From f6a617e6820751fb5f941ff1019426fe2aa8ba4e Mon Sep 17 00:00:00 2001 From: "peter.danner" Date: Thu, 8 Sep 2005 07:34:48 +0000 Subject: WebDAV Enhancement des Proxy git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@502 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../moa/id/proxy/servlet/ProxyServlet.java | 310 +++------------------ 1 file changed, 34 insertions(+), 276 deletions(-) (limited to 'id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java') diff --git a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java index 50b07eeb4..327c658f1 100644 --- a/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java +++ b/id.server/src/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java @@ -34,9 +34,9 @@ import at.gv.egovernment.moa.id.ParseException; import at.gv.egovernment.moa.id.ServiceException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter; -import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.data.CookieManager; import at.gv.egovernment.moa.id.proxy.ConnectionBuilder; @@ -103,27 +103,17 @@ public class ProxyServlet extends HttpServlet { Logger.debug("getRequestURL:" + req.getRequestURL().toString()); try { if (req.getParameter(PARAM_SAMLARTIFACT) != null && req.getParameter(PARAM_TARGET) != null) { - - //boolean basicauth = - - //if ((!binding full) && (!isBasicAuthenticationHeaderProvided(req))) { - - // browserRequest(); - - //} else { - - // check if SAML Artifact was already used in this session (in case of page reload) - HttpSession session = req.getSession(); - if (null != session && req.getParameter(PARAM_SAMLARTIFACT).equals(session.getAttribute(ATT_SAML_ARTIFACT))) { - if (session.getAttribute(ATT_BROWSERREQU)==null) { - tunnelRequest(req, resp); - }else{ - login(req, resp); //login after browser login dialog - } - } else - // it is the first time that the SAML Artifact was used - login(req, resp); - //} + // check if SAML Artifact was already used in this session (in case of page reload) + HttpSession session = req.getSession(); + if (null != session && req.getParameter(PARAM_SAMLARTIFACT).equals(session.getAttribute(ATT_SAML_ARTIFACT))) { + if (session.getAttribute(ATT_BROWSERREQU)==null) { + tunnelRequest(req, resp); + }else{ + login(req, resp); //login after browser login dialog + } + } else + // it is the first time that the SAML Artifact was used + login(req, resp); } else tunnelRequest(req, resp); @@ -175,7 +165,7 @@ public class ProxyServlet extends HttpServlet { // String target = req.getParameter(PARAM_TARGET); parameter given but not processed // get authentication data from the MOA-ID Auth component - AuthenticationData authData; + AuthenticationData authData; try { authData = new GetAuthenticationDataInvoker().getAuthenticationData(samlArtifact); } catch (ServiceException ex) { @@ -268,16 +258,6 @@ public class ProxyServlet extends HttpServlet { // tunnel request to the online application respcode = tunnelRequest(req, resp, loginHeaders, loginParameters, publicURLPrefix, realURLPrefix, ssf, binding); if (respcode == 401) { -// if ((! OAConfiguration.BINDUNG_FULL.equals(binding)) && oaConf.getLoginType().equals(OAConfiguration.LOGINTYPE_STATELESS)) { -// //user has to fill out login-dialog -// respcode = browserRequest(req, resp, publicURLPrefix, realURLPrefix); -// } -// if (respcode == 401) { -// Logger.debug("Got 401, trying again"); -// respcode = tunnelRequest(req, resp, loginHeaders, loginParameters, publicURLPrefix, realURLPrefix, ssf, binding); -// if (respcode == 401) -// throw new ProxyException("proxy.12", new Object[] { realURLPrefix }); -// } if (OAConfiguration.BINDUNG_FULL.equals(binding) && oaConf.getLoginType().equals(OAConfiguration.LOGINTYPE_STATELESS)) { throw new ProxyException("proxy.12", new