diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet')
11 files changed, 197 insertions, 171 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java index e5b2c598c..331a7653a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java @@ -66,6 +66,11 @@ import org.apache.commons.fileupload.FileItemFactory; import org.apache.commons.fileupload.FileUploadException; import org.apache.commons.fileupload.disk.DiskFileItemFactory; import org.apache.commons.fileupload.servlet.ServletFileUpload; +import org.springframework.beans.BeansException; +import org.springframework.beans.factory.NoSuchBeanDefinitionException; +import org.springframework.beans.factory.NoUniqueBeanDefinitionException; +import org.springframework.web.context.WebApplicationContext; +import org.springframework.web.context.support.WebApplicationContextUtils; import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; @@ -74,6 +79,7 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.entrypoints.DispatcherServlet; +import at.gv.egovernment.moa.id.process.ProcessEngine; import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl; import at.gv.egovernment.moa.id.storage.IExceptionStore; import at.gv.egovernment.moa.id.util.ServletUtils; @@ -97,6 +103,11 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants { protected static final String ERROR_CODE_PARAM = "errorid"; + /** + * The process engine. + */ + private ProcessEngine processEngine; + @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { @@ -454,4 +465,31 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants { } + + /** + * Returns the underlying process engine instance. + * + * @return The process engine (never {@code null}). + * @throws NoSuchBeanDefinitionException + * if no {@link ProcessEngine} bean was found. + * @throws NoUniqueBeanDefinitionException + * if more than one {@link ProcessEngine} bean was found. + * @throws BeansException + * if a problem getting the {@link ProcessEngine} bean occurred. + * @throws IllegalStateException + * if the Spring WebApplicationContext was not found, which means that the servlet is used outside a + * Spring web environment. + */ + public synchronized ProcessEngine getProcessEngine() { + if (processEngine == null) { + WebApplicationContext ctx = WebApplicationContextUtils.getWebApplicationContext(getServletContext()); + if (ctx == null) { + throw new IllegalStateException( + "Unable to find Spring WebApplicationContext. Servlet needs to be executed within a Spring web environment."); + } + processEngine = ctx.getBean(ProcessEngine.class); + } + return processEngine; + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java index 99a7dce89..ad4776a45 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java @@ -23,55 +23,42 @@ package at.gv.egovernment.moa.id.auth.servlet; import java.io.IOException; -import java.io.PrintWriter; import java.util.List; -import javax.servlet.ServletConfig; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils; -import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; -import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; +import at.gv.egovernment.moa.id.auth.modules.registration.ModuleRegistration; import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; + import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol; + +import at.gv.egovernment.moa.id.process.ExecutionContextImpl; +import at.gv.egovernment.moa.id.process.ProcessInstance; +import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; -import at.gv.egovernment.moa.util.StringUtils; public class GenerateIFrameTemplateServlet extends AuthServlet { private static final long serialVersionUID = 1L; - public void init(ServletConfig servletConfig) throws ServletException { -// try { -// super.init(servletConfig); -// MOAIDAuthInitializer.initialize(); -// Logger.debug("default platform file.encoding: " + System.getProperty("file.encoding")); -// Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null)); -// } -// catch (Exception ex) { -// Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex); -// throw new ServletException(ex); -// } - } - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { Logger.info("Receive " + GenerateIFrameTemplateServlet.class + " Request"); @@ -98,7 +85,7 @@ public class GenerateIFrameTemplateServlet