From ad40ae9233c5f2a32c983962d655e686af546677 Mon Sep 17 00:00:00 2001
From: Thomas Knall <t.knall@datentechnik-innovation.com>
Date: Thu, 22 Jan 2015 12:13:07 +0100
Subject: Add mandate process support (MOAID-60).

- Refactor moa-id auth web.xml
-- Group the servlets with their corresponding mappings.
-- Replace servlets for mappings "/GetMISSessionID", "/VerifyAuthBlock", "/VerifyCertificate" and "/VerifyIdentityLink".
-- Remove disabled declarations.
- Replace link http://jigsaw.w3.org/css-validator/images/vcss-blue with https://... within the internal templates (loginFormFull.html, sendAssertionFormFull.html, ...).
- Set classes deprecated: GetMISSessionIDServlet, VerifyCertificateServlet
- ProcessEngineSignalServlet: make GET delegate to PUT
- Replace some "implements MOAIDAuthConstants" with "import static MOAIDAuthConstants.*".
- Add detailed Javadoc to *Task.java.
- Update DefaultAuthentication.process.xml for mandate
- Add GetMISSessionIDTask and VerifyCertificateTask.
- Add adapter class for iaik.IAIKRuntimeException in order to satisfy some library's bogus dependendies.
---
 id/server/auth/src/main/webapp/WEB-INF/web.xml | 272 +++++++------------------
 1 file changed, 72 insertions(+), 200 deletions(-)

(limited to 'id/server/auth/src/main/webapp/WEB-INF/web.xml')

diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml
index 477cce57b..1dd3b7a40 100644
--- a/id/server/auth/src/main/webapp/WEB-INF/web.xml
+++ b/id/server/auth/src/main/webapp/WEB-INF/web.xml
@@ -36,41 +36,67 @@
 		<filter-name>requestContextFilter</filter-name>
 		<url-pattern>/*</url-pattern>
 	</filter-mapping>
+	
+	<filter>
+		<filter-name>UrlRewriteFilter</filter-name>
+		<filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class>
+	</filter>
+	<filter-mapping>
+		<filter-name>UrlRewriteFilter</filter-name>
+		<url-pattern>/*</url-pattern>
+	</filter-mapping>
 
-
-<!-- 	<servlet>
-		<servlet-name>SelectBKU</servlet-name>
-		<display-name>SelectBKU</display-name>
-		<description>Select Bürgerkartenartenumgebung</description>
-		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.SelectBKUServlet</servlet-class>
-	</servlet> -->
 	<servlet>
 		<description>Generate BKU Request template</description>
 		<display-name>GenerateIframeTemplate</display-name>
 		<servlet-name>GenerateIframeTemplate</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet</servlet-class>
 	</servlet>
+	<servlet-mapping>
+		<servlet-name>GenerateIframeTemplate</servlet-name>
+		<url-pattern>/GenerateIframeTemplate</url-pattern>
+	</servlet-mapping>
+	
 	<servlet>
 		<display-name>RedirectServlet</display-name>
 		<servlet-name>RedirectServlet</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.RedirectServlet</servlet-class>
 	</servlet>
+	<servlet-mapping>
+		<servlet-name>RedirectServlet</servlet-name>
+		<url-pattern>/RedirectServlet</url-pattern>
+	</servlet-mapping>
+	
 	<servlet>
 		<display-name>MonitoringServlet</display-name>
 		<servlet-name>MonitoringServlet</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.MonitoringServlet</servlet-class>
 	</servlet>
+	<servlet-mapping>
+		<servlet-name>MonitoringServlet</servlet-name>
+		<url-pattern>/MonitoringServlet</url-pattern>
+	</servlet-mapping>
+	
 	<servlet>
 		<display-name>SSOSendAssertionServlet</display-name>
 		<servlet-name>SSOSendAssertionServlet</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.SSOSendAssertionServlet</servlet-class>
-	</servlet>	
+	</servlet>
+	<servlet-mapping>
+		<servlet-name>SSOSendAssertionServlet</servlet-name>
+		<url-pattern>/SSOSendAssertionServlet</url-pattern>
+	</servlet-mapping>
+	
 	<servlet>
 		<description>SSO LogOut</description>
 		<display-name>LogOut</display-name>
 		<servlet-name>LogOut</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.LogOutServlet</servlet-class>
 	</servlet>
+	<servlet-mapping>
+		<servlet-name>LogOut</servlet-name>
+		<url-pattern>/LogOut</url-pattern>
+	</servlet-mapping>
 	
