From 8de3af116a8f306a6a7690e6c6f0c9b0e88b9c67 Mon Sep 17 00:00:00 2001 From: Andreas Fitzek Date: Thu, 25 Apr 2013 16:24:18 +0200 Subject: Redesigned Dispatcher system to actions --- .../moa/id/auth/MOAIDAuthInitializer.java | 2 +- .../builder/CreateXMLSignatureRequestBuilder.java | 20 +- .../CreateXMLSignatureRequestBuilderForeign.java | 14 +- .../auth/builder/GetIdentityLinkFormBuilder.java | 14 +- .../auth/servlet/StartAuthenticationServlet.java | 14 +- .../CreateXMLSignatureResponseValidator.java | 2 +- .../validator/parep/ParepInputProcessorImpl.java | 10 +- .../moa/id/auth/validator/parep/ParepUtils.java | 2 +- .../id/auth/validator/parep/ParepValidator.java | 42 +-- .../moa/id/config/TargetsAndSectorNames.java | 84 +++--- .../id/config/proxy/ProxyConfigurationBuilder.java | 4 +- .../moa/id/entrypoints/AuthDispatcherServlet.java | 53 +++- .../moa/id/entrypoints/DispatcherServlet.java | 322 +++++++++++++-------- .../moa/id/moduls/AuthenticationManager.java | 49 +++- .../at/gv/egovernment/moa/id/moduls/IAction.java | 11 + .../gv/egovernment/moa/id/moduls/IModulInfo.java | 4 +- .../at/gv/egovernment/moa/id/moduls/IRequest.java | 2 + .../gv/egovernment/moa/id/moduls/ModulUtils.java | 12 +- .../id/moduls/NoPassivAuthenticationException.java | 16 + .../egovernment/moa/id/moduls/RequestStorage.java | 28 ++ .../id/protocols/pvp2x/AuthenticationAction.java | 21 ++ .../moa/id/protocols/pvp2x/PVP2XProtocol.java | 36 ++- .../moa/id/protocols/pvp2x/utils/SAML2Utils.java | 25 ++ .../moa/id/protocols/saml1/GetArtifactAction.java | 127 ++++++++ .../moa/id/protocols/saml1/SAML1Protocol.java | 10 + .../moa/id/proxy/DefaultConnectionBuilder.java | 4 +- .../moa/id/proxy/ElakConnectionBuilder.java | 4 +- .../moa/id/proxy/EnhancedConnectionBuilder.java | 4 +- .../parser/AuthenticationDataAssertionParser.java | 2 +- .../moa/id/proxy/servlet/ProxyServlet.java | 4 +- .../egovernment/moa/id/util/HTTPSessionUtils.java | 29 ++ .../at/gv/egovernment/moa/id/util/SSLUtils.java | 2 +- .../moa/id/util/client/mis/simple/MISMandate.java | 8 +- 33 files changed, 709 insertions(+), 272 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/NoPassivAuthenticationException.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java (limited to 'id') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java index cf5615a13..8279b28d8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java @@ -93,7 +93,7 @@ public class MOAIDAuthInitializer { // Mapping OpenSSL - Java // OpenSSL Java // http://www.openssl.org/docs/apps/ciphers.html http://docs.oracle.com/javase/6/docs/technotes/guides/security/SunProviders.html -// via “openssl ciphers -tls1 HIGH –v” +// via !openssl ciphers -tls1 HIGH !v! // // ADH-AES256-SHA TLS_DH_anon_WITH_AES_256_CBC_SHA // DHE-RSA-AES256-SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java index 2da7db2b2..245ab206d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java @@ -180,8 +180,8 @@ public class CreateXMLSignatureRequestBuilder implements Constants { // request += ""; request += ""; request += ""; - request += "

Anmeldedaten für (Requesting Application Access for):

"; - request += "

Persönliche Daten (Personal Data)

"; + request += "

Anmeldedaten für (Requesting Application Access for):

"; + request += "

Persönliche Daten (Personal Data)

"; request += ""; request += ""; request += ""; @@ -201,7 +201,7 @@ public class CreateXMLSignatureRequestBuilder implements Constants { request += ""; request += ""; request += ""; - request += ""; + request += ""; request += ""; request += "
Name:
Land (Country):Österreich (Austria)Österreich (Austria)
"; request += "

Technische Parameter (Technical Parameters)

