From 999756bd381ec4d81db7db7bb59863ad549d69b0 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Tue, 17 Dec 2013 13:52:47 +0100 Subject: default qaa and attributes persisted and validated --- .../id/configuration/data/GeneralStorkConfig.java | 44 +++++++++++++++++++++- .../struts/action/EditGeneralConfigAction.java | 4 +- .../validation/moaconfig/StorkConfigValidator.java | 23 +++++++++++ .../main/resources/applicationResources.properties | 4 ++ .../src/main/webapp/jsp/editMOAConfig.jsp | 10 +++++ 5 files changed, 83 insertions(+), 2 deletions(-) (limited to 'id/ConfigWebTool/src') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java index 41d19d116..f270ab624 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java @@ -3,15 +3,20 @@ package at.gv.egovernment.moa.id.configuration.data; import java.util.ArrayList; import java.util.List; +import edu.emory.mathcs.backport.java.util.Arrays; + import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral; import at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS; import at.gv.egovernment.moa.id.commons.db.dao.config.ForeignIdentities; import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; +import at.gv.egovernment.moa.id.commons.db.dao.config.RequestedAttributesType; import at.gv.egovernment.moa.id.commons.db.dao.config.STORK; public class GeneralStorkConfig { private List cpepslist; + private List attributes; + private int qaa; public void parse(MOAIDConfiguration config) { @@ -29,6 +34,19 @@ public class GeneralStorkConfig { for(CPEPS current : stork.getCPEPS()) { cpepslist.add(current); } + + RequestedAttributesType tmp = stork.getRequestedAttributes(); + if(null != tmp) { + attributes = new ArrayList(); + for(String current : tmp.getAttributeValue()) + attributes.add(current); + } + + try { + qaa = stork.getQualityAuthenticationAssuranceLevel(); + } catch(NullPointerException e) { + qaa = 4; + } } } } @@ -40,6 +58,30 @@ public class GeneralStorkConfig { } public void setCpepslist(List list) { - this.cpepslist = list; + cpepslist = list; + } + + public RequestedAttributesType getRequestedAttributesType() { + RequestedAttributesType tmp = new RequestedAttributesType(); + tmp.setAttributeValue(attributes); + return tmp; + } + + public String getDefaultAttributes() { + return Arrays.toString(attributes.toArray()).replace("[", "").replace("]", ""); + } + + public void setDefaultAttributes(String attributes) { + this.attributes = new ArrayList(); + for(String current : attributes.split(",")) + this.attributes.add(current.trim()); + } + + public int getDefaultQaa() { + return qaa; + } + + public void setDefaultQaa(int qaa) { + this.qaa = qaa; } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java index 092dd5613..72da0b59f 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java @@ -397,11 +397,13 @@ public class EditGeneralConfigAction extends ActionSupport if (oldstork != null) oldstork = new STORK(); + oldstork.setQualityAuthenticationAssuranceLevel(storkconfig.getDefaultQaa()); + oldstork.setRequestedAttributes(storkconfig.getRequestedAttributesType()); oldstork.setCPEPS(storkconfig.getCpepslist()); dbforeign.setSTORK(oldstork); } } - + if (MiscUtil.isNotEmpty(moaconfig.getMandateURL())) { OnlineMandates dbmandate = dbauth.getOnlineMandates(); if (dbmandate == null) { diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java index 91d5ecabd..4ee247695 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java @@ -55,6 +55,29 @@ public class StorkConfigValidator { } } + // check qaa + int qaa = form.getDefaultQaa(); + if(1 > qaa && 4 < qaa) { + log.warn("QAA is out of range : " + qaa); + errors.add(LanguageHelper.getErrorString("validation.stork.qaa.outofrange", + new Object[] {qaa} )); + } + + // check attributes + String check = form.getDefaultAttributes(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, true)) { + log.warn("default attributes contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + } + if(!check.toLowerCase().matches("^[a-z0-9, ]*$")) { + log.warn("default attributes do not match the requested format : " + check); + errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes", + new Object[] {check} )); + } + } + return errors; } } diff --git a/id/ConfigWebTool/src/main/resources/applicationResources.properties b/id/ConfigWebTool/src/main/resources/applicationResources.properties index f79b5a286..2dacf14a2 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources.properties @@ -227,6 +227,8 @@ webpages.oaconfig.stork.usestork=STORK Logon aktivieren webpages.moaconfig.stork.pepslist=C-PEPS Konfiguration webpages.moaconfig.stork.newpeps=Neuen PEPS konfigurieren webpages.moaconfig.stork.removepeps=l\u00F6schen +webpages.moaconfig.stork.requestedattributes.default=Standardattribute, die von STORK angefordert werden +webpages.moaconfig.stork.qaa.default=Standard QAA-Level ausw\u00E4hlen webpages.oaconfig.protocols.saml1.header=SAML1 Konfiguration webpages.oaconfig.saml1.isActice=SAML1 aktivieren @@ -373,6 +375,8 @@ validation.general.oaidentifier.notunique=Der gew\u00E4hlte eindeutige Identifie validation.stork.cpeps.cc=CPEPS L\u00E4ndercode folgt nicht ISO 3166-2 validation.stork.cpeps.empty=CPEPS Konfiguration ist unvollst\u00E4ndig validation.stork.cpeps.url=CPEPS URL ist ung\u00FCltig +validation.stork.requestedattributes=STORK Attribute sind fehlerhaft. Bsp.: attr1, attr2 +validation.stork.qaa.outofrange=Gültige QAA Werte sind 1, 2, 3, und 4 validation.pvp2.metadataurl.empty=Keine Metadaten URL angegeben. validation.pvp2.metadataurl.valid=Die Metadaten URL wei\u00DFt kein g\u00FCltiges URL Format auf. diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp index 1b87ffc57..df6a43e7a 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp @@ -228,6 +228,16 @@

<%=LanguageHelper.getGUIString("webpages.oaconfig.stork.header", request) %>

+ +

<%=LanguageHelper.getGUIString("webpages.moaconfig.stork.pepslist", request) %>

-- cgit v1.2.3
Country ShortcodePEPS URL