diff options
Diffstat (limited to 'id/server')
4 files changed, 369 insertions, 0 deletions
diff --git a/id/server/auth/src/main/webapp/META-INF/MANIFEST.MF b/id/server/auth/src/main/webapp/META-INF/MANIFEST.MF new file mode 100644 index 000000000..58630c02e --- /dev/null +++ b/id/server/auth/src/main/webapp/META-INF/MANIFEST.MF @@ -0,0 +1,2 @@ +Manifest-Version: 1.0
+
diff --git a/id/server/auth/src/main/webapp/WEB-INF/server-config.wsdd b/id/server/auth/src/main/webapp/WEB-INF/server-config.wsdd new file mode 100644 index 000000000..121ec3cf9 --- /dev/null +++ b/id/server/auth/src/main/webapp/WEB-INF/server-config.wsdd @@ -0,0 +1,29 @@ +<?xml version="1.0" encoding="UTF-8"?>
+<deployment name="defaultClientConfig"
+ xmlns="http://xml.apache.org/axis/wsdd/"
+ xmlns:java="http://xml.apache.org/axis/wsdd/providers/java"
+ xmlns:handler="http://xml.apache.org/axis/wsdd/providers/handler">
+
+ <handler name="URLMapper" type="java:org.apache.axis.handlers.http.URLMapper"/>
+ <handler name="MsgDispatcher" type="java:org.apache.axis.providers.java.MsgProvider"/>
+ <handler name="HTTPAuthHandler" type="java:org.apache.axis.handlers.http.HTTPAuthHandler"/>
+
+ <service name="GetAuthenticationData" provider="java:MSG">
+ <namespace>urn:oasis:names:tc:SAML:1.0:protocol</namespace>
+ <parameter name="allowedMethods" value="Request"/>
+ <parameter name="className" value="at.gv.egovernment.moa.id.protocols.saml1.GetAuthenticationDataService"/>
+ <wsdlFile>/resources/wsdl/MOA-ID-1.x.wsdl</wsdlFile>
+ <requestFlow>
+ </requestFlow>
+ <responseFlow>
+ </responseFlow>
+ </service>
+
+ <transport name="http">
+ <requestFlow>
+ <handler type="URLMapper"/>
+ <handler type="HTTPAuthHandler"/>
+ </requestFlow>
+ </transport>
+
+</deployment>
diff --git a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml new file mode 100644 index 000000000..2f17c7d98 --- /dev/null +++ b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml @@ -0,0 +1,81 @@ +<?xml version="1.0" encoding="utf-8"?> +<!DOCTYPE urlrewrite PUBLIC "-//tuckey.org//DTD UrlRewrite 4.0//EN" + "http://www.tuckey.org/res/dtds/urlrewrite4.0.dtd"> + +<!-- Configuration file for UrlRewriteFilter http://www.tuckey.org/urlrewrite/ --> +<urlrewrite> + + <rule> + <note> + The rule means that requests to /test/status/ will be redirected to + /rewrite-status + the url will be rewritten. + </note> + <from>/test/status/</from> + <to type="redirect">%{context-path}/rewrite-status</to> + </rule> + + <!-- Legacy Rules --> + <rule match-type="regex"> + <from>^/StartAuthentication$</from> + <to type="forward">/dispatcher?mod=id_saml1&action=GetArtifact</to> + </rule> + <rule match-type="regex"> + <from>^/StartAuthentication\?(.*)$</from> + <to type="forward">/dispatcher?mod=id_saml1&action=GetArtifact&$1</to> + </rule> + + <rule match-type="regex"> + <from>^/auth/([a-zA-Z0-9]+)/([a-zA-Z0-9]+)$</from> + <to type="forward">/dispatcher?mod=$1&action=$2</to> + </rule> + <rule match-type="regex"> + <from>^/auth/([a-zA-Z0-9]+)/([a-zA-Z0-9]+)\?(.*)$</from> + <to type="forward">/dispatcher?mod=$1&action=$2&$3</to> + </rule> + + + <rule match-type="regex"> + <from>^/pvp2/metadata$</from> + <to type="forward">/dispatcher?mod=id_pvp2x&action=Metadata&%{query-string}</to> + </rule> + <rule match-type="regex"> + <from>^/pvp2/redirect$</from> + <to type="forward">/dispatcher?mod=id_pvp2x&action=Redirect&%{query-string}</to> + </rule> + <rule match-type="regex"> + <from>^/pvp2/post$</from> + <to type="forward">/dispatcher?mod=id_pvp2x&action=Post&%{query-string}</to> + </rule> + <rule match-type="regex"> + <from>^/PVP2Soap$</from> + <to type="forward">/dispatcher?mod=id_pvp2x&action=Soap</to> + </rule> + + <rule match-type="regex"> + <from>^/oauth2/auth\\?