extends AuthServlet { moasession = AuthenticationSessionStoreage.getSession(moasessionid); - AuthenticationSessionStoreage.changeSessionID(moasession); +// AuthenticationSessionStoreage.changeSessionID(moasession); } catch (MOADatabaseException e) { Logger.info("MOASession with SessionID="+ moasessionid + " is not found in Database"); @@ -168,28 +155,37 @@ public class GenerateIFrameTemplateServlet extends AuthServlet { moasession.getAction(), req); } - - StartAuthenticationBuilder startauth = StartAuthenticationBuilder.getInstance(); - String getIdentityLinkForm = startauth.build(moasession, req, resp); - - //store MOASession + + ExecutionContext ec = new ExecutionContextImpl(); + // set execution context + ec.put("ccc", moasession.getCcc()); + ec.put("useMandate", moasession.getUseMandate()); + ec.put("bkuURL", moasession.getBkuURL()); + + // select and create process instance + String processDefinitionId = ModuleRegistration.getInstance().selectProcess(ec); + String processInstanceId = getProcessEngine().createProcessInstance(processDefinitionId, ec); + + if (processDefinitionId == null) { + Logger.warn("No suitable process found for SessionID " + moasession.getSessionID()); + throw new MOAIDException("process.02", new Object[] { moasession.getSessionID() }); + } + + // keep process instance id in moa session + moasession.setProcessInstanceId(processInstanceId); + + // make sure moa session has been persisted before running the process try { AuthenticationSessionStoreage.storeSession(moasession); - } catch (MOADatabaseException e) { Logger.error("Database Error! MOASession is not stored!"); - throw new MOAIDException("init.04", new Object[] { - moasession.getSessionID()}); + throw new MOAIDException("init.04", new Object[] { moasession.getSessionID() }); } - - if (!StringUtils.isEmpty(getIdentityLinkForm)) { - resp.setContentType("text/html;charset=UTF-8"); - PrintWriter out = new PrintWriter(resp.getOutputStream()); - out.print(getIdentityLinkForm); - out.flush(); - Logger.debug("Finished GET "+GenerateIFrameTemplateServlet.class); - } - } + + // start process + getProcessEngine().start(processInstanceId); + + } catch (WrongParametersException ex) { handleWrongParameters(ex, req, resp); } @@ -206,4 +202,13 @@ public class GenerateIFrameTemplateServlet extends AuthServlet { ConfigurationDBUtils.closeSession(); } } + + + + + + + + + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java index bbc704f22..41c2a9c6a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java @@ -69,6 +69,7 @@ import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.modules.internal.tasks.GetForeignIDTask;
import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser;
import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
import at.gv.egovernment.moa.id.client.SZRGWClientException; @@ -85,6 +86,7 @@ import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; * Servlet requested for getting the foreign eID
* provided by the security layer implementation.
* Utilizes the {@link AuthenticationServer}.
+ * @deprecated Use {@link GetForeignIDTask} instead.
*
*/
public class GetForeignIDServlet extends AuthServlet {
@@ -134,6 +136,8 @@ public class GetForeignIDServlet extends AuthServlet { Logger.debug("POST GetForeignIDServlet");
+ Logger.warn(getClass().getName() + " is deprecated and should not be used any more.");
+
resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java index 9e2e845b5..043b660c1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java @@ -67,6 +67,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; +import at.gv.egovernment.moa.id.auth.modules.internal.tasks.GetMISSessionIDTask; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; @@ -83,7 +84,7 @@ import at.gv.egovernment.moa.util.DOMUtils; /** * Servlet requested for getting the foreign eID provided by the security layer * implementation. Utilizes the {@link AuthenticationServer}. - * + * @deprecated Use {@link GetMISSessionIDTask} instead. */ public class GetMISSessionIDServlet extends AuthServlet { @@ -136,6 +137,8 @@ public class GetMISSessionIDServlet extends AuthServlet { Logger.debug("POST GetMISSessionIDServlet"); + Logger.warn(getClass().getName() + " is deprecated and should not be used any