aboutsummaryrefslogtreecommitdiff
path: root/id
diff options
context:
space:
mode:
Diffstat (limited to 'id')
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBackChannelServlet.java9
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java4
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OABPKEncryption.java12
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java4
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java12
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java4
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java12
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java22
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java46
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java12
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java8
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java4
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAFileUploadValidation.java2
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OATargetConfigValidation.java8
-rw-r--r--id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java36
-rw-r--r--id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralPVP2XConfigurationTask.java24
-rw-r--r--id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java8
-rw-r--r--id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java4
-rw-r--r--id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesBKUSelectionTask.java20
-rw-r--r--id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesGeneralInformationTask.java4
-rw-r--r--id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesTargetTask.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java3
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/ValidationHelper.java13
-rw-r--r--id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractGUIFormBuilderConfiguration.java3
-rw-r--r--id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java27
-rw-r--r--id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java20
-rw-r--r--id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithDBLoad.java2
-rw-r--r--id/server/moa-id-frontend-resources/src/main/resources/mainGUI/iframeLBKUdetect.html3
-rw-r--r--id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java58
-rw-r--r--id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java2
31 files changed, 220 insertions, 178 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBackChannelServlet.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBackChannelServlet.java
index 17d3d9e50..f2c95f391 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBackChannelServlet.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBackChannelServlet.java
@@ -33,6 +33,7 @@ import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.lang.StringEscapeUtils;
import org.opensaml.common.SAMLObject;
import org.opensaml.common.binding.BasicSAMLMessageContext;
import org.opensaml.saml2.binding.encoding.HTTPSOAP11Encoder;
@@ -144,19 +145,19 @@ public class SLOBackChannelServlet extends SLOBasicServlet {
} catch (MessageDecodingException | SecurityException | NoSuchAlgorithmException | ConfigurationException | ValidationException e) {
log.error("SLO message processing FAILED." , e);
- response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
+ response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, StringEscapeUtils.escapeHtml(e.getMessage()));
} catch (CertificateException e) {
log.error("SLO message processing FAILED." , e);
- response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
+ response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, StringEscapeUtils.escapeHtml(e.getMessage()));
} catch (KeyStoreException e) {
log.error("SLO message processing FAILED." , e);
- response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
+ response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, StringEscapeUtils.escapeHtml(e.getMessage()));
} catch (MessageEncodingException e) {
log.error("SLO message processing FAILED." , e);
- response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
+ response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, StringEscapeUtils.escapeHtml(e.getMessage()));
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java
index 5ee2ee6a7..b3f7c1f79 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java
@@ -352,10 +352,10 @@ public class FormularCustomization implements IOnlineApplicationData {
//validate aditionalAuthBlockText
check = getAditionalAuthBlockText();
if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.warn("AditionalAuthBlockText contains potentail XSS characters: " + check);
errors.add(LanguageHelper.getErrorString("validation.general.aditionalauthblocktext",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
}
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OABPKEncryption.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OABPKEncryption.java
index b2cd18c26..bac69cf34 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OABPKEncryption.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OABPKEncryption.java
@@ -203,10 +203,10 @@ public class OABPKEncryption implements IOnlineApplicationData {
errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyStorePassword.empty", request));
} else {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.warn("bPK decryption keystore password contains potentail XSS characters: " + check);
errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyStorePassword.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
}
@@ -217,20 +217,20 @@ public class OABPKEncryption implements IOnlineApplicationData {
errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyAlias.empty", request));
} else {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.warn("bPK decryption key alias contains potentail XSS characters: " + check);
errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyAlias.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
}
check = getKeyPassword();
if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.warn("bPK decryption key password contains potentail XSS characters: " + check);
errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyPassword.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java
index 4cb7eba2d..c51513193 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java
@@ -117,10 +117,10 @@ public class OAGeneralConfig implements IOnlineApplicationData{
//check OA FriendlyName
check = getFriendlyName();
if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.warn("OAFriendlyName contains potentail XSS characters: " + check);
errors.add(LanguageHelper.getErrorString("validation.general.oafriendlyname.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
} else {
log.info("OA friendlyName is empty");
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java
index 4fecd89c1..df1786402 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java
@@ -159,10 +159,10 @@ public class IndexAction extends BasicAction {
String key = null;
if (MiscUtil.isNotEmpty(username)) {
- if (ValidationHelper.containsPotentialCSSCharacter(username, false)) {
