diff options
Diffstat (limited to 'id/ConfigWebTool/src')
101 files changed, 8161 insertions, 874 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java index d088edf34..e309eaadd 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java @@ -1,29 +1,81 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ package at.gv.egovernment.moa.id.configuration; public class Constants { + public static final String FILEPREFIX = "file:"; + + public static final String SERVLET_PVP2ASSERTION = "pvp2login.action"; + public static final String SERVLET_ACCOUNTVERIFICATION = "mailAddressVerification.action"; + public static final String STRUTS_SUCCESS = "success"; public static final String STRUTS_ERROR = "error"; public static final String STRUTS_ERROR_VALIDATION = "error_validation"; public static final String STRUTS_OA_EDIT = "editOA"; public static final String STRUTS_REAUTHENTICATE = "reauthentication"; public static final String STRUTS_NOTALLOWED = "notallowed"; + public static final String STRUTS_NEWUSER = "newuser"; + public static final String STRUTS_SSOLOGOUT = "ssologout"; public static final String SESSION_AUTH = "authsession"; public static final String SESSION_AUTH_ERROR = "authsessionerror"; public static final String SESSION_OAID = "oadbidentifier"; + public static final String SESSION_FORMID = "formId"; + public static final String SESSION_FORM = "form"; + public static final String SESSION_PVP2REQUESTID = "pvp2requestid"; + public static final String SESSION_RETURNAREA = "returnarea"; + public static final String SESSION_BKUFORMPREVIEW = "bkuformpreview"; + public static final String SESSION_OAUTH20SECRET = "oauth20secret"; + + + public static enum STRUTS_RETURNAREA_VALUES {adminRequestsInit, main, usermanagementInit}; public static final String REQUEST_OAID = "oaid"; + public static final String REQUEST_USERREQUESTTOKKEN = "tokken"; + + public static final String REQUEST_FORMCUSTOM_MODULE = "module"; + public static final String REQUEST_FORMCUSTOM_VALUE = "value"; public static final String BKU_ONLINE = "bkuonline"; public static final String BKU_LOCAL = "bkulocal"; public static final String BKU_HANDY = "bkuhandy"; - public static final String MOA_CONFIG_BUSINESSSERVICE = "businessService"; - public static final String MOA_CONFIG_PROTOCOL_SAML1 = "id_saml1"; public static final String MOA_CONFIG_PROTOCOL_PVP2 = "id_pvp2x"; public static final String DEFAULT_LOCALBKU_URL = "https://127.0.0.1:3496/https-security-layer-request"; public static final String DEFAULT_HANDYBKU_URL = "https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx"; + + public static final String PUBLICSERVICE_URL_POSTFIX = ".gv.at"; + + public static final String IDENIFICATIONTYPE_FN = "FN"; + public static final String IDENIFICATIONTYPE_ERSB = "ERSB"; + public static final String IDENIFICATIONTYPE_ZVR = "ZVR"; + public static final String IDENIFICATIONTYPE_BASEID = "urn:publicid:gv.at:baseid+"; + + public static final String IDENIFICATIONTYPE_BASEID_FN = IDENIFICATIONTYPE_BASEID + "X" + IDENIFICATIONTYPE_FN; + public static final String IDENIFICATIONTYPE_BASEID_ZVR = IDENIFICATIONTYPE_BASEID + "X" + IDENIFICATIONTYPE_ZVR; + + public static final String PREFIX_WPBK = "urn:publicid:gv.at:wbpk+"; } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/AuthenticatedUser.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/AuthenticatedUser.java index 8f75a357c..b7da86db7 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/AuthenticatedUser.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/AuthenticatedUser.java @@ -1,15 +1,42 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.auth; import java.util.Date; +import at.gv.egovernment.moa.id.configuration.helper.DateTimeHelper; + public class AuthenticatedUser { private boolean isAuthenticated = false; private boolean isAdmin = false; + private boolean isPVP2Login = false; + private boolean isMandateUser = false; private long userID; private String givenName; private String familyName; + private String institute; private String userName; private Date lastLogin; @@ -17,18 +44,26 @@ public class AuthenticatedUser { } - public AuthenticatedUser(long userID, String givenName, String familyName, String userName, - boolean isAuthenticated, boolean isAdmin) { + public AuthenticatedUser(long userID, String givenName, String familyName, String institute, + String userName, boolean isAuthenticated, boolean isAdmin, boolean isMandateUser, + boolean isPVP2Login) { this.familyName = familyName; this.givenName = givenName; this.userName = userName; this.userID = userID; + this.institute = institute; this.isAdmin = isAdmin; this.isAuthenticated = isAuthenticated; + this.isMandateUser = isMandateUser; + this.isPVP2Login = isPVP2Login; this.lastLogin = new Date(); } + public String getFormatedLastLogin() { + return DateTimeHelper.getDateTime(lastLogin); + } + /** * @return the isAuthenticated */ @@ -105,7 +140,7 @@ public class AuthenticatedUser { public Date getLastLogin() { return lastLogin; } - + /** * @param lastLogin the lastLogin to set */ @@ -126,8 +161,49 @@ public class AuthenticatedUser { public void setUserName(String userName) { this.userName = userName; } + + /** + * @return the institute + */ + public String getInstitute() { + return institute; + } + + /** + * @param institute the institute to set + */ + public void setInstitute(String institute) { + this.institute = institute; + } + + /** + * @return the isPVP2Login + */ + public boolean isPVP2Login() { + return isPVP2Login; + } + + /** + * @param isPVP2Login the isPVP2Login to set + */ + public void setPVP2Login(boolean isPVP2Login) { + this.isPVP2Login = isPVP2Login; + } + + /** + * @return the isMandateUser + */ + public boolean isMandateUser() { + return isMandateUser; + } + + /** + * @param isMandateUser the isMandateUser to set + */ + public void setMandateUser(boolean isMandateUser) { + this.isMandateUser = isMandateUser; + } - - + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/AttributeListBuilder.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/AttributeListBuilder.java new file mode 100644 index 000000000..f17ec82cb --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/AttributeListBuilder.java @@ -0,0 +1,72 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egovernment.moa.id.configuration.auth.pvp2; + +import java.util.ArrayList; +import java.util.List; + +import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.metadata.RequestedAttribute; + +import at.gv.egovernment.moa.id.configuration.utils.SAML2Utils; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; + +public class AttributeListBuilder implements PVPConstants{ + + protected static RequestedAttribute buildReqAttribute(String name, String friendlyName, boolean required) { + RequestedAttribute attribute = SAML2Utils.createSAMLObject(RequestedAttribute.class); + attribute.setIsRequired(required); + attribute.setName(name); + attribute.setFriendlyName(friendlyName); + attribute.setNameFormat(Attribute.URI_REFERENCE); + return attribute; + } + + public static List<RequestedAttribute> getRequestedAttributes() { + List<RequestedAttribute> requestedAttributes = new ArrayList<RequestedAttribute>(); + + requestedAttributes.add(buildReqAttribute(PVP_VERSION_NAME, PVP_VERSION_FRIENDLY_NAME, true)); + requestedAttributes.add(buildReqAttribute(PRINCIPAL_NAME_NAME, PRINCIPAL_NAME_FRIENDLY_NAME, true)); + requestedAttributes.add(buildReqAttribute(GIVEN_NAME_NAME, GIVEN_NAME_FRIENDLY_NAME, true)); + requestedAttributes.add(buildReqAttribute(BIRTHDATE_NAME, BIRTHDATE_FRIENDLY_NAME, false)); + requestedAttributes.add(buildReqAttribute(BPK_NAME, BPK_FRIENDLY_NAME, true)); + requestedAttributes.add(buildReqAttribute(EID_CITIZEN_QAA_LEVEL_NAME, EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME, true)); + requestedAttributes.add(buildReqAttribute(EID_ISSUING_NATION_NAME, EID_ISSUING_NATION_FRIENDLY_NAME, true)); + requestedAttributes.add(buildReqAttribute(EID_SECTOR_FOR_IDENTIFIER_NAME, EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, true)); + + requestedAttributes.add(buildReqAttribute(MANDATE_TYPE_NAME, MANDATE_TYPE_FRIENDLY_NAME, false)); + requestedAttributes.add(buildReqAttribute(MANDATE_LEG_PER_FULL_NAME_NAME, MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME, false)); + requestedAttributes.add(buildReqAttribute(MANDATE_LEG_PER_SOURCE_PIN_NAME, MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, false)); + requestedAttributes.add(buildReqAttribute(MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, false)); + + requestedAttributes.add(buildReqAttribute(MANDATE_NAT_PER_BIRTHDATE_NAME, MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME, false)); + requestedAttributes.add(buildReqAttribute(MANDATE_NAT_PER_BPK_NAME, MANDATE_NAT_PER_BPK_FRIENDLY_NAME, false)); + requestedAttributes.add(buildReqAttribute(MANDATE_NAT_PER_FAMILY_NAME_NAME, MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME, false)); + requestedAttributes.add(buildReqAttribute(MANDATE_NAT_PER_GIVEN_NAME_NAME, MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, false)); + + requestedAttributes.add(buildReqAttribute(MANDATE_REFERENCE_VALUE_NAME, MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, false)); + requestedAttributes.add(buildReqAttribute(MANDATE_PROF_REP_OID_NAME, MANDATE_PROF_REP_OID_FRIENDLY_NAME, false)); + requestedAttributes.add(buildReqAttribute(MANDATE_PROF_REP_DESC_NAME, MANDATE_PROF_REP_DESC_FRIENDLY_NAME, false)); + return requestedAttributes; + } +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/Authenticate.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/Authenticate.java new file mode 100644 index 000000000..5fa6f3531 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/Authenticate.java @@ -0,0 +1,258 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egovernment.moa.id.configuration.auth.pvp2; + +import java.io.IOException; +import java.security.KeyStore; +import java.util.Map; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.transform.TransformerException; + +import org.apache.velocity.app.VelocityEngine; +import org.apache.velocity.runtime.RuntimeConstants; +import org.joda.time.DateTime; +import org.opensaml.Configuration; +import org.opensaml.common.SAMLObject; +import org.opensaml.common.binding.BasicSAMLMessageContext; +import org.opensaml.common.impl.SecureRandomIdentifierGenerator; +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.binding.encoding.HTTPPostEncoder; +import org.opensaml.saml2.core.AuthnContextClassRef; +import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration; +import org.opensaml.saml2.core.AuthnRequest; +import org.opensaml.saml2.core.Issuer; +import org.opensaml.saml2.core.NameID; +import org.opensaml.saml2.core.NameIDPolicy; +import org.opensaml.saml2.core.NameIDType; +import org.opensaml.saml2.core.RequestedAuthnContext; +import org.opensaml.saml2.core.Subject; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml2.metadata.SingleSignOnService; +import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder; +import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; +import org.opensaml.ws.transport.http.HttpServletResponseAdapter; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.io.Marshaller; +import org.opensaml.xml.io.MarshallingException; +import org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter; +import org.opensaml.xml.security.x509.X509Credential; +import org.opensaml.xml.signature.Signature; +import org.opensaml.xml.signature.SignatureConstants; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.w3c.dom.Document; + +import at.gv.egovernment.moa.id.configuration.Constants; +import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; +import at.gv.egovernment.moa.id.configuration.utils.SAML2Utils; +import at.gv.egovernment.moa.util.MiscUtil; + + +/** + * Servlet implementation class Authenticate + */ +public class Authenticate extends HttpServlet { + private static final long serialVersionUID = 1L; + + private static final Logger log = LoggerFactory + .getLogger(Authenticate.class); + /** + * @see HttpServlet#HttpServlet() + */ + public Authenticate() { + super(); + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); + factory.setNamespaceAware(true); + try { + builder = factory.newDocumentBuilder(); + } catch (ParserConfigurationException e) { + log.warn("PVP2 AuthenticationServlet can not be initialized.", e); + + } + } + + DocumentBuilder builder; + + public Document asDOMDocument(XMLObject object) throws IOException, + MarshallingException, TransformerException { + Document document = builder.newDocument(); + Marshaller out = Configuration.getMarshallerFactory().getMarshaller( + object); + out.marshall(object, document); + return document; + } + + protected void process(HttpServletRequest request, + HttpServletResponse response, Map<String,String> legacyParameter) throws ServletException, IOException { + try { + + ConfigurationProvider config = ConfigurationProvider.getInstance(); + config.initializePVP2Login(); + + AuthnRequest authReq = SAML2Utils + .createSAMLObject(AuthnRequest.class); + SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator(); + authReq.setID(gen.generateIdentifier()); + + HttpSession session = request.getSession(); + if (session != null) { + session.setAttribute(Constants.SESSION_PVP2REQUESTID, authReq.getID()); + } + + authReq.setAssertionConsumerServiceIndex(0); + authReq.setAttributeConsumingServiceIndex(0); + authReq.setIssueInstant(new DateTime()); + Subject subject = SAML2Utils.createSAMLObject(Subject.class); + NameID name = SAML2Utils.createSAMLObject(NameID.class); + Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); + + String serviceURL = config.getPublicUrlPreFix(request); + if (!serviceURL.endsWith("/")) + serviceURL = serviceURL + "/"; + name.setValue(serviceURL); + issuer.setValue(serviceURL); + + subject.setNameID(name); + authReq.setSubject(subject); + issuer.setFormat(NameIDType.ENTITY); + authReq.setIssuer(issuer); + NameIDPolicy policy = SAML2Utils + .createSAMLObject(NameIDPolicy.class); + policy.setAllowCreate(true); + policy.setFormat(NameID.PERSISTENT); + authReq.setNameIDPolicy(policy); + + String entityname = config.getPVP2IDPMetadataEntityName(); + if (MiscUtil.isEmpty(entityname)) { + log.info("No IDP EntityName configurated"); + throw new ConfigurationException("No IDP EntityName configurated"); + } + + HTTPMetadataProvider idpmetadata = config.getMetaDataProvier(); + EntityDescriptor idpEntity = idpmetadata.getEntityDescriptor(entityname); + if (idpEntity == null) { + log.info("IDP EntityName is not found in IDP Metadata"); + throw new ConfigurationException("IDP EntityName is not found in IDP Metadata"); + } + + SingleSignOnService redirectEndpoint = null; + for (SingleSignOnService sss : + idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleSignOnServices()) { + + //Get the service address for the binding you wish to use + if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) { + redirectEndpoint = sss; + } + } + + authReq.setDestination(redirectEndpoint.getLocation()); + + RequestedAuthnContext reqAuthContext = + SAML2Utils.createSAMLObject(RequestedAuthnContext.class); + + AuthnContextClassRef authnClassRef = + SAML2Utils.createSAMLObject(AuthnContextClassRef.class); + + authnClassRef.setAuthnContextClassRef("http://www.stork.gov.eu/1.0/citizenQAALevel/4"); + + reqAuthContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM); + + reqAuthContext.getAuthnContextClassRefs().add(authnClassRef); + + authReq.setRequestedAuthnContext(reqAuthContext); + + KeyStore keyStore = config.getPVP2KeyStore(); + + X509Credential authcredential = new KeyStoreX509CredentialAdapter( + keyStore, + config.getPVP2KeystoreAuthRequestKeyAlias(), + config.getPVP2KeystoreAuthRequestKeyPassword().toCharArray()); + + Signature signer = SAML2Utils.createSAMLObject(Signature.class); + signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1); + signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); + signer.setSigningCredential(authcredential); + + authReq.setSignature(signer); + + VelocityEngine engine = new VelocityEngine(); + engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); + engine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8"); + engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); + engine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath"); + engine.setProperty("classpath.resource.loader.class", + "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader"); + engine.init(); + + HTTPPostEncoder encoder = new HTTPPostEncoder(engine, + "templates/pvp_postbinding_template.html"); + HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( + response, true); + BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); + SingleSignOnService service = new SingleSignOnServiceBuilder() + .buildObject(); + service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"); + service.setLocation(redirectEndpoint.getLocation());; + + context.setOutboundSAMLMessageSigningCredential(authcredential); + context.setPeerEntityEndpoint(service); + context.setOutboundSAMLMessage(authReq); + context.setOutboundMessageTransport(responseAdapter); + + encoder.encode(context); + + } catch (Exception e) { + log.warn("Authentication Request can not be generated", e); + throw new ServletException("Authentication Request can not be generated.", e); + } + } + + /** + * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse + * response) + */ + protected void doGet(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + + process(request, response, null); + } + + /** + * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse + * response) + */ + protected void doPost(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + process(request, response, null); + } + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/BuildMetadata.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/BuildMetadata.java new file mode 100644 index 000000000..56f593ce7 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/BuildMetadata.java @@ -0,0 +1,328 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egovernment.moa.id.configuration.auth.pvp2; + +import java.io.IOException; +import java.io.StringWriter; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.cert.CertificateException; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.transform.Transformer; +import javax.xml.transform.TransformerConfigurationException; +import javax.xml.transform.TransformerException; +import javax.xml.transform.TransformerFactory; +import javax.xml.transform.TransformerFactoryConfigurationError; +import javax.xml.transform.dom.DOMSource; +import javax.xml.transform.stream.StreamResult; + +import org.apache.log4j.Logger; +import org.opensaml.Configuration; +import org.opensaml.common.impl.SecureRandomIdentifierGenerator; +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.core.NameIDType; +import org.opensaml.saml2.metadata.AssertionConsumerService; +import org.opensaml.saml2.metadata.AttributeConsumingService; +import org.opensaml.saml2.metadata.EntitiesDescriptor; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml2.metadata.KeyDescriptor; +import org.opensaml.saml2.metadata.LocalizedString; +import org.opensaml.saml2.metadata.NameIDFormat; +import org.opensaml.saml2.metadata.SPSSODescriptor; +import org.opensaml.saml2.metadata.ServiceName; +import org.opensaml.xml.io.Marshaller; +import org.opensaml.xml.io.MarshallingException; +import org.opensaml.xml.security.SecurityException; +import org.opensaml.xml.security.credential.Credential; +import org.opensaml.xml.security.credential.UsageType; +import org.opensaml.xml.security.keyinfo.KeyInfoGenerator; +import org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter; +import org.opensaml.xml.security.x509.X509Credential; +import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory; +import org.opensaml.xml.signature.Signature; +import org.opensaml.xml.signature.SignatureConstants; +import org.opensaml.xml.signature.SignatureException; +import org.opensaml.xml.signature.Signer; +import org.w3c.dom.Document; + +import at.gv.egovernment.moa.id.configuration.Constants; +import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; +import at.gv.egovernment.moa.id.configuration.utils.SAML2Utils; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * Servlet implementation class BuildMetadata + */ +public class BuildMetadata extends HttpServlet { + private static final long serialVersionUID = 1L; + + private static final Logger log = Logger.getLogger(BuildMetadata.class); + + /** + * @see HttpServlet#HttpServlet() + */ + public BuildMetadata() { + super(); + } + + protected static Signature getSignature(Credential credentials) { + Signature signer = SAML2Utils.createSAMLObject(Signature.class); + signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256); + signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); + signer.setSigningCredential(credentials); + return signer; + } + + /** + * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse + * response) + */ + protected void doGet(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + try { + ConfigurationProvider config = ConfigurationProvider.getInstance(); + + //config.initializePVP2Login(); + + SecureRandomIdentifierGenerator idGen = new SecureRandomIdentifierGenerator(); + + EntitiesDescriptor spEntitiesDescriptor = SAML2Utils. + createSAMLObject(EntitiesDescriptor.class); + + String name = config.getPVP2MetadataEntitiesName(); + if (MiscUtil.isEmpty(name)) { + log.info("NO Metadata EntitiesName configurated"); + throw new ConfigurationException("NO Metadata EntitiesName configurated"); + } + + spEntitiesDescriptor.setName(name); + spEntitiesDescriptor.setID(idGen.generateIdentifier()); + + EntityDescriptor spEntityDescriptor = SAML2Utils + .createSAMLObject(EntityDescriptor.class); + + spEntitiesDescriptor.getEntityDescriptors().add(spEntityDescriptor); + + String serviceURL = config.getPublicUrlPreFix(request); + if (!serviceURL.endsWith("/")) + serviceURL = serviceURL + "/"; + + log.debug("Set OnlineApplicationURL to " + serviceURL); + spEntityDescriptor.setEntityID(serviceURL); + + SPSSODescriptor spSSODescriptor = SAML2Utils + .createSAMLObject(SPSSODescriptor.class); + + spSSODescriptor.setAuthnRequestsSigned(true); + spSSODescriptor.setWantAssertionsSigned(true); + + X509KeyInfoGeneratorFactory keyInfoFactory = new X509KeyInfoGeneratorFactory(); + keyInfoFactory.setEmitEntityCertificate(true); + KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance(); + + KeyStore keyStore = config.getPVP2KeyStore(); + + X509Credential signingcredential = new KeyStoreX509CredentialAdapter( + keyStore, + config.getPVP2KeystoreMetadataKeyAlias(), + config.getPVP2KeystoreMetadataKeyPassword().toCharArray()); + + + log.debug("Set Metadata key information"); + //Set MetaData Signing key + KeyDescriptor entitiesSignKeyDescriptor = SAML2Utils + .createSAMLObject(KeyDescriptor.class); + entitiesSignKeyDescriptor.setUse(UsageType.SIGNING); + entitiesSignKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(signingcredential)); + Signature entitiesSignature = getSignature(signingcredential); + spEntitiesDescriptor.setSignature(entitiesSignature); + + //Set AuthRequest Signing certificate + X509Credential authcredential = new KeyStoreX509CredentialAdapter( + keyStore, + config.getPVP2KeystoreAuthRequestKeyAlias(), + config.getPVP2KeystoreAuthRequestKeyPassword().toCharArray()); + KeyDescriptor signKeyDescriptor = SAML2Utils + .createSAMLObject(KeyDescriptor.class); + signKeyDescriptor.setUse(UsageType.SIGNING); + signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authcredential)); + spSSODescriptor.getKeyDescriptors().add(signKeyDescriptor); + + + //set AuthRequest encryption certificate + if (MiscUtil.isNotEmpty(config.getPVP2KeystoreAuthRequestEncryptionKeyAlias())) { + X509Credential authEncCredential = new KeyStoreX509CredentialAdapter( + keyStore, + config.getPVP2KeystoreAuthRequestEncryptionKeyAlias(), + config.getPVP2KeystoreAuthRequestEncryptionKeyPassword().toCharArray()); + KeyDescriptor encryKeyDescriptor = SAML2Utils + .createSAMLObject(KeyDescriptor.class); + encryKeyDescriptor.setUse(UsageType.ENCRYPTION); + encryKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authEncCredential)); + spSSODescriptor.getKeyDescriptors().add(encryKeyDescriptor); + + } else { + log.warn("No Assertion Encryption-Key defined. This setting is not recommended!"); + + } + + + NameIDFormat persistentnameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); + persistentnameIDFormat.setFormat(NameIDType.PERSISTENT); + + spSSODescriptor.getNameIDFormats().add(persistentnameIDFormat); + + NameIDFormat transientnameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); + transientnameIDFormat.setFormat(NameIDType.TRANSIENT); + + spSSODescriptor.getNameIDFormats().add(transientnameIDFormat); + + NameIDFormat unspecifiednameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); + unspecifiednameIDFormat.setFormat(NameIDType.UNSPECIFIED); + + spSSODescriptor.getNameIDFormats().add(unspecifiednameIDFormat); + + AssertionConsumerService postassertionConsumerService = + SAML2Utils.createSAMLObject(AssertionConsumerService.class); + + postassertionConsumerService.setIndex(0); + postassertionConsumerService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI); + postassertionConsumerService.setLocation(serviceURL + Constants.SERVLET_PVP2ASSERTION); + + spSSODescriptor.getAssertionConsumerServices().add(postassertionConsumerService); + + spSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS); + + spEntityDescriptor.getRoleDescriptors().add(spSSODescriptor); + + spSSODescriptor.setWantAssertionsSigned(true); + spSSODescriptor.setAuthnRequestsSigned(true); + + AttributeConsumingService attributeService = + SAML2Utils.createSAMLObject(AttributeConsumingService.class); + + attributeService.setIndex(0); + attributeService.setIsDefault(true); + ServiceName serviceName = SAML2Utils.createSAMLObject(ServiceName.class); + serviceName.setName(new LocalizedString("Default Service", "de")); + attributeService.getNames().add(serviceName); + + attributeService.getRequestAttributes().addAll(AttributeListBuilder.getRequestedAttributes()); + + spSSODescriptor.getAttributeConsumingServices().add(attributeService); + + DocumentBuilder builder; + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); + + builder = factory.newDocumentBuilder(); + Document document = builder.newDocument(); + Marshaller out = Configuration.getMarshallerFactory().getMarshaller(spEntitiesDescriptor); + out.marshall(spEntitiesDescriptor, document); + + Signer.signObject(entitiesSignature); + + Transformer transformer = TransformerFactory.newInstance().newTransformer(); + + StringWriter sw = new StringWriter(); + StreamResult sr = new StreamResult(sw); + DOMSource source = new DOMSource(document); + transformer.transform(source, sr); + sw.close(); + + String metadataXML = sw.toString(); + + response.setContentType("text/xml"); + response.getOutputStream().write(metadataXML.getBytes()); + + response.getOutputStream().close(); + + } catch (ConfigurationException e) { + log.warn("Configuration can not be loaded.", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (NoSuchAlgorithmException e) { + log.warn("Requested Algorithm could not found.", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (KeyStoreException e) { + log.warn("Requested KeyStoreType is not implemented.", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (CertificateException e) { + log.warn("KeyStore can not be opend or userd.", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (SecurityException e) { + log.warn("KeyStore can not be opend or used", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (ParserConfigurationException e) { + log.warn("PVP2 Metadata createn error", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (MarshallingException e) { + log.warn("PVP2 Metadata createn error", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (SignatureException e) { + log.warn("PVP2 Metadata can not be signed", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (TransformerConfigurationException e) { + log.warn("PVP2 Metadata createn error", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (TransformerFactoryConfigurationError e) { + log.warn("PVP2 Metadata createn error", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + + } catch (TransformerException e) { + log.warn("PVP2 Metadata createn error", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + } + + catch (Exception e) { + log.warn("Unspecific PVP2 Metadata createn error", e); + throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); + } + + } + + /** + * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse + * response) + */ + protected void doPost(HttpServletRequest request, + HttpServletResponse response) throws ServletException, IOException { + } + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java new file mode 100644 index 000000000..3429f6c96 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java @@ -0,0 +1,82 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egovernment.moa.id.configuration.auth.pvp2; + +import java.util.Iterator; + +import org.opensaml.saml2.metadata.EntitiesDescriptor; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml2.metadata.provider.FilterException; +import org.opensaml.saml2.metadata.provider.MetadataFilter; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.security.x509.BasicX509Credential; + +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.EntityVerifier; + +public class MetaDataVerificationFilter implements MetadataFilter { + + BasicX509Credential credential; + + public MetaDataVerificationFilter(BasicX509Credential credential) { + this.credential = credential; + } + + + public void doFilter(XMLObject metadata) throws FilterException { + if (metadata instanceof EntitiesDescriptor) { + EntitiesDescriptor entitiesDescriptor = (EntitiesDescriptor) metadata; + + if(entitiesDescriptor.getSignature() == null) { + throw new FilterException("Root element of metadata file has to be signed", null); + } + try { + processEntitiesDescriptor(entitiesDescriptor); + + } catch (MOAIDException e) { + throw new FilterException("Invalid Metadata file Root element is no EntitiesDescriptor", null); + } + } + } + + private void processEntitiesDescriptor(EntitiesDescriptor desc) throws MOAIDException { + Iterator<EntitiesDescriptor> entID = desc.getEntitiesDescriptors().iterator(); + + if(desc.getSignature() != null) { + EntityVerifier.verify(desc, this.credential); + } + + while(entID.hasNext()) { + processEntitiesDescriptor(entID.next()); + } + + Iterator<EntityDescriptor> entIT = desc.getEntityDescriptors().iterator(); + + while(entIT.hasNext()) { + EntityDescriptor entity = entIT.next(); + if (entity.getSignature() != null) + EntityVerifier.verify(entity); + } + } + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java index aeadbd0bb..692990fa9 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java @@ -1,24 +1,79 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.config; +import iaik.x509.X509Certificate; + import java.io.File; import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.IOException; +import java.io.InputStream; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.cert.CertificateException; import java.util.Properties; +import java.util.Timer; + +import javax.servlet.http.HttpServletRequest; + +import org.apache.commons.httpclient.HttpClient; +import org.apache.log4j.Logger; +import org.opensaml.DefaultBootstrap; +import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; +import org.opensaml.xml.parse.BasicParserPool; +import org.opensaml.xml.security.x509.BasicX509Credential; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.configuration.Constants; +import at.gv.egovernment.moa.id.configuration.auth.pvp2.MetaDataVerificationFilter; import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; -import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.id.configuration.utils.UserRequestCleaner; +import at.gv.egovernment.moa.util.MiscUtil; public class ConfigurationProvider { + public static final String HTMLTEMPLATE_DIR = "/htmlTemplates"; + public static final String HTMLTEMPLATE_FILE = "/loginFormFull.html"; + + private static final Logger log = Logger.getLogger(ConfigurationProvider.class); + private static final String SYSTEM_PROP_CONFIG = "moa.id.webconfig"; private static ConfigurationProvider instance; private Properties props; private String configFileName; + private String configRootDir; + + private HTTPMetadataProvider idpMetadataProvider = null; + private KeyStore keyStore = null; + + private String publicURLPreFix = null; + + private boolean pvp2logininitialzied = false; public static ConfigurationProvider getInstance() throws ConfigurationException { if (instance == null) { @@ -39,10 +94,14 @@ public class ConfigurationProvider { if (configFileName == null) { throw new ConfigurationException("config.01"); } - Logger.info("Loading MOA-ID-AUTH configuration " + configFileName); + + // determine the directory of the root config file + configRootDir = new File(configFileName).getParent(); + + log.info("Loading MOA-ID-AUTH configuration " + configFileName); //Initial Hibernate Framework - Logger.trace("Initializing Hibernate framework."); + log.trace("Initializing Hibernate framework."); //Load MOAID-2.0 properties file File propertiesFile = new File(configFileName); @@ -54,32 +113,365 @@ public class ConfigurationProvider { fis = new FileInputStream(propertiesFile); props.load(fis); + fis.close(); + // initialize hibernate synchronized (ConfigurationProvider.class) { //Initial config Database ConfigurationDBUtils.initHibernate(props); } - Logger.trace("Hibernate initialization finished."); + log.trace("Hibernate initialization finished."); + DefaultBootstrap.bootstrap(); + log.info("OPENSAML initialized"); + + UserRequestCleaner.start(); - + } catch (FileNotFoundException e) { throw new ConfigurationException("config.01", e); + } catch (IOException e) { throw new ConfigurationException("config.02", e); + } catch (MOADatabaseException e) { throw new ConfigurationException("config.03", e); + + } catch (org.opensaml.xml.ConfigurationException e) { + throw new ConfigurationException("config.04", e); } } + public String getPublicUrlPreFix(HttpServletRequest request) { + publicURLPreFix = props.getProperty("general.publicURLContext"); + + if (MiscUtil.isEmpty(publicURLPreFix) && request != null) { + String url = request.getRequestURL().toString(); + String contextpath = request.getContextPath(); + int index = url.indexOf(contextpath); + publicURLPreFix = url.substring(0, index + contextpath.length() + 1); + } + + return publicURLPreFix; + } + + public int getUserRequestCleanUpDelay() { + String delay = props.getProperty("general.userrequests.cleanup.delay"); + return Integer.getInteger(delay, 12); + } + +// public String getContactMailAddress() { +// return props.getProperty("general.contact.mail"); +// } + + public String getSSOLogOutURL() { + return props.getProperty("general.login.pvp2.idp.sso.logout.url"); + } + + public KeyStore getPVP2KeyStore() throws ConfigurationException, IOException, NoSuchAlgorithmException, CertificateException, KeyStoreException { + if (keyStore == null) { + String keystoretype = getPVP2MetadataKeystoreType(); + if (MiscUtil.isEmpty(keystoretype)) { + log.debug("No KeyStoreType defined. Using default KeyStoreType."); + keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); + + } else { + log.debug("Using " + keystoretype + " KeyStoreType."); + keyStore = KeyStore.getInstance(keystoretype); + + } + + + String file = getPVP2MetadataKeystoreURL(); + log.debug("Load KeyStore from URL " + file); + if (MiscUtil.isEmpty(file)) { + log.info("Metadata KeyStoreURL is empty"); + throw new ConfigurationException("Metadata KeyStoreURL is empty"); + } + + FileInputStream inputStream = new FileInputStream(file); + keyStore.load(inputStream, getPVP2MetadataKeystorePassword().toCharArray()); + inputStream.close(); + } + + return keyStore; + + } + + public String getConfigFile() { + return configFileName; + } + + public String getConfigRootDir() { + return configRootDir; + } + + public String getMOAIDInstanceURL() { + return props.getProperty("general.moaid.instance.url"); + } + public boolean isLoginDeaktivated() { String result = props.getProperty("general.login.deaktivate", "false"); return Boolean.parseBoolean(result); } - public String getConfigFile() { - return configFileName; + public boolean isOATargetVerificationDeaktivated() { + String result = props.getProperty("general.OATargetVerification.deaktivate", "false"); + return Boolean.parseBoolean(result); + } + + //PVP2 Login configuration + + public void initializePVP2Login() throws ConfigurationException { + if (!pvp2logininitialzied) + initalPVP2Login(); + } + + public boolean isPVP2LoginActive() { + + return Boolean.parseBoolean(props.getProperty("general.login.pvp2.isactive", "false")); + } + + public boolean isPVP2LoginBusinessService() { + String result = props.getProperty("general.login.pvp2.isbusinessservice", "false"); + return Boolean.parseBoolean(result); + } + + public String getPVP2LoginTarget() { + return props.getProperty("general.login.pvp2.target"); + } + + public String getPVP2LoginIdenificationValue() { + return props.getProperty("general.login.pvp2.identificationvalue"); + } + + public String getPVP2MetadataEntitiesName() { + return props.getProperty("general.login.pvp2.metadata.entities.name"); + } + + public String getPVP2MetadataKeystoreURL() { + return props.getProperty("general.login.pvp2.keystore.url"); + } + + public String getPVP2MetadataKeystorePassword() { + return props.getProperty("general.login.pvp2.keystore.password"); + } + + public String getPVP2MetadataKeystoreType() { + return props.getProperty("general.login.pvp2.keystore.type"); + } + + public String getPVP2KeystoreMetadataKeyAlias() { + return props.getProperty("general.login.pvp2.keystore.metadata.key.alias"); + } + + public String getPVP2KeystoreMetadataKeyPassword() { + return props.getProperty("general.login.pvp2.keystore.metadata.key.password"); + } + + public String getPVP2KeystoreAuthRequestKeyAlias() { + return props.getProperty("general.login.pvp2.keystore.authrequest.key.alias"); + } + + public String getPVP2KeystoreAuthRequestKeyPassword() { + return props.getProperty("general.login.pvp2.keystore.authrequest.key.password"); + } + + public String getPVP2KeystoreAuthRequestEncryptionKeyAlias() { + return props.getProperty("general.login.pvp2.keystore.authrequest.encryption.key.alias"); + } + + public String getPVP2KeystoreAuthRequestEncryptionKeyPassword() { + return props.getProperty("general.login.pvp2.keystore.authrequest.encryption.key.password"); + } + + public String getPVP2IDPMetadataURL() { + return props.getProperty("general.login.pvp2.idp.metadata.url"); + } + + public String getPVP2IDPMetadataCertificate() { + return props.getProperty("general.login.pvp2.idp.metadata.certificate"); + } + + public String getPVP2IDPMetadataEntityName() { + return props.getProperty("general.login.pvp2.idp.metadata.entityID"); + } + + public HTTPMetadataProvider getMetaDataProvier() { + return idpMetadataProvider; + } + + + //SMTP Server + public String getSMTPMailHost() { + return props.getProperty("general.mail.host"); + } + + public String getSMTPMailPort() { + return props.getProperty("general.mail.host.port"); + } + + public String getSMTPMailUsername() { + return props.getProperty("general.mail.host.username"); + } + + public String getSMTPMailPassword() { + return props.getProperty("general.mail.host.password"); + } + + //Mail Configuration + public String getMailFromName() { + return props.getProperty("general.mail.from.name"); + } + + public String getMailFromAddress() { + return props.getProperty("general.mail.from.address"); + } + + public String getMailUserAcountVerificationSubject() { + return props.getProperty("general.mail.useraccountrequest.verification.subject"); + } + + public String getMailUserAcountVerificationTemplate() throws ConfigurationException { + String url = props.getProperty("general.mail.useraccountrequest.verification.template"); + + if (MiscUtil.isNotEmpty(url)) { + if (url.startsWith(Constants.FILEPREFIX)) + return url; + + else + return configRootDir + "/" + url; + + } else { + log.warn("MailUserAcountVerificationTemplate is empty"); + throw new ConfigurationException("MailUserAcountVerificationTemplate is empty"); + + } + } + + public String getMailUserAcountActivationSubject() { + return props.getProperty("general.mail.useraccountrequest.isactive.subject"); + } + + public String getMailUserAcountActivationTemplate() throws ConfigurationException { + String url = props.getProperty("general.mail.useraccountrequest.isactive.template"); + + if (MiscUtil.isNotEmpty(url)) { + if (url.startsWith(Constants.FILEPREFIX)) + return url; + + else + return configRootDir + "/" + url; + + } else { + log.warn("MailUserAcountVerificationTemplate is empty"); + throw new ConfigurationException("MailUserAcountActivationTemplate is empty"); + + } + } + + public String getMailOAActivationSubject() { + return props.getProperty("general.mail.createOArequest.isactive.subject"); + } + + public String getMailOAActivationTemplate() throws ConfigurationException { + String url = props.getProperty("general.mail.createOArequest.isactive.template"); + + if (MiscUtil.isNotEmpty(url)) { + if (url.startsWith(Constants.FILEPREFIX)) + return