(.*)$</from> + <to type="forward">/dispatcher?mod=id_oauth20&action=AUTH&%{query-string}</to> + </rule> + <rule match-type="regex"> + <from>^/oauth2/token\\?(.*)$</from> + <to type="forward">/dispatcher?mod=id_oauth20&action=TOKEN&%{query-string}</to> + </rule> + + + <outbound-rule> + <note> + The outbound-rule specifies that when response.encodeURL is called (if + you are using JSTL c:url) + the url /rewrite-status will be rewritten to /test/status/. + + The above rule and this outbound-rule means that end users should never + see the + url /rewrite-status only /test/status/ both in thier location bar and in + hyperlinks + in your pages. + </note> + <from>/rewrite-status</from> + <to>/test/status/</to> + </outbound-rule> + +</urlrewrite> diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml new file mode 100644 index 000000000..0ef8a568c --- /dev/null +++ b/id/server/auth/src/main/webapp/WEB-INF/web.xml @@ -0,0 +1,257 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN' 'http://java.sun.com/dtd/web-app_2_3.dtd'> +<web-app> + <display-name>MOA ID Auth</display-name> + <description>MOA ID Authentication Service</description> +<!-- <servlet> + <servlet-name>SelectBKU</servlet-name> + <display-name>SelectBKU</display-name> + <description>Select Bürgerkartenartenumgebung</description> + <servlet-class>at.gv.egovernment.moa.id.auth.servlet.SelectBKUServlet</servlet-class> + </servlet> --> + <servlet> + <servlet-name>GenerateIframeTemplate</servlet-name> + <display-name>GenerateIframeTemplate</display-name> + <description>Generate BKU Request template</description> + <servlet-class>at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet</servlet-class> + </servlet> + <servlet> + <servlet-name>RedirectServlet</servlet-name> + <display-name>RedirectServlet</display-name> + <servlet-class>at.gv.egovernment.moa.id.auth.servlet.RedirectServlet</servlet-class> + </servlet> + <servlet> + <servlet-name>MonitoringServlet</servlet-name> + <display-name>MonitoringServlet</display-name> + <servlet-class>at.gv.egovernment.moa.id.auth.servlet.MonitoringServlet</servlet-class> + </servlet> + <servlet> + <servlet-name>SSOSendAssertionServlet</servlet-name> + <display-name>SSOSendAssertionServlet</display-name> + <servlet-class>at.gv.egovernment.moa.id.auth.servlet.SSOSendAssertionServlet</servlet-class> + </servlet> + <servlet> + <servlet-name>LogOut</servlet-name> + <display-name>LogOut</display-name> + <description>SSO LogOut</description> + <servlet-class>at.gv.egovernment.moa.id.auth.servlet.LogOutServlet</servlet-class> + <load-on-startup>1</load-on-startup> + </servlet> + <servlet> + <servlet-name>VerifyIdentityLink</servlet-name> + <display-name>VerifyIdentityLink</display-name> + <description>Verify identity link coming from security layer</description> + <servlet-class>at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet</servlet-class> + </servlet> + <servlet> + <servlet-name>VerifyCertificate</servlet-name> + <display-name>VerifyCertificate</display-name> + <description>Verify the certificate coming from security layer</description> + <servlet-class>at.gv.egovernment.moa.id.auth.servlet.VerifyCertificateServlet</servlet-class> + </servlet> + <servlet> + <servlet-name>GetMISSessionID</servlet-name> + <display-name>GetMISSessionID</display-name> + <description>Get the MIS session ID coming from security layer</description> + <servlet-class>at.gv.egovernment.moa.id.auth.servlet.GetMISSessionIDServlet</servlet-class> + </servlet> + + <servlet> + <servlet-name>GetForeignID</servlet-name> + <display-name>GetForeignID</display-name> + <description>Gets the foreign eID from security layer</description> + <servlet-class>at.gv.egovernment.moa.id.auth.servlet.GetForeignIDServlet</servlet-class> + </servlet> +<!