From 1d577f0587f7d77b1c54a3ebc22bf20c5cb9aa13 Mon Sep 17 00:00:00 2001
From: Bojan Suzic <bojan.suzic@iaik.tugraz.at>
Date: Tue, 19 May 2015 14:32:37 +0200
Subject: enable usage of http locally when proxied on the same machine; hidden
 option, LU specific

---
 .../moa/id/auth/parser/StartAuthentificationParameterParser.java | 4 ++--
 .../moa/id/config/auth/AuthConfigurationProvider.java            | 9 ++++++++-
 2 files changed, 10 insertions(+), 3 deletions(-)

(limited to 'id/server/idserverlib/src/main/java/at/gv')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
index a123569d5..a0584e1e9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
@@ -212,8 +212,8 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{
 	      authURL = authURL.concat(":" + req.getServerPort());
 	    }
 	    authURL = authURL.concat(req.getContextPath() + "/");
-				
-		if (!authURL.startsWith("https:"))
+		boolean auth = AuthConfigurationProvider.getInstance().isHTTPAuthAllowed();
+		if (!authURL.startsWith("https:") && !AuthConfigurationProvider.getInstance().isHTTPAuthAllowed())
 			throw new AuthenticationException("auth.07",
 					new Object[] { authURL + "*" });
 		
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
index d33a9ea92..6a2f2db44 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -1072,7 +1072,14 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
 	  else
 		  return null;
   }
-  
+
+  // allow http to be used in call, used in systems proxied on the same instance
+  public boolean isHTTPAuthAllowed() {
+		String prop = props.getProperty("configuration.localhttpallowed.active", "false");
+		return Boolean.valueOf(prop);
+  }
+
+
   public boolean isAdvancedLoggingActive() {
 	  String prop = props.getProperty("configuration.advancedlogging.active", "false");
 	  return Boolean.valueOf(prop);
-- 
cgit v1.2.3