From 09266016cbcb143d7b6e65d32b49b6b3d2cb53c0 Mon Sep 17 00:00:00 2001 From: Florian Reimair Date: Mon, 27 Jan 2014 17:24:46 +0100 Subject: fixed issues after merge --- .../moa/id/demoOA/servlet/pvp2/BuildMetadata.java | 26 ++++++++++------------ .../id/demoOA/servlet/pvp2/DemoApplication.java | 15 ++++++------- 2 files changed, 19 insertions(+), 22 deletions(-) (limited to 'id/oa/src/main/java/at') diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java index f3821374a..efd22668c 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java @@ -20,7 +20,6 @@ import javax.xml.transform.TransformerFactoryConfigurationError; import javax.xml.transform.dom.DOMSource; import javax.xml.transform.stream.StreamResult; -import org.apache.log4j.Logger; import org.opensaml.common.impl.SecureRandomIdentifierGenerator; import org.opensaml.common.xml.SAMLConstants; import org.opensaml.saml2.core.NameIDType; @@ -50,13 +49,12 @@ import at.gv.egovernment.moa.id.demoOA.Constants; import at.gv.egovernment.moa.id.demoOA.exception.ConfigurationException; import at.gv.egovernment.moa.id.demoOA.utils.AttributeListBuilder; import at.gv.egovernment.moa.id.demoOA.utils.SAML2Utils; +import at.gv.egovernment.moa.logging.Logger; import at.iaik.commons.util.MiscUtil; public class BuildMetadata extends HttpServlet { private static final long serialVersionUID = 1L; - private static final Logger log = Logger.getLogger(BuildMetadata.class); - /** * @see HttpServlet#HttpServlet() */ @@ -88,7 +86,7 @@ public class BuildMetadata extends HttpServlet { String name = config.getPVP2MetadataEntitiesName(); if (MiscUtil.isEmpty(name)) { - log.info("NO Metadata EntitiesName configurated"); + Logger.info("NO Metadata EntitiesName configurated"); throw new ConfigurationException("NO Metadata EntitiesName configurated"); } @@ -104,7 +102,7 @@ public class BuildMetadata extends HttpServlet { if (!serviceURL.endsWith("/")) serviceURL = serviceURL + "/"; - log.debug("Set OnlineApplicationURL to " + serviceURL); + Logger.debug("Set OnlineApplicationURL to " + serviceURL); spEntityDescriptor.setEntityID(serviceURL); SPSSODescriptor spSSODescriptor = SAML2Utils @@ -126,7 +124,7 @@ public class BuildMetadata extends HttpServlet { config.getPVP2KeystoreMetadataKeyPassword().toCharArray()); - log.debug("Set Metadata key information"); + Logger.debug("Set Metadata key information"); //Set MetaData Signing key KeyDescriptor entitiesSignKeyDescriptor = SAML2Utils .createSAMLObject(KeyDescriptor.class); @@ -162,7 +160,7 @@ public class BuildMetadata extends HttpServlet { spSSODescriptor.getKeyDescriptors().add(encryKeyDescriptor); } else { - log.warn("No Assertion Encryption-Key defined. This setting is not recommended!"); + Logger.warn("No Assertion Encryption-Key defined. This setting is not recommended!"); } @@ -237,32 +235,32 @@ public class BuildMetadata extends HttpServlet { response.getOutputStream().close(); } catch (ConfigurationException e) { - log.warn("Configuration can not be loaded.", e); + Logger.warn("Configuration can not be loaded.", e); throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); } catch (NoSuchAlgorithmException e) { - log.warn("Requested Algorithm could not found.", e); + Logger.warn("Requested Algorithm could not found.", e); throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); } catch (ParserConfigurationException e) { - log.warn("PVP2 Metadata createn error", e); + Logger.warn("PVP2 Metadata createn error", e); throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); } catch (TransformerConfigurationException e) { - log.warn("PVP2 Metadata createn error", e); + Logger.warn("PVP2 Metadata createn error", e); throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); } catch (TransformerFactoryConfigurationError e) { - log.warn("PVP2 Metadata createn error", e); + Logger.warn("PVP2 Metadata createn error", e); throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); } catch (TransformerException e) { - log.warn("PVP2 Metadata createn error", e); + Logger.warn("PVP2 Metadata createn error", e); throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); } catch (Exception e) { - log.warn("Unspecific PVP2 