From 4ccab7e5eb0843a490ab8292514e1d654f801ba6 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Tue, 10 Dec 2013 16:17:40 +0100 Subject: stork OA config frontend --- id/ConfigWebTool/src/main/resources/applicationResources.properties | 3 +++ 1 file changed, 3 insertions(+) (limited to 'id/ConfigWebTool/src/main/resources') diff --git a/id/ConfigWebTool/src/main/resources/applicationResources.properties b/id/ConfigWebTool/src/main/resources/applicationResources.properties index 456c37ff1..fa955e944 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources.properties @@ -222,6 +222,9 @@ webpages.oaconfig.sso.singlelogouturl=Single Log-Out URL webpages.oaconfig.sso.useauthdataframe=Zus\u00E4tzliche Userabfrage webpages.oaconfig.sso.usesso=Single Sign-On verwenden +webpages.oaconfig.stork.header=Secure idenTity acrOss boRders linKed +webpages.oaconfig.stork.usestork=STORK Logon aktivieren + webpages.oaconfig.protocols.saml1.header=SAML1 Konfiguration webpages.oaconfig.saml1.isActice=SAML1 aktivieren webpages.oaconfig.saml1.provideStammZahl=Stammzahl \u00FCbertragen -- cgit v1.2.3 From 83773a3597dfccbf16c8265fa3ef9019706a3461 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 12 Dec 2013 12:23:55 +0100 Subject: peps list in general config --- .../id/configuration/data/GeneralStorkConfig.java | 43 ++++++++++++++++++++++ .../struts/action/EditGeneralConfigAction.java | 24 +++++++++++- .../main/resources/applicationResources.properties | 3 ++ .../src/main/webapp/jsp/editMOAConfig.jsp | 18 +++++++++ 4 files changed, 87 insertions(+), 1 deletion(-) (limited to 'id/ConfigWebTool/src/main/resources') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java index d0b108e1e..51c6e8aa4 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java @@ -1,5 +1,48 @@ package at.gv.egovernment.moa.id.configuration.data; +import java.util.ArrayList; +import java.util.List; + +import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral; +import at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS; +import at.gv.egovernment.moa.id.commons.db.dao.config.ForeignIdentities; +import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; +import at.gv.egovernment.moa.id.commons.db.dao.config.STORK; + public class GeneralStorkConfig { + private List cpepslist; + + public void parse(MOAIDConfiguration config) { + + if (config != null) { + AuthComponentGeneral auth = config.getAuthComponentGeneral(); + + if (auth != null) { + ForeignIdentities foreign = auth.getForeignIdentities(); + + if (foreign != null) { + STORK stork = foreign.getSTORK(); + if (stork != null) { + // deep clone to foreclose lazyloading session timeouts + cpepslist = new ArrayList(); + for(CPEPS current : stork.getCPEPS()) { + cpepslist.add(current); + } + } + } + } + } + } + + public List getCpepslist() { + return cpepslist; + } + + public void setCpepslist(List cpepslist) { + this.cpepslist = cpepslist; + } + + + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java index 61ab3cecd..b4ae27c6a 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java @@ -48,6 +48,7 @@ import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.data.GeneralMOAIDConfig; +import at.gv.egovernment.moa.id.configuration.data.GeneralStorkConfig; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.validation.moaconfig.MOAConfigValidator; import at.gv.egovernment.moa.id.util.Random; @@ -65,7 +66,8 @@ public class EditGeneralConfigAction extends ActionSupport private AuthenticatedUser authUser; private GeneralMOAIDConfig moaconfig; - + private GeneralStorkConfig storkconfig; + private String formID; public String loadConfig() { @@ -84,6 +86,8 @@ public class EditGeneralConfigAction extends ActionSupport moaconfig = new GeneralMOAIDConfig(); moaconfig.parse(dbconfig); + storkconfig = new GeneralStorkConfig(); + storkconfig.parse(dbconfig); ConfigurationDBUtils.closeSession(); @@ -531,6 +535,24 @@ public class EditGeneralConfigAction extends ActionSupport public void setMoaconfig(GeneralMOAIDConfig moaconfig) { this.moaconfig = moaconfig; } + + /** + * Gets the storkconfig. + * + * @return the storkconfig + */ + public GeneralStorkConfig getStorkconfig() { + return storkconfig; + } + + /** + * Sets the storkconfig. + * + * @param storkconfig the new storkconfig + */ + public void setStorkconfig(GeneralStorkConfig storkconfig) { + this.storkconfig = storkconfig; + } /** * @return the formID diff --git a/id/ConfigWebTool/src/main/resources/applicationResources.properties b/id/ConfigWebTool/src/main/resources/applicationResources.properties index fa955e944..5751783ae 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources.properties @@ -224,6 +224,9 @@ webpages.oaconfig.sso.usesso=Single Sign-On verwenden webpages.oaconfig.stork.header=Secure idenTity acrOss boRders linKed webpages.oaconfig.stork.usestork=STORK Logon aktivieren +webpages.moaconfig.stork.pepslist=C-PEPS Konfiguration +webpages.moaconfig.stork.newpeps=Neuen PEPS konfigurieren +webpages.moaconfig.stork.removepeps=l\u00F6schen webpages.oaconfig.protocols.saml1.header=SAML1 Konfiguration webpages.oaconfig.saml1.isActice=SAML1 aktivieren diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp index 05f4a1106..52fc79b68 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp @@ -226,6 +226,24 @@ +
+

<%=LanguageHelper.getGUIString("webpages.oaconfig.stork.header", request) %>

+

<%=LanguageHelper.getGUIString("webpages.moaconfig.stork.pepslist", request) %>

+ + + + + + + + + + + +
Country ShortcodePEPS URL
" onclick='this.parentNode.parentNode.parentNode.removeChild(this.parentNode.parentNode);'/>
+ " onclick='var target = document.getElementById("template"); var clone = target.cloneNode(true); clone.style=""; target.parentNode.appendChild(clone);' /> +
+

<%=LanguageHelper.getGUIString("webpages.moaconfig.protocols.header", request) %>

