From 92717efaa56e3d0f7c271b91483507cf981b417b Mon Sep 17 00:00:00 2001 From: Thomas Knall Date: Fri, 16 Jan 2015 10:19:44 +0100 Subject: Add minor fixes and updates. - Fix moa-id-auth web.xml and upgrade to servlet 3.0. - Reformat loginFormFull.html in order to enhance readability. - Add some TODOs and FIXMEs. - Adding some comments to DispatcherServlet in order to ease understanding the process. --- id/server/auth/src/main/webapp/WEB-INF/web.xml | 71 ++++++++++++++++---------- 1 file changed, 44 insertions(+), 27 deletions(-) (limited to 'id/server/auth/src/main/webapp/WEB-INF/web.xml') diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml index 42085b01e..fb3888a3e 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/web.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/web.xml @@ -1,8 +1,25 @@ - - + MOA ID Auth MOA ID Authentication Service + + + + org.springframework.web.context.ContextLoaderListener + + + + + requestContextFilter + org.springframework.web.filter.RequestContextFilter + + + requestContextFilter + /* + + - GenerateIframeTemplate - GenerateIframeTemplate Generate BKU Request template + GenerateIframeTemplate + GenerateIframeTemplate at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet - RedirectServlet RedirectServlet + RedirectServlet at.gv.egovernment.moa.id.auth.servlet.RedirectServlet - MonitoringServlet MonitoringServlet + MonitoringServlet at.gv.egovernment.moa.id.auth.servlet.MonitoringServlet - SSOSendAssertionServlet SSOSendAssertionServlet + SSOSendAssertionServlet at.gv.egovernment.moa.id.auth.servlet.SSOSendAssertionServlet - LogOut - LogOut SSO LogOut + LogOut + LogOut at.gv.egovernment.moa.id.auth.servlet.LogOutServlet - IDPSLO - IDP-SLO IDP Single LogOut Service + IDP-SLO + IDPSLO at.gv.egovernment.moa.id.auth.servlet.IDPSingleLogOutServlet - VerifyIdentityLink - VerifyIdentityLink Verify identity link coming from security layer + VerifyIdentityLink + VerifyIdentityLink at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet - VerifyCertificate - VerifyCertificate Verify the certificate coming from security layer + VerifyCertificate + VerifyCertificate at.gv.egovernment.moa.id.auth.servlet.VerifyCertificateServlet - GetMISSessionID - GetMISSessionID Get the MIS session ID coming from security layer + GetMISSessionID + GetMISSessionID at.gv.egovernment.moa.id.auth.servlet.GetMISSessionIDServlet - GetForeignID - GetForeignID Gets the foreign eID from security layer + GetForeignID + GetForeignID at.gv.egovernment.moa.id.auth.servlet.GetForeignIDServlet - VerifyAuthBlock - VerifyAuthBlock Verify AUTH block coming from security layer + VerifyAuthBlock + VerifyAuthBlock at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet - AxisServlet Apache-Axis Servlet + AxisServlet org.apache.axis.transport.http.AxisServlet @@ -100,18 +117,18 @@ org.apache.jasper.servlet.JspServlet --> - PEPSConnectorServlet - PEPSConnectorServlet Servlet receiving STORK SAML Response Messages from different C-PEPS + PEPSConnectorServlet + PEPSConnectorServlet at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet - PEPSConnectorWithLocalSigningServlet - PEPSConnectorWithLocalSigningServlet Servlet receiving STORK SAML Response Messages from different C-PEPS + PEPSConnectorWithLocalSigningServlet + PEPSConnectorWithLocalSigningServlet at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorWithLocalSigningServlet @@ -124,8 +141,8 @@ 1 --> - DispatcherServlet Dispatcher Servlet + DispatcherServlet at.gv.egovernment.moa.id.entrypoints.DispatcherServlet 1 -- cgit v1.2.3 From a1bb34634bf4f30fc565109358eb51bd1111dc21 Mon Sep 17 00:00:00 2001 From: Thomas Knall Date: Wed, 21 Jan 2015 08:50:58 +0100 Subject: Add "DefaultAuthentication" process (AT, no mandates, no stork) (MOAID-59). - Fix oa web.xml, switch to servlet 3.0. - moa-id-auth web.xml -- Add CharacterEncodingFilter for UTF-8 encoding. -- Add ProcessEngineSignalServlet. - Fix invalid template_*.html. - Add