From 3d8670eaeda9bc6898a7658a9dd7c954d40b435d Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 28 Mar 2014 14:08:29 +0100 Subject: parse inputparameter -> catch all exceptions --- .../gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java index 10a41c487..407e33978 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java @@ -142,7 +142,8 @@ public class VerifyIdentityLinkServlet extends AuthServlet { try { parameters = getParameters(req); - } catch (FileUploadException e) + + } catch (Exception e) { Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); throw new IOException(e.getMessage()); -- cgit v1.2.3 From 8cb4ecdf1f2e120e4dcf3c1a4101206250028444 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 31 Mar 2014 07:48:47 +0200 Subject: Allow only redirect to OAs from OA configuration --- .../moa/id/auth/servlet/LogOutServlet.java | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java index 84732d4ce..a11601daa 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java @@ -54,6 +54,9 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.moduls.AuthenticationManager; import at.gv.egovernment.moa.id.moduls.RequestStorage; @@ -86,6 +89,16 @@ public class LogOutServlet extends AuthServlet { //set default redirect Target Logger.debug("Set default RedirectURL back to MOA-ID-Auth"); redirectUrl = AuthConfigurationProvider.getInstance().getPublicURLPrefix(); + + } else { + //return an error if RedirectURL is not a active Online-Applikation + OnlineApplication oa = ConfigurationDBRead.getActiveOnlineApplication(redirectUrl); + if (oa == null) { + resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Parameters not valid"); + return; + + } + } if (ssomanager.isValidSSOSession(ssoid, req)) { @@ -108,7 +121,12 @@ public class LogOutServlet extends AuthServlet { ssomanager.deleteSSOSessionID(req, resp); } catch (Exception e) { - Logger.warn(LogOutServlet.class.getName() + " has an LogOut Error. Redirect to Applikation " + redirectUrl, e); + resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Request not allowed."); + return; + + } finally { + ConfigurationDBUtils.closeSession(); + } //Redirect to Application -- cgit v1.2.3 From 6b6d22483ae1291e2c97bad9ab67c9d817247d08 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 31 Mar 2014 08:48:29 +0200 Subject: Add additional log messages --- .../moa/id/storage/AuthenticationSessionStoreage.java | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java index 393b80d04..e6efa0256 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java @@ -119,7 +119,7 @@ public class AuthenticationSessionStoreage { dbsession.setUpdated(new Date()); MOASessionDBUtils.saveOrUpdate(dbsession); - Logger.info("MOASession with sessionID=" + session.getSessionID() + " is stored in Database"); + Logger.debug("MOASession with sessionID=" + session.getSessionID() + " is stored in Database"); } catch (MOADatabaseException e) { Logger.warn("MOASession could not be stored."); @@ -144,7 +144,7 @@ public class AuthenticationSessionStoreage { dbsession.setUpdated(new Date()); MOASessionDBUtils.saveOrUpdate(dbsession); - Logger.info("MOASession with sessionID=" + session.getSessionID() + " is stored in Database"); + Logger.debug("MOASession with sessionID=" + session.getSessionID() + " is stored in Database"); } catch (MOADatabaseException e) { Logger.warn("MOASession could not be stored."); @@ -191,6 +191,10 @@ public class AuthenticationSessionStoreage { AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID()); String id = Random.nextRandom(); + + Logger.debug("Change SessionID from " + session.getSessionID() + + "to " + id); + session.setSessionID(id); dbsession.setSessionid(id); @@ -207,6 +211,8 @@ public class AuthenticationSessionStoreage { MOASessionDBUtils.saveOrUpdate(dbsession); + Logger.trace("Change SessionID complete."); + return id; } catch (MOADatabaseException e) { @@ -225,6 +231,8 @@ public class AuthenticationSessionStoreage { Session session = MOASessionDBUtils.getCurrentSession(); List result; + Logger.trace("Add SSO information to session " + moaSessionID); + synchronized (session) { tx = session.beginTransaction(); -- cgit v1.2.3 From 1dcf1c30e542cc4aa7791e7e429700bef207a565 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 31 Mar 2014 10:52:58 +0200 Subject: Add additional error handling and logging --- .../moa/id/auth/servlet/GenerateIFrameTemplateServlet.java | 6 +++++- .../egovernment/moa/id/auth/servlet/GetForeignIDServlet.java | 11 ++++++----- .../moa/id/auth/servlet/GetMISSessionIDServlet.java | 11 +++++++++-- .../egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java | 7 ++++++- .../moa/id/auth/servlet/SSOSendAssertionServlet.java | 8 +++++++- .../moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java | 