From 3d8670eaeda9bc6898a7658a9dd7c954d40b435d Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 28 Mar 2014 14:08:29 +0100 Subject: parse inputparameter -> catch all exceptions --- .../gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'id/server/idserverlib') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java index 10a41c487..407e33978 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java @@ -142,7 +142,8 @@ public class VerifyIdentityLinkServlet extends AuthServlet { try { parameters = getParameters(req); - } catch (FileUploadException e) + + } catch (Exception e) { Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); throw new IOException(e.getMessage()); -- cgit v1.2.3 From 8cb4ecdf1f2e120e4dcf3c1a4101206250028444 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 31 Mar 2014 07:48:47 +0200 Subject: Allow only redirect to OAs from OA configuration --- .../moa/id/auth/servlet/LogOutServlet.java | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) (limited to 'id/server/idserverlib') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java index 84732d4ce..a11601daa 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java @@ -54,6 +54,9 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.moduls.AuthenticationManager; import at.gv.egovernment.moa.id.moduls.RequestStorage; @@ -86,6 +89,16 @@ public class LogOutServlet extends AuthServlet { //set default redirect Target Logger.debug("Set default RedirectURL back to MOA-ID-Auth"); redirectUrl = AuthConfigurationProvider.getInstance().getPublicURLPrefix(); + + } else { + //return an error if RedirectURL is not a active Online-Applikation + OnlineApplication oa = ConfigurationDBRead.getActiveOnlineApplication(redirectUrl); + if (oa == null) { + resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Parameters not valid"); + return; + + } + } if (ssomanager.isValidSSOSession(ssoid, req)) { @@ -108,7 +121,12 @@ public class LogOutServlet extends AuthServlet { ssomanager.deleteSSOSessionID(req, resp); } catch (Exception e) { - Logger.warn(LogOutServlet.class.getName() + " has an LogOut Error. Redirect to Applikation " + redirectUrl, e); + resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Request not allowed."); + return; + + } finally { + ConfigurationDBUtils.closeSession(); + } //Redirect to Application -- cgit v1.2.3 From 6b6d22483ae1291e2c97bad9ab67c9d817247d08 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 31 Mar 2014 08:48:29 +0200 Subject: Add additional log messages --- .../moa/id/storage/AuthenticationSessionStoreage.java | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'id/server/idserverlib') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java index 393b80d04..e6efa0256 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java @@ -119,7 +119,7 @@ public class AuthenticationSessionStoreage { dbsession.setUpdated(new Date()); MOASessionDBUtils.saveOrUpdate(dbsession); - Logger.info("MOASession with sessionID=" + session.getSessionID() + " is stored in Database"); + Logger.debug("MOASession with sessionID=" + session.getSessionID() + " is stored in Database"); } catch (MOADatabaseException e) { Logger.warn("MOASession could not be stored."); @@ -144,7 +144,7 @@ public class AuthenticationSessionStoreage { dbsession.setUpdated(new Date()); MOASessionDBUtils.saveOrUpdate(dbsession); - Logger.info("MOASession with sessionID=" + session.getSessionID() + " is stored in Database"); + Logger.debug("MOASession with sessionID=" + session.getSessionID() + " is stored in Database"); } catch (MOADatabaseException e) { Logger.warn("MOASession could not be stored."); @@ -191,6 +191,10 @@ public class AuthenticationSessionStoreage { AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID()); String id = Random.nextRandom(); + + Logger.debug("Change SessionID from " + session.getSessionID() + + "to " + id); + session.setSessionID(id); dbsession.setSessionid(id); @@ -207,6 +211,8 @@ public class AuthenticationSessionStoreage { MOASessionDBUtils.saveOrUpdate(dbsession); + Logger.trace("Change SessionID complete."); + return id; } catch (MOADatabaseException e) { @@ -225,6 +231,8 @@ public class AuthenticationSessionStoreage { Session session = MOASessionDBUtils.getCurrentSession(); List result; + Logger.trace("Add SSO information to session " + moaSessionID); + synchronized (session) { tx = session.beginTransaction(); -- cgit v1.2.3 From 1dcf1c30e542cc4aa7791e7e429700bef207a565 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 31 Mar 2014 10:52:58 +0200 Subject: Add additional error handling and logging --- .../moa/id/auth/servlet/GenerateIFrameTemplateServlet.java | 6 +++++- .../egovernment/moa/id/auth/servlet/GetForeignIDServlet.java | 11 ++++++----- .../moa/id/auth/servlet/GetMISSessionIDServlet.java | 11 +++++++++-- .../egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java | 7 ++++++- .../moa/id/auth/servlet/SSOSendAssertionServlet.java | 8 +++++++- .../moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java | 9 ++++++++- .../moa/id/auth/servlet/VerifyCertificateServlet.java | 5 ++++- .../moa/id/auth/servlet/VerifyIdentityLinkServlet.java | 10 ++++++---- 8 files changed, 51 insertions(+), 16 deletions(-) (limited to 'id/server/idserverlib') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java index 0a0355bd7..6f30e98df 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java @@ -187,8 +187,12 @@ public class GenerateIFrameTemplateServlet extends AuthServlet { catch (MOAIDException ex) { handleError(null, ex, req, resp, pendingRequestID); + + } catch (Exception e) { + Logger.error("BKUSelectionServlet has an interal Error.", e); + } - + finally { ConfigurationDBUtils.closeSession(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java index e9afb2e68..17dd9e343 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java @@ -260,11 +260,12 @@ public class GetForeignIDServlet extends AuthServlet { } catch (MOAIDException ex) { - handleError(null, ex, req, resp, pendingRequestID); - } catch (Exception e1) { - // TODO Auto-generated catch block - e1.printStackTrace(); - } + handleError(null, ex, req, resp, pendingRequestID); + + } catch (Exception e) { + Logger.error("GetForeignIDServlet has an interal Error.", e); + + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java index 5733cee85..a776bbe9a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java @@ -246,16 +246,23 @@ public class GetMISSessionIDServlet extends AuthServlet { } catch (MOAIDException ex) { handleError(null, ex, req, resp, pendingRequestID); + } catch (GeneralSecurityException ex) { handleError(null, ex, req, resp, pendingRequestID); + } catch (PKIException e) { handleError(null, e, req, resp, pendingRequestID); + } catch (SAXException e) { handleError(null, e, req, resp, pendingRequestID); + } catch (ParserConfigurationException e) { handleError(null, e, req, resp, pendingRequestID); - } - + + } catch (Exception e) { + Logger.error("MISMandateValidation has an interal Error.", e); + + } finally { ConfigurationDBUtils.closeSession(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index 328a441cd..d6db64a85 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -384,9 +384,14 @@ public class PEPSConnectorServlet extends AuthServlet { } catch (AuthenticationException e) { handleError(null, e, request, response, pendingRequestID); + } catch (MOAIDException e) { handleError(null, e, request, response, pendingRequestID); - } + + } catch (Exception e) { + Logger.error("PEPSConnector has an interal Error.", e); + } + finally { ConfigurationDBUtils.closeSession(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java index 6fa7b56c6..997241822 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java @@ -150,11 +150,17 @@ public class SSOSendAssertionServlet extends AuthServlet{ } catch (MOADatabaseException e) { handleError("SSO Session is not found", e, req, resp, id); + } catch (WrongParametersException e) { handleError("Parameter is not valid", e, req, resp, id); + } catch (AuthenticationException e) { handleError(e.getMessage(), e, req, resp, id); - } + + } catch (Exception e) { + Logger.error("SSOSendAssertion has an interal Error.", e); + } + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java index 2b46c8ff2..787dc6f10 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java @@ -303,13 +303,20 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { catch (MOAIDException ex) { handleError(null, ex, req, resp, pendingRequestID); + } catch (GeneralSecurityException e) { handleError(null, e, req, resp, pendingRequestID); + } catch (PKIException e) { handleError(null, e, req, resp, pendingRequestID); + } catch (TransformerException e) { handleError(null, e, req, resp, pendingRequestID); - } + + } catch (Exception e) { + Logger.error("AuthBlockValidation has an interal Error.", e); + } + finally { ConfigurationDBUtils.closeSession(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java index fddd0d6b9..a3397f561 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java @@ -215,9 +215,12 @@ public class VerifyCertificateServlet extends AuthServlet { } } catch (MOAIDException ex) { - handleError(null, ex, req, resp, pendingRequestID); + + } catch (Exception e) { + Logger.error("CertificateValidation has an interal Error.", e); } + finally { ConfigurationDBUtils.closeSession(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java index 407e33978..3b503f07b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java @@ -260,12 +260,14 @@ public class VerifyIdentityLinkServlet extends AuthServlet { } catch (ParseException ex) { handleError(null, ex, req, resp, pendingRequestID); - } - - catch (MOAIDException ex) { + + } catch (MOAIDException ex) { handleError(null, ex, req, resp, pendingRequestID); + + } catch (Exception e) { + Logger.error("IdentityLinkValidation has an interal Error.", e); } - + finally { ConfigurationDBUtils.closeSession(); } -- cgit v1.2.3 From 492556d1b71d63b7d44a31d2f32cc424a3cc5400 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 31 Mar 2014 11:11:50 +0200 Subject: set default redirectTarget --- .../java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'id/server/idserverlib') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java index 671151bbe..00acdc540 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java @@ -70,7 +70,9 @@ public class RedirectServlet extends AuthServlet{ } else { try { - redirectTarget = oa.getAuthComponentOA().getTemplates().getBKUSelectionCustomization().getAppletRedirectTarget(); + String test = oa.getAuthComponentOA().getTemplates().getBKUSelectionCustomization().getAppletRedirectTarget(); + if (MiscUtil.isNotEmpty(test)) + redirectTarget = test; } catch (Exception e) { Logger.debug("Use default redirectTarget."); -- cgit v1.2.3 From 70bdabb832f10bc10acfe96410d5530d0c601a53 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 31 Mar 2014 11:16:11 +0200 Subject: remove OA specific AuthBlockTransformation --- .../java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) (limited to 'id/server/idserverlib') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index a8c4daad7..45867c4e5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -571,11 +571,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { String authBlock = buildAuthenticationBlock(session, oaParam); // builds the - List transformsInfos = oaParam.getTransformsInfos(); - if ((transformsInfos == null) || (transformsInfos.size() == 0)) { - // no OA specific transforms specified, use default ones - transformsInfos = authConf.getTransformsInfos(); - } + List transformsInfos = authConf.getTransformsInfos(); + String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder() .build(authBlock, oaParam.getKeyBoxIdentifier(), transformsInfos); -- cgit v1.2.3 From 578f88516c9b2b3d61d19cd82a821b9c85a573d1 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 31 Mar 2014 13:06:30 +0200 Subject: redirect to MOA-ID-Auth if redirectURL is not valid. --- .../java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'id/server/idserverlib') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java index a11601daa..fc4ec305d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java @@ -94,8 +94,8 @@ public class LogOutServlet extends AuthServlet { //return an error if RedirectURL is not a active Online-Applikation OnlineApplication oa = ConfigurationDBRead.getActiveOnlineApplication(redirectUrl); if (oa == null) { - resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Parameters not valid"); - return; + Logger.info("RedirctURL does not match to OA configuration. Set default RedirectURL back to MOA-ID-Auth"); + redirectUrl = AuthConfigurationProvider.getInstance().getPublicURLPrefix(); } -- cgit v1.2.3 From eeb3d0250cf5a873b67cb974d17913089fd9c925 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 31 Mar 2014 13:53:00 +0200 Subject: add ContentType to PEPS request --- .../main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java | 2 ++ 1 file changed, 2 insertions(+) (limited to 'id/server/idserverlib') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 45867c4e5..1bb829bab 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1946,7 +1946,9 @@ public class AuthenticationServer implements MOAIDAuthConstants { StringWriter writer = new StringWriter(); template.merge(context, writer); + resp.setContentType("text/html;charset=UTF-8"); resp.getOutputStream().write(writer.toString().getBytes()); + } catch (Exception e) { Logger.error("Error sending STORK SAML AuthnRequest.", e); httpSession.invalidate(); -- cgit v1.2.3