aboutsummaryrefslogtreecommitdiff
path: root/id/server/auth
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/auth')
-rw-r--r--id/server/auth/pom.xml43
-rw-r--r--id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml28
-rw-r--r--id/server/auth/src/main/webapp/WEB-INF/server-config.wsdd29
-rw-r--r--id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml124
-rw-r--r--id/server/auth/src/main/webapp/WEB-INF/web.xml141
-rw-r--r--id/server/auth/src/main/webapp/errorpage-auth.jsp50
6 files changed, 46 insertions, 369 deletions
diff --git a/id/server/auth/pom.xml b/id/server/auth/pom.xml
index 96f51666f..f7b2731fe 100644
--- a/id/server/auth/pom.xml
+++ b/id/server/auth/pom.xml
@@ -92,15 +92,6 @@
<!-- we need Axis 1.1 here, 1.0 is included in SPSS -->
<dependency>
- <groupId>axis</groupId>
- <artifactId>axis</artifactId>
- </dependency>
- <dependency>
- <groupId>org.tuckey</groupId>
- <artifactId>urlrewritefilter</artifactId>
- <version>4.0.4</version>
- </dependency>
- <dependency>
<groupId>MOA.spss.server</groupId>
<artifactId>moa-spss-lib</artifactId>
<exclusions>
@@ -109,13 +100,13 @@
<groupId>iaik</groupId>
</exclusion>
<exclusion>
- <artifactId>axis-wsdl4j</artifactId>
- <groupId>axis</groupId>
- </exclusion>
- <exclusion>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
</exclusion>
+ <exclusion>
+ <artifactId>axis-wsdl4j</artifactId>
+ <groupId>axis</groupId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
@@ -130,20 +121,20 @@
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
</exclusion>
+ <exclusion>
+ <artifactId>axis</artifactId>
+ <groupId>axis</groupId>
+ </exclusion>
</exclusions>
</dependency>
- <dependency>
- <groupId>eu.stork</groupId>
- <artifactId>oasis-dss-api</artifactId>
- <version>1.0.0-RELEASE</version>
- </dependency>
-
- <!-- Adding stork module dependency automatically adds stork capabilities. -->
+
+ <!-- Adding eIDAS module dependency automatically adds eIDAS protocol capabilities. -->
<dependency>
<groupId>MOA.id.server.modules</groupId>
- <artifactId>moa-id-module-stork</artifactId>
+ <artifactId>moa-id-module-eIDAS</artifactId>
</dependency>
+
<!-- Adding monitoring module dependency automatically adds monitoring capabilities. -->
<dependency>
<groupId>MOA.id.server.modules</groupId>
@@ -161,11 +152,21 @@
<artifactId>moa-id-module-openID</artifactId>
</dependency>
+<!-- <dependency>
+ <groupId>MOA.id.server.modules</groupId>
+ <artifactId>moa-id-module-pvp2</artifactId>
+ </dependency> -->
+
<dependency>
<groupId>MOA.id.server.modules</groupId>
<artifactId>moa-id-modul-citizencard_authentication</artifactId>
</dependency>
+ <dependency>
+ <groupId>MOA.id.server.modules</groupId>
+ <artifactId>moa-id-modules-federated_authentication</artifactId>
+ </dependency>
+
<!-- transitive dependencies we don't want to include into the war -->
<dependency>
<groupId>iaik.prod</groupId>
diff --git a/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml b/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml
index a3f834457..da5bf98ab 100644
--- a/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml
+++ b/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml
@@ -2,19 +2,39 @@
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
- xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
- http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
+ xmlns:mvc="http://www.springframework.org/schema/mvc"
+ xsi:schemaLocation="
+ http://www.springframework.org/schema/beans
+ http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/context
+ http://www.springframework.org/schema/context/spring-context.xsd
