aboutsummaryrefslogtreecommitdiff
path: root/id
diff options
context:
space:
mode:
Diffstat (limited to 'id')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java19
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java123
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java30
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthModuleImpl.java12
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java188
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml5
-rw-r--r--id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java7
7 files changed, 261 insertions, 123 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
index 998aa67eb..004961116 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
@@ -38,6 +38,7 @@ import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.FileUtils;
@@ -279,7 +280,7 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
}
- public static void parse(HttpServletRequest req, HttpServletResponse resp,
+ public static void parse(ExecutionContext ec, HttpServletRequest req,
AuthenticationSession moasession, IRequest request) throws WrongParametersException, MOAIDException {
@@ -299,12 +300,12 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
moasession.setAction(action);
//get Parameters from request
- String target = req.getParameter(PARAM_TARGET);
- String oaURL = req.getParameter(PARAM_OA);
- String bkuURL = req.getParameter(PARAM_BKU);
- String templateURL = req.getParameter(PARAM_TEMPLATE);
- String useMandate = req.getParameter(PARAM_USEMANDATE);
- String ccc = req.getParameter(PARAM_CCC);
+ String target = (String) ec.get(PARAM_TARGET);
+ String oaURL = (String) ec.get(PARAM_OA);
+ String bkuURL = (String) ec.get(PARAM_BKU);
+ String templateURL = (String) ec.get(PARAM_TEMPLATE);
+ String useMandate = (String) ec.get(PARAM_USEMANDATE);
+ String ccc = (String) ec.get(PARAM_CCC);
if (request.getOnlineApplicationConfiguration() != null &&
request.getOnlineApplicationConfiguration().isOnlyMandateAllowed()) {
@@ -313,8 +314,7 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
useMandate = String.valueOf(request.getOnlineApplicationConfiguration().isOnlyMandateAllowed());
}
-
-
+
oaURL = request.getOAURL();
target = request.getTarget();
@@ -332,4 +332,5 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
private static boolean isEmpty(String param) {
return param == null || param.length() == 0;
}
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
index 6feb0b260..2a63968dd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
@@ -23,7 +23,9 @@
package at.gv.egovernment.moa.id.auth.servlet;
import java.io.IOException;
+import java.util.Enumeration;
import java.util.List;
+import java.util.Map;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
@@ -66,27 +68,13 @@ public class GenerateIFrameTemplateServlet extends AuthServlet {
String pendingRequestID = null;
try {
- String bkuid = req.getParameter(MOAIDAuthConstants.PARAM_BKU);
- String useMandate = req.getParameter(MOAIDAuthConstants.PARAM_USEMANDATE);
- String ccc = req.getParameter(MOAIDAuthConstants.PARAM_CCC);
- String moasessionid = req.getParameter(MOAIDAuthConstants.PARAM_SESSIONID);
-
- moasessionid = StringEscapeUtils.escapeHtml(moasessionid);
-
- AuthenticationSession moasession = null;
-
- if (MiscUtil.isEmpty(bkuid) || MiscUtil.isEmpty(moasessionid)) {
- Logger.warn("MOASessionID or BKU-type is empty. Maybe an old BKU-selection template is in use.");
- throw new MOAIDException("auth.23", new Object[] {});
- }
-
+ String moasessionid = req.getParameter(MOAIDAuthConstants.PARAM_SESSIONID);
+ moasessionid = StringEscapeUtils.escapeHtml(moasessionid);
+ AuthenticationSession moasession = null;
try {
- pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moasessionid);
-
+ pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moasessionid);
moasession = AuthenticationSessionStoreage.getSession(moasessionid);
-
-// AuthenticationSessionStoreage.changeSessionID(moasession);
-
+
} catch (MOADatabaseException e) {
Logger.info("MOASession with SessionID="+ moasessionid + " is not found in Database");
throw new MOAIDException("init.04", new Object[] {
@@ -97,89 +85,36 @@ public class GenerateIFrameTemplateServlet extends AuthServlet {
throw new MOAIDException("auth.18", new Object[] {});
}
- //load OA Config
- OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance()
- .getOnlineApplicationParameter(moasession.getOAURLRequested());
-
- if (oaParam == null)
- throw new AuthenticationException("auth.00", new Object[] { moasession.getOAURLRequested() });
-
