diff options
Diffstat (limited to 'id/server/auth/src/main/webapp/WEB-INF')
-rw-r--r-- | id/server/auth/src/main/webapp/WEB-INF/server-config.wsdd | 2 | ||||
-rw-r--r-- | id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml | 71 | ||||
-rw-r--r-- | id/server/auth/src/main/webapp/WEB-INF/web.xml | 160 |
3 files changed, 194 insertions, 39 deletions
diff --git a/id/server/auth/src/main/webapp/WEB-INF/server-config.wsdd b/id/server/auth/src/main/webapp/WEB-INF/server-config.wsdd index 0f0eb49d1..121ec3cf9 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/server-config.wsdd +++ b/id/server/auth/src/main/webapp/WEB-INF/server-config.wsdd @@ -11,7 +11,7 @@ <service name="GetAuthenticationData" provider="java:MSG">
<namespace>urn:oasis:names:tc:SAML:1.0:protocol</namespace>
<parameter name="allowedMethods" value="Request"/>
- <parameter name="className" value="at.gv.egovernment.moa.id.auth.servlet.GetAuthenticationDataService"/>
+ <parameter name="className" value="at.gv.egovernment.moa.id.protocols.saml1.GetAuthenticationDataService"/>
<wsdlFile>/resources/wsdl/MOA-ID-1.x.wsdl</wsdlFile>
<requestFlow>
</requestFlow>
diff --git a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml new file mode 100644 index 000000000..d33cae207 --- /dev/null +++ b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml @@ -0,0 +1,71 @@ +<?xml version="1.0" encoding="utf-8"?> +<!DOCTYPE urlrewrite PUBLIC "-//tuckey.org//DTD UrlRewrite 4.0//EN" + "http://www.tuckey.org/res/dtds/urlrewrite4.0.dtd"> + +<!-- Configuration file for UrlRewriteFilter http://www.tuckey.org/urlrewrite/ --> +<urlrewrite> + + <rule> + <note> + The rule means that requests to /test/status/ will be redirected to + /rewrite-status + the url will be rewritten. + </note> + <from>/test/status/</from> + <to type="redirect">%{context-path}/rewrite-status</to> + </rule> + + <!-- Legacy Rules --> + <rule match-type="regex"> + <from>^/StartAuthentication$</from> + <to type="forward">/dispatcher?mod=id_saml1&action=GetArtifact</to> + </rule> + <rule match-type="regex"> + <from>^/StartAuthentication\?(.*)$</from> + <to type="forward">/dispatcher?mod=id_saml1&action=GetArtifact&$1</to> + </rule> + + <rule match-type="regex"> + <from>^/auth/([a-zA-Z0-9]+)/([a-zA-Z0-9]+)$</from> + <to type="forward">/dispatcher?mod=$1&action=$2</to> + </rule> + <rule match-type="regex"> + <from>^/auth/([a-zA-Z0-9]+)/([a-zA-Z0-9]+)\?(.*)$</from> + <to type="forward">/dispatcher?mod=$1&action=$2&$3</to> + </rule> + + + <rule match-type="regex"> + <from>^/pvp2/metadata$</from> + <to type="forward">/dispatcher?mod=id_pvp2x&action=Metadata&%{query-string}</to> + </rule> + <rule match-type="regex"> + <from>^/pvp2/redirect$</from> + <to type="forward">/dispatcher?mod=id_pvp2x&action=Redirect&%{query-string}</to> + </rule> + <rule match-type="regex"> + <from>^/pvp2/post$</from> + <to type="forward">/dispatcher?mod=id_pvp2x&action=Post&%{query-string}</to> + </rule> + <rule match-type="regex"> + <from>^/PVP2Soap$</from> + <to type="forward">/dispatcher?mod=id_pvp2x&action=Soap</to> + </rule> + + <outbound-rule> + <note> + The outbound-rule specifies that when response.encodeURL is called (if + you are using JSTL c:url) + the url /rewrite-status will be rewritten to /test/status/. + + The above rule and this outbound-rule means that end users should never + see the + url /rewrite-status only /test/status/ both in thier location bar and in + hyperlinks + in your pages. + </note> + <from>/rewrite-status</from> + <to>/test/status/</to> + </outbound-rule> + +</urlrewrite> diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml index 2a1d093d9..e47fe26e2 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/web.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/web.xml @@ -3,18 +3,34 @@ <web-app> <display-name>MOA ID Auth</display-name> <description>MOA ID Authentication Service</description> - <servlet> +<!