From 45e170310a012dca93d5e5d4dc0b54e6b0808e95 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 9 Aug 2013 11:01:40 +0200 Subject: BugFixes: >>PVP2 Metadata: - Load OA only if Authentication is required - Load Metadata enityID from Database >>LegacyConfigParser - Solve problems if no OnlineMandate or STORK config is included - try to load DefaultBKUURLs from TrustedBKUs - if old MOA-ID 2.x config exists, use this DefaultBKUs to import OnlineApplications >> ConfigurationTool - change LayOut --- .../configuration/filter/AuthenticationFilter.java | 14 ++- .../configuration/struts/action/EditOAAction.java | 2 + .../struts/action/ImportExportAction.java | 71 ++++++------ .../main/resources/applicationResources.properties | 2 +- id/ConfigWebTool/src/main/resources/struts.xml | 2 +- id/ConfigWebTool/src/main/webapp/css/index.css | 37 +++--- .../src/main/webapp/jsp/snippets/footer.jsp | 2 +- .../main/webapp/jsp/snippets/header_userinfos.jsp | 6 +- .../id/config/auth/AuthConfigurationProvider.java | 38 ++++-- .../id/config/legacy/BuildFromLegacyConfig.java | 103 ++++++++++++----- .../moa/id/entrypoints/DispatcherServlet.java | 127 +++++++++++---------- .../moa/id/protocols/pvp2x/MetadataAction.java | 2 +- 12 files changed, 247 insertions(+), 159 deletions(-) diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java index a58b20214..d90e6f9b1 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java @@ -1,6 +1,7 @@ package at.gv.egovernment.moa.id.configuration.filter; import java.io.IOException; +import java.io.PrintWriter; import java.util.ArrayList; import java.util.StringTokenizer; import java.util.regex.Pattern; @@ -173,8 +174,19 @@ public class AuthenticationFilter implements Filter{ } } + try { + filterchain.doFilter(req, resp); - filterchain.doFilter(req, resp); + } catch (Exception e) { + + String redirectURL = "./index.action"; + HttpServletResponse httpResp = (HttpServletResponse) resp; + redirectURL = httpResp.encodeRedirectURL(redirectURL); + resp.setContentType("text/html"); + ((HttpServletResponse) resp).setStatus(302); + httpResp.addHeader("Location", redirectURL); + log.warn("A Filter Error occurs -> Redirect to Login-Form"); + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java index 96918d37c..7be62d362 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java @@ -178,6 +178,8 @@ ServletResponseAware { errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.empty")); } else { + + //TODO: oaidentifier has to be a URL according to PVP2.1 specification if (ValidationHelper.isValidOAIdentifier(oaidentifier)) { log.warn("IdentificationNumber contains potentail XSS characters: " + oaidentifier); errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.valid", diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java index a8992e6b8..b683a95f9 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java @@ -103,34 +103,42 @@ implements ServletRequestAware, ServletResponseAware { return Constants.STRUTS_ERROR_VALIDATION; } log.debug("OpenSAML successfully initialized"); - - - MOAIDConfiguration moaconfig; try { - log.warn("WARNING! The legacy import deletes the hole old config"); - - List oas = ConfigurationDBRead.getAllOnlineApplications(); - if (oas != null && oas.size() > 0) { - for (OnlineApplication oa : oas) - ConfigurationDBUtils.delete(oa); - } + + MOAIDConfiguration moaidconfig = ConfigurationDBRead.getMOAIDConfiguration(); - - moaconfig = BuildFromLegacyConfig.build(fileUpload, ""); + MOAIDConfiguration moaconfig; + try { + log.warn("WARNING! The legacy import deletes the hole old config"); + + moaconfig = BuildFromLegacyConfig.build(fileUpload, "", moaidconfig); - } catch (ConfigurationException e) { - log.info("Legacy configuration has