From 5c624611466c97833c6f2f07688d7ad1232a2f45 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 19 Dec 2017 06:58:51 +0100 Subject: if auth. req. preprocessing failes, write transaction error into revisionsLogger --- .../AbstractAuthProtocolModulController.java | 3 + .../moa/id/protocols/pvp2x/PVP2XProtocol.java | 75 +++++++++++++++++++--- .../moa/id/protocols/eidas/EIDASProtocol.java | 17 ++++- 3 files changed, 86 insertions(+), 9 deletions(-) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractAuthProtocolModulController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractAuthProtocolModulController.java index 95a7660d1..945033454 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractAuthProtocolModulController.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractAuthProtocolModulController.java @@ -264,6 +264,9 @@ public abstract class AbstractAuthProtocolModulController extends AbstractContro //log Error Message statisticLogger.logErrorOperation(throwable, protocolRequest); + //write revision log entries + revisionsLogger.logEvent(protocolRequest, MOAIDEventConstants.TRANSACTION_ERROR, protocolRequest.getUniqueTransactionIdentifier()); + return; } else { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index cdb85c563..4369a469a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -172,9 +172,11 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { } + PVPTargetConfiguration pendingReq = null; + try { //create pendingRequest object - PVPTargetConfiguration pendingReq = applicationContext.getBean(PVPTargetConfiguration.class); + pendingReq = applicationContext.getBean(PVPTargetConfiguration.class); pendingReq.initialize(req); pendingReq.setModule(NAME); @@ -198,20 +200,39 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { } catch (SecurityPolicyException e) { String samlRequest = req.getParameter("SAMLRequest"); Logger.warn("Receive INVALID protocol request: " + samlRequest, e); + + //write revision log entries + if (pendingReq != null) + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier()); + throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}); } catch (SecurityException e) { String samlRequest = req.getParameter("SAMLRequest"); Logger.warn("Receive INVALID protocol request: " + samlRequest, e); + + //write revision log entries + if (pendingReq != null) + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier()); + throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}); } catch (MOAIDException e) { + + //write revision log entries + if (pendingReq != null) + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier()); + throw e; } catch (Throwable e) { String samlRequest = req.getParameter("SAMLRequest"); Logger.warn("Receive INVALID protocol request: " + samlRequest, e); - + + //write revision log entries + if (pendingReq != null) + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier()); + throw new MOAIDException("pvp2.24", new Object[] {e.getMessage()}); } } @@ -224,10 +245,10 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); } - + PVPTargetConfiguration pendingReq = null; try { //create pendingRequest object - PVPTargetConfiguration pendingReq = applicationContext.getBean(PVPTargetConfiguration.class); + pendingReq = applicationContext.getBean(PVPTargetConfiguration.class); pendingReq.initialize(req); pendingReq.setModule(NAME); @@ -251,21 +272,40 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { } catch (SecurityPolicyException e) { String samlRequest = req.getParameter("SAMLRequest"); Logger.warn("Receive INVALID protocol request: " + samlRequest, e); + + //write revision log entries + if (pendingReq != null) + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier()); + throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}); } catch (SecurityException e) { String samlRequest = req.getParameter("SAMLRequest"); Logger.warn("Receive INVALID protocol request: " + samlRequest, e); + + //write revision log entries + if (pendingReq != null) + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier()); + throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}); } catch (MOAIDException e) { String samlRequest = req.getParameter("SAMLRequest"); Logger.info("Receive INVALID protocol request: " + samlRequest); + + //write revision log entries + if (pendingReq != null) + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier()); + throw e; } catch (Throwable e) { String samlRequest = req.getParameter("SAMLRequest"); Logger.warn("Receive INVALID protocol request: " + samlRequest, e); + + //write revision log entries + if (pendingReq != null) + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier()); throw new MOAIDException("pvp2.24", new Object[] {e.getMessage()}); } @@ -280,10 +320,11 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); } - + + PVPTargetConfiguration pendingReq = null; try { //create pendingRequest object - PVPTargetConfiguration pendingReq = applicationContext.getBean(PVPTargetConfiguration.class); + pendingReq = applicationContext.getBean(PVPTargetConfiguration.class); pendingReq.initialize(req); pendingReq.setModule(NAME); @@ -307,20 +348,38 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController { } catch (SecurityPolicyException e) { String samlRequest = req.getParameter("SAMLRequest"); Logger.warn("Receive INVALID protocol request: " + samlRequest, e); + + //write revision log entries + if (pendingReq != null) + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier()); + throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}); } catch (SecurityException e) { String samlRequest = req.getParameter("SAMLRequest"); Logger.warn("Receive INVALID protocol request: " + samlRequest, e); + + //write revision log entries + if (pendingReq != null) + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier()); + throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}); - } catch (MOAIDException e) { + } catch (MOAIDException e) { + //write revision log entries + if (pendingReq != null) + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier()); + throw e; } catch (Throwable e) { String samlRequest = req.getParameter("SAMLRequest"); Logger.warn("Receive INVALID protocol request: " + samlRequest, e); - + + //write revision log entries + if (pendingReq != null) + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier()); + throw new MOAIDException("pvp2.24", new Object[] {e.getMessage()}); } } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java index 8fb81082f..2948c0d53 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java @@ -370,17 +370,32 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController { } catch (MOAIDException e) { Logger.info("eIDAS AuthnRequest preProcessing FAILED. Msg:" + e.getMessage()); + + //write revision log entries + if (pendingReq != null) + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier()); + throw e; } catch (EIDASSAMLEngineException e) { Logger.info("eIDAS AuthnRequest preProcessing FAILED. Msg:" + e.getMessage()); + + //write revision log entries + if (pendingReq != null) + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier()); + throw new EIDASAuthnRequestProcessingException("eIDAS.06", new Object[]{e.getMessage()}, e); } catch(Exception e) { Logger.warn("eIDAS AuthnRequest preProcessing FAILED. Msg:" + e.getMessage(), e); + + //write revision log entries + if (pendingReq != null) + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier()); + throw new EIDASAuthnRequestProcessingException("eIDAS.06", new Object[]{e.getMessage()}, e); - } + } } public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response, IRequest pendingReq) throws Throwable { -- cgit v1.2.3