Object[] { realURLPrefix }); } @@ -303,10 +283,10 @@ public class ProxyServlet extends HttpServlet { if (session == null) throw new ProxyException("proxy.07", null); String publicURLPrefix = (String) session.getAttribute(ATT_PUBLIC_URLPREFIX); - //A session is automatically created when forwarded 1st time to errorpage-proxy.jsp (with the handleError method) - //additional check if publicURLPrefix is OK, if not throw an Exception - if (publicURLPrefix == null) - throw new ProxyException("proxy.07", null); + //A session is automatically created when forwarded 1st time to errorpage-proxy.jsp (with the handleError method) + //additional check if publicURLPrefix is OK, if not throw an Exception + if (publicURLPrefix == null) + throw new ProxyException("proxy.07", null); String realURLPrefix = (String) session.getAttribute(ATT_REAL_URLPREFIX); SSLSocketFactory ssf = (SSLSocketFactory) session.getAttribute(ATT_SSL_SOCKET_FACTORY); @@ -317,15 +297,7 @@ public class ProxyServlet extends HttpServlet { throw new ProxyException("proxy.08", new Object[] { req.getRequestURL().toString()}); int respcode = tunnelRequest(req, resp, loginHeaders, loginParameters, publicURLPrefix, realURLPrefix, ssf, binding); - // Handle all requests after the except the first one - //if (respcode == 401) { - //Logger.debug("Got 401, trying again"); - //respcode = tunnelRequest(req, resp, loginHeaders, loginParameters, publicURLPrefix, realURLPrefix, ssf, binding); - //if (respcode == 401) - // throw new ProxyException("proxy.12", new Object[] { realURLPrefix}); - //} - // #tries to login exceeded - if (respcode == -401) + if (respcode == -401) // #tries to login exceeded throw new ProxyException("proxy.16", new Object[] {realURLPrefix, Integer.toString(MAX_OA_LOGINTRY)}); } @@ -450,58 +422,10 @@ private int tunnelRequest(HttpServletRequest req, HttpServletResponse resp, Map } } } - - -/* - // collect parameters from request - Map parameters = new HashMap(); - for (Enumeration enu = req.getParameterNames(); enu.hasMoreElements();) { - String paramName = (String) enu.nextElement(); - Logger.debug("Req Parameter-put: " + paramName); - parameters.put(paramName, req.getParameter(paramName)); - } - // collect login parameters, possibly overwriting parameters from request - if (loginParameters != null) { - for (Iterator iter = loginParameters.keySet().iterator(); iter.hasNext();) { - String paramName = (String) iter.next(); - Logger.debug("Req Login-Parameter-put: " + paramName); - parameters.put(paramName, loginParameters.get(paramName)); - } - } - - //Folgende Zeile ergibt fehlerhaftes Verhalten! - //headers.remove("content-length"); - //30.06.2005 wegen Fehler 411 bei Webdav - parameters.remove(PARAM_SAMLARTIFACT); - parameters.remove(PARAM_TARGET); - */ ConnectionBuilder cb = ConnectionBuilderFactory.getConnectionBuilder(publicURLPrefix); - //HttpURLConnection conn = cb.buildConnection(req, publicURLPrefix, realURLPrefix, ssf, parameters); HttpURLConnection conn = cb.buildConnection(req, publicURLPrefix, realURLPrefix, ssf, parameters); - - //Set Cookies... - - /* - String cookieString = CookieManager.getInstance().getCookie(req.getSession().getId()); - if (cookieString!