1 files changed, 64 insertions, 0 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
index a19618dc2..16041f8cb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
@@ -46,10 +46,18 @@ import org.apache.commons.fileupload.FileUploadException;
 import org.apache.commons.fileupload.disk.DiskFileItemFactory;
 import org.apache.commons.fileupload.servlet.ServletFileUpload;
 
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
 import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.BoolUtils;
 import at.gv.egovernment.moa.util.URLDecoder;
+import at.gv.egovernment.moa.util.URLEncoder;
 
 /**
  * Base class for MOA-ID Auth Servlets, providing standard error handling
@@ -65,7 +73,16 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
 	 * 
 	 */
 	private static final long serialVersionUID = -6929905344382283738L;
+	
+	
 
+	@Override
+	protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+		throws ServletException, IOException {
+		Logger.debug("GET " +  this.getServletName());
+
+		this.setNoCachingHeadersInHttpRespone(req, resp);
+}
 /**
    * Handles an error. <br>>
    * <ul>
@@ -260,4 +277,51 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
 	public void init(ServletConfig servletConfig) throws ServletException {
 		super.init(servletConfig);
 	}
+	
+	/**
+	 * Set response headers to avoid caching
+	 * @param request HttpServletRequest
+	 * @param response HttpServletResponse
+	 */
+	protected void setNoCachingHeadersInHttpRespone(HttpServletRequest request, HttpServletResponse response) {
+		response.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+		response.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+		response.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+		response.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+		
+	}
+	
+	/**
+	   * Adds a parameter to a URL.
+	   * @param url the URL
+	   * @param paramname parameter name
+	   * @param paramvalue parameter value
+	   * @return the URL with parameter added
+	   */
+	  protected static String addURLParameter(String url, String paramname, String paramvalue) {
+			String param = paramname + "=" + paramvalue;
+	  	if (url.indexOf("?") < 0)
+		  	return url + "?" + param;
+	  	else
+	  		return url + "&" + param;
+	  }
+
+	  /**
+	   * Checks if HTTP requests are allowed
+	   * @param authURL requestURL
+	   * @throws AuthenticationException if HTTP requests are not allowed
+	   * @throws ConfigurationException
+	   */
+	  protected void checkIfHTTPisAllowed(String authURL) throws AuthenticationException, ConfigurationException {
+		// check if HTTP Connection may be allowed (through
+			// FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY)
+			String boolStr = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter(
+							AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY);
+			if ((!authURL.startsWith("https:"))
+					&& (false == BoolUtils.valueOf(boolStr)))
+				throw new AuthenticationException("auth.07",
+						new Object[] { authURL + "*" });
+			
+	  }
+
 }