aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java21
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java133
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java22
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java18
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java115
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java2
10 files changed, 82 insertions, 240 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 25e73d595..ce5aa15c3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -811,9 +811,9 @@ public class AuthenticationServer implements MOAIDAuthConstants {
if (session.isSsoRequested()) {
- String oaURL =new String();
+ String oaURL = new String();
try {
- oaURL = AuthConfigurationProvider.getInstance().getSSOPublicUrl();
+ oaURL = AuthConfigurationProvider.getInstance().getPublicURLPrefix();
if (MiscUtil.isNotEmpty(oaURL))
oaURL = oaURL.replaceAll("&", "&");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
index f0de8b2e3..71d2aae37 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
@@ -205,26 +205,13 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{
authURL = authURL.concat(":" + req.getServerPort());
}
authURL = authURL.concat(req.getContextPath() + "/");
-
- if (isEmpty(authURL))
- throw new WrongParametersException("StartAuthentication",
- "AuthURL", "auth.05");
-
- // check if HTTP Connection may be allowed (through
- // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY)
- //INFO: removed from MOA-ID 2.0 Config
-// String boolStr = AuthConfigurationProvider
-// .getInstance()
-// .getGenericConfigurationParameter(
-// AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY);
-
- if ((!authURL.startsWith("https:"))
-// && (false == BoolUtils.valueOf(boolStr))
- )
+
+ if (!authURL.startsWith("https:"))
throw new AuthenticationException("auth.07",
new Object[] { authURL + "*" });
- moasession.setAuthURL(authURL);
+ //set Auth URL from configuration
+ moasession.setAuthURL(AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/");
//check and set SourceID
if (oaParam.getSAML1Parameter() != null) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java
deleted file mode 100644
index 0c2bb66c0..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java
+++ /dev/null
@@ -1,133 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.auth.servlet;
-
-import java.io.IOException;
-import java.text.DateFormat;
-import java.util.Date;
-import java.util.Locale;
-
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
-import at.gv.egovernment.moa.id.util.HTTPRequestJSPForwarder;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * Servlet requested for updating the MOA-ID Auth configuration from configuration file
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class ConfigurationServlet extends HttpServlet {
-
- /**
- *
- */
- private static final long serialVersionUID = 7455620886605337681L;
-
-/**
- * Handle a HTTP GET request, used to indicated that the MOA
- * configuration needs to be updated (reloaded).
- *
- * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
- */
- public void doGet(HttpServletRequest request, HttpServletResponse response)
- throws ServletException, IOException {
-
-
- response.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
- response.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
- response.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
- response.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
-
- MOAIDMessageProvider msg = MOAIDMessageProvider.getInstance();
-
- try {
- MOAIDAuthInitializer.initialized=false;
- MOAIDAuthInitializer.initialize();
- String message = msg.getMessage("config.00", new Object[]
- { DateFormat.getTimeInstance(DateFormat.MEDIUM, Locale.GERMAN).format(new Date())} );
-
- Logger.info(message);
- HTTPRequestJSPForwarder.forwardNamed(message, "/message-auth.jsp", getServletContext(), request, response);
-
- } catch (Throwable t) {
- String errorMessage = msg.getMessage("config.04", null);
- Logger.error(errorMessage, t);
- HTTPRequestJSPForwarder.forwardNamed(errorMessage, "/message-auth.jsp", getServletContext(), request, response);
- }
- }
-
- /**
- * Do the same as <code>doGet</code>.
- *
- * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
- */
- public void doPost(HttpServletRequest request, HttpServletResponse response)
- throws ServletException, IOException {
- doGet(request, response);
- }
-
- /**
- * Calls the web application initializer.
