aboutsummaryrefslogtreecommitdiff
path: root/id/server/modules
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/modules')
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java8
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java4
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml2
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java2
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java25
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ELGAInitializeBKUAuthenticationTask.java144
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/EvaluateMandateServiceTask.java126
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java95
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateUtils.java59
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml19
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/moaid_elga_mandate_client_auth.beans.xml10
11 files changed, 328 insertions, 166 deletions
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java
index 4f9936c94..b0efb100a 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java
@@ -17,12 +17,6 @@ public class DefaultCitizenCardAuthModuleImpl implements AuthModule {
return 0;
}
- public String getProcessName() {
- return "DefaultAuthentication";
-
-
- }
-
@Override
public String selectProcess(ExecutionContext context) {
//select process if BKU is selected and it is no STORK authentication
@@ -35,7 +29,7 @@ public class DefaultCitizenCardAuthModuleImpl implements AuthModule {
if (StringUtils.isBlank((String) context.get("ccc")) &&
StringUtils.isNotBlank((String) context.get(MOAIDAuthConstants.PARAM_BKU)) &&
!performBKUSelection)
- return getProcessName();
+ return "DefaultAuthentication";
else
return null;
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
index d3d736a9c..c1fae1f1e 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
@@ -177,9 +177,9 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask {
}
}
+ //set useMandate flag to executionContext
executionContext.put(MOAIDAuthConstants.PARAM_USEMANDATE, moasession.isMandateUsed());
- executionContext.put(MOAIDAuthConstants.PARAM_USEMISMANDATE, moasession.isMandateUsed());
-
+
}
}
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml
index afa3fe2ad..74792ed72 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml
@@ -38,7 +38,7 @@
<pd:Transition from="verifyCertificate" to="verifyAuthBlock" conditionExpression="ctx['useMandate']" />
<pd:Transition from="verifyCertificate" to="getForeignID" />
- <pd:Transition from="verifyAuthBlock" to="prepareGetMISMandate" conditionExpression="ctx['useMISMandate']" />
+ <pd:Transition from="verifyAuthBlock" to="prepareGetMISMandate" conditionExpression="ctx['useMandate']" />
<pd:Transition from="verifyAuthBlock" to="finalizeAuthentication" />
<pd:Transition from="prepareGetMISMandate" to="getMISMandate" />
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java
index b50d1cf4e..60dd95338 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java
@@ -44,6 +44,8 @@ public class ELGAMandatesAuthConstants {
public static final String ENDPOINT_REDIRECT = "/sp/elga_mandate/redirect";
public static final String ENDPOINT_METADATA = "/sp/elga_mandate/metadata";
+ public static final String TEMPLATE_MANDATE_SERVICE_SELECTION = "/mandate-service-selection.html";
+
//configuration properties
public static final String CONFIG_PROPS_PREFIX = "modules.elga_mandate.";
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java
index 7f7af704c..753d3336c 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java
@@ -23,7 +23,12 @@ package at.gv.egovernment.moa.id.auth.modules.elgamandates;
*/
+import org.springframework.beans.factory.annotation.Autowired;
+
import at.gv.egovernment.moa.id.auth.modules.internal.DefaultCitizenCardAuthModuleImpl;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.util.MiscUtil;
/**
* This authentication module extens the default citizen
@@ -33,6 +38,8 @@ import at.gv.egovernment.moa.id.auth.modules.internal.DefaultCitizenCardAuthModu
*/
public class ELGAMandatesAuthModuleImpl extends DefaultCitizenCardAuthModuleImpl {
+ @Autowired private AuthConfiguration authConfig;
+
private int priority = 0;
/* (non-Javadoc)
@@ -42,13 +49,23 @@ public class ELGAMandatesAuthModuleImpl extends DefaultCitizenCardAuthModuleImpl
public int getPriority() {
return priority;
}
-
+
@Override
- public String getProcessName() {