Metadata createn error", e); + Logger.warn("Unspecific PVP2 Metadata createn error", e); throw new ServletException("MetaData can not be created. Look into LogFiles for more details."); } diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java index 2d32ce9af..c3e61146e 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java @@ -11,7 +11,6 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; -import org.apache.log4j.Logger; import org.opensaml.common.SAMLObject; import org.opensaml.common.binding.BasicSAMLMessageContext; import org.opensaml.common.xml.SAMLConstants; @@ -53,13 +52,13 @@ import at.gv.egovernment.moa.id.demoOA.Configuration; import at.gv.egovernment.moa.id.demoOA.PVPConstants; import at.gv.egovernment.moa.id.demoOA.utils.ApplicationBean; import at.gv.egovernment.moa.id.demoOA.utils.SAML2Utils; +import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DOMUtils; public class DemoApplication extends HttpServlet { private static final long serialVersionUID = -2129228304760706063L; - private static final Logger log = Logger.getLogger(DemoApplication.class); @@ -73,7 +72,7 @@ public class DemoApplication extends HttpServlet { String method = request.getMethod(); HttpSession session = request.getSession(); if (session == null) { - log.info("NO HTTP Session"); + Logger.info("NO HTTP Session"); bean.setErrorMessage("NO HTTP session"); setAnser(request, response, bean); return; @@ -96,7 +95,7 @@ public class DemoApplication extends HttpServlet { Signature sign = samlResponse.getSignature(); if (sign == null) { - log.info("Only http POST Requests can be used"); + Logger.info("Only http POST Requests can be used"); bean.setErrorMessage("Only http POST Requests can be used"); setAnser(request, response, bean); return; @@ -126,7 +125,7 @@ public class DemoApplication extends HttpServlet { ExplicitKeySignatureTrustEngine trustEngine = new ExplicitKeySignatureTrustEngine(credentialResolver, keyInfoResolver); trustEngine.validate(sign, criteriaSet); - log.info("PVP2 Assertion is valid"); + Logger.info("PVP2 Assertion is valid"); if (samlResponse.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { @@ -137,7 +136,7 @@ public class DemoApplication extends HttpServlet { if (encryAssertionList != null && encryAssertionList.size() > 0) { //decrypt assertions - log.debug("Found encryped assertion. Start decryption ..."); + Logger.debug("Found encryped assertion. Start decryption ..."); KeyStore keyStore = config.getPVP2KeyStore(); @@ -163,7 +162,7 @@ public class DemoApplication extends HttpServlet { } - log.debug("Assertion decryption finished. "); + Logger.debug("Assertion decryption finished. "); } else { saml2assertions = samlResponse.getAssertions(); @@ -219,7 +218,7 @@ public class DemoApplication extends HttpServlet { } } catch (Exception e) { - log.warn(e); + Logger.warn(e); bean.setErrorMessage("Internal Error: " + e.getMessage()); setAnser(request, response, bean); return; -- cgit v1.2.3 From 91710631a3b7dc469edb83379c773b7bc27728ab Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 29 Jan 2014 16:21:24 +0100 Subject: add EUPL headers --- .../egovernment/moa/id/demoOA/Configuration.java | 33 ++++++++++++++--- .../at/gv/egovernment/moa/id/demoOA/Constants.java | 22 ++++++++++++ .../gv/egovernment/moa/id/demoOA/PVPConstants.java | 22 ++++++++++++ .../demoOA/exception/ConfigurationException.java | 22 ++++++++++++ .../moa/id/demoOA/servlet/pvp2/Authenticate.java | 38 +++++++++++++++----- .../moa/id/demoOA/servlet/pvp2/BuildMetadata.java | 41 ++++++++++++++++++---- .../id/demoOA/servlet/pvp2/DemoApplication.java | 22 ++++++++++++ .../moa/id/demoOA/utils/ApplicationBean.java | 22 ++++++++++++ .../moa/id/demoOA/utils/AttributeListBuilder.java | 25 ++++++++++++- .../demoOA/utils/MetaDataVerificationFilter.java | 25 +++++++++++-- .../moa/id/demoOA/utils/SAML2Utils.java | 22 ++++++++++++ 11 files changed, 272 insertions(+), 22 deletions(-) (limited to 'id/oa/src/main/java/at') diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java index 0ca5464a7..c143d050b 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java @@ -1,3 +1,25 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ package at.gv.egovernment.moa.id.demoOA; @@ -63,6 +85,7 @@ public class Configuration { return publicURLPreFix; } + public KeyStore getPVP2KeyStore() throws ConfigurationException { try { @@ -75,8 +98,7 @@ public class Configuration { keyStore = KeyStore.getInstance(keystoretype); } - - + String file = getPVP2MetadataKeystoreURL(); if (MiscUtil.isEmpty(file)) { throw new ConfigurationException("KeyStoreURL is empty"); @@ -191,6 +213,7 @@ public class Configuration { fis.close(); + //load OpenSAML library DefaultBootstrap.bootstrap(); } catch ( FileNotFoundException e) { @@ -208,7 +231,8 @@ public class Configuration { private void initalPVP2Login() throws ConfigurationException { try { - + + //load IDP certificate to validate IDP metadata String metadataCert = getPVP2IDPMetadataCertificate(); if (MiscUtil.isEmpty(metadataCert)) { throw new ConfigurationException("NO IDP Certificate to verify IDP Metadata"); @@ -224,7 +248,8 @@ public class Configuration { if (MiscUtil.isEmpty(metadataurl)) { throw new ConfigurationException("NO IDP Metadata URL."); } - + + //load IDP metadata into metadataprovider idpMetadataProvider = new HTTPMetadataProvider(new Timer(), new HttpClient(), metadataurl); idpMetadataProvider.setRequireValidMetadata(true); idpMetadataProvider.setParserPool(new BasicParserPool()); diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Constants.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Constants.java index 1f5d4871b..af1dd84be 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Constants.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Constants.java @@ -1,3 +1,25 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ package at.gv.egovernment.moa.id.demoOA; public class Constants { diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/PVPConstants.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/PVPConstants.java index facc2feb2..da7d334f1 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/PVPConstants.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/PVPConstants.java @@ -1,3 +1,25 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ package at.gv.egovernment.moa.id.demoOA; public interface PVPConstants { diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/exception/ConfigurationException.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/exception/ConfigurationException.java index 77250d818..600486230 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/exception/ConfigurationException.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/exception/ConfigurationException.java @@ -1,3 +1,25 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ package at.gv.egovernment.moa.id.demoOA.exception; diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java index 68fef277b..917493848 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java @@ -1,3 +1,25 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ package at.gv.egovernment.moa.id.demoOA.servlet.pvp2; import java.io.IOException; @@ -75,6 +97,7 @@ public class Authenticate extends HttpServlet { DocumentBuilder builder; + //generate AuthenticationRequest protected void process(HttpServletRequest request, HttpServletResponse response, Map legacyParameter) throws ServletException, IOException { try { @@ -87,13 +110,10 @@ public class Authenticate extends HttpServlet { SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator(); authReq.setID(gen.generateIdentifier()); - HttpSession session = request.getSession(); - if (session != null) { - session.setAttribute(Constants.SESSION_PVP2REQUESTID, authReq.getID()); - } authReq.setAssertionConsumerServiceIndex(0); authReq.setAttributeConsumingServiceIndex(0); + authReq.setIssueInstant(new DateTime()); Subject subject = SAML2Utils.createSAMLObject(Subject.class); NameID name = SAML2Utils.createSAMLObject(NameID.class); @@ -121,13 +141,15 @@ public class Authenticate extends HttpServlet { throw new ConfigurationException("No IDP EntityName configurated"); } - HTTPMetadataProvider idpmetadata = config.getMetaDataProvier(); + //get IDP metadata from metadataprovider + HTTPMetadataProvider idpmetadata = config.getMetaDataProvier(); EntityDescriptor idpEntity = idpmetadata.getEntityDescriptor(entityname); if (idpEntity == null) { log.info("IDP EntityName is not found in IDP Metadata"); throw new ConfigurationException("IDP EntityName is not found in IDP Metadata"); } + //select authentication-service url from metadata SingleSignOnService redirectEndpoint = null; for (SingleSignOnService sss : idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleSignOnServices()) { @@ -137,9 +159,9 @@ public class Authenticate extends HttpServlet { redirectEndpoint = sss; } } - authReq.setDestination(redirectEndpoint.getLocation()); + RequestedAuthnContext reqAuthContext = SAML2Utils.createSAMLObject(RequestedAuthnContext.class); @@ -154,8 +176,8 @@ public class Authenticate extends HttpServlet { authReq.setRequestedAuthnContext(reqAuthContext); + //sign authentication request KeyStore keyStore = config.getPVP2KeyStore(); - X509Credential authcredential = new KeyStoreX509CredentialAdapter( keyStore, config.getPVP2KeystoreAuthRequestKeyAlias(), @@ -165,9 +187,9 @@ public class Authenticate extends HttpServlet { signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1); signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); signer.setSigningCredential(authcredential); - authReq.setSignature(signer); + //generate Http-POST Binding message VelocityEngine engine = new VelocityEngine(); engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); engine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8"); diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java index f3821374a..95b776cc2 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java @@ -1,3 +1,25 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ package at.gv.egovernment.moa.id.demoOA.servlet.pvp2; import java.io.IOException; @@ -21,6 +43,7 @@ import javax.xml.transform.dom.DOMSource; import javax.xml.transform.stream.StreamResult; import org.apache.log4j.Logger; +import org.joda.time.DateTime; import org.opensaml.common.impl.SecureRandomIdentifierGenerator; import org.opensaml.common.xml.SAMLConstants; import org.opensaml.saml2.core.NameIDType; @@ -95,11 +118,17 @@ public class BuildMetadata extends HttpServlet { spEntitiesDescriptor.setName(name); spEntitiesDescriptor.setID(idGen.generateIdentifier()); + //set period of validity for metadata information + DateTime validUntil = new DateTime(); + spEntitiesDescriptor.setValidUntil(validUntil.plusDays(7)); + + EntityDescriptor spEntityDescriptor = SAML2Utils .createSAMLObject(EntityDescriptor.class); spEntitiesDescriptor.getEntityDescriptors().add(spEntityDescriptor); + //set OA-ID (PublicURL Prefix) as identifier String serviceURL = config.getPublicUrlPreFix(request); if (!serviceURL.endsWith("/")) serviceURL = serviceURL + "/"; @@ -181,23 +210,21 @@ public class BuildMetadata extends HttpServlet { unspecifiednameIDFormat.setFormat(NameIDType.UNSPECIFIED); spSSODescriptor.getNameIDFormats().add(unspecifiednameIDFormat); - + + //set HTTP-POST Binding assertion consumer service AssertionConsumerService postassertionConsumerService = SAML2Utils.createSAMLObject(AssertionConsumerService.class); postassertionConsumerService.setIndex(0); postassertionConsumerService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI); postassertionConsumerService.setLocation(serviceURL + Constants.SERVLET_PVP2ASSERTION); - + spSSODescriptor.getAssertionConsumerServices().add(postassertionConsumerService); spSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS); spEntityDescriptor.getRoleDescriptors().add(spSSODescriptor); - spSSODescriptor.setWantAssertionsSigned(true); - spSSODescriptor.setAuthnRequestsSigned(true); - AttributeConsumingService attributeService = SAML2Utils.createSAMLObject(AttributeConsumingService.class); @@ -207,10 +234,12 @@ public class BuildMetadata extends HttpServlet { serviceName.setName(new LocalizedString("Default Service", "de")); attributeService.getNames().add(serviceName); + //set attributes which are requested attributeService.getRequestAttributes().addAll(AttributeListBuilder.getRequestedAttributes()); - spSSODescriptor.getAttributeConsumingServices().add(attributeService); + + //build metadata DocumentBuilder builder; DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java index 2d32ce9af..f9c8d6cab 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java @@ -1,3 +1,25 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ package at.gv.egovernment.moa.id.demoOA.servlet.pvp2; import java.io.IOException; diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/ApplicationBean.