url; + + else + return configRootDir + "/" + url; + + } else { + log.warn("MailOAActivationTemplate is empty"); + throw new ConfigurationException("MailOAActivationTemplate is empty"); + + } + } + + public String getMailUserAcountRevocationTemplate() throws ConfigurationException { + String url = props.getProperty("general.mail.useraccountrequest.rejected.template"); + + if (MiscUtil.isNotEmpty(url)) { + if (url.startsWith(Constants.FILEPREFIX)) + return url; + + else + return configRootDir + "/" + url; + + } else { + log.warn("MailUserAcountVerificationTemplate is empty"); + throw new ConfigurationException("MailUserAcountRevocationTemplate is empty"); + + } + } + + public String getMailAdminSubject() { + return props.getProperty("general.mail.admin.subject"); + } + + public String getMailAdminTemplate() throws ConfigurationException { + String url = props.getProperty("general.mail.admin.adresses.template"); + + if (MiscUtil.isNotEmpty(url)) { + if (url.startsWith(Constants.FILEPREFIX)) + return url; + + else + return configRootDir + "/" + url; + + } else { + log.warn("MailUserAcountVerificationTemplate is empty"); + throw new ConfigurationException("MailAdminTemplate is empty"); + + } + } + + public String getMailAdminAddress() { + return props.getProperty("general.mail.admin.adress"); + } + + + private void initalPVP2Login() throws ConfigurationException { + try { + + String metadataCert = getPVP2IDPMetadataCertificate(); + if (MiscUtil.isEmpty(metadataCert)) { + log.info("NO IDP Certificate to verify IDP Metadata"); + throw new ConfigurationException("NO IDP Certificate to verify IDP Metadata"); + } + + InputStream certstream = new FileInputStream(metadataCert); + X509Certificate cert = new X509Certificate(certstream); + BasicX509Credential idpCredential = new BasicX509Credential(); + idpCredential.setEntityCertificate(cert); + + log.debug("IDP Certificate loading finished"); + + String metadataurl = getPVP2IDPMetadataURL(); + if (MiscUtil.isEmpty(metadataurl)) { + log.info("NO IDP Metadata URL."); + throw new ConfigurationException("NO IDP Metadata URL."); + } + + idpMetadataProvider = new HTTPMetadataProvider(new Timer(), new HttpClient(), metadataurl); + idpMetadataProvider.setRequireValidMetadata(true); + idpMetadataProvider.setParserPool(new BasicParserPool()); + idpMetadataProvider.setMetadataFilter(new MetaDataVerificationFilter(idpCredential)); + idpMetadataProvider.setMaxRefreshDelay(1000 * 3600 * 12 ); //refresh Metadata every 12h + idpMetadataProvider.initialize(); + + pvp2logininitialzied = true; + + } catch (Exception e) { + log.warn("PVP2 authentification can not be initialized."); + throw new ConfigurationException("PVP2 authentification can not be initialized.", e); + } + + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java new file mode 100644 index 000000000..49d556ba4 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java @@ -0,0 +1,357 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egovernment.moa.id.configuration.data; + +import java.util.Arrays; +import java.util.Collections; +import java.util.List; +import java.util.Map; + +import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; +import at.gv.egovernment.moa.id.commons.db.dao.config.BKUSelectionCustomizationType; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType; +import at.gv.egovernment.moa.id.util.FormBuildUtils; +import at.gv.egovernment.moa.util.MiscUtil; + +public class FormularCustomization { + + private boolean showMandateLoginButton = true; + private boolean onlyMandateAllowed = false; + + private String fontType = null; + + private String frontColor = null; + private String backGroundColor = null; + private String header_FrontColor = null; + private String header_BackGroundColor = null; + private String header_text = null; + private String button_BackGroundColor = null; + private String button_BackGroundColorFocus = null; + private String button_FrontColor = null; + + private String appletRedirectTarget = null; + public static List<String> appletRedirectTargetList = null; + + public static List<String> fontTypeList = null; + public String fontTypeListValue = null; + + public FormularCustomization() { + appletRedirectTargetList = Arrays.asList("","_blank","_self","_parent","_top"); + fontTypeList = Arrays.asList("","Verdana","Geneva","Arial","Helvetica","sans-serif","Times New Roman"); + Collections.sort(fontTypeList); + } + + public void parse(OnlineApplication dbOAConfig, Map<String, String> map) { + AuthComponentOA auth = dbOAConfig.getAuthComponentOA(); + + if (auth != null) { + TemplatesType templates = auth.getTemplates(); + if (templates != null) { + BKUSelectionCustomizationType formcustom = templates.getBKUSelectionCustomization(); + if (formcustom != null) { + + if (formcustom.isMandateLoginButton() != null) { + showMandateLoginButton = formcustom.isMandateLoginButton(); + } + + if (formcustom.isOnlyMandateLoginAllowed() != null) { + onlyMandateAllowed = formcustom.isOnlyMandateLoginAllowed(); + } + + if (MiscUtil.isNotEmpty(formcustom.getAppletRedirectTarget())) + appletRedirectTarget = formcustom.getAppletRedirectTarget(); + + if (MiscUtil.isNotEmpty(formcustom.getBackGroundColor())) { + backGroundColor = formcustom.getBackGroundColor(); + map.put(FormBuildUtils.MAIN_BACKGROUNDCOLOR, formcustom.getBackGroundColor()); + } + + if (MiscUtil.isNotEmpty(formcustom.getButtonBackGroundColor())) { + button_BackGroundColor = formcustom.getButtonBackGroundColor(); + map.put(FormBuildUtils.BUTTON_BACKGROUNDCOLOR, formcustom.getButtonBackGroundColor()); + } + + if (MiscUtil.isNotEmpty(formcustom.getButtonBackGroundColorFocus())) { + button_BackGroundColorFocus = formcustom.getButtonBackGroundColorFocus(); + map.put(FormBuildUtils.BUTTON_BACKGROUNDCOLOR_FOCUS, formcustom.getButtonBackGroundColorFocus()); + } + + if (MiscUtil.isNotEmpty(formcustom.getButtonFontColor())) { + button_FrontColor = formcustom.getButtonFontColor(); + map.put(FormBuildUtils.BUTTON_COLOR, formcustom.getButtonFontColor()); + } + + if (MiscUtil.isNotEmpty(formcustom.getFontType())) { + fontType = formcustom.getFontType(); + map.put(FormBuildUtils.FONTFAMILY, formcustom.getFontType()); + } + + if (MiscUtil.isNotEmpty(formcustom.getFrontColor())) { + frontColor = formcustom.getFrontColor(); + map.put(FormBuildUtils.MAIN_COLOR, formcustom.getFrontColor()); + } + + if (MiscUtil.isNotEmpty(formcustom.getHeaderBackGroundColor())) { + header_BackGroundColor = formcustom.getHeaderBackGroundColor(); + map.put(FormBuildUtils.HEADER_BACKGROUNDCOLOR, formcustom.getHeaderBackGroundColor()); + } + + if (MiscUtil.isNotEmpty(formcustom.getHeaderFrontColor())) { + header_FrontColor = formcustom.getHeaderFrontColor(); + map.put(FormBuildUtils.HEADER_COLOR, formcustom.getHeaderFrontColor()); + } + + if (MiscUtil.isNotEmpty(formcustom.getHeaderText())) { + header_text = formcustom.getHeaderText(); + map.put(FormBuildUtils.HEADER_TEXT, formcustom.getHeaderText()); + } + } + } + } + } + + + /** + * @return the showMandateLoginButton + */ + public boolean isShowMandateLoginButton() { + return showMandateLoginButton; + } + + + /** + * @param showMandateLoginButton the showMandateLoginButton to set + */ + public void setShowMandateLoginButton(boolean showMandateLoginButton) { + this.showMandateLoginButton = showMandateLoginButton; + } + + + /** + * @return the onlyMandateAllowed + */ + public boolean isOnlyMandateAllowed() { + return onlyMandateAllowed; + } + + + /** + * @param onlyMandateAllowed the onlyMandateAllowed to set + */ + public void setOnlyMandateAllowed(boolean onlyMandateAllowed) { + this.onlyMandateAllowed = onlyMandateAllowed; + } + + + /** + * @return the fontType + */ + public String getFontType() { + return fontType; + } + + + /** + * @param fontType the fontType to set + */ + public void setFontType(String fontType) { + this.fontType = fontType; + } + + + /** + * @return the frontColor + */ + public String getFrontColor() { + return frontColor; + } + + + /** + * @param frontColor the frontColor to set + */ + public void setFrontColor(String frontColor) { + this.frontColor = frontColor; + } + + + /** + * @return the backGroundColor + */ + public String getBackGroundColor() { + return backGroundColor; + } + + + /** + * @param backGroundColor the backGroundColor to set + */ + public void setBackGroundColor(String backGroundColor) { + this.backGroundColor = backGroundColor; + } + + + /** + * @return the header_FrontColor + */ + public String getHeader_FrontColor() { + return header_FrontColor; + } + + + /** + * @param header_FrontColor the header_FrontColor to set + */ + public void setHeader_FrontColor(String header_FrontColor) { + this.header_FrontColor = header_FrontColor; + } + + + /** + * @return the header_BackGroundColor + */ + public String getHeader_BackGroundColor() { + return header_BackGroundColor; + } + + + /** + * @param header_BackGroundColor the header_BackGroundColor to set + */ + public void setHeader_BackGroundColor(String header_BackGroundColor) { + this.header_BackGroundColor = header_BackGroundColor; + } + + + /** + * @return the header_text + */ + public String getHeader_text() { + return header_text; + } + + + /** + * @param header_text the header_text to set + */ + public void setHeader_text(String header_text) { + this.header_text = header_text; + } + + + /** + * @return the button_BackGroundColor + */ + public String getButton_BackGroundColor() { + return button_BackGroundColor; + } + + + /** + * @param button_BackGroundColor the button_BackGroundColor to set + */ + public void setButton_BackGroundColor(String button_BackGroundColor) { + this.button_BackGroundColor = button_BackGroundColor; + } + + + /** + * @return the button_BackGroundColorFocus + */ + public String getButton_BackGroundColorFocus() { + return button_BackGroundColorFocus; + } + + + /** + * @param button_BackGroundColorFocus the button_BackGroundColorFocus to set + */ + public void setButton_BackGroundColorFocus(String button_BackGroundColorFocus) { + this.button_BackGroundColorFocus = button_BackGroundColorFocus; + } + + + /** + * @return the button_FrontColor + */ + public String getButton_FrontColor() { + return button_FrontColor; + } + + + /** + * @param button_FrontColor the button_FrontColor to set + */ + public void setButton_FrontColor(String button_FrontColor) { + this.button_FrontColor = button_FrontColor; + } + + + /** + * @return the appletRedirectTarget + */ + public String getAppletRedirectTarget() { + return appletRedirectTarget; + } + + /** + * @param appletRedirectTarget the appletRedirectTarget to set + */ + public void setAppletRedirectTarget(String appletRedirectTarget) { + this.appletRedirectTarget = appletRedirectTarget; + } + + + /** + * @return the appletredirecttargetlist + */ + public List<String> getAppletRedirectTargetList() { + return appletRedirectTargetList; + } + + /** + * @return the fontTypeList + */ + public List<String> getFontTypeList() { + return fontTypeList; + } + + /** + * @return the fontTypeListValue + */ + public String getFontTypeListValue() { + return fontTypeListValue; + } + + /** + * @param fontTypeListValue the fontTypeListValue to set + */ + public void setFontTypeListValue(String fontTypeListValue) { + this.fontTypeListValue = fontTypeListValue; + } + + + + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java index 59954df7f..4da4d3907 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java @@ -1,3 +1,25 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.data; import java.io.File; @@ -15,8 +37,6 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.DefaultBKUs; import at.gv.egovernment.moa.id.commons.db.dao.config.ForeignIdentities; import at.gv.egovernment.moa.id.commons.db.dao.config.GeneralConfiguration; import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; -import at.gv.egovernment.moa.id.commons.db.dao.config.IdentityLinkSigners; -import at.gv.egovernment.moa.id.commons.db.dao.config.IdentityLinkSignersX509SubjectNameItem; import at.gv.egovernment.moa.id.commons.db.dao.config.LegacyAllowed; import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; import at.gv.egovernment.moa.id.commons.db.dao.config.MOASP; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java new file mode 100644 index 000000000..f21be44ba --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java @@ -0,0 +1,27 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egovernment.moa.id.configuration.data; + +public class GeneralStorkConfig { + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/OAListElement.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/OAListElement.java index 0ea21617e..69bf5dc0c 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/OAListElement.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/OAListElement.java @@ -1,3 +1,25 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.data; public class OAListElement { diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/StorkAttributes.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/StorkAttributes.java new file mode 100644 index 000000000..a1bcf4aa4 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/StorkAttributes.java @@ -0,0 +1,50 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egovernment.moa.id.configuration.data; + +public class StorkAttributes { + + + public AttributValues eIdentifier; + + + public void parse() { + eIdentifier = AttributValues.MANDATORY; + } + + + public enum AttributValues { + MANDATORY, OPTIONAL, NOT; + + public String getValue() { + if (this == MANDATORY) + return MANDATORY.name(); + if (this == OPTIONAL) + return OPTIONAL.name(); + else + return NOT.name(); + } + } + +} + diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/UserDatabaseFrom.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/UserDatabaseFrom.java index 881cdf277..8f4746d69 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/UserDatabaseFrom.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/UserDatabaseFrom.java @@ -1,8 +1,29 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.data; import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; import at.gv.egovernment.moa.util.MiscUtil; -import at.gv.util.data.BPK; public class UserDatabaseFrom { @@ -18,10 +39,14 @@ public class UserDatabaseFrom { private boolean active = false; private boolean admin = false; private boolean passwordActive; + private boolean isusernamepasswordallowed = false; + private boolean isadminrequest = true; + private boolean ismandateuser = false; + private boolean isPVPGenerated; private String userID = null; public UserDatabaseFrom() { - + } public UserDatabaseFrom(UserDatabase db) { @@ -41,6 +66,26 @@ public class UserDatabaseFrom { active = db.isIsActive(); admin = db.isIsAdmin(); + if (db.isIsUsernamePasswordAllowed() != null) + isusernamepasswordallowed = db.isIsUsernamePasswordAllowed(); + else + isusernamepasswordallowed = true; + + if (db.isIsAdminRequest() != null) + isadminrequest = db.isIsAdminRequest(); + else + isadminrequest = false; + + if (db.isIsMandateUser() != null) + ismandateuser = db.isIsMandateUser(); + else + ismandateuser = false; + + if (db.isIsPVP2Generated() != null) + isPVPGenerated = db.isIsPVP2Generated(); + else + isPVPGenerated = false; + userID = String.valueOf(db.getHjid()); } @@ -247,7 +292,62 @@ public class UserDatabaseFrom { public void setPassword_second(String password_second) { this.password_second = password_second; } + + /** + * @return the isusernamepasswordallowed + */ + public boolean isIsusernamepasswordallowed() { + return isusernamepasswordallowed; + } + + /** + * @param isusernamepasswordallowed the isusernamepasswordallowed to set + */ + public void setIsusernamepasswordallowed(boolean isusernamepasswordallowed) { + this.isusernamepasswordallowed = isusernamepasswordallowed; + } + + /** + * @return the ismandateuser + */ + public boolean isIsmandateuser() { + return ismandateuser; + } + /** + * @param ismandateuser the ismandateuser to set + */ + public void setIsmandateuser(boolean ismandateuser) { + this.ismandateuser = ismandateuser; + } + + /** + * @return the isadminrequest + */ + public boolean isIsadminrequest() { + return isadminrequest; + } + + /** + * @param isadminrequest the isadminrequest to set + */ + public void setIsadminrequest(boolean isadminrequest) { + this.isadminrequest = isadminrequest; + } + + /** + * @return the isPVPGenerated + */ + public boolean isPVPGenerated() { + return isPVPGenerated; + } + + /** + * @param isPVPGenerated the isPVPGenerated to set + */ + public void setPVPGenerated(boolean isPVPGenerated) { + this.isPVPGenerated = isPVPGenerated; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java index 57ae4863a..334124cfd 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java @@ -1,6 +1,29 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.data.oa; import java.util.ArrayList; +import java.util.Arrays; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -18,6 +41,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType; import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType; import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType; import at.gv.egovernment.moa.id.configuration.Constants; +import at.gv.egovernment.moa.id.configuration.validation.TargetValidator; import at.gv.egovernment.moa.util.MiscUtil; @@ -35,19 +59,22 @@ public class OAGeneralConfig { private boolean businessService = false; private String target = null; + private String target_subsector = null; + private String target_admin = null; + private static List<String> targetList = null; private String targetFriendlyName = null; + private boolean isAdminTarget = false; private String identificationNumber = null; private String identificationType = null; + private static List<String> identificationTypeList = null; private String aditionalAuthBlockText = null; private String mandateProfiles = null; + private boolean useMandates = false; private boolean isActive = false; - private String slVersion = null; - private boolean useIFrame = false; - private boolean useUTC = false; private boolean calculateHPI = false; private String keyBoxIdentifier = null; @@ -56,6 +83,8 @@ public class OAGeneralConfig { private boolean legacy = false; List<String> SLTemplates = null; + private boolean isHideBPKAuthBlock = false; + private Map<String, byte[]> transformations; @@ -69,6 +98,14 @@ public class OAGeneralConfig { bkuLocalURL = Constants.DEFAULT_LOCALBKU_URL; bkuHandyURL = Constants.DEFAULT_HANDYBKU_URL; + + targetList = TargetValidator.getListOfTargets(); + target = ""; + + identificationTypeList = Arrays.asList( + Constants.IDENIFICATIONTYPE_FN, + Constants.IDENIFICATIONTYPE_ZVR, + Constants.IDENIFICATIONTYPE_ERSB); } @@ -81,8 +118,29 @@ public class OAGeneralConfig { keyBoxIdentifier = dbOAConfig.getKeyBoxIdentifier().value(); identifier = dbOAConfig.getPublicURLPrefix(); - target = dbOAConfig.getTarget(); - targetFriendlyName = dbOAConfig.getTargetFriendlyName(); + + String target_full = dbOAConfig.getTarget(); + if (MiscUtil.isNotEmpty(target_full)) { + if (TargetValidator.isValidTarget(target_full)) { + target = target_full; + + } else { + String[] target_split = target_full.split("-"); + + if (TargetValidator.isValidTarget(target_split[0])) { + target = target_split[0]; + if (target_split.length > 1) + target_subsector = target_split[1]; + + } else { + target = ""; + target_subsector = null; + target_admin = target_full; + isAdminTarget = true; + } + } + targetFriendlyName = dbOAConfig.getTargetFriendlyName(); + } if (dbOAConfig.getType().equals(Constants.MOA_CONFIG_BUSINESSSERVICE)) businessService = true; @@ -127,16 +185,32 @@ public class OAGeneralConfig { IdentificationNumber idnumber = oaauth.getIdentificationNumber(); if (idnumber != null) { - identificationNumber = idnumber.getValue(); + String number = idnumber.getValue(); + if (MiscUtil.isNotEmpty(number)) { + String[] split = number.split("\\+"); + + if (Constants.PREFIX_WPBK.startsWith(split[0]) && split.length >= 2) { + identificationType = split[1]; + identificationNumber = split[2]; + } + } } Mandates mandates = oaauth.getMandates(); if (mandates != null) { - mandateProfiles = mandates.getProfiles(); + + if (MiscUtil.isNotEmpty(mandates.getProfiles())) { + mandateProfiles = mandates.getProfiles(); + useMandates = true; + + } else { + mandateProfiles = new String(); + useMandates = false; + } + + } - slVersion = oaauth.getSlVersion(); - TemplatesType templates = oaauth.getTemplates(); if (templates != null) { aditionalAuthBlockText = templates.getAditionalAuthBlockText(); @@ -162,12 +236,9 @@ public class OAGeneralConfig { transformations.put(el.getFilename(), el.getTransformation()); } - useIFrame = oaauth.isUseIFrame(); - useUTC = oaauth.isUseUTC(); } - - + isHideBPKAuthBlock = dbOAConfig.isRemoveBPKFromAuthBlock(); } @@ -243,30 +314,6 @@ public class OAGeneralConfig { this.isActive = isActive; } - public String getSlVersion() { - return slVersion; - } - - public void setSlVersion(String slVersion) { - this.slVersion = slVersion; - } - - public boolean isUseIFrame() { - return useIFrame; - } - - public void setUseIFrame(boolean useIFrame) { - this.useIFrame = useIFrame; - } - - public boolean isUseUTC() { - return useUTC; - } - - public void setUseUTC(boolean useUTC) { - this.useUTC = useUTC; - } - public boolean isBusinessService() { return businessService; } @@ -461,6 +508,101 @@ public class OAGeneralConfig { SLTemplates.add(sLTemplateURL3); } + + /** + * @return the target_subsector + */ + public String getTarget_subsector() { + return target_subsector; + } + + + /** + * @param target_subsector the target_subsector to set + */ + public void setTarget_subsector(String target_subsector) { + this.target_subsector = target_subsector; + } + + + /** + * @return the target_admin + */ + public String getTarget_admin() { + return target_admin; + } + + + /** + * @param target_admin the target_admin to set + */ + public void setTarget_admin(String target_admin) { + this.target_admin = target_admin; + } + + + /** + * @return the targetList + */ + public List<String> getTargetList() { + return targetList; + } + + + /** + * @return the identificationTypeList + */ + public List<String> getIdentificationTypeList() { + return identificationTypeList; + } + + + /** + * @return the isAdminTarget + */ + public boolean isAdminTarget() { + return isAdminTarget; + } + + + /** + * @param isAdminTarget the isAdminTarget to set + */ + public void setAdminTarget(boolean isAdminTarget) { + this.isAdminTarget = isAdminTarget; + } + + + /** + * @return the isHideBPKAuthBlock + */ + public boolean isHideBPKAuthBlock() { + return isHideBPKAuthBlock; + } + + + /** + * @param isHideBPKAuthBlock the isHideBPKAuthBlock to set + */ + public void setHideBPKAuthBlock(boolean isHideBPKAuthBlock) { + this.isHideBPKAuthBlock = isHideBPKAuthBlock; + } + + + /** + * @return the useMandates + */ + public boolean isUseMandates() { + return useMandates; + } + + + /** + * @param useMandates the useMandates to set + */ + public void setUseMandates(boolean useMandates) { + this.useMandates = useMandates; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAOAuth20Config.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAOAuth20Config.java new file mode 100644 index 000000000..347628481 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAOAuth20Config.java @@ -0,0 +1,109 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egovernment.moa.id.configuration.data.oa; + +import java.util.ArrayList; +import java.util.List; +import java.util.UUID; + +import org.apache.commons.lang.StringUtils; +import org.apache.log4j.Logger; + +import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; +import at.gv.egovernment.moa.id.commons.db.dao.config.OAOAUTH20; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util; + +public class OAOAuth20Config { + + private final Logger log = Logger.getLogger(OAOAuth20Config.class); + + private String clientId = null; + private String clientSecret = null; + private String redirectUri = null; + + public OAOAuth20Config() { + } + + public List<String> parse(OnlineApplication dbOAConfig) { + List<String> errors = new ArrayList<String>(); + + AuthComponentOA authdata = dbOAConfig.getAuthComponentOA(); + if (authdata != null) { + // set client id to public url prefix + this.clientId = dbOAConfig.getPublicURLPrefix(); + + OAOAUTH20 config = authdata.getOAOAUTH20(); + + if (config != null) { + // validate secret + if (StringUtils.isNotEmpty(config.getOAuthClientSecret())) { + this.clientSecret = config.getOAuthClientSecret(); + } else { + this.generateClientSecret(); + } + + // validate redirectUri + if (StringUtils.isNotEmpty(config.getOAuthRedirectUri()) && OAuth20Util.isUrl(config.getOAuthRedirectUri())) { + this.redirectUri = config.getOAuthRedirectUri(); + } else { + errors.add(LanguageHelper.getErrorString("error.oa.oauth.redirecturi")); + } + } else { + this.generateClientSecret(); + } + } + + return errors; + } + + public String getClientId() { + return clientId; + } + + public void setClientId(String clientId) { + this.clientId = clientId; + } + + public String getClientSecret() { + return clientSecret; + } + + public void setClientSecret(String clientSecret) { + this.clientSecret = clientSecret; + } + + public String getRedirectUri() { + return redirectUri; + } + + public void setRedirectUri(String redirectUri) { + this.redirectUri = redirectUri; + } + + public void generateClientSecret() { + this.clientSecret = UUID.randomUUID().toString(); + } + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAPVP2Config.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAPVP2Config.java index fdce518a7..0a03ac77b 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAPVP2Config.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAPVP2Config.java @@ -1,8 +1,29 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.data.oa; import java.io.File; import java.io.FileInputStream; -import java.io.FileNotFoundException; import java.io.IOException; import java.security.cert.CertificateException; import java.util.ArrayList; @@ -15,7 +36,6 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; -import at.gv.egovernment.moa.id.configuration.struts.action.EditOAAction; import at.gv.egovernment.moa.util.MiscUtil; public class OAPVP2Config { diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASAML1Config.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASAML1Config.java index 687a06b9e..cdfb20294 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASAML1Config.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASAML1Config.java @@ -1,3 +1,25 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.data.oa; import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; @@ -6,6 +28,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; public class OASAML1Config { + private boolean isActive = false; private boolean provideStammZahl = false; private boolean provideAuthBlock = false; private boolean provideIdentityLink = false; @@ -28,8 +51,15 @@ public class OASAML1Config { provideFullMandateData = saml1.isProvideFullMandatorData(); provideIdentityLink = saml1.isProvideIdentityLink(); provideStammZahl = saml1.isProvideStammzahl(); - useCondition = saml1.isUseCondition(); - conditionLength = saml1.getConditionLength().intValue(); + + if (saml1.isUseCondition() != null) + useCondition = saml1.isUseCondition(); + + if (saml1.getConditionLength() != null) + conditionLength = saml1.getConditionLength().intValue(); + + if (saml1.isIsActive() != null) + isActive = saml1.isIsActive(); } } } @@ -76,6 +106,21 @@ public class OASAML1Config { public void setConditionLength(int conditionLength) { this.conditionLength = conditionLength; } + + /** + * @return the isActive + */ + public boolean isActive() { + return isActive; + } + + /** + * @param isActive the isActive to set + */ + public void setActive(boolean isActive) { + this.isActive = isActive; + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASSOConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASSOConfig.java index 0241b6a04..593c2291f 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASSOConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASSOConfig.java @@ -1,3 +1,25 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.data.oa; import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java index 74edde653..d7c71105d 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java @@ -1,3 +1,25 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.data.oa; public class OASTORKConfig { diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/pvp2/ContactForm.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/pvp2/ContactForm.java index fe685e6d0..a2d6d8775 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/pvp2/ContactForm.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/pvp2/ContactForm.java @@ -1,3 +1,25 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.data.pvp2; import java.util.ArrayList; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/exception/ConfigurationException.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/exception/ConfigurationException.java index e83bf6997..358151d23 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/exception/ConfigurationException.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/exception/ConfigurationException.java @@ -1,3 +1,25 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.exception; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; @@ -14,4 +36,8 @@ public class ConfigurationException extends Exception { super(LanguageHelper.getErrorString(errorname), e); } + public ConfigurationException(Throwable e) { + super(e); + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java index 7dac458ca..0d52234bc 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java @@ -1,7 +1,28 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.filter; import java.io.IOException; -import java.io.PrintWriter; import java.util.ArrayList; import java.util.StringTokenizer; import java.util.regex.Pattern; @@ -129,7 +150,7 @@ public class AuthenticationFilter implements Filter{ if (authuser == null) { - authuser = new AuthenticatedUser(0, "Max", "TestUser", "maxtestuser", true, true); + authuser = new AuthenticatedUser(0, "Max", "TestUser", null, "maxtestuser", true, true, false, false); //authuser = new AuthenticatedUser(1, "Max", "TestUser", true, false); httpServletRequest.getSession().setAttribute(Constants.SESSION_AUTH, authuser); } @@ -147,24 +168,14 @@ public class AuthenticationFilter implements Filter{ } } else { - //check login Daten - - //loginPageForward = true; - - if (MiscUtil.isNotEmpty(getAuthenticatedPage())) { log.debug("Unable to find authentication data. Authenticated page is given so there is no need to save original request url. " + (loginPageForward ? "Forwarding" : "Redirecting") + " to login page \"" + loginPage + "\"."); - - } else { log.debug("Unable to find authentication data. Storing request url and " + (loginPageForward ? "forwarding" : "redirecting") + " to login page \"" + loginPage + "\"."); - // TODO: save HttpServletRequest - // log.debug("new CustomHttpServletRequest(request).toString() = - // {}", new - // CustomHttpServletRequest(httpServletRequest).toString()); session.setAttribute(STORED_REQUEST_URL_ID, requestURL); + } if (loginPageForward) { @@ -184,7 +195,7 @@ public class AuthenticationFilter implements Filter{ filterchain.doFilter(req, resp); } catch (Exception e) { - + // String redirectURL = "./index.action"; // HttpServletResponse httpResp = (HttpServletResponse) resp; // redirectURL = httpResp.encodeRedirectURL(redirectURL); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/AuthenticationHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/AuthenticationHelper.java index b2f1b106f..4d47d8d96 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/AuthenticationHelper.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/AuthenticationHelper.java @@ -1,3 +1,25 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.helper; import java.security.spec.KeySpec; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/DateTimeHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/DateTimeHelper.java new file mode 100644 index 000000000..eed4aa32f --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/DateTimeHelper.java @@ -0,0 +1,59 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egovernment.moa.id.configuration.helper; + +import java.text.ParseException; +import java.text.SimpleDateFormat; +import java.util.Date; + +import org.apache.log4j.Logger; + +import at.gv.egovernment.moa.util.MiscUtil; + +public class DateTimeHelper { + + private static final Logger log = Logger.getLogger(DateTimeHelper.class); + + private static final String DATETIMEPATTERN = "dd.MM.yyy HH:mm"; + + public static String getDateTime(Date date) { + SimpleDateFormat f = new SimpleDateFormat(DATETIMEPATTERN); + return f.format(date); + } + + public static Date parseDateTime(String date) { + SimpleDateFormat f = new SimpleDateFormat(DATETIMEPATTERN); + + if (MiscUtil.isNotEmpty(date)) { + + try { + return f.parse(date); + + } catch (ParseException e) { + log.warn("Parse DATETIME String " + date + " failed", e); + + } + } + return null; + } +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java new file mode 100644 index 000000000..d3a9ffcd4 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java @@ -0,0 +1,75 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egovernment.moa.id.configuration.helper; + +import java.util.ArrayList; +import java.util.List; + +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; +import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; +import at.gv.egovernment.moa.id.configuration.data.OAListElement; + +public class FormDataHelper { + + public static ArrayList<OAListElement> addFormOAs(List<OnlineApplication> dbOAs) { + + ArrayList<OAListElement> formOAs = new ArrayList<OAListElement>(); + + for (OnlineApplication dboa : dbOAs) { + OAListElement listoa = new OAListElement(); + listoa.setActive(dboa.isIsActive()); + listoa.setDataBaseID(dboa.getHjid()); + listoa.setOaFriendlyName(dboa.getFriendlyName()); + listoa.setOaIdentifier(dboa.getPublicURLPrefix()); + listoa.setOaType(dboa.getType()); + formOAs.add(listoa); + } + + return formOAs; + } + + public static ArrayList<AuthenticatedUser> addFormUsers(List<UserDatabase> dbuserlist) { + ArrayList<AuthenticatedUser> userlist = new ArrayList<AuthenticatedUser>(); + + for (UserDatabase dbuser : dbuserlist) { + + boolean ismandate = false; + if (dbuser.isIsMandateUser() != null) + ismandate = dbuser.isIsMandateUser(); + + + userlist.add(new AuthenticatedUser( + dbuser.getHjid(), + dbuser.getGivenname(), + dbuser.getFamilyname(), + dbuser.getInstitut(), + dbuser.getUsername(), + dbuser.isIsActive(), + dbuser.isIsAdmin(), + ismandate, + false)); + } + return userlist; + } +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/LanguageHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/LanguageHelper.java index 08f200c50..a2f0628eb 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/LanguageHelper.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/LanguageHelper.java @@ -1,3 +1,25 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.helper; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java new file mode 100644 index 000000000..6f1112e2e --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java @@ -0,0 +1,275 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egovernment.moa.id.configuration.helper; + +import java.io.File; +import java.io.FileInputStream; +import java.io.InputStream; +import java.io.StringWriter; +import java.io.UnsupportedEncodingException; +import java.text.SimpleDateFormat; +import java.util.Date; +import java.util.Properties; + +import javax.mail.BodyPart; +import javax.mail.Message; +import javax.mail.MessagingException; +import javax.mail.Session; +import javax.mail.Transport; +import javax.mail.internet.InternetAddress; +import javax.mail.internet.MimeBodyPart; +import javax.mail.internet.MimeMessage; +import javax.mail.internet.MimeMultipart; + +import org.apache.commons.io.IOUtils; +import org.apache.log4j.Logger; + +import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; +import at.gv.egovernment.moa.id.configuration.Constants; +import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; +import at.gv.egovernment.moa.util.MiscUtil; + +public class MailHelper { + + private static final Logger log = Logger.getLogger(MailHelper.class); + + private static final String PATTERN_GIVENNAME = "#GIVENNAME#"; + private static final String PATTERN_FAMILYNAME = "#FAMILYNAME#"; + private static final String PATTERN_URL = "#MANDATE_SERVICE_LINK#"; + private static final String PATTERN_DATE = "#TODAY_DATE#"; + private static final String PATTERN_OPENOAS = "#NUMBER_OAS#"; + private static final String PATTERN_OPENUSERS = "#NUMBER_USERSS#"; + private static final String PATTERN_OANAME = "#OANAME#"; + + public static void sendUserMailAddressVerification(UserDatabase userdb) throws ConfigurationException { + + ConfigurationProvider config = ConfigurationProvider.getInstance(); + String templateurl = config.getMailUserAcountVerificationTemplate(); + + String template = readTemplateFromURL(templateurl); + + if (userdb.isIsMandateUser()) { + template = template.replace(PATTERN_GIVENNAME, userdb.getInstitut()); + template = template.replace(PATTERN_FAMILYNAME, ""); + + } else { + template = template.replace(PATTERN_GIVENNAME, userdb.getGivenname()); + template = template.replace(PATTERN_FAMILYNAME, userdb.getFamilyname()); + } + + SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy"); + template = template.replace(PATTERN_DATE, dateformat.format(new Date())); + + String verificationURL = config.getPublicUrlPreFix(null); + + if (!verificationURL.endsWith("/")) + verificationURL = verificationURL + "/"; + + verificationURL = verificationURL + Constants.SERVLET_ACCOUNTVERIFICATION + + "?" + Constants.REQUEST_USERREQUESTTOKKEN + + "=" + userdb.getUserRequestTokken(); + template = template.replace(PATTERN_URL, verificationURL); + + sendMail(config, config.getMailUserAcountVerificationSubject(), + userdb.getMail(), template); + + } + + public static void sendAdminMail(int numOpenOAs, int numOpenUsers) throws ConfigurationException { + ConfigurationProvider config = ConfigurationProvider.getInstance(); + String templateurl = config.getMailAdminTemplate(); + + String template = readTemplateFromURL(templateurl); + template = template.replace(PATTERN_OPENOAS, String.valueOf(numOpenOAs)); + template = template.replace(PATTERN_OPENUSERS, String.valueOf(numOpenUsers)); + + SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy"); + template = template.replace(PATTERN_DATE, dateformat.format(new Date())); + + sendMail(config, config.getMailAdminSubject(), config.getMailAdminAddress(), template); + + } + + public static void sendUserAccountActivationMail(String givenname, String familyname, String institut, String mailurl) throws ConfigurationException { + ConfigurationProvider config = ConfigurationProvider.getInstance(); + String templateurl = config.getMailUserAcountActivationTemplate(); + + String template = readTemplateFromURL(templateurl); + if (MiscUtil.isNotEmpty(institut)) { + template = template.replace(PATTERN_GIVENNAME, institut); + template = template.replace(PATTERN_FAMILYNAME, ""); + + } else { + template = template.replace(PATTERN_GIVENNAME, givenname); + template = template.replace(PATTERN_FAMILYNAME, familyname); + } + + + SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy"); + template = template.replace(PATTERN_DATE, dateformat.format(new Date())); + + String verificationURL = config.getPublicUrlPreFix(null); + if (!verificationURL.endsWith("/")) + verificationURL = verificationURL + "/"; + + template = template.replace(PATTERN_URL, verificationURL); + + sendMail(config, config.getMailUserAcountActivationSubject(), + mailurl, template); + } + + public static void sendUserOnlineApplicationActivationMail(String givenname, String familyname, String institut, String oaname, String mailurl) throws ConfigurationException { + ConfigurationProvider config = ConfigurationProvider.getInstance(); + String templateurl = config.getMailOAActivationTemplate(); + + String template = readTemplateFromURL(templateurl); + if (MiscUtil.isNotEmpty(institut)) { + template = template.replace(PATTERN_GIVENNAME, institut); + template = template.replace(PATTERN_FAMILYNAME, ""); + + } else { + template = template.replace(PATTERN_GIVENNAME, givenname); + template = template.replace(PATTERN_FAMILYNAME, familyname); + } + + template = template.replace(PATTERN_OANAME, oaname); + + SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy"); + template = template.replace(PATTERN_DATE, dateformat.format(new Date())); + + String verificationURL = config.getPublicUrlPreFix(null); + if (!verificationURL.endsWith("/")) + verificationURL = verificationURL + "/"; + + template = template.replace(PATTERN_URL, verificationURL); + + sendMail(config, config.getMailOAActivationSubject(), + mailurl, template); + } + + public static void sendUserAccountRevocationMail(UserDatabase userdb) throws ConfigurationException { + ConfigurationProvider config = ConfigurationProvider.getInstance(); + String templateurl = config.getMailUserAcountRevocationTemplate(); + + String template = readTemplateFromURL(templateurl); + + if (userdb.isIsMandateUser()) { + template = template.replace(PATTERN_GIVENNAME, userdb.getInstitut()); + template = template.replace(PATTERN_FAMILYNAME, ""); + + } else { + template = template.replace(PATTERN_GIVENNAME, userdb.getGivenname()); + template = template.replace(PATTERN_FAMILYNAME, userdb.getFamilyname()); + } + + SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy"); + template = template.replace(PATTERN_DATE, dateformat.format(new Date())); + + sendMail(config, config.getMailUserAcountActivationSubject(), + userdb.getMail(), template); + } + + private static String readTemplateFromURL(String templateurl) throws ConfigurationException { + InputStream input; + try { + File file = new File(templateurl); + input = new FileInputStream(file); + StringWriter writer = new StringWriter(); + IOUtils.copy(input, writer); + input.close(); + return writer.toString(); + + } catch (Exception e) { + log.warn("Mailtemplate can not be read from source" + templateurl); + throw new ConfigurationException("Mailtemplate can not be read from source" + templateurl); + + } + } + + private static void sendMail(ConfigurationProvider config, String subject, String recipient, String content) throws ConfigurationException { + try { + log.debug("Sending mail."); + MiscUtil.assertNotNull(subject, "subject"); + MiscUtil.assertNotNull(recipient, "recipient"); + MiscUtil.assertNotNull(content, "content"); + + Properties props = new Properties(); + props.setProperty("mail.transport.protocol", "smtp"); + props.setProperty("mail.host", config.getSMTPMailHost()); + log.trace("Mail host: " + config.getSMTPMailHost()); + if (config.getSMTPMailPort() != null) { + log.trace("Mail port: " + config.getSMTPMailPort()); + props.setProperty("mail.port", config.getSMTPMailPort()); + } + if (config.getSMTPMailUsername() != null) { + log.trace("Mail user: " + config.getSMTPMailUsername()); + props.setProperty("mail.user", config.getSMTPMailUsername()); + } + if (config.getSMTPMailPassword() != null) { + log.trace("Mail password: " + config.getSMTPMailPassword()); + props.setProperty("mail.password", config.getSMTPMailPassword()); + } + + Session mailSession = Session.getDefaultInstance(props, null); + Transport transport = mailSession.getTransport(); + + MimeMessage message = new MimeMessage(mailSession); + message.setSubject(subject); + log.trace("Mail from: " + config.getMailFromName() + "/" + config.getMailFromAddress()); + message.setFrom(new InternetAddress(config.getMailFromAddress(), config.getMailFromName())); + log.trace("Recipient: " + recipient); + message.addRecipient(Message.RecipientType.TO, new InternetAddress(recipient)); + + log.trace("Creating multipart content of mail."); + MimeMultipart multipart = new MimeMultipart("related"); + + log.trace("Adding first part (html)"); + BodyPart messageBodyPart = new MimeBodyPart(); + messageBodyPart.setContent(content, "text/html; charset=ISO-8859-15"); + multipart.addBodyPart(messageBodyPart); + +// log.trace("Adding mail images"); +// messageBodyPart = new MimeBodyPart(); +// for (Image image : images) { +// messageBodyPart.setDataHandler(new DataHandler(image)); +// messageBodyPart.setHeader("Content-ID", "<" + image.getContentId() + ">"); +// multipart.addBodyPart(messageBodyPart); +// } + + message.setContent(multipart); + transport.connect(); + log.trace("Sending mail message."); + transport.sendMessage(message, message.getRecipients(Message.RecipientType.TO)); + log.trace("Successfully sent."); + transport.close(); + + } catch(MessagingException e) { + throw new ConfigurationException(e); + + } catch (UnsupportedEncodingException e) { + throw new ConfigurationException(e); + + } + } +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/StringHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/StringHelper.java index 8abb0be86..43fc78821 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/StringHelper.