an Import Error", e); - addActionError(LanguageHelper.getErrorString("errors.importexport.legacyimport", new Object[] {e.getMessage()})); - return Constants.STRUTS_ERROR_VALIDATION; - } + } catch (ConfigurationException e) { + log.info("Legacy configuration has an Import Error", e); + addActionError(LanguageHelper.getErrorString("errors.importexport.legacyimport", new Object[] {e.getMessage()})); + ConfigurationDBUtils.closeSession(); + return Constants.STRUTS_ERROR_VALIDATION; + } //check if XML config should be use log.warn("WARNING! MOA-ID 2.0 is started with XML configuration. This setup overstrike the actual configuration in the Database!"); - try { - MOAIDConfiguration moaidconfig = ConfigurationDBRead.getMOAIDConfiguration(); + + if (moaidconfig != null) ConfigurationDBUtils.delete(moaidconfig); + + List oas = ConfigurationDBRead.getAllOnlineApplications(); + if (oas != null && oas.size() > 0) { + for (OnlineApplication oa : oas) + ConfigurationDBUtils.delete(oa); + } + + oas = moaconfig.getOnlineApplication(); + for (OnlineApplication oa : oas) + ConfigurationDBUtils.save(oa); + + moaconfig.setOnlineApplication(null); ConfigurationDBUtils.save(moaconfig); } catch (MOADatabaseException e) { @@ -227,19 +235,7 @@ implements ServletRequestAware, ServletResponseAware { addActionError(LanguageHelper.getErrorString("errors.importexport.nofile")); return Constants.STRUTS_ERROR_VALIDATION; } - - log.warn("WARNING! The XML import deletes the hole old config"); - - List oas = ConfigurationDBRead.getAllOnlineApplications(); - if (oas != null && oas.size() > 0) { - for (OnlineApplication oa : oas) - ConfigurationDBUtils.delete(oa); - } - MOAIDConfiguration moaidconfig = ConfigurationDBRead.getMOAIDConfiguration(); - if (moaidconfig != null) - ConfigurationDBUtils.delete(moaidconfig); - - + log.info("Load configuration from MOA-ID 2.x XML configuration"); try { @@ -247,6 +243,17 @@ implements ServletRequestAware, ServletResponseAware { Unmarshaller m = jc.createUnmarshaller(); MOAIDConfiguration moaconfig = (MOAIDConfiguration) m.unmarshal(fileUpload); + + log.warn("WARNING! The XML import deletes the hole old config"); + List oas = ConfigurationDBRead.getAllOnlineApplications(); + if (oas != null && oas.size() > 0) { + for (OnlineApplication oa : oas) + ConfigurationDBUtils.delete(oa); + } + MOAIDConfiguration moaidconfig = ConfigurationDBRead.getMOAIDConfiguration(); + if (moaidconfig != null) + ConfigurationDBUtils.delete(moaidconfig); + List importoas = moaconfig.getOnlineApplication(); for (OnlineApplication importoa : importoas) { ConfigurationDBUtils.saveOrUpdate(importoa); diff --git a/id/ConfigWebTool/src/main/resources/applicationResources.properties b/id/ConfigWebTool/src/main/resources/applicationResources.properties index 9ceaa75b3..46f591cb3 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources.properties @@ -139,7 +139,7 @@ webpages.oaconfig.general.bku.online=Online BKU webpages.oaconfig.general.bku.handy=Handy BKU webpages.oaconfig.general.bku.slversion=SecurityLayer Version webpages.oaconfig.general.bku.keyboxidentifier=KeyBoxIdentifier -webpages.oaconfig.general.identification=Eindeutiger Identifikatior +webpages.oaconfig.general.identification=Eindeutiger Identifikatior (PublicURLPrefix) webpages.oaconfig.general.mandate.header=Vollmachten webpages.oaconfig.general.mandate.profiles=Profile webpages.oaconfig.general.friendlyname=Name der Online-Applikation diff --git a/id/ConfigWebTool/src/main/resources/struts.xml b/id/ConfigWebTool/src/main/resources/struts.xml index a729f5f57..3b33bffcb 100644 --- a/id/ConfigWebTool/src/main/resources/struts.xml +++ b/id/ConfigWebTool/src/main/resources/struts.xml @@ -29,7 +29,7 @@ index / - + diff --git