From dd7dc7d427b9798c7e7d3a8fd6bbd407911650a9 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 9 Oct 2015 11:13:10 +0200 Subject: move BKU Authentication preprocessing into a seperate task. The GenerateIFrameTemplateServlet only put all request parameters into process-managment context --- .../StartAuthentificationParameterParser.java | 19 ++- .../servlet/GenerateIFrameTemplateServlet.java | 123 ++++---------- .../moa/id/moduls/AuthenticationManager.java | 30 ++-- .../modules/internal/DefaultAuthModuleImpl.java | 12 +- .../tasks/InitializeBKUAuthenticationTask.java | 188 +++++++++++++++++++++ .../internal/DefaultAuthentication.process.xml | 5 +- .../tasks/CreateStorkAuthRequestFormTask.java | 7 +- 7 files changed, 261 insertions(+), 123 deletions(-) create mode 100644 id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java (limited to 'id/server') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java index 998aa67eb..004961116 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java @@ -38,6 +38,7 @@ import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.FileUtils; @@ -279,7 +280,7 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ } - public static void parse(HttpServletRequest req, HttpServletResponse resp, + public static void parse(ExecutionContext ec, HttpServletRequest req, AuthenticationSession moasession, IRequest request) throws WrongParametersException, MOAIDException { @@ -299,12 +300,12 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ moasession.setAction(action); //get Parameters from request - String target = req.getParameter(PARAM_TARGET); - String oaURL = req.getParameter(PARAM_OA); - String bkuURL = req.getParameter(PARAM_BKU); - String templateURL = req.getParameter(PARAM_TEMPLATE); - String useMandate = req.getParameter(PARAM_USEMANDATE); - String ccc = req.getParameter(PARAM_CCC); + String target = (String) ec.get(PARAM_TARGET); + String oaURL = (String) ec.get(PARAM_OA); + String bkuURL = (String) ec.get(PARAM_BKU); + String templateURL = (String) ec.get(PARAM_TEMPLATE); + String useMandate = (String) ec.get(PARAM_USEMANDATE); + String ccc = (String) ec.get(PARAM_CCC); if (request.getOnlineApplicationConfiguration() != null && request.getOnlineApplicationConfiguration().isOnlyMandateAllowed()) { @@ -313,8 +314,7 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ useMandate = String.valueOf(request.getOnlineApplicationConfiguration().isOnlyMandateAllowed()); } - - + oaURL = request.getOAURL(); target = request.getTarget(); @@ -332,4 +332,5 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ private static boolean isEmpty(String param) { return param == null || param.length() == 0; } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java index 6feb0b260..2a63968dd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java @@ -23,7 +23,9 @@ package at.gv.egovernment.moa.id.auth.servlet; import java.io.IOException; +import java.util.Enumeration; import java.util.List; +import java.util.Map; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; @@ -66,27 +68,13 @@ public class GenerateIFrameTemplateServlet extends AuthServlet { String pendingRequestID = null; try { - String bkuid = req.getParameter(MOAIDAuthConstants.PARAM_BKU); - String useMandate = req.getParameter(MOAIDAuthConstants.PARAM_USEMANDATE); - String ccc = req.getParameter(MOAIDAuthConstants.PARAM_CCC); - String moasessionid = req.getParameter(MOAIDAuthConstants.PARAM_SESSIONID); - - moasessionid = StringEscapeUtils.escapeHtml(moasessionid); - - AuthenticationSession moasession = null; - - if (MiscUtil.isEmpty(bkuid) || MiscUtil.isEmpty(moasessionid)) { - Logger.warn("MOASessionID or BKU-type is empty. Maybe an old BKU-selection template is in use."); - throw new MOAIDException("auth.23", new Object[] {}); - } - + String moasessionid = req.getParameter(MOAIDAuthConstants.PARAM_SESSIONID); + moasessionid = StringEscapeUtils.escapeHtml(moasessionid); + AuthenticationSession moasession = null; try { - pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moasessionid); - + pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moasessionid); moasession = AuthenticationSessionStoreage.getSession(moasessionid); - -// AuthenticationSessionStoreage.changeSessionID(moasession); - + } catch (MOADatabaseException e) { Logger.info("MOASession with SessionID="+ moasessionid + " is not found in Database"); throw new MOAIDException("init.04", new