diff options
Diffstat (limited to 'id/server/auth')
-rw-r--r-- | id/server/auth/pom.xml | 43 | ||||
-rw-r--r-- | id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml | 28 | ||||
-rw-r--r-- | id/server/auth/src/main/webapp/WEB-INF/server-config.wsdd | 29 | ||||
-rw-r--r-- | id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml | 124 | ||||
-rw-r--r-- | id/server/auth/src/main/webapp/WEB-INF/web.xml | 141 | ||||
-rw-r--r-- | id/server/auth/src/main/webapp/errorpage-auth.jsp | 50 |
6 files changed, 46 insertions, 369 deletions
diff --git a/id/server/auth/pom.xml b/id/server/auth/pom.xml index 96f51666f..f7b2731fe 100644 --- a/id/server/auth/pom.xml +++ b/id/server/auth/pom.xml @@ -92,15 +92,6 @@ <!-- we need Axis 1.1 here, 1.0 is included in SPSS --> <dependency> - <groupId>axis</groupId> - <artifactId>axis</artifactId> - </dependency> - <dependency> - <groupId>org.tuckey</groupId> - <artifactId>urlrewritefilter</artifactId> - <version>4.0.4</version> - </dependency> - <dependency> <groupId>MOA.spss.server</groupId> <artifactId>moa-spss-lib</artifactId> <exclusions> @@ -109,13 +100,13 @@ <groupId>iaik</groupId> </exclusion> <exclusion> - <artifactId>axis-wsdl4j</artifactId> - <groupId>axis</groupId> - </exclusion> - <exclusion> <groupId>commons-logging</groupId> <artifactId>commons-logging</artifactId> </exclusion> + <exclusion> + <artifactId>axis-wsdl4j</artifactId> + <groupId>axis</groupId> + </exclusion> </exclusions> </dependency> <dependency> @@ -130,20 +121,20 @@ <groupId>ch.qos.logback</groupId> <artifactId>logback-classic</artifactId> </exclusion> + <exclusion> + <artifactId>axis</artifactId> + <groupId>axis</groupId> + </exclusion> </exclusions> </dependency> - <dependency> - <groupId>eu.stork</groupId> - <artifactId>oasis-dss-api</artifactId> - <version>1.0.0-RELEASE</version> - </dependency> - - <!-- Adding stork module dependency automatically adds stork capabilities. --> + + <!-- Adding eIDAS module dependency automatically adds eIDAS protocol capabilities. --> <dependency> <groupId>MOA.id.server.modules</groupId> - <artifactId>moa-id-module-stork</artifactId> + <artifactId>moa-id-module-eIDAS</artifactId> </dependency> + <!-- Adding monitoring module dependency automatically adds monitoring capabilities. --> <dependency> <groupId>MOA.id.server.modules</groupId> @@ -161,11 +152,21 @@ <artifactId>moa-id-module-openID</artifactId> </dependency> +<!-- <dependency> + <groupId>MOA.id.server.modules</groupId> + <artifactId>moa-id-module-pvp2</artifactId> + </dependency> --> + <dependency> <groupId>MOA.id.server.modules</groupId> <artifactId>moa-id-modul-citizencard_authentication</artifactId> </dependency> + <dependency> + <groupId>MOA.id.server.modules</groupId> + <artifactId>moa-id-modules-federated_authentication</artifactId> + </dependency> + <!-- transitive dependencies we don't want to include into the war --> <dependency> <groupId>iaik.prod</groupId> diff --git a/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml b/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml index a3f834457..da5bf98ab 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml @@ -2,19 +2,39 @@ <beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
- xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd - http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
+ xmlns:mvc="http://www.springframework.org/schema/mvc"
+ xsi:schemaLocation="
+ http://www.springframework.org/schema/beans
+ http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context
+ http://www.springframework.org/schema/context/spring-context.xsd
+ http://www.springframework.org/schema/mvc
