aboutsummaryrefslogtreecommitdiff
path: root/id
diff options
context:
space:
mode:
Diffstat (limited to 'id')
-rw-r--r--id/ConfigWebTool/pom.xml6
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/PVPSOAPRequestSecurityPolicy.java92
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBackChannelServlet.java64
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java4
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOFrontChannelServlet.java10
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java5
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java69
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java4
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OARevisionsLogData.java2
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java6
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java44
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java4
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java2
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/SAML2Utils.java20
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java39
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java18
-rw-r--r--id/ConfigWebTool/src/main/resources/applicationResources_de.properties7
-rw-r--r--id/ConfigWebTool/src/main/resources/applicationResources_en.properties8
-rw-r--r--id/ConfigWebTool/src/main/webapp/css/index.css5
-rw-r--r--id/ConfigWebTool/src/main/webapp/js/common.js23
-rw-r--r--id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp39
-rw-r--r--id/history.txt27
-rw-r--r--id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java64
-rw-r--r--id/moa-id-webgui/src/main/resources/applicationResources_de.properties2
-rw-r--r--id/moa-id-webgui/src/main/resources/applicationResources_en.properties2
-rw-r--r--id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java62
-rw-r--r--id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/AttributeListBuilder.java4
-rw-r--r--id/readme_3.1.0-RC1.txt602
-rw-r--r--id/server/auth/pom.xml6
-rw-r--r--id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml6
-rw-r--r--id/server/auth/src/main/webapp/index.html2
-rw-r--r--id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/loginFormFull.html37
-rw-r--r--id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/sendAssertionFormFull.html6
-rw-r--r--id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html37
-rw-r--r--id/server/data/deploy/conf/moa-id/htmlTemplates/sendAssertionFormFull.html6
-rw-r--r--id/server/data/deploy/conf/moa-id/htmlTemplates/slo_template.html6
-rw-r--r--id/server/doc/handbook/config/config.html16
-rw-r--r--id/server/doc/handbook/index.html2
-rw-r--r--id/server/doc/htmlTemplates/BKU-selection.html31
-rw-r--r--id/server/doc/htmlTemplates/sendAssertion.html6
-rw-r--r--id/server/idserverlib/pom.xml86
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java65
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java16
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java35
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java22
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProviderFactory.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java97
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java19
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java26
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java86
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java101
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java26
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java72
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java43
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java31
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java20
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java47
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java29
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java47
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AbstractRequestSignedSecurityPolicyRule.java187
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/MOAPVPSignedRequestPolicyRule.java70
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java37
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java16
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties2
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties1
-rw-r--r--id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html31
-rw-r--r--id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html1141
-rw-r--r--id/server/idserverlib/src/main/resources/resources/templates/slo_template.html23
-rw-r--r--id/server/moa-id-commons/pom.xml25
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java8
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java29
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationUtil.java4
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java1
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/JsonMapper.java73
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBRead.java403
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBUtils.java233
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/MOASessionDBUtils.java1
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/NewConfigurationDBRead.java2
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/NewConfigurationDBWrite.java52
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/StatisticLogDBUtils.java1
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/CPEPS.java69
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/CPEPSAttributeValueItem.java93
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/Contact.java122
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/ContactMailItem.java93
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/ContactPhoneItem.java93
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/GeneralConfiguration.java23
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/IdentityLinkSigners.java66
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/IdentityLinkSignersX509SubjectNameItem.java93
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/LegacyAllowed.java66
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/LegacyAllowedProtocolNameItem.java93
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/MOAIDConfiguration.java24
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/Mandates.java68
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/MandatesProfileNameItem.java93
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OAPVP2.java18
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/TestCredentials.java70
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/TestCredentialsCredentialOIDItem.java93
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/VerifyAuthBlock.java66
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/VerifyAuthBlockVerifyTransformsInfoProfileIDItem.java93
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/InterfederationSessionStore.java17
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java17
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java43
-rw-r--r--id/server/moa-id-commons/src/main/java/org/apache/commons/httpclient/MOAHttpClient.java2
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java28
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java3
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java8
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java2
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java19
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java22
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java9
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java14
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java17
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java (renamed from id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java)72
-rw-r--r--id/server/modules/moa-id-module-openID/pom.xml16
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java2
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java9
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java24
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java2
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java9
-rw-r--r--id/server/modules/moa-id-modules-saml1/pom.xml14
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java7
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java9
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java4
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java12
-rw-r--r--id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java2
-rw-r--r--id/server/modules/module-stork/pom.xml27
-rw-r--r--id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java31
-rw-r--r--id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java7
-rw-r--r--id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java6
-rw-r--r--id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java6
-rw-r--r--id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java2
-rw-r--r--id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java11
-rw-r--r--id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java12
-rw-r--r--id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java2
-rw-r--r--id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java4
-rw-r--r--id/server/modules/pom.xml4
154 files changed, 3486 insertions, 3074 deletions
diff --git a/id/ConfigWebTool/pom.xml b/id/ConfigWebTool/pom.xml
index 9800fad7e..51bb941a4 100644
--- a/id/ConfigWebTool/pom.xml
+++ b/id/ConfigWebTool/pom.xml
@@ -97,6 +97,12 @@
<artifactId>moa-id-module-stork</artifactId>
</dependency>
+ <dependency>
+ <groupId>org.apache.commons</groupId>
+ <artifactId>commons-collections4</artifactId>
+ <version>${org.apache.commons.collections4.version}</version>
+ </dependency>
+
<dependency>
<groupId>at.gv.util</groupId>
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/PVPSOAPRequestSecurityPolicy.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/PVPSOAPRequestSecurityPolicy.java
new file mode 100644
index 000000000..a25cc44ef
--- /dev/null
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/PVPSOAPRequestSecurityPolicy.java
@@ -0,0 +1,92 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.configuration.auth.pvp2;
+
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.common.SignableSAMLObject;
+import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
+import org.opensaml.ws.soap.soap11.Envelope;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.signature.SignatureTrustEngine;
+
+import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.validation.AbstractRequestSignedSecurityPolicyRule;
+
+/**
+ * @author tlenz
+ *
+ */
+public class PVPSOAPRequestSecurityPolicy extends
+ AbstractRequestSignedSecurityPolicyRule {
+
+ /**
+ * @param trustEngine
+ * @param peerEntityRole
+ */
+ public PVPSOAPRequestSecurityPolicy(SignatureTrustEngine trustEngine,
+ QName peerEntityRole) {
+ super(trustEngine, peerEntityRole);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.validation.AbstractRequestSignedSecurityPolicyRule#refreshMetadataProvider(java.lang.String)
+ */
+ @Override
+ protected boolean refreshMetadataProvider(String entityID) {
+ try {
+ HTTPMetadataProvider metadataProvider = ConfigurationProvider.getInstance().getMetaDataProvier();
+ metadataProvider.setRequireValidMetadata(true);
+ metadataProvider.refresh();
+
+ return true;
+
+ } catch (Exception e) {
+
+
+ }
+
+ return false;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.validation.AbstractRequestSignedSecurityPolicyRule#getSignedSAMLObject(org.opensaml.xml.XMLObject)
+ */
+ @Override
+ protected SignableSAMLObject getSignedSAMLObject(XMLObject inboundData) {
+ if (inboundData instanceof Envelope) {
+ Envelope envelope = (Envelope) inboundData;
+ if (envelope.getBody() != null) {
+ List<XMLObject> xmlElemList = envelope.getBody().getUnknownXMLObjects();
+ if (!xmlElemList.isEmpty() && xmlElemList.get(0) instanceof SignableSAMLObject)
+ return (SignableSAMLObject) xmlElemList.get(0);
+
+ }
+ }
+
+ return null;
+ }
+
+}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBackChannelServlet.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBackChannelServlet.java
index cff08740b..17d3d9e50 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBackChannelServlet.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBackChannelServlet.java
@@ -40,6 +40,7 @@ import org.opensaml.saml2.core.LogoutRequest;
import org.opensaml.saml2.core.LogoutResponse;
import org.opensaml.ws.message.decoder.MessageDecodingException;
import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.ws.soap.client.BasicSOAPMessageContext;
import org.opensaml.ws.soap.soap11.Envelope;
import org.opensaml.ws.soap.soap11.decoder.http.HTTPSOAP11Decoder;
import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
@@ -49,10 +50,12 @@ import org.opensaml.xml.parse.BasicParserPool;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter;
import org.opensaml.xml.security.x509.X509Credential;
+import org.opensaml.xml.validation.ValidationException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException;
+import at.gv.egovernment.moa.id.configuration.auth.pvp2.PVP2Utils;
/**
* @author tlenz
@@ -77,25 +80,44 @@ public class SLOBackChannelServlet extends SLOBasicServlet {
try {
HTTPSOAP11Decoder soapDecoder = new HTTPSOAP11Decoder(new BasicParserPool());
- BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext =
- new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
- messageContext
- .setInboundMessageTransport(new HttpServletRequestAdapter(
- request));
+
+ BasicSOAPMessageContext messageContext = new BasicSOAPMessageContext();
+
+// BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext =
+// new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
+
+ messageContext.setInboundMessageTransport(new HttpServletRequestAdapter(request));
+
+ //messageContext.setMetadataProvider(getConfig().getMetaDataProvier());
+
+ //set trustPolicy
+// BasicSecurityPolicy policy = new BasicSecurityPolicy();
+// policy.getPolicyRules().add(
+// new PVPSOAPRequestSecurityPolicy(
+// PVP2Utils.getTrustEngine(getConfig()),
+// IDPSSODescriptor.DEFAULT_ELEMENT_NAME));
+// SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver(
+// policy);
+// messageContext.setSecurityPolicyResolver(resolver);
soapDecoder.decode(messageContext);
-
+
Envelope inboundMessage = (Envelope) messageContext
.getInboundMessage();
+ LogoutResponse sloResp = null;
+
if (inboundMessage.getBody() != null) {
List<XMLObject> xmlElemList = inboundMessage.getBody().getUnknownXMLObjects();
-
- LogoutResponse sloResp;
+
if (!xmlElemList.isEmpty() && xmlElemList.get(0) instanceof LogoutRequest) {
LogoutRequest sloReq = (LogoutRequest) xmlElemList.get(0);
- sloResp = processLogOutRequest(sloReq, request);
+ //validate request signature
+ PVP2Utils.validateSignature(sloReq, getConfig());
+
+ sloResp = processLogOutRequest(sloReq, request);
+
KeyStore keyStore = getConfig().getPVP2KeyStore();
X509Credential authcredential = new KeyStoreX509CredentialAdapter(
keyStore,
@@ -111,24 +133,17 @@ public class SLOBackChannelServlet extends SLOBasicServlet {
context.setOutboundMessageTransport(responseAdapter);
encoder.encode(context);
-
+
} else {
log.warn("Received request ist not of type LogOutRequest");
response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
+ return;
}
}
- } catch (MessageDecodingException e) {
- log.error("SLO message processing FAILED." , e);
- response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
-
- } catch (SecurityException e) {
- log.error("SLO message processing FAILED." , e);
- response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
-
- } catch (NoSuchAlgorithmException e) {
- log.error("SLO message processing FAILED." , e);
+ } catch (MessageDecodingException | SecurityException | NoSuchAlgorithmException | ConfigurationException | ValidationException e) {
+ log.error("SLO message processing FAILED." , e);
response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
} catch (CertificateException e) {
@@ -139,15 +154,14 @@ public class SLOBackChannelServlet extends SLOBasicServlet {
log.error("SLO message processing FAILED." , e);
response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
- } catch (ConfigurationException e) {
- log.error("SLO message processing FAILED." , e);
- response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
-
} catch (MessageEncodingException e) {
log.error("SLO message processing FAILED." , e);
response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage());
- }
+ }
+
+
+
}
protected void doGet(HttpServletRequest request,
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java
index 2a35e50b1..c70d34d7e 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java
@@ -131,13 +131,13 @@ public class SLOBasicServlet extends HttpServlet {
} else {
log.debug("Single LogOut not possible! User with nameID:" + sloReq.getNameID().getValue() + " is not found.");
- return createSLOResponse(sloReq, StatusCode.PARTIAL_LOGOUT_URI, request);
+ return createSLOResponse(sloReq, StatusCode.SUCCESS_URI, request);
}
}
- private LogoutResponse createSLOResponse(LogoutRequest sloReq, String statusCodeURI, HttpServletRequest request) throws NoSuchAlgorithmException {
+ protected LogoutResponse createSLOResponse(LogoutRequest sloReq, String statusCodeURI, HttpServletRequest request) throws NoSuchAlgorithmException {
LogoutResponse sloResp = SAML2Utils.createSAMLObject(LogoutResponse.class);
SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator();
sloResp.setID(gen.generateIdentifier());
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOFrontChannelServlet.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOFrontChannelServlet.java
index 8df7f9d5a..274aa21bf 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOFrontChannelServlet.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOFrontChannelServlet.java
@@ -69,7 +69,6 @@ import at.gv.egovernment.moa.id.configuration.auth.pvp2.PVP2Utils;
import at.gv.egovernment.moa.id.configuration.exception.PVP2Exception;
import at.gv.egovernment.moa.id.configuration.exception.SLOException;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
import at.gv.egovernment.moa.util.MiscUtil;
/**
@@ -99,8 +98,15 @@ public class SLOFrontChannelServlet extends SLOBasicServlet {
if (MiscUtil.isNotEmpty(request.getParameter(Constants.REQUEST_USERSLO))) {
//process user initiated single logout process
Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
+
+ if (authUserObj == null) {
+ log.warn("No user information found. Single Log-Out not possible");
+ buildErrorMessage(request, response);
+
+ }
+
AuthenticatedUser authUser = (AuthenticatedUser) authUserObj;
-
+
String nameIDFormat = authUser.getNameIDFormat();
String nameID = authUser.getNameID();
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
index e2a55db60..ab6c22858 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
@@ -54,6 +54,7 @@ import org.springframework.beans.factory.config.AutowireCapableBeanFactory;
import org.springframework.context.ApplicationContext;
import org.springframework.context.support.ClassPathXmlApplicationContext;
+import at.gv.egovernment.moa.id.commons.db.NewConfigurationDBRead;
import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
import at.gv.egovernment.moa.id.config.webgui.MOAIDConfigurationModul;
@@ -65,8 +66,6 @@ import at.gv.egovernment.moa.id.configuration.utils.UserRequestCleaner;
import at.gv.egovernment.moa.util.FileUtils;
import at.gv.egovernment.moa.util.MiscUtil;
-import at.gv.egovernment.moa.id.commons.db.NewConfigurationDBRead;
-
public class ConfigurationProvider {
@@ -602,7 +601,7 @@ public class ConfigurationProvider {
} catch (Exception e) {
log.warn("PVP2 authentification can not be initialized.");
- throw new ConfigurationException("PVP2 authentification can not be initialized.", e);
+ throw new ConfigurationException("error.initialization.pvplogin", e);
}
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java
index 83795567c..95af93af3 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java
@@ -54,7 +54,9 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TransformsInfoT
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TrustAnchor;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.VerifyAuthBlock;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.VerifyIdentityLink;
+import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
import at.gv.egovernment.moa.id.configuration.Constants;
+import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
import at.gv.egovernment.moa.id.configuration.data.pvp2.ContactForm;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -126,6 +128,7 @@ public class GeneralMOAIDConfig {
private String SLRequestTemplateHandy = "SLTemplates/template_handyBKU.html";
private String publicURLPrefix = null;
+ private boolean virtualPublicURLPrefixEnabled = false;
public GeneralMOAIDConfig() {
chainigmodelist = new HashMap<String, String>();
@@ -133,6 +136,26 @@ public class GeneralMOAIDConfig {
for (int i=0; i<values.length; i++) {
chainigmodelist.put(values[i].value(), values[i].value());
}
+
+ try {
+ ConfigurationProvider config = ConfigurationProvider.getInstance();
+ if (config != null) {
+ MOAIDConfiguration dbconfig = config.getDbRead().getMOAIDConfiguration();
+ List<TransformsInfoType> authBlockTrans = dbconfig.getAuthComponentGeneral().getSecurityLayer().getTransformsInfo();
+
+ if (authBlockTrans != null && !authBlockTrans.isEmpty()) {
+ if (secLayerTransformation == null)
+ secLayerTransformation = new HashMap<String, byte[]>();
+ for (TransformsInfoType el : authBlockTrans)
+ secLayerTransformation.put(el.getFilename(), el.getTransformation());
+
+ }
+ }
+
+ } catch (Exception e) {
+
+ }
+
}
public void parse(MOAIDConfiguration config) {
@@ -163,7 +186,26 @@ public class GeneralMOAIDConfig {
if (authgen.isTrustManagerRevocationChecking() != null)
trustmanagerrevocationcheck = authgen.isTrustManagerRevocationChecking();
- publicURLPrefix = authgen.getPublicURLPreFix();
+ virtualPublicURLPrefixEnabled =
+ KeyValueUtils.isCSVValueString(authgen.getPublicURLPreFix());
+
+ if (virtualPublicURLPrefixEnabled) {
+ //format CSV values with newlines
+ publicURLPrefix = KeyValueUtils.normalizeCSVValueString(
+ authgen.getPublicURLPreFix());
+
+ } else {
+ String tmp = authgen.getPublicURLPreFix();
+ if (tmp.contains(KeyValueUtils.CSV_DELIMITER)) {
+ //remove trailing comma if exist
+ publicURLPrefix = tmp.substring(0,
+ tmp.indexOf(KeyValueUtils.CSV_DELIMITER));
+
+ } else
+ publicURLPrefix = tmp;
+ }
+
+
TimeOuts timeouts = authgen.getTimeOuts();
if (timeouts != null) {
@@ -819,6 +861,7 @@ public class GeneralMOAIDConfig {
* @return the secLayerTransformation
*/
public Map<String, byte[]> getSecLayerTransformation() {
+
return secLayerTransformation;
}
@@ -931,7 +974,12 @@ public class GeneralMOAIDConfig {
* @param publicURLPrefix the publicURLPrefix to set
*/
public void setPublicURLPrefix(String publicURLPrefix) {
- this.publicURLPrefix = publicURLPrefix;
+ if (MiscUtil.isNotEmpty(publicURLPrefix))
+ this.publicURLPrefix =
+ KeyValueUtils.removeAllNewlineFromString(publicURLPrefix);
+ else
+ this.publicURLPrefix = publicURLPrefix;
+
}
/**
@@ -961,6 +1009,23 @@ public class GeneralMOAIDConfig {
public void setMoaspssAuthTrustProfileTest(String moaspssAuthTrustProfileTest) {
this.moaspssAuthTrustProfileTest = moaspssAuthTrustProfileTest;
}
+
+ /**
+ * @return the virtualPublicURLPrefixEnabled
+ */
+ public boolean isVirtualPublicURLPrefixEnabled() {
+ return virtualPublicURLPrefixEnabled;
+ }
+
+ /**
+ * @param virtualPublicURLPrefixEnabled the virtualPublicURLPrefixEnabled to set
+ */
+ public void setVirtualPublicURLPrefixEnabled(
+ boolean virtualPublicURLPrefixEnabled) {
+ this.virtualPublicURLPrefixEnabled = virtualPublicURLPrefixEnabled;
+ }
+
+
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java
index 9b0172a24..d0232e86a 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java
@@ -31,17 +31,13 @@ import javax.servlet.http.HttpServletRequest;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentOA;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.BKUURLS;
-import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.DefaultBKUs;
-import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.MOAIDConfiguration;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.MOAKeyBoxSelector;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.Mandates;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TemplateType;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TemplatesType;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TestCredentials;
-import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TestCredentialsCredentialOIDItem;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TransformsInfoType;
-import at.gv.egovernment.moa.id.configuration.Constants;
import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
import at.gv.egovernment.moa.id.configuration.validation.oa.OAAuthenticationDataValidation;
import at.gv.egovernment.moa.util.MiscUtil;
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OARevisionsLogData.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OARevisionsLogData.java
index 441c879be..bb98d2e64 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OARevisionsLogData.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OARevisionsLogData.java
@@ -27,10 +27,8 @@ import java.util.List;
import javax.servlet.http.HttpServletRequest;
-import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication;
import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
-import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier;
import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper;
import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
import at.gv.egovernment.moa.util.MiscUtil;
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
index e092d9e13..9ddb41d83 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
@@ -29,23 +29,21 @@ import java.io.File;
import java.io.FileInputStream;
import java.io.InputStream;
import java.util.ArrayList;
-import java.util.Date;
+import java.util.Arrays;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import org.apache.log4j.Logger;
-import edu.emory.mathcs.backport.java.util.Arrays;
-
import at.gv.egiz.components.configuration.meta.api.ConfigurationStorageException;
import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder;
import at.gv.egovernment.moa.id.commons.config.ConfigurationMigrationUtils;
import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
+import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.MOAIDConfiguration;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.STORK;
-import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java
index a658c3f34..504b598c0 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java
@@ -23,9 +23,13 @@
package at.gv.egovernment.moa.id.configuration.struts.action;
import java.math.BigInteger;
-import java.util.*;
-
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import org.apache.commons.lang3.StringUtils;
import org.apache.log4j.Logger;
import at.gv.egiz.components.configuration.meta.api.ConfigurationStorageException;
@@ -58,6 +62,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TimeOuts;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TransformsInfoType;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.VerifyAuthBlock;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.VerifyIdentityLink;
+import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
import at.gv.egovernment.moa.id.configuration.Constants;
import at.gv.egovernment.moa.id.configuration.data.GeneralMOAIDConfig;
@@ -179,7 +184,12 @@ public class EditGeneralConfigAction extends BasicAction {
String error = saveFormToDatabase();
if (error != null) {
log.warn("General MOA-ID config can not be stored in Database");
- addActionError(error);
+
+ //set new formID
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+
+ addActionError(error);
return Constants.STRUTS_ERROR_VALIDATION;
}
@@ -248,13 +258,27 @@ public class EditGeneralConfigAction extends BasicAction {
// if (oldauth != null)
// oldauthgeneral = oldauth.getGeneralConfiguration();
- //set Public URL Prefix
- String pubURLPrefix = moaconfig.getPublicURLPrefix();
- if(pubURLPrefix.endsWith("/")) {
- int length = pubURLPrefix.length();
- pubURLPrefix = pubURLPrefix.substring(0, length-1);
- }
- dbauthgeneral.setPublicURLPreFix(pubURLPrefix);
+ //set Public URL Prefix
+ String pubURLPrefix = moaconfig.getPublicURLPrefix();
+ if (moaconfig.isVirtualPublicURLPrefixEnabled()) {
+ dbauthgeneral.setPublicURLPreFix(
+ KeyValueUtils.normalizeCSVValueString(pubURLPrefix));
+
+ } else {
+ if (pubURLPrefix.contains(KeyValueUtils.CSV_DELIMITER)) {
+ dbauthgeneral.setPublicURLPreFix(
+ pubURLPrefix.trim().substring(0,
+ pubURLPrefix.indexOf(KeyValueUtils.CSV_DELIMITER)));
+
+ } else
+ dbauthgeneral.setPublicURLPreFix(
+ StringUtils.chomp(pubURLPrefix.trim()));
+
+ }
+
+ dbauthgeneral.setVirtualPublicURLPrefixEnabled(
+ moaconfig.isVirtualPublicURLPrefixEnabled());
+
// if (MiscUtil.isNotEmpty(moaconfig.getAlternativeSourceID()))
// dbauthgeneral.setAlternativeSourceID(moaconfig.getAlternativeSourceID());
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java
index a2c5da247..a9889da9c 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java
@@ -53,8 +53,6 @@ import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.util.MiscUtil;
-import com.fasterxml.jackson.core.JsonProcessingException;
-
public class ImportExportAction extends BasicAction {
private static final Logger log = Logger.getLogger(ImportExportAction.class);
@@ -150,7 +148,7 @@ public class ImportExportAction extends BasicAction {
}
- } catch (JsonProcessingException | JAXBException | FileNotFoundException e) {
+ } catch (JAXBException | FileNotFoundException e) {
log.info("Legacy configuration has an Import Error", e);
addActionError(LanguageHelper.getErrorString("errors.importexport.legacyimport", new Object[] {e.getMessage()}, request));
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java
index 8be24edb4..384f0662f 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java
@@ -271,7 +271,7 @@ public class InterfederationIDPAction extends BasicOAAction {
businessID = new IdentificationNumber();
onlineapplication.getAuthComponentOA().setIdentificationNumber(businessID);
}
- businessID.setValue(Constants.PREFIX_WPBK + "MOA-IDP");
+ businessID.setValue(Constants.PREFIX_WPBK + "MOA-IDP+MOA-IDP");
} else
onlineapplication.setTarget("MOA-IDP");
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/SAML2Utils.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/SAML2Utils.java
index fc310900e..eca4c05ef 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/SAML2Utils.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/SAML2Utils.java
@@ -94,6 +94,26 @@ public class SAML2Utils {
return document;
}
+// public static SignatureTrustEngine getSignatureKnownKeysTrustEngine() throws ConfigurationException {
+// MetadataCredentialResolver resolver;
+//
+// resolver = new MetadataCredentialResolver(ConfigurationProvider.getInstance().getMetaDataProvier());
+//
+// List<KeyInfoProvider> keyInfoProvider = new ArrayList<KeyInfoProvider>();
+// keyInfoProvider.add(new DSAKeyValueProvider());
+// keyInfoProvider.add(new RSAKeyValueProvider());
+// keyInfoProvider.add(new InlineX509DataProvider());
+//
+// KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver(
+// keyInfoProvider);
+//
+// ExplicitKeySignatureTrustEngine engine = new ExplicitKeySignatureTrustEngine(
+// resolver, keyInfoResolver);
+//
+// return engine;
+//
+// }
+
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java
index 95502cedb..d4e8e957d 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java
@@ -28,10 +28,10 @@ import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
-import java.util.Map;
import javax.servlet.http.HttpServletRequest;
+import org.apache.commons.lang3.StringUtils;
import org.apache.log4j.Logger;
import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
@@ -39,8 +39,6 @@ import at.gv.egovernment.moa.id.configuration.Constants;
import at.gv.egovernment.moa.id.configuration.data.GeneralMOAIDConfig;
import at.gv.egovernment.moa.id.configuration.data.pvp2.ContactForm;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
-import at.gv.egovernment.moa.id.configuration.helper.StringHelper;
-import at.gv.egovernment.moa.id.configuration.validation.CompanyNumberValidator;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -66,14 +64,29 @@ public class MOAConfigValidator {
check = form.getPublicURLPrefix();
if (MiscUtil.isNotEmpty(check)) {
- if (!ValidationHelper.validateURL(check)) {
- log.info("Public URL Prefix is not valid");
- errors.add(LanguageHelper.getErrorString("validation.general.publicURLprefix.valid", request));
- }
+ String[] publicURLPreFix = check.split(",");
+ if (form.isVirtualPublicURLPrefixEnabled()) {
+ for (String el : publicURLPreFix) {
+ if (!ValidationHelper.validateURL(
+ StringUtils.chomp(el.trim()))) {
+ log.info("Public URL Prefix " + el + " is not valid");
+ errors.add(LanguageHelper.getErrorString("validation.general.publicURLprefix.valid", new Object[]{el}, request));
+ }
+ }
+
+ } else {
+ if (!ValidationHelper.validateURL(
+ StringUtils.chomp(publicURLPreFix[0].trim()))) {
+ log.info("Public URL Prefix " + publicURLPreFix[0] + " is not valid");
+ errors.add(LanguageHelper.getErrorString("validation.general.publicURLprefix.valid", new Object[]{publicURLPreFix[0]}, request));
+
+ }
+
+ }
} else {
log.info("PublicURL Prefix is empty.");
errors.add(LanguageHelper.getErrorString("validation.general.publicURLprefix.empty", request));
- }
+ }
check = form.getTimeoutAssertion();
if (MiscUtil.isNotEmpty(check)) {
@@ -401,7 +414,7 @@ public class MOAConfigValidator {
- if (form.getFileUploadFileName() != null) {
+ if (form.getFileUploadFileName() != null && !form.getFileUploadFileName().isEmpty()) {
HashMap<String, byte[]> map = new HashMap<String, byte[]>();
for (int i=0; i<form.getFileUploadFileName().size(); i++) {
String filename = form.getFileUploadFileName().get(i);
@@ -426,7 +439,15 @@ public class MOAConfigValidator {
}
}
}
+
form.setSecLayerTransformation(map);
+
+ } else {
+ if (form.getSecLayerTransformation() == null) {
+ log.info("AuthBlock Transformation file is empty");
+ errors.add(LanguageHelper.getErrorString("validation.general.slrequest.file.empty", request));
+
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
index 35b69274f..6476ea1f1 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
@@ -43,6 +43,7 @@ import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.xml.parse.BasicParserPool;
import org.opensaml.xml.security.x509.BasicX509Credential;
+import at.gv.egovernment.moa.id.commons.MOAIDConstants;
import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
@@ -76,9 +77,20 @@ public class OAPVP2ConfigValidation {
else {
try {
- //OracleDB does not allow the selection of a lob in SQL where expression
- String dbDriver = ConfigurationProvider.getInstance().getConfigurationProperties().getProperty("hibernate.connection.driver_class");
- boolean backupVersion = MiscUtil.isNotEmpty(dbDriver) && dbDriver.startsWith("oracle.jdbc.");
+ //Some databases does not allow the selection of a lob in SQL where expression
+ String dbDriver = ConfigurationProvider.getInstance().getConfigurationProperties().getProperty("hibernate.connection.driver_class");
+ boolean backupVersion = false;
+ if (MiscUtil.isNotEmpty(dbDriver)) {
+ for (String el:MOAIDConstants.JDBC_DRIVER_NEEDS_WORKAROUND) {
+ if (dbDriver.startsWith(el)) {
+ backupVersion = true;
+ log.debug("JDBC driver '" + dbDriver
+ + "' is blacklisted --> Switch to alternative DB access methode implementation.");
+
+ }
+
+ }
+ }
Map<String, String> oa = ConfigurationProvider.getInstance().getDbRead().getOnlineApplicationKeyValueWithId(oaID, backupVersion);
if (oa != null &&
diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
index 36c952ad0..ab404f65b 100644
--- a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
+++ b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
@@ -7,6 +7,8 @@ config.03=Hibernate Database connector can not be initialized
config.04=OpenSAML (PVP2 Login) can not be initialized
config.05=Configuration file not defined
+error.initialization.pvplogin=PVP2 authentication can not be initialized.
+
error.title=Fehler:
error.login.internal=W\u00E4hrend der Verarbeitung ist ein interner Fehler aufgetreten. Bitte Versuchen Sie es nocheinmal oder kontaktieren Sie den Administrator.
error.general.text=W\u00E4hrend der Verarbeitung ist ein interner Fehler aufgetreten. Bitte Versuchen Sie es nocheinmal oder kontaktieren Sie den Administrator.
@@ -125,6 +127,7 @@ webpages.inderfederation.gateway.entityID=EntityID des PVP Portals
webpages.moaconfig.save.success=Die MOA-ID Konfiguration wurde erfolgreich gespeichert.
webpages.moaconfig.header=Allgemeine Konfiguration
webpages.oaconfig.general.publicURLPreFix=Public URL Prefix
+webpages.moaconfig.general.virtualPublicURLPrefixEnabled=Virtuelle IDP aktivieren
webpages.moaconfig.defaultbkus.header=Default BKUs
webpages.moaconfig.slrequesttemplates.header=SecurityLayer Request Templates
webpages.moaconfig.slrequesttemplates.local=Locale BKU
@@ -438,8 +441,8 @@ validation.general.szrgw.url.valid=Die URL des SZR Gateways hat kein g\u00F6ltig
validation.general.trustedcacerts.empty=Das Feld TrustedCACertificates ist leer.
validation.general.trustedcacerts.valid=Das Feld TrustedCACertificates enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0}
validation.general.slrequest.filename.valid=Der Dateiname der angegebenen SecurtityLayer Transformation enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0}
-validation.general.slrequest.file.valid=Die angegebenen SecurtityLayer Transformation konnte nicht geladen werden.
-validation.general.slrequest.file.empty=Die SecurtityLayer Transformation fehlt.
+validation.general.slrequest.file.valid=Die angegebenen AuthBlock Transformation konnte nicht geladen werden.
+validation.general.slrequest.file.empty=Die AuthBlock Transformation fehlt.
validation.general.aditionalauthblocktext=Der Zusatztext f\u00FCr den AuthBlock enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0}
validation.general.bku.handy.empty=Die URL f\u00FCr die Handy-BKU ist leer.
diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
index 439b1111e..29db35a0e 100644
--- a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
+++ b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
@@ -7,6 +7,8 @@ config.03=Hibernate Database connector can not be initialized
config.04=OpenSAML (PVP2 Login) can not be initialized
config.05=Configuration file is not defined
+error.initialization.pvplogin=PVP2 authentication can not be initialized.
+
error.title=Error:
error.login.internal=The error occurred during the processing. Please try again or contact Administrator.
error.general.text=During the processing the error condition occured. Please try again or contact the administrator.
@@ -124,6 +126,7 @@ webpages.inderfederation.gateway.entityID=PVP portal EntityID
webpages.moaconfig.save.success=MOA-ID has been successfully saved.
webpages.moaconfig.header=General configuration
webpages.oaconfig.general.publicURLPreFix=Public URL Prefix
+webpages.moaconfig.general.virtualPublicURLPrefixEnabled=Enable virtual IDPs
webpages.moaconfig.defaultbkus.header=Default CCE
webpages.moaconfig.slrequesttemplates.header=SecurityLayer Request Templates
webpages.moaconfig.slrequesttemplates.local=Local CCE
@@ -384,7 +387,7 @@ validation.edituser.bpk.valid=BPK contains forbidden characters. The following c
validation.general.SAML1SourceID=SAML1SourceID contains forbidden characters. The following characters are not allowed\: {0}
validation.general.publicURLprefix.empty=Public URL Prefix is blank.
-validation.general.publicURLprefix.valid=Public URL Prefix has invalid format.
+validation.general.publicURLprefix.valid=Public URL Prefix {0} has invalid format.
validation.general.certStoreDirectory.empty=CertStoreDirectory is blank.
validation.general.certStoreDirectory.valid=CertStoreDirectory Feld contains forbidden characters. The following characters are not allowed\: {0}
validation.general.Defaultchainigmode.empty=There is no DefaultChainingMode selected.
@@ -436,7 +439,8 @@ validation.general.szrgw.url.valid=URL for SZR Gateway has invalid format.
validation.general.trustedcacerts.empty=Field TrustedCACertificates is blank.
validation.general.trustedcacerts.valid=Das Feld TrustedCACertificates contains forbidden characters. The following characters are not allowed\: {0}
validation.general.slrequest.filename.valid=File name of provided SecurityLayer Transformation contains forbidden characters. The following characters are not allowed\: {0}
-validation.general.slrequest.file.valid=The provided SecurityLayer Transformation could not be loaded.
+validation.general.slrequest.file.valid=The provided AuthBlock-Transformation is not loadable.
+validation.general.slrequest.file.empty=No AuthBlock-Transformation found.
validation.general.aditionalauthblocktext=The additional text for AuthBlock contains forbidden characters. The following characters are not allowed\: {0}
validation.general.bku.handy.empty=URL for Mobile-CCE is blank.
diff --git a/id/ConfigWebTool/src/main/webapp/css/index.css b/id/ConfigWebTool/src/main/webapp/css/index.css
index 4cbfba19b..00a2fa851 100644
--- a/id/ConfigWebTool/src/main/webapp/css/index.css
+++ b/id/ConfigWebTool/src/main/webapp/css/index.css
@@ -664,3 +664,8 @@ div .wwgrp br {
#stork_attributelist .wwctrl input[type="checkbox"]{
margin-left:20px;
}
+
+#loadGeneralConfig_moaconfig_publicURLPrefix {
+ resize: none;
+
+}
diff --git a/id/ConfigWebTool/src/main/webapp/js/common.js b/id/ConfigWebTool/src/main/webapp/js/common.js
index fb71854c2..f17ee3623 100644
--- a/id/ConfigWebTool/src/main/webapp/js/common.js
+++ b/id/ConfigWebTool/src/main/webapp/js/common.js
@@ -272,4 +272,25 @@ function newAp() {
clone.innerHTML = clone.innerHTML.replace(/name="storkOA.attributeProviderPlugins\[\d/g, 'name="storkOA.attributeProviderPlugins[' + nextindex);
clone.innerHTML = clone.innerHTML.replace(/(.*" value=").*?(".*)/g, '$1$2');
target.parentNode.appendChild(clone);
-} \ No newline at end of file
+}
+
+function setPublicURLPrefixTestBox(checkbox) {
+ if (checkbox.checked) {
+ var textarea = $("#loadGeneralConfig_moaconfig_publicURLPrefix");
+ textarea.attr("rows", 6);
+ textarea.height(120);
+
+ } else {
+ var textarea = $("#loadGeneralConfig_moaconfig_publicURLPrefix");
+ textarea.attr("rows", 1);
+ textarea.height(25);
+
+ }
+ return true;
+}
+
+function generalConfigLoadEvent() {
+ var value = $("#loadGeneralConfig_moaconfig_publicURLPrefix").val();
+ $("#loadGeneralConfig_moaconfig_publicURLPrefix").val(value.replace(/,/g,",\n"));
+ return true;
+}
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp
index bc8c57ec2..ac2c8de5a 100644
--- a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp
+++ b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp
@@ -16,7 +16,7 @@
</head>
- <body>
+ <body onload="generalConfigLoadEvent();">
<jsp:include page="snippets/header_userinfos.jsp"></jsp:include>
@@ -37,13 +37,38 @@
<s:form namespace="/secure" method="POST" enctype="multipart/form-data">
- <s:textfield name="moaconfig.publicURLPrefix"
- value="%{moaconfig.publicURLPrefix}"
- labelposition="left"
- key="webpages.oaconfig.general.publicURLPreFix"
- cssClass="textfield_long">
- </s:textfield>
+ <s:if test="moaconfig.isVirtualPublicURLPrefixEnabled()">
+ <s:textarea name="moaconfig.publicURLPrefix"
+ value="%{moaconfig.publicURLPrefix}"
+ labelposition="left"
+ key="webpages.oaconfig.general.publicURLPreFix"
+ cssClass="textfield_long"
+ rows="6"
+ requiredLabel="true"
+ style="height:120px;">
+ </s:textarea>
+ </s:if>
+ <s:else>
+ <s:textarea name="moaconfig.publicURLPrefix"
+ value="%{moaconfig.publicURLPrefix}"
+ labelposition="left"
+ key="webpages.oaconfig.general.publicURLPreFix"
+ cssClass="textfield_long"
+ rows="1"
+ requiredLabel="true"
+ style="height:25px;">
+ </s:textarea>
+ </s:else>
+ <s:checkbox name="moaconfig.virtualPublicURLPrefixEnabled"
+ value="%{moaconfig.virtualPublicURLPrefixEnabled}"
+ labelposition="left"
+ key="webpages.moaconfig.general.virtualPublicURLPrefixEnabled"
+ cssClass="checkbox"
+ onchange="setPublicURLPrefixTestBox(this);">
+ </s:checkbox>
+
+
<div class="oa_config_block">
<h3><%=LanguageHelper.getGUIString("webpages.moaconfig.defaultbkus.header", request) %></h3>
diff --git a/id/history.txt b/id/history.txt
index 6ad08d910..f242ab35e 100644
--- a/id/history.txt
+++ b/id/history.txt
@@ -1,5 +1,32 @@
Dieses Dokument zeigt die Veränderungen und Erweiterungen von MOA-ID auf.
+Version MOA-ID Release 3.1.0: Änderungen seit Version MOA-ID 3.0.2
+- Änderungen
+ - Mehrere virtuelle IDP Instanzen je deployer MOA-ID Instanz möglich
+ (unterschiedliche Entity-IDs je virtueller Instanz)
+ - Überarbeitung der Weboberfläche des Konfigurationstools
+ - Update der beigelegten Templates (BKU-Auswahl, SSO Assertion Conformation,
+ Front-Channel Single LogOut)
+ - Kleinere Bug-Fixes
+ - Update von Libraries
+ > mysql:mysql-connector-java 5.1.38
+ > org.slf4j:jcl-over-slf4j 1.7.13
+ > org.slf4j:jul-to-slf4j 1.7.13
+ > org.slf4j:slf4j-api 1.7.13
+ > org.slf4j:slf4j-log4j12 1.7.13
+ > apache:cxf 3.1.4
+ > org.springframework 4.2.4.RELEASE
+ > commons:collections3 3.2.2
+ > commons:collections4 4.1
+ > org.apache.struts:struts2-core 2.3.24.1
+ > org.apache.struts:struts2-json-plugin 2.3.24.1
+ > org.hibernate:hibernate-core 4.3.11.Final
+ > org.hibernate:hibernate-entitymanager 4.3.11.Final
+ > org.hibernate:hibernate-c3p0 4.3.11.Final
+ > com.google.http-client:google-http-client-jackson2 1.21.0
+ > com.google.oauth-client:google-oauth-client-jetty 1.21.0
+
+ ------------------------------------------------------------------------------
Version MOA-ID Release 3.0.2: Änderungen seit Version MOA-ID 3.0.1
- Änderungen
- Bug-Fix für Zugriff auf Oracle Datenbanken
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java
index 0e9411042..1c3e0fe13 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java
@@ -29,6 +29,7 @@ import java.util.List;
import java.util.Map;
import java.util.regex.Pattern;
+import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -114,14 +115,32 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme
}
check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PUBLICURLPREFIX, getKeyPrefix()));
+ String isVirtualIDPEnabled = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_ISVIRTUALIDPSENABLED, getKeyPrefix()));
if (MiscUtil.isNotEmpty(check)) {
- if (!ValidationHelper.validateURL(check)) {
- log.info("Public URL Prefix is not valid");
- errors.add(new ValidationObjectIdentifier(
- MOAIDConfigurationConstants.GENERAL_PUBLICURLPREFIX,
- "Public URL Prefix",
- LanguageHelper.getErrorString("validation.general.publicURLprefix.valid")));
- }
+ String[] preFixList = check.split(",");
+ if (isVirtualIDPEnabled != null && Boolean.valueOf(isVirtualIDPEnabled)) {
+ for (String el : preFixList) {
+ if (!ValidationHelper.validateURL(el.trim())) {
+ log.info("Public URL Prefix is not valid");
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.GENERAL_PUBLICURLPREFIX,
+ "Public URL Prefix",
+ LanguageHelper.getErrorString("validation.general.publicURLprefix.valid", new Object[]{el})));
+ }
+ }
+ } else {
+ if (!ValidationHelper.validateURL(
+ StringUtils.chomp(preFixList[0].trim()))) {
+ log.info("Public URL Prefix " + preFixList[0] + " is not valid");
+ errors.add(new ValidationObjectIdentifier(
+ MOAIDConfigurationConstants.GENERAL_PUBLICURLPREFIX,
+ "Public URL Prefix",
+ LanguageHelper.getErrorString("validation.general.publicURLprefix.valid", new Object[]{preFixList[0]})));
+
+ }
+
+ }
+
} else {
log.info("PublicURL Prefix is empty.");
errors.add(new ValidationObjectIdentifier(
@@ -511,15 +530,32 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme
Map<String, String> newConfigValues = new HashMap<String, String>();
- String pubURLPrefix = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PUBLICURLPREFIX, getKeyPrefix()));
- if(pubURLPrefix.endsWith("/")) {
- int length = pubURLPrefix.length();
- pubURLPrefix = pubURLPrefix.substring(0, length-1);
- newConfigValues.put(MOAIDConfigurationConstants.GENERAL_PUBLICURLPREFIX, pubURLPrefix);
+ String pubURLPrefix = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_PUBLICURLPREFIX, getKeyPrefix()));
+ String normalizedPubURLPrefix = KeyValueUtils.normalizeCSVValueString(pubURLPrefix);
+ String[] normalizedPubURLPrefixList = normalizedPubURLPrefix.split(KeyValueUtils.CSV_DELIMITER);
+ String modifiedPubURLPrefixCSV = null;
+
+ for (String el : normalizedPubURLPrefixList) {
+ String newPubURLPrefix = el;
+ if(el.endsWith("/")) {
+ int length = el.length();
+ newPubURLPrefix = el.substring(0, length-1);
+ }
+
+ if (modifiedPubURLPrefixCSV == null)
+ modifiedPubURLPrefixCSV = newPubURLPrefix;
+ else
+ modifiedPubURLPrefixCSV += KeyValueUtils.CSV_DELIMITER + newPubURLPrefix;
+
+ }
+
+ if (!modifiedPubURLPrefixCSV.equals(pubURLPrefix)) {
+ newConfigValues.put(MOAIDConfigurationConstants.GENERAL_PUBLICURLPREFIX, modifiedPubURLPrefixCSV);
log.debug("Change key: " + MOAIDConfigurationConstants.GENERAL_PUBLICURLPREFIX
+ " from value: " + input.get(MOAIDConfigurationConstants.GENERAL_PUBLICURLPREFIX)
- + " to value: " + pubURLPrefix);
- }
+ + " to value: " + modifiedPubURLPrefixCSV);
+ }
+
String ssoTarget = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SSO_TARGET, getKeyPrefix()));
if (MiscUtil.isNotEmpty(ssoTarget)) {
diff --git a/id/moa-id-webgui/src/main/resources/applicationResources_de.properties b/id/moa-id-webgui/src/main/resources/applicationResources_de.properties
index bb0499020..8f7ccd8ab 100644
--- a/id/moa-id-webgui/src/main/resources/applicationResources_de.properties
+++ b/id/moa-id-webgui/src/main/resources/applicationResources_de.properties
@@ -373,7 +373,7 @@ validation.edituser.bpk.valid=Die BPK enth\u00E4lt nicht erlaubte Zeichen. Folge
validation.general.SAML1SourceID=Die SAML1SourceID enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0}
validation.general.publicURLprefix.empty=Public URL Prefix Feld ist leer.