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/StringHelper.java @@ -1,3 +1,25 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.helper; public class StringHelper { diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java index da87a197f..f1a8c8694 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java @@ -1,14 +1,38 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.struts.action; import java.math.BigInteger; import java.util.ArrayList; import java.util.Arrays; +import java.util.Date; import java.util.List; import java.util.Map; import java.util.Set; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; import org.apache.log4j.Logger; import org.apache.struts2.interceptor.ServletRequestAware; @@ -26,9 +50,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.ForeignIdentities; import at.gv.egovernment.moa.id.commons.db.dao.config.GeneralConfiguration; import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; import at.gv.egovernment.moa.id.commons.db.dao.config.IdentityLinkSigners; -import at.gv.egovernment.moa.id.commons.db.dao.config.IdentityLinkSignersX509SubjectNameItem; import at.gv.egovernment.moa.id.commons.db.dao.config.LegacyAllowed; -import at.gv.egovernment.moa.id.commons.db.dao.config.LegacyAllowedProtocolNameItem; import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; import at.gv.egovernment.moa.id.commons.db.dao.config.MOASP; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineMandates; @@ -43,7 +65,6 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.TimeOuts; import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType; import at.gv.egovernment.moa.id.commons.db.dao.config.TrustAnchor; import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyAuthBlock; -import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyAuthBlockVerifyTransformsInfoProfileIDItem; import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyIdentityLink; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.configuration.Constants; @@ -51,7 +72,7 @@ import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.data.GeneralMOAIDConfig; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.validation.moaconfig.MOAConfigValidator; -import at.gv.egovernment.moa.id.configuration.validation.moaconfig.PVP2ContactValidator; +import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.util.MiscUtil; import com.opensymphony.xwork2.ActionSupport; @@ -63,15 +84,20 @@ public class EditGeneralConfigAction extends ActionSupport private static final long serialVersionUID = 1L; private HttpServletRequest request; - private HttpServletResponse response; private AuthenticatedUser authUser; - private GeneralMOAIDConfig moaconfig; + private String formID; + public String loadConfig() { + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } - Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); authUser = (AuthenticatedUser) authUserObj; if (authUser.isAdmin()) { @@ -83,6 +109,9 @@ public class EditGeneralConfigAction extends ActionSupport ConfigurationDBUtils.closeSession(); + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_SUCCESS; } else { @@ -92,11 +121,30 @@ public class EditGeneralConfigAction extends ActionSupport } public String saveConfig() { + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } - Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); - + Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); authUser = (AuthenticatedUser) authUserObj; + Object formidobj = session.getAttribute(Constants.SESSION_FORMID); + if (formidobj != null && formidobj instanceof String) { + String formid = (String) formidobj; + if (!formid.equals(formID)) { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + } else { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + session.setAttribute(Constants.SESSION_FORMID, null); + if (authUser.isAdmin()) { MOAConfigValidator validator = new MOAConfigValidator(); @@ -108,6 +156,8 @@ public class EditGeneralConfigAction extends ActionSupport for (String el : errors) addActionError(el); + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); return Constants.STRUTS_ERROR_VALIDATION; } @@ -456,7 +506,9 @@ public class EditGeneralConfigAction extends ActionSupport dbconfig.setTrustedCACertificates(moaconfig.getTrustedCACerts()); //save config - try { + try { + dbconfig.setTimestampItem(new Date()); + ConfigurationDBUtils.save(dbconfig); if (oldconfig != null) @@ -473,8 +525,7 @@ public class EditGeneralConfigAction extends ActionSupport } public void setServletResponse(HttpServletResponse response) { - this.response = response; - +// this.response = response; } public void setServletRequest(HttpServletRequest request) { @@ -502,6 +553,20 @@ public class EditGeneralConfigAction extends ActionSupport public void setMoaconfig(GeneralMOAIDConfig moaconfig) { this.moaconfig = moaconfig; } + + /** + * @return the formID + */ + public String getFormID() { + return formID; + } + + /** + * @param formID the formID to set + */ + public void setFormID(String formID) { + this.formID = formID; + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java index 297d80726..5366aff23 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java @@ -1,25 +1,62 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.struts.action; +import iaik.utils.URLDecoder; + +import java.io.ByteArrayInputStream; +import java.io.File; +import java.io.FileInputStream; import java.io.IOException; +import java.io.InputStream; import java.math.BigInteger; import java.security.cert.CertificateException; import java.util.ArrayList; +import java.util.Date; +import java.util.HashMap; import java.util.List; +import java.util.Map; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; import org.apache.log4j.Logger; import org.apache.struts2.interceptor.ServletRequestAware; import org.apache.struts2.interceptor.ServletResponseAware; +import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; +import at.gv.egovernment.moa.id.commons.db.dao.config.BKUSelectionCustomizationType; import at.gv.egovernment.moa.id.commons.db.dao.config.BKUURLS; +import at.gv.egovernment.moa.id.commons.db.dao.config.DefaultBKUs; import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; +import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; import at.gv.egovernment.moa.id.commons.db.dao.config.MOAKeyBoxSelector; import at.gv.egovernment.moa.id.commons.db.dao.config.Mandates; +import at.gv.egovernment.moa.id.commons.db.dao.config.OAOAUTH20; import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1; import at.gv.egovernment.moa.id.commons.db.dao.config.OASSO; @@ -33,50 +70,76 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; +import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.configuration.data.FormularCustomization; import at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig; +import at.gv.egovernment.moa.id.configuration.data.oa.OAOAuth20Config; import at.gv.egovernment.moa.id.configuration.data.oa.OAPVP2Config; import at.gv.egovernment.moa.id.configuration.data.oa.OASAML1Config; import at.gv.egovernment.moa.id.configuration.data.oa.OASSOConfig; import at.gv.egovernment.moa.id.configuration.data.oa.OASTORKConfig; +import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import at.gv.egovernment.moa.id.configuration.helper.MailHelper; +import at.gv.egovernment.moa.id.configuration.validation.FormularCustomizationValitator; +import at.gv.egovernment.moa.id.configuration.validation.TargetValidator; import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.validation.oa.OAGeneralConfigValidation; +import at.gv.egovernment.moa.id.configuration.validation.oa.OAOAUTH20ConfigValidation; import at.gv.egovernment.moa.id.configuration.validation.oa.OAPVP2ConfigValidation; import at.gv.egovernment.moa.id.configuration.validation.oa.OASAML1ConfigValidation; import at.gv.egovernment.moa.id.configuration.validation.oa.OASSOConfigValidation; import at.gv.egovernment.moa.id.configuration.validation.oa.OASTORKConfigValidation; +import at.gv.egovernment.moa.id.util.FormBuildUtils; +import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.util.MiscUtil; import com.opensymphony.xwork2.ActionSupport; -public class EditOAAction extends ActionSupport implements ServletRequestAware, -ServletResponseAware { - +public class EditOAAction extends ActionSupport implements ServletRequestAware, ServletResponseAware { + private final Logger log = Logger.getLogger(EditOAAction.class); private static final long serialVersionUID = 1L; - + private HttpServletRequest request; private HttpServletResponse response; - private AuthenticatedUser authUser; + private AuthenticatedUser authUser; private String oaidobj; private boolean newOA; + private String formID; + + private boolean onlyBusinessService = false; + private boolean subTargetSet = false; + private boolean deaktivededBusinessService = false; + private boolean isMetaDataRefreshRequired = false; + + private String nextPage; private OAGeneralConfig generalOA = new OAGeneralConfig(); private OAPVP2Config pvp2OA = new OAPVP2Config(); private OASAML1Config saml1OA = new OASAML1Config(); private OASSOConfig ssoOA = new OASSOConfig(); + private OAOAuth20Config oauth20OA = new OAOAuth20Config(); private OASTORKConfig storkOA; + private FormularCustomization formOA = new FormularCustomization(); - //STRUTS actions + private InputStream stream; + + // STRUTS actions public String inital() { + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } - Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); authUser = (AuthenticatedUser) authUserObj; - + long oaid = -1; if (!ValidationHelper.validateOAID(oaidobj)) { @@ -84,38 +147,65 @@ ServletResponseAware { return Constants.STRUTS_ERROR; } oaid = Long.valueOf(oaidobj); - - OnlineApplication onlineapplication = null;; + + UserDatabase userdb = null; + OnlineApplication onlineapplication = null; + if (authUser.isAdmin()) onlineapplication = ConfigurationDBRead.getOnlineApplication(oaid); + else { - UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID()); + userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID()); + + if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) { + log.info("Online-Applikation managemant disabled. Mail address is not verified."); + addActionError(LanguageHelper.getErrorString("error.editoa.mailverification")); + return Constants.STRUTS_SUCCESS; + } + + // TODO: change to direct Database operation List<OnlineApplication> oas = userdb.getOnlineApplication(); for (OnlineApplication oa : oas) { if (oa.getHjid() == oaid) { onlineapplication = oa; break; } - } + } if (onlineapplication == null) { addActionError(LanguageHelper.getErrorString("errors.edit.oa.oaid", request)); return Constants.STRUTS_ERROR; } } - + generalOA.parse(onlineapplication); ssoOA.parse(onlineapplication); saml1OA.parse(onlineapplication); + oauth20OA.parse(onlineapplication); + session.setAttribute(Constants.SESSION_OAUTH20SECRET, this.oauth20OA.getClientSecret()); + + Map<String, String> map = new HashMap<String, String>(); + map.putAll(FormBuildUtils.getDefaultMap()); + formOA.parse(onlineapplication, map); + + session.setAttribute(Constants.SESSION_BKUFORMPREVIEW, map); + List<String> errors = pvp2OA.parse(onlineapplication); if (errors.size() > 0) { for (String el : errors) - addActionError(el); + addActionError(el); } + subTargetSet = MiscUtil.isNotEmpty(generalOA.getTarget_subsector()); + + // set UserSpezific OA Parameters + if (!authUser.isAdmin()) generateUserSpecificConfigurationOptions(userdb); + ConfigurationDBUtils.closeSession(); - - request.getSession().setAttribute(Constants.SESSION_OAID, oaid); + session.setAttribute(Constants.SESSION_OAID, oaid); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); newOA = false; @@ -125,44 +215,108 @@ ServletResponseAware { public String newOA() { log.debug("insert new Online-Application"); - request.getSession().setAttribute(Constants.SESSION_OAID, null); + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } + + session.setAttribute(Constants.SESSION_OAID, null); + nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); - Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); authUser = (AuthenticatedUser) authUserObj; - + + UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID()); + + if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) { + log.info("Online-Applikation managemant disabled. Mail address is not verified."); + addActionError(LanguageHelper.getErrorString("error.editoa.mailverification")); + return Constants.STRUTS_SUCCESS; + } + + MOAIDConfiguration moaidconfig = ConfigurationDBRead.getMOAIDConfiguration(); + if (moaidconfig != null) { + DefaultBKUs defaultbkus = moaidconfig.getDefaultBKUs(); + if (defaultbkus != null) { + generalOA.setBkuHandyURL(defaultbkus.getHandyBKU()); + generalOA.setBkuLocalURL(defaultbkus.getLocalBKU()); + generalOA.setBkuOnlineURL(defaultbkus.getOnlineBKU()); + } + } + + // set UserSpezific OA Parameters + if (!authUser.isAdmin()) generateUserSpecificConfigurationOptions(userdb); + + ConfigurationDBUtils.closeSession(); + newOA = true; + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + session.setAttribute(Constants.SESSION_BKUFORMPREVIEW, null); + + this.oauth20OA.generateClientSecret(); + session.setAttribute(Constants.SESSION_OAUTH20SECRET, this.oauth20OA.getClientSecret()); return Constants.STRUTS_OA_EDIT; } public String saveOA() { - - Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } + Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); authUser = (AuthenticatedUser) authUserObj; - + + Object formidobj = session.getAttribute(Constants.SESSION_FORMID); + if (formidobj != null && formidobj instanceof String) { + String formid = (String) formidobj; + if (!formid.equals(formID)) { + log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() + + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + } else { + log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() + + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + session.setAttribute(Constants.SESSION_FORMID, null); + + UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID()); + if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) { + log.info("Online-Applikation managemant disabled. Mail address is not verified."); + addActionError(LanguageHelper.getErrorString("error.editoa.mailverification")); + return Constants.STRUTS_SUCCESS; + } + OnlineApplication onlineapplication = null; List<String> errors = new ArrayList<String>(); Object oadbid = request.getSession().getAttribute(Constants.SESSION_OAID); Long oaid = (long) -1; - if (oadbid != null ) { + if (oadbid != null) { try { - oaid = (Long) oadbid; + oaid = (Long) oadbid; if (oaid < 0 || oaid > Long.MAX_VALUE) { addActionError(LanguageHelper.getErrorString("errors.edit.oa.oaid", request)); - return Constants.STRUTS_ERROR; + return Constants.STRUTS_ERROR; } - } catch (Throwable t) { + } + catch (Throwable t) { addActionError(LanguageHelper.getErrorString("errors.edit.oa.oaid", request)); - return Constants.STRUTS_ERROR; + return Constants.STRUTS_ERROR; } } - //valid DBID and check entry + // valid DBID and check entry String oaidentifier = generalOA.getIdentifier(); if (MiscUtil.isEmpty(oaidentifier)) { log.info("Empty OA identifier"); @@ -170,16 +324,16 @@ ServletResponseAware { } else { - //TODO: oaidentifier has to be a URL according to PVP2.1 specification - if (ValidationHelper.isValidOAIdentifier(oaidentifier)) { - log.warn("IdentificationNumber contains potentail XSS characters: " + oaidentifier); - errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.valid", - new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()} )); + if (!ValidationHelper.validateURL(oaidentifier)) { + log.warn("OnlineapplikationIdentifier is not a valid URL: " + oaidentifier); + errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.valid", + new Object[] { ValidationHelper.getNotValidOAIdentifierCharacters() })); } else { - + if (oaid == -1) { onlineapplication = ConfigurationDBRead.getOnlineApplication(oaidentifier); - if (onlineapplication != null) { + newOA = true; + if (onlineapplication != null) { log.info("The OAIdentifier is not unique"); errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.notunique")); } @@ -188,7 +342,7 @@ ServletResponseAware { onlineapplication = ConfigurationDBRead.getOnlineApplication(oaid); if (!oaidentifier.equals(onlineapplication.getPublicURLPrefix())) { - if (ConfigurationDBRead.getOnlineApplication(oaidentifier) != null) { + if (ConfigurationDBRead.getOnlineApplication(oaidentifier) != null) { log.info("The OAIdentifier is not unique"); errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.notunique")); } @@ -196,42 +350,149 @@ ServletResponseAware { } } } - - //check form + + // set UserSpezific OA Parameters + if (!authUser.isAdmin()) generateUserSpecificConfigurationOptions(userdb); + + // check form OAGeneralConfigValidation validatior_general = new OAGeneralConfigValidation(); OAPVP2ConfigValidation validatior_pvp2 = new OAPVP2ConfigValidation(); OASAML1ConfigValidation validatior_saml1 = new OASAML1ConfigValidation(); OASSOConfigValidation validatior_sso = new OASSOConfigValidation(); OASTORKConfigValidation validator_stork = new OASTORKConfigValidation(); + FormularCustomizationValitator validator_form = new FormularCustomizationValitator(); + OAOAUTH20ConfigValidation validatior_oauth20 = new OAOAUTH20ConfigValidation(); - errors.addAll(validatior_general.validate(generalOA, authUser.isAdmin())); + errors.addAll(validatior_general.validate(generalOA, authUser.isAdmin())); errors.addAll(validatior_pvp2.validate(pvp2OA)); errors.addAll(validatior_saml1.validate(saml1OA, generalOA)); errors.addAll(validatior_sso.validate(ssoOA, authUser.isAdmin())); - errors.addAll(validator_stork.validate(storkOA)); + errors.addAll(validator_stork.validate(storkOA)); + errors.addAll(validator_form.validate(formOA)); + errors.addAll(validatior_oauth20.validate(oauth20OA)); + + // Do not allow SSO in combination with special BKUSelection features + if (ssoOA.isUseSSO() && (formOA.isOnlyMandateAllowed() || !formOA.isShowMandateLoginButton())) { + log.warn("Special BKUSelection features can not be used in combination with SSO"); + errors.add(LanguageHelper.getErrorString("validation.general.bkuselection.specialfeatures.valid")); + } if (errors.size() > 0) { log.info("OAConfiguration with ID " + generalOA.getIdentifier() + " has some errors."); for (String el : errors) - addActionError(el); + addActionError(el); + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); return Constants.STRUTS_ERROR_VALIDATION; } else { - String error = saveOAConfigToDatabase(onlineapplication); + boolean newentry = false; + + if (onlineapplication == null) { + onlineapplication = new OnlineApplication(); + newentry = true; + onlineapplication.setIsActive(false); + + if (!authUser.isAdmin()) { + onlineapplication.setIsAdminRequired(true); + + } else + isMetaDataRefreshRequired = true; + + } else { + if (!authUser.isAdmin() && !onlineapplication.getPublicURLPrefix().equals(generalOA.getIdentifier())) { + + onlineapplication.setIsAdminRequired(true); + onlineapplication.setIsActive(false); + log.info("User with ID " + authUser.getUserID() + " change OA-PublicURLPrefix. Reaktivation is required."); + } + + } + + if ((onlineapplication.isIsAdminRequired() == null) + || (authUser.isAdmin() && generalOA.isActive() && onlineapplication.isIsAdminRequired())) { + + onlineapplication.setIsAdminRequired(false); + isMetaDataRefreshRequired = true; + + if (onlineapplication.getHjid() != null) userdb = ConfigurationDBRead.getUsersWithOADBID(onlineapplication.getHjid()); + + if (userdb != null && !userdb.isIsAdmin()) { + try { + MailHelper.sendUserOnlineApplicationActivationMail(userdb.getGivenname(), userdb.getFamilyname(), + userdb.getInstitut(), onlineapplication.getPublicURLPrefix(), userdb.getMail()); + } + catch (ConfigurationException e) { + log.warn("Sending Mail to User " + userdb.getMail() + " failed", e); + } + } + } + + if (pvp2OA.getMetaDataURL() != null) { + + try { + if (isMetaDataRefreshRequired + || !pvp2OA.getMetaDataURL().equals(onlineapplication.getAuthComponentOA().getOAPVP2().getMetadataURL())) { + + log.debug("Set PVP2 Metadata refresh flag."); + MOAIDConfiguration moaconfig = ConfigurationDBRead.getMOAIDConfiguration(); + moaconfig.setPvp2RefreshItem(new Date()); + ConfigurationDBUtils.saveOrUpdate(moaconfig); + + } + } + catch (Throwable e) { + log.info("Found no MetadataURL in OA-Databaseconfig!", e); + } + + } + + String error = saveOAConfigToDatabase(onlineapplication, newentry); if (MiscUtil.isNotEmpty(error)) { log.warn("OA configuration can not be stored!"); - addActionError(error); + addActionError(error); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); return Constants.STRUTS_ERROR_VALIDATION; } } - + Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA); + if (nextPageAttr != null && nextPageAttr instanceof String) { + nextPage = (String) nextPageAttr; + session.setAttribute(Constants.SESSION_RETURNAREA, null); + + } else { + nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); + } - request.getSession().setAttribute(Constants.SESSION_OAID, null); - addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.success", generalOA.getIdentifier(), request)); + if (onlineapplication.isIsAdminRequired()) { + int numoas = 0; + int numusers = 0; + + List<OnlineApplication> openOAs = ConfigurationDBRead.getAllNewOnlineApplications(); + if (openOAs != null) numoas = openOAs.size(); + + List<UserDatabase> openUsers = ConfigurationDBRead.getAllNewUsers(); + if (openUsers != null) numusers = openUsers.size(); + try { + + addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.success.admin", generalOA.getIdentifier(), request)); + + if (numusers > 0 || numoas > 0) MailHelper.sendAdminMail(numoas, numusers); + + } + catch (ConfigurationException e) { + log.warn("Sending Mail to Admin failed.", e); + } + + } else + addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.success", generalOA.getIdentifier(), request)); + request.getSession().setAttribute(Constants.SESSION_OAID, null); ConfigurationDBUtils.closeSession(); return Constants.STRUTS_SUCCESS; @@ -239,7 +500,22 @@ ServletResponseAware { public String cancleAndBackOA() { - request.getSession().setAttribute(Constants.SESSION_OAID, null); + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } + + Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA); + if (nextPageAttr != null && nextPageAttr instanceof String) { + nextPage = (String) nextPageAttr; + session.setAttribute(Constants.SESSION_RETURNAREA, null); + + } else { + nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); + } + + session.setAttribute(Constants.SESSION_OAID, null); addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.cancle", generalOA.getIdentifier(), request)); @@ -249,29 +525,82 @@ ServletResponseAware { } public String deleteOA() { + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } - Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); - + Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); authUser = (AuthenticatedUser) authUserObj; + Object formidobj = session.getAttribute(Constants.SESSION_FORMID); + if (formidobj != null && formidobj instanceof String) { + String formid = (String) formidobj; + if (!formid.equals(formID)) { + log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() + + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + } else { + log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() + + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + session.setAttribute(Constants.SESSION_FORMID, null); + + Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA); + if (nextPageAttr != null && nextPageAttr instanceof String) { + nextPage = (String) nextPageAttr; + + } else { + nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); + } + + UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID()); + if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) { + log.info("Online-Applikation managemant disabled. Mail address is not verified."); + addActionError(LanguageHelper.getErrorString("error.editoa.mailverification")); + return Constants.STRUTS_SUCCESS; + } + String oaidentifier = generalOA.getIdentifier(); if (MiscUtil.isEmpty(oaidentifier)) { log.info("Empty OA identifier"); addActionError(LanguageHelper.getErrorString("validation.general.oaidentifier.empty")); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); return Constants.STRUTS_ERROR_VALIDATION; } else { if (ValidationHelper.isValidOAIdentifier(oaidentifier)) { log.warn("IdentificationNumber contains potentail XSS characters: " + oaidentifier); - addActionError(LanguageHelper.getErrorString("validation.general.oaidentifier.valid", - new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()} )); + addActionError(LanguageHelper.getErrorString("validation.general.oaidentifier.valid", + new Object[] { ValidationHelper.getNotValidOAIdentifierCharacters() })); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); return Constants.STRUTS_ERROR_VALIDATION; } } - + OnlineApplication onlineapplication = ConfigurationDBRead.getOnlineApplication(oaidentifier); - request.getSession().setAttribute(Constants.SESSION_OAID, null); + + try { + if (MiscUtil.isNotEmpty(onlineapplication.getAuthComponentOA().getOAPVP2().getMetadataURL())) { + + MOAIDConfiguration moaconfig = ConfigurationDBRead.getMOAIDConfiguration(); + moaconfig.setPvp2RefreshItem(new Date()); + ConfigurationDBUtils.saveOrUpdate(moaconfig); + + } + } + catch (Throwable e) { + log.info("Found no MetadataURL in OA-Databaseconfig!", e); + } + if (ConfigurationDBUtils.delete(onlineapplication)) { if (!authUser.isAdmin()) { @@ -287,7 +616,8 @@ ServletResponseAware { try { ConfigurationDBUtils.saveOrUpdate(user); - } catch (MOADatabaseException e) { + } + catch (MOADatabaseException e) { log.warn("User information can not be updated in database", e); addActionError(LanguageHelper.getGUIString("error.db.oa.store", request)); return Constants.STRUTS_ERROR; @@ -303,107 +633,263 @@ ServletResponseAware { } else { ConfigurationDBUtils.closeSession(); addActionError(LanguageHelper.getGUIString("webpages.oaconfig.delete.error", generalOA.getIdentifier(), request)); - return Constants.STRUTS_SUCCESS; + return Constants.STRUTS_SUCCESS; } - - } - private String saveOAConfigToDatabase(OnlineApplication dboa) { + public String bkuFramePreview() { - boolean newentry = false; + String preview = null; - if (dboa == null) { - dboa = new OnlineApplication(); - newentry = true; - dboa.setIsActive(false); + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + preview = LanguageHelper.getErrorString("error.bkuformpreview.notpossible"); + + } else { + InputStream input = null; + + try { + Object mapobj = session.getAttribute(Constants.SESSION_BKUFORMPREVIEW); + if (mapobj != null && mapobj instanceof Map<?, ?>) { + + ConfigurationProvider config = ConfigurationProvider.getInstance(); + String templateURL = config.getConfigRootDir() + ConfigurationProvider.HTMLTEMPLATE_DIR + + ConfigurationProvider.HTMLTEMPLATE_FILE; + + File file = new File(templateURL); + input = new FileInputStream(file); + + String contextpath = config.getMOAIDInstanceURL(); + if (MiscUtil.isEmpty(contextpath)) { + log.info("NO MOA-ID instance URL configurated."); + throw new ConfigurationException("No MOA-ID instance configurated"); + } + + preview = LoginFormBuilder.getTemplate(input); + preview = preview.replace(LoginFormBuilder.CONTEXTPATH, contextpath); + + Map<String, String> map = (Map<String, String>) mapobj; + + request.setCharacterEncoding("UTF-8"); + + String module = request.getParameter(Constants.REQUEST_FORMCUSTOM_MODULE); + String value = request.getParameter(Constants.REQUEST_FORMCUSTOM_VALUE); + + if (value != null) { + String[] query = URLDecoder.decode(request.getQueryString()).split("&"); + value = query[1].substring("value=".length()); + } + + synchronized (map) { + + if (MiscUtil.isNotEmpty(module)) { + if (map.containsKey("#" + module + "#")) { + if (MiscUtil.isNotEmpty(value)) { + if (FormBuildUtils.FONTFAMILY.contains(module) || FormBuildUtils.HEADER_TEXT.contains(module) + || value.startsWith("#")) + map.put("#" + module + "#", value); + else + map.put("#" + module + "#", "#" + value); + + } else { + map.put("#" + module + "#", FormBuildUtils.getDefaultMap().get("#" + module + "#")); + } + } + } + preview = FormBuildUtils.customiceLayoutBKUSelection(preview, true, false, map); + } + + } else { + preview = LanguageHelper.getErrorString("error.bkuformpreview.notpossible"); + + } + + } + catch (Exception e) { + log.warn("BKUSelection Preview can not be generated.", e); + preview = LanguageHelper.getErrorString("error.bkuformpreview.notpossible"); + + } } - + + stream = new ByteArrayInputStream(preview.getBytes()); + + return Constants.STRUTS_SUCCESS; + } + + private String saveOAConfigToDatabase(OnlineApplication dboa, boolean newentry) { + AuthComponentOA authoa = dboa.getAuthComponentOA(); - if (authoa == null) { + if (authoa == null) { authoa = new AuthComponentOA(); dboa.setAuthComponentOA(authoa); } - - if (authUser.isAdmin()) - dboa.setIsActive(generalOA.isActive()); + + if (authUser.isAdmin()) dboa.setIsActive(generalOA.isActive()); dboa.setFriendlyName(generalOA.getFriendlyName()); dboa.setCalculateHPI(generalOA.isCalculateHPI()); - dboa.setKeyBoxIdentifier(MOAKeyBoxSelector.fromValue(generalOA.getKeyBoxIdentifier())); + dboa.setRemoveBPKFromAuthBlock(generalOA.isHideBPKAuthBlock()); + + if (authUser.isAdmin()) + dboa.setKeyBoxIdentifier(MOAKeyBoxSelector.fromValue(generalOA.getKeyBoxIdentifier())); + else { + if (newentry) dboa.setKeyBoxIdentifier(MOAKeyBoxSelector.SECURE_SIGNATURE_KEYPAIR); + } + dboa.setPublicURLPrefix(generalOA.getIdentifier()); - if (generalOA.isBusinessService()) { + if (generalOA.isBusinessService() || onlyBusinessService) { + dboa.setType(Constants.MOA_CONFIG_BUSINESSSERVICE); + String num = generalOA.getIdentificationNumber().replaceAll(" ", ""); + if (num.startsWith(Constants.IDENIFICATIONTYPE_FN)) { + num = num.substring(Constants.IDENIFICATIONTYPE_FN.length()); + + num = at.gv.egovernment.moa.util.StringUtils.deleteLeadingZeros(num); + + // num = StringUtils.leftPad(num, 7, '0'); + } + + if (num.startsWith(Constants.IDENIFICATIONTYPE_ZVR)) num = num.substring(Constants.IDENIFICATIONTYPE_ZVR.length()); + + if (num.startsWith(Constants.IDENIFICATIONTYPE_ERSB)) num = num.substring(Constants.IDENIFICATIONTYPE_ERSB.length()); + IdentificationNumber idnumber = new IdentificationNumber(); - idnumber.setValue(generalOA.getIdentificationNumber()); + idnumber.setValue(Constants.PREFIX_WPBK + generalOA.getIdentificationType() + "+" + num); + authoa.setIdentificationNumber(idnumber); - } - else { + } else { dboa.setType(null); - dboa.setTarget(generalOA.getTarget()); - dboa.setTargetFriendlyName(generalOA.getTargetFriendlyName()); + if (authUser.isAdmin()) { + if (MiscUtil.isNotEmpty(generalOA.getTarget_admin()) && generalOA.isAdminTarget()) { + dboa.setTarget(generalOA.getTarget_admin()); + dboa.setTargetFriendlyName(generalOA.getTargetFriendlyName()); + + } else { + + String target = generalOA.getTarget(); + + if (MiscUtil.isNotEmpty(generalOA.getTarget_subsector()) && subTargetSet) + dboa.setTarget(target + "-" + generalOA.getTarget_subsector()); + else + dboa.setTarget(target); + + String targetname = TargetValidator.getTargetFriendlyName(target); + if (MiscUtil.isNotEmpty(targetname)) dboa.setTargetFriendlyName(targetname); + + } + + } else { + + if (MiscUtil.isNotEmpty(generalOA.getTarget())) { + + String target = generalOA.getTarget(); + + if (MiscUtil.isNotEmpty(generalOA.getTarget_subsector()) && subTargetSet) + dboa.setTarget(target + "-" + generalOA.getTarget_subsector()); + + else + dboa.setTarget(target); + + String targetname = TargetValidator.getTargetFriendlyName(target); + if (MiscUtil.isNotEmpty(targetname)) dboa.setTargetFriendlyName(targetname); + + } + } } BKUURLS bkuruls = new BKUURLS(); authoa.setBKUURLS(bkuruls); - bkuruls.setHandyBKU(generalOA.getBkuHandyURL()); - bkuruls.setLocalBKU(generalOA.getBkuLocalURL()); - bkuruls.setOnlineBKU(generalOA.getBkuOnlineURL()); - - Mandates mandates = new Mandates(); - mandates.setProfiles(generalOA.getMandateProfiles()); - authoa.setMandates(mandates); - - authoa.setSlVersion(generalOA.getSlVersion()); - authoa.setUseIFrame(generalOA.isUseIFrame()); - authoa.setUseUTC(generalOA.isUseUTC()); + if (authUser.isAdmin()) { + bkuruls.setHandyBKU(generalOA.getBkuHandyURL()); + bkuruls.setLocalBKU(generalOA.getBkuLocalURL()); + bkuruls.setOnlineBKU(generalOA.getBkuOnlineURL()); + } TemplatesType templates = authoa.getTemplates(); if (templates == null) { templates = new TemplatesType(); authoa.setTemplates(templates); } - templates.setAditionalAuthBlockText(generalOA.getAditionalAuthBlockText()); - List<TemplateType> template = templates.getTemplate(); - if (generalOA.isLegacy()) { + BKUSelectionCustomizationType bkuselectioncustom = templates.getBKUSelectionCustomization(); + if (bkuselectioncustom == null) { + bkuselectioncustom = new BKUSelectionCustomizationType(); + templates.setBKUSelectionCustomization(bkuselectioncustom); + } + + Mandates mandates = new Mandates(); + if (generalOA.isUseMandates()) { + mandates.setProfiles(generalOA.getMandateProfiles()); - if (template == null) - template = new ArrayList<TemplateType>(); - else - template.clear(); + } else { + mandates.setProfiles(new String()); + } + + authoa.setMandates(mandates); + bkuselectioncustom.setMandateLoginButton(MiscUtil.isNotEmpty(generalOA.getMandateProfiles())); + bkuselectioncustom.setOnlyMandateLoginAllowed(formOA.isOnlyMandateAllowed()); + + if (authUser.isAdmin()) { + templates.setAditionalAuthBlockText(generalOA.getAditionalAuthBlockText()); - if (MiscUtil.isNotEmpty(generalOA.getSLTemplateURL1())) { - TemplateType el = new TemplateType(); - el.setURL(generalOA.getSLTemplateURL1()); - template.add(el); - } - if (MiscUtil.isNotEmpty(generalOA.getSLTemplateURL2())) { - TemplateType el = new TemplateType(); - el.setURL(generalOA.getSLTemplateURL2()); - template.add(el); - } - if (MiscUtil.isNotEmpty(generalOA.getSLTemplateURL3())) { - TemplateType el = new TemplateType(); - el.setURL(generalOA.getSLTemplateURL3()); - template.add(el); + List<TemplateType> template = templates.getTemplate(); + if (generalOA.isLegacy()) { + + if (template == null) + template = new ArrayList<TemplateType>(); + else + template.clear(); + + if (MiscUtil.isNotEmpty(generalOA.getSLTemplateURL1())) { + TemplateType el = new TemplateType(); + el.setURL(generalOA.getSLTemplateURL1()); + template.add(el); + } + if (MiscUtil.isNotEmpty(generalOA.getSLTemplateURL2())) { + TemplateType el = new TemplateType(); + el.setURL(generalOA.getSLTemplateURL2()); + template.add(el); + } + if (MiscUtil.isNotEmpty(generalOA.getSLTemplateURL3())) { + TemplateType el = new TemplateType(); + el.setURL(generalOA.getSLTemplateURL3()); + template.add(el); + } + + } else { + if (template != null && template.size() > 0) template.clear(); } - } else { - if (template != null && template.size() > 0) - template.clear(); + bkuselectioncustom.setBackGroundColor(parseColor(formOA.getBackGroundColor())); + bkuselectioncustom.setFrontColor(parseColor(formOA.getFrontColor())); + + bkuselectioncustom.setHeaderBackGroundColor(parseColor(formOA.getHeader_BackGroundColor())); + bkuselectioncustom.setHeaderFrontColor(parseColor(formOA.getHeader_FrontColor())); + bkuselectioncustom.setHeaderText(formOA.getHeader_text()); + + bkuselectioncustom.setButtonBackGroundColor(parseColor(formOA.getButton_BackGroundColor())); + bkuselectioncustom.setButtonBackGroundColorFocus(parseColor(formOA.getButton_BackGroundColorFocus())); + bkuselectioncustom.setButtonFontColor(parseColor(formOA.getButton_FrontColor())); + + if (MiscUtil.isNotEmpty(formOA.getAppletRedirectTarget())) + bkuselectioncustom.setAppletRedirectTarget(formOA.getAppletRedirectTarget()); + + bkuselectioncustom.setFontType(formOA.getFontType()); + } - - //set default transformation if it is empty + + // set default transformation if it is empty List<TransformsInfoType> transformsInfo = authoa.getTransformsInfo(); if (transformsInfo == null) { - //TODO: set OA specific transformation if it is required - + // TODO: set OA specific transformation if it is required + } OAPVP2 pvp2 = authoa.getOAPVP2(); @@ -415,13 +901,14 @@ ServletResponseAware { pvp2.setMetadataURL(pvp2OA.getMetaDataURL()); try { - if (pvp2OA.getFileUpload() != null) - pvp2.setCertificate(pvp2OA.getCertificate()); + if (pvp2OA.getFileUpload() != null) pvp2.setCertificate(pvp2OA.getCertificate()); - } catch (CertificateException e) { + } + catch (CertificateException e) { log.info("Uploaded Certificate can not be found", e); return LanguageHelper.getErrorString("validation.pvp2.certificate.notfound"); - } catch (IOException e) { + } + catch (IOException e) { log.info("Uploaded Certificate can not be parsed", e); return LanguageHelper.getErrorString("validation.pvp2.certificate.format"); } @@ -430,16 +917,24 @@ ServletResponseAware { if (saml1 == null) { saml1 = new OASAML1(); authoa.setOASAML1(saml1); + saml1.setIsActive(false); + } + + if (authUser.isAdmin()) { + saml1.setIsActive(saml1OA.isActive()); + } + + if (saml1.isIsActive() != null && saml1.isIsActive()) { + saml1.setProvideAUTHBlock(saml1OA.isProvideAuthBlock()); + saml1.setProvideCertificate(saml1OA.isProvideCertificate()); + saml1.setProvideFullMandatorData(saml1OA.isProvideFullMandateData()); + saml1.setProvideIdentityLink(saml1OA.isProvideIdentityLink()); + saml1.setProvideStammzahl(saml1OA.isProvideStammZahl()); + saml1.setUseCondition(saml1OA.isUseCondition()); + saml1.setConditionLength(BigInteger.valueOf(saml1OA.getConditionLength())); + // TODO: set sourceID + // saml1.setSourceID(""); } - saml1.setProvideAUTHBlock(saml1OA.isProvideAuthBlock()); - saml1.setProvideCertificate(saml1OA.isProvideCertificate()); - saml1.setProvideFullMandatorData(saml1OA.isProvideFullMandateData()); - saml1.setProvideIdentityLink(saml1OA.isProvideIdentityLink()); - saml1.setProvideStammzahl(saml1OA.isProvideStammZahl()); - saml1.setUseCondition(saml1OA.isUseCondition()); - saml1.setConditionLength(BigInteger.valueOf(saml1OA.getConditionLength())); - //TODO: set sourceID - //saml1.setSourceID(""); OASSO sso = authoa.getOASSO(); if (sso == null) { @@ -449,45 +944,99 @@ ServletResponseAware { } sso.setUseSSO(ssoOA.isUseSSO()); - if (authUser.isAdmin()) - sso.setAuthDataFrame(ssoOA.isShowAuthDataFrame()); + if (authUser.isAdmin()) sso.setAuthDataFrame(ssoOA.isShowAuthDataFrame()); sso.setSingleLogOutURL(ssoOA.getSingleLogOutURL()); - STORK stork = authoa.getSTORK(); if (stork == null) { - //TODO: make stork configurable + // TODO: make stork configurable } - + + if (oauth20OA != null) { + log.debug("Saving OAuth 2.0 configuration:"); + OAOAUTH20 oaOAuth20 = authoa.getOAOAUTH20(); + if (oaOAuth20 == null) { + oaOAuth20 = new OAOAUTH20(); + authoa.setOAOAUTH20(oaOAuth20); + } + + oaOAuth20.setOAuthClientId(generalOA.getIdentifier()); + // oaOAuth20.setOAuthClientSecret(oauth20OA.getClientSecret()); + oaOAuth20.setOAuthRedirectUri(oauth20OA.getRedirectUri()); + log.debug("client id: " + oauth20OA.getClientId()); + log.debug("client secret: " + oauth20OA.getClientSecret()); + log.debug("redirect uri:" + oauth20OA.getRedirectUri()); + + oaOAuth20.setOAuthClientSecret((String) request.getSession().getAttribute(Constants.SESSION_OAUTH20SECRET)); + request.getSession().setAttribute(Constants.SESSION_OAUTH20SECRET, null); + + } + try { if (newentry) { ConfigurationDBUtils.save(dboa); - + if (!authUser.isAdmin()) { UserDatabase user = ConfigurationDBRead.getUserWithID(authUser.getUserID()); - + List<OnlineApplication> useroas = user.getOnlineApplication(); - if (useroas == null) - useroas = new ArrayList<OnlineApplication>(); + if (useroas == null) useroas = new ArrayList<OnlineApplication>(); useroas.add(dboa); - ConfigurationDBUtils.saveOrUpdate(user); + ConfigurationDBUtils.saveOrUpdate(user); } } else ConfigurationDBUtils.saveOrUpdate(dboa); - } catch (MOADatabaseException e) { + } + catch (MOADatabaseException e) { log.warn("Online-Application can not be stored.", e); return LanguageHelper.getErrorString("error.db.oa.store"); } - + return null; } + private String parseColor(String color) { + String value = ""; + + if (MiscUtil.isNotEmpty(color)) { + if (!color.startsWith("#")) + value = "#" + color; + else + value = color; + } + return value; + } + + private void generateUserSpecificConfigurationOptions(UserDatabase userdb) { + + if (userdb.isIsMandateUser() != null && userdb.isIsMandateUser()) { + String bpk = userdb.getBpk(); + if (bpk.startsWith(Constants.IDENIFICATIONTYPE_BASEID_FN) || bpk.startsWith(Constants.IDENIFICATIONTYPE_BASEID_ZVR)) { + + onlyBusinessService = true; + generalOA.setBusinessService(true); + + } + + deaktivededBusinessService = true; + String[] split = bpk.split("\\+"); + generalOA.setIdentificationType(split[1].substring(1)); + + if (bpk.startsWith(Constants.IDENIFICATIONTYPE_BASEID_FN)) + generalOA.setIdentificationNumber(at.gv.egovernment.moa.util.StringUtils.deleteLeadingZeros(split[2])); + else + generalOA.setIdentificationNumber(split[2]); + + } + + } + public String setGeneralOAConfig() { return Constants.STRUTS_SUCCESS; @@ -513,100 +1062,198 @@ ServletResponseAware { return Constants.STRUTS_SUCCESS; } - - //Getter and Setter + // Getter and Setter public void setServletResponse(HttpServletResponse arg0) { this.response = arg0; } - + public void setServletRequest(HttpServletRequest arg0) { this.request = arg0; } - + public HttpServletRequest getRequest() { return request; } - + public void setRequest(HttpServletRequest request) { this.request = request; } - + public HttpServletResponse getResponse() { return response; } - + public void setResponse(HttpServletResponse response) { this.response = response; } - + public OAGeneralConfig getGeneralOA() { return generalOA; } - + public void setGeneralOA(OAGeneralConfig generalOA) { this.generalOA = generalOA; } - + public OAPVP2Config getPvp2OA() { return pvp2OA; } - + public void setPvp2OA(OAPVP2Config pvp2oa) { pvp2OA = pvp2oa; } - + public OASAML1Config getSaml1OA() { return saml1OA; } - + public void setSaml1OA(OASAML1Config saml1oa) { saml1OA = saml1oa; } - + public OASSOConfig getSsoOA() { return ssoOA; } - + public void setSsoOA(OASSOConfig ssoOA) { this.ssoOA = ssoOA; } - + public OASTORKConfig getStorkOA() { return storkOA; } - + public void setStorkOA(OASTORKConfig storkOA) { this.storkOA = storkOA; } - + /** - * @param oaidobj the oaidobj to set + * @param oaidobj + * the oaidobj to set */ public void setOaidobj(String oaidobj) { this.oaidobj = oaidobj; } - + /** * @return the authUser */ public AuthenticatedUser getAuthUser() { return authUser; } - + /** * @return the newOA */ public boolean isNewOA() { return newOA; } - + /** - * @param newOA the newOA to set + * @param newOA + * the newOA to set */ public void setNewOA(boolean newOA) { this.newOA = newOA; } - + + /** + * @return the nextPage + */ + public String getNextPage() { + return nextPage; + } + + /** + * @return the formID + */ + public String getFormID() { + return formID; + } + + /** + * @param formID + * the formID to set + */ + public void setFormID(String formID) { + this.formID = formID; + } + + /** + * @return the onlyBusinessService + */ + public boolean isOnlyBusinessService() { + return onlyBusinessService; + } + + /** + * @param onlyBusinessService + * the onlyBusinessService to set + */ + public void setOnlyBusinessService(boolean onlyBusinessService) { + this.onlyBusinessService = onlyBusinessService; + } + + /** + * @return the subTargetSet + */ + public boolean isSubTargetSet() { + return subTargetSet; + } + + /** + * @param subTargetSet + * the subTargetSet to set + */ + public void setSubTargetSet(boolean subTargetSet) { + this.subTargetSet = subTargetSet; + } + + /** + * @return the deaktivededBusinessService + */ + public boolean isDeaktivededBusinessService() { + return deaktivededBusinessService; + } + + /** + * @param deaktivededBusinessService + * the deaktivededBusinessService to set + */ + public void setDeaktivededBusinessService(boolean deaktivededBusinessService) { + this.deaktivededBusinessService = deaktivededBusinessService; + } + + /** + * @return the formOA + */ + public FormularCustomization getFormOA() { + return formOA; + } + + /** + * @param formOA + * the formOA to set + */ + public void setFormOA(FormularCustomization formOA) { + this.formOA = formOA; + } + + /** + * @return the stream + */ + public InputStream getStream() { + return stream; + } + + public OAOAuth20Config getOauth20OA() { + return oauth20OA; + } + + public void setOauth20OA(OAOAuth20Config oauth20OA) { + this.oauth20OA = oauth20OA; + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java index 1cb4fa802..9fa58ca1e 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java @@ -1,28 +1,45 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.struts.action; import java.io.File; import java.io.IOException; import java.io.InputStream; -import java.io.OutputStream; -import java.io.StringReader; import java.io.StringWriter; -import java.net.MalformedURLException; import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; import javax.xml.bind.JAXBContext; import javax.xml.bind.JAXBException; import javax.xml.bind.Marshaller; import javax.xml.bind.Unmarshaller; -import javax.xml.transform.Result; import org.apache.commons.io.IOUtils; import org.apache.log4j.Logger; import org.apache.struts2.interceptor.ServletRequestAware; import org.apache.struts2.interceptor.ServletResponseAware; -import org.hibernate.lob.ReaderInputStream; -import org.w3c.dom.Node; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; @@ -35,7 +52,7 @@ import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; -import at.iaik.commons.util.IOUtil; +import at.gv.egovernment.moa.id.util.Random; import com.opensymphony.xwork2.ActionSupport; @@ -48,9 +65,10 @@ implements ServletRequestAware, ServletResponseAware { private static final long serialVersionUID = 1L; private HttpServletRequest request; - private HttpServletResponse response; +// private HttpServletResponse response; private AuthenticatedUser authUser; + private String formID; private File fileUpload = null; private String fileUploadContentType = null; @@ -59,13 +77,20 @@ implements ServletRequestAware, ServletResponseAware { private InputStream fileInputStream; public String init() { + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } - Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); - + Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); authUser = (AuthenticatedUser) authUserObj; if (authUser.isAdmin()) { - + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_SUCCESS; } else { @@ -76,16 +101,39 @@ implements ServletRequestAware, ServletResponseAware { } public String importLegacyConfig() { - Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } + Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); authUser = (AuthenticatedUser) authUserObj; + Object formidobj = session.getAttribute(Constants.SESSION_FORMID); + if (formidobj != null && formidobj instanceof String) { + String formid = (String) formidobj; + if (!formid.equals(formID)) { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + } else { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + session.setAttribute(Constants.SESSION_FORMID, null); + if (authUser.isAdmin()) { //load legacy config if it is configured if (fileUpload == null) { addActionError(LanguageHelper.getErrorString("errors.importexport.nofile")); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); return Constants.STRUTS_ERROR_VALIDATION; } @@ -97,6 +145,9 @@ implements ServletRequestAware, ServletResponseAware { } catch (org.opensaml.xml.ConfigurationException e1) { log.info("Legacy configuration has an Import Error", e1); addActionError(LanguageHelper.getErrorString("errors.importexport.legacyimport", new Object[] {e1.getMessage()})); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); return Constants.STRUTS_ERROR_VALIDATION; } log.debug("OpenSAML successfully initialized"); @@ -108,26 +159,24 @@ implements ServletRequestAware, ServletResponseAware { try { log.warn("WARNING! The legacy import deletes the hole old config"); - String rootConfigFileDir = new File(ConfigurationProvider.getInstance().getConfigFile()).getParent(); - - try { - rootConfigFileDir = new File(rootConfigFileDir).toURL().toString(); - - } catch (MalformedURLException t) { - log.warn("RootConfiguration Directory is not found"); - rootConfigFileDir = ""; - } - + String rootConfigFileDir = ConfigurationProvider.getInstance().getConfigRootDir(); + moaconfig = BuildFromLegacyConfig.build(fileUpload, rootConfigFileDir, moaidconfig); } catch (ConfigurationException e) { log.info("Legacy configuration has an Import Error", e); addActionError(LanguageHelper.getErrorString("errors.importexport.legacyimport", new Object[] {e.getMessage()})); ConfigurationDBUtils.closeSession(); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); return Constants.STRUTS_ERROR_VALIDATION; } catch (at.gv.egovernment.moa.id.configuration.exception.ConfigurationException e) { ConfigurationDBUtils.closeSession(); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); return Constants.STRUTS_ERROR_VALIDATION; } @@ -155,6 +204,9 @@ implements ServletRequestAware, ServletResponseAware { } catch (MOADatabaseException e) { log.warn("General MOA-ID config can not be stored in Database"); addActionError(e.getMessage()); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); return Constants.STRUTS_ERROR_VALIDATION; } @@ -174,10 +226,30 @@ implements ServletRequestAware, ServletResponseAware { } public String downloadXMLConfig() { - Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } + Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); authUser = (AuthenticatedUser) authUserObj; + Object formidobj = session.getAttribute(Constants.SESSION_FORMID); + if (formidobj != null && formidobj instanceof String) { + String formid = (String) formidobj; + if (!formid.equals(formID)) { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + } else { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + session.setAttribute(Constants.SESSION_FORMID, null); + if (authUser.isAdmin()) { log.info("Write MOA-ID 2.x xml config"); @@ -194,6 +266,9 @@ implements ServletRequestAware, ServletResponseAware { if (moaidconfig == null) { log.info("No MOA-ID 2.x configruation available"); addActionError(LanguageHelper.getErrorString("errors.importexport.export.noconfig")); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); return Constants.STRUTS_ERROR_VALIDATION; } @@ -208,11 +283,17 @@ implements ServletRequestAware, ServletResponseAware { log.info("MOA-ID 2.x configruation could not be exported into a XML file.", e); addActionError(LanguageHelper.getErrorString("errors.importexport.export", new Object[]{e.getMessage()})); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); return Constants.STRUTS_ERROR_VALIDATION; } catch (IOException e) { log.info("MOA-ID 2.x configruation could not be exported into a XML file.", e); addActionError(LanguageHelper.getErrorString("errors.importexport.export", new Object[]{e.getMessage()})); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); return Constants.STRUTS_ERROR_VALIDATION; } @@ -230,10 +311,30 @@ implements ServletRequestAware, ServletResponseAware { public String importXMLConfig() { - Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } + Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); authUser = (AuthenticatedUser) authUserObj; + Object formidobj = session.getAttribute(Constants.SESSION_FORMID); + if (formidobj != null && formidobj instanceof String) { + String formid = (String) formidobj; + if (!formid.equals(formID)) { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + } else { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + session.setAttribute(Constants.SESSION_FORMID, null); + if (authUser.isAdmin()) { if (fileUpload == null) { @@ -271,6 +372,9 @@ implements ServletRequestAware, ServletResponseAware { log.warn("MOA-ID XML configuration can not be loaded from File.", e); addActionError(LanguageHelper.getErrorString("errors.importexport.import", new Object[]{e.getMessage()})); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); return Constants.STRUTS_ERROR_VALIDATION; } @@ -351,7 +455,7 @@ implements ServletRequestAware, ServletResponseAware { } public void setServletResponse(HttpServletResponse response) { - this.response = response; +// this.response = response; } public void setServletRequest(HttpServletRequest request) { this.request = request; @@ -360,4 +464,19 @@ implements ServletRequestAware, ServletResponseAware { public InputStream getFileInputStream() { return fileInputStream; } + + /** + * @return the formID + */ + public String getFormID() { + return formID; + } + + /** + * @param formID the formID to set + */ + public void setFormID(String formID) { + this.formID = formID; + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java index 6078caa87..a488d919d 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java @@ -1,45 +1,139 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.struts.action; +import java.security.KeyStore; +import java.util.ArrayList; import java.util.Date; +import java.util.Enumeration; +import java.util.HashMap; +import java.util.List; +import java.util.Map.Entry; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; +import org.apache.commons.lang.StringEscapeUtils; import org.apache.log4j.Logger; import org.apache.struts2.interceptor.ServletRequestAware; import org.apache.struts2.interceptor.ServletResponseAware; +import org.joda.time.DateTime; +import org.opensaml.common.SAMLObject; +import org.opensaml.common.binding.BasicSAMLMessageContext; +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.binding.decoding.HTTPPostDecoder; +import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.core.AttributeStatement; +import org.opensaml.saml2.core.Conditions; +import org.opensaml.saml2.core.EncryptedAssertion; +import org.opensaml.saml2.core.NameID; +import org.opensaml.saml2.core.Response; +import org.opensaml.saml2.core.StatusCode; +import org.opensaml.saml2.core.Subject; +import org.opensaml.saml2.core.SubjectConfirmation; +import org.opensaml.saml2.core.SubjectConfirmationData; +import org.opensaml.saml2.encryption.Decrypter; +import org.opensaml.saml2.encryption.EncryptedElementTypeEncryptedKeyResolver; +import org.opensaml.saml2.metadata.IDPSSODescriptor; +import org.opensaml.security.MetadataCredentialResolver; +import org.opensaml.security.MetadataCredentialResolverFactory; +import org.opensaml.security.MetadataCriteria; +import org.opensaml.security.SAMLSignatureProfileValidator; +import org.opensaml.ws.transport.http.HttpServletRequestAdapter; +import org.opensaml.xml.encryption.ChainingEncryptedKeyResolver; +import org.opensaml.xml.encryption.InlineEncryptedKeyResolver; +import org.opensaml.xml.encryption.SimpleRetrievalMethodEncryptedKeyResolver; +import org.opensaml.xml.parse.BasicParserPool; +import org.opensaml.xml.security.CriteriaSet; +import org.opensaml.xml.security.credential.UsageType; +import org.opensaml.xml.security.criteria.EntityIDCriteria; +import org.opensaml.xml.security.criteria.UsageCriteria; +import org.opensaml.xml.security.keyinfo.BasicProviderKeyInfoCredentialResolver; +import org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver; +import org.opensaml.xml.security.keyinfo.KeyInfoProvider; +import org.opensaml.xml.security.keyinfo.StaticKeyInfoCredentialResolver; +import org.opensaml.xml.security.keyinfo.provider.DSAKeyValueProvider; +import org.opensaml.xml.security.keyinfo.provider.InlineX509DataProvider; +import org.opensaml.xml.security.keyinfo.provider.RSAKeyValueProvider; +import org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter; +import org.opensaml.xml.security.x509.X509Credential; +import org.opensaml.xml.signature.Signature; +import org.opensaml.xml.signature.impl.ExplicitKeySignatureTrustEngine; import com.opensymphony.xwork2.ActionSupport; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.configuration.data.UserDatabaseFrom; import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.helper.AuthenticationHelper; +import at.gv.egovernment.moa.id.configuration.helper.DateTimeHelper; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; -import at.gv.egovernment.moa.id.configuration.validation.UserDatabaseFormValidator; +import at.gv.egovernment.moa.id.configuration.helper.MailHelper; import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.util.MiscUtil; public class IndexAction extends ActionSupport implements ServletRequestAware, ServletResponseAware { + private static final long serialVersionUID = -2781497863862504896L; + private static final Logger log = Logger.getLogger(IndexAction.class); private HttpServletRequest request; - private HttpServletResponse response; +// private HttpServletResponse response; private String password; private String username; + private UserDatabaseFrom user = null; + private AuthenticatedUser authUser = null; + private String formID; + + private String ssologouturl; + + private boolean pvp2LoginActiv = false; public String start() { - - return Constants.STRUTS_SUCCESS; + + try { + ConfigurationProvider config = ConfigurationProvider.getInstance(); + pvp2LoginActiv = config.isPVP2LoginActive(); + return Constants.STRUTS_SUCCESS; + + } catch (ConfigurationException e) { + log.warn("An internal error occurs.", e); + addActionError(LanguageHelper.getErrorString("error.login.internal")); + return Constants.STRUTS_ERROR; + } } public String authenticate() { @@ -80,29 +174,43 @@ public class IndexAction extends ActionSupport implements ServletRequestAware, return Constants.STRUTS_ERROR; } else { - if (!dbuser.isIsActive()) { - log.warn("Username " + dbuser.getUsername() + " is not active"); + //TODO: maybe remove this default value in a later version + if (dbuser.isIsUsernamePasswordAllowed() == null) + dbuser.setIsUsernamePasswordAllowed(true); + + if (!dbuser.isIsActive() || !dbuser.isIsUsernamePasswordAllowed()) { + log.warn("Username " + dbuser.getUsername() + " is not active or Username/Password login is not allowed"); addActionError(LanguageHelper.getErrorString("webpages.index.login.notallowed")); return Constants.STRUTS_ERROR; } - + if (!dbuser.getPassword().equals(key)) { log.warn("Username " + dbuser.getUsername() + " use a false password"); addActionError(LanguageHelper.getErrorString("webpages.index.login.notallowed")); return Constants.STRUTS_ERROR; } + //TODO: maybe remove this default value in a later version + boolean ismandateuser = false; + if (dbuser.isIsMandateUser() != null) + ismandateuser = dbuser.isIsMandateUser(); + AuthenticatedUser authuser = new AuthenticatedUser( dbuser.getHjid(), dbuser.getGivenname(), dbuser.getFamilyname(), + dbuser.getInstitut(), dbuser.getUsername(), true, - dbuser.isIsAdmin()); + dbuser.isIsAdmin(), + ismandateuser, + false); - authuser.setLastLogin(dbuser.getLastLoginItem()); + Date date = DateTimeHelper.parseDateTime(dbuser.getLastLogin()); + if (date != null) + authuser.setLastLogin(date);; - dbuser.setLastLoginItem(new Date()); + dbuser.setLastLogin(DateTimeHelper.getDateTime(new Date())); try { ConfigurationDBUtils.saveOrUpdate(dbuser); @@ -115,23 +223,600 @@ public class IndexAction extends ActionSupport implements ServletRequestAware, finally { ConfigurationDBUtils.closeSession(); } - request.getSession().setAttribute(Constants.SESSION_AUTH, authuser); + + HttpSession session = generateNewJSession(request); + session.setAttribute(Constants.SESSION_AUTH, authuser); + return Constants.STRUTS_SUCCESS; } } + public String pvp2login() { + + String method = request.getMethod(); + HttpSession session = request.getSession(); + if (session == null) { + log.info("NO HTTP Session"); + return Constants.STRUTS_ERROR; + } + + String authID = (String) session.getAttribute(Constants.SESSION_PVP2REQUESTID); + session.setAttribute(Constants.SESSION_PVP2REQUESTID, null); + + if (method.equals("POST")) { + + try { + ConfigurationProvider config = ConfigurationProvider.getInstance(); + + //Decode with HttpPost Binding + HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool()); + BasicSAMLMessageContext<Response, ?, ?> messageContext = new BasicSAMLMessageContext<Response, SAMLObject, SAMLObject>(); + messageContext + .setInboundMessageTransport(new HttpServletRequestAdapter( + request)); + decode.decode(messageContext); + + Response samlResponse = (Response) messageContext.getInboundMessage(); + + Signature sign = samlResponse.getSignature(); + if (sign == null) { + log.info("Only http POST Requests can be used"); + addActionError(LanguageHelper.getErrorString("error.login")); + return Constants.STRUTS_ERROR; + } + + //Validate Signature + SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator(); + profileValidator.validate(sign); + + //Verify Signature + List<KeyInfoProvider> keyInfoProvider = new ArrayList<KeyInfoProvider>(); + keyInfoProvider.add(new DSAKeyValueProvider()); + keyInfoProvider.add(new RSAKeyValueProvider()); + keyInfoProvider.add(new InlineX509DataProvider()); + + KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver( + keyInfoProvider); + + MetadataCredentialResolverFactory credentialResolverFactory = MetadataCredentialResolverFactory.getFactory(); + MetadataCredentialResolver credentialResolver = credentialResolverFactory.getInstance(config.getMetaDataProvier()); + + CriteriaSet criteriaSet = new CriteriaSet(); + criteriaSet.add(new MetadataCriteria(IDPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS)); + criteriaSet.add(new EntityIDCriteria(config.getPVP2IDPMetadataEntityName())); + criteriaSet.add(new UsageCriteria(UsageType.SIGNING)); + + ExplicitKeySignatureTrustEngine trustEngine = new ExplicitKeySignatureTrustEngine(credentialResolver, keyInfoResolver); + trustEngine.validate(sign, criteriaSet); + + log.info("PVP2 Assertion is valid"); + + if (samlResponse.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { + + List<org.opensaml.saml2.core.Assertion> saml2assertions = new ArrayList<org.opensaml.saml2.core.Assertion>(); + + //check encrypted Assertion + List<EncryptedAssertion> encryAssertionList = samlResponse.getEncryptedAssertions(); + if (encryAssertionList != null && encryAssertionList.size() > 0) { + //decrypt assertions + + log.debug("Found encryped assertion. Start decryption ..."); + + KeyStore keyStore = config.getPVP2KeyStore(); + + X509Credential authDecCredential = new KeyStoreX509CredentialAdapter( + keyStore, + config.getPVP2KeystoreAuthRequestEncryptionKeyAlias(), + config.getPVP2KeystoreAuthRequestEncryptionKeyPassword().toCharArray()); + + + StaticKeyInfoCredentialResolver skicr = + new StaticKeyInfoCredentialResolver(authDecCredential); + + ChainingEncryptedKeyResolver encryptedKeyResolver = new ChainingEncryptedKeyResolver(); + encryptedKeyResolver.getResolverChain().add( new InlineEncryptedKeyResolver() ); + encryptedKeyResolver.getResolverChain().add( new EncryptedElementTypeEncryptedKeyResolver() ); + encryptedKeyResolver.getResolverChain().add( new SimpleRetrievalMethodEncryptedKeyResolver() ); + + Decrypter samlDecrypter = + new Decrypter(null, skicr, encryptedKeyResolver); + + for (EncryptedAssertion encAssertion : encryAssertionList) { + saml2assertions.add(samlDecrypter.decrypt(encAssertion)); + + } + + log.debug("Assertion decryption finished. "); + + } else { + saml2assertions = samlResponse.getAssertions(); + + } + + + if (MiscUtil.isEmpty(authID)) { + log.info("NO AuthRequestID"); + return Constants.STRUTS_ERROR; + } + + for (org.opensaml.saml2.core.Assertion saml2assertion : saml2assertions) { + + Subject subject = saml2assertion.getSubject(); + List<SubjectConfirmation> subjectconformlist = subject.getSubjectConfirmations(); + for (SubjectConfirmation el : subjectconformlist) { + if (el.getMethod().equals(SubjectConfirmation.METHOD_BEARER)) { + SubjectConfirmationData date = el.getSubjectConfirmationData(); + + if (!authID.equals(date.getInResponseTo())) { + log.warn("PVPRequestID does not match PVP2 Assertion ID!"); + return Constants.STRUTS_ERROR; + + } + } + } + + Conditions conditions = saml2assertion.getConditions(); + DateTime notbefore = conditions.getNotBefore(); + DateTime notafter = conditions.getNotOnOrAfter(); + if ( notbefore.isAfterNow() || notafter.isBeforeNow() ) { + log.warn("PVP2 Assertion is out of Date"); + return Constants.STRUTS_ERROR; + + } + + NameID nameID = subject.getNameID(); + if (nameID == null) { + log.warn("No NameID element in PVP2 assertion!"); + return Constants.STRUTS_ERROR; + } + + String bpkwbpk = nameID.getNameQualifier() + "+" + nameID.getValue(); + + //search user + UserDatabase dbuser = ConfigurationDBRead.getUserWithUserBPKWBPK(bpkwbpk); + if (dbuser == null) { + log.info("No user found with bpk/wbpk " + bpkwbpk); + + //read PVP2 assertion attributes; + user = new UserDatabaseFrom(); + user.setActive(false); + user.setAdmin(false); + user.setBpk(bpkwbpk); + user.setIsusernamepasswordallowed(false); + user.setIsmandateuser(false); + user.setPVPGenerated(true); + + authUser = new AuthenticatedUser(); + authUser.setAdmin(false); + authUser.setAuthenticated(false); + authUser.setLastLogin(null); + authUser.setUserID(-1); + authUser.setUserName(null); + authUser.setPVP2Login(true); + authUser.setMandateUser(false); + + //loop through the nodes to get what we want + List<AttributeStatement> attributeStatements = saml2assertion.getAttributeStatements(); + for (int i = 0; i < attributeStatements.size(); i++) + { + List<Attribute> attributes = attributeStatements.get(i).getAttributes(); + for (int x = 0; x < attributes.size(); x++) + { + String strAttributeName = attributes.get(x).getDOM().getAttribute("Name"); + + if (strAttributeName.equals(PVPConstants.PRINCIPAL_NAME_NAME)) { + user.setFamilyName(attributes.get(x).getAttributeValues().get(0).getDOM().getTextContent()); + authUser.setFamilyName(user.getFamilyName()); + } + + if (strAttributeName.equals(PVPConstants.GIVEN_NAME_NAME)) { + user.setGivenName(attributes.get(x).getAttributeValues().get(0).getDOM().getTextContent()); + authUser.setGivenName(user.getGivenName()); + } + + if (strAttributeName.equals(PVPConstants.MANDATE_TYPE_NAME)) { + authUser.setMandateUser(true); + user.setIsmandateuser(true); + } + + if (strAttributeName.equals(PVPConstants.MANDATE_LEG_PER_FULL_NAME_NAME)) { + user.setInstitut(attributes.get(x).getAttributeValues().get(0).getDOM().getTextContent()); + authUser.setInstitute(user.getInstitut()); + } + } + } + + //set Random value + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + session.setAttribute(Constants.SESSION_FORM, user); + session.setAttribute(Constants.SESSION_AUTH, authUser); + + ConfigurationDBUtils.closeSession(); + + return Constants.STRUTS_NEWUSER; + + } else { + if (!dbuser.isIsActive()) { + + if (!dbuser.isIsMailAddressVerified()) { + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + user = new UserDatabaseFrom(dbuser); + authUser = new AuthenticatedUser( + dbuser.getHjid(), + dbuser.getGivenname(), + dbuser.getFamilyname(), + dbuser.getInstitut(), + dbuser.getUsername(), + false, + false, + dbuser.isIsMandateUser(), + true); + session.setAttribute(Constants.SESSION_FORM, user); + session.setAttribute(Constants.SESSION_AUTH, authUser); + + return Constants.STRUTS_NEWUSER; + + } + + log.info("User with bpk/wbpk " + bpkwbpk + " is not active"); + addActionError(LanguageHelper.getErrorString("webpages.index.username.notactive")); + return Constants.STRUTS_ERROR; + } + + //TODO: maybe remove this default value in a later version + boolean ismandateuser = false; + if (dbuser.isIsMandateUser() != null) + ismandateuser = dbuser.isIsMandateUser(); + + authUser = new AuthenticatedUser( + dbuser.getHjid(), + dbuser.getGivenname(), + dbuser.getFamilyname(), + dbuser.getInstitut(), + dbuser.getUsername(), + true, + dbuser.isIsAdmin(), + ismandateuser, + true); + + Date date = DateTimeHelper.parseDateTime(dbuser.getLastLogin()); + if (date != null) + authUser.setLastLogin(date);; + + dbuser.setLastLogin(DateTimeHelper.getDateTime(new Date())); + + try { + ConfigurationDBUtils.saveOrUpdate(dbuser); + + } catch (MOADatabaseException e) { + log.warn("UserDatabase communicaton error", e); + addActionError(LanguageHelper.getErrorString("error.login")); + return Constants.STRUTS_ERROR; + } + finally { + ConfigurationDBUtils.closeSession(); + } + + HttpSession newsession = generateNewJSession(request); + newsession.setAttribute(Constants.SESSION_AUTH, authUser); + return Constants.STRUTS_SUCCESS; + + } + } + + log.info("PVP2 Assertion was maybe not well formed, because no Assertion element could be found."); + addActionError(LanguageHelper.getErrorString("error.login.internal")); + return Constants.STRUTS_ERROR; + + } else { + log.info("Receive Error Assertion."); + addActionError(LanguageHelper.getErrorString("error.login")); + return Constants.STRUTS_ERROR; + } + + } catch (Exception e) { + log.warn("An internal error occurs.", e); + addActionError(LanguageHelper.getErrorString("error.login.internal")); + return Constants.STRUTS_ERROR; + } + + } else { + log.info("Only http POST Requests can be used"); + addActionError(LanguageHelper.getErrorString("error.login.internal")); + return Constants.STRUTS_ERROR; + } + } + + public String requestNewUser() { + + HttpSession session = request.getSession(); + if (session == null) { + log.warn("No active Session found"); + return Constants.STRUTS_ERROR; + } + + Object formidobj = session.getAttribute(Constants.SESSION_FORMID); + if (formidobj != null && formidobj instanceof String) { + String formid = (String) formidobj; + if (!formid.equals(formID)) { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + } else { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + session.setAttribute(Constants.SESSION_FORMID, null); + + Object sessionformobj = session.getAttribute(Constants.SESSION_FORM); + if (sessionformobj != null && sessionformobj instanceof UserDatabaseFrom) { + UserDatabaseFrom sessionform = (UserDatabaseFrom) sessionformobj; + + Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); + authUser = (AuthenticatedUser) authUserObj; + + if (user == null) { + log.warn("No form transmited"); + return Constants.STRUTS_ERROR; + } + + //get UserID + String useridobj = user.getUserID(); + long userID = -1; + if (MiscUtil.isEmpty(useridobj)) { + userID = -1; + + } else { + if (!ValidationHelper.validateOAID(useridobj)){ + log.warn("User with ID " + authUser.getUserID() + + " would access UserDatabase ID " + useridobj); + addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request)); + return Constants.STRUTS_ERROR; + } + userID = Long.valueOf(useridobj); + } + + String check; + if (!sessionform.isIsmandateuser()) { + check = user.getInstitut(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("Organisation contains potentail XSS characters: " + check); + addActionError(LanguageHelper.getErrorString("validation.edituser.institut.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + } + } else { + log.warn("Organisation is empty"); + addActionError(LanguageHelper.getErrorString("validation.edituser.institut.empty")); + } + } + + check = user.getMail(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.isEmailAddressFormat(check)) { + log.warn("Mailaddress is not valid: " + check); + addActionError(LanguageHelper.getErrorString("validation.edituser.mail.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + } + } else { + log.warn("Mailaddress is empty"); + addActionError(LanguageHelper.getErrorString("validation.edituser.mail.empty")); + } + + check = user.getPhone(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("Phonenumber contains potentail XSS characters: " + check); + addActionError(LanguageHelper.getErrorString("validation.edituser.phone.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + } + } else { + log.warn("Phonenumber is empty"); + addActionError(LanguageHelper.getErrorString("validation.edituser.phone.empty")); + } + + if (hasActionErrors()) { + log.info("Some form errors found. Send user back to form"); + + user.setPVPGenerated(true); + user.setFamilyName(sessionform.getFamilyName()); + user.setGivenName(sessionform.getGivenName()); + user.setIsmandateuser(sessionform.isIsmandateuser()); + user.setBpk(sessionform.getBpk()); + + if (sessionform.isIsmandateuser()) + user.setInstitut(sessionform.getInstitut()); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + return Constants.STRUTS_NEWUSER; + } + + UserDatabase dbuser; + + if (userID < 0) { + dbuser = new UserDatabase(); + dbuser.setBpk(sessionform.getBpk()); + dbuser.setFamilyname(sessionform.getFamilyName()); + dbuser.setGivenname(sessionform.getGivenName()); + + if (sessionform.isIsmandateuser()) + dbuser.setInstitut(sessionform.getInstitut()); + else + dbuser.setInstitut(user.getInstitut()); + + dbuser.setIsPVP2Generated(true); + dbuser.setLastLogin(DateTimeHelper.getDateTime(new Date())); + dbuser.setIsActive(false); + dbuser.setIsAdmin(false); + dbuser.setIsMandateUser(sessionform.isIsmandateuser()); + dbuser.setIsUsernamePasswordAllowed(false); + + } else + dbuser = ConfigurationDBRead.getUserWithID(userID); + + dbuser.setMail(user.getMail()); + dbuser.setPhone(user.getPhone()); + dbuser.setIsAdminRequest(true); + dbuser.setIsMailAddressVerified(false); + dbuser.setUserRequestTokken(Random.nextRandom()); + + try { + ConfigurationDBUtils.saveOrUpdate(dbuser); + + MailHelper.sendUserMailAddressVerification(dbuser); + + } catch (MOADatabaseException e) { + log.warn("New UserRequest can not be stored in database", e); + return Constants.STRUTS_ERROR; + + } catch (ConfigurationException e) { + log.warn("Sending of mailaddress verification mail failed.", e); + addActionError(LanguageHelper.getErrorString("error.mail.send")); + return Constants.STRUTS_NEWUSER; + } + + finally { + session.setAttribute(Constants.SESSION_FORM, null); + session.setAttribute(Constants.SESSION_AUTH, null); + ConfigurationDBUtils.closeSession(); + } + + addActionMessage(LanguageHelper.getGUIString("webpages.edituser.changemailaddress.verify")); + + session.invalidate(); + + return Constants.STRUTS_SUCCESS; + + } else { + log.warn("No SessionForm found"); + return Constants.STRUTS_ERROR; + } + + } + + public String mailAddressVerification() { + + String userrequesttokken = request.getParameter(Constants.REQUEST_USERREQUESTTOKKEN); + if (MiscUtil.isNotEmpty(userrequesttokken)) { + + userrequesttokken = StringEscapeUtils.escapeHtml(userrequesttokken); + + try { + Long.parseLong(userrequesttokken); + + } catch (NumberFormatException e) { + log.warn("Verificationtokken has no number format."); + return Constants.STRUTS_ERROR; + } + + UserDatabase dbuser = ConfigurationDBRead.getNewUserWithTokken(userrequesttokken); + if (dbuser != null) { + dbuser.setUserRequestTokken(null); + dbuser.setIsMailAddressVerified(true); + + if (dbuser.isIsActive()) + dbuser.setIsAdminRequest(false); + + try { + ConfigurationDBUtils.saveOrUpdate(dbuser); + + int numoas = 0; + int numusers = 0; + + List<OnlineApplication> openOAs = ConfigurationDBRead.getAllNewOnlineApplications(); + if (openOAs != null) + numoas = openOAs.size(); + + List<UserDatabase> openUsers = ConfigurationDBRead.getAllNewUsers(); + if (openUsers != null) + numusers = openUsers.size(); + + if (numusers > 0 || numoas > 0) + MailHelper.sendAdminMail(numoas, numusers); + + } catch (MOADatabaseException e) { + log.warn("Userinformation can not be stored in Database.", e); + addActionError(LanguageHelper.getErrorString("error.mail.verification")); + + } catch (ConfigurationException e) { + log.warn("Send mail to admin failed.", e); + } + + finally { + ConfigurationDBUtils.closeSession(); + } + + addActionMessage(LanguageHelper.getGUIString("validation.newuser.mailaddress")); + return Constants.STRUTS_SUCCESS; + } + } + + return Constants.STRUTS_ERROR; + } + public String logout() { HttpSession session = request.getSession(); + + Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); + authUser = (AuthenticatedUser) authUserObj; if (session != null) session.invalidate(); + try { + ConfigurationProvider config = ConfigurationProvider.getInstance(); + String ssologout = config.getSSOLogOutURL(); + + if (MiscUtil.isNotEmpty(ssologout) && authUser != null && authUser.isPVP2Login()) { + ssologouturl = ssologout + config.getPublicUrlPreFix(request); + return Constants.STRUTS_SSOLOGOUT; + + } + + } catch (ConfigurationException e) { + log.warn("Configuration can not be loaded.", e); + + } + return Constants.STRUTS_SUCCESS; } + private HttpSession generateNewJSession(HttpServletRequest request) { + HttpSession session = request.getSession(false); + + if (session != null) { + + HashMap<String, Object> attributes = new HashMap<String,Object>(); + + Enumeration<String> enames = session.getAttributeNames(); + while (enames.hasMoreElements()) { + String name = enames.nextElement(); + if (!name.equals("JSESSIONID")) + attributes.put(name, session.getAttribute( name)); + } + session.invalidate(); + + session = request.getSession(true); + for (Entry<String,Object> et : attributes.entrySet()) + session.setAttribute( et.getKey(), et.getValue()); + + } else + session = request.getSession(true); + + return session; + } + public void setServletResponse(HttpServletResponse arg0) { - this.response = arg0; +// this.response = arg0; } public void setServletRequest(HttpServletRequest arg0) { this.request = arg0; @@ -164,7 +849,55 @@ public class IndexAction extends ActionSupport implements ServletRequestAware, public void setUsername(String username) { this.username = username; } + + /** + * @return the authUser + */ + public AuthenticatedUser getAuthUser() { + return authUser; + } + + /** + * @return the user + */ + public UserDatabaseFrom getUser() { + return user; + } + + /** + * @param user the user to set + */ + public void setUser(UserDatabaseFrom user) { + this.user = user; + } + + /** + * @return the ssologouturl + */ + public String getSsologouturl() { + return ssologouturl; + } + + /** + * @return the formID + */ + public String getFormID() { + return formID; + } + + /** + * @param formID the formID to set + */ + public void setFormID(String formID) { + this.formID = formID; + } + + /** + * @return the pvp2LoginActiv + */ + public boolean isPvp2LoginActiv() { + return pvp2LoginActiv; + } - } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java index f5f265ea6..5e6c10f0c 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java @@ -1,3 +1,25 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.struts.action; import java.util.ArrayList; @@ -5,6 +27,7 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; import org.apache.log4j.Logger; import org.apache.struts2.interceptor.ServletRequestAware; @@ -15,13 +38,12 @@ import com.opensymphony.xwork2.ActionSupport; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; -import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplicationType; import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; -import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.data.OAListElement; import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; +import at.gv.egovernment.moa.id.configuration.helper.FormDataHelper; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; import