diff options
Diffstat (limited to 'id')
5 files changed, 76 insertions, 39 deletions
diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml index 42085b01e..fb3888a3e 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/web.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/web.xml @@ -1,8 +1,25 @@ <?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN' 'http://java.sun.com/dtd/web-app_2_3.dtd'> -<web-app> +<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" + version="3.0"> <display-name>MOA ID Auth</display-name> <description>MOA ID Authentication Service</description> + + <!-- bootstrap loader for spring framework --> + <listener> + <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> + </listener> + + <!-- exposes request and response to the current thread --> + <filter> + <filter-name>requestContextFilter</filter-name> + <filter-class>org.springframework.web.filter.RequestContextFilter</filter-class> + </filter> + <filter-mapping> + <filter-name>requestContextFilter</filter-name> + <url-pattern>/*</url-pattern> + </filter-mapping> + <!-- <servlet> <servlet-name>SelectBKU</servlet-name> <display-name>SelectBKU</display-name> @@ -10,63 +27,63 @@ <servlet-class>at.gv.egovernment.moa.id.auth.servlet.SelectBKUServlet</servlet-class> </servlet> --> <servlet> - <servlet-name>GenerateIframeTemplate</servlet-name> - <display-name>GenerateIframeTemplate</display-name> <description>Generate BKU Request template</description> + <display-name>GenerateIframeTemplate</display-name> + <servlet-name>GenerateIframeTemplate</servlet-name> <servlet-class>at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet</servlet-class> </servlet> <servlet> - <servlet-name>RedirectServlet</servlet-name> <display-name>RedirectServlet</display-name> + <servlet-name>RedirectServlet</servlet-name> <servlet-class>at.gv.egovernment.moa.id.auth.servlet.RedirectServlet</servlet-class> </servlet> <servlet> - <servlet-name>MonitoringServlet</servlet-name> <display-name>MonitoringServlet</display-name> + <servlet-name>MonitoringServlet</servlet-name> <servlet-class>at.gv.egovernment.moa.id.auth.servlet.MonitoringServlet</servlet-class> </servlet> <servlet> - <servlet-name>SSOSendAssertionServlet</servlet-name> <display-name>SSOSendAssertionServlet</display-name> + <servlet-name>SSOSendAssertionServlet</servlet-name> <servlet-class>at.gv.egovernment.moa.id.auth.servlet.SSOSendAssertionServlet</servlet-class> </servlet> <servlet> - <servlet-name>LogOut</servlet-name> - <display-name>LogOut</display-name> <description>SSO LogOut</description> + <display-name>LogOut</display-name> + <servlet-name>LogOut</servlet-name> <servlet-class>at.gv.egovernment.moa.id.auth.servlet.LogOutServlet</servlet-class> </servlet> <servlet> - <servlet-name>IDPSLO</servlet-name> - <display-name>IDP-SLO</display-name> <description>IDP Single LogOut Service</description> + <display-name>IDP-SLO</display-name> + <servlet-name>IDPSLO</servlet-name> <servlet-class>at.gv.egovernment.moa.id.auth.servlet.IDPSingleLogOutServlet</servlet-class> </servlet> <servlet> - <servlet-name>VerifyIdentityLink</servlet-name> - <display-name>VerifyIdentityLink</display-name> <description>Verify identity link coming from security layer</description> + <display-name>VerifyIdentityLink</display-name> + <servlet-name>VerifyIdentityLink</servlet-name> <servlet-class>at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet</servlet-class> </servlet> <servlet> - <servlet-name>VerifyCertificate</servlet-name> - <display-name>VerifyCertificate</display-name> <description>Verify the certificate coming from security layer</description> + <display-name>VerifyCertificate</display-name> + <servlet-name>VerifyCertificate</servlet-name> <servlet-class>at.gv.egovernment.moa.id.auth.servlet.VerifyCertificateServlet</servlet-class> </servlet> <servlet> - <servlet-name>GetMISSessionID</servlet-name> - <display-name>GetMISSessionID</display-name> <description>Get the MIS session ID coming from security layer</description> + <display-name>GetMISSessionID</display-name> + <servlet-name>GetMISSessionID</servlet-name> <servlet-class>at.gv.egovernment.moa.id.auth.servlet.GetMISSessionIDServlet</servlet-class> </servlet> <servlet> - <servlet-name>GetForeignID</servlet-name> - <display-name>GetForeignID</display-name> <description>Gets the foreign eID from security layer</description> + <display-name>GetForeignID</display-name> + <servlet-name>GetForeignID</servlet-name> <servlet-class>at.gv.egovernment.moa.id.auth.servlet.GetForeignIDServlet</servlet-class> </servlet> <!