From 642ec4805453c5a85fc53f8bf9a7b6f886f03cb1 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 6 Sep 2013 11:59:19 +0200 Subject: MOA-ID Proxy updated to Version 2.0 insert "errorRedirectURL" parameter to proxy configuration if an error occurs, the user is redirected to this error page --- .../schemas/MOA-ID-Configuration-1.5.2.xsd | 1 + .../moa/id/config/ConnectionParameter.java | 2 +- .../moa/id/config/auth/AuthConfigLoader.java | 2 +- .../moa/id/config/legacy/ConnectionParameter.java | 4 +- .../moa/id/config/proxy/OAProxyParameter.java | 18 +++++ .../id/config/proxy/ProxyConfigurationBuilder.java | 7 +- .../config/proxy/ProxyConfigurationProvider.java | 26 +++++++ .../moa/id/data/AuthenticationData.java | 19 ++--- .../id/proxy/LoginParameterResolverFactory.java | 2 +- .../moa/id/proxy/MOAIDProxyInitializer.java | 10 +-- .../proxy/invoke/GetAuthenticationDataInvoker.java | 78 +++++++++++-------- .../parser/AuthenticationDataAssertionParser.java | 5 +- .../moa/id/proxy/servlet/ProxyServlet.java | 88 ++++++++++++++++++---- .../at/gv/egovernment/moa/id/util/SSLUtils.java | 3 +- .../resources/properties/id_messages_de.properties | 3 +- id/server/proxy/pom.xml | 3 +- 16 files changed, 197 insertions(+), 74 deletions(-) diff --git a/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.2.xsd b/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.2.xsd index 147066241..ed0c83fc3 100644 --- a/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.2.xsd +++ b/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.2.xsd @@ -510,6 +510,7 @@ + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java index b358a31c9..edde15ea0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java @@ -4,7 +4,7 @@ import java.util.Properties; import at.gv.egovernment.moa.id.commons.db.dao.config.ConnectionParameterClientAuthType; -public abstract class ConnectionParameter { +public abstract class ConnectionParameter implements ConnectionParameterInterface{ protected static final String PROP_IDENTIFIER_KEYSTORE = "clientKeyStore"; protected static final String PROP_IDENTIFIER_KEYSTOREPASSWORD = "clientKeyStorePassword"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigLoader.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigLoader.java index 56105e64d..4f4ddeb6c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigLoader.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigLoader.java @@ -29,7 +29,7 @@ public class AuthConfigLoader implements Runnable { instance.reloadDataBaseConfig(); date = dbdate; } - } catch (Exception e) { + } catch (Throwable e) { Logger.warn("MOA-ID Configuration is actually not loadable. Reuse old configuration.", e); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConnectionParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConnectionParameter.java index 455fde9bf..c7299975e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConnectionParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConnectionParameter.java @@ -24,6 +24,8 @@ package at.gv.egovernment.moa.id.config.legacy; +import at.gv.egovernment.moa.id.config.ConnectionParameterInterface; + /** * This bean class is used to store data for various connectionParameter * within the MOA-ID configuration @@ -31,7 +33,7 @@ package at.gv.egovernment.moa.id.config.legacy; * @author Stefan Knirsch * @version $Id$ */ -public class ConnectionParameter { +public class ConnectionParameter implements ConnectionParameterInterface{ /** * Server URL diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java index d14d570ab..6f7434cbc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java @@ -76,6 +76,8 @@ public class OAProxyParameter extends OAParameter { */ private OAConfiguration oaConfiguration; + private String errorRedirctURL; + /** * Returns