aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java238
1 files changed, 238 insertions, 0 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
new file mode 100644
index 000000000..26e24f5b4
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
@@ -0,0 +1,238 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.servlet;
+
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.ExceptionHandler;
+
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
+import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.moduls.IRequestStorage;
+import at.gv.egovernment.moa.id.process.ProcessExecutionException;
+import at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestValidatorException;
+import at.gv.egovernment.moa.id.storage.ITransactionStorage;
+import at.gv.egovernment.moa.id.util.ErrorResponseUtils;
+import at.gv.egovernment.moa.id.util.Random;
+import at.gv.egovernment.moa.id.util.ServletUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public abstract class AbstractController extends MOAIDAuthConstants {
+
+ public static final String ERROR_CODE_PARAM = "errorid";
+
+ @Autowired protected StatisticLogger statisticLogger;
+ @Autowired protected IRequestStorage requestStorage;
+ @Autowired protected ITransactionStorage transactionStorage;
+ @Autowired protected MOAReversionLogger revisionsLogger;
+ @Autowired protected AuthConfiguration authConfig;
+
+
+ protected void handleError(String errorMessage, Throwable exceptionThrown,
+ HttpServletRequest req, HttpServletResponse resp, String pendingRequestID) throws IOException {
+
+ Throwable loggedException = null;
+
+ if (exceptionThrown != null
+ && exceptionThrown instanceof ProcessExecutionException) {
+ ProcessExecutionException procExc =
+ (ProcessExecutionException) exceptionThrown;
+ if (procExc.getCause() != null &&
+ procExc.getCause() instanceof TaskExecutionException) {
+ TaskExecutionException taskExc = (TaskExecutionException) procExc.getCause();
+ loggedException = taskExc.getOriginalException();
+
+ }
+ }
+
+ if (loggedException == null)
+ loggedException = exceptionThrown;
+
+
+ if (!(loggedException instanceof MOAIDException)) {
+ Logger.error("Receive an internal error: Message=" + loggedException.getMessage(), loggedException);
+
+ } else {
+ if (Logger.isDebugEnabled() || Logger.isTraceEnabled()) {
+ Logger.error(loggedException.getMessage(), loggedException);
+
+ } else {
+ Logger.error(loggedException.getMessage());
+
+ }
+ }
+
+ //store error into transaction store
+ try {
+ String key = Random.nextRandom();
+ transactionStorage.put(key, exceptionThrown);
+
+ if (key != null && MiscUtil.isNotEmpty(pendingRequestID)) {
+ String redirectURL = null;
+
+ redirectURL = ServletUtils.getBaseUrl(req);
+ redirectURL += AbstractProtocolModulController.FINALIZEPROTOCOL_ENDPOINT
+ + "?" + ERROR_CODE_PARAM + "=" + key
+ + "&" + MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID;
+
+ resp.setContentType("text/html");
+ resp.setStatus(302);
+
+ resp.addHeader("Location", redirectURL);
+ Logger.debug("REDIRECT TO: " + redirectURL);
+
+ return;
+
+ } else {
+ //Exception can not be stored in database
+ handleErrorNoRedirect(loggedException, req, resp);
+
+ }
+
+ } catch (MOADatabaseException e) {
+ Logger.warn("Exception can not be stored to Database.", e);
+ handleErrorNoRedirect(loggedException, req, resp);
+
+ }
+
+
+ }
+
+
+ /**
+ * Handles all exceptions with no pending request.
+ * Therefore, the error is written to the users browser
+ *
+ * @param throwable
+ * @param req
+ * @param resp
+ * @throws IOException
+ */
+ protected void handleErrorNoRedirect(Throwable throwable, HttpServletRequest req,
+ HttpServletResponse resp) throws IOException {
+
+ //log Exception into statistic database
+ statisticLogger.logErrorOperation(throwable);
+
+ //write errror to console
+ Logger.error(throwable.getMessage(), throwable);
+
+ //return error to Web browser
+ if (throwable instanceof MOAIDException)
+ MOAIDExceptionHandler(req, resp, (MOAIDException)throwable);
+
+ else
+ GenericExceptionHandler(req, resp, (Exception)throwable);
+ }
+
+ @ExceptionHandler({MOAIDException.class})
+ public void MOAIDExceptionHandler(HttpServletRequest req, HttpServletResponse resp, MOAIDException e) throws IOException {
+ if (e instanceof ProtocolNotActiveException) {
+ resp.getWriter().write(e.getMessage());
+ resp.setContentType("text/html;charset=UTF-8");
+ resp.sendError(HttpServletResponse.SC_FORBIDDEN, e.getMessage());
+ return;
+
+ } else if (e instanceof AuthnRequestValidatorException) {
+ AuthnRequestValidatorException ex = (AuthnRequestValidatorException)e;
+ //log Error Message
+ statisticLogger.logErrorOperation(ex, ex.getErrorRequest());
+ return;
+
+ } else if (e instanceof InvalidProtocolRequestException) {
+ //write log entry
+ String samlRequest = req.getParameter("SAMLRequest");
+ Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
+
+ //send error response
+ ErrorResponseUtils utils = ErrorResponseUtils.getInstance();
+ String code = utils.mapInternalErrorToExternalError(e.getMessageId());
+ String descr = e.getMessage();
+ resp.setContentType("text/html;charset=UTF-8");
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "Protocol validation FAILED!" +
+ "(Errorcode=" + code +
+ " | Description=" + descr + ")");
+ return;
+ } else if (e instanceof ConfigurationException) {
+ resp.setContentType("text/html;charset=UTF-8");
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "NO valid protocol request received!" +
+ "(Errorcode=9199"
+ +" | Description="+ e.getMessage() + ")");
+ return;
+
+ //TODO: check exception type
+ } else if (e instanceof MOAIDException) {
+ String samlRequest = req.getParameter("SAMLRequest");
+ if (MiscUtil.isNotEmpty(samlRequest))
+ Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
+ else
+ Logger.error("Failed to generate a valid protocol request!");
+
+ resp.setContentType("text/html;charset=UTF-8");
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "NO valid protocol request received!" +
+ "(Errorcode=6000"
+ +" | Description=Das Authentifizierungsprotokoll wurde nicht erkannt oder wird nicht unterst\u00FCzt" + ")");
+ return;
+
+ }
+
+ }
+
+ @ExceptionHandler({Exception.class})
+ public void GenericExceptionHandler(HttpServletRequest req, HttpServletResponse resp, Exception exception) throws IOException {
+ Logger.error("Internel Server Error." , exception);
+ resp.setContentType("text/html;charset=UTF-8");
+ resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Internal Server Error!" +
+ "(Errorcode=9199"
+ +" | Description="+ exception.getMessage() + ")");
+ return;
+
+ }
+
+ @ExceptionHandler({IOException.class})
+ public void IOExceptionHandler(HttpServletRequest req, HttpServletResponse resp, IOException exception) {
+ Logger.error("Internel Server Error." , exception);
+ resp.setContentType("text/html;charset=UTF-8");
+ resp.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+ return;
+
+ }
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-30 13:41:32 +0000