-validation.general.publicURLprefix.valid=Public URL Prefix hat kein g\u00FCltiges Format.
+validation.general.publicURLprefix.valid=Public URL Prefix {0} hat kein g\u00FCltiges Format.
validation.general.businessservice.empty=Die Application ist weder dem \u00F6ffentlichen noch dem privaten Sektor zugeordnet.
validation.general.certStoreDirectory.empty=CertStoreDirectory Feld ist leer.
validation.general.certStoreDirectory.valid=Das CertStoreDirectory Feld enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0}
diff --git a/id/moa-id-webgui/src/main/resources/applicationResources_en.properties b/id/moa-id-webgui/src/main/resources/applicationResources_en.properties
index 420ac27ec..9e472e3af 100644
--- a/id/moa-id-webgui/src/main/resources/applicationResources_en.properties
+++ b/id/moa-id-webgui/src/main/resources/applicationResources_en.properties
@@ -371,7 +371,7 @@ validation.edituser.bpk.valid=BPK contains forbidden characters. The following c
validation.general.SAML1SourceID=SAML1SourceID contains forbidden characters. The following characters are not allowed\: {0}
validation.general.publicURLprefix.empty=Public URL Prefix is blank.
-validation.general.publicURLprefix.valid=Public URL Prefix has invalid format.
+validation.general.publicURLprefix.valid=Public URL Prefix {0} has invalid format.
validation.general.businessservice.empty=Online application is no public or private application.
validation.general.certStoreDirectory.empty=CertStoreDirectory is blank.
validation.general.certStoreDirectory.valid=CertStoreDirectory Feld contains forbidden characters. The following characters are not allowed\: {0}
diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java
index 4bce49465..0b8251386 100644
--- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java
+++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java
@@ -43,6 +43,7 @@ import org.opensaml.common.binding.BasicSAMLMessageContext;
import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;
+import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder;
import org.opensaml.saml2.core.AuthnContextClassRef;
import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
import org.opensaml.saml2.core.AuthnRequest;
@@ -124,7 +125,7 @@ public class Authenticate extends HttpServlet {
serviceURL = serviceURL + "/";
//name.setValue(serviceURL);
issuer.setValue(serviceURL);
-
+
// subject.setNameID(name);
// authReq.setSubject(subject);
issuer.setFormat(NameIDType.ENTITY);
@@ -155,13 +156,21 @@ public class Authenticate extends HttpServlet {
for (SingleSignOnService sss :
idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleSignOnServices()) {
+// //Get the service address for the binding you wish to use
+// if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) {
+// redirectEndpoint = sss;
+// }
+
//Get the service address for the binding you wish to use
- if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) {
+ if (sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
redirectEndpoint = sss;
}
+
}
authReq.setDestination(redirectEndpoint.getLocation());
+ //authReq.setDestination("http://test.test.test");
+
RequestedAuthnContext reqAuthContext =
SAML2Utils.createSAMLObject(RequestedAuthnContext.class);
@@ -191,32 +200,47 @@ public class Authenticate extends HttpServlet {
authReq.setSignature(signer);
//generate Http-POST Binding message
- VelocityEngine engine = new VelocityEngine();
- engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8");
- engine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8");
- engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8");
- engine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath");
- engine.setProperty("classpath.resource.loader.class",
- "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader");
- engine.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS,
- "org.apache.velocity.runtime.log.SimpleLog4JLogSystem");
- engine.init();
-
- HTTPPostEncoder encoder = new HTTPPostEncoder(engine,
- "templates/pvp_postbinding_template.html");
+// VelocityEngine engine = new VelocityEngine();
+// engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8");
+// engine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8");
+// engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8");
+// engine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath");
+// engine.setProperty("classpath.resource.loader.class",
+// "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader");
+// engine.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS,
+// "org.apache.velocity.runtime.log.SimpleLog4JLogSystem");
+// engine.init();
+//
+// HTTPPostEncoder encoder = new HTTPPostEncoder(engine,
+// "templates/pvp_postbinding_template.html");
+// HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
+// response, true);
+// BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
+// SingleSignOnService service = new SingleSignOnServiceBuilder()
+// .buildObject();
+// service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
+// service.setLocation(redirectEndpoint.getLocation());;
+//
+// context.setOutboundSAMLMessageSigningCredential(authcredential);
+// context.setPeerEntityEndpoint(service);
+// context.setOutboundSAMLMessage(authReq);
+// context.setOutboundMessageTransport(responseAdapter);
+
+ //generate Redirect Binding message
+ HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder();
HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
response, true);
BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
SingleSignOnService service = new SingleSignOnServiceBuilder()
.buildObject();
- service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
- service.setLocation(redirectEndpoint.getLocation());;
-
+ service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
+ service.setLocation(redirectEndpoint.getLocation());
context.setOutboundSAMLMessageSigningCredential(authcredential);
context.setPeerEntityEndpoint(service);
context.setOutboundSAMLMessage(authReq);
context.setOutboundMessageTransport(responseAdapter);
-
+ //context.setRelayState(relayState);
+
encoder.encode(context);
} catch (Exception e) {
diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/AttributeListBuilder.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/AttributeListBuilder.java
index eecb691c0..1dcc66a56 100644
--- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/AttributeListBuilder.java
+++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/AttributeListBuilder.java
@@ -56,9 +56,9 @@ public class AttributeListBuilder implements PVPConstants{
requestedAttributes.add(buildReqAttribute(EID_CITIZEN_QAA_LEVEL_NAME, EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME, true));
requestedAttributes.add(buildReqAttribute(EID_ISSUING_NATION_NAME, EID_ISSUING_NATION_FRIENDLY_NAME, true));
requestedAttributes.add(buildReqAttribute(EID_SECTOR_FOR_IDENTIFIER_NAME, EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, true));
- requestedAttributes.add(buildReqAttribute(EID_SIGNER_CERTIFICATE_NAME, EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, true));
+ requestedAttributes.add(buildReqAttribute(EID_SIGNER_CERTIFICATE_NAME, EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, false));
requestedAttributes.add(buildReqAttribute(EID_CCS_URL_NAME, EID_CCS_URL_FRIENDLY_NAME, true));
- requestedAttributes.add(buildReqAttribute(EID_AUTH_BLOCK_NAME, EID_AUTH_BLOCK_FRIENDLY_NAME, true));
+ requestedAttributes.add(buildReqAttribute(EID_AUTH_BLOCK_NAME, EID_AUTH_BLOCK_FRIENDLY_NAME, false));
requestedAttributes.add(buildReqAttribute(EID_IDENTITY_LINK_NAME, EID_IDENTITY_LINK_FRIENDLY_NAME, true));
requestedAttributes.add(buildReqAttribute(MANDATE_TYPE_NAME, MANDATE_TYPE_FRIENDLY_NAME, false));
diff --git a/id/readme_3.1.0-RC1.txt b/id/readme_3.1.0-RC1.txt
new file mode 100644
index 000000000..6c2fce8a8
--- /dev/null
+++ b/id/readme_3.1.0-RC1.txt
@@ -0,0 +1,602 @@
+===============================================================================
+MOA ID Version Release 3.1.0 - Wichtige Informationen zur Installation
+===============================================================================
+
+-------------------------------------------------------------------------------
+A. Neuerungen/Änderungen
+-------------------------------------------------------------------------------
+
+Mit MOA ID Version 3.1.0 wurden folgende Neuerungen und Änderungen eingeführt,
+die jetzt erstmals in der Veröffentlichung enthalten sind (siehe auch
+history.txt im gleichen Verzeichnis).
+
+- Änderungen
+ - Mehrere virtuelle IDP Instanzen je deployer MOA-ID Instanz möglich
+ (unterschiedliche Entity-IDs je virtueller Instanz)
+ - Überarbeitung der Weboberfläche des Konfigurationstools
+ - Kleinere Bug-Fixes
+ - Update von Libraries
+
+
+-------------------------------------------------------------------------------
+B. Durchführung eines Updates
+-------------------------------------------------------------------------------
+
+Es wird generell eine Neuinstallation lt. Handbuch empfohlen! Dennoch ist auch
+eine Aktualisierung bestehender Installationen möglich. Je nachdem von welcher
+MOA-ID Version ausgegangen wird ergibt sich eine Kombination der nachfolgend
+angebebenen Updateschritte.
+
+Hinweis: Wenn Sie die bestehende Konfiguration von MOA-ID 2.x.x in MOA-ID 3.1.x
+reimportieren möchten, so muss diese vor dem Update mit Hilfe der import/export
+Funktion der grafischen Konfigurationsoberfläche in eine Datei exportiert werden.
+Diese Datei dient dann als Basis für den Import in MOA-ID 3.1.x.
+
+...............................................................................
+B.1 Durchführung eines Updates von Version 3.0.x auf Version 3.1.0
+...............................................................................
+1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-3.1.0.zip) in
+ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
+ bezeichnet.
+
+3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
+ für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war
+ als auch das komplette Verzeichnis moa-id-auth.
+
+4. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+ CATALINA_HOME_ID/webapps.
+
+5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
+ CATALINA_HOME_ID/webapps.
+
+6. Update der TrustStores für WebService Zugriffe.
+ a.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\certs\ca-certs
+ in das Verzeichnis CATALINA_HOME\conf\moa-id\certs\ca-certs.
+ b.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\certs\certstore\toBeAdded
+ in das Verzeichnis CATALINA_HOME\conf\moa-id\certs\certstore\toBeAdded.
+
+7. Hinzufügen der zusätzlichen Konfigurationsparameter in der
+ MOA-ID-Configuration Konfigurationsdatei
+ CATALINA_HOME\conf\moa-id-configuration\moa-id-configtool.properties
+ a.) dbcp.validationQuery=..... (SQL Query zum Validieren der
+ Datenbankverbindung
+ z.B: "SELECT 1" für mySQL
+ "select 1 from dual" für OracleDB)
+
+8. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth
+ Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties
+ a.) configuration.dbcp.validationQuery=..... (SQL Query zum
+ Validieren der Datenbankverbindung
+ z.B: "SELECT 1" für mySQL
+ "select 1 from dual" für OracleDB)
+
+9. Update der Default html-Templates für die Bürgerkartenauswahl.
+ a.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\htmlTemplates
+ in das Verzeichnis CATALINA_HOME\conf\moa-id\htmlTemplates.
+ b.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id-configuration\htmlTemplates
+ in das Verzeichnis CATALINA_HOME\conf\moa-id-configuration\htmlTemplates.
+
+10. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+ Logging von MOA ID beim Einlesen der Konfiguration.
+
+...............................................................................
+B.2 Durchführung eines Updates von Version 2.2.1 auf Version 3.1.0
+...............................................................................
+
+1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-3.1.0.zip) in
+ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
+ bezeichnet.
+
+3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
+ für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war und
+ moa-id-configuration.war als auch das komplette Verzeichnis moa-id-auth
+ und das komplette Verzeichnis moa-id-configuration.
+
+4. Erstellen Sie eine Sicherungskopie aller "*.jar"-Dateien im Verzeichnis
+ CATALINA_HOME_ID\endorsed und loeschen Sie diese Dateien danach.
+
+5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+ CATALINA_HOME_ID/webapps.
+
+6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
+ CATALINA_HOME_ID/webapps.
+
+7. Update des Cert-Stores.
+ Kopieren Sie den Inhalt des Verzeichnisses
+ MOA_ID_INST_AUTH\conf\moa-spss\certstore in das Verzeichnis
+ CATALINA_HOME\conf\moa-spss\certstore. Wenn Sie gefragt werden, ob Sie
+ vorhandene Dateien oder Unterverzeichnisse überschreiben sollen, dann
+ bejahen sie das.
+
+8. Update der Trust-Profile. Wenn Sie Ihre alten Trust-Profile durch die Neuen ersetzen
+ wollen, dann gehen Sie vor, wie in Punkt a). Wenn Sie Ihre eigenen Trust-Profile
+ beibehalten wollen, dann gehen Sie vor, wie in Punkt b).
+
+ a. Gehen Sie wie folgt vor, um die Trust-Profile auszutauschen:
+
+ 1) Löschen Sie das Verzeichnis CATALINA_HOME\conf\moa-spss\trustprofiles.
+ 2) Kopieren Sie das Verzeichnis
+ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles in das Verzeichnis
+ CATALINA_HOME\conf\moa-spss.
+
+ b. Falls Sie Ihre alten Trust-Profile beibehalten wollen, gehen Sie wie
+ folgt vor, um die Profile auf den aktuellen Stand zu bringen:
+
+ 1) Ergänzen Sie ihre Trustprofile durch alle Zertifikate aus den
+ entsprechenden Profilen im Verzeichnis
+ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles, die nicht in Ihren
+ Profilen enthalten sind. Am einfachsten ist es, wenn Sie den Inhalt
+ der einzelnen Profile aus der Distribution
+ (MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles) in die entsprechenden
+ Profile Ihrer Installation (CATALINA_HOME\conf\moa-spss\trustProfiles)
+ kopieren und dabei die vorhandenen gleichnamigen Zertifikate
+ überschreiben), also z.B: Kopieren des Inhalts von
+ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\
+ MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten nach
+ CATALINA_HOME\conf\moa-spss\trustProfiles\
+ MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten usw.
+
+9. Update der Default html-Templates für die Bürgerkartenauswahl.
+
+ a.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\htmlTemplates
+ in das Verzeichnis CATALINA_HOME\conf\moa-id\htmlTemplates.
+ b.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id-configuration\htmlTemplates
+ in das Verzeichnis CATALINA_HOME\conf\moa-id-configuration\htmlTemplates.
+
+10. Update der STORK Konfiguration
+ a.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\stork
+ in das Verzeichnis CATALINA_HOME\conf\moa-id\stork.
+ b.) Passen Sie die STORK Konfiguration laut Handbuch -> Konfiguration ->
+ 2.4 Konfiguration des SamlEngines an.
+
+11. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth Konfigurationsdatei
+ CATALINA_HOME\conf\moa-id\moa-id.properties
+
+12. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Configration Konfigurationsdatei
+ CATALINA_HOME\conf\moa-id-configuration\moa-id-configtool.properties
+
+13. Hinzufügen der zusätzlichen Konfigurationsdatei in der MOA-ID-Configuration
+ CATALINA_HOME\conf\moa-id-configuration\userdatabase.properties
+
+14. Update der Tomcat Start-Skripts:
+ - Die Konfigurationsdateien für MOA-ID-Auth und MOA-ID-Configuration müssen
+ nur als URI (file:/...) übergeben werden.
+
+15. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+ Logging von MOA ID beim Einlesen der Konfiguration.
+
+
+...............................................................................
+B.1 Durchführung eines Updates von Version 2.2.0 auf Version 2.2.1
+...............................................................................
+1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-2.2.1.zip) in
+ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
+ bezeichnet.
+
+3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
+ für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war und
+ moa-id-configuration.war als auch das komplette Verzeichnis moa-id-auth
+ und das komplette Verzeichnis moa-id-configuration.
+
+4. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+ CATALINA_HOME_ID/webapps.
+
+5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
+ CATALINA_HOME_ID/webapps.
+
+6. Update des Cert-Stores.
+ Kopieren Sie den Inhalt des Verzeichnisses
+ MOA_ID_INST_AUTH\conf\moa-spss\certstore in das Verzeichnis
+ CATALINA_HOME\conf\moa-spss\certstore. Wenn Sie gefragt werden, ob Sie
+ vorhandene Dateien oder Unterverzeichnisse überschreiben sollen, dann
+ bejahen sie das.
+
+7. Update der Trust-Profile. Wenn Sie Ihre alten Trust-Profile durch die Neuen ersetzen
+ wollen, dann gehen Sie vor, wie in Punkt a). Wenn Sie Ihre eigenen Trust-Profile
+ beibehalten wollen, dann gehen Sie vor, wie in Punkt b).
+
+ a. Gehen Sie wie folgt vor, um die Trust-Profile auszutauschen:
+
+ 1) Löschen Sie das Verzeichnis CATALINA_HOME\conf\moa-spss\trustprofiles.
+ 2) Kopieren Sie das Verzeichnis
+ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles in das Verzeichnis
+ CATALINA_HOME\conf\moa-spss.
+
+ b. Falls Sie Ihre alten Trust-Profile beibehalten wollen, gehen Sie wie
+ folgt vor, um die Profile auf den aktuellen Stand zu bringen:
+
+ 1) Ergänzen Sie ihre Trustprofile durch alle Zertifikate aus den
+ entsprechenden Profilen im Verzeichnis
+ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles, die nicht in Ihren
+ Profilen enthalten sind. Am einfachsten ist es, wenn Sie den Inhalt
+ der einzelnen Profile aus der Distribution
+ (MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles) in die entsprechenden
+ Profile Ihrer Installation (CATALINA_HOME\conf\moa-spss\trustProfiles)
+ kopieren und dabei die vorhandenen gleichnamigen Zertifikate
+ überschreiben), also z.B: Kopieren des Inhalts von
+ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\
+ MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten nach
+ CATALINA_HOME\conf\moa-spss\trustProfiles\
+ MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten usw.
+
+8. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+ Logging von MOA ID beim Einlesen der Konfiguration.
+
+...............................................................................
+B.1 Durchführung eines Updates von Version 2.1.2 auf Version 2.2.0
+...............................................................................
+ 1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-2.2.0.zip) in
+ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
+ bezeichnet.
+
+3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
+ für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war und
+ moa-id-configuration.war als auch das komplette Verzeichnis moa-id-auth
+ und das komplette Verzeichnis moa-id-configuration.
+
+4. Erstellen Sie eine Sicherungskopie aller "*.jar"-Dateien im Verzeichnis
+ CATALINA_HOME_ID\endorsed und loeschen Sie diese Dateien danach.
+
+6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+ CATALINA_HOME_ID/webapps.
+
+7. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
+ CATALINA_HOME_ID/webapps.
+
+8. Kopieren der folgenden Dateien:
+ Sollte die Datei bereits vorhanden sein erstellen Sie ein Backup der
+ Datei bevor Sie diese durch die neue Version ersetzen.
+ a.) MOA_ID_AUTH_INST/conf/moa-id/stork/StorkSamlEngine_VIDP.xml ->
+ CATALINA_HOME/conf/moa-id/stork/StorkSamlEngine_VIDP.xml
+ b.) MOA_ID_AUTH_INST/conf/moa-id/stork/StorkSamlEngine_outgoing.xml ->
+ CATALINA_HOME/conf/moa-id/stork/StorkSamlEngine_outgoing.xml
+
+9. Dem STORK KeyStores unter MOA_ID_AUTH_INST/conf/moa-id/keys/storkDemoKeys.jks
+ (Passwort=local-demo) wurden neue vertrauenswürdige Zertifikate hinzugefügt.
+ Gleichen Sie bei Bedarf die Zertifikate dieses KeyStores mit Ihrem aktuell
+ verwendeten KeyStore ab.
+
+10. Update des Cert-Stores.
+ Kopieren Sie den Inhalt des Verzeichnisses
+ MOA_ID_INST_AUTH\conf\moa-spss\certstore in das Verzeichnis
+ CATALINA_HOME\conf\moa-spss\certstore. Wenn Sie gefragt werden, ob Sie
+ vorhandene Dateien oder Unterverzeichnisse überschreiben sollen, dann
+ bejahen sie das.
+
+11. Update der Trust-Profile. Wenn Sie Ihre alten Trust-Profile durch die Neuen ersetzen
+ wollen, dann gehen Sie vor, wie in Punkt a). Wenn Sie Ihre eigenen Trust-Profile
+ beibehalten wollen, dann gehen Sie vor, wie in Punkt b).
+
+ a. Gehen Sie wie folgt vor, um die Trust-Profile auszutauschen:
+
+ 1) Löschen Sie das Verzeichnis CATALINA_HOME\conf\moa-spss\trustprofiles.
+ 2) Kopieren Sie das Verzeichnis
+ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles in das Verzeichnis
+ CATALINA_HOME\conf\moa-spss.
+
+ b. Falls Sie Ihre alten Trust-Profile beibehalten wollen, gehen Sie wie
+ folgt vor, um die Profile auf den aktuellen Stand zu bringen:
+
+ 1) Ergänzen Sie ihre Trustprofile durch alle Zertifikate aus den
+ entsprechenden Profilen im Verzeichnis
+ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles, die nicht in Ihren
+ Profilen enthalten sind. Am einfachsten ist es, wenn Sie den Inhalt
+ der einzelnen Profile aus der Distribution
+ (MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles) in die entsprechenden
+ Profile Ihrer Installation (CATALINA_HOME\conf\moa-spss\trustProfiles)
+ kopieren und dabei die vorhandenen gleichnamigen Zertifikate
+ überschreiben), also z.B: Kopieren des Inhalts von
+ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\
+ MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten nach
+ CATALINA_HOME\conf\moa-spss\trustProfiles\
+ MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten usw.
+
+
+12. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+ Logging von MOA ID beim Einlesen der Konfiguration.
+
+...............................................................................
+B.2 Durchführung eines Updates von Version 2.1.1 auf Version 2.1.2
+...............................................................................
+ 1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-2.1.2.zip) in
+ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
+ bezeichnet.
+
+3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
+ für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war und
+ moa-id-configuration.war als auch das komplette Verzeichnis moa-id-auth
+ und das komplette Verzeichnis moa-id-configuration.
+
+4. Erstellen Sie eine Sicherungskopie aller "*.jar"-Dateien im Verzeichnis
+ CATALINA_HOME_ID\endorsed und loeschen Sie diese Dateien danach.
+
+5. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\endorsed in das
+ Verzeichnis CATALINA_HOME_ID\endorsed
+
+6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+ CATALINA_HOME_ID/webapps.
+
+7. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
+ CATALINA_HOME_ID/webapps.
+
+8. Kopieren der folgenden Dateien
+ a.) MOA_ID_AUTH_INST/conf/moa-id/stork/StorkSamlEngine_VIDP.xml ->
+ CATALINA_HOME/conf/moa-id/stork/StorkSamlEngine_VIDP.xml
+ Sollte die Datei bereits vorhanden sein erstellen Sie ein Backup der
+ Datei slo_template.html bevor Sie diese durch die neue Version ersetzen.
+
+9. Dem STORK KeyStores unter MOA_ID_AUTH_INST/conf/moa-id/keys/storkDemoKeys.jks
+ (Passwort=local-demo) wurden neue vertrauenswürdige Zertifikate hinzugefügt.
+ Gleichen Sie bei Bedarf die Zertifikate dieses KeyStores mit Ihrem aktuell
+ verwendeten KeyStore ab.
+
+10. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+ Logging von MOA ID beim Einlesen der Konfiguration.
+
+
+...............................................................................
+B.3 Durchführung eines Updates von Version 2.1.0 auf Version 2.1.1
+...............................................................................
+ 1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-2.1.0.zip) in
+ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
+ bezeichnet.
+
+3. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis
+ JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach.
+
+4. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das
+ Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.4.x wird nicht mehr
+ unterstuetzt).
+
+5. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
+ für MOA ID steht). Löschen Sie darin sowohl die Datei moa-id-auth.war als
+ auch das komplette Verzeichnis moa-id-auth.
+
+6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+ CATALINA_HOME_ID/webapps.
+
+7. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
+ CATALINA_HOME_ID/webapps.
+
+8. Hinzufügen der zusätzlichen Konfigurationsparameter in der
+ MOA-ID-Configuration Konfigurationsdatei
+ CATALINA_HOME\conf\moa-id-configuration\moa-id-configtool.properties
+ a.) general.moaconfig.key=..... (Passwort zum Ver- und
+ Entschlüsseln von Konfigurationsparametern in der Datenbank)
+
+9. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth
+ Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties
+ a.) configuration.moaconfig.key=..... (Passwort zum Ver- und
+ Entschlüsseln von Konfigurationsparametern in der Datenbank)
+
+10. Kopieren der folgenden Dateien
+ a.) MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/slo_template.html ->
+ CATALINA_HOME/conf/moa-id/htmlTemplates/slo_template.html
+ Sollte die Datei bereits vorhanden sein erstellen Sie ein Backup der
+ Datei slo_template.html bevor Sie diese durch die neue Version ersetzen.
+
+11. Update des Cert-Stores.
+ Kopieren Sie den Inhalt des Verzeichnisses
+ MOA_ID_INST_AUTH\conf\moa-spss\certstore in das Verzeichnis
+ CATALINA_HOME\conf\moa-spss\certstore. Wenn Sie gefragt werden, ob Sie
+ vorhandene Dateien oder Unterverzeichnisse überschreiben sollen, dann
+ bejahen sie das.
+
+12. Update der Trust-Profile. Wenn Sie Ihre alten Trust-Profile durch die Neuen ersetzen
+ wollen, dann gehen Sie vor, wie in Punkt a). Wenn Sie Ihre eigenen Trust-Profile
+ beibehalten wollen, dann gehen Sie vor, wie in Punkt b).
+
+ a. Gehen Sie wie folgt vor, um die Trust-Profile auszutauschen:
+
+ 1) Löschen Sie das Verzeichnis CATALINA_HOME\conf\moa-spss\trustprofiles.
+ 2) Kopieren Sie das Verzeichnis
+ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles in das Verzeichnis
+ CATALINA_HOME\conf\moa-spss.
+
+ b. Falls Sie Ihre alten Trust-Profile beibehalten wollen, gehen Sie wie
+ folgt vor, um die Profile auf den aktuellen Stand zu bringen:
+
+ 1) Ergänzen Sie ihre Trustprofile durch alle Zertifikate aus den
+ entsprechenden Profilen im Verzeichnis
+ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles, die nicht in Ihren
+ Profilen enthalten sind. Am einfachsten ist es, wenn Sie den Inhalt
+ der einzelnen Profile aus der Distribution
+ (MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles) in die entsprechenden
+ Profile Ihrer Installation (CATALINA_HOME\conf\moa-spss\trustProfiles)
+ kopieren und dabei die vorhandenen gleichnamigen Zertifikate
+ überschreiben), also z.B: Kopieren des Inhalts von
+ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\
+ MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten nach
+ CATALINA_HOME\conf\moa-spss\trustProfiles\
+ MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten usw.
+
+13. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+ Logging von MOA ID beim Einlesen der Konfiguration.
+
+
+...............................................................................
+B.4 Durchführung eines Updates von Version 2.0.1 auf Version 2.1.0
+...............................................................................
+ 1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-2.1.0.zip) in
+ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
+ bezeichnet.
+
+3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
+ für MOA ID steht). Löschen Sie darin sowohl die Datei moa-id-auth.war als
+ auch das komplette Verzeichnis moa-id-auth.
+
+4. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+ CATALINA_HOME_ID/webapps.
+
+5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
+ CATALINA_HOME_ID/webapps.
+
+6. Update der STORK Konfiguration
+ a.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\stork
+ in das Verzeichnis CATALINA_HOME\conf\moa-id\stork.
+ b.) Passen Sie die STORK Konfiguration laut Handbuch -> Konfiguration ->
+ 2.4 Konfiguration des SamlEngines an.
+
+7. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Configuration Konfigurationsdatei
+ CATALINA_HOME\conf\moa-id-configuration\moa-id-configtool.properties
+ a.) general.ssl.certstore=certs/certstore
+ b.) general.ssl.truststore=certs/truststore
+
+8. Kopieren des folgenden zusätzlichen Ordners MOA_ID_AUTH_INST/conf/moa-id-configuration/certs
+ nach CATALINA_HOME\conf\moa-id-configuration\
+
+9. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth Konfigurationsdatei
+ CATALINA_HOME\conf\moa-id\moa-id.properties und Anpassung an das zu verwendeten Schlüsselpaar.
+ a.) protocols.pvp2.idp.ks.assertion.encryption.alias=pvp_assertion
+ protocols.pvp2.idp.ks.assertion.encryption.keypassword=password
+
+10. Kopieren der folgenden zusätzlichen Ordner aus MOA_ID_AUTH_INST/conf/moa-id/
+ nach CATALINA_HOME\conf\moa-id\
+ a.) MOA_ID_AUTH_INST/conf/moa-id/SLTemplates -> CATALINA_HOME\conf\moa-id\
+ b.) MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/slo_template.html ->
+ CATALINA_HOME/conf/moa-id/htmlTemplates/slo_template.html
+
+11. Neuinitialisieren des Datenbank Schema für die MOA-Session. Hierfür stehen
+ zwei Varianten zur Verfügung.
+ a.) Ändern Sie in der Konfigurationsdatei für das Modul MOA-ID-Auth
+ CATALINA_HOME\conf\moa-id\moa-id.properties die Zeile
+ moasession.hibernate.hbm2ddl.auto=update
+ zu
+ moasession.hibernate.hbm2ddl.auto=create
+ Danach werden die Tabellen beim nächsten Startvorgang neu generiert.
+
+ b.) Löschen Sie alle Tabellen aus dem Datenbank Schema für die MOA-Sessixson
+ Informationen per Hand. Alle Tabellen werden beim nächsten Start autmatisch neu generiert.
+
+12 . Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+ Logging von MOA ID beim Einlesen der Konfiguration.
+
+
+...............................................................................
+B.5 Durchführung eines Updates von Version 2.0-RC1 auf Version 2.0.1
+...............................................................................
+
+1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-2.0.1.zip) in
+ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
+ bezeichnet.
+ Für MOA ID Proxy:
+ Entpacken Sie die Distribution von MOA-ID-Proxy (moa-id-proxy-2.0.1.zip) in
+ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_PROXY_INST
+ bezeichnet.
+
+3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
+ für MOA ID steht). Löschen Sie darin sowohl die Datei moa-id-auth.war als
+ auch das komplette Verzeichnis moa-id-auth.
+
+4. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+ CATALINA_HOME_ID/webapps.
+
+5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
+ CATALINA_HOME_ID/webapps.
+
+6. Update des Cert-Stores.
+ Kopieren Sie den Inhalt des Verzeichnisses
+ MOA_ID_INST_AUTH\conf\moa-spss\certstore in das Verzeichnis
+ CATALINA_HOME\conf\moa-spss\certstore. Wenn Sie gefragt werden, ob Sie
+ vorhandene Dateien oder Unterverzeichnisse überschreiben sollen, dann
+ bejahen sie das.
+
+7. Update der Trust-Profile. Wenn Sie Ihre alten Trust-Profile durch die Neuen ersetzen
+ wollen, dann gehen Sie vor, wie in Punkt a). Wenn Sie Ihre eigenen Trust-Profile
+ beibehalten wollen, dann gehen Sie vor, wie in Punkt b).
+
+ a. Gehen Sie wie folgt vor, um die Trust-Profile auszutauschen:
+
+ 1) Löschen Sie das Verzeichnis CATALINA_HOME\conf\moa-spss\trustprofiles.
+ 2) Kopieren Sie das Verzeichnis
+ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles in das Verzeichnis
+ CATALINA_HOME\conf\moa-spss.
+
+ b. Falls Sie Ihre alten Trust-Profile beibehalten wollen, gehen Sie wie
+ folgt vor, um die Profile auf den aktuellen Stand zu bringen:
+
+ 1) Ergänzen Sie ihre Trustprofile durch alle Zertifikate aus den
+ entsprechenden Profilen im Verzeichnis
+ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles, die nicht in Ihren
+ Profilen enthalten sind. Am einfachsten ist es, wenn Sie den Inhalt
+ der einzelnen Profile aus der Distribution
+ (MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles) in die entsprechenden
+ Profile Ihrer Installation (CATALINA_HOME\conf\moa-spss\trustProfiles)
+ kopieren und dabei die vorhandenen gleichnamigen Zertifikate
+ überschreiben), also z.B: Kopieren des Inhalts von
+ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\
+ MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten nach
+ CATALINA_HOME\conf\moa-spss\trustProfiles\
+ MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten usw.
+
+8. Update der Default html-Templates für die Bürgerkartenauswahl.
+
+ a.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\htmlTemplates
+ in das Verzeichnis CATALINA_HOME\conf\moa-id\htmlTemplates.
+ b.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id-configuration\htmlTemplates
+ in das Verzeichnis CATALINA_HOME\conf\moa-id-configuration\htmlTemplates.
+
+9. Update der STORK Konfiguration
+ a.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\stork
+ in das Verzeichnis CATALINA_HOME\conf\moa-id\stork.
+ b.) Passen Sie die STORK Konfiguration laut Handbuch -> Konfiguration ->
+ 2.4 Konfiguration des SamlEngines an.
+
+10. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth Konfigurationsdatei
+ CATALINA_HOME\conf\moa-id\moa-id.properties
+
+ a.) configuration.validation.certificate.QC.ignore=false
+ b.) protocols.pvp2.assertion.encryption.active=false
+
+11. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+ Logging von MOA ID beim Einlesen der Konfiguration.
+
+
+...............................................................................
+B.6 Durchführung eines Updates von Version <= 1.5.1
+...............................................................................
+
+Bitte führen Sie eine Neuinstallation von MOA ID laut Handbuch durch und passen
+Sie die mitgelieferte Musterkonfiguration entsprechend Ihren Bedürfnissen unter
+Zuhilfenahme Ihrer bisherigen Konfiguration an.
