From 0436de6184c1a95d463da52929e3bf60923d6e04 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 13 Dec 2021 09:23:09 +0100 Subject: update third-party libs and resolve API issues --- .../configuration/struts/action/BasicOAAction.java | 1187 ++++++++++---------- 1 file changed, 602 insertions(+), 585 deletions(-) (limited to 'id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java index 20db561d6..ce975bd91 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java @@ -39,15 +39,14 @@ import java.util.List; import java.util.Map; import java.util.Map.Entry; -import org.apache.log4j.Logger; import org.apache.velocity.VelocityContext; import org.apache.velocity.app.VelocityEngine; import at.gv.egiz.components.configuration.meta.api.ConfigurationStorageException; +import at.gv.egiz.eaaf.core.impl.gui.AbstractGUIFormBuilderConfiguration; import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider; import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egiz.eaaf.core.impl.utils.Random; -import at.gv.egovernment.moa.id.auth.frontend.builder.AbstractServiceProviderSpecificGUIFormBuilderConfiguration; import at.gv.egovernment.moa.id.auth.frontend.utils.FormBuildUtils; import at.gv.egovernment.moa.id.commons.config.ConfigurationMigrationUtils; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; @@ -69,152 +68,156 @@ import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.helper.MailHelper; import at.gv.egovernment.moa.util.MiscUtil; import iaik.utils.URLDecoder; +import lombok.extern.slf4j.Slf4j; /** * @author tlenz * */ +@Slf4j public class BasicOAAction extends BasicAction { - private static final long serialVersionUID = 5676123696807646246L; - private final Logger log = Logger.getLogger(BasicOAAction.class); - - protected LinkedHashMap formList; - protected long oaid = -1; - - private String oaidobj; - private boolean newOA; - private boolean isMetaDataRefreshRequired = false; - - private InputStream stream = null; - - - - /** - * - */ - public BasicOAAction() { - super(); - - formList = new LinkedHashMap(); - - OAGeneralConfig generalOA = new OAGeneralConfig(); - formList.put(generalOA.getName(), generalOA); - - } - - protected OnlineApplication populateOnlineApplicationFromRequest() throws BasicOAActionException{ - if (!ValidationHelper.validateOAID(oaidobj)) { - throw new BasicOAActionException( - LanguageHelper.getErrorString("errors.edit.oa.oaid", request), - Constants.STRUTS_ERROR); - + private static final long serialVersionUID = 5676123696807646246L; + + protected LinkedHashMap formList; + protected long oaid = -1; + + private String oaidobj; + private boolean newOA; + private boolean isMetaDataRefreshRequired = false; + + private InputStream stream = null; + + /** + * + */ + public BasicOAAction() { + super(); + + formList = new LinkedHashMap<>(); + + final OAGeneralConfig generalOA = new OAGeneralConfig(); + formList.put(generalOA.getName(), generalOA); + + } + + protected OnlineApplication populateOnlineApplicationFromRequest() throws BasicOAActionException { + if (!ValidationHelper.validateOAID(oaidobj)) { + throw new BasicOAActionException( + LanguageHelper.getErrorString("errors.edit.oa.oaid", request), + Constants.STRUTS_ERROR); + + } + oaid = Long.valueOf(oaidobj); + + UserDatabase userdb = null; + OnlineApplication onlineapplication = null; + + if (authUser.isAdmin()) { + onlineapplication = configuration.getDbRead().getOnlineApplication(oaid); + } else { + userdb = configuration.getUserManagement().getUserWithID(authUser.getUserID()); + + if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb + .isIsMailAddressVerified()) { + log.info("Online-Applikation managemant disabled. Mail address is not verified."); + throw new BasicOAActionException( + LanguageHelper.getErrorString("error.editoa.mailverification", request), + Constants.STRUTS_SUCCESS); + + } + + // TODO: change to direct Database operation + final List oas = userdb.getOnlineApplication(); + for (final String oa : oas) { + if (oa.equals(oaid)) { + onlineapplication = configuration.getDbRead().getOnlineApplication(oaid); + break; } - oaid = Long.valueOf(oaidobj); + } + if (onlineapplication == null) { + throw new BasicOAActionException( + LanguageHelper.getErrorString("errors.edit.oa.oaid", request), + Constants.STRUTS_ERROR); + } + } - UserDatabase userdb = null; - OnlineApplication onlineapplication = null; + return onlineapplication; - if (authUser.isAdmin()) - onlineapplication = configuration.getDbRead().getOnlineApplication(oaid); + } - else { - userdb = configuration.getUserManagement().getUserWithID(authUser.getUserID()); + protected void populateBasicNewOnlineApplicationInformation() { + session.setAttribute(Constants.SESSION_OAID, null); - if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) { - log.info("Online-Applikation managemant disabled. Mail address is not verified."); - throw new