 	<servlet>
 		<description>IDP Single LogOut Service</description>
@@ -78,25 +104,10 @@
 		<servlet-name>IDPSLO</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.IDPSingleLogOutServlet</servlet-class>
 	</servlet>
-	
-	<servlet>
-		<description>Verify identity link coming from security layer</description>
-		<display-name>VerifyIdentityLink</display-name>
-		<servlet-name>VerifyIdentityLink</servlet-name>
-		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet</servlet-class>
-	</servlet>
-	<servlet>
-		<description>Verify the certificate coming from security layer</description>
-		<display-name>VerifyCertificate</display-name>
-		<servlet-name>VerifyCertificate</servlet-name>
-		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.VerifyCertificateServlet</servlet-class>
-	</servlet>
-	<servlet>
-		<description>Get the MIS session ID coming from security layer</description>
-		<display-name>GetMISSessionID</display-name>
-		<servlet-name>GetMISSessionID</servlet-name>
-		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.GetMISSessionIDServlet</servlet-class>
-	</servlet>
+	<servlet-mapping>
+		<servlet-name>IDPSLO</servlet-name>
+		<url-pattern>/idpSingleLogout</url-pattern>
+	</servlet-mapping>
 
 	<servlet>
 		<description>Gets the foreign eID from security layer</description>
@@ -104,223 +115,84 @@
 		<servlet-name>GetForeignID</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.GetForeignIDServlet</servlet-class>
 	</servlet>
-<!-- 	<servlet>
-		<servlet-name>ProcessInput</servlet-name>
-		<display-name>ProcessInput</display-name>
-		<description>Process user input needed by infobox validators</description>
-		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.ProcessValidatorInputServlet</servlet-class>
-	</servlet> -->
-	<servlet>
-		<description>Verify AUTH block coming from security layer</description>
-		<display-name>VerifyAuthBlock</display-name>
-		<servlet-name>VerifyAuthBlock</servlet-name>
-		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet</servlet-class>
-	</servlet>
-<!-- 	<servlet>
-		<servlet-name>ConfigurationUpdate</servlet-name>
-		<display-name>ConfigurationUpdate</display-name>
-		<description>Update MOA-ID Auth configuration from the configuration
-			file</description>
-		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.ConfigurationServlet</servlet-class>
-	</servlet> -->
+	<servlet-mapping>
+		<servlet-name>GetForeignID</servlet-name>
+		<url-pattern>/GetForeignID</url-pattern>
+	</servlet-mapping>
+	
 	<servlet>
 		<display-name>Apache-Axis Servlet</display-name>
 		<servlet-name>AxisServlet</servlet-name>
 		<servlet-class>org.apache.axis.transport.http.AxisServlet</servlet-class>
 	</servlet>
+	<servlet-mapping>
+		<servlet-name>AxisServlet</servlet-name>
+		<url-pattern>/services/*</url-pattern>
+	</servlet-mapping>
 