the configFileURL. @@ -205,4 +207,20 @@ public class OAProxyParameter extends OAParameter { this.oaConfiguration = oaConfiguration; } +/** + * @return the errorRedirctURL + */ +public String getErrorRedirctURL() { + return errorRedirctURL; +} + +/** + * @param errorRedirctURL the errorRedirctURL to set + */ +public void setErrorRedirctURL(String errorRedirctURL) { + this.errorRedirctURL = errorRedirctURL; +} + + + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java index 094e7162e..d495846b6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java @@ -69,8 +69,10 @@ public class ProxyConfigurationBuilder extends ConfigurationBuilder { private static final String OA_PROXY_LOGIN_PARA_XPATH = CONF + "ProxyComponent/@loginParameterResolverImpl"; /** an XPATH-Expression */ private static final String OA_PROXY_LOGIN_PARA_CONF_XPATH = CONF + "ProxyComponent/@loginParameterResolverConfiguration"; - /** an XPATH-Expression */ + private static final String OA_PROXY_CONNECTION_BUILDER_XPATH = CONF + "ProxyComponent/@connectionBuilderImpl"; + /** an XPATH-Expression */ + private static final String OA_PROXY_ERROR_REDIRECT_URL_XPATH = CONF + "ProxyComponent/@errorRedirectURL"; /** an XPATH-Expression */ protected static final String OACONF_LOGIN_TYPE_XPATH = ROOTOA + CONF + "LoginType"; @@ -201,7 +203,8 @@ public class ProxyConfigurationBuilder extends ConfigurationBuilder { oap.setLoginParameterResolverConfiguration(XPathUtils.getAttributeValue(oAElem, OA_PROXY_LOGIN_PARA_CONF_XPATH, null)); oap.setLoginParameterResolverConfiguration(FileUtils.makeAbsoluteURL(oap.getLoginParameterResolverConfiguration(), rootConfigFileDir_)); oap.setConnectionBuilderImpl(XPathUtils.getAttributeValue(oAElem,OA_PROXY_CONNECTION_BUILDER_XPATH, null)); - + oap.setErrorRedirctURL(XPathUtils.getAttributeValue(oAElem,OA_PROXY_ERROR_REDIRECT_URL_XPATH, null)); + ConnectionParameter conPara = buildConnectionParameter(proxyComponentElem); oap.setConnectionParameter(conPara); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java index 1c9c1caa8..ac9a3ed3f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java @@ -173,6 +173,32 @@ public class ProxyConfigurationProvider extends ConfigurationProvider { } } + public String getTrustedCACertificates() { + + return trustedCACertificates; + } + + /** + * @return the certstoreDirectory + */ + public String getCertstoreDirectory() { + if (genericConfiguration.containsKey(ConfigurationProvider.DIRECTORY_CERTSTORE_PARAMETER_PROPERTY)) + return (String)genericConfiguration.get(ConfigurationProvider.DIRECTORY_CERTSTORE_PARAMETER_PROPERTY); + else + return null; + } + + /** + * @return the trustmanagerrevoationchecking + */ + public boolean isTrustmanagerrevoationchecking() { + if (genericConfiguration.containsKey(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING)) + return Boolean.valueOf((String)genericConfiguration.get(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING)); + else + return true; + } + + /** * Return a bean containing all information about the ProxyComponent * @return The ConnectionParameter for the Proxy Component diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java index 4bbd221a5..e18981032 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java @@ -130,6 +130,15 @@ public class AuthenticationData implements Serializable { */ Date timestamp; + + + //this method is only required for MOA-ID Proxy 2.0 Release. + //TODO: remove it, if MOA-ID Proxy is not supported anymore. + public String getWBPK() { + return bPK; + } + + /** * Constructor for AuthenticationData. */ @@ -176,15 +185,7 @@ public class AuthenticationData implements Serializable { public String getBPK() { return bPK; } - -// /** -// * Returns the wbPK. -// * @return String the wbPK. -// */ -// public