a/id/ConfigWebTool/src/main/webapp/css/index.css b/id/ConfigWebTool/src/main/webapp/css/index.css index 49e9f41d1..6eeb6a4ee 100644 --- a/id/ConfigWebTool/src/main/webapp/css/index.css +++ b/id/ConfigWebTool/src/main/webapp/css/index.css @@ -1,9 +1,14 @@ @CHARSET "UTF-8"; #header_area { - height: 40px; - background-color: green; + padding-bottom: 10px; + background-color: #6FA5D4; display: block; + font-size: 20px; + /* margin-left: 25px; */ + padding-top: 10px; + padding-left: 25px; + border-radius: 3px; } #header_area>div { @@ -26,9 +31,11 @@ margin-left: 15px; position: relative; padding-left: 15px; + padding-top: 10px; float: left; - background-color: gray; - + /* background-color: gray; */ + background-color: #CACACA; + border-radius: 5px; } .menu_element { @@ -36,7 +43,8 @@ margin-bottom: 15px; font-size: 20px; display: block; - background-color: red; +/* background-color: red; */ + background-color: #6FA5D4; margin-right: 18px; margin-top: 5px; height: 30px; @@ -165,13 +173,13 @@ padding-right: 10px; padding-top: 3px; text-align: right; - width: 250px; + width: 300px; } .wwctrl { float: left; padding-bottom: 5px; - padding-top: 5px; + padding-top: 1px; text-align: left; } @@ -273,18 +281,17 @@ div .wwgrp br { } #footer_area { - background-color: green; + background-color: #6FA5D4; clear: both; display: block; - height: 40px; +/* height: 40px; */ + padding-bottom: 10px; margin-top: 15px; padding-left: 30px; position: relative; top: 15px; -} - -#footer_area>p { - font-size: 20px; - text-align: center; - padding-top: 8px; + font-size: 20px; + text-align: center; + padding-top: 10px; + border-radius: 3px; } diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/footer.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/footer.jsp index a0f12eed4..3f00984f2 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/footer.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/footer.jsp @@ -4,6 +4,6 @@ \ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/header_userinfos.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/header_userinfos.jsp index 56fcf9681..72affde79 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/header_userinfos.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/header_userinfos.jsp @@ -4,14 +4,14 @@
-
<%=LanguageHelper.getGUIString("webpages.header.info", request) %> + + <%=LanguageHelper.getGUIString("webpages.header.info", request) %> ,    <%=LanguageHelper.getGUIString("webpages.header.lastlogin", request) %> "><%=LanguageHelper.getGUIString("webpages.index.logout", request) %> -
+ -
\ No newline at end of file diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index da3a79d32..f4cdeddb7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -323,7 +323,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider { String legacyconfig = props.getProperty("configuration.xml.legacy"); String xmlconfig = props.getProperty("configuration.xml"); - String xmlconfigout = props.getProperty("configuration.xml.out"); +// String xmlconfigout = props.getProperty("configuration.xml.out"); //check if XML config should be used @@ -344,8 +344,15 @@ public class AuthConfigurationProvider extends ConfigurationProvider { if (MiscUtil.isNotEmpty(legacyconfig)) { Logger.warn("WARNING! MOA-ID 2.0 is started with legacy configuration. This setup is not recommended!"); - MOAIDConfiguration moaconfig = BuildFromLegacyConfig.build(new File(legacyconfig), rootConfigFileDir); + MOAIDConfiguration moaconfig = BuildFromLegacyConfig.build(new File(legacyconfig), rootConfigFileDir, null); + + List oas = moaconfig.getOnlineApplication(); + for (OnlineApplication oa : oas) + ConfigurationDBUtils.save(oa); + + moaconfig.setOnlineApplication(null); ConfigurationDBUtils.save(moaconfig); + Logger.info("Legacy