aboutsummaryrefslogtreecommitdiff
path: root/id/server
diff options
context:
space:
mode:
Diffstat (limited to 'id/server')
-rw-r--r--id/server/auth/src/main/webapp/META-INF/MANIFEST.MF2
-rw-r--r--id/server/auth/src/main/webapp/WEB-INF/server-config.wsdd29
-rw-r--r--id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml81
-rw-r--r--id/server/auth/src/main/webapp/WEB-INF/web.xml257
4 files changed, 369 insertions, 0 deletions
diff --git a/id/server/auth/src/main/webapp/META-INF/MANIFEST.MF b/id/server/auth/src/main/webapp/META-INF/MANIFEST.MF
new file mode 100644
index 000000000..58630c02e
--- /dev/null
+++ b/id/server/auth/src/main/webapp/META-INF/MANIFEST.MF
@@ -0,0 +1,2 @@
+Manifest-Version: 1.0
+
diff --git a/id/server/auth/src/main/webapp/WEB-INF/server-config.wsdd b/id/server/auth/src/main/webapp/WEB-INF/server-config.wsdd
new file mode 100644
index 000000000..121ec3cf9
--- /dev/null
+++ b/id/server/auth/src/main/webapp/WEB-INF/server-config.wsdd
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<deployment name="defaultClientConfig"
+ xmlns="http://xml.apache.org/axis/wsdd/"
+ xmlns:java="http://xml.apache.org/axis/wsdd/providers/java"
+ xmlns:handler="http://xml.apache.org/axis/wsdd/providers/handler">
+
+ <handler name="URLMapper" type="java:org.apache.axis.handlers.http.URLMapper"/>
+ <handler name="MsgDispatcher" type="java:org.apache.axis.providers.java.MsgProvider"/>
+ <handler name="HTTPAuthHandler" type="java:org.apache.axis.handlers.http.HTTPAuthHandler"/>
+
+ <service name="GetAuthenticationData" provider="java:MSG">
+ <namespace>urn:oasis:names:tc:SAML:1.0:protocol</namespace>
+ <parameter name="allowedMethods" value="Request"/>
+ <parameter name="className" value="at.gv.egovernment.moa.id.protocols.saml1.GetAuthenticationDataService"/>
+ <wsdlFile>/resources/wsdl/MOA-ID-1.x.wsdl</wsdlFile>
+ <requestFlow>
+ </requestFlow>
+ <responseFlow>
+ </responseFlow>
+ </service>
+
+ <transport name="http">
+ <requestFlow>
+ <handler type="URLMapper"/>
+ <handler type="HTTPAuthHandler"/>
+ </requestFlow>
+ </transport>
+
+</deployment>
diff --git a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml
new file mode 100644
index 000000000..2f17c7d98
--- /dev/null
+++ b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE urlrewrite PUBLIC "-//tuckey.org//DTD UrlRewrite 4.0//EN"
+ "http://www.tuckey.org/res/dtds/urlrewrite4.0.dtd">
+
+<!-- Configuration file for UrlRewriteFilter http://www.tuckey.org/urlrewrite/ -->
+<urlrewrite>
+
+ <rule>
+ <note>
+ The rule means that requests to /test/status/ will be redirected to
+ /rewrite-status
+ the url will be rewritten.
