aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java25
1 files changed, 22 insertions, 3 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
index 961511ee7..8165f90f8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
@@ -28,6 +28,7 @@ import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
/**
@@ -61,18 +62,36 @@ public class StartAuthenticationServlet extends AuthServlet {
authURL = authURL.concat(":" + req.getServerPort());
}
authURL = authURL.concat(req.getContextPath() + "/");
- String target = req.getParameter(PARAM_TARGET);
- String oaURL = req.getParameter(PARAM_OA);
+
+ String target = req.getParameter(PARAM_TARGET);
+ String oaURL = req.getParameter(PARAM_OA);
String bkuURL = req.getParameter(PARAM_BKU);
String templateURL = req.getParameter(PARAM_TEMPLATE);
String sessionID = req.getParameter(PARAM_SESSIONID);
+
resp.setHeader(HEADER_EXPIRES,HEADER_VALUE_EXPIRES);
resp.setHeader(HEADER_PRAGMA,HEADER_VALUE_PRAGMA);
resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL);
resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE);
- try {
+
+
+ try {
+ // check parameter
+ if (!ParamValidatorUtils.isValidTarget(target))
+ throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12");
+ if (!ParamValidatorUtils.isValidOA(oaURL))
+ throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12");
+ if (!ParamValidatorUtils.isValidBKUURI(bkuURL))
+ throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12");
+ if (!ParamValidatorUtils.isValidTemplate(templateURL))
+ throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12");
+ if (!ParamValidatorUtils.isValidSessionID(sessionID))
+ throw new WrongParametersException("StartAuthentication", PARAM_SESSIONID, "auth.12");
+
+
String getIdentityLinkForm =
AuthenticationServer.getInstance().startAuthentication(authURL, target, oaURL, templateURL, bkuURL, sessionID, req.getScheme());
+
resp.setContentType("text/html;charset=UTF-8");
PrintWriter out = new PrintWriter(resp.getOutputStream());
out.print(getIdentityLinkForm);
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-27 02:11:47 +0000