BasicOAActionException( - LanguageHelper.getErrorString("error.editoa.mailverification", request), - Constants.STRUTS_SUCCESS); + setNewOA(true); - } + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + session.setAttribute(Constants.SESSION_BKUFORMPREVIEW, null); + } - // TODO: change to direct Database operation - List oas = userdb.getOnlineApplication(); - for (String oa : oas) { - if (oa.equals(oaid)) { - onlineapplication = configuration.getDbRead().getOnlineApplication(oaid); - break; - } - } - if (onlineapplication == null) { - throw new BasicOAActionException( - LanguageHelper.getErrorString("errors.edit.oa.oaid", request), - Constants.STRUTS_ERROR); - } + protected OnlineApplication postProcessSaveOnlineApplication(OnlineApplication onlineapplication, + boolean persistOA) throws BasicOAActionException { + if (onlineapplication == null) { + onlineapplication = new OnlineApplication(); + onlineapplication.setIsNew(true); + onlineapplication.setIsActive(false); + + if (!authUser.isAdmin()) { + onlineapplication.setIsAdminRequired(true); + + } else { + isMetaDataRefreshRequired = true; + } + + } else { + onlineapplication.setIsNew(false); + if (!authUser.isAdmin() && !onlineapplication.getPublicURLPrefix().equals(getGeneralOA() + .getIdentifier())) { + + onlineapplication.setIsAdminRequired(true); + onlineapplication.setIsActive(false); + log.info("User with ID " + authUser.getUserID() + + " change OA-PublicURLPrefix. Reaktivation is required."); + } + + } + + if (onlineapplication.isIsAdminRequired() == null + || authUser.isAdmin() && getGeneralOA().isActive() && onlineapplication.isIsAdminRequired()) { + + onlineapplication.setIsAdminRequired(false); + isMetaDataRefreshRequired = true; + + UserDatabase userdb = null; + if (onlineapplication.getHjid() != null) { + userdb = configuration.getUserManagement().getUsersWithOADBID(onlineapplication.getHjid()); + } + + if (userdb != null && !userdb.isIsAdmin()) { + try { + MailHelper.sendUserOnlineApplicationActivationMail(userdb.getGivenname(), userdb.getFamilyname(), + userdb.getInstitut(), onlineapplication.getPublicURLPrefix(), userdb.getMail()); + } catch (final ConfigurationException e) { + log.warn("Sending Mail to User " + userdb.getMail() + " failed", e); } - - return onlineapplication; - - } - - protected void populateBasicNewOnlineApplicationInformation() { - session.setAttribute(Constants.SESSION_OAID, null); - - setNewOA(true); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - session.setAttribute(Constants.SESSION_BKUFORMPREVIEW, null); + } + } + + // save OA configuration + final String error = saveOAConfigToDatabase(onlineapplication, persistOA); + if (MiscUtil.isNotEmpty(error)) { + log.warn("OA configuration can not be stored!"); + addActionError(error); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + throw new BasicOAActionException(error, Constants.STRUTS_ERROR_VALIDATION); } - - protected OnlineApplication postProcessSaveOnlineApplication(OnlineApplication onlineapplication, boolean persistOA) throws BasicOAActionException { - if (onlineapplication == null) { - onlineapplication = new OnlineApplication(); - onlineapplication.setIsNew(true); - onlineapplication.setIsActive(false); - - if (!authUser.isAdmin()) { - onlineapplication.setIsAdminRequired(true); - - } else - isMetaDataRefreshRequired = true; - - } else { - onlineapplication.setIsNew(false); - if (!authUser.isAdmin() && !onlineapplication.getPublicURLPrefix().equals(getGeneralOA().getIdentifier())) { - - onlineapplication.setIsAdminRequired(true); - onlineapplication.setIsActive(false); - log.info("User with ID " + authUser.getUserID() + " change OA-PublicURLPrefix. Reaktivation is required."); - } - - } - - if ((onlineapplication.isIsAdminRequired() == null) - || (authUser.isAdmin() && getGeneralOA().isActive() && onlineapplication.isIsAdminRequired())) { - - onlineapplication.setIsAdminRequired(false); - isMetaDataRefreshRequired = true; - - UserDatabase userdb = null; - if (onlineapplication.getHjid() != null) - userdb = configuration.getUserManagement().getUsersWithOADBID(onlineapplication.getHjid()); - - if (userdb != null && !userdb.isIsAdmin()) { - try { - MailHelper.sendUserOnlineApplicationActivationMail(userdb.getGivenname(), userdb.getFamilyname(), - userdb.getInstitut(), onlineapplication.getPublicURLPrefix(), userdb.getMail()); - } catch (ConfigurationException e) { - log.warn("Sending Mail to User " + userdb.getMail() + " failed", e); - } - } - } - - //save OA configuration - String error = saveOAConfigToDatabase(onlineapplication, persistOA); - if (MiscUtil.isNotEmpty(error)) { - log.warn("OA configuration can not be stored!"); - addActionError(error); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - throw new BasicOAActionException(error, Constants.STRUTS_ERROR_VALIDATION); - } // //set metadata reload flag if reload is required -// +// // if (getPvp2OA() != null && getPvp2OA().getMetaDataURL() != null) { // // try { @@ -234,290 +237,302 @@ public class