more."); + resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES, MOAIDAuthConstants.HEADER_VALUE_EXPIRES); resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA, @@ -197,6 +200,7 @@ public class GetMISSessionIDServlet extends AuthServlet { // for now: list contains only one element MISMandate mandate = (MISMandate) list.get(0); + // TODO[tlenz]: UTF-8 ? String sMandate = new String(mandate.getMandate()); if (sMandate == null || sMandate.compareToIgnoreCase("") == 0) { Logger.error("Mandate is empty."); @@ -206,6 +210,7 @@ public class GetMISSessionIDServlet extends AuthServlet { //check if it is a parsable XML byte[] byteMandate = mandate.getMandate(); + // TODO[tlenz]: UTF-8 ? String stringMandate = new String(byteMandate); DOMUtils.parseDocument(stringMandate, false, null, null).getDocumentElement(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java deleted file mode 100644 index e04f97e6e..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java +++ /dev/null @@ -1,126 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -package at.gv.egovernment.moa.id.auth.servlet; - -import java.io.IOException; -import java.io.PrintWriter; -import java.util.Arrays; -import java.util.List; - -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; -import at.gv.egovernment.moa.id.monitoring.TestManager; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; - -public class MonitoringServlet extends AuthServlet { - - private static final long serialVersionUID = 1L; - private static final String REQUEST_ATTR_MODULE = "module"; - - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { - - try { - AuthConfigurationProvider config = AuthConfigurationProvider.getInstance(); - - if (config.isMonitoringActive()) { - Logger.debug("Monitoring Servlet received request"); - - TestManager tests = TestManager.getInstance(); - - String modulename = req.getParameter(REQUEST_ATTR_MODULE); - if (MiscUtil.isEmpty(modulename)) { - - List<String> error = tests.executeTests(); - if (error != null && error.size() > 0) { - createErrorMessage(req, resp, error); - - } else { - resp.setStatus(HttpServletResponse.SC_OK); - resp.setContentType("text/html;charset=UTF-8"); - resp.getWriter().write(getHtml(config.getMonitoringMessageSuccess())); - Logger.info("Monitoring Servlet finished without errors"); - } - - } else { - if (tests.existsModule(modulename)) { - List<String> errors = tests.executeTest(modulename); - if (errors != null && errors.size() > 0) { - createErrorMessage(req, resp, errors); - - } else { - resp.setStatus(HttpServletResponse.SC_OK); - resp.setContentType("text/html;charset=UTF-8"); - resp.getWriter().write(getHtml(config.getMonitoringMessageSuccess())); - Logger.info("Monitoring Servlet finished without errors"); - } - - } else { - Logger.warn("NO Testmodule exists with modulename " + modulename); - resp.setStatus(HttpServletResponse.SC_NOT_FOUND); - resp.setContentType("text/html;charset=UTF-8"); - PrintWriter out; - try { - out = new PrintWriter(resp.getOutputStream()); - out.write("NO Testmodule exists with modulename " + modulename); - out.flush(); - - } catch (IOException e) { - Logger.warn("Internal Monitoring Servlet Error. ", e); - } - } - - } - } - - } catch (ConfigurationException e) { - createErrorMessage(req, resp, Arrays.asList(e.getMessage())); - } - } - - private void createErrorMessage(HttpServletRequest req, HttpServletResponse resp, List<String> errorMessage) { - Logger.warn("Monitoring Servlet found some Error: " + errorMessage); - resp.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); - resp.setContentType("text/html;charset=UTF-8"); - PrintWriter out; - try { - out = new PrintWriter(resp.getOutputStream()); - for (String error : errorMessage) - out.write(error + "<br>"); - out.flush(); - - } catch (IOException e) { - Logger.warn("Internal Monitoring Servlet Error. ", e); - } - } - - private String getHtml(String text) { - return "<html><head><title>Reponse</title></head><body>" + text +"</body></html>"; - } -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index 8aef6af2d..7357818c8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -104,6 +104,7 @@ import javax.xml.ws.BindingProvider; /**
* Endpoint for receiving STORK response messages
+ * @deprecated Use {@link at.gv.egovernment.moa.id.auth.modules.stork.tasks.PepsConnectorTask} instead.
