diff options
Diffstat (limited to 'id/server/auth/src/main/webapp/WEB-INF')
-rw-r--r-- | id/server/auth/src/main/webapp/WEB-INF/server-config.wsdd | 2 | ||||
-rw-r--r-- | id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml | 124 | ||||
-rw-r--r-- | id/server/auth/src/main/webapp/WEB-INF/web.xml | 115 |
3 files changed, 211 insertions, 30 deletions
diff --git a/id/server/auth/src/main/webapp/WEB-INF/server-config.wsdd b/id/server/auth/src/main/webapp/WEB-INF/server-config.wsdd index 0f0eb49d1..121ec3cf9 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/server-config.wsdd +++ b/id/server/auth/src/main/webapp/WEB-INF/server-config.wsdd @@ -11,7 +11,7 @@ <service name="GetAuthenticationData" provider="java:MSG">
<namespace>urn:oasis:names:tc:SAML:1.0:protocol</namespace>
<parameter name="allowedMethods" value="Request"/>
- <parameter name="className" value="at.gv.egovernment.moa.id.auth.servlet.GetAuthenticationDataService"/>
+ <parameter name="className" value="at.gv.egovernment.moa.id.protocols.saml1.GetAuthenticationDataService"/>
<wsdlFile>/resources/wsdl/MOA-ID-1.x.wsdl</wsdlFile>
<requestFlow>
</requestFlow>
diff --git a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml new file mode 100644 index 000000000..1d75053f2 --- /dev/null +++ b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml @@ -0,0 +1,124 @@ +<?xml version="1.0" encoding="utf-8"?> +<!DOCTYPE urlrewrite PUBLIC "-//tuckey.org//DTD UrlRewrite 4.0//EN" + "http://www.tuckey.org/res/dtds/urlrewrite4.0.dtd"> + +<!-- + + Configuration file for UrlRewriteFilter + http://www.tuckey.org/urlrewrite/ + +--> +<urlrewrite> + + <rule> + <note> + The rule means that requests to /test/status/ will be redirected to /rewrite-status + the url will be rewritten. + </note> + <from>/test/status/</from> + <to type="redirect">%{context-path}/rewrite-status</to> + </rule> + + <!-- Legacy Rules --> + <rule match-type="regex"> + <from>^/StartAuthentication$</from> + <to type="forward">/AuthDispatcher?mod=id_saml1&action=GetArtifact</to> + </rule> + <rule match-type="regex"> + <from>^/StartAuthentication\?(.*)$</from> + <to type="forward">/AuthDispatcher?mod=id_saml1&action=GetArtifact&$1</to> + </rule> + + <rule match-type="regex"> + <from>^/auth/([a-zA-Z0-9]+)/([a-zA-Z0-9]+)$</from> + <to type="forward">/AuthDispatcher?mod=$1&action=$2</to> + </rule> + <rule match-type="regex"> + <from>^/auth/([a-zA-Z0-9]+)/([a-zA-Z0-9]+)\?(.*)$</from> + <to type="forward">/AuthDispatcher?mod=$1&action=$2&$3</to> + </rule> + + + <outbound-rule> + <note> + The outbound-rule specifies that when response.encodeURL is called (if you are using JSTL c:url) + the url /rewrite-status will be rewritten to /test/status/. + + The above rule and this outbound-rule means that end users should never see the + url /rewrite-status only /test/status/ both in thier location bar and in hyperlinks + in your pages. + </note> + <from>/rewrite-status</from> + <to>/test/status/</to> + </outbound-rule> + + <outbound-rule> + <from>^/AuthDispatcher?mod=([a-zA-Z0-9]+)&action=([a-zA-Z0-9]+)$</from> + <to>/auth/$1/$2</to> + </outbound-rule> + + <outbound-rule> + <from>^/AuthDispatcher?mod=([a-zA-Z0-9]+)&action=([a-zA-Z0-9]+)&(.*)$</from> + <to>/auth/$1/$2&$3</to> + </outbound-rule> + + <!-- + + INSTALLATION + + in your web.xml add... + + <filter> + <filter-name>UrlRewriteFilter</filter-name> + <filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class> + <init-param> + <param-name>logLevel</param-name> + <param-value>WARN</param-value> + </init-param> + </filter> + <filter-mapping> + <filter-name>UrlRewriteFilter</filter-name> + <url-pattern>/*</url-pattern> + </filter-mapping> + + EXAMPLES + + Redirect one url + <rule> + <from>/some/old/page.html</from> + <to type="redirect">/very/new/page.html</to> + </rule> + + Redirect a directory + <rule> + <from>/some/olddir/(.