+
diff --git a/id/server/auth/pom.xml b/id/server/auth/pom.xml
index 3a84ca37d..98ec73a25 100644
--- a/id/server/auth/pom.xml
+++ b/id/server/auth/pom.xml
@@ -204,6 +204,12 @@
<artifactId>xalan</artifactId>
<!-- should be provided by the container or jre -->
<scope>provided</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>xalan</groupId>
+ <artifactId>serializer</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>xerces</groupId>
diff --git a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml
index c3cf396b3..a67549ef3 100644
--- a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml
+++ b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml
@@ -93,10 +93,16 @@
<from>^/stork2/RetrieveMandate$</from>
<to type="forward">/dispatcher?mod=id_stork2&amp;action=MandateRetrievalRequest&amp;%{query-string}</to>
</rule>
+
+ <!-- eIDAS protocol -->
<rule match-type="regex">
<from>^/eidas/ColleagueRequest$</from>
<to type="forward">/dispatcher?mod=eidas&amp;action=AuthenticationRequest&amp;%{query-string}</to>
</rule>
+ <rule match-type="regex">
+ <from>^/eidas/metadata$</from>
+ <to type="forward">/dispatcher?mod=eidas&amp;action=MetadataRequest&amp;%{query-string}</to>
+ </rule>
<rule match-type="regex">
diff --git a/id/server/auth/src/main/webapp/index.html b/id/server/auth/src/main/webapp/index.html
index d898f8b95..0c051571b 100644
--- a/id/server/auth/src/main/webapp/index.html
+++ b/id/server/auth/src/main/webapp/index.html
@@ -2,7 +2,7 @@
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf8" >
- <title>MOA-ID 3.0.x</title>
+ <title>MOA-ID 3.1.x</title>
<link rel="stylesheet" href="./common/main.css" type="text/css">
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
<link href='https://fonts.googleapis.com/css?family=Roboto:300,400' rel='stylesheet' type='text/css'>
diff --git a/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/loginFormFull.html b/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/loginFormFull.html
index a29b1d7bb..2b0115d4a 100644
--- a/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/loginFormFull.html
+++ b/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/loginFormFull.html
@@ -405,7 +405,7 @@
#bkulogin {
min-width: 190px;
- min-height: 155px;
+ min-height: 170px;
}
.setAssertionButton_full {
@@ -616,6 +616,12 @@
top: 40px;
}
+
+ #ssoSessionTransferBlock {
+ font-size: 0.8em;
+ margin-left: 5px;
+ margin-bottom: 5px;
+ }
</style>
<!-- MOA-ID 2.x BKUSelection JavaScript fucnctions-->
@@ -656,7 +662,6 @@
if (isMetro())
document.getElementById("metroDetected").style.display="block";
document.getElementById("localBKU").style.display="block";
- document.getElementById("bkuButtonOnlineId").disabled = "true";
/* if (checkMandateSSO())
return; */
@@ -673,7 +678,6 @@
generateIFrame(iFrameURL);
}
function bkuHandyClicked() {
- document.getElementById("bkuButtonHandyId").disabled = "true";
document.getElementById("localBKU").style.display="none";
/* if (checkMandateSSO())
return; */
@@ -836,7 +840,7 @@
<h2 id="tabheader" class="dunkel" role="heading">#HEADER_TEXT#</h2>
</div>
<div id="bkulogin" class="hell" role="form">
- <div id="mandateLogin" style="">
+ <div id="mandateLogin" style="#MANDATEVISIBLE#">
<div>
<input tabindex="1" type="checkbox" name="Mandate"
id="mandateCheckBox" class="verticalcenter" role="checkbox"
@@ -854,15 +858,13 @@
<img id="bkuimage" class="bkuimage" src="#CONTEXTPATH#/img/online-bku.png"
alt="OnlineBKU" /> <input name="bkuButtonOnline" type="button"
onClick="bkuOnlineClicked();" tabindex="2" role="button"
- value="Karte"
- id="bkuButtonOnlineId"/>
+ value="Karte" />
</div>
<div id="bkuhandy">
<img class="bkuimage" src="#CONTEXTPATH#/img/mobile-bku.png"
alt="HandyBKU" /> <input name="bkuButtonHandy" type="button"
onClick="bkuHandyClicked();" tabindex="3" role="button"
- value="HANDY"
- id="bkuButtonHandyId"/>
+ value="HANDY" />
</div>
</div>
<div id="localBKU">
@@ -871,19 +873,20 @@
<input type="hidden" name="bkuURI" value="#LOCAL#"> <input
type="hidden" name="useMandate" id="useMandate"> <input
type="hidden" name="SSO" id="useSSO"> <input
- type="hidden" name="CCC" id="ccc"> <input type="hidden"
+ type="hidden" name="ccc" id="ccc"> <input type="hidden"
name="MODUL" value="#MODUL#"> <input type="hidden"
name="ACTION" value="#ACTION#"> <input type="hidden"
name="MOASessionID" value="#SESSIONID#">
<input type="submit" value=" Lokale Bürgerkartenumgebung " tabindex="4"
- role="button" onclick="setMandateSelection();"
- >
- <!--p>
- <small>Alternativ können Sie eine lokal installierte BKU verwenden.</small>
- </p-->
- </form>
+ role="button" onclick="setMandateSelection();">
+ </form>
</div>
+ <!-- Single Sign-On Session transfer functionality -->
+ <!--div id="ssoSessionTransferBlock">
+ <a href="#AUTH_URL#?MOASessionID=#SESSIONID#&restoreSSOSession=true">>Restore SSO Session from Smartphone</a>
+ </div-->
+
<div id="stork" align="center" style="#STORKVISIBLE#">
<h2 id="tabheader" class="dunkel">Home Country Selection</h2>
<p>
@@ -904,7 +907,7 @@
</div>
</div>
</div>
- <div id="validation">
+ <!--div id="validation">
<a href="http://validator.w3.org/check?uri="> <img
style="border: 0; width: 88px; height: 31px"
src="#CONTEXTPATH#/img/valid-html5-blue.png" alt="HTML5 ist valide!" />
@@ -913,7 +916,7 @@
src="http://jigsaw.w3.org/css-validator/images/vcss-blue"
alt="CSS ist valide!" />
</a>
- </div>
+ </div-->
</div>
</body>
</html>
diff --git a/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/sendAssertionFormFull.html b/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/sendAssertionFormFull.html
index 1a3e683de..07d018a94 100644
--- a/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/sendAssertionFormFull.html
+++ b/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/sendAssertionFormFull.html
@@ -600,7 +600,7 @@
</div>
</div>
</div>
- <div id="validation">
+ <!--div id="validation">
<a href="http://validator.w3.org/check?uri=">
<img style="border:0;width:88px;height:31px"
src="#CONTEXTPATH#/img/valid-html5-blue.png"
@@ -608,10 +608,10 @@
</a>
<a href="http://jigsaw.w3.org/css-validator/">
<img style="border:0;width:88px;height:31px"
- src="https://jigsaw.w3.org/css-validator/images/vcss-blue"
+ src="http://jigsaw.w3.org/css-validator/images/vcss-blue"
alt="CSS ist valide!" />
</a>
- </div>
+ </div-->
</div>
</body>
</html>
diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html b/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html
index a29b1d7bb..2b0115d4a 100644
--- a/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html
+++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html
@@ -405,7 +405,7 @@
#bkulogin {
min-width: 190px;
- min-height: 155px;
+ min-height: 170px;
}
.setAssertionButton_full {
@@ -616,6 +616,12 @@
top: 40px;
}
+
+ #ssoSessionTransferBlock {
+ font-size: 0.8em;
+ margin-left: 5px;
+ margin-bottom: 5px;
+ }
</style>
<!-- MOA-ID 2.x BKUSelection JavaScript fucnctions-->
@@ -656,7 +662,6 @@
if (isMetro())
document.getElementById("metroDetected").style.display="block";
document.getElementById("localBKU").style.display="block";
- document.getElementById("bkuButtonOnlineId").disabled = "true";
/* if (checkMandateSSO())
return; */
@@ -673,7 +678,6 @@
generateIFrame(iFrameURL);
}
function bkuHandyClicked() {
- document.getElementById("bkuButtonHandyId").disabled = "true";
document.getElementById("localBKU").style.display="none";
/* if (checkMandateSSO())
return; */
@@ -836,7 +840,7 @@
<h2 id="tabheader" class="dunkel" role="heading">#HEADER_TEXT#</h2>
</div>
<div id="bkulogin" class="hell" role="form">
- <div id="mandateLogin" style="">
+ <div id="mandateLogin" style="#MANDATEVISIBLE#">
<div>
<input tabindex="1" type="checkbox" name="Mandate"
id="mandateCheckBox" class="verticalcenter" role="checkbox"
@@ -854,15 +858,13 @@
<img id="bkuimage" class="bkuimage" src="#CONTEXTPATH#/img/online-bku.png"
alt="OnlineBKU" /> <input name="bkuButtonOnline" type="button"
onClick="bkuOnlineClicked();" tabindex="2" role="button"
- value="Karte"
- id="bkuButtonOnlineId"/>
+ value="Karte" />
</div>
<div id="bkuhandy">
<img class="bkuimage" src="#CONTEXTPATH#/img/mobile-bku.png"
alt="HandyBKU" /> <input name="bkuButtonHandy" type="button"
onClick="bkuHandyClicked();" tabindex="3" role="button"
- value="HANDY"
- id="bkuButtonHandyId"/>
+ value="HANDY" />
</div>
</div>
<div id="localBKU">
@@ -871,19 +873,20 @@
<input type="hidden" name="bkuURI" value="#LOCAL#"> <input
type="hidden" name="useMandate" id="useMandate"> <input
type="hidden" name="SSO" id="useSSO"> <input
- type="hidden" name="CCC" id="ccc"> <input type="hidden"
+ type="hidden" name="ccc" id="ccc"> <input type="hidden"
name="MODUL" value="#MODUL#"> <input type="hidden"
name="ACTION" value="#ACTION#"> <input type="hidden"
name="MOASessionID" value="#SESSIONID#">
<input type="submit" value=" Lokale Bürgerkartenumgebung " tabindex="4"
- role="button" onclick="setMandateSelection();"
- >
- <!--p>
- <small>Alternativ können Sie eine lokal installierte BKU verwenden.</small>
- </p-->
- </form>
+ role="button" onclick="setMandateSelection();">
+ </form>
</div>
+ <!-- Single Sign-On Session transfer functionality -->
+ <!--div id="ssoSessionTransferBlock">
+ <a href="#AUTH_URL#?MOASessionID=#SESSIONID#&restoreSSOSession=true">>Restore SSO Session from Smartphone</a>
+ </div-->
+
<div id="stork" align="center" style="#STORKVISIBLE#">
<h2 id="tabheader" class="dunkel">Home Country Selection</h2>
<p>
@@ -904,7 +907,7 @@
</div>
</div>
</div>
- <div id="validation">
+ <!--div id="validation">
<a href="http://validator.w3.org/check?uri="> <img
style="border: 0; width: 88px; height: 31px"
src="#CONTEXTPATH#/img/valid-html5-blue.png" alt="HTML5 ist valide!" />
@@ -913,7 +916,7 @@
src="http://jigsaw.w3.org/css-validator/images/vcss-blue"
alt="CSS ist valide!" />
</a>
- </div>
+ </div-->
</div>
</body>
</html>
diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/sendAssertionFormFull.html b/id/server/data/deploy/conf/moa-id/htmlTemplates/sendAssertionFormFull.html
index 1a3e683de..07d018a94 100644
--- a/id/server/data/deploy/conf/moa-id/htmlTemplates/sendAssertionFormFull.html
+++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/sendAssertionFormFull.html
@@ -600,7 +600,7 @@
</div>
</div>
</div>
- <div id="validation">
+ <!--div id="validation">
<a href="http://validator.w3.org/check?uri=">
<img style="border:0;width:88px;height:31px"
src="#CONTEXTPATH#/img/valid-html5-blue.png"
@@ -608,10 +608,10 @@
</a>
<a href="http://jigsaw.w3.org/css-validator/">
<img style="border:0;width:88px;height:31px"
- src="https://jigsaw.w3.org/css-validator/images/vcss-blue"
+ src="http://jigsaw.w3.org/css-validator/images/vcss-blue"
alt="CSS ist valide!" />
</a>
- </div>
+ </div-->
</div>
</body>
</html>
diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/slo_template.html b/id/server/data/deploy/conf/moa-id/htmlTemplates/slo_template.html
index 9a621998c..a9d73e0d3 100644
--- a/id/server/data/deploy/conf/moa-id/htmlTemplates/slo_template.html
+++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/slo_template.html
@@ -444,16 +444,16 @@
</div>
</div>
</div>
- <div id="validation">
+ <!--div id="validation">
<a href="http://validator.w3.org/check?uri="> <img
style="border: 0; width: 88px; height: 31px"
src="$contextpath/img/valid-html5-blue.png" alt="HTML5 ist valide!" />
</a> <a href="http://jigsaw.w3.org/css-validator/"> <img
style="border: 0; width: 88px; height: 31px"
- src="https://jigsaw.w3.org/css-validator/images/vcss-blue"
+ src="http://jigsaw.w3.org/css-validator/images/vcss-blue"
alt="CSS ist valide!" />
</a>
- </div>
+ </div-->
</div>
diff --git a/id/server/doc/handbook/config/config.html b/id/server/doc/handbook/config/config.html
index 4eb5ea2ba..b373fb83d 100644
--- a/id/server/doc/handbook/config/config.html
+++ b/id/server/doc/handbook/config/config.html
@@ -1002,11 +1002,20 @@ https://&lt;host&gt;:&lt;port&gt;/moa-id-auth/MonitoringServlet</pre>
<th>Beschreibung</th>
</tr>
<tr>
- <td><span id="wwlbl_loadGeneralConfig_moaconfig_ssoPublicUrl2">Public URL Prefix</span></td>
+ <td>Public URL Prefix</td>
<td>https://demo.egiz.gv.at/moa-id-auth/</td>
- <td>URL-Prefix der MOA-ID Instanz. Diese URL wird f&uuml;r die automatische Generierung von Formularen und Informationen verwendet und MUSS konfiguriert werden.</td>
+ <td><p>URL-Prefix der MOA-ID Instanz. Diese URL wird f&uuml;r die automatische Generierung von Formularen und Informationen verwendet und MUSS konfiguriert werden.</p>
+ <p><strong>Hinweis:</strong> Wenn virtuelle IDPs aktiviert sind muss hier f&uuml;r jede virtuelle MOA-ID Instanz, der Public URL Prefix als Comma Separatet Value (CSV) eingetragen werden. <br>
+ (z.B.: https://demo.egiz.gv.at/moa-id-auth/,https://apps.egiz.gv.at/moa-id-auth/)</p></td>
+ </tr>
+ <tr>
+ <td>Virtuelle IDPs aktiviere</td>
+ <td>&nbsp;</td>
+ <td><p>Mit dieser Option k&ouml;nnen f&uuml;r diese MOA-ID Instanz mehrere virtuelle MOA-ID Instanzen, welche unter schiedenen Domains erreichbar sind aktiviert werden. Der Public URL-Prefix jeder virtuellen MOA-ID Instanz muss als Comma Separatet Value (CSV) im Konfigurationsfeld 'Public URL Prefix' angegeben werden.</p>
+ <p><strong>Hinweis:</strong> Single Sign-On (SSO) und Single LogOut (SLO) zwischen unterschiedlichen virtuellen IDPs ist NICHT m&ouml;glich, da die Auslieferung des SSO http-Cookies durch die &quot;Same Origin Policy&quot; des Browers unterbunden wird.</p></td>
</tr>
</table>
+<p>&nbsp;</p>
<h4><a name="konfigurationsparameter_allgemein_bku" id="konfigurationsparameter_allgemein_bku"></a>3.1.2 Default BKUs</h4>
<p>Hiermit werden die URLs zu den Default B&uuml;rgerkartenumgebungen (BKUs) definiert die von MOA-ID-Auth f&uuml;r einen Anmeldevorgang verwendet werden, wenn die B&uuml;rgerkartenauswahl nicht bereits auf Seiten der Online-Applikation erfolgt ist (siehe <a href="./../protocol/protocol.html#allgemeines_legacy">Legacy Request</a>) oder in der Online-Applikationskonfiguration keine BKU URLs konfiguriert wurden (siehe <a href="#konfigurationsparameter_oa_bku">Kapitel 3.2.2</a>).</p>
<table class="configtable">
@@ -1189,7 +1198,8 @@ Checking</td>
</li>
<li><strong>Privatwirtschaftlicher Bereich:</strong><strong></strong> Die MOA-ID-Auth Instanz ist einem privatwirtschaftlichen Bereich f&uuml;r SSO zugeordnet, steht SSO nur eingeschr&auml;nkt zur Verf&uuml;gung. Da laut E-Governmentgesetz die Errechnung eines wbPK aus der Stammzahl nicht beim Auftraggeber eines privaten Bereichs durchgef&uuml;hrt werden darf (vgl. E-Government Gesetz &sect;12(1).4), und deshalb an die B&uuml;rgerkartenumgebung ausgelagert werden muss. In diesem Fall sind Anmeldungen mittels SSO nur f&uuml;r jenen privatwirtschaftlichen Bereich m&ouml;glich dem auch der SSO Bereich zugeordnet wurde. </li>
-</ol>
+ </ol>
+<p><strong>Hinweis:</strong> Single Sign-On (SSO) und Single LogOut (SLO) ist zwischen virtellen IDPs (siehe <a href="#konfigurationsparameter_allgemein_publicurlprefix">Kapitel 3.1.1</a>) ist nicht m&ouml;glich. Dem zur Folge kann ein Benutzer / eine Benutzerin mehrere aktive SSO Sessions bei unterschiedlichen virtuellen IDPs auf der selben physischen MOA-ID Instanz besitzen welche NICHT mittels SLO gemeinsam geschlossen werden.</p>
<table class="configtable">
<tr>
<th>Name</th>
diff --git a/id/server/doc/handbook/index.html b/id/server/doc/handbook/index.html
index 3784075a3..0eab8f187 100644
--- a/id/server/doc/handbook/index.html
+++ b/id/server/doc/handbook/index.html
@@ -29,7 +29,7 @@
</div>
<div class="container">
- <h2>&Uuml;bersicht zur Dokumentation der Version 3.0.x </h2>
+ <h2>&Uuml;bersicht zur Dokumentation der Version 3.1.x </h2>
<dl>
<dt><a href="./intro/intro.html">Einf&uuml;hrung</a></dt>
diff --git a/id/server/doc/htmlTemplates/BKU-selection.html b/id/server/doc/htmlTemplates/BKU-selection.html
index 123a23837..2b0115d4a 100644
--- a/id/server/doc/htmlTemplates/BKU-selection.html
+++ b/id/server/doc/htmlTemplates/BKU-selection.html
@@ -405,7 +405,7 @@
#bkulogin {
min-width: 190px;
- min-height: 155px;
+ min-height: 170px;
}
.setAssertionButton_full {
@@ -616,6 +616,12 @@
top: 40px;
}
+
+ #ssoSessionTransferBlock {
+ font-size: 0.8em;
+ margin-left: 5px;
+ margin-bottom: 5px;
+ }
</style>
<!-- MOA-ID 2.x BKUSelection JavaScript fucnctions-->
@@ -740,7 +746,7 @@
}
}
function onChangeChecks() {
- if (top.innerWidth < 650) {
+ if (self.innerWidth < 650) {
document.getElementById("moaidform").setAttribute("target","_parent");
} else {
document.getElementById("moaidform").removeAttribute("target");
@@ -834,7 +840,7 @@
<h2 id="tabheader" class="dunkel" role="heading">#HEADER_TEXT#</h2>
</div>
<div id="bkulogin" class="hell" role="form">
- <div id="mandateLogin" style="">
+ <div id="mandateLogin" style="#MANDATEVISIBLE#">
<div>
<input tabindex="1" type="checkbox" name="Mandate"
id="mandateCheckBox" class="verticalcenter" role="checkbox"
@@ -867,19 +873,20 @@
<input type="hidden" name="bkuURI" value="#LOCAL#"> <input
type="hidden" name="useMandate" id="useMandate"> <input
type="hidden" name="SSO" id="useSSO"> <input
- type="hidden" name="CCC" id="ccc"> <input type="hidden"
+ type="hidden" name="ccc" id="ccc"> <input type="hidden"
name="MODUL" value="#MODUL#"> <input type="hidden"
name="ACTION" value="#ACTION#"> <input type="hidden"
name="MOASessionID" value="#SESSIONID#">
<input type="submit" value=" Lokale Bürgerkartenumgebung " tabindex="4"
- role="button" onclick="setMandateSelection();"
- >
- <!--p>
- <small>Alternativ können Sie eine lokal installierte BKU verwenden.</small>
- </p-->
- </form>
+ role="button" onclick="setMandateSelection();">
+ </form>
</div>
+ <!-- Single Sign-On Session transfer functionality -->
+ <!--div id="ssoSessionTransferBlock">
+ <a href="#AUTH_URL#?MOASessionID=#SESSIONID#&restoreSSOSession=true">>Restore SSO Session from Smartphone</a>
+ </div-->
+
<div id="stork" align="center" style="#STORKVISIBLE#">
<h2 id="tabheader" class="dunkel">Home Country Selection</h2>
<p>
@@ -900,7 +907,7 @@
</div>
</div>
</div>
- <div id="validation">
+ <!--div id="validation">
<a href="http://validator.w3.org/check?uri="> <img
style="border: 0; width: 88px; height: 31px"
src="#CONTEXTPATH#/img/valid-html5-blue.png" alt="HTML5 ist valide!" />
@@ -909,7 +916,7 @@
src="http://jigsaw.w3.org/css-validator/images/vcss-blue"
alt="CSS ist valide!" />
</a>
- </div>
+ </div-->
</div>
</body>
</html>
diff --git a/id/server/doc/htmlTemplates/sendAssertion.html b/id/server/doc/htmlTemplates/sendAssertion.html
index 1a3e683de..07d018a94 100644
--- a/id/server/doc/htmlTemplates/sendAssertion.html
+++ b/id/server/doc/htmlTemplates/sendAssertion.html
@@ -600,7 +600,7 @@
</div>
</div>
</div>
- <div id="validation">
+ <!--div id="validation">
<a href="http://validator.w3.org/check?uri=">
<img style="border:0;width:88px;height:31px"
src="#CONTEXTPATH#/img/valid-html5-blue.png"
@@ -608,10 +608,10 @@
</a>
<a href="http://jigsaw.w3.org/css-validator/">
<img style="border:0;width:88px;height:31px"
- src="https://jigsaw.w3.org/css-validator/images/vcss-blue"
+ src="http://jigsaw.w3.org/css-validator/images/vcss-blue"
alt="CSS ist valide!" />
</a>
- </div>
+ </div-->
</div>
</body>
</html>
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index 3aa5d9869..532b74209 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -96,6 +96,7 @@
<version>1.5.1</version>
</dependency> -->
+
<dependency>
<groupId>MOA</groupId>
<artifactId>moa-common</artifactId>
@@ -167,6 +168,11 @@
</exclusions>
</dependency>
+ <dependency>
+ <groupId>commons-collections</groupId>
+ <artifactId>commons-collections</artifactId>
+ </dependency>
+
<dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-frontend-jaxws</artifactId>
@@ -400,78 +406,6 @@
</dependency>
-->
-
-
- <!-- JSON JWT implementation -->
- <dependency>
- <groupId>com.googlecode.jsontoken</groupId>
- <artifactId>jsontoken</artifactId>
- <version>1.1</version>
- <exclusions>
- <exclusion>
- <groupId>javax.servlet</groupId>
- <artifactId>servlet-api</artifactId>
- </exclusion>
- <exclusion>
- <artifactId>google-collections</artifactId>
- <groupId>com.google.collections</groupId>
- </exclusion>
- </exclusions>
- </dependency>
-
- <dependency>
- <groupId>com.google.guava</groupId>
- <artifactId>guava</artifactId>
- <version>18.0</version>
- </dependency>
-
- <dependency>
- <groupId>commons-codec</groupId>
- <artifactId>commons-codec</artifactId>
- <version>1.10</version>
- </dependency>
-
- <!-- Google OAuth Client -->
- <dependency>
- <groupId>com.google.http-client</groupId>
- <artifactId>google-http-client-jackson2</artifactId>
- <version>1.19.0</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>com.google.oauth-client</groupId>
- <artifactId>google-oauth-client-jetty</artifactId>
- <version>1.19.0</version>
- <scope>test</scope>
- <exclusions>
- <exclusion>
- <groupId>org.mortbay.jetty</groupId>
- <artifactId>servlet-api</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
-
- <dependency>
- <groupId>eu.stork</groupId>
- <artifactId>DocumentService</artifactId>
- <version>0.0.1-SNAPSHOT</version>
- <classifier>classes</classifier>
- <exclusions>
- <exclusion>
- <artifactId>axis</artifactId>
- <groupId>org.apache.axis</groupId>
- </exclusion>
- <exclusion>
- <artifactId>bcprov-jdk16</artifactId>
- <groupId>org.bouncycastle</groupId>
- </exclusion>
- <exclusion>
- <artifactId>jaxws-tools</artifactId>
- <groupId>com.sun.xml.ws</groupId>
- </exclusion>
- </exclusions>
- </dependency>
-
<!-- the core, which includes Streaming API, shared low-level abstractions (but NOT data-binding) -->
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
@@ -506,7 +440,7 @@
<groupId>com.h2database</groupId>
<artifactId>h2</artifactId>
<version>1.4.178</version>
- <scope>runtime</scope>
+ <scope>test</scope>
</dependency>
<!-- tools -->
@@ -538,6 +472,12 @@
</dependency> -->
+<!-- <dependency>
+ <groupId>eu.stork</groupId>
+ <artifactId>SamlEngine</artifactId>
+ <version>1.5.1</version>
+ </dependency> -->
+
<!-- spring -->
<dependency>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
index 8ee32c54e..7ac026888 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
@@ -23,11 +23,10 @@
package at.gv.egovernment.moa.id.advancedlogging;
import java.security.MessageDigest;
+import java.util.Arrays;
import java.util.Date;
import java.util.List;
-import com.google.common.primitives.Ints;
-
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.config.ConfigurationException;
@@ -47,7 +46,7 @@ public class MOAReversionLogger {
private static MOAReversionLogger instance = null;
- private static final List<Integer> defaultEventCodes = Ints.asList(
+ private static final List<Integer> defaultEventCodes = Arrays.asList(
MOAIDEventConstants.SESSION_CREATED,
MOAIDEventConstants.SESSION_DESTROYED,
MOAIDEventConstants.SESSION_ERROR,
@@ -69,8 +68,9 @@ public class MOAReversionLogger {
MOAIDEventConstants.AUTHPROCESS_INTERFEDERATION,
MOAIDEventConstants.AUTHPROCESS_STORK_REQUESTED,
MOAIDEventConstants.AUTHPROCESS_SERVICEPROVIDER
- );
-
+ );
+
+
public static synchronized MOAReversionLogger getInstance() {
if (instance == null) {
instance = new MOAReversionLogger();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
index b3055eb34..038a35d42 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
@@ -12,10 +12,8 @@ import java.security.GeneralSecurityException;
import javax.activation.CommandMap;
import javax.activation.MailcapCommandMap;
-import javax.net.ssl.SSLSocketFactory;
import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.config.auth.MOAGarbageCollector;
@@ -136,50 +134,27 @@ public class MOAIDAuthInitializer {
"http://www.w3.org/2001/04/xmldsig-more#");
Constants.nSMap.put(Constants.DSIG_PREFIX, Constants.DSIG_NS_URI);
- // Loads the configuration
+ // Initialize configuration provider
+ AuthConfiguration authConf = AuthConfigurationProviderFactory.reload();
+
+ //test, if MOA-ID is already configured
+ authConf.getPublicURLPrefix();
+
+ // Initialize MOA-SP
+ //MOA-SP is only use by API calls since MOA-ID 3.0.0
try {
- AuthConfiguration authConf = AuthConfigurationProviderFactory.reload();
-
- ConnectionParameter moaSPConnParam = authConf
- .getMoaSpConnectionParameter();
-
- // If MOA-SP API calls: loads MOA-SP configuration and configures IAIK
- if (moaSPConnParam == null) {
- try {
- LoggingContextManager.getInstance().setLoggingContext(
- new LoggingContext("startup"));
- ConfigurationProvider config = ConfigurationProvider
- .getInstance();
- new IaikConfigurator().configure(config);
- } catch (at.gv.egovernment.moa.spss.server.config.ConfigurationException ex) {
- throw new ConfigurationException("config.10", new Object[] { ex
- .toString() }, ex);
- }
- }
-
- // Initializes IAIKX509TrustManager logging
- /*
- String log4jConfigURL = System.getProperty("log4j.configuration");
- Logger.info("Log4J Configuration: " + log4jConfigURL);
- if (log4jConfigURL != null) {
- IAIKX509TrustManager.initLog(new LoggerConfigImpl(log4jConfigURL));
- }
- */
-
- // Initializes the Axis secure socket factory for use in calling the
- // MOA-SP web service
- if (moaSPConnParam != null && moaSPConnParam.isHTTPSURL()) {
- SSLSocketFactory ssf = SSLUtils.getSSLSocketFactory(authConf,
- moaSPConnParam);
- AxisSecureSocketFactory.initialize(ssf);
- }
-
-
- } catch (ConfigurationException e) {
- Logger.error("MOA-ID-Auth start-up FAILED. Error during application configuration.", e);
- System.exit(-1);
-
- }
+ LoggingContextManager.getInstance().setLoggingContext(
+ new LoggingContext("startup"));
+ ConfigurationProvider config = ConfigurationProvider
+ .getInstance();
+ new IaikConfigurator().configure(config);
+
+ } catch (at.gv.egovernment.moa.spss.server.config.ConfigurationException ex) {
+ throw new ConfigurationException("config.10", new Object[] { ex
+ .toString() }, ex);
+
+ }
+
// Starts the session cleaner thread to remove unpicked authentication data
AuthenticationSessionCleaner.start();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index b79b99a65..fe29dd2b7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -139,10 +139,12 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
AuthenticationData authdata = null;
try {
- Object saml1Requst = Class.forName("at.gv.egovernment.moa.id.protocols.saml1.SAML1RequestImpl").newInstance();
+ //check if SAML1 authentication module is in Classpath
+ Class<?> saml1RequstTemplate = Class.forName("at.gv.egovernment.moa.id.protocols.saml1.SAML1RequestImpl");
IAuthData saml1authdata = (IAuthData) Class.forName("at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData").newInstance();
- if (protocolRequest.getClass().isInstance(saml1Requst)) {
- //request is SAML1
+ if (saml1RequstTemplate != null &&
+ saml1RequstTemplate.isInstance(protocolRequest)) {
+ //request is SAML1 --> invoke SAML1 protocol specific methods
if (session.getExtendedSAMLAttributesOA() == null) {
saml1authdata.getClass().getMethod("setExtendedSAMLAttributesOA", List.class).invoke(saml1authdata, new ArrayList<ExtendedSAMLAttribute>());
@@ -314,7 +316,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
//validate PVP 2.1 response
try {
SAMLVerificationEngine engine = new SAMLVerificationEngine();
- engine.verifyResponse(intfResp, TrustEngineFactory.getSignatureKnownKeysTrustEngine());
+ engine.verifyIDPResponse(intfResp, TrustEngineFactory.getSignatureKnownKeysTrustEngine());
SAMLVerificationEngine.validateAssertion(intfResp, false);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java
index 899b0fd15..d4350f97b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java
@@ -95,6 +95,9 @@ public class DataURLBuilder {
// dataURL = individualDataURLPrefix + authServletName;
// } else
+ if (!authBaseURL.endsWith("/"))
+ authBaseURL += "/";
+
dataURL = authBaseURL + authServletName;
dataURL = addParameter(dataURL, MOAIDAuthConstants.PARAM_SESSIONID, sessionID);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java
index 02aaac8cb..d14910319 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java
@@ -147,6 +147,9 @@ public class SendAssertionFormBuilder {
value = value.replace(ACTION, action);
value = value.replace(ID, id);
value = value.replace(OANAME, oaParam.getFriendlyName());
+
+ if (contextpath.endsWith("/"))
+ contextpath = contextpath.substring(0, contextpath.length() - 1);
value = value.replace(CONTEXTPATH, contextpath);
value = FormBuildUtils.customiceLayoutBKUSelection(value,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java
index 8429baf23..4a6ecd56a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java
@@ -152,8 +152,7 @@ public class CreateInterfedeartionRequestTask extends AbstractAuthServletTask {
authReq.setAssertionConsumerServiceIndex(0);
authReq.setIssueInstant(new DateTime());
Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
- String serviceURL = PVPConfiguration.getInstance().getIDPPublicPath();
- issuer.setValue(serviceURL);
+ issuer.setValue(pendingReq.getAuthURLWithOutSlash());
issuer.setFormat(NameIDType.ENTITY);
authReq.setIssuer(issuer);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
index 004961116..e659c9447 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
@@ -56,7 +56,8 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
String ccc,
String module,
String action,
- HttpServletRequest req) throws WrongParametersException, MOAIDException {
+ HttpServletRequest req,
+ IRequest protocolReq) throws WrongParametersException, MOAIDException {
String targetFriendlyName = null;
@@ -223,20 +224,15 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
throw new WrongParametersException("StartAuthentication",
PARAM_OA, "auth.05");
moasession.setOAURLRequested(oaURL);
-
+
//check AuthURL
- String authURL = req.getScheme() + "://" + req.getServerName();
- if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) {
- authURL = authURL.concat(":" + req.getServerPort());
- }
- authURL = authURL.concat(req.getContextPath() + "/");
-
+ String authURL = protocolReq.getAuthURL();
if (!authURL.startsWith("https:") && !AuthConfigurationProviderFactory.getInstance().isHTTPAuthAllowed())
throw new AuthenticationException("auth.07",
new Object[] { authURL + "*" });
//set Auth URL from configuration
- moasession.setAuthURL(AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + "/");
+ moasession.setAuthURL(authURL);
//check and set SourceID
if (oaParam.getSAML1Parameter() != null) {
@@ -318,7 +314,7 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
oaURL = request.getOAURL();
target = request.getTarget();
- parse(moasession, target, oaURL, bkuURL, templateURL, useMandate, ccc, modul, action, req);
+ parse(moasession, target, oaURL, bkuURL, templateURL, useMandate, ccc, modul, action, req, request);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
index 2a63968dd..15d596049 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
@@ -24,8 +24,6 @@ package at.gv.egovernment.moa.id.auth.servlet;
import java.io.IOException;
import java.util.Enumeration;
-import java.util.List;
-import java.util.Map;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
@@ -33,28 +31,18 @@ import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringEscapeUtils;
-import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.auth.modules.registration.ModuleRegistration;
-import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser;
-
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-
-import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.moduls.RequestStorage;
-
import at.gv.egovernment.moa.id.process.ExecutionContextImpl;
+import at.gv.egovernment.moa.id.process.ProcessExecutionException;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.FileUtils;
import at.gv.egovernment.moa.util.MiscUtil;
public class GenerateIFrameTemplateServlet extends AuthServlet {
@@ -139,6 +127,25 @@ public class GenerateIFrameTemplateServlet extends AuthServlet {
catch (MOAIDException ex) {
handleError(null, ex, req, resp, pendingRequestID);
+
+ } catch (ProcessExecutionException e) {
+ Throwable cause = e.getCause();
+ if (cause != null && cause instanceof TaskExecutionException) {
+ Throwable taskCause = cause.getCause();
+ if (taskCause != null && taskCause instanceof WrongParametersException) {
+ WrongParametersException internalEx = (WrongParametersException) taskCause;
+ handleWrongParameters(internalEx, req, resp);
+ return;
+
+ } else if (taskCause != null && taskCause instanceof MOAIDException) {
+ MOAIDException moaTaskCause = (MOAIDException) taskCause;
+ handleError(null, moaTaskCause, req, resp, pendingRequestID);
+ return;
+
+ }
+ }
+
+ Logger.error("BKUSelectionServlet has an interal Error.", e);
} catch (Exception e) {
Logger.error("BKUSelectionServlet has an interal Error.", e);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
index 0a6d30be7..fe5cd1ac0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
@@ -45,6 +45,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NOSLOServiceDescripto
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
import at.gv.egovernment.moa.id.storage.AssertionStorage;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.HTTPUtils;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.logging.Logger;
@@ -62,6 +63,23 @@ public class IDPSingleLogOutServlet extends AuthServlet {
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
Logger.debug("receive IDP SingleLogOut Request");
+
+ String authURL = HTTPUtils.extractAuthURLFromRequest(req);
+ try {
+ if (!AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix().contains(authURL)) {
+ Logger.warn("Requested URL " + authURL + " is not in PublicPrefix Configuration");
+ resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Request not allowed");
+ return;
+
+ }
+
+ } catch (MOAIDException e) {
+ Logger.error("Internal Server Error.", e);
+ resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Internal Server Error");
+ return;
+
+ }
+
SSOManager ssomanager = SSOManager.getInstance();
String ssoid = ssomanager.getSSOSessionID(req);
@@ -109,7 +127,7 @@ public class IDPSingleLogOutServlet extends AuthServlet {
AuthenticationSession authSession = AuthenticationSessionStoreage
.getSession(moaSessionID);
if(authSession != null) {
- authmanager.performSingleLogOut(req, resp, authSession, null);
+ authmanager.performSingleLogOut(req, resp, authSession, authURL);
return;
}
@@ -142,7 +160,7 @@ public class IDPSingleLogOutServlet extends AuthServlet {
} else {
//print SLO information directly
- redirectURL = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + "/idpSingleLogout";
+ redirectURL = HTTPUtils.extractAuthURLFromRequest(req) + "/idpSingleLogout";
String artifact = Random.nextRandom();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
index c1e084a59..53187088e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
@@ -60,6 +60,7 @@ import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.moduls.SSOManager;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.HTTPUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -85,14 +86,14 @@ public class LogOutServlet extends AuthServlet {
if (MiscUtil.isEmpty(redirectUrl)) {
//set default redirect Target
Logger.debug("Set default RedirectURL back to MOA-ID-Auth");
- redirectUrl = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix();
+ redirectUrl = HTTPUtils.extractAuthURLFromRequest(req);
} else {
//return an error if RedirectURL is not a active Online-Applikation
OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(redirectUrl);
if (oa == null) {
Logger.info("RedirctURL does not match to OA configuration. Set default RedirectURL back to MOA-ID-Auth");
- redirectUrl = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix();
+ redirectUrl = HTTPUtils.extractAuthURLFromRequest(req);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
index 7dd8645c6..a914659b0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
@@ -36,6 +36,7 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.moduls.SSOManager;
import at.gv.egovernment.moa.id.util.FormBuildUtils;
+import at.gv.egovernment.moa.id.util.HTTPUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.URLEncoder;
@@ -64,8 +65,10 @@ public class RedirectServlet extends AuthServlet{
OAAuthParameter oa = null;
String redirectTarget = DEFAULT_REDIRECTTARGET;
try {
- oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(url);
- if (oa == null && !url.startsWith(AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix())) {
+ oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(url);
+ String authURL = HTTPUtils.extractAuthURLFromRequest(req);
+
+ if (oa == null && !AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix().contains(authURL)) {
resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Parameters not valid");
return;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java
index 1d8ea4cd4..1f9259696 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java
@@ -90,12 +90,15 @@ public interface AuthConfiguration extends ConfigurationProvider{
public boolean isAdvancedLoggingActive();
/**
- * Returns the PublicURLPrefix. NOTE: returns {@code null} if no PublicURLPrefix is set.
+ * Returns the PublicURLPrefix.
*
- * @return the PublicURLPrefix without trailing slash or {@code null}
+ * @return the PublicURLPrefix (one or more) of this IDP instance. All publicURLPrefix URLs are ends without /
+ * @throws ConfigurationException if no PublicURLPrefix is found.
*/
- public String getPublicURLPrefix();
+ public List<String> getPublicURLPrefix() throws ConfigurationException;
+ public boolean isVirtualIDPsEnabled();
+
public boolean isPVP2AssertionEncryptionActive();
public boolean isCertifiacteQCActive();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProviderFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProviderFactory.java
index 38135b028..9812f346d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProviderFactory.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProviderFactory.java
@@ -65,7 +65,7 @@ public class AuthConfigurationProviderFactory {
instance = new PropertyBasedAuthConfigurationProvider(fileURI);
} catch (URISyntaxException e){
- Logger.error("MOA-ID-Auth configuration file does not starts with file:/ as prefix.");
+ Logger.error("MOA-ID-Auth configuration file does not starts with file:/ as prefix.", e);
throw new ConfigurationException("config24", new Object[]{MOAIDAuthConstants.FILE_URI_PREFIX, fileName});
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
index dce7de526..18926046c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
@@ -6,6 +6,7 @@ import java.io.FileNotFoundException;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URI;
+import java.net.URL;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
@@ -21,8 +22,15 @@ import org.springframework.context.ApplicationContext;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.MOAIDConstants;
import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
import at.gv.egovernment.moa.id.commons.config.persistence.MOAIDConfiguration;
+import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentGeneral;
+import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.MOASP;
+import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication;
+import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.SecurityLayer;
+import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.VerifyIdentityLink;
+import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.ConfigurationProviderImpl;
import at.gv.egovernment.moa.id.config.ConfigurationUtils;
@@ -48,6 +56,8 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
private final Properties properties = new Properties();
private ApplicationContext context = null;
+ private boolean requireJDBCBackupImplementation = false;
+
public PropertyBasedAuthConfigurationProvider() {
}
@@ -84,6 +94,20 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
AutowireCapableBeanFactory acbFactory = context.getAutowireCapableBeanFactory();
acbFactory.autowireBean(this);
+ //Some databases do not allow the selection of a lob in SQL where expression
+ String dbDriver = properties.getProperty("configuration.hibernate.connection.driver_class");
+ if (MiscUtil.isNotEmpty(dbDriver)) {
+ for (String el:MOAIDConstants.JDBC_DRIVER_NEEDS_WORKAROUND) {
+ if (dbDriver.startsWith(el)) {
+ requireJDBCBackupImplementation = true;
+ Logger.info("JDBC driver '" + dbDriver
+ + "' is blacklisted --> Switch to alternative DB access methode implementation.");
+
+ }
+ }
+ }
+
+
} catch (FileNotFoundException e) {
throw new ConfigurationException("config.03", null, e);
@@ -796,20 +820,47 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
return Boolean.valueOf(prop);
}
- /**
- * Returns the PublicURLPrefix. NOTE: returns {@code null} if no PublicURLPrefix is set.
- *
- * @return the PublicURLPrefix or {@code null}
- */
- public String getPublicURLPrefix() {
- try {
- return configuration.getStringValue(
- MOAIDConfigurationConstants.GENERAL_PUBLICURLPREFIX);
+ public List<String> getPublicURLPrefix() throws ConfigurationException{
+ try {
+ String publicURLPrefixList = configuration.getStringValue(
+ MOAIDConfigurationConstants.GENERAL_PUBLICURLPREFIX);
+ List<String> returnValues = new ArrayList<String>();
+ if (publicURLPrefixList != null) {
+ publicURLPrefixList = KeyValueUtils.normalizeCSVValueString(publicURLPrefixList);
+ List<String> publicURLPrefixArray = Arrays.asList(publicURLPrefixList.split(","));
+ Logger.trace("Found " + publicURLPrefixArray.size() + " PublicURLPrefix in configuration.");
+
+
+ for (String el : publicURLPrefixArray) {
+ try {
+ new URL(el);
+ if (el.endsWith("/"))
+ returnValues.add(el.substring(0, el.length()-1));
+ else
+ returnValues.add(el);
+
+ } catch (MalformedURLException e) {
+ Logger.warn("IDP PublicURLPrefix URL " + el + " is not a valid URL", e);
+ }
+ }
+ }
+
+ if (returnValues.size() > 0)
+ return returnValues;
+
+ else {
+ Logger.warn("MOA-ID PublicURLPrefix is not found in configuration.");
+ throw new ConfigurationException("config.08", new Object[]{"IDP PublicURLPrefix"});
+
+ }
+
} catch (at.gv.egiz.components.configuration.api.ConfigurationException e) {
Logger.warn("MOA-ID PublicURLPrefix can not be read from configuration.", e);
- return null;
+ throw new ConfigurationException("config.08", new Object[]{"IDP PublicURLPrefix"}, e);
+
}
+
}
/**
@@ -988,9 +1039,11 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
Logger.trace("Get active OnlineApplication with ID " + id + " from database.");
Map<String, String> oaConfig = null;
try {
- //OracleDB does not allow the selection of a lob in SQL where expression
+
+ //TODO:
+ //Some databases do not allow the selection of a lob in SQL where expression
String dbDriver = properties.getProperty("configuration.hibernate.connection.driver_class");
- if (MiscUtil.isNotEmpty(dbDriver) && dbDriver.startsWith("oracle.jdbc."))
+ if (requireJDBCBackupImplementation)
oaConfig = configuration.getOnlineApplicationBackupVersion(id);
else
@@ -1125,4 +1178,24 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
else
return getMoaSpIdentityLinkTrustProfileID();
}
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#isVirtualIDPsEnabled()
+ */
+ @Override
+ public boolean isVirtualIDPsEnabled() {
+ try {
+ String value = configuration.getStringValue(
+ MOAIDConfigurationConstants.GENERAL_ISVIRTUALIDPSENABLED);
+ if (MiscUtil.isNotEmpty(value)) {
+ return Boolean.valueOf(value);
+ }
+
+ } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) {
+ Logger.error("Error during 'isVirutalIDPsEnabled' load operationen." , e);
+
+ }
+
+ return false;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java
index d1e04e107..a4bba8b19 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java
@@ -75,6 +75,7 @@ public class SLOInformationContainer implements Serializable {
if (sloDesc.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI))
activeBackChannelOAs.put(oa.getOaurlprefix(),
new SLOInformationImpl(
+ oa.getAuthURL(),
oa.getAssertionSessionID(),
oa.getUserNameID(),
oa.getUserNameIDFormat(),
@@ -84,6 +85,7 @@ public class SLOInformationContainer implements Serializable {
else
activeFrontChannalOAs.put(oa.getOaurlprefix(),
new SLOInformationImpl(
+ oa.getAuthURL(),
oa.getAssertionSessionID(),
oa.getUserNameID(),
oa.getUserNameIDFormat(),
@@ -123,6 +125,7 @@ public class SLOInformationContainer implements Serializable {
activeFrontChannalOAs.put(el.getIdpurlprefix(),
new SLOInformationImpl(
+ el.getAuthURL(),
el.getSessionIndex(),
el.getUserNameID(),
NameID.TRANSIENT,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java
index 55b213702..55a56056d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java
@@ -39,17 +39,23 @@ public class SLOInformationImpl implements SLOInformationInterface, Serializable
private String nameIDFormat = null;
private String binding = null;
private String serviceURL = null;
+ private String authURL = null;
- public SLOInformationImpl(String sessionID, String nameID, String nameIDFormat, String protocolType) {
- new SLOInformationImpl(sessionID, nameID, nameIDFormat, protocolType, null);
+ public SLOInformationImpl(String authURL, String sessionID, String nameID, String nameIDFormat, String protocolType) {
+ new SLOInformationImpl(authURL, sessionID, nameID, nameIDFormat, protocolType, null);
}
- public SLOInformationImpl(String sessionID, String nameID, String nameIDFormat, String protocolType, SingleLogoutService sloService) {
+ public SLOInformationImpl(String authURL, String sessionID, String nameID, String nameIDFormat, String protocolType, SingleLogoutService sloService) {
this.sessionIndex = sessionID;
this.nameID = nameID;
this.nameIDFormat = nameIDFormat;
this.protocolType = protocolType;
+ if (authURL.endsWith("/"))
+ this.authURL = authURL.substring(0, authURL.length()-1);
+ else
+ this.authURL = authURL;
+
if (sloService != null) {
this.binding = sloService.getBinding();
this.serviceURL = sloService.getLocation();
@@ -148,6 +154,13 @@ public class SLOInformationImpl implements SLOInformationInterface, Serializable
public String getServiceURL() {
return serviceURL;
}
+
+ /**
+ * @return the authURL from requested IDP without ending /
+ */
+ public String getAuthURL() {
+ return authURL;
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index 771c9a35e..ce44db215 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -33,7 +33,6 @@ import javax.servlet.http.HttpServletResponse;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger;
-
import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
@@ -45,7 +44,7 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
-
+import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.IAuthData;
@@ -86,13 +85,18 @@ public class DispatcherServlet extends AuthServlet{
MOAIDAuthInitializer.initialize();
Logger.info(MOAIDMessageProvider.getInstance().getMessage(
"init.00", null));
+
+ Logger.info("Dispatcher Servlet initialization finished.");
+
} catch (Exception ex) {
Logger.fatal(
MOAIDMessageProvider.getInstance().getMessage("init.02",
null), ex);
- throw new ServletException(ex);
+
+ //throw new ServletException(ex);
+
}
- Logger.info("Dispatcher Servlet initialization finished.");
+
}
protected void processRequest(HttpServletRequest req,
@@ -364,7 +368,10 @@ public class DispatcherServlet extends AuthServlet{
} catch (AuthnRequestValidatorException e) {
//log Error Message
StatisticLogger logger = StatisticLogger.getInstance();
- logger.logErrorOperation(e, e.getErrorRequest());
+ logger.logErrorOperation(e, e.getErrorRequest());
+
+ //TODO: maybe add some error message handling???
