString("validation.edituser.institut.valid", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); } } else { log.warn("Organisation is empty"); - errors.add(LanguageHelper.getErrorString("validation.edituser.institut.empty")); + errors.add(LanguageHelper.getErrorString("validation.edituser.institut.empty", request)); } } @@ -89,11 +92,11 @@ public class UserDatabaseFormValidator { if (!ValidationHelper.isEmailAddressFormat(check)) { log.warn("Mailaddress is not valid: " + check); errors.add(LanguageHelper.getErrorString("validation.edituser.mail.valid", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); } } else { log.warn("Mailaddress is empty"); - errors.add(LanguageHelper.getErrorString("validation.edituser.mail.empty")); + errors.add(LanguageHelper.getErrorString("validation.edituser.mail.empty", request)); } check = form.getPhone(); @@ -101,11 +104,11 @@ public class UserDatabaseFormValidator { if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { log.warn("Phonenumber contains potentail XSS characters: " + check); errors.add(LanguageHelper.getErrorString("validation.edituser.phone.valid", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); } } else { log.warn("Phonenumber is empty"); - errors.add(LanguageHelper.getErrorString("validation.edituser.phone.empty")); + errors.add(LanguageHelper.getErrorString("validation.edituser.phone.empty", request)); } if (form.isIsusernamepasswordallowed()) { @@ -114,25 +117,25 @@ public class UserDatabaseFormValidator { if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { log.warn("Username contains potentail XSS characters: " + check); errors.add(LanguageHelper.getErrorString("validation.edituser.username.valid", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); } else { UserDatabase dbuser = ConfigurationDBRead.getUserWithUserName(check); if (dbuser != null && userID != dbuser.getHjid()) { log.warn("Username " + check + " exists in UserDatabase"); - errors.add(LanguageHelper.getErrorString("validation.edituser.username.duplicate")); + errors.add(LanguageHelper.getErrorString("validation.edituser.username.duplicate", request)); form.setUsername(""); } } } else { if (userID == -1) { log.warn("Username is empty"); - errors.add(LanguageHelper.getErrorString("validation.edituser.username.empty")); + errors.add(LanguageHelper.getErrorString("validation.edituser.username.empty", request)); } else { UserDatabase dbuser = ConfigurationDBRead.getUserWithID(userID); if (dbuser == null) { log.warn("Username is empty"); - errors.add(LanguageHelper.getErrorString("validation.edituser.username.empty")); + errors.add(LanguageHelper.getErrorString("validation.edituser.username.empty", request)); } else { form.setUsername(dbuser.getUsername()); } @@ -144,12 +147,12 @@ public class UserDatabaseFormValidator { if (MiscUtil.isEmpty(check)) { if (userID == -1) { log.warn("Password is empty"); - errors.add(LanguageHelper.getErrorString("validation.edituser.password.empty")); + errors.add(LanguageHelper.getErrorString("validation.edituser.password.empty", request)); } else { UserDatabase dbuser = ConfigurationDBRead.getUserWithID(userID); if (dbuser == null || MiscUtil.isEmpty(dbuser.getPassword())) { log.warn("Password is empty"); - errors.add(LanguageHelper.getErrorString("validation.edituser.password.empty")); + errors.add(LanguageHelper.getErrorString("validation.edituser.password.empty", request)); } } @@ -159,12 +162,12 @@ public class UserDatabaseFormValidator { String key = AuthenticationHelper.generateKeyFormPassword(check); if (key == null) { - errors.add(LanguageHelper.getErrorString("validation.edituser.password.valid")); + errors.add(LanguageHelper.getErrorString("validation.edituser.password.valid", request)); } } else { - errors.add(LanguageHelper.getErrorString("validation.edituser.password.equal")); + errors.add(LanguageHelper.getErrorString("validation.edituser.password.equal", request)); } } } @@ -174,7 +177,7 @@ public class UserDatabaseFormValidator { if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { log.warn("BPK contains potentail XSS characters: " + check); errors.add(LanguageHelper.getErrorString("validation.edituser.bpk.valid", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java index 3723a09e9..cfa00f0e1 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java @@ -30,6 +30,8 @@ import java.util.HashMap; import java.util.List; import java.util.Map; +import javax.servlet.http.HttpServletRequest; + import org.apache.log4j.Logger; import at.gv.egovernment.moa.id.configuration.Constants; @@ -46,7 +48,7 @@ public class MOAConfigValidator { private static final Logger log = Logger.getLogger(MOAConfigValidator.class); - public List<String> validate(GeneralMOAIDConfig form) { + public List<String> validate(GeneralMOAIDConfig form, HttpServletRequest request) { List<String> errors = new ArrayList<String>(); @@ -58,7 +60,7 @@ public class MOAConfigValidator { if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { log.warn("SAML1 SourceID contains potentail XSS characters: " + check); errors.add(LanguageHelper.getErrorString("validation.general.SAML1SourceID", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); } } @@ -66,11 +68,11 @@ public class MOAConfigValidator { if (MiscUtil.isNotEmpty(check)) { if (!ValidationHelper.validateURL(check)) { log.info("Public URL Prefix is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.publicURLprefix.valid")); + errors.add(LanguageHelper.getErrorString("validation.general.publicURLprefix.valid", request)); } } else { log.info("PublicURL Prefix is empty."); - errors.add(LanguageHelper.getErrorString("validation.general.publicURLprefix.empty")); + errors.add(LanguageHelper.getErrorString("validation.general.publicURLprefix.empty", request)); } check = form.getTimeoutAssertion(); @@ -78,7 +80,7 @@ public class MOAConfigValidator { if (!ValidationHelper.validateNumber(check)) { log.warn("Assertion Timeout is no number " + check); errors.add(LanguageHelper.getErrorString("validation.general.timeouts.assertion.valid", - new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()} )); + new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()}, request )); } } check = form.getTimeoutMOASessionCreated(); @@ -86,7 +88,7 @@ public class MOAConfigValidator { if (!ValidationHelper.validateNumber(check)) { log.warn("MOASessionCreated Timeout is no number " + check); errors.add(LanguageHelper.getErrorString("validation.general.timeouts.moasessioncreated.valid", - new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()} )); + new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()}, request )); } } check = form.getTimeoutMOASessionUpdated(); @@ -94,7 +96,7 @@ public class MOAConfigValidator { if (!ValidationHelper.validateNumber(check)) { log.warn("MOASessionUpdated Timeout is no number " + check); errors.add(LanguageHelper.getErrorString("validation.general.timeouts.moasessionupdated.valid", - new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()} )); + new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()}, request )); } } @@ -103,18 +105,18 @@ public class MOAConfigValidator { if (ValidationHelper.isValidOAIdentifier(check)) { log.warn("CertStoreDirectory contains potentail XSS characters: " + check); errors.add(LanguageHelper.getErrorString("validation.general.certStoreDirectory.valid", - new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()} )); + new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()}, request )); } } else { log.info("CertStoreDirectory is empty."); - errors.add(LanguageHelper.getErrorString("validation.general.certStoreDirectory.empty")); + errors.add(LanguageHelper.getErrorString("validation.general.certStoreDirectory.empty", request)); } check = form.getDefaultBKUHandy(); if (MiscUtil.isNotEmpty(check)) { if (!ValidationHelper.validateURL(check)) { log.info("Not valid Handy-BKU URL"); - errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.valid")); + errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.valid", request)); } } @@ -122,7 +124,7 @@ public class MOAConfigValidator { if (MiscUtil.isNotEmpty(check)) { if (!ValidationHelper.validateURL(check)) { log.info("Not valid Online-BKU URL"); - errors.add(LanguageHelper.getErrorString("validation.general.bku.local.valid")); + errors.add(LanguageHelper.getErrorString("validation.general.bku.local.valid", request)); } } @@ -130,19 +132,19 @@ public class MOAConfigValidator { if (MiscUtil.isNotEmpty(check)) { if (!ValidationHelper.validateURL(check)) { log.info("Not valid Online-BKU URL"); - errors.add(LanguageHelper.getErrorString("validation.general.bku.online.valid")); + errors.add(LanguageHelper.getErrorString("validation.general.bku.online.valid", request)); } } check = form.getDefaultchainigmode(); if (MiscUtil.isEmpty(check)) { log.info("Empty Defaultchainigmode"); - errors.add(LanguageHelper.getErrorString("validation.general.Defaultchainigmode.empty")); + errors.add(LanguageHelper.getErrorString("validation.general.Defaultchainigmode.empty", request)); } else { Map<String, String> list = form.getChainigmodelist(); if (!list.containsKey(check)) { log.info("Not valid Defaultchainigmode " + check); - errors.add(LanguageHelper.getErrorString("validation.general.Defaultchainigmode.valid")); + errors.add(LanguageHelper.getErrorString("validation.general.Defaultchainigmode.valid", request)); } } @@ -150,7 +152,7 @@ public class MOAConfigValidator { if (MiscUtil.isNotEmpty(check)) { if (!ValidationHelper.validateURL(check)) { log.info("Not valid Online-Mandate Service URL"); - errors.add(LanguageHelper.getErrorString("validation.general.mandateservice.valid")); + errors.add(LanguageHelper.getErrorString("validation.general.mandateservice.valid", request)); } } @@ -158,7 +160,7 @@ public class MOAConfigValidator { List<String> authtranslist = new ArrayList<String>(); if (MiscUtil.isEmpty(check)) { log.info("Empty MoaspssAuthTransformation"); - errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.transformation.empty")); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.transformation.empty", request)); } else { //is only required if more then one transformation is in use @@ -184,24 +186,24 @@ public class MOAConfigValidator { check = form.getMoaspssAuthTrustProfile(); if (MiscUtil.isEmpty(check)) { log.info("Empty MOA-SP/SS Authblock TrustProfile"); - errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.empty")); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.empty", request)); } else { if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { log.info("Authblock TrustProfile is not valid: " +check); errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.valid", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); } } check = form.getMoaspssIdlTrustProfile(); if (MiscUtil.isEmpty(check)) { log.info("Empty MOA-SP/SS IdentityLink TrustProfile"); - errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.empty")); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.empty", request)); } else { if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { log.info("IdentityLink TrustProfile is not valid: " +check); errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.valid", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); } } @@ -209,7 +211,7 @@ public class MOAConfigValidator { if (MiscUtil.isNotEmpty(check)) { if (!ValidationHelper.validateURL(check)) { log.info("Not valid MOA-SP/SS Service URL"); - errors.add(LanguageHelper.getErrorString("validation.general.moaspss.url.valid")); + errors.add(LanguageHelper.getErrorString("validation.general.moaspss.url.valid", request)); } } @@ -218,7 +220,7 @@ public class MOAConfigValidator { if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { log.info("PVP2 IssuerName is not valid: " + check); errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.issuername.valid", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); } } @@ -227,7 +229,7 @@ public class MOAConfigValidator { if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { log.info("PVP2 organisation display name is not valid: " + check); errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.displayname.valid", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); } } @@ -236,7 +238,7 @@ public class MOAConfigValidator { if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { log.info("PVP2 organisation name is not valid: " + check); errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.name.valid", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); } } @@ -244,7 +246,7 @@ public class MOAConfigValidator { if (MiscUtil.isNotEmpty(check)) { if (!ValidationHelper.validateURL(check)) { log.info("PVP2 organisation URL is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.url.valid")); + errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.url.valid", request)); } } @@ -259,33 +261,33 @@ public class MOAConfigValidator { check = form.getSLRequestTemplateHandy(); if (MiscUtil.isEmpty(check)) { log.info("Empty SLRequestTemplate Handy-BKU"); - errors.add(LanguageHelper.getErrorString("validation.general.slrequest.handy.empty")); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.handy.empty", request)); } else { if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { log.info("SLRequestTemplate Handy-BKU is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.slrequest.handy.valid")); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.handy.valid", request)); } } check = form.getSLRequestTemplateLocal(); if (MiscUtil.isEmpty(check)) { log.info("Empty SLRequestTemplate local BKU"); - errors.add(LanguageHelper.getErrorString("validation.general.slrequest.local.empty")); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.local.empty", request)); } else { if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { log.info("SLRequestTemplate local BKU is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.slrequest.local.valid")); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.local.valid", request)); } } check = form.getSLRequestTemplateOnline(); if (MiscUtil.isEmpty(check)) { log.info("Empty SLRequestTemplate Online-BKU"); - errors.add(LanguageHelper.getErrorString("validation.general.slrequest.online.empty")); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.online.empty", request)); } else { if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { log.info("SLRequestTemplate Online-BKU is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.slrequest.online.valid")); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.online.valid", request)); } } @@ -294,7 +296,7 @@ public class MOAConfigValidator { if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { log.info("SSO friendlyname is not valid: " + check); errors.add(LanguageHelper.getErrorString("validation.general.sso.friendlyname.valid", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); } } @@ -320,14 +322,14 @@ public class MOAConfigValidator { if (ValidationHelper.containsPotentialCSSCharacter(check, true)) { log.info("SSO SpecialText is not valid: " + check); errors.add(LanguageHelper.getErrorString("validation.general.sso.specialauthtext.valid", - new Object[] {ValidationHelper.getPotentialCSSCharacter(true)} )); + new Object[] {ValidationHelper.getPotentialCSSCharacter(true)} , request)); } } check = form.getSsoTarget(); if (MiscUtil.isEmpty(check)) { log.info("Empty SSO Target"); - errors.add(LanguageHelper.getErrorString("validation.general.sso.target.empty")); + errors.add(LanguageHelper.getErrorString("validation.general.sso.target.empty", request)); } else { if (!ValidationHelper.isValidAdminTarget(check)) { @@ -335,7 +337,7 @@ public class MOAConfigValidator { if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { log.warn("IdentificationNumber contains potentail XSS characters: " + check); errors.add(LanguageHelper.getErrorString("validation.general.sso.target.valid", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); } String num = check.replaceAll(" ", ""); @@ -345,7 +347,7 @@ public class MOAConfigValidator { num.startsWith(Constants.IDENIFICATIONTYPE_ERSB) ) ) { log.info("Not valid SSO Target"); - errors.add(LanguageHelper.getErrorString("validation.general.sso.target.valid")); + errors.add(LanguageHelper.getErrorString("validation.general.sso.target.valid", request)); } } @@ -355,20 +357,20 @@ public class MOAConfigValidator { if (MiscUtil.isNotEmpty(check)) { if (!ValidationHelper.validateURL(check)) { log.info("SZRGW URL is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.szrgw.url.valid")); + errors.add(LanguageHelper.getErrorString("validation.general.szrgw.url.valid", request)); } } check = form.getTrustedCACerts(); if (MiscUtil.isEmpty(check)) { log.info("Empty TrustCACerts Directory"); - errors.add(LanguageHelper.getErrorString("validation.general.trustedcacerts.empty")); + errors.add(LanguageHelper.getErrorString("validation.general.trustedcacerts.empty", request)); } else { if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { log.info("Not valid TrustCACerts Directory"); errors.add(LanguageHelper.getErrorString("validation.general.trustedcacerts.valid", - new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()} )); + new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()}, request )); } } @@ -382,7 +384,7 @@ public class MOAConfigValidator { if (MiscUtil.isNotEmpty(filename)) { if (ValidationHelper.containsPotentialCSSCharacter(filename, false)) { log.info("SL Transformation Filename is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.slrequest.filename.valid")); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.filename.valid", request)); } else { try { @@ -394,7 +396,7 @@ public class MOAConfigValidator { log.info("SecurtiyLayerTransformation with FileName " + filename +" can not be loaded." , e); errors.add(LanguageHelper.getErrorString("validation.general.slrequest.file.valid", - new Object[] {filename} )); + new Object[] {filename}, request )); } } } @@ -406,7 +408,7 @@ public class MOAConfigValidator { ContactForm contact = form.getPvp2Contact(); if (contact != null) { PVP2ContactValidator pvp2validator = new PVP2ContactValidator(); - errors.addAll(pvp2validator.validate(contact)); + errors.addAll(pvp2validator.validate(contact, request)); } return errors; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java index 5286725df..f7adc1a67 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java @@ -26,6 +26,8 @@ import java.util.ArrayList; import java.util.Arrays; import java.util.List; +import javax.servlet.http.HttpServletRequest; + import org.apache.log4j.Logger; import at.gv.egovernment.moa.id.configuration.data.pvp2.ContactForm; @@ -45,7 +47,7 @@ public class PVP2ContactValidator { private static final Logger log = Logger.getLogger(PVP2ContactValidator.class); - public List<String >validate(ContactForm contact) { + public List<String >validate(ContactForm contact, HttpServletRequest request) { List<String> errors = new ArrayList<String>(); String check = contact.getCompany(); @@ -53,7 +55,7 @@ public class PVP2ContactValidator { if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { log.info("PVP2 Contact: Company is not valid: " + check); errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.company.valid", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); } } @@ -62,7 +64,7 @@ public class PVP2ContactValidator { if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { log.info("PVP2 Contact: GivenName is not valid: " + check); errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.givenname.valid", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); } } @@ -71,28 +73,28 @@ public class PVP2ContactValidator { if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { log.info("PVP2 Contact: SureName is not valid: " + check); errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.surename.valid", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); } } check = contact.getType(); if (MiscUtil.isNotEmpty(check)) { if (!AllowedTypes.contains(check)) { - errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.type.valid")); + errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.type.valid", request)); } } check = contact.getMail(); if (MiscUtil.isNotEmpty(check)) { if (!ValidationHelper.isEmailAddressFormat(check)) { - errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.mail.valid")); + errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.mail.valid", request)); } } check = contact.getPhone(); if (MiscUtil.isNotEmpty(check)) { if (!ValidationHelper.validatePhoneNumber(check)) { - errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.phone.valid")); + errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.phone.valid", request)); } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java index 93f22730c..a63b3a7b1 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java @@ -2,6 +2,9 @@ package at.gv.egovernment.moa.id.configuration.validation.moaconfig; import java.util.ArrayList; import java.util.List; + +import javax.servlet.http.HttpServletRequest; + import org.apache.log4j.Logger; import at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS; @@ -15,7 +18,7 @@ public class StorkConfigValidator { private static final Logger log = Logger.getLogger(StorkConfigValidator.class); - public List<String> validate(GeneralStorkConfig form) { + public List<String> validate(GeneralStorkConfig form, HttpServletRequest request) { List<String> errors = new ArrayList<String>(); @@ -31,17 +34,17 @@ public class StorkConfigValidator { if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { log.warn("CPEPS config countrycode contains potentail XSS characters: " + check); errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.cc", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); } if(!check.toLowerCase().matches("^[a-z][a-z]$")) { log.warn("CPEPS config countrycode does not comply to ISO 3166-2 : " + check); errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.cc", - new Object[] {check} )); + new Object[] {check}, request )); } } else { log.warn("CPEPS config countrycode is empty : " + check); errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.empty", - new