-- <servlet> + <servlet-name>ProcessInput</servlet-name> + <display-name>ProcessInput</display-name> + <description>Process user input needed by infobox validators</description> + <servlet-class>at.gv.egovernment.moa.id.auth.servlet.ProcessValidatorInputServlet</servlet-class> + </servlet> --> + <servlet> + <servlet-name>VerifyAuthBlock</servlet-name> + <display-name>VerifyAuthBlock</display-name> + <description>Verify AUTH block coming from security layer</description> + <servlet-class>at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet</servlet-class> + </servlet> +<!-- <servlet> + <servlet-name>ConfigurationUpdate</servlet-name> + <display-name>ConfigurationUpdate</display-name> + <description>Update MOA-ID Auth configuration from the configuration + file</description> + <servlet-class>at.gv.egovernment.moa.id.auth.servlet.ConfigurationServlet</servlet-class> + </servlet> --> + <servlet> + <servlet-name>AxisServlet</servlet-name> + <display-name>Apache-Axis Servlet</display-name> + <servlet-class>org.apache.axis.transport.http.AxisServlet</servlet-class> + </servlet> + + <!-- JSP servlet --> + <servlet> + <servlet-name>jspservlet</servlet-name> + <servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class> + </servlet> + <servlet> + <servlet-name>PEPSConnectorServlet</servlet-name> + <display-name>PEPSConnectorServlet</display-name> + <description>Servlet receiving STORK SAML Response Messages from + different C-PEPS</description> + <servlet-class> + at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet</servlet-class> + </servlet> + + <!-- Dispatcher servlets + <servlet> + <servlet-name>AuthDispatcherServlet</servlet-name> + <display-name>AuthDispatcher Servlet</display-name> + <servlet-class>at.gv.egovernment.moa.id.entrypoints.AuthDispatcherServlet</servlet-class> + <load-on-startup>1</load-on-startup> + </servlet>--> + <servlet> + <servlet-name>DispatcherServlet</servlet-name> + <display-name>Dispatcher Servlet</display-name> + <servlet-class>at.gv.egovernment.moa.id.entrypoints.DispatcherServlet</servlet-class> + <load-on-startup>1</load-on-startup> + </servlet> + + <!-- Servlet Registration --> + <servlet> + <servlet-name>at.gv.egovernment.moa.id.protocols.saml1.GetArtifactServlet</servlet-name> + <servlet-class>at.gv.egovernment.moa.id.protocols.saml1.GetArtifactServlet</servlet-class> + </servlet> + + + + + <servlet-mapping> + <servlet-name>DispatcherServlet</servlet-name> + <url-pattern>/dispatcher</url-pattern> + </servlet-mapping> + <!-- servlet-mapping> + <servlet-name>AuthDispatcherServlet</servlet-name> + <url-pattern>/AuthDispatcher</url-pattern> + </servlet-mapping --> + + + <!-- servlet mapping for jsp pages --> + <!-- errorpage.jsp (customizeable) --> + <servlet-mapping> + <servlet-name>jspservlet</servlet-name> + <url-pattern>/errorpage-auth.jsp</url-pattern> + </servlet-mapping> + <!-- message.jsp (customizeable) used for non error messages (e.g. ConfigurationUpdate) --> + <servlet-mapping> + <servlet-name>jspservlet</servlet-name> + <url-pattern>/message-auth.jsp</url-pattern> + </servlet-mapping> + +<!