Object[] { @@ -97,89 +85,36 @@ public class GenerateIFrameTemplateServlet extends AuthServlet { throw new MOAIDException("auth.18", new Object[] {}); } - //load OA Config - OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance() - .getOnlineApplicationParameter(moasession.getOAURLRequested()); - - if (oaParam == null) - throw new AuthenticationException("auth.00", new Object[] { moasession.getOAURLRequested() }); - - else { - - //get Target from config or from request in case of SAML 1 - String target = null; - IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID); - if (pendingReq == null) { - Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure."); - throw new MOAIDException("auth.28", new Object[]{pendingRequestID}); - - } - - MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_BKUTYPE_SELECTED, bkuid); - - if (MiscUtil.isNotEmpty(pendingReq.getTarget()) && - pendingReq.requestedModule().equals("id_saml1")) - target = pendingReq.getTarget(); - else - target = oaParam.getTarget(); - - String bkuURL = oaParam.getBKUURL(bkuid); - if (MiscUtil.isEmpty(bkuURL)) { - Logger.info("No OA specific BKU defined. Use BKU from default configuration"); - bkuURL = AuthConfigurationProviderFactory.getInstance().getDefaultBKUURL(bkuid); - } - - //search for OA specific template - String templateURL = null; - List oaTemplateURLList = oaParam.getTemplateURL(); - if ( oaTemplateURLList != null && oaTemplateURLList.size() > 0 - && MiscUtil.isNotEmpty(oaTemplateURLList.get(0)) ) { - templateURL = oaTemplateURLList.get(0); - - } else { - templateURL = AuthConfigurationProviderFactory.getInstance().getSLRequestTemplates(bkuid); - } - - //make url absolut if it is a local url - if (MiscUtil.isNotEmpty(templateURL)) - templateURL = FileUtils.makeAbsoluteURL(templateURL, - AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir()); - - if (oaParam.isOnlyMandateAllowed()) - useMandate = "true"; - - if (!oaParam.isShowMandateCheckBox()) - useMandate = "false"; - - //parse all OA parameters i - StartAuthentificationParameterParser.parse(moasession, - target, - moasession.getOAURLRequested(), - bkuURL, - templateURL, - useMandate, - ccc, - moasession.getModul(), - moasession.getAction(), - req); - } + ExecutionContext ec = new ExecutionContextImpl(); - // set execution context - ec.put("ccc", moasession.getCcc()); - ec.put("useMandate", moasession.getUseMandate()); - ec.put("bkuURL", moasession.getBkuURL()); + // set execution context + Enumeration reqParamNames = req.getParameterNames(); + while(reqParamNames.hasMoreElements()) { + String paramName = reqParamNames.nextElement(); + if (MiscUtil.isNotEmpty(paramName)) + ec.put(paramName, req.getParameter(paramName)); + + } + ec.put("pendingRequestID", pendingRequestID); - + ec.put(MOAIDAuthConstants.PARAM_SESSIONID, moasessionid); + +// String bkuid = req.getParameter(MOAIDAuthConstants.PARAM_BKU); +// String useMandate = req.getParameter(MOAIDAuthConstants.PARAM_USEMANDATE); +// String ccc = req.getParameter(MOAIDAuthConstants.PARAM_CCC); +// ec.put("ccc", moasession.getCcc()); +// ec.put("useMandate", moasession.getUseMandate()); +// ec.put("bkuURL", moasession.getBkuURL()); + // select and create process instance String processDefinitionId = ModuleRegistration.getInstance().selectProcess(ec); - String processInstanceId = getProcessEngine().createProcessInstance(processDefinitionId, ec); - if (processDefinitionId == null) { Logger.warn("No suitable process found for SessionID " + moasession.getSessionID()); throw new MOAIDException("process.02", new Object[] { moasession.getSessionID() }); - } + } + + String processInstanceId = getProcessEngine().createProcessInstance(processDefinitionId, ec); // keep process instance id in moa session moasession.setProcessInstanceId(processInstanceId); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index 11fa2bb42..39cb5b9c8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -28,6 +28,7 @@ import java.lang.reflect.InvocationTargetException; import java.security.NoSuchAlgorithmException; import java.util.ArrayList; import java.util.Collection; +import java.util.Enumeration; import java.util.Iterator; import java.util.List; import java.util.Map.Entry; @@ -623,21 +624,22 @@ public class AuthenticationManager extends MOAIDAuthConstants { try { if (legacyallowed && legacyparamavail) { - - //parse request parameter into MOASession - StartAuthentificationParameterParser.parse(request, response, moasession, target); - - Logger.info("Start Authentication Module: " + moasession.getModul() - + " Action: " + moasession.getAction()); - - // create execution context + + // create execution context ExecutionContext executionContext = new ExecutionContextImpl(); - executionContext.put("ccc", moasession.getCcc()); - executionContext.put("useMandate", moasession.getUseMandate()); - executionContext.put("bkuURL", moasession.getBkuURL()); - executionContext.put(PARAM_SESSIONID, moasession.getSessionID()); + executionContext.put(MOAIDAuthConstants.PARAM_SESSIONID, moasession.getSessionID()); executionContext.put("pendingRequestID", target.getRequestID()); - + + executionContext.put("isLegacyRequest", true); + + Enumeration reqParamNames = request.getParameterNames(); + while(reqParamNames.hasMoreElements()) { + String paramName = reqParamNames.nextElement(); + if (MiscUtil.isNotEmpty(paramName)) + executionContext.put(paramName, request.getParameter(paramName)); + + } + // create process instance String processDefinitionId = ModuleRegistration.getInstance().selectProcess(executionContext); @@ -660,7 +662,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { throw new MOAIDException("init.04", new Object[] { moasession.getSessionID()}); } - + // start process processEngine.start(processInstanceId); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthModuleImpl.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthModuleImpl.java index 8ae4a9999..cac7359c7 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthModuleImpl.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthModuleImpl.java @@ -2,6 +2,7 @@ package at.gv.egovernment.moa.id.auth.modules.internal; import org.apache.commons.lang3.StringUtils; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.modules.AuthModule; import at.gv.egovernment.moa.id.process.api.ExecutionContext; @@ -16,8 +17,15 @@ public class DefaultAuthModuleImpl implements AuthModule { } @Override - public String selectProcess(ExecutionContext context) { - return StringUtils.isBlank((String) context.get("ccc")) ? "DefaultAuthentication" : null; + public String selectProcess(ExecutionContext context) { + //select process if BKU is selected and it is no STORK authentication + if (StringUtils.isBlank((String) context.get("ccc")) && + StringUtils.isNotBlank((String) context.get(MOAIDAuthConstants.PARAM_BKU))) + return "DefaultAuthentication"; + + else + return null; + } @Override diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java new file mode 100644 index 000000000..feab1ec66 --- /dev/null +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java @@ -0,0 +1,188 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.internal.tasks; + +import java.util.List; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser; +import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.MOAAuthDataType; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.moduls.RequestStorage; +import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.FileUtils; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) + */ + @Override + public void execute(ExecutionContext executionContext, + HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + + try { + String moasessionid = (String) executionContext.get(MOAIDAuthConstants.PARAM_SESSIONID); + String pendingRequestID = (String) executionContext.get("pendingRequestID"); + + //load pending request + IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID); + if (pendingReq == null) { + Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure."); + throw new MOAIDException("auth.28", new Object[]{pendingRequestID}); + + } + + //load MOASession object + AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moasessionid); + + boolean isLegacyRequest = false; + Object isLegacyRequestObj = executionContext.get("isLegacyRequest"); + if (isLegacyRequestObj != null && isLegacyRequestObj instanceof Boolean) + isLegacyRequest = (boolean) isLegacyRequestObj; + + if (isLegacyRequest) { + //parse request parameter into MOASession + Logger.info("Start Authentication Module: " + moasession.getModul() + + " Action: " + moasession.getAction()); + + StartAuthentificationParameterParser.parse(executionContext, request, moasession, pendingReq); + + } else { + String bkuid = (String) executionContext.get(MOAIDAuthConstants.PARAM_BKU); + String useMandate = (String) executionContext.get(MOAIDAuthConstants.PARAM_USEMANDATE); + String ccc = (String) executionContext.get(MOAIDAuthConstants.PARAM_CCC); + + //remove MOASessionID from executionContext because it is not needed any more + + + if (MiscUtil.isEmpty(bkuid) || MiscUtil.isEmpty(moasessionid)) { + Logger.warn("MOASessionID or BKU-type is empty. Maybe an old BKU-selection template is in use."); + throw new MOAIDException("auth.23", new Object[] {}); + } + + //load OA Config + IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); + + if (oaParam == null) + throw new AuthenticationException("auth.00", new Object[] { moasession.getOAURLRequested() }); + + else { + MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), + pendingReq, MOAIDEventConstants.AUTHPROCESS_BKUTYPE_SELECTED, bkuid); + + //get Target from config or from request in case of SAML 1 + String target = null; + if (MiscUtil.isNotEmpty(pendingReq.getTarget()) && + pendingReq.requestedModule().equals("id_saml1")) + target = pendingReq.getTarget(); + else + target = oaParam.getTarget(); + + String bkuURL = oaParam.getBKUURL(bkuid); + if (MiscUtil.isEmpty(bkuURL)) { + Logger.info("No OA specific BKU defined. Use BKU from default configuration"); + bkuURL = AuthConfigurationProviderFactory.getInstance().getDefaultBKUURL(bkuid); + } + + //search for OA specific template + String templateURL = null; + List oaTemplateURLList = oaParam.getTemplateURL(); + if ( oaTemplateURLList != null && oaTemplateURLList.size() > 0 + && MiscUtil.isNotEmpty(oaTemplateURLList.get(0)) ) { + templateURL = oaTemplateURLList.get(0); + + } else { + templateURL = AuthConfigurationProviderFactory.getInstance().getSLRequestTemplates(bkuid); + } + + //make url absolut if it is a local url + if (MiscUtil.isNotEmpty(templateURL)) + templateURL = FileUtils.makeAbsoluteURL(templateURL, + AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir()); + + if (oaParam.isOnlyMandateAllowed()) + useMandate = "true"; + + if (!oaParam.isShowMandateCheckBox()) + useMandate = "false"; + + //parse all OA parameters i + StartAuthentificationParameterParser.parse(moasession, + target, + moasession.getOAURLRequested(), + bkuURL, + templateURL, + useMandate, + ccc, + moasession.getModul(), + moasession.getAction(), + request); + } + } + + executionContext.put(MOAIDAuthConstants.PARAM_USEMANDATE, moasession.getUseMandate()); + + // make sure moa session has been persisted before running the process + try { + AuthenticationSessionStoreage.storeSession(moasession); + } catch (MOADatabaseException e) { + Logger.error("Database Error! MOASession is not stored!"); + throw new MOAIDException("init.04", new Object[] { + moasession.getSessionID()}); + } + + + } catch (MOADatabaseException | MOAIDException e) { + throw new TaskExecutionException(e.getMessage(), e); + + } catch (Exception e) { + Logger.warn("InitializeBKUAuthentication has an internal error", e); + throw new TaskExecutionException(e.getMessage(), e); + + } + + } + +} diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml index e9e95e922..6bbaf6ece 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml @@ -5,6 +5,7 @@ - National authentication with Austrian Citizen Card and mobile signature with our without mandate. - Legacy authentication for foreign citizens using MOCCA supported signature cards. --> + @@ -19,7 +20,9 @@ - + + + diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java index a8792cd8f..ef61739f8 100644 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java +++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java @@ -116,13 +116,14 @@ public class CreateStorkAuthRequestFormTask extends AbstractAuthServletTask { try { setNoCachingHeaders(resp); - sessionID = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_SESSIONID)); + sessionID = (String) executionContext.get(PARAM_SESSIONID); + pendingRequestID = (String) executionContext.get("pendingRequestID"); + // check parameter if (!ParamValidatorUtils.isValidSessionID(sessionID)) { throw new WrongParametersException("CreateStorkAuthRequestFormTask", PARAM_SESSIONID, "auth.12"); } - AuthenticationSession moasession = BaseAuthenticationServer.getSession(sessionID); - pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID); + AuthenticationSession moasession = BaseAuthenticationServer.getSession(sessionID); IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID); if (StringUtils.isEmpty(moasession.getCcc())) { -- cgit v1.2.3