Object[] {check} )); + new Object[] {check}, request )); } // check url @@ -49,12 +52,12 @@ public class StorkConfigValidator { if (MiscUtil.isNotEmpty(check)) { if (!ValidationHelper.validateURL(check)) { log.info("CPEPS config URL is invalid : " + check); - errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.url")); + errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.url", request)); } } else { log.warn("CPEPS config url is empty : " + check); errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.empty", - new Object[] {check} )); + new Object[] {check}, request )); } } } @@ -64,7 +67,7 @@ public class StorkConfigValidator { if(1 > qaa && 4 < qaa) { log.warn("QAA is out of range : " + qaa); errors.add(LanguageHelper.getErrorString("validation.stork.qaa.outofrange", - new Object[] {qaa} )); + new Object[] {qaa}, request )); } // check attributes @@ -73,12 +76,12 @@ public class StorkConfigValidator { if (ValidationHelper.containsPotentialCSSCharacter(check.getName(), true)) { log.warn("default attributes contains potentail XSS characters: " + check); errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes", - new Object[] {ValidationHelper.getPotentialCSSCharacter(true)} )); + new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}, request )); } if(!check.getName().toLowerCase().matches("^[a-z0-9]*$")) { log.warn("default attributes do not match the requested format : " + check); errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes", - new Object[] {check} )); + new Object[] {check}, request )); } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAFileUploadValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAFileUploadValidation.java index 8887aeaad..bee2ba06c 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAFileUploadValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAFileUploadValidation.java @@ -31,6 +31,8 @@ import java.util.HashMap; import java.util.List; import java.util.Map; +import javax.servlet.http.HttpServletRequest; + import org.apache.commons.io.IOUtils; import org.apache.log4j.Logger; @@ -48,7 +50,8 @@ public class OAFileUploadValidation { private static final Logger log = Logger.getLogger(OASSOConfigValidation.class); - public List<String> validate(List<String> fileName, List<File> files, String errorMsgPreFix, Map<String, byte[]> output) { + public List<String> validate(List<String> fileName, List<File> files, + String errorMsgPreFix, Map<String, byte[]> output, HttpServletRequest request) { List<String> errors = new ArrayList<String>(); @@ -56,7 +59,7 @@ public class OAFileUploadValidation { if (fileName.size() > 1) { log.info("Only one BKU-selecten template file can be stored"); - errors.add(LanguageHelper.getErrorString(errorMsgPreFix + ".file.selected")); + errors.add(LanguageHelper.getErrorString(errorMsgPreFix + ".file.selected", request)); } for (int i=0; i<fileName.size(); i++) { @@ -65,7 +68,7 @@ public class OAFileUploadValidation { if (MiscUtil.isNotEmpty(filename)) { if (ValidationHelper.containsPotentialCSSCharacter(filename, false)) { log.info("Filename is not valid"); - errors.add(LanguageHelper.getErrorString(errorMsgPreFix + ".filename.valid")); + errors.add(LanguageHelper.getErrorString(errorMsgPreFix + ".filename.valid", request)); } else { try { @@ -78,7 +81,7 @@ public class OAFileUploadValidation { log.info("File with FileName " + filename +" can not be loaded." , e); errors.add(LanguageHelper.getErrorString(errorMsgPreFix + ".file.valid", - new Object[] {filename} )); + new Object[] {filename}, request )); } } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAGeneralConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAGeneralConfigValidation.java index 637500c1e..92bdc2052 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAGeneralConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAGeneralConfigValidation.java @@ -26,6 +26,8 @@ import java.util.ArrayList; import java.util.List; import java.util.Map; +import javax.servlet.http.HttpServletRequest; + import org.apache.log4j.Logger; import at.gv.egovernment.moa.id.configuration.Constants; @@ -39,7 +41,7 @@ public class OAGeneralConfigValidation { private static final Logger log = Logger.getLogger(OASSOConfigValidation.class); - public List<String> validate(OAGeneralConfig form, boolean isAdmin) { + public List<String> validate(OAGeneralConfig form, boolean isAdmin, HttpServletRequest request) { List<String> errors = new ArrayList<String>(); String check; @@ -51,7 +53,7 @@ public class OAGeneralConfigValidation { if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { log.warn("AditionalAuthBlockText contains potentail XSS characters: " + check); errors.add(LanguageHelper.getErrorString("validation.general.aditionalauthblocktext", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); } } } @@ -66,7 +68,7 @@ public class OAGeneralConfigValidation { // } else { if (!ValidationHelper.validateURL(check)) { log.info("Not valid Handy-BKU URL"); - errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.valid")); + errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.valid", request)); } } @@ -78,7 +80,7 @@ public class OAGeneralConfigValidation { // } else { if (!ValidationHelper.validateURL(check)) { log.info("Not valid Online-BKU URL"); - errors.add(LanguageHelper.getErrorString("validation.general.bku.local.valid")); + errors.add(LanguageHelper.getErrorString("validation.general.bku.local.valid", request)); } } @@ -90,7 +92,7 @@ public class