diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index 7f183c5eb..a24683545 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -92,6 +92,7 @@ import at.gv.egovernment.moa.util.MiscUtil; public class AuthenticationManager extends MOAIDAuthConstants { private static List<String> reqParameterWhiteListeForModules = new ArrayList<String>(); + private static List<String> reqHeaderWhiteListeForModules = new ArrayList<String>(); public static final String MOA_SESSION = "MoaAuthenticationSession"; public static final String MOA_AUTHENTICATED = "MoaAuthenticated"; @@ -321,6 +322,16 @@ public class AuthenticationManager extends MOAIDAuthConstants { } + /** + * Add a request header to whitelist. All parameters that are part of the white list are added into {@link ExecutionContext} + * + * @param httpReqParam http header name, but never null + */ + public void addHeaderNameToWhiteList(String httpReqParam) { + if (MiscUtil.isNotEmpty(httpReqParam)) + reqHeaderWhiteListeForModules.add(httpReqParam.toLowerCase()); + + } /** * Checks if a authenticated MOASession already exists and if {protocolRequest} is authenticated @@ -422,6 +433,18 @@ public class AuthenticationManager extends MOAIDAuthConstants { } } + //add additional http request parameter to context + if (!reqHeaderWhiteListeForModules.isEmpty()) { + Enumeration<String> reqHeaderNames = httpReq.getHeaderNames(); + while(reqHeaderNames.hasMoreElements()) { + String paramName = reqHeaderNames.nextElement(); + if (MiscUtil.isNotEmpty(paramName) && reqHeaderWhiteListeForModules.contains(paramName.toLowerCase()) ) { + executionContext.put(paramName, + StringEscapeUtils.escapeHtml(httpReq.getHeader(paramName))); + } + } + } + //start process engine startProcessEngine(pendingReq, executionContext); |