+ if (ValidationHelper.containsNotValidCharacter(username, false)) {
log.warn("Username contains potentail XSS characters: " + username);
addActionError(LanguageHelper.getErrorString("validation.edituser.username.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
return Constants.STRUTS_ERROR;
}
} else {
@@ -614,10 +614,10 @@ public class IndexAction extends BasicAction {
if (!sessionform.isIsmandateuser()) {
check = user.getInstitut();
if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.warn("Organisation contains potentail XSS characters: " + check);
addActionError(LanguageHelper.getErrorString("validation.edituser.institut.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
} else {
log.warn("Organisation is empty");
@@ -630,7 +630,7 @@ public class IndexAction extends BasicAction {
if (!ValidationHelper.isEmailAddressFormat(check)) {
log.warn("Mailaddress is not valid: " + check);
addActionError(LanguageHelper.getErrorString("validation.edituser.mail.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
} else {
log.warn("Mailaddress is empty");
@@ -642,7 +642,7 @@ public class IndexAction extends BasicAction {
if (!ValidationHelper.validatePhoneNumber(check)) {
log.warn("No valid Phone Number: " + check);
addActionError(LanguageHelper.getErrorString("validation.edituser.phone.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
} else {
log.warn("Phonenumber is empty");
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java
index c6b0965fe..ca018d5b0 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java
@@ -132,10 +132,10 @@ public class ListOAsAction extends BasicAction {
return Constants.STRUTS_SUCCESS;
} else {
- if (ValidationHelper.containsPotentialCSSCharacter(friendlyname, false)) {
+ if (ValidationHelper.containsNotValidCharacter(friendlyname, false)) {
log.warn("SearchOA textfield contains potential XSS characters");
addActionError(LanguageHelper.getErrorString("validation.general.oafriendlyname.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request));
return Constants.STRUTS_SUCCESS;
}
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java
index c9a174813..4ef4bc762 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java
@@ -94,10 +94,10 @@ public class FormularCustomizationValitator {
check = form.getHeader_text();
if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.warn("HeaderText contains potentail XSS characters: " + check);
errors.add(LanguageHelper.getErrorString("validation.general.form.header.text",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
}
@@ -144,10 +144,10 @@ public class FormularCustomizationValitator {
check = form.getFontType();
if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, true)) {
+ if (ValidationHelper.containsNotValidCharacter(check, true)) {
log.warn("FontType contains potentail XSS characters: " + check);
errors.add(LanguageHelper.getErrorString("validation.general.form.fonttype",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(true)}, request ));
}
}
@@ -156,7 +156,7 @@ public class FormularCustomizationValitator {
if (!ValidationHelper.validateNumber(check)) {
log.warn("Applet height "+ check + " is no valid number");
errors.add(LanguageHelper.getErrorString("validation.general.form.applet.height",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(true)}, request ));
}
}
@@ -165,7 +165,7 @@ public class FormularCustomizationValitator {
if (!ValidationHelper.validateNumber(check)) {
log.warn("Applet width "+ check + " is no valid number");
errors.add(LanguageHelper.getErrorString("validation.general.form.applet.width",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(true)}, request ));
}
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java
index 44afd0599..f0594c38d 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java
@@ -62,10 +62,10 @@ public class UserDatabaseFormValidator {
if (!isPVP2Generated) {
check = form.getGivenName();
if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.warn("GivenName contains potentail XSS characters: " + check);
errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
} else {
log.warn("GivenName is empty");
@@ -75,10 +75,10 @@ public class UserDatabaseFormValidator {
check = form.getFamilyName();
if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.warn("FamilyName contains potentail XSS characters: " + check);
errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
} else {
log.warn("FamilyName is empty");
@@ -89,10 +89,10 @@ public class UserDatabaseFormValidator {
if (!isMandateUser) {
check = form.getInstitut();
if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.warn("Organisation contains potentail XSS characters: " + check);
errors.add(LanguageHelper.getErrorString("validation.edituser.institut.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
} else {
log.warn("Organisation is empty");
@@ -105,7 +105,7 @@ public class UserDatabaseFormValidator {
if (!ValidationHelper.isEmailAddressFormat(check)) {
log.warn("Mailaddress is not valid: " + check);
errors.add(LanguageHelper.getErrorString("validation.edituser.mail.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
} else {
log.warn("Mailaddress is empty");
@@ -114,10 +114,10 @@ public class UserDatabaseFormValidator {
check = form.getPhone();
if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.warn("Phonenumber contains potentail XSS characters: " + check);
errors.add(LanguageHelper.getErrorString("validation.edituser.phone.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
} else {
log.warn("Phonenumber is empty");
@@ -127,10 +127,10 @@ public class UserDatabaseFormValidator {
if (form.isIsusernamepasswordallowed()) {
check = form.getUsername();
if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.warn("Username contains potentail XSS characters: " + check);
errors.add(LanguageHelper.getErrorString("validation.edituser.username.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
} else {
UserDatabase dbuser = newConfigRead.getUserWithUserName(check);
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java
index 70c43d9b4..717a0c827 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java
@@ -55,10 +55,10 @@ public class MOAConfigValidator {
String check = form.getSaml1SourceID();
if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.warn("SAML1 SourceID contains potentail XSS characters: " + check);
errors.add(LanguageHelper.getErrorString("validation.general.SAML1SourceID",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
}
@@ -217,10 +217,10 @@ public class MOAConfigValidator {
log.info("Empty MOA-SP/SS Authblock TrustProfile");
errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.empty", request));
} else {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.info("Authblock TrustProfile is not valid: " +check);
errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
}
@@ -229,10 +229,10 @@ public class MOAConfigValidator {
log.info("Empty MOA-SP/SS IdentityLink TrustProfile");
errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.empty", request));