-- cgit v1.2.3 From 6f418eaa49c86c26a5d8cb0d9577545167ba850d Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Fri, 13 Dec 2013 10:01:36 +0100 Subject: peps save is validated --- .../struts/action/EditGeneralConfigAction.java | 3 ++ .../validation/moaconfig/StorkConfigValidator.java | 60 ++++++++++++++++++++++ .../main/resources/applicationResources.properties | 4 ++ 3 files changed, 67 insertions(+) create mode 100644 id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java (limited to 'id/ConfigWebTool/src/main/resources') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java index b4ae27c6a..5dc6f33e7 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java @@ -51,6 +51,7 @@ import at.gv.egovernment.moa.id.configuration.data.GeneralMOAIDConfig; import at.gv.egovernment.moa.id.configuration.data.GeneralStorkConfig; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.validation.moaconfig.MOAConfigValidator; +import at.gv.egovernment.moa.id.configuration.validation.moaconfig.StorkConfigValidator; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.util.MiscUtil; @@ -132,6 +133,8 @@ public class EditGeneralConfigAction extends ActionSupport MOAConfigValidator validator = new MOAConfigValidator(); List errors = validator.validate(moaconfig); + + errors.addAll(new StorkConfigValidator().validate(storkconfig)); if (errors.size() > 0) { log.info("General MOA-ID configuration has some erros."); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java new file mode 100644 index 000000000..91d5ecabd --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java @@ -0,0 +1,60 @@ +package at.gv.egovernment.moa.id.configuration.validation.moaconfig; + +import java.util.ArrayList; +import java.util.List; +import org.apache.log4j.Logger; + +import at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS; +import at.gv.egovernment.moa.id.configuration.data.GeneralStorkConfig; +import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; +import at.gv.egovernment.moa.util.MiscUtil; + +public class StorkConfigValidator { + + private static final Logger log = Logger.getLogger(StorkConfigValidator.class); + + public List validate(GeneralStorkConfig form) { + + List errors = new ArrayList(); + + log.debug("Validate general STORK configuration"); + + // check peps list + for(CPEPS current : form.getCpepslist()) { + // check country code + String check = current.getCountryCode(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("CPEPS config countrycode contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.cc", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + } + if(!check.toLowerCase().matches("^[a-z][a-z]$")) { + log.warn("CPEPS config countrycode does not comply to ISO 3166-2 : " + check); + errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.cc", + new Object[] {check} )); + } + } else { + log.warn("CPEPS config countrycode is empty : " + check); + errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.empty", + new Object[] {check} )); + } + + // check url + check = current.getURL(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("CPEPS config URL is invalid : " + check); + errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.url")); + } + } else { + log.warn("CPEPS config url is empty : " + check); + errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.empty", + new Object[] {check} )); + } + } + + return errors; + } +} diff --git a/id/ConfigWebTool/src/main/resources/applicationResources.properties b/id/ConfigWebTool/src/main/resources/applicationResources.properties index 5751783ae..f79b5a286 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources.properties @@ -370,6 +370,10 @@ validation.general.oaidentifier.empty=Es wurde kein eindeutiger Identifier f\u00 validation.general.oaidentifier.valid=Der eindeutige Identifier f\u00FCr die Online-Applikation ist keine g\u00FCltige URL. validation.general.oaidentifier.notunique=Der gew\u00E4hlte eindeutige Identifier ist bereits vorhanden. Eine Eintragung der Online-Applikation ist nicht m\u00F6glich. +validation.stork.cpeps.cc=CPEPS L\u00E4ndercode folgt nicht ISO 3166-2 +validation.stork.cpeps.empty=CPEPS Konfiguration ist unvollst\u00E4ndig +validation.stork.cpeps.url=CPEPS URL ist ung\u00FCltig + validation.pvp2.metadataurl.empty=Keine Metadaten URL angegeben. validation.pvp2.metadataurl.valid=Die Metadaten URL wei\u00DFt kein g\u00FCltiges URL Format auf. validation.pvp2.metadataurl.read=Unter der angegebenen Metadaten URL konnten keine Informationen abgerufen werden. -- cgit v1.2.3 From 999756bd381ec4d81db7db7bb59863ad549d69b0 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Tue, 17 Dec 2013 13:52:47 +0100 Subject: default qaa and attributes persisted and validated --- .../id/configuration/data/GeneralStorkConfig.java | 44 +++++++++++++++++++++- .../struts/action/EditGeneralConfigAction.java | 4 +- .../validation/moaconfig/StorkConfigValidator.java | 23 +++++++++++ .../main/resources/applicationResources.properties | 4 ++ .../src/main/webapp/jsp/editMOAConfig.jsp | 10 +++++ 5 files changed, 83 insertions(+), 2 deletions(-) (limited to 'id/ConfigWebTool/src/main/resources') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java