9 ++++++++- .../moa/id/auth/servlet/VerifyCertificateServlet.java | 5 ++++- .../moa/id/auth/servlet/VerifyIdentityLinkServlet.java | 10 ++++++---- 8 files changed, 51 insertions(+), 16 deletions(-) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java index 0a0355bd7..6f30e98df 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java @@ -187,8 +187,12 @@ public class GenerateIFrameTemplateServlet extends AuthServlet { catch (MOAIDException ex) { handleError(null, ex, req, resp, pendingRequestID); + + } catch (Exception e) { + Logger.error("BKUSelectionServlet has an interal Error.", e); + } - + finally { ConfigurationDBUtils.closeSession(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java index e9afb2e68..17dd9e343 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java @@ -260,11 +260,12 @@ public class GetForeignIDServlet extends AuthServlet { } catch (MOAIDException ex) { - handleError(null, ex, req, resp, pendingRequestID); - } catch (Exception e1) { - // TODO Auto-generated catch block - e1.printStackTrace(); - } + handleError(null, ex, req, resp, pendingRequestID); + + } catch (Exception e) { + Logger.error("GetForeignIDServlet has an interal Error.", e); + + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java index 5733cee85..a776bbe9a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java @@ -246,16 +246,23 @@ public class GetMISSessionIDServlet extends AuthServlet { } catch (MOAIDException ex) { handleError(null, ex, req, resp, pendingRequestID); + } catch (GeneralSecurityException ex) { handleError(null, ex, req, resp, pendingRequestID); + } catch (PKIException e) { handleError(null, e, req, resp, pendingRequestID); + } catch (SAXException e) { handleError(null, e, req, resp, pendingRequestID); + } catch (ParserConfigurationException e) { handleError(null, e, req, resp, pendingRequestID); - } - + + } catch (Exception e) { + Logger.error("MISMandateValidation has an interal Error.", e); + + } finally { ConfigurationDBUtils.closeSession(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index 328a441cd..d6db64a85 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -384,9 +384,14 @@ public class PEPSConnectorServlet extends AuthServlet { } catch (AuthenticationException e) { handleError(null, e, request, response, pendingRequestID); + } catch (MOAIDException e) { handleError(null, e, request, response, pendingRequestID); - } + + } catch (Exception e) { + Logger.error("PEPSConnector has an interal Error.", e); + } + finally { ConfigurationDBUtils.closeSession(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java index 6fa7b56c6..997241822 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java @@ -150,11 +150,17 @@ public class SSOSendAssertionServlet extends AuthServlet{ } catch (MOADatabaseException e) { handleError("SSO Session is not found", e, req, resp, id); + } catch (WrongParametersException e) { handleError("Parameter is not valid", e, req, resp, id); + } catch (AuthenticationException e) { handleError(e.getMessage(), e, req, resp, id); - } + + } catch (Exception e) { + Logger.error("SSOSendAssertion has an interal Error.", e); + } + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java index 2b46c8ff2..787dc6f10 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java @@ -303,13 +303,20 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { catch (MOAIDException ex) { handleError(null, ex, req, resp, pendingRequestID); + } catch (GeneralSecurityException e) { handleError(null, e, req, resp, pendingRequestID); + } catch (PKIException e) { handleError(null, e, req, resp, pendingRequestID); + } catch (TransformerException e) { handleError(null, e, req, resp, pendingRequestID); - } + + } catch (Exception e) { + Logger.error("AuthBlockValidation has an interal Error.", e); + } + finally { ConfigurationDBUtils.closeSession(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java index fddd0d6b9..a3397f561 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java @@ -215,9 +215,12 @@ public class VerifyCertificateServlet extends AuthServlet { } } catch (MOAIDException ex) { - handleError(null, ex, req, resp, pendingRequestID); + + } catch (Exception e) { + Logger.error("CertificateValidation has an interal Error.", e); } + finally { ConfigurationDBUtils.closeSession(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java index 407e33978..3b503f07b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java @@ -260,12 +260,14 @@ public class VerifyIdentityLinkServlet extends AuthServlet { } catch (ParseException ex) { handleError(null, ex, req, resp, pendingRequestID); - } - - catch (MOAIDException ex) { + + } catch (MOAIDException ex) { handleError(null, ex, req, resp, pendingRequestID); + + } catch (Exception e) { + Logger.error("IdentityLinkValidation