} else {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.info("IdentityLink TrustProfile is not valid: " +check);
errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
}
@@ -241,10 +241,10 @@ public class MOAConfigValidator {
log.info("Empty MOA-SP/SS Test-Authblock TrustProfile");
errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.test.empty", request));
} else {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.info("Test-Authblock TrustProfile is not valid: " +check);
errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.test.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
}
@@ -253,10 +253,10 @@ public class MOAConfigValidator {
log.info("Empty MOA-SP/SS Test-IdentityLink TrustProfile");
errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.test.empty", request));
} else {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.info("Test-IdentityLink TrustProfile is not valid: " +check);
errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.test.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
}
@@ -271,28 +271,28 @@ public class MOAConfigValidator {
check = form.getPvp2IssuerName();
if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.info("PVP2 IssuerName is not valid: " + check);
errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.issuername.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
}
check = form.getPvp2OrgDisplayName();
if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.info("PVP2 organisation display name is not valid: " + check);
errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.displayname.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
}
check = form.getPvp2OrgName();
if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.info("PVP2 organisation name is not valid: " + check);
errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.name.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
}
@@ -347,10 +347,10 @@ public class MOAConfigValidator {
check = form.getSsoFriendlyName();
if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.info("SSO friendlyname is not valid: " + check);
errors.add(LanguageHelper.getErrorString("validation.general.sso.friendlyname.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
}
@@ -373,10 +373,10 @@ public class MOAConfigValidator {
check = form.getSsoSpecialText();
if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, true)) {
+ if (ValidationHelper.containsNotValidCharacter(check, true)) {
log.info("SSO SpecialText is not valid: " + check);
errors.add(LanguageHelper.getErrorString("validation.general.sso.specialauthtext.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(true)} , request));
+ new Object[] {ValidationHelper.getNotValidCharacter(true)} , request));
}
}
@@ -388,10 +388,10 @@ public class MOAConfigValidator {
} else {
if (!ValidationHelper.isValidAdminTarget(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.warn("IdentificationNumber contains potentail XSS characters: " + check);
errors.add(LanguageHelper.getErrorString("validation.general.sso.target.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
String num = check.replaceAll(" ", "");
@@ -440,7 +440,7 @@ public class MOAConfigValidator {
String filename = form.getFileUploadFileName().get(i);
if (MiscUtil.isNotEmpty(filename)) {
- if (ValidationHelper.containsPotentialCSSCharacter(filename, false)) {
+ if (ValidationHelper.containsNotValidCharacter(filename, false)) {
log.info("SL Transformation Filename is not valid");
errors.add(LanguageHelper.getErrorString("validation.general.slrequest.filename.valid", request));
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java
index e4a091c7e..f7edbee71 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java
@@ -52,28 +52,28 @@ public class PVP2ContactValidator {
String check = contact.getCompany();
if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.info("PVP2 Contact: Company is not valid: " + check);
errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.company.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
}
check = contact.getGivenname();
if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.info("PVP2 Contact: GivenName is not valid: " + check);
errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.givenname.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
}
check = contact.getSurname();
if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.info("PVP2 Contact: SureName is not valid: " + check);
errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.surename.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java
index fbd2f3bb3..41fce8e60 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java
@@ -38,10 +38,10 @@ public class StorkConfigValidator {
// check country code
String check = current.getCountryCode();
if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.warn("CPEPS config countrycode contains potentail XSS characters: " + check);
errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.cc",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
if(!check.toLowerCase().matches("(^[a-z][a-z]$)|(^[a-z][a-z]-[a-z,0-9]*)")) {
log.warn("CPEPS config countrycode does not comply to ISO 3166-2 : " + check);
@@ -95,10 +95,10 @@ public class StorkConfigValidator {
for(StorkAttribute check : form.getAttributes()) {
if (check != null && MiscUtil.isNotEmpty(check.getName())) {
String tmp = check.getName().replace("eidas/attributes/", ""); // since eIDaS attributes come with a "/", we need to exclude them from validation. TODO Or should we require the admin to escape them in the UI?
- if (ValidationHelper.containsPotentialCSSCharacter(tmp, true)) {
+ if (ValidationHelper.containsNotValidCharacter(tmp, true)) {
log.warn("default attributes contains potentail XSS characters: " + check);
errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(true)}, request ));
}
if(!tmp.toLowerCase().matches("^[A-Za-z]*$")) {
log.warn("default attributes do not match the requested format : " + check);
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java
index 7e6396b75..a758088b1 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java
@@ -140,10 +140,10 @@ public class OAAuthenticationDataValidation {
errors.add(LanguageHelper.getErrorString("validation.general.mandate.usemandate", request));
}
- if (ValidationHelper.containsPotentialCSSCharacter(check, true)) {
+ if (ValidationHelper.containsNotValidCharacter(check, true)) {
log.warn("MandateProfiles contains potentail XSS characters: " + check);
errors.add(LanguageHelper.getErrorString("validation.general.mandate.profiles",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(true)}, request ));
}
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAFileUploadValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAFileUploadValidation.java
index d2dac3b28..2011a07f1 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAFileUploadValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAFileUploadValidation.java
@@ -66,7 +66,7 @@ public class OAFileUploadValidation {
String filename = fileName.get(i);
if (MiscUtil.isNotEmpty(filename)) {
- if (ValidationHelper.containsPotentialCSSCharacter(filename, false)) {