index 41d19d116..f270ab624 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java @@ -3,15 +3,20 @@ package at.gv.egovernment.moa.id.configuration.data; import java.util.ArrayList; import java.util.List; +import edu.emory.mathcs.backport.java.util.Arrays; + import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral; import at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS; import at.gv.egovernment.moa.id.commons.db.dao.config.ForeignIdentities; import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; +import at.gv.egovernment.moa.id.commons.db.dao.config.RequestedAttributesType; import at.gv.egovernment.moa.id.commons.db.dao.config.STORK; public class GeneralStorkConfig { private List cpepslist; + private List attributes; + private int qaa; public void parse(MOAIDConfiguration config) { @@ -29,6 +34,19 @@ public class GeneralStorkConfig { for(CPEPS current : stork.getCPEPS()) { cpepslist.add(current); } + + RequestedAttributesType tmp = stork.getRequestedAttributes(); + if(null != tmp) { + attributes = new ArrayList(); + for(String current : tmp.getAttributeValue()) + attributes.add(current); + } + + try { + qaa = stork.getQualityAuthenticationAssuranceLevel(); + } catch(NullPointerException e) { + qaa = 4; + } } } } @@ -40,6 +58,30 @@ public class GeneralStorkConfig { } public void setCpepslist(List list) { - this.cpepslist = list; + cpepslist = list; + } + + public RequestedAttributesType getRequestedAttributesType() { + RequestedAttributesType tmp = new RequestedAttributesType(); + tmp.setAttributeValue(attributes); + return tmp; + } + + public String getDefaultAttributes() { + return Arrays.toString(attributes.toArray()).replace("[", "").replace("]", ""); + } + + public void setDefaultAttributes(String attributes) { + this.attributes = new ArrayList(); + for(String current : attributes.split(",")) + this.attributes.add(current.trim()); + } + + public int getDefaultQaa() { + return qaa; + } + + public void setDefaultQaa(int qaa) { + this.qaa = qaa; } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java index 092dd5613..72da0b59f 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java @@ -397,11 +397,13 @@ public class EditGeneralConfigAction extends ActionSupport if (oldstork != null) oldstork = new STORK(); + oldstork.setQualityAuthenticationAssuranceLevel(storkconfig.getDefaultQaa()); + oldstork.setRequestedAttributes(storkconfig.getRequestedAttributesType()); oldstork.setCPEPS(storkconfig.getCpepslist()); dbforeign.setSTORK(oldstork); } } - + if (MiscUtil.isNotEmpty(moaconfig.getMandateURL())) { OnlineMandates dbmandate = dbauth.getOnlineMandates(); if (dbmandate == null) { diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java index 91d5ecabd..4ee247695 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java @@ -55,6 +55,29 @@ public class StorkConfigValidator { } } + // check qaa + int qaa = form.getDefaultQaa(); + if(1 > qaa && 4 < qaa) { + log.warn("QAA is out of range : " + qaa); + errors.add(LanguageHelper.getErrorString("validation.stork.qaa.outofrange", + new Object[] {qaa} )); + } + + // check attributes + String check = form.getDefaultAttributes(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, true)) { + log.warn("default attributes contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + } + if(!check.toLowerCase().matches("^[a-z0-9, ]*$")) { + log.warn("default attributes do not match the requested format : " + check); + errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes", + new Object[] {check} )); + } + } + return errors; } } diff --git a/id/ConfigWebTool/src/main/resources/applicationResources.properties b/id/ConfigWebTool/src/main/resources/applicationResources.properties index f79b5a286..2dacf14a2 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources.properties @@ -227,6 +227,8 @@ webpages.oaconfig.stork.usestork=STORK Logon aktivieren webpages.moaconfig.stork.pepslist=C-PEPS Konfiguration webpages.moaconfig.stork.newpeps=Neuen PEPS konfigurieren webpages.moaconfig.stork.removepeps=l\u00F6schen +webpages.moaconfig.stork.requestedattributes.default=Standardattribute, die von STORK angefordert werden +webpages.moaconfig.stork.qaa.default=Standard QAA-Level ausw\u00E4hlen webpages.oaconfig.protocols.saml1.header=SAML1 Konfiguration webpages.oaconfig.saml1.isActice=SAML1 aktivieren @@ -373,6 +375,8 @@ validation.general.oaidentifier.notunique=Der gew\u00E4hlte eindeutige Identifie validation.stork.cpeps.cc=CPEPS L\u00E4ndercode folgt nicht ISO 3166-2 validation.stork.cpeps.empty=CPEPS Konfiguration ist unvollst\u00E4ndig validation.stork.cpeps.url=CPEPS URL ist ung\u00FCltig +validation.stork.requestedattributes=STORK Attribute sind fehlerhaft. Bsp.: attr1, attr2 +validation.stork.qaa.outofrange=Gültige QAA Werte sind 1, 2, 3, und 4 validation.pvp2.metadataurl.empty=Keine Metadaten URL angegeben. validation.pvp2.metadataurl.valid=Die Metadaten URL wei\u00DFt kein g\u00FCltiges URL Format auf. diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp index 1b87ffc57..df6a43e7a 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp @@ -228,6 +228,16 @@