+ </note>
+ <from>/test/status/</from>
+ <to type="redirect">%{context-path}/rewrite-status</to>
+ </rule>
+
+ <!-- Legacy Rules -->
+ <rule match-type="regex">
+ <from>^/StartAuthentication$</from>
+ <to type="forward">/dispatcher?mod=id_saml1&amp;action=GetArtifact</to>
+ </rule>
+ <rule match-type="regex">
+ <from>^/StartAuthentication\?(.*)$</from>
+ <to type="forward">/dispatcher?mod=id_saml1&amp;action=GetArtifact&amp;$1</to>
+ </rule>
+
+ <rule match-type="regex">
+ <from>^/auth/([a-zA-Z0-9]+)/([a-zA-Z0-9]+)$</from>
+ <to type="forward">/dispatcher?mod=$1&amp;action=$2</to>
+ </rule>
+ <rule match-type="regex">
+ <from>^/auth/([a-zA-Z0-9]+)/([a-zA-Z0-9]+)\?(.*)$</from>
+ <to type="forward">/dispatcher?mod=$1&amp;action=$2&amp;$3</to>
+ </rule>
+
+
+ <rule match-type="regex">
+ <from>^/pvp2/metadata$</from>
+ <to type="forward">/dispatcher?mod=id_pvp2x&amp;action=Metadata&amp;%{query-string}</to>
+ </rule>
+ <rule match-type="regex">
+ <from>^/pvp2/redirect$</from>
+ <to type="forward">/dispatcher?mod=id_pvp2x&amp;action=Redirect&amp;%{query-string}</to>
+ </rule>
+ <rule match-type="regex">
+ <from>^/pvp2/post$</from>
+ <to type="forward">/dispatcher?mod=id_pvp2x&amp;action=Post&amp;%{query-string}</to>
+ </rule>
+ <rule match-type="regex">
+ <from>^/PVP2Soap$</from>
+ <to type="forward">/dispatcher?mod=id_pvp2x&amp;action=Soap</to>
+ </rule>
+
+ <rule match-type="regex">
+ <from>^/oauth2/auth\\?(.*)$</from>
+ <to type="forward">/dispatcher?mod=id_oauth20&amp;action=AUTH&amp;%{query-string}</to>
+ </rule>
+ <rule match-type="regex">
+ <from>^/oauth2/token\\?(.*)$</from>
+ <to type="forward">/dispatcher?mod=id_oauth20&amp;action=TOKEN&amp;%{query-string}</to>
+ </rule>
+
+
+ <outbound-rule>
+ <note>
+ The outbound-rule specifies that when response.encodeURL is called (if
+ you are using JSTL c:url)
+ the url /rewrite-status will be rewritten to /test/status/.
+
+ The above rule and this outbound-rule means that end users should never
+ see the
+ url /rewrite-status only /test/status/ both in thier location bar and in
+ hyperlinks
+ in your pages.
+ </note>
+ <from>/rewrite-status</from>
+ <to>/test/status/</to>
+ </outbound-rule>
+
+</urlrewrite>
diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml
new file mode 100644
index 000000000..0ef8a568c
--- /dev/null
+++ b/id/server/auth/src/main/webapp/WEB-INF/web.xml
@@ -0,0 +1,257 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN' 'http://java.sun.com/dtd/web-app_2_3.dtd'>
+<web-app>
+ <display-name>MOA ID Auth</display-name>
+ <description>MOA ID Authentication Service</description>
+<!-- <servlet>
+ <servlet-name>SelectBKU</servlet-name>
+ <display-name>SelectBKU</display-name>
+ <description>Select Bürgerkartenartenumgebung</description>
+ <servlet-class>at.gv.egovernment.moa.id.auth.servlet.SelectBKUServlet</servlet-class>
+ </servlet> -->
+ <servlet>
+ <servlet-name>GenerateIframeTemplate</servlet-name>
+ <display-name>GenerateIframeTemplate</display-name>
+ <description>Generate BKU Request template</description>
+ <servlet-class>at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet</servlet-class>
+ </servlet>
+ <servlet>
+ <servlet-name>RedirectServlet</servlet-name>
+ <display-name>RedirectServlet</display-name>
+ <servlet-class>at.gv.egovernment.moa.id.auth.servlet.RedirectServlet</servlet-class>
+ </servlet>
+ <servlet>
+ <servlet-name>MonitoringServlet</servlet-name>
+ <display-name>MonitoringServlet</display-name>
+ <servlet-class>at.gv.egovernment.moa.id.auth.servlet.MonitoringServlet</servlet-class>
+ </servlet>
+ <servlet>
+ <servlet-name>SSOSendAssertionServlet</servlet-name>
+ <display-name>SSOSendAssertionServlet</display-name>
+ <servlet-class>at.gv.egovernment.moa.id.auth.servlet.SSOSendAssertionServlet</servlet-class>
+ </servlet>
+ <servlet>
+ <servlet-name>LogOut</servlet-name>
+ <display-name>LogOut</display-name>
+ <description>SSO LogOut</description>