+ http://www.springframework.org/schema/mvc
+ http://www.springframework.org/schema/mvc/spring-mvc.xsd
+ http://www.springframework.org/schema/tx
+ http://www.springframework.org/schema/tx/spring-tx.xsd
+ "
+>
<context:annotation-config />
+ <context:component-scan base-package="at.gv.egovernment.moa.id.auth.servlet" />
+ <context:component-scan base-package="at.gv.egovernment.moa.id.protocols" />
+
+ <mvc:annotation-driven />
+
+ <mvc:default-servlet-handler/>
+
+ <mvc:interceptors>
+ <bean class="at.gv.egovernment.moa.id.auth.servlet.interceptor.WebFrontEndSecurityInterceptor" />
+ <bean class="at.gv.egovernment.moa.id.auth.servlet.interceptor.UniqueSessionIdentifierInterceptor" />
+ </mvc:interceptors>
+
<bean id="processEngine" class="at.gv.egovernment.moa.id.process.ProcessEngineImpl">
<property name="transitionConditionExpressionEvaluator">
<bean class="at.gv.egovernment.moa.id.process.springweb.SpringWebExpressionEvaluator" />
</property>
</bean>
- <bean id="authenticationManager" class="at.gv.egovernment.moa.id.moduls.AuthenticationManager" factory-method="getInstance" />
-
<!-- import auth modules -->
<import resource="classpath*:**/*.authmodule.beans.xml" />
diff --git a/id/server/auth/src/main/webapp/WEB-INF/server-config.wsdd b/id/server/auth/src/main/webapp/WEB-INF/server-config.wsdd
deleted file mode 100644
index 121ec3cf9..000000000
--- a/id/server/auth/src/main/webapp/WEB-INF/server-config.wsdd
+++ /dev/null
@@ -1,29 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<deployment name="defaultClientConfig"
- xmlns="http://xml.apache.org/axis/wsdd/"
- xmlns:java="http://xml.apache.org/axis/wsdd/providers/java"
- xmlns:handler="http://xml.apache.org/axis/wsdd/providers/handler">
-
- <handler name="URLMapper" type="java:org.apache.axis.handlers.http.URLMapper"/>
- <handler name="MsgDispatcher" type="java:org.apache.axis.providers.java.MsgProvider"/>
- <handler name="HTTPAuthHandler" type="java:org.apache.axis.handlers.http.HTTPAuthHandler"/>
-
- <service name="GetAuthenticationData" provider="java:MSG">
- <namespace>urn:oasis:names:tc:SAML:1.0:protocol</namespace>
- <parameter name="allowedMethods" value="Request"/>
- <parameter name="className" value="at.gv.egovernment.moa.id.protocols.saml1.GetAuthenticationDataService"/>
- <wsdlFile>/resources/wsdl/MOA-ID-1.x.wsdl</wsdlFile>
- <requestFlow>
- </requestFlow>
- <responseFlow>
- </responseFlow>
- </service>
-
- <transport name="http">
- <requestFlow>
- <handler type="URLMapper"/>
- <handler type="HTTPAuthHandler"/>
- </requestFlow>
- </transport>
-
-</deployment>
diff --git a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml
deleted file mode 100644
index 8f01ca22b..000000000
--- a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml
+++ /dev/null
@@ -1,124 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!DOCTYPE urlrewrite PUBLIC "-//tuckey.org//DTD UrlRewrite 4.0//EN"
- "http://www.tuckey.org/res/dtds/urlrewrite4.0.dtd">
-
-<!-- Configuration file for UrlRewriteFilter http://www.tuckey.org/urlrewrite/ -->
-<urlrewrite>
-
- <rule>
- <note>
- The rule means that requests to /test/status/ will be redirected to
- /rewrite-status
- the url will be rewritten.
- </note>
- <from>/test/status/</from>
- <to type="redirect">%{context-path}/rewrite-status</to>
- </rule>
-
- <!-- Legacy Rules -->
- <rule match-type="regex">
- <from>^/StartAuthentication$</from>
- <to type="forward">/dispatcher?mod=id_saml1&amp;action=GetArtifact</to>
- </rule>
- <rule match-type="regex">
- <from>^/StartAuthentication\?(.*)$</from>
- <to type="forward">/dispatcher?mod=id_saml1&amp;action=GetArtifact&amp;$1</to>
