aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java23
1 files changed, 23 insertions, 0 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 7f183c5eb..a24683545 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -92,6 +92,7 @@ import at.gv.egovernment.moa.util.MiscUtil;
public class AuthenticationManager extends MOAIDAuthConstants {
private static List<String> reqParameterWhiteListeForModules = new ArrayList<String>();
+ private static List<String> reqHeaderWhiteListeForModules = new ArrayList<String>();
public static final String MOA_SESSION = "MoaAuthenticationSession";
public static final String MOA_AUTHENTICATED = "MoaAuthenticated";
@@ -321,6 +322,16 @@ public class AuthenticationManager extends MOAIDAuthConstants {
}
+ /**
+ * Add a request header to whitelist. All parameters that are part of the white list are added into {@link ExecutionContext}
+ *
+ * @param httpReqParam http header name, but never null
+ */
+ public void addHeaderNameToWhiteList(String httpReqParam) {
+ if (MiscUtil.isNotEmpty(httpReqParam))
+ reqHeaderWhiteListeForModules.add(httpReqParam.toLowerCase());
+
+ }
/**
* Checks if a authenticated MOASession already exists and if {protocolRequest} is authenticated
@@ -422,6 +433,18 @@ public class AuthenticationManager extends MOAIDAuthConstants {
}
}
+ //add additional http request parameter to context
+ if (!reqHeaderWhiteListeForModules.isEmpty()) {
+ Enumeration<String> reqHeaderNames = httpReq.getHeaderNames();
+ while(reqHeaderNames.hasMoreElements()) {
+ String paramName = reqHeaderNames.nextElement();
+ if (MiscUtil.isNotEmpty(paramName) && reqHeaderWhiteListeForModules.contains(paramName.toLowerCase()) ) {
+ executionContext.put(paramName,
+ StringEscapeUtils.escapeHtml(httpReq.getHeader(paramName)));
+ }
+ }
+ }
+
//start process engine
startProcessEngine(pendingReq, executionContext);
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-03 03:14:33 +0000