String getWBPK() { -// return wbPK; -// } - + /** * Returns useUTC * @return useUTC diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java index bb6b0a476..be8768845 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java @@ -69,7 +69,7 @@ public class LoginParameterResolverFactory { if (className != null) { try { Class lprClass = Class.forName(className); - LoginParameterResolver lpr = (LoginParameterResolver)Class.forName(className).newInstance(); + LoginParameterResolver lpr = (LoginParameterResolver)Class.forName(className).newInstance(); Class[] argumentTypes = { String.class, Boolean.class }; Method confMethod = lprClass.getMethod( "configure", argumentTypes ); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java index e075c99ef..df19956e7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java @@ -91,10 +91,8 @@ public class MOAIDProxyInitializer { ConnectionParameter connParamAuth = proxyConf.getAuthComponentConnectionParameter(); if (connParamAuth!=null) { if (connParamAuth.isHTTPSURL()) { - - //TODO: einkommentieren!!!! - //SSLSocketFactory ssf = SSLUtils.getSSLSocketFactory(proxyConf, connParamAuth); - //AxisSecureSocketFactory.initialize(ssf); + SSLSocketFactory ssf = SSLUtils.getSSLSocketFactory(proxyConf, connParamAuth); + AxisSecureSocketFactory.initialize(ssf); } } else { throw new ConfigurationException("config.16", null); @@ -107,9 +105,7 @@ public class MOAIDProxyInitializer { OAProxyParameter oaParam = oaParams[i]; ConnectionParameter oaConnParam = oaParam.getConnectionParameter(); if (oaConnParam.isHTTPSURL()); - - //TODO: einkommentieren!!!! - //SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam); + SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam); } // Initializes the ConnectionBuilderFactory from configuration data diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java index 6cb7ffdfc..e87d9d1c0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java @@ -38,6 +38,7 @@ import org.w3c.dom.Element; import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.ParseException; import at.gv.egovernment.moa.id.ServiceException; import at.gv.egovernment.moa.id.config.ConfigurationException; @@ -49,6 +50,7 @@ import at.gv.egovernment.moa.id.proxy.builder.SAMLRequestBuilder; import at.gv.egovernment.moa.id.proxy.parser.SAMLResponseParser; import at.gv.egovernment.moa.id.proxy.servlet.ProxyException; import at.gv.egovernment.moa.id.util.Random; +import at.gv.egovernment.moa.logging.Logger; /** * Invoker of @@ -81,49 +83,63 @@ public class GetAuthenticationDataInvoker { * either via API call or via web service call. * @param samlArtifact SAML artifact to be used as a parameter * @return AuthenticationData + * @throws MOAIDException */ public AuthenticationData getAuthenticationData(String samlArtifact) - throws ConfigurationException, ProxyException, BuildException, ServiceException, ParseException, AuthenticationException { + throws MOAIDException { ConnectionParameter authConnParam = ProxyConfigurationProvider.getInstance().getAuthComponentConnectionParameter(); - if (authConnParam == null) { - try { - if (apiServer == null) { - Class serverClass = Class.forName("at.gv.egovernment.moa.id.auth.AuthenticationServer"); - Method getInstanceMethod = serverClass.getMethod("getInstance", (Class[]) null); - apiServer = getInstanceMethod.invoke(null, (Object[]) null); - apiMethod = serverClass.getMethod( - "getAuthenticationData", new Class[] {String.class}); - } - AuthenticationData authData = (AuthenticationData)apiMethod.invoke(apiServer, new Object[] {samlArtifact}); - return authData; - } - catch (InvocationTargetException ex) { - Throwable targetEx = ex.getTargetException(); - if (targetEx instanceof AuthenticationException) - throw (AuthenticationException) targetEx; - else - throw new ProxyException("proxy.09", new Object[] {targetEx.toString()}); - } - catch (Throwable ex) { - throw new ProxyException("proxy.09", new Object[] {ex.toString()}); - } - } - else { + + //Removed for MOA-ID 2.x +// if (authConnParam == null) { +// try { +// if (apiServer == null) { +// Class serverClass = Class.forName("at.gv.egovernment.moa.id.auth.AuthenticationServer"); +// Method getInstanceMethod = serverClass.getMethod("getInstance", (Class[]) null); +// apiServer = getInstanceMethod.invoke(null, (Object[]) null); +// apiMethod = serverClass.getMethod( +// "getAuthenticationData", new Class[] {String.class}); +// } +// AuthenticationData authData = (AuthenticationData)apiMethod.invoke(apiServer, new Object[] {samlArtifact}); +// return authData; +// } +// catch (InvocationTargetException ex) { +// Throwable targetEx = ex.getTargetException(); +// if (targetEx instanceof AuthenticationException) +// throw (AuthenticationException) targetEx; +// else +// throw new ProxyException("proxy.09", new Object[] {targetEx.toString()}); +// } +// catch (Throwable ex) { +// throw new ProxyException("proxy.09", new Object[] {ex.toString()}); +// } +// } +// else { Element samlpRequest = new SAMLRequestBuilder().build(Random.nextRandom(), samlArtifact); Element samlpResponse = getAuthenticationData(samlpRequest); SAMLResponseParser srp = new SAMLResponseParser(samlpResponse); SAMLStatus status = srp.parseStatusCode(); if (! "samlp:Success".equals(status.getStatusCode())) { - // on error status throw exception - String code = status.getStatusCode(); - if (status.getSubStatusCode() != null && status.getSubStatusCode().length() > 0) - code += "(" + status.getSubStatusCode() + ")"; - throw new ServiceException("service.02", new Object[] {code, status.getStatusMessage()}); + if ("samlp:Responder".equals(status.getStatusCode())) { + Logger.info("MOA-ID authentication process failed."); + String code = status.getStatusCode(); + if (status.getSubStatusCode() != null && status.getSubStatusCode().length() > 0) + code += "(" + status.getSubStatusCode() + ")"; + + throw new MOAIDException("proxy.17", new Object[] {status.getStatusMessage()}); + + } else { + // on error status throw exception + String code = status.getStatusCode(); + if (status.getSubStatusCode() != null && status.getSubStatusCode().length() > 0) + code += "(" + status.getSubStatusCode() + ")"; + + throw new ServiceException("service.02", new Object[] {code, status.getStatusMessage()}); + } } return srp.parseAuthenticationData(); - } +// } } /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java index 1589f1440..0f3f4b692 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java @@ -144,11 +144,10 @@ public class AuthenticationDataAssertionParser implements Constants { XPathUtils.getAttributeValue(samlAssertion, ISSUE_INSTANT_XPATH, "")); String pkValue = XPathUtils.getElementValue(samlAssertion, PK_XPATH, ""); - - //TODO: set pBK and Type if (XPathUtils.getAttributeValue(samlAssertion, NAME_QUALIFIER_XPATH, "").equalsIgnoreCase(URN_PREFIX_BPK)) { //bPK - authData.setBPK(Constants.URN_PREFIX_BPK); + authData.setBPK(pkValue); + authData.setBPKType(Constants.URN_PREFIX_BPK); } else { //wbPK diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java index ddaab7a28..f3f6c55c1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java @@ -30,6 +30,7 @@ import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; import java.io.StringWriter; +import java.io.UnsupportedEncodingException; import java.net.HttpURLConnection; import java.util.Enumeration; import java.util.HashMap; @@ -54,6 +55,7 @@ import at.gv.egovernment.moa.id.BuildException; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.ParseException; import