- *
- * @see javax.servlet.Servlet#init(ServletConfig)
- */
- public void init(ServletConfig servletConfig) throws ServletException {
- super.init(servletConfig);
- }
-
-}
-
-
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
index deec69c7f..0a0355bd7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
@@ -57,17 +57,17 @@ public class GenerateIFrameTemplateServlet extends AuthServlet {
private static final long serialVersionUID = 1L;
public void init(ServletConfig servletConfig) throws ServletException {
- try {
- super.init(servletConfig);
- MOAIDAuthInitializer.initialize();
- Logger.debug("default platform file.encoding: " + System.getProperty("file.encoding"));
- Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null));
- }
- catch (Exception ex) {
- Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex);
- throw new ServletException(ex);
- }
- }
+// try {
+// super.init(servletConfig);
+// MOAIDAuthInitializer.initialize();
+// Logger.debug("default platform file.encoding: " + System.getProperty("file.encoding"));
+// Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null));
+// }
+// catch (Exception ex) {
+// Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex);
+// throw new ServletException(ex);
+// }
+ }
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
index c87a17c7f..f3495966a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
@@ -123,15 +123,15 @@ public class LogOutServlet extends AuthServlet {
* @see javax.servlet.Servlet#init(ServletConfig)
*/
public void init(ServletConfig servletConfig) throws ServletException {
- try {
- super.init(servletConfig);
- MOAIDAuthInitializer.initialize();
- Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null));
- }
- catch (Exception ex) {
- Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex);
- throw new ServletException(ex);
- }
+// try {
+// super.init(servletConfig);
+// MOAIDAuthInitializer.initialize();
+// Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null));
+// }
+// catch (Exception ex) {
+// Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex);
+// throw new ServletException(ex);
+// }
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
index 5471c03f5..b2c47fac0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
@@ -417,7 +417,7 @@ public class CreateXMLSignatureResponseValidator {
String oaURL;
try {
- oaURL = AuthConfigurationProvider.getInstance().getSSOPublicUrl();
+ oaURL = AuthConfigurationProvider.getInstance().getPublicURLPrefix();
} catch (ConfigurationException e1) {
oaURL = new String();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
index c0f47d781..1a3c1b0a1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -212,6 +212,8 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
private static Date date = null;
+ private String publicURLPreFix = null;
+
/**
* Return the single instance of configuration data.
*
@@ -487,32 +489,41 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
//set TrustManagerRevocationChecking
setTrustManagerRevocationChecking();
- //set TimeOuts
- if (auth.getGeneralConfiguration() != null) {
- if (auth.getGeneralConfiguration().getTimeOuts() != null) {
-
- timeouts = new TimeOuts();
- if (auth.getGeneralConfiguration().getTimeOuts().getAssertion() == null)
- timeouts.setAssertion(new BigInteger("120"));
- else
- timeouts.setAssertion(auth.getGeneralConfiguration().getTimeOuts().getAssertion());
-
- if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated() == null)
- timeouts.setMOASessionCreated(new BigInteger("2700"));
- else
- timeouts.setMOASessionCreated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated());
-
- if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated() == null)
- timeouts.setMOASessionUpdated(new BigInteger("1200"));
- else
- timeouts.setMOASessionUpdated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated());
- }
- }
- else {
- Logger.warn("Error in MOA-ID Configuration. No TimeOuts defined.");
- throw new ConfigurationException("config.02", null);
- }
+ //set default timeouts
+ timeouts = new TimeOuts();
+ timeouts.setAssertion(new BigInteger("300"));
+ timeouts.setMOASessionCreated(new BigInteger("2700"));
+ timeouts.setMOASessionUpdated(new BigInteger("1200"));
+ //search timeouts in config
+ if (auth.getGeneralConfiguration() != null) {
+ if (auth.getGeneralConfiguration().getTimeOuts() != null) {
+ if (auth.getGeneralConfiguration().getTimeOuts().getAssertion() != null)
+ timeouts.setAssertion(auth.getGeneralConfiguration().getTimeOuts().getAssertion());
+
+ if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated() != null)
+ timeouts.setMOASessionCreated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated());
