aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java20
1 files changed, 19 insertions, 1 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
index 84732d4ce..a11601daa 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
@@ -54,6 +54,9 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
import at.gv.egovernment.moa.id.moduls.RequestStorage;
@@ -86,6 +89,16 @@ public class LogOutServlet extends AuthServlet {
//set default redirect Target
Logger.debug("Set default RedirectURL back to MOA-ID-Auth");
redirectUrl = AuthConfigurationProvider.getInstance().getPublicURLPrefix();
+
+ } else {
+ //return an error if RedirectURL is not a active Online-Applikation
+ OnlineApplication oa = ConfigurationDBRead.getActiveOnlineApplication(redirectUrl);
+ if (oa == null) {
+ resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Parameters not valid");
+ return;
+
+ }
+
}
if (ssomanager.isValidSSOSession(ssoid, req)) {
@@ -108,7 +121,12 @@ public class LogOutServlet extends AuthServlet {
ssomanager.deleteSSOSessionID(req, resp);
} catch (Exception e) {
- Logger.warn(LogOutServlet.class.getName() + " has an LogOut Error. Redirect to Applikation " + redirectUrl, e);
+ resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Request not allowed.");
+ return;
+
+ } finally {
+ ConfigurationDBUtils.closeSession();
+
}
//Redirect to Application