"; @@ -253,14 +253,14 @@ public class CreateXMLSignatureRequestBuilder implements Constants { request += ""; request += ""; - request += "

Mit der Anmeldung erfolgt eine Abfrage des Ergänzungsregister für " + - "natürliche Personen (ERnP), damit ich meinen elektronischen " + - "Identitätsnachweis (meine elektronische Identitätskarte) unmittelbar " + - "als Österreichische Bürgerkarte verwenden kann. Ich bin nicht im " + + request += "

Mit der Anmeldung erfolgt eine Abfrage des Ergänzungsregister für " + + "natürliche Personen (ERnP), damit ich meinen elektronischen " + + "Identitätsnachweis (meine elektronische Identitätskarte) unmittelbar " + + "als Österreichische Bürgerkarte verwenden kann. Ich bin nicht im " + "Zentralen Melderegister eingetragen und stimme, sofern ich nicht im " + "ERnP eingetragen bin, einer Eintragung ins ERnP zu. Ich nehme zur " + - "Kenntnis, dass die Eintragung ins ERnP ausschließlich der Aufzeichnung " + - "jener Daten, die für die eindeutige Identität notwendig sind, dient.

"; + "Kenntnis, dass die Eintragung ins ERnP ausschließlich der Aufzeichnung " + + "jener Daten, die für die eindeutige Identität notwendig sind, dient.

"; request += "

I affirm that I am not registered with the Austrian Central " + "Register of Residents or the Supplementary Register for Natural Persons. I therefore " + @@ -277,7 +277,7 @@ public class CreateXMLSignatureRequestBuilder implements Constants { // "Residents Registry and that I am not obliged to register with the Austrian " + // "Central Residents Registry according to Austrian law.
" + // "In the event I am not yet registered with the Supplementary Register, I " + -// "explicitly grant to do so according to §6 (5) E-Government Act (EGovG, idF: " + +// "explicitly grant to do so according to §6 (5) E-Government Act (EGovG, idF: " + // "BGBl. I Nr. 7/2008 und BGBl. I Nr. 59/2008).