-- <servlet> @@ -76,9 +93,9 @@ <servlet-class>at.gv.egovernment.moa.id.auth.servlet.ProcessValidatorInputServlet</servlet-class> </servlet> --> <servlet> - <servlet-name>VerifyAuthBlock</servlet-name> - <display-name>VerifyAuthBlock</display-name> <description>Verify AUTH block coming from security layer</description> + <display-name>VerifyAuthBlock</display-name> + <servlet-name>VerifyAuthBlock</servlet-name> <servlet-class>at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet</servlet-class> </servlet> <!-- <servlet> @@ -89,8 +106,8 @@ <servlet-class>at.gv.egovernment.moa.id.auth.servlet.ConfigurationServlet</servlet-class> </servlet> --> <servlet> - <servlet-name>AxisServlet</servlet-name> <display-name>Apache-Axis Servlet</display-name> + <servlet-name>AxisServlet</servlet-name> <servlet-class>org.apache.axis.transport.http.AxisServlet</servlet-class> </servlet> @@ -100,18 +117,18 @@ <servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class> </servlet> --> <servlet> - <servlet-name>PEPSConnectorServlet</servlet-name> - <display-name>PEPSConnectorServlet</display-name> <description>Servlet receiving STORK SAML Response Messages from different C-PEPS</description> + <display-name>PEPSConnectorServlet</display-name> + <servlet-name>PEPSConnectorServlet</servlet-name> <servlet-class> at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet</servlet-class> </servlet> <servlet> - <servlet-name>PEPSConnectorWithLocalSigningServlet</servlet-name> - <display-name>PEPSConnectorWithLocalSigningServlet</display-name> <description>Servlet receiving STORK SAML Response Messages from different C-PEPS</description> + <display-name>PEPSConnectorWithLocalSigningServlet</display-name> + <servlet-name>PEPSConnectorWithLocalSigningServlet</servlet-name> <servlet-class> at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorWithLocalSigningServlet</servlet-class> </servlet> @@ -124,8 +141,8 @@ <load-on-startup>1</load-on-startup> </servlet>--> <servlet> - <servlet-name>DispatcherServlet</servlet-name> <display-name>Dispatcher Servlet</display-name> + <servlet-name>DispatcherServlet</servlet-name> <servlet-class>at.gv.egovernment.moa.id.entrypoints.DispatcherServlet</servlet-class> <load-on-startup>1</load-on-startup> </servlet> diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html b/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html index 7e2ddc491..f19cc5320 100644 --- a/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html +++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html @@ -794,13 +794,13 @@ <div id="localBKU"> <form method="get" id="moaidform" action="#AUTH_URL#" class="verticalcenter" target="_parent"> - <input type="hidden" name="bkuURI" value="#LOCAL#"> <input - type="hidden" name="useMandate" id="useMandate"> <input - type="hidden" name="SSO" id="useSSO"> <input - type="hidden" name="CCC" id="ccc"> <input type="hidden" - name="MODUL" value="#MODUL#"> <input type="hidden" - name="ACTION" value="#ACTION#"> <input type="hidden" - name="MOASessionID" value="#SESSIONID#"> + <input type="hidden" name="bkuURI" value="#LOCAL#"> + <input type="hidden" name="useMandate" id="useMandate"> + <input type="hidden" name="SSO" id="useSSO"> + <input type="hidden" name="CCC" id="ccc"> + <input type="hidden" name="MODUL" value="#MODUL#"> + <input type="hidden" name="ACTION" value="#ACTION#"> + <input