Configuration load is completed."); @@ -361,6 +368,13 @@ public class AuthConfigurationProvider extends ConfigurationProvider { File file = new File(xmlconfig); MOAIDConfiguration moaconfig = (MOAIDConfiguration) m.unmarshal(file); //ConfigurationDBUtils.save(moaconfig); + + List importoas = moaconfig.getOnlineApplication(); + for (OnlineApplication importoa : importoas) { + ConfigurationDBUtils.saveOrUpdate(importoa); + } + + moaconfig.setOnlineApplication(null); ConfigurationDBUtils.saveOrUpdate(moaconfig); } catch (Exception e) { @@ -375,16 +389,16 @@ public class AuthConfigurationProvider extends ConfigurationProvider { Logger.info("MOA-ID 2.0 is loaded."); - //TODO: only for Testing!!! - if (MiscUtil.isNotEmpty(xmlconfigout)) { - Logger.info("Write MOA-ID 2.x xml config into " + xmlconfig); - JAXBContext jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config"); - Marshaller m = jc.createMarshaller(); - m.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true); - File test = new File(xmlconfigout); - m.marshal(moaidconfig, test); - - } +// //TODO: only for Testing!!! +// if (MiscUtil.isNotEmpty(xmlconfigout)) { +// Logger.info("Write MOA-ID 2.x xml config into " + xmlconfig); +// JAXBContext jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config"); +// Marshaller m = jc.createMarshaller(); +// m.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true); +// File test = new File(xmlconfigout); +// m.marshal(moaidconfig, test); +// +// } //build STORK Config AuthComponentGeneral auth = getAuthComponentGeneral(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java index 762669a70..c807fdc7d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java @@ -17,6 +17,7 @@ import java.util.Map; import java.util.Properties; import java.util.Set; +import org.bouncycastle.crypto.macs.OldHMac; import org.opensaml.saml2.metadata.RequestedAttribute; import org.opensaml.xml.XMLObject; import org.w3c.dom.Element; @@ -77,12 +78,17 @@ import at.gv.egovernment.moa.id.data.IssuerAndSerial; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.MiscUtil; public class BuildFromLegacyConfig { private static final String GENERIC_CONFIG_PARAM_SOURCEID = "AuthenticationServer.SourceID"; + + private static final String SEARCHBKUTEMPLATE_LOCAL = "https://127.0.0.1:3496/"; + private static final String SEARCHBKUTEMPLATE_HANDY = "https://www.handy-signatur.at"; + private static final String SEARCHBKUTEMPLATE_ONLINE = "bkuonline/http-security-layer-request"; - public static MOAIDConfiguration build(File fileName, String rootConfigFileDir) throws ConfigurationException { + public static MOAIDConfiguration build(File fileName, String rootConfigFileDir, MOAIDConfiguration oldconfig) throws ConfigurationException { InputStream stream = null; Element configElem; ConfigurationBuilder builder; @@ -109,6 +115,10 @@ public class BuildFromLegacyConfig { } try { + String oldbkuonline = ""; + String oldbkulocal = ""; + String oldbkuhandy = ""; + // build the internal datastructures builder = new ConfigurationBuilder(configElem, rootConfigFileDir); @@ -309,24 +319,31 @@ public class BuildFromLegacyConfig { } auth_foreign_stork.setCPEPS(auth_foreign_stork_cpeps); + //set SAMLSigningParameter - SAMLSigningParameter auth_foreign_stork_samlSign = new SAMLSigningParameter(); - auth_foreign_stork.setSAMLSigningParameter(auth_foreign_stork_samlSign); - - SignatureCreationParameterType stork_saml_creat = new SignatureCreationParameterType(); - auth_foreign_stork_samlSign.setSignatureCreationParameter(stork_saml_creat); - KeyStore stork_saml_creat_keystore = new