diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth')
7 files changed, 304 insertions, 40 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index a127dc6b5..f1c15e83b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -2575,16 +2575,17 @@ public class AuthenticationServer implements MOAIDAuthConstants { Logger.debug("Issuer value: " + issuerValue); - QualityAuthenticationAssuranceLevel qaaLevel = null;//TODO UNCOMMENT AGAIN !! = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(oaParam.getQaaLevel().getValue()); + QualityAuthenticationAssuranceLevel qaaLevel = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(oaParam.getQaaLevel().getValue()); //Logger.debug("QAALevel: " + qaaLevel.getValue()); RequestedAttributes requestedAttributes = null; - //TODO UNCOMMENT AGAIN !! requestedAttributes = oaParam.getRequestedAttributes(); + requestedAttributes = oaParam.getRequestedAttributes(); requestedAttributes.detach(); List<RequestedAttribute> reqAttributeList = new ArrayList<RequestedAttribute>(); List<RequestedAttribute> oaReqAttributeList = null; - //TODO UNCOMMENT AGAIN !! oaReqAttributeList = new ArrayList<RequestedAttribute>(oaParam.getRequestedAttributes().getRequestedAttributes()); + oaReqAttributeList = new ArrayList<RequestedAttribute>(oaParam.getRequestedAttributes().getRequestedAttributes()); + //check if country specific attributes must be additionally requested if (!cpeps.getCountrySpecificRequestedAttributes().isEmpty()) { //add country specific attributes to be requested (Hierarchy: default oa attributes > country specific attributes > oa specific attributes diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java index 5f100d5fe..9ba11bebd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java @@ -1,17 +1,26 @@ package at.gv.egovernment.moa.id.auth.builder; +import java.io.File; +import java.io.FileInputStream; +import java.io.FileNotFoundException; import java.io.InputStream; import java.io.StringWriter; +import java.net.URI; import org.apache.commons.io.IOUtils; import at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet; import at.gv.egovernment.moa.id.config.OAParameter; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol; import at.gv.egovernment.moa.logging.Logger; public class LoginFormBuilder { + + private static final String HTMLTEMPLATESDIR = "htmlTemplates/"; + private static final String HTMLTEMPLATEFULL = "loginFormFull.html"; + private static final String HTMLTEMPLATEIFRAME = "loginFormIFrame.html"; private static String AUTH_URL = "#AUTH_URL#"; private static String MODUL = "#MODUL#"; @@ -24,16 +33,41 @@ public class LoginFormBuilder { private static String SERVLET = CONTEXTPATH+"/GenerateIframeTemplate"; - private static String template; - - private static String getTemplate() { + private static String getTemplate(boolean isIFrame) { - if (template == null) { + String template = null; + try { - String classpathLocation = "resources/templates/loginForm.html"; - InputStream input = Thread.currentThread() - .getContextClassLoader() - .getResourceAsStream(classpathLocation); + String pathLocation; + + InputStream input; + + String rootconfigdir = AuthConfigurationProvider.getInstance().getRootConfigFileDir(); + + if (isIFrame) + pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEIFRAME; + else + pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEFULL; + + try { + File file = new File(new URI(pathLocation)); + input = new FileInputStream(file); + + } catch (FileNotFoundException e) { + + Logger.warn("No LoginFormTempaltes found. Use Generic Templates from package."); + + if (isIFrame) + pathLocation = "resources/templates/" + HTMLTEMPLATEIFRAME; + else + pathLocation = "resources/templates/" + HTMLTEMPLATEFULL; + + input = Thread.currentThread() + .getContextClassLoader() + .getResourceAsStream(pathLocation); + + } + StringWriter writer = new StringWriter(); IOUtils.copy(input, writer); template = writer.toString(); @@ -41,16 +75,17 @@ public class LoginFormBuilder { template = template.replace(BKU_ONLINE, OAAuthParameter.ONLINEBKU); template = template.replace(BKU_HANDY, OAAuthParameter.HANDYBKU); template = template.replace(BKU_LOCAL, OAAuthParameter.LOCALBKU); + + input.close(); + } catch (Exception e) { Logger.error("Failed to read template", e); } - } - - return template; + return template; } - public static String buildLoginForm(String modul, String action, String oaname, String contextpath) { - String value = getTemplate(); + public static String buildLoginForm(String modul, String action, String oaname, String contextpath, boolean isIFrame) { + String value = getTemplate(isIFrame); if(value != null) { if(modul == null) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java new file mode 100644 index 000000000..a72848832 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java @@ -0,0 +1,96 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import java.io.File; +import java.io.FileInputStream; +import java.io.FileNotFoundException; +import