OAGeneralConfigValidation { // } else { if (!ValidationHelper.validateURL(check)) { log.info("Not valid Online-BKU URL"); - errors.add(LanguageHelper.getErrorString("validation.general.bku.online.valid")); + errors.add(LanguageHelper.getErrorString("validation.general.bku.online.valid", request)); } } } @@ -101,11 +103,11 @@ public class OAGeneralConfigValidation { if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { log.warn("OAFriendlyName contains potentail XSS characters: " + check); errors.add(LanguageHelper.getErrorString("validation.general.oafriendlyname.valid", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); } } else { log.info("OA friendlyName is empty"); - errors.add(LanguageHelper.getErrorString("validation.general.oafriendlyname.empty")); + errors.add(LanguageHelper.getErrorString("validation.general.oafriendlyname.empty", request)); } if (isAdmin) { @@ -113,12 +115,12 @@ public class OAGeneralConfigValidation { check = form.getKeyBoxIdentifier(); if (MiscUtil.isEmpty(check)) { log.info("Empty KeyBoxIdentifier"); - errors.add(LanguageHelper.getErrorString("validation.general.keyboxidentifier.empty")); + errors.add(LanguageHelper.getErrorString("validation.general.keyboxidentifier.empty", request)); } else { Map<String, String> list = form.getKeyBoxIdentifierList(); if (!list.containsKey(check)) { log.info("Not valid KeyBoxIdentifier " + check); - errors.add(LanguageHelper.getErrorString("validation.general.keyboxidentifier.valid")); + errors.add(LanguageHelper.getErrorString("validation.general.keyboxidentifier.valid", request)); } } @@ -128,26 +130,26 @@ public class OAGeneralConfigValidation { MiscUtil.isEmpty(form.getSLTemplateURL2()) && MiscUtil.isEmpty(form.getSLTemplateURL3()) ) { log.info("Empty OA-specific SecurityLayer Templates"); - errors.add(LanguageHelper.getErrorString("validation.general.sltemplates.empty")); + errors.add(LanguageHelper.getErrorString("validation.general.sltemplates.empty", request)); } else { check = form.getSLTemplateURL1(); if (MiscUtil.isNotEmpty(check) && ValidationHelper.isNotValidIdentityLinkSigner(check) ) { log.info("First OA-specific SecurityLayer Templates is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.sltemplate1.valid")); + errors.add(LanguageHelper.getErrorString("validation.general.sltemplate1.valid", request)); } check = form.getSLTemplateURL2(); if (MiscUtil.isNotEmpty(check) && ValidationHelper.isNotValidIdentityLinkSigner(check) ) { log.info("Second OA-specific SecurityLayer Templates is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.sltemplate2.valid")); + errors.add(LanguageHelper.getErrorString("validation.general.sltemplate2.valid", request)); } check = form.getSLTemplateURL3(); if (MiscUtil.isNotEmpty(check) && ValidationHelper.isNotValidIdentityLinkSigner(check) ) { log.info("Third OA-specific SecurityLayer Templates is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.sltemplate3.valid")); + errors.add(LanguageHelper.getErrorString("validation.general.sltemplate3.valid", request)); } } } @@ -159,13 +161,13 @@ public class OAGeneralConfigValidation { if (!form.isUseMandates()) { log.info("MandateProfiles configured but useMandates is false."); - errors.add(LanguageHelper.getErrorString("validation.general.mandate.usemandate")); + errors.add(LanguageHelper.getErrorString("validation.general.mandate.usemandate", request)); } if (ValidationHelper.containsPotentialCSSCharacter(check, true)) { log.warn("MandateProfiles contains potentail XSS characters: " + check); errors.add(LanguageHelper.getErrorString("validation.general.mandate.profiles", - new Object[] {ValidationHelper.getPotentialCSSCharacter(true)} )); + new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}, request )); } } @@ -178,12 +180,12 @@ public class OAGeneralConfigValidation { check = form.getStorkSPTargetCountry(); if ((check==null)||(check.length() < 1)) { log.warn("Stork target country is not known"); - errors.add(LanguageHelper.getErrorString("validation.general.stork.sptarget")); + errors.add(LanguageHelper.getErrorString("validation.general.stork.sptarget", request)); } if (check.length() > 10) { log.warn("Incorrect size of Stork target country, too many characters"); - errors.add(LanguageHelper.getErrorString("validation.general.stork.sptargetsize")); + errors.add(LanguageHelper.getErrorString("validation.general.stork.sptargetsize", request)); } @@ -194,27 +196,27 @@ public class OAGeneralConfigValidation { check = form.getIdentificationType(); if (!form.getIdentificationTypeList().contains(check)) { log.info("IdentificationType is not known."); - errors.add(LanguageHelper.getErrorString("validation.general.stork.sptarget")); + errors.add(LanguageHelper.getErrorString("validation.general.stork.sptarget", request)); } //check identification number check = form.getIdentificationNumber(); if (MiscUtil.isEmpty(check)) { log.info("Empty IdentificationNumber"); - errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.empty")); + errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.empty", request)); } else { if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { log.warn("IdentificationNumber contains potentail XSS characters: " + check); errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.valid", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); } if (form.getIdentificationType().equals(Constants.IDENIFICATIONTYPE_FN)) { CompanyNumberValidator val = new CompanyNumberValidator(); if (!val.validate(check)) { log.info("Not valid