From d4a8d57e4cd10fc7e427f936983ae7c28aa6eab2 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 30 Jan 2014 15:03:56 +0100 Subject: add functionality for global authentication protocol activation/deactivation --- .../id/configuration/data/GeneralMOAIDConfig.java | 64 +++++++++++++++ .../struts/action/EditGeneralConfigAction.java | 19 +++++ .../main/resources/applicationResources.properties | 2 + id/ConfigWebTool/src/main/webapp/css/index.css | 23 ++++-- .../src/main/webapp/jsp/editMOAConfig.jsp | 28 ++++++- .../auth/exception/ProtocolNotActiveException.java | 44 +++++++++++ .../id/config/auth/AuthConfigurationProvider.java | 22 +++++- .../moa/id/config/auth/data/ProtocolAllowed.java | 91 ++++++++++++++++++++++ .../moa/id/entrypoints/DispatcherServlet.java | 18 ++++- .../oauth20/protocol/OAuth20Protocol.java | 9 +++ .../moa/id/protocols/pvp2x/PVP2XProtocol.java | 10 +++ .../moa/id/protocols/saml1/SAML1Protocol.java | 8 ++ .../resources/properties/id_messages_de.properties | 3 +- .../src/main/resources/config/moaid_config_2.0.xsd | 15 +++- 14 files changed, 339 insertions(+), 17 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ProtocolNotActiveException.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/ProtocolAllowed.java diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java index 4da4d3907..c6b9b984a 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java @@ -40,10 +40,12 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; import at.gv.egovernment.moa.id.commons.db.dao.config.LegacyAllowed; import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; import at.gv.egovernment.moa.id.commons.db.dao.config.MOASP; +import at.gv.egovernment.moa.id.commons.db.dao.config.OAuth; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineMandates; import at.gv.egovernment.moa.id.commons.db.dao.config.Organization; import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2; import at.gv.egovernment.moa.id.commons.db.dao.config.Protocols; +import at.gv.egovernment.moa.id.commons.db.dao.config.SAML1; import at.gv.egovernment.moa.id.commons.db.dao.config.SLRequestTemplates; import at.gv.egovernment.moa.id.commons.db.dao.config.SSO; import at.gv.egovernment.moa.id.commons.db.dao.config.STORK; @@ -81,6 +83,10 @@ public class GeneralMOAIDConfig { private String mandateURL = null; + private boolean protocolActiveSAML1 = false; + private boolean protocolActivePVP21 = true; + private boolean protocolActiveOAuth = true; + private boolean legacy_saml1 = false; private boolean legacy_pvp2 = false; @@ -205,8 +211,23 @@ public class GeneralMOAIDConfig { legacy_pvp2 = true; } + SAML1 saml1 = protocols.getSAML1(); + if (saml1 != null) { + protocolActiveSAML1 = saml1.isIsActive(); + + } + + OAuth oauth = protocols.getOAuth(); + if (oauth != null) { + protocolActiveOAuth = saml1.isIsActive(); + + } + PVP2 pvp2 = protocols.getPVP2(); if (pvp2 != null) { + + protocolActivePVP21 = pvp2.isIsActive(); + pvp2PublicUrlPrefix = pvp2.getPublicURLPrefix(); pvp2IssuerName = pvp2.getIssuerName(); @@ -850,6 +871,49 @@ public class GeneralMOAIDConfig { this.fileUploadFileName = new ArrayList(); this.fileUploadFileName.add(fileUploadFileName); } + + /** + * @return the protocolActiveSAML1 + */ + public boolean isProtocolActiveSAML1() { + return protocolActiveSAML1; + } + + /** + * @param protocolActiveSAML1 the protocolActiveSAML1 to set + */ + public void setProtocolActiveSAML1(boolean protocolActiveSAML1) { + this.protocolActiveSAML1 = protocolActiveSAML1; + } + + /** + * @return the protocolActivePVP21 + */ + public boolean isProtocolActivePVP21() { + return protocolActivePVP21; + } + + /** + * @param protocolActivePVP21 the protocolActivePVP21 to set + */ + public void setProtocolActivePVP21(boolean