- 	<!-- JSP servlet -->
-<!--	<servlet>
-		<servlet-name>jspservlet</servlet-name>
-		<servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class>
-	</servlet> -->
 	<servlet>
-		<description>Servlet receiving STORK SAML Response Messages from
-			different C-PEPS</description>
+		<description>Servlet receiving STORK SAML Response Messages from different C-PEPS</description>
 		<display-name>PEPSConnectorServlet</display-name>
 		<servlet-name>PEPSConnectorServlet</servlet-name>
-		<servlet-class>
-			at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet</servlet-class>
+		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet</servlet-class>
 	</servlet>
+	<servlet-mapping>
+		<servlet-name>PEPSConnectorServlet</servlet-name>
+		<url-pattern>/PEPSConnector</url-pattern>
+	</servlet-mapping>
+
 	<servlet>
-		<description>Servlet receiving STORK SAML Response Messages from
-			different C-PEPS</description>
+		<description>Servlet receiving STORK SAML Response Messages from different C-PEPS</description>
 		<display-name>PEPSConnectorWithLocalSigningServlet</display-name>
 		<servlet-name>PEPSConnectorWithLocalSigningServlet</servlet-name>
-		<servlet-class>
-			at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorWithLocalSigningServlet</servlet-class>
+		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorWithLocalSigningServlet</servlet-class>
 	</servlet>
-
-	<!-- Dispatcher servlets 
-	<servlet>
-		<servlet-name>AuthDispatcherServlet</servlet-name>
-		<display-name>AuthDispatcher Servlet</display-name>
-		<servlet-class>at.gv.egovernment.moa.id.entrypoints.AuthDispatcherServlet</servlet-class>
-		<load-on-startup>1</load-on-startup>
-	</servlet>-->
+	<servlet-mapping>
+		<servlet-name>PEPSConnectorWithLocalSigningServlet</servlet-name>
+		<url-pattern>/PEPSConnectorWithLocalSigning</url-pattern>
+	</servlet-mapping>
+	
 	<servlet>
 		<display-name>Dispatcher Servlet</display-name>
 		<servlet-name>DispatcherServlet</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.entrypoints.DispatcherServlet</servlet-class>
 		<load-on-startup>1</load-on-startup>
 	</servlet>
-
-	<!-- Servlet Registration -->
-	<servlet>
-		<servlet-name>at.gv.egovernment.moa.id.protocols.saml1.GetArtifactServlet</servlet-name>
-		<servlet-class>at.gv.egovernment.moa.id.protocols.saml1.GetArtifactServlet</servlet-class>
-	</servlet>
+	<servlet-mapping>
+		<servlet-name>DispatcherServlet</servlet-name>
+		<url-pattern>/dispatcher</url-pattern>
+	</servlet-mapping>
 
