diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java | 214 |
1 files changed, 128 insertions, 86 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java index 887692477..acff2e40e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java @@ -52,7 +52,7 @@ import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; import at.gv.egovernment.moa.id.moduls.IRequestStorage; import at.gv.egovernment.moa.id.process.ProcessExecutionException; -import at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController; +import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestValidatorException; import at.gv.egovernment.moa.id.storage.ITransactionStorage; import at.gv.egovernment.moa.id.util.ErrorResponseUtils; @@ -78,35 +78,65 @@ public abstract class AbstractController extends MOAIDAuthConstants { @Autowired protected ITransactionStorage transactionStorage; @Autowired protected MOAReversionLogger revisionsLogger; @Autowired protected AuthConfiguration authConfig; - - protected void handleError(String errorMessage, Throwable exceptionThrown, - HttpServletRequest req, HttpServletResponse resp, String pendingRequestID) throws IOException { - Throwable loggedException = extractOriginalExceptionFromProcessException(exceptionThrown); + @ExceptionHandler({MOAIDException.class}) + public void MOAIDExceptionHandler(HttpServletRequest req, HttpServletResponse resp, Exception e) throws IOException { + Logger.error(e.getMessage() , e); + internalMOAIDExceptionHandler(req, resp, e, true); - if (!(loggedException instanceof MOAIDException)) { - Logger.error("Receive an internal error: Message=" + loggedException.getMessage(), loggedException); + } - } else { - if (Logger.isDebugEnabled() || Logger.isTraceEnabled()) { - Logger.error(loggedException.getMessage(), loggedException); + @ExceptionHandler({Exception.class}) + public void GenericExceptionHandler(HttpServletResponse resp, Exception exception) throws IOException { + Logger.error("Internel Server Error." , exception); + resp.setContentType("text/html;charset=UTF-8"); + resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Internal Server Error!" + + "(Errorcode=9199" + +" | Description="+ exception.getMessage() + ")"); + return; + + } - } else { - Logger.error(loggedException.getMessage()); + @ExceptionHandler({IOException.class}) + public void IOExceptionHandler(HttpServletResponse resp, IOException exception) { + Logger.error("Internel Server Error." , exception); + resp.setContentType("text/html;charset=UTF-8"); + resp.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); + return; + + } - } - } + protected void handleError(String errorMessage, Throwable exceptionThrown, + HttpServletRequest req, HttpServletResponse resp, String pendingRequestID) throws IOException { - //store error into transaction store - try { - String key = Random.nextRandom(); - transactionStorage.put(key, loggedException); + Throwable loggedException = null; + Throwable extractedException = extractOriginalExceptionFromProcessException(exceptionThrown); + + //extract pendingRequestID and originalException if it was a TaskExecutionException + if (extractedException instanceof TaskExecutionException) { + //set original exception + loggedException = ((TaskExecutionException) extractedException).getOriginalException(); - if (key != null && MiscUtil.isNotEmpty(pendingRequestID)) { + //set pending-request ID if it is set + String reqID = ((TaskExecutionException) extractedException).getPendingRequestID(); + if (MiscUtil.isNotEmpty(reqID)) + pendingRequestID = reqID; + + } else + loggedException = exceptionThrown; + + try { + //switch to protocol-finalize method to generate a protocol-specific error message + if (MiscUtil.isNotEmpty(pendingRequestID)) { + + //put exception into transaction store for redirect + String key = Random.nextRandom(); + transactionStorage.put(key, loggedException); + + //build up redirect URL String redirectURL = null; - redirectURL = ServletUtils.getBaseUrl(req); - redirectURL += "/"+AbstractProtocolModulController.FINALIZEPROTOCOL_ENDPOINT + redirectURL += "/"+AbstractAuthProtocolModulController.FINALIZEPROTOCOL_ENDPOINT + "?" + ERROR_CODE_PARAM + "=" + key + "&" + MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID; @@ -119,7 +149,8 @@ public abstract class AbstractController extends MOAIDAuthConstants { return; } else { - //Exception can not be stored in database + //write exception into browser window, because protocol-specific error message + // is not possible without pendingRequest handleErrorNoRedirect(loggedException, req, resp, true); } @@ -132,8 +163,7 @@ public abstract class AbstractController extends MOAIDAuthConstants { } - - + /** * Handles all exceptions with no pending request. * Therefore, the error is written to the users browser @@ -151,71 +181,36 @@ public abstract class AbstractController extends MOAIDAuthConstants { statisticLogger.logErrorOperation(throwable); //write errror to console - Logger.error(throwable.getMessage(), throwable); + logExceptionToTechnicalLog(throwable); //return error to Web browser if (throwable instanceof MOAIDException || throwable instanceof ProcessExecutionException) - MOAIDExceptionHandler(req, resp, (Exception)throwable); + internalMOAIDExceptionHandler(req, resp, (Exception)throwable, false); else GenericExceptionHandler(resp, (Exception)throwable); } - @ExceptionHandler({MOAIDException.class}) - public