at.gv.egovernment.moa.util.MiscUtil; @@ -34,22 +56,27 @@ public class ListOAsAction extends ActionSupport implements ServletRequestAware, private static final long serialVersionUID = 1L; private HttpServletRequest request; - private HttpServletResponse response; - private ConfigurationProvider configuration; +// private HttpServletResponse response; +// private ConfigurationProvider configuration; private List<OAListElement> formOAs; private AuthenticatedUser authUser; private String friendlyname; public ListOAsAction() throws ConfigurationException { - configuration = ConfigurationProvider.getInstance(); +// configuration = ConfigurationProvider.getInstance(); } public String listAllOnlineAppliactions() { + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } - Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); authUser = (AuthenticatedUser) authUserObj; @@ -65,8 +92,16 @@ public class ListOAsAction extends ActionSupport implements ServletRequestAware, dbOAs = authUserDB.getOnlineApplication(); } - addFormOAs(dbOAs); - + if (dbOAs == null || dbOAs.size() == 0) { + addActionError(LanguageHelper.getErrorString("errors.listOAs.noOA")); + + } else { + formOAs = FormDataHelper.addFormOAs(dbOAs); + } + + session.setAttribute(Constants.SESSION_RETURNAREA, + Constants.STRUTS_RETURNAREA_VALUES.main.name()); + ConfigurationDBUtils.closeSession(); return Constants.STRUTS_SUCCESS; @@ -86,8 +121,13 @@ public class ListOAsAction extends ActionSupport implements ServletRequestAware, } public String searchOA() { + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } - Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); authUser = (AuthenticatedUser) authUserObj; @@ -125,34 +165,25 @@ public class ListOAsAction extends ActionSupport implements ServletRequestAware, } } - addFormOAs(dbOAs); - - ConfigurationDBUtils.closeSession(); - - return Constants.STRUTS_SUCCESS; - } - - private void addFormOAs(List<OnlineApplication> dbOAs) { - - formOAs = new ArrayList<OAListElement>(); if (dbOAs == null || dbOAs.size() == 0) { - addActionError(LanguageHelper.getErrorString("errors.listOAs.noOA", request)); + log.debug("No OAs found with Identifier " + friendlyname); + addActionError(LanguageHelper.getErrorString("errors.listOAs.noOA")); } else { - for (OnlineApplication dboa : dbOAs) { - OAListElement listoa = new OAListElement(); - listoa.setActive(dboa.isIsActive()); - listoa.setDataBaseID(dboa.getHjid()); - listoa.setOaFriendlyName(dboa.getFriendlyName()); - listoa.setOaIdentifier(dboa.getPublicURLPrefix()); - listoa.setOaType(dboa.getType()); - formOAs.add(listoa); - } + + formOAs = FormDataHelper.addFormOAs(dbOAs); + session.setAttribute(Constants.SESSION_RETURNAREA, + Constants.STRUTS_RETURNAREA_VALUES.main.name()); + } - } + + ConfigurationDBUtils.closeSession(); + return Constants.STRUTS_SUCCESS; + } + public void setServletResponse(HttpServletResponse arg0) { - this.response = arg0; +// this.response = arg0; } public void setServletRequest(HttpServletRequest arg0) { this.request = arg0; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MainAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MainAction.java index aeafe9548..007d22110 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MainAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MainAction.java @@ -1,43 +1,77 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.struts.action; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; +import org.apache.log4j.Logger; import org.apache.struts2.interceptor.ServletRequestAware; import org.apache.struts2.interceptor.ServletResponseAware; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; -import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; public class MainAction implements ServletRequestAware, ServletResponseAware { + private static final Logger log = Logger.getLogger(MainAction.class); + private HttpServletRequest request; - private HttpServletResponse response; - private ConfigurationProvider configuration; +// private HttpServletResponse response; +// private ConfigurationProvider configuration; private AuthenticatedUser authUser; public MainAction() throws ConfigurationException { - configuration = ConfigurationProvider.getInstance(); +// configuration = ConfigurationProvider.getInstance(); } public String generateMainFrame() { - Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } + + Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); authUser = (AuthenticatedUser) authUserObj; + + session.setAttribute(Constants.SESSION_RETURNAREA, null); + return Constants.STRUTS_SUCCESS; } public void setServletResponse(HttpServletResponse arg0) { - this.response = arg0; +// this.response = arg0; } public void setServletRequest(HttpServletRequest arg0) { this.request = arg0; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/OpenAdminRequestsAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/OpenAdminRequestsAction.java new file mode 100644 index 000000000..f064795ec --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/OpenAdminRequestsAction.java @@ -0,0 +1,128 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egovernment.moa.id.configuration.struts.action; + +import java.util.List; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import org.apache.log4j.Logger; +import org.apache.struts2.interceptor.ServletRequestAware; +import org.apache.struts2.interceptor.ServletResponseAware; + +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; +import at.gv.egovernment.moa.id.configuration.Constants; +import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; +import at.gv.egovernment.moa.id.configuration.data.OAListElement; +import at.gv.egovernment.moa.id.configuration.helper.FormDataHelper; + +import com.opensymphony.xwork2.ActionSupport; + +public class OpenAdminRequestsAction extends ActionSupport + implements ServletRequestAware, ServletResponseAware { + + private static final Logger log = Logger.getLogger(OpenAdminRequestsAction.class); + + private static final long serialVersionUID = 1L; + + private HttpServletRequest request; +// private HttpServletResponse response; + + private AuthenticatedUser authUser = null; + private List<OAListElement> formOAs = null; + private List<AuthenticatedUser> userlist = null; + + + public String init() { + + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } + + Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); + + authUser = (AuthenticatedUser) authUserObj; + + if (authUser.isAdmin()) { + + List<OnlineApplication> dbOAs = ConfigurationDBRead.getAllNewOnlineApplications(); + if (dbOAs != null) { + formOAs = FormDataHelper.addFormOAs(dbOAs); + } + + List<UserDatabase> dbUsers = ConfigurationDBRead.getAllNewUsers(); + if (dbUsers != null){ + userlist = FormDataHelper.addFormUsers(dbUsers); + } + + session.setAttribute(Constants.SESSION_RETURNAREA, + Constants.STRUTS_RETURNAREA_VALUES.adminRequestsInit.name()); + + return Constants.STRUTS_SUCCESS; + } else { + log.info("Access to OpenAdminRequest area is not allowed for user with ID" + authUser.getUserID()); + return Constants.STRUTS_NOTALLOWED; + } + + } + + + public void setServletResponse(HttpServletResponse response) { +// this.response = response; + } + + public void setServletRequest(HttpServletRequest request) { + this.request = request; + } + + + /** + * @return the authUser + */ + public AuthenticatedUser getAuthUser() { + return authUser; + } + + + /** + * @return the formOAs + */ + public List<OAListElement> getFormOAs() { + return formOAs; + } + + + /** + * @return the userlist + */ + public List<AuthenticatedUser> getUserlist() { + return userlist; + } + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java index 2a9ec038f..ac3fb9938 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java @@ -1,11 +1,34 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.struts.action; -import java.util.ArrayList; -import java.util.Date; +import java.io.ByteArrayInputStream; +import java.io.InputStream; import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; import org.apache.log4j.Logger; import org.apache.struts2.interceptor.ServletRequestAware; @@ -18,10 +41,14 @@ import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.data.UserDatabaseFrom; +import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.helper.AuthenticationHelper; +import at.gv.egovernment.moa.id.configuration.helper.FormDataHelper; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import at.gv.egovernment.moa.id.configuration.helper.MailHelper; import at.gv.egovernment.moa.id.configuration.validation.UserDatabaseFormValidator; import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; +import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.util.MiscUtil; import com.opensymphony.xwork2.ActionSupport; @@ -34,7 +61,7 @@ public class UserManagementAction extends ActionSupport private static final long serialVersionUID = 1L; private HttpServletRequest request; - private HttpServletResponse response; +// private HttpServletResponse response; private AuthenticatedUser authUser = null; @@ -43,30 +70,34 @@ public class UserManagementAction extends ActionSupport private String useridobj = null; private static boolean newUser = false; + private InputStream stream; + private String nextPage; + private String formID; public String init() { - Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } + Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); authUser = (AuthenticatedUser) authUserObj; - + if (authUser.isAdmin()) { + log.info("Show NewserRequests"); + log.info("Show UserList"); List<UserDatabase> dbuserlist = ConfigurationDBRead.getAllUsers(); + if (dbuserlist != null) { - userlist = new ArrayList<AuthenticatedUser>(); - - for (UserDatabase dbuser : dbuserlist) { - userlist.add(new AuthenticatedUser( - dbuser.getHjid(), - dbuser.getGivenname(), - dbuser.getFamilyname(), - dbuser.getUsername(), - dbuser.isIsActive(), - dbuser.isIsAdmin())); - } + userlist = FormDataHelper.addFormUsers(dbuserlist); } + + session.setAttribute(Constants.SESSION_RETURNAREA, + Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name()); ConfigurationDBUtils.closeSession(); return Constants.STRUTS_SUCCESS; @@ -79,20 +110,37 @@ public class UserManagementAction extends ActionSupport } user = new UserDatabaseFrom(dbuser); ConfigurationDBUtils.closeSession(); + + session.setAttribute(Constants.SESSION_RETURNAREA, + Constants.STRUTS_RETURNAREA_VALUES.main.name()); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_NOTALLOWED; } } public String createuser() { - Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } + + Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); authUser = (AuthenticatedUser) authUserObj; + nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name(); if (authUser.isAdmin()) { user = new UserDatabaseFrom(); newUser = true; + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); return Constants.STRUTS_SUCCESS; } else { @@ -101,10 +149,27 @@ public class UserManagementAction extends ActionSupport } public String edituser() { - Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } + Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); authUser = (AuthenticatedUser) authUserObj; + Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA); + if (nextPageAttr != null && nextPageAttr instanceof String + && MiscUtil.isNotEmpty((String)nextPageAttr) ) { + nextPage = (String) nextPageAttr; + + } else { + nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name(); + } + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + if (authUser.isAdmin()) { long userid = -1; @@ -136,11 +201,31 @@ public class UserManagementAction extends ActionSupport } } - public String saveuser() { - Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + public String saveuser() { + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } + Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); authUser = (AuthenticatedUser) authUserObj; + Object formidobj = session.getAttribute(Constants.SESSION_FORMID); + if (formidobj != null && formidobj instanceof String) { + String formid = (String) formidobj; + if (!formid.equals(formID)) { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + } else { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + session.setAttribute(Constants.SESSION_FORMID, null); + String useridobj = user.getUserID(); long userID = -1; if (MiscUtil.isEmpty(useridobj)) { @@ -156,9 +241,30 @@ public class UserManagementAction extends ActionSupport userID = Long.valueOf(useridobj); } + UserDatabase dbuser = ConfigurationDBRead.getUserWithID(userID); + + if( dbuser == null) { + dbuser = new UserDatabase(); + dbuser.setIsMandateUser(false); + dbuser.setIsAdminRequest(false); + dbuser.setIsPVP2Generated(false); + dbuser.setUserRequestTokken(null); + dbuser.setIsMailAddressVerified(false); + dbuser.setUsername(user.getUsername()); + } + List<String> errors; UserDatabaseFormValidator validator = new UserDatabaseFormValidator(); - errors = validator.validate(user, userID); + + boolean ispvp2 = false; + boolean ismandate = false; + if (dbuser.isIsPVP2Generated() != null) + ispvp2 = dbuser.isIsPVP2Generated(); + + if (dbuser.isIsMandateUser() != null) + ismandate = dbuser.isIsMandateUser(); + + errors = validator.validate(user, userID, ispvp2, ismandate); if (errors.size() > 0) { log.info("UserDataForm has some erros."); @@ -169,6 +275,14 @@ public class UserManagementAction extends ActionSupport if (MiscUtil.isEmpty(user.getUsername())) newUser = true; + user.setIsmandateuser(ismandate); + user.setPVPGenerated(ispvp2); + if (dbuser.isIsUsernamePasswordAllowed() != null) + user.setIsusernamepasswordallowed(dbuser.isIsUsernamePasswordAllowed()); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_ERROR_VALIDATION; } @@ -181,8 +295,49 @@ public class UserManagementAction extends ActionSupport } } - - String error = saveFormToDB(); + + if (!user.getMail().equals(dbuser.getMail()) && !authUser.isAdmin()) { + dbuser.setIsMailAddressVerified(false); + dbuser.setUserRequestTokken(Random.nextRandom()); + + try { + MailHelper.sendUserMailAddressVerification(dbuser); + addActionMessage(LanguageHelper.getGUIString("webpages.edituser.changemailaddress.verify")); + + } catch (ConfigurationException e) { + log.warn("Sending of mailaddress verification mail failed.", e); + addActionError(LanguageHelper.getErrorString("error.mail.send")); + } + } + + Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA); + if (nextPageAttr != null && nextPageAttr instanceof String + && MiscUtil.isNotEmpty((String)nextPageAttr) ) { + nextPage = (String) nextPageAttr; + + if (nextPage.equals(Constants.STRUTS_RETURNAREA_VALUES.adminRequestsInit.name()) && + user.isActive()) { + dbuser.setIsAdminRequest(false); + try { + if (dbuser.isIsMandateUser()) + MailHelper.sendUserAccountActivationMail(dbuser.getGivenname(), dbuser.getFamilyname(), + dbuser.getInstitut(), user.getMail()); + else + MailHelper.sendUserAccountActivationMail(dbuser.getGivenname(), dbuser.getFamilyname(), + null, user.getMail()); + + } catch (ConfigurationException e) { + log.warn("Send UserAccountActivation mail failed", e); + } + } + session.setAttribute(Constants.SESSION_RETURNAREA, null); + + } else { + nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name(); + } + + String error = saveFormToDB(dbuser); + if (error != null) { log.warn("UserData can not be stored in Database"); addActionError(error); @@ -194,10 +349,30 @@ public class UserManagementAction extends ActionSupport } public String deleteuser() { - Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } + Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); authUser = (AuthenticatedUser) authUserObj; - + + Object formidobj = session.getAttribute(Constants.SESSION_FORMID); + if (formidobj != null && formidobj instanceof String) { + String formid = (String) formidobj; + if (!formid.equals(formID)) { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + } else { + log.warn("FormIDs does not match. Some suspect Form is received from user " + + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID()); + return Constants.STRUTS_ERROR; + } + session.setAttribute(Constants.SESSION_FORMID, null); + String useridobj = user.getUserID(); long userID = -1; if (MiscUtil.isEmpty(useridobj)) { @@ -222,6 +397,16 @@ public class UserManagementAction extends ActionSupport } } + Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA); + if (nextPageAttr != null && nextPageAttr instanceof String + && MiscUtil.isNotEmpty((String)nextPageAttr) ) { + nextPage = (String) nextPageAttr; + session.setAttribute(Constants.SESSION_RETURNAREA, null); + + } else { + nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name(); + } + UserDatabase dbuser = ConfigurationDBRead.getUserWithID(userID); if (dbuser != null) { dbuser.setOnlineApplication(null); @@ -230,8 +415,22 @@ public class UserManagementAction extends ActionSupport ConfigurationDBUtils.saveOrUpdate(dbuser); ConfigurationDBUtils.delete(dbuser); + if (authUser.isAdmin()) { + MailHelper.sendUserAccountRevocationMail(dbuser); + } + + if (dbuser.getHjid() == authUser.getUserID()) { + ConfigurationDBUtils.closeSession(); + return Constants.STRUTS_REAUTHENTICATE; + } + } catch (MOADatabaseException e) { - log.warn("UserData can not be deleted from Database"); + log.warn("UserData can not be deleted from Database", e); + addActionError(e.getMessage()); + return Constants.STRUTS_SUCCESS; + + } catch (ConfigurationException e) { + log.warn("Information mail sending failed.", e); addActionError(e.getMessage()); return Constants.STRUTS_SUCCESS; } @@ -242,39 +441,102 @@ public class UserManagementAction extends ActionSupport } ConfigurationDBUtils.closeSession(); + return Constants.STRUTS_SUCCESS; } - private String saveFormToDB() { + public String sendVerificationMail () { + HttpSession session = request.getSession(); + if (session == null) { + log.info("No http Session found."); + return Constants.STRUTS_ERROR; + } - UserDatabase dbuser = ConfigurationDBRead.getUserWithUserName(user.getUsername()); + String message = LanguageHelper.getErrorString("error.mail.verification"); - if( dbuser == null) { - dbuser = new UserDatabase(); + Object authUserObj = session.getAttribute(Constants.SESSION_AUTH); + authUser = (AuthenticatedUser) authUserObj; + + if (authUser != null) { + UserDatabase dbuser = ConfigurationDBRead.getUserWithID(authUser.getUserID()); + + if (dbuser != null) { + dbuser.setIsMailAddressVerified(false); + dbuser.setUserRequestTokken(Random.nextRandom()); + + try { + ConfigurationDBUtils.saveOrUpdate(dbuser); + + MailHelper.sendUserMailAddressVerification(dbuser); + + message = LanguageHelper.getErrorString("webpages.edituser.verify.mail.message"); + + } catch (ConfigurationException e) { + log.warn("Sending of mailaddress verification mail failed.", e); + message = LanguageHelper.getErrorString("error.mail.send"); + + } catch (MOADatabaseException e) { + log.warn("Access UserInformationDatabase failed.", e); + } + } } - dbuser.setBpk(user.getBpk()); - dbuser.setFamilyname(user.getFamilyName()); - dbuser.setGivenname(user.getGivenName()); - dbuser.setInstitut(user.getInstitut()); + stream = new ByteArrayInputStream(message.getBytes()); + + return SUCCESS; + } + + private String saveFormToDB(UserDatabase dbuser) { + dbuser.setMail(user.getMail()); dbuser.setPhone(user.getPhone()); - dbuser.setUsername(user.getUsername()); - if (authUser.isAdmin()) { - dbuser.setIsActive(user.isActive()); - dbuser.setIsAdmin(user.isAdmin()); + if (authUser.isAdmin() || dbuser.isIsUsernamePasswordAllowed()) { + dbuser.setIsUsernamePasswordAllowed(user.isIsusernamepasswordallowed()); + + if (authUser.isAdmin()) { + dbuser.setIsActive(user.isActive()); + dbuser.setIsAdmin(user.isAdmin()); + + } + } + + if (dbuser.isIsPVP2Generated() == null || !dbuser.isIsPVP2Generated()) { + dbuser.setFamilyname(user.getFamilyName()); + dbuser.setGivenname(user.getGivenName()); + dbuser.setInstitut(user.getInstitut()); + + if (authUser.isAdmin()) { + dbuser.setBpk(user.getBpk()); + if ( user.getBpk().startsWith(Constants.IDENIFICATIONTYPE_BASEID + + "X" + Constants.IDENIFICATIONTYPE_FN) || + user.getBpk().startsWith(Constants.IDENIFICATIONTYPE_BASEID + + "X" + Constants.IDENIFICATIONTYPE_ZVR) || + user.getBpk().startsWith(Constants.IDENIFICATIONTYPE_BASEID + + "X" + Constants.IDENIFICATIONTYPE_ERSB)) { + dbuser.setIsMandateUser(true); + } + } + + } else { + if (!dbuser.isIsMandateUser()) + dbuser.setInstitut(user.getInstitut()); } - if (MiscUtil.isNotEmpty(user.getPassword())) { - String key = AuthenticationHelper.generateKeyFormPassword(user.getPassword()); - if (key == null) { - return LanguageHelper.getErrorString("errors.edit.user.save"); + if (dbuser.isIsUsernamePasswordAllowed()) { + + if (MiscUtil.isNotEmpty(user.getUsername()) && MiscUtil.isEmpty(dbuser.getUsername())) + dbuser.setUsername(user.getUsername()); + + if (MiscUtil.isNotEmpty(user.getPassword())) { + String key = AuthenticationHelper.generateKeyFormPassword(user.getPassword()); + if (key == null) { + return LanguageHelper.getErrorString("errors.edit.user.save"); + } + dbuser.setPassword(key); } - dbuser.setPassword(key); } - try { ConfigurationDBUtils.saveOrUpdate(dbuser); } catch (MOADatabaseException e) { @@ -284,29 +546,9 @@ public class UserManagementAction extends ActionSupport return null; } - -// public String createTestUser() throws MOADatabaseException { -// -// UserDatabase user = new UserDatabase(); -// user.setBpk(""); -// user.setFamilyname("Max"); -// user.setGivenname("Mustermann"); -// user.setIsActive(true); -// user.setIsAdmin(false); -// user.setInstitut("EGIZ"); -// user.setLastLoginItem(new Date()); -// user.setMail("masdf@amfasdf.com"); -// user.setPhone("00660011542"); -// user.setUsername("testuser"); -// -// ConfigurationDBUtils.save(user); -// -// return Constants.STRUTS_SUCCESS; -// } - - + public void setServletResponse(HttpServletResponse response) { - this.response = response; +// this.response = response; } @@ -370,7 +612,33 @@ public class UserManagementAction extends ActionSupport public boolean isNewUser() { return newUser; } - - + + /** + * @return the nextPage + */ + public String getNextPage() { + return nextPage; + } + + /** + * @return the stream + */ + public InputStream getStream() { + return stream; + } + + /** + * @return the formID + */ + public String getFormID() { + return formID; + } + + /** + * @param formID the formID to set + */ + public void setFormID(String formID) { + this.formID = formID; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/SAML2Utils.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/SAML2Utils.java new file mode 100644 index 000000000..fc310900e --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/SAML2Utils.java @@ -0,0 +1,99 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egovernment.moa.id.configuration.utils; + +import java.io.IOException; +import java.util.Iterator; +import java.util.Map; + +import javax.xml.namespace.QName; +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.transform.TransformerException; + +import org.opensaml.Configuration; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.XMLObjectBuilder; +import org.opensaml.xml.XMLObjectBuilderFactory; +import org.opensaml.xml.io.Marshaller; +import org.opensaml.xml.io.MarshallingException; + +public class SAML2Utils { + + static { + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); + factory.setNamespaceAware(true); + factory.setValidating(false); + try { + builder = factory.newDocumentBuilder(); + } catch (ParserConfigurationException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + } + + private static DocumentBuilder builder; + + public static <T> T createSAMLObject(final Class<T> clazz) { + try { + + XMLObjectBuilderFactory builderFactory = Configuration + .getBuilderFactory(); + + QName defaultElementName = (QName) clazz.getDeclaredField( + "DEFAULT_ELEMENT_NAME").get(null); + Map<QName, XMLObjectBuilder> builder = builderFactory.getBuilders(); + Iterator<QName> it = builder.keySet().iterator(); + + while (it.hasNext()) { + QName qname = it.next(); + if (qname.equals(defaultElementName)) { + System.out.printf("Builder for: %s\n", qname.toString()); + } + } + XMLObjectBuilder xmlBuilder = builderFactory + .getBuilder(defaultElementName); + + T object = (T) xmlBuilder.buildObject(defaultElementName); + return object; + } catch (Throwable e) { + System.out.printf("Failed to create object for: %s\n", + clazz.toString()); + e.printStackTrace(); + return null; + } + } + + public static org.w3c.dom.Document asDOMDocument(XMLObject object) throws IOException, + MarshallingException, TransformerException { + org.w3c.dom.Document document = builder.newDocument(); + Marshaller out = Configuration.getMarshallerFactory().getMarshaller( + object); + out.marshall(object, document); + return document; + } + + + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/UserRequestCleaner.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/UserRequestCleaner.java new file mode 100644 index 000000000..9ec8db858 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/UserRequestCleaner.java @@ -0,0 +1,93 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egovernment.moa.id.configuration.utils; + +import java.util.Calendar; +import java.util.Date; +import java.util.List; + +import org.apache.log4j.Logger; + +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; +import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; +import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; +import at.gv.egovernment.moa.id.configuration.helper.DateTimeHelper; + + +public class UserRequestCleaner implements Runnable { + + private static final Logger log = Logger.getLogger(UserRequestCleaner.class); + + private static final long SESSION_CLEANUP_INTERVAL = 60 * 60; // 60 min + + public void run() { + while (true) { + try { + ConfigurationProvider config = ConfigurationProvider.getInstance(); + + List<UserDatabase> userrequests = ConfigurationDBRead.getAllOpenUsersRequests(); + if (userrequests != null) { + Calendar cal = Calendar.getInstance(); + cal.add(Calendar.HOUR, config.getUserRequestCleanUpDelay()*-1); + Date cleanupdate = cal.getTime(); + + for(UserDatabase dbuser : userrequests) { + Date requestdate = DateTimeHelper.parseDateTime(dbuser.getLastLogin()); + + if (requestdate != null && requestdate.after(cleanupdate)) { + log.info("Remove UserRequest from Database"); + ConfigurationDBUtils.delete(dbuser); + } + + } + } + + Thread.sleep(SESSION_CLEANUP_INTERVAL * 1000); + + } catch (ConfigurationException e) { + log.info("UserRequestCleaner can not load configuration", e); + + } catch (InterruptedException e) { + + } finally { + ConfigurationDBUtils.closeSession(); + + } + } + } + + /** + * start the sessionCleaner + */ + public static void start() { + // start the session cleanup thread + Thread sessionCleaner = new Thread(new UserRequestCleaner()); + sessionCleaner.setName("UserRequestCleaner"); + sessionCleaner.setDaemon(true); + sessionCleaner.setPriority(Thread.MIN_PRIORITY); + sessionCleaner.start(); + } + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/CompanyNumberValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/CompanyNumberValidator.java index 820aa7c57..b96b1e4b0 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/CompanyNumberValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/CompanyNumberValidator.java @@ -1,18 +1,40 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.validation; import org.apache.commons.lang.StringUtils; +import at.gv.egovernment.moa.id.configuration.Constants; + public class CompanyNumberValidator implements IdentificationNumberValidator { public boolean validate(String commercialRegisterNumber) { String normalizedNumber = commercialRegisterNumber.replaceAll(" ", ""); - if(normalizedNumber.startsWith("FN")) { + if(normalizedNumber.startsWith(Constants.IDENIFICATIONTYPE_FN)) normalizedNumber = normalizedNumber.substring(2); - return checkCommercialRegisterNumber(normalizedNumber); - - } else - return true; + + return checkCommercialRegisterNumber(normalizedNumber); } private boolean checkCommercialRegisterNumber(String commercialRegisterNumber) { diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java new file mode 100644 index 000000000..6a1eddb14 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java @@ -0,0 +1,154 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egovernment.moa.id.configuration.validation; + +import java.util.ArrayList; +import java.util.List; + +import org.apache.log4j.Logger; + +import at.gv.egovernment.moa.id.configuration.data.FormularCustomization; +import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import at.gv.egovernment.moa.util.MiscUtil; + +public class FormularCustomizationValitator { + + private static final Logger log = Logger.getLogger(FormularCustomizationValitator.class); + + public List<String> validate(FormularCustomization form) { + + List<String> errors = new ArrayList<String>(); + String check; + + if (form.isOnlyMandateAllowed() && !form.isShowMandateLoginButton()) { + log.warn("OnlyMandateAllowed in combination with hidden MandateLoginCheckbox is not possible."); + errors.add(LanguageHelper.getErrorString("validation.general.bkuselection.specialfeatures.combination")); + } + + check = form.getBackGroundColor(); + if (MiscUtil.isNotEmpty(check)) { + if (!check.startsWith("#")) + check = "#" + check; + + if (!ValidationHelper.isValidHexValue(check)) { + log.warn("BKUSelectionBackGroundColor is not a valid hex value " + check); + errors.add(LanguageHelper.getErrorString("validation.general.form.color.background")); + } + } + + check = form.getFrontColor(); + if (MiscUtil.isNotEmpty(check)) { + if (!check.startsWith("#")) + check = "#" + check; + + if (!ValidationHelper.isValidHexValue(check)) { + log.warn("BKUSelectionFrontColor is not a valid hex value " + check); + errors.add(LanguageHelper.getErrorString("validation.general.form.color.front")); + } + } + + check = form.getHeader_BackGroundColor(); + if (MiscUtil.isNotEmpty(check)) { + if (!check.startsWith("#")) + check = "#" + check; + + if (!ValidationHelper.isValidHexValue(check)) { + log.warn("HeaderBackGroundColor is not a valid hex value " + check); + errors.add(LanguageHelper.getErrorString("validation.general.form.header.color.back")); + } + } + + check = form.getHeader_FrontColor(); + if (MiscUtil.isNotEmpty(check)) { + if (!check.startsWith("#")) + check = "#" + check; + + if (!ValidationHelper.isValidHexValue(check)) { + log.warn("HeaderFrontColor is not a valid hex value " + check); + errors.add(LanguageHelper.getErrorString("validation.general.form.header.color.front")); + } + } + + check = form.getHeader_text(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("HeaderText contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.form.header.text", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + } + } + + check = form.getButton_BackGroundColor(); + if (MiscUtil.isNotEmpty(check)) { + if (!check.startsWith("#")) + check = "#" + check; + + if (!ValidationHelper.isValidHexValue(check)) { + log.warn("ButtonBackGroundColor is not a valid hex value " + check); + errors.add(LanguageHelper.getErrorString("validation.general.form.button.color.back")); + } + } + + check = form.getButton_BackGroundColorFocus(); + if (MiscUtil.isNotEmpty(check)) { + if (!check.startsWith("#")) + check = "#" + check; + + if (!ValidationHelper.isValidHexValue(check)) { + log.warn("ButtonBackGroundColorFocus is not a valid hex value " + check); + errors.add(LanguageHelper.getErrorString("validation.general.form.button.color.back.focus")); + } + } + + check = form.getButton_FrontColor(); + if (MiscUtil.isNotEmpty(check)) { + if (!check.startsWith("#")) + check = "#" + check; + + if (!ValidationHelper.isValidHexValue(check)) { + log.warn("ButtonFrontColor is not a valid hex value " + check); + errors.add(LanguageHelper.getErrorString("validation.general.form.button.color.front")); + } + } + + check = form.getAppletRedirectTarget(); + if (MiscUtil.isNotEmpty(check)) { + if (!FormularCustomization.appletRedirectTargetList.contains(check)) { + log.warn("AppletRedirectTarget has not valid value " + check); + errors.add(LanguageHelper.getErrorString("validation.general.form.appletredirecttarget")); + } + } + + check = form.getFontType(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, true)) { + log.warn("FontType contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.form.fonttype", + new Object[] {ValidationHelper.getPotentialCSSCharacter(true)} )); + } + } + + return errors; + + } +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/IdentificationNumberValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/IdentificationNumberValidator.java index 19a5bb805..d66c0da3a 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/IdentificationNumberValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/IdentificationNumberValidator.java @@ -1,3 +1,25 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.validation; public interface IdentificationNumberValidator { diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/TargetValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/TargetValidator.java new file mode 100644 index 000000000..6d7032f9d --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/TargetValidator.java @@ -0,0 +1,104 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egovernment.moa.id.configuration.validation; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import at.gv.egovernment.moa.util.MiscUtil; + + +public class TargetValidator { + + private static Map<String, String> targetList = null; + + static { + targetList = new HashMap<String, String>(); + targetList.put("AR", "Arbeit"); + targetList.put("AS", "Amtliche Statistik"); + targetList.put("BF", "Bildung und Forschung"); + targetList.put("BW", "Bauen und Wohnen"); + targetList.put("EA", "EU und Auswärtige Angelegenheiten"); + targetList.put("EF", "Ein- und Ausfuhr"); + targetList.put("GH", "Gesundheit"); + targetList.put("GS", "Gesellschaft und Soziales"); +// targetList.put("GS-RE", "Restitution"); + targetList.put("JR", "Justiz/Zivilrechtswesen"); + targetList.put("KL", "Kultus"); + targetList.put("KU", "Kunst und Kultur"); + targetList.put("LF", "Land- und Forstwirtschaft"); + targetList.put("LV", "Landesverteidigung"); + targetList.put("RT", "Rundfunk und sonstige Medien sowie Telekommunikation"); + targetList.put("SA", "Steuern und Abgaben"); + targetList.put("SA", "Sport und Freizeit"); + targetList.put("SO", "Sicherheit und Ordnung"); +// targetList.put("SO-VR", "Vereinsregister"); +// targetList.put("SR-RG", "Strafregister"); + targetList.put("SV", "Sozialversicherung"); + targetList.put("UW", "Umwelt"); + targetList.put("VT", "Verkehr und Technik"); + targetList.put("VV", "Vermögensverwaltung"); + targetList.put("WT", "Wirtschaft"); + targetList.put("ZP", "Personenidentität und Bürgerrechte(zur Person)"); + targetList.put("BR", "Bereichsübergreifender Rechtsschutz"); + targetList.put("HR", "Zentrales Rechnungswesen"); + targetList.put("KI", "Auftraggeberinterne allgemeine Kanzleiindizes"); + targetList.put("OI", "Öffentlichkeitsarbeit"); + targetList.put("PV", "Personalverwaltung"); + targetList.put("RD", "Zentraler Rechtsdienst"); + targetList.put("VS", "Zentrale Durchführung von Verwaltungsstrafverfahren"); +// targetList.put("VS-RG", "Zentrales Verwaltungsstrafregister"); + targetList.put("ZU", "Zustellungen"); + } + + public static List<String> getListOfTargets() { + Map<String, String> list = new HashMap<String, String>(); + list.put("", ""); + list.putAll(targetList); + + List<String> sortedList = new ArrayList<String>(); + sortedList.addAll(list.keySet()); + Collections.sort(sortedList); + + return sortedList; + + } + + public static String getTargetFriendlyName(String target) { + String name = targetList.get(target); + + if (MiscUtil.isNotEmpty(name)) + return name; + else + return null; + } + + public static boolean isValidTarget(String target) { + return targetList.containsKey(target); + } + + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java index 276b0b4c8..a837ee855 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java @@ -1,3 +1,25 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.validation; import java.util.ArrayList; @@ -16,44 +38,50 @@ public class UserDatabaseFormValidator { private static final Logger log = Logger.getLogger(UserDatabaseFormValidator.class); - public List<String> validate(UserDatabaseFrom form, long userID) { + public List<String> validate(UserDatabaseFrom form, long userID, boolean isPVP2Generated, boolean isMandateUser) { List<String> errors = new ArrayList<String>(); - - String check = form.getGivenName(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { - log.warn("GivenName contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.valid", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); - } - } else { - log.warn("GivenName is empty"); - errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.empty")); - } + String check = null; - check = form.getFamilyName(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { - log.warn("FamilyName contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.valid", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + if (!isPVP2Generated) { + check = form.getGivenName(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("GivenName contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + } + } else { + log.warn("GivenName is empty"); + errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.empty")); + } + + + check = form.getFamilyName(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("FamilyName contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + } + } else { + log.warn("FamilyName is empty"); + errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.empty")); } - } else { - log.warn("FamilyName is empty"); - errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.empty")); } - - check = form.getInstitut(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { - log.warn("Organisation contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.edituser.institut.valid", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + + if (!isMandateUser) { + check = form.getInstitut(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("Organisation contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.edituser.institut.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + } + } else { + log.warn("Organisation is empty"); + errors.add(LanguageHelper.getErrorString("validation.edituser.institut.empty")); } - } else { - log.warn("Organisation is empty"); - errors.add(LanguageHelper.getErrorString("validation.edituser.institut.empty")); } check = form.getMail(); @@ -80,67 +108,67 @@ public class UserDatabaseFormValidator { errors.add(LanguageHelper.getErrorString("validation.edituser.phone.empty")); } - check = form.getUsername(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { - log.warn("Username contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.edituser.username.valid", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); - - } else { - UserDatabase dbuser = ConfigurationDBRead.getUserWithUserName(check); - if (dbuser != null && userID != dbuser.getHjid()) { - log.warn("Username " + check + " exists in UserDatabase"); - errors.add(LanguageHelper.getErrorString("validation.edituser.username.duplicate")); - form.setUsername(""); - } - } - } else { - if (userID == -1) { - log.warn("Username is empty"); - errors.add(LanguageHelper.getErrorString("validation.edituser.username.empty")); + if (form.isIsusernamepasswordallowed()) { + check = form.getUsername(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("Username contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.edituser.username.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + + } else { + UserDatabase dbuser = ConfigurationDBRead.getUserWithUserName(check); + if (dbuser != null && userID != dbuser.getHjid()) { + log.warn("Username " + check + " exists in UserDatabase"); + errors.add(LanguageHelper.getErrorString("validation.edituser.username.duplicate")); + form.setUsername(""); + } + } } else { - UserDatabase dbuser = ConfigurationDBRead.getUserWithID(userID); - if (dbuser == null) { + if (userID == -1) { log.warn("Username is empty"); errors.add(LanguageHelper.getErrorString("validation.edituser.username.empty")); } else { - form.setUsername(dbuser.getUsername()); + UserDatabase dbuser = ConfigurationDBRead.getUserWithID(userID); + if (dbuser == null) { + log.warn("Username is empty"); + errors.add(LanguageHelper.getErrorString("validation.edituser.username.empty")); + } else { + form.setUsername(dbuser.getUsername()); + } } } - } - - check = form.getPassword(); - if (MiscUtil.isEmpty(check)) { - if (userID == -1) { - log.warn("Password is empty"); - errors.add(LanguageHelper.getErrorString("validation.edituser.password.empty")); - } else { - UserDatabase dbuser = ConfigurationDBRead.getUserWithID(userID); - if (dbuser == null || MiscUtil.isEmpty(dbuser.getPassword())) { + check = form.getPassword(); + + if (MiscUtil.isEmpty(check)) { + if (userID == -1) { log.warn("Password is empty"); errors.add(LanguageHelper.getErrorString("validation.edituser.password.empty")); - } - } - - } else { - - if (check.equals(form.getPassword_second())) { - - String key = AuthenticationHelper.generateKeyFormPassword(check); - if (key == null) { - errors.add(LanguageHelper.getErrorString("validation.edituser.password.valid")); + } else { + UserDatabase dbuser = ConfigurationDBRead.getUserWithID(userID); + if (dbuser == null || MiscUtil.isEmpty(dbuser.getPassword())) { + log.warn("Password is empty"); + errors.add(LanguageHelper.getErrorString("validation.edituser.password.empty")); + } } - } - else { - errors.add(LanguageHelper.getErrorString("validation.edituser.password.equal")); + } else { + + if (check.equals(form.getPassword_second())) { + + String key = AuthenticationHelper.generateKeyFormPassword(check); + if (key == null) { + errors.add(LanguageHelper.getErrorString("validation.edituser.password.valid")); + } + + } + else { + errors.add(LanguageHelper.getErrorString("validation.edituser.password.equal")); + } } } - - - + check = form.getBpk(); if (MiscUtil.isNotEmpty(check)) { if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/ValidationHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/ValidationHelper.java index aeac75e44..46d9f4db8 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/ValidationHelper.