TODO[branch] annotations in order to indicates potential process flow branches. - Add some missing Javadoc. - Add property processInstandId to AuthenticationSession. - Add process engine support. - Fix HttpServlet init issues. - Set VerifyAuthenticationBlockServlet and VerifyIdentityLinkServlet deprecated. --- id/server/auth/src/main/webapp/WEB-INF/web.xml | 30 ++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) (limited to 'id/server/auth/src/main/webapp/WEB-INF/web.xml') diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml index fb3888a3e..477cce57b 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/web.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/web.xml @@ -10,6 +10,23 @@ org.springframework.web.context.ContextLoaderListener + + characterEncodingFilter + org.springframework.web.filter.CharacterEncodingFilter + + encoding + UTF-8 + + + forceEncoding + true + + + + characterEncodingFilter + /* + + requestContextFilter @@ -20,6 +37,7 @@ /* + + ProcessEngineSignal /VerifyIdentityLink @@ -229,7 +256,10 @@ --> + + ProcessEngineSignal /VerifyAuthBlock Generate BKU Request template GenerateIframeTemplate GenerateIframeTemplate at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet + + GenerateIframeTemplate + /GenerateIframeTemplate + + RedirectServlet RedirectServlet at.gv.egovernment.moa.id.auth.servlet.RedirectServlet + + RedirectServlet + /RedirectServlet + + MonitoringServlet MonitoringServlet at.gv.egovernment.moa.id.auth.servlet.MonitoringServlet + + MonitoringServlet + /MonitoringServlet + + SSOSendAssertionServlet SSOSendAssertionServlet at.gv.egovernment.moa.id.auth.servlet.SSOSendAssertionServlet - + + + SSOSendAssertionServlet + /SSOSendAssertionServlet + + SSO LogOut LogOut LogOut at.gv.egovernment.moa.id.auth.servlet.LogOutServlet + + LogOut + /LogOut + IDP Single LogOut Service @@ -78,25 +104,10 @@ IDPSLO at.gv.egovernment.moa.id.auth.servlet.IDPSingleLogOutServlet - - - Verify identity link coming from security layer - VerifyIdentityLink - VerifyIdentityLink - at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet - - - Verify the certificate coming from security layer - VerifyCertificate - VerifyCertificate - at.gv.egovernment.moa.id.auth.servlet.VerifyCertificateServlet - - - Get the MIS session ID coming from security layer - GetMISSessionID - GetMISSessionID - at.gv.egovernment.moa.id.auth.servlet.GetMISSessionIDServlet - + + IDPSLO + /idpSingleLogout + Gets the foreign eID from security layer @@ -104,223 +115,84 @@ GetForeignID at.gv.egovernment.moa.id.auth.servlet.GetForeignIDServlet - - - Verify AUTH block coming from security layer - VerifyAuthBlock - VerifyAuthBlock - at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet - - + + GetForeignID + /GetForeignID + + Apache-Axis Servlet AxisServlet org.apache.axis.transport.http.AxisServlet + + AxisServlet + /services/* + - - - Servlet receiving STORK SAML Response Messages from - different C-PEPS + Servlet receiving STORK SAML Response Messages from different C-PEPS PEPSConnectorServlet PEPSConnectorServlet - - at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet + at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet + + PEPSConnectorServlet + /PEPSConnector + + - Servlet receiving STORK SAML Response Messages from - different C-PEPS + Servlet receiving STORK SAML Response Messages from different C-PEPS PEPSConnectorWithLocalSigningServlet PEPSConnectorWithLocalSigningServlet - - at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorWithLocalSigningServlet + at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorWithLocalSigningServlet - - + + PEPSConnectorWithLocalSigningServlet + /PEPSConnectorWithLocalSigning + + Dispatcher Servlet DispatcherServlet at.gv.egovernment.moa.id.entrypoints.DispatcherServlet 1 - - - - at.gv.egovernment.moa.id.protocols.saml1.GetArtifactServlet - at.gv.egovernment.moa.id.protocols.saml1.GetArtifactServlet - + + DispatcherServlet + /dispatcher + - Resumes a suspended process engine task. + Resumes a suspended process task. ProcessEngineSignal ProcessEngineSignal at.gv.egovernment.moa.id.auth.servlet.ProcessEngineSignalServlet - - - - - DispatcherServlet - /dispatcher - - - - - - - - - - - GenerateIframeTemplate - /GenerateIframeTemplate - - - RedirectServlet - /RedirectServlet - - - MonitoringServlet - /MonitoringServlet - - SSOSendAssertionServlet - /SSOSendAssertionServlet - - - LogOut - /LogOut - - - IDPSLO - /idpSingleLogout - - - ProcessEngineSignal - /VerifyIdentityLink - - - VerifyCertificate - /VerifyCertificate - - - GetMISSessionID /GetMISSessionID - - - GetForeignID - /GetForeignID - - - - - - - ProcessEngineSignal /VerifyAuthBlock + /VerifyCertificate + /VerifyIdentityLink - - - AxisServlet - /services/* - - - PEPSConnectorServlet - /PEPSConnector - - - PEPSConnectorWithLocalSigningServlet - /PEPSConnectorWithLocalSigning - - - - - - UrlRewriteFilter - org.tuckey.web.filters.urlrewrite.UrlRewriteFilter - - - - UrlRewriteFilter - /* - - 5 + 500 /errorpage.jsp - + BASIC UserDatabase - - The role that is required to log in to the moa Application - + The role that is required to log in to the moa Application moa-admin + -- cgit v1.2.3 From 745272fe66f04fee6976e6a187e308bb7a5987a1 Mon Sep 17 00:00:00 2001 From: Thomas Knall Date: Fri, 23 Jan 2015 11:22:07 +0100 Subject: Add foreign identity process support (MOAID-61). - moa-id auth web.xml: Replace servlet mapping "/GetForeignID". - Fix some javadoc of AuthenticationServer. - Set GetForeignIDServlet deprecated. - Remove redundant code across several classes. - VerifyIdentityLinkTask: Separate identity link verification from subsequent (a) creation of CreateXMLSignatureRequest (ProcessIdentityLinkTask) and (b) creation of InfoBoxReadRequest (CertificateReadRequestTask). --- id/server/auth/src/main/webapp/WEB-INF/web.xml | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) (limited to 'id/server/auth/src/main/webapp/WEB-INF/web.xml') diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml index 1dd3b7a40..4548e05d9 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/web.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/web.xml @@ -108,17 +108,6 @@ IDPSLO /idpSingleLogout - - - Gets the foreign eID from security layer - GetForeignID - GetForeignID - at.gv.egovernment.moa.id.auth.servlet.GetForeignIDServlet - - - GetForeignID - /GetForeignID - Apache-Axis Servlet @@ -172,6 +161,7 @@ ProcessEngineSignal /GetMISSessionID + /GetForeignID /VerifyAuthBlock /VerifyCertificate /VerifyIdentityLink -- cgit v1.2.3 From 8579cf80c3602f963566d31eaf04f59f68d3bf11 Mon Sep 17 00:00:00 2001 From: Thomas Knall Date: Thu, 29 Jan 2015 10:56:18 +0100 Subject: Add STORK process (MOAID-58). - Add STORKAuthentication.process.xml - Add PepsConnectorTask using code from PEPSConnectorServlet. - Split code from PEPSConnectorWithLocalSigningServlet into PepsConnectorHandleResponseWithoutSignatureTask and PepsConnectorHandleLocalSignResponseTask. - Replace SpringExpressionEvaluator within applicationContext.xml with SpringWebExpressionEvaluator (allowing expressions using request parameter(s)). - Make servlet mappings /PEPSConnectorWithLocalSigning and /PEPSConnector point to the process engine signaling servlet. - Add many FIXMEs marking problematic code. - Move code to start stork authentication from StartAuthenticationBuilder to CreateStorkAuthRequestFormTask. - Mark PEPSConnectorServlet and PEPSConnectorWithLocalSigningServlet deprecated. - Remove @author tknall from classes assembled using existing (bogus) code. --- id/server/auth/src/main/webapp/WEB-INF/web.xml | 24 ++---------------------- 1 file changed, 2 insertions(+), 22 deletions(-) (limited to 'id/server/auth/src/main/webapp/WEB-INF/web.xml') diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml index 4548e05d9..2dbceb4e9 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/web.