- return "DefaultAuthenticationWithELGAMandates";
+ public String selectProcess(ExecutionContext context) {
+ String selectedProcessID = super.selectProcess(context);
+
+ //check if BKU authentication is selected and ELGA-MandateService is configurated
+ if (MiscUtil.isNotEmpty(selectedProcessID)) {
+ if (MiscUtil.isNotEmpty(authConfig.getBasicMOAIDConfiguration(
+ ELGAMandatesAuthConstants.CONFIG_PROPS_METADATAURL)))
+ return "DefaultAuthenticationWithELGAMandates";
+
+ }
+
+ return selectedProcessID;
}
-
+
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getProcessDefinitions()
*/
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ELGAInitializeBKUAuthenticationTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ELGAInitializeBKUAuthenticationTask.java
deleted file mode 100644
index fb9628909..000000000
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ELGAInitializeBKUAuthenticationTask.java
+++ /dev/null
@@ -1,144 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth.modules.elgamandates.tasks;
-
-import java.util.List;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.springframework.stereotype.Component;
-
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
-import at.gv.egovernment.moa.id.auth.modules.internal.tasks.InitializeBKUAuthenticationTask;
-import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-@Component("ELGAInitializeBKUAuthenticationTask")
-public class ELGAInitializeBKUAuthenticationTask extends InitializeBKUAuthenticationTask {
-
- @Override
- public void execute(ExecutionContext executionContext,
- HttpServletRequest request, HttpServletResponse response)
- throws TaskExecutionException {
-
- try {
- //perform Default-BKU authentication initialization
- internalInitializeWithoutPersist(executionContext, request, response);
-
- //perform ELGA Mandate-Service specific parts
- Logger.debug("Perfom ELGA-Mandate specific parts of initialisation.");
- Boolean misMandateUsed = (Boolean) executionContext.get(MOAIDAuthConstants.PARAM_USEMISMANDATE);
-
- boolean elgaMandateUsed = false;
- Object elgaMandateUsedObj = executionContext.get(MOAIDAuthConstants.PARAM_USEELGAMANDATE);
- if (elgaMandateUsedObj == null ||
- !(elgaMandateUsedObj instanceof String || elgaMandateUsedObj instanceof Boolean)) {
- Logger.error("Use ELGA-MandateService flag has a wrong type.");
- throw new MOAIDException("auth.12", new Object[]{"Start-BKU Authentication","useELGAMandate"});
-
- } else {
- if (elgaMandateUsedObj instanceof String)
- elgaMandateUsed = Boolean.parseBoolean((String) elgaMandateUsedObj);
- else
- elgaMandateUsed = (boolean) elgaMandateUsedObj;
-
- }
-
- //check if both mandate Services are requested
- if ( (misMandateUsed != null && misMandateUsed) &&
- elgaMandateUsed ) {
- Logger.error("Can not use MIS-MandateService and ELGA-MandateService twince");
- throw new MOAIDException("validator.73", null);
-
- }
-
-
- if (elgaMandateUsed) {
- //check mandateProfiles against ELGA-MandateService configuration
- if (!checkServiceProviderAgainstELGAModulConfigration()) {
- Logger.info("Service-Provider: " + pendingReq.getOnlineApplicationConfiguration().getPublicURLPrefix()
- + " does not fulfill requirements to use ELGA-MandateService.");
- throw new MOAIDException("service.10", new Object[]{
- ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING,
- "No valid mandate-profile defined"});
-
- }
-
- //remove MIS-Mandate flag and set useMandate flag to MOASession
- Logger.debug("Authentication process select ELGA-MandateService.");
- executionContext.remove(MOAIDAuthConstants.PARAM_USEMISMANDATE);
- moasession.setUseMandates(elgaMandateUsed);
- }
-
- //disable SSO if it is requested
- if (pendingReq.needSingleSignOnFunctionality() && moasession.isMandateUsed()) {
- Logger.info("ELGA-MandateService does not allow Single Sign-On. SSO get disabled for this request.");
- pendingReq.setNeedSingleSignOnFunctionality(false);
-
-
- }
-
- //store MOASession and pendingRequest
- requestStoreage.storePendingRequest(pendingReq);
- authenticatedSessionStorage.storeSession(moasession);
-
- } catch (MOADatabaseException | MOAIDException e) {
- Logger.info("Initialize BKUAuthentication with ELGA Mandates FAILED. Reason:" + e.getMessage());
- throw new TaskExecutionException(pendingReq, e.getMessage(), e);
-
- }
- }
-
- /**
- * Check Service-Provider mandate-profiles against allowed mandate-profiles for ELGA MandateService.