+ <servlet-class>at.gv.egovernment.moa.id.auth.servlet.LogOutServlet</servlet-class>
+ <load-on-startup>1</load-on-startup>
+ </servlet>
+ <servlet>
+ <servlet-name>VerifyIdentityLink</servlet-name>
+ <display-name>VerifyIdentityLink</display-name>
+ <description>Verify identity link coming from security layer</description>
+ <servlet-class>at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet</servlet-class>
+ </servlet>
+ <servlet>
+ <servlet-name>VerifyCertificate</servlet-name>
+ <display-name>VerifyCertificate</display-name>
+ <description>Verify the certificate coming from security layer</description>
+ <servlet-class>at.gv.egovernment.moa.id.auth.servlet.VerifyCertificateServlet</servlet-class>
+ </servlet>
+ <servlet>
+ <servlet-name>GetMISSessionID</servlet-name>
+ <display-name>GetMISSessionID</display-name>
+ <description>Get the MIS session ID coming from security layer</description>
+ <servlet-class>at.gv.egovernment.moa.id.auth.servlet.GetMISSessionIDServlet</servlet-class>
+ </servlet>
+
+ <servlet>
+ <servlet-name>GetForeignID</servlet-name>
+ <display-name>GetForeignID</display-name>
+ <description>Gets the foreign eID from security layer</description>
+ <servlet-class>at.gv.egovernment.moa.id.auth.servlet.GetForeignIDServlet</servlet-class>
+ </servlet>
+<!-- <servlet>
+ <servlet-name>ProcessInput</servlet-name>
+ <display-name>ProcessInput</display-name>
+ <description>Process user input needed by infobox validators</description>
+ <servlet-class>at.gv.egovernment.moa.id.auth.servlet.ProcessValidatorInputServlet</servlet-class>
+ </servlet> -->
+ <servlet>
+ <servlet-name>VerifyAuthBlock</servlet-name>
+ <display-name>VerifyAuthBlock</display-name>
+ <description>Verify AUTH block coming from security layer</description>
+ <servlet-class>at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet</servlet-class>
+ </servlet>
+<!-- <servlet>
+ <servlet-name>ConfigurationUpdate</servlet-name>
+ <display-name>ConfigurationUpdate</display-name>
+ <description>Update MOA-ID Auth configuration from the configuration
+ file</description>
+ <servlet-class>at.gv.egovernment.moa.id.auth.servlet.ConfigurationServlet</servlet-class>
+ </servlet> -->
+ <servlet>
+ <servlet-name>AxisServlet</servlet-name>
+ <display-name>Apache-Axis Servlet</display-name>
+ <servlet-class>org.apache.axis.transport.http.AxisServlet</servlet-class>
+ </servlet>
+
+ <!-- JSP servlet -->
+ <servlet>
+ <servlet-name>jspservlet</servlet-name>
+ <servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class>
+ </servlet>
+ <servlet>
+ <servlet-name>PEPSConnectorServlet</servlet-name>
+ <display-name>PEPSConnectorServlet</display-name>
+ <description>Servlet receiving STORK SAML Response Messages from
+ different C-PEPS</description>
+ <servlet-class>
+ at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet</servlet-class>
+ </servlet>
+
+ <!-- Dispatcher servlets
+ <servlet>
+ <servlet-name>AuthDispatcherServlet</servlet-name>
+ <display-name>AuthDispatcher Servlet</display-name>
+ <servlet-class>at.gv.egovernment.moa.id.entrypoints.AuthDispatcherServlet</servlet-class>
+ <load-on-startup>1</load-on-startup>
+ </servlet>-->
+ <servlet>
+ <servlet-name>DispatcherServlet</servlet-name>
+ <display-name>Dispatcher Servlet</display-name>
+ <servlet-class>at.gv.egovernment.moa.id.entrypoints.DispatcherServlet</servlet-class>
+ <load-on-startup>1</load-on-startup>
+ </servlet>
+
+ <!-- Servlet Registration -->
+ <servlet>
+ <servlet-name>at.gv.egovernment.moa.id.protocols.saml1.GetArtifactServlet</servlet-name>
+ <servlet-class>at.gv.egovernment.moa.id.protocols.saml1.GetArtifactServlet</servlet-class>
+ </servlet>
+
+
+
+
+ <servlet-mapping>
+ <servlet-name>DispatcherServlet</servlet-name>
+ <url-pattern>/dispatcher</url-pattern>
+ </servlet-mapping>
+ <!-- servlet-mapping>
+ <servlet-name>AuthDispatcherServlet</servlet-name>
+ <url-pattern>/AuthDispatcher</url-pattern>