- else {
-
- //get Target from config or from request in case of SAML 1
- String target = null;
- IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID);
- if (pendingReq == null) {
- Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");
- throw new MOAIDException("auth.28", new Object[]{pendingRequestID});
-
- }
-
- MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
- pendingReq, MOAIDEventConstants.AUTHPROCESS_BKUTYPE_SELECTED, bkuid);
-
- if (MiscUtil.isNotEmpty(pendingReq.getTarget()) &&
- pendingReq.requestedModule().equals("id_saml1"))
- target = pendingReq.getTarget();
- else
- target = oaParam.getTarget();
-
- String bkuURL = oaParam.getBKUURL(bkuid);
- if (MiscUtil.isEmpty(bkuURL)) {
- Logger.info("No OA specific BKU defined. Use BKU from default configuration");
- bkuURL = AuthConfigurationProviderFactory.getInstance().getDefaultBKUURL(bkuid);
- }
-
- //search for OA specific template
- String templateURL = null;
- List<String> oaTemplateURLList = oaParam.getTemplateURL();
- if ( oaTemplateURLList != null && oaTemplateURLList.size() > 0
- && MiscUtil.isNotEmpty(oaTemplateURLList.get(0)) ) {
- templateURL = oaTemplateURLList.get(0);
-
- } else {
- templateURL = AuthConfigurationProviderFactory.getInstance().getSLRequestTemplates(bkuid);
- }
-
- //make url absolut if it is a local url
- if (MiscUtil.isNotEmpty(templateURL))
- templateURL = FileUtils.makeAbsoluteURL(templateURL,
- AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir());
-
- if (oaParam.isOnlyMandateAllowed())
- useMandate = "true";
-
- if (!oaParam.isShowMandateCheckBox())
- useMandate = "false";
-
- //parse all OA parameters i
- StartAuthentificationParameterParser.parse(moasession,
- target,
- moasession.getOAURLRequested(),
- bkuURL,
- templateURL,
- useMandate,
- ccc,
- moasession.getModul(),
- moasession.getAction(),
- req);
- }
+
ExecutionContext ec = new ExecutionContextImpl();
- // set execution context
- ec.put("ccc", moasession.getCcc());
- ec.put("useMandate", moasession.getUseMandate());
- ec.put("bkuURL", moasession.getBkuURL());
+ // set execution context
+ Enumeration<String> reqParamNames = req.getParameterNames();
+ while(reqParamNames.hasMoreElements()) {
+ String paramName = reqParamNames.nextElement();
+ if (MiscUtil.isNotEmpty(paramName))
+ ec.put(paramName, req.getParameter(paramName));
+
+ }
+
ec.put("pendingRequestID", pendingRequestID);
-
+ ec.put(MOAIDAuthConstants.PARAM_SESSIONID, moasessionid);
+
+// String bkuid = req.getParameter(MOAIDAuthConstants.PARAM_BKU);
+// String useMandate = req.getParameter(MOAIDAuthConstants.PARAM_USEMANDATE);
+// String ccc = req.getParameter(MOAIDAuthConstants.PARAM_CCC);
+// ec.put("ccc", moasession.getCcc());
+// ec.put("useMandate", moasession.getUseMandate());
+// ec.put("bkuURL", moasession.getBkuURL());
+
// select and create process instance
String processDefinitionId = ModuleRegistration.getInstance().selectProcess(ec);
- String processInstanceId = getProcessEngine().createProcessInstance(processDefinitionId, ec);
-
if (processDefinitionId == null) {
Logger.warn("No suitable process found for SessionID " + moasession.getSessionID());
throw new MOAIDException("process.02", new Object[] { moasession.getSessionID() });
- }
+ }
+
+ String processInstanceId = getProcessEngine().createProcessInstance(processDefinitionId, ec);
// keep process instance id in moa session
moasession.setProcessInstanceId(processInstanceId);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 11fa2bb42..39cb5b9c8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -28,6 +28,7 @@ import java.lang.reflect.InvocationTargetException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Collection;
+import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import java.util.Map.Entry;
@@ -623,21 +624,22 @@ public class AuthenticationManager extends MOAIDAuthConstants {
try {
if (legacyallowed && legacyparamavail) {
-
- //parse request parameter into MOASession
- StartAuthentificationParameterParser.parse(request, response, moasession, target);
-
- Logger.info("Start Authentication Module: " + moasession.getModul()
- + " Action: " + moasession.getAction());
-
- // create execution context
+
+ // create execution context
ExecutionContext executionContext = new ExecutionContextImpl();
- executionContext.put("ccc", moasession.getCcc());
- executionContext.put("useMandate", moasession.getUseMandate());
- executionContext.put("bkuURL", moasession.getBkuURL());
- executionContext.put(PARAM_SESSIONID, moasession.getSessionID());