- </rule>
-
- <rule match-type="regex">
- <from>^/auth/([a-zA-Z0-9]+)/([a-zA-Z0-9]+)$</from>
- <to type="forward">/dispatcher?mod=$1&amp;action=$2</to>
- </rule>
- <rule match-type="regex">
- <from>^/auth/([a-zA-Z0-9]+)/([a-zA-Z0-9]+)\?(.*)$</from>
- <to type="forward">/dispatcher?mod=$1&amp;action=$2&amp;$3</to>
- </rule>
-
-
- <rule match-type="regex">
- <from>^/pvp2/metadata$</from>
- <to type="forward">/dispatcher?mod=id_pvp2x&amp;action=Metadata&amp;%{query-string}</to>
- </rule>
- <rule match-type="regex">
- <from>^/pvp2/redirect$</from>
- <to type="forward">/dispatcher?mod=id_pvp2x&amp;action=Redirect&amp;endpointtype=idp&amp;%{query-string}</to>
- </rule>
- <rule match-type="regex">
- <from>^/pvp2/post$</from>
- <to type="forward">/dispatcher?mod=id_pvp2x&amp;action=Post&amp;endpointtype=idp&amp;%{query-string}</to>
- </rule>
- <rule match-type="regex">
- <from>^/pvp2/Soap$</from>
- <to type="forward">/dispatcher?mod=id_pvp2x&amp;action=Soap&amp;endpointtype=idp</to>
- </rule>
- <rule match-type="regex">
- <from>^/pvp2/attributequery$</from>
- <to type="forward">/dispatcher?mod=id_pvp2x&amp;action=AttributeQuery&amp;endpointtype=idp</to>
- </rule>
- <rule match-type="regex">
- <from>^/pvp2/sp/redirect$</from>
- <to type="forward">/dispatcher?mod=id_pvp2x&amp;action=Redirect&amp;endpointtype=sp&amp;%{query-string}</to>
- </rule>
- <rule match-type="regex">
- <from>^/pvp2/sp/post$</from>
- <to type="forward">/dispatcher?mod=id_pvp2x&amp;action=Post&amp;endpointtype=sp&amp;%{query-string}</to>
- </rule>
-
-
- <rule match-type="regex">
- <from>^/stork2/StartAuthentication$</from>
- <to type="forward">/dispatcher?mod=id_stork2&amp;action=AuthenticationRequest&amp;%{query-string}</to>
- </rule>
- <rule match-type="regex">
- <from>^/stork2/ResumeAuthentication$</from>
- <to type="forward">/dispatcher?mod=id_stork2&amp;action=AttributeCollector&amp;%{query-string}</to>
- </rule>
- <rule match-type="regex">
- <from>^/stork2/GetConsent$</from>
- <to type="forward">/dispatcher?mod=id_stork2&amp;action=ConsentEvaluator&amp;%{query-string}</to>
- </rule>
- <rule match-type="regex">
- <from>^/stork2/SendPEPSAuthnRequest$</from>
- <to type="forward">/dispatcher?mod=id_stork2&amp;action=AuthenticationRequest&amp;%{query-string}</to>
- </rule>
- <rule match-type="regex">
- <from>^/stork2/ServiceProvider$</from>
- <to type="forward">/dispatcher?mod=id_stork2&amp;action=AuthenticationRequest&amp;%{query-string}</to>
- </rule>
- <rule match-type="regex">
- <from>^/stork2/SendPEPSAuthnRequestWithoutSignedDoc$</from>
- <to type="forward">/dispatcher?mod=id_stork2&amp;action=AuthenticationRequest1&amp;%{query-string}</to>
- </rule>
- <rule match-type="regex">
- <from>^/stork2/RetrieveMandate$</from>
- <to type="forward">/dispatcher?mod=id_stork2&amp;action=MandateRetrievalRequest&amp;%{query-string}</to>
- </rule>
-
-
- <rule match-type="regex">
- <from>^/oauth2/auth\\?(.*)$</from>
- <to type="forward">/dispatcher?mod=id_oauth20&amp;action=AUTH&amp;%{query-string}</to>
- </rule>
- <rule match-type="regex">
- <from>^/oauth2/token\\?(.*)$</from>
- <to type="forward">/dispatcher?mod=id_oauth20&amp;action=TOKEN&amp;%{query-string}</to>
- </rule>
-
-
- <outbound-rule>
- <note>
- The outbound-rule specifies that when response.encodeURL is called (if
- you are using JSTL c:url)
- the url /rewrite-status will be rewritten to /test/status/.
-
- The above rule and this outbound-rule means that end users should never
- see the
- url /rewrite-status only /test/status/ both in thier location bar and in
- hyperlinks
- in your pages.
