aboutsummaryrefslogtreecommitdiff
path: root/spss/server/serverlib/src/main/java/at
diff options
context:
space:
mode:
Diffstat (limited to 'spss/server/serverlib/src/main/java/at')
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java2
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java1
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ExternalURIResolver.java4
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/ServiceUtils.java27
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureCreationService.java1
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/ExternalURIVerifier.java13
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/MOASPSSEntityResolver.java16
7 files changed, 38 insertions, 26 deletions
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
index 1211b5e94..40416f121 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
@@ -408,7 +408,7 @@ public class ConfigurationPartsBuilder {
Element permitExtElem = null;
while ((permitExtElem = (Element) permitExtIter.nextNode()) != null) {
- String host = getElementValue(permitExtElem, CONF + "Host", null);
+ String host = getElementValue(permitExtElem, CONF + "IP", null);
String port = getElementValue(permitExtElem, CONF + "Port", null);
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java
index 0d100676b..148be664b 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java
@@ -72,7 +72,6 @@ import at.gv.egovernment.moa.spss.util.MessageProvider;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.EntityResolverChain;
-import at.gv.egovernment.moa.util.MOAEntityResolver;
import at.gv.egovernment.moa.util.MOAErrorHandler;
import at.gv.egovernment.moa.util.StreamEntityResolver;
import at.gv.egovernment.moa.util.StreamUtils;
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ExternalURIResolver.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ExternalURIResolver.java
index e09ade231..84172a4d5 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ExternalURIResolver.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ExternalURIResolver.java
@@ -101,7 +101,7 @@ public class ExternalURIResolver {
try {
// create the URL
url = new URL(uriStr);
- System.out.println("ExternalURIResolver: " + url);
+ //System.out.println("ExternalURIResolver: " + url);
ExternalURIVerifier.verify(url.getHost(), url.getPort());
} catch (MalformedURLException e) {
@@ -113,6 +113,8 @@ public class ExternalURIResolver {
connection = url.openConnection();
if ("http".equals(url.getProtocol())) {
HttpURLConnection httpConnection = (HttpURLConnection) connection;
+ // disallow redirects
+ httpConnection.setInstanceFollowRedirects(false);
httpConnection.connect();
if (httpConnection.getResponseCode() != HttpURLConnection.HTTP_OK) {
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/ServiceUtils.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/ServiceUtils.java
index a088916a9..1bb125c74 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/ServiceUtils.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/ServiceUtils.java
@@ -29,10 +29,12 @@ import java.io.ByteArrayInputStream;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.util.MOASPSSEntityResolver;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DOMUtils;
-
-import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.util.MOAEntityResolver;
+import at.gv.egovernment.moa.util.MOAErrorHandler;
/**
* Helper methods for the Service classes.
@@ -56,7 +58,8 @@ public class ServiceUtils {
DOMUtils.validateElement(
request[0],
Constants.ALL_SCHEMA_LOCATIONS,
- null);
+ null,
+ new MOASPSSEntityResolver());
} catch (Exception e) {
throw new MOAApplicationException(
"1100",
@@ -78,12 +81,18 @@ public class ServiceUtils {
try {
byte[] requestBytes = DOMUtils.serializeNode(request, "UTF-8");
- Document validatedRequest =
- DOMUtils.parseDocument(
- new ByteArrayInputStream(requestBytes),
- true,
- Constants.ALL_SCHEMA_LOCATIONS,
- null);
+ Document validatedRequest = DOMUtils.parseDocument(new ByteArrayInputStream(requestBytes),
+ true,
+ Constants.ALL_SCHEMA_LOCATIONS,
+ null,
+ new MOASPSSEntityResolver(),
+ new MOAErrorHandler());
+
+// DOMUtils.parseDocument(
+// new ByteArrayInputStream(requestBytes),
+// true,
+// Constants.ALL_SCHEMA_LOCATIONS,
+// null);
return validatedRequest.getDocumentElement();
} catch (Exception e) {
throw new MOAApplicationException(
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureCreationService.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureCreationService.java
index 3304e262f..7a7bb88bb 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureCreationService.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureCreationService.java
@@ -94,6 +94,7 @@ public class SignatureCreationService {
//since Axis (1.1 ff) has problem with namespaces we take the raw request stored by the Axishandler.