CompanyNumber"); - errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.fn.valid")); + errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.fn.valid", request)); } } } @@ -225,7 +227,7 @@ public class OAGeneralConfigValidation { if (MiscUtil.isNotEmpty(check)) { if (!ValidationHelper.isValidAdminTarget(check)) { log.info("Not valid Target-Subsector"); - errors.add(LanguageHelper.getErrorString("validation.general.target.subsector.valid")); + errors.add(LanguageHelper.getErrorString("validation.general.target.subsector.valid", request)); } } @@ -235,7 +237,7 @@ public class OAGeneralConfigValidation { if (!ValidationHelper.isPublicServiceAllowed(form.getIdentifier())) { log.warn("PublicURLPrefix does not allow PublicService: " + form.getIdentifier()); errors.add(LanguageHelper.getErrorString("validation.general.target.publicserviceurl", - new Object[] {form.getIdentifier()} )); + new Object[] {form.getIdentifier()}, request )); form.setBusinessService(true); return errors; @@ -245,12 +247,12 @@ public class OAGeneralConfigValidation { check = form.getTarget(); if (MiscUtil.isEmpty(check)) { log.info("Empty Target"); - errors.add(LanguageHelper.getErrorString("validation.general.target.empty")); + errors.add(LanguageHelper.getErrorString("validation.general.target.empty", request)); } else { if (!ValidationHelper.isValidTarget(check)) { log.info("Not valid Target"); - errors.add(LanguageHelper.getErrorString("validation.general.target.valid")); + errors.add(LanguageHelper.getErrorString("validation.general.target.valid", request)); } } @@ -262,13 +264,13 @@ public class OAGeneralConfigValidation { if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { log.warn("TargetFriendlyName contains potentail XSS characters: " + check); errors.add(LanguageHelper.getErrorString("validation.general.targetfriendlyname", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); } } if (MiscUtil.isEmpty(form.getTarget()) && MiscUtil.isEmpty(form.getTarget_admin())) { log.info("Empty Target"); - errors.add(LanguageHelper.getErrorString("validation.general.target.empty")); + errors.add(LanguageHelper.getErrorString("validation.general.target.empty", request)); } //check Target @@ -276,7 +278,7 @@ public class OAGeneralConfigValidation { if (MiscUtil.isNotEmpty(check)) { if (!ValidationHelper.isValidTarget(check)) { log.info("Not valid Target"); - errors.add(LanguageHelper.getErrorString("validation.general.target.valid")); + errors.add(LanguageHelper.getErrorString("validation.general.target.valid", request)); } } @@ -285,7 +287,7 @@ public class OAGeneralConfigValidation { if (MiscUtil.isNotEmpty(check)) { if (!ValidationHelper.isValidAdminTarget(check)) { log.info("Not valid Target"); - errors.add(LanguageHelper.getErrorString("validation.general.target.admin.valid")); + errors.add(LanguageHelper.getErrorString("validation.general.target.admin.valid", request)); } } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAOAUTH20ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAOAUTH20ConfigValidation.java index 249df4dcd..c30c11f5a 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAOAUTH20ConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAOAUTH20ConfigValidation.java @@ -25,6 +25,8 @@ package at.gv.egovernment.moa.id.configuration.validation.oa; import java.util.ArrayList; import java.util.List; +import javax.servlet.http.HttpServletRequest; + import org.apache.commons.lang.StringUtils; import org.apache.log4j.Logger; @@ -36,7 +38,7 @@ public class OAOAUTH20ConfigValidation { private static final Logger log = Logger.getLogger(OAOAUTH20ConfigValidation.class); - public List<String> validate(OAOAuth20Config form) { + public List<String> validate(OAOAuth20Config form, HttpServletRequest request) { List<String> errors = new ArrayList<String>(); @@ -47,7 +49,7 @@ public class OAOAUTH20ConfigValidation { // validate redirectUri if (StringUtils.isNotEmpty(form.getRedirectUri()) && !OAuth20Util.isUrl(form.getRedirectUri())) { - errors.add(LanguageHelper.getErrorString("error.oa.oauth.redirecturi")); + errors.add(LanguageHelper.getErrorString("error.oa.oauth.redirecturi", request)); } return errors; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java index 18b6a2d22..b26f2d9d5 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java @@ -27,6 +27,8 @@ import java.security.cert.CertificateException; import java.util.ArrayList; import java.util.List; +import javax.servlet.http.HttpServletRequest; + import org.apache.log4j.Logger; import at.gv.egovernment.moa.id.configuration.data.oa.OAPVP2Config; @@ -39,7 +41,7 @@ public class OAPVP2ConfigValidation { private static final Logger log = Logger.getLogger(OAPVP2ConfigValidation.class); - public List<String> validate(OAPVP2Config form) { + public List<String> validate(OAPVP2Config form, HttpServletRequest request) { List<String> errors = new ArrayList<String>(); try { @@ -50,13 +52,13 @@ public class OAPVP2ConfigValidation { if (MiscUtil.isNotEmpty(check)) { if (!ValidationHelper.validateURL(check)) { log.info("MetaDataURL has no valid form."); - errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.valid")); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.valid", request)); } else { metadata = FileUtils.readURL(check); if (MiscUtil.isEmpty(metadata)) { log.info("Filecontent can not be read form MetaDataURL."); - errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.read")); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.read", request)); } } } @@ -86,11 +88,11 @@ public class OAPVP2ConfigValidation { } catch (CertificateException