aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java86
1 files changed, 86 insertions, 0 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java
new file mode 100644
index 000000000..acaf21682
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java
@@ -0,0 +1,86 @@
+package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
+
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.beans.factory.annotation.Autowired;
+
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.config.auth.data.UserWhitelistStore;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+public class UserRestrictionTask extends AbstractAuthServletTask {
+
+ public static final String CONFIG_PROPS_SP_LIST = "configuration.restrictions.sp.entityIds";
+ public static final String CONFIG_PROPS_CSV_USER_FILE = "configuration.restrictions.sp.users.url";
+ public static final String CONFIG_PROPS_CSV_USER_SECTOR = "configuration.restrictions.sp.users.sector";
+
+ @Autowired(required=true) UserWhitelistStore whitelist;
+
+ @Override
+ public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
+ throws TaskExecutionException {
+ try {
+ String spEntityId = pendingReq.getServiceProviderConfiguration().getUniqueIdentifier();
+ List<String> restrictedSPs = KeyValueUtils.getListOfCSVValues(authConfig.getBasicConfiguration(CONFIG_PROPS_SP_LIST));
+ if (restrictedSPs.contains(spEntityId)) {
+ Logger.debug("SP:" + spEntityId + " has a user restrication. Check users bPK ... ");
+ AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
+
+ //check if user idl is already loaded
+ if (moasession.getIdentityLink() == null) {
+ Logger.warn("PendingRequest contains NO IdentityLink. User restrictation NOT possible!");
+ throw new MOAIDException("process.03", null);
+
+ }
+
+ //calculate whitelist bPK for current user
+ String bpkTarget = authConfig.getBasicConfiguration(CONFIG_PROPS_CSV_USER_SECTOR);
+ if (MiscUtil.isEmpty(bpkTarget)) {
+ Logger.info("NO bPK sector for user whitelist in configuration");
+ throw new MOAIDException("config.05", new Object[] {CONFIG_PROPS_CSV_USER_SECTOR});
+
+ }
+
+ Pair<String, String> pseudonym = new BPKBuilder().generateAreaSpecificPersonIdentifier(
+ moasession.getIdentityLink().getIdentificationValue(),
+ moasession.getIdentityLink().getIdentificationType(),
+ bpkTarget);
+
+
+ //check if user's bPK is whitelisted
+ if (!whitelist.isUserbPKInWhitelistDynamic(pseudonym.getFirst())) {
+ Logger.info("User's bPK is not whitelisted. Authentication process stops ...");
+ Logger.trace("User's bPK: " + pseudonym.getFirst());
+ throw new MOAIDException("auth.35", null);
+
+ }
+
+ Logger.debug("User was found in whitelist. Continue authentication process ... ");
+
+ } else
+ Logger.trace("SP: " + spEntityId + " has no user restrication.");
+
+
+ } catch (MOAIDException e) {
+ throw new TaskExecutionException(pendingReq, e.getMessage(), e);
+
+ } catch (Exception e) {
+ Logger.warn("RestartAuthProzessManagement has an internal error", e);
+ throw new TaskExecutionException(pendingReq, e.getMessage(), e);
+
+ }
+
+ }
+
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-20 18:06:18 +0000