+ http://www.springframework.org/schema/mvc/spring-mvc.xsd
+ http://www.springframework.org/schema/tx
+ http://www.springframework.org/schema/tx/spring-tx.xsd
+ "
+>
<context:annotation-config />
+ <context:component-scan base-package="at.gv.egovernment.moa.id.auth.servlet" />
+ <context:component-scan base-package="at.gv.egovernment.moa.id.protocols" />
+
+ <mvc:annotation-driven />
+
+ <mvc:default-servlet-handler/>
+
+ <mvc:interceptors>
+ <bean class="at.gv.egovernment.moa.id.auth.servlet.interceptor.WebFrontEndSecurityInterceptor" />
+ <bean class="at.gv.egovernment.moa.id.auth.servlet.interceptor.UniqueSessionIdentifierInterceptor" />
+ </mvc:interceptors>
+
<bean id="processEngine" class="at.gv.egovernment.moa.id.process.ProcessEngineImpl">
<property name="transitionConditionExpressionEvaluator">
<bean class="at.gv.egovernment.moa.id.process.springweb.SpringWebExpressionEvaluator" />
</property>
</bean>
- <bean id="authenticationManager" class="at.gv.egovernment.moa.id.moduls.AuthenticationManager" factory-method="getInstance" />
-
<!-- import auth modules -->
<import resource="classpath*:**/*.authmodule.beans.xml" />
diff --git a/id/server/auth/src/main/webapp/WEB-INF/server-config.wsdd b/id/server/auth/src/main/webapp/WEB-INF/server-config.wsdd deleted file mode 100644 index 121ec3cf9..000000000 --- a/id/server/auth/src/main/webapp/WEB-INF/server-config.wsdd +++ /dev/null @@ -1,29 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?>
-<deployment name="defaultClientConfig"
- xmlns="http://xml.apache.org/axis/wsdd/"
- xmlns:java="http://xml.apache.org/axis/wsdd/providers/java"
- xmlns:handler="http://xml.apache.org/axis/wsdd/providers/handler">
-
- <handler name="URLMapper" type="java:org.apache.axis.handlers.http.URLMapper"/>
- <handler name="MsgDispatcher" type="java:org.apache.axis.providers.java.MsgProvider"/>
- <handler name="HTTPAuthHandler" type="java:org.apache.axis.handlers.http.HTTPAuthHandler"/>
-
- <service name="GetAuthenticationData" provider="java:MSG">
- <namespace>urn:oasis:names:tc:SAML:1.0:protocol</namespace>
- <parameter name="allowedMethods" value="Request"/>
- <parameter name="className" value="at.gv.egovernment.moa.id.protocols.saml1.GetAuthenticationDataService"/>
- <wsdlFile>/resources/wsdl/MOA-ID-1.x.wsdl</wsdlFile>
- <requestFlow>
- </requestFlow>
- <responseFlow>
- </responseFlow>
- </service>
-
- <transport name="http">
- <requestFlow>
- <handler type="URLMapper"/>
- <handler type="HTTPAuthHandler"/>
- </requestFlow>
- </transport>
-
-</deployment>
diff --git a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml deleted file mode 100644 index 8f01ca22b..000000000 --- a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml +++ /dev/null @@ -1,124 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?> -<!DOCTYPE urlrewrite PUBLIC "-//tuckey.org//DTD UrlRewrite 4.0//EN" - "http://www.tuckey.org/res/dtds/urlrewrite4.0.dtd"> - -<!-- Configuration file for UrlRewriteFilter http://www.tuckey.org/urlrewrite/ --> -<urlrewrite> - - <rule> - <note> - The rule means that requests to /test/status/ will be redirected to - /rewrite-status - the url will be rewritten. - </note> - <from>/test/status/</from> - <to type="redirect">%{context-path}/rewrite-status</to> - </rule> - - <!-- Legacy Rules --> - <rule match-type="regex"> - <from>^/StartAuthentication$</from> - <to type="forward">/dispatcher?mod=id_saml1&action=GetArtifact</to> - </rule> - <rule match-type="regex"> - <from>^/StartAuthentication\?(.*)$</from> - <to type="forward">/dispatcher?mod=id_saml1&action=GetArtifact&$1</to> - </rule> - - <rule match-type="regex"> - <from>^/auth/([a-zA-Z0-9]+)/([a-zA-Z0-9]+)$</from> - <to type="forward">/dispatcher?mod=$1&action=$2</to> - </rule> - <rule match-type="regex"> - <from>^/auth/([a-zA-Z0-9]+)/([a-zA-Z0-9]+)\?