<%=LanguageHelper.getGUIString("webpages.oaconfig.stork.header", request) %>

+ +

<%=LanguageHelper.getGUIString("webpages.moaconfig.stork.pepslist", request) %>

-- cgit v1.2.3 From 1bb655bbb372f069e907c6ddcc40a43ca1f36e09 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Thu, 19 Dec 2013 11:01:44 +0100 Subject: OA qaa and attributes gui --- .../src/main/resources/applicationResources.properties | 4 +++- id/ConfigWebTool/src/main/webapp/js/common.js | 7 +++++++ id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp | 16 ++++++++++++++-- 3 files changed, 24 insertions(+), 3 deletions(-) (limited to 'id/ConfigWebTool/src/main/resources') diff --git a/id/ConfigWebTool/src/main/resources/applicationResources.properties b/id/ConfigWebTool/src/main/resources/applicationResources.properties index 2dacf14a2..0ac4b2cbc 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources.properties @@ -229,6 +229,8 @@ webpages.moaconfig.stork.newpeps=Neuen PEPS konfigurieren webpages.moaconfig.stork.removepeps=l\u00F6schen webpages.moaconfig.stork.requestedattributes.default=Standardattribute, die von STORK angefordert werden webpages.moaconfig.stork.qaa.default=Standard QAA-Level ausw\u00E4hlen +webpages.moaconfig.stork.requestedattributes=Attribute, die von STORK angefordert werden +webpages.moaconfig.stork.qaa=Mindest-QAA-Level f\u00FCr diese OA ausw\u00E4hlen webpages.oaconfig.protocols.saml1.header=SAML1 Konfiguration webpages.oaconfig.saml1.isActice=SAML1 aktivieren @@ -401,4 +403,4 @@ validation.general.form.button.color.back.focus=Die Hintergrundfarbe f\\u00FCr F validation.general.form.button.color.back=Die Hintergrundfarbe der BKU-Auswahlbuttons enth\\u00E4lt keinen g\\u00FCltigen Hexadezimalwert. (z.B. \\\#FFFFFF) validation.general.form.button.color.front=Die Vordergrundfarbe der BKU-Auswahlbuttons enth\\u00E4lt keinen g\\u00FCltigen Hexadezimalwert. (z.B. \\\#FFFFFF) validation.general.form.appletredirecttarget=Der RedirectTarget beinhaltet einen ung\\u00FCltiten Wert. -validation.general.form.fonttype=Der BKU-Auswahl Schrifttyp enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} \ No newline at end of file +validation.general.form.fonttype=Der BKU-Auswahl Schrifttyp enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} diff --git a/id/ConfigWebTool/src/main/webapp/js/common.js b/id/ConfigWebTool/src/main/webapp/js/common.js index e6fcdf977..b07b31205 100644 --- a/id/ConfigWebTool/src/main/webapp/js/common.js +++ b/id/ConfigWebTool/src/main/webapp/js/common.js @@ -22,6 +22,13 @@ function oaSSOService() { } } +function oaStork() { + if ($('#OAuseSTORKLogon').attr('checked') == 'checked') { + $('#stork_block').css('display', "block"); + } else { + $('#stork_block').css('display', "none"); + } +} function oaSAML1() { if ($('#oa_saml1_area').css('display') == "block") { $('#oa_saml1_area').css('display', "none"); diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp index 3234c6a86..d12a47b9e 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp @@ -310,8 +310,20 @@ labelposition="left" key="webpages.oaconfig.stork.usestork" cssClass="checkbox" - id="OAuseSTORKLogon"> - + onclick="oaStork();" + id="OAuseSTORKLogon" /> +
+ + +
-- cgit v1.2.3 From 7c39d9e0cff15a87678bf68d6d754ee1e720ca12 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Tue, 7 Jan 2014 13:48:06 +0100 Subject: attr table in global config --- .../id/configuration/data/GeneralStorkConfig.java | 11 ++++------ .../validation/moaconfig/StorkConfigValidator.java | 25 +++++++++++++--------- .../main/resources/applicationResources.properties | 4 ++-- .../src/main/webapp/jsp/editMOAConfig.jsp | 13 ++++++----- 4 files changed, 29 insertions(+), 24 deletions(-) (limited to 'id/ConfigWebTool/src/main/resources') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java index 8b527aa8f..695caa3fd 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java @@ -1,7 +1,6 @@ package at.gv.egovernment.moa.id.configuration.data; import java.util.ArrayList; -import java.util.Arrays; import java.util.List; import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral; @@ -66,14 +65,12 @@ public class GeneralStorkConfig { return tmp; } - public String getDefaultAttributes() { - return Arrays.toString(attributes.toArray()).replace("[", "").replace("]", ""); + public List getAttributes() { + return attributes; } - public void setDefaultAttributes(String attributes) { - this.attributes = new ArrayList(); - for(String current : attributes.split(",")) - this.attributes.add(current.trim()); + public void setAttributes(List attributes) { + this.attributes = attributes; } public int getDefaultQaa() { diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java index 730466e15..cc5d0f2c4 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java @@ -64,18 +64,23 @@ public class StorkConfigValidator { } // check attributes - String check = form.getDefaultAttributes(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsPotentialCSSCharacter(check, true)) { - log.warn("default attributes contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes", - new Object[] {ValidationHelper.getPotentialCSSCharacter(true)} )); - } - if(!check.toLowerCase().matches("^[a-z0-9, ]*$")) { - log.warn("default attributes do not match the requested format : " + check); + if (MiscUtil.isNotEmpty(form.getAttributes())) { + for(String check : form.getAttributes()) { + if (ValidationHelper.containsPotentialCSSCharacter(check, true)) { + log.warn("default attributes contains potentail XSS characters: " + check); errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes", - new Object[] {check} )); + new Object[] {ValidationHelper.getPotentialCSSCharacter(true)} )); + } + if(!check.toLowerCase().matches("^[a-z0-9]*$")) { + log.warn("default attributes do not match the requested format : " + check); + errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes", + new Object[] {check} )); + } } + } else { + log.warn("no attributes specified"); + errors.add(LanguageHelper.getErrorString("validation.stork.attributes.empty", + new Object[] {} )); } return errors; diff --git a/id/ConfigWebTool/src/main/resources/applicationResources.properties b/id/ConfigWebTool/src/main/resources/applicationResources.properties index 0ac4b2cbc..14f282c85 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources.properties @@ -227,9 +227,8 @@ webpages.oaconfig.stork.usestork=STORK Logon aktivieren webpages.moaconfig.stork.pepslist=C-PEPS Konfiguration webpages.moaconfig.stork.newpeps=Neuen PEPS konfigurieren webpages.moaconfig.stork.removepeps=l\u00F6schen -webpages.moaconfig.stork.requestedattributes.default=Standardattribute, die von STORK angefordert werden webpages.moaconfig.stork.qaa.default=Standard QAA-Level ausw\u00E4hlen -webpages.moaconfig.stork.requestedattributes=Attribute, die von STORK angefordert werden +webpages.moaconfig.stork.attributes.heading=Attributkonfiguration webpages.moaconfig.stork.qaa=Mindest-QAA-Level f\u00FCr diese OA ausw\u00E4hlen webpages.oaconfig.protocols.saml1.header=SAML1 Konfiguration @@ -379,6 +378,7 @@ validation.stork.cpeps.empty=CPEPS Konfiguration ist unvollst\u00E4ndig validation.stork.cpeps.url=CPEPS URL ist ung\u00FCltig validation.stork.requestedattributes=STORK Attribute sind fehlerhaft. Bsp.: attr1, attr2 validation.stork.qaa.outofrange=Gültige QAA Werte sind 1, 2, 3, und 4 +validation.stork.attributes.empty=Es muss mindestens ein Attribut definiert sein validation.pvp2.metadataurl.empty=Keine Metadaten URL angegeben. validation.pvp2.metadataurl.valid=Die Metadaten URL wei\u00DFt kein g\u00FCltiges URL Format auf. diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp index df6a43e7a..aff2028ac 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp @@ -228,11 +228,6 @@

<%=LanguageHelper.getGUIString("webpages.oaconfig.stork.header", request) %>

-
Country ShortcodePEPS URL
" onclick='newPeps();' /> +

<%=LanguageHelper.getGUIString("webpages.moaconfig.stork.attributes.heading", request) %>