*/
public class PEPSConnectorServlet extends AuthServlet {
@@ -155,6 +156,8 @@ public class PEPSConnectorServlet extends AuthServlet { try {
+ Logger.warn(getClass().getName() + " is deprecated and should not be used any more.");
+
Logger.info("PEPSConnector Servlet invoked, expecting C-PEPS message.");
Logger.debug("This ACS endpoint is: " + HTTPUtils.getBaseURL(request));
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorWithLocalSigningServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorWithLocalSigningServlet.java index 3bc79f8bd..337a9ed31 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorWithLocalSigningServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorWithLocalSigningServlet.java @@ -109,6 +109,7 @@ import eu.stork.peps.exceptions.STORKSAMLEngineException; /** * Endpoint for receiving STORK response messages + * @deprecated Use {@link at.gv.egovernment.moa.id.auth.modules.stork.tasks.PepsConnectorHandleResponseWithoutSignatureTask} instead. */ public class PEPSConnectorWithLocalSigningServlet extends AuthServlet { private static final long serialVersionUID = 1L; @@ -131,6 +132,8 @@ public class PEPSConnectorWithLocalSigningServlet extends AuthServlet { */ protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + Logger.warn(getClass().getName() + " is deprecated and should not be used any more."); + String moaSessionID1 = request.getParameter("moaSessionID"); String signResponse = request.getParameter("signresponse"); Logger.info("moaSessionID1:"+moaSessionID1); @@ -473,6 +476,7 @@ public class PEPSConnectorWithLocalSigningServlet extends AuthServlet { Logger.info("Found AttributeProviderPlugin attribute:"+ap.getAttributes()); if(ap.getAttributes().equalsIgnoreCase("signedDoc")) { + // FIXME[tlenz]: A servlet's class field is not thread safe. oasisDssWebFormURL = ap.getUrl(); found = true; Logger.info("Loaded signedDoc attribute provider url from config:"+oasisDssWebFormURL); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java new file mode 100644 index 000000000..a99b7aeef --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java @@ -0,0 +1,83 @@ +package at.gv.egovernment.moa.id.auth.servlet;
+
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang.StringEscapeUtils;
+
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+
+/**
+ * Servlet that resumes a suspended process (in case of asynchronous tasks).
+ *
+ * @author tknall
+ *
+ */
+public class ProcessEngineSignalServlet extends AuthServlet {
+
+ private static final long serialVersionUID = 1L;
+
+ /**
+ * Sets response headers that prevent caching (code taken from {@link AuthServlet}).
+ *
+ * @param resp
+ * The HttpServletResponse.
+ */
+ private void setNoCachingHeaders(HttpServletResponse resp) {
+ resp.setHeader(HEADER_EXPIRES, HEADER_VALUE_EXPIRES);
+ resp.setHeader(HEADER_PRAGMA, HEADER_VALUE_PRAGMA);
+ resp.setHeader(HEADER_CACHE_CONTROL, HEADER_VALUE_CACHE_CONTROL);
+ resp.addHeader(HEADER_CACHE_CONTROL, HEADER_VALUE_CACHE_CONTROL_IE);
+ }
+
+ /**
+ * Processes a GET request, delegating the call to {@link #doPost(HttpServletRequest, HttpServletResponse)}.
+ */
+ @Override
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
+ this.doPost(req, resp);
+ }
+
+ /**
+ * Resumes the current process instance that has been suspended due to an asynchronous task. The process instance is
+ * retrieved from the MOA session referred to by the request parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}.