(.*)$</from> - <to type="forward">/dispatcher?mod=$1&action=$2&$3</to> - </rule> - - - <rule match-type="regex"> - <from>^/pvp2/metadata$</from> - <to type="forward">/dispatcher?mod=id_pvp2x&action=Metadata&%{query-string}</to> - </rule> - <rule match-type="regex"> - <from>^/pvp2/redirect$</from> - <to type="forward">/dispatcher?mod=id_pvp2x&action=Redirect&endpointtype=idp&%{query-string}</to> - </rule> - <rule match-type="regex"> - <from>^/pvp2/post$</from> - <to type="forward">/dispatcher?mod=id_pvp2x&action=Post&endpointtype=idp&%{query-string}</to> - </rule> - <rule match-type="regex"> - <from>^/pvp2/Soap$</from> - <to type="forward">/dispatcher?mod=id_pvp2x&action=Soap&endpointtype=idp</to> - </rule> - <rule match-type="regex"> - <from>^/pvp2/attributequery$</from> - <to type="forward">/dispatcher?mod=id_pvp2x&action=AttributeQuery&endpointtype=idp</to> - </rule> - <rule match-type="regex"> - <from>^/pvp2/sp/redirect$</from> - <to type="forward">/dispatcher?mod=id_pvp2x&action=Redirect&endpointtype=sp&%{query-string}</to> - </rule> - <rule match-type="regex"> - <from>^/pvp2/sp/post$</from> - <to type="forward">/dispatcher?mod=id_pvp2x&action=Post&endpointtype=sp&%{query-string}</to> - </rule> - - - <rule match-type="regex"> - <from>^/stork2/StartAuthentication$</from> - <to type="forward">/dispatcher?mod=id_stork2&action=AuthenticationRequest&%{query-string}</to> - </rule> - <rule match-type="regex"> - <from>^/stork2/ResumeAuthentication$</from> - <to type="forward">/dispatcher?mod=id_stork2&action=AttributeCollector&%{query-string}</to> - </rule> - <rule match-type="regex"> - <from>^/stork2/GetConsent$</from> - <to type="forward">/dispatcher?mod=id_stork2&action=ConsentEvaluator&%{query-string}</to> - </rule> - <rule match-type="regex"> - <from>^/stork2/SendPEPSAuthnRequest$</from> - <to type="forward">/dispatcher?mod=id_stork2&action=AuthenticationRequest&%{query-string}</to> - </rule> - <rule match-type="regex"> - <from>^/stork2/ServiceProvider$</from> - <to type="forward">/dispatcher?mod=id_stork2&action=AuthenticationRequest&%{query-string}</to> - </rule> - <rule match-type="regex"> - <from>^/stork2/SendPEPSAuthnRequestWithoutSignedDoc$</from> - <to type="forward">/dispatcher?mod=id_stork2&action=AuthenticationRequest1&%{query-string}</to> - </rule> - <rule match-type="regex"> - <from>^/stork2/RetrieveMandate$</from> - <to type="forward">/dispatcher?mod=id_stork2&action=MandateRetrievalRequest&%{query-string}</to> - </rule> - - - <rule match-type="regex"> - <from>^/oauth2/auth\\?(.*)$</from> - <to type="forward">/dispatcher?mod=id_oauth20&action=AUTH&%{query-string}</to> - </rule> - <rule match-type="regex"> - <from>^/oauth2/token\\?(.*)$</from> - <to type="forward">/dispatcher?mod=id_oauth20&action=TOKEN&%{query-string}</to> - </rule> - - - <outbound-rule> - <note> - The outbound-rule specifies that when response.encodeURL is called (if - you are using JSTL c:url) - the url /rewrite-status will be rewritten to /test/status/. - - The above rule and this outbound-rule means that end users should never - see the - url /rewrite-status only /test/status/ both in thier location bar and in - hyperlinks - in your pages. - </note> - <from>/rewrite-status</from> - <to>/test/status/</to> - </outbound-rule> - -</urlrewrite> diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml index 5afc0dee7..af1603621 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/web.