1 files changed, 40 insertions, 11 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
index d4484a97c..c66e19eb0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
@@ -1,36 +1,52 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ * 
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ * 
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
 package at.gv.egovernment.moa.id.auth.servlet;
 
 import java.io.IOException;
 import java.io.PrintWriter;
-import java.util.Arrays;
-import java.util.List;
 
 import javax.servlet.ServletConfig;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
 
 import org.apache.commons.lang.StringEscapeUtils;
-import org.bouncycastle.asn1.x509.Target;
 
-import com.trilead.ssh2.Session;
-
-import at.gv.egovernment.moa.id.AuthenticationException;
-import at.gv.egovernment.moa.id.MOAIDException;
 import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
-import at.gv.egovernment.moa.id.auth.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser;
 import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
 import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
 import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
 import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moa.util.StringUtils;
 
 public class GenerateIFrameTemplateServlet extends AuthServlet {
@@ -61,6 +77,8 @@ public class GenerateIFrameTemplateServlet extends AuthServlet {
 	    	String useMandate = req.getParameter(PARAM_USEMANDATE);
 	    	String ccc = req.getParameter(PARAM_CCC);
 	    	String moasessionid = req.getParameter(PARAM_SESSIONID);
+	    		    	
+	    	moasessionid = StringEscapeUtils.escapeHtml(moasessionid);
 	    	
 	    	AuthenticationSession moasession = null;
 
@@ -71,7 +89,7 @@ public class GenerateIFrameTemplateServlet extends AuthServlet {
 			
 	    	    moasession = AuthenticationSessionStoreage.getSession(moasessionid);
 	    	    
-	    	    String newmoasessionid = AuthenticationSessionStoreage.changeSessionID(moasession);
+	    	    AuthenticationSessionStoreage.changeSessionID(moasession);
 			
 			} catch (MOADatabaseException e) {
 				Logger.info("MOASession with SessionID="+ moasessionid + " is not found in Database");
@@ -96,8 +114,19 @@ public class GenerateIFrameTemplateServlet extends AuthServlet {
 		    	String target = oaParam.getTarget();
 		    			    	
 		    	String bkuURL = oaParam.getBKUURL(bkuid);
+		    	if (MiscUtil.isEmpty(bkuURL)) {
+		    		Logger.info("No OA specific BKU defined. Use BKU from default configuration");
+		    		bkuURL = AuthConfigurationProvider.getInstance().getDefaultBKUURL(bkuid);
+		    	}
+		    	
 		    	String templateURL = AuthConfigurationProvider.getInstance().getSLRequestTemplates(bkuid);
 		    	
+		    	if (oaParam.isOnlyMandateAllowed()) 
+		    		useMandate = "true";
+		    	
+		    	if (!oaParam.isShowMandateCheckBox())
+		    		useMandate = "false";
+		    	
 		    	//parse all OA parameters i
 		    	StartAuthentificationParameterParser.parse(moasession, 
 		    											   target,