"; request += ""; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilderForeign.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilderForeign.java index 6368713db..650f1578d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilderForeign.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilderForeign.java @@ -123,19 +123,19 @@ public class CreateXMLSignatureRequestBuilderForeign extends Builder { out.write("<"); else if (ch == '>') out.write(">"); - else if (ch == 'ä') + else if (ch == 'ä') out.write("ä"); - else if (ch == 'ö') + else if (ch == 'ö') out.write("ö"); - else if (ch == 'ü') + else if (ch == 'ü') out.write("ü"); - else if (ch == 'Ä') + else if (ch == 'Ä') out.write("Ä"); - else if (ch == 'Ö') + else if (ch == 'Ö') out.write("Ö"); - else if (ch == 'Ü') + else if (ch == 'Ãœ') out.write("Ü"); - else if (ch == 'ß') + else if (ch == 'ß') out.write("ß"); else out.write(ch); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java index d40cd1909..bd8d52031 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java @@ -154,19 +154,19 @@ public class GetIdentityLinkFormBuilder extends Builder { out.write("<"); else if (ch == '>') out.write(">"); - else if (ch == 'ä') + else if (ch == 'ä') out.write("ä"); - else if (ch == 'ö') + else if (ch == 'ö') out.write("ö"); - else if (ch == 'ü') + else if (ch == 'ü') out.write("ü"); - else if (ch == 'Ä') + else if (ch == 'Ä') out.write("Ä"); - else if (ch == 'Ö') + else if (ch == 'Ö') out.write("Ö"); - else if (ch == 'Ü') + else if (ch == 'Ãœ') out.write("Ü"); - else if (ch == 'ß') + else if (ch == 'ß') out.write("ß"); else out.write(ch); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java index 029aeadc2..2133d0455 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java @@ -32,6 +32,7 @@ import javax.servlet.ServletConfig; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; import javax.swing.text.StyleContext.SmallAttributeSet; import org.apache.commons.lang.StringEscapeUtils; @@ -47,6 +48,8 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.config.stork.CPEPS; import at.gv.egovernment.moa.id.config.stork.STORKConfig; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol; import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; @@ -98,6 +101,8 @@ public class StartAuthenticationServlet extends AuthServlet { } authURL = authURL.concat(req.getContextPath() + "/"); + HttpSession httpSession = req.getSession(); + String target = req.getParameter(PARAM_TARGET); String sourceID = req.getParameter(PARAM_SOURCEID); String oaURL = req.getParameter(PARAM_OA); @@ -106,8 +111,11 @@ public class StartAuthenticationServlet extends AuthServlet { String sessionID = req.getParameter(PARAM_SESSIONID); String useMandate = req.getParameter(PARAM_USEMANDATE); String ccc = req.getParameter(PARAM_CCC); - String modul = req.getParameter(PARAM_MODUL); - String action = req.getParameter(PARAM_ACTION); + + IRequest request = RequestStorage.getPendingRequest(httpSession); + + String modul = request.requestedModule();//req.getParameter(PARAM_MODUL); + String action = request.requestedAction();//req.getParameter(PARAM_ACTION); // escape parameter strings //TODO: use URLEncoder.encode!! @@ -150,6 +158,8 @@ public class StartAuthenticationServlet extends AuthServlet { action = SAML1Protocol.GETARTIFACT; } + Logger.info("Start Authentication Module: " + modul + " Action: " + action); + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); if (oaParam == null) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java index dfad29e50..8d2f95cce 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java @@ -208,7 +208,7 @@ public class CreateXMLSignatureResponseValidator { } if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { foundOA = true; - if (!oaURL.equals((String)samlAttribute.getValue())) { // CHECKS für die AttributeVALUES fehlen noch + if (!oaURL.equals((String)samlAttribute.getValue())) { // CHECKS für die AttributeVALUES fehlen noch throw new ValidateException("validator.16", new Object[] {":gefunden wurde '" + oaURL + "', erwartet wurde '" + samlAttribute.getValue()}); } } else { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java index 576d9c358..88c4a8feb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java @@ -168,9 +168,9 @@ public class ParepInputProcessorImpl implements ParepInputProcessor{ if (!locErrortext.endsWith(": ")) locErrortext = locErrortext + ", "; locErrortext = locErrortext + "Vorname"; } - // Auf existierendes Datum prüfen + // Auf existierendes Datum prüfen SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd"); - format.setLenient(false); // Wir wollen keine künstliche Pareserintelligenz, nur Datum prüfen + format.setLenient(false); // Wir wollen keine künstliche Pareserintelligenz, nur Datum prüfen try { format.parse(dateOfBirth); } @@ -192,7 +192,7 @@ public class ParepInputProcessorImpl implements ParepInputProcessor{ } if (ParepUtils.isEmpty(cbIdentificationValue)) { if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", "; - locErrortext = locErrortext + "Ordnungsnummer im ausgewählten Register"; + locErrortext = locErrortext + "Ordnungsnummer im ausgewählten Register"; } } } @@ -200,7 +200,7 @@ public class ParepInputProcessorImpl implements ParepInputProcessor{ request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName, cbIdentificationType, cbIdentificationValue); if (formNecessary) { - // Daten noch nicht vollständig oder anderer Fehler + // Daten noch nicht vollständig oder anderer Fehler if (locErrortext.endsWith("fehlen: ")) locErrortext =""; String error = ""; if (!ParepUtils.isEmpty(extErrortext)) { @@ -293,7 +293,7 @@ public class ParepInputProcessorImpl implements ParepInputProcessor{ form = ParepUtils.replaceAll(form, "", rpDateOfBirth.substring(0,4)); form = ParepUtils.replaceAll(form, "", rpDateOfBirth.substring(5,7)); form = ParepUtils.replaceAll(form, "", rpDateOfBirth.substring(8,10)); - //darf zw. phys. und jur. Person gewählt werden: + //darf zw. phys. und jur. Person gewählt werden: //form = replaceAll(form, "seldisabled=\"\"", reducedSelection ? "disabled=\"true\"" : ""); form = ParepUtils.replaceAll(form, "physdisabled=\"\"", physEnabled ? "" : "disabled=\"true\""); form = ParepUtils.replaceAll(form, "physselected=\"\"", physical ? "checked=\"checked\"" : ""); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java index 5eeaa5d3d..ab7a134c8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java @@ -650,7 +650,7 @@ public class ParepUtils { if (ParepUtils.isEmpty(register)) return null; if (register.equals("FN") || register.equals("XFN")) return "Firmenbuchnummer"; if (register.equals("VR") || register.equals("XZVR") || register.equals("XVR") || register.equals("ZVR")) return "Nummer im Vereinsregister"; - if (register.equals("ERSB") || register.equals("XERSB")) return "Nummer im Ergänzungsregister für sonstige Betroffene"; + if (register.equals("ERSB") || register.equals("XERSB")) return "Nummer im Ergänzungsregister für sonstige Betroffene"; return null; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java index 7bd6f5e28..735117094 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java @@ -88,7 +88,7 @@ public class ParepValidator implements InfoboxValidator { private String form = null; /** unspecified error of parep-validator (must not know more about)*/ - private final static String COMMON_ERROR = "Es ist ein Fehler bei der Überprüfung für berufsmäßige Parteienvetretung aufgetreten"; + private final static String COMMON_ERROR = "Es ist ein Fehler bei der �berpr�fung f�r berufsm��ige Parteienvetretung aufgetreten"; /** Default class to gather remaining mandator data. */ public final static String PAREP_INPUT_PROCESSOR = "at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl"; @@ -97,7 +97,7 @@ public class ParepValidator implements InfoboxValidator { public final static String PAREP_INPUT_TEMPLATE = "/resources/templates/ParepMinTemplate.html"; /** kind of representation text in AUTH block*/ - public final static String STANDARD_REPRESENTATION_TEXT = "berufsmäßige(r) Parteienvertreter(in)"; + public final static String STANDARD_REPRESENTATION_TEXT = "berufsm��ige(r) Parteienvertreter(in)"; /** Names of the produced SAML-attributes. */ public final static String EXT_SAML_MANDATE_RAW = "Mandate"; @@ -141,7 +141,7 @@ public class ParepValidator implements InfoboxValidator { InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null); try { - Logger.debug("Starte Organwalter-/berufsmäßige Parteienvertreterprüfung."); + Logger.debug("Starte Organwalter-/berufsmäßige Parteienvertreterprüfung."); this.params = params; Element mandate = extractPrimaryToken(this.params.getInfoboxTokenList()); @@ -152,7 +152,7 @@ public class ParepValidator implements InfoboxValidator { return validationResult; } - // Überprüfen der Identifikation (Type/Value). + // überprüfen der Identifikation (Type/Value). String identificationType = this.params.getIdentificationType(); String identificationValue = this.params.getIdentificationValue(); if (this.params.getBusinessApplication()) { @@ -165,9 +165,9 @@ public class ParepValidator implements InfoboxValidator { } } else { if (representationID.startsWith(MOAIDAuthConstants.PARTY_ORGAN_REPRESENTATION_OID_NUMBER)) { - //Für Organwalter wird die Stammzahl zur Berechnung der Organwalter-bPK benötigt + //Für Organwalter wird die Stammzahl zur Berechnung der Organwalter-bPK benötigt if (!Constants.URN_PREFIX_BASEID.equals(this.params.getIdentificationType())) { - Logger.error("Für eine Vertretung durch Organwalter ist es notwendig dessen Stammzahl an das