-- <servlet> <servlet-name>SelectBKU</servlet-name> <display-name>SelectBKU</display-name> <description>Select Bürgerkartenartenumgebung</description> <servlet-class>at.gv.egovernment.moa.id.auth.servlet.SelectBKUServlet</servlet-class> + </servlet> --> + <servlet> + <servlet-name>GenerateIframeTemplate</servlet-name> + <display-name>GenerateIframeTemplate</display-name> + <description>Generate BKU Request template</description> + <servlet-class>at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet</servlet-class> </servlet> <servlet> - <servlet-name>StartAuthentication</servlet-name> - <display-name>StartAuthentication</display-name> - <description>Start authentication process</description> - <servlet-class>at.gv.egovernment.moa.id.auth.servlet.StartAuthenticationServlet</servlet-class> - <load-on-startup>0</load-on-startup> + <servlet-name>RedirectServlet</servlet-name> + <display-name>RedirectServlet</display-name> + <servlet-class>at.gv.egovernment.moa.id.auth.servlet.RedirectServlet</servlet-class> + </servlet> + <servlet> + <servlet-name>SSOSendAssertionServlet</servlet-name> + <display-name>SSOSendAssertionServlet</display-name> + <servlet-class>at.gv.egovernment.moa.id.auth.servlet.SSOSendAssertionServlet</servlet-class> + </servlet> + <servlet> + <servlet-name>LogOut</servlet-name> + <display-name>LogOut</display-name> + <description>SSO LogOut</description> + <servlet-class>at.gv.egovernment.moa.id.auth.servlet.LogOutServlet</servlet-class> + <load-on-startup>1</load-on-startup> </servlet> <servlet> <servlet-name>VerifyIdentityLink</servlet-name> @@ -34,19 +50,19 @@ <description>Get the MIS session ID coming from security layer</description> <servlet-class>at.gv.egovernment.moa.id.auth.servlet.GetMISSessionIDServlet</servlet-class> </servlet> - + <servlet> <servlet-name>GetForeignID</servlet-name> <display-name>GetForeignID</display-name> <description>Gets the foreign eID from security layer</description> <servlet-class>at.gv.egovernment.moa.id.auth.servlet.GetForeignIDServlet</servlet-class> </servlet> - <servlet> - <servlet-name>ProcessInput</servlet-name> - <display-name>ProcessInput</display-name> - <description>Process user input needed by infobox validators</description> - <servlet-class>at.gv.egovernment.moa.id.auth.servlet.ProcessValidatorInputServlet</servlet-class> - </servlet> +<!-- <servlet> + <servlet-name>ProcessInput</servlet-name> + <display-name>ProcessInput</display-name> + <description>Process user input needed by infobox validators</description> + <servlet-class>at.gv.egovernment.moa.id.auth.servlet.ProcessValidatorInputServlet</servlet-class> + </servlet> --> <servlet> <servlet-name>VerifyAuthBlock</servlet-name> <display-name>VerifyAuthBlock</display-name> @@ -56,7 +72,8 @@ <servlet> <servlet-name>ConfigurationUpdate</servlet-name> <display-name>ConfigurationUpdate</display-name> - <description>Update MOA-ID Auth configuration from the configuration file</description> + <description>Update MOA-ID Auth configuration from the configuration + file</description> <servlet-class>at.gv.egovernment.moa.id.auth.servlet.ConfigurationServlet</servlet-class> </servlet> <servlet> @@ -67,36 +84,82 @@ <!-- JSP servlet --> <servlet> - <servlet-name>jspservlet</servlet-name> - <servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class> - </servlet> + <servlet-name>jspservlet</servlet-name> + <servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class> + </servlet> <servlet> <servlet-name>PEPSConnectorServlet</servlet-name> <display-name>PEPSConnectorServlet</display-name> - <description>Servlet receiving STORK SAML Response Messages from different C-PEPS</description> + <description>Servlet receiving STORK SAML Response Messages from + different C-PEPS</description> <servlet-class> - at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet</servlet-class> + at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet</servlet-class> + </servlet> + + <!-- Dispatcher servlets + <servlet> + <servlet-name>AuthDispatcherServlet</servlet-name> + <display-name>AuthDispatcher Servlet</display-name> + <servlet-class>at.gv.egovernment.moa.id.entrypoints.AuthDispatcherServlet</servlet-class> + <load-on-startup>1</load-on-startup> + </servlet>--> + <servlet> + <servlet-name>DispatcherServlet</servlet-name> + <display-name>Dispatcher Servlet</display-name> + <servlet-class>at.gv.egovernment.moa.id.entrypoints.DispatcherServlet</servlet-class> + <load-on-startup>1</load-on-startup> + </servlet> + + <!