protocolActivePVP21) { + this.protocolActivePVP21 = protocolActivePVP21; + } + + /** + * @return the protocolActiveOAuth + */ + public boolean isProtocolActiveOAuth() { + return protocolActiveOAuth; + } + + /** + * @param protocolActiveOAuth the protocolActiveOAuth to set + */ + public void setProtocolActiveOAuth(boolean protocolActiveOAuth) { + this.protocolActiveOAuth = protocolActiveOAuth; + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java index f1a8c8694..362579c9f 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java @@ -53,10 +53,12 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.IdentityLinkSigners; import at.gv.egovernment.moa.id.commons.db.dao.config.LegacyAllowed; import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; import at.gv.egovernment.moa.id.commons.db.dao.config.MOASP; +import at.gv.egovernment.moa.id.commons.db.dao.config.OAuth; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineMandates; import at.gv.egovernment.moa.id.commons.db.dao.config.Organization; import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2; import at.gv.egovernment.moa.id.commons.db.dao.config.Protocols; +import at.gv.egovernment.moa.id.commons.db.dao.config.SAML1; import at.gv.egovernment.moa.id.commons.db.dao.config.SLRequestTemplates; import at.gv.egovernment.moa.id.commons.db.dao.config.SSO; import at.gv.egovernment.moa.id.commons.db.dao.config.STORK; @@ -271,11 +273,28 @@ public class EditGeneralConfigAction extends ActionSupport el.add(Constants.MOA_CONFIG_PROTOCOL_SAML1); legprot.setProtocolName(el); + SAML1 saml1= dbprotocols.getSAML1(); + if (saml1 == null) { + saml1 = new SAML1(); + dbprotocols.setSAML1(saml1); + } + saml1.setIsActive(moaconfig.isProtocolActiveSAML1()); + + OAuth oauth= dbprotocols.getOAuth(); + if (oauth == null) { + oauth = new OAuth(); + dbprotocols.setOAuth(oauth); + } + oauth.setIsActive(moaconfig.isProtocolActiveOAuth()); + PVP2 pvp2 = dbprotocols.getPVP2(); if (pvp2 == null) { pvp2 = new PVP2(); dbprotocols.setPVP2(pvp2); } + + pvp2.setIsActive(moaconfig.isProtocolActivePVP21()); + if (MiscUtil.isNotEmpty(moaconfig.getPvp2IssuerName())) pvp2.setIssuerName(moaconfig.getPvp2IssuerName()); if (MiscUtil.isNotEmpty(moaconfig.getPvp2PublicUrlPrefix())) diff --git a/id/ConfigWebTool/src/main/resources/applicationResources.properties b/id/ConfigWebTool/src/main/resources/applicationResources.properties index 456c37ff1..454175125 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources.properties @@ -124,9 +124,11 @@ webpages.moaconfig.sso.FriendlyName=SSO Service Name webpages.moaconfig.services.sso.Target=SSO Service Target webpages.moaconfig.services.sso.SpecialText=SSO AuthBlockText webpages.moaconfig.protocols.header=Protokolle +webpages.moaconfig.protocols.allowed.header=Protokolle aktivieren webpages.moaconfig.protocols.legacy.header=Legacy Modus aktivieren webpages.moaconfig.protocols.legacy.saml1=SAML1 webpages.moaconfig.protocols.legacy.pvp2=PVP2.1 +webpages.moaconfig.protocols.oauth=OpenID Connect webpages.moaconfig.protocols.pvp2.header=PVP2 Konfiguration webpages.moaconfig.protocols.pvp2.PublicUrlPrefix=PVP2 Service URL-Prefix webpages.moaconfig.protocols.pvp2.IssuerName=PVP Service Name diff --git a/id/ConfigWebTool/src/main/webapp/css/index.css b/id/ConfigWebTool/src/main/webapp/css/index.css index 14591f1dc..79f8b4e72 100644 --- a/id/ConfigWebTool/src/main/webapp/css/index.css +++ b/id/ConfigWebTool/src/main/webapp/css/index.css @@ -1,10 +1,14 @@ @CHARSET "UTF-8"; +body { + font-size: 1em; +} + #header_area { padding-bottom: 10px; background-color: #6FA5D4; display: block; - font-size: 20px; + font-size: 1.2em; /* margin-left: 25px; */ padding-top: 10px; padding-left: 25px; @@ -12,7 +16,7 @@ } #header_area>div { - font-size: 