BasicOAAction extends BasicAction { // } // // } - - return onlineapplication; - } - - protected OnlineApplication preProcessSaveOnlineApplication() throws BasicOAActionException { - try { - Object formidobj = session.getAttribute(Constants.SESSION_FORMID); - if (formidobj != null && formidobj instanceof String) { - String formid = (String) formidobj; - if (!formid.equals(formID)) { - throw new BasicOAActionException( - "FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() - + authUser.getGivenName() + authUser.getUserID(), - Constants.STRUTS_ERROR); - } - } else { - throw new BasicOAActionException( - "FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() - + authUser.getGivenName() + authUser.getUserID(), - Constants.STRUTS_ERROR); - - } - session.setAttribute(Constants.SESSION_FORMID, null); - - UserDatabase userdb = configuration.getUserManagement().getUserWithID(authUser.getUserID()); - if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) { - log.info("Online-Applikation managemant disabled. Mail address is not verified."); - throw new BasicOAActionException( - LanguageHelper.getErrorString("error.editoa.mailverification", request), - Constants.STRUTS_SUCCESS); - } - - OnlineApplication onlineapplication = null; - - Long oaid = getOAIDFromSession(); - - // valid DBID and check entry - OAGeneralConfig oaGeneralForm = ((OAGeneralConfig)formList.get(new OAGeneralConfig().getName())); - String oaidentifier = oaGeneralForm.getIdentifier(); - if (MiscUtil.isEmpty(oaidentifier)) { - log.info("Empty OA identifier"); - throw new BasicOAActionException( - LanguageHelper.getErrorString("validation.general.oaidentifier.empty", request), - Constants.STRUTS_ERROR_VALIDATION); - - } else { - - if (!ValidationHelper.validateURL(oaidentifier)) { - log.warn("OnlineapplikationIdentifier is not a valid URL: " + oaidentifier); - throw new BasicOAActionException( - LanguageHelper.getErrorString("validation.general.oaidentifier.valid", - new Object[]{ValidationHelper.getNotValidOAIdentifierCharacters()}, request), - Constants.STRUTS_ERROR_VALIDATION); - - } else { - - if (oaid == -1) { - List oaList = configuration.getDbRead().getAllOnlineApplications(); - - if (oaList != null) { - for (OnlineApplication el : oaList) { - if (el.getPublicURLPrefix().startsWith(oaidentifier) ) - onlineapplication = el; - - } - } - - if (onlineapplication == null) { - onlineapplication = configuration.getDbRead().getOnlineApplication(oaidentifier); - - } - - if (onlineapplication != null) { - log.info("The OAIdentifier is not unique"); - throw new BasicOAActionException( - LanguageHelper.getErrorString( - "validation.general.oaidentifier.notunique", - new Object[]{onlineapplication.getPublicURLPrefix()}, - request), - Constants.STRUTS_ERROR_VALIDATION); - - } else - setNewOA(true); - - } else { - onlineapplication = configuration.getDbRead().getOnlineApplication(oaid); - if (!oaidentifier.equals(onlineapplication.getPublicURLPrefix())) { - - OnlineApplication dbOA = null; - List oaList = configuration.getDbRead().getAllOnlineApplications(); - for (OnlineApplication el : oaList) { - if (el.getPublicURLPrefix().startsWith(oaidentifier) ) - dbOA = el; - - } - if (dbOA == null) - dbOA = configuration.getDbRead().getOnlineApplication(oaidentifier); - - if ( (dbOA != null && !dbOA.getHjid().equals(oaid))) { - log.info("The OAIdentifier is not unique"); - throw new BasicOAActionException( - LanguageHelper.getErrorString( - "validation.general.oaidentifier.notunique", - new Object[]{dbOA.getPublicURLPrefix()}, - request), - Constants.STRUTS_ERROR_VALIDATION); - - } - } - } - } - } - - return onlineapplication; - - } catch (BasicOAActionException e) { - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - throw e; - } - - } - - protected Long getOAIDFromSession() throws BasicOAActionException { - Object oadbid = request.getSession().getAttribute(Constants.SESSION_OAID); - Long oaid = (long) -1; - - if (oadbid != null) { - try { - oaid = (Long) oadbid; - if (oaid < 0 || oaid > Long.MAX_VALUE) { - throw new BasicOAActionException( - LanguageHelper.getErrorString("errors.edit.oa.oaid", request), - Constants.STRUTS_ERROR); + + return onlineapplication; + } + + protected OnlineApplication preProcessSaveOnlineApplication() throws BasicOAActionException { + try { + final Object formidobj = session.getAttribute(Constants.SESSION_FORMID); + if (formidobj != null && formidobj instanceof String) { + final String formid = (String) formidobj; + if (!formid.equals(formID)) { + throw new BasicOAActionException( + "FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() + + authUser.getGivenName() + authUser.getUserID(), + Constants.STRUTS_ERROR); + } + } else { + throw new BasicOAActionException( + "FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() + + authUser.getGivenName() + authUser.getUserID(), + Constants.STRUTS_ERROR); + + } + session.setAttribute(Constants.SESSION_FORMID, null); + + final