-- Servlet Registration --> + <servlet> + <servlet-name>at.gv.egovernment.moa.id.protocols.saml1.GetArtifactServlet</servlet-name> + <servlet-class>at.gv.egovernment.moa.id.protocols.saml1.GetArtifactServlet</servlet-class> </servlet> - + + + + + <servlet-mapping> + <servlet-name>DispatcherServlet</servlet-name> + <url-pattern>/dispatcher</url-pattern> + </servlet-mapping> + <!-- servlet-mapping> + <servlet-name>AuthDispatcherServlet</servlet-name> + <url-pattern>/AuthDispatcher</url-pattern> + </servlet-mapping --> + + <!-- servlet mapping for jsp pages --> <!-- errorpage.jsp (customizeable) --> <servlet-mapping> - <servlet-name>jspservlet</servlet-name> - <url-pattern>/errorpage-auth.jsp</url-pattern> - </servlet-mapping> - <!-- message.jsp (customizeable) used for non error messages (e.g. ConfigurationUpdate) --> + <servlet-name>jspservlet</servlet-name> + <url-pattern>/errorpage-auth.jsp</url-pattern> + </servlet-mapping> + <!-- message.jsp (customizeable) used for non error messages (e.g. ConfigurationUpdate) --> <servlet-mapping> - <servlet-name>jspservlet</servlet-name> - <url-pattern>/message-auth.jsp</url-pattern> - </servlet-mapping> + <servlet-name>jspservlet</servlet-name> + <url-pattern>/message-auth.jsp</url-pattern> + </servlet-mapping> - <servlet-mapping> +<!-- <servlet-mapping> <servlet-name>SelectBKU</servlet-name> <url-pattern>/SelectBKU</url-pattern> + </servlet-mapping> --> + <servlet-mapping> + <servlet-name>GenerateIframeTemplate</servlet-name> + <url-pattern>/GenerateIframeTemplate</url-pattern> + </servlet-mapping> + <servlet-mapping> + <servlet-name>RedirectServlet</servlet-name> + <url-pattern>/RedirectServlet</url-pattern> </servlet-mapping> <servlet-mapping> - <servlet-name>StartAuthentication</servlet-name> - <url-pattern>/StartAuthentication</url-pattern> + <servlet-name>SSOSendAssertionServlet</servlet-name> + <url-pattern>/SSOSendAssertionServlet</url-pattern> + </servlet-mapping> + <servlet-mapping> + <servlet-name>LogOut</servlet-name> + <url-pattern>/LogOut</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>VerifyIdentityLink</servlet-name> @@ -114,15 +177,16 @@ <servlet-name>GetForeignID</servlet-name> <url-pattern>/GetForeignID</url-pattern> </servlet-mapping> - - <servlet-mapping> + +<!-- <servlet-mapping> <servlet-name>ProcessInput</servlet-name> <url-pattern>/ProcessInput</url-pattern> + </servlet-mapping> --> + + <servlet-mapping> + <servlet-name>VerifyAuthBlock</servlet-name> + <url-pattern>/VerifyAuthBlock</url-pattern> </servlet-mapping> - <servlet-mapping> - <servlet-name>VerifyAuthBlock</servlet-name> - <url-pattern>/VerifyAuthBlock</url-pattern> - </servlet-mapping> <servlet-mapping> <servlet-name>ConfigurationUpdate</servlet-name> <url-pattern>/ConfigurationUpdate</url-pattern> @@ -135,6 +199,26 @@ <servlet-name>PEPSConnectorServlet</servlet-name> <url-pattern>/PEPSConnector</url-pattern> </servlet-mapping> + + <!-- Filters --> + <!-- <filter> <filter-name>DispatcherDecoratorFilter</filter-name> <filter-class>at.gv.egovernment.moa.id.sso.DispatcherDecoratorFilter</filter-class> + </filter> --> + + <filter> + <filter-name>UrlRewriteFilter</filter-name> + <filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class> + </filter> + + <filter-mapping> + <filter-name>UrlRewriteFilter</filter-name> + <url-pattern>/*</url-pattern> + </filter-mapping> + <!-- <filter-mapping> <filter-name>DispatcherDecoratorFilter</filter-name> + <url-pattern>/AuthDispatcher</url-pattern> <dispatcher>REQUEST</dispatcher> + <dispatcher>FORWARD</dispatcher> </filter-mapping> <filter-mapping> <filter-name>DispatcherDecoratorFilter</filter-name> + <url-pattern>/StartAuthentication</url-pattern> <dispatcher>REQUEST</dispatcher> + <dispatcher>FORWARD</dispatcher> </filter-mapping> --> + <session-config> <session-timeout>5</session-timeout> </session-config> @@ -157,8 +241,8 @@ </login-config> <security-role> <description> - The role that is required to log in to the moa Application - </description> + The role that is required to log in to the moa Application + </description> <role-name>moa-admin</role-name> </security-role> </web-app> |