- *
- * @return true, if ELGA mandateservice is allowed, otherwise false
- */
- private boolean checkServiceProviderAgainstELGAModulConfigration() {
- String allowedMandateTypesCSV =
- authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_ALLOWED_MANDATE_TYPES);
- List<String> allowedMandateTypes = KeyValueUtils.getListOfCSVValues(allowedMandateTypesCSV);
- List<String> spMandateProfiles = pendingReq.getOnlineApplicationConfiguration().getMandateProfiles();
-
- boolean isELGAMandateServiceAllowed = false;
- if (spMandateProfiles != null) {
- for (String el : allowedMandateTypes) {
- if (spMandateProfiles.contains(el))
- isELGAMandateServiceAllowed = true;
-
- }
- }
-
- return isELGAMandateServiceAllowed;
- }
-}
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/EvaluateMandateServiceTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/EvaluateMandateServiceTask.java
new file mode 100644
index 000000000..f05446771
--- /dev/null
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/EvaluateMandateServiceTask.java
@@ -0,0 +1,126 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.elgamandates.tasks;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang.StringEscapeUtils;
+import org.springframework.stereotype.Component;
+
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
+import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateUtils;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+@Component("EvaluateMandateServiceTask")
+public class EvaluateMandateServiceTask extends AbstractAuthServletTask {
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+ */
+ @Override
+ public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
+ throws TaskExecutionException {
+ try {
+ boolean useMIS = getUserConfermationFromRequest(request, MOAIDAuthConstants.PARAM_USEMISMANDATE);
+ boolean useELGA = getUserConfermationFromRequest(request, MOAIDAuthConstants.PARAM_USEELGAMANDATE);
+
+ //check if both mandate Services are requested
+ if ( useMIS && useELGA ) {
+ Logger.error("Can not use MIS-MandateService and ELGA-MandateService twince");
+ throw new MOAIDException("validator.73", null);
+
+ }
+
+ //select next process step
+ if (useELGA) {
+ //validate service-provider again
+ if (!ELGAMandateUtils.checkServiceProviderAgainstELGAModulConfigration(authConfig, pendingReq)) {
+ Logger.info("Service-Provider: " + pendingReq.getOnlineApplicationConfiguration().getPublicURLPrefix()
+ + " does not fulfill requirements to use ELGA-MandateService.");
+ throw new MOAIDException("service.10", new Object[]{
+ ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING,
+ "No valid mandate-profile defined"});
+
+ }
+
+ executionContext.put(MOAIDAuthConstants.PARAM_USEELGAMANDATE, useELGA);
+ Logger.debug("ELGA Mandate-Service is selected. Initialize service communication ... ");
+
+ } else if(useMIS) {
+ executionContext.put(MOAIDAuthConstants.PARAM_USEMISMANDATE, useMIS);
+ Logger.debug("MIS Mandate-Service is selected. Initialize service communication ... ");
+
+
+ } else {
+ //mark pending-request as aborted
+ Logger.info("No Mandate-Service is selected. Abort authentication process ... ");
+ pendingReq.setAbortedByUser(true);
+ pendingReq.setAuthenticated(false);
+
+ //store pending-request
+ requestStoreage.storePendingRequest(pendingReq);
+
+ //redirect to protocol finalization
+ performRedirectToProtocolFinialization(pendingReq, response);
+
+ }
+
+ } catch (MOAIDException e) {
+ Logger.info("Evaluation of Mandate-Service selection FAILED. Reason:" + e.getMessage());
+ throw new TaskExecutionException(pendingReq, e.getMessage(), e);
+
+ } catch (Exception e) {
+ Logger.info("Mandate-Service selection evaluation: General Exception. Msg:" + e.getMessage());
+ throw new TaskExecutionException(pendingReq, "ELGA mandate-service: General Exception.", e);
+
+ }
+
+ }
+
+ private boolean getUserConfermationFromRequest(HttpServletRequest httpReq, String paramName) throws WrongParametersException {
+ String paramString = httpReq.getParameter(paramName);
+ paramString = StringEscapeUtils.escapeHtml(paramString);
+ if (!ParamValidatorUtils.isValidUseMandate(paramString))
+ throw new WrongParametersException("Mandate-Service selection-evaluation", paramName, null);
+
+ if (MiscUtil.isNotEmpty(paramString))
+ return Boolean.parseBoolean(paramString);
+
+ else
