diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth')
14 files changed, 203 insertions, 84 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java index a35b45af2..b0f452861 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java @@ -158,7 +158,7 @@ public class MOAIDAuthInitializer { fixJava8_141ProblemWithSSLAlgorithms(); - if (!authConf.getBasicMOAIDConfigurationBoolean(ConfigurationProviderImpl.VALIDATION_AUTHBLOCK_TARGETFRIENDLYNAME, true)) + if (!authConf.getBasicConfigurationBoolean(ConfigurationProviderImpl.VALIDATION_AUTHBLOCK_TARGETFRIENDLYNAME, true)) Logger.info("AuthBlock 'TargetFriendlyName' validation deactivated"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index acf59cebf..3a826ed13 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -53,6 +53,7 @@ import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException; import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.exceptions.EAAFParserException; import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; import at.gv.egiz.eaaf.core.exceptions.XPathException; @@ -60,6 +61,7 @@ import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData; import at.gv.egiz.eaaf.core.impl.idp.auth.builder.AbstractAuthenticationDataBuilder; import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; +import at.gv.egiz.eaaf.core.impl.idp.builder.SimpleStringAttributeGenerator; import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; @@ -84,7 +86,6 @@ import at.gv.egovernment.moa.id.data.MISMandate; import at.gv.egovernment.moa.id.data.MOAAuthenticationData; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonSourcePinAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonSourcePinTypeAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.SimpleStringAttributeGenerator; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.IdentityLinkReSigner; @@ -116,7 +117,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder @PostConstruct private void initialize() { - Map<String, String> pubKeyMap = authConfig.getBasicMOAIDConfigurationWithPrefix(CONFIGURATION_PROP_FOREIGN_BPK_ENC_KEYS); + Map<String, String> pubKeyMap = authConfig.getBasicConfigurationWithPrefix(CONFIGURATION_PROP_FOREIGN_BPK_ENC_KEYS); for (Entry<String, String> el : pubKeyMap.entrySet()) { try { encKeyMap.put(el.getKey(), new X509Certificate(Base64Utils.decode(el.getValue(), false))); @@ -134,7 +135,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder } @Override - public IAuthData buildAuthenticationData(IRequest pendingReq) throws EAAFAuthenticationException { + protected IAuthData buildDeprecatedAuthData(IRequest pendingReq) throws EAAFException { try { return buildAuthenticationData(pendingReq, pendingReq.getSessionData(AuthenticationSessionWrapper.class), @@ -145,7 +146,6 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder throw new EAAFAuthenticationException("builder.11", new Object[]{e.getMessage()}, e); } - } private IAuthData buildAuthenticationData(IRequest pendingReq, @@ -216,13 +216,17 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder IOAAuthParameters oaParam, IRequest protocolRequest) throws BuildException, ConfigurationException, EAAFBuilderException { try { //generate basic authentication data - generateBasicAuthData(authData, protocolRequest, session); + generateDeprecatedBasicAuthData(authData, protocolRequest, session); //set Austrian eID demo-mode flag authData.setIseIDNewDemoMode(Boolean.parseBoolean( oaParam.getConfigurationValue( MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, - String.valueOf(false)))); + String.valueOf(false))) || + Boolean.parseBoolean( + oaParam.getConfigurationValue( + MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_PROXY_MODE, + String.valueOf(false)))); if (authData.isIseIDNewDemoMode()) { Logger.info("Demo-mode for 'New Austrian eID' is active. Set 'BaseIDTransferRestrication' to true"); @@ -428,6 +432,24 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder authData.setMISMandate(misMandate); authData.setUseMandate(true); + //#################################################### + // set bPK and IdentityLink for Organwalter --> + // Organwalter has a special bPK is received from MIS + if (authData.isUseMandate() && session.isOW() && misMandate != null + && MiscUtil.isNotEmpty(misMandate.getOWbPK())) { + //TODO: if full-mandate is removed in OPB --> OWbPK functionality needs an update!!! + authData.setBPK(misMandate.getOWbPK()); + authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + "OW"); + Logger.trace("Authenticated User is OW: " + misMandate.getOWbPK()); + + //set bPK and IdenityLink for all other + Logger.debug("User is an OW. Set original IDL into authdata ... "); + authData.setIdentityLink(session.getIdentityLink()); + + + + } + } catch (IOException e) { Logger.error("Base64 decoding of PVP-Attr:"+ PVPConstants.MANDATE_FULL_MANDATE_FRIENDLY_NAME + " FAILED.", e); @@ -471,24 +493,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder } } - //#################################################### - // set bPK and IdentityLink for Organwalter --> - // Organwalter has a special bPK is received from MIS - if (authData.isUseMandate() && session.isOW() && misMandate != null - && MiscUtil.isNotEmpty(misMandate.getOWbPK())) { - //TODO: if full-mandate is removed in OPB --> OWbPK functionality needs an update!!! - authData.setBPK(misMandate.getOWbPK()); - authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + "OW"); - Logger.trace("Authenticated User is OW: " + misMandate.getOWbPK()); - - //set bPK and IdenityLink for all other - Logger.debug("User is an OW. Set original IDL into authdata ... "); - authData.setIdentityLink(session.getIdentityLink()); - - - - } - + //################################################################### //set PVP role attribute (implemented for ISA 1.18 action) includedToGenericAuthData.remove(PVPConstants.ROLES_NAME); @@ -537,18 +542,21 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder //build foreign bPKs generateForeignbPK(oaParam, authData); - + + Logger.debug("Search for additional bPKs"); + generateAdditonalbPK(authData, oaParam.additionalbPKSectorsRequested()); if (Boolean.parseBoolean( oaParam.getConfigurationValue( MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_DEMO_MODE, - String.valueOf(false)))) { + String.valueOf(false))) || + Boolean.parseBoolean( + oaParam.getConfigurationValue( + MOAIDConfigurationConstants.SERVICE_AUTH_AUSTRIAN_EID_PROXY_MODE, + String.valueOf(false)))) { Logger.info("Demo-Mode for Austrian eID is active. Post-Processing authData according the new requirements ... "); - //build additional bPKs - Logger.debug("Search for additional bPKs"); - generateAdditonalbPK(authData, oaParam.additionalbPKSectorsRequested()); - + //build additional bPKs Logger.debug("Clearing identitylink ... "); authData.setIdentityLink(null); @@ -558,6 +566,10 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder Logger.info("Post-Processing for Austrian eID finished"); } + + injectNewEidAttributes(authData, session); + + //#################################################################### //copy all generic authentication information, which are not processed before to authData Iterator<String> copyInterator = includedToGenericAuthData.iterator(); @@ -582,7 +594,33 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder } - /** + private void injectNewEidAttributes(MOAAuthenticationData authData, IAuthenticationSession session) { + try { + String onlineIdl = session.getGenericDataFromSession(PVPConstants.EID_E_ID_TOKEN_NAME, String.class); + if (StringUtils.isNoneEmpty(onlineIdl)) { + authData.seteIDToken(Base64Utils.decode(onlineIdl, true)); + } + + } catch (IOException e) { + Logger.warn("Attribute: " + PVPConstants.EID_E_ID_TOKEN_NAME + " found, but injection failed: " + e.getMessage()); + + } + +// try { +// String eidStatusLevel = session.getGenericDataFromSession(PVPConstants.EID_IDENTITY_STATUS_LEVEL_NAME, String.class); +// if (StringUtils.isNotEmpty(eidStatusLevel)) { +// authData.setEidStatus(PVPConstants.EID_IDENTITY_STATUS_LEVEL_VALUES.); +// } +// } catch (Exception e) { +// Logger.warn("Attribute: " + PVPConstants.EID_IDENTITY_STATUS_LEVEL_NAME + " found, but injection failed: " + e.getMessage()); +// +// } + + } + + + + /** * @param authData * @param notValidbPK * @param notValidbPKType @@ -894,7 +932,12 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder } } catch (Exception e) { - Logger.warn("Foreign bPK generation FAILED for sector: " + foreignSector, e); + Logger.info("Foreign bPK generation FAILED for sector: " + foreignSector); + if (Logger.isDebugEnabled()) { + Logger.warn("Details: ", e); + + } + } @@ -912,18 +955,61 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder private void generateAdditonalbPK(MOAAuthenticationData authData, List<String> additionalbPKSectorsRequested) throws EAAFBuilderException { if (additionalbPKSectorsRequested != null && !additionalbPKSectorsRequested.isEmpty()) { - Logger.debug("Sectors for foreign bPKs are configurated. Starting foreign bPK generation ... "); - for (String sector : additionalbPKSectorsRequested) { - Logger.trace("Process sector: " + sector + " ... "); - Pair<String, String> bpk = new BPKBuilder().generateAreaSpecificPersonIdentifier( - authData.getIdentificationValue(), - authData.getIdentificationType(), - sector); - - Logger.trace("Calculate additional bPK for sector: " + bpk.getSecond() + " with value: " + bpk.getFirst() ); - authData.addAdditionalbPKPair(bpk); - - } + Logger.debug("Sectors for foreign bPKs are configurated. Starting foreign bPK generation ... "); + + try { + for (String sector : additionalbPKSectorsRequested) { + Logger.trace("Process sector: " + sector + " ... "); + Pair<String, String> bpk = new BPKBuilder().generateAreaSpecificPersonIdentifier( + authData.getIdentificationValue(), + authData.getIdentificationType(), + sector); + + Logger.trace("Calculate additional bPK for sector: " + bpk.getSecond() + " with value: " + bpk.getFirst() ); + authData.addAdditionalbPKPair(bpk); + + } + + } catch (Exception e) { + Logger.info("Can NOT generate additional bPKs. Reason: " + e.getMessage()); + + if (Logger.isDebugEnabled()) { + Logger.warn("StackTrace: ", e); + + } + + } } } + @Override + protected boolean matchsReceivedbPKToOnlineApplication(ISPConfiguration oaParam, String bPKType) { + boolean bPKTypeMatch = oaParam.getAreaSpecificTargetIdentifier().equals(bPKType); + if (!bPKTypeMatch) { + Logger.trace("bPKType does not match to Online-Application. Checking if it is Prof.Rep. bPK ... "); + if (EAAFConstants.URN_PREFIX_OW_BPK.equals(bPKType)) { + Logger.debug("Find Prof.Rep. bPKType. This matchs on every SP-Target"); + bPKTypeMatch = true; + + } else + Logger.trace("bPKType is not of type: " + EAAFConstants.URN_PREFIX_OW_BPK + " Matching failed."); + + } + + return bPKTypeMatch; + + } + + @Override + protected IAuthData getAuthDataInstance(IRequest pendingReq) throws EAAFException { + throw new RuntimeException("This method is NOT supported by MOA-ID"); + + } + + @Override + protected void buildServiceSpecificAuthenticationData(IAuthData authData, IRequest pendingReq) + throws EAAFException { + throw new RuntimeException("This method is NOT supported by MOA-ID"); + + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index cadaec2a0..8b587c550 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -674,5 +674,17 @@ public class AuthenticationSession implements Serializable, IAuthenticationSessi result.put(GENERIC_PREFIX + el.getKey(), el.getValue()); return Collections.unmodifiableMap(result); + } + + @Override + public boolean isEIDProcess() { + return false; + + } + + @Override + public void setEIDProcess(boolean value) { + Logger.warn("set E-ID process will be ignored!!!"); + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java index c054976ec..636871a09 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java @@ -261,7 +261,6 @@ public Date getSigningDateTime() { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse#setSigningDateTime(java.util.Date) */ -@Override public void setSigningDateTime(Date signingDateTime) { this.signingDateTime = signingDateTime; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java index 48d652671..8fba069cb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java @@ -22,9 +22,14 @@ */ package at.gv.egovernment.moa.id.auth.modules; +import org.springframework.beans.factory.annotation.Autowired; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.config.auth.PropertyBasedAuthConfigurationProvider; /** * @author tlenz @@ -32,6 +37,8 @@ import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; */ public class BKUSelectionModuleImpl implements AuthModule { + @Autowired(required=false) private IConfiguration configuration; + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getPriority() */ @@ -44,13 +51,14 @@ public class BKUSelectionModuleImpl implements AuthModule { * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext) */ @Override - public String selectProcess(ExecutionContext context) { + public String selectProcess(ExecutionContext context, IRequest pendingReq) { boolean performBKUSelection = false; Object performBKUSelectionObj = context.get(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_BKUSELECTION); if (performBKUSelectionObj != null && performBKUSelectionObj