KeyStore(); - stork_saml_creat.setKeyStore(stork_saml_creat_keystore); - stork_saml_creat_keystore.setPassword(storkConfig.getSignatureCreationParameter().getKeyStorePassword()); - stork_saml_creat_keystore.setValue(storkConfig.getSignatureCreationParameter().getKeyStorePath()); - KeyName stork_saml_creat_keyname = new KeyName(); - stork_saml_creat.setKeyName(stork_saml_creat_keyname); - stork_saml_creat_keyname.setValue(storkConfig.getSignatureCreationParameter().getKeyName()); - stork_saml_creat_keyname.setPassword(storkConfig.getSignatureCreationParameter().getKeyPassword()); - - SignatureVerificationParameterType stork_saml_verify = new SignatureVerificationParameterType(); - auth_foreign_stork_samlSign.setSignatureVerificationParameter(stork_saml_verify); - stork_saml_verify.setTrustProfileID(storkConfig.getSignatureVerificationParameter().getTrustProfileID()); + if (storkConfig.getSignatureCreationParameter() != null && + storkConfig.getSignatureVerificationParameter() != null) { + SAMLSigningParameter auth_foreign_stork_samlSign = new SAMLSigningParameter(); + auth_foreign_stork.setSAMLSigningParameter(auth_foreign_stork_samlSign); + + SignatureCreationParameterType stork_saml_creat = new SignatureCreationParameterType(); + auth_foreign_stork_samlSign.setSignatureCreationParameter(stork_saml_creat); + KeyStore stork_saml_creat_keystore = new KeyStore(); + stork_saml_creat.setKeyStore(stork_saml_creat_keystore); + stork_saml_creat_keystore.setPassword(storkConfig.getSignatureCreationParameter().getKeyStorePassword()); + stork_saml_creat_keystore.setValue(storkConfig.getSignatureCreationParameter().getKeyStorePath()); + KeyName stork_saml_creat_keyname = new KeyName(); + stork_saml_creat.setKeyName(stork_saml_creat_keyname); + stork_saml_creat_keyname.setValue(storkConfig.getSignatureCreationParameter().getKeyName()); + stork_saml_creat_keyname.setPassword(storkConfig.getSignatureCreationParameter().getKeyPassword()); + + + + SignatureVerificationParameterType stork_saml_verify = new SignatureVerificationParameterType(); + auth_foreign_stork_samlSign.setSignatureVerificationParameter(stork_saml_verify); + stork_saml_verify.setTrustProfileID(storkConfig.getSignatureVerificationParameter().getTrustProfileID()); + + } //TODO: check correctness //set QualityAuthenticationAssurance @@ -335,20 +352,44 @@ public class BuildFromLegacyConfig { //set OnlineMandates config ConnectionParameter onlineMandatesConnectionParameter = builder.buildOnlineMandatesConnectionParameter(); - OnlineMandates auth_mandates = new OnlineMandates(); - generalAuth.setOnlineMandates(auth_mandates); - auth_mandates.setConnectionParameter( + if (onlineMandatesConnectionParameter != null) { + OnlineMandates auth_mandates = new OnlineMandates(); + generalAuth.setOnlineMandates(auth_mandates); + auth_mandates.setConnectionParameter( parseConnectionParameterClientAuth(onlineMandatesConnectionParameter)); + } //TODO: add auth template configuration!!! + + if (oldconfig != null) { + if (oldconfig.getDefaultBKUs() != null) { + oldbkuhandy = oldconfig.getDefaultBKUs().getHandyBKU(); + oldbkulocal = oldconfig.getDefaultBKUs().getLocalBKU(); + oldbkuonline = oldconfig.getDefaultBKUs().getOnlineBKU(); + } + } else { + List trustbkus = builder.getTrustedBKUs(); + for (String trustbku : trustbkus) { + if (MiscUtil.isEmpty(oldbkuonline) && trustbku.endsWith(SEARCHBKUTEMPLATE_ONLINE)) + oldbkuonline = trustbku; + + if (MiscUtil.isEmpty(oldbkuhandy) && trustbku.startsWith(SEARCHBKUTEMPLATE_HANDY)) + oldbkuhandy = trustbku; + + if (MiscUtil.isEmpty(oldbkulocal) && trustbku.startsWith(SEARCHBKUTEMPLATE_LOCAL)) + oldbkulocal = trustbku; + } + + } + //set OnlineApplications OAAuthParameter[] onlineApplicationAuthParameters = builder.buildOnlineApplicationAuthParameters(defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID); - // ArrayList