TransactionContext context = TransactionContextManager.getInstance().getTransactionContext();
+
// validate the request
reparsedReq = ServiceUtils.reparseRequest(request[0]);//context.getRequest());
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/ExternalURIVerifier.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/ExternalURIVerifier.java
index 1f1282e66..dafb89f16 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/ExternalURIVerifier.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/ExternalURIVerifier.java
@@ -5,6 +5,8 @@ import java.net.UnknownHostException;
import java.util.Iterator;
import java.util.List;
+import at.gv.egovernment.moa.logging.LogMsg;
+import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.spss.MOAApplicationException;
import at.gv.egovernment.moa.spss.server.config.ConfigurationException;
import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
@@ -13,7 +15,6 @@ public class ExternalURIVerifier {
public static void verify(String host, int port) throws MOAApplicationException {
- System.out.println("ExternalURIVerifier: " + host + ":" + port);
if (host == null)
return;
@@ -39,15 +40,15 @@ public class ExternalURIVerifier {
if (bport == null || port == -1) {
// check only host
if (ip.startsWith(bhost)) {
- System.out.println("Blacklist check: " + host + " (" + ip + ") blacklisted");
+ Logger.debug(new LogMsg("Blacklist check: " + host + " (" + ip + ") blacklisted"));
throw new MOAApplicationException("4002", new Object[]{host + "(" + ip + ")"});
}
}
else {
// check host and port
int iport = new Integer(bport).intValue();
- if (ip.startsWith(bhost) && (iport == port)) {
- System.out.println("Blacklist check: " + host + ":" + port + " (" + ip + ":" + port + " blacklisted");
+ if (ip.startsWith(bhost) && (iport == port)) {
+ Logger.debug(new LogMsg("Blacklist check: " + host + ":" + port + " (" + ip + ":" + port + " blacklisted"));
throw new MOAApplicationException("4002", new Object[]{host + ":" + port + " (" + ip + ":" + port + ")"});
}
@@ -55,11 +56,11 @@ public class ExternalURIVerifier {
}
}
else {
- System.out.println("No external URIs allowed (" + host + ")");
+ Logger.debug(new LogMsg("No external URIs allowed (" + host + ")"));
throw new MOAApplicationException("4001", new Object[]{host});
}
- System.out.println("URI allowed: " + ip + ":" + port);
+ Logger.debug(new LogMsg("URI allowed: " + ip + ":" + port));
} catch (ConfigurationException e) {
throw new MOAApplicationException("config.10", null);
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/MOASPSSEntityResolver.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/MOASPSSEntityResolver.java
index 1f12fb869..b5f72c4ab 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/MOASPSSEntityResolver.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/MOASPSSEntityResolver.java
@@ -29,6 +29,7 @@ import org.apache.xerces.util.URI;
import org.apache.xerces.util.URI.MalformedURIException;
import org.xml.sax.EntityResolver;
import org.xml.sax.InputSource;
+import org.xml.sax.SAXException;
import at.gv.egovernment.moa.logging.LogMsg;
import at.gv.egovernment.moa.logging.Logger;
@@ -68,12 +69,10 @@ public class MOASPSSEntityResolver implements EntityResolver {
* <code>null</code>, if the entity could not be found.
* @see org.xml.sax.EntityResolver#resolveEntity(java.lang.String, java.lang.String)
*/
- public InputSource resolveEntity(String publicId, String systemId) {
+ public InputSource resolveEntity(String publicId, String systemId) throws SAXException {
InputStream stream;
int slashPos;
- System.out.println("MOASPSSEntityResover: " + publicId + " - " + systemId);
-
if (Logger.isDebugEnabled()) {
Logger.debug(
new LogMsg("resolveEntity: p=" + publicId + " s=" + systemId));
@@ -95,21 +94,22 @@ public class MOASPSSEntityResolver implements EntityResolver {
try {
URI uri = new URI(systemId);
systemId = uri.getPath();
- System.out.println("MOASPSSEntityResover: " + uri);
- if (!"file".equals(uri.getScheme()) || "".equals(systemId.trim())) {
+ if ("".equals(systemId.trim())) {
return null;
}
-
+// if (!"file".equals(uri.getScheme()) || "".equals(systemId.trim())) {
+// return null;
+// }
+
ExternalURIVerifier.verify(uri.getHost(), uri.getPort());
} catch (MalformedURIException e) {
return null;
}
catch (MOAApplicationException e) {
- e.printStackTrace();
- return null;
+ throw new SAXException(e);
}
// try to get the resource from the full path