+ if (ValidationHelper.containsNotValidCharacter(filename, false)) {
log.info("Filename is not valid");
errors.add(LanguageHelper.getErrorString(errorMsgPreFix + ".filename.valid", request));
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OATargetConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OATargetConfigValidation.java
index 0062beb96..ca0231577 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OATargetConfigValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OATargetConfigValidation.java
@@ -64,10 +64,10 @@ public class OATargetConfigValidation {
errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.empty", request));
} else {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.warn("IdentificationNumber contains potentail XSS characters: " + check);
errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
if (form.getIdentificationType().equals(Constants.IDENIFICATIONTYPE_FN)) {
@@ -129,10 +129,10 @@ public class OATargetConfigValidation {
//check targetFrindlyName();
check = form.getTargetFriendlyName();
if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.warn("TargetFriendlyName contains potentail XSS characters: " + check);
errors.add(LanguageHelper.getErrorString("validation.general.targetfriendlyname",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
}
}
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java
index e229b6ef4..c9ad63121 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java
@@ -106,13 +106,13 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme
String check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_SAML1_SOURCEID, getKeyPrefix()));
if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.warn("SAML1 SourceID contains potentail XSS characters: " + check);
errors.add(new ValidationObjectIdentifier(
MOAIDConfigurationConstants.GENERAL_PROTOCOLS_SAML1_SOURCEID,
"SAML1 - SourceID",
LanguageHelper.getErrorString("validation.general.SAML1SourceID",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)})));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)})));
}
}
@@ -293,13 +293,13 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme
"MOA-SP - AuthBlocktransformation",
LanguageHelper.getErrorString("validation.general.moasp.auth.transformation.empty")));
} else {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.info("IdentityLinkSigners is not valid: " + check);
errors.add(new ValidationObjectIdentifier(
MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_AUTHBLOCK_TRANSFORM,
"MOA-SP - AuthBlocktransformationx",
LanguageHelper.getErrorString("validation.general.moasp.auth.transformation.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)} )));
}
}
@@ -312,13 +312,13 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme
"MOA-SP - TrustProfile AuthBlock",
LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.empty")));
} else {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.info("Authblock TrustProfile is not valid: " +check);
errors.add(new ValidationObjectIdentifier(
MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_AUTHBLOCK_PROD,
"MOA-SP - TrustProfile AuthBlock",
LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}) ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}) ));
}
}
@@ -330,13 +330,13 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme
"MOA-SP - TrustProfile IdL",
LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.empty")));
} else {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.info("IdentityLink TrustProfile is not valid: " +check);
errors.add(new ValidationObjectIdentifier(
MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_IDL_PROD,
"MOA-SP - TrustProfile IdL",
LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}) ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}) ));
}
}
@@ -348,13 +348,13 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme
"MOA-SP - Test-TrustProfile AuthBlock",
LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.test.empty")));
} else {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.info("Authblock Test-TrustProfile is not valid: " +check);
errors.add(new ValidationObjectIdentifier(
MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_AUTHBLOCK_PROD,
"MOA-SP - Test-TrustProfile AuthBlock",
LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.test.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}) ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}) ));
}
}
@@ -366,13 +366,13 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme
"MOA-SP - Test-TrustProfile IdL",
LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.test.empty")));
} else {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.info("IdentityLink Test-TrustProfile is not valid: " +check);
errors.add(new ValidationObjectIdentifier(
MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_TRUSTPROFILE_IDL_PROD,
"MOA-SP - Test-TrustProfile IdL",
LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.test.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}) ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}) ));
}
}
@@ -430,25 +430,25 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme
check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SSO_SERVICENAME, getKeyPrefix()));
if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.info("SSO friendlyname is not valid: " + check);
errors.add(new ValidationObjectIdentifier(
MOAIDConfigurationConstants.GENERAL_AUTH_SSO_SERVICENAME,
"SSO - Servicename",
LanguageHelper.getErrorString("validation.general.sso.friendlyname.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}) ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}) ));
}
}
check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SSO_AUTHBLOCK_TEXT, getKeyPrefix()));
if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, true)) {
+ if (ValidationHelper.containsNotValidCharacter(check, true)) {
log.info("SSO SpecialText is not valid: " + check);
errors.add(new ValidationObjectIdentifier(
MOAIDConfigurationConstants.GENERAL_AUTH_SSO_AUTHBLOCK_TEXT,
"SSO - AuthBlocktext",
LanguageHelper.getErrorString("validation.general.sso.specialauthtext.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(true)} )));
+ new Object[] {ValidationHelper.getNotValidCharacter(true)} )));
}
}
@@ -465,13 +465,13 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme
//TODO: maybe store full bPK target (incl. prefix)
if (!ValidationHelper.isValidAdminTarget(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.warn("IdentificationNumber contains potentail XSS characters: " + check);
errors.add(new ValidationObjectIdentifier(
MOAIDConfigurationConstants.GENERAL_AUTH_SSO_TARGET,
"SSO - Target",
LanguageHelper.getErrorString("validation.general.sso.target.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}) ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}) ));
}
String num = check.replaceAll(" ", "");
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralPVP2XConfigurationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralPVP2XConfigurationTask.java
