diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java | 71 |
1 files changed, 42 insertions, 29 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java index 89834307d..e2eda5755 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java @@ -124,37 +124,50 @@ public class ProcessValidatorInputServlet extends AuthServlet { String dataURL = new DataURLBuilder().buildDataURL(
session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, sessionID);
- // Test if we have a user input form sign template
- String inputProcessorSignTemplateURL = req.getParameter(PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE);
- String inputProcessorSignTemplate = null;
- OAAuthParameter oaParam =
- AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getOAURLRequested());
- // override template url by url from configuration file
- if (oaParam.getInputProcessorSignTemplateURL() != null) {
- inputProcessorSignTemplateURL = oaParam.getInputProcessorSignTemplateURL();
- }
- if (inputProcessorSignTemplateURL != null) {
- try {
- inputProcessorSignTemplate = new String(FileUtils.readURL(inputProcessorSignTemplateURL));
- } catch (IOException ex) {
- throw new AuthenticationException(
- "auth.03",
- new Object[] { inputProcessorSignTemplateURL, ex.toString()},
- ex);
+ String htmlForm = null;
+
+ boolean doInputProcessorSign = false;
+ String inputProcessorSignForm = req.getParameter("Sign_Form");
+ if (inputProcessorSignForm==null) inputProcessorSignForm = (String) req.getAttribute("Sign_Form");
+ if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form");
+ if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form_");
+ if (!ParepUtils.isEmpty(inputProcessorSignForm)) doInputProcessorSign = inputProcessorSignForm.equalsIgnoreCase("true");
+ if (doInputProcessorSign) {
+ // Test if we have a user input form sign template
+ String inputProcessorSignTemplateURL = req.getParameter(PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE);
+ String inputProcessorSignTemplate = null;
+ OAAuthParameter oaParam =
+ AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getOAURLRequested());
+ // override template url by url from configuration file
+ if (oaParam.getInputProcessorSignTemplateURL() != null) {
+ inputProcessorSignTemplateURL = oaParam.getInputProcessorSignTemplateURL();
+ }
+ if (inputProcessorSignTemplateURL != null) {
+ try {
+ inputProcessorSignTemplate = new String(FileUtils.readURL(inputProcessorSignTemplateURL));
+ } catch (IOException ex) {
+ throw new AuthenticationException(
+ "auth.03",
+ new Object[] { inputProcessorSignTemplateURL, ex.toString()},
+ ex);
+ }
}
+
+ htmlForm = new GetVerifyAuthBlockFormBuilder().build(
+ inputProcessorSignTemplate, session.getBkuURL(), createXMLSignatureRequestOrRedirect, dataURL, session.getPushInfobox());
+ htmlForm = ParepUtils.replaceAll(htmlForm, "<BASE_href>", session.getAuthURL());
+ htmlForm = ParepUtils.replaceAll(htmlForm, "<MOASessionID>", sessionID);
+ htmlForm = ParepUtils.replaceAll(htmlForm, "<BKU>", session.getBkuURL());
+ htmlForm = ParepUtils.replaceAll(htmlForm, "<DataURL>", dataURL);
+ htmlForm = ParepUtils.replaceAll(htmlForm, "<PushInfobox>", session.getPushInfobox());
+ resp.setContentType("text/html;charset=UTF-8");
+ } else {
+ htmlForm = createXMLSignatureRequestOrRedirect;
+ resp.setStatus(307);
+ resp.addHeader("Location", dataURL);
+ //TODO test impact of explicit setting charset with older versions of BKUs (HotSign)
+ resp.setContentType("text/xml;charset=UTF-8");
}
-
-
-
- String htmlForm = new GetVerifyAuthBlockFormBuilder().build(
- inputProcessorSignTemplate, session.getBkuURL(), createXMLSignatureRequestOrRedirect, dataURL, session.getPushInfobox());
- htmlForm = ParepUtils.replaceAll(htmlForm, "<BASE_href>", session.getAuthURL());
- htmlForm = ParepUtils.replaceAll(htmlForm, "<MOASessionID>", sessionID);
- htmlForm = ParepUtils.replaceAll(htmlForm, "<BKU>", session.getBkuURL());
- htmlForm = ParepUtils.replaceAll(htmlForm, "<DataURL>", dataURL);
- htmlForm = ParepUtils.replaceAll(htmlForm, "<PushInfobox>", session.getPushInfobox());
-
- resp.setContentType("text/html;charset=UTF-8");
OutputStream out = resp.getOutputStream();
out.write(htmlForm.getBytes("UTF-8"));
|