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/web.xml @@ -119,28 +119,6 @@ /services/* - - Servlet receiving STORK SAML Response Messages from different C-PEPS - PEPSConnectorServlet - PEPSConnectorServlet - at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet - - - PEPSConnectorServlet - /PEPSConnector - - - - Servlet receiving STORK SAML Response Messages from different C-PEPS - PEPSConnectorWithLocalSigningServlet - PEPSConnectorWithLocalSigningServlet - at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorWithLocalSigningServlet - - - PEPSConnectorWithLocalSigningServlet - /PEPSConnectorWithLocalSigning - - Dispatcher Servlet DispatcherServlet @@ -165,6 +143,8 @@ /VerifyAuthBlock /VerifyCertificate /VerifyIdentityLink + /PEPSConnectorWithLocalSigning + /PEPSConnector -- cgit v1.2.3 From 88f2ac75cf316c755e35303cf2d6faa2343b9408 Mon Sep 17 00:00:00 2001 From: Thomas Knall Date: Thu, 29 Jan 2015 17:13:21 +0100 Subject: Perform some cleanup - Remove ProcessDefinitionFactoryBean from applicationContext.xml. - Minor code cleanup. --- id/server/auth/src/main/webapp/WEB-INF/web.xml | 2 ++ 1 file changed, 2 insertions(+) (limited to 'id/server/auth/src/main/webapp/WEB-INF/web.xml') diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml index 2dbceb4e9..10c772aca 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/web.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/web.xml @@ -138,6 +138,8 @@ ProcessEngineSignal + /signalProcess + /GetMISSessionID /GetForeignID /VerifyAuthBlock -- cgit v1.2.3 From 6371e01c520de77b0f37f59c72dbe20fce88c91a Mon Sep 17 00:00:00 2001 From: Thomas Knall Date: Fri, 30 Jan 2015 08:53:27 +0100 Subject: Add Spring based discovery for STORKAuthModule - Add wildcard import to applicationContext.xml - Add some javadoc to AuthModule interface. - Remove STORKAuthModuleImpl from serviceloader based registration. --- id/server/auth/src/main/webapp/WEB-INF/web.xml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'id/server/auth/src/main/webapp/WEB-INF/web.xml') diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml index 10c772aca..f81e01ccd 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/web.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/web.xml @@ -138,8 +138,9 @@ ProcessEngineSignal + /signalProcess - + /GetMISSessionID /GetForeignID /VerifyAuthBlock -- cgit v1.2.3 From 373641cfb0e404e89f4d9a011ae53d8b8cfc06c5 Mon Sep 17 00:00:00 2001 From: Thomas Knall Date: Fri, 30 Jan 2015 10:45:59 +0100 Subject: Add dynamic servlet registration for STORK processes. - Add STORKWebApplicationInitializer.java - Adjust web.xml - Move STORK.authmodule.beans.xml to src/main/resources/... --- id/server/auth/src/main/webapp/WEB-INF/web.xml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'id/server/auth/src/main/webapp/WEB-INF/web.xml') diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml index f81e01ccd..41c46bd22 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/web.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/web.xml @@ -140,14 +140,17 @@ ProcessEngineSignal /signalProcess - + /GetMISSessionID /GetForeignID /VerifyAuthBlock /VerifyCertificate /VerifyIdentityLink + + -- cgit v1.2.3 From a9dc7e094a8732f9826ab77648758dd39adc7324 Mon Sep 17 00:00:00 2001 From: Thomas Knall Date: Wed, 4 Feb 2015 13:54:32 +0100 Subject: Add logging for automatic servlet registration. --- id/server/auth/src/main/webapp/WEB-INF/web.xml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'id/server/auth/src/main/webapp/WEB-INF/web.xml') diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml index 41c46bd22..930b10f43 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/web.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/web.xml @@ -137,16 +137,23 @@ at.gv.egovernment.moa.id.auth.servlet.ProcessEngineSignalServlet + ProcessEngineSignal + /signalProcess + /GetMISSessionID /GetForeignID /VerifyAuthBlock /VerifyCertificate /VerifyIdentityLink - + + + SSOSendAssertionServlet -- cgit v1.2.3