20px; + font-size: 1.2em; margin-left: 25px; padding-top: 8px; } @@ -69,7 +73,7 @@ .menu_element { margin-top: 15px; margin-bottom: 15px; - font-size: 20px; + font-size: 1.2em; display: block; /* background-color: red; */ background-color: #6FA5D4; @@ -96,7 +100,7 @@ } #message_area label { - font-size: 18px; + font-size: 1.1em; font-weight: bold; } @@ -105,7 +109,7 @@ } #error_area label{ - font-size: 18px; + font-size: 1.1em; font-weight: bold; } @@ -220,6 +224,11 @@ margin-left: 10px; } +#moageneral_active_protocol>.wwgrp { + float: left; + clear: none; +} + #moageneral_legacy_protocol>.wwgrp { clear: none; } @@ -318,7 +327,7 @@ div .wwgrp br { border-bottom-style: none; display: table-header-group; font-weight: bold; - font-size: 18px; + font-size: 1.1em; } .listFirst { @@ -371,7 +380,7 @@ div .wwgrp br { padding-left: 30px; position: relative; top: 15px; - font-size: 20px; + font-size: 1.2em; text-align: center; padding-top: 10px; border-radius: 3px; diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp index 05f4a1106..de2548535 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp @@ -228,7 +228,31 @@

<%=LanguageHelper.getGUIString("webpages.moaconfig.protocols.header", request) %>

- + +
+

<%=LanguageHelper.getGUIString("webpages.moaconfig.protocols.allowed.header", request) %>

+ + + + + + +
+ +
+

<%=LanguageHelper.getGUIString("webpages.moaconfig.protocols.legacy.header", request) %>

+
+

<%=LanguageHelper.getGUIString("webpages.moaconfig.protocols.pvp2.header", request) %>

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ProtocolNotActiveException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ProtocolNotActiveException.java new file mode 100644 index 000000000..fe2bcedca --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ProtocolNotActiveException.java @@ -0,0 +1,44 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.exception; + +/** + * @author tlenz + * + */ +public class ProtocolNotActiveException extends MOAIDException { + + /** + * + */ + private static final long serialVersionUID = 1832697083163940710L; + + /** + * @param messageId + * @param parameters + */ + public ProtocolNotActiveException(String messageId, Object[] parameters) { + super(messageId, parameters); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index 69a73215a..d1872b2bc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -105,6 +105,7 @@ import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.config.ConnectionParameterForeign; import at.gv.egovernment.moa.id.config.ConnectionParameterMOASP; import at.gv.egovernment.moa.id.config.ConnectionParameterMandate; +import at.gv.egovernment.moa.id.config.auth.data.ProtocolAllowed; import at.gv.egovernment.moa.id.config.legacy.BuildFromLegacyConfig; import at.gv.egovernment.moa.id.config.stork.STORKConfig; import at.gv.egovernment.moa.id.data.IssuerAndSerial; @@ -190,6 +191,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider { private static String alternativesourceid = null; private static List legacyallowedprotocols = new ArrayList(); + private static ProtocolAllowed allowedProtcols = null; private static VerifyAuthBlock verifyidl = null; @@ -246,6 +248,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider { return instance; } + /** * Constructor for AuthConfigurationProvider. * @param fileName @@ -515,8 +518,22 @@ public class AuthConfigurationProvider extends ConfigurationProvider { //set PVP2 general config Protocols protocols = auth.getProtocols(); if (protocols != null) { + + allowedProtcols = new ProtocolAllowed(); + + if (protocols.getSAML1() != null) { + allowedProtcols.setSAML1Active(protocols.getSAML1().isIsActive()); + } + + if (protocols.getOAuth() != null) { + allowedProtcols.setOAUTHActive(protocols.getOAuth().isIsActive()); + } + if (protocols.getPVP2() != null) { - PVP2 el = protocols.getPVP2();; + PVP2 el = protocols.getPVP2(); + + allowedProtcols.setPVP21Active(el.isIsActive()); + pvp2general = new PVP2(); pvp2general.setIssuerName(el.getIssuerName()); pvp2general.setPublicURLPrefix(el.getPublicURLPrefix()); @@ -730,6 +747,9 @@ public class AuthConfigurationProvider extends ConfigurationProvider { return this.getGeneralProperiesConfig("protocols.oauth20."); } + public ProtocolAllowed getAllowedProtocols() { + return this.allowedProtcols; + } public PVP2 getGeneralPVP2DBConfig() { return pvp2general; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/ProtocolAllowed.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/ProtocolAllowed.java new file mode 100644 index 000000000..a04fb1626 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/ProtocolAllowed.java @@ -0,0 +1,91 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.auth.data; + +/** + * @author tlenz + * + */ +public class ProtocolAllowed { + + private boolean isSAML1Active = false; + private boolean isPVP21Active = true; + private boolean isOAUTHActive = true; + + /** + * + */ + public ProtocolAllowed() { + + } + + /** + * + */ + public ProtocolAllowed(boolean saml1, boolean pvp21, boolean oauth) { + this.isOAUTHActive = oauth; + this.isPVP21Active = pvp21; + this.isSAML1Active = saml1; + + } + + /** + * @return the isSAML1Active + */ + public boolean isSAML1Active() { + return isSAML1Active; + } + /** + * @param isSAML1Active the isSAML1Active to set + */ + public void setSAML1Active(boolean isSAML1Active) { + this.isSAML1Active = isSAML1Active; + } + /** + * @return the isPVP21Active + */ + public boolean isPVP21Active() { + return isPVP21Active; + } + /** + * @param isPVP21Active the isPVP21Active to set + */ + public void setPVP21Active(boolean isPVP21Active) { + this.isPVP21Active = isPVP21Active; + } + /** + * @return the isOAUTHActive + */ + public boolean isOAUTHActive() { + return isOAUTHActive; + } + /** + * @param isOAUTHActive the isOAUTHActive to set + */ + public void setOAUTHActive(boolean isOAUTHActive) { + this.isOAUTHActive = isOAUTHActive; + } + + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index 260a4fd79..1f526caca 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -28,6 +28,7 @@ import iaik.security.ecc.provider.ECCProvider; import iaik.security.provider.IAIK; import java.io.IOException; +import java.io.PrintWriter; import java.security.Security; import java.util.Iterator; import java.util.Map; @@ -45,6 +46,7 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; @@ -317,20 +319,28 @@ public class DispatcherServlet extends AuthServlet{ } } } + + } catch (ProtocolNotActiveException e) { + resp.getWriter().write(e.getMessage()); + resp.setContentType("text/html;charset=UTF-8"); + resp.sendError(HttpServletResponse.SC_FORBIDDEN, e.getMessage()); + return; + + } catch (MOAIDException e) { Logger.error("Failed to generate a valid protocol request!"); - resp.sendError(HttpServletResponse.SC_BAD_REQUEST); resp.setContentType("text/html;charset=UTF-8"); - resp.getWriter().write("NO valid protocol request received!"); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "NO valid protocol request received!"); return; + } if (protocolRequest == null) { Logger.error("Failed to generate a valid protocol request!"); - resp.sendError(HttpServletResponse.SC_BAD_REQUEST); resp.setContentType("text/html;charset=UTF-8"); - resp.getWriter().write("NO valid protocol request received!"); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "NO valid protocol request received!"); return; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java index 1fb67a0b2..7ef5a2068 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java @@ -32,6 +32,8 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringUtils; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IModulInfo; import at.gv.egovernment.moa.id.moduls.IRequest; @@ -77,6 +79,13 @@ public class OAuth20Protocol implements IModulInfo { */ public IRequest preProcess(HttpServletRequest request, HttpServletResponse resp, String action) throws MOAIDException { // validation is done inside creation + + if (!AuthConfigurationProvider.getInstance().getAllowedProtocols().isOAUTHActive()) { + Logger.info("OAuth is deaktivated!"); + throw new ProtocolNotActiveException("auth.22", new Object[] { NAME }); + + } + OAuth20BaseRequest res = OAuth20BaseRequest.newInstance(action, request); Logger.debug("Created: " + res); return res; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index 82a620f6b..84c0138a5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -47,6 +47,8 @@ import org.opensaml.saml2.metadata.SPSSODescriptor; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IModulInfo; import at.gv.egovernment.moa.id.moduls.IRequest; @@ -129,6 +131,14 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { public IRequest preProcess(HttpServletRequest request, HttpServletResponse response, String action) throws MOAIDException { + + if (!AuthConfigurationProvider.getInstance().getAllowedProtocols().isPVP21Active()) { + Logger.info("PVP2.1 is deaktivated!"); + throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); + + } + + if(METADATA.equals(action)) { return new PVPTargetConfiguration(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java index 1c57c841e..e587ef0e1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java @@ -32,6 +32,7 @@ import org.apache.commons.lang.StringEscapeUtils; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1; @@ -81,6 +82,13 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants { public IRequest preProcess(HttpServletRequest request, HttpServletResponse response, String action) throws MOAIDException { RequestImpl config = new RequestImpl(); + + if (!AuthConfigurationProvider.getInstance().getAllowedProtocols().isSAML1Active()) { + Logger.info("SAML1 is deaktivated!"); + throw new ProtocolNotActiveException("auth.22", new Object[] { NAME }); + + } + String oaURL = (String) request.getParameter(PARAM_OA); //oaURL = StringEscapeUtils.escapeHtml(oaURL); diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index 3151aa657..dc698782a 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -40,6 +40,7 @@ auth.18=Keine MOASessionID vorhanden auth.19=Die Authentifizierung kann nicht passiv durchgef\u00FChrt werden. auth.20=No valid MOA session found. Authentification process is abourted. auth.21=Der Anmeldevorgang wurde durch den Benutzer abgebrochen. +auth.22=Das Protokoll {0} ist deaktiviert. init.00=MOA ID Authentisierung wurde erfolgreich gestartet init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround\: SSL ist m\u00F6glicherweise nicht verf\u00FCgbar @@ -227,5 +228,5 @@ oauth20.04=Die Art der Anmeldung wird nicht unterstuetzt oauth20.05=Der angegebene Benutzer ist nicht berechtigt oauth20.06=Die angegebene OA kann nicht verwendet werden oauth20.07=Angeforderter grant_type ist nicht erlaubt -oauth20.08=Nicht berechtigt für Token-Request +oauth20.08=Nicht berechtigt f�r Token-Request oauth20.09=Zertifikat fuer JSON Web-Token ist falsch konfiguriert. Fehler bei "{0}" diff --git a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd index 481f12091..e93cb5cc8 100644 --- a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd +++ b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd @@ -281,7 +281,11 @@ - + + + + + @@ -298,6 +302,12 @@ + + + + + + @@ -873,7 +883,6 @@ - @@ -900,7 +909,7 @@ - + -- cgit v1.2.3