index a593b5461..cdd2a7ce2 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralPVP2XConfigurationTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralPVP2XConfigurationTask.java
@@ -90,35 +90,35 @@ public class GeneralPVP2XConfigurationTask extends AbstractTaskValidator impleme
String check =
input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_SERVICENAMME, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL));
if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
logger.info("PVP2 IssuerName is not valid: " + check);
errors.add(new ValidationObjectIdentifier(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_SERVICENAMME,
"Service Name",
LanguageHelper.getErrorString("validation.general.protocol.pvp2.issuername.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)})));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)})));
}
}
check =
input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_ORG_FULLNAME, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL));
if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
logger.info("PVP2 organisation display name is not valid: " + check);
errors.add(new ValidationObjectIdentifier(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_ORG_FULLNAME,
"Organisation - Full name",
LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.displayname.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)})));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)})));
}
}
check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_ORG_SHORTNAME, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL));
if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
logger.info("PVP2 organisation name is not valid: " + check);
errors.add(new ValidationObjectIdentifier(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_ORG_SHORTNAME,
"Organisation - Short name",
LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.name.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)})));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)})));
}
}
@@ -135,34 +135,34 @@ public class GeneralPVP2XConfigurationTask extends AbstractTaskValidator impleme
check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_CONTACT_COMPANY, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL));
if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
logger.info("PVP2 Contact: Company is not valid: " + check);
errors.add(new ValidationObjectIdentifier(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_CONTACT_COMPANY,
"Contact - Company",
LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.company.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)})));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)})));
}
}
check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_CONTACT_GIVENNAME, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL));
if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
logger.info("PVP2 Contact: GivenName is not valid: " + check);
errors.add(new ValidationObjectIdentifier(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_CONTACT_GIVENNAME,
"Contact - GivenName",
LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.givenname.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)})));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)})));
}
}
check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_CONTACT_FAMLIYNAME, MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL));
if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
logger.info("PVP2 Contact: SureName is not valid: " + check);
errors.add(new ValidationObjectIdentifier(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_CONTACT_FAMLIYNAME,
"Contact - FamilyName",
LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.surename.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)})));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)})));
}
}
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java
index df67ca2f1..309e0745b 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java
@@ -116,14 +116,14 @@ public static final List<String> KEYWHITELIST;
log.trace("Extract C-PEPS for country: " + cc + " with URL:" + url);
if (!validatedCPeps.containsKey(cc)) {
if (MiscUtil.isNotEmpty(cc)) {
- if (ValidationHelper.containsPotentialCSSCharacter(cc, false)) {
+ if (ValidationHelper.containsNotValidCharacter(cc, false)) {
log.warn("CPEPS config countrycode contains potentail XSS characters: " + cc);
errors.add(new ValidationObjectIdentifier(
MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST
+ "." + cpepsKey,
"STORK - CPEPS Country",
LanguageHelper.getErrorString("validation.stork.cpeps.cc",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)})));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)})));
}
if(!cc.toLowerCase().matches("(^[a-z][a-z]$)|(^[a-z][a-z]-[a-z,0-9]*)")) {
log.warn("CPEPS config countrycode does not comply to ISO 3166-2 : " + cc);
@@ -215,13 +215,13 @@ public static final List<String> KEYWHITELIST;
String value = attributeList.get(key);
value = value.replace("eidas/attributes/", ""); // since eIDaS attributes come with a "/", we need to exclude them from validation. TODO Or should we require the admin to escape them in the UI?
if (!validatedAttributes.contains(value)) {
- if (ValidationHelper.containsPotentialCSSCharacter(value, true)) {
+ if (ValidationHelper.containsNotValidCharacter(value, true)) {
log.warn("default attributes contains potentail XSS characters: " + value);
errors.add(new ValidationObjectIdentifier(
MOAIDConfigurationConstants.GENERAL_AUTH_STORK_QAA,
"STORK - Attributes",
LanguageHelper.getErrorString("validation.stork.requestedattributes",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(true)})));
+ new Object[] {ValidationHelper.getNotValidCharacter(true)})));
}
if(!value.toLowerCase().matches("^[A-Za-z]*$")) {
log.warn("default attributes do not match the requested format : " + value);
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java
index 05467c3bc..25855dcb6 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java
@@ -220,13 +220,13 @@ public class ServicesAuthenticationInformationTask extends AbstractTaskValidator
String checkUseMandate = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_MANDATES_OVS_USE);
if (MiscUtil.isNotEmpty(checkUseMandate) && Boolean.parseBoolean(checkUseMandate)) {
check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_MANDATES_OVS_PROFILES);
- if (ValidationHelper.containsPotentialCSSCharacter(check, true)) {
+ if (ValidationHelper.containsNotValidCharacter(check, true)) {
log.warn("MandateProfiles contains potentail XSS characters: " + check);
errors.add(new ValidationObjectIdentifier(
MOAIDConfigurationConstants.SERVICE_AUTH_MANDATES_OVS_PROFILES,
"Mandates - Profiles",
LanguageHelper.getErrorString("validation.general.mandate.profiles",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}) ));
+ new Object[] {ValidationHelper.getNotValidCharacter(true)}) ));
}
}
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesBKUSelectionTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesBKUSelectionTask.java