+ */
+ @Override
+ protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
+ String sessionID = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_SESSIONID));
+
+ setNoCachingHeaders(resp);
+ try {
+
+ // check parameter
+ if (!ParamValidatorUtils.isValidSessionID(sessionID)) {
+ throw new WrongParametersException("ProcessEngineSignal", PARAM_SESSIONID, "auth.12");
+ }
+
+ // retrieve moa session
+ AuthenticationSession session = AuthenticationServer.getSession(sessionID);
+
+ // process instance is mandatory
+ if (session.getProcessInstanceId() == null) {
+ throw new IllegalStateException("MOA session does not provide process instance id.");
+ }
+
+ // wake up next task
+ getProcessEngine().signal(session.getProcessInstanceId());
+
+ } catch (Exception ex) {
+ handleError(null, ex, req, resp, null);
+ } finally {
+ MOASessionDBUtils.closeSession();
+ }
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java index e7fa9cbd7..a8fe71485 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java @@ -71,6 +71,7 @@ import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; +import at.gv.egovernment.moa.id.auth.modules.internal.tasks.VerifyAuthenticationBlockTask; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.ConnectionParameter; @@ -92,6 +93,7 @@ import at.gv.egovernment.moa.util.DOMUtils; * * @author Paul Ivancsics * @version $Id$ + * @deprecated Use {@link VerifyAuthenticationBlockTask} instead. */ public class VerifyAuthenticationBlockServlet extends AuthServlet { @@ -153,6 +155,8 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { Logger.debug("POST VerifyAuthenticationBlock"); + Logger.warn(getClass().getName() + " is deprecated and should not be used any more."); + resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java index a3397f561..2aa717a65 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java @@ -65,6 +65,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.modules.internal.tasks.VerifyCertificateTask;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
@@ -77,6 +78,7 @@ import at.gv.egovernment.moa.spss.util.CertificateUtils; * Servlet requested for getting the foreign eID
* provided by the security layer implementation.
* Utilizes the {@link AuthenticationServer}.
+ * @deprecated Use {@link VerifyCertificateTask} instead.
*
*/
public class VerifyCertificateServlet extends AuthServlet {
@@ -126,6 +128,8 @@ public class VerifyCertificateServlet extends AuthServlet { Logger.debug("POST VerifyCertificateServlet");
+ Logger.warn(getClass().getName() + " is deprecated and should not be used any more.");
+
resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
@@ -180,7 +184,8 @@ public class VerifyCertificateServlet extends AuthServlet { throw new MOAIDException("session store error", null);
}
- ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyCertificate");
+ ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyCertificate");
+
}
else {
@@ -208,8 +213,7 @@ public class VerifyCertificateServlet extends AuthServlet { throw new MOAIDException("session store error", null);
}
- ServletUtils.writeCreateXMLSignatureRequest(resp, session, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "GetForeignID", dataurl);
-
+ ServletUtils.writeCreateXMLSignatureRequest(resp, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "GetForeignID", dataurl);
Logger.debug("Send CreateXMLSignatureRequest to BKU");
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java index 3b503f07b..b8e57ed43 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java @@ -53,7 +53,6 @@ import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.apache.commons.fileupload.FileUploadException; import org.apache.commons.lang.StringEscapeUtils; import at.gv.egovernment.moa.id.auth.AuthenticationServer; @@ -65,8 +64,8 @@ import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; +import at.gv.egovernment.moa.id.auth.modules.internal.tasks.VerifyIdentityLinkTask; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; -import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; @@ -82,6 +81,7 @@ import at.gv.egovernment.moa.logging.Logger; * * @author Paul Ivancsics * @version $Id$ + * @deprecated Use {@link VerifyIdentityLinkTask} instead. */ public class VerifyIdentityLinkServlet extends AuthServlet { @@ -135,6 +135,8 @@ public class VerifyIdentityLinkServlet extends AuthServlet { throws ServletException, IOException { Logger.debug("POST VerifyIdentityLink"); + + Logger.warn(getClass().getName() + " is deprecated and should not be used any more."); Map<String, String> parameters; String pendingRequestID = null; @@ -201,7 +203,7 @@ public class VerifyIdentityLinkServlet extends AuthServlet { session.getSessionID()); - ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); + ServletUtils.writeCreateXMLSignatureRequest(resp, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); } @@ -231,7 +233,7 @@ public class VerifyIdentityLinkServlet extends AuthServlet { //ServletUtils.writeCreateXMLSignatureRequestURLEncoded(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); Logger.debug("ContentType set to: text/xml;charset=UTF-8 (ServletUtils)"); - ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); + ServletUtils.writeCreateXMLSignatureRequest(resp, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); } else { |