=null) - { - //If we get Cookies from Client, we put them through if they dont exist/conflict with the stored Cookies - for (Iterator iter = headers.keySet().iterator(); iter.hasNext();) { - String headerKey = (String) iter.next(); - String headerValue = (String) headers.get(headerKey); - if (headerKey.equalsIgnoreCase("Cookie")) { - CookieManager.getInstance().saveOldCookies(req.getSession().getId(), headerValue); - Logger.debug("*** Saving old Cookie: " + headerValue); - } - } - cookieString = CookieManager.getInstance().getCookie(req.getSession().getId()); - headers.put("Cookie", cookieString); - Logger.debug("*** Put header Cookie: " + cookieString); - } - */ - // set headers as request properties of URLConnection for (Iterator iter = headers.keySet().iterator(); iter.hasNext();) { String headerKey = (String) iter.next(); @@ -527,7 +451,6 @@ private int tunnelRequest(HttpServletRequest req, HttpServletResponse resp, Map // otherwise HttpURLConnection would send a POST. if (!"get".equalsIgnoreCase(req.getMethod()) && !parameters.isEmpty()) { boolean firstParam = true; - //StringWriter sb = new StringWriter(); String parameter[] = new String[2]; for (Iterator iter = parameters.iterator(); iter.hasNext();) { parameter = (String[]) iter.next(); @@ -542,40 +465,7 @@ private int tunnelRequest(HttpServletRequest req, HttpServletResponse resp, Map sb.write(paramValue); if (INTERNAL_DEBUG) Logger.debug("Req param " + paramName + ": " + paramValue); } - //PrintWriter reqOut = new PrintWriter(conn.getOutputStream()); - //reqOut.write(sb.toString()); - //Logger.debug("Req P: (L="+ Integer.toString(sb.toString().length()) +") " + sb.toString()); - //reqOut.flush(); - //reqOut.close(); - } - - /* - // Write out parameters into output stream of URLConnection. - // On GET request, do not send parameters in any case, - // otherwise HttpURLConnection would send a POST. - if (!"get".equalsIgnoreCase(req.getMethod()) && !parameters.isEmpty()) { - boolean firstParam = true; - StringWriter sb = new StringWriter(); - for (Iterator iter = parameters.keySet().iterator(); iter.hasNext();) { - String paramname = (String) iter.next(); - //String value = URLEncoder.encode((String) parameters.get(paramname)); - String value = (String) parameters.get(paramname); - if (firstParam) - firstParam = false; - else - sb.write("&"); - sb.write(paramname); - sb.write("="); - sb.write(value); - Logger.debug("Req param " + paramname + ": " + value); - } - PrintWriter reqOut = new PrintWriter(conn.getOutputStream()); - reqOut.write(sb.toString()); - Logger.debug("Req P: " + sb.toString()); - reqOut.flush(); - reqOut.close(); } - */ // For WebDAV and POST: copy content if (!"get".equalsIgnoreCase(req.getMethod())) { @@ -607,33 +497,15 @@ private int tunnelRequest(HttpServletRequest req, HttpServletResponse resp, Map if (loginTry > MAX_OA_LOGINTRY) { Logger.debug("Found 401 UNAUTHORIZED, maximum tries exceeded; leaving..."); cb.disconnect(conn); - //conn.disconnect(); return -401; } } - if (conn.getResponseCode()==HttpURLConnection.HTTP_UNAUTHORIZED && OAConfiguration.BINDUNG_FULL.equals(binding)) { Logger.debug("Found 401 UNAUTHORIZED, leaving..."); - /* - String headerKey; - int i = 1; - CookieManager cm = CookieManager.getInstance(); - while ((headerKey = conn.getHeaderFieldKey(i)) != null) { - String headerValue = conn.getHeaderField(i); - if (headerKey.equalsIgnoreCase("set-cookie")) { - cm.saveCookie(req.getSession().getId(), headerValue); - cm.add401(req.getSession().getId(),headerValue); - Logger.debug(" Cookie " + headerValue); - Logger.debug(" CookieSession " + req.getSession().getId()); - } - i++; - } - */ cb.disconnect(conn); - //conn.disconnect(); return conn.getResponseCode(); } @@ -651,7 +523,6 @@ private int tunnelRequest(HttpServletRequest req, HttpServletResponse resp, Map // Otherwise, the connection will not be kept alive, resulting in subsequent missing requests. // See JavaDoc of javax.servlet.http.HttpServlet: // When using HTTP 1.1 chunked encoding (which means that the response has a Transfer-Encoding header), do not set the Content-Length header. - //Map respHeaders = new HashMap(); überschreibt headerzeilen Vector respHeaders = new Vector(); boolean chunked = false; @@ -668,37 +539,25 @@ private int