From fd2752d6cb5a95aca7ed2206a9b8258942f17655 Mon Sep 17 00:00:00 2001 From: Thomas Knall Date: Mon, 23 Feb 2015 18:57:12 +0100 Subject: Improve Process Engine signal servlet (MOAID-73) - Update Process Engine signal servlet in order to allow module to provider their own strategy for providing the moa session id. - Update moa id handbook. - Update javadoc. --- .../moa/id/auth/modules/AuthModule.java | 5 ++-- .../modules/registration/ModuleRegistration.java | 2 +- .../auth/servlet/ProcessEngineSignalServlet.java | 27 +++++++++++++++++----- .../springweb/SpringWebExpressionEvaluator.java | 17 +++++++++----- 4 files changed, 36 insertions(+), 15 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AuthModule.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AuthModule.java index a31f3ceb0..8983403d8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AuthModule.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AuthModule.java @@ -22,8 +22,9 @@ public interface AuthModule { int getPriority(); /** - * Checks if the module has a process, which is able to perform an authentication with the given - * {@link ExecutionContext}. + * Selects a process (description), referenced by its unique id, which is able to perform authentication with the + * given {@link ExecutionContext}. Returns {@code null} if no appropriate process (description) was available within + * this module. * * @param context * an ExecutionContext for a process. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/registration/ModuleRegistration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/registration/ModuleRegistration.java index fa1878e74..9c950366c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/registration/ModuleRegistration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/registration/ModuleRegistration.java @@ -128,7 +128,7 @@ public class ModuleRegistration { } /** - * Returns the process id of the first process, in the highest ranked + * Returns the process description id of the first process, in the highest ranked * module, which is able to work with the given execution context. * * @param context diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java index a99b7aeef..d670cbe8a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java @@ -9,6 +9,7 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils; import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; @@ -23,7 +24,7 @@ import at.gv.egovernment.moa.id.util.ParamValidatorUtils; public class ProcessEngineSignalServlet extends AuthServlet { private static final long serialVersionUID = 1L; - + /** * Sets response headers that prevent caching (code taken from {@link AuthServlet}). * @@ -51,14 +52,13 @@ public class ProcessEngineSignalServlet extends AuthServlet { */ @Override protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { - String sessionID = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_SESSIONID)); + String sessionID = StringEscapeUtils.escapeHtml(getMoaSessionId(req)); setNoCachingHeaders(resp); try { - - // check parameter - if (!ParamValidatorUtils.isValidSessionID(sessionID)) { - throw new WrongParametersException("ProcessEngineSignal", PARAM_SESSIONID, "auth.12"); + + if (sessionID == null) { + throw new IllegalStateException("Unable to determine MOA session id."); } // retrieve moa session @@ -80,4 +80,19 @@ public class ProcessEngineSignalServlet extends AuthServlet { } + /** + * Retrieves the current MOA session id from the HttpServletRequest parameter + * {@link MOAIDAuthConstants#PARAM_SESSIONID}. + *

+ * Note that this class/method can be overwritten by modules providing their own strategy of retrieving the + * respective MOA session id. + * + * @param request + * The unterlying HttpServletRequest. + * @return The current MOA session id. + */ + public String getMoaSessionId(HttpServletRequest request) { + return StringEscapeUtils.escapeHtml(request.getParameter(PARAM_SESSIONID)); + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/SpringWebExpressionEvaluator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/SpringWebExpressionEvaluator.java index 499e86fa0..af6822ba6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/SpringWebExpressionEvaluator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/SpringWebExpressionEvaluator.java @@ -124,12 +124,17 @@ public class SpringWebExpressionEvaluator implements ExpressionEvaluator { log.trace("Evaluating '{}'.", expression); Expression expr = parser.parseExpression(expression); - Boolean result = expr.getValue(evaluationContext, new SpringWebExpressionEvaluationContext(expressionContext), - Boolean.class); - if (result == null) { - log.warn("Evaluation of '{}' results in null-value.", expression); - } else { - log.debug("Expression '{}' -> {}", expression, result); + Boolean result = null; + try { + result = expr.getValue(evaluationContext, new SpringWebExpressionEvaluationContext(expressionContext), + Boolean.class); + if (result == null) { + log.warn("Evaluation of '{}' results in null-value.", expression); + } else { + log.debug("Expression '{}' -> {}", expression, result); + } + } catch (Exception e) { + log.warn("Expression '{}' could not be processed.", expression, e); } return BooleanUtils.isTrue(result); -- cgit v1.2.3