index f8ce21c99..83e6cb234 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesBKUSelectionTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesBKUSelectionTask.java
@@ -153,13 +153,13 @@ public class ServicesBKUSelectionTask extends AbstractTaskValidator implements I
//validate aditionalAuthBlockText
String check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_AUTHBLOCKTEXT);
if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.warn("AditionalAuthBlockText contains potentail XSS characters: " + check);
errors.add(new ValidationObjectIdentifier(
MOAIDConfigurationConstants.SERVICE_AUTH_BKU_AUTHBLOCKTEXT,
"AuthBlock - Addition AuthBlocktext",
LanguageHelper.getErrorString("validation.general.aditionalauthblocktext",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)})));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)})));
}
}
@@ -172,7 +172,7 @@ public class ServicesBKUSelectionTask extends AbstractTaskValidator implements I
try {
String bkuSelectTemplateUploadedFileName = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_FILENAME);
if (MiscUtil.isNotEmpty(bkuSelectTemplateUploadedFileName)) {
- if (ValidationHelper.containsPotentialCSSCharacter(bkuSelectTemplateUploadedFileName, false)) {
+ if (ValidationHelper.containsNotValidCharacter(bkuSelectTemplateUploadedFileName, false)) {
log.info("BKU Selection Filename is not valid");
errors.add(new ValidationObjectIdentifier(
MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_FILENAME,
@@ -221,7 +221,7 @@ public class ServicesBKUSelectionTask extends AbstractTaskValidator implements I
try {
String sendAssertionTemplateUploadedFileName = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_FILENAME);
if (MiscUtil.isNotEmpty(sendAssertionTemplateUploadedFileName)) {
- if (ValidationHelper.containsPotentialCSSCharacter(sendAssertionTemplateUploadedFileName, false)) {
+ if (ValidationHelper.containsNotValidCharacter(sendAssertionTemplateUploadedFileName, false)) {
log.info("Send Assertion Filename is not valid");
errors.add(new ValidationObjectIdentifier(
MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_FILENAME,
@@ -342,13 +342,13 @@ public class ServicesBKUSelectionTask extends AbstractTaskValidator implements I
check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERTEXT);
if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.warn("HeaderText contains potentail XSS characters: " + check);
errors.add(new ValidationObjectIdentifier(
MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERTEXT,
"Templates - Header Text",
LanguageHelper.getErrorString("validation.general.form.header.text",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}) ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}) ));
}
}
@@ -407,13 +407,13 @@ public class ServicesBKUSelectionTask extends AbstractTaskValidator implements I
check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_FONTTYPE);
if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, true)) {
+ if (ValidationHelper.containsNotValidCharacter(check, true)) {
log.warn("FontType contains potentail XSS characters: " + check);
errors.add(new ValidationObjectIdentifier(
MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_FONTTYPE,
"Templates - Font Type",
LanguageHelper.getErrorString("validation.general.form.fonttype",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}) ));
+ new Object[] {ValidationHelper.getNotValidCharacter(true)}) ));
}
}
@@ -425,7 +425,7 @@ public class ServicesBKUSelectionTask extends AbstractTaskValidator implements I
MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETHEIGHT,
"Templates - Applet Height",
LanguageHelper.getErrorString("validation.general.form.applet.height",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}) ));
+ new Object[] {ValidationHelper.getNotValidCharacter(true)}) ));
}
}
@@ -437,7 +437,7 @@ public class ServicesBKUSelectionTask extends AbstractTaskValidator implements I
MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETWIDTH,
"Templates - Applet Width",
LanguageHelper.getErrorString("validation.general.form.applet.width",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}) ));
+ new Object[] {ValidationHelper.getNotValidCharacter(true)}) ));
}
}
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesGeneralInformationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesGeneralInformationTask.java
index 86d047c74..5ff157b3b 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesGeneralInformationTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesGeneralInformationTask.java
@@ -107,13 +107,13 @@ public class ServicesGeneralInformationTask extends AbstractTaskValidator implem
String check = input.get(MOAIDConfigurationConstants.SERVICE_FRIENDLYNAME);
if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.warn("OAFriendlyName contains potentail XSS characters: " + check);
errors.add(new ValidationObjectIdentifier(
MOAIDConfigurationConstants.SERVICE_FRIENDLYNAME,
"FriendlyName",
LanguageHelper.getErrorString("validation.general.oafriendlyname.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)})));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)})));
}
} else {
log.info("OA friendlyName is empty");
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesTargetTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesTargetTask.java
index 5d23a60f6..e8d49a391 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesTargetTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesTargetTask.java
@@ -113,13 +113,13 @@ public class ServicesTargetTask extends AbstractTaskValidator implements ITaskVa
LanguageHelper.getErrorString("validation.general.identificationnumber.empty")));
} else {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.warn("IdentificationNumber contains potentail XSS characters: " + check);
errors.add(new ValidationObjectIdentifier(
MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE,
"BusinessService - Value",
LanguageHelper.getErrorString("validation.general.identificationnumber.valid",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}) ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}) ));
}
if (input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE)
@@ -142,13 +142,13 @@ public class ServicesTargetTask extends AbstractTaskValidator implements ITaskVa
if (MiscUtil.isNotEmpty(useOwnTarget) && Boolean.parseBoolean(useOwnTarget)) {
check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_OWN_NAME);
if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
log.warn("TargetFriendlyName contains potentail XSS characters: " + check);
errors.add(new ValidationObjectIdentifier(
MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_OWN_NAME,
"Own Target - FriendlyName",
LanguageHelper.getErrorString("validation.general.targetfriendlyname",
- new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}) ));
+ new Object[] {ValidationHelper.getNotValidCharacter(false)}) ));
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
index 67611dd72..dcf337213 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