+ </servlet-mapping -->
+
+
+ <!-- servlet mapping for jsp pages -->
+ <!-- errorpage.jsp (customizeable) -->
+ <servlet-mapping>
+ <servlet-name>jspservlet</servlet-name>
+ <url-pattern>/errorpage-auth.jsp</url-pattern>
+ </servlet-mapping>
+ <!-- message.jsp (customizeable) used for non error messages (e.g. ConfigurationUpdate) -->
+ <servlet-mapping>
+ <servlet-name>jspservlet</servlet-name>
+ <url-pattern>/message-auth.jsp</url-pattern>
+ </servlet-mapping>
+
+<!-- <servlet-mapping>
+ <servlet-name>SelectBKU</servlet-name>
+ <url-pattern>/SelectBKU</url-pattern>
+ </servlet-mapping> -->
+ <servlet-mapping>
+ <servlet-name>GenerateIframeTemplate</servlet-name>
+ <url-pattern>/GenerateIframeTemplate</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>RedirectServlet</servlet-name>
+ <url-pattern>/RedirectServlet</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>MonitoringServlet</servlet-name>
+ <url-pattern>/MonitoringServlet</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>SSOSendAssertionServlet</servlet-name>
+ <url-pattern>/SSOSendAssertionServlet</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>LogOut</servlet-name>
+ <url-pattern>/LogOut</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>VerifyIdentityLink</servlet-name>
+ <url-pattern>/VerifyIdentityLink</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>VerifyCertificate</servlet-name>
+ <url-pattern>/VerifyCertificate</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>GetMISSessionID</servlet-name>
+ <url-pattern>/GetMISSessionID</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>GetForeignID</servlet-name>
+ <url-pattern>/GetForeignID</url-pattern>
+ </servlet-mapping>
+
+<!-- <servlet-mapping>
+ <servlet-name>ProcessInput</servlet-name>
+ <url-pattern>/ProcessInput</url-pattern>
+ </servlet-mapping> -->
+
+ <servlet-mapping>
+ <servlet-name>VerifyAuthBlock</servlet-name>
+ <url-pattern>/VerifyAuthBlock</url-pattern>
+ </servlet-mapping>
+<!-- <servlet-mapping>
+ <servlet-name>ConfigurationUpdate</servlet-name>
+ <url-pattern>/ConfigurationUpdate</url-pattern>
+ </servlet-mapping> -->
+ <servlet-mapping>
+ <servlet-name>AxisServlet</servlet-name>
+ <url-pattern>/services/*</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>PEPSConnectorServlet</servlet-name>
+ <url-pattern>/PEPSConnector</url-pattern>
+ </servlet-mapping>
+
+ <!-- Filters -->
+ <!-- <filter> <filter-name>DispatcherDecoratorFilter</filter-name> <filter-class>at.gv.egovernment.moa.id.sso.DispatcherDecoratorFilter</filter-class>
+ </filter> -->
+
+ <filter>
+ <filter-name>UrlRewriteFilter</filter-name>
+ <filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class>
+ </filter>
+
+ <filter-mapping>
+ <filter-name>UrlRewriteFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
+ <!-- <filter-mapping> <filter-name>DispatcherDecoratorFilter</filter-name>
+ <url-pattern>/AuthDispatcher</url-pattern> <dispatcher>REQUEST</dispatcher>
+ <dispatcher>FORWARD</dispatcher> </filter-mapping> <filter-mapping> <filter-name>DispatcherDecoratorFilter</filter-name>
+ <url-pattern>/StartAuthentication</url-pattern> <dispatcher>REQUEST</dispatcher>
+ <dispatcher>FORWARD</dispatcher> </filter-mapping> -->
+
+ <session-config>
+ <session-timeout>5</session-timeout>
+ </session-config>
+ <error-page>
+ <error-code>500</error-code>
+ <location>/errorpage.jsp</location>
+ </error-page>
+<!-- <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>ConfigurationUpdate</web-resource-name>
+ <url-pattern>/ConfigurationUpdate</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>moa-admin</role-name>
+ </auth-constraint>
+ </security-constraint> -->
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>UserDatabase</realm-name>
+ </login-config>
+ <security-role>
+ <description>
+ The role that is required to log in to the moa Application
+ </description>
+ <role-name>moa-admin</role-name>
+ </security-role>
+</web-app>