+
return;
}catch (InvalidProtocolRequestException e) {
@@ -377,6 +384,13 @@ public class DispatcherServlet extends AuthServlet{
"(Errorcode=" + code +
" | Description=" + descr + ")");
return;
+ } catch (ConfigurationException e) {
+ resp.setContentType("text/html;charset=UTF-8");
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "NO valid protocol request received!" +
+ "(Errorcode=9199"
+ +" | Description="+ e.getMessage() + ")");
+ return;
+
} catch (MOAIDException e) {
Logger.error("Failed to generate a valid protocol request!");
resp.setContentType("text/html;charset=UTF-8");
@@ -544,7 +558,7 @@ public class DispatcherServlet extends AuthServlet{
try {
//Store OA specific SSO session information
AuthenticationSessionStoreage.addSSOInformation(moasessionID,
- newSSOSessionId, assertionID, protocolRequest.getOAURL());
+ newSSOSessionId, assertionID, protocolRequest);
} catch (AuthenticationException e) {
Logger.warn("SSO Session information can not be stored -> SSO is not enabled!");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 39cb5b9c8..c38bbc68f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -52,7 +52,6 @@ import org.opensaml.saml2.core.NameIDPolicy;
import org.opensaml.saml2.core.NameIDType;
import org.opensaml.saml2.core.RequestedAuthnContext;
import org.opensaml.saml2.core.StatusCode;
-import org.opensaml.saml2.core.Subject;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.SingleLogoutService;
import org.opensaml.saml2.metadata.SingleSignOnService;
@@ -72,9 +71,10 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
+import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.auth.modules.registration.ModuleRegistration;
-import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser;
import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
@@ -82,12 +82,11 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.SLOInformationContainer;
import at.gv.egovernment.moa.id.data.SLOInformationImpl;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-
import at.gv.egovernment.moa.id.process.ExecutionContextImpl;
import at.gv.egovernment.moa.id.process.ProcessEngine;
import at.gv.egovernment.moa.id.process.ProcessExecutionException;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
@@ -98,6 +97,8 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
import at.gv.egovernment.moa.id.storage.AssertionStorage;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
@@ -167,7 +168,20 @@ public class AuthenticationManager extends MOAIDAuthConstants {
}
public void performSingleLogOut(HttpServletRequest httpReq,
- HttpServletResponse httpResp, AuthenticationSession session, PVPTargetConfiguration pvpReq) throws MOAIDException {
+ HttpServletResponse httpResp, AuthenticationSession session, PVPTargetConfiguration pvpReq) throws MOAIDException {
+ performSingleLogOut(httpReq, httpResp, session, pvpReq, null);
+
+ }
+
+ public void performSingleLogOut(HttpServletRequest httpReq,
+ HttpServletResponse httpResp, AuthenticationSession session, String authURL) throws MOAIDException {
+ performSingleLogOut(httpReq, httpResp, session, null, authURL);
+
+ }
+
+
+ private void performSingleLogOut(HttpServletRequest httpReq,
+ HttpServletResponse httpResp, AuthenticationSession session, PVPTargetConfiguration pvpReq, String authURL) throws MOAIDException {
String pvpSLOIssuer = null;
String inboundRelayState = null;
@@ -176,6 +190,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
LogoutRequest logOutReq = (LogoutRequest) samlReq.getSamlRequest();
pvpSLOIssuer = logOutReq.getIssuer().getValue();
inboundRelayState = samlReq.getRelayState();
+
}
SSOManager ssomanager = SSOManager.getInstance();
@@ -195,7 +210,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
} catch (MOADatabaseException e) {
Logger.warn("Delete MOASession FAILED.");
- sloContainer.putFailedOA(AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix());
+ sloContainer.putFailedOA(pvpReq.getAuthURL());
}
@@ -219,8 +234,13 @@ public class AuthenticationManager extends MOAIDAuthConstants {
+ " FAILED. NO LogOut response received.");
sloContainer.putFailedOA(sloReq.getIssuer().getValue());
+ } else {
+ SAMLVerificationEngine engine = new SAMLVerificationEngine();
+ engine.verifySLOResponse(sloResp,
+ TrustEngineFactory.getSignatureKnownKeysTrustEngine());
+
}
-
+
SingleLogOutBuilder.checkStatusCode(sloContainer, sloResp);
} catch (SOAPException e) {
@@ -228,7 +248,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
+ " FAILED.", e);
sloContainer.putFailedOA(sloReq.getIssuer().getValue());
- } catch (SecurityException e) {
+ } catch (SecurityException | InvalidProtocolRequestException e) {
Logger.warn("Single LogOut for OA " + sloReq.getIssuer().getValue()
+ " FAILED.", e);
sloContainer.putFailedOA(sloReq.getIssuer().getValue());
@@ -258,7 +278,10 @@ public class AuthenticationManager extends MOAIDAuthConstants {
AssertionStorage.getInstance().put(relayState, sloContainer);
- String timeOutURL = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix()
+ if (MiscUtil.isEmpty(authURL))
+ authURL = pvpReq.getAuthURL();
+
+ String timeOutURL = authURL
+ "/idpSingleLogout"
+ "?restart=" + relayState;
@@ -381,7 +404,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
String form = SendAssertionFormBuilder.buildForm(target.requestedModule(),
target.requestedAction(), target.getRequestID(), oaParam,
- AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix());
+ target.getAuthURL());
MOAReversionLogger.getInstance().logEvent(target.getOnlineApplicationConfiguration(),
target, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_START);
@@ -450,7 +473,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
authReq.setAssertionConsumerServiceIndex(0);
authReq.setIssueInstant(new DateTime());
Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
- String serviceURL = PVPConfiguration.getInstance().getIDPPublicPath();
+ String serviceURL = PVPConfiguration.getInstance().getIDPPublicPath().get(0);
issuer.setValue(serviceURL);
issuer.setFormat(NameIDType.ENTITY);
@@ -470,28 +493,27 @@ public class AuthenticationManager extends MOAIDAuthConstants {
SAML2Utils.createSAMLObject(AuthnContextClassRef.class);
//check if STORK protocol module is in ClassPath
- Object storkRequst = null;
+ Class<?> storkRequstTemplate = null;
Integer storkSecClass = null;
try {
- storkRequst = Class.forName("at.gv.egovernment.moa.id.protocols.stork2.MOASTORKRequest").newInstance();
- if (storkRequst != null &&
- target.getClass().isInstance(storkRequst)) {
+ storkRequstTemplate = Class.forName("at.gv.egovernment.moa.id.protocols.stork2.MOASTORKRequest");
+ if (storkRequstTemplate != null &&
+ storkRequstTemplate.isInstance(target)) {
Object storkAuthnRequest = target.getClass().getMethod("getStorkAuthnRequest", null).invoke(target, null);
storkSecClass = (Integer) storkAuthnRequest.getClass().getMethod("getQaa", null).invoke(storkAuthnRequest, null);
}
- } catch (ClassNotFoundException | InstantiationException | IllegalAccessException | IllegalArgumentException | InvocationTargetException | NoSuchMethodException | java.lang.SecurityException ex) {
+ } catch (ClassNotFoundException | IllegalAccessException | IllegalArgumentException | InvocationTargetException | NoSuchMethodException | java.lang.SecurityException ex) {
}
-
-
- if (sp != null && sp.isSTORKPVPGateway()){
+
+ if (sp != null && sp.isSTORKPVPGateway()) {
//use PVP SecClass instead of STORK QAA level
String secClass = null;
- if (storkRequst != null &&
- target.getClass().isInstance(storkRequst)) {
+ if (storkRequstTemplate != null &&
+ storkRequstTemplate.isInstance(target)) {
try {
secClass = PVPtoSTORKMapper.getInstance().mapToSecClass(
@@ -509,8 +531,8 @@ public class AuthenticationManager extends MOAIDAuthConstants {
authnClassRef.setAuthnContextClassRef("http://www.ref.gv.at/ns/names/agiz/pvp/secclass/0-3");
} else {
- if (storkRequst != null &&
- target.getClass().isInstance(storkRequst)) {
+ if (storkRequstTemplate != null &&
+ storkRequstTemplate.isInstance(target)) {
//use requested QAA level from STORK request
try {
authnClassRef.setAuthnContextClassRef(
@@ -525,7 +547,8 @@ public class AuthenticationManager extends MOAIDAuthConstants {
}
- if (MiscUtil.isEmpty(authnClassRef.getAuthnContextClassRef()))
+ if (MiscUtil.isEmpty(authnClassRef.getAuthnContextClassRef()))
+ //TODO: switch to eIDAS QAA-levels
authnClassRef.setAuthnContextClassRef("http://www.stork.gov.eu/1.0/citizenQAALevel/4");
}
@@ -692,7 +715,9 @@ public class AuthenticationManager extends MOAIDAuthConstants {
//Build authentication form
- String publicURLPreFix = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix();
+ String publicURLPreFix = target.getAuthURL();
+ if (publicURLPreFix.endsWith("/"))
+ publicURLPreFix = publicURLPreFix.substring(0, publicURLPreFix.length() - 1);
String loginForm = LoginFormBuilder.buildLoginForm(target.requestedModule(),
target.requestedAction(), oaParam, publicURLPreFix, moasession.getSessionID());
@@ -714,6 +739,17 @@ public class AuthenticationManager extends MOAIDAuthConstants {
out.flush();
}
} catch (ProcessExecutionException e) {
+ Throwable cause = e.getCause();
+ if (cause != null && cause instanceof TaskExecutionException) {
+ Throwable taskCause = cause.getCause();
+ if (taskCause != null && taskCause instanceof MOAIDException) {
+ MOAIDException moaTaskCause = (MOAIDException) taskCause;
+ Logger.warn(taskCause);
+ throw moaTaskCause;
+
+ }
+ }
+
throw new MOAIDException("process.01", new Object[] { moasession.getProcessInstanceId(), moasession }, e);
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
index 6f43b3ee7..4ae271bbc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
@@ -49,5 +49,13 @@ public interface IRequest {
public List<Attribute> getRequestedAttributes();
public IOAAuthParameters getOnlineApplicationConfiguration();
+ /**
+ * get the IDP URL PreFix, which was used for authentication request
+ *
+ * @return IDP URL PreFix <String>. The URL prefix always ends without /
+ */
+ public String getAuthURL();
+ public String getAuthURLWithOutSlash();
+
//public void setTarget();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
index 26fb7bd29..cdaade1bb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
@@ -23,15 +23,24 @@
package at.gv.egovernment.moa.id.moduls;
import java.io.Serializable;
+import java.net.MalformedURLException;
+import java.net.URL;
import java.util.List;
+import javax.servlet.http.HttpServletRequest;
+
import org.opensaml.saml2.core.Attribute;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
+import at.gv.egovernment.moa.id.util.HTTPUtils;
+import at.gv.egovernment.moa.logging.Logger;
public abstract class RequestImpl implements IRequest, Serializable{
-
+
private static final long serialVersionUID = 1L;
private String oaURL;
@@ -44,12 +53,79 @@ public abstract class RequestImpl implements IRequest, Serializable{
private String requestID;
private String sessionIdentifier;
private IOAAuthParameters OAConfiguration = null;
+ private String authURL = null;
//MOA-ID interfederation
private String requestedIDP = null;
private MOAResponse response = null;
/**
+ * @throws ConfigurationException
+ *
+ */
+ public RequestImpl(HttpServletRequest req) throws ConfigurationException {
+ String authURLString = HTTPUtils.extractAuthURLFromRequest(req);
+ URL authURL;
+ try {
+ authURL = new URL(authURLString);
+
+ } catch (MalformedURLException e) {
+ Logger.error("IDP AuthenticationServiceURL Prefix is not a valid URL." + authURLString, e);
+ throw new ConfigurationException("1299", null, e);
+
+ }
+
+ AuthConfiguration config = AuthConfigurationProviderFactory.getInstance();
+ List<String> configuredPublicURLPrefix = config.getPublicURLPrefix();
+
+ if (!config.isVirtualIDPsEnabled()) {
+ Logger.trace("Virtual IDPs are disabled. Use default IDP PublicURLPrefix from configuration: " + configuredPublicURLPrefix.get(0));
+ this.authURL = configuredPublicURLPrefix.get(0);
+
+ } else {
+ Logger.debug("Extract AuthenticationServiceURL: " + authURLString);
+ URL resultURL = null;
+
+ for (String el : configuredPublicURLPrefix) {
+ try {
+ URL configuredURL = new URL(el);
+
+ //get Ports from URL
+ int configPort = configuredURL.getPort();
+ if (configPort == -1)
+ configPort = configuredURL.getDefaultPort();
+
+ int authURLPort = authURL.getPort();
+ if (authURLPort == -1)
+ authURLPort = authURL.getDefaultPort();
+
+ //check AuthURL against ConfigurationURL
+ if (configuredURL.getHost().equals(authURL.getHost()) &&
+ configPort == authURLPort &&
+ configuredURL.getPath().equals(authURL.getPath())) {
+ Logger.debug("Select configurated PublicURLPrefix: " + configuredURL
+ + " for authURL: " + authURLString);
+ resultURL = configuredURL;
+ }
+
+ } catch (MalformedURLException e) {
+ Logger.error("Configurated IDP PublicURLPrefix is not a valid URL." + el);
+
+ }
+ }
+
+ if (resultURL == null) {
+ Logger.warn("Extract AuthenticationServiceURL: " + authURL + " is NOT found in configuration.");
+ throw new ConfigurationException("config.25", new Object[]{authURLString});
+
+ } else {
+ this.authURL = resultURL.toExternalForm();
+
+ }
+ }
+ }
+
+ /**
* This method map the protocol specific requested attributes to PVP 2.1 attributes.
*
* @return List of PVP 2.1 attributes with maps all protocol specific attributes
@@ -169,4 +245,27 @@ public abstract class RequestImpl implements IRequest, Serializable{
this.OAConfiguration = oaConfig;
}
+
+ /**
+ * @return the authURL
+ */
+ public String getAuthURL() {
+ return authURL;
+ }
+
+ public String getAuthURLWithOutSlash() {
+ if (authURL.endsWith("/"))
+ return authURL.substring(0, authURL.length()-1);
+ else
+ return authURL;
+
+ }
+
+// /**
+// * @param authURL the authURL to set
+// */
+// public void setAuthURL(String authURL) {
+// this.authURL = authURL;
+// }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
index 9f8b6610f..9327cabd7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
@@ -102,10 +102,10 @@ public class AttributQueryAction implements IAction {
List<String> attrList = addDefaultAttributes(attrQuery, authData);
//build PVP 2.1 assertion
- Assertion assertion = PVP2AssertionBuilder.buildAssertion(attrQuery, attrList, authData, date, authData.getSessionIndex());
+ Assertion assertion = PVP2AssertionBuilder.buildAssertion(req.getAuthURL(), attrQuery, attrList, authData, date, authData.getSessionIndex());
//build PVP 2.1 response
- Response authResponse = AuthResponseBuilder.buildResponse(attrQuery, date, assertion);
+ Response authResponse = AuthResponseBuilder.buildResponse(req.getAuthURL(), attrQuery, date, assertion);
try {
SoapBinding decoder = new SoapBinding();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
index 1b187d82e..50f91df44 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
@@ -110,7 +110,7 @@ public class MetadataAction implements IAction {
// .setEntityID(PVPConfiguration.getInstance().getIDPSSOMetadataService());
idpEntityDescriptor
- .setEntityID(PVPConfiguration.getInstance().getIDPPublicPath());
+ .setEntityID(req.getAuthURLWithOutSlash());
idpEntityDescriptor.setValidUntil(date.plusDays(VALIDUNTIL_IN_HOURS));
@@ -139,10 +139,10 @@ public class MetadataAction implements IAction {
idpEntitiesDescriptor.setSignature(signature);
//set IDP metadata
- idpEntityDescriptor.getRoleDescriptors().add(generateIDPMetadata(keyInfoGenerator));
+ idpEntityDescriptor.getRoleDescriptors().add(generateIDPMetadata(req, keyInfoGenerator));
//set SP metadata for interfederation
- idpEntityDescriptor.getRoleDescriptors().add(generateSPMetadata(keyInfoGenerator));
+ idpEntityDescriptor.getRoleDescriptors().add(generateSPMetadata(req, keyInfoGenerator));
DocumentBuilder builder;
DocumentBuilderFactory factory = DocumentBuilderFactory
@@ -190,7 +190,7 @@ public class MetadataAction implements IAction {
return (PVP2XProtocol.METADATA);
}
- private RoleDescriptor generateSPMetadata(KeyInfoGenerator keyInfoGenerator) throws CredentialsNotAvailableException, SecurityException, ConfigurationException {
+ private RoleDescriptor generateSPMetadata(IRequest req, KeyInfoGenerator keyInfoGenerator) throws CredentialsNotAvailableException, SecurityException, ConfigurationException {
Logger.debug("Set SP Metadata key information");
@@ -248,7 +248,7 @@ public class MetadataAction implements IAction {
postassertionConsumerService.setIndex(0);
postassertionConsumerService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
postassertionConsumerService.setLocation(PVPConfiguration
- .getInstance().getSPSSOPostService());
+ .getInstance().getSPSSOPostService(req.getAuthURL()));
postassertionConsumerService.setIsDefault(true);
spSSODescriptor.getAssertionConsumerServices().add(postassertionConsumerService);
@@ -257,7 +257,7 @@ public class MetadataAction implements IAction {
redirectassertionConsumerService.setIndex(1);
redirectassertionConsumerService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
redirectassertionConsumerService.setLocation(PVPConfiguration
- .getInstance().getSPSSORedirectService());
+ .getInstance().getSPSSORedirectService(req.getAuthURL()));
spSSODescriptor.getAssertionConsumerServices().add(redirectassertionConsumerService);
@@ -273,7 +273,7 @@ public class MetadataAction implements IAction {
SingleLogoutService redirectSLOService =
SAML2Utils.createSAMLObject(SingleLogoutService.class);
redirectSLOService.setLocation(PVPConfiguration
- .getInstance().getSPSSORedirectService());
+ .getInstance().getSPSSORedirectService(req.getAuthURL()));
redirectSLOService
.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
spSSODescriptor.getSingleLogoutServices().add(redirectSLOService);
@@ -293,7 +293,7 @@ public class MetadataAction implements IAction {
return spSSODescriptor;
}
- private IDPSSODescriptor generateIDPMetadata(KeyInfoGenerator keyInfoGenerator) throws ConfigurationException, CredentialsNotAvailableException, SecurityException {
+ private IDPSSODescriptor generateIDPMetadata(IRequest req, KeyInfoGenerator keyInfoGenerator) throws ConfigurationException, CredentialsNotAvailableException, SecurityException {
// //set SignatureMethode
@@ -325,12 +325,12 @@ public class MetadataAction implements IAction {
idpSSODescriptor.setWantAuthnRequestsSigned(true);
- if (PVPConfiguration.getInstance().getIDPSSOPostService() != null) {
+ if (PVPConfiguration.getInstance().getIDPSSOPostService(req.getAuthURL()) != null) {
//add SSO descriptor
SingleSignOnService postSingleSignOnService = SAML2Utils
.createSAMLObject(SingleSignOnService.class);
postSingleSignOnService.setLocation(PVPConfiguration
- .getInstance().getIDPSSOPostService());
+ .getInstance().getIDPSSOPostService(req.getAuthURL()));
postSingleSignOnService
.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
idpSSODescriptor.getSingleSignOnServices().add(
@@ -347,12 +347,12 @@ public class MetadataAction implements IAction {
}
- if (PVPConfiguration.getInstance().getIDPSSORedirectService() != null) {
+ if (PVPConfiguration.getInstance().getIDPSSORedirectService(req.getAuthURL()) != null) {
//add SSO descriptor
SingleSignOnService redirectSingleSignOnService = SAML2Utils
.createSAMLObject(SingleSignOnService.class);
redirectSingleSignOnService.setLocation(PVPConfiguration
- .getInstance().getIDPSSORedirectService());
+ .getInstance().getIDPSSORedirectService(req.getAuthURL()));
redirectSingleSignOnService
.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
idpSSODescriptor.getSingleSignOnServices().add(
@@ -362,7 +362,7 @@ public class MetadataAction implements IAction {
SingleLogoutService redirectSLOService =
SAML2Utils.createSAMLObject(SingleLogoutService.class);
redirectSLOService.setLocation(PVPConfiguration
- .getInstance().getIDPSSORedirectService());
+ .getInstance().getIDPSSORedirectService(req.getAuthURL()));
redirectSLOService
.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
idpSSODescriptor.getSingleLogoutServices().add(redirectSLOService);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index 0c7502003..ee5685e5f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -24,6 +24,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x;
import java.io.IOException;
import java.util.ArrayList;
+import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
@@ -55,8 +56,6 @@ import org.opensaml.xml.io.MarshallingException;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.signature.SignableXMLObject;
-import java.util.Arrays;
-
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
@@ -76,12 +75,9 @@ import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.moduls.SSOManager;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IDecoder;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
+import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
@@ -92,12 +88,16 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSuppor
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SLOException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.CheckMandateAttributes;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.id.protocols.pvp2x.validation.AuthnRequestValidator;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
import at.gv.egovernment.moa.id.util.ErrorResponseUtils;
+import at.gv.egovernment.moa.id.util.HTTPUtils;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.id.util.VelocityLogAdapter;
import at.gv.egovernment.moa.logging.Logger;
@@ -210,7 +210,7 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo {
if(METADATA.equals(action)) {
- return new PVPTargetConfiguration();
+ return new PVPTargetConfiguration(request);
}
@@ -231,7 +231,7 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo {
SAMLVerificationEngine engine = new SAMLVerificationEngine();
engine.verify(msg, TrustEngineFactory.getSignatureKnownKeysTrustEngine());
msg.setVerified(true);
-
+
}
if (msg instanceof MOARequest &&
@@ -387,7 +387,7 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo {
samlResponse.setIssueInstant(new DateTime());
Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class);
- nissuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath());
+ nissuer.setValue(pvpRequest.getAuthURLWithOutSlash());
nissuer.setFormat(NameID.ENTITY);
samlResponse.setIssuer(nissuer);
@@ -460,7 +460,7 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo {
HttpServletResponse response, InboundMessage inMsg,
String sessionId, String transactionId) throws MOAIDException {
- PVPTargetConfiguration config = new PVPTargetConfiguration();
+ PVPTargetConfiguration config = new PVPTargetConfiguration(request);
MOARequest msg;
if (inMsg instanceof MOARequest &&
@@ -496,13 +496,24 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo {
Logger.debug("PreProcess SLO Response from " + resp.getIssuer());
- if (!resp.getDestination().startsWith(
- PVPConfiguration.getInstance().getIDPPublicPath())) {
+ List<String> allowedPublicURLPrefix =
+ AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix();
+ boolean isAllowedDestination = false;
+
+ for (String prefix : allowedPublicURLPrefix) {
+ if (!resp.getDestination().startsWith(
+ prefix)) {
+ isAllowedDestination = true;
+ break;
+ }
+ }
+
+ if (!isAllowedDestination) {
Logger.warn("PVP 2.1 single logout response destination does not match to IDP URL");
throw new AssertionValidationExeption("PVP 2.1 single logout response destination does not match to IDP URL", null);
}
-
+
//TODO: check if relayState exists
inMsg.getRelayState();
@@ -533,7 +544,7 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo {
//validate destination
String destinaten = attrQuery.getDestination();
- if (!PVPConfiguration.getInstance().getIDPAttributeQueryService().equals(destinaten)) {
+ if (!PVPConfiguration.getInstance().getIDPAttributeQueryService(HTTPUtils.extractAuthURLFromRequest(request)).equals(destinaten)) {
Logger.warn("AttributeQuery destination does not match IDP AttributeQueryService URL");
throw new AttributQueryException("AttributeQuery destination does not match IDP AttributeQueryService URL", null);
@@ -558,7 +569,7 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo {
}
- PVPTargetConfiguration config = new PVPTargetConfiguration();
+ PVPTargetConfiguration config = new PVPTargetConfiguration(request);
config.setRequest(moaRequest);
config.setOAURL(moaRequest.getEntityID());
config.setOnlineApplicationConfiguration(oa);
@@ -586,7 +597,7 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo {
if(!(samlReq instanceof AuthnRequest)) {
throw new MOAIDException("Unsupported request", new Object[] {});
}
-
+
EntityDescriptor metadata = moaRequest.getEntityMetadata();
if(metadata == null) {
throw new NoMetadataInformationException();
@@ -607,14 +618,30 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo {
}
+
//parse AssertionConsumerService
AssertionConsumerService consumerService = null;
if (MiscUtil.isNotEmpty(authnRequest.getAssertionConsumerServiceURL()) &&
MiscUtil.isNotEmpty(authnRequest.getProtocolBinding())) {
- //use AssertionConsumerServiceURL from request
- consumerService = SAML2Utils.createSAMLObject(AssertionConsumerService.class);
- consumerService.setBinding(authnRequest.getProtocolBinding());
- consumerService.setLocation(authnRequest.getAssertionConsumerServiceURL());
+ //use AssertionConsumerServiceURL from request
+
+ //check requested AssertionConsumingService URL against metadata
+ List<AssertionConsumerService> metadataAssertionServiceList = spSSODescriptor.getAssertionConsumerServices();
+ for (AssertionConsumerService service : metadataAssertionServiceList) {
+ if (authnRequest.getProtocolBinding().equals(service.getBinding())
+ && authnRequest.getAssertionConsumerServiceURL().equals(service.getLocation())) {
+ consumerService = SAML2Utils.createSAMLObject(AssertionConsumerService.class);
+ consumerService.setBinding(authnRequest.getProtocolBinding());
+ consumerService.setLocation(authnRequest.getAssertionConsumerServiceURL());
+ Logger.debug("Requested AssertionConsumerServiceURL is valid.");
+ }
+ }
+
+ if (consumerService == null) {
+ throw new InvalidAssertionConsumerServiceException(authnRequest.getAssertionConsumerServiceURL());
+
+ }
+
} else {
//use AssertionConsumerServiceIndex and select consumerService from metadata
@@ -633,9 +660,10 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo {
if (consumerService == null) {
throw new InvalidAssertionConsumerServiceException(aIdx);
- }
+ }
}
+
//select AttributeConsumingService from request
AttributeConsumingService attributeConsumer = null;
Integer aIdx = authnRequest.getAttributeConsumingServiceIndex();
@@ -669,7 +697,7 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo {
Logger.info("Dispatch PVP2 AuthnRequest: OAURL=" + oaURL + " Binding=" + consumerService.getBinding());
- PVPTargetConfiguration config = new PVPTargetConfiguration();
+ PVPTargetConfiguration config = new PVPTargetConfiguration(request);
config.setOAURL(oaURL);
config.setOnlineApplicationConfiguration(oa);
config.setBinding(consumerService.getBinding());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
index 74b20356e..0b402a0fd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
@@ -26,6 +26,8 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import javax.servlet.http.HttpServletRequest;
+
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.core.impl.AuthnRequestImpl;
@@ -46,6 +48,16 @@ import at.gv.egovernment.moa.logging.Logger;
public class PVPTargetConfiguration extends RequestImpl {
+ /**
+ * @param req
+ * @throws ConfigurationException
+ */
+ public PVPTargetConfiguration(HttpServletRequest req)
+ throws ConfigurationException {
+ super(req);
+
+ }
+
private static final long serialVersionUID = 4889919265919638188L;
InboundMessage request;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
index b567798fa..582f5939d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
@@ -23,42 +23,20 @@
package at.gv.egovernment.moa.id.protocols.pvp2x;
import java.io.Serializable;
-import java.io.StringWriter;
import java.io.UnsupportedEncodingException;
-import java.security.NoSuchAlgorithmException;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Iterator;
import java.util.List;
-import java.util.Map.Entry;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.SerializationUtils;
-import org.apache.velocity.Template;
-import org.apache.velocity.VelocityContext;
-import org.apache.velocity.app.VelocityEngine;
import org.hibernate.HibernateException;
import org.hibernate.Query;
import org.hibernate.Session;
import org.hibernate.Transaction;
-import org.opensaml.common.SAMLObject;
-import org.opensaml.common.binding.BasicSAMLMessageContext;
-import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.core.LogoutRequest;
import org.opensaml.saml2.core.LogoutResponse;
-import org.opensaml.saml2.core.RequestAbstractType;
-import org.opensaml.saml2.core.Status;
-import org.opensaml.saml2.core.StatusCode;
-import org.opensaml.saml2.core.StatusResponseType;
import org.opensaml.saml2.metadata.SingleLogoutService;
-import org.opensaml.saml2.metadata.impl.SingleLogoutServiceBuilder;
-import org.opensaml.ws.message.encoder.MessageEncodingException;
-import org.opensaml.ws.soap.common.SOAPException;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.security.SecurityException;
-import org.opensaml.xml.security.x509.X509Credential;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
@@ -67,35 +45,22 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
-import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
-import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.data.SLOInformationContainer;
-import at.gv.egovernment.moa.id.data.SLOInformationImpl;
import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.moduls.SSOManager;
-import at.gv.egovernment.moa.id.opemsaml.MOAStringRedirectDeflateEncoder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SLOException;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient;
import at.gv.egovernment.moa.id.storage.AssertionStorage;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.Random;
-import at.gv.egovernment.moa.id.util.VelocityProvider;
import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MessageProvider;
import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.URLEncoder;
@@ -134,7 +99,7 @@ public class SingleLogOutAction implements IAction {
SSOManager ssomanager = SSOManager.getInstance();
String ssoID = ssomanager.getSSOSessionID(httpReq);
if (MiscUtil.isEmpty(ssoID)) {
- Logger.warn("Can not find active Session. Single LogOut not possible!");
+ Logger.info("Can not find active Session. Single LogOut not possible!");
SingleLogoutService sloService = SingleLogOutBuilder.getResponseSLODescriptor(pvpReq);
//LogoutResponse message = SingleLogOutBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI);
LogoutResponse message = SingleLogOutBuilder.buildSLOResponseMessage(sloService, pvpReq, null);
@@ -148,7 +113,7 @@ public class SingleLogOutAction implements IAction {
session = AuthenticationSessionStoreage.getSession(moasession);
} catch (MOADatabaseException e) {
- Logger.warn("Can not find active Session. Single LogOut not possible!");
+ Logger.info("Can not find active Session. Single LogOut not possible!");
SingleLogoutService sloService = SingleLogOutBuilder.getResponseSLODescriptor(pvpReq);
//LogoutResponse message = SingleLogOutBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI);
LogoutResponse message = SingleLogOutBuilder.buildSLOResponseMessage(sloService, pvpReq, null);
@@ -259,7 +224,7 @@ public class SingleLogOutAction implements IAction {
} else {
//print SLO information directly
- redirectURL = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + "/idpSingleLogout";
+ redirectURL = req.getAuthURL() + "/idpSingleLogout";
String artifact = Random.nextRandom();
@@ -275,7 +240,7 @@ public class SingleLogOutAction implements IAction {
}
//redirect to Redirect Servlet
- String url = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + "/RedirectServlet";
+ String url = req.getAuthURL() + "/RedirectServlet";
url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(redirectURL, "UTF-8"));
url = httpResp.encodeRedirectURL(url);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
index 65400444d..b8f7e6d80 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
@@ -33,28 +33,26 @@ import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.binding.decoding.HTTPPostDecoder;
import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;
import org.opensaml.saml2.core.RequestAbstractType;
-import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.core.StatusResponseType;
import org.opensaml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.saml2.metadata.SingleLogoutService;
import org.opensaml.saml2.metadata.SingleSignOnService;
import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder;
import org.opensaml.ws.message.decoder.MessageDecodingException;
import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.ws.security.SecurityPolicyResolver;
+import org.opensaml.ws.security.provider.BasicSecurityPolicy;
+import org.opensaml.ws.security.provider.StaticSecurityPolicyResolver;
import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
import org.opensaml.xml.parse.BasicParserPool;
import org.opensaml.xml.security.SecurityException;
-import org.opensaml.xml.security.credential.Credential;
-import org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter;
import org.opensaml.xml.security.x509.X509Credential;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
@@ -62,6 +60,9 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.validation.MOAPVPSignedRequestPolicyRule;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
+import at.gv.egovernment.moa.id.util.HTTPUtils;
import at.gv.egovernment.moa.id.util.VelocityProvider;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -159,11 +160,11 @@ public class PostBinding implements IDecoder, IEncoder {
//set metadata descriptor type
if (isSPEndPoint) {
messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
- decode.setURIComparator(new MOAURICompare(PVPConfiguration.getInstance().getSPSSOPostService()));
+ decode.setURIComparator(new MOAURICompare(PVPConfiguration.getInstance().getSPSSOPostService(HTTPUtils.extractAuthURLFromRequest(req))));
} else {
messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
- decode.setURIComparator(new MOAURICompare(PVPConfiguration.getInstance().getIDPSSOPostService()));
+ decode.setURIComparator(new MOAURICompare(PVPConfiguration.getInstance().getIDPSSOPostService(HTTPUtils.extractAuthURLFromRequest(req))));
}
} catch (ConfigurationException e) {
@@ -171,7 +172,16 @@ public class PostBinding implements IDecoder, IEncoder {
}
messageContext.setMetadataProvider(MOAMetadataProvider.getInstance());
-
+
+ //set security policy context
+ BasicSecurityPolicy policy = new BasicSecurityPolicy();
+ policy.getPolicyRules().add(
+ new MOAPVPSignedRequestPolicyRule(
+ TrustEngineFactory.getSignatureKnownKeysTrustEngine(),
+ messageContext.getPeerEntityRole()));
+ SecurityPolicyResolver secResolver = new StaticSecurityPolicyResolver(policy);
+ messageContext.setSecurityPolicyResolver(secResolver);
+
decode.decode(messageContext);
InboundMessage msg = null;
@@ -197,8 +207,9 @@ public class PostBinding implements IDecoder, IEncoder {
if (MiscUtil.isEmpty(msg.getEntityID()))
Logger.info("No Metadata found for OA with EntityID " + messageContext.getInboundMessageIssuer());
}
-
- msg.setVerified(false);
+
+
+ msg.setVerified(true);
msg.setRelayState(messageContext.getRelayState());
return msg;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
index 9a505a7b0..f48d216dd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
@@ -62,6 +62,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
+import at.gv.egovernment.moa.id.util.HTTPUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -149,11 +150,11 @@ public class RedirectBinding implements IDecoder, IEncoder {
//set metadata descriptor type
if (isSPEndPoint) {
messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
- decode.setURIComparator(new MOAURICompare(PVPConfiguration.getInstance().getSPSSORedirectService()));
+ decode.setURIComparator(new MOAURICompare(PVPConfiguration.getInstance().getSPSSORedirectService(HTTPUtils.extractAuthURLFromRequest(req))));
} else {
messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
- decode.setURIComparator(new MOAURICompare(PVPConfiguration.getInstance().getIDPSSORedirectService()));
+ decode.setURIComparator(new MOAURICompare(PVPConfiguration.getInstance().getIDPSSORedirectService(HTTPUtils.extractAuthURLFromRequest(req))));
}
} catch (ConfigurationException e) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
index fee508d33..c1e94ff36 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
@@ -37,7 +37,6 @@ import org.opensaml.saml2.core.StatusResponseType;
import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.opensaml.ws.message.decoder.MessageDecodingException;
import org.opensaml.ws.message.encoder.MessageEncodingException;
-import org.opensaml.ws.soap.client.BasicSOAPMessageContext;
import org.opensaml.ws.soap.soap11.Envelope;
import org.opensaml.ws.soap.soap11.decoder.http.HTTPSOAP11Decoder;
import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
@@ -51,7 +50,6 @@ import org.opensaml.xml.signature.SignableXMLObject;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
@@ -72,9 +70,23 @@ public class SoapBinding implements IDecoder, IEncoder {
messageContext
.setInboundMessageTransport(new HttpServletRequestAdapter(
req));
- //messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
messageContext.setMetadataProvider(MOAMetadataProvider.getInstance());
-
+
+ //TODO: update in a futher version:
+ // requires a special SignedSOAPRequestPolicyRole because
+ // messageContext.getInboundMessage() is not directly signed
+
+ //set security context
+// BasicSecurityPolicy policy = new BasicSecurityPolicy();
+// policy.getPolicyRules().add(
+// new MOAPVPSignedRequestPolicyRule(
+// TrustEngineFactory.getSignatureKnownKeysTrustEngine(),
+// SPSSODescriptor.DEFAULT_ELEMENT_NAME));
+// SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver(
+// policy);
+// messageContext.setSecurityPolicyResolver(resolver);
+
+ //decode message
soapDecoder.decode(messageContext);
Envelope inboundMessage = (Envelope) messageContext
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java
index 91888df5c..ebbafd4e3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java
@@ -127,7 +127,7 @@ public class AttributQueryBuilder {
query.setIssueInstant(now);
Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class);
- nissuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath());
+ nissuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath().get(0));
nissuer.setFormat(NameID.ENTITY);
query.setIssuer(nissuer);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java
index 4959df16c..24c2626e3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java
@@ -66,13 +66,15 @@ import at.gv.egovernment.moa.logging.Logger;
*/
public class AuthResponseBuilder {
- public static Response buildResponse(RequestAbstractType req, DateTime date, Assertion assertion) throws InvalidAssertionEncryptionException, ConfigurationException {
+ public static Response buildResponse(String authURL, RequestAbstractType req, DateTime date, Assertion assertion) throws InvalidAssertionEncryptionException, ConfigurationException {
Response authResponse = SAML2Utils.createSAMLObject(Response.class);
Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class);
//change to entity value from entity name to IDP EntityID (URL)
- nissuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath());
+ if (authURL.endsWith("/"))
+ authURL = authURL.substring(0, authURL.length()-1);
+ nissuer.setValue(authURL);
nissuer.setFormat(NameID.ENTITY);
authResponse.setIssuer(nissuer);
authResponse.setInResponseTo(req.getID());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
index 50f42d928..dbbc21ec9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
@@ -27,8 +27,11 @@ import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
import org.joda.time.DateTime;
+import org.opensaml.Configuration;
import org.opensaml.common.SAMLObject;
import org.opensaml.common.binding.BasicSAMLMessageContext;
import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
@@ -43,15 +46,18 @@ import org.opensaml.saml2.core.StatusCode;
import org.opensaml.saml2.core.StatusMessage;
import org.opensaml.saml2.core.StatusResponseType;
import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.IDPSSODescriptor;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.opensaml.saml2.metadata.SSODescriptor;
import org.opensaml.saml2.metadata.SingleLogoutService;
import org.opensaml.saml2.metadata.impl.SingleLogoutServiceBuilder;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.xml.io.Marshaller;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.x509.X509Credential;
+import org.opensaml.xml.signature.Signature;
+import org.opensaml.xml.signature.SignatureConstants;
+import org.opensaml.xml.signature.Signer;
+import org.w3c.dom.Document;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
@@ -63,7 +69,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NOSLOServiceDescriptorException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
@@ -215,8 +220,8 @@ public class SingleLogOutBuilder {
}
DateTime now = new DateTime();
- Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
- issuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath());
+ Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
+ issuer.setValue(sloInfo.getAuthURL());
issuer.setFormat(NameID.ENTITY);
sloReq.setIssuer(issuer);
sloReq.setIssueInstant(now);
@@ -228,7 +233,35 @@ public class SingleLogOutBuilder {
nameID.setFormat(sloInfo.getUserNameIDFormat());
nameID.setValue(sloInfo.getUserNameIdentifier());
sloReq.setNameID(nameID );
-
+
+ //sign message
+ try {
+ X509Credential idpSigningCredential = CredentialProvider.getIDPAssertionSigningCredential();
+
+ Signature signer = SAML2Utils.createSAMLObject(Signature.class);
+ signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
+ signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
+ signer.setSigningCredential(idpSigningCredential);
+ sloReq.setSignature(signer);
+
+ DocumentBuilder builder;
+ DocumentBuilderFactory factory = DocumentBuilderFactory
+ .newInstance();
+
+ builder = factory.newDocumentBuilder();
+ Document document = builder.newDocument();
+ Marshaller out = Configuration.getMarshallerFactory()
+ .getMarshaller(sloReq);
+ out.marshall(sloReq, document);
+
+ Signer.signObject(signer);
+
+ } catch (Exception e) {
+ Logger.error("Single LogOut request signing FAILED!", e);
+ throw new MOAIDException("pvp2.19", null);
+
+ }
+
return sloReq;
}
@@ -277,7 +310,7 @@ public class SingleLogOutBuilder {
private static LogoutResponse buildBasicResponse(SingleLogoutService sloService, PVPTargetConfiguration spRequest) throws ConfigurationException, MOAIDException {
LogoutResponse sloResp = SAML2Utils.createSAMLObject(LogoutResponse.class);
Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
- issuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath());
+ issuer.setValue(spRequest.getAuthURLWithOutSlash());
issuer.setFormat(NameID.ENTITY);
sloResp.setIssuer(issuer);
sloResp.setIssueInstant(new DateTime());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
index d80ddba25..065118e2b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
@@ -90,7 +90,7 @@ import at.gv.egovernment.moa.util.MiscUtil;
public class PVP2AssertionBuilder implements PVPConstants {
- public static Assertion buildAssertion(AttributeQuery attrQuery,
+ public static Assertion buildAssertion(String authURL, AttributeQuery attrQuery,
List<String> reqAttributes, IAuthData authData, DateTime date, String sessionIndex) throws ConfigurationException {
@@ -136,12 +136,12 @@ public class PVP2AssertionBuilder implements PVPConstants {
SubjectConfirmationData subjectConfirmationData = null;
- return buildGenericAssertion(attrQuery.getIssuer().getValue(), date,
+ return buildGenericAssertion(authURL, attrQuery.getIssuer().getValue(), date,
authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex,
new DateTime(authData.getSsoSessionValidTo().getTime()));
}
- public static Assertion buildAssertion(AuthnRequest authnRequest,
+ public static Assertion buildAssertion(String authURL, AuthnRequest authnRequest,
IAuthData authData, EntityDescriptor peerEntity, DateTime date,
AssertionConsumerService assertionConsumerService, SLOInformationImpl sloInformation)
throws MOAIDException {
@@ -416,10 +416,25 @@ public class PVP2AssertionBuilder implements PVPConstants {
sloInformation.setNameIDFormat(subjectNameID.getFormat());
sloInformation.setSessionIndex(sessionIndex);
- return buildGenericAssertion(peerEntity.getEntityID(), date, authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex, subjectConfirmationData.getNotOnOrAfter());
+ return buildGenericAssertion(authURL, peerEntity.getEntityID(), date, authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex, subjectConfirmationData.getNotOnOrAfter());
}
- public static Assertion buildGenericAssertion(String entityID, DateTime date,
+ /**
+ *
+ * @param authURL IDP PublicURL PreFix
+ * @param entityID Service Provider EntityID
+ * @param date
+ * @param authnContextClassRef
+ * @param attrList
+ * @param subjectNameID
+ * @param subjectConfirmationData
+ * @param sessionIndex
+ * @param isValidTo
+ * @return
+ * @throws ConfigurationException
+ */
+
+ private static Assertion buildGenericAssertion(String authURL, String entityID, DateTime date,
AuthnContextClassRef authnContextClassRef, List<Attribute> attrList,
NameID subjectNameID, SubjectConfirmationData subjectConfirmationData,
String sessionIndex, DateTime isValidTo) throws ConfigurationException {
@@ -471,7 +486,9 @@ public class PVP2AssertionBuilder implements PVPConstants {
Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
- issuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath());
+ if (authURL.endsWith("/"))
+ authURL = authURL.substring(0, authURL.length()-1);
+ issuer.setValue(authURL);
issuer.setFormat(NameID.ENTITY);
assertion.setIssuer(issuer);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
index dc3b787e4..47d7a29b3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
@@ -121,43 +121,46 @@ public class PVPConfiguration {
}
}
- public String getIDPPublicPath() throws ConfigurationException {
- String publicPath = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix();
- if(publicPath != null) {
- if(publicPath.endsWith("/")) {
- int length = publicPath.length();
- publicPath = publicPath.substring(0, length-1);
- }
+ public List<String> getIDPPublicPath() throws ConfigurationException {
+ List<String> publicPath = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix();
+ List<String> returnvalue = new ArrayList<String>();
+ for (String el : publicPath) {
+ if(el.endsWith("/")) {
+ int length = el.length();
+ returnvalue.add(el.substring(0, length-1));
+
+ } else
+ returnvalue.add(el);
}
- return publicPath;
+ return returnvalue;
}
- public String getSPSSOPostService() throws ConfigurationException {
- return getIDPPublicPath() + PVP2_SP_POST;
+ public String getSPSSOPostService(String publicURLPrefix) throws ConfigurationException {
+ return publicURLPrefix + PVP2_SP_POST;
}
- public String getSPSSORedirectService() throws ConfigurationException {
- return getIDPPublicPath() + PVP2_SP_REDIRECT;
+ public String getSPSSORedirectService(String publicURLPrefix) throws ConfigurationException {
+ return publicURLPrefix + PVP2_SP_REDIRECT;
}
- public String getIDPSSOPostService() throws ConfigurationException {
- return getIDPPublicPath() + PVP2_IDP_POST;
+ public String getIDPSSOPostService(String publicURLPrefix) throws ConfigurationException {
+ return publicURLPrefix + PVP2_IDP_POST;
}
- public String getIDPSSORedirectService() throws ConfigurationException {
- return getIDPPublicPath() + PVP2_IDP_REDIRECT;
+ public String getIDPSSORedirectService(String publicURLPrefix) throws ConfigurationException {
+ return publicURLPrefix + PVP2_IDP_REDIRECT;
}
- public String getIDPSSOSOAPService() throws ConfigurationException {
- return getIDPPublicPath() + PVP2_IDP_SOAP;
+ public String getIDPSSOSOAPService(String publicURLPrefix) throws ConfigurationException {
+ return publicURLPrefix + PVP2_IDP_SOAP;
}
- public String getIDPAttributeQueryService() throws ConfigurationException {
- return getIDPPublicPath() + PVP2_IDP_ATTRIBUTEQUERY;
+ public String getIDPAttributeQueryService(String publicURLPrefix) throws ConfigurationException {
+ return publicURLPrefix + PVP2_IDP_ATTRIBUTEQUERY;
}
- public String getIDPSSOMetadataService() throws ConfigurationException {
- return getIDPPublicPath() + PVP2_METADATA;
+ public String getIDPSSOMetadataService(String publicURLPrefix) throws ConfigurationException {
+ return publicURLPrefix + PVP2_METADATA;
}
public String getIDPKeyStoreFilename() {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java
index 94a4e8226..392569366 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java
@@ -34,6 +34,15 @@ public class InvalidAssertionConsumerServiceException extends PVP2Exception {
/**
*
*/
+ public InvalidAssertionConsumerServiceException(String wrongURL) {
+ super("pvp2.23", new Object[]{wrongURL});
+ this.statusCodeValue = StatusCode.REQUESTER_URI;
+
+ }
+
+ /**
+ *
+ */
private static final long serialVersionUID = 7861790149343943091L;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
index a31258784..059e68865 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
@@ -82,10 +82,10 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
SLOInformationImpl sloInformation = new SLOInformationImpl();
//build Assertion
- Assertion assertion = PVP2AssertionBuilder.buildAssertion(authnRequest, authData,
+ Assertion assertion = PVP2AssertionBuilder.buildAssertion(obj.getAuthURL(), authnRequest, authData,
peerEntity, date, consumerService, sloInformation);
- Response authResponse = AuthResponseBuilder.buildResponse(authnRequest, date, assertion);
+ Response authResponse = AuthResponseBuilder.buildResponse(obj.getAuthURL(), authnRequest, date, assertion);
IEncoder binding = null;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
index 4d12c38da..75ef7e5a1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
@@ -57,6 +57,15 @@ public class MOASAMLSOAPClient {
BasicSOAPMessageContext soapContext = new BasicSOAPMessageContext();
soapContext.setOutboundMessage(soapRequest);
+
+ //set security policy context
+// BasicSecurityPolicy policy = new BasicSecurityPolicy();
+// policy.getPolicyRules().add(
+// new MOAPVPSignedRequestPolicyRule(
+// TrustEngineFactory.getSignatureKnownKeysTrustEngine(),
+// SPSSODescriptor.DEFAULT_ELEMENT_NAME));
+// SecurityPolicyResolver secResolver = new StaticSecurityPolicyResolver(policy);
+// soapContext.setSecurityPolicyResolver(secResolver);
HttpClientBuilder clientBuilder = new HttpClientBuilder();
if (destination.startsWith("https")) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AbstractRequestSignedSecurityPolicyRule.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AbstractRequestSignedSecurityPolicyRule.java
new file mode 100644
index 000000000..f62410656
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AbstractRequestSignedSecurityPolicyRule.java
@@ -0,0 +1,187 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.validation;
+
+import javax.xml.namespace.QName;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.validation.Schema;
+import javax.xml.validation.Validator;
+
+import org.opensaml.common.SignableSAMLObject;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.common.xml.SAMLSchemaBuilder;
+import org.opensaml.security.MetadataCriteria;
+import org.opensaml.security.SAMLSignatureProfileValidator;
+import org.opensaml.ws.message.MessageContext;
+import org.opensaml.ws.security.SecurityPolicyException;
+import org.opensaml.ws.security.SecurityPolicyRule;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.security.CriteriaSet;
+import org.opensaml.xml.security.credential.UsageType;
+import org.opensaml.xml.security.criteria.EntityIDCriteria;
+import org.opensaml.xml.security.criteria.UsageCriteria;
+import org.opensaml.xml.signature.SignatureTrustEngine;
+import org.opensaml.xml.validation.ValidationException;
+import org.w3c.dom.Element;
+import org.xml.sax.SAXException;
+
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SchemaValidationException;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public abstract class AbstractRequestSignedSecurityPolicyRule implements SecurityPolicyRule {
+
+ private SignatureTrustEngine trustEngine = null;
+ private QName peerEntityRole = null;
+ /**
+ * @param peerEntityRole
+ *
+ */
+ public AbstractRequestSignedSecurityPolicyRule(SignatureTrustEngine trustEngine, QName peerEntityRole) {
+ this.trustEngine = trustEngine;
+ this.peerEntityRole = peerEntityRole;
+
+ }
+
+
+ /**
+ * Reload the PVP metadata for a given entity
+ *
+ * @param entityID for which the metadata should be refreshed.