moa_oas = new ArrayList(); -// moaIDConfig.setOnlineApplication(moa_oas); + ArrayList moa_oas = new ArrayList(); + moaIDConfig.setOnlineApplication(moa_oas); for (OAAuthParameter oa : onlineApplicationAuthParameters) { OnlineApplication moa_oa = new OnlineApplication(); @@ -375,9 +416,9 @@ public class BuildFromLegacyConfig { //BKUURLs BKUURLS bkuurls = new BKUURLS(); - bkuurls.setOnlineBKU("https://labda.iaik.tugraz.at:8843/bkuonline/https-security-layer-request"); - bkuurls.setHandyBKU("https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx"); - bkuurls.setLocalBKU("https://127.0.0.1:3496/https-security-layer-request"); + bkuurls.setOnlineBKU(oldbkuonline); + bkuurls.setHandyBKU(oldbkuhandy); + bkuurls.setLocalBKU(oldbkulocal); oa_auth.setBKUURLS(bkuurls); //IdentificationNumber @@ -451,8 +492,8 @@ public class BuildFromLegacyConfig { // oa_pvp2.setCertificate(null); // } - //moa_oas.add(moa_oa); - ConfigurationDBUtils.save(moa_oa); + moa_oas.add(moa_oa); + //ConfigurationDBUtils.save(moa_oa); } //removed from MOAID 2.0 config @@ -498,9 +539,9 @@ public class BuildFromLegacyConfig { //set DefaultBKUs DefaultBKUs moa_defaultbkus = new DefaultBKUs(); moaIDConfig.setDefaultBKUs(moa_defaultbkus); - moa_defaultbkus.setOnlineBKU("https://labda.iaik.tugraz.at:8843/bkuonline/https-security-layer-request"); - moa_defaultbkus.setHandyBKU("https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx"); - moa_defaultbkus.setLocalBKU("https://127.0.0.1:3496/https-security-layer-request"); + moa_defaultbkus.setOnlineBKU(oldbkuonline); + moa_defaultbkus.setHandyBKU(oldbkuhandy); + moa_defaultbkus.setLocalBKU(oldbkulocal); //set SLRequest Templates diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index 2a28bcd15..604077844 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -315,27 +315,21 @@ public class DispatcherServlet extends AuthServlet{ } } - - - - //load Parameters from OnlineApplicationConfiguration - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter(protocolRequest.getOAURL()); - - if (oaParam == null) { - throw new AuthenticationException("auth.00", new Object[] { protocolRequest.getOAURL() }); - } RequestStorage.setPendingRequest(httpSession, protocolRequests); - AuthenticationManager authmanager = AuthenticationManager.getInstance(); - + AuthenticationManager authmanager = AuthenticationManager.getInstance(); SSOManager ssomanager = SSOManager.getInstance(); + String moasessionID = null; + AuthenticationSession moasession = null; + //get SSO Cookie for Request String ssoId = ssomanager.getSSOSessionID(req); - - if (moduleAction.needAuthentication(protocolRequest, req, resp)) { + + boolean needAuthentication = moduleAction.needAuthentication(protocolRequest, req, resp); + + if (needAuthentication) { //check SSO session if (ssoId != null) { @@ -349,6 +343,15 @@ public class DispatcherServlet extends AuthServlet{ ssomanager.deleteSSOSessionID(req, resp); } } + + //load Parameters from OnlineApplicationConfiguration + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(protocolRequest.getOAURL()); + + if (oaParam == null) { + throw new AuthenticationException("auth.00", new Object[] { protocolRequest.getOAURL() }); + } + isValidSSOSession = ssomanager.isValidSSOSession(ssoId, req); useSSOOA = oaParam.useSSO(); @@ -387,72 +390,74 @@ public class DispatcherServlet extends AuthServlet{ return; } } - - } - - String moasessionID = null; - AuthenticationSession moasession = null; - - if ((useSSOOA || isValidSSOSession)) //TODO: SSO with mandates requires an OVS extension - { - - //TODO SSO Question!!!! - if (useSSOOA && isValidSSOSession) { - moasessionID = ssomanager.getMOASession(ssoId); - moasession = AuthenticationSessionStoreage.getSession(moasessionID); + + if ((useSSOOA || isValidSSOSession)) //TODO: SSO with mandates requires an OVS extension + { + + //TODO SSO Question!!!! + if (useSSOOA && isValidSSOSession) { - //use new OAParameter - if (oaParam.useSSOQuestion() && !AuthenticationSessionStoreage.isAuthenticated(moasessionID)) { - authmanager.sendTransmitAssertionQuestion(req, resp, protocolRequest, oaParam); - return; - } - } - else { + moasessionID = ssomanager.getMOASession(ssoId); + moasession = AuthenticationSessionStoreage.getSession(moasessionID); + + //use new OAParameter + if (oaParam.useSSOQuestion() && !AuthenticationSessionStoreage.isAuthenticated(moasessionID)) { + authmanager.sendTransmitAssertionQuestion(req, resp, protocolRequest, oaParam); + return; + } + } + else { + + //TODO: maybe transmit moasessionID with http GET to handle more then one PendingRequest! + moasessionID = (String) req.getParameter(PARAM_SESSIONID); + +// moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(), +// AuthenticationManager.MOA_SESSION, null); + + moasession = AuthenticationSessionStoreage.getSession(moasessionID); + } - //TODO: maybe transmit moasessionID with http GET to handle more then one PendingRequest! - moasessionID = (String) req.getParameter(PARAM_SESSIONID); + //save SSO session usage in Database + String newSSOSessionId = ssomanager.storeSSOSessionInformations(moasessionID, protocolRequest.getOAURL()); + + if (newSSOSessionId != null) { + ssomanager.setSSOSessionID(req, resp, newSSOSessionId); + } else { + ssomanager.deleteSSOSessionID(req, resp); + } + + } else { // moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(), -// AuthenticationManager.MOA_SESSION, null); +// AuthenticationManager.MOA_SESSION, null); + + moasessionID = (String) req.getParameter(PARAM_SESSIONID); moasession = AuthenticationSessionStoreage.getSession(moasessionID); } + - //save SSO session usage in Database - String newSSOSessionId = ssomanager.storeSSOSessionInformations(moasessionID, protocolRequest.getOAURL()); - - if (newSSOSessionId != null) { - ssomanager.setSSOSessionID(req, resp, newSSOSessionId); - - } else { - ssomanager.deleteSSOSessionID(req, resp); - } - - } else { -// moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(), -// AuthenticationManager.MOA_SESSION, null); - - moasessionID = (String) req.getParameter(PARAM_SESSIONID); - - moasession = AuthenticationSessionStoreage.getSession(moasessionID); + } - + moduleAction.processRequest(protocolRequest, req, resp, moasession); RequestStorage.removePendingRequest(protocolRequests, protocolRequestID); - boolean isSSOSession = AuthenticationSessionStoreage.isSSOSession(moasessionID); + if (needAuthentication) { + boolean isSSOSession = AuthenticationSessionStoreage.isSSOSession(moasessionID); - if ((useSSOOA || isSSOSession) //TODO: SSO with mandates requires an OVS extension + if ((useSSOOA || isSSOSession) //TODO: SSO with mandates requires an OVS extension && !moasession.getUseMandate()) - { + { - } else { - authmanager.logout(req, resp, moasessionID); - } + } else { + authmanager.logout(req, resp, moasessionID); + } //authmanager.logout(req, resp); + } } catch (Throwable e) { e.printStackTrace(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java index 9fc213a48..3d0fd80bd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java @@ -63,7 +63,7 @@ public class MetadataAction implements IAction { idpEntitiesDescriptor.getEntityDescriptors().add(idpEntityDescriptor); idpEntityDescriptor - .setEntityID("https://localhost:8443/moa-id-auth"); + .setEntityID(PVPConfiguration.getInstance().getIDPPublicPath()); List persons = PVPConfiguration.getInstance() .getIDPContacts(); -- cgit v1.2.3