at.gv.egovernment.moa.id.ServiceException; +import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter; import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; @@ -72,6 +74,8 @@ import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.MiscUtil; +import at.gv.egovernment.moa.util.URLEncoder; /** * Servlet requested for logging in at an online application, @@ -88,6 +92,8 @@ public class ProxyServlet extends HttpServlet { private static final String PARAM_TARGET = "Target"; /** Name of the Parameter for the SAMLArtifact */ private static final String PARAM_SAMLARTIFACT = "SAMLArtifact"; + /** Name of the Parameter for the ErrorMessage */ + private static final String PARAM_ERRORMASSAGE = "error"; /** Name of the Attribute for marking the session as authenticated*/ private static final String ATT_AUTHDATAFETCHED = "AuthDataFetched"; @@ -191,6 +197,13 @@ public class ProxyServlet extends HttpServlet { if (session.getAttribute(ATT_BROWSERREQU)==null) { + // read configuration data + ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.getInstance(); + OAProxyParameter oaParam = proxyConf.getOnlineApplicationParameter(urlRequested); + if (oaParam == null) { + throw new ProxyException("proxy.02", new Object[] { urlRequested }); + } + samlArtifact = req.getParameter(PARAM_SAMLARTIFACT); Logger.debug("moa-id-proxy login " + PARAM_SAMLARTIFACT + ": " + samlArtifact); // String target = req.getParameter(PARAM_TARGET); parameter given but not processed @@ -200,19 +213,26 @@ public class ProxyServlet extends HttpServlet { AuthenticationData authData; try { authData = new GetAuthenticationDataInvoker().getAuthenticationData(samlArtifact); + } catch (ServiceException ex) { - throw new ProxyException("proxy.14", new Object[] {ex.getMessage()}, ex); + throw new ProxyException("proxy.14", new Object[] {ex.getMessage()}, ex); + } catch (ProxyException ex) { throw new ProxyException("proxy.14", new Object[] {ex.getMessage()}, ex); - } + + } catch (MOAIDException ex) { + String errorURL = oaParam.getErrorRedirctURL(); + if (MiscUtil.isNotEmpty(errorURL)) { + generateErrorAndRedirct(resp, errorURL, ex.getMessage()); + return; + + } else { + Logger.info("No ErrorRedirectURL defined. The error is shown on MOA-ID Proxy errorpage."); + throw new ProxyException("proxy.14", new Object[] {ex.getMessage()}, ex); + } + } session.setAttribute(ATT_AUTHDATAFETCHED, "true"); - - // read configuration data - ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.getInstance(); - OAProxyParameter oaParam = proxyConf.getOnlineApplicationParameter(urlRequested); - if (oaParam == null) { - throw new ProxyException("proxy.02", new Object[] { urlRequested }); - } + publicURLPrefix = oaParam.getPublicURLPrefix(); Logger.debug("OA: " + publicURLPrefix); oaConf = oaParam.getOaConfiguration(); @@ -257,17 +277,32 @@ public class ProxyServlet extends HttpServlet { loginHeaders.remove("param3"); } } catch (LoginParameterResolverException ex) { - throw new ProxyException("proxy.13", new Object[] { publicURLPrefix }); + String errorURL = oaParam.getErrorRedirctURL(); + if (MiscUtil.isNotEmpty(errorURL)) { + generateErrorAndRedirct(resp, errorURL, + MOAIDMessageProvider.getInstance().getMessage("proxy.13", + new Object[] { publicURLPrefix })); + return; + + } else + throw new ProxyException("proxy.13", new Object[] { publicURLPrefix }); + } catch (NotAllowedException e) { - throw new ProxyException("proxy.15", new Object[] { }); + String errorURL = oaParam.getErrorRedirctURL(); + if (MiscUtil.isNotEmpty(errorURL)) { + generateErrorAndRedirct(resp, errorURL, + MOAIDMessageProvider.getInstance().getMessage("proxy.15", + new Object[] { })); + return; + + } else + throw new ProxyException("proxy.15", new Object[] { }); } // setup SSLSocketFactory for communication with the online application