Stammzahlenregister-Gateway zu übermitteln. In der MOA-ID Konfiguration muss die Übermittlung Stammzahl aktiviert sein."); + Logger.error("Für eine Vertretung durch Organwalter ist es notwendig dessen Stammzahl an das Stammzahlenregister-Gateway zu �bermitteln. In der MOA-ID Konfiguration muss die �bermittlung Stammzahl aktiviert sein."); validationResult.setErrorMessage("Die standardisierte Vollmacht wird von diesem Server nicht akzeptiert."); return validationResult; } else { @@ -179,7 +179,7 @@ public class ParepValidator implements InfoboxValidator { identificationType = Constants.URN_PREFIX_CDID; String bpkBase64 = new BPKBuilder().buildBPK(this.params.getIdentificationValue(), this.params.getTarget()); identificationValue = bpkBase64; - Logger.debug("bPK für Parteienvertreter wurde berechnet. Parteienvertreter wird mit bPK identifiziert"); + Logger.debug("bPK für Parteienvertreter wurde berechnet. Parteienvertreter wird mit bPK identifiziert"); } else { Logger.debug("Parteienvertreter wird mit bPK identifiziert"); } @@ -189,7 +189,7 @@ public class ParepValidator implements InfoboxValidator { Configure(this.params.getApplicationSpecificParams()); // check if we have a configured party representative for that if (!parepConfiguration.isPartyRepresentative(representationID)) { - Logger.info("Kein berufsmäßiger Parteienvertreter für MandateID \"" + representationID + "\" konfiguriert."); + Logger.info("Kein berufsmäßiger Parteienvertreter für MandateID \"" + representationID + "\" konfiguriert."); validationResult.setErrorMessage("Die standardisierte Vollmacht wird von diesem Server nicht akzeptiert."); return validationResult; } @@ -200,7 +200,7 @@ public class ParepValidator implements InfoboxValidator { // ParepUtils.serializeElement(request.getRepresentative(), System.out); //ParepUtils.saveElementToFile(request.getRepresentative(), new File("c:/representative.xml")); - Logger.debug("Prüfe vorausgefüllte Daten..."); + Logger.debug("Prüfe vorausgefüllte Daten..."); boolean physical = true; String familyName = ""; String givenName = ""; @@ -239,7 +239,7 @@ public class ParepValidator implements InfoboxValidator { } if (physical) { if (!parepConfiguration.isRepresentingPhysicalParty(representationID)) { - validationResult.setErrorMessage("Vertretung von natürlichen Personen für diese standardisierte Vollmacht nicht erlaubt."); + validationResult.setErrorMessage("Vertretung von natürlichen Personen für diese standardisierte Vollmacht nicht erlaubt."); return validationResult; } if (ParepUtils.isEmpty(familyName) || ParepUtils.isEmpty(givenName) || ParepUtils.isEmpty(dateOfBirth)) { @@ -247,7 +247,7 @@ public class ParepValidator implements InfoboxValidator { } } else { if (!parepConfiguration.isRepresentingCorporateParty(representationID)) { - validationResult.setErrorMessage("Vertretung von juristischen Personen für diese standardisierte Vollmacht nicht erlaubt."); + validationResult.setErrorMessage("Vertretung von juristischen Personen für diese standardisierte Vollmacht nicht erlaubt."); return validationResult; } if (ParepUtils.isEmpty(cbFullName) || ParepUtils.isEmpty(cbIdentificationType) || ParepUtils.isEmpty(cbIdentificationValue)) { @@ -255,7 +255,7 @@ public class ParepValidator implements InfoboxValidator { } } - //Zeigen wir, dass die Daten übernommen wurden: + //Zeigen wir, dass die Daten �bernommen wurden: if (parepConfiguration.isAlwaysShowForm()) formNecessary=true; // Input processor @@ -281,7 +281,7 @@ public class ParepValidator implements InfoboxValidator { addAuthBlockExtendedSamlAttributes(); validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes()); - Logger.debug("Überprüfung der vertretenen Partei erfolgreich beendet"); + Logger.debug("�berpr�fung der vertretenen Partei erfolgreich beendet"); validationResult.setValid(true); return validationResult; } catch (Exception e) { @@ -300,8 +300,8 @@ public class ParepValidator implements InfoboxValidator { public InfoboxValidationResult validate(Map parameters) throws ValidateException { InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null); - Logger.debug("Intermediate processing von Organwalter-/berufsmäßige Parteienvertreterprüfung"); - Logger.debug("Prüfe im Formular ausgefüllte Daten..."); + Logger.debug("Intermediate processing von Organwalter-/berufsmäßige Parteienvertreterprüfung"); + Logger.debug("Prüfe im Formular ausgefüllte Daten..."); if (PAREP_DEBUG) Logger.debug("Got parameters from user input form: " + parameters.toString()); // Input processor @@ -315,7 +315,7 @@ public class ParepValidator implements InfoboxValidator { addAuthBlockExtendedSamlAttributes(); validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes()); validationResult.setValid(true); - Logger.debug("Intermediate processing von