@@ -91,7 +91,7 @@ public abstract class AbstractController extends MOAIDAuthConstants {
resp.setContentType(MediaType.HTML_UTF_8.toString());
resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Internal Server Error!" +
"(Errorcode=9199"
- +" | Description="+ exception.getMessage() + ")");
+ +" | Description="+ StringEscapeUtils.escapeHtml(exception.getMessage()) + ")");
return;
}
@@ -318,7 +318,7 @@ public abstract class AbstractController extends MOAIDAuthConstants {
if (e instanceof ProtocolNotActiveException) {
resp.getWriter().write(e.getMessage());
resp.setContentType(MediaType.HTML_UTF_8.toString());
- resp.sendError(HttpServletResponse.SC_FORBIDDEN, e.getMessage());
+ resp.sendError(HttpServletResponse.SC_FORBIDDEN, StringEscapeUtils.escapeHtml(e.getMessage()));
} else if (e instanceof AuthnRequestValidatorException) {
AuthnRequestValidatorException ex = (AuthnRequestValidatorException)e;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
index 2976dc420..c8c6c1fb5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
@@ -25,6 +25,7 @@ package at.gv.egovernment.moa.id.auth.servlet.interceptor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.lang.StringEscapeUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
@@ -76,7 +77,7 @@ public class WebFrontEndSecurityInterceptor implements HandlerInterceptor {
Logger.info(errorMsg);
response.sendError(
HttpServletResponse.SC_FORBIDDEN,
- errorMsg);
+ StringEscapeUtils.escapeHtml(errorMsg));
return false;
} else {
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/ValidationHelper.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/ValidationHelper.java
index 01ae2a354..0a0c4b06d 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/ValidationHelper.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/ValidationHelper.java
@@ -22,11 +22,6 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.commons.validation;
-import iaik.asn1.ObjectID;
-import iaik.utils.Util;
-import iaik.x509.X509Certificate;
-import iaik.x509.X509ExtensionInitException;
-
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
@@ -45,6 +40,10 @@ import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import at.gv.egovernment.moa.logging.Logger;
+import iaik.asn1.ObjectID;
+import iaik.utils.Util;
+import iaik.x509.X509Certificate;
+import iaik.x509.X509ExtensionInitException;
public class ValidationHelper {
@@ -322,7 +321,7 @@ public class ValidationHelper {
return "; % \" ' ` , < > \\";
}
- public static boolean containsPotentialCSSCharacter(String param, boolean commaallowed) {
+ public static boolean containsNotValidCharacter(String param, boolean commaallowed) {
if (param == null) {
return false;
@@ -340,7 +339,7 @@ public class ValidationHelper {
param.indexOf("/") != -1;
}
- public static String getPotentialCSSCharacter(boolean commaallowed) {
+ public static String getNotValidCharacter(boolean commaallowed) {
if (commaallowed)
return "; % \" ' ` < > \\ /";
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractGUIFormBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractGUIFormBuilderConfiguration.java
index 52c1f0f97..d57834192 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractGUIFormBuilderConfiguration.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractGUIFormBuilderConfiguration.java
@@ -70,7 +70,8 @@ public abstract class AbstractGUIFormBuilderConfiguration implements IGUIBuilder
/**
- * Define the parameters, which should be evaluated in the template
+ * Define the parameters, which should be evaluated in the template <br>
+ * <b>IMPORTANT:</b> external HTML escapetion is required, because it is NOT done internally during the building process
*
* @return Map of parameters, which should be added to template
*/
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java
index 15bc92a54..ad068ac49 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java
@@ -65,6 +65,7 @@ public abstract class AbstractServiceProviderSpecificGUIFormBuilderConfiguration
protected IRequest pendingReq = null;
protected String templateClasspahtDir = null;
+ private Map<String, Object> customParameters = null;
/**
* @param authURL PublicURLPrefix of the IDP but never null
@@ -91,11 +92,29 @@ public abstract class AbstractServiceProviderSpecificGUIFormBuilderConfiguration
}
+ /**
+ * Add a key/value pair into Velocity context.<br>
+ * Parameter values get escaped internally
+ *
+ * @param key velocity context key
+ * @param value of this key
+ */
+ public void putCustomParameter(String key, Object value) {
+ if (customParameters == null)
+ customParameters = new HashMap<String, Object>();
+
+ if (value instanceof String)
+ customParameters.put(key, StringEscapeUtils.escapeHtml((String)value));
+ else
+ customParameters.put(key, StringEscapeUtils.escapeHtml(value.toString()));
+
+ }
+
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration#getViewParameters()
*/
@Override
- public Map<String, Object> getSpecificViewParameters() {
+ public final Map<String, Object> getSpecificViewParameters() {
Map<String, Object> params = new HashMap<String, Object>();
params.put(PARAM_BKU_ONLINE, IOAAuthParameters.THIRDBKU);
params.put(PARAM_BKU_HANDY, IOAAuthParameters.HANDYBKU);
@@ -107,7 +126,7 @@ public abstract class AbstractServiceProviderSpecificGUIFormBuilderConfiguration
//add service-provider specific GUI parameters
IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
if (oaParam != null) {
- params.put(PARAM_OANAME, oaParam.getFriendlyName());
+ params.put(PARAM_OANAME, StringEscapeUtils.escapeHtml(oaParam.getFriendlyName()));
//set BKU URLs
if (MiscUtil.isNotEmpty(oaParam.getBKUURL(IOAAuthParameters.LOCALBKU)))
@@ -138,6 +157,10 @@ public abstract class AbstractServiceProviderSpecificGUIFormBuilderConfiguration
}
+ //add additional custom parameters
+ if (customParameters != null)
+ params.putAll(customParameters);
+
return params;
}
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java
index 0c07ad3fb..901dbae53 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java
@@ -77,13 +77,31 @@ public class DefaultGUIFormBuilderConfiguration extends AbstractGUIFormBuilderCo
* @param key velocity context key
* @param value of this key
*/
- public void putCustomParameter(String key, Object value) {
+ public void putCustomParameterWithOutEscaption(String key, Object value) {
if (customParameters == null)
customParameters = new HashMap<String, Object>();
customParameters.put(key, value);
}
+ /**
+ * Add a key/value pair into Velocity context.<br>
+ * All parameters get escaped internally
+ *
+ * @param key velocity context key
+ * @param value of this key
+ */
+ public void putCustomParameter(String key, Object value) {
+ if (customParameters == null)
+ customParameters = new HashMap<String, Object>();
+
+ if (value instanceof String)
+ customParameters.put(key, StringEscapeUtils.escapeHtml((String)value));
+ else
+ customParameters.put(key, StringEscapeUtils.escapeHtml(value.toString()));
+
+ }
+
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration#getViewParameters()
*/