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/ValidationHelper.java @@ -1,18 +1,140 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.validation; +import iaik.asn1.ObjectID; +import iaik.utils.Util; +import iaik.x509.X509Certificate; +import iaik.x509.X509ExtensionInitException; + +import java.io.IOException; import java.net.MalformedURLException; import java.net.URL; +import java.net.UnknownHostException; +import java.security.cert.Certificate; +import java.security.cert.CertificateEncodingException; +import java.security.cert.CertificateException; import java.text.ParseException; import java.text.SimpleDateFormat; import java.util.regex.Matcher; import java.util.regex.Pattern; +import javax.net.ssl.HttpsURLConnection; +import javax.net.ssl.SSLSession; +import javax.net.ssl.SSLSocket; +import javax.net.ssl.SSLSocketFactory; + import org.apache.log4j.Logger; public class ValidationHelper { private static final Logger log = Logger.getLogger(ValidationHelper.class); + private static final String TEMPLATE_DATEFORMAT = "dd.MM.yyyy"; + + + public static boolean isPublicServiceAllowed(String identifier) { + + SSLSocket socket = null; + + try { + URL url = new URL(identifier); + String host = url.getHost(); + + if (host.endsWith("/")) + host = host.substring(0, host.length()-1); + + if (url.getHost().endsWith(at.gv.egovernment.moa.id.configuration.Constants.PUBLICSERVICE_URL_POSTFIX)) { + log.debug("PublicURLPrefix with .gv.at Domain found."); + return true; + + } else { + SSLSocketFactory factory = HttpsURLConnection.getDefaultSSLSocketFactory(); + socket = (SSLSocket) factory.createSocket(url.getHost(), url.getPort()); + socket.startHandshake(); + + SSLSession session = socket.getSession(); + Certificate[] servercerts = session.getPeerCertificates(); + X509Certificate[] iaikChain = new X509Certificate[servercerts.length]; + for (int i=0; i<servercerts.length; i++) { + iaikChain[i] = new X509Certificate(servercerts[i].getEncoded()); + } + + + X509Certificate cert = Util.arrangeCertificateChain(iaikChain, false)[0]; + + if (cert != null) { + ObjectID vwOID = new ObjectID("1.2.40.0.10.1.1.1"); // Verwaltungseigenschaft + ObjectID dOID = new ObjectID("1.2.40.0.10.1.1.2"); // Dienstleistereigenschaft + + + if ((cert.getExtension(vwOID) == null) && (cert.getExtension(dOID) == null)) { + return false; + + } else { + log.info("Found correct X509 Extension in server certificate. PublicService is allowed"); + return true; + } + } + + return false; + } + + } catch (MalformedURLException e) { + log.warn("PublicURLPrefix can not parsed to URL", e); + return false; + + } catch (UnknownHostException e) { + log.warn("Can not connect to PublicURLPrefix Server", e); + return false; + + } catch (IOException e) { + log.warn("Can not connect to PublicURLPrefix Server", e); + return false; + + } catch (CertificateEncodingException e) { + log.warn("Can not parse X509 server certificate", e); + return false; + + } catch (CertificateException e) { + log.warn("Can not read X509 server certificate", e); + return false; + + } catch (X509ExtensionInitException e) { + log.warn("Can not read X509 server certificate extension", e); + return false; + } + + finally { + if (socket != null) + try { + socket.close(); + } catch (IOException e) { + log.warn("SSL Socket can not be closed.", e); + } + } + } + public static boolean validateOAID(String oaIDObj) { if (oaIDObj != null) { try { @@ -34,7 +156,7 @@ public class ValidationHelper { log.debug("Validate Number " + value); try { - float num = Float.valueOf(value); + Float.valueOf(value); return true; @@ -52,7 +174,7 @@ public class ValidationHelper { if (urlString.startsWith("http") || urlString.startsWith("https")) { try { - URL url =new URL(urlString); + new URL(urlString); return true; } catch (MalformedURLException e) { @@ -62,7 +184,7 @@ public class ValidationHelper { return false; } - public static boolean isValidTarget(String target) { + public static boolean isValidAdminTarget(String target) { log.debug("Ueberpruefe Parameter Target"); @@ -76,10 +198,24 @@ public class ValidationHelper { else { log.error("Fehler Ueberpruefung Parameter Target. Target entspricht nicht den Kriterien (nur Zeichen a-z, A-Z und -, sowie 1-5 Zeichen lang)"); return false; - } - + } } + public static boolean isValidTarget(String target) { + + log.debug("Ueberpruefe Parameter Target"); + + if (TargetValidator.isValidTarget(target)) { + log.debug("Parameter Target erfolgreich ueberprueft"); + return true; + } + else { + log.error("Fehler Ueberpruefung Parameter Target. Target entspricht nicht den Kriterien (nur Zeichen a-z, A-Z und -, sowie 1-5 Zeichen lang)"); + return false; + } + + } + public static boolean isValidSourceID(String sourceID) { log.debug("Ueberpruefe Parameter sourceID"); @@ -98,7 +234,10 @@ public class ValidationHelper { } public static boolean isDateFormat(String dateString) { - SimpleDateFormat sdf = new SimpleDateFormat("dd.MM.yyyy"); + if (dateString.length() > TEMPLATE_DATEFORMAT.length()) + return false; + + SimpleDateFormat sdf = new SimpleDateFormat(TEMPLATE_DATEFORMAT); try { sdf.parse(dateString); return true; @@ -182,4 +321,20 @@ public class ValidationHelper { return "; % \" ' ` < >"; } + + public static boolean isValidHexValue(String param) { + + try { + if (param.startsWith("#") && param.length() <= 7) { + Long.decode(param); + return true; + } + + } catch (Exception e) { + + } + return false; + + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java index f51095cac..1ea51652a 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java @@ -1,3 +1,25 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.validation.moaconfig; import java.io.File; @@ -292,7 +314,7 @@ public class MOAConfigValidator { errors.add(LanguageHelper.getErrorString("validation.general.sso.target.empty")); } else { - if (!ValidationHelper.isValidTarget(check)) { + if (!ValidationHelper.isValidAdminTarget(check)) { log.info("Not valid SSO Target"); errors.add(LanguageHelper.getErrorString("validation.general.sso.target.valid")); } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java index 6ab4f5292..f8ccebc09 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java @@ -1,3 +1,25 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.validation.moaconfig; import java.util.ArrayList; @@ -6,7 +28,6 @@ import java.util.List; import org.apache.log4j.Logger; -import at.gv.egovernment.moa.id.commons.db.dao.config.Contact; import at.gv.egovernment.moa.id.configuration.data.pvp2.ContactForm; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAGeneralConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAGeneralConfigValidation.java index fa992674e..9c950fb66 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAGeneralConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAGeneralConfigValidation.java @@ -1,3 +1,25 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.validation.oa; import java.util.ArrayList; @@ -6,7 +28,7 @@ import java.util.Map; import org.apache.log4j.Logger; -import at.gv.egovernment.moa.id.commons.db.dao.config.MOAKeyBoxSelector; +import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.validation.CompanyNumberValidator; @@ -20,51 +42,56 @@ public class OAGeneralConfigValidation { public List<String> validate(OAGeneralConfig form, boolean isAdmin) { List<String> errors = new ArrayList<String>(); + String check; - //validate aditionalAuthBlockText - String check = form.getAditionalAuthBlockText(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { - log.warn("AditionalAuthBlockText contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.aditionalauthblocktext", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + if (isAdmin) { + //validate aditionalAuthBlockText + check = form.getAditionalAuthBlockText(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("AditionalAuthBlockText contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.aditionalauthblocktext", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + } } } //Check BKU URLs - check =form.getBkuHandyURL(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty Handy-BKU URL"); - errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.empty")); - - } else { - if (!ValidationHelper.validateURL(check)) { - log.info("Not valid Handy-BKU URL"); - errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.valid")); + if (isAdmin) { + check =form.getBkuHandyURL(); + if (MiscUtil.isNotEmpty(check)) { +// log.info("Empty Handy-BKU URL"); +// errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.empty")); +// +// } else { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid Handy-BKU URL"); + errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.valid")); + } } - } - - check =form.getBkuLocalURL(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty Local-BKU URL"); - errors.add(LanguageHelper.getErrorString("validation.general.bku.local.empty")); - } else { - if (!ValidationHelper.validateURL(check)) { - log.info("Not valid Online-BKU URL"); - errors.add(LanguageHelper.getErrorString("validation.general.bku.local.valid")); + check =form.getBkuLocalURL(); + if (MiscUtil.isNotEmpty(check)) { +// log.info("Empty Local-BKU URL"); +// errors.add(LanguageHelper.getErrorString("validation.general.bku.local.empty")); +// +// } else { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid Online-BKU URL"); + errors.add(LanguageHelper.getErrorString("validation.general.bku.local.valid")); + } } - } - - check =form.getBkuOnlineURL(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty Online-BKU URL"); - errors.add(LanguageHelper.getErrorString("validation.general.bku.online.empty")); - } else { - if (!ValidationHelper.validateURL(check)) { - log.info("Not valid Online-BKU URL"); - errors.add(LanguageHelper.getErrorString("validation.general.bku.online.valid")); + check =form.getBkuOnlineURL(); + if (MiscUtil.isNotEmpty(check)) { +// log.info("Empty Online-BKU URL"); +// errors.add(LanguageHelper.getErrorString("validation.general.bku.online.empty")); +// +// } else { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid Online-BKU URL"); + errors.add(LanguageHelper.getErrorString("validation.general.bku.online.valid")); + } } } @@ -78,52 +105,60 @@ public class OAGeneralConfigValidation { } } - //check KeyBoxIdentifier - check = form.getKeyBoxIdentifier(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty KeyBoxIdentifier"); - errors.add(LanguageHelper.getErrorString("validation.general.keyboxidentifier.empty")); - } else { - Map<String, String> list = form.getKeyBoxIdentifierList(); - if (!list.containsKey(check)) { - log.info("Not valid KeyBoxIdentifier " + check); - errors.add(LanguageHelper.getErrorString("validation.general.keyboxidentifier.valid")); - } - } - - //check LegacyMode SLTemplates - if (form.isLegacy()) { - if (MiscUtil.isEmpty(form.getSLTemplateURL1()) && - MiscUtil.isEmpty(form.getSLTemplateURL2()) && - MiscUtil.isEmpty(form.getSLTemplateURL3()) ) { - log.info("Empty OA-specific SecurityLayer Templates"); - errors.add(LanguageHelper.getErrorString("validation.general.sltemplates.empty")); - + if (isAdmin) { + //check KeyBoxIdentifier + check = form.getKeyBoxIdentifier(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty KeyBoxIdentifier"); + errors.add(LanguageHelper.getErrorString("validation.general.keyboxidentifier.empty")); } else { - check = form.getSLTemplateURL1(); - if (MiscUtil.isNotEmpty(check) && - !ValidationHelper.validateURL(check) ) { - log.info("First OA-specific SecurityLayer Templates is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.sltemplate1.valid")); - } - check = form.getSLTemplateURL2(); - if (MiscUtil.isNotEmpty(check) && - !ValidationHelper.validateURL(check) ) { - log.info("Second OA-specific SecurityLayer Templates is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.sltemplate2.valid")); + Map<String, String> list = form.getKeyBoxIdentifierList(); + if (!list.containsKey(check)) { + log.info("Not valid KeyBoxIdentifier " + check); + errors.add(LanguageHelper.getErrorString("validation.general.keyboxidentifier.valid")); } - check = form.getSLTemplateURL3(); - if (MiscUtil.isNotEmpty(check) && - !ValidationHelper.validateURL(check) ) { - log.info("Third OA-specific SecurityLayer Templates is not valid"); - errors.add(LanguageHelper.getErrorString("validation.general.sltemplate3.valid")); - } - } + } + + //check LegacyMode SLTemplates + if (form.isLegacy()) { + if (MiscUtil.isEmpty(form.getSLTemplateURL1()) && + MiscUtil.isEmpty(form.getSLTemplateURL2()) && + MiscUtil.isEmpty(form.getSLTemplateURL3()) ) { + log.info("Empty OA-specific SecurityLayer Templates"); + errors.add(LanguageHelper.getErrorString("validation.general.sltemplates.empty")); + + } else { + check = form.getSLTemplateURL1(); + if (MiscUtil.isNotEmpty(check) && + !ValidationHelper.validateURL(check) ) { + log.info("First OA-specific SecurityLayer Templates is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.sltemplate1.valid")); + } + check = form.getSLTemplateURL2(); + if (MiscUtil.isNotEmpty(check) && + !ValidationHelper.validateURL(check) ) { + log.info("Second OA-specific SecurityLayer Templates is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.sltemplate2.valid")); + } + check = form.getSLTemplateURL3(); + if (MiscUtil.isNotEmpty(check) && + !ValidationHelper.validateURL(check) ) { + log.info("Third OA-specific SecurityLayer Templates is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.sltemplate3.valid")); + } + } + } } //check Mandate Profiles check = form.getMandateProfiles(); if (MiscUtil.isNotEmpty(check)) { + + if (!form.isUseMandates()) { + log.info("MandateProfiles configured but useMandates is false."); + errors.add(LanguageHelper.getErrorString("validation.general.mandate.usemandate")); + } + if (ValidationHelper.containsPotentialCSSCharacter(check, true)) { log.warn("MandateProfiles contains potentail XSS characters: " + check); errors.add(LanguageHelper.getErrorString("validation.general.mandate.profiles", @@ -131,22 +166,19 @@ public class OAGeneralConfigValidation { } } - //check SL Version - check = form.getSlVersion(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty SLVersion. Set SLVersion to 1.2"); - form.setSlVersion("1.2"); - - } else { - if (!ValidationHelper.validateNumber(check)) { - log.info("Not valid SLVersion"); - errors.add(LanguageHelper.getErrorString("validation.general.slversion")); - } - } - + + boolean businessservice = form.isBusinessService(); if (businessservice) { + + //check identification type + check = form.getIdentificationType(); + if (!form.getIdentificationTypeList().contains(check)) { + log.info("IdentificationType is not known."); + errors.add(LanguageHelper.getErrorString("validation.general.identificationtype.valid")); + } + //check identification number check = form.getIdentificationNumber(); if (MiscUtil.isEmpty(check)) { @@ -160,49 +192,85 @@ public class OAGeneralConfigValidation { new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); } - if (check.startsWith("FN")) { + if (form.getIdentificationType().equals(Constants.IDENIFICATIONTYPE_FN)) { CompanyNumberValidator val = new CompanyNumberValidator(); - if (val.validate(check)) { + if (!val.validate(check)) { log.info("Not valid CompanyNumber"); errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.fn.valid")); } } } - - try { - float slversion = Float.valueOf(form.getSlVersion()); - if (slversion < 1.2) { - log.info("BusinessService Applications requires SLVersion >= 1.2"); - errors.add(LanguageHelper.getErrorString("validation.general.slversion.business")); - form.setSlVersion("1.2"); - } - - } catch (NumberFormatException e) { - } - + } else { - //check targetFrindlyName(); - check = form.getTargetFriendlyName(); + + check = form.getTarget_subsector(); if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { - log.warn("TargetFriendlyName contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.targetfriendlyname", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + if (!ValidationHelper.isValidAdminTarget(check)) { + log.info("Not valid Target-Subsector"); + errors.add(LanguageHelper.getErrorString("validation.general.target.subsector.valid")); } } - //check Target - check = form.getTarget(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty Target"); - errors.add(LanguageHelper.getErrorString("validation.general.target.empty")); + + if (!isAdmin) { + //check PublicURL Prefix allows PublicService + if (!ValidationHelper.isPublicServiceAllowed(form.getIdentifier())) { + log.warn("PublicURLPrefix does not allow PublicService: " + form.getIdentifier()); + errors.add(LanguageHelper.getErrorString("validation.general.target.publicserviceurl", + new Object[] {form.getIdentifier()} )); + form.setBusinessService(true); + return errors; + + } + + //check Target + check = form.getTarget(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty Target"); + errors.add(LanguageHelper.getErrorString("validation.general.target.empty")); + + } else { + if (!ValidationHelper.isValidTarget(check)) { + log.info("Not valid Target"); + errors.add(LanguageHelper.getErrorString("validation.general.target.valid")); + } + } } else { - if (!ValidationHelper.isValidTarget(check)) { - log.info("Not valid Target"); - errors.add(LanguageHelper.getErrorString("validation.general.target.valid")); + + //check targetFrindlyName(); + check = form.getTargetFriendlyName(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("TargetFriendlyName contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.targetfriendlyname", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + } } - } + + if (MiscUtil.isEmpty(form.getTarget()) && MiscUtil.isEmpty(form.getTarget_admin())) { + log.info("Empty Target"); + errors.add(LanguageHelper.getErrorString("validation.general.target.empty")); + } + + //check Target + check = form.getTarget(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.isValidTarget(check)) { + log.info("Not valid Target"); + errors.add(LanguageHelper.getErrorString("validation.general.target.valid")); + } + } + + //check Admin Target + check = form.getTarget_admin(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.isValidAdminTarget(check)) { + log.info("Not valid Target"); + errors.add(LanguageHelper.getErrorString("validation.general.target.admin.valid")); + } + } + } } return errors; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAOAUTH20ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAOAUTH20ConfigValidation.java new file mode 100644 index 000000000..249df4dcd --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAOAUTH20ConfigValidation.java @@ -0,0 +1,55 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egovernment.moa.id.configuration.validation.oa; + +import java.util.ArrayList; +import java.util.List; + +import org.apache.commons.lang.StringUtils; +import org.apache.log4j.Logger; + +import at.gv.egovernment.moa.id.configuration.data.oa.OAOAuth20Config; +import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util; + +public class OAOAUTH20ConfigValidation { + + private static final Logger log = Logger.getLogger(OAOAUTH20ConfigValidation.class); + + public List<String> validate(OAOAuth20Config form) { + + List<String> errors = new ArrayList<String>(); + + // validate secret +// if (StringUtils.isEmpty(form.getClientSecret())) { +// errors.add(LanguageHelper.getErrorString("error.oa.oauth.clientSecret")); +// } + + // validate redirectUri + if (StringUtils.isNotEmpty(form.getRedirectUri()) && !OAuth20Util.isUrl(form.getRedirectUri())) { + errors.add(LanguageHelper.getErrorString("error.oa.oauth.redirecturi")); + } + + return errors; + } +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java index 4a1ef9261..18b6a2d22 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java @@ -1,3 +1,25 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.validation.oa; import java.io.IOException; @@ -10,6 +32,7 @@ import org.apache.log4j.Logger; import at.gv.egovernment.moa.id.configuration.data.oa.OAPVP2Config; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; +import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; public class OAPVP2ConfigValidation { @@ -19,24 +42,59 @@ public class OAPVP2ConfigValidation { public List<String> validate(OAPVP2Config form) { List<String> errors = new ArrayList<String>(); - - String url = form.getMetaDataURL(); - if (MiscUtil.isNotEmpty(url) && !ValidationHelper.validateURL(url)) { - log.info("MetaDataURL has no valid form."); - errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.valid")); - } - try { + byte[] metadata = null; +// byte[] cert = null; + + String check = form.getMetaDataURL(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("MetaDataURL has no valid form."); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.valid")); + + } else { + metadata = FileUtils.readURL(check); + if (MiscUtil.isEmpty(metadata)) { + log.info("Filecontent can not be read form MetaDataURL."); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.read")); + } + } + } + if (form.getFileUpload() != null) form.getCertificate(); +// else { +// if (metadata != null) { +// log.info("No certificate to verify the Metadata defined."); +// errors.add(LanguageHelper.getErrorString("validation.pvp2.certificate.notfound")); +// } +// } + +// if (cert != null && metadata != null) { +// HTTPMetadataProvider httpProvider = new HTTPMetadataProvider( +// check, 20000); +// httpProvider.setParserPool(new BasicParserPool()); +// httpProvider.setRequireValidMetadata(true); +// MetadataFilter filter = new MetadataSignatureFilter( +// check, cert); +// httpProvider.setMetadataFilter(filter); +// httpProvider.initialize(); +// +// } + + } catch (CertificateException e) { log.info("Uploaded Certificate can not be found", e); errors.add(LanguageHelper.getErrorString("validation.pvp2.certificate.notfound")); } catch (IOException e) { - log.info("Uploaded Certificate can not be parsed", e); - errors.add(LanguageHelper.getErrorString("validation.pvp2.certificate.format")); + log.info("Metadata can not be loaded from URL", e); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.read")); + +// } catch (MetadataProviderException e) { +// log.info("MetaDate verification failed"); +// errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify")); } return errors; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASAML1ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASAML1ConfigValidation.java index 147ea45e9..73eba87ff 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASAML1ConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASAML1ConfigValidation.java @@ -1,3 +1,25 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.validation.oa; import java.util.ArrayList; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASSOConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASSOConfigValidation.java index 22e2406f2..dd305d144 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASSOConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASSOConfigValidation.java @@ -1,3 +1,25 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.validation.oa; import java.util.ArrayList; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java index 76183caad..def5aa5ed 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java @@ -1,3 +1,25 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.validation.oa; import java.util.ArrayList; diff --git a/id/ConfigWebTool/src/main/resources/applicationResources.properties b/id/ConfigWebTool/src/main/resources/applicationResources.properties index 0effc6961..456c37ff1 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources.properties @@ -4,8 +4,10 @@ title=MOA-ID 2.x Configuration Tool config.01=Configfile is not found. config.02=Configfile is not readable. config.03=Hibernate Database connector can not be initialized +config.04=OpenSAML (PVP2 Login) can not be initialized error.title=Fehler: +error.general.text=W\u00E4hrend der Verarbeitung ist ein interner Fehler auftetreten. Bitte Versuchen Sie es nocheinmal oder kontaktieren Sie den Administrator. errors.listOAs.noOA=Es wurden keine Online-Applikationen in der Datenbank gefunden. errors.edit.oa.oaid=Es wurde keine g\u00FCtige Online-Applikations-ID \u00FCbergeben. errors.edit.oa.oaid.allowed=Sie besitzen nicht die ben\u00F6tigen Rechte um auf diese Online-Applikation zuzugreifen. @@ -20,7 +22,17 @@ errors.importexport.export.noconfig=Die Konfiguration kann nicht exportiert werd errors.edit.user.userid=Es wurde keine g\u00FCtige User ID \u00FCbergeben. errors.edit.user.save=Der Benutzer konnte nicht in die Datenbank eingetragen werden. errors.edit.user.notallowed=Das Bearbeiten fremder Benutzereinstellungen ist nur dem Admin erlaubt. -error.login=Der Anmeldevorgang durch einen internen Fehler unterbrochen. Bitte Versuchen sie es noch einmal. +error.login=Der Anmeldevorgang wurde abgebrochen. Bitte Versuchen sie es noch einmal. +error.mail.send=An die angegebene Mailadresse konnte keine Nachticht versendet werden. +error.mail.verification=Der Verifikationsvorgang wurde durch einen internen Fehler unterbrochen. Bitte Versuchen sie es noch einmal. +error.editoa.mailverification=Die Verwaltung von Online-Applikationen ist vor\u00FCbergehend deaktiviert, da die Mailadresse des Benutzeraccounts noch nicht verifiziert wurde. +error.bkuformpreview.notpossible="Die Vorschau konnte nicht generiert werden da ein interner Fehler auftreten ist." +error.oa.oauth.redirecturi=Redirect URL ist keine richtige URL +error.oa.oauth.clientSecret=Client-Secret darf nicht leer sein +error.oa.oauth.keyname=Key-Name darf nicht leer sein +error.oa.oauth.keystore=Keystore darf nicht leer sein und muss eine richtige URL sein. + +mail.userrequest.subject=Accountanforderung MOA-ID 2.x Konfigurationstool webpages.error.header=Es ist ein Fehler aufgetreten @@ -28,6 +40,7 @@ webpages.index.header=Willkommen bei der MOA-ID 2.x Konfigurationsapplikation webpages.index.desciption.head=Um dieses Service nutzen zu k\u00F6nnen m\u00FCssen sie sich einloggen. webpages.index.login=Anmelden webpages.index.logout=Abmelden +webpages.index.login.pvp2=Anmeldung mit B\u00FCrgerkarte oder Handy-Signature webpages.index.login.notallowed=Entweder sind Benutzername oder Passwort sind nicht korrekt oder der Account wurde noch nicht aktiviert. webpages.index.username.unkown=Der Benutzer ist nicht bekannt. webpages.index.username.notactive=Der Benutzer wurde durch den Administrator noch nicht freigeschalten. @@ -47,8 +60,8 @@ webpages.inportexport.descripten=ACHTUNG\: Die importierte Konfiguration ersetzt webpages.usermanagement.newuser=Neuen Benutzer erstellen webpages.usermanagement.header=Benutzerverwaltung webpages.listUsers.list.header=Liste aller vorhandenen Benutzer -webpages.listUsers.list.first=Vorname -webpages.listUsers.list.second=Familienname +webpages.listUsers.list.first=Familien-/Firmenname +webpages.listUsers.list.second=Vorname webpages.listUsers.list.third=Benutzername webpages.edituser.header=Benutzerdaten webpages.edituser.givenname=Vorname @@ -65,6 +78,11 @@ webpages.edituser.role.header=Rechte und Role webpages.edituser.active=Benutzer ist aktiviert webpages.edituser.admin=Benutzer ist Admin webpages.edit.delete.user=Benutzer l\u00F6schen +webpages.edit.newUser=Neuen Benutzer anfordern +webpages.edituser.isusernamepasswordallowed=Benutzername/Passwort erlauben +webpages.edituser.changemailaddress.verify=Bevor Sie Online-Applikationen verwalten k\u00F6nnen muss Ihre Mailadresse verifzieren werden. Eine entsprechende Mail wurde bereits an Ihr angegebenes Postfach versendet. +webpages.edituser.verify.mail.button=Mailadresse pr\u00FCfen +webpages.edituser.verify.mail.message=Es wurde eine Verifikationsmail an Ihr Postfach versendet webpages.mainpage.menu.oa.insert=Neue Applikation anlegen webpages.mainpage.menu.oa.display=Meine Applikationen @@ -73,6 +91,7 @@ webpages.mainpage.menu.general.user=Meine Daten webpages.mainpage.menu.general.importexport=Importieren/Exportieren webpages.mainpage.menu.general.config.moaid=Allgemeine Konfiguration webpages.mainpage.menu.general.usermanagement=Benutzerverwaltung +webpages.mainpage.menu.general.adminrequests=Offene Anfragen webpages.moaconfig.save.success=Die MOA-ID Konfiguration wurde erfolgreich gespeichert. webpages.moaconfig.header=Allgemeine Konfiguration @@ -141,41 +160,70 @@ webpages.oaconfig.general.bku.online=Online BKU webpages.oaconfig.general.bku.handy=Handy BKU webpages.oaconfig.general.bku.slversion=SecurityLayer Version webpages.oaconfig.general.bku.keyboxidentifier=KeyBoxIdentifier -webpages.oaconfig.general.bku.legacy=Legacy Modus +webpages.oaconfig.general.bku.legacy=SecurityLayerTemplates (Legacy Request) webpages.oaconfig.general.bku.sltemplate.first=1. SecurityLayer Template webpages.oaconfig.general.bku.sltemplate.second=2. SecurityLayer Template webpages.oaconfig.general.bku.sltemplate.third=3. SecurityLayer Template webpages.oaconfig.general.identification=Eindeutiger Identifikatior (PublicURLPrefix) webpages.oaconfig.general.mandate.header=Vollmachten webpages.oaconfig.general.mandate.profiles=Profile +webpages.oaconfig.general.mandate.usemandate=Vollmachten (ja/nein) webpages.oaconfig.general.friendlyname=Name der Online-Applikation webpages.oaconfig.general.isbusinessservice=Privatwirtschaftliche Applikation webpages.oaconfig.general.public.header=Öffentlicher Bereich -webpages.oaconfig.general.target.friendlyname=Bezeichnung des Bereichs +webpages.oaconfig.general.target.friendlyname=Bezeichnung des Bereichs (Frei w\u00E4hlbar) +webpages.oaconfig.general.target.admin.checkbox=Anderen Bereich frei definieren +webpages.oaconfig.general.target.admin=Bereich (Frei w\u00E4hlbar) +webpages.oaconfig.general.target.friendlyname.disabled=Bezeichnung des Bereichs (vom Administrator eingestellt) +webpages.oaconfig.general.target.admin.disabled=Bereich (vom Administrator eingestellt) webpages.oaconfig.general.target=Bereich (Target) +webpages.oaconfig.general.target.subsector=Sub-Bereich +webpages.oaconfig.general.target.subsector.checkbox=Target verfeinern webpages.oaconfig.general.business.header=Privatwirtschaftlicher Bereich -webpages.oaconfig.general.business.value=Identificationsnummer +webpages.oaconfig.general.business.value=Identifikationsnummer +webpages.oaconfig.general.business.type=Type der Identifikationsnummer webpages.oaconfig.general.aditional.header=Zusätzliche allgemeine Einstellungen webpages.oaconfig.general.aditional.authblocktext=AuthblockText webpages.oaconfig.general.aditional.iframe=B\u00FCrgerkartenauswahl im IFrame webpages.oaconfig.general.aditional.useUTC=UTC Zeit verwenden webpages.oaconfig.general.aditional.calculateHPI="TODO!" +webpages.oaconfig.general.isHideBPKAuthBlock=bPK/wbPK im AuthBlock ausblenden webpages.oaconfig.menu.saml1.show=SAML1 Konfiguration einblenden webpages.oaconfig.menu.saml1.hidden=SAML1 Konfiguration ausblenden webpages.oaconfig.menu.pvp2.show=PVP2 Konfiguration einblenden webpages.oaconfig.menu.pvp2.hidden=PVP2 Konfiguration ausblenden +webpages.oaconfig.menu.oauth20.show=OAuth 2.0 Konfiguration einblenden +webpages.oaconfig.menu.oauth20.hidden=OAuth 2.0 Konfiguration ausblenden + webpages.oaconfig.menu.stork=STORK Konfiguration webpages.oaconfig.protocols.header=Authentifizierungsprotokolle +webpages.oaconfig.general.BKUSelection.button.show=Login-Fenster Konfiguration einblenden +webpages.oaconfig.general.BKUSelection.button.hidden=Login-Fenster Konfiguration ausblenden +webpages.oaconfig.general.BKUSelection.header=Formularkonfiguration +webpages.oaconfig.general.BKUSelection.isOnlyMandateLoginAllowed=Nur Vollmachtenanmeldung erlauben +webpages.oaconfig.general.BKUSelection.backgroundcolor=Hintergrundfarbe der BKU-Auswahl +webpages.oaconfig.general.BKUSelection.frontcolor=Vordergrundfarbe der BKU-Auswahl +webpages.oaconfig.general.BKUSelection.header.backgroundcolor=Hintergrundfarbe der \u00DCberschrift +webpages.oaconfig.general.BKUSelection.header.frontcolor=Vordergrundfarbe der \u00DCberschrift +webpages.oaconfig.general.BKUSelection.header.text=\u00DCberschriftstext +webpages.oaconfig.general.BKUSelection.header.button.background=Hintergrundfarbe der Schaltfl\u00E4chen +webpages.oaconfig.general.BKUSelection.header.button.background.focus=Hintergrundfarbe der Schaltfl\u00E4chen (Focus) +webpages.oaconfig.general.BKUSelection.header.button.front=Vordergrundfarbe der Schaltfl\u00E4chen +webpages.oaconfig.general.BKUSelection.redirectTarget=Targetparameter +webpages.oaconfig.general.BKUSelection.fonttype=Formularschrifttyp +webpages.oaconfig.general.BKUSelection.fonttype.list=Formularschrifttypen + webpages.oaconfig.sso.header=Single Sign-On webpages.oaconfig.sso.singlelogouturl=Single Log-Out URL webpages.oaconfig.sso.useauthdataframe=Zus\u00E4tzliche Userabfrage webpages.oaconfig.sso.usesso=Single Sign-On verwenden webpages.oaconfig.protocols.saml1.header=SAML1 Konfiguration +webpages.oaconfig.saml1.isActice=SAML1 aktivieren webpages.oaconfig.saml1.provideStammZahl=Stammzahl \u00FCbertragen webpages.oaconfig.saml1.provideAuthBlock=Authentifizierungsblock \u00FCbertragen webpages.oaconfig.saml1.provideIdentityLink=Personenbindung \u00FCbertragen @@ -189,8 +237,15 @@ webpages.oaconfig.pvp2.metaDataURL=URL zu den Metadaten webpages.oaconfig.pvp2.certifcate=Zertifikat hochladen webpages.oaconfig.pvp2.certifcate.info=Infos zum Zertifikat +webpages.oaconfig.protocols.oauth20.header=OAuth 2.0 Konfiguration +webpages.oaconfig.oauth20.clientId=Client ID +webpages.oaconfig.oauth20.clientSecret=Client Passwort +webpages.oaconfig.oauth20.redirectUri=Redirect Uri + + message.title=Meldung: webpages.oaconfig.success=Die Online-Applikation {0} konnte erfolgreich gespeichert werden. +webpages.oaconfig.success.admin=Die Online-Applikation {0} konnte erfolgreich gespeichert werden. Es ist jedoch eine Aktivierung durch den Administrator erforderlich. webpages.oaconfig.cancle=Die Bearbeitung der Online-Applikation {0} wurde abgebrochen. webpages.oaconfig.delete.message=Die Online-Applikation {0} wurde erfolgreich gel\u00F6scht. @@ -203,6 +258,13 @@ webpages.edit.delete=Online-Applikation l\u00F6schen webpages.header.info=Sie sind angemeldet als: webpages.header.lastlogin=Letzte Anmeldung am: +webpages.openadminrequests.header=Offene Antr\u00E4ge +webpages.openadminrequests.users.header=Benutzeraccounts +webpages.openadminrequests.oas.header=Online-Applikationen + + +validation.newuser.mailaddress=Die Validierung der Mailadresse konnte erfolgreich durchgef\u00FChrt werden. + validation.edituser.familyname.empty=Der Familienname ist leer. validation.edituser.familyname.valid=Der Familienname enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} validation.edituser.givenname.empty=Der Vorname ist leer. @@ -285,20 +347,27 @@ validation.general.sltemplate1.valid=Die erste SecurityLayer Template URL hat ke validation.general.sltemplate2.valid=Die zweite SecurityLayer Template URL hat kein g\u00FCltiges Format. validation.general.sltemplate3.valid=Die dritte SecurityLayer Template URL hat kein g\u00FCltiges Format. validation.general.mandate.profiles=Die Liste von Vollmachtsprofilen enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.mandate.usemandate=Die Konfiguration von Vollmachtsprofile ist nur mit aktivierten Vollmachten m\u00F6glich. validation.general.target.empty=Der Target f\u00FCr die Online-Applikation ist leer. validation.general.target.valid=Der Target f\u00FCr die Online-Applikation hat kein g\u00FCltiges Format. +validation.general.target.subsector.valid=Der Target-Subsektor hat kein g\u00FCltiges Format. +validation.general.target.admin.valid=Der Admin-Target f\u00FCr die Online-Applikation hat kein g\u00FCltiges Format. +validation.general.target.publicserviceurl=Die Domain des eindeutigen Identifiers f\u00FCr die Online-Applikation erlaubt nur Applikationen aus dem privatwirtschaftlichen Bereich. validation.general.slversion=Die SecurtiyLayer Version ist kein Zahlenformat. validation.general.slversion.business=Im privatwirtschaftlichen Bereich muss die SecurityLayerversion mindestes 1.2 betragen. Die SLVersion wurde auf 1.2 ge\u00E4ndert. validation.general.targetfriendlyname=Der Name des Bereichs (Target) enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.identificationtype.valid=Der Identifikationstype wird nicht unterst\u00FCtzt. validation.general.identificationnumber.empty=Im privatwirtschaftlichen Bereich ist eine Identifikationsnummer erforderlich. validation.general.identificationnumber.valid=Die Identifikationsnummer f\u00FCr den privatwirtschaftlichen Bereich enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} -validation.general.identificationnumber.fa.valid=Die Firmenbuchnummer hat kein g\u00FCltiges Format. +validation.general.identificationnumber.fn.valid=Die Firmenbuchnummer hat kein g\u00FCltiges Format. validation.general.oaidentifier.empty=Es wurde kein eindeutiger Identifier f\u00FCr die Online-Applikation angegeben. -validation.general.oaidentifier.valid=Der eindeutige Identifier f\u00FCr die Online-Applikation enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.oaidentifier.valid=Der eindeutige Identifier f\u00FCr die Online-Applikation ist keine g\u00FCltige URL. validation.general.oaidentifier.notunique=Der gew\u00E4hlte eindeutige Identifier ist bereits vorhanden. Eine Eintragung der Online-Applikation ist nicht m\u00F6glich. validation.pvp2.metadataurl.empty=Keine Metadaten URL angegeben. validation.pvp2.metadataurl.valid=Die Metadaten URL wei\u00DFt kein g\u00FCltiges URL Format auf. +validation.pvp2.metadataurl.read=Unter der angegebenen Metadaten URL konnten keine Informationen abgerufen werden. +validation.pvp2.metadata.verify=Die Metadaten konnten nicht mit dem angegebenen Zertifikat verifziert werden. validation.pvp2.certificate.format=Das angegebene PVP2 Zertifikat wei\u00DFt kein g\u00FCltiges Format auf. validation.pvp2.certificate.notfound=Kein PVP2 Zertifikat eingef\u00FCgt. @@ -307,3 +376,15 @@ validation.sso.logouturl.valid=Die URL zum Single Log-Out Service wei\u00DFt kei validation.saml1.providestammzahl=ProvideStammZahl kann nicht mit Applikationen aus dem privatwirtschaftlichen Bereich kombiniert werden. +validation.general.bkuselection.specialfeatures.valid=Die speziellen Einstellungen f\u00FCr die BKU Auswahl (Vollmachtsanmeldung ausblenden / zwingend voraussetzen) k\u00F6nnen nicht in Kombination mit SSO verwendet werden. +validation.general.bkuselection.specialfeatures.combination=Eine zwingend erforderliche Vollmachtenanmeldung in Kombination mit einer ausgeblendeten Vollmachtenauswahlcheckbox ist nicht m\u00F6glich. +validation.general.form.color.background=Die Hintergrundfarbe f\\u00FCr die BKU Auswahl enth\\u00E4lt keinen g\\u00FCltigen Hexadezimalwert. (z.B. \\\#FFFFFF) +validation.general.form.color.front=Die Vordergrundfarbe f\\u00FCr die BKU Auswahl enth\\u00E4lt keinen g\\u00FCltigen Hexadezimalwert. (z.B. \\\#FFFFFF) +validation.general.form.header.color.back=Die Hintergrundfarbe der BKU-Auswahl\\u00FCberschrift enth\\u00E4lt keinen g\\u00FCltigen Hexadezimalwert. (z.B. \\\#FFFFFF) +validation.general.form.header.color.front=Die Vordergrundfarbe der BKU-Auswahl\\u00FCberschrift enth\\u00E4lt keinen g\\u00FCltigen Hexadezimalwert. (z.B. \\\#FFFFFF) +validation.general.form.header.text=Die BKU-Auswahl\\u00FCberschrift enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.form.button.color.back.focus=Die Hintergrundfarbe f\\u00FCr Focus der BKU-Auswahlbuttons enth\\u00E4lt keinen g\\u00FCltigen Hexadezimalwert. (z.B. \\\#FFFFFF) +validation.general.form.button.color.back=Die Hintergrundfarbe der BKU-Auswahlbuttons enth\\u00E4lt keinen g\\u00FCltigen Hexadezimalwert. (z.B. \\\#FFFFFF) +validation.general.form.button.color.front=Die Vordergrundfarbe der BKU-Auswahlbuttons enth\\u00E4lt keinen g\\u00FCltigen Hexadezimalwert. (z.B. \\\#FFFFFF) +validation.general.form.appletredirecttarget=Der RedirectTarget beinhaltet einen ung\\u00FCltiten Wert. +validation.general.form.fonttype=Der BKU-Auswahl Schrifttyp enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0}