+ return false;
+
+ }
+}
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java
new file mode 100644
index 000000000..8d6ac1762
--- /dev/null
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java
@@ -0,0 +1,95 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.elgamandates.tasks;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration;
+import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder;
+import at.gv.egovernment.moa.id.auth.frontend.builder.ServiceProviderSpecificGUIFormBuilderConfiguration;
+import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException;
+import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
+import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateUtils;
+import at.gv.egovernment.moa.id.auth.servlet.GeneralProcessEngineSignalController;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+@Component("SelectMandateServiceTask")
+public class SelectMandateServiceTask extends AbstractAuthServletTask {
+
+ @Autowired IGUIFormBuilder guiBuilder;
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+ */
+ @Override
+ public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
+ throws TaskExecutionException {
+ try {
+ //check if Service-Provider allows ELGA-mandates
+ if (ELGAMandateUtils.checkServiceProviderAgainstELGAModulConfigration(authConfig, pendingReq)) {
+ Logger.trace("Build GUI for mandate-service selection ...");
+
+ IGUIBuilderConfiguration config = new ServiceProviderSpecificGUIFormBuilderConfiguration(
+ pendingReq,
+ ELGAMandatesAuthConstants.TEMPLATE_MANDATE_SERVICE_SELECTION,
+ GeneralProcessEngineSignalController.ENDPOINT_GENERIC);
+
+ guiBuilder.build(response, config, "Mandate-Service selection");
+
+ Logger.debug("GUI for mandate-service selection is generated. Wait for user interaction ... ");
+
+ } else {
+ //service-provider does not allow ELGA-mandates --> switch to MIS mandate-service
+ Logger.debug("Service-Provider does not allow ELGA Mandate-Service. --> Select MIS Mandate-Service as Default.");
+ executionContext.put(MOAIDAuthConstants.PARAM_USEMISMANDATE, true);
+
+ }
+
+ } catch (GUIBuildException e) {
+ Logger.warn("Can not build GUI:'Mandate-Service selection'. Msg:" + e.getMessage());
+ throw new TaskExecutionException(pendingReq,
+ "Can not build GUI. Msg:" + e.getMessage(),
+ new MOAIDException("builder.09", new Object[]{e.getMessage()}, e));
+
+ } catch (Exception e) {
+ Logger.info("Mandate-Service selection: General Exception. Msg:" + e.getMessage());
+ throw new TaskExecutionException(pendingReq, "ELGA mandate-service: General Exception.", e);
+
+ }
+
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateUtils.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateUtils.java
new file mode 100644
index 000000000..03f8fa195
--- /dev/null
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateUtils.java
@@ -0,0 +1,59 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.elgamandates.utils;
+
+import java.util.List;
+
+import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
+
+/**
+ * @author tlenz
+ *
+ */
+public class ELGAMandateUtils {
+ /**
+ * Check Service-Provider mandate-profiles against allowed mandate-profiles for ELGA MandateService.
+ *
+ * @return true, if ELGA mandateservice is allowed, otherwise false
+ */
+ public static boolean checkServiceProviderAgainstELGAModulConfigration(AuthConfiguration authConfig, IRequest pendingReq) {
+ String allowedMandateTypesCSV =
+ authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_ALLOWED_MANDATE_TYPES);
+ List<String> allowedMandateTypes = KeyValueUtils.getListOfCSVValues(allowedMandateTypesCSV);
+ List<String> spMandateProfiles = pendingReq.getOnlineApplicationConfiguration().getMandateProfiles();
+
+ boolean isELGAMandateServiceAllowed = false;
+ if (spMandateProfiles != null) {
+ for (String el : allowedMandateTypes) {
+ if (spMandateProfiles.contains(el))
+ isELGAMandateServiceAllowed = true;
+
+ }
+ }
+
+ return isELGAMandateServiceAllowed;
+ }
+}
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml
index 8cd08d226..23edac7ca 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml
@@ -5,7 +5,7 @@
- National authentication with Austrian Citizen Card and mobile signature with our without mandate.
- Legacy authentication for foreign citizens using MOCCA supported signature cards.