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/web.xml @@ -5,11 +5,6 @@ <display-name>MOA ID Auth</display-name> <description>MOA ID Authentication Service</description> - <!-- bootstrap loader for spring framework --> - <listener> - <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> - </listener> - <filter> <filter-name>characterEncodingFilter</filter-name> <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class> @@ -27,142 +22,6 @@ <url-pattern>/*</url-pattern> </filter-mapping> - <!-- exposes request and response to the current thread --> - <filter> - <filter-name>requestContextFilter</filter-name> - <filter-class>org.springframework.web.filter.RequestContextFilter</filter-class> - </filter> - <filter-mapping> - <filter-name>requestContextFilter</filter-name> - <url-pattern>/*</url-pattern> - </filter-mapping> - - <filter> - <filter-name>UrlRewriteFilter</filter-name> - <filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class> - </filter> - <filter-mapping> - <filter-name>UrlRewriteFilter</filter-name> - <url-pattern>/*</url-pattern> - </filter-mapping> - - <servlet> - <description>Generate BKU Request template</description> - <display-name>GenerateIframeTemplate</display-name> - <servlet-name>GenerateIframeTemplate</servlet-name> - <servlet-class>at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet</servlet-class> - </servlet> - <servlet-mapping> - <servlet-name>GenerateIframeTemplate</servlet-name> - <url-pattern>/GenerateIframeTemplate</url-pattern> - </servlet-mapping> - - <servlet> - <display-name>RedirectServlet</display-name> - <servlet-name>RedirectServlet</servlet-name> - <servlet-class>at.gv.egovernment.moa.id.auth.servlet.RedirectServlet</servlet-class> - </servlet> - <servlet-mapping> - <servlet-name>RedirectServlet</servlet-name> - <url-pattern>/RedirectServlet</url-pattern> - </servlet-mapping> - - <!-- automatically registered by module 'moa-id-module-monitoring' using @WebServlet annotation --> - <!-- - <servlet> - <display-name>MonitoringServlet</display-name> - <servlet-name>MonitoringServlet</servlet-name> - <servlet-class>at.gv.egovernment.moa.id.auth.servlet.MonitoringServlet</servlet-class> - </servlet> - <servlet-mapping> - <servlet-name>MonitoringServlet</servlet-name> - <url-pattern>/MonitoringServlet</url-pattern> - </servlet-mapping> - --> - - <servlet> - <display-name>SSOSendAssertionServlet</display-name> - <servlet-name>SSOSendAssertionServlet</servlet-name> - <servlet-class>at.gv.egovernment.moa.id.auth.servlet.SSOSendAssertionServlet</servlet-class> - </servlet> - <servlet-mapping> - <servlet-name>SSOSendAssertionServlet</servlet-name> - <url-pattern>/SSOSendAssertionServlet</url-pattern> - </servlet-mapping> - - <servlet> - <description>SSO LogOut</description> - <display-name>LogOut</display-name> - <servlet-name>LogOut</servlet-name> - <servlet-class>at.gv.egovernment.moa.id.auth.servlet.LogOutServlet</servlet-class> - </servlet> - <servlet-mapping> - <servlet-name>LogOut</servlet-name> - <url-pattern>/LogOut</url-pattern> - </servlet-mapping> - - <servlet> - <description>IDP Single LogOut Service</description> - <display-name>IDP-SLO</display-name> - <servlet-name>IDPSLO</servlet-name> - <servlet-class>at.gv.egovernment.moa.id.auth.servlet.IDPSingleLogOutServlet</servlet-class> - </servlet> - <servlet-mapping> - <servlet-name>IDPSLO</servlet-name> - <url-pattern>/idpSingleLogout</url-pattern> - </servlet-mapping> - - <servlet> - <display-name>Apache-Axis Servlet</display-name> - <servlet-name>AxisServlet</servlet-name> - <servlet-class>org.apache.axis.transport.http.AxisServlet</servlet-class> - </servlet> - <servlet-mapping> - <servlet-name>AxisServlet</servlet-name> - <url-pattern>/services/*</url-pattern> - </servlet-mapping> - - <servlet> - <display-name>Dispatcher Servlet</display-name> - <servlet-name>DispatcherServlet</servlet-name> - <servlet-class>at.gv.egovernment.moa.id.entrypoints.DispatcherServlet</servlet-class> - <load-on-startup>1</load-on-startup> - </servlet> - <servlet-mapping> - <servlet-name>DispatcherServlet</servlet-name> - <url-pattern>/dispatcher</url-pattern> - </servlet-mapping> - - <servlet> - <description>Resumes a suspended process task.