+ * @return true if the refresh was successful, otherwise false
+ */
+ protected abstract boolean refreshMetadataProvider(String entityID);
+
+
+ protected abstract SignableSAMLObject getSignedSAMLObject(XMLObject inboundData);
+
+ /* (non-Javadoc)
+ * @see org.opensaml.ws.security.SecurityPolicyRule#evaluate(org.opensaml.ws.message.MessageContext)
+ */
+ @Override
+ public void evaluate(MessageContext context) throws SecurityPolicyException {
+ try {
+ verifySignature(context);
+
+ } catch (SecurityPolicyException e) {
+ if (MiscUtil.isEmpty(context.getInboundMessageIssuer())) {
+ throw e;
+
+ }
+ Logger.debug("PVP2X message validation FAILED. Reload metadata for entityID: " + context.getInboundMessageIssuer());
+ if (!refreshMetadataProvider(context.getInboundMessageIssuer()))
+ throw e;
+
+ else {
+ Logger.trace("PVP2X metadata reload finished. Check validate message again.");
+ verifySignature(context);
+
+ }
+ Logger.trace("Second PVP2X message validation finished");
+
+ }
+
+
+ }
+
+ private void verifySignature(MessageContext context) throws SecurityPolicyException {
+ SignableSAMLObject samlObj = getSignedSAMLObject(context.getInboundMessage());
+ if (samlObj != null && samlObj.getSignature() != null) {
+
+ SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator();
+ try {
+ profileValidator.validate(samlObj.getSignature());
+ performSchemaValidation(samlObj.getDOM());
+
+ } catch (ValidationException e) {
+ Logger.warn("Signature is not conform to SAML signature profile", e);
+ throw new SecurityPolicyException("Signature is not conform to SAML signature profile");
+
+ } catch (SchemaValidationException e) {
+ Logger.warn("Signature is not conform to SAML signature profile", e);
+ throw new SecurityPolicyException("Signature is not conform to SAML signature profile");
+
+ }
+
+
+
+ CriteriaSet criteriaSet = new CriteriaSet();
+ criteriaSet.add( new EntityIDCriteria(context.getInboundMessageIssuer()) );
+ criteriaSet.add( new MetadataCriteria(peerEntityRole, SAMLConstants.SAML20P_NS) );
+ criteriaSet.add( new UsageCriteria(UsageType.SIGNING) );
+
+ try {
+ if (!trustEngine.validate(samlObj.getSignature(), criteriaSet)) {
+ throw new SecurityPolicyException("Signature validation FAILED.");
+
+ }
+ Logger.debug("PVP AuthnRequest signature valid.");
+
+ } catch (org.opensaml.xml.security.SecurityException e) {
+ Logger.info("PVP2x message signature validation FAILED. Message:" + e.getMessage());
+ throw new SecurityPolicyException("Signature validation FAILED.");
+
+ }
+
+ } else {
+ throw new SecurityPolicyException("Request is not signed.");
+
+ }
+
+ }
+
+ private void performSchemaValidation(Element source) throws SchemaValidationException {
+
+ String err = null;
+ try {
+ Schema test = SAMLSchemaBuilder.getSAML11Schema();
+ Validator val = test.newValidator();
+ val.validate(new DOMSource(source));
+ Logger.debug("Schema validation check done OK");
+ return;
+
+ } catch (SAXException e) {
+ err = e.getMessage();
+ if (Logger.isDebugEnabled() || Logger.isTraceEnabled())
+ Logger.warn("Schema validation FAILED with exception:", e);
+ else
+ Logger.warn("Schema validation FAILED with message: "+ e.getMessage());
+
+ } catch (Exception e) {
+ err = e.getMessage();
+ if (Logger.isDebugEnabled() || Logger.isTraceEnabled())
+ Logger.warn("Schema validation FAILED with exception:", e);
+ else
+ Logger.warn("Schema validation FAILED with message: "+ e.getMessage());
+
+ }
+
+ throw new SchemaValidationException("pvp2.22", new Object[]{err});
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/MOAPVPSignedRequestPolicyRule.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/MOAPVPSignedRequestPolicyRule.java
new file mode 100644
index 000000000..932f3b818
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/MOAPVPSignedRequestPolicyRule.java
@@ -0,0 +1,70 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.validation;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.common.SignableSAMLObject;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.signature.SignatureTrustEngine;
+
+import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOAPVPSignedRequestPolicyRule extends
+ AbstractRequestSignedSecurityPolicyRule {
+
+ /**
+ * @param trustEngine
+ * @param peerEntityRole
+ */
+ public MOAPVPSignedRequestPolicyRule(SignatureTrustEngine trustEngine,
+ QName peerEntityRole) {
+ super(trustEngine, peerEntityRole);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.validation.AbstractRequestSignedSecurityPolicyRule#refreshMetadataProvider(java.lang.String)
+ */
+ @Override
+ protected boolean refreshMetadataProvider(String entityID) {
+ return MOAMetadataProvider.getInstance().refreshMetadataProvider(entityID);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.pvp2x.validation.AbstractRequestSignedSecurityPolicyRule#getSignedSAMLObject(org.opensaml.xml.XMLObject)
+ */
+ @Override
+ protected SignableSAMLObject getSignedSAMLObject(XMLObject inboundData) {
+ if (inboundData instanceof SignableSAMLObject)
+ return (SignableSAMLObject) inboundData;
+
+ else
+ return null;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
index 70b778c49..812e27a36 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
@@ -25,6 +25,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.verification;
import java.util.ArrayList;
import java.util.List;
+import javax.xml.namespace.QName;
import javax.xml.transform.dom.DOMSource;
import javax.xml.validation.Schema;
import javax.xml.validation.Validator;
@@ -61,7 +62,7 @@ import org.xml.sax.SAXException;
import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SchemaValidationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
@@ -74,7 +75,6 @@ import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
public class SAMLVerificationEngine {
-
public void verify(InboundMessage msg, SignatureTrustEngine sigTrustEngine ) throws org.opensaml.xml.security.SecurityException, Exception {
try {
@@ -83,7 +83,7 @@ public class SAMLVerificationEngine {
verifyRequest(((RequestAbstractType)((MOARequest)msg).getSamlRequest()), sigTrustEngine);
else
- verifyResponse(((MOAResponse)msg).getResponse(), sigTrustEngine);
+ verifyIDPResponse(((MOAResponse)msg).getResponse(), sigTrustEngine);
} catch (InvalidProtocolRequestException e) {
if (MiscUtil.isEmpty(msg.getEntityID())) {
@@ -102,15 +102,24 @@ public class SAMLVerificationEngine {
verifyRequest(((RequestAbstractType)((MOARequest)msg).getSamlRequest()), sigTrustEngine);
else
- verifyResponse(((MOAResponse)msg).getResponse(), sigTrustEngine);
+ verifyIDPResponse(((MOAResponse)msg).getResponse(), sigTrustEngine);
}
Logger.trace("Second PVP2X message validation finished");
}
}
+ public void verifyIDPResponse(StatusResponseType samlObj, SignatureTrustEngine sigTrustEngine) throws InvalidProtocolRequestException{
+ verifyResponse(samlObj, sigTrustEngine, IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
+
+ }
- public void verifyResponse(StatusResponseType samlObj, SignatureTrustEngine sigTrustEngine ) throws InvalidProtocolRequestException{
+ public void verifySLOResponse(StatusResponseType samlObj, SignatureTrustEngine sigTrustEngine ) throws InvalidProtocolRequestException {
+ verifyResponse(samlObj, sigTrustEngine, SPSSODescriptor.DEFAULT_ELEMENT_NAME);
+
+ }
+
+ private void verifyResponse(StatusResponseType samlObj, SignatureTrustEngine sigTrustEngine, QName defaultElementName) throws InvalidProtocolRequestException{
SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator();
try {
profileValidator.validate(samlObj.getSignature());
@@ -127,7 +136,7 @@ public class SAMLVerificationEngine {
CriteriaSet criteriaSet = new CriteriaSet();
criteriaSet.add( new EntityIDCriteria(samlObj.getIssuer().getValue()) );
- criteriaSet.add( new MetadataCriteria(IDPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS) );
+ criteriaSet.add( new MetadataCriteria(defaultElementName, SAMLConstants.SAML20P_NS) );
criteriaSet.add( new UsageCriteria(UsageType.SIGNING) );
try {
@@ -175,10 +184,20 @@ public class SAMLVerificationEngine {
if (samlResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) {
List<org.opensaml.saml2.core.Assertion> saml2assertions = new ArrayList<org.opensaml.saml2.core.Assertion>();
- if (validateDestination && !samlResp.getDestination().startsWith(
- PVPConfiguration.getInstance().getIDPPublicPath())) {
+ List<String> allowedPublicURLPrefix =
+ AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix();
+ boolean isValidDestination = false;
+ for (String allowedPreFix : allowedPublicURLPrefix) {
+ if (validateDestination && samlResp.getDestination().startsWith(
+ allowedPreFix)) {
+ isValidDestination = true;
+ break;
+
+ }
+ }
+ if (!isValidDestination) {
Logger.warn("PVP 2.1 assertion destination does not match to IDP URL");
- throw new AssertionValidationExeption("PVP 2.1 assertion destination does not match to IDP URL", null);
+ throw new AssertionValidationExeption("PVP 2.1 assertion destination does not match to IDP URL", null);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
index d1582b883..9dee39fe8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
@@ -377,7 +377,7 @@ public class AuthenticationSessionStoreage {
}
public static void addSSOInformation(String moaSessionID, String SSOSessionID,
- SLOInformationInterface SLOInfo, String OAUrl) throws AuthenticationException {
+ SLOInformationInterface SLOInfo, IRequest protocolRequest) throws AuthenticationException {
AuthenticatedSessionStore dbsession;
Transaction tx = null;
@@ -412,7 +412,7 @@ public class AuthenticationSessionStoreage {
//check if OA already has an active OA session
if (dbsession.getActiveOAsessions() != null) {
for (OASessionStore el : dbsession.getActiveOAsessions()) {
- if (el.getOaurlprefix().equals(OAUrl))
+ if (el.getOaurlprefix().equals(protocolRequest.getOAURL()))
activeOA = el;
}
}
@@ -421,7 +421,7 @@ public class AuthenticationSessionStoreage {
activeOA = new OASessionStore();
//set active OA applications
- activeOA.setOaurlprefix(OAUrl);
+ activeOA.setOaurlprefix(protocolRequest.getOAURL());
activeOA.setMoasession(dbsession);
activeOA.setCreated(new Date());
@@ -432,6 +432,7 @@ public class AuthenticationSessionStoreage {
activeOA.setUserNameIDFormat(SLOInfo.getUserNameIDFormat());
activeOA.setProtocolType(SLOInfo.getProtocolType());
activeOA.setAttributeQueryUsed(false);
+ activeOA.setAuthURL(protocolRequest.getAuthURL());
}
@@ -463,10 +464,10 @@ public class AuthenticationSessionStoreage {
tx.commit();
if (SLOInfo != null)
- Logger.info("Add SSO-Session login information for OA: " + OAUrl
+ Logger.info("Add SSO-Session login information for OA: " + protocolRequest.getOAURL()
+ " and AssertionID: " + SLOInfo.getSessionIndex());
else
- Logger.info("Add SSO-Session login information for OA: " + OAUrl);
+ Logger.info("Add SSO-Session login information for OA: " + protocolRequest.getOAURL());
}
@@ -887,6 +888,7 @@ public class AuthenticationSessionStoreage {
idp = new InterfederationSessionStore();
idp.setCreated(now);
idp.setIdpurlprefix(req.getInterfederationResponse().getEntityID());
+ idp.setAuthURL(req.getAuthURL());
try {
OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java
index 1f08d9019..2aceb833c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java
@@ -156,5 +156,21 @@ public class HTTPUtils {
return buffer.toString();
}
+
+ /**
+ * Extract the IDP PublicURLPrefix from authrequest
+ *
+ * @param req HttpServletRequest
+ * @return PublicURLPrefix <String> which ends always without /
+ */
+ public static String extractAuthURLFromRequest(HttpServletRequest req) {
+ String authURL = req.getScheme() + "://" + req.getServerName();
+ if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) {
+ authURL = authURL.concat(":" + req.getServerPort());
+ }
+ authURL = authURL.concat(req.getContextPath());
+ return authURL;
+
+ }
}
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index ac5a5be60..cabf1557e 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -79,6 +79,7 @@ config.21=F\u00FCr diese Online Applikation sind keine Vollmachtsprofile hinterl
config.22=F\u00FCr den Interfederation-Gateway mit der ID {0} ist kein Endpunkt zur Weiterleitung konfiguriert.
config.23=Fehler beim initialisieren von OpenSAML
config.24=MOA-ID-Auth Configfile {1} does not start with {0} prefix.
+config.25=Der verwendete IDP PublicURLPrefix {0} ist nicht erlaubt.
parser.00=Leichter Fehler beim Parsen: {0}
parser.01=Fehler beim Parsen: {0}
@@ -265,6 +266,7 @@ pvp2.19=Der Single LogOut Vorgang musste wegen eines unkorregierbaren Fehler abg
pvp2.20=F\u00FCr die im Request angegebene EntityID konnten keine g\u00FCltigen Metadaten gefunden werden.
pvp2.21=Die Signature des Requests konnte nicht g\u00FCltig validiert werden.
pvp2.22=Der Request konnte nicht g\u00FCltig validiert werden (Fehler\={0}).
+pvp2.23={0} ist keine gueltige AssertionConsumerServiceURL oder entspricht nicht den Metadaten.
oauth20.01=Fehlerhafte redirect url
oauth20.02=Fehlender oder ung\u00FCltiger Parameter "{0}"
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
index fa332f0c7..342d54f7f 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
@@ -58,6 +58,7 @@ config.21=9006
config.22=9008
config.23=9199
config.24=9199
+config.25=9199
parser.00=1101
parser.01=1101
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html b/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html
index 123a23837..2b0115d4a 100644
--- a/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html
+++ b/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html
@@ -405,7 +405,7 @@
#bkulogin {
min-width: 190px;
- min-height: 155px;
+ min-height: 170px;
}
.setAssertionButton_full {
@@ -616,6 +616,12 @@
top: 40px;
}
+
+ #ssoSessionTransferBlock {
+ font-size: 0.8em;
+ margin-left: 5px;
+ margin-bottom: 5px;
+ }
</style>
<!-- MOA-ID 2.x BKUSelection JavaScript fucnctions-->
@@ -740,7 +746,7 @@
}
}
function onChangeChecks() {
- if (top.innerWidth < 650) {
+ if (self.innerWidth < 650) {
document.getElementById("moaidform").setAttribute("target","_parent");
} else {
document.getElementById("moaidform").removeAttribute("target");
@@ -834,7 +840,7 @@
<h2 id="tabheader" class="dunkel" role="heading">#HEADER_TEXT#</h2>
</div>
<div id="bkulogin" class="hell" role="form">
- <div id="mandateLogin" style="">
+ <div id="mandateLogin" style="#MANDATEVISIBLE#">
<div>
<input tabindex="1" type="checkbox" name="Mandate"
id="mandateCheckBox" class="verticalcenter" role="checkbox"
@@ -867,19 +873,20 @@
<input type="hidden" name="bkuURI" value="#LOCAL#"> <input
type="hidden" name="useMandate" id="useMandate"> <input
type="hidden" name="SSO" id="useSSO"> <input
- type="hidden" name="CCC" id="ccc"> <input type="hidden"
+ type="hidden" name="ccc" id="ccc"> <input type="hidden"
name="MODUL" value="#MODUL#"> <input type="hidden"
name="ACTION" value="#ACTION#"> <input type="hidden"
name="MOASessionID" value="#SESSIONID#">
<input type="submit" value=" Lokale Bürgerkartenumgebung " tabindex="4"
- role="button" onclick="setMandateSelection();"
- >
- <!--p>
- <small>Alternativ können Sie eine lokal installierte BKU verwenden.</small>
- </p-->
- </form>
+ role="button" onclick="setMandateSelection();">
+ </form>
</div>
+ <!-- Single Sign-On Session transfer functionality -->
+ <!--div id="ssoSessionTransferBlock">
+ <a href="#AUTH_URL#?MOASessionID=#SESSIONID#&restoreSSOSession=true">>Restore SSO Session from Smartphone</a>
+ </div-->
+
<div id="stork" align="center" style="#STORKVISIBLE#">
<h2 id="tabheader" class="dunkel">Home Country Selection</h2>
<p>
@@ -900,7 +907,7 @@
</div>
</div>
</div>
- <div id="validation">
+ <!--div id="validation">
<a href="http://validator.w3.org/check?uri="> <img
style="border: 0; width: 88px; height: 31px"
src="#CONTEXTPATH#/img/valid-html5-blue.png" alt="HTML5 ist valide!" />
@@ -909,7 +916,7 @@
src="http://jigsaw.w3.org/css-validator/images/vcss-blue"
alt="CSS ist valide!" />
</a>
- </div>
+ </div-->
</div>
</body>
</html>
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html b/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html
index 033a574b9..07d018a94 100644
--- a/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html
+++ b/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html
@@ -1,554 +1,617 @@
-<!DOCTYPE html>
+<!DOCTYPE html>
<html>
<head>
-<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
-<!-- MOA-ID 2.x BKUSelection Layout CSS -->
-<style type="text/css">
-@media screen and (min-width: 650px) {
- body {
- margin: 0;
- padding: 0;
- color: #000;
- background-color: #fff;
- text-align: center;
- background-color: #6B7B8B;
- }
- #localBKU p {
- font-size: 0.7em;
- }
- #localBKU input {
- font-size: 0.7em;
- border-radius: 5px;
- }
- #bkuselectionarea button {
- font-size: 0.85em;
- border-radius: 7px;
- margin-bottom: 25px;
- }
- #mandateLogin {
- font-size: 0.85em;
- }
- #bku_header h2 {
- font-size: 0.8em;
- }
- #page {
- display: block;
- border: 2px solid rgb(0, 0, 0);
- width: 650px;
- height: 440px;
- margin: 0 auto;
- margin-top: 5%;
- position: relative;
- border-radius: 25px;
- background: rgb(255, 255, 255);
- }
- #page1 {
- text-align: center;
- }
- #main {
- /* clear:both; */
- position: relative;
- margin: 0 auto;
- width: 250px;
- text-align: center;
- }
- .OA_header {
- /* background-color: white;*/
- font-size: 20pt;
- margin-bottom: 25px;
- margin-top: 25px;
- }
- #leftcontent {
- width: 300px;
- margin-top: 30px;
- padding-bottom: 15px;
- margin-bottom: 25px;
- text-align: left;
- border: 1px solid rgb(0, 0, 0);
- }
- #selectArea {
- font-size: 15px;
- padding-bottom: 65px;
- }
- #selectArea h3 {
- margin-bottom: 25px;
- }
- #bku_header {
- height: 5%;
- padding-bottom: 3px;
- padding-top: 3px;
- }
- #bkulogin {
- overflow: hidden;
- min-width: 190px;
- min-height: 180px;
- /*height: 260px;*/
- }
- h2#tabheader {
- font-size: 1.1em;
- padding-left: 2%;
- padding-right: 2%;
- position: relative;
- }
- .setAssertionButton_full {
- margin-top: 15px;
- width: 100px;
- height: 30px;
- font-size: 1.3em;
- min-height: 1.3em;
- /* border-radius: 10px;*/
- }
- #leftbutton {
- width: 30%;
- float: left;
- margin-left: 40px;
- }
- #rightbutton {
- width: 30%;
- float: right;
- margin-right: 45px;
- text-align: right;
- }
- button {
- height: 25px;
- width: 90px;
- margin-bottom: 10px;
- }
- #validation {
- position: absolute;
- bottom: 0px;
- margin-left: 270px;
- padding-bottom: 10px;
- }
-}
-
-@media screen and (max-width: 205px) {
- #localBKU p {
- font-size: 0.6em;
- }
- #localBKU input {
- font-size: 0.7em;
- min-width: 70px;
- min-height: 1.2em;
- border-radius: 5px;
- }
- #bkuselectionarea button,.setAssertionButton_full {
- font-size: 0.8em;
- min-width: 65px;
- min-height: 1.3em;
- /* border-radius: 5px; */
- margin-bottom: 2%
- }
- #mandateLogin {
- font-size: 0.65em;
- }
- #bku_header h2,#selectArea h3 {
- font-size: 0.8em;
- margin-top: -0.4em;
- }
-}
-
-@media screen and (max-width: 249px) and (min-width: 206px) {
- #localBKU p {
- font-size: 0.7em;
- }
- #localBKU input {
- font-size: 0.85em;
- min-width: 80px;
- min-height: 0.95em;
- border-radius: 6px;
- }
- #bkuselectionarea button,.setAssertionButton_full {
- font-size: 0.85em;
- min-width: 70px;
- min-height: 0.95em;
- /* border-radius: 6px; */
- margin-bottom: 2%
- }
- #mandateLogin {
- font-size: 0.75em;
- }
- #bku_header h2,#selectArea h3 {
- font-size: 0.9em;
- margin-top: -0.45em;
- }
-}
-
-@media screen and (max-width: 299px) and (min-width: 250px) {
- #localBKU p {
- font-size: 0.9em;
- }
- #localBKU input {
- font-size: 0.9em;
- min-width: 100px;
- border-radius: 6px;
- }
- #bkuselectionarea button,.setAssertionButton_full {
- font-size: 1.0em;
- min-height: 1.05em;
- /* border-radius: 7px; */
- margin-bottom: 5%;
- }
- #mandateLogin {
- font-size: 1em;
- }
- #bku_header h2,#selectArea h3 {
- font-size: 1.0em;
- margin-top: -0.50em;
- }
-}
-
-@media screen and (max-width: 399px) and (min-width: 300px) {
- #localBKU p {
- font-size: 0.9em;
- }
- #localBKU input {
- font-size: 0.9em;
- min-width: 100px;
- border-radius: 6px;
- }
- #bkuselectionarea button,.setAssertionButton_full {
- font-size: 1.1em;
- min-height: 1.2em;
- /* border-radius: 8px; */
- margin-bottom: 5%;
- }
- #mandateLogin {
- font-size: 1em;
- }
- #bku_header h2,#selectArea h3 {
- font-size: 1.1em;
- margin-top: -0.55em;
- }
-}
-
-@media screen and (max-width: 649px) and (min-width: 400px) {
- #localBKU p {
- font-size: 0.9em;
- }
- #localBKU input {
- font-size: 0.9em;
- min-width: 100px;
- border-radius: 6px;
- }
- #bkuselectionarea button,.setAssertionButton_full {
- font-size: 1.3em;
- min-height: 1.3em;
- /* border-radius: 10px; */
- margin-bottom: 5%;
- }
- #mandateLogin {
- font-size: 1.2em;
- }
- #bku_header h2,#selectArea h3 {
- font-size: 1.3em;
- margin-top: -0.65em;
- }
-}
-
-@media screen and (max-width: 649px) {
- body {
- margin: 0;
- padding: 0;
- color: #000;
- text-align: center;
- font-size: 100%;
- background-color: #MAIN_BACKGOUNDCOLOR#;
- }
- #page {
- visibility: hidden;
- margin-top: 0%;
- }
- #page1 {
- visibility: hidden;
- }
- #main {
- visibility: hidden;
- }
- #validation {
- visibility: hidden;
- display: none;
- }
- .OA_header {
- margin-bottom: 0px;
- margin-top: 0px;
- font-size: 0pt;
- visibility: hidden;
- }
- #leftcontent {
- visibility: visible;
- margin-bottom: 0px;
- text-align: left;
- border: none;
- min-width: 190px;
- /* min-height: 190px; */
- vertical-align: middle;
- }
- #bku_header {
- height: 10%;
- min-height: 1.2em;
- margin-top: 1%;
- }
- h2#tabheader {
- padding-left: 2%;
- padding-right: 2%;
- padding-top: 1%;
- position: relative;
- top: 50%;
- }
- #bkulogin {
- min-width: 190px;
- min-height: 150px;
- }
- .setAssertionButton_full {
- margin-top: 15px;
- width: 70%;
- height: 11%;
- min-width: 60px;
- min-height: 25px;
- }
- #selectArea h3 {
- margin-top: 2%;
- }
- button {
- height: 11%;
- width: 70%;
- }
-}
-
-* {
- margin: 0;
- padding: 0;
- /* border: 0; */
- font-family: #FONTTYPE #;
-}
-
-#selectArea {
- padding-top: 10px;
- padding-bottom: 55px;
- padding-left: 10px;
-}
-
-.setAssertionButton {
- background: #efefef;
- cursor: pointer;
- margin-top: 15px;
- width: 70px;
- height: 25px;
-}
-
-#leftbutton {
- width: 35%;
- float: left;
- margin-left: 15px;
-}
-
-#rightbutton {
- width: 35%;
- float: right;
- margin-right: 25px;
- text-align: right;
-}
-
-#stork {
- margin-bottom: 10px;
- margin-top: 5px;
-}
-
-#mandateLogin {
- padding-bottom: 2%;
- padding-top: 2%;
- height: 10%;
- position: relative;
- text-align: center;
-}
-
-.verticalcenter {
- vertical-align: middle;
-}
-
-#mandateLogin>div {
- clear: both;
- margin-top: -1%;
- position: relative;
- top: 50%;
-}
-
-#bkuselectionarea {
- position: relative;
- display: block;
-}
-
-#localBKU {
- padding-left: 5%;
- padding-right: 2%;
- padding-bottom: 2%;
- position: relative;
- clear: both;
-}
-
-#bkukarte {
- float: left;
- text-align: center;
- width: 40%;
- min-height: 70px;
- padding-left: 5%;
- padding-top: 2%;
-}
-
-#bkuhandy {
- float: right;
- text-align: center;
- width: 40%;
- min-height: 90px;
- padding-right: 5%;
- padding-top: 2%;
-}
-
-.bkuimage {
- width: 90%;
- height: auto;
-}
-
-#mandate {
- text-align: center;
- padding: 5px 5px 5px 5px;
-}
-
-button,.sendButton {
- /* background: #BUTTON_BACKGROUNDCOLOR#;
+ <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
+ <!-- MOA-ID 2.x BKUSelection Layout CSS -->
+ <style type="text/css">
+ @media screen and (min-width: 650px) {
+
+ body {
+ margin:0;
+ padding:0;
+ color : #000;
+ background-color : #fff;
+ text-align: center;
+ background-color: #6B7B8B;
+ }
+
+ #localBKU p {
+ font-size: 0.7em;
+ }
+
+ #localBKU input{
+ font-size: 0.7em;
+ border-radius: 5px;
+ }
+
+ #bkuselectionarea button {
+ font-size: 0.85em;
+ border-radius: 7px;
+ margin-bottom: 25px;
+ }
+
+ #mandateLogin {
+ font-size: 0.85em;
+ }
+
+ #bku_header h2 {
+ font-size: 0.8em;
+ }
+
+
+ #page {
+ display: block;
+ border: 2px solid rgb(0,0,0);
+ width: 650px;
+ height: 440px;
+ margin: 0 auto;
+ margin-top: 5%;
+ position: relative;
+ border-radius: 25px;
+ background: rgb(255,255,255);
+ }
+
+ #page1 {
+ text-align: center;
+ }
+
+ #main {
+ /* clear:both; */
+ position:relative;
+ margin: 0 auto;
+ width: 250px;
+ text-align: center;
+ }
+
+ .OA_header {
+ /* background-color: white;*/
+ font-size: 20pt;
+ margin-bottom: 25px;
+ margin-top: 25px;
+ }
+
+ #leftcontent {
+ width: 300px;
+ margin-top: 30px;
+ padding-bottom: 15px;
+ margin-bottom: 25px;
+ text-align: left;
+ border: 1px solid rgb(0,0,0);
+ }
+
+ #selectArea {
+ font-size: 15px;
+ padding-bottom: 65px;
+ }
+
+ #selectArea h3 {
+ margin-bottom: 25px;
+ }
+
+ #bku_header {
+ height: 5%;
+ padding-bottom: 3px;
+ padding-top: 3px;
+ }
+
+ #bkulogin {
+ overflow:hidden;
+ min-width: 190px;
+ min-height: 180px;
+ /*height: 260px;*/
+ }
+
+ h2#tabheader{
+ font-size: 1.1em;
+ padding-left: 2%;
+ padding-right: 2%;
+ position: relative;
+ }
+
+ .setAssertionButton_full {
+ margin-top: 15px;
+ width: 100px;
+ height: 30px;
+ font-size: 1.3em;
+ min-height: 1.3em;
+/* border-radius: 10px;*/
+ }
+
+ #leftbutton {
+ width: 30%;
+ float:left;
+ margin-left: 40px;
+ }
+
+ #rightbutton {
+ width: 30%;
+ float:right;
+ margin-right: 45px;
+ text-align: right;
+ }
+
+ button {
+ height: 25px;
+ width: 90px;
+ margin-bottom: 10px;
+ }
+
+ #validation {
+ position: absolute;
+ bottom: 0px;
+ margin-left: 270px;
+ padding-bottom: 10px;
+ }
+
+ }
+
+ @media screen and (max-width: 205px) {
+ #localBKU p {
+ font-size: 0.6em;
+ }
+
+ #localBKU input {
+ font-size: 0.7em;
+ min-width: 70px;
+ min-height: 1.2em;
+ border-radius: 5px;
+ }
+
+ #bkuselectionarea button, .setAssertionButton_full {
+ font-size: 0.8em;
+ min-width: 65px;
+ min-height: 1.3em;
+ /* border-radius: 5px; */
+ margin-bottom: 2%
+ }
+
+ #mandateLogin {
+ font-size: 0.65em;
+ }
+
+ #bku_header h2, #selectArea h3 {
+ font-size: 0.8em;
+ margin-top: -0.4em;
+ }
+ }
+
+ @media screen and (max-width: 249px) and (min-width: 206px) {
+ #localBKU p {
+ font-size: 0.7em;
+ }
+
+ #localBKU input {
+ font-size: 0.85em;
+ min-width: 80px;
+ min-height: 0.95em;
+ border-radius: 6px;
+ }
+
+ #bkuselectionarea button, .setAssertionButton_full {
+ font-size: 0.85em;
+ min-width: 70px;
+ min-height: 0.95em;
+ /* border-radius: 6px; */
+ margin-bottom: 2%
+ }
+
+ #mandateLogin {
+ font-size: 0.75em;
+ }
+
+ #bku_header h2, #selectArea h3 {
+ font-size: 0.9em;
+ margin-top: -0.45em;
+ }
+ }
+
+ @media screen and (max-width: 299px) and (min-width: 250px) {
+ #localBKU p {
+ font-size: 0.9em;
+ }
+
+ #localBKU input {
+ font-size: 0.9em;
+ min-width: 100px;
+ border-radius: 6px;
+ }
+
+ #bkuselectionarea button, .setAssertionButton_full {
+ font-size: 1.0em;
+ min-height: 1.05em;
+ /* border-radius: 7px; */
+ margin-bottom: 5%;
+ }
+
+ #mandateLogin {
+ font-size: 1em;
+ }
+
+ #bku_header h2, #selectArea h3 {
+ font-size: 1.0em;
+ margin-top: -0.50em;
+ }
+ }
+
+ @media screen and (max-width: 399px) and (min-width: 300px) {
+ #localBKU p {
+ font-size: 0.9em;
+ }
+
+ #localBKU input {
+ font-size: 0.9em;
+ min-width: 100px;
+ border-radius: 6px;
+ }
+
+ #bkuselectionarea button, .setAssertionButton_full {
+ font-size: 1.1em;
+ min-height: 1.2em;
+ /* border-radius: 8px; */
+ margin-bottom: 5%;
+ }
+
+ #mandateLogin {
+ font-size: 1em;
+ }
+
+ #bku_header h2, #selectArea h3 {
+ font-size: 1.1em;
+ margin-top: -0.55em;
+ }
+ }
+
+ @media screen and (max-width: 649px) and (min-width: 400px) {
+ #localBKU p {
+ font-size: 0.9em;
+ }
+
+ #localBKU input {
+ font-size: 0.9em;
+ min-width: 100px;
+ border-radius: 6px;
+ }
+
+ #bkuselectionarea button, .setAssertionButton_full {
+ font-size: 1.3em;
+ min-height: 1.3em;
+/* border-radius: 10px; */
+ margin-bottom: 5%;
+ }
+
+ #mandateLogin {
+ font-size: 1.2em;
+ }
+
+ #bku_header h2, #selectArea h3 {
+ font-size: 1.3em;
+ margin-top: -0.65em;
+ }
+ }
+
+
+
+ @media screen and (max-width: 649px) {
+
+ body {
+ margin:0;
+ padding:0;
+ color : #000;
+ text-align: center;
+ font-size: 100%;
+ background-color: #MAIN_BACKGOUNDCOLOR#;
+ }
+
+ #page {
+ visibility: hidden;
+ margin-top: 0%;
+ }
+
+ #page1 {
+ visibility: hidden;
+ }
+
+ #main {
+ visibility: hidden;
+ }
+
+ #validation {
+ visibility: hidden;
+ display: none;
+ }
+
+ .OA_header {
+ margin-bottom: 0px;
+ margin-top: 0px;
+ font-size: 0pt;
+ visibility: hidden;
+ }
+
+ #leftcontent {
+ visibility: visible;
+ margin-bottom: 0px;
+ text-align: left;
+ border:none;
+ min-width: 190px;
+/* min-height: 190px; */
+ vertical-align: middle;
+
+ }
+
+ #bku_header {
+ height: 10%;
+ min-height: 1.2em;
+ margin-top: 1%;
+ }
+
+ h2#tabheader{
+ padding-left: 2%;
+ padding-right: 2%;
+ padding-top: 1%;
+ position: relative;
+ top: 50%;
+ }
+
+ #bkulogin {
+ min-width: 190px;
+ min-height: 150px;
+ }
+
+ .setAssertionButton_full {
+ margin-top: 15px;
+ width: 70%;
+ height: 11%;
+ min-width: 60px;
+ min-height: 25px;
+ }
+
+ #selectArea h3 {
+ margin-top: 2%;
+ }
+
+ button {
+ height: 11%;
+ width: 70%;
+ }
+ }
+
+ * {
+ margin: 0;
+ padding: 0;
+/* border: 0; */
+ font-family: #FONTTYPE#;
+ }
+
+ #selectArea {
+ padding-top: 10px;
+ padding-bottom: 55px;
+ padding-left: 10px;
+ }
+
+ .setAssertionButton {
+ background: #efefef;
+ cursor: pointer;
+ margin-top: 15px;
+ width: 70px;
+ height: 25px;
+ }
+
+ #leftbutton {
+ width: 35%;
+ float:left;
+ margin-left: 15px;
+ }
+
+ #rightbutton {
+ width: 35%;
+ float:right;
+ margin-right: 25px;
+ text-align: right;
+ }
+
+ #stork {
+ margin-bottom: 10px;
+ margin-top: 5px;
+ }
+
+ #mandateLogin {
+ padding-bottom: 2%;
+ padding-top: 2%;
+ height: 10%;
+ position: relative;
+ text-align: center;
+ }
+
+ .verticalcenter {
+ vertical-align: middle;
+ }
+
+ #mandateLogin > div {
+ clear: both;
+ margin-top: -1%;
+ position: relative;
+ top: 50%;
+ }
+
+ #bkuselectionarea {
+ position: relative;
+ display: block;
+ }
+
+ #localBKU {
+ padding-left: 5%;
+ padding-right: 2%;
+ padding-bottom: 2%;
+ position: relative;
+ clear: both;
+ }
+
+ #bkukarte {
+ float:left;
+ text-align:center;
+ width:40%;
+ min-height: 70px;
+ padding-left: 5%;
+ padding-top: 2%;
+ }
+
+ #bkuhandy {
+ float:right;
+ text-align:center;
+ width:40%;
+ min-height: 90px;
+ padding-right: 5%;
+ padding-top: 2%;
+ }
+
+ .bkuimage {
+ width: 90%;
+ height: auto;
+ }
+
+ #mandate{
+ text-align:center;
+ padding : 5px 5px 5px 5px;
+ }
+
+ button, .sendButton {
+/* background: #BUTTON_BACKGROUNDCOLOR#;
color: #BUTTON_COLOR#; */
- cursor: pointer;
-
- /* border:1px solid #000;
+ cursor: pointer;
+
+/* border:1px solid #000;
box-shadow: 3px 3px 3px #222222; */
-}
-
-button:hover,button:focus,button:active,.sendButton:hover,.sendButton:focus,.sendButton:active,#mandateCheckBox:hover,#mandateCheckBox:focus,#mandateCheckBox:active
- {
- /* background: #BUTTON_BACKGROUNDCOLOR_FOCUS#;
- color: #BUTTON_COLOR#; */
- cursor: pointer;
-
- /* border:1px solid #000;
+ }
+
+ button:hover, button:focus, button:active,
+ .sendButton:hover , .sendButton:focus, .sendButton:active,
+ #mandateCheckBox:hover, #mandateCheckBox:focus, #mandateCheckBox:active {
+/* background: #BUTTON_BACKGROUNDCOLOR_FOCUS#;
+ color: #BUTTON_COLOR#; */
+ cursor: pointer;
+
+/* border:1px solid #000;
box-shadow: -1px -1px 3px #222222; */
-}
-
-#installJava,#BrowserNOK {
- clear: both;
- font-size: 0.8em;
- padding: 4px;
-}
-
-.selectText {
-
-}
-
-.selectTextHeader {
-
-}
-
-#leftcontent a {
- text-decoration: none;
- color: #000;
- /* display:block;*/
- padding: 4px;
-}
-
-#leftcontent a:hover,#leftcontent a:focus,#leftcontent a:active {
- text-decoration: underline;
- color: #000;
-}
-
-.infobutton {
- background-color: #005a00;
- color: white;
- font-family: serif;
- text-decoration: none;
- padding-top: 2px;
- padding-right: 4px;
- padding-bottom: 2px;
- padding-left: 4px;
- font-weight: bold;
-}
-
-.hell {
- background-color: #MAIN_BACKGOUNDCOLOR#;
- color: #MAIN_COLOR#;
-}
-
-.dunkel {
- background-color: #HEADER_BACKGROUNDCOLOR#;
- color: #HEADER_COLOR#;
-}
-
-.main_header {
- color: black;
- font-size: 32pt;
- position: absolute;
- right: 10%;
- top: 40px;
-}
-</style>
-
-
-<title>Anmeldung an Online-Applikation</title>
+ }
+
+ #installJava, #BrowserNOK {
+ clear:both;
+ font-size:0.8em;
+ padding:4px;
+ }
+
+ .selectText{
+
+ }
+
+ .selectTextHeader{
+
+ }
+
+ #leftcontent a {
+ text-decoration:none;
+ color: #000;
+ /* display:block;*/
+ padding:4px;
+ }
+
+ #leftcontent a:hover, #leftcontent a:focus, #leftcontent a:active {
+ text-decoration:underline;
+ color: #000;
+ }
+
+ .infobutton {
+ background-color: #005a00;
+ color: white;
+ font-family: serif;
+ text-decoration: none;
+ padding-top: 2px;
+ padding-right: 4px;
+ padding-bottom: 2px;
+ padding-left: 4px;
+ font-weight: bold;
+ }
+
+ .hell {
+ background-color : #MAIN_BACKGOUNDCOLOR#;
+ color: #MAIN_COLOR#;
+ }
+
+ .dunkel {
+ background-color: #HEADER_BACKGROUNDCOLOR#;
+ color: #HEADER_COLOR#;
+ }
+
+ .main_header {
+ color: black;
+ font-size: 32pt;
+ position: absolute;
+ right: 10%;
+ top: 40px;
+
+ }
+
+ </style>
+
+
+ <title>Anmeldung an Online-Applikation</title>
</head>
<body>
- <div id="page">
-
- <div id="page1" class="case selected-case" role="main">
-
- <!-- <h2 class="OA_header">Anmeldung an: #OAName#</h2> -->
-
- <div id="main">
- <div id="leftcontent" class="hell">
- <div id="bku_header" class="dunkel">
- <h2 id="tabheader" class="dunkel" role="heading">
- Anmeldeinformationen:</h2>
- </div>
-
- <div id="selectArea" class="hell" role="application">
- <h3>Anmeldung an: #OAName#</h3>
-
- <!-- <div class="hell"> -->
- <div id="leftbutton">
- <form method="post" id="moaidform_yes" action="#URL#">
- <input type="hidden" name="value" value="true"> <input
- type="hidden" name="mod" value="#MODUL#"> <input
- type="hidden" name="action" value="#ACTION#"> <input
- type="hidden" name="identifier" value="#ID#"> <input
- type="submit" value="Ja"
- class="setAssertionButton_full sendButton" role="button">
- </form>
- </div>
- <div id="rightbutton">
- <form method="post" id="moaidform_no" action="#URL#">
- <input type="hidden" name="value" value="false"> <input
- type="hidden" name="mod" value="#MODUL#"> <input
- type="hidden" name="action" value="#ACTION#"> <input
- type="hidden" name="identifier" value="#ID#"> <input
- type="submit" value="Nein"
- class="setAssertionButton_full sendButton" role="button">
- </form>
- </div>
-
+ <div id="page">
+
+ <div id="page1" class="case selected-case" role="main">
+
+<!-- <h2 class="OA_header">Anmeldung an: #OAName#</h2> -->
+
+ <div id="main">
+ <div id="leftcontent" class="hell">
+ <div id="bku_header" class="dunkel">
+ <h2 id="tabheader" class="dunkel" role="heading">
+ Anmeldeinformationen:
+ </h2>
+ </div>
+
+ <div id="selectArea" class="hell" role="application">
+ <h3>Anmeldung an: #OAName#</h3>
+
+<!-- <div class="hell"> -->
+ <div id="leftbutton">
+ <form method="post" id="moaidform_yes" action="#URL#">
+ <input type="hidden" name="value" value="true">
+ <input type="hidden" name="mod" value="#MODUL#">
+ <input type="hidden" name="action" value="#ACTION#">
+ <input type="hidden" name="identifier" value="#ID#">
+ <input type="submit" value="Ja" class="setAssertionButton_full sendButton" role="button">
+ </form>
+ </div>
+ <div id="rightbutton">
+ <form method="post" id="moaidform_no" action="#URL#">
+ <input type="hidden" name="value" value="false">
+ <input type="hidden" name="mod" value="#MODUL#">
+ <input type="hidden" name="action" value="#ACTION#">
+ <input type="hidden" name="identifier" value="#ID#">
+ <input type="submit" value="Nein" class="setAssertionButton_full sendButton" role="button">
+ </form>
+ </div>
+
+ </div>
</div>
</div>
- </div>
- </div>
- <div id="validation">
- <a href="http://validator.w3.org/check?uri="> <img
- style="border: 0; width: 88px; height: 31px"
- src="#CONTEXTPATH#/img/valid-html5-blue.png" alt="HTML5 ist valide!" />
- </a> <a href="http://jigsaw.w3.org/css-validator/"> <img
- style="border: 0; width: 88px; height: 31px"
- src="https://jigsaw.w3.org/css-validator/images/vcss-blue"
- alt="CSS ist valide!" />
- </a>
</div>
+ <!--div id="validation">
+ <a href="http://validator.w3.org/check?uri=">
+ <img style="border:0;width:88px;height:31px"
+ src="#CONTEXTPATH#/img/valid-html5-blue.png"
+ alt="HTML5 ist valide!" />
+ </a>
+ <a href="http://jigsaw.w3.org/css-validator/">
+ <img style="border:0;width:88px;height:31px"
+ src="http://jigsaw.w3.org/css-validator/images/vcss-blue"
+ alt="CSS ist valide!" />
+ </a>
+ </div-->
</div>
</body>
</html>
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html b/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html
index 8976b2bd6..a9d73e0d3 100644
--- a/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html
+++ b/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html
@@ -380,7 +380,21 @@
function sloTimeOut() {
window.location.href="$timeoutURL";
- }
+ }
+ function RestartAfterDelay() {
+ var eDate = null;
+ var MilliSekZeit = 0;
+ var SysDatumJetzt = new Date();
+ var SysDatumJetztMilli = SysDatumJetzt.getTime();
+
+ do {
+ eDate = new Date();
+ MilliSekZeit = eDate.getTime();
+
+ } while ((MilliSekZeit-SysDatumJetztMilli) < $timeout);
+
+ sloTimeOut();
+ }
</script>
#end
@@ -430,22 +444,21 @@
</div>
</div>
</div>
- <div id="validation">
+ <!--div id="validation">
<a href="http://validator.w3.org/check?uri="> <img
style="border: 0; width: 88px; height: 31px"
src="$contextpath/img/valid-html5-blue.png" alt="HTML5 ist valide!" />
</a> <a href="http://jigsaw.w3.org/css-validator/"> <img
style="border: 0; width: 88px; height: 31px"
- src="https://jigsaw.w3.org/css-validator/images/vcss-blue"
+ src="http://jigsaw.w3.org/css-validator/images/vcss-blue"
alt="CSS ist valide!" />
</a>
- </div>
+ </div-->
</div>
#foreach( $el in $redirectURLs )
<iframe src=$el class="reqframe"></iframe>
#end
-
</body>
</html> \ No newline at end of file
diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml
index a81744edf..d242147f1 100644
--- a/id/server/moa-id-commons/pom.xml
+++ b/id/server/moa-id-commons/pom.xml
@@ -114,7 +114,19 @@
<version>2.2.11</version>
</dependency>
- <dependency>
+ <dependency>
+ <groupId>org.jvnet.jaxb2_commons</groupId>
+ <artifactId>jaxb2-commons-lang</artifactId>
+ <version>2.4</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.jvnet.jaxb2_commons</groupId>
+ <artifactId>jaxb2-basics-runtime</artifactId>
+ <version>0.11.0</version>
+ </dependency>
+
+<!-- <dependency>
<groupId>org.hibernate.javax.persistence</groupId>
<artifactId>hibernate-jpa-2.1-api</artifactId>
<version>1.0.0.Final</version>
@@ -144,7 +156,8 @@
<groupId>org.springframework</groupId>
</exclusion>
</exclusions>
- </dependency>
+ </dependency> -->
+
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
@@ -165,7 +178,7 @@
<artifactId>spring-orm</artifactId>
</dependency>
- <dependency>
+ <dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
</dependency>
@@ -190,12 +203,14 @@
<groupId>cglib</groupId>
<artifactId>cglib</artifactId>
<version>2.2.2</version>
+ <scope>test</scope>
</dependency>
<dependency>
<groupId>com.h2database</groupId>
<artifactId>h2</artifactId>
<version>1.4.178</version>
+ <scope>test</scope>
</dependency>
<dependency>
@@ -204,6 +219,10 @@
<version>1.4</version>
</dependency>
+ <dependency>
+ <groupId>org.apache.commons</groupId>
+ <artifactId>commons-collections4</artifactId>
+ </dependency>
</dependencies>
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java
index a04b8f454..a28fe6a7b 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java
@@ -61,6 +61,7 @@ public class MOAIDConstants {
public static final List<String> ALLOWED_KEYBOXIDENTIFIER;
public static final List<String> ALLOWED_REDIRECTTARGETNAMES;
public static final List<String> ALLOWED_STORKATTRIBUTEPROVIDERS;
+ public static final List<String> JDBC_DRIVER_NEEDS_WORKAROUND;
static {
@@ -105,4 +106,11 @@ public class MOAIDConstants {
}
+ static {
+ List<String> jdbcDriverWorkaround = new ArrayList<String>();
+ jdbcDriverWorkaround.add("oracle.jdbc.");
+ jdbcDriverWorkaround.add("com.microsoft.sqlserver.");
+ JDBC_DRIVER_NEEDS_WORKAROUND = Collections.unmodifiableList(jdbcDriverWorkaround);
+ }
+
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
index c53aeff3f..63d8f463c 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
@@ -1188,6 +1188,9 @@ public class ConfigurationMigrationUtils {
result.put(MOAIDConfigurationConstants.GENERAL_PUBLICURLPREFIX,
authgen.getPublicURLPreFix());
+ result.put(MOAIDConfigurationConstants.GENERAL_ISVIRTUALIDPSENABLED,
+ String.valueOf(authgen.isVirtualPublicURLPrefixEnabled()));
+
TimeOuts timeouts = authgen.getTimeOuts();
if (timeouts != null) {
@@ -1480,6 +1483,16 @@ public class ConfigurationMigrationUtils {
dbauthgeneral.setPublicURLPreFix(moaconfig.get(MOAIDConfigurationConstants.GENERAL_PUBLICURLPREFIX));
+ if (MiscUtil.isNotEmpty(moaconfig.get(MOAIDConfigurationConstants.GENERAL_ISVIRTUALIDPSENABLED))) {
+ dbauthgeneral.setVirtualPublicURLPrefixEnabled(
+ Boolean.valueOf(
+ moaconfig.get(MOAIDConfigurationConstants.GENERAL_ISVIRTUALIDPSENABLED)));
+
+ } else {
+ dbauthgeneral.setVirtualPublicURLPrefixEnabled(false);
+
+ }
+
if (MiscUtil.isNotEmpty(moaconfig.get(MOAIDConfigurationConstants.GENERAL_AUTH_CERTSTORE_URL)))
dbauthgeneral.setCertStoreDirectory(moaconfig.get(MOAIDConfigurationConstants.GENERAL_AUTH_CERTSTORE_URL));
@@ -1788,11 +1801,17 @@ public class ConfigurationMigrationUtils {
}
// try {
- List<TransformsInfoType> trans = new ArrayList<TransformsInfoType>();
- TransformsInfoType elem = new TransformsInfoType();
- elem.setTransformation(moaconfig.get(MOAIDConfigurationConstants.GENERAL_AUTH_AUTHBLOCK_TRANSFORMATION_BASE64).getBytes());
- elem.setFilename(moaconfig.get(MOAIDConfigurationConstants.GENERAL_AUTH_AUTHBLOCK_TRANSFORMATION_NAME));
- trans.add(elem);
+ List<TransformsInfoType> trans = new ArrayList<TransformsInfoType>();
+ if (MiscUtil.isNotEmpty(moaconfig.get(MOAIDConfigurationConstants.GENERAL_AUTH_AUTHBLOCK_TRANSFORMATION_BASE64))) {
+ TransformsInfoType elem = new TransformsInfoType();
+ elem.setTransformation(moaconfig.get(MOAIDConfigurationConstants.GENERAL_AUTH_AUTHBLOCK_TRANSFORMATION_BASE64).getBytes());
+ elem.setFilename(moaconfig.get(MOAIDConfigurationConstants.GENERAL_AUTH_AUTHBLOCK_TRANSFORMATION_NAME));
+ trans.add(elem);
+
+ } else {
+ Logger.info("No AuthBlock-Transformation found.");
+
+ }
seclayertrans.setTransformsInfo(trans);
// } catch (IOException e) {
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationUtil.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationUtil.java
index 4130b2c5d..e24cb8606 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationUtil.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationUtil.java
@@ -27,8 +27,6 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.STORK;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
-import com.fasterxml.jackson.core.JsonProcessingException;
-
public class ConfigurationUtil {
final boolean isOverwriteData;
@@ -83,7 +81,7 @@ public class ConfigurationUtil {
* is thrown if problem occurred while serializing one of the
* database values
*/
- public static Properties moaIdConfigToJsonProperties(MOAIDConfiguration config) throws JsonProcessingException {
+ public static Properties moaIdConfigToJsonProperties(MOAIDConfiguration config) {
Properties result = new Properties();
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java
index c338c65ba..7d9fc452a 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java
@@ -186,6 +186,7 @@ public final class MOAIDConfigurationConstants extends MOAIDConstants {
//Namespaces for general MOA-ID config
public static final String GENERAL_PUBLICURLPREFIX = PREFIX_MOAID_GENERAL + ".publicURLPrefix";
+ public static final String GENERAL_ISVIRTUALIDPSENABLED = PREFIX_MOAID_GENERAL + ".isVirtualIDPsEnabled";
private static final String GENERAL_DEFAULTS = PREFIX_MOAID_GENERAL + ".defaults";
private static final String GENERAL_DEFAULTS_BKU = GENERAL_DEFAULTS + "." + BKU;
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/JsonMapper.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/JsonMapper.java
deleted file mode 100644
index 6138d571b..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/JsonMapper.java
+++ /dev/null
@@ -1,73 +0,0 @@
-package at.gv.egovernment.moa.id.commons.config.persistence;
-
-import java.io.IOException;
-
-import com.fasterxml.jackson.annotation.JsonAutoDetect.Visibility;
-import com.fasterxml.jackson.annotation.PropertyAccessor;
-import com.fasterxml.jackson.core.JsonParseException;
-import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.JavaType;
-import com.fasterxml.jackson.databind.JsonMappingException;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import com.fasterxml.jackson.databind.SerializationFeature;
-import com.fasterxml.jackson.databind.type.TypeFactory;
-
-/**
- * Helper class to handle the JSON (de-)serialization.