- </note>
- <from>/rewrite-status</from>
- <to>/test/status/</to>
- </outbound-rule>
-
-</urlrewrite>
diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml
index 5afc0dee7..af1603621 100644
--- a/id/server/auth/src/main/webapp/WEB-INF/web.xml
+++ b/id/server/auth/src/main/webapp/WEB-INF/web.xml
@@ -5,11 +5,6 @@
<display-name>MOA ID Auth</display-name>
<description>MOA ID Authentication Service</description>
- <!-- bootstrap loader for spring framework -->
- <listener>
- <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
- </listener>
-
<filter>
<filter-name>characterEncodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
@@ -27,142 +22,6 @@
<url-pattern>/*</url-pattern>
</filter-mapping>
- <!-- exposes request and response to the current thread -->
- <filter>
- <filter-name>requestContextFilter</filter-name>
- <filter-class>org.springframework.web.filter.RequestContextFilter</filter-class>
- </filter>
- <filter-mapping>
- <filter-name>requestContextFilter</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
-
- <filter>
- <filter-name>UrlRewriteFilter</filter-name>
- <filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class>
- </filter>
- <filter-mapping>
- <filter-name>UrlRewriteFilter</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
-
- <servlet>
- <description>Generate BKU Request template</description>
- <display-name>GenerateIframeTemplate</display-name>
- <servlet-name>GenerateIframeTemplate</servlet-name>
- <servlet-class>at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet</servlet-class>
- </servlet>
- <servlet-mapping>
- <servlet-name>GenerateIframeTemplate</servlet-name>
- <url-pattern>/GenerateIframeTemplate</url-pattern>
- </servlet-mapping>
-
- <servlet>
- <display-name>RedirectServlet</display-name>
- <servlet-name>RedirectServlet</servlet-name>
- <servlet-class>at.gv.egovernment.moa.id.auth.servlet.RedirectServlet</servlet-class>
- </servlet>
- <servlet-mapping>
- <servlet-name>RedirectServlet</servlet-name>
- <url-pattern>/RedirectServlet</url-pattern>
- </servlet-mapping>
-
- <!-- automatically registered by module 'moa-id-module-monitoring' using @WebServlet annotation -->
- <!--
- <servlet>
- <display-name>MonitoringServlet</display-name>
- <servlet-name>MonitoringServlet</servlet-name>
- <servlet-class>at.gv.egovernment.moa.id.auth.servlet.MonitoringServlet</servlet-class>
- </servlet>
- <servlet-mapping>
- <servlet-name>MonitoringServlet</servlet-name>
- <url-pattern>/MonitoringServlet</url-pattern>
- </servlet-mapping>
- -->
-
- <servlet>
- <display-name>SSOSendAssertionServlet</display-name>
- <servlet-name>SSOSendAssertionServlet</servlet-name>
- <servlet-class>at.gv.egovernment.moa.id.auth.servlet.SSOSendAssertionServlet</servlet-class>
- </servlet>
- <servlet-mapping>
- <servlet-name>SSOSendAssertionServlet</servlet-name>
- <url-pattern>/SSOSendAssertionServlet</url-pattern>
- </servlet-mapping>
-
- <servlet>
- <description>SSO LogOut</description>
- <display-name>LogOut</display-name>
- <servlet-name>LogOut</servlet-name>
- <servlet-class>at.gv.egovernment.moa.id.auth.servlet.LogOutServlet</servlet-class>
- </servlet>
- <servlet-mapping>
- <servlet-name>LogOut</servlet-name>
- <url-pattern>/LogOut</url-pattern>
- </servlet-mapping>
-
- <servlet>
- <description>IDP Single LogOut Service</description>
- <display-name>IDP-SLO</display-name>
- <servlet-name>IDPSLO</servlet-name>
- <servlet-class>at.gv.egovernment.moa.id.auth.servlet.IDPSingleLogOutServlet</servlet-class>
- </servlet>
- <servlet-mapping>
- <servlet-name>IDPSLO</servlet-name>
- <url-pattern>/idpSingleLogout</url-pattern>
- </servlet-mapping>
-
- <servlet>
- <display-name>Apache-Axis Servlet</display-name>
- <servlet-name>AxisServlet</servlet-name>
- <servlet-class>org.apache.axis.transport.http.AxisServlet</servlet-class>
- </servlet>
- <servlet-mapping>
- <servlet-name>AxisServlet</servlet-name>