</description> - <display-name>ProcessEngineSignal</display-name> - <servlet-name>ProcessEngineSignal</servlet-name> - <servlet-class>at.gv.egovernment.moa.id.auth.servlet.ProcessEngineSignalServlet</servlet-class> - </servlet> - <servlet-mapping> - <!-- do not change this servlet-name --> - <servlet-name>ProcessEngineSignal</servlet-name> - - <!-- Use this url-pattern in order to signal the next (asynchronous) task. --> - <url-pattern>/signalProcess</url-pattern> - - <!-- legacy url patterns for asynchronous tasks (internal default module/processes) --> - <url-pattern>/GetMISSessionID</url-pattern> - <url-pattern>/GetForeignID</url-pattern> - <url-pattern>/VerifyAuthBlock</url-pattern> - <url-pattern>/VerifyCertificate</url-pattern> - <url-pattern>/VerifyIdentityLink</url-pattern> - - <!-- - STORK servlet mappings; automatically registered by the stork module; - refer to at.gv.egovernment.moa.id.auth.modules.stork.STORKWebApplicationInitializer - --> - <!-- - <url-pattern>/PEPSConnectorWithLocalSigning</url-pattern> - <url-pattern>/PEPSConnector</url-pattern> - --> - </servlet-mapping> - <session-config> <session-timeout>5</session-timeout> </session-config> diff --git a/id/server/auth/src/main/webapp/errorpage-auth.jsp b/id/server/auth/src/main/webapp/errorpage-auth.jsp deleted file mode 100644 index 07f3e7f69..000000000 --- a/id/server/auth/src/main/webapp/errorpage-auth.jsp +++ /dev/null @@ -1,50 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
-<%@ page contentType="text/html; charset=UTF-8" %>
-<html>
-<head>
-<title>Ein Fehler ist aufgetreten</title>
-</head>
-<% Throwable exceptionThrown = (Throwable)request.getAttribute("ExceptionThrown");
- String errorMessage = (String)request.getAttribute("ErrorMessage");
- String wrongParameters = (String)request.getAttribute("WrongParameters");
-%>
-
-<body>
-<h1>Fehler bei der Anmeldung</h1>
-<p>Bei der Anmeldung ist ein Fehler aufgetreten.</p>
-
-<% if (errorMessage != null) { %>
-<p>
-<%= errorMessage%><br>
-</p>
-<% } %>
-<% if (exceptionThrown != null) { %>
-<p>
-<%= exceptionThrown.getMessage()%>
-</p>
-<% } %>
-<% if (wrongParameters != null) { %>
-<p>Die Angabe der Parameter ist unvollständig.<br></p>
-<b> <%= wrongParameters %> </b><br>
-<p>
- Beispiele für korrekte Links zur MOA-ID Authentisierung sind:
-</p>
-<p>
-<tt><a href="https://<MOA-URL>/StartAuthentication?Target=<Geschäftsbereich>&OA=<OA-URL>&Template=<Template-URL>"></tt>
-</p>
-<p>
-<tt><a href="https://<MOA-URL>/SelectBKU?Target=<Geschäftsbereich>&OA=<OA-URL>&Template=<Template-URL>&BKUSelectionTemplate=<BKU-Template-URL>"></tt>
-</p>
-<p>
-Im Falle einer Applikation aus dem privatwirtschaftlichen Bereich (type="businessService") entfällt die Angabe des <i>Target</i> Parameters:
-</p>
-<p>
-<tt><a href="https://<MOA-URL>/StartAuthentication?OA=<OA-URL>&Template=<Template-URL>"></tt>
-</p>
-<p>
-<tt><a href="https://<MOA-URL>/SelectBKU?OA=<OA-URL>&Template=<Template-URL>&BKUSelectionTemplate=<BKU-Template-URL>"></tt>
-</p>
-<p>Die Angabe der Parameter <tt>"Template"</tt> und <tt>"BKUSelectionTemplate"</tt> ist optional.</p>
-<% } %>
-</body>
-</html>
\ No newline at end of file |