diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at')
4 files changed, 36 insertions, 15 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AuthModule.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AuthModule.java index a31f3ceb0..8983403d8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AuthModule.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AuthModule.java @@ -22,8 +22,9 @@ public interface AuthModule { int getPriority(); /** - * Checks if the module has a process, which is able to perform an authentication with the given - * {@link ExecutionContext}. + * Selects a process (description), referenced by its unique id, which is able to perform authentication with the + * given {@link ExecutionContext}. Returns {@code null} if no appropriate process (description) was available within + * this module. * * @param context * an ExecutionContext for a process. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/registration/ModuleRegistration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/registration/ModuleRegistration.java index fa1878e74..9c950366c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/registration/ModuleRegistration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/registration/ModuleRegistration.java @@ -128,7 +128,7 @@ public class ModuleRegistration { } /** - * Returns the process id of the first process, in the highest ranked + * Returns the process description id of the first process, in the highest ranked * module, which is able to work with the given execution context. * * @param context diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java index a99b7aeef..d670cbe8a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java @@ -9,6 +9,7 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
@@ -23,7 +24,7 @@ import at.gv.egovernment.moa.id.util.ParamValidatorUtils; public class ProcessEngineSignalServlet extends AuthServlet {
private static final long serialVersionUID = 1L;
-
+
/**
* Sets response headers that prevent caching (code taken from {@link AuthServlet}).
*
@@ -51,14 +52,13 @@ public class ProcessEngineSignalServlet extends AuthServlet { */
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
- String sessionID = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_SESSIONID));
+ String sessionID = StringEscapeUtils.escapeHtml(getMoaSessionId(req));
setNoCachingHeaders(resp);
try {
-
- // check parameter
- if (!ParamValidatorUtils.isValidSessionID(sessionID)) {
- throw new WrongParametersException("ProcessEngineSignal", PARAM_SESSIONID, "auth.12");
+
+ if (sessionID == null) {
+ throw new IllegalStateException("Unable to determine MOA session id.");
}
// retrieve moa session
@@ -80,4 +80,19 @@ public class ProcessEngineSignalServlet extends AuthServlet { }
+ /**
+ * Retrieves the current MOA session id from the HttpServletRequest parameter
+ * {@link MOAIDAuthConstants#PARAM_SESSIONID}.
+ * <p/>
+ * Note that this class/method can be overwritten by modules providing their own strategy of retrieving the
+ * respective MOA session id.
+ *
+ * @param request
+ * The unterlying HttpServletRequest.
+ * @return The current MOA session id.
+ */
+ public String getMoaSessionId(HttpServletRequest request) {
+ return StringEscapeUtils.escapeHtml(request.getParameter(PARAM_SESSIONID));
+ }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/SpringWebExpressionEvaluator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/SpringWebExpressionEvaluator.java index 499e86fa0..af6822ba6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/SpringWebExpressionEvaluator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/SpringWebExpressionEvaluator.java @@ -124,12 +124,17 @@ public class SpringWebExpressionEvaluator implements ExpressionEvaluator { log.trace("Evaluating '{}'.", expression); Expression expr = parser.parseExpression(expression); - Boolean result = expr.getValue(evaluationContext, new SpringWebExpressionEvaluationContext(expressionContext), - Boolean.class); - if (result == null) { - log.warn("Evaluation of '{}' results in null-value.", expression); - } else { - log.debug("Expression '{}' -> {}", expression, result); + Boolean result = null; + try { + result = expr.getValue(evaluationContext, new SpringWebExpressionEvaluationContext(expressionContext), + Boolean.class); + if (result == null) { + log.warn("Evaluation of '{}' results in null-value.", expression); + } else { + log.debug("Expression '{}' -> {}", expression, result); + } + } catch (Exception e) { + log.warn("Expression '{}' could not be processed.", expression, e); } return BooleanUtils.isTrue(result); |