if (oaConnParam.isHTTPSURL()) { - try { - - //TODO: einkommentieren!!!! - //ssf = SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam); + try { + ssf = SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam); } catch (Throwable ex) { throw new ProxyException( "proxy.05", @@ -923,5 +958,28 @@ private static void copyStream(InputStream source, OutputStream destination, byt } } +private static void generateErrorAndRedirct(HttpServletResponse resp, String errorURL, String message) { + try { + errorURL = addURLParameter(errorURL, PARAM_ERRORMASSAGE, + URLEncoder.encode(message, "UTF-8")); + + } catch (UnsupportedEncodingException e) { + errorURL = addURLParameter(errorURL, PARAM_ERRORMASSAGE, "Fehlermeldung%20konnte%20nicht%20%C3%BCbertragen%20werden."); + } + + errorURL = resp.encodeRedirectURL(errorURL); + resp.setContentType("text/html"); + resp.setStatus(302); + resp.addHeader("Location", errorURL); +} + +protected static String addURLParameter(String url, String paramname, + String paramvalue) { + String param = paramname + "=" + paramvalue; + if (url.indexOf("?") < 0) + return url + "?" + param; + else + return url + "&" + param; +} } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java index a6619fc11..0130046de 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java @@ -55,6 +55,7 @@ import org.apache.regexp.RESyntaxException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConfigurationProvider; import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.ConnectionParameterInterface; import at.gv.egovernment.moa.id.iaik.config.PKIConfigurationImpl; import at.gv.egovernment.moa.id.iaik.pki.PKIProfileImpl; import at.gv.egovernment.moa.id.iaik.pki.jsse.MOAIDTrustManager; @@ -106,7 +107,7 @@ public class SSLUtils { */ public static SSLSocketFactory getSSLSocketFactory( ConfigurationProvider conf, - ConnectionParameter connParam) + ConnectionParameterInterface connParam) throws IOException, GeneralSecurityException, ConfigurationException, PKIException { Logger.debug("Get SSLSocketFactory for " + connParam.getUrl()); diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index 41c3cf6fe..9b945952d 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -108,8 +108,9 @@ proxy.11=Beim Weiterleiten der Verbindung zur Anwendung ist ein Fehler aufgetret proxy.12=Fehler bei der Anmeldung.
Eine Anmeldung an der Anwendung {0} war nicht möglich.
Prüfen Sie bitte ihre Berechtigung. proxy.13=Fehler beim Aufruf des LoginParameterResolvers zu URL-Pr\uFFFDfix\: {0} proxy.14=

Folgende Ursachen k\u00F6nnen zu dem Fehler gef\u00FChrt haben\:

  1. Sie sind nicht mehr angemeldet (Verbindungen werden aus Sicherheitsgr\u00FCnden bei l\u00E4ngerer Inaktivit\u00E4t beendet.)
    Melden Sie sich bitte erneut an.
  2. Die Kommunikation mit dem Server schlug fehl.
-proxy.15=Auf die gew\u00FCnschte Seite kann nicht zugegriffen werden, Sie besitzen nicht die ben?tigte Berechtigung. +proxy.15=Auf die gew\u00FCnschte Seite kann nicht zugegriffen werden, Sie besitzen nicht die benötigte Berechtigung. proxy.16=Fehler bei der Anmeldung.
Eine Anmeldung an der Anwendung {0} war nicht möglich. Die maximale Anzahl von {1} ungültigen Loginversuchen wurde überschritten.
Prüfen Sie bitte ihre Berechtigung. +proxy.17=Bei der Anmeldung an MOA-ID ist ein Fehler aufgetreten: {0} validator.00=Kein SAML:Assertion Objekt gefunden {0} validator.01=Im Subject kommt mehr als ein Element des Typs PhysicalPersonType vor {0} diff --git a/id/server/proxy/pom.xml b/id/server/proxy/pom.xml index ca91c6139..3cf7a3316 100644 --- a/id/server/proxy/pom.xml +++ b/id/server/proxy/pom.xml @@ -13,7 +13,7 @@ MOA.id.server moa-id-proxy war - 1.5.2 + 1.9.90-SNAPSHOT MOA ID-Proxy WebService @@ -63,6 +63,7 @@ MOA.id.server moa-id-lib + 1.9.90-SNAPSHOT -- cgit v1.2.3