+ + + + + + +
Attribute Name
-- cgit v1.2.3 From c26721de9136104520fd0ce9e8aba91b480a4bb9 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Tue, 7 Jan 2014 15:12:46 +0100 Subject: new attribute button --- .../src/main/resources/applicationResources.properties | 1 + id/ConfigWebTool/src/main/webapp/js/common.js | 9 +++++++++ id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp | 3 ++- 3 files changed, 12 insertions(+), 1 deletion(-) (limited to 'id/ConfigWebTool/src/main/resources') diff --git a/id/ConfigWebTool/src/main/resources/applicationResources.properties b/id/ConfigWebTool/src/main/resources/applicationResources.properties index 14f282c85..712c8f56b 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources.properties @@ -229,6 +229,7 @@ webpages.moaconfig.stork.newpeps=Neuen PEPS konfigurieren webpages.moaconfig.stork.removepeps=l\u00F6schen webpages.moaconfig.stork.qaa.default=Standard QAA-Level ausw\u00E4hlen webpages.moaconfig.stork.attributes.heading=Attributkonfiguration +webpages.moaconfig.stork.attributes.new=Neues Attribut hinzuf\u00FCgen webpages.moaconfig.stork.qaa=Mindest-QAA-Level f\u00FCr diese OA ausw\u00E4hlen webpages.oaconfig.protocols.saml1.header=SAML1 Konfiguration diff --git a/id/ConfigWebTool/src/main/webapp/js/common.js b/id/ConfigWebTool/src/main/webapp/js/common.js index b07b31205..774bffd8d 100644 --- a/id/ConfigWebTool/src/main/webapp/js/common.js +++ b/id/ConfigWebTool/src/main/webapp/js/common.js @@ -194,3 +194,12 @@ function newPeps() { clone.innerHTML = clone.innerHTML.replace(/(.*" value=").*?(".*)/g, '$1$2'); target.parentNode.appendChild(clone); } +function newStorkAttribute() { + var target = $(document.getElementById("stork_attributelist").getElementsByTagName("tr")).last()[0]; + var clone = target.cloneNode(true); + var lastindex = parseInt(clone.innerHTML.match(/name="storkconfig.attributes\[(\d)/)[1]); + var nextindex = lastindex + 1; + clone.innerHTML = clone.innerHTML.replace(/name="storkconfig.attributes\[\d/g, 'name="storkconfig.attributes[' + nextindex); + clone.innerHTML = clone.innerHTML.replace(/(.*" value=").*?(".*)/g, '$1$2'); + target.parentNode.appendChild(clone); +} \ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp index 078e5f681..0f8ec5f1b 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp @@ -244,7 +244,7 @@ " onclick='newPeps();' />

<%=LanguageHelper.getGUIString("webpages.moaconfig.stork.attributes.heading", request) %>

- +
@@ -252,6 +252,7 @@
Attribute NameMandatory
+ " onclick='newStorkAttribute();' />
-- cgit v1.2.3 From 6ef9296d79741b455530f70262003fefd51ee85c Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Tue, 7 Jan 2014 15:17:56 +0100 Subject: i18n --- .../moa/id/configuration/data/StorkAttributes.java | 28 ---------------------- .../main/resources/applicationResources.properties | 3 +++ .../src/main/webapp/jsp/editMOAConfig.jsp | 4 ++-- 3 files changed, 5 insertions(+), 30 deletions(-) delete mode 100644 id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/StorkAttributes.java (limited to 'id/ConfigWebTool/src/main/resources') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/StorkAttributes.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/StorkAttributes.java deleted file mode 100644 index b1857aea1..000000000 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/StorkAttributes.java +++ /dev/null @@ -1,28 +0,0 @@ -package at.gv.egovernment.moa.id.configuration.data; - -public class StorkAttributes { - - - public AttributValues eIdentifier; - - - public void parse() { - eIdentifier = AttributValues.MANDATORY; - } - - - public enum AttributValues { - MANDATORY, OPTIONAL, NOT; - - public String getValue() { - if (this == MANDATORY) - return MANDATORY.name(); - if (this == OPTIONAL) - return OPTIONAL.name(); - else - return NOT.name(); - } - } - -} - diff --git a/id/ConfigWebTool/src/main/resources/applicationResources.properties b/id/ConfigWebTool/src/main/resources/applicationResources.properties index 712c8f56b..8691ab8ae 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources.properties @@ -230,6 +230,9 @@ webpages.moaconfig.stork.removepeps=l\u00F6schen webpages.moaconfig.stork.qaa.default=Standard QAA-Level ausw\u00E4hlen webpages.moaconfig.stork.attributes.heading=Attributkonfiguration webpages.moaconfig.stork.attributes.new=Neues Attribut hinzuf\u00FCgen +webpages.moaconfig.stork.attributes.heading.name=Attributname +webpages.moaconfig.stork.attributes.heading.mandatory=zwingend +webpages.moaconfig.stork.attributes.remove=l\u00F6schen webpages.moaconfig.stork.qaa=Mindest-QAA-Level f\u00FCr diese OA ausw\u00E4hlen webpages.oaconfig.protocols.saml1.header=SAML1 Konfiguration diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp index 0f8ec5f1b..a86daf699 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp @@ -245,11 +245,11 @@ " onclick='newPeps();' />

<%=LanguageHelper.getGUIString("webpages.moaconfig.stork.attributes.heading", request) %>