void MOAIDExceptionHandler(HttpServletRequest req, HttpServletResponse resp, Exception e) throws IOException { - if (e instanceof ProtocolNotActiveException) { - resp.getWriter().write(e.getMessage()); - resp.setContentType("text/html;charset=UTF-8"); - resp.sendError(HttpServletResponse.SC_FORBIDDEN, e.getMessage()); - - } else if (e instanceof AuthnRequestValidatorException) { - AuthnRequestValidatorException ex = (AuthnRequestValidatorException)e; - //log Error Message - statisticLogger.logErrorOperation(ex, ex.getErrorRequest()); - - //write error message - writeBadRequestErrorResponse(req, resp, (MOAIDException) e); - - } else if (e instanceof InvalidProtocolRequestException) { - //send error response - writeBadRequestErrorResponse(req, resp, (MOAIDException) e); - - } else if (e instanceof ConfigurationException) { - //send HTML formated error message - writeHTMLErrorResponse(resp, (MOAIDException) e); - - } else if (e instanceof MOAIDException) { - //send HTML formated error message - writeHTMLErrorResponse(resp, e); - - } else if (e instanceof ProcessExecutionException) { - //send HTML formated error message - writeHTMLErrorResponse(resp, e); - - } - - } + /** + * Write a Exception to the MOA-ID-Auth internal technical log + * + * @param loggedException Exception to log + */ + protected void logExceptionToTechnicalLog(Throwable loggedException) { + if (!(loggedException instanceof MOAIDException)) { + Logger.error("Receive an internal error: Message=" + loggedException.getMessage(), loggedException); - @ExceptionHandler({Exception.class}) - public void GenericExceptionHandler(HttpServletResponse resp, Exception exception) throws IOException { - Logger.error("Internel Server Error." , exception); - resp.setContentType("text/html;charset=UTF-8"); - resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Internal Server Error!" + - "(Errorcode=9199" - +" | Description="+ exception.getMessage() + ")"); - return; - - } + } else { + if (Logger.isDebugEnabled() || Logger.isTraceEnabled()) { + Logger.error(loggedException.getMessage(), loggedException); - @ExceptionHandler({IOException.class}) - public void IOExceptionHandler(HttpServletResponse resp, IOException exception) { - Logger.error("Internel Server Error." , exception); - resp.setContentType("text/html;charset=UTF-8"); - resp.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); - return; - - } + } else { + Logger.error(loggedException.getMessage()); + } + } + } + private void writeBadRequestErrorResponse(HttpServletRequest req, HttpServletResponse resp, MOAIDException e) throws IOException { ErrorResponseUtils utils = ErrorResponseUtils.getInstance(); String code = utils.mapInternalErrorToExternalError( @@ -295,21 +290,68 @@ public abstract class AbstractController extends MOAIDAuthConstants { return errors.toString(); } - + + /** + * Extracts a TaskExecutionException of a ProcessExecutionExeception Stacktrace. + * + * @param exception + * @return Return the latest TaskExecutionExecption if exists, otherwise the latest ProcessExecutionException + */ private Throwable extractOriginalExceptionFromProcessException(Throwable exception) { - Throwable returnexception = exception; + Throwable exholder = exception; + TaskExecutionException taskExc = null; - while(returnexception != null - && returnexception instanceof ProcessExecutionException) { - ProcessExecutionException procExc = (ProcessExecutionException) returnexception; + while(exholder != null + && exholder instanceof ProcessExecutionException) { + ProcessExecutionException procExc = (ProcessExecutionException) exholder; if (procExc.getCause() != null && procExc.getCause() instanceof TaskExecutionException) { - TaskExecutionException taskExc = (TaskExecutionException) procExc.getCause(); - returnexception = taskExc.getOriginalException(); + taskExc = (TaskExecutionException) procExc.getCause(); + exholder = taskExc.getOriginalException(); } } - return returnexception; + if (taskExc == null) + return exholder; + + else + return taskExc; + } + + private void internalMOAIDExceptionHandler(HttpServletRequest req, HttpServletResponse resp, Exception e, boolean writeExceptionToStatisicLog) throws IOException { + if (e instanceof ProtocolNotActiveException) { + resp.getWriter().write(e.getMessage()); + resp.setContentType("text/html;charset=UTF-8"); + resp.sendError(HttpServletResponse.SC_FORBIDDEN, e.getMessage()); + + } else if (e instanceof AuthnRequestValidatorException) { + AuthnRequestValidatorException ex = (AuthnRequestValidatorException)e; + //log Error Message + if (writeExceptionToStatisicLog) + statisticLogger.logErrorOperation(ex, ex.getErrorRequest()); + + //write error message + writeBadRequestErrorResponse(req, resp, (MOAIDException) e); + + } else if (e instanceof InvalidProtocolRequestException) { + //send error response + writeBadRequestErrorResponse(req, resp, (MOAIDException) e); + + } else if (e instanceof ConfigurationException) { + //send HTML formated error message + writeHTMLErrorResponse(resp, (MOAIDException) e); + + } else if (e instanceof MOAIDException) { + //send HTML formated error message + writeHTMLErrorResponse(resp, e); + + } else if (e instanceof ProcessExecutionException) { + //send HTML formated error message + writeHTMLErrorResponse(resp, e); + + } + } + } |