aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java13
1 files changed, 8 insertions, 5 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
index 43947f6f0..824df9ca8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
@@ -16,9 +16,7 @@
package at.gv.egovernment.moa.id.auth.servlet;
import java.io.IOException;
-import java.util.Iterator;
import java.util.Map;
-import java.util.Vector;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
@@ -28,11 +26,10 @@ import org.apache.commons.fileupload.FileUploadException;
import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult;
-import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator;
-import at.gv.egovernment.moa.id.auth.validator.ValidateException;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.URLEncoder;
@@ -99,10 +96,16 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
throw new IOException(e.getMessage());
}
+ //@TODO Parameter
String sessionID = req.getParameter(PARAM_SESSIONID);
String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE);
String redirectURL = null;
try {
+ // check parameter
+ if (!ParamValidatorUtils.isValidSessionID(sessionID))
+ throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID, "auth.12");
+
+
AuthenticationSession session = AuthenticationServer.getSession(sessionID);
String samlArtifactBase64 =
AuthenticationServer.getInstance().verifyAuthenticationBlock(sessionID, createXMLSignatureResponse);
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-27 02:21:45 +0000