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithDBLoad.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithDBLoad.java
index 13d8d3bb7..0215afc41 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithDBLoad.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithDBLoad.java
@@ -56,7 +56,7 @@ public class SPSpecificGUIBuilderConfigurationWithDBLoad extends AbstractService
super(pendingReq, viewName, formSubmitEndpoint);
}
-
+
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.auth.frontend.AbstractGUIFormBuilder#getTemplate(java.lang.String)
*/
diff --git a/id/server/moa-id-frontend-resources/src/main/resources/mainGUI/iframeLBKUdetect.html b/id/server/moa-id-frontend-resources/src/main/resources/mainGUI/iframeLBKUdetect.html
index 261e19a33..f54484307 100644
--- a/id/server/moa-id-frontend-resources/src/main/resources/mainGUI/iframeLBKUdetect.html
+++ b/id/server/moa-id-frontend-resources/src/main/resources/mainGUI/iframeLBKUdetect.html
@@ -9,7 +9,6 @@
bkuport = (bkuprot == "https:" ? 3496 : 3495);
bkupath = "https-security-layer-request";
bkuurl = bkuprot + "//" + bkuhost + ":" + bkuport + "/" + bkupath;
- baseurl = location.href.substr(0, location.href.lastIndexOf("/"));
//-->
</script>
</head>
@@ -20,7 +19,7 @@
parent.setBKUAvailable(false);
document.write('<form name="bkudetectform" method="POST" target="bkudetect" action="' + bkuurl + '" enctype="application/x-www-form-urlencoded">');
document.write('<input type="hidden" name="XMLRequest" value="&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?&gt;&lt;NullOperationRequest xmlns=&quot;http://www.buergerkarte.at/namespaces/securitylayer/1.2#&quot;/&gt;" />');
- document.write('<input type="hidden" name="RedirectURL" value="' + baseurl + '/iframeLBKUdetected.html"/>');
+ document.write('<input type="hidden" name="RedirectURL" value="' + $contextPath + '/iframeLBKUdetected.html"/>');
document.write('</form>');
try {
document.bkudetectform.submit();
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
index a37beac70..dc55df05b 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
@@ -160,15 +160,15 @@ public class SSOTransferServlet{
} catch (MOAIDException | MOADatabaseException e) {
e.printStackTrace();
- resp.sendError(500, e.getMessage());
+ resp.sendError(500, StringEscapeUtils.escapeHtml(e.getMessage()));
} catch (NoSuchAlgorithmException | InvalidParameterSpecException e) {
e.printStackTrace();
- resp.sendError(500, e.getMessage());
+ resp.sendError(500, StringEscapeUtils.escapeHtml(e.getMessage()));
} catch (Exception e) {
e.printStackTrace();
- resp.sendError(500, e.getMessage());
+ resp.sendError(500, StringEscapeUtils.escapeHtml(e.getMessage()));
}
}
@@ -221,51 +221,51 @@ public class SSOTransferServlet{
} catch (OperatorCreationException e) {
Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e);
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
} catch (CredentialsNotAvailableException e) {
Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e);
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
} catch (PKCSException e) {
Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e);
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
} catch (CertificateException e) {
Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e);
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
} catch (InvalidKeyException e) {
Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e);
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
} catch (NoSuchAlgorithmException e) {
Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e);
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
} catch (InvalidKeySpecException e) {
Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e);
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
} catch (SessionDataStorageException e) {
Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e);
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
} catch (ParseException e) {
Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e);
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
} catch (IllegalBlockSizeException e) {
Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e);
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
} catch (BadPaddingException e) {
Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e);
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
} catch (NoSuchPaddingException e) {
Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e);
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
}
@@ -323,50 +323,50 @@ public class SSOTransferServlet{
} catch (OperatorCreationException e) {
// TODO Auto-generated catch block
e.printStackTrace();
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
} catch (CredentialsNotAvailableException e) {
// TODO Auto-generated catch block
e.printStackTrace();
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
} catch (PKCSException e) {
// TODO Auto-generated catch block
e.printStackTrace();
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
} catch (CertificateException e) {
// TODO Auto-generated catch block
e.printStackTrace();
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
} catch (InvalidKeyException e) {
// TODO Auto-generated catch block
e.printStackTrace();
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
} catch (InvalidKeySpecException e) {
// TODO Auto-generated catch block
e.printStackTrace();
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
} catch (SessionDataStorageException e) {
e.printStackTrace();
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
} catch (IllegalBlockSizeException e) {
e.printStackTrace();
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
} catch (BadPaddingException e) {
e.printStackTrace();
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
} catch (NoSuchPaddingException e) {
e.printStackTrace();
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
}
@@ -423,15 +423,15 @@ public class SSOTransferServlet{
} catch (MOAIDException | MOADatabaseException e) {
e.printStackTrace();
- resp.sendError(500, e.getMessage());
+ resp.sendError(500, StringEscapeUtils.escapeHtml(e.getMessage()));
} catch (NoSuchAlgorithmException | InvalidParameterSpecException e) {
e.printStackTrace();
- resp.sendError(500, e.getMessage());
+ resp.sendError(500, StringEscapeUtils.escapeHtml(e.getMessage()));
} catch (Exception e) {
e.printStackTrace();
- resp.sendError(500, e.getMessage());
+ resp.sendError(500, StringEscapeUtils.escapeHtml(e.getMessage()));
}
}
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java
index 13a278d1d..fe164c514 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java
@@ -105,7 +105,7 @@ public class GUIUtils {
config.putCustomParameter("QRImage", base64EncodedImage);
config.putCustomParameter("successMsg", "Select the SSO Session in your <i>SSO-Transfer App</i> and scan the QR-Code to start the process.");
- config.putCustomParameter("timeoutURL", containerURL);
+ config.putCustomParameterWithOutEscaption("timeoutURL", containerURL);
config.putCustomParameter("timeout", REFESH_TIMEOUT);
guiBuilder.build(response, config, "SSO-Transfer-Module");