diff options
Diffstat (limited to 'id/server/idserverlib/src/main')
5 files changed, 34 insertions, 5 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java index 87804ea6c..9fdec9fbb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java @@ -53,7 +53,8 @@ public class WebFrontEndSecurityInterceptor implements HandlerInterceptor { //only for SAML1 GetAuthenticationData webService functionality String requestedServlet = request.getServletPath(); - if (MiscUtil.isNotEmpty(requestedServlet) && requestedServlet.startsWith("/services/GetAuthenticationData")) { + if (MiscUtil.isNotEmpty(requestedServlet) && + requestedServlet.startsWith("/services")) { Logger.debug("SAML1 GetAuthenticationServices allow access without SSL"); return true; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java index f9986dccb..76e6605c1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java @@ -129,6 +129,11 @@ public class ProcessEngineImpl implements ProcessEngine { ProcessInstance pi = loadProcessInstance(pendingReq.getProcessInstanceId()); + if (pi == null ) { + throw new ProcessExecutionException("Process instance '" + pendingReq.getProcessInstanceId() + "' does not exist."); + + } + MDC.put(MDC_CTX_PI_NAME, pi.getId()); if (!ProcessInstanceState.NOT_STARTED.equals(pi.getState())) { @@ -164,6 +169,11 @@ public class ProcessEngineImpl implements ProcessEngine { ProcessInstance pi = loadProcessInstance(pendingReq.getProcessInstanceId()); + if (pi == null ) { + throw new ProcessExecutionException("Process instance '" + pendingReq.getProcessInstanceId() + "' does not exist."); + + } + MDC.put(MDC_CTX_PI_NAME, pi.getId()); if (!ProcessInstanceState.SUSPENDED.equals(pi.getState())) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java index b4eed85d0..a611c72b9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java @@ -53,7 +53,10 @@ public class MandateProfRepDescAttributeBuilder implements IPVPAttributeBuilder profRepName = misMandate.getTextualDescriptionOfOID(); - if (MiscUtil.isEmpty(profRepName)) { + //only read textual prof. rep. OID describtion from mandate annotation + // if also OID exists + if (MiscUtil.isEmpty(profRepName) + && MiscUtil.isNotEmpty(misMandate.getProfRep())) { Element mandate = authData.getMandate(); if (mandate == null) { throw new NoMandateDataAttributeException(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java index af6c79140..52bf16247 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java @@ -125,7 +125,10 @@ public class SingleLogOutAction implements IAction { String moasession = ssomanager.getMOASession(ssoID); try { session = authenticationSessionStorage.getSession(moasession); - + + if (session == null) + throw new MOADatabaseException(); + } catch (MOADatabaseException e) { Logger.info("Can not find active Session. Single LogOut not possible!"); SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor(pvpReq); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java index 8ddd2cb39..200429093 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java @@ -208,8 +208,7 @@ public class PVP2AssertionBuilder implements PVPConstants { Integer aIdx = authnRequest.getAttributeConsumingServiceIndex(); int idx = 0; - AttributeConsumingService attributeConsumingService = null; - + AttributeConsumingService attributeConsumingService = null; if (aIdx != null) { idx = aIdx.intValue(); attributeConsumingService = spSSODescriptor @@ -223,6 +222,19 @@ public class PVP2AssertionBuilder implements PVPConstants { } } + /* + * TODO: maybe use first AttributeConsumingService if no is selected + * in request or on service is marked as default + * + */ + if (attributeConsumingService == null ) { + List<AttributeConsumingService> attrConsumingServiceList = spSSODescriptor.getAttributeConsumingServices(); + if (attrConsumingServiceList != null && !attrConsumingServiceList.isEmpty()) + attributeConsumingService = attrConsumingServiceList.get(0); + + } + + if (attributeConsumingService != null) { Iterator<RequestedAttribute> it = attributeConsumingService .getRequestAttributes().iterator(); |