*)</from> + <to type="redirect">/very/newdir/$1</to> + </rule> + + Clean a url + <rule> + <from>/products/([0-9]+)</from> + <to>/products/index.jsp?product_id=$1</to> + </rule> + eg, /products/1234 will be passed on to /products/index.jsp?product_id=1234 without the user noticing. + + Browser detection + <rule> + <condition name="user-agent">Mozilla/[1-4]</condition> + <from>/some/page.html</from> + <to>/some/page-for-old-browsers.html</to> + </rule> + eg, will pass the request for /some/page.html on to /some/page-for-old-browsers.html only for older + browsers whose user agent srtings match Mozilla/1, Mozilla/2, Mozilla/3 or Mozilla/4. + + Centralised browser detection + <rule> + <condition name="user-agent">Mozilla/[1-4]</condition> + <set type="request" name="browser">moz</set> + </rule> + eg, all requests will be checked against the condition and if matched + request.setAttribute("browser", "moz") will be called. + + --> + +</urlrewrite> diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml index 2a1d093d9..dcacce819 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/web.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/web.xml @@ -34,19 +34,19 @@ <description>Get the MIS session ID coming from security layer</description> <servlet-class>at.gv.egovernment.moa.id.auth.servlet.GetMISSessionIDServlet</servlet-class> </servlet> - + <servlet> <servlet-name>GetForeignID</servlet-name> <display-name>GetForeignID</display-name> <description>Gets the foreign eID from security layer</description> <servlet-class>at.gv.egovernment.moa.id.auth.servlet.GetForeignIDServlet</servlet-class> </servlet> - <servlet> - <servlet-name>ProcessInput</servlet-name> - <display-name>ProcessInput</display-name> - <description>Process user input needed by infobox validators</description> - <servlet-class>at.gv.egovernment.moa.id.auth.servlet.ProcessValidatorInputServlet</servlet-class> - </servlet> + <servlet> + <servlet-name>ProcessInput</servlet-name> + <display-name>ProcessInput</display-name> + <description>Process user input needed by infobox validators</description> + <servlet-class>at.gv.egovernment.moa.id.auth.servlet.ProcessValidatorInputServlet</servlet-class> + </servlet> <servlet> <servlet-name>VerifyAuthBlock</servlet-name> <display-name>VerifyAuthBlock</display-name> @@ -56,7 +56,8 @@ <servlet> <servlet-name>ConfigurationUpdate</servlet-name> <display-name>ConfigurationUpdate</display-name> - <description>Update MOA-ID Auth configuration from the configuration file</description> + <description>Update MOA-ID Auth configuration from the configuration + file</description> <servlet-class>at.gv.egovernment.moa.id.auth.servlet.ConfigurationServlet</servlet-class> </servlet> <servlet> @@ -67,28 +68,62 @@ <!-- JSP servlet --> <servlet> - <servlet-name>jspservlet</servlet-name> - <servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class> - </servlet> + <servlet-name>jspservlet</servlet-name> + <servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class> + </servlet> <servlet> <servlet-name>PEPSConnectorServlet</servlet-name> <display-name>PEPSConnectorServlet</display-name> - <description>Servlet receiving STORK SAML Response Messages from different C-PEPS</description> + <description>Servlet receiving STORK SAML Response Messages from + different C-PEPS</description> <servlet-class> - at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet</servlet-class> + at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet</servlet-class> </servlet> - + + <!-- Dispatcher servlets --> + <servlet> + <servlet-name>AuthDispatcherServlet</servlet-name> + <display-name>AuthDispatcher Servlet</display-name> + <servlet-class>at.gv.egovernment.moa.id.entrypoints.AuthDispatcherServlet</servlet-class> + <load-on-startup>1</load-on-startup> + </servlet> + <servlet> + <servlet-name>UnauthDispatcherServlet</servlet-name> + <display-name>UnauthDispatcher Servlet</display-name> + <servlet-class>at.gv.egovernment.moa.id.entrypoints.DispatcherServlet</servlet-class> + <load-on-startup>1</load-on-startup> + </servlet> + + <!