tunnelRequest(HttpServletRequest req, HttpServletResponse resp, Map if (OAConfiguration.BINDUNG_USERNAME.equals(binding)) headerValue = "Basic realm=\"Bitte Passwort eingeben\""; if (OAConfiguration.BINDUNG_NONE.equals(binding)) headerValue = "Basic realm=\"Bitte Benutzername und Passwort eingeben\""; } - // if (!headerKey.equalsIgnoreCase("set-cookie")){ - //respHeaders.put(headerKey, headerValue); - String respHeader[] = new String[2]; - if ((conn.getResponseCode()==HttpURLConnection.HTTP_UNAUTHORIZED) && headerKey.equalsIgnoreCase("content-length")) { - //alter the unauthorized message with template for login - //TODO: supply a special login form on unauthorized messages with bindings!=full - headerValue = Integer.toString(RET_401_MSG.length()); - } - respHeader[0]= headerKey; - respHeader[1]= headerValue; + String respHeader[] = new String[2]; + if ((conn.getResponseCode()==HttpURLConnection.HTTP_UNAUTHORIZED) && headerKey.equalsIgnoreCase("content-length")) { + //alter the unauthorized message with template for login + //TODO: supply a special login form on unauthorized messages with bindings!=full + headerValue = Integer.toString(RET_401_MSG.length()); + } + respHeader[0]= headerKey; + respHeader[1]= headerValue; - if (!(OAConfiguration.BINDUNG_FULL.equals(binding) && OAConfiguration.LOGINTYPE_STATELESS.equals(loginType) && headerKey.equalsIgnoreCase("WWW-Authenticate") && headerValue.startsWith("Basic realm=\""))) { - respHeaders.add(respHeader); - if (INTERNAL_DEBUG) Logger.debug("Resp header " + headerKey + ": " + headerValue); - } else { - Logger.debug("Resp header ---REMOVED--- " + headerKey + ": " + headerValue); - } - // }else{ - // Logger.debug("Resp header ---REMOVED--- " + headerKey + ": " + headerValue); - // } + if (!(OAConfiguration.BINDUNG_FULL.equals(binding) && OAConfiguration.LOGINTYPE_STATELESS.equals(loginType) && headerKey.equalsIgnoreCase("WWW-Authenticate") && headerValue.startsWith("Basic realm=\""))) { + respHeaders.add(respHeader); + if (INTERNAL_DEBUG) Logger.debug("Resp header " + headerKey + ": " + headerValue); + } else { + Logger.debug("Resp header ---REMOVED--- " + headerKey + ": " + headerValue); + } if (isTransferEncodingChunkedHeader(headerKey, headerValue)) { chunked = true; transferEncodingKey = headerKey; } - CookieManager cm = CookieManager.getInstance(); - if (headerKey.equalsIgnoreCase("set-cookie")) - { - //cm.saveCookie(req.getSession().getId(), headerValue); - //Logger.debug("*** Saving Cookie " + headerValue); - //Logger.debug(" CookieSession " + req.getSession().getId()); - } if ("content-length".equalsIgnoreCase(headerKey)) contentLengthKey = headerKey; i++; @@ -711,81 +570,14 @@ private int tunnelRequest(HttpServletRequest req, HttpServletResponse resp, Map String headerValue; String respHeader[] = new String[2]; - /* - //Get a Hash-Map of all 401-set-cookies - HashMap cookies401 = CookieManager.getInstance().get401(req.getSession().getId()); - for (Iterator iter = respHeaders.iterator(); iter.hasNext();) - { - respHeader = (String[]) iter.next(); - headerKey = respHeader[0]; - headerValue = respHeader[1]; - - if (headerKey.equalsIgnoreCase("Set-Cookie")) - { - //String headerValue = (String) respHeaders.get(headerKey); - Logger.debug(" Found 'Set-Cookie' in ResponseHeaders: " + headerValue); - if(!cookies401.containsKey(headerValue.substring(0, headerValue.indexOf("=")))) - { - // If we dont already have a Set-Cookie-Value for THAT Cookie we create one... - CookieManager.getInstance().add401(req.getSession().getId(), headerValue); - Logger.debug("*** Saving 401 'Set-Cookie' from ResponseHeaders: " + headerValue); - } - } - } - */ - - //write out all Responseheaders != "set-cookie" + //write out all Responseheaders for (Iterator iter = respHeaders.iterator(); iter.hasNext();) { respHeader = (String[]) iter.next(); headerKey = respHeader[0]; headerValue = respHeader[1]; - // if (!headerKey.equalsIgnoreCase("Set-Cookie")) - resp.addHeader(headerKey, headerValue); - } - - - /* - for (Iterator iter = respHeaders.keySet().iterator(); iter.hasNext();) { - headerKey = (String) iter.next(); - - if (headerKey.equalsIgnoreCase("Set-Cookie")) - { - String headerValue = (String) respHeaders.get(headerKey); - Logger.debug("Found 'Set-Cookie' in ResponseHeaders: " + headerValue); - if(!cookies401.containsKey(headerValue.substring(0, headerValue.indexOf("=")))) - { - // If we dont already have a Set-Cookie-Value for THAT Cookie we create one... - CookieManager.getInstance().add401(req.getSession().getId(), headerValue); - Logger.debug("Saving 401 'Set-Cookie' from ResponseHeaders: " + headerValue); - } - } - } - - //write out all Responseheaders != "set-cookie" - for (Iterator iter = respHeaders.keySet().iterator(); iter.hasNext();) { - headerKey = (String) iter.next(); - //PeterD - if (!headerKey.equalsIgnoreCase("Set-Cookie")) - resp.addHeader(headerKey, (String) respHeaders.get(headerKey)); - } - */ - - /* - //write out all Responseheaders = "set-cookie" - cookies401 = CookieManager.getInstance().get401(req.getSession().getId()); - Iterator cookie_i = cookies401.values().iterator(); - while (cookie_i.hasNext()) { - String element = (String) cookie_i.next(); - resp.addHeader("Set-Cookie", element); - Logger.debug("Resp header Set-Cookie: " + element); + resp.addHeader(headerKey, headerValue); } - - //Delete all "Set-Cookie" - Values - CookieManager.getInstance().clear401(req.getSession().getId()); - */ - - //Logger.debug(">>>> Copy Content"); //Logger.debug(" from ()" + conn.getURL()); //Logger.debug(" to (" + req.getRemoteAddr() + ":"+ ") " +req.getRequestURL()); @@ -799,7 +591,6 @@ private int tunnelRequest(HttpServletRequest req, HttpServletResponse resp, Map BufferedOutputStream respOut = new BufferedOutputStream(resp.getOutputStream()); //Logger.debug("Got Outputstream"); - byte [] buffer = new byte[4096]; if (respOut != null) { int bytesRead; @@ -835,7 +626,6 @@ private int tunnelRequest(HttpServletRequest req, HttpServletResponse resp, Map if (conn.getResponseCode()==HttpURLConnection.HTTP_UNAUTHORIZED) { Logger.debug("Found 401 UNAUTHORIZED..."); cb.disconnect(conn); - //conn.disconnect(); return conn.getResponseCode(); } } else { @@ -843,7 +633,6 @@ private int tunnelRequest(HttpServletRequest req, HttpServletResponse resp, Map Logger.debug("Found 304 NOT MODIFIED..."); } - //conn.disconnect(); cb.disconnect(conn); Logger.debug("Request done"); @@ -952,37 +741,6 @@ protected void handleError( } -/** - * Prepares the session and necessary response-header for the login dialog request - * This method returns the response code 200 to avoid 401 proceeding. - * @param req HTTP request - * @param resp HTTP response - * @param publicURLPrefix prefix of request URL to be substituted for the realURLPrefix - */ -/* -private int browserRequest(HttpServletRequest req, HttpServletResponse resp, String publicURLPrefix, String realURLPrefix) -{ - //Preparing Browser Request - String host=""; - Logger.debug("OA Browser-Request for user login dialog"); - try { - URL turl = new URL(realURLPrefix); - host = turl.getHost(); - } catch (MalformedURLException e) { - Logger.error(e); - } - - - resp.addHeader("WWW-Authenticate", "Basic realm=\"" + host + "\""); - resp.setStatus(401); - - HttpSession session = req.getSession(); - session.setAttribute(ATT_BROWSERREQU, "inProgress"); - - return 200; -} -*/ - // * taken from iaik.utils.util.copyStream: /** * Reads all data (until EOF is reached) from the given source to the -- cgit v1.2.3