 	<servlet>
-		<description>Resumes a suspended process engine task.</description>
+		<description>Resumes a suspended process task.</description>
 		<display-name>ProcessEngineSignal</display-name>
 		<servlet-name>ProcessEngineSignal</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.ProcessEngineSignalServlet</servlet-class>
 	</servlet>
-
-
-
-	<servlet-mapping>
-		<servlet-name>DispatcherServlet</servlet-name>
-		<url-pattern>/dispatcher</url-pattern>
-	</servlet-mapping>
-	<!-- servlet-mapping>
-		<servlet-name>AuthDispatcherServlet</servlet-name>
-		<url-pattern>/AuthDispatcher</url-pattern>
-	</servlet-mapping -->
-
-
-	<!-- servlet mapping for jsp pages -->
-	<!-- errorpage.jsp (customizeable) -->
-<!-- 	<servlet-mapping>
-		<servlet-name>jspservlet</servlet-name>
-		<url-pattern>/errorpage-auth.jsp</url-pattern>
-	</servlet-mapping>
-	message.jsp (customizeable) used for non error messages (e.g. ConfigurationUpdate)
-	<servlet-mapping>
-		<servlet-name>jspservlet</servlet-name>
-		<url-pattern>/message-auth.jsp</url-pattern>
-	</servlet-mapping> -->
-
-<!-- 	<servlet-mapping>
-		<servlet-name>SelectBKU</servlet-name>
-		<url-pattern>/SelectBKU</url-pattern>
-	</servlet-mapping> -->
-	<servlet-mapping>
-		<servlet-name>GenerateIframeTemplate</servlet-name>
-		<url-pattern>/GenerateIframeTemplate</url-pattern>
-	</servlet-mapping>
-	<servlet-mapping>
-		<servlet-name>RedirectServlet</servlet-name>
-		<url-pattern>/RedirectServlet</url-pattern>
-	</servlet-mapping>
-	<servlet-mapping>
-		<servlet-name>MonitoringServlet</servlet-name>
-		<url-pattern>/MonitoringServlet</url-pattern>
-	</servlet-mapping>
 	<servlet-mapping>
-		<servlet-name>SSOSendAssertionServlet</servlet-name>
-		<url-pattern>/SSOSendAssertionServlet</url-pattern>
-	</servlet-mapping>	
- 	<servlet-mapping>
-		<servlet-name>LogOut</servlet-name>
-		<url-pattern>/LogOut</url-pattern>
-	</servlet-mapping>
-	<servlet-mapping>
-		<servlet-name>IDPSLO</servlet-name>
-		<url-pattern>/idpSingleLogout</url-pattern>
-	</servlet-mapping>	
-	<servlet-mapping>
-		<!--
-		<servlet-name>VerifyIdentityLink</servlet-name>
-		-->
 		<servlet-name>ProcessEngineSignal</servlet-name>
-		<url-pattern>/VerifyIdentityLink</url-pattern>
-	</servlet-mapping>
-	<servlet-mapping>
-		<servlet-name>VerifyCertificate</servlet-name>
-		<url-pattern>/VerifyCertificate</url-pattern>
-	</servlet-mapping>
-	<servlet-mapping>
-		<servlet-name>GetMISSessionID</servlet-name>
 		<url-pattern>/GetMISSessionID</url-pattern>
-	</servlet-mapping>
-	<servlet-mapping>
-		<servlet-name>GetForeignID</servlet-name>
-		<url-pattern>/GetForeignID</url-pattern>
-	</servlet-mapping>
-
-<!-- 	<servlet-mapping>
-		<servlet-name>ProcessInput</servlet-name>
-		<url-pattern>/ProcessInput</url-pattern>
-	</servlet-mapping> -->
-	
-	<servlet-mapping>
-		<!--
-		<servlet-name>VerifyAuthBlock</servlet-name>
-		-->
-		<servlet-name>ProcessEngineSignal</servlet-name>
 		<url-pattern>/VerifyAuthBlock</url-pattern>
+		<url-pattern>/VerifyCertificate</url-pattern>
+		<url-pattern>/VerifyIdentityLink</url-pattern>
 	</servlet-mapping>
-<!-- 	<servlet-mapping>
-		<servlet-name>ConfigurationUpdate</servlet-name>
-		<url-pattern>/ConfigurationUpdate</url-pattern>
-	</servlet-mapping> -->
-	<servlet-mapping>
-		<servlet-name>AxisServlet</servlet-name>
-		<url-pattern>/services/*</url-pattern>
-	</servlet-mapping>
-	<servlet-mapping>
-		<servlet-name>PEPSConnectorServlet</servlet-name>
-		<url-pattern>/PEPSConnector</url-pattern>
-	</servlet-mapping>
-<servlet-mapping>
-		<servlet-name>PEPSConnectorWithLocalSigningServlet</servlet-name>
-		<url-pattern>/PEPSConnectorWithLocalSigning</url-pattern>
-	</servlet-mapping>
-	<!-- Filters -->
-	<!-- <filter> <filter-name>DispatcherDecoratorFilter</filter-name> <filter-class>at.gv.egovernment.moa.id.sso.DispatcherDecoratorFilter</filter-class> 
-		</filter> -->
-
-	<filter>
-		<filter-name>UrlRewriteFilter</filter-name>
-		<filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class>
-	</filter>
-
-	<filter-mapping>
-		<filter-name>UrlRewriteFilter</filter-name>
-		<url-pattern>/*</url-pattern>
-	</filter-mapping>
-	<!-- <filter-mapping> <filter-name>DispatcherDecoratorFilter</filter-name> 
-		<url-pattern>/AuthDispatcher</url-pattern> <dispatcher>REQUEST</dispatcher> 
-		<dispatcher>FORWARD</dispatcher> </filter-mapping> <filter-mapping> <filter-name>DispatcherDecoratorFilter</filter-name> 
-		<url-pattern>/StartAuthentication</url-pattern> <dispatcher>REQUEST</dispatcher> 
-		<dispatcher>FORWARD</dispatcher> </filter-mapping> -->
 
 	<session-config>
 		<session-timeout>5</session-timeout>
 	</session-config>
+	
 	<error-page>
 		<error-code>500</error-code>
 		<location>/errorpage.jsp</location>
 	</error-page>
-<!-- 	<security-constraint>
-		<web-resource-collection>
-			<web-resource-name>ConfigurationUpdate</web-resource-name>
-			<url-pattern>/ConfigurationUpdate</url-pattern>
-		</web-resource-collection>
-		<auth-constraint>
-			<role-name>moa-admin</role-name>
-		</auth-constraint>
-	</security-constraint> -->
+	
 	<login-config>
 		<auth-method>BASIC</auth-method>
 		<realm-name>UserDatabase</realm-name>
 	</login-config>
 	<security-role>
-		<description>
-			The role that is required to log in to the moa Application
-		</description>
+		<description>The role that is required to log in to the moa Application</description>
 		<role-name>moa-admin</role-name>
 	</security-role>
+
 </web-app>
-- 
cgit v1.2.3