java.io.InputStream; +import java.io.StringWriter; +import java.net.URI; + +import org.apache.commons.io.IOUtils; + +import at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet; +import at.gv.egovernment.moa.id.config.OAParameter; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol; +import at.gv.egovernment.moa.logging.Logger; + +public class SendAssertionFormBuilder { + + private static final String HTMLTEMPLATESDIR = "htmlTemplates/"; + private static final String HTMLTEMPLATEFULL = "sendAssertionFormFull.html"; + private static final String HTMLTEMPLATEIFRAME = "sendAssertionFormIFrame.html"; + + private static String URL = "#URL#"; + private static String MODUL = "#MODUL#"; + private static String ACTION = "#ACTION#"; + private static String OANAME = "#OAName#"; + private static String CONTEXTPATH = "#CONTEXTPATH#"; + + private static String SERVLET = CONTEXTPATH+"/SSOSendAssertionServlet"; + + private static String getTemplate(boolean isIFrame) { + + String template = null; + + try { + String pathLocation; + InputStream input; + + String rootconfigdir = AuthConfigurationProvider.getInstance().getRootConfigFileDir(); + + if (isIFrame) + pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEIFRAME; + else + pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEFULL; + + try { + File file = new File(new URI(pathLocation)); + input = new FileInputStream(file); + + } catch (FileNotFoundException e) { + + Logger.warn("No LoginFormTempaltes found. Use Generic Templates from package."); + + if (isIFrame) + pathLocation = "resources/templates/" + HTMLTEMPLATEIFRAME; + else + pathLocation = "resources/templates/" + HTMLTEMPLATEFULL; + + input = Thread.currentThread() + .getContextClassLoader() + .getResourceAsStream(pathLocation); + + } + + StringWriter writer = new StringWriter(); + IOUtils.copy(input, writer); + template = writer.toString(); + template = template.replace(URL, SERVLET); + } catch (Exception e) { + Logger.error("Failed to read template", e); + } + + return template; + } + + public static String buildForm(String modul, String action, String oaname, String contextpath, boolean isIFrame) { + String value = getTemplate(isIFrame); + + if(value != null) { + if(modul == null) { + modul = SAML1Protocol.PATH; + } + if(action == null) { + action = SAML1Protocol.GETARTIFACT; + } + value = value.replace(MODUL, modul); + value = value.replace(ACTION, action); + value = value.replace(OANAME, oaname); + value = value.replace(CONTEXTPATH, contextpath); + } + return value; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index 94a41a21f..e6de2ce02 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -1103,7 +1103,7 @@ public class AuthenticationSession implements Serializable { * @return the ssoRequested */ - //TODO: SSO only allowed without mandates, actually + //TODO: SSO only allowed without mandates, actually!!!!!! public boolean isSsoRequested() { return ssoRequested && !useMandate; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java index 3f82c2a4c..c9a10b812 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java @@ -36,7 +36,7 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ String targetFriendlyName = null; - String sso = req.getParameter(PARAM_SSO); +// String sso = req.getParameter(PARAM_SSO); // escape parameter strings //TODO: use URLEncoder.encode!! @@ -46,17 +46,20 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ templateURL = StringEscapeUtils.escapeHtml(templateURL); useMandate = StringEscapeUtils.escapeHtml(useMandate); ccc = StringEscapeUtils.escapeHtml(ccc); - sso = StringEscapeUtils.escapeHtml(sso); +// sso = StringEscapeUtils.escapeHtml(sso); // check parameter - if (!ParamValidatorUtils.isValidOA(oaURL)) - throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); + + //pvp2.x can use general identifier (equals oaURL in SAML1) +// if (!ParamValidatorUtils.isValidOA(oaURL)) +// throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); + if (!ParamValidatorUtils.isValidUseMandate(useMandate)) throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12"); if (!ParamValidatorUtils.isValidCCC(ccc)) throw new WrongParametersException("StartAuthentication", PARAM_CCC, "auth.12"); - if (!ParamValidatorUtils.isValidUseMandate(sso)) - throw new WrongParametersException("StartAuthentication", PARAM_SSO, "auth.12"); +// if (!ParamValidatorUtils.isValidUseMandate(sso)) +// throw new WrongParametersException("StartAuthentication", PARAM_SSO, "auth.12"); //check UseMandate flag String useMandateString = null; @@ -74,22 +77,7 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ moasession.setUseMandate(useMandateString); - - //check useSSO flag - String useSSOString = null; - boolean useSSOBoolean = false; - if ((sso != null) && (sso.compareTo("") != 0)) { - useSSOString = sso; - } else { - useSSOString = "false"; - } - - if (useSSOString.compareToIgnoreCase("true") == 0) - useSSOBoolean = true; - else - useSSOBoolean = false; - moasession.setSsoRequested(useSSOBoolean); - + //load