e) { log.info("Uploaded Certificate can not be found", e); - errors.add(LanguageHelper.getErrorString("validation.pvp2.certificate.notfound")); + errors.add(LanguageHelper.getErrorString("validation.pvp2.certificate.notfound", request)); } catch (IOException e) { log.info("Metadata can not be loaded from URL", e); - errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.read")); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.read", request)); // } catch (MetadataProviderException e) { // log.info("MetaDate verification failed"); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASAML1ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASAML1ConfigValidation.java index 73eba87ff..95104b929 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASAML1ConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASAML1ConfigValidation.java @@ -25,6 +25,8 @@ package at.gv.egovernment.moa.id.configuration.validation.oa; import java.util.ArrayList; import java.util.List; +import javax.servlet.http.HttpServletRequest; + import org.apache.log4j.Logger; import at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig; @@ -35,13 +37,13 @@ public class OASAML1ConfigValidation { private static final Logger log = Logger.getLogger(OASAML1ConfigValidation.class); - public List<String> validate(OASAML1Config form, OAGeneralConfig general) { + public List<String> validate(OASAML1Config form, OAGeneralConfig general, HttpServletRequest request) { List<String> errors = new ArrayList<String>(); if (general.isBusinessService() && form.isProvideStammZahl()) { log.info("ProvideStammZahl can not be used with BusinessService applications"); - errors.add(LanguageHelper.getErrorString("validation.saml1.providestammzahl")); + errors.add(LanguageHelper.getErrorString("validation.saml1.providestammzahl", request)); } return errors; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASSOConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASSOConfigValidation.java index dd305d144..6de966b8d 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASSOConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASSOConfigValidation.java @@ -25,6 +25,8 @@ package at.gv.egovernment.moa.id.configuration.validation.oa; import java.util.ArrayList; import java.util.List; +import javax.servlet.http.HttpServletRequest; + import org.apache.log4j.Logger; import at.gv.egovernment.moa.id.configuration.data.oa.OASSOConfig; @@ -36,7 +38,7 @@ public class OASSOConfigValidation { private static final Logger log = Logger.getLogger(OASSOConfigValidation.class); - public List<String> validate(OASSOConfig form, boolean isAdmin) { + public List<String> validate(OASSOConfig form, boolean isAdmin, HttpServletRequest request) { List<String> errors = new ArrayList<String>(); @@ -48,7 +50,7 @@ public class OASSOConfigValidation { } else { if (!ValidationHelper.validateURL(urlString) && form.isUseSSO()) { log.info("Single Log-Out url validation error"); - errors.add(LanguageHelper.getErrorString("validation.sso.logouturl.valid")); + errors.add(LanguageHelper.getErrorString("validation.sso.logouturl.valid", request)); } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java index 554aa9ff0..7bdcb65cf 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java @@ -25,6 +25,8 @@ package at.gv.egovernment.moa.id.configuration.validation.oa; import java.util.ArrayList; import java.util.List; +import javax.servlet.http.HttpServletRequest; + import org.apache.log4j.Logger; import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin; @@ -37,7 +39,7 @@ public class OASTORKConfigValidation { private static final Logger log = Logger.getLogger(OASTORKConfigValidation.class); - public List<String> validate(OASTORKConfig oageneral) { + public List<String> validate(OASTORKConfig oageneral, HttpServletRequest request) { List<String> errors = new ArrayList<String>(); @@ -46,29 +48,29 @@ public class OASTORKConfigValidation { if(1 > qaa && 4 < qaa) { log.warn("QAA is out of range : " + qaa); errors.add(LanguageHelper.getErrorString("validation.stork.qaa.outofrange", - new Object[] {qaa} )); + new Object[] {qaa}, request )); } if (oageneral.isVidpEnabled()) { for(AttributeProviderPlugin current : oageneral.getAttributeProviderPlugins()) { if (MiscUtil.isEmpty(current.getUrl()) || !ValidationHelper.validateURL(current.getUrl())) { log.info("AttributeProviderPlugin URL has no valid form."); - errors.add(LanguageHelper.getErrorString("validation.stork.ap.url.valid")); + errors.add(LanguageHelper.getErrorString("validation.stork.ap.url.valid", request)); } if (MiscUtil.isEmpty(current.getName())) { log.info("AttributeProviderPlugin Name is empty."); - errors.add(LanguageHelper.getErrorString("validation.stork.ap.name.empty")); + errors.add(LanguageHelper.getErrorString("validation.stork.ap.name.empty", request)); } else { if (!oageneral.getAvailableAttributeProviderPlugins().contains(current.getName())) { log.info("AttributeProviderPlugin Name is not supported."); - errors.add(LanguageHelper.getErrorString("validation.stork.ap.name.valid")); + errors.add(LanguageHelper.getErrorString("validation.stork.ap.name.valid", request)); } } if (MiscUtil.isEmpty(current.getAttributes()) || !current.getAttributes().matches("[a-zA-Z]+(, ?[a-zA-Z]+)*")) { log.info("AttributeProviderPlugin attributes are empty or do not match csv format."); - errors.add(LanguageHelper.getErrorString("validation.stork.ap.attributes.valid")); + errors.add(LanguageHelper.getErrorString("validation.stork.ap.attributes.valid", request)); } } |