UserDatabase userdb = configuration.getUserManagement().getUserWithID(authUser.getUserID()); + if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb + .isIsMailAddressVerified()) { + log.info("Online-Applikation managemant disabled. Mail address is not verified."); + throw new BasicOAActionException( + LanguageHelper.getErrorString("error.editoa.mailverification", request), + Constants.STRUTS_SUCCESS); + } + + OnlineApplication onlineapplication = null; + + final Long oaid = getOAIDFromSession(); + + // valid DBID and check entry + final OAGeneralConfig oaGeneralForm = (OAGeneralConfig) formList.get(new OAGeneralConfig().getName()); + final String oaidentifier = oaGeneralForm.getIdentifier(); + if (MiscUtil.isEmpty(oaidentifier)) { + log.info("Empty OA identifier"); + throw new BasicOAActionException( + LanguageHelper.getErrorString("validation.general.oaidentifier.empty", request), + Constants.STRUTS_ERROR_VALIDATION); + + } else { + + if (!ValidationHelper.validateURL(oaidentifier)) { + log.warn("OnlineapplikationIdentifier is not a valid URL: " + oaidentifier); + throw new BasicOAActionException( + LanguageHelper.getErrorString("validation.general.oaidentifier.valid", + new Object[] { ValidationHelper.getNotValidOAIdentifierCharacters() }, request), + Constants.STRUTS_ERROR_VALIDATION); + + } else { + + if (oaid == -1) { + final List oaList = configuration.getDbRead().getAllOnlineApplications(); + + if (oaList != null) { + for (final OnlineApplication el : oaList) { + if (el.getPublicURLPrefix().startsWith(oaidentifier)) { + onlineapplication = el; } - } catch (Throwable t) { - throw new BasicOAActionException( - LanguageHelper.getErrorString("errors.edit.oa.oaid", request), - Constants.STRUTS_ERROR); + } + } + + if (onlineapplication == null) { + onlineapplication = configuration.getDbRead().getOnlineApplication(oaidentifier); + } + + if (onlineapplication != null) { + log.info("The OAIdentifier is not unique"); + throw new BasicOAActionException( + LanguageHelper.getErrorString( + "validation.general.oaidentifier.notunique", + new Object[] { onlineapplication.getPublicURLPrefix() }, + request), + Constants.STRUTS_ERROR_VALIDATION); + + } else { + setNewOA(true); + } + + } else { + onlineapplication = configuration.getDbRead().getOnlineApplication(oaid); + if (!oaidentifier.equals(onlineapplication.getPublicURLPrefix())) { + + OnlineApplication dbOA = null; + final List oaList = configuration.getDbRead().getAllOnlineApplications(); + for (final OnlineApplication el : oaList) { + if (el.getPublicURLPrefix().startsWith(oaidentifier)) { + dbOA = el; + } + + } + if (dbOA == null) { + dbOA = configuration.getDbRead().getOnlineApplication(oaidentifier); + } + + if (dbOA != null && !dbOA.getHjid().equals(oaid)) { + log.info("The OAIdentifier is not unique"); + throw new BasicOAActionException( + LanguageHelper.getErrorString( + "validation.general.oaidentifier.notunique", + new Object[] { dbOA.getPublicURLPrefix() }, + request), + Constants.STRUTS_ERROR_VALIDATION); + + } + } + } } - - return oaid; + } + + return onlineapplication; + + } catch (final BasicOAActionException e) { + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + throw e; } - - protected String preProcessDeleteOnlineApplication() throws BasicOAActionException { - try { - Object formidobj = session.getAttribute(Constants.SESSION_FORMID); - if (formidobj != null && formidobj instanceof String) { - String formid = (String) formidobj; - if (!formid.equals(formID)) { - log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() - + authUser.getGivenName() + authUser.getUserID()); - throw new BasicOAActionException( - "FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() - + authUser.getGivenName() + authUser.getUserID(), - Constants.STRUTS_ERROR); - - } - } else { - log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() - + authUser.getGivenName() + authUser.getUserID()); - throw new BasicOAActionException( - "FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() - + authUser.getGivenName() + authUser.getUserID(), - Constants.STRUTS_ERROR); - } - session.setAttribute(Constants.SESSION_FORMID, null); - - UserDatabase userdb = configuration.getUserManagement().getUserWithID(authUser.getUserID()); - if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) { - log.info("Online-Applikation managemant disabled. Mail address is not verified."); - throw new BasicOAActionException( - LanguageHelper.getErrorString("error.editoa.mailverification", request), - Constants.STRUTS_SUCCESS); - - } - - String oaidentifier = getGeneralOA().getIdentifier(); - if (MiscUtil.isEmpty(oaidentifier)) { - log.info("Empty OA identifier"); - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - throw new BasicOAActionException( - LanguageHelper.getErrorString("validation.general.oaidentifier.empty", request), - Constants.STRUTS_ERROR_VALIDATION); - - } else { - if (ValidationHelper.isValidOAIdentifier(oaidentifier)) { - log.warn("IdentificationNumber