+ executionContext.put(MOAIDAuthConstants.PARAM_SESSIONID, moasession.getSessionID());
executionContext.put("pendingRequestID", target.getRequestID());
-
+
+ executionContext.put("isLegacyRequest", true);
+
+ Enumeration<String> reqParamNames = request.getParameterNames();
+ while(reqParamNames.hasMoreElements()) {
+ String paramName = reqParamNames.nextElement();
+ if (MiscUtil.isNotEmpty(paramName))
+ executionContext.put(paramName, request.getParameter(paramName));
+
+ }
+
// create process instance
String processDefinitionId = ModuleRegistration.getInstance().selectProcess(executionContext);
@@ -660,7 +662,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
throw new MOAIDException("init.04", new Object[] {
moasession.getSessionID()});
}
-
+
// start process
processEngine.start(processInstanceId);
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthModuleImpl.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthModuleImpl.java
index 8ae4a9999..cac7359c7 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthModuleImpl.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthModuleImpl.java
@@ -2,6 +2,7 @@ package at.gv.egovernment.moa.id.auth.modules.internal;
import org.apache.commons.lang3.StringUtils;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.modules.AuthModule;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
@@ -16,8 +17,15 @@ public class DefaultAuthModuleImpl implements AuthModule {
}
@Override
- public String selectProcess(ExecutionContext context) {
- return StringUtils.isBlank((String) context.get("ccc")) ? "DefaultAuthentication" : null;
+ public String selectProcess(ExecutionContext context) {
+ //select process if BKU is selected and it is no STORK authentication
+ if (StringUtils.isBlank((String) context.get("ccc")) &&
+ StringUtils.isNotBlank((String) context.get(MOAIDAuthConstants.PARAM_BKU)))
+ return "DefaultAuthentication";
+
+ else
+ return null;
+
}
@Override
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
new file mode 100644
index 000000000..feab1ec66
--- /dev/null
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
@@ -0,0 +1,188 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
+
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser;
+import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.MOAAuthDataType;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.FileUtils;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask {
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+ */
+ @Override
+ public void execute(ExecutionContext executionContext,
+ HttpServletRequest request, HttpServletResponse response)
+ throws TaskExecutionException {
+
+ try {
+ String moasessionid = (String) executionContext.get(MOAIDAuthConstants.PARAM_SESSIONID);
+ String pendingRequestID = (String) executionContext.get("pendingRequestID");
+
+ //load pending request
+ IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID);
+ if (pendingReq == null) {
+ Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");
+ throw new MOAIDException("auth.28", new Object[]{pendingRequestID});
+
+ }
+
+ //load MOASession object
+ AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moasessionid);
+
+ boolean isLegacyRequest = false;
+ Object isLegacyRequestObj = executionContext.get("isLegacyRequest");
+ if (isLegacyRequestObj != null && isLegacyRequestObj instanceof Boolean)
+ isLegacyRequest = (boolean) isLegacyRequestObj;
+
+ if (isLegacyRequest) {
+ //parse request parameter into MOASession
+ Logger.info("Start Authentication Module: " + moasession.getModul()
+ + " Action: " + moasession.getAction());
+
+ StartAuthentificationParameterParser.parse(executionContext, request, moasession, pendingReq);
+
+ } else {
+ String bkuid = (String) executionContext.get(MOAIDAuthConstants.PARAM_BKU);
+ String useMandate = (String) executionContext.get(MOAIDAuthConstants.PARAM_USEMANDATE);
+ String ccc = (String) executionContext.get(MOAIDAuthConstants.PARAM_CCC);
+
+ //remove MOASessionID from executionContext because it is not needed any more
+
+
+ if (MiscUtil.isEmpty(bkuid) || MiscUtil.isEmpty(moasessionid)) {
+ Logger.warn("MOASessionID or BKU-type is empty. Maybe an old BKU-selection template is in use.");
+ throw new MOAIDException("auth.23", new Object[] {});
+ }
+
+ //load OA Config
+ IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
+
+ if (oaParam == null)
+ throw new AuthenticationException("auth.00", new Object[] { moasession.getOAURLRequested() });
+
+ else {
+ MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_BKUTYPE_SELECTED, bkuid);
+
