diff options
Diffstat (limited to 'id/ConfigWebTool')
3 files changed, 10 insertions, 14 deletions
diff --git a/id/ConfigWebTool/pom.xml b/id/ConfigWebTool/pom.xml index 51bb941a4..71893fca2 100644 --- a/id/ConfigWebTool/pom.xml +++ b/id/ConfigWebTool/pom.xml @@ -92,10 +92,10 @@ <artifactId>moa-id-module-openID</artifactId> </dependency> - <dependency> +<!-- <dependency> <groupId>MOA.id.server.modules</groupId> <artifactId>moa-id-module-stork</artifactId> - </dependency> + </dependency> --> <dependency> <groupId>org.apache.commons</groupId> @@ -170,10 +170,6 @@ <groupId>xalan</groupId> <artifactId>*</artifactId> </exclusion> - <exclusion> - <groupId>org.bouncycastle</groupId> - <artifactId>bcprov-jdk15on</artifactId> - </exclusion> </exclusions> </dependency> <dependency> @@ -188,10 +184,6 @@ </exclusion> </exclusions> </dependency> - <dependency> - <groupId>org.bouncycastle</groupId> - <artifactId>bcprov-jdk16</artifactId> - </dependency> <dependency> <groupId>javax.mail</groupId> diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java index d26fe8a89..3fad65fe5 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java @@ -41,7 +41,7 @@ import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.validation.oa.OASTORKConfigValidation; -import at.gv.egovernment.moa.id.protocols.stork2.AttributeProviderFactory; +//import at.gv.egovernment.moa.id.protocols.stork2.AttributeProviderFactory; public class OASTORKConfig implements IOnlineApplicationData{ @@ -293,7 +293,10 @@ public class OASTORKConfig implements IOnlineApplicationData{ } public List<String> getAvailableAttributeProviderPlugins() { - return AttributeProviderFactory.getAvailablePlugins(); + //TODO: remove in final version + + return new ArrayList<String>(); + //return AttributeProviderFactory.getAvailablePlugins(); } public List<AttributeProviderPlugin> getAttributeProviderPlugins() { diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java index b69d37d57..b73859d81 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java @@ -90,12 +90,13 @@ public class StorkConfigValidator { // check attributes if (MiscUtil.isNotEmpty(form.getAttributes())) { for(StorkAttribute check : form.getAttributes()) { - if (ValidationHelper.containsPotentialCSSCharacter(check.getName(), true)) { + String tmp = check.getName().replace("eidas/attributes/", ""); // since eIDaS attributes come with a "/", we need to exclude them from validation. TODO Or should we require the admin to escape them in the UI? + if (ValidationHelper.containsPotentialCSSCharacter(tmp, true)) { log.warn("default attributes contains potentail XSS characters: " + check); errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes", new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}, request )); } - if(!check.getName().toLowerCase().matches("^[a-z0-9]*$")) { + if(!tmp.toLowerCase().matches("^[A-Za-z]*$")) { log.warn("default attributes do not match the requested format : " + check); errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes", new Object[] {check}, request )); |