diff options
Diffstat (limited to 'id/server/idserverlib/src')
6 files changed, 28 insertions, 18 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java index 396ffb53d..36390ba62 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java @@ -56,6 +56,7 @@ import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestValidatorException; import at.gv.egovernment.moa.id.storage.ITransactionStorage; import at.gv.egovernment.moa.id.util.ErrorResponseUtils; +import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.id.util.ServletUtils; @@ -73,6 +74,7 @@ public abstract class AbstractController extends MOAIDAuthConstants { private static final String HTMLTEMPLATESDIR = "htmlTemplates/"; private static final String HTMLTEMPLATEFULL = "error_message.html"; + private static String CONTEXTPATH = "#CONTEXTPATH#"; @Autowired protected StatisticLogger statisticLogger; @Autowired protected IRequestStorage requestStorage; @@ -185,7 +187,7 @@ public abstract class AbstractController extends MOAIDAuthConstants { else { //write generic message for general exceptions String msg = MOAIDMessageProvider.getInstance().getMessage("internal.00", null); - writeHTMLErrorResponse(resp, msg, "9199", (Exception) throwable); + writeHTMLErrorResponse(req, resp, msg, "9199", (Exception) throwable); } @@ -224,7 +226,7 @@ public abstract class AbstractController extends MOAIDAuthConstants { } - private void writeHTMLErrorResponse(HttpServletResponse httpResp, String msg, String errorCode, Exception error) throws IOException { + private void writeHTMLErrorResponse(HttpServletRequest req, HttpServletResponse httpResp, String msg, String errorCode, Exception error) throws IOException { VelocityContext context = new VelocityContext(); //add errorcode and errormessage @@ -237,11 +239,11 @@ public abstract class AbstractController extends MOAIDAuthConstants { } - writeHTMLErrorResponse(httpResp, context); + writeHTMLErrorResponse(req, httpResp, context); } - private void writeHTMLErrorResponse(HttpServletResponse httpResp, Exception error) throws IOException { + private void writeHTMLErrorResponse(HttpServletRequest req, HttpServletResponse httpResp, Exception error) throws IOException { VelocityContext context = new VelocityContext(); //add errorcode and errormessage @@ -254,11 +256,14 @@ public abstract class AbstractController extends MOAIDAuthConstants { } - writeHTMLErrorResponse(httpResp, context); + writeHTMLErrorResponse(req, httpResp, context); } - private void writeHTMLErrorResponse(HttpServletResponse httpResp, VelocityContext context) throws IOException { - try { + private void writeHTMLErrorResponse(HttpServletRequest req, HttpServletResponse httpResp, VelocityContext context) throws IOException { + try { + String authURL = HTTPUtils.extractAuthURLFromRequest(req); + context.put(CONTEXTPATH, authURL); + InputStream is = null; String pathLocation = null; try { @@ -362,15 +367,15 @@ public abstract class AbstractController extends MOAIDAuthConstants { } else if (e instanceof ConfigurationException) { //send HTML formated error message - writeHTMLErrorResponse(resp, (MOAIDException) e); + writeHTMLErrorResponse(req, resp, (MOAIDException) e); } else if (e instanceof MOAIDException) { //send HTML formated error message - writeHTMLErrorResponse(resp, e); + writeHTMLErrorResponse(req, resp, e); } else if (e instanceof ProcessExecutionException) { //send HTML formated error message - writeHTMLErrorResponse(resp, e); + writeHTMLErrorResponse(req, resp, e); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java index 513b410f1..427bb9464 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java @@ -62,7 +62,7 @@ import at.gv.egovernment.moa.util.URLEncoder; */ @Controller public class IDPSingleLogOutServlet extends AbstractController { - + @Autowired SSOManager ssoManager; @Autowired AuthenticationManager authManager; @Autowired IAuthenticationSessionStoreage authenicationStorage; @@ -111,7 +111,9 @@ public class IDPSingleLogOutServlet extends AbstractController { else context.put("errorMsg", MOAIDMessageProvider.getInstance().getMessage("slo.01", null)); - + + context.put(SSOManager.CONTEXTPATH, authURL); + ssoManager.printSingleLogOutInfo(context, resp); } catch (MOAIDException e) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java index c5a9ad34b..ce384d1a0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java @@ -50,7 +50,7 @@ public class WebFrontEndSecurityInterceptor implements HandlerInterceptor { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { - + //only for SAML1 GetAuthenticationData webService functionality String requestedServlet = request.getServletPath(); if (MiscUtil.isNotEmpty(requestedServlet) && requestedServlet.startsWith("/services/GetAuthenticationData")) { @@ -61,7 +61,9 @@ public class WebFrontEndSecurityInterceptor implements HandlerInterceptor { //check AuthURL String authURL = HTTPUtils.extractAuthURLFromRequest(request); - if (!authURL.startsWith("https:") && !authConfig.isHTTPAuthAllowed()) { + if (!authURL.startsWith("https:") && !authConfig.isHTTPAuthAllowed() && + !authConfig.getPublicURLPrefix().contains(authURL)) { + Logger.info("Receive request, which is not in IDP URL-Prefix whitelist."); String errorMsg = MOAIDMessageProvider.getInstance().getMessage("auth.07", new Object[] { authURL + "*" }); Logger.info(errorMsg); response.sendError( diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index d76c6d526..73d682c21 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -554,6 +554,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { context.put("redirectURLs", sloReqList); context.put("timeoutURL", timeOutURL); context.put("timeout", SLOTIMEOUT); + context.put(SSOManager.CONTEXTPATH, authURL); ssoManager.printSingleLogOutInfo(context, httpResp); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java index 89d50425b..856410d7b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java @@ -61,10 +61,10 @@ import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @Service("MOAID_SSOManager") -public class SSOManager { - +public class SSOManager { private static final String HTMLTEMPLATESDIR = "htmlTemplates/"; private static final String HTMLTEMPLATEFULL = "slo_template.html"; + public static String CONTEXTPATH = "#CONTEXTPATH#"; private static final String SSOCOOKIE = "MOA_ID_SSO"; private static final String SSOINTERFEDERATION = "MOA_INTERFEDERATION_SSO"; diff --git a/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html b/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html index dd5d3e539..ecda6550b 100644 --- a/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html +++ b/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html @@ -34,7 +34,7 @@ <input type="hidden" name="mod" value="#MODUL#"> <input type="hidden" name="action" value="#ACTION#"> <input type="hidden" name="pendingid" value="#ID#"> - <input type="submit" value="Ja" class="setAssertionButton_full sendButton" role="button"> + <input type="submit" value="Ja" class="setAssertionButton_full" role="button"> </form> </div> <div id="rightbutton"> @@ -43,7 +43,7 @@ <input type="hidden" name="mod" value="#MODUL#"> <input type="hidden" name="action" value="#ACTION#"> <input type="hidden" name="pendingid" value="#ID#"> - <input type="submit" value="Nein" class="setAssertionButton_full sendButton" role="button"> + <input type="submit" value="Nein" class="setAssertionButton_full" role="button"> </form> </div> |