+ //get Target from config or from request in case of SAML 1
+ String target = null;
+ if (MiscUtil.isNotEmpty(pendingReq.getTarget()) &&
+ pendingReq.requestedModule().equals("id_saml1"))
+ target = pendingReq.getTarget();
+ else
+ target = oaParam.getTarget();
+
+ String bkuURL = oaParam.getBKUURL(bkuid);
+ if (MiscUtil.isEmpty(bkuURL)) {
+ Logger.info("No OA specific BKU defined. Use BKU from default configuration");
+ bkuURL = AuthConfigurationProviderFactory.getInstance().getDefaultBKUURL(bkuid);
+ }
+
+ //search for OA specific template
+ String templateURL = null;
+ List<String> oaTemplateURLList = oaParam.getTemplateURL();
+ if ( oaTemplateURLList != null && oaTemplateURLList.size() > 0
+ && MiscUtil.isNotEmpty(oaTemplateURLList.get(0)) ) {
+ templateURL = oaTemplateURLList.get(0);
+
+ } else {
+ templateURL = AuthConfigurationProviderFactory.getInstance().getSLRequestTemplates(bkuid);
+ }
+
+ //make url absolut if it is a local url
+ if (MiscUtil.isNotEmpty(templateURL))
+ templateURL = FileUtils.makeAbsoluteURL(templateURL,
+ AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir());
+
+ if (oaParam.isOnlyMandateAllowed())
+ useMandate = "true";
+
+ if (!oaParam.isShowMandateCheckBox())
+ useMandate = "false";
+
+ //parse all OA parameters i
+ StartAuthentificationParameterParser.parse(moasession,
+ target,
+ moasession.getOAURLRequested(),
+ bkuURL,
+ templateURL,
+ useMandate,
+ ccc,
+ moasession.getModul(),
+ moasession.getAction(),
+ request);
+ }
+ }
+
+ executionContext.put(MOAIDAuthConstants.PARAM_USEMANDATE, moasession.getUseMandate());
+
+ // make sure moa session has been persisted before running the process
+ try {
+ AuthenticationSessionStoreage.storeSession(moasession);
+ } catch (MOADatabaseException e) {
+ Logger.error("Database Error! MOASession is not stored!");
+ throw new MOAIDException("init.04", new Object[] {
+ moasession.getSessionID()});
+ }
+
+
+ } catch (MOADatabaseException | MOAIDException e) {
+ throw new TaskExecutionException(e.getMessage(), e);
+
+ } catch (Exception e) {
+ Logger.warn("InitializeBKUAuthentication has an internal error", e);
+ throw new TaskExecutionException(e.getMessage(), e);
+
+ }
+
+ }
+
+}
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml
index e9e95e922..6bbaf6ece 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml
@@ -5,6 +5,7 @@
- National authentication with Austrian Citizen Card and mobile signature with our without mandate.
- Legacy authentication for foreign citizens using MOCCA supported signature cards.
-->
+ <pd:Task id="initializeBKUAuthentication" class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.InitializeBKUAuthenticationTask" />
<pd:Task id="createIdentityLinkForm" class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.CreateIdentityLinkFormTask" />
<pd:Task id="verifyIdentityLink" class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.VerifyIdentityLinkTask" async="true" />
<pd:Task id="verifyAuthBlock" class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.VerifyAuthenticationBlockTask" async="true" />
@@ -19,7 +20,9 @@
<!-- Process is triggered either by GenerateIFrameTemplateServlet (upon bku selection) or by AuthenticationManager (upon legacy authentication start using legacy parameters. -->
<pd:StartEvent id="start" />
- <pd:Transition from="start" to="createIdentityLinkForm" />
+ <pd:Transition from="start" to="initializeBKUAuthentication" />
+
+ <pd:Transition from="initializeBKUAuthentication" to="createIdentityLinkForm" />
<pd:Transition from="createIdentityLinkForm" to="verifyIdentityLink" />
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java
index a8792cd8f..ef61739f8 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java
@@ -116,13 +116,14 @@ public class CreateStorkAuthRequestFormTask extends AbstractAuthServletTask {
try {
setNoCachingHeaders(resp);
- sessionID = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_SESSIONID));
+ sessionID = (String) executionContext.get(PARAM_SESSIONID);
+ pendingRequestID = (String) executionContext.get("pendingRequestID");
+
// check parameter
if (!ParamValidatorUtils.isValidSessionID(sessionID)) {
throw new WrongParametersException("CreateStorkAuthRequestFormTask", PARAM_SESSIONID, "auth.12");
}
- AuthenticationSession moasession = BaseAuthenticationServer.getSession(sessionID);
- pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
+ AuthenticationSession moasession = BaseAuthenticationServer.getSession(sessionID);
IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID);
if (StringUtils.isEmpty(moasession.getCcc())) {