contains potentail XSS characters: " + oaidentifier); - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - throw new BasicOAActionException( - LanguageHelper.getErrorString("validation.general.oaidentifier.valid", - new Object[]{ValidationHelper.getNotValidOAIdentifierCharacters()}, request), - Constants.STRUTS_ERROR_VALIDATION); - } - } - - return oaidentifier; - - } catch (BasicOAActionException e) { - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - throw e; - } + + } + + protected Long getOAIDFromSession() throws BasicOAActionException { + final Object oadbid = request.getSession().getAttribute(Constants.SESSION_OAID); + Long oaid = (long) -1; + + if (oadbid != null) { + try { + oaid = (Long) oadbid; + if (oaid < 0 || oaid > Long.MAX_VALUE) { + throw new BasicOAActionException( + LanguageHelper.getErrorString("errors.edit.oa.oaid", request), + Constants.STRUTS_ERROR); + } + + } catch (final Throwable t) { + throw new BasicOAActionException( + LanguageHelper.getErrorString("errors.edit.oa.oaid", request), + Constants.STRUTS_ERROR); + } } - - private String saveOAConfigToDatabase(OnlineApplication dboa, boolean persistOA) { - - for (IOnlineApplicationData form : formList.values()) - form.store(dboa, authUser, request); - - try { - if (dboa.isIsNew()) { - if (!authUser.isAdmin()) { - UserDatabase user = configuration.getUserManagement().getUserWithID(authUser.getUserID()); - List useroas = user.getOnlineApplication(); - if (useroas == null) useroas = new ArrayList(); + return oaid; + } + + protected String preProcessDeleteOnlineApplication() throws BasicOAActionException { + try { + final Object formidobj = session.getAttribute(Constants.SESSION_FORMID); + if (formidobj != null && formidobj instanceof String) { + final String formid = (String) formidobj; + if (!formid.equals(formID)) { + log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser + .getFamilyName() + + authUser.getGivenName() + authUser.getUserID()); + throw new BasicOAActionException( + "FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() + + authUser.getGivenName() + authUser.getUserID(), + Constants.STRUTS_ERROR); - useroas.add(String.valueOf(dboa.getHjid())); - configuration.getUserManagement().saveOrUpdate(user); - - } else { - if (persistOA) - save(dboa); - - } - - } else - if (persistOA) - save(dboa); - - } catch (MOADatabaseException e) { - log.warn("Online-Application can not be stored.", e); - return LanguageHelper.getErrorString("error.db.oa.store", request); } + } else { + log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() + + authUser.getGivenName() + authUser.getUserID()); + throw new BasicOAActionException( + "FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() + + authUser.getGivenName() + authUser.getUserID(), + Constants.STRUTS_ERROR); + } + session.setAttribute(Constants.SESSION_FORMID, null); + + final UserDatabase userdb = configuration.getUserManagement().getUserWithID(authUser.getUserID()); + if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb + .isIsMailAddressVerified()) { + log.info("Online-Applikation managemant disabled. Mail address is not verified."); + throw new BasicOAActionException( + LanguageHelper.getErrorString("error.editoa.mailverification", request), + Constants.STRUTS_SUCCESS); + + } + + final String oaidentifier = getGeneralOA().getIdentifier(); + if (MiscUtil.isEmpty(oaidentifier)) { + log.info("Empty OA identifier"); + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + throw new BasicOAActionException( + LanguageHelper.getErrorString("validation.general.oaidentifier.empty", request), + Constants.STRUTS_ERROR_VALIDATION); - return null; + } else { + if (ValidationHelper.isValidOAIdentifier(oaidentifier)) { + log.warn("IdentificationNumber contains potentail XSS characters: " + oaidentifier); + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + throw new BasicOAActionException( + LanguageHelper.getErrorString("validation.general.oaidentifier.valid", + new Object[] { ValidationHelper.getNotValidOAIdentifierCharacters() }, request), + Constants.STRUTS_ERROR_VALIDATION); + } + } + + return oaidentifier; + + } catch (final BasicOAActionException e) { + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + throw e; + } + } + + private String saveOAConfigToDatabase(OnlineApplication dboa, boolean persistOA) { + + for (final IOnlineApplicationData form : formList.values()) { + form.store(dboa, authUser, request); } - - protected void save(OnlineApplication oa) throws MOADatabaseException { - try { - STORK storkConfig = null; - try { - MOAIDConfiguration moaidConfig = - ConfigurationProvider.getInstance().getDbRead().getMOAIDConfiguration(); - - storkConfig = moaidConfig.getAuthComponentGeneral().getForeignIdentities().getSTORK(); - - } catch (Exception e) { - - } - - log.debug("JaxB to Key/Value configuration transformation started ..."); - Map keyValueConfig = - ConfigurationMigrationUtils.convertHyberJaxBOnlineApplicationToKeyValue(oa, storkConfig); - - log.debug("JaxB to Key/Value configuration transformation finished. Start Key/Value storage process ..."); - - String serviceIdentifier = keyValueConfig.get(MOAIDConfigurationConstants.PREFIX_SERVICES); - if (MiscUtil.isEmpty(serviceIdentifier)) { - log.info("Use default ServiceIdentifier."); - serviceIdentifier = MOAIDConfigurationConstants.PREFIX_OA; - } - - if (oa.getHjid() == null) { - log.debug("No hjID -> find new Service ID ..."); - String hjID = configuration.getConfigModule().buildArrayIdentifier( - MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES + "." + serviceIdentifier, 0, keyValueConfig); - log.debug("Find new hjID: " + hjID + " for service: " + oa.getPublicURLPrefix()); - oa.setHjid(Long.valueOf(hjID)); - - } else { - //TODO: work-around for old config tool and new key/value configuration - //see: NewConfigurationDBRead.java Line 81 + + try { + if (dboa.isIsNew()) { + if (!authUser.isAdmin()) { + final UserDatabase user = configuration.getUserManagement().getUserWithID(authUser.getUserID()); + + List useroas = user.getOnlineApplication(); + if (useroas == null) { + useroas = new ArrayList<>(); + } + + useroas.add(String.valueOf(dboa.getHjid())); + configuration.getUserManagement().saveOrUpdate(user); + + } else { + if (persistOA) { + save(dboa); + } + + } + + } else if (persistOA) { + save(dboa); + } + + } catch (final MOADatabaseException e) { + log.warn("Online-Application can not be stored.", e); + return LanguageHelper.getErrorString("error.db.oa.store", request); + } + + return null; + } + + protected void save(OnlineApplication oa) throws MOADatabaseException { + try { + STORK storkConfig = null; + try { + final MOAIDConfiguration moaidConfig = + ConfigurationProvider.getInstance().getDbRead().getMOAIDConfiguration(); + + storkConfig = moaidConfig.getAuthComponentGeneral().getForeignIdentities().getSTORK(); + + } catch (final Exception e) { + + } + + log.debug("JaxB to Key/Value configuration transformation started ..."); + final Map keyValueConfig = + ConfigurationMigrationUtils.convertHyberJaxBOnlineApplicationToKeyValue(oa, storkConfig); + + log.debug( + "JaxB to Key/Value configuration transformation finished. Start Key/Value storage process ..."); + + String serviceIdentifier = keyValueConfig.get(MOAIDConfigurationConstants.PREFIX_SERVICES); + if (MiscUtil.isEmpty(serviceIdentifier)) { + log.info("Use default ServiceIdentifier."); + serviceIdentifier = MOAIDConfigurationConstants.PREFIX_OA; + } + + if (oa.getHjid() == null) { + log.debug("No hjID -> find new Service ID ..."); + final String hjID = configuration.getConfigModule().buildArrayIdentifier( + MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES + "." + serviceIdentifier, 0, keyValueConfig); + log.debug("Find new hjID: " + hjID + " for service: " + oa.getPublicURLPrefix()); + oa.setHjid(Long.valueOf(hjID)); + + } else { + // TODO: work-around for old config tool and new key/value configuration + // see: NewConfigurationDBRead.java Line 81 // if (oa.getHjid() > 1000000) { -// if (serviceIdentifier.equals(MOAIDConfigurationConstants.PREFIX_GATEWAY)) +// if (serviceIdentifier.equals(MOAIDConfigurationConstants.PREFIX_GATEWAY)) // oa.setHjid(oa.getHjid() - 1000000); // else if (serviceIdentifier.equals(MOAIDConfigurationConstants.PREFIX_IIDP)) // oa.setHjid(oa.getHjid() - 2000000); @@ -525,208 +540,210 @@ public class BasicOAAction extends BasicAction { // oa.setHjid(oa.getHjid() - 3000000); // else // log.warn("Inconsistent state found! Service Identifier for OA found but Hjid is > 1000000."); -// +// // } - - } - - Map absolutKeyValue = KeyValueUtils.makeKeysAbsolut( - keyValueConfig, - MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES + "." + serviceIdentifier + "." + String.valueOf(oa.getHjid()), - MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES); - - configuration.getConfigModule().storeChanges(absolutKeyValue, null, null); - - log.info("MOA-ID Service Key/Value configuration successfull stored."); - - - } catch (ConfigurationStorageException | at.gv.egiz.components.configuration.api.ConfigurationException e) { - log.warn("MOAID Configuration can not be stored in Database", e); - throw new MOADatabaseException(e.getMessage(), e); - - } - + + } + + final Map absolutKeyValue = KeyValueUtils.makeKeysAbsolut( + keyValueConfig, + MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES + "." + serviceIdentifier + "." + String.valueOf( + oa.getHjid()), + MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES); + + configuration.getConfigModule().storeChanges(absolutKeyValue, null, null); + + log.info("MOA-ID Service Key/Value configuration successfull stored."); + + } catch (ConfigurationStorageException + | at.gv.egiz.components.configuration.api.ConfigurationException e) { + log.warn("MOAID Configuration can not be stored in Database", e); + throw new