diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java index 84732d4ce..a11601daa 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java @@ -54,6 +54,9 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.moduls.AuthenticationManager; import at.gv.egovernment.moa.id.moduls.RequestStorage; @@ -86,6 +89,16 @@ public class LogOutServlet extends AuthServlet { //set default redirect Target Logger.debug("Set default RedirectURL back to MOA-ID-Auth"); redirectUrl = AuthConfigurationProvider.getInstance().getPublicURLPrefix(); + + } else { + //return an error if RedirectURL is not a active Online-Applikation + OnlineApplication oa = ConfigurationDBRead.getActiveOnlineApplication(redirectUrl); + if (oa == null) { + resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Parameters not valid"); + return; + + } + } if (ssomanager.isValidSSOSession(ssoid, req)) { @@ -108,7 +121,12 @@ public class LogOutServlet extends AuthServlet { ssomanager.deleteSSOSessionID(req, resp); } catch (Exception e) { - Logger.warn(LogOutServlet.class.getName() + " has an LogOut Error. Redirect to Applikation " + redirectUrl, e); + resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Request not allowed."); + return; + + } finally { + ConfigurationDBUtils.closeSession(); + } //Redirect to Application |