From 92717efaa56e3d0f7c271b91483507cf981b417b Mon Sep 17 00:00:00 2001 From: Thomas Knall Date: Fri, 16 Jan 2015 10:19:44 +0100 Subject: Add minor fixes and updates. - Fix moa-id-auth web.xml and upgrade to servlet 3.0. - Reformat loginFormFull.html in order to enhance readability. - Add some TODOs and FIXMEs. - Adding some comments to DispatcherServlet in order to ease understanding the process. --- .../id/auth/servlet/GetMISSessionIDServlet.java | 2 ++ .../PEPSConnectorWithLocalSigningServlet.java | 1 + .../moa/id/entrypoints/DispatcherServlet.java | 27 ++++++++++++++++++---- 3 files changed, 25 insertions(+), 5 deletions(-) (limited to 'id/server/idserverlib') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java index 9e2e845b5..20c32a3ec 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java @@ -197,6 +197,7 @@ public class GetMISSessionIDServlet extends AuthServlet { // for now: list contains only one element MISMandate mandate = (MISMandate) list.get(0); + // TODO[tlenz]: UTF-8 ? String sMandate = new String(mandate.getMandate()); if (sMandate == null || sMandate.compareToIgnoreCase("") == 0) { Logger.error("Mandate is empty."); @@ -206,6 +207,7 @@ public class GetMISSessionIDServlet extends AuthServlet { //check if it is a parsable XML byte[] byteMandate = mandate.getMandate(); + // TODO[tlenz]: UTF-8 ? String stringMandate = new String(byteMandate); DOMUtils.parseDocument(stringMandate, false, null, null).getDocumentElement(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorWithLocalSigningServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorWithLocalSigningServlet.java index 3bc79f8bd..165445ea5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorWithLocalSigningServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorWithLocalSigningServlet.java @@ -473,6 +473,7 @@ public class PEPSConnectorWithLocalSigningServlet extends AuthServlet { Logger.info("Found AttributeProviderPlugin attribute:"+ap.getAttributes()); if(ap.getAttributes().equalsIgnoreCase("signedDoc")) { + // FIXME[tlenz]: A servlet's class field is not thread safe. oasisDssWebFormURL = ap.getUrl(); found = true; Logger.info("Loaded signedDoc attribute provider url from config:"+oasisDssWebFormURL); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index 03cb6c1c4..a4c5c938f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -23,7 +23,6 @@ package at.gv.egovernment.moa.id.entrypoints; import java.io.IOException; - import java.util.Iterator; import javax.servlet.ServletConfig; @@ -97,10 +96,13 @@ public class DispatcherServlet extends AuthServlet{ boolean useSSOOA = false; String protocolRequestID = null; - try { Logger.info("REQUEST: " + req.getRequestURI()); Logger.info("QUERY : " + req.getQueryString()); + + +// *** start of error handling *** + String errorid = req.getParameter(ERROR_CODE_PARAM); if (errorid != null) { @@ -117,7 +119,7 @@ public class DispatcherServlet extends AuthServlet{ pendingRequestID = (String) idObject; } - if (throwable != null) { + if (throwable != null) { IRequest errorRequest = null; if (pendingRequestID != null) { @@ -173,6 +175,11 @@ public class DispatcherServlet extends AuthServlet{ return; } +// *** end of error handling *** + + +// *** start of protocol specific stuff *** + Object moduleObject = req.getParameter(PARAM_TARGET_MODULE); String module = null; if (moduleObject != null && (moduleObject instanceof String)) { @@ -357,7 +364,11 @@ public class DispatcherServlet extends AuthServlet{ } } - + +// *** end of protocol specific stuff *** + +// *** start handling authentication *** + AuthenticationManager authmanager = AuthenticationManager.getInstance(); String moasessionID = null; @@ -473,7 +484,11 @@ public class DispatcherServlet extends AuthServlet{ //build authenticationdata from session information and OA configuration authData = AuthenticationDataBuilder.buildAuthenticationData(protocolRequest, moasession); } - + +// *** end handling authentication *** + +// *** start finalizing authentication (SSO, final redirects, statistic logging etc) *** + SLOInformationInterface assertionID = moduleAction.processRequest(protocolRequest, req, resp, authData); RequestStorage.removePendingRequest(protocolRequestID); @@ -506,6 +521,8 @@ public class DispatcherServlet extends AuthServlet{ } +// *** end finalizing authentication *** + } catch (Throwable e) { Logger.warn("An authentication error occured: ", e);; // Try handle module specific, if not possible rethrow -- cgit v1.2.3