+
+ if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated() != null)
+ timeouts.setMOASessionUpdated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated());
+
+ } else {
+ Logger.info("No TimeOuts defined. Use default values");
+ }
+ }
+
+ // sets the authentication session and authentication data time outs
+ AuthenticationServer.getInstance()
+ .setSecondsSessionTimeOutCreated(timeouts.getMOASessionCreated().longValue());
+
+ AuthenticationServer.getInstance()
+ .setSecondsSessionTimeOutUpdated(timeouts.getMOASessionUpdated().longValue());
+
+ AuthenticationServer.getInstance()
+ .setSecondsAuthDataTimeOut(timeouts.getAssertion().longValue());
+
+
+
//set PVP2 general config
Protocols protocols = auth.getProtocols();
if (protocols != null) {
@@ -569,39 +580,21 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
}
//set alternativeSourceID
- if (auth.getGeneralConfiguration() != null)
+ if (auth.getGeneralConfiguration() != null) {
//TODO: can be removed in a further version, because it is moved to SAML1 config
if (MiscUtil.isEmpty(alternativesourceid))
alternativesourceid = auth.getGeneralConfiguration().getAlternativeSourceID();
-
- // sets the authentication session and authentication data time outs
- BigInteger param = auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated();
-
- if (param != null) {
- long sessionTimeOut = param.longValue();
- if (sessionTimeOut > 0)
- AuthenticationServer.getInstance()
- .setSecondsSessionTimeOutCreated(sessionTimeOut);
- }
-
- param = auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated();
- if (param != null) {
- long sessionTimeOut = param.longValue();
- if (sessionTimeOut > 0)
- AuthenticationServer.getInstance()
- .setSecondsSessionTimeOutUpdated(sessionTimeOut);
- }
-
- param = auth.getGeneralConfiguration().getTimeOuts().getAssertion();
- if (param != null) {
- long authDataTimeOut = param.longValue();
- if (authDataTimeOut > 0)
- AuthenticationServer.getInstance()
- .setSecondsAuthDataTimeOut(authDataTimeOut);
- }
-
- else {
+
+ if (MiscUtil.isNotEmpty(auth.getGeneralConfiguration().getPublicURLPreFix()))
+ publicURLPreFix = auth.getGeneralConfiguration().getPublicURLPreFix();
+
+ else {
+ Logger.error("No Public URL Prefix configured.");
+ throw new ConfigurationException("config.05", new Object[]{"Public URL Prefix"});
+ }
+
+ } else {
Logger.warn("Error in MOA-ID Configuration. No GeneralConfig defined.");
throw new ConfigurationException("config.02", null);
}
@@ -947,16 +940,6 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
return new String();
}
- public String getSSOPublicUrl() {
- if (ssoconfig!= null) {
- String url = ssoconfig.getPublicURL();
- if (MiscUtil.isEmpty(url))
- url = new String();
- return url;
- }
- return new String();
- }
-
public String getMOASessionEncryptionKey() {
String prop = props.getProperty("configuration.moasession.key");
@@ -1005,6 +988,10 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
return Boolean.valueOf(prop);
}
+ public String getPublicURLPrefix() {
+ return publicURLPreFix;
+ }
+
/**
* Retruns the STORK Configuration
* @return STORK Configuration
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index a45eb2b9e..3af8bcfe5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -86,7 +86,7 @@ public class DispatcherServlet extends AuthServlet{
null), ex);
throw new ServletException(ex);
}
- Logger.info("Dispatcher Servlet initialization");
+ Logger.info("Dispatcher Servlet initialization finished.");
}
protected void processRequest(HttpServletRequest req,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 90863890f..666224b3a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -238,8 +238,9 @@ public class AuthenticationManager extends AuthServlet {
//Build authentication form
+ String publicURLPreFix = AuthConfigurationProvider.getInstance().getPublicURLPrefix();
String loginForm = LoginFormBuilder.buildLoginForm(target.requestedModule(),
- target.requestedAction(), oaParam, request.getContextPath(), moasession.getSessionID());
+ target.requestedAction(), oaParam, publicURLPreFix, moasession.getSessionID());
//store MOASession
try {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
index bf82efb79..ebfffb648 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
@@ -124,7 +124,7 @@ public class PVPConfiguration {
}
public String getIDPPublicPath() throws ConfigurationException {
- String publicPath = AuthConfigurationProvider.getInstance().getGeneralPVP2DBConfig().getPublicURLPrefix();
+ String publicPath = AuthConfigurationProvider.getInstance().getPublicURLPrefix();
if(publicPath != null) {
if(publicPath.endsWith("/")) {
int length = publicPath.length();