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/resources/struts.xml b/id/ConfigWebTool/src/main/resources/struts.xml index 3b33bffcb..ee5baf8d6 100644 --- a/id/ConfigWebTool/src/main/resources/struts.xml +++ b/id/ConfigWebTool/src/main/resources/struts.xml @@ -25,11 +25,35 @@ <interceptor-ref name="defaultStack"/> </action> + <action name="pvp2login" method="pvp2login" class="at.gv.egovernment.moa.id.configuration.struts.action.IndexAction"> + <result name="success" type="redirectAction"> + <param name="actionName">main</param> + <param name="namespace">/secure</param> + </result> + <result name="newuser">/jsp/newUserRequest.jsp</result> + <result name="error">/index.jsp</result> + <interceptor-ref name="defaultStack"/> + </action> + + <action name="requestNewUser" method="requestNewUser" class="at.gv.egovernment.moa.id.configuration.struts.action.IndexAction"> + <result name="newuser">/jsp/newUserRequest.jsp</result> + <result name="success">/index.jsp</result> + <result name="error">/index.jsp</result> + <interceptor-ref name="defaultStack"/> + </action> + + <action name="mailAddressVerification" method="mailAddressVerification" class="at.gv.egovernment.moa.id.configuration.struts.action.IndexAction"> + <result name="error">/index.jsp</result> + <result name="success">/index.jsp</result> + <interceptor-ref name="defaultStack"/> + </action> + <action name="logout" method="logout" class="at.gv.egovernment.moa.id.configuration.struts.action.IndexAction"> <result name="success" type="redirectAction"> <param name="actionName">index</param> <param name="namespace">/</param> </result> + <result name="ssologout" type="redirect">${ssologouturl}</result> <interceptor-ref name="defaultStack"/> </action> @@ -91,6 +115,7 @@ <action name="newOA" method="newOA" class="at.gv.egovernment.moa.id.configuration.struts.action.EditOAAction"> <result name="editOA">/jsp/editOAGeneral.jsp</result> + <result name="success" type="chain">main</result> <result name="error">/error.jsp</result> <result name="reauthentication" type="redirectAction"> <param name="actionName">logout</param> @@ -101,6 +126,7 @@ <action name="loadOA" method="inital" class="at.gv.egovernment.moa.id.configuration.struts.action.EditOAAction"> <result name="editOA">/jsp/editOAGeneral.jsp</result> + <result name="success" type="chain">main</result> <result name="error">/error.jsp</result> <result name="reauthentication" type="redirectAction"> <param name="actionName">logout</param> @@ -109,8 +135,16 @@ <interceptor-ref name="defaultStack"/> </action> + <action name="bkuFramePreview" method="bkuFramePreview" class="at.gv.egovernment.moa.id.configuration.struts.action.EditOAAction"> + <result type="stream"> + <param name="contentType">text/html</param> + <param name="inputName">stream</param> + </result> + <interceptor-ref name="defaultStack"/> + </action> + <action name="saveOA" method="saveOA" class="at.gv.egovernment.moa.id.configuration.struts.action.EditOAAction"> - <result name="success" type="chain">main</result> + <result name="success" type="chain">${nextPage}</result> <result name="error_validation">/jsp/editOAGeneral.jsp</result> <result name="error">/error.jsp</result> <result name="reauthentication" type="redirectAction"> @@ -121,7 +155,7 @@ </action> <action name="cancleandbackOA" method="cancleAndBackOA" class="at.gv.egovernment.moa.id.configuration.struts.action.EditOAAction"> - <result type="chain">main</result> + <result type="chain">${nextPage}</result> <result name="reauthentication" type="redirectAction"> <param name="actionName">logout</param> <param name="namespace">/</param> @@ -130,7 +164,7 @@ </action> <action name="deleteOA" method="deleteOA" class="at.gv.egovernment.moa.id.configuration.struts.action.EditOAAction"> - <result type="chain">main</result> + <result name="success" type="chain">${nextPage}</result> <result name="error_validation">/jsp/editOAGeneral.jsp</result> <result name="reauthentication" type="redirectAction"> <param name="actionName">logout</param> @@ -190,6 +224,7 @@ <param name="namespace">/</param> </result> <result name="notallowed">/jsp/mainpage.jsp</result> + <result name="error">/error.jsp</result> <interceptor-ref name="defaultStack"/> </action> @@ -201,6 +236,7 @@ <param name="namespace">/</param> </result> <result name="notallowed">/jsp/mainpage.jsp</result> + <result name="error">/error.jsp</result> <interceptor-ref name="defaultStack"/> </action> @@ -217,6 +253,7 @@ </result> <result name="error_validation">/jsp/importexport.jsp</result> <result name="notallowed">/jsp/mainpage.jsp</result> + <result name="error">/error.jsp</result> <interceptor-ref name="defaultStack"/> </action> @@ -253,7 +290,7 @@ </action> <action name="deleteUser" method="deleteuser" class="at.gv.egovernment.moa.id.configuration.struts.action.UserManagementAction"> - <result name="success" type="chain">usermanagementInit</result> + <result name="success" type="chain">${nextPage}</result> <result name="notallowed" type="chain">main</result> <result name="error">/error.jsp</result> <result name="reauthentication" type="redirectAction"> @@ -264,7 +301,7 @@ </action> <action name="saveUser" method="saveuser" class="at.gv.egovernment.moa.id.configuration.struts.action.UserManagementAction"> - <result name="success" type="chain">usermanagementInit</result> + <result name="success" type="chain">${nextPage}</result> <result name="error_validation">/jsp/edituser.jsp</result> <result name="notallowed" type="chain">main</result> <result name="error">/error.jsp</result> @@ -275,6 +312,25 @@ <interceptor-ref name="defaultStack"/> </action> + <action name="sendVerificationMail" method="sendVerificationMail" class="at.gv.egovernment.moa.id.configuration.struts.action.UserManagementAction"> + <result type="stream"> + <param name="contentType">text/html</param> + <param name="inputName">stream</param> + </result> + <interceptor-ref name="defaultStack"/> + </action> + + <action name="adminRequestsInit" method="init" class="at.gv.egovernment.moa.id.configuration.struts.action.OpenAdminRequestsAction"> + <result name="success">/jsp/openadminrequests.jsp</result> + <result name="notallowed" type="chain">main</result> + <result name="error">/error.jsp</result> + <result name="reauthentication" type="redirectAction"> + <param name="actionName">logout</param> + <param name="namespace">/</param> + </result> + <interceptor-ref name="defaultStack"/> + </action> + </package> </struts>
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/resources/templates/pvp_postbinding_template.html b/id/ConfigWebTool/src/main/resources/templates/pvp_postbinding_template.html new file mode 100644 index 000000000..1215c2b58 --- /dev/null +++ b/id/ConfigWebTool/src/main/resources/templates/pvp_postbinding_template.html @@ -0,0 +1,51 @@ +## +## Velocity Template for SAML 2 HTTP-POST binding +## +## Velocity context may contain the following properties +## action - String - the action URL for the form +## RelayState - String - the relay state for the message +## SAMLRequest - String - the Base64 encoded SAML Request +## SAMLResponse - String - the Base64 encoded SAML Response + +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> + + <body onload="document.forms[0].submit()"> + <noscript> + <p> + <strong>Note:</strong> Since your browser does not support JavaScript, + you must press the Continue button once to proceed. + </p> + </noscript> + + + <div id="alert">Your login is being processed. Thank you for waiting.</div> + + <style type="text/css"> + <!-- + #alert { + margin:100px 250px; + font-family: Verdana, Arial, Helvetica, sans-serif; + font-size:14px; + font-weight:normal; + } + --> + </style> + + <form action="${action}" method="post"> + <div> + #if($RelayState)<input type="hidden" name="RelayState" value="${RelayState}"/>#end + + #if($SAMLRequest)<input type="hidden" name="SAMLRequest" value="${SAMLRequest}"/>#end + + #if($SAMLResponse)<input type="hidden" name="SAMLResponse" value="${SAMLResponse}"/>#end + + </div> + <noscript> + <div> + <input type="submit" value="Continue"/> + </div> + </noscript> + </form> + + </body> +</html>
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/WEB-INF/log4j.properties b/id/ConfigWebTool/src/main/webapp/WEB-INF/log4j.properties index 3ca86f404..1c5b79e8f 100644 --- a/id/ConfigWebTool/src/main/webapp/WEB-INF/log4j.properties +++ b/id/ConfigWebTool/src/main/webapp/WEB-INF/log4j.properties @@ -1,3 +1,25 @@ +############################################################################### +# Copyright 2014 Federal Chancellery Austria +# MOA-ID has been developed in a cooperation between BRZ, the Federal +# Chancellery Austria - ICT staff unit, and Graz University of Technology. +# +# Licensed under the EUPL, Version 1.1 or - as soon they will be approved by +# the European Commission - subsequent versions of the EUPL (the "Licence"); +# You may not use this work except in compliance with the Licence. +# You may obtain a copy of the Licence at: +# http://www.osor.eu/eupl/ +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the Licence is distributed on an "AS IS" basis, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the Licence for the specific language governing permissions and +# limitations under the Licence. +# +# This product combines work with different licenses. See the "NOTICE" text +# file for details on the various modules and licenses. +# The "NOTICE" text file is part of the distribution. Any derivative works +# that you distribute must include a readable copy of the "NOTICE" text file. +############################################################################### # Set root category priority to INFO and its only appender to CONSOLE. log4j.rootCategory=INFO, CONSOLE #log4j.rootCategory=INFO, CONSOLE, LOGFILE diff --git a/id/ConfigWebTool/src/main/webapp/WEB-INF/web.xml b/id/ConfigWebTool/src/main/webapp/WEB-INF/web.xml index 7b27b0c4d..a44cf8ce5 100644 --- a/id/ConfigWebTool/src/main/webapp/WEB-INF/web.xml +++ b/id/ConfigWebTool/src/main/webapp/WEB-INF/web.xml @@ -24,7 +24,7 @@ </init-param> <init-param> <param-name>allowed</param-name> - <param-value>^.*((/index.action)|(/error.action)|(/authenticate.action)|(/logout.action)|(/jsp/.*)|(/css/.*)|(/images/.*)|(/js/.*))$</param-value> + <param-value>^.*((/index.action)|(/error.action)|(/authenticate.action)|(/pvp2login.action.*)|(/mailAddressVerification.action.*)|(/logout.action)|(/jsp/.*)|(/css/.*)|(/servlet/.*)|(/images/.*)|(/js/.*))$</param-value> </init-param> </filter> <filter-mapping> @@ -61,6 +61,28 @@ </init-param> </filter> + <servlet> + <servlet-name>pvp2login</servlet-name> + <display-name>pvp2login</display-name> + <servlet-class>at.gv.egovernment.moa.id.configuration.auth.pvp2.Authenticate</servlet-class> + </servlet> + + <servlet> + <servlet-name>buildmetadata</servlet-name> + <display-name>buildmetadata</display-name> + <servlet-class>at.gv.egovernment.moa.id.configuration.auth.pvp2.BuildMetadata</servlet-class> + </servlet> + + <servlet-mapping> + <servlet-name>buildmetadata</servlet-name> + <url-pattern>/servlet/metadata</url-pattern> + </servlet-mapping> + + <servlet-mapping> + <servlet-name>pvp2login</servlet-name> + <url-pattern>/servlet/pvp2login</url-pattern> + </servlet-mapping> + <!-- <filter-mapping> <filter-name>sitemash</filter-name> <url-pattern>/*</url-pattern> diff --git a/id/ConfigWebTool/src/main/webapp/css/colorpicker.css b/id/ConfigWebTool/src/main/webapp/css/colorpicker.css new file mode 100644 index 000000000..0b3d5d936 --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/css/colorpicker.css @@ -0,0 +1,161 @@ +.colorpicker { + width: 356px; + height: 176px; + overflow: hidden; + position: absolute; + background: url(../images/colorpicker_background.png); + font-family: Arial, Helvetica, sans-serif; + display: none; +} +.colorpicker_color { + width: 150px; + height: 150px; + left: 14px; + top: 13px; + position: absolute; + background: #f00; + overflow: hidden; + cursor: crosshair; +} +.colorpicker_color div { + position: absolute; + top: 0; + left: 0; + width: 150px; + height: 150px; + background: url(../images/colorpicker_overlay.png); +} +.colorpicker_color div div { + position: absolute; + top: 0; + left: 0; + width: 11px; + height: 11px; + overflow: hidden; + background: url(../images/colorpicker_select.gif); + margin: -5px 0 0 -5px; +} +.colorpicker_hue { + position: absolute; + top: 13px; + left: 171px; + width: 35px; + height: 150px; + cursor: n-resize; +} +.colorpicker_hue div { + position: absolute; + width: 35px; + height: 9px; + overflow: hidden; + background: url(../images/colorpicker_indic.gif) left top; + margin: -4px 0 0 0; + left: 0px; +} +.colorpicker_new_color { + position: absolute; + width: 60px; + height: 30px; + left: 213px; + top: 13px; + background: #f00; +} +.colorpicker_current_color { + position: absolute; + width: 60px; + height: 30px; + left: 283px; + top: 13px; + background: #f00; +} +.colorpicker input { + background-color: transparent; + border: 1px solid transparent; + position: absolute; + font-size: 10px; + font-family: Arial, Helvetica, sans-serif; + color: #898989; + top: 4px; + right: 11px; + text-align: right; + margin: 0; + padding: 0; + height: 11px; +} +.colorpicker_hex { + position: absolute; + width: 72px; + height: 22px; + background: url(../images/colorpicker_hex.png) top; + left: 212px; + top: 142px; +} +.colorpicker_hex input { + right: 6px; +} +.colorpicker_field { + height: 22px; + width: 62px; + background-position: top; + position: absolute; +} +.colorpicker_field span { + position: absolute; + width: 12px; + height: 22px; + overflow: hidden; + top: 0; + right: 0; + cursor: n-resize; +} +.colorpicker_rgb_r { + background-image: url(../images/colorpicker_rgb_r.png); + top: 52px; + left: 212px; +} +.colorpicker_rgb_g { + background-image: url(../images/colorpicker_rgb_g.png); + top: 82px; + left: 212px; +} +.colorpicker_rgb_b { + background-image: url(../images/colorpicker_rgb_b.png); + top: 112px; + left: 212px; +} +.colorpicker_hsb_h { + background-image: url(../images/colorpicker_hsb_h.png); + top: 52px; + left: 282px; +} +.colorpicker_hsb_s { + background-image: url(../images/colorpicker_hsb_s.png); + top: 82px; + left: 282px; +} +.colorpicker_hsb_b { + background-image: url(../images/colorpicker_hsb_b.png); + top: 112px; + left: 282px; +} +.colorpicker_submit { + position: absolute; + width: 22px; + height: 22px; + background: url(../images/colorpicker_submit.png) top; + left: 322px; + top: 142px; + overflow: hidden; +} +.colorpicker_focus { + background-position: center; +} +.colorpicker_hex.colorpicker_focus { + background-position: bottom; +} +.colorpicker_submit.colorpicker_focus { + background-position: bottom; +} +.colorpicker_slider { + background-position: bottom; +} diff --git a/id/ConfigWebTool/src/main/webapp/css/index.css b/id/ConfigWebTool/src/main/webapp/css/index.css index 6eeb6a4ee..14591f1dc 100644 --- a/id/ConfigWebTool/src/main/webapp/css/index.css +++ b/id/ConfigWebTool/src/main/webapp/css/index.css @@ -22,6 +22,34 @@ padding-right: 25px; } +#passwordlogin { + float: left; +} + +#bkulogin { + float: left; + margin-left: 50px; +} + +#bkuloginbutton { + background:-moz-linear-gradient(bottom,#b3b3b3,#f1f1f1); /* Firefox */ + background:-webkit-gradient(linear,left top,left bottom,from(#b3b3b3),to(#f1f1f1)); /* Chrome, Safari */ + filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#b3b3b3',endColorstr='#f1f1f1'); + + display: block; + padding-top: 10px; + padding-bottom: 10px; + text-align: center; + width: 200px; + /* background-color: gold; */ + border-radius: 10px; + box-shadow: 8px 8px 8px #666; + border-style: solid; + border-color: black; + border-width: 2px; + +} + #menu_area { margin-top: 25px; border-color: black; @@ -106,6 +134,33 @@ display: none; } +#formcustom_button_hidden { + display: none; +} + +#formcustom_button_show { + margin-bottom: 50px; + clear: both; +} + +#formcustom_area { + margin-bottom: 50px; +} + +#formCustomValues { + float: left; +} + +#formCustomPreview { + float: left; + margin-bottom: 25px; + margin-left: 25px; +} + +#mail_area input { + float: right; +} + .oa_protocol_area { clear: both; margin-left: 25px; @@ -147,6 +202,7 @@ margin-top: 6px; } + .oa_config_block h3 { padding-top: 25px; } @@ -184,7 +240,7 @@ } .wwgrp { - clear:both; + clear:left; } #oa_saml1_area .wwgrp { @@ -193,6 +249,10 @@ margin-right: 50px; } +#oa_config_businessservice .wwgrp { + clear: none; +} + div .wwgrp br { display: none; } @@ -202,6 +262,15 @@ div .wwgrp br { } +.textfield_middle { + width: 100px; + +} + +.textfield_mail { + width: 300px; +} + .textfield_long { width: 600px; @@ -212,7 +281,13 @@ div .wwgrp br { height: 200px; text-align: left; } - + +.selectfield { + width: 80px; + float: left; + margin-right: 5px; +} + .checkbox{ margin-top: 7px; } @@ -271,13 +346,19 @@ div .wwgrp br { width: 200px; } -.userListThird { +.userListFirstSecond { position: relative; + width: 400px; float: left; } -.disabled { +.userListThird { + position: relative; + float: left; +} +#usernamepassword_area { + display: none; } #footer_area { diff --git a/id/ConfigWebTool/src/main/webapp/error.jsp b/id/ConfigWebTool/src/main/webapp/error.jsp index 97dc218e7..8993c1102 100644 --- a/id/ConfigWebTool/src/main/webapp/error.jsp +++ b/id/ConfigWebTool/src/main/webapp/error.jsp @@ -1,3 +1,4 @@ +<%@page import="at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider"%> <%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%> <%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> @@ -11,10 +12,11 @@ <title><%=LanguageHelper.getGUIString("title", request) %></title> </head> - <body> - <h1><%=LanguageHelper.getGUIString("webpages.error.header", request) %></h1> + <body style="text-align: center;"> + <h1 style="color: red;"><%=LanguageHelper.getGUIString("webpages.error.header", request) %></h1> <div id="information_area"> + <p><%=LanguageHelper.getGUIString("error.general.text", request) %></p> <s:if test="hasActionErrors()"> <div id="error_area"> <label><%=LanguageHelper.getGUIString("error.title", request) %></label> diff --git a/id/ConfigWebTool/src/main/webapp/images/blank.gif b/id/ConfigWebTool/src/main/webapp/images/blank.gif Binary files differnew file mode 100644 index 000000000..75b945d25 --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/images/blank.gif diff --git a/id/ConfigWebTool/src/main/webapp/images/colorpicker_background.png b/id/ConfigWebTool/src/main/webapp/images/colorpicker_background.png Binary files differnew file mode 100644 index 000000000..8401572f1 --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/images/colorpicker_background.png diff --git a/id/ConfigWebTool/src/main/webapp/images/colorpicker_hex.png b/id/ConfigWebTool/src/main/webapp/images/colorpicker_hex.png Binary files differnew file mode 100644 index 000000000..4e532d7c6 --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/images/colorpicker_hex.png diff --git a/id/ConfigWebTool/src/main/webapp/images/colorpicker_hsb_b.png b/id/ConfigWebTool/src/main/webapp/images/colorpicker_hsb_b.png Binary files differnew file mode 100644 index 000000000..dfac595d0 --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/images/colorpicker_hsb_b.png diff --git a/id/ConfigWebTool/src/main/webapp/images/colorpicker_hsb_h.png b/id/ConfigWebTool/src/main/webapp/images/colorpicker_hsb_h.png Binary files differnew file mode 100644 index 000000000..3977ed9f2 --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/images/colorpicker_hsb_h.png diff --git a/id/ConfigWebTool/src/main/webapp/images/colorpicker_hsb_s.png b/id/ConfigWebTool/src/main/webapp/images/colorpicker_hsb_s.png Binary files differnew file mode 100644 index 000000000..a2a699736 --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/images/colorpicker_hsb_s.png diff --git a/id/ConfigWebTool/src/main/webapp/images/colorpicker_indic.gif b/id/ConfigWebTool/src/main/webapp/images/colorpicker_indic.gif Binary files differnew file mode 100644 index 000000000..f9fa95e28 --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/images/colorpicker_indic.gif diff --git a/id/ConfigWebTool/src/main/webapp/images/colorpicker_overlay.png b/id/ConfigWebTool/src/main/webapp/images/colorpicker_overlay.png Binary files differnew file mode 100644 index 000000000..561cdd9c5 --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/images/colorpicker_overlay.png diff --git a/id/ConfigWebTool/src/main/webapp/images/colorpicker_rgb_b.png b/id/ConfigWebTool/src/main/webapp/images/colorpicker_rgb_b.png Binary files differnew file mode 100644 index 000000000..dfac595d0 --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/images/colorpicker_rgb_b.png diff --git a/id/ConfigWebTool/src/main/webapp/images/colorpicker_rgb_g.png b/id/ConfigWebTool/src/main/webapp/images/colorpicker_rgb_g.png Binary files differnew file mode 100644 index 000000000..72b32760a --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/images/colorpicker_rgb_g.png diff --git a/id/ConfigWebTool/src/main/webapp/images/colorpicker_rgb_r.png b/id/ConfigWebTool/src/main/webapp/images/colorpicker_rgb_r.png Binary files differnew file mode 100644 index 000000000..4855fe03f --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/images/colorpicker_rgb_r.png diff --git a/id/ConfigWebTool/src/main/webapp/images/colorpicker_select.gif b/id/ConfigWebTool/src/main/webapp/images/colorpicker_select.gif Binary files differnew file mode 100644 index 000000000..599f7f13a --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/images/colorpicker_select.gif diff --git a/id/ConfigWebTool/src/main/webapp/images/colorpicker_submit.png b/id/ConfigWebTool/src/main/webapp/images/colorpicker_submit.png Binary files differnew file mode 100644 index 000000000..7f4c0825f --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/images/colorpicker_submit.png diff --git a/id/ConfigWebTool/src/main/webapp/images/custom_background.png b/id/ConfigWebTool/src/main/webapp/images/custom_background.png Binary files differnew file mode 100644 index 000000000..cf55ffdd6 --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/images/custom_background.png diff --git a/id/ConfigWebTool/src/main/webapp/images/custom_hex.png b/id/ConfigWebTool/src/main/webapp/images/custom_hex.png Binary files differnew file mode 100644 index 000000000..888f44449 --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/images/custom_hex.png diff --git a/id/ConfigWebTool/src/main/webapp/images/custom_hsb_b.png b/id/ConfigWebTool/src/main/webapp/images/custom_hsb_b.png Binary files differnew file mode 100644 index 000000000..2f99dae8e --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/images/custom_hsb_b.png diff --git a/id/ConfigWebTool/src/main/webapp/images/custom_hsb_h.png b/id/ConfigWebTool/src/main/webapp/images/custom_hsb_h.png Binary files differnew file mode 100644 index 000000000..a217e9218 --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/images/custom_hsb_h.png diff --git a/id/ConfigWebTool/src/main/webapp/images/custom_hsb_s.png b/id/ConfigWebTool/src/main/webapp/images/custom_hsb_s.png Binary files differnew file mode 100644 index 000000000..7826b4150 --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/images/custom_hsb_s.png diff --git a/id/ConfigWebTool/src/main/webapp/images/custom_indic.gif b/id/ConfigWebTool/src/main/webapp/images/custom_indic.gif Binary files differnew file mode 100644 index 000000000..222fb94cf --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/images/custom_indic.gif diff --git a/id/ConfigWebTool/src/main/webapp/images/custom_rgb_b.png b/id/ConfigWebTool/src/main/webapp/images/custom_rgb_b.png Binary files differnew file mode 100644 index 000000000..80764e5d6 --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/images/custom_rgb_b.png diff --git a/id/ConfigWebTool/src/main/webapp/images/custom_rgb_g.png b/id/ConfigWebTool/src/main/webapp/images/custom_rgb_g.png Binary files differnew file mode 100644 index 000000000..fc9778be1 --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/images/custom_rgb_g.png diff --git a/id/ConfigWebTool/src/main/webapp/images/custom_rgb_r.png b/id/ConfigWebTool/src/main/webapp/images/custom_rgb_r.png Binary files differnew file mode 100644 index 000000000..91b0cd4c5 --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/images/custom_rgb_r.png diff --git a/id/ConfigWebTool/src/main/webapp/images/custom_submit.png b/id/ConfigWebTool/src/main/webapp/images/custom_submit.png Binary files differnew file mode 100644 index 000000000..cd202cd93 --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/images/custom_submit.png diff --git a/id/ConfigWebTool/src/main/webapp/images/select.png b/id/ConfigWebTool/src/main/webapp/images/select.png Binary files differnew file mode 100644 index 000000000..21213bfd5 --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/images/select.png diff --git a/id/ConfigWebTool/src/main/webapp/images/select2.png b/id/ConfigWebTool/src/main/webapp/images/select2.png Binary files differnew file mode 100644 index 000000000..2cd2cabeb --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/images/select2.png diff --git a/id/ConfigWebTool/src/main/webapp/images/slider.png b/id/ConfigWebTool/src/main/webapp/images/slider.png Binary files differnew file mode 100644 index 000000000..8b03da96e --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/images/slider.png diff --git a/id/ConfigWebTool/src/main/webapp/index.jsp b/id/ConfigWebTool/src/main/webapp/index.jsp index 4e49eac75..4c78699fc 100644 --- a/id/ConfigWebTool/src/main/webapp/index.jsp +++ b/id/ConfigWebTool/src/main/webapp/index.jsp @@ -13,42 +13,56 @@ <body> <h1><%=LanguageHelper.getGUIString("webpages.index.header", request) %></h1> - + <div id="information_area"> + + <s:if test="hasActionMessages()"> + <div id="message_area"> + <label><%=LanguageHelper.getGUIString("message.title", request) %></label> + <s:actionmessage/> + </div> + </s:if> + <s:if test="hasActionErrors()"> <div id="error_area"> - <label><%=LanguageHelper.getGUIString("error.title", request) %></label> - <s:actionerror/> - </div> - </s:if> + <label><%=LanguageHelper.getGUIString("error.title", request) %></label> + <s:actionerror/> + </div> + </s:if> <div id="information_area"> <p><%=LanguageHelper.getGUIString("webpages.index.desciption.head", request) %></p> <div class="oa_config_block"> - <s:form namespace="/" method="POST" enctype="multipart/form-data"> + <s:form id="passwordlogin" namespace="/" method="POST" enctype="multipart/form-data"> <s:textfield name="username" value="%{username}" labelposition="left" key="webpages.edituser.username" - cssClass="textfield_long" + cssClass="textfield_mail" maxlength="16"> </s:textfield> <s:password name="password" labelposition="left" key="webpages.edituser.password" - cssClass="textfield_long" + cssClass="textfield_mail" maxlength="16"> </s:password> <s:submit key="webpages.index.login" action="authenticate"/> </s:form> + + <s:if test="isPvp2LoginActiv()"> + <div id="bkulogin"> + <a id="bkuloginbutton" href="servlet/pvp2login"><%=LanguageHelper.getGUIString("webpages.index.login.pvp2", request) %></a> + </div> + </s:if> </div> - + </div> </body> diff --git a/id/ConfigWebTool/src/main/webapp/js/colorpicker.js b/id/ConfigWebTool/src/main/webapp/js/colorpicker.js new file mode 100644 index 000000000..d54c0d271 --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/js/colorpicker.js @@ -0,0 +1,506 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +/** + * + * Color picker + * Author: Stefan Petre www.eyecon.ro + * + * Dual licensed under the MIT and GPL licenses + * + */ +(function ($) { + var ColorPicker = function () { + var + ids = {}, + inAction, + charMin = 65, + visible, + tpl = '<div class="colorpicker"><div class="colorpicker_color"><div><div></div></div></div><div class="colorpicker_hue"><div></div></div><div class="colorpicker_new_color"></div><div class="colorpicker_current_color"></div><div class="colorpicker_hex"><input type="text" maxlength="6" size="6" /></div><div class="colorpicker_rgb_r colorpicker_field"><input type="text" maxlength="3" size="3" /><span></span></div><div class="colorpicker_rgb_g colorpicker_field"><input type="text" maxlength="3" size="3" /><span></span></div><div class="colorpicker_rgb_b colorpicker_field"><input type="text" maxlength="3" size="3" /><span></span></div><div class="colorpicker_hsb_h colorpicker_field"><input type="text" maxlength="3" size="3" /><span></span></div><div class="colorpicker_hsb_s colorpicker_field"><input type="text" maxlength="3" size="3" /><span></span></div><div class="colorpicker_hsb_b colorpicker_field"><input type="text" maxlength="3" size="3" /><span></span></div><div class="colorpicker_submit"></div></div>', + defaults = { + eventName: 'click', + onShow: function () {}, + onBeforeShow: function(){}, + onHide: function () {}, + onChange: function () {}, + onSubmit: function () {}, + color: 'ff0000', + livePreview: true, + flat: false + }, + fillRGBFields = function (hsb, cal) { + var rgb = HSBToRGB(hsb); + $(cal).data('colorpicker').fields + .eq(1).val(rgb.r).end() + .eq(2).val(rgb.g).end() + .eq(3).val(rgb.b).end(); + }, + fillHSBFields = function (hsb, cal) { + $(cal).data('colorpicker').fields + .eq(4).val(hsb.h).end() + .eq(5).val(hsb.s).end() + .eq(6).val(hsb.b).end(); + }, + fillHexFields = function (hsb, cal) { + $(cal).data('colorpicker').fields + .eq(0).val(HSBToHex(hsb)).end(); + }, + setSelector = function (hsb, cal) { + $(cal).data('colorpicker').selector.css('backgroundColor', '#' + HSBToHex({h: hsb.h, s: 100, b: 100})); + $(cal).data('colorpicker').selectorIndic.css({ + left: parseInt(150 * hsb.s/100, 10), + top: parseInt(150 * (100-hsb.b)/100, 10) + }); + }, + setHue = function (hsb, cal) { + $(cal).data('colorpicker').hue.css('top', parseInt(150 - 150 * hsb.h/360, 10)); + }, + setCurrentColor = function (hsb, cal) { + $(cal).data('colorpicker').currentColor.css('backgroundColor', '#' + HSBToHex(hsb)); + }, + setNewColor = function (hsb, cal) { + $(cal).data('colorpicker').newColor.css('backgroundColor', '#' + HSBToHex(hsb)); + }, + keyDown = function (ev) { + var pressedKey = ev.charCode || ev.keyCode || -1; + if ((pressedKey > charMin && pressedKey <= 90) || pressedKey == 32) { + return false; + } + var cal = $(this).parent().parent(); + if (cal.data('colorpicker').livePreview === true) { + change.apply(this); + } + }, + change = function (ev) { + var cal = $(this).parent().parent(), col; + if (this.parentNode.className.indexOf('_hex') > 0) { + cal.data('colorpicker').color = col = HexToHSB(fixHex(this.value)); + } else if (this.parentNode.className.indexOf('_hsb') > 0) { + cal.data('colorpicker').color = col = fixHSB({ + h: parseInt(cal.data('colorpicker').fields.eq(4).val(), 10), + s: parseInt(cal.data('colorpicker').fields.eq(5).val(), 10), + b: parseInt(cal.data('colorpicker').fields.eq(6).val(), 10) + }); + } else { + cal.data('colorpicker').color = col = RGBToHSB(fixRGB({ + r: parseInt(cal.data('colorpicker').fields.eq(1).val(), 10), + g: parseInt(cal.data('colorpicker').fields.eq(2).val(), 10), + b: parseInt(cal.data('colorpicker').fields.eq(3).val(), 10) + })); + } + if (ev) { + fillRGBFields(col, cal.get(0)); + fillHexFields(col, cal.get(0)); + fillHSBFields(col, cal.get(0)); + } + setSelector(col, cal.get(0)); + setHue(col, cal.get(0)); + setNewColor(col, cal.get(0)); + cal.data('colorpicker').onChange.apply(cal, [col, HSBToHex(col), HSBToRGB(col)]); + }, + blur = function (ev) { + var cal = $(this).parent().parent(); + cal.data('colorpicker').fields.parent().removeClass('colorpicker_focus'); + }, + focus = function () { + charMin = this.parentNode.className.indexOf('_hex') > 0 ? 70 : 65; + $(this).parent().parent().data('colorpicker').fields.parent().removeClass('colorpicker_focus'); + $(this).parent().addClass('colorpicker_focus'); + }, + downIncrement = function (ev) { + var field = $(this).parent().find('input').focus(); + var current = { + el: $(this).parent().addClass('colorpicker_slider'), + max: this.parentNode.className.indexOf('_hsb_h') > 0 ? 360 : (this.parentNode.className.indexOf('_hsb') > 0 ? 100 : 255), + y: ev.pageY, + field: field, + val: parseInt(field.val(), 10), + preview: $(this).parent().parent().data('colorpicker').livePreview + }; + $(document).bind('mouseup', current, upIncrement); + $(document).bind('mousemove', current, moveIncrement); + }, + moveIncrement = function (ev) { + ev.data.field.val(Math.max(0, Math.min(ev.data.max, parseInt(ev.data.val + ev.pageY - ev.data.y, 10)))); + if (ev.data.preview) { + change.apply(ev.data.field.get(0), [true]); + } + return false; + }, + upIncrement = function (ev) { + change.apply(ev.data.field.get(0), [true]); + ev.data.el.removeClass('colorpicker_slider').find('input').focus(); + $(document).unbind('mouseup', upIncrement); + $(document).unbind('mousemove', moveIncrement); + return false; + }, + downHue = function (ev) { + var current = { + cal: $(this).parent(), + y: $(this).offset().top + }; + current.preview = current.cal.data('colorpicker').livePreview; + $(document).bind('mouseup', current, upHue); + $(document).bind('mousemove', current, moveHue); + }, + moveHue = function (ev) { + change.apply( + ev.data.cal.data('colorpicker') + .fields + .eq(4) + .val(parseInt(360*(150 - Math.max(0,Math.min(150,(ev.pageY - ev.data.y))))/150, 10)) + .get(0), + [ev.data.preview] + ); + return false; + }, + upHue = function (ev) { + fillRGBFields(ev.data.cal.data('colorpicker').color, ev.data.cal.get(0)); + fillHexFields(ev.data.cal.data('colorpicker').color, ev.data.cal.get(0)); + $(document).unbind('mouseup', upHue); + $(document).unbind('mousemove', moveHue); + return false; + }, + downSelector = function (ev) { + var current = { + cal: $(this).parent(), + pos: $(this).offset() + }; + current.preview = current.cal.data('colorpicker').livePreview; + $(document).bind('mouseup', current, upSelector); + $(document).bind('mousemove', current, moveSelector); + }, + moveSelector = function (ev) { + change.apply( + ev.data.cal.data('colorpicker') + .fields + .eq(6) + .val(parseInt(100*(150 - Math.max(0,Math.min(150,(ev.pageY - ev.data.pos.top))))/150, 10)) + .end() + .eq(5) + .val(parseInt(100*(Math.max(0,Math.min(150,(ev.pageX - ev.data.pos.left))))/150, 10)) + .get(0), + [ev.data.preview] + ); + return false; + }, + upSelector = function (ev) { + fillRGBFields(ev.data.cal.data('colorpicker').color, ev.data.cal.get(0)); + fillHexFields(ev.data.cal.data('colorpicker').color, ev.data.cal.get(0)); + $(document).unbind('mouseup', upSelector); + $(document).unbind('mousemove', moveSelector); + return false; + }, + enterSubmit = function (ev) { + $(this).addClass('colorpicker_focus'); + }, + leaveSubmit = function (ev) { + $(this).removeClass('colorpicker_focus'); + }, + clickSubmit = function (ev) { + var cal = $(this).parent(); + var col = cal.data('colorpicker').color; + cal.data('colorpicker').origColor = col; + setCurrentColor(col, cal.get(0)); + cal.data('colorpicker').onSubmit(col, HSBToHex(col), HSBToRGB(col), cal.data('colorpicker').el); + }, + show = function (ev) { + var cal = $('#' + $(this).data('colorpickerId')); + cal.data('colorpicker').onBeforeShow.apply(this, [cal.get(0)]); + var pos = $(this).offset(); + var viewPort = getViewport(); + var top = pos.top + this.offsetHeight; + var left = pos.left; + if (top + 176 > viewPort.t + viewPort.h) { + top -= this.offsetHeight + 176; + } + if (left + 356 > viewPort.l + viewPort.w) { + left -= 356; + } + cal.css({left: left + 'px', top: top + 'px'}); + if (cal.data('colorpicker').onShow.apply(this, [cal.get(0)]) != false) { + cal.show(); + } + $(document).bind('mousedown', {cal: cal}, hide); + return false; + }, + hide = function (ev) { + if (!isChildOf(ev.data.cal.get(0), ev.target, ev.data.cal.get(0))) { + if (ev.data.cal.data('colorpicker').onHide.apply(this, [ev.data.cal.get(0)]) != false) { + ev.data.cal.hide(); + } + $(document).unbind('mousedown', hide); + } + }, + isChildOf = function(parentEl, el, container) { + if (parentEl == el) { + return true; + } + if (parentEl.contains) { + return parentEl.contains(el); + } + if ( parentEl.compareDocumentPosition ) { + return !!(parentEl.compareDocumentPosition(el) & 16); + } + var prEl = el.parentNode; + while(prEl && prEl != container) { + if (prEl == parentEl) + return true; + prEl = prEl.parentNode; + } + return false; + }, + getViewport = function () { + var m = document.compatMode == 'CSS1Compat'; + return { + l : window.pageXOffset || (m ? document.documentElement.scrollLeft : document.body.scrollLeft), + t : window.pageYOffset || (m ? document.documentElement.scrollTop : document.body.scrollTop), + w : window.innerWidth || (m ? document.documentElement.clientWidth : document.body.clientWidth), + h : window.innerHeight || (m ? document.documentElement.clientHeight : document.body.clientHeight) + }; + }, + fixHSB = function (hsb) { + return { + h: Math.min(360, Math.max(0, hsb.h)), + s: Math.min(100, Math.max(0, hsb.s)), + b: Math.min(100, Math.max(0, hsb.b)) + }; + }, + fixRGB = function (rgb) { + return { + r: Math.min(255, Math.max(0, rgb.r)), + g: Math.min(255, Math.max(0, rgb.g)), + b: Math.min(255, Math.max(0, rgb.b)) + }; + }, + fixHex = function (hex) { + var len = 6 - hex.length; + if (len > 0) { + var o = []; + for (var i=0; i<len; i++) { + o.push('0'); + } + o.push(hex); + hex = o.join(''); + } + return hex; + }, + HexToRGB = function (hex) { + var hex = parseInt(((hex.indexOf('#') > -1) ? hex.substring(1) : hex), 16); + return {r: hex >> 16, g: (hex & 0x00FF00) >> 8, b: (hex & 0x0000FF)}; + }, + HexToHSB = function (hex) { + return RGBToHSB(HexToRGB(hex)); + }, + RGBToHSB = function (rgb) { + var hsb = { + h: 0, + s: 0, + b: 0 + }; + var min = Math.min(rgb.r, rgb.g, rgb.b); + var max = Math.max(rgb.r, rgb.g, rgb.b); + var delta = max - min; + hsb.b = max; + if (max != 0) { + + } + hsb.s = max != 0 ? 255 * delta / max : 0; + if (hsb.s != 0) { + if (rgb.r == max) { + hsb.h = (rgb.g - rgb.b) / delta; + } else if (rgb.g == max) { + hsb.h = 2 + (rgb.b - rgb.r) / delta; + } else { + hsb.h = 4 + (rgb.r - rgb.g) / delta; + } + } else { + hsb.h = -1; + } + hsb.h *= 60; + if (hsb.h < 0) { + hsb.h += 360; + } + hsb.s *= 100/255; + hsb.b *= 100/255; + return hsb; + }, + HSBToRGB = function (hsb) { + var rgb = {}; + var h = Math.round(hsb.h); + var s = Math.round(hsb.s*255/100); + var v = Math.round(hsb.b*255/100); + if(s == 0) { + rgb.r = rgb.g = rgb.b = v; + } else { + var t1 = v; + var t2 = (255-s)*v/255; + var t3 = (t1-t2)*(h%60)/60; + if(h==360) h = 0; + if(h<60) {rgb.r=t1; rgb.b=t2; rgb.g=t2+t3} + else if(h<120) {rgb.g=t1; rgb.b=t2; rgb.r=t1-t3} + else if(h<180) {rgb.g=t1; rgb.r=t2; rgb.b=t2+t3} + else if(h<240) {rgb.b=t1; rgb.r=t2; rgb.g=t1-t3} + else if(h<300) {rgb.b=t1; rgb.g=t2; rgb.r=t2+t3} + else if(h<360) {rgb.r=t1; rgb.g=t2; rgb.b=t1-t3} + else {rgb.r=0; rgb.g=0; rgb.b=0} + } + return {r:Math.round(rgb.r), g:Math.round(rgb.g), b:Math.round(rgb.b)}; + }, + RGBToHex = function (rgb) { + var hex = [ + rgb.r.toString(16), + rgb.g.toString(16), + rgb.b.toString(16) + ]; + $.each(hex, function (nr, val) { + if (val.length == 1) { + hex[nr] = '0' + val; + } + }); + return hex.join(''); + }, + HSBToHex = function (hsb) { + return RGBToHex(HSBToRGB(hsb)); + }, + restoreOriginal = function () { + var cal = $(this).parent(); + var col = cal.data('colorpicker').origColor; + cal.data('colorpicker').color = col; + fillRGBFields(col, cal.get(0)); + fillHexFields(col, cal.get(0)); + fillHSBFields(col, cal.get(0)); + setSelector(col, cal.get(0)); + setHue(col, cal.get(0)); + setNewColor(col, cal.get(0)); + }; + return { + init: function (opt) { + opt = $.extend({}, defaults, opt||{}); + if (typeof opt.color == 'string') { + opt.color = HexToHSB(opt.color); + } else if (opt.color.r != undefined && opt.color.g != undefined && opt.color.b != undefined) { + opt.color = RGBToHSB(opt.color); + } else if (opt.color.h != undefined && opt.color.s != undefined && opt.color.b != undefined) { + opt.color = fixHSB(opt.color); + } else { + return this; + } + return this.each(function () { + if (!$(this).data('colorpickerId')) { + var options = $.extend({}, opt); + options.origColor = opt.color; + var id = 'collorpicker_' + parseInt(Math.random() * 1000); + $(this).data('colorpickerId', id); + var cal = $(tpl).attr('id', id); + if (options.flat) { + cal.appendTo(this).show(); + } else { + cal.appendTo(document.body); + } + options.fields = cal + .find('input') + .bind('keyup', keyDown) + .bind('change', change) + .bind('blur', blur) + .bind('focus', focus); + cal + .find('span').bind('mousedown', downIncrement).end() + .find('>div.colorpicker_current_color').bind('click', restoreOriginal); + options.selector = cal.find('div.colorpicker_color').bind('mousedown', downSelector); + options.selectorIndic = options.selector.find('div div'); + options.el = this; + options.hue = cal.find('div.colorpicker_hue div'); + cal.find('div.colorpicker_hue').bind('mousedown', downHue); + options.newColor = cal.find('div.colorpicker_new_color'); + options.currentColor = cal.find('div.colorpicker_current_color'); + cal.data('colorpicker', options); + cal.find('div.colorpicker_submit') + .bind('mouseenter', enterSubmit) + .bind('mouseleave', leaveSubmit) + .bind('click', clickSubmit); + fillRGBFields(options.color, cal.get(0)); + fillHSBFields(options.color, cal.get(0)); + fillHexFields(options.color, cal.get(0)); + setHue(options.color, cal.get(0)); + setSelector(options.color, cal.get(0)); + setCurrentColor(options.color, cal.get(0)); + setNewColor(options.color, cal.get(0)); + if (options.flat) { + cal.css({ + position: 'relative', + display: 'block' + }); + } else { + $(this).bind(options.eventName, show); + } + } + }); + }, + showPicker: function() { + return this.each( function () { + if ($(this).data('colorpickerId')) { + show.apply(this); + } + }); + }, + hidePicker: function() { + return this.each( function () { + if ($(this).data('colorpickerId')) { + $('#' + $(this).data('colorpickerId')).hide(); + } + }); + }, + setColor: function(col) { + if (typeof col == 'string') { + col = HexToHSB(col); + } else if (col.r != undefined && col.g != undefined && col.b != undefined) { + col = RGBToHSB(col); + } else if (col.h != undefined && col.s != undefined && col.b != undefined) { + col = fixHSB(col); + } else { + return this; + } + return this.each(function(){ + if ($(this).data('colorpickerId')) { + var cal = $('#' + $(this).data('colorpickerId')); + cal.data('colorpicker').color = col; + cal.data('colorpicker').origColor = col; + fillRGBFields(col, cal.get(0)); + fillHSBFields(col, cal.get(0)); + fillHexFields(col, cal.get(0)); + setHue(col, cal.get(0)); + setSelector(col, cal.get(0)); + setCurrentColor(col, cal.get(0)); + setNewColor(col, cal.get(0)); + } + }); + } + }; + }(); + $.fn.extend({ + ColorPicker: ColorPicker.init, + ColorPickerHide: ColorPicker.hidePicker, + ColorPickerShow: ColorPicker.showPicker, + ColorPickerSetColor: ColorPicker.setColor + }); +})(jQuery)