-- <servlet-mapping> + <servlet-name>SelectBKU</servlet-name> + <url-pattern>/SelectBKU</url-pattern> + </servlet-mapping> --> + <servlet-mapping> + <servlet-name>GenerateIframeTemplate</servlet-name> + <url-pattern>/GenerateIframeTemplate</url-pattern> + </servlet-mapping> + <servlet-mapping> + <servlet-name>RedirectServlet</servlet-name> + <url-pattern>/RedirectServlet</url-pattern> + </servlet-mapping> + <servlet-mapping> + <servlet-name>MonitoringServlet</servlet-name> + <url-pattern>/MonitoringServlet</url-pattern> + </servlet-mapping> + <servlet-mapping> + <servlet-name>SSOSendAssertionServlet</servlet-name> + <url-pattern>/SSOSendAssertionServlet</url-pattern> + </servlet-mapping> + <servlet-mapping> + <servlet-name>LogOut</servlet-name> + <url-pattern>/LogOut</url-pattern> + </servlet-mapping> + <servlet-mapping> + <servlet-name>VerifyIdentityLink</servlet-name> + <url-pattern>/VerifyIdentityLink</url-pattern> + </servlet-mapping> + <servlet-mapping> + <servlet-name>VerifyCertificate</servlet-name> + <url-pattern>/VerifyCertificate</url-pattern> + </servlet-mapping> + <servlet-mapping> + <servlet-name>GetMISSessionID</servlet-name> + <url-pattern>/GetMISSessionID</url-pattern> + </servlet-mapping> + <servlet-mapping> + <servlet-name>GetForeignID</servlet-name> + <url-pattern>/GetForeignID</url-pattern> + </servlet-mapping> + +<!-- <servlet-mapping> + <servlet-name>ProcessInput</servlet-name> + <url-pattern>/ProcessInput</url-pattern> + </servlet-mapping> --> + + <servlet-mapping> + <servlet-name>VerifyAuthBlock</servlet-name> + <url-pattern>/VerifyAuthBlock</url-pattern> + </servlet-mapping> +<!-- <servlet-mapping> + <servlet-name>ConfigurationUpdate</servlet-name> + <url-pattern>/ConfigurationUpdate</url-pattern> + </servlet-mapping> --> + <servlet-mapping> + <servlet-name>AxisServlet</servlet-name> + <url-pattern>/services/*</url-pattern> + </servlet-mapping> + <servlet-mapping> + <servlet-name>PEPSConnectorServlet</servlet-name> + <url-pattern>/PEPSConnector</url-pattern> + </servlet-mapping> + + <!-- Filters --> + <!-- <filter> <filter-name>DispatcherDecoratorFilter</filter-name> <filter-class>at.gv.egovernment.moa.id.sso.DispatcherDecoratorFilter</filter-class> + </filter> --> + + <filter> + <filter-name>UrlRewriteFilter</filter-name> + <filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class> + </filter> + + <filter-mapping> + <filter-name>UrlRewriteFilter</filter-name> + <url-pattern>/*</url-pattern> + </filter-mapping> + <!-- <filter-mapping> <filter-name>DispatcherDecoratorFilter</filter-name> + <url-pattern>/AuthDispatcher</url-pattern> <dispatcher>REQUEST</dispatcher> + <dispatcher>FORWARD</dispatcher> </filter-mapping> <filter-mapping> <filter-name>DispatcherDecoratorFilter</filter-name> + <url-pattern>/StartAuthentication</url-pattern> <dispatcher>REQUEST</dispatcher> + <dispatcher>FORWARD</dispatcher> </filter-mapping> --> + + <session-config> + <session-timeout>5</session-timeout> + </session-config> + <error-page> + <error-code>500</error-code> + <location>/errorpage.jsp</location> + </error-page> +<!-- <security-constraint> + <web-resource-collection> + <web-resource-name>ConfigurationUpdate</web-resource-name> + <url-pattern>/ConfigurationUpdate</url-pattern> + </web-resource-collection> + <auth-constraint> + <role-name>moa-admin</role-name> + </auth-constraint> + </security-constraint> --> + <login-config> + <auth-method>BASIC</auth-method> + <realm-name>UserDatabase</realm-name> + </login-config> + <security-role> + <description> + The role that is required to log in to the moa Application + </description> + <role-name>moa-admin</role-name> + </security-role> +</web-app> |