-->
- <pd:Task id="elgaInitializeBKUAuthentication" class="ELGAInitializeBKUAuthenticationTask" />
+ <pd:Task id="initializeBKUAuthentication" class="InitializeBKUAuthenticationTask"
<pd:Task id="createIdentityLinkForm" class="CreateIdentityLinkFormTask" />
<pd:Task id="verifyIdentityLink" class="VerifyIdentityLinkTask" async="true" />
<pd:Task id="verifyAuthBlock" class="VerifyAuthenticationBlockTask" async="true" />
@@ -18,6 +18,8 @@
<pd:Task id="getForeignID" class="GetForeignIDTask" async="true" />
<!-- ELGA Mandate-Service Tasks -->
+ <pd:Task id="selectMandateServiceTask" class="SelectMandateServiceTask" />
+ <pd:Task id="evaluateMandateServiceTask" class="EvaluateMandateServiceTask" async="true"/>
<pd:Task id="requestELGAMandateTask" class="RequestELGAMandateTask" />
<pd:Task id="receiveElgaMandateResponseTask" class="ReceiveElgaMandateResponseTask" async="true"/>
@@ -25,9 +27,9 @@
<!-- Process is triggered either by GenerateIFrameTemplateServlet (upon bku selection) or by AuthenticationManager (upon legacy authentication start using legacy parameters. -->
<pd:StartEvent id="start" />
- <pd:Transition from="start" to="elgaInitializeBKUAuthentication" />
+ <pd:Transition from="start" to="initializeBKUAuthentication" />
- <pd:Transition from="elgaInitializeBKUAuthentication" to="createIdentityLinkForm" />
+ <pd:Transition from="initializeBKUAuthentication" to="createIdentityLinkForm" />
<pd:Transition from="createIdentityLinkForm" to="verifyIdentityLink" />
@@ -43,10 +45,17 @@
<pd:Transition from="verifyCertificate" to="verifyAuthBlock" conditionExpression="ctx['useMandate']" />
<pd:Transition from="verifyCertificate" to="getForeignID" />
- <pd:Transition from="verifyAuthBlock" to="prepareGetMISMandate" conditionExpression="ctx['useMISMandate']" />
- <pd:Transition from="verifyAuthBlock" to="requestELGAMandateTask" conditionExpression="ctx['useELGAMandate']" />
+ <pd:Transition from="verifyAuthBlock" to="selectMandateServiceTask" conditionExpression="ctx['useMandate']" />
<pd:Transition from="verifyAuthBlock" to="finalizeAuthentication" />
+ <pd:Transition from="selectMandateServiceTask" to="prepareGetMISMandate" conditionExpression="ctx['useMISMandate']" />
+ <pd:Transition from="selectMandateServiceTask" to="evaluateMandateServiceTask" />
+
+ <pd:Transition from="evaluateMandateServiceTask" to="prepareGetMISMandate" conditionExpression="ctx['useMISMandate']" />
+ <pd:Transition from="evaluateMandateServiceTask" to="requestELGAMandateTask" conditionExpression="ctx['useELGAMandate']" />
+ <pd:Transition from="evaluateMandateServiceTask" to="end" />
+
+
<pd:Transition from="requestELGAMandateTask" to="receiveElgaMandateResponseTask" />
<pd:Transition from="receiveElgaMandateResponseTask" to="finalizeAuthentication" />
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/moaid_elga_mandate_client_auth.beans.xml b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/moaid_elga_mandate_client_auth.beans.xml
index c1abe78df..cbc4e65c1 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/moaid_elga_mandate_client_auth.beans.xml
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/moaid_elga_mandate_client_auth.beans.xml
@@ -26,11 +26,15 @@
<bean id="ELGAMandateSignalController"
class="at.gv.egovernment.moa.id.auth.modules.elgamandates.controller.ELGAMandateSignalController"/>
-<!-- Federated Authentication Process Tasks -->
- <bean id="ELGAInitializeBKUAuthenticationTask"
- class="at.gv.egovernment.moa.id.auth.modules.elgamandates.tasks.ELGAInitializeBKUAuthenticationTask"
+<!-- ELGA-MandateService communication Process Tasks -->
+ <bean id="SelectMandateServiceTask"
+ class="at.gv.egovernment.moa.id.auth.modules.elgamandates.tasks.SelectMandateServiceTask"
scope="prototype"/>
+ <bean id="EvaluateMandateServiceTask"
+ class="at.gv.egovernment.moa.id.auth.modules.elgamandates.tasks.EvaluateMandateServiceTask"
+ scope="prototype"/>
+
<bean id="RequestELGAMandateTask"
class="at.gv.egovernment.moa.id.auth.modules.elgamandates.tasks.RequestELGAMandateTask"
scope="prototype"/>