- <url-pattern>/services/*</url-pattern>
- </servlet-mapping>
-
- <servlet>
- <display-name>Dispatcher Servlet</display-name>
- <servlet-name>DispatcherServlet</servlet-name>
- <servlet-class>at.gv.egovernment.moa.id.entrypoints.DispatcherServlet</servlet-class>
- <load-on-startup>1</load-on-startup>
- </servlet>
- <servlet-mapping>
- <servlet-name>DispatcherServlet</servlet-name>
- <url-pattern>/dispatcher</url-pattern>
- </servlet-mapping>
-
- <servlet>
- <description>Resumes a suspended process task.</description>
- <display-name>ProcessEngineSignal</display-name>
- <servlet-name>ProcessEngineSignal</servlet-name>
- <servlet-class>at.gv.egovernment.moa.id.auth.servlet.ProcessEngineSignalServlet</servlet-class>
- </servlet>
- <servlet-mapping>
- <!-- do not change this servlet-name -->
- <servlet-name>ProcessEngineSignal</servlet-name>
-
- <!-- Use this url-pattern in order to signal the next (asynchronous) task. -->
- <url-pattern>/signalProcess</url-pattern>
-
- <!-- legacy url patterns for asynchronous tasks (internal default module/processes) -->
- <url-pattern>/GetMISSessionID</url-pattern>
- <url-pattern>/GetForeignID</url-pattern>
- <url-pattern>/VerifyAuthBlock</url-pattern>
- <url-pattern>/VerifyCertificate</url-pattern>
- <url-pattern>/VerifyIdentityLink</url-pattern>
-
- <!--
- STORK servlet mappings; automatically registered by the stork module;
- refer to at.gv.egovernment.moa.id.auth.modules.stork.STORKWebApplicationInitializer
- -->
- <!--
- <url-pattern>/PEPSConnectorWithLocalSigning</url-pattern>
- <url-pattern>/PEPSConnector</url-pattern>
- -->
- </servlet-mapping>
-
<session-config>
<session-timeout>5</session-timeout>
</session-config>
diff --git a/id/server/auth/src/main/webapp/errorpage-auth.jsp b/id/server/auth/src/main/webapp/errorpage-auth.jsp
deleted file mode 100644
index 07f3e7f69..000000000
--- a/id/server/auth/src/main/webapp/errorpage-auth.jsp
+++ /dev/null
@@ -1,50 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
-<%@ page contentType="text/html; charset=UTF-8" %>
-<html>
-<head>
-<title>Ein Fehler ist aufgetreten</title>
-</head>
-<% Throwable exceptionThrown = (Throwable)request.getAttribute("ExceptionThrown");
- String errorMessage = (String)request.getAttribute("ErrorMessage");
- String wrongParameters = (String)request.getAttribute("WrongParameters");
-%>
-
-<body>
-<h1>Fehler bei der Anmeldung</h1>
-<p>Bei der Anmeldung ist ein Fehler aufgetreten.</p>
-
-<% if (errorMessage != null) { %>
-<p>
-<%= errorMessage%><br>
-</p>
-<% } %>
-<% if (exceptionThrown != null) { %>
-<p>
-<%= exceptionThrown.getMessage()%>
-</p>
-<% } %>
-<% if (wrongParameters != null) { %>
-<p>Die Angabe der Parameter ist unvollst&auml;ndig.<br></p>
-<b> <%= wrongParameters %> </b><br>
-<p>
- Beispiele f&uuml;r korrekte Links zur MOA-ID Authentisierung sind:
-</p>
-<p>
-<tt>&lt;a href="https://&lt;MOA-URL&gt;/StartAuthentication?Target=&lt;Gesch&auml;ftsbereich&gt;&amp;OA=&lt;OA-URL&gt;&amp;Template=&lt;Template-URL&gt;&quot;&gt;</tt>
-</p>
-<p>
-<tt>&lt;a href="https://&lt;MOA-URL&gt;/SelectBKU?Target=&lt;Gesch&auml;ftsbereich&gt;&amp;OA=&lt;OA-URL&gt;&amp;Template=&lt;Template-URL&gt;&amp;BKUSelectionTemplate=&lt;BKU-Template-URL&gt;&quot;&gt;</tt>
-</p>
-<p>
-Im Falle einer Applikation aus dem privatwirtschaftlichen Bereich (type="businessService") entf&auml;llt die Angabe des <i>Target</i> Parameters:
-</p>
-<p>
-<tt>&lt;a href="https://&lt;MOA-URL&gt;/StartAuthentication?OA=&lt;OA-URL&gt;&amp;Template=&lt;Template-URL&gt;&quot;&gt;</tt>
-</p>
-<p>
-<tt>&lt;a href="https://&lt;MOA-URL&gt;/SelectBKU?OA=&lt;OA-URL&gt;&amp;Template=&lt;Template-URL&gt;&amp;BKUSelectionTemplate=&lt;BKU-Template-URL&gt;&quot;&gt;</tt>
-</p>
-<p>Die Angabe der Parameter <tt>&quot;Template&quot;</tt> und <tt>&quot;BKUSelectionTemplate&quot;</tt> ist optional.</p>
-<% } %>
-</body>
-</html> \ No newline at end of file