has an interal Error.", e); } - + finally { ConfigurationDBUtils.closeSession(); } -- cgit v1.2.3 From 492556d1b71d63b7d44a31d2f32cc424a3cc5400 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 31 Mar 2014 11:11:50 +0200 Subject: set default redirectTarget --- .../java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java index 671151bbe..00acdc540 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java @@ -70,7 +70,9 @@ public class RedirectServlet extends AuthServlet{ } else { try { - redirectTarget = oa.getAuthComponentOA().getTemplates().getBKUSelectionCustomization().getAppletRedirectTarget(); + String test = oa.getAuthComponentOA().getTemplates().getBKUSelectionCustomization().getAppletRedirectTarget(); + if (MiscUtil.isNotEmpty(test)) + redirectTarget = test; } catch (Exception e) { Logger.debug("Use default redirectTarget."); -- cgit v1.2.3 From 70bdabb832f10bc10acfe96410d5530d0c601a53 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 31 Mar 2014 11:16:11 +0200 Subject: remove OA specific AuthBlockTransformation --- .../java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index a8c4daad7..45867c4e5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -571,11 +571,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { String authBlock = buildAuthenticationBlock(session, oaParam); // builds the - List transformsInfos = oaParam.getTransformsInfos(); - if ((transformsInfos == null) || (transformsInfos.size() == 0)) { - // no OA specific transforms specified, use default ones - transformsInfos = authConf.getTransformsInfos(); - } + List transformsInfos = authConf.getTransformsInfos(); + String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder() .build(authBlock, oaParam.getKeyBoxIdentifier(), transformsInfos); -- cgit v1.2.3 From 578f88516c9b2b3d61d19cd82a821b9c85a573d1 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 31 Mar 2014 13:06:30 +0200 Subject: redirect to MOA-ID-Auth if redirectURL is not valid. --- .../java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java index a11601daa..fc4ec305d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java @@ -94,8 +94,8 @@ public class LogOutServlet extends AuthServlet { //return an error if RedirectURL is not a active Online-Applikation OnlineApplication oa = ConfigurationDBRead.getActiveOnlineApplication(redirectUrl); if (oa == null) { - resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Parameters not valid"); - return; + Logger.info("RedirctURL does not match to OA configuration. Set default RedirectURL back to MOA-ID-Auth"); + redirectUrl = AuthConfigurationProvider.getInstance().getPublicURLPrefix(); } -- cgit v1.2.3 From e5d84e80b836ed0939e1546300d75fd93b637d8b Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 31 Mar 2014 13:08:02 +0200 Subject: update Hibernate, JPA and mySQL libraries --- id/server/moa-id-commons/pom.xml | 18 +++++++++++------- .../moa/id/commons/db/MOASessionDBUtils.java | 7 ++++++- .../moa/id/commons/db/StatisticLogDBUtils.java | 7 ++++++- 3 files changed, 23 insertions(+), 9 deletions(-) diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml index 0ddf06259..e494033a0 100644 --- a/id/server/moa-id-commons/pom.xml +++ b/id/server/moa-id-commons/pom.xml @@ -21,23 +21,23 @@ org.hibernate hibernate-core - 4.2.1.Final + 4.3.4.Final org.hibernate hibernate-c3p0 - 4.2.1.Final + 4.3.4.Final org.hibernate hibernate-entitymanager - 4.2.1.Final + 4.3.4.Final org.apache.commons commons-lang3 - 3.1 + 3.3.1 MOA @@ -53,8 +53,8 @@ org.hibernate.javax.persistence - hibernate-jpa-2.0-api - 1.0.1.Final + hibernate-jpa-2.1-api + 1.0.0.Final @@ -71,12 +71,16 @@ org.slf4j slf4j-log4j12 + + org.hibernate.javax.persistence + hibernate-jpa-2.0-api + mysql mysql-connector-java - 5.1.25 + 5.1.29 diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/MOASessionDBUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/MOASessionDBUtils.java index 0065f2242..76215528d 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/MOASessionDBUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/MOASessionDBUtils.java @@ -29,6 +29,7 @@ import org.hibernate.HibernateException; import org.hibernate.Session; import org.hibernate.SessionFactory; import org.hibernate.Transaction; +import org.hibernate.boot.registry.StandardServiceRegistryBuilder; import org.hibernate.cfg.Configuration; import org.hibernate.service.ServiceRegistry; import org.hibernate.service.ServiceRegistryBuilder; @@ -67,7 +68,11 @@ public final class MOASessionDBUtils { Logger.debug("Creating initial MOASession session factory..."); config.configure("hibernate_moasession.cfg.xml"); - serviceRegistry = new ServiceRegistryBuilder().applySettings(config.getProperties()).buildServiceRegistry(); + //serviceRegistry = new ServiceRegistryBuilder().applySettings(config.getProperties()).buildServiceRegistry(); + + serviceRegistry = new StandardServiceRegistryBuilder(). + applySettings(config.getProperties()).build(); + sessionFactory = config.buildSessionFactory(serviceRegistry); Logger.debug("Initial MOASession session factory successfully created."); diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/StatisticLogDBUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/StatisticLogDBUtils.java index fac653eb2..eac47f93f 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/StatisticLogDBUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/StatisticLogDBUtils.java @@ -29,6 +29,7 @@ import org.hibernate.HibernateException; import org.hibernate.Session; import org.hibernate.SessionFactory; import org.hibernate.Transaction; +import org.hibernate.boot.registry.StandardServiceRegistryBuilder; import org.hibernate.cfg.Configuration; import org.hibernate.service.ServiceRegistry; import org.hibernate.service.ServiceRegistryBuilder; @@ -67,7 +68,11 @@ public final class StatisticLogDBUtils { Logger.debug("Creating initial StatisicLogger session factory..."); config.configure("hibernate_statistic.cfg.xml"); - serviceRegistry = new ServiceRegistryBuilder().applySettings(config.getProperties()).buildServiceRegistry(); + //serviceRegistry = new ServiceRegistryBuilder().applySettings(config.getProperties()).buildServiceRegistry(); + + serviceRegistry = new StandardServiceRegistryBuilder(). + applySettings(config.getProperties()).build(); + sessionFactory = config.buildSessionFactory(serviceRegistry); Logger.debug("Initial StatisicLogger session factory successfully created."); -- cgit v1.2.3 From eeb3d0250cf5a873b67cb974d17913089fd9c925 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 31 Mar 2014 13:53:00 +0200 Subject: add ContentType to PEPS request --- .../main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 45867c4e5..1bb829bab 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1946,7 +1946,9 @@ public class AuthenticationServer implements MOAIDAuthConstants { StringWriter writer = new StringWriter(); template.merge(context, writer); + resp.setContentType("text/html;charset=UTF-8"); resp.getOutputStream().write(writer.toString().getBytes()); + } catch (Exception e) { Logger.error("Error sending STORK SAML AuthnRequest.", e); httpSession.invalidate(); -- cgit v1.2.3 From e243ae942d56cb4633bdc6fac9a9b502bd47e21f Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 31 Mar 2014 14:37:50 +0200 Subject: Update OpenSAML to 2.6.1 (XMLTooling-J/OpenSAML Java: XML eXternal Entity (XXE) flaw in ParserPool and Decrypter https://bugzilla.redhat.com/show_bug.cgi?id=1043332) --- id/server/stork2-saml-engine/pom.xml | 2 +- pom.xml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/id/server/stork2-saml-engine/pom.xml b/id/server/stork2-saml-engine/pom.xml index 305d131a8..9b294f6d6 100644 --- a/id/server/stork2-saml-engine/pom.xml +++ b/id/server/stork2-saml-engine/pom.xml @@ -17,7 +17,7 @@ 0.5.2 0.5.1 1.4.0 - 2.6.0 + 2.6.1 ${maven.build.timestamp} ${basedir}/../../../repository diff --git a/pom.xml b/pom.xml index 06908810c..f41da9e51 100644 --- a/pom.xml +++ b/pom.xml @@ -100,12 +100,12 @@ org.opensaml opensaml - 2.6.0 + 2.6.1 org.opensaml xmltooling - 1.4.0 + 1.4.1 -- cgit v1.2.3 From 24b55a1663ebb218f55b2ef443683c7328ceaef8 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 31 Mar 2014 14:54:08 +0200 Subject: update Jaxen to version 1.1.6 --- common/src/main/java/at/gv/egovernment/moa/util/XPathUtils.java | 3 ++- pom.xml | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/common/src/main/java/at/gv/egovernment/moa/util/XPathUtils.java b/common/src/main/java/at/gv/egovernment/moa/util/XPathUtils.java index 0dfccb034..89aeaf3d1 100644 --- a/common/src/main/java/at/gv/egovernment/moa/util/XPathUtils.java +++ b/common/src/main/java/at/gv/egovernment/moa/util/XPathUtils.java @@ -35,6 +35,7 @@ import org.w3c.dom.traversal.NodeIterator; import org.jaxen.JaxenException; import org.jaxen.NamespaceContext; +import org.jaxen.Navigator; import org.jaxen.SimpleNamespaceContext; import org.jaxen.dom.DOMXPath; import org.jaxen.dom.DocumentNavigator; @@ -55,7 +56,7 @@ public class XPathUtils { "(.//. | .//@* | .//namespace::*)"; /** The DocumentNavigator to use for navigating the document. */ - private static DocumentNavigator documentNavigator = + private static Navigator documentNavigator = DocumentNavigator.getInstance(); /** The default namespace prefix to namespace URI mappings. */ private static NamespaceContext NS_CONTEXT; diff --git a/pom.xml b/pom.xml index f41da9e51..c12743d20 100644 --- a/pom.xml +++ b/pom.xml @@ -136,7 +136,7 @@ jaxen jaxen - 1.0-FCS + 1.1.6 saxpath -- cgit v1.2.3