aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java27
1 files changed, 21 insertions, 6 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java
index a99b7aeef..d670cbe8a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java
@@ -9,6 +9,7 @@ import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringEscapeUtils;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
@@ -23,7 +24,7 @@ import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
public class ProcessEngineSignalServlet extends AuthServlet {
private static final long serialVersionUID = 1L;
-
+
/**
* Sets response headers that prevent caching (code taken from {@link AuthServlet}).
*
@@ -51,14 +52,13 @@ public class ProcessEngineSignalServlet extends AuthServlet {
*/
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
- String sessionID = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_SESSIONID));
+ String sessionID = StringEscapeUtils.escapeHtml(getMoaSessionId(req));
setNoCachingHeaders(resp);
try {
-
- // check parameter
- if (!ParamValidatorUtils.isValidSessionID(sessionID)) {
- throw new WrongParametersException("ProcessEngineSignal", PARAM_SESSIONID, "auth.12");
+
+ if (sessionID == null) {
+ throw new IllegalStateException("Unable to determine MOA session id.");
}
// retrieve moa session
@@ -80,4 +80,19 @@ public class ProcessEngineSignalServlet extends AuthServlet {
}
+ /**
+ * Retrieves the current MOA session id from the HttpServletRequest parameter
+ * {@link MOAIDAuthConstants#PARAM_SESSIONID}.
+ * <p/>
+ * Note that this class/method can be overwritten by modules providing their own strategy of retrieving the
+ * respective MOA session id.
+ *
+ * @param request
+ * The unterlying HttpServletRequest.
+ * @return The current MOA session id.
+ */
+ public String getMoaSessionId(HttpServletRequest request) {
+ return StringEscapeUtils.escapeHtml(request.getParameter(PARAM_SESSIONID));
+ }
+
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-08 08:30:04 +0000