From d703b4201def4ea55bc865da87010972d13a434e Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 13 Oct 2017 13:18:11 +0200 Subject: enable mandates for eIDAS nodes --- .../at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'id/server/modules/module-monitoring') diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java index 6372fefa8..a56be1f46 100644 --- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java +++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java @@ -78,7 +78,8 @@ public class IdentityLinkTestModule implements TestModuleInterface { domVerifyXMLSignatureResponse).parseData(); DynamicOAAuthParameters oaParam = new DynamicOAAuthParameters(); - oaParam.setBusinessService(true); + oaParam.setHasBaseIdProcessingRestriction(true); + oaParam.setHasBaseIdTransfergRestriction(true); VerifyXMLSignatureResponseValidator.getInstance().validate( verifyXMLSignatureResponse, -- cgit v1.2.3 From fe2a02ec2afcbe2d7b9d59a9969d05923813ffdf Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 13 Nov 2017 09:38:00 +0100 Subject: fix some open CrossSiteScripting paths --- .../gv/egovernment/moa/id/auth/servlet/MonitoringController.java | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'id/server/modules/module-monitoring') diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringController.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringController.java index b232b9512..fdc1c9cc1 100644 --- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringController.java +++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringController.java @@ -30,6 +30,7 @@ import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.commons.lang.StringEscapeUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; @@ -58,11 +59,9 @@ public class MonitoringController { throws ServletException, IOException{ if (authConfig.isMonitoringActive()) { - Logger.debug("Monitoring Servlet received request"); - - + Logger.debug("Monitoring Servlet received request"); + String modulename = StringEscapeUtils.escapeHtml(req.getParameter(REQUEST_ATTR_MODULE)); - String modulename = req.getParameter(REQUEST_ATTR_MODULE); if (MiscUtil.isEmpty(modulename)) { List error = tests.executeTests(); -- cgit v1.2.3