From d025c38a426e22b0d1ccfbb4558ff6ce78ac1d0b Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Fri, 30 Sep 2016 09:22:29 +0200
Subject: refactor http servlet response processing to prohibit 'chunked'
 transfer encoding

---
 .../interceptor/WebFrontEndSecurityInterceptor.java     | 17 ++++++++++-------
 .../moa/id/protocols/pvp2x/MetadataAction.java          | 10 +++++-----
 2 files changed, 15 insertions(+), 12 deletions(-)

(limited to 'id/server/idserverlib/src')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
index 9fdec9fbb..2976dc420 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
@@ -50,7 +50,14 @@ public class WebFrontEndSecurityInterceptor implements HandlerInterceptor {
 	@Override
 	public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
 			throws Exception {
-				
+
+		//TODO: add additional headers or checks 
+		//set security headers
+		response.setHeader(MOAIDAuthConstants.HEADER_EXPIRES, MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+		response.setHeader(MOAIDAuthConstants.HEADER_PRAGMA, MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+		response.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+		response.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+		
 		//only for SAML1 GetAuthenticationData webService functionality
 		String requestedServlet = request.getServletPath();		
 		if (MiscUtil.isNotEmpty(requestedServlet) && 
@@ -85,13 +92,9 @@ public class WebFrontEndSecurityInterceptor implements HandlerInterceptor {
 	public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
 			ModelAndView modelAndView) throws Exception {
 
-		//TODO: add additional headers or checks 
 		
-		//set security headers
-		response.setHeader(MOAIDAuthConstants.HEADER_EXPIRES, MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
-		response.setHeader(MOAIDAuthConstants.HEADER_PRAGMA, MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
-		response.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
-		response.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+		
+
 
 	}
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
index b282e3a4b..851f47a68 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
@@ -63,12 +63,12 @@ public class MetadataAction implements IAction {
 			
 			String metadataXML = metadatabuilder.buildPVPMetadata(metadataConfig);			
 			Logger.debug("METADATA: " + metadataXML);
-						
+					
+			byte[] content = metadataXML.getBytes("UTF-8");
+			httpResp.setStatus(HttpServletResponse.SC_OK);
+			httpResp.setContentLength(content.length);
 			httpResp.setContentType(MediaType.XML_UTF_8.toString());
-			httpResp.getOutputStream().write(metadataXML.getBytes("UTF-8"));
-
-			httpResp.getOutputStream().close();
-
+			httpResp.getOutputStream().write(content);			
 			return null;
 			
 		} catch (Exception e) {
-- 
cgit v1.2.3