- *
- */
-public class JsonMapper {
-
- private ObjectMapper mapper = new ObjectMapper();
-
- /**
- * The default constructor where the default pretty printer is disabled.
- */
- public JsonMapper() {
- this(false);
- }
-
- /**
- * The constructor.
- * @param prettyPrint enables or disables the default pretty printer
- */
- public JsonMapper(boolean prettyPrint) {
- mapper.setVisibility(PropertyAccessor.ALL, Visibility.NONE);
- mapper.setVisibility(PropertyAccessor.GETTER, Visibility.PUBLIC_ONLY);
- mapper.setVisibility(PropertyAccessor.IS_GETTER, Visibility.PUBLIC_ONLY);
- if (prettyPrint) {
- mapper.enable(SerializationFeature.INDENT_OUTPUT);
- }
- }
-
- /**
- * Serialize an object to a JSON string.
- * @param value the object to serialize
- * @return a JSON string
- * @throws JsonProcessingException thrown when an error occurs during serialization
- */
- public String serialize(Object value) throws JsonProcessingException {
- return mapper.writeValueAsString(value);
- }
-
- /**
- * Deserialize a JSON string.
- *
- * @param value the JSON string to deserialize
- * @param clazz optional parameter that determines the type of the returned object. If not set, an {@link Object} is returned.
- * @return the deserialized JSON string as an object of type {@code clazz} or {@link Object}
- * @throws JsonParseException if the JSON string contains invalid content.
- * @throws JsonMappingException if the input JSON structure does not match structure expected for result type
- * @throws IOException if an I/O problem occurs (e.g. unexpected end-of-input)
- */
- public <T> Object deserialize(String value, Class<T> clazz) throws JsonParseException, JsonMappingException, IOException{
-
- ObjectMapper mapper = new ObjectMapper();
- if (clazz != null) {
- JavaType javaType = TypeFactory.defaultInstance().constructType(clazz);
- return mapper.readValue(value, javaType);
- } else {
- return mapper.readValue(value, Object.class);
- }
- }
-}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBRead.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBRead.java
deleted file mode 100644
index 3836d5a1e..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBRead.java
+++ /dev/null
@@ -1,403 +0,0 @@
-///*******************************************************************************
-// * Copyright 2014 Federal Chancellery Austria
-// * MOA-ID has been developed in a cooperation between BRZ, the Federal
-// * Chancellery Austria - ICT staff unit, and Graz University of Technology.
-// *
-// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
-// * the European Commission - subsequent versions of the EUPL (the "Licence");
-// * You may not use this work except in compliance with the Licence.
-// * You may obtain a copy of the Licence at:
-// * http://www.osor.eu/eupl/
-// *
-// * Unless required by applicable law or agreed to in writing, software
-// * distributed under the Licence is distributed on an "AS IS" basis,
-// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// * See the Licence for the specific language governing permissions and
-// * limitations under the Licence.
-// *
-// * This product combines work with different licenses. See the "NOTICE" text
-// * file for details on the various modules and licenses.
-// * The "NOTICE" text file is part of the distribution. Any derivative works
-// * that you distribute must include a readable copy of the "NOTICE" text file.
-// *******************************************************************************/
-//package at.gv.egovernment.moa.id.commons.db;
-//
-//import java.util.ArrayList;
-//import java.util.HashMap;
-//import java.util.List;
-//import java.util.Map;
-//
-//import javax.persistence.EntityManager;
-//
-//import org.apache.commons.lang3.StringEscapeUtils;
-//
-//import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
-//import at.gv.egovernment.moa.logging.Logger;
-//import at.gv.egovernment.moa.util.MiscUtil;
-////import org.apache.commons.lang.StringEscapeUtils;
-//
-//import com.fasterxml.jackson.annotation.JsonProperty;
-//
-///**
-// *
-// * @author tlenz
-// *
-// * @deprecated
-// */
-//
-//@SuppressWarnings("rawtypes")
-//public class ConfigurationDBRead {
-//
-// private static Map<String, String> QUERIES = new HashMap<String, String>();
-//
-// static {
-// QUERIES.put("getActiveOnlineApplicationWithID", "select onlineapplication from OnlineApplication onlineapplication where onlineapplication.publicURLPrefix = SUBSTRING(:id, 1, LENGTH(onlineapplication.publicURLPrefix)) and onlineapplication.isActive = '1'");
-// QUERIES.put("getOnlineApplicationWithID", "select onlineapplication from OnlineApplication onlineapplication where onlineapplication.publicURLPrefix = SUBSTRING(:id, 1, LENGTH(onlineapplication.publicURLPrefix))");
-// QUERIES.put("getOnlineApplicationWithDBID", "select onlineapplication from OnlineApplication onlineapplication where onlineapplication.hjid = :id");
-// QUERIES.put("getAllOnlineApplications", "select onlineapplication from OnlineApplication onlineapplication");
-// QUERIES.put("getAllActiveOnlineApplications", "select onlineapplication from OnlineApplication onlineapplication where onlineapplication.isActive = '1'");
-// QUERIES.put("getAllNewOnlineApplications", "select onlineapplication from OnlineApplication onlineapplication where onlineapplication.isActive = '0' and onlineapplication.isAdminRequired = '1'");
-// QUERIES.put("getMOAIDConfiguration", "select moaidconfiguration from MOAIDConfiguration moaidconfiguration");
-// QUERIES.put("getUserWithUserID", "select userdatabase from UserDatabase userdatabase where userdatabase.hjid = :id");
-// QUERIES.put("getNewUserWithUserTokken", "select userdatabase from UserDatabase userdatabase where userdatabase.userRequestTokken = :tokken");
-// QUERIES.put("getAllNewUsers", "select userdatabase from UserDatabase userdatabase where userdatabase.userRequestTokken is null and userdatabase.isAdminRequest = '1' and userdatabase.isMailAddressVerified = '1'");
-// QUERIES.put("getAllOpenUsersRequests", "select userdatabase from UserDatabase userdatabase where userdatabase.userRequestTokken is not null and userdatabase.isAdminRequest = '1' and userdatabase.isMailAddressVerified = '0'");
-// QUERIES.put("getUserWithUserBPKWBPK", "select userdatabase from UserDatabase userdatabase where userdatabase.bpk = :bpk");
-// QUERIES.put("getUserWithUserUsername", "select userdatabase from UserDatabase userdatabase where userdatabase.username = :username");
-// QUERIES.put("getAllUsers", "select userdatabase from UserDatabase userdatabase");
-// QUERIES.put("getUsersWithOADBID", "select userdatabase from UserDatabase userdatabase inner join userdatabase.onlineApplication oa where oa.hjid = :id");
-// QUERIES.put("searchOnlineApplicationsWithID", "select onlineapplication from OnlineApplication onlineapplication where onlineapplication.friendlyName like :id");
-// }
-//
-//// public static OnlineApplication getActiveOnlineApplication(String id) {
-//// MiscUtil.assertNotNull(id, "OnlineApplictionID");
-//// Logger.trace("Getting OnlineApplication with ID " + id + " from database.");
-////
-//// List result;
-//// EntityManager session = ConfigurationDBUtils.getCurrentSession();
-////
-//// javax.persistence.Query query = session.createQuery(QUERIES.get("getActiveOnlineApplicationWithID"));
-//// //query.setParameter("id", id+"%");
-//// query.setParameter("id", StringEscapeUtils.escapeHtml4(id));
-//// result = query.getResultList();
-////
-//// Logger.trace("Found entries: " + result.size());
-////
-//// if (result.size() == 0) {
-//// Logger.debug("No entries found.");
-//// return null;
-//// }
-////
-//// if (result.size() > 1) {
-//// Logger.warn("OAIdentifier match to more then one DB-entry!");
-//// return null;
-//// }
-////
-//// return (OnlineApplication) result.get(0);
-//// }
-////
-//// public static OnlineApplication getOnlineApplication(String id) {
-//// MiscUtil.assertNotNull(id, "OnlineApplictionID");
-//// Logger.trace("Getting OnlineApplication with ID " + id + " from database.");
-////
-//// List result;
-//// EntityManager session = ConfigurationDBUtils.getCurrentSession();
-////
-//// javax.persistence.Query query = session.createQuery(QUERIES.get("getOnlineApplicationWithID"));
-//// //query.setParameter("id", id+"%");
-//// query.setParameter("id", id);
-//// result = query.getResultList();
-////
-//// Logger.trace("Found entries: " + result.size());
-////
-//// if (result.size() == 0) {
-//// Logger.trace("No entries found.");
-//// return null;
-//// }
-////
-//// if (result.size() > 1) {
-//// Logger.warn("OAIdentifier match to more then one DB-entry!");
-//// return null;
-//// }
-////
-//// return (OnlineApplication) result.get(0);
-//// }
-////
-//// public static OnlineApplication getOnlineApplication(long dbid) {
-//// MiscUtil.assertNotNull(dbid, "OnlineApplictionID");
-//// Logger.trace("Getting OnlineApplication with DBID " + dbid + " from database.");
-////
-//// List result;
-//// EntityManager session = ConfigurationDBUtils.getCurrentSession();
-////
-//// javax.persistence.Query query = session.createQuery(QUERIES.get("getOnlineApplicationWithDBID"));
-//// //query.setParameter("id", id+"%");
-//// query.setParameter("id", dbid);
-//// result = query.getResultList();
-////
-//// Logger.trace("Found entries: " + result.size());
-////
-//// if (result.size() == 0) {
-//// Logger.trace("No entries found.");
-//// return null;
-//// }
-////
-//// return (OnlineApplication) result.get(0);
-//// }
-////
-//// @JsonProperty("getMOAIDConfiguration")
-//// public static MOAIDConfiguration getMOAIDConfiguration() {
-//// Logger.trace("Load MOAID Configuration from database.");
-////
-//// List<MOAIDConfiguration> result;
-//// EntityManager session = ConfigurationDBUtils.getCurrentSession();
-////
-//// javax.persistence.Query query = session.createQuery(QUERIES.get("getMOAIDConfiguration"));
-//// result = query.getResultList();
-////
-//// Logger.trace("Found entries: " + result.size());
-////
-//// if (result.size() == 0) {
-//// Logger.trace("No entries found. Create fresh instance.");
-//// return null;
-//// }
-////
-//// return (MOAIDConfiguration) result.get(0);
-//// }
-////
-//// @JsonProperty("getAllOnlineApplications")
-//// public static List<OnlineApplication> getAllOnlineApplications() {
-//// Logger.trace("Get All OnlineApplications from database.");
-////
-//// List<OnlineApplication> result = null;
-//// EntityManager session = ConfigurationDBUtils.getCurrentSession();
-////
-//// javax.persistence.Query query = session.createQuery(QUERIES.get("getAllOnlineApplications"));
-//// result = query.getResultList();
-////
-//// Logger.trace("Found entries: " + result.size());
-////
-//// if (result.size() == 0) {
-//// Logger.trace("No entries found.");
-//// return null;
-//// }
-//// return result;
-//// }
-////
-//// public static List<OnlineApplication> getAllNewOnlineApplications() {
-//// Logger.trace("Get All OnlineApplications from database.");
-////
-//// List<OnlineApplication> result;
-//// EntityManager session = ConfigurationDBUtils.getCurrentSession();
-////
-//// javax.persistence.Query query = session.createQuery(QUERIES.get("getAllNewOnlineApplications"));
-//// result = query.getResultList();
-////
-//// Logger.trace("Found entries: " + result.size());
-////
-//// if (result.size() == 0) {
-//// Logger.trace("No entries found.");
-//// return null;
-//// }
-//// return result;
-//// }
-////
-//// @JsonProperty("getAllUsers")
-//// public static List<UserDatabase> getAllUsers() {
-//// Logger.trace("Get All OnlineApplications from database.");
-////
-//// List<UserDatabase> result;
-//// EntityManager session = ConfigurationDBUtils.getCurrentSession();
-////
-//// javax.persistence.Query query = session.createQuery(QUERIES.get("getAllUsers"));
-//// result = query.getResultList();
-////
-//// Logger.trace("Found entries: " + result.size());
-////
-//// if (result.size() == 0) {
-//// Logger.trace("No entries found.");
-//// return null;
-//// }
-//// return result;
-//// }
-////
-//// public static List<OnlineApplication> getAllActiveOnlineApplications() {
-//// Logger.trace("Get All active OnlineApplications from database.");
-////
-//// List<OnlineApplication> result;
-//// EntityManager session = ConfigurationDBUtils.getCurrentSession();
-////
-//// javax.persistence.Query query = session.createQuery(QUERIES.get("getAllActiveOnlineApplications"));
-//// result = query.getResultList();
-////
-//// Logger.trace("Found entries: " + result.size());
-////
-//// if (result.size() == 0) {
-//// Logger.trace("No entries found.");
-//// result = new ArrayList<OnlineApplication>();
-////
-//// }
-//// return result;
-//// }
-////
-//// @SuppressWarnings("rawtypes")
-//// public static List<OnlineApplication> searchOnlineApplications(String id) {
-//// MiscUtil.assertNotNull(id, "OnlineApplictionID");
-//// Logger.trace("Getting OnlineApplication with ID " + id + " from database.");
-////
-//// List<OnlineApplication> result;
-//// EntityManager session = ConfigurationDBUtils.getCurrentSession();
-////
-//// javax.persistence.Query query = session.createQuery(QUERIES.get("searchOnlineApplicationsWithID"));
-//// query.setParameter("id", "%" + id + "%");
-////
-//// result = query.getResultList();
-////
-//// Logger.trace("Found entries: " + result.size());
-////
-//// if (result.size() == 0) {
-//// Logger.trace("No entries found.");
-//// return null;
-//// }
-////
-//// return result;
-//// }
-////
-//// public static UserDatabase getUserWithID(long id) {
-//// MiscUtil.assertNotNull(id, "UserID");
-//// Logger.trace("Getting Userinformation with ID " + id + " from database.");
-////
-//// List<UserDatabase> result;
-//// EntityManager session = ConfigurationDBUtils.getCurrentSession();
-////
-//// javax.persistence.Query query = session.createQuery(QUERIES.get("getUserWithUserID"));
-//// query.setParameter("id", id);
-//// result = query.getResultList();
-////
-//// Logger.trace("Found entries: " + result.size());
-////
-//// if (result.size() == 0) {
-//// Logger.trace("No entries found.");
-//// return null;
-//// }
-//// return (UserDatabase) result.get(0);
-//// }
-////
-//// public static UserDatabase getUsersWithOADBID(long id) {
-//// MiscUtil.assertNotNull(id, "OADBID");
-//// Logger.trace("Getting Userinformation with OADBID " + id + " from database.");
-////
-//// List<UserDatabase> result;
-//// EntityManager session = ConfigurationDBUtils.getCurrentSession();
-////
-//// javax.persistence.Query query = session.createQuery(QUERIES.get("getUsersWithOADBID"));
-//// query.setParameter("id", id);
-//// result = query.getResultList();
-////
-//// Logger.trace("Found entries: " + result.size());
-////
-//// if (result.size() == 0) {
-//// Logger.trace("No entries found.");
-//// return null;
-//// }
-//// return (UserDatabase) result.get(0);
-//// }
-////
-//// public static UserDatabase getUserWithUserName(String username) {
-//// MiscUtil.assertNotNull(username, "UserName");
-//// Logger.trace("Getting Userinformation with ID " + username + " from database.");
-////
-//// List<UserDatabase> result;
-//// EntityManager session = ConfigurationDBUtils.getCurrentSession();
-////
-//// javax.persistence.Query query = session.createQuery(QUERIES.get("getUserWithUserUsername"));
-//// query.setParameter("username", username);
-//// result = query.getResultList();
-////
-//// Logger.trace("Found entries: " + result.size());
-////
-//// if (result.size() == 0) {
-//// Logger.trace("No entries found.");
-//// return null;
-//// }
-//// return (UserDatabase) result.get(0);
-//// }
-////
-//// public static UserDatabase getUserWithUserBPKWBPK(String bpkwbpk) {
-//// MiscUtil.assertNotNull(bpkwbpk, "bpk/wbpk");
-//// Logger.trace("Getting Userinformation with ID " + bpkwbpk + " from database.");
-////
-//// List<UserDatabase> result;
-//// EntityManager session = ConfigurationDBUtils.getCurrentSession();
-////
-//// javax.persistence.Query query = session.createQuery(QUERIES.get("getUserWithUserBPKWBPK"));
-//// query.setParameter("bpk", bpkwbpk);
-//// result = query.getResultList();
-////
-//// Logger.trace("Found entries: " + result.size());
-////
-//// if (result.size() == 0) {
-//// Logger.trace("No entries found.");
-//// return null;
-//// }
-//// return (UserDatabase) result.get(0);
-//// }
-////
-//// public static UserDatabase getNewUserWithTokken(String tokken) {
-//// MiscUtil.assertNotNull(tokken, "bpk/wbpk");
-//// Logger.trace("Getting Userinformation with Tokken " + tokken + " from database.");
-////
-//// List<UserDatabase> result;
-//// EntityManager session = ConfigurationDBUtils.getCurrentSession();
-////
-//// javax.persistence.Query query = session.createQuery(QUERIES.get("getNewUserWithUserTokken"));
-//// query.setParameter("tokken", tokken);
-//// result = query.getResultList();
-////
-//// Logger.trace("Found entries: " + result.size());
-////
-//// if (result.size() == 0) {
-//// Logger.trace("No entries found.");
-//// return null;
-//// }
-//// return (UserDatabase) result.get(0);
-//// }
-////
-//// public static List<UserDatabase> getAllNewUsers() {
-//// Logger.trace("Get all new Users from Database");
-////
-//// List<UserDatabase> result;
-//// EntityManager session = ConfigurationDBUtils.getCurrentSession();
-////
-//// javax.persistence.Query query = session.createQuery(QUERIES.get("getAllNewUsers"));
-//// result = query.getResultList();
-////
-//// Logger.trace("Found entries: " + result.size());
-////
-//// if (result.size() == 0) {
-//// Logger.trace("No entries found.");
-//// return null;
-//// }
-//// return result;
-//// }
-////
-//// public static List<UserDatabase> getAllOpenUsersRequests() {
-//// Logger.trace("Get all new Users from Database");
-////
-//// List<UserDatabase> result;
-//// EntityManager session = ConfigurationDBUtils.getCurrentSession();
-////
-//// javax.persistence.Query query = session.createQuery(QUERIES.get("getAllOpenUsersRequests"));
-//// result = query.getResultList();
-////
-//// Logger.trace("Found entries: " + result.size());
-////
-//// if (result.size() == 0) {
-//// Logger.trace("No entries found.");
-//// return null;
-//// }
-//// return result;
-//// }
-//}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBUtils.java
deleted file mode 100644
index 7f996cca7..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBUtils.java
+++ /dev/null
@@ -1,233 +0,0 @@
-///*******************************************************************************
-// * Copyright 2014 Federal Chancellery Austria
-// * MOA-ID has been developed in a cooperation between BRZ, the Federal
-// * Chancellery Austria - ICT staff unit, and Graz University of Technology.
-// *
-// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
-// * the European Commission - subsequent versions of the EUPL (the "Licence");
-// * You may not use this work except in compliance with the Licence.
-// * You may obtain a copy of the Licence at:
-// * http://www.osor.eu/eupl/
-// *
-// * Unless required by applicable law or agreed to in writing, software
-// * distributed under the Licence is distributed on an "AS IS" basis,
-// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// * See the Licence for the specific language governing permissions and
-// * limitations under the Licence.
-// *
-// * This product combines work with different licenses. See the "NOTICE" text
-// * file for details on the various modules and licenses.
-// * The "NOTICE" text file is part of the distribution. Any derivative works
-// * that you distribute must include a readable copy of the "NOTICE" text file.
-// *******************************************************************************/
-//package at.gv.egovernment.moa.id.commons.db;
-//
-//import java.util.Properties;
-//
-//import javax.persistence.EntityManager;
-//import javax.persistence.EntityManagerFactory;
-//import javax.persistence.EntityTransaction;
-//import javax.persistence.Persistence;
-//
-//import org.hibernate.HibernateException;
-//
-//import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-//import at.gv.egovernment.moa.logging.Logger;
-//
-//public final class ConfigurationDBUtils {
-//
-// private static EntityManagerFactory entitymanagerfactory;
-//
-// @SuppressWarnings("rawtypes")
-// private static final ThreadLocal THREAD_LOCAL_CONFIG = new ThreadLocal();
-// private static boolean automaticSessionHandling = false;
-//
-// protected ConfigurationDBUtils() { }
-//
-// public static void initHibernate(Properties props) throws MOADatabaseException {
-//
-//// try {
-////
-//// Logger.debug("Creating initial session factory...");
-////
-//// entitymanagerfactory =
-//// Persistence.createEntityManagerFactory("at.gv.egovernment.moa.id.commons.db.dao.config",
-//// props);
-////
-//// Logger.debug("Initial ConfigDB session factory successfully created.");
-////
-////
-//// } catch (Throwable ex) {
-//// Logger.error("Initial session factory creation failed: " + ex.getMessage());
-//// throw new MOADatabaseException("Initialization of Configuration Hibernate session factory failed.",ex);
-//// }
-// }
-//
-//
-//// /**
-//// * Checks if a session factory is currently available. If necessary a new
-//// * session factory is created.
-//// *
-//// * @return current (or new) session factory
-//// * @throws HibernateException
-//// * thrown if a hibernate error occurs
-//// */
-//// public static EntityManager getCurrentSession() {
-//// if (automaticSessionHandling) {
-////
-//// return entitymanagerfactory.createEntityManager();
-//// }
-////
-//// EntityManager session = (EntityManager) THREAD_LOCAL_CONFIG.get();
-////
-//// if (session != null && session.isOpen()) {
-////
-//// //maybe a hack, but sometimes we do not know if the session is closed (session already closed but isOpen()=true)
-//// try {
-//// javax.persistence.Query query = session.createQuery("select userdatabase from UserDatabase userdatabase");
-//// query.getResultList();
-////
-//// } catch (Throwable e) {
-//// Logger.warn("JPA Session Handling Warning!!!! - This error should not occur.");
-//// session = getNewSession();
-//// }
-////
-//// } else
-//// session = getNewSession();
-////
-//// return session;
-//// }
-////
-//// @SuppressWarnings("unchecked")
-//// public static EntityManager getNewSession() {
-//// if (automaticSessionHandling) {
-//// Logger.warn("Session is being automatically handled by hibernate. Therefore this session maybe not being newly created. Use HibernateUtil.getCurrentSession() instead.");
-//// return entitymanagerfactory.createEntityManager();
-//// }
-//// EntityManager session = (EntityManager) THREAD_LOCAL_CONFIG.get();
-//// if (session != null ) {
-//// Logger.warn("Previous session has not been closed; closing ConfigDB session now.");
-//// closeSession();
-//// }
-//// Logger.debug("Opening new ConfigDB hibernate session...");
-//// try {
-//// session = entitymanagerfactory.createEntityManager();
-//// THREAD_LOCAL_CONFIG.set(session);
-//// } catch (HibernateException hex) {
-//// Logger.error(hex.getMessage());
-//// }
-//// return session;
-//// }
-//
-// /**
-// * Closes the current session.
-// *
-// * @throws HibernateException
-// * thrown if session is already closed or a hibernate error
-// * occurs.
-// *
-// * @deprecated
-// */
-//@SuppressWarnings("unchecked")
-//public static void closeSession() {
-//
-//}
-//
-//// /**
-//// * Closes the current session.
-//// *
-//// * @throws HibernateException
-//// * thrown if session is already closed or a hibernate error
-//// * occurs.
-//// */
-//// @SuppressWarnings("unchecked")
-//// public static void closeSession() {
-//// if (automaticSessionHandling) {
-//// Logger.warn("Session is being automatically handled by hibernate. Therefore the current session cannot be closed on demand.");
-//// return;
-//// }
-//// Logger.debug("Closing current ConfigDB hibernate session...");
-//// EntityManager session = (EntityManager) THREAD_LOCAL_CONFIG.get();
-//// THREAD_LOCAL_CONFIG.set(null);
-//// if (session != null) {
-//// try {
-//// session.close();
-////
-//// } catch (HibernateException hex) {
-//// Logger.error(hex.getMessage());
-//// }
-//// }
-//// }
-////
-//// public static boolean save(Object dbo) throws MOADatabaseException {
-//// EntityTransaction tx = null;
-////
-//// try {
-//// EntityManager session = ConfigurationDBUtils.getCurrentSession();
-//// tx = session.getTransaction();
-////
-//// synchronized (session) {
-//// tx.begin();
-//// session.merge(dbo);
-//// tx.commit();
-////
-//// session.clear();
-//// }
-//// return true;
-////
-//// } catch(HibernateException e) {
-//// Logger.warn("Error during Config database saveOrUpdate. Rollback.", e);
-//// tx.rollback();
-//// throw new MOADatabaseException(e);
-//// }
-//// }
-////
-////
-//// public static boolean saveOrUpdate(Object dbo) throws MOADatabaseException {
-//// EntityTransaction tx = null;
-////
-//// try {
-//// EntityManager session = ConfigurationDBUtils.getCurrentSession();
-//// tx = session.getTransaction();
-////
-//// synchronized (session) {
-//// tx.begin();
-////
-//// session.merge(dbo);
-//// session.flush();
-////
-//// tx.commit();
-////
-//// //session.clear();
-//// }
-//// return true;
-////
-//// } catch(HibernateException e) {
-//// Logger.warn("Error during Config database saveOrUpdate. Rollback.", e);
-//// tx.rollback();
-//// throw new MOADatabaseException(e);
-//// }
-//// }
-////
-//// public static boolean delete(Object dbo) {
-//// EntityTransaction tx = null;
-//// try {
-//// EntityManager session = ConfigurationDBUtils.getCurrentSession();
-//// tx = session.getTransaction();
-////
-//// synchronized (session) {
-//// tx.begin();
-//// session.remove(session.contains(dbo) ? dbo : session.merge(dbo));
-//// tx.commit();
-//// }
-////
-//// return true;
-////
-//// } catch(HibernateException e) {
-//// Logger.warn("Error during Config database delete. Rollback.", e);
-//// tx.rollback();
-//// return false;
-//// }
-//// }
-//
-//}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/MOASessionDBUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/MOASessionDBUtils.java
index 49e0634cb..ecb13ef34 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/MOASessionDBUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/MOASessionDBUtils.java
@@ -32,7 +32,6 @@ import org.hibernate.Transaction;
import org.hibernate.boot.registry.StandardServiceRegistryBuilder;
import org.hibernate.cfg.Configuration;
import org.hibernate.service.ServiceRegistry;
-import org.hibernate.service.ServiceRegistryBuilder;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.logging.Logger;
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/NewConfigurationDBRead.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/NewConfigurationDBRead.java
index c049eebc4..28c705c71 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/NewConfigurationDBRead.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/NewConfigurationDBRead.java
@@ -12,8 +12,6 @@ import at.gv.egovernment.moa.id.commons.config.ConfigurationMigrationUtils;
import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
import at.gv.egovernment.moa.id.commons.config.persistence.MOAIDConfiguration;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication;
-
-import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
import at.gv.egovernment.moa.logging.Logger;
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/NewConfigurationDBWrite.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/NewConfigurationDBWrite.java
deleted file mode 100644
index ccc7f33f1..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/NewConfigurationDBWrite.java
+++ /dev/null
@@ -1,52 +0,0 @@
-//package at.gv.egovernment.moa.id.commons.db;
-//
-//import java.util.Date;
-//import java.util.List;
-//
-//import org.springframework.beans.factory.annotation.Autowired;
-//import org.springframework.stereotype.Component;
-//
-//import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
-//import at.gv.egovernment.moa.id.commons.config.persistence.MOAIDConfiguration;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentGeneral;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.ChainingModes;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.DefaultBKUs;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.GenericConfiguration;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.SLRequestTemplates;
-//import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
-//import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-//
-///**
-// * This class is used for writing to the key-value database.
-// */
-//@Component
-//public class NewConfigurationDBWrite {
-//
-// private static MOAIDConfiguration conf;
-//
-// @Autowired(required = true)
-// public void setConfiguration(MOAIDConfiguration conf) {
-// // https://jira.spring.io/browse/SPR-3845
-// NewConfigurationDBWrite.conf = conf;
-// }
-//
-//
-//
-// /**
-// * @param user
-// */
-// public void saveOrUpdate(UserDatabase user) throws MOADatabaseException{
-// // TODO Auto-generated method stub
-//
-// }
-//
-// /**
-// * @param dbuser
-// */
-// public void delete(UserDatabase dbuser) {
-// // TODO Auto-generated method stub
-//
-// }
-//
-//}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/StatisticLogDBUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/StatisticLogDBUtils.java
index eac47f93f..7e031cc76 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/StatisticLogDBUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/StatisticLogDBUtils.java
@@ -32,7 +32,6 @@ import org.hibernate.Transaction;
import org.hibernate.boot.registry.StandardServiceRegistryBuilder;
import org.hibernate.cfg.Configuration;
import org.hibernate.service.ServiceRegistry;
-import org.hibernate.service.ServiceRegistryBuilder;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.logging.Logger;
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/CPEPS.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/CPEPS.java
index 11eca81f5..6dacc2ec4 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/CPEPS.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/CPEPS.java
@@ -11,20 +11,10 @@ package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.List;
-import javax.persistence.Basic;
+
import javax.persistence.CascadeType;
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Inheritance;
-import javax.persistence.InheritanceType;
-import javax.persistence.JoinColumn;
import javax.persistence.JoinTable;
import javax.persistence.ManyToMany;
-import javax.persistence.OneToMany;
-import javax.persistence.Table;
import javax.persistence.Transient;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
@@ -35,8 +25,7 @@ import javax.xml.bind.annotation.XmlSchemaType;
import javax.xml.bind.annotation.XmlType;
import javax.xml.bind.annotation.adapters.CollapsedStringAdapter;
import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
-import com.sun.tools.xjc.runtime.ZeroOneBooleanAdapter;
-import org.jvnet.hyperjaxb3.item.ItemUtils;
+
import org.jvnet.jaxb2_commons.lang.Equals;
import org.jvnet.jaxb2_commons.lang.EqualsStrategy;
import org.jvnet.jaxb2_commons.lang.HashCode;
@@ -46,6 +35,8 @@ import org.jvnet.jaxb2_commons.lang.JAXBHashCodeStrategy;
import org.jvnet.jaxb2_commons.locator.ObjectLocator;
import org.jvnet.jaxb2_commons.locator.util.LocatorUtils;
+import com.sun.tools.xjc.runtime.ZeroOneBooleanAdapter;
+
/**
* <p>Java class for anonymous complex type.
@@ -99,7 +90,7 @@ public class CPEPS
protected Boolean supportsXMLSignature;
@XmlAttribute(name = "Hjid")
protected Long hjid;
- protected transient List<CPEPSAttributeValueItem> attributeValueItems;
+ // protected transient List<CPEPSAttributeValueItem> attributeValueItems;
/**
* Gets the value of the attributeValue property.
@@ -293,31 +284,31 @@ public class CPEPS
this.hjid = value;
}
- @OneToMany(targetEntity = CPEPSAttributeValueItem.class, cascade = {
- CascadeType.ALL
- })
-
- public List<CPEPSAttributeValueItem> getAttributeValueItems() {
- if (this.attributeValueItems == null) {
- this.attributeValueItems = new ArrayList<CPEPSAttributeValueItem>();
- }
- if (ItemUtils.shouldBeWrapped(this.attributeValue)) {
- this.attributeValue = ItemUtils.wrap(this.attributeValue, this.attributeValueItems, CPEPSAttributeValueItem.class);
- }
- return this.attributeValueItems;
- }
-
- public void setAttributeValueItems(List<CPEPSAttributeValueItem> value) {
- this.attributeValue = null;
- this.attributeValueItems = null;
- this.attributeValueItems = value;
- if (this.attributeValueItems == null) {
- this.attributeValueItems = new ArrayList<CPEPSAttributeValueItem>();
- }
- if (ItemUtils.shouldBeWrapped(this.attributeValue)) {
- this.attributeValue = ItemUtils.wrap(this.attributeValue, this.attributeValueItems, CPEPSAttributeValueItem.class);
- }
- }
+// @OneToMany(targetEntity = CPEPSAttributeValueItem.class, cascade = {
+// CascadeType.ALL
+// })
+//
+// public List<CPEPSAttributeValueItem> getAttributeValueItems() {
+// if (this.attributeValueItems == null) {
+// this.attributeValueItems = new ArrayList<CPEPSAttributeValueItem>();
+// }
+// if (ItemUtils.shouldBeWrapped(this.attributeValue)) {
+// this.attributeValue = ItemUtils.wrap(this.attributeValue, this.attributeValueItems, CPEPSAttributeValueItem.class);
+// }
+// return this.attributeValueItems;
+// }
+//
+// public void setAttributeValueItems(List<CPEPSAttributeValueItem> value) {
+// this.attributeValue = null;
+// this.attributeValueItems = null;
+// this.attributeValueItems = value;
+// if (this.attributeValueItems == null) {
+// this.attributeValueItems = new ArrayList<CPEPSAttributeValueItem>();
+// }
+// if (ItemUtils.shouldBeWrapped(this.attributeValue)) {
+// this.attributeValue = ItemUtils.wrap(this.attributeValue, this.attributeValueItems, CPEPSAttributeValueItem.class);
+// }
+// }
public boolean equals(ObjectLocator thisLocator, ObjectLocator thatLocator, Object object, EqualsStrategy strategy) {
if (!(object instanceof CPEPS)) {
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/CPEPSAttributeValueItem.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/CPEPSAttributeValueItem.java
deleted file mode 100644
index 0af8c64b4..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/CPEPSAttributeValueItem.java
+++ /dev/null
@@ -1,93 +0,0 @@
-//
-// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, v2.2.4
-// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
-// Any modifications to this file will be lost upon recompilation of the source schema.
-// Generated on: 2015.07.20 at 12:19:30 PM CEST
-//
-
-
-package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated;
-
-import java.io.Serializable;
-import javax.persistence.Basic;
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Inheritance;
-import javax.persistence.InheritanceType;
-import javax.persistence.Table;
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlAttribute;
-import javax.xml.bind.annotation.XmlElement;
-import org.jvnet.hyperjaxb3.item.Item;
-
-@XmlAccessorType(XmlAccessType.FIELD)
-
-
-
-public class CPEPSAttributeValueItem
- implements Serializable, Item<String>
-{
-
- @XmlElement(name = "AttributeValue", namespace = "http://www.buergerkarte.at/namespaces/moaconfig#")
- protected String item;
- @XmlAttribute(name = "Hjid")
- protected Long hjid;
-
- /**
- * Gets the value of the item property.
- *
- * @return
- * possible object is
- * {@link String }
- *
- */
-
-
- public String getItem() {
- return item;
- }
-
- /**
- * Sets the value of the item property.
- *
- * @param value
- * allowed object is
- * {@link String }
- *
- */
- public void setItem(String value) {
- this.item = value;
- }
-
- /**
- * Gets the value of the hjid property.
- *
- * @return
- * possible object is
- * {@link Long }
- *
- */
-
-
-
- public Long getHjid() {
- return hjid;
- }
-
- /**
- * Sets the value of the hjid property.
