diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java | 40 |
1 files changed, 21 insertions, 19 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java index 63ad62662..b0a4f2f8a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java @@ -25,7 +25,6 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ public static void parse(AuthenticationSession moasession, String target, - String sourceID, String oaURL, String bkuURL, String templateURL, @@ -40,7 +39,6 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ // escape parameter strings //TODO: use URLEncoder.encode!! target = StringEscapeUtils.escapeHtml(target); - sourceID = StringEscapeUtils.escapeHtml(sourceID); oaURL = StringEscapeUtils.escapeHtml(oaURL); bkuURL = StringEscapeUtils.escapeHtml(bkuURL); templateURL = StringEscapeUtils.escapeHtml(templateURL); @@ -49,15 +47,9 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ // check parameter if (!ParamValidatorUtils.isValidOA(oaURL)) - throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); - if (!ParamValidatorUtils.isValidBKUURI(bkuURL)) - throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12"); - if (!ParamValidatorUtils.isValidTemplate(req, templateURL)) - throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12"); + throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); if (!ParamValidatorUtils.isValidUseMandate(useMandate)) throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12"); - if (!ParamValidatorUtils.isValidSourceID(sourceID)) - throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12"); if (!ParamValidatorUtils.isValidCCC(ccc)) throw new WrongParametersException("StartAuthentication", PARAM_CCC, "auth.12"); @@ -115,6 +107,10 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ } + //Validate BKU URI + if (!ParamValidatorUtils.isValidBKUURI(bkuURL, oaParam.getBKUURL())) + throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12"); + if (!oaParam.getBusinessService()) { if (isEmpty(target)) throw new WrongParametersException("StartAuthentication", @@ -155,20 +151,23 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ // check if HTTP Connection may be allowed (through // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY) - String boolStr = AuthConfigurationProvider - .getInstance() - .getGenericConfigurationParameter( - AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); + //INFO: removed from MOA-ID 2.0 Config +// String boolStr = AuthConfigurationProvider +// .getInstance() +// .getGenericConfigurationParameter( +// AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); + if ((!authURL.startsWith("https:")) - && (false == BoolUtils.valueOf(boolStr))) +// && (false == BoolUtils.valueOf(boolStr)) + ) throw new AuthenticationException("auth.07", new Object[] { authURL + "*" }); moasession.setAuthURL(authURL); - //check and set SourceID - if (sourceID != null) - moasession.setSourceID(sourceID); +// //check and set SourceID +// if (sourceID != null) +// moasession.setSourceID(sourceID); // BKU URL has not been set yet, even if session already exists if (bkuURL == null) { @@ -179,7 +178,11 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ } } moasession.setBkuURL(bkuURL); + + if (!ParamValidatorUtils.isValidTemplate(req, templateURL)) + throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12"); + // override template url by url from configuration file if (oaParam.getTemplateURL() != null) { templateURL = oaParam.getTemplateURL(); @@ -213,7 +216,6 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ //get Parameters from request String target = req.getParameter(PARAM_TARGET); - String sourceID = req.getParameter(PARAM_SOURCEID); String oaURL = req.getParameter(PARAM_OA); String bkuURL = req.getParameter(PARAM_BKU); String templateURL = req.getParameter(PARAM_TEMPLATE); @@ -223,7 +225,7 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ oaURL = request.getOAURL(); target = request.getTarget(); - parse(moasession, target, sourceID, oaURL, bkuURL, templateURL, useMandate, ccc, modul, action, req); + parse(moasession, target, oaURL, bkuURL, templateURL, useMandate, ccc, modul, action, req); } |