-- Servlet Registration --> + <servlet> + <servlet-name>at.gv.egovernment.moa.id.protocols.saml1.GetArtifactServlet</servlet-name> + <servlet-class>at.gv.egovernment.moa.id.protocols.saml1.GetArtifactServlet</servlet-class> + </servlet> + + + + + <servlet-mapping> + <servlet-name>UnauthDispatcherServlet</servlet-name> + <url-pattern>/UnauthDispatcher</url-pattern> + </servlet-mapping> + <servlet-mapping> + <servlet-name>AuthDispatcherServlet</servlet-name> + <url-pattern>/AuthDispatcher</url-pattern> + </servlet-mapping> + + <!-- servlet mapping for jsp pages --> <!-- errorpage.jsp (customizeable) --> <servlet-mapping> - <servlet-name>jspservlet</servlet-name> - <url-pattern>/errorpage-auth.jsp</url-pattern> - </servlet-mapping> - <!-- message.jsp (customizeable) used for non error messages (e.g. ConfigurationUpdate) --> + <servlet-name>jspservlet</servlet-name> + <url-pattern>/errorpage-auth.jsp</url-pattern> + </servlet-mapping> + <!-- message.jsp (customizeable) used for non error messages (e.g. ConfigurationUpdate) --> <servlet-mapping> - <servlet-name>jspservlet</servlet-name> - <url-pattern>/message-auth.jsp</url-pattern> - </servlet-mapping> + <servlet-name>jspservlet</servlet-name> + <url-pattern>/message-auth.jsp</url-pattern> + </servlet-mapping> <servlet-mapping> <servlet-name>SelectBKU</servlet-name> @@ -96,7 +131,7 @@ </servlet-mapping> <servlet-mapping> <servlet-name>StartAuthentication</servlet-name> - <url-pattern>/StartAuthentication</url-pattern> + <url-pattern>/StartBKUAuthentication</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>VerifyIdentityLink</servlet-name> @@ -114,15 +149,15 @@ <servlet-name>GetForeignID</servlet-name> <url-pattern>/GetForeignID</url-pattern> </servlet-mapping> - + <servlet-mapping> <servlet-name>ProcessInput</servlet-name> <url-pattern>/ProcessInput</url-pattern> </servlet-mapping> - <servlet-mapping> - <servlet-name>VerifyAuthBlock</servlet-name> - <url-pattern>/VerifyAuthBlock</url-pattern> - </servlet-mapping> + <servlet-mapping> + <servlet-name>VerifyAuthBlock</servlet-name> + <url-pattern>/VerifyAuthBlock</url-pattern> + </servlet-mapping> <servlet-mapping> <servlet-name>ConfigurationUpdate</servlet-name> <url-pattern>/ConfigurationUpdate</url-pattern> @@ -135,6 +170,28 @@ <servlet-name>PEPSConnectorServlet</servlet-name> <url-pattern>/PEPSConnector</url-pattern> </servlet-mapping> + + <!-- Filters --> + <!-- <filter> <filter-name>DispatcherDecoratorFilter</filter-name> <filter-class>at.gv.egovernment.moa.id.sso.DispatcherDecoratorFilter</filter-class> + </filter> --> + + <filter> + <filter-name>UrlRewriteFilter</filter-name> + <filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class> + </filter> + + <filter-mapping> + <filter-name>UrlRewriteFilter</filter-name> + <url-pattern>/*</url-pattern> + <dispatcher>REQUEST</dispatcher> + <dispatcher>FORWARD</dispatcher> + </filter-mapping> + <!-- <filter-mapping> <filter-name>DispatcherDecoratorFilter</filter-name> + <url-pattern>/AuthDispatcher</url-pattern> <dispatcher>REQUEST</dispatcher> + <dispatcher>FORWARD</dispatcher> </filter-mapping> <filter-mapping> <filter-name>DispatcherDecoratorFilter</filter-name> + <url-pattern>/StartAuthentication</url-pattern> <dispatcher>REQUEST</dispatcher> + <dispatcher>FORWARD</dispatcher> </filter-mapping> --> + <session-config> <session-timeout>5</session-timeout> </session-config> @@ -157,8 +214,8 @@ </login-config> <security-role> <description> - The role that is required to log in to the moa Application - </description> + The role that is required to log in to the moa Application + </description> <role-name>moa-admin</role-name> </security-role> </web-app> |