MOADatabaseException(e.getMessage(), e); + } - - protected boolean delete(OnlineApplication onlineapplication) { - try { - log.debug("JaxB to Key/Value configuration transformation started ..."); - Map keyValueConfig = - ConfigurationMigrationUtils.convertHyberJaxBOnlineApplicationToKeyValue(onlineapplication, null); - - log.debug("JaxB to Key/Value configuration transformation finished. Start Key/Value storage process ..."); - - String serviceIdentifier = keyValueConfig.get(MOAIDConfigurationConstants.PREFIX_SERVICES); - if (MiscUtil.isEmpty(serviceIdentifier)) { - log.info("Use default ServiceIdentifier."); - serviceIdentifier = MOAIDConfigurationConstants.PREFIX_OA; - } - - String deleteServiceKey = - MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES + "." + serviceIdentifier + "." + String.valueOf(onlineapplication.getHjid()) + ".*"; - - configuration.getConfigModule().storeChanges(null, null, Arrays.asList(new String[]{deleteServiceKey})); - - log.info("MOA-ID Service Key/Value configuration successfull stored."); - return true; - - } catch (ConfigurationStorageException e) { - log.warn("MOAID Configuration can not be stored in Database", e); - - } - - return false; - + + } + + protected boolean delete(OnlineApplication onlineapplication) { + try { + log.debug("JaxB to Key/Value configuration transformation started ..."); + final Map keyValueConfig = + ConfigurationMigrationUtils.convertHyberJaxBOnlineApplicationToKeyValue(onlineapplication, null); + + log.debug( + "JaxB to Key/Value configuration transformation finished. Start Key/Value storage process ..."); + + String serviceIdentifier = keyValueConfig.get(MOAIDConfigurationConstants.PREFIX_SERVICES); + if (MiscUtil.isEmpty(serviceIdentifier)) { + log.info("Use default ServiceIdentifier."); + serviceIdentifier = MOAIDConfigurationConstants.PREFIX_OA; + } + + final String deleteServiceKey = + MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES + "." + serviceIdentifier + "." + String.valueOf( + onlineapplication.getHjid()) + ".*"; + + configuration.getConfigModule().storeChanges(null, null, Arrays.asList(new String[] { + deleteServiceKey })); + + log.info("MOA-ID Service Key/Value configuration successfull stored."); + return true; + + } catch (final ConfigurationStorageException e) { + log.warn("MOAID Configuration can not be stored in Database", e); + } - - public String bkuFramePreview() { - String preview = null; + return false; - try { - populateBasicInformations(); - - } catch (BasicActionException e) { - return Constants.STRUTS_ERROR; - - } - InputStream input = null; + } - try { - Object mapobj = session.getAttribute(Constants.SESSION_BKUFORMPREVIEW); - if (mapobj != null && mapobj instanceof Map) { - - ConfigurationProvider config = ConfigurationProvider.getInstance(); - String templateURL = config.getConfigRootDir() + ConfigurationProvider.HTMLTEMPLATE_DIR - + ConfigurationProvider.HTMLTEMPLATE_FILE; - - File file = new File(new URI(templateURL)); - input = new FileInputStream(file); - - String contextpath = config.getMOAIDInstanceURL(); - if (MiscUtil.isEmpty(contextpath)) { - log.info("NO MOA-ID instance URL configurated."); - input.close(); - throw new ConfigurationException("No MOA-ID instance configurated"); - - } - - //set parameters - Map params = (Map) mapobj; - params.put( - AbstractServiceProviderSpecificGUIFormBuilderConfiguration.PARAM_AUTHCONTEXT, - contextpath); - - request.setCharacterEncoding("UTF-8"); - String module = request.getParameter(Constants.REQUEST_FORMCUSTOM_MODULE); - String value = request.getParameter(Constants.REQUEST_FORMCUSTOM_VALUE); - - if (value != null) { - String[] query = URLDecoder.decode(request.getQueryString()).split("&"); - value = query[1].substring("value=".length()); - } + public String bkuFramePreview() { - synchronized (params) { - if (MiscUtil.isNotEmpty(module)) { - if (params.containsKey(module)) { - if (MiscUtil.isNotEmpty(value)) { - if (FormBuildUtils.PARAM_FONTFAMILY.contains(module) || FormBuildUtils.PARAM_HEADER_TEXT.contains(module) - || value.startsWith("#")) - params.put(module, value); - else - params.put(module, "#" + value); - - } else { - params.put(module, FormBuildUtils.getDefaultMap().get(module)); - } - } - } - } - - //write preview - VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine(); - VelocityContext context = new VelocityContext(); - Iterator> interator = params.entrySet().iterator(); - while (interator.hasNext()) { - Entry el = interator.next(); - context.put(el.getKey(), el.getValue()); - - } - StringWriter writer = new StringWriter(); - engine.evaluate(context, writer, "BKUSelection_preview", - new BufferedReader(new InputStreamReader(input))); - stream = new ByteArrayInputStream(writer.toString().getBytes("UTF-8")); + String preview = null; - } else { - preview = LanguageHelper.getErrorString("error.bkuformpreview.notpossible", request); + try { + populateBasicInformations(); - } + } catch (final BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + InputStream input = null; + + try { + final Object mapobj = session.getAttribute(Constants.SESSION_BKUFORMPREVIEW); + if (mapobj != null && mapobj instanceof Map) { + + final ConfigurationProvider config = ConfigurationProvider.getInstance(); + final String templateURL = config.getConfigRootDir() + ConfigurationProvider.HTMLTEMPLATE_DIR + + ConfigurationProvider.HTMLTEMPLATE_FILE; - } catch (Exception e) { - log.warn("BKUSelection Preview can not be generated.", e); - preview = LanguageHelper.getErrorString("error.bkuformpreview.notpossible", request); + final File file = new File(new URI(templateURL)); + input = new FileInputStream(file); + + final String contextpath = config.getMOAIDInstanceURL(); + if (MiscUtil.isEmpty(contextpath)) { + log.info("NO MOA-ID instance URL configurated."); + input.close(); + throw new ConfigurationException("No MOA-ID instance configurated"); } - if (stream == null && MiscUtil.isNotEmpty(preview)) { - try { - stream = new ByteArrayInputStream(preview.getBytes("UTF-8")); - - } catch (UnsupportedEncodingException e) { - e.printStackTrace(); - - } + // set parameters + final Map params = (Map) mapobj; + params.put( + AbstractGUIFormBuilderConfiguration.PARAM_AUTHCONTEXT, + contextpath); + + request.setCharacterEncoding("UTF-8"); + final String module = request.getParameter(Constants.REQUEST_FORMCUSTOM_MODULE); + String value = request.getParameter(Constants.REQUEST_FORMCUSTOM_VALUE); + + if (value != null) { + final String[] query = URLDecoder.decode(request.getQueryString()).split("&"); + value = query[1].substring("value=".length()); } - - - return Constants.STRUTS_SUCCESS; - } - - - /** - * @param oaidobj the oaidobj to set - */ - public void setOaidobj(String oaidobj) { - this.oaidobj = oaidobj; - } - - /** - * @return the newOA - */ - public boolean isNewOA() { - return newOA; - } - /** - * @param newOA the newOA to set - */ - public void setNewOA(boolean newOA) { - this.newOA = newOA; - } - - public OAGeneralConfig getGeneralOA() { - return (OAGeneralConfig) formList.get(new OAGeneralConfig().getName()); - } + synchronized (params) { + if (MiscUtil.isNotEmpty(module)) { + if (params.containsKey(module)) { + if (MiscUtil.isNotEmpty(value)) { + if (FormBuildUtils.PARAM_FONTFAMILY.contains(module) || FormBuildUtils.PARAM_HEADER_TEXT + .contains(module) + || value.startsWith("#")) { + params.put(module, value); + } else { + params.put(module, "#" + value); + } - public void setGeneralOA(OAGeneralConfig generalOA) { - formList.put(generalOA.getName(), generalOA); - } - - - public OAPVP2Config getPvp2OA() { - return (OAPVP2Config) formList.get(new OAPVP2Config().getName()); - } + } else { + params.put(module, FormBuildUtils.getDefaultMap().get(module)); + } + } + } + } + + // write preview + final VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine(); + final VelocityContext context = new VelocityContext(); + final Iterator> interator = params.entrySet().iterator(); + while (interator.hasNext()) { + final Entry el = interator.next(); + context.put(el.getKey(), el.getValue()); + + } + final StringWriter writer = new StringWriter(); + engine.evaluate(context, writer, "BKUSelection_preview", + new BufferedReader(new InputStreamReader(input))); + stream = new ByteArrayInputStream(writer.toString().getBytes("UTF-8")); + + } else { + preview = LanguageHelper.getErrorString("error.bkuformpreview.notpossible", request); + + } + + } catch (final Exception e) { + log.warn("BKUSelection Preview can not be generated.", e); + preview = LanguageHelper.getErrorString("error.bkuformpreview.notpossible", request); - public void setPvp2OA(OAPVP2Config pvp2oa) { - formList.put(pvp2oa.getName(), pvp2oa); } - /** - * @return the stream - */ - public InputStream getStream() { - return stream; - } + if (stream == null && MiscUtil.isNotEmpty(preview)) { + try { + stream = new ByteArrayInputStream(preview.getBytes("UTF-8")); + + } catch (final UnsupportedEncodingException e) { + e.printStackTrace(); + + } + } + return Constants.STRUTS_SUCCESS; + } + + /** + * @param oaidobj the oaidobj to set + */ + public void setOaidobj(String oaidobj) { + this.oaidobj = oaidobj; + } + + /** + * @return the newOA + */ + public boolean isNewOA() { + return newOA; + } + + /** + * @param newOA the newOA to set + */ + public void setNewOA(boolean newOA) { + this.newOA = newOA; + } + + public OAGeneralConfig getGeneralOA() { + return (OAGeneralConfig) formList.get(new OAGeneralConfig().getName()); + } + + public void setGeneralOA(OAGeneralConfig generalOA) { + formList.put(generalOA.getName(), generalOA); + } + + public OAPVP2Config getPvp2OA() { + return (OAPVP2Config) formList.get(new OAPVP2Config().getName()); + } + + public void setPvp2OA(OAPVP2Config pvp2oa) { + formList.put(pvp2oa.getName(), pvp2oa); + } + + /** + * @return the stream + */ + public InputStream getStream() { + return stream; + } } -- cgit v1.2.3