OnlineApplication configuration OAAuthParameter oaParam; if (moasession.getPublicOAURLPrefix() != null) { @@ -128,6 +116,23 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ } +// //check useSSO flag +// String useSSOString = null; +// boolean useSSOBoolean = false; +// if ((sso != null) && (sso.compareTo("") != 0)) { +// useSSOString = sso; +// } else { +// useSSOString = "false"; +// } + // +// if (useSSOString.compareToIgnoreCase("true") == 0) +// useSSOBoolean = true; +// else +// useSSOBoolean = false; + + //moasession.setSsoRequested(useSSOBoolean); + moasession.setSsoRequested(true && oaParam.useSSO()); //make always SSO if OA requested it!!!! + //Validate BKU URI if (!ParamValidatorUtils.isValidBKUURI(bkuURL, oaParam.getBKUURL())) throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java index 571d4e738..caf2e4490 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java @@ -92,7 +92,9 @@ public class LogOutServlet extends AuthServlet { //delete SSO session and MOA session AuthenticationManager authmanager = AuthenticationManager.getInstance(); - authmanager.logout(req, resp); + String moasessionid = AuthenticationSessionStoreage.getMOASessionID(ssoid); + + authmanager.logout(req, resp, moasessionid); Logger.info("User with SSO Id " + ssoid + " is logged out and get redirect to "+ redirectUrl); } else { Logger.info("No active SSO session found. User is maybe logout already and get redirect to "+ redirectUrl); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java new file mode 100644 index 000000000..ecbd87498 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java @@ -0,0 +1,125 @@ +package at.gv.egovernment.moa.id.auth.servlet; + +import iaik.util.logging.Log; + +import java.io.IOException; +import java.io.PrintWriter; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import org.apache.commons.lang.StringEscapeUtils; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; +import at.gv.egovernment.moa.id.auth.builder.RedirectFormBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.moduls.ModulUtils; +import at.gv.egovernment.moa.id.moduls.RequestStorage; +import at.gv.egovernment.moa.id.moduls.SSOManager; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; +import at.gv.egovernment.moa.util.URLEncoder; + + + +public class SSOSendAssertionServlet extends AuthServlet{ + + private static final long serialVersionUID = 1L; + + private static final String PARAM = "value"; + + protected void doPost(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + Logger.info("Receive " + SSOSendAssertionServlet.class + " Request"); + try { + + String value = req.getParameter(PARAM); + value = StringEscapeUtils.escapeHtml(value); + if (!ParamValidatorUtils.isValidUseMandate(value)) + throw new WrongParametersException("SSOSendAssertionServlet", PARAM, null); + + + SSOManager ssomanager = SSOManager.getInstance(); + //get SSO Cookie for Request + String ssoId = ssomanager.getSSOSessionID(req); + + //check SSO session + if (ssoId != null) { + String correspondingMOASession = ssomanager.existsOldSSOSession(ssoId); + + if (correspondingMOASession != null) { + Log.warn("Request sends an old SSO Session ID("+ssoId+")! " + + "Invalidate the corresponding MOASession with ID="+ correspondingMOASession); + + + AuthenticationSessionStoreage.destroySession(correspondingMOASession); + + ssomanager.deleteSSOSessionID(req, resp); + } + } + + boolean isValidSSOSession = ssomanager.isValidSSOSession(ssoId, req); + + String moaSessionID = null; + + if (isValidSSOSession) { + + + //check UseMandate flag + String valueString = null;; + if ((value != null) && (value.compareTo("") != 0)) { + valueString = value; + } else { + valueString = "false"; + } + + if (valueString.compareToIgnoreCase("true") == 0) { + moaSessionID = AuthenticationSessionStoreage.getMOASessionID(ssoId); + AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moaSessionID); + AuthenticationSessionStoreage.setAuthenticated(moaSessionID, true); + + HttpSession httpSession = req.getSession(); + IRequest protocolRequest = RequestStorage.getPendingRequest(httpSession); + + if (protocolRequest == null) + throw new AuthenticationException("auth.21", new Object[] {}); + + String redirectURL = new DataURLBuilder().buildDataURL(moasession.getAuthURL(), + ModulUtils.buildAuthURL(protocolRequest.requestedModule(), protocolRequest.requestedAction()), ""); + + resp.setContentType("text/html"); + resp.setStatus(302); + + resp.addHeader("Location", redirectURL); + Logger.debug("REDIRECT TO: " + redirectURL); + + } + + else { + throw new AuthenticationException("auth.21", new Object[] {}); + } + + } else { + handleError("SSO Session is not valid", null, req, resp); + } + + + } catch (MOADatabaseException e) { + handleError("SSO Session is not found", e, req, resp); + } catch (WrongParametersException e) { + handleError("Parameter is not valid", e, req, resp); + } catch (AuthenticationException e) { + handleError(e.getMessage(), e, req, resp); + } + } + +} |