type="hidden" name="MOASessionID" value="#SESSIONID#"> <input type="submit" value=">lokale Bürgerkartenumgebung" tabindex="4" role="button" class="hell" onclick="setMandateSelection();" diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java index 9e2e845b5..20c32a3ec 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java @@ -197,6 +197,7 @@ public class GetMISSessionIDServlet extends AuthServlet { // for now: list contains only one element MISMandate mandate = (MISMandate) list.get(0); + // TODO[tlenz]: UTF-8 ? String sMandate = new String(mandate.getMandate()); if (sMandate == null || sMandate.compareToIgnoreCase("") == 0) { Logger.error("Mandate is empty."); @@ -206,6 +207,7 @@ public class GetMISSessionIDServlet extends AuthServlet { //check if it is a parsable XML byte[] byteMandate = mandate.getMandate(); + // TODO[tlenz]: UTF-8 ? String stringMandate = new String(byteMandate); DOMUtils.parseDocument(stringMandate, false, null, null).getDocumentElement(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorWithLocalSigningServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorWithLocalSigningServlet.java index 3bc79f8bd..165445ea5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorWithLocalSigningServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorWithLocalSigningServlet.java @@ -473,6 +473,7 @@ public class PEPSConnectorWithLocalSigningServlet extends AuthServlet { Logger.info("Found AttributeProviderPlugin attribute:"+ap.getAttributes()); if(ap.getAttributes().equalsIgnoreCase("signedDoc")) { + // FIXME[tlenz]: A servlet's class field is not thread safe. oasisDssWebFormURL = ap.getUrl(); found = true; Logger.info("Loaded signedDoc attribute provider url from config:"+oasisDssWebFormURL); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index 03cb6c1c4..a4c5c938f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -23,7 +23,6 @@ package at.gv.egovernment.moa.id.entrypoints; import java.io.IOException; - import java.util.Iterator; import javax.servlet.ServletConfig; @@ -97,10 +96,13 @@ public class DispatcherServlet extends AuthServlet{ boolean useSSOOA = false; String protocolRequestID = null; - try { Logger.info("REQUEST: " + req.getRequestURI()); Logger.info("QUERY : " + req.getQueryString()); + + +// *** start of error handling *** + String errorid = req.getParameter(ERROR_CODE_PARAM); if (errorid != null) { @@ -117,7 +119,7 @@ public class DispatcherServlet extends AuthServlet{ pendingRequestID = (String) idObject; } - if (throwable != null) { + if (throwable != null) { IRequest errorRequest = null; if (pendingRequestID != null) { @@ -173,6 +175,11 @@ public class DispatcherServlet extends AuthServlet{ return; } +// *** end of error handling *** + + +// *** start of protocol specific stuff *** + Object moduleObject = req.getParameter(PARAM_TARGET_MODULE); String module = null; if (moduleObject != null && (moduleObject instanceof String)) { @@ -357,7 +364,11 @@ public class DispatcherServlet extends AuthServlet{ } } - + +// *** end of protocol specific stuff *** + +// *** start handling authentication *** + AuthenticationManager authmanager = AuthenticationManager.getInstance(); String moasessionID = null; @@ -473,7 +484,11 @@ public class DispatcherServlet extends AuthServlet{ //build authenticationdata from session information and OA configuration authData = AuthenticationDataBuilder.buildAuthenticationData(protocolRequest, moasession); } - + +// *** end handling authentication *** + +// *** start finalizing authentication (SSO, final redirects, statistic logging etc) *** + SLOInformationInterface assertionID = moduleAction.processRequest(protocolRequest, req, resp, authData); RequestStorage.removePendingRequest(protocolRequestID); @@ -506,6 +521,8 @@ public class DispatcherServlet extends AuthServlet{ } +// *** end finalizing authentication *** + } catch (Throwable e) { Logger.warn("An authentication error occured: ", e);; // Try handle module specific, if not possible rethrow |