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/ApplicationBean.java index 83f9a8b2c..832993604 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/ApplicationBean.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/ApplicationBean.java @@ -1,3 +1,25 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ package at.gv.egovernment.moa.id.demoOA.utils; import java.io.Serializable; diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/AttributeListBuilder.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/AttributeListBuilder.java index 8c9d15d11..18c91cfdc 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/AttributeListBuilder.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/AttributeListBuilder.java @@ -1,3 +1,25 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ package at.gv.egovernment.moa.id.demoOA.utils; import java.util.ArrayList; @@ -9,7 +31,6 @@ import org.opensaml.saml2.metadata.RequestedAttribute; import at.gv.egovernment.moa.id.demoOA.PVPConstants; - public class AttributeListBuilder implements PVPConstants{ protected static RequestedAttribute buildReqAttribute(String name, String friendlyName, boolean required) { @@ -24,6 +45,8 @@ public class AttributeListBuilder implements PVPConstants{ public static List getRequestedAttributes() { List requestedAttributes = new ArrayList(); + + //select PVP2 attributes which are needed for this application requestedAttributes.add(buildReqAttribute(PVP_VERSION_NAME, PVP_VERSION_FRIENDLY_NAME, true)); requestedAttributes.add(buildReqAttribute(PRINCIPAL_NAME_NAME, PRINCIPAL_NAME_FRIENDLY_NAME, true)); requestedAttributes.add(buildReqAttribute(GIVEN_NAME_NAME, GIVEN_NAME_FRIENDLY_NAME, true)); diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/MetaDataVerificationFilter.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/MetaDataVerificationFilter.java index 2b4e20ba0..4779274ac 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/MetaDataVerificationFilter.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/MetaDataVerificationFilter.java @@ -1,9 +1,28 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ package at.gv.egovernment.moa.id.demoOA.utils; -import java.util.Iterator; - import org.opensaml.saml2.metadata.EntitiesDescriptor; -import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.provider.FilterException; import org.opensaml.saml2.metadata.provider.MetadataFilter; import org.opensaml.security.SAMLSignatureProfileValidator; diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/SAML2Utils.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/SAML2Utils.java index f04caf888..0bf41bb6d 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/SAML2Utils.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/SAML2Utils.java @@ -1,3 +1,25 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ package at.gv.egovernment.moa.id.demoOA.utils; import java.io.IOException; -- cgit v1.2.3 From ef35deb727190363d17d693d10f27171787cc92c Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 3 Feb 2014 15:38:24 +0100 Subject: Solve some merge problems --- .../java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java | 2 ++ 1 file changed, 2 insertions(+) (limited to 'id/oa/src/main/java/at') diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java index 917493848..5bf9c4970 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java @@ -197,6 +197,8 @@ public class Authenticate extends HttpServlet { engine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath"); engine.setProperty("classpath.resource.loader.class", "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader"); + engine.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS, + "org.apache.velocity.runtime.log.SimpleLog4JLogSystem"); engine.init(); HTTPPostEncoder encoder = new HTTPPostEncoder(engine, -- cgit v1.2.3