instanceof Boolean) performBKUSelection = (boolean) performBKUSelectionObj; - if (performBKUSelection) + if (performBKUSelection && configuration != null + && configuration.getBasicConfigurationBoolean(PropertyBasedAuthConfigurationProvider.PROP_MOAID_MODE, true)) return "BKUSelectionProcess"; else diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/SingleSignOnConsentsModuleImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/SingleSignOnConsentsModuleImpl.java index b624e13ef..e8ce0f9c1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/SingleSignOnConsentsModuleImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/SingleSignOnConsentsModuleImpl.java @@ -22,6 +22,7 @@ */ package at.gv.egovernment.moa.id.auth.modules; +import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; @@ -46,7 +47,7 @@ public class SingleSignOnConsentsModuleImpl implements AuthModule { * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext) */ @Override - public String selectProcess(ExecutionContext context) { + public String selectProcess(ExecutionContext context, IRequest pendingReq) { Object evaluationObj = context.get(PARAM_SSO_CONSENTS_EVALUATION); if (evaluationObj != null && evaluationObj instanceof Boolean) { boolean evaluateSSOConsents = (boolean) evaluationObj; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java index 375b144d7..2c099abf6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java @@ -98,6 +98,7 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask { pendingReq.setRawDataToTransaction(ssoMOSSession.getKeyValueRepresentationFromAuthSession());; //authenticate pending-request + pendingReq.setNeedUserConsent(false); pendingReq.setAuthenticated(true); pendingReq.setAbortedByUser(false); @@ -112,7 +113,7 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask { requestStoreage.storePendingRequest(pendingReq); //redirect to auth. protocol finalization - performRedirectToProtocolFinialization(pendingReq, response); + performRedirectToProtocolFinialization(executionContext, pendingReq, request, response); } catch (MOAIDException e) { throw new TaskExecutionException(pendingReq, e.getMessage(), e); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java index 98e632bd8..cc070f8fd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java @@ -73,7 +73,7 @@ public class GenerateBKUSelectionFrameTask extends AbstractAuthServletTask { SPSpecificGUIBuilderConfigurationWithDBLoad.VIEW_BKUSELECTION, GeneralProcessEngineSignalController.ENDPOINT_BKUSELECTION_EVALUATION); - guiBuilder.build(response, config, "BKU-Selection form"); + guiBuilder.build(request, response, config, "BKU-Selection form"); } catch (GUIBuildException e) { Logger.warn("Can not build GUI:'BKU-Selection'. Msg:" + e.getMessage()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java index 3c364e924..64c3721df 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java @@ -71,7 +71,7 @@ public class GenerateSSOConsentEvaluatorFrameTask extends AbstractAuthServletTas SPSpecificGUIBuilderConfigurationWithDBLoad.VIEW_SENDASSERTION, GeneralProcessEngineSignalController.ENDPOINT_SENDASSERTION_EVALUATION); - guiBuilder.build(response, config, "SendAssertion-Evaluation"); + guiBuilder.build(request, response, config, "SendAssertion-Evaluation"); //Log consents evaluator event to revisionslog revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_START); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java index c66353846..32660a3db 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java @@ -176,7 +176,7 @@ public class VerifyXMLSignatureResponseParser { public IVerifiyXMLSignatureResponse parseData() throws ParseException { - IVerifiyXMLSignatureResponse respData=new VerifyXMLSignatureResponse(); + VerifyXMLSignatureResponse respData=new VerifyXMLSignatureResponse(); try { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java index 18aa93cc9..6803264dd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java @@ -59,7 +59,7 @@ public class GUILayoutBuilderServlet extends AbstractController { @Autowired AuthConfiguration authConfig; @Autowired IRequestStorage requestStoreage; - @Autowired IGUIFormBuilder formBuilder; + @Autowired IGUIFormBuilder formBuilder; public GUILayoutBuilderServlet() { super(); @@ -93,7 +93,7 @@ public class GUILayoutBuilderServlet extends AbstractController { } //build GUI component - formBuilder.build(resp, config, MOAIDConstants.DEFAULT_CONTENT_TYPE_HTML_UTF8, "BKUDetection-Frame"); + formBuilder.build(req, resp, config, MOAIDConstants.DEFAULT_CONTENT_TYPE_HTML_UTF8, "BKUDetection-Frame"); } catch (Exception e) { @@ -124,7 +124,7 @@ public class GUILayoutBuilderServlet extends AbstractController { null); //build GUI component - formBuilder.build(resp, config, "text/css; charset=UTF-8", "CSS-Form"); + formBuilder.build(req, resp, config, "text/css; charset=UTF-8", "CSS-Form"); } catch (Exception e) { Logger.warn("GUI ressource:'CSS' generation FAILED.", e); @@ -153,7 +153,7 @@ public class GUILayoutBuilderServlet extends AbstractController { GeneralProcessEngineSignalController.ENDPOINT_BKUSELECTION_EVALUATION); //build GUI component - formBuilder.build(resp, config, "text/javascript; charset=UTF-8", "JavaScript"); + formBuilder.build(req, resp, config, "text/javascript; charset=UTF-8", "JavaScript"); } catch (Exception e) { Logger.warn("GUI ressource:'JavaScript' generation FAILED.", e); @@ -168,7 +168,7 @@ public class GUILayoutBuilderServlet extends AbstractController { req.getParameter(EAAFConstants.PARAM_HTTP_TARGET_PENDINGREQUESTID)); if (MiscUtil.isNotEmpty(pendingReqID)) { - IRequest pendingReq = requestStorage.getPendingRequest(pendingReqID); + IRequest pendingReq = requestStoreage.getPendingRequest(pendingReqID); if (pendingReq != null) { Logger.trace("GUI-Layout builder: Pending-request:" + pendingReqID + " found -> Build specific template"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java index 87325989a..09b18d9c6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java @@ -31,6 +31,7 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; /** @@ -50,7 +51,7 @@ public class GeneralProcessEngineSignalController extends AbstractProcessEngineS "/signalProcess" }, method = {RequestMethod.POST, RequestMethod.GET}) - public void performGenericAuthenticationProcess(HttpServletRequest req, HttpServletResponse resp) throws IOException { + public void performGenericAuthenticationProcess(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException { signalProcessManagement(req, resp); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java index c39d78d8b..496501760 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java @@ -37,10 +37,13 @@ import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; import at.gv.egiz.eaaf.core.api.idp.auth.IAuthenticationManager; +import at.gv.egiz.eaaf.core.api.idp.auth.services.IProtocolAuthenticationService; import at.gv.egiz.eaaf.core.api.idp.slo.ISLOInformationContainer; import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.exceptions.GUIBuildException; +import at.gv.egiz.eaaf.core.exceptions.SLOException; import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController; import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; import at.gv.egiz.eaaf.core.impl.utils.Random; @@ -70,13 +73,14 @@ public class IDPSingleLogOutServlet extends AbstractController { @Autowired SSOManager ssoManager; @Autowired IAuthenticationManager authManager; - @Autowired IAuthenticationSessionStoreage authenicationStorage; - @Autowired SingleLogOutBuilder sloBuilder; - + @Autowired IAuthenticationSessionStoreage authenicationStorage; + @Autowired IProtocolAuthenticationService protAuthService; + @Autowired(required=true) private IGUIFormBuilder guiBuilder; + @Autowired(required=false) SingleLogOutBuilder sloBuilder; @RequestMapping(value = "/idpSingleLogout", method = {RequestMethod.GET}) public void doGet(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException, EAAFException { Logger.debug("Receive IDP-initiated SingleLogOut"); String authURL = HTTPUtils.extractAuthURLFromRequest(req); @@ -117,21 +121,21 @@ public class IDPSingleLogOutServlet extends AbstractController { null); if (MOAIDAuthConstants.SLOSTATUS_SUCCESS.equals(status)) - config.putCustomParameter("successMsg", + config.putCustomParameter(null, "successMsg", MOAIDMessageProvider.getInstance().getMessage("slo.00", null)); else - config.putCustomParameterWithOutEscaption("errorMsg", + config.putCustomParameterWithOutEscaption(null, "errorMsg", MOAIDMessageProvider.getInstance().getMessage("slo.01", null)); - guiBuilder.build(resp, config, "Single-LogOut GUI"); + guiBuilder.build(req, resp, config, "Single-LogOut GUI"); } catch (GUIBuildException e) { - handleErrorNoRedirect(e, req, resp, false); + protAuthService.handleErrorNoRedirect(e, req, resp, false); } catch (MOADatabaseException