- + - +
Attribute NameMandatory
<%=LanguageHelper.getGUIString("webpages.moaconfig.stork.attributes.heading.name", request) %><%=LanguageHelper.getGUIString("webpages.moaconfig.stork.attributes.heading.mandatory", request) %>
" onclick='this.parentNode.parentNode.parentNode.removeChild(this.parentNode.parentNode);'/>
" onclick='newStorkAttribute();' /> -- cgit v1.2.3 From d4a8d57e4cd10fc7e427f936983ae7c28aa6eab2 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 30 Jan 2014 15:03:56 +0100 Subject: add functionality for global authentication protocol activation/deactivation --- .../id/configuration/data/GeneralMOAIDConfig.java | 64 +++++++++++++++ .../struts/action/EditGeneralConfigAction.java | 19 +++++ .../main/resources/applicationResources.properties | 2 + id/ConfigWebTool/src/main/webapp/css/index.css | 23 ++++-- .../src/main/webapp/jsp/editMOAConfig.jsp | 28 ++++++- .../auth/exception/ProtocolNotActiveException.java | 44 +++++++++++ .../id/config/auth/AuthConfigurationProvider.java | 22 +++++- .../moa/id/config/auth/data/ProtocolAllowed.java | 91 ++++++++++++++++++++++ .../moa/id/entrypoints/DispatcherServlet.java | 18 ++++- .../oauth20/protocol/OAuth20Protocol.java | 9 +++ .../moa/id/protocols/pvp2x/PVP2XProtocol.java | 10 +++ .../moa/id/protocols/saml1/SAML1Protocol.java | 8 ++ .../resources/properties/id_messages_de.properties | 3 +- .../src/main/resources/config/moaid_config_2.0.xsd | 15 +++- 14 files changed, 339 insertions(+), 17 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ProtocolNotActiveException.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/ProtocolAllowed.java (limited to 'id/ConfigWebTool/src/main/resources') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java index 4da4d3907..c6b9b984a 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java @@ -40,10 +40,12 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; import at.gv.egovernment.moa.id.commons.db.dao.config.LegacyAllowed; import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; import at.gv.egovernment.moa.id.commons.db.dao.config.MOASP; +import at.gv.egovernment.moa.id.commons.db.dao.config.OAuth; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineMandates; import at.gv.egovernment.moa.id.commons.db.dao.config.Organization; import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2; import at.gv.egovernment.moa.id.commons.db.dao.config.Protocols; +import at.gv.egovernment.moa.id.commons.db.dao.config.SAML1; import at.gv.egovernment.moa.id.commons.db.dao.config.SLRequestTemplates; import at.gv.egovernment.moa.id.commons.db.dao.config.SSO; import at.gv.egovernment.moa.id.commons.db.dao.config.STORK; @@ -81,6 +83,10 @@ public class GeneralMOAIDConfig { private String mandateURL = null; + private boolean protocolActiveSAML1 = false; + private boolean protocolActivePVP21 = true; + private boolean protocolActiveOAuth = true; + private boolean legacy_saml1 = false; private boolean legacy_pvp2 = false; @@ -205,8 +211,23 @@ public class GeneralMOAIDConfig { legacy_pvp2 = true; } + SAML1 saml1 = protocols.getSAML1(); + if (saml1 != null) { + protocolActiveSAML1 = saml1.isIsActive(); + + } + + OAuth oauth = protocols.getOAuth(); + if (oauth != null) { + protocolActiveOAuth = saml1.isIsActive(); + + } + PVP2 pvp2 = protocols.getPVP2(); if (pvp2 != null) { + + protocolActivePVP21 = pvp2.isIsActive(); + pvp2PublicUrlPrefix = pvp2.getPublicURLPrefix(); pvp2IssuerName = pvp2.getIssuerName(); @@ -850,6 +871,49 @@ public class GeneralMOAIDConfig { this.fileUploadFileName = new ArrayList(); this.fileUploadFileName.add(fileUploadFileName); } + + /** + * @return the protocolActiveSAML1 + */ + public boolean isProtocolActiveSAML1() { + return protocolActiveSAML1; + } + + /** + * @param protocolActiveSAML1 the protocolActiveSAML1 to set + */ + public void setProtocolActiveSAML1(boolean protocolActiveSAML1) { + this.protocolActiveSAML1 = protocolActiveSAML1; + } + + /** + * @return the protocolActivePVP21 + */ + public boolean isProtocolActivePVP21() { + return protocolActivePVP21; + } + + /** + * @param protocolActivePVP21 the protocolActivePVP21 to set + */ + public void setProtocolActivePVP21(boolean protocolActivePVP21) { + this.protocolActivePVP21 = protocolActivePVP21; + } + + /** + * @return the protocolActiveOAuth + */ + public boolean isProtocolActiveOAuth() { + return protocolActiveOAuth; + } + + /** + * @param protocolActiveOAuth the protocolActiveOAuth to set + */ + public void setProtocolActiveOAuth(boolean protocolActiveOAuth) { + this.protocolActiveOAuth = protocolActiveOAuth; + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java index f1a8c8694..362579c9f 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java @@ -53,10 +53,12 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.IdentityLinkSigners; import at.gv.egovernment.moa.id.commons.db.dao.config.LegacyAllowed; import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; import at.gv.egovernment.moa.id.commons.db.dao.config.MOASP; +import at.gv.egovernment.moa.id.commons.db.dao.config.OAuth; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineMandates; import at.gv.egovernment.moa.id.commons.db.dao.config.Organization; import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2; import at.gv.egovernment.moa.id.commons.db.dao.config.Protocols; +import at.gv.egovernment.moa.id.commons.db.dao.config.SAML1; import at.gv.egovernment.moa.id.commons.db.dao.config.SLRequestTemplates; import at.gv.egovernment.moa.id.commons.db.dao.config.SSO; import at.gv.egovernment.moa.id.commons.db.dao.config.STORK; @@ -271,11 +273,28 @@ public class EditGeneralConfigAction extends ActionSupport el.add(Constants.MOA_CONFIG_PROTOCOL_SAML1); legprot.setProtocolName(el); + SAML1 saml1= dbprotocols.getSAML1(); + if (saml1 == null) { + saml1 = new SAML1(); + dbprotocols.setSAML1(saml1); + } + saml1.setIsActive(moaconfig.isProtocolActiveSAML1()); + + OAuth oauth= dbprotocols.getOAuth(); + if (oauth == null) { + oauth = new OAuth(); + dbprotocols.setOAuth(oauth); + } + oauth.setIsActive(moaconfig.isProtocolActiveOAuth()); + PVP2 pvp2 = dbprotocols.getPVP2(); if (pvp2 == null) { pvp2 = new PVP2(); dbprotocols.setPVP2(pvp2); } + + pvp2.setIsActive(moaconfig.isProtocolActivePVP21()); + if (MiscUtil.isNotEmpty(moaconfig.getPvp2IssuerName())) pvp2.setIssuerName(moaconfig.getPvp2IssuerName()); if (MiscUtil.isNotEmpty(moaconfig.getPvp2PublicUrlPrefix())) diff --git a/id/ConfigWebTool/src/main/resources/applicationResources.properties b/id/ConfigWebTool/src/main/resources/applicationResources.properties index 456c37ff1..454175125 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources.properties @@ -124,9 +124,11 @@ webpages.moaconfig.sso.FriendlyName=SSO Service Name webpages.moaconfig.services.sso.Target=SSO Service Target webpages.moaconfig.services.sso.SpecialText=SSO AuthBlockText webpages.moaconfig.protocols.header=Protokolle +webpages.moaconfig.protocols.allowed.header=Protokolle aktivieren webpages.moaconfig.protocols.legacy.header=Legacy Modus aktivieren webpages.moaconfig.protocols.legacy.saml1=SAML1 webpages.moaconfig.protocols.legacy.pvp2=PVP2.1 +webpages.moaconfig.protocols.oauth=OpenID Connect webpages.moaconfig.protocols.pvp2.header=PVP2 Konfiguration webpages.moaconfig.protocols.pvp2.PublicUrlPrefix=PVP2 Service URL-Prefix webpages.moaconfig.protocols.pvp2.IssuerName=PVP Service Name diff --git a/id/ConfigWebTool/src/main/webapp/css/index.css b/id/ConfigWebTool/src/main/webapp/css/index.css index 14591f1dc..79f8b4e72 100644 --- a/id/ConfigWebTool/src/main/webapp/css/index.css +++ b/id/ConfigWebTool/src/main/webapp/css/index.css @@ -1,10 +1,14 @@ @CHARSET "UTF-8"; +body { + font-size: 1em; +} + #header_area { padding-bottom: 10px; background-color: #6FA5D4; display: block; - font-size: 20px; + font-size: 1.2em; /* margin-left: 25px; */ padding-top: 10px; padding-left: 25px; @@ -12,7 +16,7 @@ } #header_area>div { - font-size: 20px; + font-size: 1.2em; margin-left: 25px; padding-top: 8px; } @@ -69,7 +73,7 @@ .menu_element { margin-top: 15px; margin-bottom: 15px; - font-size: 20px; + font-size: 1.2em; display: block; /* background-color: red; */ background-color: #6FA5D4; @@ -96,7 +100,7 @@ } #message_area label { - font-size: 18px; + font-size: 1.1em; font-weight: bold; } @@ -105,7 +109,7 @@ } #error_area label{ - font-size: 18px; + font-size: 1.1em; font-weight: bold; } @@ -220,6 +224,11 @@ margin-left: 10px; } +#moageneral_active_protocol>.wwgrp { + float: left; + clear: none; +} + #moageneral_legacy_protocol>.wwgrp { clear: none; } @@ -318,7 +327,7 @@ div .wwgrp br { border-bottom-style: none; display: table-header-group; font-weight: bold; - font-size: 18px; + font-size: 1.1em; } .listFirst { @@ -371,7 +380,7 @@ div .wwgrp br { padding-left: 30px; position: relative; top: 15px; - font-size: 20px; + font-size: 1.2em; text-align: center; padding-top: 10px; border-radius: 3px; diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp index 05f4a1106..de2548535 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp @@ -228,7 +228,31 @@