- *
- * @param value
- * allowed object is
- * {@link Long }
- *
- */
- public void setHjid(Long value) {
- this.hjid = value;
- }
-
-}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/Contact.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/Contact.java
index 38835db05..25a9c03ea 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/Contact.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/Contact.java
@@ -11,18 +11,7 @@ package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.List;
-import javax.persistence.Basic;
-import javax.persistence.CascadeType;
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Inheritance;
-import javax.persistence.InheritanceType;
-import javax.persistence.JoinColumn;
-import javax.persistence.OneToMany;
-import javax.persistence.Table;
+
import javax.persistence.Transient;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
@@ -32,7 +21,7 @@ import javax.xml.bind.annotation.XmlRootElement;
import javax.xml.bind.annotation.XmlType;
import javax.xml.bind.annotation.adapters.CollapsedStringAdapter;
import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
-import org.jvnet.hyperjaxb3.item.ItemUtils;
+
import org.jvnet.jaxb2_commons.lang.Equals;
import org.jvnet.jaxb2_commons.lang.EqualsStrategy;
import org.jvnet.jaxb2_commons.lang.HashCode;
@@ -41,6 +30,7 @@ import org.jvnet.jaxb2_commons.lang.JAXBEqualsStrategy;
import org.jvnet.jaxb2_commons.lang.JAXBHashCodeStrategy;
import org.jvnet.jaxb2_commons.locator.ObjectLocator;
import org.jvnet.jaxb2_commons.locator.util.LocatorUtils;
+//import org.jvnet.hyperjaxb3.item.ItemUtils;
/**
@@ -109,8 +99,8 @@ public class Contact
protected List<String> phone;
@XmlAttribute(name = "Hjid")
protected Long hjid;
- protected transient List<ContactMailItem> mailItems;
- protected transient List<ContactPhoneItem> phoneItems;
+// protected transient List<ContactMailItem> mailItems;
+// protected transient List<ContactPhoneItem> phoneItems;
/**
* Gets the value of the surName property.
@@ -319,57 +309,57 @@ public class Contact
this.hjid = value;
}
- @OneToMany(targetEntity = ContactMailItem.class, cascade = {
- CascadeType.ALL
- })
-
- public List<ContactMailItem> getMailItems() {
- if (this.mailItems == null) {
- this.mailItems = new ArrayList<ContactMailItem>();
- }
- if (ItemUtils.shouldBeWrapped(this.mail)) {
- this.mail = ItemUtils.wrap(this.mail, this.mailItems, ContactMailItem.class);
- }
- return this.mailItems;
- }
-
- public void setMailItems(List<ContactMailItem> value) {
- this.mail = null;
- this.mailItems = null;
- this.mailItems = value;
- if (this.mailItems == null) {
- this.mailItems = new ArrayList<ContactMailItem>();
- }
- if (ItemUtils.shouldBeWrapped(this.mail)) {
- this.mail = ItemUtils.wrap(this.mail, this.mailItems, ContactMailItem.class);
- }
- }
-
- @OneToMany(targetEntity = ContactPhoneItem.class, cascade = {
- CascadeType.ALL
- })
-
- public List<ContactPhoneItem> getPhoneItems() {
- if (this.phoneItems == null) {
- this.phoneItems = new ArrayList<ContactPhoneItem>();
- }
- if (ItemUtils.shouldBeWrapped(this.phone)) {
- this.phone = ItemUtils.wrap(this.phone, this.phoneItems, ContactPhoneItem.class);
- }
- return this.phoneItems;
- }
-
- public void setPhoneItems(List<ContactPhoneItem> value) {
- this.phone = null;
- this.phoneItems = null;
- this.phoneItems = value;
- if (this.phoneItems == null) {
- this.phoneItems = new ArrayList<ContactPhoneItem>();
- }
- if (ItemUtils.shouldBeWrapped(this.phone)) {
- this.phone = ItemUtils.wrap(this.phone, this.phoneItems, ContactPhoneItem.class);
- }
- }
+// @OneToMany(targetEntity = ContactMailItem.class, cascade = {
+// CascadeType.ALL
+// })
+//
+// public List<ContactMailItem> getMailItems() {
+// if (this.mailItems == null) {
+// this.mailItems = new ArrayList<ContactMailItem>();
+// }
+// if (ItemUtils.shouldBeWrapped(this.mail)) {
+// this.mail = ItemUtils.wrap(this.mail, this.mailItems, ContactMailItem.class);
+// }
+// return this.mailItems;
+// }
+//
+// public void setMailItems(List<ContactMailItem> value) {
+// this.mail = null;
+// this.mailItems = null;
+// this.mailItems = value;
+// if (this.mailItems == null) {
+// this.mailItems = new ArrayList<ContactMailItem>();
+// }
+// if (ItemUtils.shouldBeWrapped(this.mail)) {
+// this.mail = ItemUtils.wrap(this.mail, this.mailItems, ContactMailItem.class);
+// }
+// }
+//
+// @OneToMany(targetEntity = ContactPhoneItem.class, cascade = {
+// CascadeType.ALL
+// })
+//
+// public List<ContactPhoneItem> getPhoneItems() {
+// if (this.phoneItems == null) {
+// this.phoneItems = new ArrayList<ContactPhoneItem>();
+// }
+// if (ItemUtils.shouldBeWrapped(this.phone)) {
+// this.phone = ItemUtils.wrap(this.phone, this.phoneItems, ContactPhoneItem.class);
+// }
+// return this.phoneItems;
+// }
+//
+// public void setPhoneItems(List<ContactPhoneItem> value) {
+// this.phone = null;
+// this.phoneItems = null;
+// this.phoneItems = value;
+// if (this.phoneItems == null) {
+// this.phoneItems = new ArrayList<ContactPhoneItem>();
+// }
+// if (ItemUtils.shouldBeWrapped(this.phone)) {
+// this.phone = ItemUtils.wrap(this.phone, this.phoneItems, ContactPhoneItem.class);
+// }
+// }
public boolean equals(ObjectLocator thisLocator, ObjectLocator thatLocator, Object object, EqualsStrategy strategy) {
if (!(object instanceof Contact)) {
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/ContactMailItem.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/ContactMailItem.java
deleted file mode 100644
index d7c656bd7..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/ContactMailItem.java
+++ /dev/null
@@ -1,93 +0,0 @@
-//
-// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, v2.2.4
-// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
-// Any modifications to this file will be lost upon recompilation of the source schema.
-// Generated on: 2015.07.20 at 12:19:30 PM CEST
-//
-
-
-package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated;
-
-import java.io.Serializable;
-import javax.persistence.Basic;
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Inheritance;
-import javax.persistence.InheritanceType;
-import javax.persistence.Table;
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlAttribute;
-import javax.xml.bind.annotation.XmlElement;
-import org.jvnet.hyperjaxb3.item.Item;
-
-@XmlAccessorType(XmlAccessType.FIELD)
-
-
-
-public class ContactMailItem
- implements Serializable, Item<String>
-{
-
- @XmlElement(name = "Mail", namespace = "http://www.buergerkarte.at/namespaces/moaconfig#")
- protected String item;
- @XmlAttribute(name = "Hjid")
- protected Long hjid;
-
- /**
- * Gets the value of the item property.
- *
- * @return
- * possible object is
- * {@link String }
- *
- */
-
-
- public String getItem() {
- return item;
- }
-
- /**
- * Sets the value of the item property.
- *
- * @param value
- * allowed object is
- * {@link String }
- *
- */
- public void setItem(String value) {
- this.item = value;
- }
-
- /**
- * Gets the value of the hjid property.
- *
- * @return
- * possible object is
- * {@link Long }
- *
- */
-
-
-
- public Long getHjid() {
- return hjid;
- }
-
- /**
- * Sets the value of the hjid property.
- *
- * @param value
- * allowed object is
- * {@link Long }
- *
- */
- public void setHjid(Long value) {
- this.hjid = value;
- }
-
-}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/ContactPhoneItem.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/ContactPhoneItem.java
deleted file mode 100644
index ae9c57ea0..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/ContactPhoneItem.java
+++ /dev/null
@@ -1,93 +0,0 @@
-//
-// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, v2.2.4
-// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
-// Any modifications to this file will be lost upon recompilation of the source schema.
-// Generated on: 2015.07.20 at 12:19:30 PM CEST
-//
-
-
-package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated;
-
-import java.io.Serializable;
-import javax.persistence.Basic;
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Inheritance;
-import javax.persistence.InheritanceType;
-import javax.persistence.Table;
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlAttribute;
-import javax.xml.bind.annotation.XmlElement;
-import org.jvnet.hyperjaxb3.item.Item;
-
-@XmlAccessorType(XmlAccessType.FIELD)
-
-
-
-public class ContactPhoneItem
- implements Serializable, Item<String>
-{
-
- @XmlElement(name = "Phone", namespace = "http://www.buergerkarte.at/namespaces/moaconfig#")
- protected String item;
- @XmlAttribute(name = "Hjid")
- protected Long hjid;
-
- /**
- * Gets the value of the item property.
- *
- * @return
- * possible object is
- * {@link String }
- *
- */
-
-
- public String getItem() {
- return item;
- }
-
- /**
- * Sets the value of the item property.
- *
- * @param value
- * allowed object is
- * {@link String }
- *
- */
- public void setItem(String value) {
- this.item = value;
- }
-
- /**
- * Gets the value of the hjid property.
- *
- * @return
- * possible object is
- * {@link Long }
- *
- */
-
-
-
- public Long getHjid() {
- return hjid;
- }
-
- /**
- * Sets the value of the hjid property.
- *
- * @param value
- * allowed object is
- * {@link Long }
- *
- */
- public void setHjid(Long value) {
- this.hjid = value;
- }
-
-}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/GeneralConfiguration.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/GeneralConfiguration.java
index 883245da8..d3e454e51 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/GeneralConfiguration.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/GeneralConfiguration.java
@@ -27,6 +27,7 @@ import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlRootElement;
import javax.xml.bind.annotation.XmlSchemaType;
+import javax.xml.bind.annotation.XmlTransient;
import javax.xml.bind.annotation.XmlType;
import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
import com.sun.tools.xjc.runtime.ZeroOneBooleanAdapter;
@@ -107,6 +108,9 @@ public class GeneralConfiguration
@XmlAttribute(name = "Hjid")
protected Long hjid;
+ @XmlTransient
+ protected boolean virtualPublicURLPrefixEnabled = false;
+
/**
* Gets the value of the timeOuts property.
*
@@ -322,7 +326,24 @@ public class GeneralConfiguration
return true;
}
- public boolean equals(Object object) {
+
+
+ /**
+ * @return the virtualPublicURLPrefixEnabled
+ */
+ public boolean isVirtualPublicURLPrefixEnabled() {
+ return virtualPublicURLPrefixEnabled;
+ }
+
+ /**
+ * @param virtualPublicURLPrefixEnabled the virtualPublicURLPrefixEnabled to set
+ */
+ public void setVirtualPublicURLPrefixEnabled(
+ boolean virtualPublicURLPrefixEnabled) {
+ this.virtualPublicURLPrefixEnabled = virtualPublicURLPrefixEnabled;
+ }
+
+ public boolean equals(Object object) {
final EqualsStrategy strategy = JAXBEqualsStrategy.INSTANCE;
return equals(null, null, object, strategy);
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/IdentityLinkSigners.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/IdentityLinkSigners.java
index c48d4522d..90f46efe1 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/IdentityLinkSigners.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/IdentityLinkSigners.java
@@ -11,24 +11,14 @@ package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.List;
-import javax.persistence.CascadeType;
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Inheritance;
-import javax.persistence.InheritanceType;
-import javax.persistence.JoinColumn;
-import javax.persistence.OneToMany;
-import javax.persistence.Table;
+
import javax.persistence.Transient;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlType;
-import org.jvnet.hyperjaxb3.item.ItemUtils;
+
import org.jvnet.jaxb2_commons.lang.Equals;
import org.jvnet.jaxb2_commons.lang.EqualsStrategy;
import org.jvnet.jaxb2_commons.lang.HashCode;
@@ -73,7 +63,7 @@ public class IdentityLinkSigners
protected List<String> x509SubjectName;
@XmlAttribute(name = "Hjid")
protected Long hjid;
- protected transient List<IdentityLinkSignersX509SubjectNameItem> x509SubjectNameItems;
+// protected transient List<IdentityLinkSignersX509SubjectNameItem> x509SubjectNameItems;
/**
* Gets the value of the x509SubjectName property.
@@ -140,31 +130,31 @@ public class IdentityLinkSigners
this.hjid = value;
}
- @OneToMany(targetEntity = IdentityLinkSignersX509SubjectNameItem.class, cascade = {
- CascadeType.ALL
- })
-
- public List<IdentityLinkSignersX509SubjectNameItem> getX509SubjectNameItems() {
- if (this.x509SubjectNameItems == null) {
- this.x509SubjectNameItems = new ArrayList<IdentityLinkSignersX509SubjectNameItem>();
- }
- if (ItemUtils.shouldBeWrapped(this.x509SubjectName)) {
- this.x509SubjectName = ItemUtils.wrap(this.x509SubjectName, this.x509SubjectNameItems, IdentityLinkSignersX509SubjectNameItem.class);
- }
- return this.x509SubjectNameItems;
- }
-
- public void setX509SubjectNameItems(List<IdentityLinkSignersX509SubjectNameItem> value) {
- this.x509SubjectName = null;
- this.x509SubjectNameItems = null;
- this.x509SubjectNameItems = value;
- if (this.x509SubjectNameItems == null) {
- this.x509SubjectNameItems = new ArrayList<IdentityLinkSignersX509SubjectNameItem>();
- }
- if (ItemUtils.shouldBeWrapped(this.x509SubjectName)) {
- this.x509SubjectName = ItemUtils.wrap(this.x509SubjectName, this.x509SubjectNameItems, IdentityLinkSignersX509SubjectNameItem.class);
- }
- }
+// @OneToMany(targetEntity = IdentityLinkSignersX509SubjectNameItem.class, cascade = {
+// CascadeType.ALL
+// })
+//
+// public List<IdentityLinkSignersX509SubjectNameItem> getX509SubjectNameItems() {
+// if (this.x509SubjectNameItems == null) {
+// this.x509SubjectNameItems = new ArrayList<IdentityLinkSignersX509SubjectNameItem>();
+// }
+// if (ItemUtils.shouldBeWrapped(this.x509SubjectName)) {
+// this.x509SubjectName = ItemUtils.wrap(this.x509SubjectName, this.x509SubjectNameItems, IdentityLinkSignersX509SubjectNameItem.class);
+// }
+// return this.x509SubjectNameItems;
+// }
+//
+// public void setX509SubjectNameItems(List<IdentityLinkSignersX509SubjectNameItem> value) {
+// this.x509SubjectName = null;
+// this.x509SubjectNameItems = null;
+// this.x509SubjectNameItems = value;
+// if (this.x509SubjectNameItems == null) {
+// this.x509SubjectNameItems = new ArrayList<IdentityLinkSignersX509SubjectNameItem>();
+// }
+// if (ItemUtils.shouldBeWrapped(this.x509SubjectName)) {
+// this.x509SubjectName = ItemUtils.wrap(this.x509SubjectName, this.x509SubjectNameItems, IdentityLinkSignersX509SubjectNameItem.class);
+// }
+// }
public boolean equals(ObjectLocator thisLocator, ObjectLocator thatLocator, Object object, EqualsStrategy strategy) {
if (!(object instanceof IdentityLinkSigners)) {
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/IdentityLinkSignersX509SubjectNameItem.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/IdentityLinkSignersX509SubjectNameItem.java
deleted file mode 100644
index c0679df1c..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/IdentityLinkSignersX509SubjectNameItem.java
+++ /dev/null
@@ -1,93 +0,0 @@
-//
-// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, v2.2.4
-// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
-// Any modifications to this file will be lost upon recompilation of the source schema.
-// Generated on: 2015.07.20 at 12:19:30 PM CEST
-//
-
-
-package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated;
-
-import java.io.Serializable;
-import javax.persistence.Basic;
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Inheritance;
-import javax.persistence.InheritanceType;
-import javax.persistence.Table;
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlAttribute;
-import javax.xml.bind.annotation.XmlElement;
-import org.jvnet.hyperjaxb3.item.Item;
-
-@XmlAccessorType(XmlAccessType.FIELD)
-
-
-
-public class IdentityLinkSignersX509SubjectNameItem
- implements Serializable, Item<String>
-{
-
- @XmlElement(name = "X509SubjectName", namespace = "http://www.buergerkarte.at/namespaces/moaconfig#")
- protected String item;
- @XmlAttribute(name = "Hjid")
- protected Long hjid;
-
- /**
- * Gets the value of the item property.
- *
- * @return
- * possible object is
- * {@link String }
- *
- */
-
-
- public String getItem() {
- return item;
- }
-
- /**
- * Sets the value of the item property.
- *
- * @param value
- * allowed object is
- * {@link String }
- *
- */
- public void setItem(String value) {
- this.item = value;
- }
-
- /**
- * Gets the value of the hjid property.
- *
- * @return
- * possible object is
- * {@link Long }
- *
- */
-
-
-
- public Long getHjid() {
- return hjid;
- }
-
- /**
- * Sets the value of the hjid property.
- *
- * @param value
- * allowed object is
- * {@link Long }
- *
- */
- public void setHjid(Long value) {
- this.hjid = value;
- }
-
-}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/LegacyAllowed.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/LegacyAllowed.java
index 12a48c88e..1a45642d1 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/LegacyAllowed.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/LegacyAllowed.java
@@ -11,24 +11,14 @@ package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.List;
-import javax.persistence.CascadeType;
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Inheritance;
-import javax.persistence.InheritanceType;
-import javax.persistence.JoinColumn;
-import javax.persistence.OneToMany;
-import javax.persistence.Table;
+
import javax.persistence.Transient;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlType;
-import org.jvnet.hyperjaxb3.item.ItemUtils;
+
import org.jvnet.jaxb2_commons.lang.Equals;
import org.jvnet.jaxb2_commons.lang.EqualsStrategy;
import org.jvnet.jaxb2_commons.lang.HashCode;
@@ -73,7 +63,7 @@ public class LegacyAllowed
protected List<String> protocolName;
@XmlAttribute(name = "Hjid")
protected Long hjid;
- protected transient List<LegacyAllowedProtocolNameItem> protocolNameItems;
+// protected transient List<LegacyAllowedProtocolNameItem> protocolNameItems;
/**
* Gets the value of the protocolName property.
@@ -140,31 +130,31 @@ public class LegacyAllowed
this.hjid = value;
}
- @OneToMany(targetEntity = LegacyAllowedProtocolNameItem.class, cascade = {
- CascadeType.ALL
- })
-
- public List<LegacyAllowedProtocolNameItem> getProtocolNameItems() {
- if (this.protocolNameItems == null) {
- this.protocolNameItems = new ArrayList<LegacyAllowedProtocolNameItem>();
- }
- if (ItemUtils.shouldBeWrapped(this.protocolName)) {
- this.protocolName = ItemUtils.wrap(this.protocolName, this.protocolNameItems, LegacyAllowedProtocolNameItem.class);
- }
- return this.protocolNameItems;
- }
-
- public void setProtocolNameItems(List<LegacyAllowedProtocolNameItem> value) {
- this.protocolName = null;
- this.protocolNameItems = null;
- this.protocolNameItems = value;
- if (this.protocolNameItems == null) {
- this.protocolNameItems = new ArrayList<LegacyAllowedProtocolNameItem>();
- }
- if (ItemUtils.shouldBeWrapped(this.protocolName)) {
- this.protocolName = ItemUtils.wrap(this.protocolName, this.protocolNameItems, LegacyAllowedProtocolNameItem.class);
- }
- }
+// @OneToMany(targetEntity = LegacyAllowedProtocolNameItem.class, cascade = {
+// CascadeType.ALL
+// })
+//
+// public List<LegacyAllowedProtocolNameItem> getProtocolNameItems() {
+// if (this.protocolNameItems == null) {
+// this.protocolNameItems = new ArrayList<LegacyAllowedProtocolNameItem>();
+// }
+// if (ItemUtils.shouldBeWrapped(this.protocolName)) {
+// this.protocolName = ItemUtils.wrap(this.protocolName, this.protocolNameItems, LegacyAllowedProtocolNameItem.class);
+// }
+// return this.protocolNameItems;
+// }
+//
+// public void setProtocolNameItems(List<LegacyAllowedProtocolNameItem> value) {
+// this.protocolName = null;
+// this.protocolNameItems = null;
+// this.protocolNameItems = value;
+// if (this.protocolNameItems == null) {
+// this.protocolNameItems = new ArrayList<LegacyAllowedProtocolNameItem>();
+// }
+// if (ItemUtils.shouldBeWrapped(this.protocolName)) {
+// this.protocolName = ItemUtils.wrap(this.protocolName, this.protocolNameItems, LegacyAllowedProtocolNameItem.class);
+// }
+// }
public boolean equals(ObjectLocator thisLocator, ObjectLocator thatLocator, Object object, EqualsStrategy strategy) {
if (!(object instanceof LegacyAllowed)) {
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/LegacyAllowedProtocolNameItem.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/LegacyAllowedProtocolNameItem.java
deleted file mode 100644
index 91aae9742..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/LegacyAllowedProtocolNameItem.java
+++ /dev/null
@@ -1,93 +0,0 @@
-//
-// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, v2.2.4
-// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
-// Any modifications to this file will be lost upon recompilation of the source schema.
-// Generated on: 2015.07.20 at 12:19:30 PM CEST
-//
-
-
-package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated;
-
-import java.io.Serializable;
-import javax.persistence.Basic;
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Inheritance;
-import javax.persistence.InheritanceType;
-import javax.persistence.Table;
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlAttribute;
-import javax.xml.bind.annotation.XmlElement;
-import org.jvnet.hyperjaxb3.item.Item;
-
-@XmlAccessorType(XmlAccessType.FIELD)
-
-
-
-public class LegacyAllowedProtocolNameItem
- implements Serializable, Item<String>
-{
-
- @XmlElement(name = "ProtocolName", namespace = "http://www.buergerkarte.at/namespaces/moaconfig#")
- protected String item;
- @XmlAttribute(name = "Hjid")
- protected Long hjid;
-
- /**
- * Gets the value of the item property.
- *
- * @return
- * possible object is
- * {@link String }
- *
- */
-
-
- public String getItem() {
- return item;
- }
-
- /**
- * Sets the value of the item property.
- *
- * @param value
- * allowed object is
- * {@link String }
- *
- */
- public void setItem(String value) {
- this.item = value;
- }
-
- /**
- * Gets the value of the hjid property.
- *
- * @return
- * possible object is
- * {@link Long }
- *
- */
-
-
-
- public Long getHjid() {
- return hjid;
- }
-
- /**
- * Sets the value of the hjid property.
- *
- * @param value
- * allowed object is
- * {@link Long }
- *
- */
- public void setHjid(Long value) {
- this.hjid = value;
- }
-
-}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/MOAIDConfiguration.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/MOAIDConfiguration.java
index 64e4be82b..810139c84 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/MOAIDConfiguration.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/MOAIDConfiguration.java
@@ -12,19 +12,10 @@ import java.io.Serializable;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
-import javax.persistence.Basic;
+
import javax.persistence.CascadeType;
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Inheritance;
-import javax.persistence.InheritanceType;
-import javax.persistence.JoinColumn;
import javax.persistence.ManyToOne;
import javax.persistence.OneToMany;
-import javax.persistence.Table;
import javax.persistence.Temporal;
import javax.persistence.TemporalType;
import javax.persistence.Transient;
@@ -37,8 +28,7 @@ import javax.xml.bind.annotation.XmlSchemaType;
import javax.xml.bind.annotation.XmlTransient;
import javax.xml.bind.annotation.XmlType;
import javax.xml.datatype.XMLGregorianCalendar;
-import org.jvnet.hyperjaxb3.xml.bind.annotation.adapters.XMLGregorianCalendarAsDateTime;
-import org.jvnet.hyperjaxb3.xml.bind.annotation.adapters.XmlAdapterUtils;
+
import org.jvnet.jaxb2_commons.lang.Equals;
import org.jvnet.jaxb2_commons.lang.EqualsStrategy;
import org.jvnet.jaxb2_commons.lang.HashCode;
@@ -511,22 +501,24 @@ public class MOAIDConfiguration
@Temporal(TemporalType.TIMESTAMP)
public Date getTimestampItem() {
- return XmlAdapterUtils.unmarshall(XMLGregorianCalendarAsDateTime.class, this.getTimestamp());
+ //return XmlAdapterUtils.unmarshall(XMLGregorianCalendarAsDateTime.class, this.getTimestamp());
+ return new Date();
}
public void setTimestampItem(Date target) {
- setTimestamp(XmlAdapterUtils.marshall(XMLGregorianCalendarAsDateTime.class, target));
+ //setTimestamp(XmlAdapterUtils.marshall(XMLGregorianCalendarAsDateTime.class, target));
}
@Temporal(TemporalType.TIMESTAMP)
public Date getPvp2RefreshItem() {
- return XmlAdapterUtils.unmarshall(XMLGregorianCalendarAsDateTime.class, this.getPvp2Refresh());
+ //return XmlAdapterUtils.unmarshall(XMLGregorianCalendarAsDateTime.class, this.getPvp2Refresh());
+ return new Date();
}
public void setPvp2RefreshItem(Date target) {
- setPvp2Refresh(XmlAdapterUtils.marshall(XMLGregorianCalendarAsDateTime.class, target));
+ //setPvp2Refresh(XmlAdapterUtils.marshall(XMLGregorianCalendarAsDateTime.class, target));
}
public boolean equals(ObjectLocator thisLocator, ObjectLocator thatLocator, Object object, EqualsStrategy strategy) {
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/Mandates.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/Mandates.java
index 247be940c..a87a6d1f6 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/Mandates.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/Mandates.java
@@ -11,25 +11,14 @@ package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.List;
-import javax.persistence.Basic;
-import javax.persistence.CascadeType;
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Inheritance;
-import javax.persistence.InheritanceType;
-import javax.persistence.JoinColumn;
-import javax.persistence.OneToMany;
-import javax.persistence.Table;
+
import javax.persistence.Transient;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlType;
-import org.jvnet.hyperjaxb3.item.ItemUtils;
+
import org.jvnet.jaxb2_commons.lang.Equals;
import org.jvnet.jaxb2_commons.lang.EqualsStrategy;
import org.jvnet.jaxb2_commons.lang.HashCode;
@@ -38,6 +27,7 @@ import org.jvnet.jaxb2_commons.lang.JAXBEqualsStrategy;
import org.jvnet.jaxb2_commons.lang.JAXBHashCodeStrategy;
import org.jvnet.jaxb2_commons.locator.ObjectLocator;
import org.jvnet.jaxb2_commons.locator.util.LocatorUtils;
+//import org.jvnet.hyperjaxb3.item.ItemUtils;
/**
@@ -78,7 +68,7 @@ public class Mandates
protected List<String> profileName;
@XmlAttribute(name = "Hjid")
protected Long hjid;
- protected transient List<MandatesProfileNameItem> profileNameItems;
+// protected transient List<MandatesProfileNameItem> profileNameItems;
/**
* Gets the value of the profiles property.
@@ -171,31 +161,31 @@ public class Mandates
this.hjid = value;
}
- @OneToMany(targetEntity = MandatesProfileNameItem.class, cascade = {
- CascadeType.ALL
- })
-
- public List<MandatesProfileNameItem> getProfileNameItems() {
- if (this.profileNameItems == null) {
- this.profileNameItems = new ArrayList<MandatesProfileNameItem>();
- }
- if (ItemUtils.shouldBeWrapped(this.profileName)) {
- this.profileName = ItemUtils.wrap(this.profileName, this.profileNameItems, MandatesProfileNameItem.class);
- }
- return this.profileNameItems;
- }
-
- public void setProfileNameItems(List<MandatesProfileNameItem> value) {
- this.profileName = null;
- this.profileNameItems = null;
- this.profileNameItems = value;
- if (this.profileNameItems == null) {
- this.profileNameItems = new ArrayList<MandatesProfileNameItem>();
- }
- if (ItemUtils.shouldBeWrapped(this.profileName)) {
- this.profileName = ItemUtils.wrap(this.profileName, this.profileNameItems, MandatesProfileNameItem.class);
- }
- }
+// @OneToMany(targetEntity = MandatesProfileNameItem.class, cascade = {
+// CascadeType.ALL
+// })
+//
+// public List<MandatesProfileNameItem> getProfileNameItems() {
+// if (this.profileNameItems == null) {
+// this.profileNameItems = new ArrayList<MandatesProfileNameItem>();
+// }
+// if (ItemUtils.shouldBeWrapped(this.profileName)) {
+// this.profileName = ItemUtils.wrap(this.profileName, this.profileNameItems, MandatesProfileNameItem.class);
+// }
+// return this.profileNameItems;
+// }
+//
+// public void setProfileNameItems(List<MandatesProfileNameItem> value) {
+// this.profileName = null;
+// this.profileNameItems = null;
+// this.profileNameItems = value;
+// if (this.profileNameItems == null) {
+// this.profileNameItems = new ArrayList<MandatesProfileNameItem>();
+// }
+// if (ItemUtils.shouldBeWrapped(this.profileName)) {
+// this.profileName = ItemUtils.wrap(this.profileName, this.profileNameItems, MandatesProfileNameItem.class);
+// }
+// }
public boolean equals(ObjectLocator thisLocator, ObjectLocator thatLocator, Object object, EqualsStrategy strategy) {
if (!(object instanceof Mandates)) {
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/MandatesProfileNameItem.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/MandatesProfileNameItem.java
deleted file mode 100644
index 0ef09c0dc..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/MandatesProfileNameItem.java
+++ /dev/null
@@ -1,93 +0,0 @@
-//
-// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, v2.2.4
-// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
-// Any modifications to this file will be lost upon recompilation of the source schema.
-// Generated on: 2015.07.20 at 12:19:30 PM CEST
-//
-
-
-package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated;
-
-import java.io.Serializable;
-import javax.persistence.Basic;
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Inheritance;
-import javax.persistence.InheritanceType;
-import javax.persistence.Table;
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlAttribute;
-import javax.xml.bind.annotation.XmlElement;
-import org.jvnet.hyperjaxb3.item.Item;
-
-@XmlAccessorType(XmlAccessType.FIELD)
-
-
-
-public class MandatesProfileNameItem
- implements Serializable, Item<String>
-{
-
- @XmlElement(name = "ProfileName", namespace = "http://www.buergerkarte.at/namespaces/moaconfig#")
- protected String item;
- @XmlAttribute(name = "Hjid")
- protected Long hjid;
-
- /**
- * Gets the value of the item property.
- *
- * @return
- * possible object is
- * {@link String }
- *
- */
-
-
- public String getItem() {
- return item;
- }
-
- /**
- * Sets the value of the item property.
- *
- * @param value
- * allowed object is
- * {@link String }
- *
- */
- public void setItem(String value) {
- this.item = value;
- }
-
- /**
- * Gets the value of the hjid property.
- *
- * @return
- * possible object is
- * {@link Long }
- *
- */
-
-
-
- public Long getHjid() {
- return hjid;
- }
-
- /**
- * Sets the value of the hjid property.
- *
- * @param value
- * allowed object is
- * {@link Long }
- *
- */
- public void setHjid(Long value) {
- this.hjid = value;
- }
-
-}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OAPVP2.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OAPVP2.java
index d5cee7b83..ea34d7a06 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OAPVP2.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OAPVP2.java
@@ -10,16 +10,8 @@ package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated;
import java.io.Serializable;
import java.util.Date;
-import javax.persistence.Basic;
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Inheritance;
-import javax.persistence.InheritanceType;
+
import javax.persistence.Lob;
-import javax.persistence.Table;
import javax.persistence.Temporal;
import javax.persistence.TemporalType;
import javax.persistence.Transient;
@@ -31,8 +23,7 @@ import javax.xml.bind.annotation.XmlRootElement;
import javax.xml.bind.annotation.XmlSchemaType;
import javax.xml.bind.annotation.XmlType;
import javax.xml.datatype.XMLGregorianCalendar;
-import org.jvnet.hyperjaxb3.xml.bind.annotation.adapters.XMLGregorianCalendarAsDateTime;
-import org.jvnet.hyperjaxb3.xml.bind.annotation.adapters.XmlAdapterUtils;
+
import org.jvnet.jaxb2_commons.lang.Equals;
import org.jvnet.jaxb2_commons.lang.EqualsStrategy;
import org.jvnet.jaxb2_commons.lang.HashCode;
@@ -196,11 +187,12 @@ public class OAPVP2
@Temporal(TemporalType.TIMESTAMP)
public Date getUpdateRequiredItem() {
- return XmlAdapterUtils.unmarshall(XMLGregorianCalendarAsDateTime.class, this.getUpdateRequired());
+ //return XmlAdapterUtils.unmarshall(XMLGregorianCalendarAsDateTime.class, this.getUpdateRequired());
+ return new Date();
}
public void setUpdateRequiredItem(Date target) {
- setUpdateRequired(XmlAdapterUtils.marshall(XMLGregorianCalendarAsDateTime.class, target));
+ //setUpdateRequired(XmlAdapterUtils.marshall(XMLGregorianCalendarAsDateTime.class, target));
}
public boolean equals(ObjectLocator thisLocator, ObjectLocator thatLocator, Object object, EqualsStrategy strategy) {
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/TestCredentials.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/TestCredentials.java
index 2e80cb0d5..673e7b9ce 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/TestCredentials.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/TestCredentials.java
@@ -11,18 +11,7 @@ package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.List;
-import javax.persistence.Basic;
-import javax.persistence.CascadeType;
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Inheritance;
-import javax.persistence.InheritanceType;
-import javax.persistence.JoinColumn;
-import javax.persistence.OneToMany;
-import javax.persistence.Table;
+
import javax.persistence.Transient;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
@@ -31,8 +20,7 @@ import javax.xml.bind.annotation.XmlSchemaType;
import javax.xml.bind.annotation.XmlTransient;
import javax.xml.bind.annotation.XmlType;
import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
-import com.sun.tools.xjc.runtime.ZeroOneBooleanAdapter;
-import org.jvnet.hyperjaxb3.item.ItemUtils;
+
import org.jvnet.jaxb2_commons.lang.Equals;
import org.jvnet.jaxb2_commons.lang.EqualsStrategy;
import org.jvnet.jaxb2_commons.lang.HashCode;
@@ -42,6 +30,8 @@ import org.jvnet.jaxb2_commons.lang.JAXBHashCodeStrategy;
import org.jvnet.jaxb2_commons.locator.ObjectLocator;
import org.jvnet.jaxb2_commons.locator.util.LocatorUtils;
+import com.sun.tools.xjc.runtime.ZeroOneBooleanAdapter;
+
/**
* <p>Java class for anonymous complex type.
@@ -81,7 +71,7 @@ public class TestCredentials
protected Boolean enableTestCredentials;
@XmlAttribute(name = "Hjid")
protected Long hjid;
- protected transient List<TestCredentialsCredentialOIDItem> credentialOIDItems;
+ //protected transient List<TestCredentialsCredentialOIDItem> credentialOIDItems;
@XmlTransient
protected boolean useTestIDLTrustStore;
@@ -185,31 +175,31 @@ public class TestCredentials
this.hjid = value;
}
- @OneToMany(targetEntity = TestCredentialsCredentialOIDItem.class, cascade = {
- CascadeType.ALL
- })
-
- public List<TestCredentialsCredentialOIDItem> getCredentialOIDItems() {
- if (this.credentialOIDItems == null) {
- this.credentialOIDItems = new ArrayList<TestCredentialsCredentialOIDItem>();
- }
- if (ItemUtils.shouldBeWrapped(this.credentialOID)) {
- this.credentialOID = ItemUtils.wrap(this.credentialOID, this.credentialOIDItems, TestCredentialsCredentialOIDItem.class);
- }
- return this.credentialOIDItems;
- }
-
- public void setCredentialOIDItems(List<TestCredentialsCredentialOIDItem> value) {
- this.credentialOID = null;
- this.credentialOIDItems = null;
- this.credentialOIDItems = value;
- if (this.credentialOIDItems == null) {
- this.credentialOIDItems = new ArrayList<TestCredentialsCredentialOIDItem>();
- }
- if (ItemUtils.shouldBeWrapped(this.credentialOID)) {
- this.credentialOID = ItemUtils.wrap(this.credentialOID, this.credentialOIDItems, TestCredentialsCredentialOIDItem.class);
- }
- }
+// @OneToMany(targetEntity = TestCredentialsCredentialOIDItem.class, cascade = {
+// CascadeType.ALL
+// })
+//
+// public List<TestCredentialsCredentialOIDItem> getCredentialOIDItems() {
+// if (this.credentialOIDItems == null) {
+// this.credentialOIDItems = new ArrayList<TestCredentialsCredentialOIDItem>();
+// }
+// if (ItemUtils.shouldBeWrapped(this.credentialOID)) {
+// this.credentialOID = ItemUtils.wrap(this.credentialOID, this.credentialOIDItems, TestCredentialsCredentialOIDItem.class);
+// }
+// return this.credentialOIDItems;
+// }
+//
+// public void setCredentialOIDItems(List<TestCredentialsCredentialOIDItem> value) {
+// this.credentialOID = null;
+// this.credentialOIDItems = null;
+// this.credentialOIDItems = value;
+// if (this.credentialOIDItems == null) {
+// this.credentialOIDItems = new ArrayList<TestCredentialsCredentialOIDItem>();
+// }
+// if (ItemUtils.shouldBeWrapped(this.credentialOID)) {
+// this.credentialOID = ItemUtils.wrap(this.credentialOID, this.credentialOIDItems, TestCredentialsCredentialOIDItem.class);
+// }
+// }
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/TestCredentialsCredentialOIDItem.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/TestCredentialsCredentialOIDItem.java
deleted file mode 100644
index 3e386be66..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/TestCredentialsCredentialOIDItem.java
+++ /dev/null
@@ -1,93 +0,0 @@
-//
-// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, v2.2.4
-// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
-// Any modifications to this file will be lost upon recompilation of the source schema.
-// Generated on: 2015.07.20 at 12:19:30 PM CEST
-//
-
-
-package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated;
-
-import java.io.Serializable;
-import javax.persistence.Basic;
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Inheritance;
-import javax.persistence.InheritanceType;
-import javax.persistence.Table;
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlAttribute;
-import javax.xml.bind.annotation.XmlElement;
-import org.jvnet.hyperjaxb3.item.Item;
-
-@XmlAccessorType(XmlAccessType.FIELD)
-
-
-
-public class TestCredentialsCredentialOIDItem
- implements Serializable, Item<String>
-{
-
- @XmlElement(name = "credentialOID", namespace = "http://www.buergerkarte.at/namespaces/moaconfig#")
- protected String item;
- @XmlAttribute(name = "Hjid")
- protected Long hjid;
-
- /**
- * Gets the value of the item property.
- *
- * @return
- * possible object is
- * {@link String }
- *
- */
-
-
- public String getItem() {
- return item;
- }
-
- /**
- * Sets the value of the item property.
- *
- * @param value
- * allowed object is
- * {@link String }
- *
- */
- public void setItem(String value) {
- this.item = value;
- }
-
- /**
- * Gets the value of the hjid property.
- *
- * @return
- * possible object is
- * {@link Long }
- *
- */
-
-
-
- public Long getHjid() {
- return hjid;
- }
-
- /**
- * Sets the value of the hjid property.
- *
- * @param value
- * allowed object is
- * {@link Long }
- *
- */
- public void setHjid(Long value) {
- this.hjid = value;
- }
-
-}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/VerifyAuthBlock.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/VerifyAuthBlock.java
index 155863b03..01a5c9b1b 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/VerifyAuthBlock.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/VerifyAuthBlock.java
@@ -11,18 +11,7 @@ package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.List;
-import javax.persistence.Basic;
-import javax.persistence.CascadeType;
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Inheritance;
-import javax.persistence.InheritanceType;
-import javax.persistence.JoinColumn;
-import javax.persistence.OneToMany;
-import javax.persistence.Table;
+
import javax.persistence.Transient;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
@@ -30,7 +19,7 @@ import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlTransient;
import javax.xml.bind.annotation.XmlType;
-import org.jvnet.hyperjaxb3.item.ItemUtils;
+
import org.jvnet.jaxb2_commons.lang.Equals;
import org.jvnet.jaxb2_commons.lang.EqualsStrategy;
import org.jvnet.jaxb2_commons.lang.HashCode;
@@ -39,6 +28,7 @@ import org.jvnet.jaxb2_commons.lang.JAXBEqualsStrategy;
import org.jvnet.jaxb2_commons.lang.JAXBHashCodeStrategy;
import org.jvnet.jaxb2_commons.locator.ObjectLocator;
import org.jvnet.jaxb2_commons.locator.util.LocatorUtils;
+//import org.jvnet.hyperjaxb3.item.ItemUtils;
/**
@@ -79,7 +69,7 @@ public class VerifyAuthBlock
protected List<String> verifyTransformsInfoProfileID;
@XmlAttribute(name = "Hjid")
protected Long hjid;
- protected transient List<VerifyAuthBlockVerifyTransformsInfoProfileIDItem> verifyTransformsInfoProfileIDItems;
+// protected List<VerifyAuthBlockVerifyTransformsInfoProfileIDItem> verifyTransformsInfoProfileIDItems;
@XmlTransient
protected String TestTrustProfileID;
@@ -192,31 +182,31 @@ public class VerifyAuthBlock
this.hjid = value;
}
- @OneToMany(targetEntity = VerifyAuthBlockVerifyTransformsInfoProfileIDItem.class, cascade = {
- CascadeType.ALL
- })
+// @OneToMany(targetEntity = VerifyAuthBlockVerifyTransformsInfoProfileIDItem.class, cascade = {
+// CascadeType.ALL
+// })
- public List<VerifyAuthBlockVerifyTransformsInfoProfileIDItem> getVerifyTransformsInfoProfileIDItems() {
- if (this.verifyTransformsInfoProfileIDItems == null) {
- this.verifyTransformsInfoProfileIDItems = new ArrayList<VerifyAuthBlockVerifyTransformsInfoProfileIDItem>();
- }
- if (ItemUtils.shouldBeWrapped(this.verifyTransformsInfoProfileID)) {
- this.verifyTransformsInfoProfileID = ItemUtils.wrap(this.verifyTransformsInfoProfileID, this.verifyTransformsInfoProfileIDItems, VerifyAuthBlockVerifyTransformsInfoProfileIDItem.class);
- }
- return this.verifyTransformsInfoProfileIDItems;
- }
-
- public void setVerifyTransformsInfoProfileIDItems(List<VerifyAuthBlockVerifyTransformsInfoProfileIDItem> value) {
- this.verifyTransformsInfoProfileID = null;
- this.verifyTransformsInfoProfileIDItems = null;
- this.verifyTransformsInfoProfileIDItems = value;
- if (this.verifyTransformsInfoProfileIDItems == null) {
- this.verifyTransformsInfoProfileIDItems = new ArrayList<VerifyAuthBlockVerifyTransformsInfoProfileIDItem>();
- }
- if (ItemUtils.shouldBeWrapped(this.verifyTransformsInfoProfileID)) {
- this.verifyTransformsInfoProfileID = ItemUtils.wrap(this.verifyTransformsInfoProfileID, this.verifyTransformsInfoProfileIDItems, VerifyAuthBlockVerifyTransformsInfoProfileIDItem.class);
- }
- }
+// public List<VerifyAuthBlockVerifyTransformsInfoProfileIDItem> getVerifyTransformsInfoProfileIDItems() {
+// if (this.verifyTransformsInfoProfileIDItems == null) {
+// this.verifyTransformsInfoProfileIDItems = new ArrayList<VerifyAuthBlockVerifyTransformsInfoProfileIDItem>();
+// }
+// if (ItemUtils.shouldBeWrapped(this.verifyTransformsInfoProfileID)) {
+// this.verifyTransformsInfoProfileID = ItemUtils.wrap(this.verifyTransformsInfoProfileID, this.verifyTransformsInfoProfileIDItems, VerifyAuthBlockVerifyTransformsInfoProfileIDItem.class);
+// }
+// return this.verifyTransformsInfoProfileIDItems;
+// }
+//
+// public void setVerifyTransformsInfoProfileIDItems(List<VerifyAuthBlockVerifyTransformsInfoProfileIDItem> value) {
+// this.verifyTransformsInfoProfileID = null;
+// this.verifyTransformsInfoProfileIDItems = null;
+// this.verifyTransformsInfoProfileIDItems = value;
+// if (this.verifyTransformsInfoProfileIDItems == null) {
+// this.verifyTransformsInfoProfileIDItems = new ArrayList<VerifyAuthBlockVerifyTransformsInfoProfileIDItem>();
+// }
+// if (ItemUtils.shouldBeWrapped(this.verifyTransformsInfoProfileID)) {
+// this.verifyTransformsInfoProfileID = ItemUtils.wrap(this.verifyTransformsInfoProfileID, this.verifyTransformsInfoProfileIDItems, VerifyAuthBlockVerifyTransformsInfoProfileIDItem.class);
+// }
+// }
public boolean equals(ObjectLocator thisLocator, ObjectLocator thatLocator, Object object, EqualsStrategy strategy) {
if (!(object instanceof VerifyAuthBlock)) {
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/VerifyAuthBlockVerifyTransformsInfoProfileIDItem.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/VerifyAuthBlockVerifyTransformsInfoProfileIDItem.java
deleted file mode 100644
index 8955525dd..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/VerifyAuthBlockVerifyTransformsInfoProfileIDItem.java
+++ /dev/null
@@ -1,93 +0,0 @@
-//
-// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, v2.2.4
-// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a>
-// Any modifications to this file will be lost upon recompilation of the source schema.