e) { - handleErrorNoRedirect(e, req, resp, false); + protAuthService.handleErrorNoRedirect(e, req, resp, false); } catch (EAAFException e) { - handleErrorNoRedirect(e, req, resp, false); + protAuthService.handleErrorNoRedirect(e, req, resp, false); } @@ -146,15 +150,22 @@ public class IDPSingleLogOutServlet extends AbstractController { if(MiscUtil.isNotEmpty(internalSSOId)) { ISLOInformationContainer sloInfoContainer = authManager.performSingleLogOut(req, resp, null, internalSSOId); - Logger.debug("Starting technical SLO process ... "); - sloBuilder.toTechnicalLogout(sloInfoContainer, req, resp, authURL); + if (sloBuilder != null) { + Logger.debug("Starting technical SLO process ... "); + sloBuilder.toTechnicalLogout(sloInfoContainer, req, resp, authURL); + + } else { + Logger.warn("Can NOT perfom Single LogOut process! NO SLOBuilder in ClassPath"); + throw new SLOException("init.05", new Object[] {"Missing depentency or modul not active"}); + + } return; } } } catch (Exception e) { - handleErrorNoRedirect(e, req, resp, false); + protAuthService.handleErrorNoRedirect(e, req, resp, false); } @@ -166,7 +177,7 @@ public class IDPSingleLogOutServlet extends AbstractController { SLOInformationContainer sloContainer = transactionStorage.get(restartProcess, SLOInformationContainer.class); if (sloContainer == null) { Logger.info("No Single LogOut processing information with ID: " + restartProcess); - handleErrorNoRedirect(new MOAIDException("slo.03", null), req, resp, false); + protAuthService.handleErrorNoRedirect(new MOAIDException("slo.03", null), req, resp, false); return; } @@ -176,7 +187,7 @@ public class IDPSingleLogOutServlet extends AbstractController { String redirectURL = null; IRequest sloReq = sloContainer.getSloRequest(); - if (sloReq != null && sloReq instanceof PVPSProfilePendingRequest) { + if (sloBuilder != null && sloReq != null && sloReq instanceof PVPSProfilePendingRequest) { //send SLO response to SLO request issuer SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor((PVPSProfilePendingRequest)sloContainer.getSloRequest()); LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, (PVPSProfilePendingRequest)sloContainer.getSloRequest(), sloContainer.getSloFailedOAs()); @@ -233,10 +244,10 @@ public class IDPSingleLogOutServlet extends AbstractController { DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT, null); - config.putCustomParameterWithOutEscaption("errorMsg", + config.putCustomParameterWithOutEscaption(null, "errorMsg", MOAIDMessageProvider.getInstance().getMessage("slo.01", null)); - guiBuilder.build(resp, config, "Single-LogOut GUI"); + guiBuilder.build(req, resp, config, "Single-LogOut GUI"); } catch (GUIBuildException e) { e.printStackTrace(); @@ -251,10 +262,10 @@ public class IDPSingleLogOutServlet extends AbstractController { DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT, null); - config.putCustomParameter("successMsg", + config.putCustomParameter(null, "successMsg", MOAIDMessageProvider.getInstance().getMessage("slo.02", null)); - guiBuilder.build(resp, config, "Single-LogOut GUI"); + guiBuilder.build(req, resp, config, "Single-LogOut GUI"); } catch (GUIBuildException e) { e.printStackTrace(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java index 478462adb..abb19c6cf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java @@ -122,9 +122,9 @@ public class RedirectServlet { authURL, DefaultGUIFormBuilderConfiguration.VIEW_REDIRECT, null); - config.putCustomParameterWithOutEscaption(URL, StringEscapeUtils.escapeHtml(url)); - config.putCustomParameter(TARGET, redirectTarget); - guiBuilder.build(resp, config, "RedirectForm.html"); + config.putCustomParameterWithOutEscaption(null, URL, StringEscapeUtils.escapeHtml(url)); + config.putCustomParameter(null, TARGET, redirectTarget); + guiBuilder.build(req, resp, config, "RedirectForm.html"); } else if (MiscUtil.isNotEmpty(interIDP)) { //store IDP identifier and redirect to generate AuthRequst service @@ -153,10 +153,10 @@ public class RedirectServlet { authURL, DefaultGUIFormBuilderConfiguration.VIEW_REDIRECT, null); - config.putCustomParameterWithOutEscaption(URL, StringEscapeUtils.escapeHtml(url)); - config.putCustomParameter(TARGET, redirectTarget); + config.putCustomParameterWithOutEscaption(null, URL, StringEscapeUtils.escapeHtml(url)); + config.putCustomParameter(null, TARGET, redirectTarget); - guiBuilder.build(resp, config, "RedirectForm.html"); + guiBuilder.build(req, resp, config, "RedirectForm.html"); } |