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/js/common.js b/id/ConfigWebTool/src/main/webapp/js/common.js index 249cb37fa..11fc0b2be 100644 --- a/id/ConfigWebTool/src/main/webapp/js/common.js +++ b/id/ConfigWebTool/src/main/webapp/js/common.js @@ -1,3 +1,25 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ function oaBusinessService() { if ($('#OAisbusinessservice').attr('checked') == 'checked') { @@ -44,6 +66,29 @@ function oaPVP2(){ $('#button_pvp2_hidden').css('display', "block"); } } +function oaOAuth20(){ + if ($('#oa_oauth20_area').css('display') == "block") { + $('#oa_oauth20_area').css('display', "none"); + $('#button_oauth20_show').css('display', "block"); + $('#button_oauth20_hidden').css('display', "none"); + } else { + $('#oa_oauth20_area').css('display', "block"); + $('#button_oauth20_show').css('display', "none"); + $('#button_oauth20_hidden').css('display', "block"); + } +} +function oaFormCustom() { + if ($('#formcustom_area').css('display') == "block") { + $('#formcustom_area').css('display', "none"); + $('#formcustom_button_show').css('display', "block"); + $('#formcustom_button_hidden').css('display', "none"); + } else { + $('#formcustom_area').css('display', "block"); + $('#formcustom_button_show').css('display', "none"); + $('#formcustom_button_hidden').css('display', "block"); + $("#formCustomPreview>iframe").attr("src", "./bkuFramePreview.action"); + } +} function editOA(oaid){ $('#selectOAForm_OAID').val(oaid); $('#selectOAForm').submit(); @@ -63,9 +108,95 @@ function oaLegacyService() { } } +function AdminTarget() { + if ($('#adminTarget').attr('checked') == 'checked') { + + $('#admin_target_area').css('display', "block"); + + } else { + + $('#admin_target_area').css('display', "none"); + + } +} +function HideAdminTarget() { + $('#adminTarget').removeAttr("checked"); + $('#admin_target_area').css('display', "none"); +} +function oaTargetSubSector() { + if ($('#OAisTargetSubSector').attr('checked') == 'checked') { + + $('#wwgrp_OAtarget_subsector').css('display', "block"); + + } else { + + $('#wwgrp_OAtarget_subsector').css('display', "none"); + + } +} +function UseUserNamePassword() { + if ($('#isusernamepasswordallowed').size() == 0) { + $('#usernamepassword_area').css('display', "none"); + return; + } + + if ($('#isusernamepasswordallowed').attr('checked') == 'checked') { + if ($('#editUser_user_username').val() == "") { + $('#editUser_user_username').removeAttr("disabled"); + } + $('#usernamepassword_area').css('display', "block"); + + } else { + $('#editUser_user_username').prop("disabled", "disabled"); + $('#usernamepassword_area').css('display', "none"); + + } +} +function sendVerificationMail() { + $.ajax({ + xhr: function() { + var xhr = new window.XMLHttpRequest(); + return xhr; + }, + type: "GET", + url: "servlet/sendVerificationMail.action", + data: "", + success: function (msg) { + alert(msg); + }, + error: function () { + alert('Anfrage konnte nicht gesendet werden!'); + }, + }); +} +function updateBKUFormPreview(module) { + var value = $("#"+module).val(); + + $("#formCustomPreview>iframe").attr("src", "./bkuFramePreview.action?module="+module+"&value="+encodeURIComponent(value.replace("#",""))); +} + +function userOnLoad() { + UseUserNamePassword(); + return true; +} function oaOnLoad() { oaBusinessService(); oaSSOService(); oaLegacyService(); + AdminTarget(); + oaTargetSubSector(); + + $(".colorfield").each( + function() { + $(this).ColorPicker({ + color : $(this).val(), + onSubmit : function(hsb, hex, rgb, el) { + $(el).val(hex); + updateBKUFormPreview($(el).attr("id")); + } + }); + } + ); + return true; }
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp index 2b24f0b89..05f4a1106 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp @@ -341,6 +341,9 @@ <br> <br> + + <s:hidden name="formID" + value="%{formID}"></s:hidden> <div id="button_area"> <s:submit key="webpages.edit.back" action="backGeneralConfig"/> diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp index 60f253222..97f0d01c2 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp @@ -1,16 +1,18 @@ <%@ page contentType="text/html;charset=UTF-8" %> <%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%> <%@ taglib prefix="s" uri="/struts-tags" %> - + <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <link rel="stylesheet" type="text/css" href="../css/index.css"> + <link rel="stylesheet" media="screen" type="text/css" href="../css/colorpicker.css" /> + <title><%=LanguageHelper.getGUIString("title", request) %></title> <script type="text/javascript" src="../js/common.js"></script> <script src="../js/jquery.js"></script> - + <script type="text/javascript" src="../js/colorpicker.js"></script> </head> <body onload="oaOnLoad()"> @@ -64,123 +66,212 @@ key="webpages.oaconfig.general.isbusinessservice" cssClass="checkbox" onclick="oaBusinessService();" - id="OAisbusinessservice"> + id="OAisbusinessservice" + disabled="%{isOnlyBusinessService()}"> </s:checkbox> </div> <div id="oa_config_businessservice" class="oa_config_block"> <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.business.header", request) %></h3> + <s:select list="generalOA.identificationTypeList" + key="webpages.oaconfig.general.business.value" + labelposition="left" + cssClass="selectfield" + value="%{generalOA.identificationType}" + name="generalOA.identificationType" + disabled="%{isDeaktivededBusinessService()}"> + </s:select> + <s:textfield name="generalOA.identificationNumber" value="%{generalOA.identificationNumber}" - labelposition="left" - key="webpages.oaconfig.general.business.value" - cssClass="textfield_long"> + cssClass="textfield_middle" + disabled="%{isDeaktivededBusinessService()}"> </s:textfield> </div> - <div id="oa_config_publicservice" class="oa_config_block"> - <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.public.header", request) %></h3> - - <s:textfield name="generalOA.target" - value="%{generalOA.target}" - labelposition="left" - key="webpages.oaconfig.general.target" - cssClass="textfield_short"> - </s:textfield> - - <s:textfield name="generalOA.targetFriendlyName" - value="%{generalOA.targetFriendlyName}" - labelposition="left" - key="webpages.oaconfig.general.target.friendlyname" - cssClass="textfield_long"> - </s:textfield> - </div> - - <div class="oa_config_block"> - <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.bku.header", request) %></h3> - - <s:textfield name="generalOA.bkuOnlineURL" - value="%{generalOA.bkuOnlineURL}" - labelposition="left" - key="webpages.oaconfig.general.bku.online" - cssClass="textfield_long"> - </s:textfield> - - <s:textfield name="generalOA.bkuHandyURL" - value="%{generalOA.bkuHandyURL}" - labelposition="left" - key="webpages.oaconfig.general.bku.handy" - cssClass="textfield_long"> - </s:textfield> - - <s:textfield name="generalOA.bkuLocalURL" - value="%{generalOA.bkuLocalURL}" - labelposition="left" - key="webpages.oaconfig.general.bku.local" - cssClass="textfield_long"> - </s:textfield> - - <s:if test="authUser.isAdmin()"> - <s:textfield name="generalOA.slVersion" - value="%{generalOA.slVersion}" + <s:if test="!isOnlyBusinessService()"> + <div id="oa_config_publicservice" class="oa_config_block"> + <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.public.header", request) %></h3> + + <s:if test="authUser.isAdmin()"> + <s:select list="generalOA.targetList" + key="webpages.oaconfig.general.target" + labelposition="left" + cssClass="selectfield" + value="%{generalOA.target}" + name="generalOA.target" + onchange="HideAdminTarget();"> + </s:select> + </s:if> + <s:else> + <s:select list="generalOA.targetList" + key="webpages.oaconfig.general.target" + labelposition="left" + cssClass="selectfield" + value="%{generalOA.target}" + name="generalOA.target"> + </s:select> + </s:else> + + <s:checkbox name="subTargetSet" + value="%{subTargetSet}" labelposition="left" - key="webpages.oaconfig.general.bku.slversion" - cssClass="textfield_long"> + key="webpages.oaconfig.general.target.subsector.checkbox" + cssClass="checkbox" + onclick="oaTargetSubSector();" + id="OAisTargetSubSector"> + </s:checkbox> + + <s:textfield name="generalOA.target_subsector" + value="%{generalOA.target_subsector}" + labelposition="left" + key="webpages.oaconfig.general.target.subsector" + cssClass="selectfield" + id="OAtarget_subsector"> </s:textfield> - </s:if> - <s:radio list="generalOA.keyBoxIdentifierList" - name="generalOA.keyBoxIdentifier" - value="%{generalOA.keyBoxIdentifier}" - labelposition="left" - key="webpages.oaconfig.general.bku.keyboxidentifier" - cssClass="radio"> - </s:radio> - <s:checkbox name="generalOA.legacy" - value="%{generalOA.legacy}" - labelposition="left" - key="webpages.oaconfig.general.bku.legacy" - cssClass="checkbox" - onclick="oaLegacyService();" - id="OAislegacy"> - </s:checkbox> - <div id="oa_config_sltemplates"> - <s:textfield name="generalOA.SLTemplateURL1" - value="%{generalOA.SLTemplateURL1}" + + + <s:if test="authUser.isAdmin()"> + <s:checkbox + name="generalOA.AdminTarget" + value="%{generalOA.AdminTarget}" + cssClass="checkbox" + onclick="AdminTarget();" + labelposition="left" + key="webpages.oaconfig.general.target.admin.checkbox" + id="adminTarget"> + </s:checkbox> + + <div id="admin_target_area"> + <s:textfield name="generalOA.target_admin" + value="%{generalOA.target_admin}" + labelposition="left" + key="webpages.oaconfig.general.target.admin" + cssClass="textfield_short"> + </s:textfield> + <s:textfield name="generalOA.targetFriendlyName" + value="%{generalOA.targetFriendlyName}" + labelposition="left" + key="webpages.oaconfig.general.target.friendlyname" + cssClass="textfield_long"> + </s:textfield> + </div> + </s:if> + <s:else> + <s:if test="generalOA.target_admin neq null"> + <s:textfield name="generalOA.target_admin" + value="%{generalOA.target_admin}" + labelposition="left" + key="webpages.oaconfig.general.target.admin.disabled" + cssClass="textfield_short" + disabled="true"> + </s:textfield> + </s:if> + <%-- <s:if test="generalOA.targetFriendlyName neq null"> + <s:textfield name="generalOA.targetFriendlyName" + value="%{generalOA.targetFriendlyName}" + labelposition="left" + key="webpages.oaconfig.general.target.friendlyname.disabled" + cssClass="textfield_long"> + </s:textfield> + </s:if> --%> + </s:else> + </div> + </s:if> + + <s:if test="authUser.isAdmin()"> + <div class="oa_config_block"> + <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.bku.header", request) %></h3> + + <s:textfield name="generalOA.bkuOnlineURL" + value="%{generalOA.bkuOnlineURL}" labelposition="left" - key="webpages.oaconfig.general.bku.sltemplate.first" + key="webpages.oaconfig.general.bku.online" cssClass="textfield_long"> </s:textfield> - <s:textfield name="generalOA.SLTemplateURL2" - value="%{generalOA.SLTemplateURL2}" + + <s:textfield name="generalOA.bkuHandyURL" + value="%{generalOA.bkuHandyURL}" labelposition="left" - key="webpages.oaconfig.general.bku.sltemplate.second" + key="webpages.oaconfig.general.bku.handy" cssClass="textfield_long"> </s:textfield> - <s:textfield name="generalOA.SLTemplateURL3" - value="%{generalOA.SLTemplateURL3}" + + <s:textfield name="generalOA.bkuLocalURL" + value="%{generalOA.bkuLocalURL}" labelposition="left" - key="webpages.oaconfig.general.bku.sltemplate.third" + key="webpages.oaconfig.general.bku.local" cssClass="textfield_long"> </s:textfield> + + <s:radio list="generalOA.keyBoxIdentifierList" + name="generalOA.keyBoxIdentifier" + value="%{generalOA.keyBoxIdentifier}" + labelposition="left" + key="webpages.oaconfig.general.bku.keyboxidentifier" + cssClass="radio"> + </s:radio> + <s:checkbox name="generalOA.legacy" + value="%{generalOA.legacy}" + labelposition="left" + key="webpages.oaconfig.general.bku.legacy" + cssClass="checkbox" + onclick="oaLegacyService();" + id="OAislegacy"> + </s:checkbox> + <div id="oa_config_sltemplates"> + <s:textfield name="generalOA.SLTemplateURL1" + value="%{generalOA.SLTemplateURL1}" + labelposition="left" + key="webpages.oaconfig.general.bku.sltemplate.first" + cssClass="textfield_long"> + </s:textfield> + <s:textfield name="generalOA.SLTemplateURL2" + value="%{generalOA.SLTemplateURL2}" + labelposition="left" + key="webpages.oaconfig.general.bku.sltemplate.second" + cssClass="textfield_long"> + </s:textfield> + <s:textfield name="generalOA.SLTemplateURL3" + value="%{generalOA.SLTemplateURL3}" + labelposition="left" + key="webpages.oaconfig.general.bku.sltemplate.third" + cssClass="textfield_long"> + </s:textfield> + </div> </div> - - - </div> + </s:if> <div class="oa_config_block"> <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.mandate.header", request) %></h3> + + <s:checkbox name="generalOA.useMandates" + value="%{generalOA.useMandates}" + labelposition="left" + key="webpages.oaconfig.general.mandate.usemandate" + cssClass="checkbox"> + </s:checkbox> + <s:textfield name="generalOA.mandateProfiles" value="%{generalOA.mandateProfiles}" labelposition="left" key="webpages.oaconfig.general.mandate.profiles" cssClass="textfield_long"> </s:textfield> + + <s:checkbox name="formOA.onlyMandateAllowed" + value="%{formOA.onlyMandateAllowed}" + labelposition="left" + key="webpages.oaconfig.general.BKUSelection.isOnlyMandateLoginAllowed" + cssClass="checkbox"> + </s:checkbox> + </div> <div class="oa_config_block"> - <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.sso.header", request) %></h3> + <p><strong><%=LanguageHelper.getGUIString("webpages.oaconfig.sso.header", request) %></strong></p> <s:checkbox name="ssoOA.useSSO" value="%{ssoOA.useSSO}" @@ -213,12 +304,15 @@ <div class="oa_config_block"> <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.protocols.header", request) %></h3> - <button type="button" class="oa_buttons" onclick="oaSAML1();" id="button_smal1_show"> - <%=LanguageHelper.getGUIString("webpages.oaconfig.menu.saml1.show", request) %> - </button> - <button type="button" class="oa_buttons" onclick="oaSAML1();" id="button_saml1_hidden"> - <%=LanguageHelper.getGUIString("webpages.oaconfig.menu.saml1.hidden", request) %> - </button> + + <s:if test="authUser.isAdmin() || saml1OA.isActive()"> + <button type="button" class="oa_buttons" onclick="oaSAML1();" id="button_smal1_show"> + <%=LanguageHelper.getGUIString("webpages.oaconfig.menu.saml1.show", request) %> + </button> + <button type="button" class="oa_buttons" onclick="oaSAML1();" id="button_saml1_hidden"> + <%=LanguageHelper.getGUIString("webpages.oaconfig.menu.saml1.hidden", request) %> + </button> + </s:if> <button type="button" class="oa_buttons" onclick="oaPVP2();" id="button_pvp2_show"> <%=LanguageHelper.getGUIString("webpages.oaconfig.menu.pvp2.show", request) %> @@ -226,9 +320,25 @@ <button type="button" class="oa_buttons" onclick="oaPVP2();" id="button_pvp2_hidden"> <%=LanguageHelper.getGUIString("webpages.oaconfig.menu.pvp2.hidden", request) %> </button> + + <button type="button" class="oa_buttons" onclick="oaOAuth20();" id="button_oauth20_show"> + <%=LanguageHelper.getGUIString("webpages.oaconfig.menu.oauth20.show", request) %> + </button> + <button type="button" style="display:none" class="oa_buttons" onclick="oaOAuth20();" id="button_oauth20_hidden"> + <%=LanguageHelper.getGUIString("webpages.oaconfig.menu.oauth20.hidden", request) %> + </button> <div id="oa_saml1_area" class="oa_protocol_area"> <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.protocols.saml1.header", request) %></h4> + + <s:if test="authUser.isAdmin()"> + <s:checkbox name="saml1OA.Active" + value="%{saml1OA.Active}" + labelposition="left" + key="webpages.oaconfig.saml1.isActice" + cssClass="checkbox"> + </s:checkbox> + </s:if> <s:checkbox name="saml1OA.provideStammZahl" value="%{saml1OA.provideStammZahl}" labelposition="left" @@ -241,13 +351,13 @@ key="webpages.oaconfig.saml1.provideAuthBlock" cssClass="checkbox"> </s:checkbox> + <br> <s:checkbox name="saml1OA.provideIdentityLink" value="%{saml1OA.provideIdentityLink}" labelposition="left" key="webpages.oaconfig.saml1.provideIdentityLink" cssClass="checkbox"> - </s:checkbox> - <br> + </s:checkbox> <s:checkbox name="saml1OA.provideCertificate" value="%{saml1OA.provideCertificate}" labelposition="left" @@ -294,44 +404,171 @@ <s:file name="pvp2OA.fileUpload" key="webpages.oaconfig.pvp2.certifcate" cssClass="textfield_long"></s:file> </div> </div> + + <div id="oa_oauth20_area" class="oa_protocol_area"> + <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.protocols.oauth20.header", request) %></h4> + + <s:label key="webpages.oaconfig.oauth20.clientId" value="%{oauth20OA.clientId}"/> + + <s:label key="webpages.oaconfig.oauth20.clientSecret" value="%{oauth20OA.clientSecret}"/> + + <s:textfield name="oauth20OA.redirectUri" + value="%{oauth20OA.redirectUri}" + labelposition="left" + key="webpages.oaconfig.oauth20.redirectUri" + cssClass="textfield_long"> + </s:textfield> + </div> </div> <div class="oa_config_block"> <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.aditional.header", request) %></h3> - <s:checkbox name="generalOA.useIFrame" - value="%{generalOA.useIFrame}" - labelposition="left" - key="webpages.oaconfig.general.aditional.iframe" - cssClass="checkbox"> - </s:checkbox> - - <s:checkbox name="generalOA.useUTC" - value="%{generalOA.useUTC}" - labelposition="left" - key="webpages.oaconfig.general.aditional.useUTC" - cssClass="checkbox"> - </s:checkbox> - <%-- <s:checkbox name="generalOA.calculateHPI" value="%{generalOA.calculateHPI}" labelposition="left" key="webpages.oaconfig.general.aditional.calculateHPI" cssClass="textfield_long"> </s:checkbox> --%> - - <s:textarea name="generalOA.aditionalAuthBlockText" - value="%{generalOA.aditionalAuthBlockText}" + + <s:checkbox name="generalOA.HideBPKAuthBlock" + value="%{generalOA.HideBPKAuthBlock}" labelposition="left" - key="webpages.oaconfig.general.aditional.authblocktext" - cssClass="textfield_large"> - </s:textarea> + key="webpages.oaconfig.general.isHideBPKAuthBlock" + cssClass="checkbox"> + </s:checkbox> + <s:if test="authUser.isAdmin()"> + <s:textarea name="generalOA.aditionalAuthBlockText" + value="%{generalOA.aditionalAuthBlockText}" + labelposition="left" + key="webpages.oaconfig.general.aditional.authblocktext" + cssClass="textfield_large"> + </s:textarea> + + + <button type="button" class="oa_buttons" onclick="oaFormCustom();" id="formcustom_button_show"> + <%=LanguageHelper.getGUIString("webpages.oaconfig.general.BKUSelection.button.show", request) %> + </button> + <button type="button" class="oa_buttons" onclick="oaFormCustom();" id="formcustom_button_hidden"> + <%=LanguageHelper.getGUIString("webpages.oaconfig.general.BKUSelection.button.hidden", request) %> + </button> + + <div id="formcustom_area" class="oa_protocol_area"> + <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.general.BKUSelection.header", request) %></h4> + + <div id="formCustomValues"> + <s:textfield name="formOA.backGroundColor" + value="%{formOA.backGroundColor}" + labelposition="left" + key="webpages.oaconfig.general.BKUSelection.backgroundcolor" + cssClass="textfield_middle colorfield" + onchange='updateBKUFormPreview("MAIN_BACKGOUNDCOLOR")' + id="MAIN_BACKGOUNDCOLOR"> + </s:textfield> + <s:textfield name="formOA.frontColor" + value="%{formOA.frontColor}" + labelposition="left" + key="webpages.oaconfig.general.BKUSelection.frontcolor" + cssClass="textfield_middle colorfield" + onchange='updateBKUFormPreview("MAIN_COLOR")' + id="MAIN_COLOR"> + </s:textfield> + + <s:textfield name="formOA.header_BackGroundColor" + value="%{formOA.header_BackGroundColor}" + labelposition="left" + key="webpages.oaconfig.general.BKUSelection.header.backgroundcolor" + cssClass="textfield_middle colorfield" + onchange='updateBKUFormPreview("HEADER_BACKGROUNDCOLOR")' + id="HEADER_BACKGROUNDCOLOR"> + </s:textfield> + <s:textfield name="formOA.header_FrontColor" + value="%{formOA.header_FrontColor}" + labelposition="left" + key="webpages.oaconfig.general.BKUSelection.header.frontcolor" + cssClass="textfield_middle colorfield" + onchange='updateBKUFormPreview("HEADER_COLOR")' + id="HEADER_COLOR"> + </s:textfield> + <s:textfield name="formOA.header_text" + value="%{formOA.header_text}" + labelposition="left" + key="webpages.oaconfig.general.BKUSelection.header.text" + cssClass="textfield_middle" + onchange='updateBKUFormPreview("HEADER_TEXT")' + id="HEADER_TEXT"> + </s:textfield> + + <%-- <s:textfield name="formOA.button_BackGroundColor" + value="%{formOA.button_BackGroundColor}" + labelposition="left" + key="webpages.oaconfig.general.BKUSelection.header.button.background" + cssClass="textfield_middle colorfield" + onchange='updateBKUFormPreview("BUTTON_BACKGROUNDCOLOR")' + id="BUTTON_BACKGROUNDCOLOR"> + </s:textfield> + <s:textfield name="formOA.button_BackGroundColorFocus" + value="%{formOA.button_BackGroundColorFocus}" + labelposition="left" + key="webpages.oaconfig.general.BKUSelection.header.button.background.focus" + cssClass="textfield_middle colorfield" + onchange='updateBKUFormPreview("BUTTON_BACKGROUNDCOLOR_FOCUS")' + id="BUTTON_BACKGROUNDCOLOR_FOCUS"> + </s:textfield> + <s:textfield name="formOA.button_FrontColor" + value="%{formOA.button_FrontColor}" + labelposition="left" + key="webpages.oaconfig.general.BKUSelection.header.button.front" + cssClass="textfield_middle colorfield" + onchange='updateBKUFormPreview("BUTTON_COLOR")' + id="BUTTON_COLOR"> + </s:textfield> --%> + + <s:select list="formOA.appletRedirectTargetList" + key="webpages.oaconfig.general.BKUSelection.redirectTarget" + labelposition="left" + cssClass="selectfield" + value="%{formOA.appletRedirectTarget}" + name="formOA.appletRedirectTarget"> + </s:select> + + <s:select list="formOA.fontTypeList" + key="webpages.oaconfig.general.BKUSelection.fonttype.list" + labelposition="left" + cssClass="selectfield" + value="%{formOA.fontType}" + name="formOA.fontTypeListValue" + id="fontTypeList" + onchange='$("#FONTTYPE").val($("#fontTypeList").val());updateBKUFormPreview("FONTTYPE");'> + </s:select> + + <s:textfield name="formOA.fontType" + value="%{formOA.fontType}" + labelposition="left" + key="webpages.oaconfig.general.BKUSelection.fonttype" + cssClass="textfield_mail" + onchange='updateBKUFormPreview("FONTTYPE")' + id="FONTTYPE"> + </s:textfield> + </div> + + <div id="formCustomPreview"> + <iframe scrolling="none" + title="BKUForm Preview" + height="220" + width="250"> + </iframe> + </div> + + </div> + </s:if> + </div> -<%-- <s:hidden name="generalOA.dbID" - value="%{generalOA.dbID}"></s:hidden> --%> + <s:hidden name="formID" + value="%{formID}"></s:hidden> <div id="button_area"> diff --git a/id/ConfigWebTool/src/main/webapp/jsp/edituser.jsp b/id/ConfigWebTool/src/main/webapp/jsp/edituser.jsp index 067bcd57d..994389de3 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/edituser.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/edituser.jsp @@ -6,20 +6,29 @@ <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> + <title><%=LanguageHelper.getGUIString("title", request) %></title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> + <link rel="stylesheet" type="text/css" href="../css/index.css"> - <title><%=LanguageHelper.getGUIString("title", request) %></title> <script type="text/javascript" src="../js/common.js"></script> <script src="../js/jquery.js"></script> </head> - <body> + <body onload="userOnLoad();"> <jsp:include page="snippets/header_userinfos.jsp"></jsp:include> - + <jsp:include page="snippets/main_menu.jsp"></jsp:include> <div id="information_area"> + + <s:if test="hasActionMessages()"> + <div id="error_area"> + <label><%=LanguageHelper.getGUIString("error.title", request) %></label> + <s:actionmessage/> + </div> + </s:if> + <s:if test="hasActionErrors()"> <div id="error_area"> <label><%=LanguageHelper.getGUIString("error.title", request) %></label> @@ -28,118 +37,26 @@ </s:if> <div id="list_area"> - + <s:form namespace="/secure" method="POST" enctype="multipart/form-data"> - - <div class="oa_config_block"> - <h3><%=LanguageHelper.getGUIString("webpages.edituser.header", request) %></h3> - <s:textfield name="user.givenName" - value="%{user.givenName}" - labelposition="left" - key="webpages.edituser.givenname" - cssClass="textfield_long"> - </s:textfield> - <s:textfield name="user.familyName" - value="%{user.familyName}" - labelposition="left" - key="webpages.edituser.familyName" - cssClass="textfield_long"> - </s:textfield> - <s:textfield name="user.institut" - value="%{user.institut}" - labelposition="left" - key="webpages.edituser.institut" - cssClass="textfield_long"> - </s:textfield> - <s:textfield name="user.mail" - value="%{user.mail}" - labelposition="left" - key="webpages.edituser.mail" - cssClass="textfield_long"> - </s:textfield> - <s:textfield name="user.phone" - value="%{user.phone}" - labelposition="left" - key="webpages.edituser.phone" - cssClass="textfield_long"> - </s:textfield> - </div> + <jsp:include page="snippets/userfields.jsp"></jsp:include> - <div class="oa_config_block"> - <h3><%=LanguageHelper.getGUIString("webpages.edituser.access.header", request) %></h3> - <s:if test="isNewUser()"> - <s:textfield name="user.username" - value="%{user.username}" - labelposition="left" - key="webpages.edituser.username" - cssClass="textfield_long" - maxlength="16"> - </s:textfield> - </s:if> - <s:else> - <s:textfield name="user.username" - value="%{user.username}" - labelposition="left" - key="webpages.edituser.username" - cssClass="textfield_long" - disabled="true" - maxlength="16"> - </s:textfield> - </s:else> - - <s:password name="user.password" - labelposition="left" - key="webpages.edituser.password" - cssClass="textfield_long" - maxlength="16"> - </s:password> - - <s:password name="user.password_second" - labelposition="left" - key="webpages.edituser.password_second" - cssClass="textfield_long" - maxlength="16"> - </s:password> - - <s:textfield name="user.bpk" - value="%{user.bpk}" - labelposition="left" - key="webpages.edituser.bpk" - cssClass="textfield_long"> - </s:textfield> - </div> - - <s:if test="authUser.isAdmin()"> - <div class="oa_config_block"> - <h3><%=LanguageHelper.getGUIString("webpages.edituser.role.header", request) %></h3> - <s:checkbox name="user.active" - value="%{user.active}" - labelposition="left" - key="webpages.edituser.active" - cssClass="checkbox"> - </s:checkbox> - <s:checkbox name="user.admin" - value="%{user.admin}" - labelposition="left" - key="webpages.edituser.admin" - cssClass="checkbox"> - </s:checkbox> - </div> - </s:if> - - <s:hidden name="user.userID" value="%{user.userID}"></s:hidden> + <s:hidden name="formID" value="%{formID}"></s:hidden> <div id="button_area"> <s:if test="authUser.isAdmin()"> - <s:submit key="webpages.edit.back" action="usermanagementInit"/> - </s:if> + <s:submit key="webpages.edit.back" action="%{nextPage}"/> + </s:if> + <s:submit key="webpages.edit.save" action="saveUser"/> - <s:if test="!isNewUser()"> - <s:submit key="webpages.edit.delete.user" action="deleteUser"/> + <s:if test="!isNewUser()"> + <s:submit key="webpages.edit.delete.user" action="deleteUser"/> </s:if> - </div> + </div> + </s:form> + </div> </div> diff --git a/id/ConfigWebTool/src/main/webapp/jsp/importexport.jsp b/id/ConfigWebTool/src/main/webapp/jsp/importexport.jsp index b28bc5f57..c619e64b1 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/importexport.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/importexport.jsp @@ -42,6 +42,8 @@ <h3><%=LanguageHelper.getGUIString("webpages.inportexport.legacyimport.header", request) %></h3> <s:file name="fileUpload" key="webpages.inportexport.legacyimport.upload" cssClass="textfield_long"></s:file> + <s:hidden name="formID" value="%{formID}"></s:hidden> + <div id="button_area"> <%-- <s:submit key="webpages.edit.back" action="main"/> --%> <s:submit key="webpages.edit.import" action="importlegacy"/> @@ -57,6 +59,8 @@ <h3><%=LanguageHelper.getGUIString("webpages.inportexport.import.header", request) %></h3> <s:file name="fileUpload" key="webpages.inportexport.import.upload" cssClass="textfield_long"></s:file> + <s:hidden name="formID" value="%{formID}"></s:hidden> + <div id="button_area"> <s:submit key="webpages.edit.import" action="importConfig"/> <s:submit key="webpages.edit.export" action="exportConfig"/> diff --git a/id/ConfigWebTool/src/main/webapp/jsp/mainpage.jsp b/id/ConfigWebTool/src/main/webapp/jsp/mainpage.jsp index b700970cc..c9f1e00f6 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/mainpage.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/mainpage.jsp @@ -25,6 +25,14 @@ <s:actionmessage/> </div> </s:if> + + <s:if test="hasActionErrors()"> + <div id="error_area"> + <label><%=LanguageHelper.getGUIString("error.title", request) %></label> + <s:actionerror/> + </div> + </s:if> + <p>Im Menü auf der rechten Seite können Sie die einzelnen Operationen wählen.</p> </div> diff --git a/id/ConfigWebTool/src/main/webapp/jsp/newUserRequest.jsp b/id/ConfigWebTool/src/main/webapp/jsp/newUserRequest.jsp new file mode 100644 index 000000000..9995f9f31 --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/jsp/newUserRequest.jsp @@ -0,0 +1,57 @@ +<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%> + +<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> +<%@ taglib prefix="s" uri="/struts-tags" %> + +<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> + <head> + <title><%=LanguageHelper.getGUIString("title", request) %></title> + <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> + + <link rel="stylesheet" type="text/css" href="./css/index.css"> + <script type="text/javascript" src="./js/common.js"></script> + <script src="./js/jquery.js"></script> + </head> + + <body> + + <jsp:include page="snippets/header_userinfos.jsp"></jsp:include> + + <div id="information_area"> + + <s:if test="!authUser.isAuthenticated()"> + <p>Füllen sie die nachstehenden Felder aus um einen neuen Benutzer zu beantraten.</p> + <p>Danach erhalten sie eine Mail zur Verifzierung Ihrer Mailadresse. + Nach Bestätiung dieser Verifikationsmail wird der Administrator über Ihre Anfrage informiert. + Die Freischaltung kann somit eine gewisse Zeit in Anspruch nehmen. </p> + + </s:if> + + <s:if test="hasActionErrors()"> + <div id="error_area"> + <label><%=LanguageHelper.getGUIString("error.title", request) %></label> + <s:actionerror/> + </div> + </s:if> + + <div id="list_area"> + + <s:form namespace="/" method="POST" enctype="multipart/form-data"> + <jsp:include page="snippets/userfields.jsp"></jsp:include> + + <s:hidden name="formID" value="%{formID}"></s:hidden> + + <div id="button_area"> + <s:submit key="webpages.edit.newUser" action="requestNewUser"/> + </div> + + </s:form> + + </div> + </div> + + <jsp:include page="snippets/footer.jsp"></jsp:include> + + </body> +</html>
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/jsp/openadminrequests.jsp b/id/ConfigWebTool/src/main/webapp/jsp/openadminrequests.jsp new file mode 100644 index 000000000..954bf9b8b --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/jsp/openadminrequests.jsp @@ -0,0 +1,51 @@ +<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%> + +<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> +<%@ taglib prefix="s" uri="/struts-tags" %> + +<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> + <head> + <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> + <link rel="stylesheet" type="text/css" href="../css/index.css"> + <title><%=LanguageHelper.getGUIString("title", request) %></title> + <script type="text/javascript" src="../js/common.js"></script> + <script src="../js/jquery.js"></script> + </head> + + <body> + + <jsp:include page="snippets/header_userinfos.jsp"></jsp:include> + + <jsp:include page="snippets/main_menu.jsp"></jsp:include> + + <div id="information_area"> + <s:if test="hasActionErrors()"> + <div id="error_area"> + <label><%=LanguageHelper.getGUIString("error.title", request) %></label> + <s:actionerror/> + </div> + </s:if> + + <h2><%=LanguageHelper.getGUIString("webpages.openadminrequests.header", request) %></h2> + + <s:if test="authUser.isAdmin()"> + + <div class="oa_config_block"> + <h3><%=LanguageHelper.getGUIString("webpages.openadminrequests.users.header", request) %></h3> + <jsp:include page="snippets/user_list.jsp"></jsp:include> + </div> + + <div class="oa_config_block"> + <h3><%=LanguageHelper.getGUIString("webpages.openadminrequests.oas.header", request) %></h3> + <jsp:include page="snippets/oas_list.jsp"></jsp:include> + </div> + + </s:if> + + </div> + + <jsp:include page="snippets/footer.jsp"></jsp:include> + + </body> +</html>
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/header_userinfos.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/header_userinfos.jsp index 72affde79..e9192b46e 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/header_userinfos.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/header_userinfos.jsp @@ -5,9 +5,14 @@ <html> <div id="header_area"> <!-- <div> --> - <%=LanguageHelper.getGUIString("webpages.header.info", request) %> - <s:property value="authUser.givenName"/> <s:property value="authUser.familyName"/>, - <%=LanguageHelper.getGUIString("webpages.header.lastlogin", request) %> <s:property value="authUser.lastLogin"/> + <%=LanguageHelper.getGUIString("webpages.header.info", request) %> + <s:if test="authUser.isMandateUser()"> + <s:property value="authUser.institute"/> + </s:if> + <s:else> + <s:property value="authUser.givenName"/> <s:property value="authUser.familyName"/>, + </s:else> + <%=LanguageHelper.getGUIString("webpages.header.lastlogin", request) %> <s:property value="authUser.getFormatedLastLogin()"/> <s:url action="logout" var="logoutURL" namespace="/"/> <a id="logoutbutton" href="<s:property value="#logoutURL" />"><%=LanguageHelper.getGUIString("webpages.index.logout", request) %></a> diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/main_menu.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/main_menu.jsp index 26b12cdcb..4d02f4bda 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/main_menu.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/main_menu.jsp @@ -32,11 +32,13 @@ <s:url action="usermanagementInit" var="userManagementUrl" namespace="/secure"/> <a href="<s:property value="#userManagementUrl" />"><%=LanguageHelper.getGUIString("webpages.mainpage.menu.general.usermanagement", request) %></a> </div> - -<%-- <div class="menu_element"> - <a href=""><%=LanguageHelper.getGUIString("webpages.mainpage.menu.general.user", request) %></a> - </div> --%> + <s:if test="authUser.isAdmin()"> + <div class="menu_element"> + <s:url action="adminRequestsInit" var="adminRequestsUrl" namespace="/secure"/> + <a href="<s:property value="#adminRequestsUrl" />"><%=LanguageHelper.getGUIString("webpages.mainpage.menu.general.adminrequests", request) %></a> + </div> + </s:if> </div> </html>
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/user_list.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/user_list.jsp index c5b67cbac..a1e8530af 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/user_list.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/user_list.jsp @@ -4,7 +4,6 @@ <html> <s:if test="userlist && userlist.size > 0"> - <h3><%=LanguageHelper.getGUIString("webpages.listUsers.list.header", request) %></h3> <div id="list_area"> <div id="listHeader" class="listElement"> <div class="userListFirst"> @@ -21,12 +20,22 @@ <s:iterator var="UserElement" value="userlist"> <div class="listElement" onclick="userOA(<s:property value='userID'/>);"> - <div class="userListFirst"> - <s:property value="givenName"/> - </div> - <div class="userListSecond"> - <s:property value="familyName"/> - </div> + <s:if test="isMandateUser()"> + <div class="userListFirstSecond"> + <s:property value="institute"/> + </div> +<!-- <div class="userListSecond"> + + </div> + --> </s:if> + <s:else> + <div class="userListFirst"> + <s:property value="familyName"/> + </div> + <div class="userListSecond"> + <s:property value="givenName"/> + </div> + </s:else> <div class="userListThird"> <s:property value="userName"/> </div> diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/userfields.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/userfields.jsp new file mode 100644 index 000000000..7d28a9236 --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/userfields.jsp @@ -0,0 +1,144 @@ +<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%> +<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> +<%@ taglib prefix="s" uri="/struts-tags" %> + +<html> + <div class="oa_config_block"> + <h3><%=LanguageHelper.getGUIString("webpages.edituser.header", request) %></h3> + + <s:if test="!user.isIsmandateuser()"> + <s:textfield name="user.givenName" + value="%{user.givenName}" + labelposition="left" + key="webpages.edituser.givenname" + cssClass="textfield_long" + disabled="%{user.isPVPGenerated()}"> + </s:textfield> + <s:textfield name="user.familyName" + value="%{user.familyName}" + labelposition="left" + key="webpages.edituser.familyName" + cssClass="textfield_long" + disabled="%{user.isPVPGenerated()}"> + </s:textfield> + </s:if> + <s:textfield name="user.institut" + value="%{user.institut}" + labelposition="left" + key="webpages.edituser.institut" + cssClass="textfield_long" + disabled="%{user.isPVPGenerated() && user.isIsmandateuser()}"> + </s:textfield> + + <s:if test="authUser.isAuthenticated()"> + <div id="mail_area"> + <s:textfield name="user.mail" + value="%{user.mail}" + labelposition="left" + key="webpages.edituser.mail" + cssClass="textfield_mail"> + </s:textfield> + <input type="button" + onclick="sendVerificationMail();" + value='<%=LanguageHelper.getGUIString("webpages.edituser.verify.mail.button", request) %>' + /> + </div> + </s:if> + <s:else> + <s:textfield name="user.mail" + value="%{user.mail}" + labelposition="left" + key="webpages.edituser.mail" + cssClass="textfield_long"> + </s:textfield> + </s:else> + + + <s:textfield name="user.phone" + value="%{user.phone}" + labelposition="left" + key="webpages.edituser.phone" + cssClass="textfield_long"> + </s:textfield> + </div> + + <div class="oa_config_block"> + <h3><%=LanguageHelper.getGUIString("webpages.edituser.access.header", request) %></h3> + + <div id="usernamepassword_area"> +<%-- <s:if test="user.isIsusernamepasswordallowed()"> --%> + <s:if test="isNewUser()"> + <s:textfield name="user.username" + value="%{user.username}" + labelposition="left" + key="webpages.edituser.username" + cssClass="textfield_long" + maxlength="16"> + </s:textfield> + </s:if> + <s:else> + <s:textfield name="user.username" + value="%{user.username}" + labelposition="left" + key="webpages.edituser.username" + cssClass="textfield_long" + disabled="true" + maxlength="16"> + </s:textfield> + </s:else> + + <s:password name="user.password" + labelposition="left" + key="webpages.edituser.password" + cssClass="textfield_long" + maxlength="16"> + </s:password> + + <s:password name="user.password_second" + labelposition="left" + key="webpages.edituser.password_second" + cssClass="textfield_long" + maxlength="16"> + </s:password> + <%-- </s:if> --%> + </div> + + <s:textfield name="user.bpk" + value="%{user.bpk}" + labelposition="left" + key="webpages.edituser.bpk" + cssClass="textfield_long" + disabled="%{user.isPVPGenerated()}"> + </s:textfield> + </div> + + <s:if test="authUser.isAdmin() || user.isIsusernamepasswordallowed()"> + <div class="oa_config_block"> + <h3><%=LanguageHelper.getGUIString("webpages.edituser.role.header", request) %></h3> + <s:if test="authUser.isAdmin()"> + <s:checkbox name="user.active" + value="%{user.active}" + labelposition="left" + key="webpages.edituser.active" + cssClass="checkbox"> + </s:checkbox> + <s:checkbox name="user.admin" + value="%{user.admin}" + labelposition="left" + key="webpages.edituser.admin" + cssClass="checkbox"> + </s:checkbox> + </s:if> + <s:checkbox name="user.isusernamepasswordallowed" + value="%{user.isusernamepasswordallowed}" + labelposition="left" + key="webpages.edituser.isusernamepasswordallowed" + cssClass="checkbox" + id="isusernamepasswordallowed" + onclick="UseUserNamePassword();"> + </s:checkbox> + </div> + </s:if> + + <s:hidden name="user.userID" value="%{user.userID}"></s:hidden> +</html>
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/jsp/usermanagement.jsp b/id/ConfigWebTool/src/main/webapp/jsp/usermanagement.jsp index a29780cff..1d5d4ac12 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/usermanagement.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/usermanagement.jsp @@ -30,7 +30,8 @@ <h2><%=LanguageHelper.getGUIString("webpages.usermanagement.header", request) %></h2> <s:if test="authUser.isAdmin()"> - + + <h3><%=LanguageHelper.getGUIString("webpages.listUsers.list.header", request) %></h3> <jsp:include page="snippets/user_list.jsp"></jsp:include> <div id="list_area"> |