<%=LanguageHelper.getGUIString("webpages.moaconfig.protocols.header", request) %>

- + +
+

<%=LanguageHelper.getGUIString("webpages.moaconfig.protocols.allowed.header", request) %>

+ + + + + + +
+ +
+

<%=LanguageHelper.getGUIString("webpages.moaconfig.protocols.legacy.header", request) %>

+
+

<%=LanguageHelper.getGUIString("webpages.moaconfig.protocols.pvp2.header", request) %>

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ProtocolNotActiveException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ProtocolNotActiveException.java new file mode 100644 index 000000000..fe2bcedca --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ProtocolNotActiveException.java @@ -0,0 +1,44 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.exception; + +/** + * @author tlenz + * + */ +public class ProtocolNotActiveException extends MOAIDException { + + /** + * + */ + private static final long serialVersionUID = 1832697083163940710L; + + /** + * @param messageId + * @param parameters + */ + public ProtocolNotActiveException(String messageId, Object[] parameters) { + super(messageId, parameters); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index 69a73215a..d1872b2bc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -105,6 +105,7 @@ import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.config.ConnectionParameterForeign; import at.gv.egovernment.moa.id.config.ConnectionParameterMOASP; import at.gv.egovernment.moa.id.config.ConnectionParameterMandate; +import at.gv.egovernment.moa.id.config.auth.data.ProtocolAllowed; import at.gv.egovernment.moa.id.config.legacy.BuildFromLegacyConfig; import at.gv.egovernment.moa.id.config.stork.STORKConfig; import at.gv.egovernment.moa.id.data.IssuerAndSerial; @@ -190,6 +191,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider { private static String alternativesourceid = null; private static List legacyallowedprotocols = new ArrayList(); + private static ProtocolAllowed allowedProtcols = null; private static VerifyAuthBlock verifyidl = null; @@ -246,6 +248,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider { return instance; } + /** * Constructor for AuthConfigurationProvider. * @param fileName @@ -515,8 +518,22 @@ public class AuthConfigurationProvider extends ConfigurationProvider { //set PVP2 general config Protocols protocols = auth.getProtocols(); if (protocols != null) { + + allowedProtcols = new ProtocolAllowed(); + + if (protocols.getSAML1() != null) { + allowedProtcols.setSAML1Active(protocols.getSAML1().isIsActive()); + } + + if (protocols.getOAuth() != null) { + allowedProtcols.setOAUTHActive(protocols.getOAuth().isIsActive()); + } + if (protocols.getPVP2() != null) { - PVP2 el = protocols.getPVP2();; + PVP2 el = protocols.getPVP2(); + + allowedProtcols.setPVP21Active(el.isIsActive()); + pvp2general = new PVP2(); pvp2general.setIssuerName(el.getIssuerName()); pvp2general.setPublicURLPrefix(el.getPublicURLPrefix()); @@ -730,6 +747,9 @@ public class AuthConfigurationProvider extends ConfigurationProvider { return this.getGeneralProperiesConfig("protocols.oauth20."); } + public ProtocolAllowed getAllowedProtocols() { + return this.allowedProtcols; + } public PVP2 getGeneralPVP2DBConfig() { return pvp2general; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/ProtocolAllowed.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/ProtocolAllowed.java new file mode 100644 index 000000000..a04fb1626 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/ProtocolAllowed.java @@ -0,0 +1,91 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.auth.data; + +/** + * @author tlenz + * + */ +public class ProtocolAllowed { + + private boolean isSAML1Active = false; + private boolean isPVP21Active = true; + private boolean isOAUTHActive = true; + + /** + * + */ + public ProtocolAllowed() { + + } + + /** + * + */ + public ProtocolAllowed(boolean saml1, boolean pvp21, boolean oauth) { + this.isOAUTHActive = oauth; + this.isPVP21Active = pvp21; + this.isSAML1Active = saml1; + + } + + /** + * @return the isSAML1Active + */ + public boolean isSAML1Active() { + return isSAML1Active; + } + /** + * @param isSAML1Active the isSAML1Active to set + */ + public void setSAML1Active(boolean isSAML1Active) { + this.isSAML1Active = isSAML1Active; + } + /** + * @return the isPVP21Active + */ + public boolean isPVP21Active() { + return isPVP21Active; + } + /** + * @param isPVP21Active the isPVP21Active to set + */ + public void setPVP21Active(boolean isPVP21Active) { + this.isPVP21Active = isPVP21Active; + } + /** + * @return the isOAUTHActive + */ + public boolean isOAUTHActive() { + return isOAUTHActive; + } + /** + * @param isOAUTHActive the isOAUTHActive to set + */ + public void setOAUTHActive(boolean isOAUTHActive) { + this.isOAUTHActive = isOAUTHActive; + } + + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index 260a4fd79..1f526caca 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -28,6 +28,7 @@ import iaik.security.ecc.provider.ECCProvider; import iaik.security.provider.IAIK; import java.io.IOException; +import java.io.PrintWriter; import java.security.Security; import java.util.Iterator; import java.util.Map; @@ -45,6 +46,7 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; @@ -317,20 +319,28 @@ public class DispatcherServlet extends AuthServlet{ } } } + + } catch (ProtocolNotActiveException e) { + resp.getWriter().write(e.getMessage()); + resp.setContentType("text/html;charset=UTF-8"); + resp.sendError(HttpServletResponse.SC_FORBIDDEN, e.getMessage()); + return; + + } catch (MOAIDException e) { Logger.error("Failed to generate a valid protocol request!"); - resp.sendError(HttpServletResponse.SC_BAD_REQUEST); resp.setContentType("text/html;charset=UTF-8"); - resp.getWriter().write("NO valid protocol request received!"); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "NO valid protocol request received!"); return; + } if (protocolRequest == null) { Logger.error("Failed to generate a valid protocol request!"); - resp.sendError(HttpServletResponse.SC_BAD_REQUEST); resp.setContentType("text/html;charset=UTF-8"); - resp.getWriter().write("NO valid protocol request received!"); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "NO valid protocol request received!"); return; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java index 1fb67a0b2..7ef5a2068 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java @@ -32,6 +32,8 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringUtils; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IModulInfo; import at.gv.egovernment.moa.id.moduls.IRequest; @@ -77,6 +79,13 @@ public class OAuth20Protocol implements IModulInfo { */ public IRequest preProcess(HttpServletRequest request, HttpServletResponse resp, String action) throws MOAIDException { // validation is done inside creation + + if (!AuthConfigurationProvider.getInstance().getAllowedProtocols().isOAUTHActive()) { + Logger.info("OAuth is deaktivated!"); + throw new ProtocolNotActiveException("auth.22", new Object[] { NAME }); + + } + OAuth20BaseRequest res = OAuth20BaseRequest.newInstance(action, request); Logger.debug("Created: " + res); return res; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index 82a620f6b..84c0138a5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -47,6 +47,8 @@ import org.opensaml.saml2.metadata.SPSSODescriptor; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IModulInfo; import at.gv.egovernment.moa.id.moduls.IRequest; @@ -129,6 +131,14 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { public IRequest preProcess(HttpServletRequest request, HttpServletResponse response, String action) throws MOAIDException { + + if (!AuthConfigurationProvider.getInstance().getAllowedProtocols().isPVP21Active()) { + Logger.info("PVP2.1 is deaktivated!"); + throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); + + } + + if(METADATA.equals(action)) { return new PVPTargetConfiguration(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java index 1c57c841e..e587ef0e1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java @@ -32,6 +32,7 @@ import org.apache.commons.lang.StringEscapeUtils; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1; @@ -81,6 +82,13 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants { public IRequest preProcess(HttpServletRequest request, HttpServletResponse response, String action) throws MOAIDException { RequestImpl config = new RequestImpl(); + + if (!AuthConfigurationProvider.getInstance().getAllowedProtocols().isSAML1Active()) { + Logger.info("SAML1 is deaktivated!"); + throw new ProtocolNotActiveException("auth.22", new Object[] { NAME }); + + } + String oaURL = (String) request.getParameter(PARAM_OA); //oaURL = StringEscapeUtils.escapeHtml(oaURL); diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index 3151aa657..dc698782a 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -40,6 +40,7 @@ auth.18=Keine MOASessionID vorhanden auth.19=Die Authentifizierung kann nicht passiv durchgef\u00FChrt werden. auth.20=No valid MOA session found. Authentification process is abourted. auth.21=Der Anmeldevorgang wurde durch den Benutzer abgebrochen. +auth.22=Das Protokoll {0} ist deaktiviert. init.00=MOA ID Authentisierung wurde erfolgreich gestartet init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround\: SSL ist m\u00F6glicherweise nicht verf\u00FCgbar @@ -227,5 +228,5 @@ oauth20.04=Die Art der Anmeldung wird nicht unterstuetzt oauth20.05=Der angegebene Benutzer ist nicht berechtigt oauth20.06=Die angegebene OA kann nicht verwendet werden oauth20.07=Angeforderter grant_type ist nicht erlaubt -oauth20.08=Nicht berechtigt für Token-Request +oauth20.08=Nicht berechtigt f�r Token-Request oauth20.09=Zertifikat fuer JSON Web-Token ist falsch konfiguriert. Fehler bei "{0}" diff --git a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd index 481f12091..e93cb5cc8 100644 --- a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd +++ b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd @@ -281,7 +281,11 @@ - + + + + + @@ -298,6 +302,12 @@ + + + + + + @@ -873,7 +883,6 @@ - @@ -900,7 +909,7 @@ - + -- cgit v1.2.3