-// Generated on: 2015.07.20 at 12:19:30 PM CEST
-//
-
-
-package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated;
-
-import java.io.Serializable;
-import javax.persistence.Basic;
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Inheritance;
-import javax.persistence.InheritanceType;
-import javax.persistence.Table;
-import javax.xml.bind.annotation.XmlAccessType;
-import javax.xml.bind.annotation.XmlAccessorType;
-import javax.xml.bind.annotation.XmlAttribute;
-import javax.xml.bind.annotation.XmlElement;
-import org.jvnet.hyperjaxb3.item.Item;
-
-@XmlAccessorType(XmlAccessType.FIELD)
-
-
-
-public class VerifyAuthBlockVerifyTransformsInfoProfileIDItem
- implements Serializable, Item<String>
-{
-
- @XmlElement(name = "VerifyTransformsInfoProfileID", namespace = "http://www.buergerkarte.at/namespaces/moaconfig#")
- protected String item;
- @XmlAttribute(name = "Hjid")
- protected Long hjid;
-
- /**
- * Gets the value of the item property.
- *
- * @return
- * possible object is
- * {@link String }
- *
- */
-
-
- public String getItem() {
- return item;
- }
-
- /**
- * Sets the value of the item property.
- *
- * @param value
- * allowed object is
- * {@link String }
- *
- */
- public void setItem(String value) {
- this.item = value;
- }
-
- /**
- * Gets the value of the hjid property.
- *
- * @return
- * possible object is
- * {@link Long }
- *
- */
-
-
-
- public Long getHjid() {
- return hjid;
- }
-
- /**
- * Sets the value of the hjid property.
- *
- * @param value
- * allowed object is
- * {@link Long }
- *
- */
- public void setHjid(Long value) {
- this.hjid = value;
- }
-
-}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/InterfederationSessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/InterfederationSessionStore.java
index 7b298a7d9..54216edc4 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/InterfederationSessionStore.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/InterfederationSessionStore.java
@@ -62,6 +62,9 @@ public class InterfederationSessionStore implements Serializable{
@Column(name = "QAALevel", unique=false, nullable=false)
private String QAALevel;
+ @Column(name = "authURL", unique=false, nullable=false)
+ private String authURL;
+
@Column(name = "attributesRequested", unique=false, nullable=true)
private boolean attributesRequested;
@@ -207,6 +210,20 @@ public class InterfederationSessionStore implements Serializable{
this.storeSSOInformation = storeSSOInformation;
}
+ /**
+ * @return the authURL
+ */
+ public String getAuthURL() {
+ return authURL;
+ }
+
+ /**
+ * @param authURL the authURL to set
+ */
+ public void setAuthURL(String authURL) {
+ this.authURL = authURL;
+ }
+
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java
index 0daeba40e..8b720e901 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java
@@ -65,6 +65,9 @@ public class OASessionStore implements Serializable{
@Column(name = "protocolType", unique=false, nullable=true)
private String protocolType;
+ @Column(name = "authURL", unique=false, nullable=false)
+ private String authURL;
+
@Column(name = "attributequeryused", unique=false, nullable=false)
private boolean attributeQueryUsed = false;
@@ -183,6 +186,20 @@ public class OASessionStore implements Serializable{
this.userNameIDFormat = userNameIDFormat;
}
+ /**
+ * @return the authURL
+ */
+ public String getAuthURL() {
+ return authURL;
+ }
+
+ /**
+ * @param authURL the authURL to set
+ */
+ public void setAuthURL(String authURL) {
+ this.authURL = authURL;
+ }
+
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java
index 8f3a8402d..cbdd13d0e 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java
@@ -31,6 +31,8 @@ import java.util.Map;
import java.util.Map.Entry;
import java.util.Set;
+import org.apache.commons.lang3.StringUtils;
+
import at.gv.egovernment.moa.util.MiscUtil;
/**
@@ -40,6 +42,7 @@ import at.gv.egovernment.moa.util.MiscUtil;
public class KeyValueUtils {
public static final String KEY_DELIMITER = ".";
+ public static final String CSV_DELIMITER = ",";
/**
* Extract the first child of an input key after a the prefix
@@ -237,7 +240,8 @@ public class KeyValueUtils {
* Normalize a CSV encoded list of value of an key/value pair
*
* This method removes all whitespace at the begin or the
- * end of CSV values
+ * end of CSV values and remove newLine signs at the end of value.
+ * The ',' is used as list delimiter
*
* @param value CSV encoded input data
* @return normalized CSV encoded data or null if {value} is null or empty
@@ -245,7 +249,7 @@ public class KeyValueUtils {
public static String normalizeCSVValueString(String value) {
String normalizedCodes = null;
if (MiscUtil.isNotEmpty(value)) {
- String[] codes = value.split(",");
+ String[] codes = value.split(CSV_DELIMITER);
for (String el: codes) {
if (normalizedCodes == null)
normalizedCodes = el.trim();
@@ -256,4 +260,39 @@ public class KeyValueUtils {
}
return normalizedCodes;
}
+
+
+ /**
+ * Check a String if it is a comma separated list of values
+ *
+ * This method uses the ',' as list delimiter.
+ *
+ * @param value CSV encoded input data
+ * @return true if the input data contains a ',' and has more then 1 list element, otherwise false
+ */
+ public static boolean isCSVValueString(String value) {
+ if (MiscUtil.isNotEmpty(value)) {
+ String[] codes = value.split(CSV_DELIMITER);
+ if (codes.length >= 2) {
+ if (MiscUtil.isNotEmpty(codes[1].trim()))
+ return true;
+
+ }
+ }
+
+ return false;
+ }
+
+
+ /**
+ * This method remove all newline delimiter (\n or \r\n) from input data
+ *
+ * @param value Input String
+ * @return Input String without newline characters
+ */
+ public static String removeAllNewlineFromString(String value) {
+ return value.replaceAll("(\\t|\\r?\\n)+", "");
+
+ }
+
}
diff --git a/id/server/moa-id-commons/src/main/java/org/apache/commons/httpclient/MOAHttpClient.java b/id/server/moa-id-commons/src/main/java/org/apache/commons/httpclient/MOAHttpClient.java
index 758209193..edf7ce268 100644
--- a/id/server/moa-id-commons/src/main/java/org/apache/commons/httpclient/MOAHttpClient.java
+++ b/id/server/moa-id-commons/src/main/java/org/apache/commons/httpclient/MOAHttpClient.java
@@ -50,7 +50,7 @@ public class MOAHttpClient extends HttpClient {
else
port = url.getPort();
- Protocol authhttps = new Protocol("https", protoSocketFactory, port);
+ Protocol authhttps = new Protocol("https", protoSocketFactory, 443);
getHostConfiguration().setHost(url.getHost(), port, authhttps);
}
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 0850bb676..11917d0c3 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -371,6 +371,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
* containg the authentication block, meant to be returned to the security
* layer implementation</li>
* </ul>
+ * @param pendingReq
*
* @param sessionID ID of associated authentication session data
* @param infoboxReadResponseParameters The parameters from the response returned from the BKU
@@ -379,7 +380,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
* <code>&lt;CreateXMLSignatureRequest&gt;</code>
*/
public String verifyCertificate(AuthenticationSession session,
- X509Certificate certificate) throws AuthenticationException,
+ X509Certificate certificate, IRequest pendingReq) throws AuthenticationException,
BuildException, ParseException, ConfigurationException,
ValidateException, ServiceException, MOAIDException {
@@ -409,7 +410,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
.getOnlineApplicationParameter(session.getPublicOAURLPrefix());
String returnvalue = getCreateXMLSignatureRequestAuthBlockOrRedirect(session,
- authConf, oaParam);
+ authConf, oaParam, pendingReq);
return returnvalue;
}
@@ -471,6 +472,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
* @param session
* @param authConf
* @param oaParam
+ * @param pendingReq
* @return
* @throws ConfigurationException
* @throws BuildException
@@ -478,7 +480,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
*/
public String getCreateXMLSignatureRequestAuthBlockOrRedirect(
AuthenticationSession session, AuthConfiguration authConf,
- OAAuthParameter oaParam) throws ConfigurationException,
+ OAAuthParameter oaParam, IRequest pendingReq) throws ConfigurationException,
BuildException, ValidateException {
// // check for intermediate processing of the infoboxes
@@ -493,7 +495,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
session.getPublicOAURLPrefix());
// builds the AUTH-block
- String authBlock = buildAuthenticationBlock(session, oaParam);
+ String authBlock = buildAuthenticationBlock(session, oaParam, pendingReq);
// builds the <CreateXMLSignatureRequest>
List<String> transformsInfos = authConf.getTransformsInfos();
@@ -665,12 +667,13 @@ public class AuthenticationServer extends BaseAuthenticationServer {
* given session data.
*
* @param session authentication session
+ * @param pendingReq
* @return <code>&lt;saml:Assertion&gt;</code> as a String
* @throws BuildException If an error occurs on serializing an extended SAML attribute
* to be appended to the AUTH-Block.
*/
private String buildAuthenticationBlock(AuthenticationSession session,
- OAAuthParameter oaParam) throws BuildException {
+ OAAuthParameter oaParam, IRequest pendingReq) throws BuildException {
IdentityLink identityLink = session.getIdentityLink();
String issuer = identityLink.getName();
@@ -726,15 +729,10 @@ public class AuthenticationServer extends BaseAuthenticationServer {
if (session.isSsoRequested()) {
- String oaURL = new String();
- try {
- oaURL = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix();
-
- if (MiscUtil.isNotEmpty(oaURL))
- oaURL = oaURL.replaceAll("&", "&amp;");
+ String oaURL = pendingReq.getAuthURL();
+ if (MiscUtil.isNotEmpty(oaURL))
+ oaURL = oaURL.replaceAll("&", "&amp;");
- } catch (ConfigurationException e) {
- }
String authBlock = new AuthenticationBlockAssertionBuilder()
.buildAuthBlockSSO(issuer, issueInstant, authURL, target,
targetFriendlyName, identificationValue,
@@ -1087,9 +1085,9 @@ public class AuthenticationServer extends BaseAuthenticationServer {
}
// validates <CreateXMLSignatureResponse>
if (session.isSsoRequested())
- new CreateXMLSignatureResponseValidator().validateSSO(csresp, session);
+ new CreateXMLSignatureResponseValidator().validateSSO(csresp, session, pendingReq);
else
- new CreateXMLSignatureResponseValidator().validate(csresp, session);
+ new CreateXMLSignatureResponseValidator().validate(csresp, session, pendingReq);
// builds a <VerifyXMLSignatureRequest> for a MOA-SPSS call
List<String> vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs();
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
index feab1ec66..a86385d06 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
@@ -158,7 +158,8 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask {
ccc,
moasession.getModul(),
moasession.getAction(),
- request);
+ request,
+ pendingReq);
}
}
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java
index 469ca91a9..49888c136 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java
@@ -17,6 +17,8 @@ import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.CitizenCardServletUtils;
@@ -66,7 +68,9 @@ public class PrepareAuthBlockSignatureTask extends AbstractAuthServletTask {
}
pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
-
+ IRequest pendingReq = RequestStorage.getPendingRequest(
+ (String) executionContext.get("pendingRequestID"));
+
AuthenticationSession session = AuthenticationServer.getSession(sessionID);
// change MOASessionID
@@ -77,7 +81,7 @@ public class PrepareAuthBlockSignatureTask extends AbstractAuthServletTask {
AuthConfiguration authConf = AuthConfigurationProviderFactory.getInstance();
String createXMLSignatureRequest = AuthenticationServer.getInstance()
- .getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam);
+ .getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam, pendingReq);
AuthenticationSessionStoreage.storeSession(session);
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
index d99ba873d..2734d1027 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
@@ -110,7 +110,7 @@ public class VerifyCertificateTask extends AbstractAuthServletTask {
if (useMandate) {
// verify certificate for OrganWalter
- String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyCertificate(session, cert);
+ String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyCertificate(session, cert, pendingReq);
try {
AuthenticationSessionStoreage.storeSession(session);
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
index e1ab0025e..8a9c19c80 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
@@ -67,6 +67,7 @@ import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -124,9 +125,10 @@ public class CreateXMLSignatureResponseValidator {
* The Method validate is used for validating an explicit {@link CreateXMLSignatureResponse}
* @param createXMLSignatureResponse
* @param session
+ * @param pendingReq
* @throws ValidateException
*/
- public void validate(CreateXMLSignatureResponse createXMLSignatureResponse, AuthenticationSession session)
+ public void validate(CreateXMLSignatureResponse createXMLSignatureResponse, AuthenticationSession session, IRequest pendingReq)
throws ValidateException {
// A3.056: more then one /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:NameIdentifier
@@ -411,20 +413,15 @@ public class CreateXMLSignatureResponseValidator {
* The Method validate is used for validating an explicit {@link CreateXMLSignatureResponse}
* @param createXMLSignatureResponse
* @param session
+ * @param pendingReq
* @throws ValidateException
*/
- public void validateSSO(CreateXMLSignatureResponse createXMLSignatureResponse, AuthenticationSession session)
+ public void validateSSO(CreateXMLSignatureResponse createXMLSignatureResponse, AuthenticationSession session, IRequest pendingReq)
throws ValidateException {
- // A3.056: more then one /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:NameIdentifier
-
- String oaURL;
- try {
- oaURL = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix();
- } catch (ConfigurationException e1) {
- oaURL = new String();
- }
-
+ // A3.056: more then one /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:NameIdentifier
+ String oaURL = pendingReq.getAuthURL();
+
IdentityLink identityLink = session.getIdentityLink();
Element samlAssertion = createXMLSignatureResponse.getSamlAssertion();
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
index 18432fd1c..06643ec53 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -35,16 +35,6 @@ import org.apache.velocity.Template;
import org.apache.velocity.VelocityContext;
import org.apache.velocity.app.VelocityEngine;
-import eu.eidas.auth.commons.EIDASAuthnRequest;
-import eu.eidas.auth.commons.EIDASUtil;
-import eu.eidas.auth.commons.EidasLoaCompareType;
-import eu.eidas.auth.commons.EidasLoaLevels;
-import eu.eidas.auth.commons.IPersonalAttributeList;
-import eu.eidas.auth.commons.PersonalAttribute;
-import eu.eidas.auth.commons.PersonalAttributeList;
-import eu.eidas.auth.engine.EIDASSAMLEngine;
-import eu.eidas.auth.engine.core.eidas.SPType;
-import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
@@ -66,6 +56,16 @@ import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.VelocityProvider;
import at.gv.egovernment.moa.logging.Logger;
+import eu.eidas.auth.commons.EIDASAuthnRequest;
+import eu.eidas.auth.commons.EIDASUtil;
+import eu.eidas.auth.commons.EidasLoaCompareType;
+import eu.eidas.auth.commons.EidasLoaLevels;
+import eu.eidas.auth.commons.IPersonalAttributeList;
+import eu.eidas.auth.commons.PersonalAttribute;
+import eu.eidas.auth.commons.PersonalAttributeList;
+import eu.eidas.auth.engine.EIDASSAMLEngine;
+import eu.eidas.auth.engine.core.eidas.SPType;
+import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
/**
* @author tlenz
@@ -141,7 +141,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
//build eIDAS AuthnRequest
EIDASAuthnRequest authnRequest = new EIDASAuthnRequest();
- authnRequest.setProviderName(moaconfig.getPublicURLPrefix());
+ authnRequest.setProviderName(pendingReq.getAuthURL());
authnRequest.setPersonalAttributeList(pAttList);
authnRequest.setIssuer(moaconfig.getPublicURLPrefix() + Constants.eIDAS_HTTP_ENDPOINT_METADATA);
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
index ae9dd5a51..5040f1fe3 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/AuthenticationRequest.java
@@ -28,11 +28,11 @@ import java.util.Map.Entry;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import javax.ws.rs.core.MediaType;
import org.apache.velocity.Template;
import org.apache.velocity.VelocityContext;
import org.apache.velocity.app.VelocityEngine;
+import org.springframework.http.MediaType;
import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
@@ -41,8 +41,6 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetada
import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProviderDecorator;
import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
@@ -104,8 +102,7 @@ public class AuthenticationRequest implements IAction {
response.setPersonalAttributeList(resultingAttributeList);
// - create metadata url
- AuthConfiguration config = AuthConfigurationProviderFactory.getInstance();
- String pubURLPrefix = config.getPublicURLPrefix();
+ String pubURLPrefix = req.getAuthURL();
String metadata_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_METADATA;
response.setIssuer(metadata_url);
@@ -153,7 +150,7 @@ public class AuthenticationRequest implements IAction {
Logger.trace("Sending html content : " + new String(writer.getBuffer()));
httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes("UTF-8"));
- httpResp.setContentType(MediaType.TEXT_HTML);
+ httpResp.setContentType(MediaType.TEXT_HTML_VALUE);
} catch (Exception e) {
Logger.error("Velocity error: " + e.getMessage());
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
index 0bedf0432..374c3df30 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
@@ -2,14 +2,26 @@ package at.gv.egovernment.moa.id.protocols.eidas;
import java.util.List;
+import javax.servlet.http.HttpServletRequest;
+
import org.opensaml.saml2.core.Attribute;
-import eu.eidas.auth.commons.EIDASAuthnRequest;
import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.moduls.RequestImpl;
+import eu.eidas.auth.commons.EIDASAuthnRequest;
public class EIDASData extends RequestImpl {
+ /**
+ * @param req
+ * @throws ConfigurationException
+ */
+ public EIDASData(HttpServletRequest req) throws ConfigurationException {
+ super(req);
+
+ }
+
/** The Constant serialVersionUID. */
private static final long serialVersionUID = 8765755670214923910L;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
index a94e136b4..b652503f8 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -22,6 +22,11 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.eidas;
+import java.util.HashMap;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
@@ -38,11 +43,6 @@ import eu.eidas.auth.commons.EIDASAuthnRequest;
import eu.eidas.auth.commons.EIDASUtil;
import eu.eidas.auth.engine.EIDASSAMLEngine;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import java.util.HashMap;
-
/**
* Stork 2 Protocol Support
*
@@ -54,11 +54,14 @@ public class EIDASProtocol extends MOAIDAuthConstants implements IModulInfo {
public static final String PATH = "eidas";
public static final String AUTHENTICATIONREQUEST = "AuthenticationRequest";
-
+ public static final String METADATAREQUEST = "MetadataRequest";
+
private static HashMap<String, IAction> actions = new HashMap<String, IAction>();
static {
actions.put(AUTHENTICATIONREQUEST, new AuthenticationRequest());
+ actions.put(METADATAREQUEST, new EidasMetaDataRequest());
+
}
public String getName() {
@@ -102,7 +105,7 @@ public class EIDASProtocol extends MOAIDAuthConstants implements IModulInfo {
EIDASAuthnRequest samlReq = engine.validateEIDASAuthnRequest(decSamlToken);
// memorize important stuff
- EIDASData result = new EIDASData();
+ EIDASData result = new EIDASData(request);
// - memorize remote ip
result.setRemoteAddress(request.getRemoteAddr());
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
index 6ae532210..31594f515 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/EidasMetaDataServlet.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
@@ -14,23 +14,22 @@
* See the Licence for the specific language governing permissions and
* limitations under the Licence.
*******************************************************************************/
-package at.gv.egovernment.moa.id.auth.modules.eidas.utils;
+package at.gv.egovernment.moa.id.protocols.eidas;
-import java.io.IOException;
-
-import javax.servlet.ServletException;
-import javax.servlet.annotation.WebServlet;
-import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import javax.ws.rs.core.MediaType;
import org.slf4j.Logger;
+import org.springframework.http.MediaType;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
+import at.gv.egovernment.moa.id.moduls.IAction;
+import at.gv.egovernment.moa.id.moduls.IRequest;
import eu.eidas.auth.engine.EIDASSAMLEngine;
import eu.eidas.auth.engine.metadata.MetadataConfigParams;
import eu.eidas.auth.engine.metadata.MetadataGenerator;
@@ -40,20 +39,21 @@ import eu.eidas.engine.exceptions.SAMLEngineException;
/**
* First version to provide some valid metadata to an asking eIDaS node
*/
-@WebServlet("/eidas/metadata")
-public class EidasMetaDataServlet extends HttpServlet {
- private static final long serialVersionUID = -2129228304760706063L;
- private Logger logger = org.slf4j.LoggerFactory.getLogger(EidasMetaDataServlet.class);
- /**
- * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
- * response)
- */
- protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
- try {
+public class EidasMetaDataRequest implements IAction {
+ private Logger logger = org.slf4j.LoggerFactory.getLogger(EidasMetaDataRequest.class);
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.data.IAuthData)
+ */
+ @Override
+ public SLOInformationInterface processRequest(IRequest req,
+ HttpServletRequest httpReq, HttpServletResponse httpResp,
+ IAuthData authData) throws MOAIDException {
+
+ try {
logger.debug("EidasMetaDataServlet GET");
- AuthConfiguration config = AuthConfigurationProviderFactory.getInstance();
- String pubURLPrefix = config.getPublicURLPrefix();
+ String pubURLPrefix = req.getAuthURL();
String metadata_url = pubURLPrefix + Constants.eIDAS_HTTP_ENDPOINT_METADATA;
@@ -62,14 +62,36 @@ public class EidasMetaDataServlet extends HttpServlet {
logger.trace(metaData);
- response.setContentType(MediaType.TEXT_XML);
- response.getWriter().print(metaData);
- response.flushBuffer();
+ httpResp.setContentType(MediaType.TEXT_XML_VALUE);
+ httpResp.getWriter().print(metaData);
+ httpResp.flushBuffer();
} catch (Exception e) {
e.printStackTrace();
}
- }
+
+
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IAction#needAuthentication(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+ */
+ @Override
+ public boolean needAuthentication(IRequest req, HttpServletRequest httpReq,
+ HttpServletResponse httpResp) {
+ return false;
+
+ }
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IAction#getDefaultActionName()
+ */
+ @Override
+ public String getDefaultActionName() {
+ return "eIDAS-Metadata Action";
+
+ }
+
public String generateMetadata(String metadata_url, String sp_return_url) throws SAMLEngineException, EIDASEngineException{
String metadata="invalid metadata";
diff --git a/id/server/modules/moa-id-module-openID/pom.xml b/id/server/modules/moa-id-module-openID/pom.xml
index 2a953bcab..080d5ae0b 100644
--- a/id/server/modules/moa-id-module-openID/pom.xml
+++ b/id/server/modules/moa-id-module-openID/pom.xml
@@ -20,6 +20,12 @@
<dependencies>
<dependency>
+ <groupId>commons-codec</groupId>
+ <artifactId>commons-codec</artifactId>
+ <version>1.10</version>
+ </dependency>
+
+ <dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-test</artifactId>
<scope>test</scope>
@@ -35,13 +41,13 @@
<dependency>
<groupId>com.google.http-client</groupId>
<artifactId>google-http-client-jackson2</artifactId>
- <version>1.19.0</version>
+ <version>1.21.0</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.google.oauth-client</groupId>
<artifactId>google-oauth-client-jetty</artifactId>
- <version>1.19.0</version>
+ <version>1.21.0</version>
<scope>test</scope>
<exclusions>
<exclusion>
@@ -67,11 +73,11 @@
</exclusions>
</dependency>
- <dependency>
+<!-- <dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
- <version>18.0</version>
- </dependency>
+ <version>19.0</version>
+ </dependency> -->
<!-- TestNG -->
<dependency>
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
index 94a1d14d0..88e26da76 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
@@ -105,7 +105,7 @@ class OAuth20AuthAction implements IAction {
//TODO: maybe add bPK / wbPK to SLO information
- SLOInformationInterface sloInformation = new SLOInformationImpl(accessToken, null, null, req.requestedModule());
+ SLOInformationInterface sloInformation = new SLOInformationImpl(req.getAuthURL(), accessToken, null, null, req.requestedModule());
return sloInformation;
}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
index b9556b815..e5d8db873 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
@@ -48,6 +48,15 @@ import at.gv.egovernment.moa.logging.Logger;
public class OAuth20AuthRequest extends OAuth20BaseRequest {
+ /**
+ * @param req
+ * @throws ConfigurationException
+ */
+ public OAuth20AuthRequest(HttpServletRequest req)
+ throws ConfigurationException {
+ super(req);
+ }
+
private static final long serialVersionUID = 1L;
private String responseType;
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
index bd3fdb3e8..5fcac0b2f 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
@@ -31,8 +31,6 @@ import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.lang.StringUtils;
-import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
@@ -52,8 +50,8 @@ abstract class OAuth20BaseRequest extends RequestImpl {
protected Set<String> allowedParameters = new HashSet<String>();
- protected OAuth20BaseRequest() {
-
+ public OAuth20BaseRequest(HttpServletRequest req) throws ConfigurationException {
+ super(req);
}
protected String getParam(final HttpServletRequest request, final String name, final boolean isNeeded) throws OAuth20Exception {
@@ -124,15 +122,21 @@ abstract class OAuth20BaseRequest extends RequestImpl {
public static OAuth20BaseRequest newInstance(final String action, final HttpServletRequest request, String sessionId, String transactionId) throws OAuth20Exception {
OAuth20BaseRequest res;
-
- if (action.equals(OAuth20Protocol.AUTH_ACTION)) {
- res = new OAuth20AuthRequest();
+ try {
+ if (action.equals(OAuth20Protocol.AUTH_ACTION)) {
+ res = new OAuth20AuthRequest(request);
- } else if (action.equals(OAuth20Protocol.TOKEN_ACTION)) {
- res = new OAuth20TokenRequest();
+ } else if (action.equals(OAuth20Protocol.TOKEN_ACTION)) {
+ res = new OAuth20TokenRequest(request);
- } else {
+ } else {
+ throw new OAuth20InvalidRequestException();
+ }
+
+ } catch (ConfigurationException e) {
+ Logger.warn(e.getMessage());
throw new OAuth20InvalidRequestException();
+
}
res.setAction(action);
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
index 56d86df72..70c29359e 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
@@ -104,7 +104,7 @@ public class OAuth20Protocol implements IModulInfo {
// get error code and description
String errorCode;
String errorDescription;
- String errorUri = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix()
+ String errorUri = protocolRequest.getAuthURL()
+"/" + OAuth20Constants.ERRORPAGE;
String moaError = null;
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
index 6bebe5a6a..abfe4ce15 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
@@ -41,6 +41,15 @@ import at.gv.egovernment.moa.logging.Logger;
class OAuth20TokenRequest extends OAuth20BaseRequest {
+ /**
+ * @param req
+ * @throws ConfigurationException
+ */
+ public OAuth20TokenRequest(HttpServletRequest req)
+ throws ConfigurationException {
+ super(req);
+ }
+
private static final long serialVersionUID = 1L;
private String code;
diff --git a/id/server/modules/moa-id-modules-saml1/pom.xml b/id/server/modules/moa-id-modules-saml1/pom.xml
index 9c43ae277..b5d5a1f8f 100644
--- a/id/server/modules/moa-id-modules-saml1/pom.xml
+++ b/id/server/modules/moa-id-modules-saml1/pom.xml
@@ -24,7 +24,19 @@
<artifactId>moa-id-lib</artifactId>
<scope>test</scope>
<type>test-jar</type>
- <version>3.0.3-Snapshot</version>
+ <version>${moa-id-version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>MOA.id.server</groupId>
+ <artifactId>moa-id-lib</artifactId>
+ </dependency>
+
+ <!-- Only for development to use SAML1 protocol
+ SAML1 is removed from official OPB release -->
+ <dependency>
+ <groupId>MOA.id.server.modules</groupId>
+ <artifactId>moa-id-module-eIDAS</artifactId>
</dependency>
<dependency>
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
index 5bdf51e7d..7f3c353f1 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
@@ -27,8 +27,6 @@ import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import eu.stork.peps.auth.commons.IPersonalAttributeList;
-
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
@@ -43,6 +41,7 @@ import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.URLEncoder;
+import eu.eidas.auth.commons.IPersonalAttributeList;
public class GetArtifactAction implements IAction {
@@ -86,7 +85,7 @@ public class GetArtifactAction implements IAction {
String samlArtifactBase64 = saml1server.BuildSAMLArtifact(oaParam, authData, sourceID);
if (authData.isSsoSession()) {
- String url = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + "/RedirectServlet";
+ String url = req.getAuthURL() + "/RedirectServlet";
url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(oaURL, "UTF-8"));
if (!oaParam.getBusinessService())
url = addURLParameter(url, MOAIDAuthConstants.PARAM_TARGET, URLEncoder.encode(req.getTarget(), "UTF-8"));
@@ -115,7 +114,7 @@ public class GetArtifactAction implements IAction {
}
SLOInformationInterface sloInformation =
- new SLOInformationImpl(authData.getAssertionID(), null, null, req.requestedModule());
+ new SLOInformationImpl(req.getAuthURL(), authData.getAssertionID(), null, null, req.requestedModule());
return sloInformation;
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index eb869756e..af5dada54 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -38,9 +38,6 @@ import org.apache.commons.lang3.StringEscapeUtils;
import org.w3c.dom.Element;
import org.xml.sax.SAXException;
-import eu.stork.peps.auth.commons.IPersonalAttributeList;
-import eu.stork.peps.auth.commons.PersonalAttribute;
-
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder;
import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
@@ -64,7 +61,6 @@ import at.gv.egovernment.moa.id.config.auth.data.SAML1ConfigurationParameters;
import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.storage.AssertionStorage;
-//import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
@@ -77,6 +73,11 @@ import at.gv.util.xsd.persondata.IdentificationType.Value;
import at.gv.util.xsd.persondata.PersonNameType;
import at.gv.util.xsd.persondata.PersonNameType.FamilyName;
import at.gv.util.xsd.persondata.PhysicalPersonType;
+import eu.eidas.auth.commons.IPersonalAttributeList;
+import eu.eidas.auth.commons.PersonalAttribute;
+//import eu.stork.peps.auth.commons.IPersonalAttributeList;
+//import eu.stork.peps.auth.commons.PersonalAttribute;
+//import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
public class SAML1AuthenticationServer extends AuthenticationServer {
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
index 7416dfb00..6573270e4 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -101,7 +101,7 @@ public class SAML1Protocol extends MOAIDAuthConstants implements IModulInfo {
public IRequest preProcess(HttpServletRequest request,
HttpServletResponse response, String action,
String sessionId, String transactionId) throws MOAIDException {
- SAML1RequestImpl config = new SAML1RequestImpl();
+ SAML1RequestImpl config = new SAML1RequestImpl(request);
if (!AuthConfigurationProviderFactory.getInstance().getAllowedProtocols().isSAML1Active()) {
Logger.info("SAML1 is deaktivated!");
@@ -185,7 +185,7 @@ public class SAML1Protocol extends MOAIDAuthConstants implements IModulInfo {
SAML1AuthenticationServer saml1authentication = SAML1AuthenticationServer.getInstace();
String samlArtifactBase64 = saml1authentication.BuildErrorAssertion(e, protocolRequest);
- String url = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + "/RedirectServlet";
+ String url = protocolRequest.getAuthURL() + "/RedirectServlet";
url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(protocolRequest.getOAURL(), "UTF-8"));
url = addURLParameter(url, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
url = response.encodeRedirectURL(url);
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java
index 5370573a7..3da7cab80 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java
@@ -25,6 +25,8 @@ package at.gv.egovernment.moa.id.protocols.saml1;
import java.util.ArrayList;
import java.util.List;
+import javax.servlet.http.HttpServletRequest;
+
import org.opensaml.saml2.core.Attribute;
import at.gv.egovernment.moa.id.config.ConfigurationException;
@@ -42,6 +44,16 @@ import at.gv.egovernment.moa.logging.Logger;
*/
public class SAML1RequestImpl extends RequestImpl {
+ /**
+ * @param req
+ * @throws ConfigurationException
+ */
+ public SAML1RequestImpl(HttpServletRequest req)
+ throws ConfigurationException {
+ super(req);
+
+ }
+
private static final long serialVersionUID = -4961979968425683115L;
private String sourceID = null;
diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java
index 9896f2454..13fb59038 100644
--- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java
+++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java
@@ -93,7 +93,7 @@ public class DatabaseTestModule implements TestModuleInterface{
private String testMOAConfigurationDatabase() throws Exception{
- String publicURLPreFix = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix();
+ List<String> publicURLPreFix = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix();
if (MiscUtil.isEmpty(publicURLPreFix))
return ("MOA-ID 2.x configuration can not be loaded from Database.");
diff --git a/id/server/modules/module-stork/pom.xml b/id/server/modules/module-stork/pom.xml
index 1b2e3f008..2fec7f519 100644
--- a/id/server/modules/module-stork/pom.xml
+++ b/id/server/modules/module-stork/pom.xml
@@ -22,6 +22,33 @@
<dependencies>
<dependency>
+ <groupId>eu.stork</groupId>
+ <artifactId>DocumentService</artifactId>
+ <version>0.0.1-SNAPSHOT</version>
+ <classifier>classes</classifier>
+ <exclusions>
+ <exclusion>
+ <artifactId>axis</artifactId>
+ <groupId>org.apache.axis</groupId>
+ </exclusion>
+ <exclusion>
+ <artifactId>bcprov-jdk16</artifactId>
+ <groupId>org.bouncycastle</groupId>
+ </exclusion>
+ <exclusion>
+ <artifactId>jaxws-tools</artifactId>
+ <groupId>com.sun.xml.ws</groupId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+
+ <dependency>
+ <groupId>eu.stork</groupId>
+ <artifactId>SamlEngine</artifactId>
+ <version>1.5.1</version>
+ </dependency>
+
+ <dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-test</artifactId>
<scope>test</scope>
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java
index 7c178d97e..c0422e06e 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java
@@ -1,6 +1,6 @@
package at.gv.egovernment.moa.id.auth.modules.stork.tasks;
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;
+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_SESSIONID;
import java.io.IOException;
import java.io.StringWriter;
@@ -17,7 +17,6 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.io.IOUtils;
-import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.lang3.BooleanUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.velocity.Template;
@@ -53,7 +52,6 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
@@ -61,9 +59,6 @@ import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.config.stork.CPEPS;
import at.gv.egovernment.moa.id.config.stork.STORKConfig;
import at.gv.egovernment.moa.id.config.stork.StorkAttribute;
-
-import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
@@ -71,6 +66,21 @@ import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.id.util.VelocityProvider;
import at.gv.egovernment.moa.logging.Logger;
+import eu.stork.oasisdss.api.AdditionalProfiles;
+import eu.stork.oasisdss.api.ApiUtils;
+import eu.stork.oasisdss.api.Profiles;
+import eu.stork.oasisdss.api.QualityLevels;
+import eu.stork.oasisdss.api.SignatureTypes;
+import eu.stork.oasisdss.api.exceptions.ApiUtilsException;
+import eu.stork.oasisdss.profile.AnyType;
+import eu.stork.oasisdss.profile.DocumentType;
+import eu.stork.oasisdss.profile.SignRequest;
+import eu.stork.peps.auth.commons.PEPSUtil;
+import eu.stork.peps.auth.commons.PersonalAttribute;
+import eu.stork.peps.auth.commons.PersonalAttributeList;
+import eu.stork.peps.auth.commons.STORKAuthnRequest;
+import eu.stork.peps.auth.engine.STORKSAMLEngine;
+import eu.stork.peps.exceptions.STORKSAMLEngineException;
/**
* Creates a SAML2 STORK authentication request, embeds it in a form (in order to satisfy saml post binging) and returns the form withing the HttpServletResponse.<p/>
@@ -120,6 +130,8 @@ public class CreateStorkAuthRequestFormTask extends AbstractAuthServletTask {
sessionID = (String) executionContext.get(PARAM_SESSIONID);
pendingRequestID = (String) executionContext.get("pendingRequestID");
+ String ccc = (String) executionContext.get("CCC");
+
// check parameter
if (!ParamValidatorUtils.isValidSessionID(sessionID)) {
@@ -145,10 +157,13 @@ public class CreateStorkAuthRequestFormTask extends AbstractAuthServletTask {
// STORK authentication
// cpeps cannot be null
- CPEPS cpeps = storkConfig.getCPEPS(moasession.getCcc());
+ CPEPS cpeps = storkConfig.getCPEPS(ccc);
Logger.debug("Found C-PEPS configuration for citizen of country: " + moasession.getCcc());
executionContext.put(PROCESS_CTX_KEY_CPEPS_ISXMLSIGSUPPORTED, cpeps.isXMLSignatureSupported());
+ //add selected Country-Code to MOASession DAO
+ moasession.setCcc(ccc);
+
Logger.info("Starting STORK authentication for a citizen of country: " + moasession.getCcc());
startSTORKAuthentication(req, resp, moasession, pendingReq);
@@ -207,7 +222,7 @@ public class CreateStorkAuthRequestFormTask extends AbstractAuthServletTask {
Logger.debug("C-PEPS URL: " + destination);
- String issuerValue = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix();
+ String issuerValue = pendingReq.getAuthURL();
// String acsURL = new DataURLBuilder().buildDataURL(issuerValue,
// PEPSConnectorServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN, moasession.getSessionID());
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java
index 8240f6d00..0ac26f45f 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java
@@ -30,7 +30,9 @@ import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.config.stork.StorkAttributeProviderPlugin;
+import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.HTTPUtils;
@@ -183,7 +185,8 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep
// throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID, "auth.12");
pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID);
-
+ IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID);
+
// load MOASession from database
AuthenticationSession moaSession = BaseAuthenticationServer.getSession(moaSessionID);
// change MOASessionID
@@ -294,7 +297,7 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep
// set return url to PEPSConnectorWithLocalSigningServlet and add newMOASessionID
// signRequest
- String issuerValue = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix();
+ String issuerValue = pendingReq.getAuthURL();
String acsURL = issuerValue
+ AbstractPepsConnectorWithLocalSigningTask.PEPSCONNECTOR_SERVLET_URL_PATTERN;
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
index 25cb952d7..2e72f216a 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
@@ -83,7 +83,7 @@ public class AttributeCollector implements IAction {
if (httpReq.getParameter("SAMLResponse") != null) {
Logger.info("Got SAML response from external attribute provider.");
- MOASTORKResponse STORK2Response = new MOASTORKResponse();
+ MOASTORKResponse STORK2Response = new MOASTORKResponse(httpReq);
//extract STORK Response from HTTP Request
byte[] decSamlToken;
@@ -173,7 +173,7 @@ public class AttributeCollector implements IAction {
SLOInformationImpl sloInfo = (SLOInformationImpl) processRequest(container, httpReq, httpResp, authData, oaParam);
if (sloInfo == null) {
- sloInfo = new SLOInformationImpl(null, null, null, req.requestedModule());
+ sloInfo = new SLOInformationImpl(req.getAuthURL(), null, null, null, req.requestedModule());
}
return sloInfo;
@@ -297,7 +297,7 @@ public class AttributeCollector implements IAction {
Logger.info(e.getAp().getClass().getSimpleName() + " is going to ask an external service provider for the requested attributes");
// add container-key to redirect embedded within the return URL
- e.getAp().performRedirect(AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + "/stork2/ResumeAuthentication?" + ARTIFACT_ID + "=" + newArtifactId, request, response, oaParam);
+ e.getAp().performRedirect(AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix().get(0) + "/stork2/ResumeAuthentication?" + ARTIFACT_ID + "=" + newArtifactId, request, response, oaParam);
} catch (Exception e1) {
// TODO should we return the response as is to the PEPS?
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
index 4d3c01bee..f16f7c9a8 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
@@ -85,7 +85,7 @@ public class AuthenticationRequest implements IAction {
if (oaParam == null)
throw new AuthenticationException("stork.12", new Object[]{req.getOAURL()});
- MOASTORKResponse moaStorkResponse = new MOASTORKResponse();
+ MOASTORKResponse moaStorkResponse = new MOASTORKResponse(httpReq);
// check if it is attribute query
if (moaStorkRequest.isAttrRequest()) {
@@ -217,9 +217,9 @@ public class AuthenticationRequest implements IAction {
String destinationURL = null;
try {
- issuer = new URL(AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix()).toString();
+ issuer = new URL(moaStorkRequest.getAuthURL()).toString();
destinationURL = AuthConfigurationProviderFactory.getInstance().getStorkConfig().getCPEPS(citizenCountryCode).getPepsURL().toString();
- publicURLPrefix = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix();
+ publicURLPrefix = moaStorkRequest.getAuthURL();
assertionConsumerURL = publicURLPrefix + "/stork2/SendPEPSAuthnRequest";
} catch (MalformedURLException ex) {
Logger.error("Wrong PublicURLPrefix setting of MOA instance: " + AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(), ex);
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
index 947accf8e..2b7d4e045 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
@@ -145,7 +145,7 @@ public class ConsentEvaluator implements IAction {
Template template = velocityEngine.getTemplate("/resources/templates/stork2_consent.html");
VelocityContext context = new VelocityContext();
- context.put("action", AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + "/stork2/GetConsent?" + ARTIFACT_ID + "=" + newArtifactId);
+ context.put("action", AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix().get(0) + "/stork2/GetConsent?" + ARTIFACT_ID + "=" + newArtifactId);
// assemble table
String table = "";
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java
index 11eb01453..4e666c21c 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java
@@ -26,6 +26,8 @@ import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
+import javax.servlet.http.HttpServletRequest;
+
import org.opensaml.saml2.core.Attribute;
import at.gv.egovernment.moa.id.auth.builder.DynamicOAAuthParameterBuilder;
@@ -52,6 +54,15 @@ import eu.stork.peps.auth.commons.STORKAuthnResponse;
*/
public class MOASTORKRequest extends RequestImpl {
+ /**
+ * @param req
+ * @throws ConfigurationException
+ */
+ public MOASTORKRequest(HttpServletRequest req)
+ throws ConfigurationException {
+ super(req);
+ }
+
public static final List<String> DEFAULTREQUESTEDATTRFORINTERFEDERATION = Arrays.asList(
new String[] {
PVPConstants.BPK_NAME,
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java
index d2cf2e813..a233835bf 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java
@@ -22,6 +22,7 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.stork2;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.moduls.RequestImpl;
import at.gv.egovernment.moa.logging.Logger;
@@ -33,6 +34,8 @@ import eu.stork.peps.auth.commons.STORKAuthnResponse;
import java.io.Serializable;
import java.util.List;
+import javax.servlet.http.HttpServletRequest;
+
import org.opensaml.saml2.core.Attribute;
/**
@@ -43,6 +46,15 @@ import org.opensaml.saml2.core.Attribute;
public class MOASTORKResponse extends RequestImpl {
/**
+ * @param req
+ * @throws ConfigurationException
+ */
+ public MOASTORKResponse(HttpServletRequest req)
+ throws ConfigurationException {
+ super(req);
+ }
+
+ /**
* The Constant serialVersionUID.
*/
private static final long serialVersionUID = -5798803155055518747L;
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java
index e58fe804f..2351450e4 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java
@@ -92,7 +92,7 @@ public class MandateRetrievalRequest implements IAction {
if (oaParam == null)
throw new AuthenticationException("stork.12", new Object[]{req.getOAURL()});
- MOASTORKResponse moaStorkResponse = new MOASTORKResponse();
+ MOASTORKResponse moaStorkResponse = new MOASTORKResponse(httpReq);
STORKAttrQueryResponse attrResponse = new STORKAttrQueryResponse();
this.authData = authData;
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
index 071b5ae8a..c4f9658e4 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java
@@ -91,8 +91,8 @@ public class STORKProtocol extends MOAIDAuthConstants implements IModulInfo {
Logger.debug("Request content length: " + request.getContentLength());
Logger.debug("Initiating action: " + action);
- MOASTORKRequest STORK2Request = new MOASTORKRequest();
- MOASTORKResponse STORK2Response = new MOASTORKResponse();
+ MOASTORKRequest STORK2Request = new MOASTORKRequest(request);
+ MOASTORKResponse STORK2Response = new MOASTORKResponse(request);
if (AttributeCollector.class.getSimpleName().equals(action) || ConsentEvaluator.class.getSimpleName().equals(action))
diff --git a/id/server/modules/pom.xml b/id/server/modules/pom.xml
index d44e2a18a..69cd7c217 100644
--- a/id/server/modules/pom.xml
+++ b/id/server/modules/pom.xml
@@ -41,6 +41,10 @@
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
</exclusion>
+ <exclusion>
+ <artifactId>DocumentService</artifactId>
+ <groupId>eu.stork</groupId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>