Organwalter-/berufsmäßige Parteienvertreterprüfung erfolgreich beendet"); + Logger.debug("Intermediate processing von Organwalter-/berufsmäßige Parteienvertreterprüfung erfolgreich beendet"); return validationResult; } @@ -327,7 +327,7 @@ public class ParepValidator implements InfoboxValidator { public InfoboxValidationResult validate(Element samlAssertion) throws ValidateException { InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null); - Logger.debug("Post processing von Organwalter-/berufsmäßige Parteienvertreterprüfung"); + Logger.debug("Post processing von Organwalter-/berufsm��ige Parteienvertreterpr�fung"); this.form = ""; try { @@ -341,9 +341,9 @@ public class ParepValidator implements InfoboxValidator { // if (true) { // if (this.params.getHideStammzahl()) { // if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +"_origin.xml")); -// // Achtung: Es wird hier nicht spezifikationskonform vorgegangen, damit im Kompatibilitätsmodus Personendaten ersetzt werden können. -// // Würden die Stammzahlen gelöscht (geblindet) werden, würde der Identifikationswert des Vertretenen gänzlich fehlen. -// // Im Falle einen business Anwendung berechnet MOA-ID nach Rückkehr das wbPK +// // Achtung: Es wird hier nicht spezifikationskonform vorgegangen, damit im Kompatibilit�tsmodus Personendaten ersetzt werden k�nnen. +// // W�rden die Stammzahlen gel�scht (geblindet) werden, w�rde der Identifikationswert des Vertretenen g�nzlich fehlen. +// // Im Falle einen business Anwendung berechnet MOA-ID nach R�ckkehr das wbPK // ParepUtils.HideStammZahlen(mandate, this.params.getBusinessApplication(), this.params.getTarget(), this.params.getDomainIdentifier(), false); // } // if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +".xml")); @@ -403,7 +403,7 @@ public class ParepValidator implements InfoboxValidator { validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes()); validationResult.setValid(true); - Logger.debug("Post processing von Organwalter-/berufsmäßige Parteienvertreterprüfung erfolgreich beendet"); + Logger.debug("Post processing von Organwalter-/berufsm��ige Parteienvertreterpr�fung erfolgreich beendet"); } else { String errorMsg = "Fehler " + response.getResultCode() + " bei Stammzahlenregister-Gateway Anfrage"; String responseInfo = response.getInfo(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetsAndSectorNames.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetsAndSectorNames.java index 1fe8f13b6..a2962e4b2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetsAndSectorNames.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetsAndSectorNames.java @@ -30,7 +30,7 @@ package at.gv.egovernment.moa.id.config; /** * This interface contains all actual possible targets in Austria (shortcuts and friendly names) - * Bereichskennung and Tätigkeitsbereich + * Bereichskennung and T�tigkeitsbereich * @author bzwattendorfer * */ @@ -38,178 +38,178 @@ public interface TargetsAndSectorNames { /** Bereichskennung AR */ public static String TARGET_AR = "AR"; - /** Tätigkeitsbereich AR */ + /** Tätigkeitsbereich AR */ public static String TARGET_AR_SECTOR = "Arbeit"; /** Bereichskennung AS */ public static String TARGET_AS = "AS"; - /** Tätigkeitsbereich AS */ + /** Tätigkeitsbereich AS */ public static String TARGET_AS_SECTOR = "Amtliche Statistik"; /** Bereichskennung BF */ public static String TARGET_BF = "BF"; - /** Tätigkeitsbereich BF */ + /** Tätigkeitsbereich BF */ public static String TARGET_BF_SECTOR = "Bildung und Forschung"; /** Bereichskennung BW */ public static String TARGET_BW = "BW"; - /** Tätigkeitsbereich BW */ + /** Tätigkeitsbereich BW */ public static String TARGET_BW_SECTOR = "Bauen und Wohnen"; /** Bereichskennung EA */ public static String TARGET_EA = "EA"; - /** Tätigkeitsbereich EA */ - public static String TARGET_EA_SECTOR = "EU und Auswärtige Angelegenheiten"; + /** Tätigkeitsbereich EA */ + public static String TARGET_EA_SECTOR = "EU und Auswärtige Angelegenheiten"; /** Bereichskennung EF */ public static String TARGET_EF = "EF"; - /** Tätigkeitsbereich EF */ + /** Tätigkeitsbereich EF */ public static String TARGET_EF_SECTOR = "Ein- und Ausfuhr"; /** Bereichskennung GH */ public static String TARGET_GH = "GH"; - /** Tätigkeitsbereich GH */ + /** Tätigkeitsbereich GH */ public static String TARGET_GH_SECTOR = "Gesundheit"; /** Bereichskennung GS */ public static String TARGET_GS = "GS"; - /** Tätigkeitsbereich GS */ + /** Tätigkeitsbereich GS */ public static String TARGET_GS_SECTOR = "Gesellschaft und Soziales"; /** Bereichskennung GS-RE */ public static String TARGET_GS_RE = "GS-RE"; - /** Tätigkeitsbereich GS-RE */ + /** Tätigkeitsbereich GS-RE */ public static String TARGET_GS_RE_SECTOR = "Restitution"; /** Bereichskennung JR */ public static String TARGET_JR = "JR"; - /** Tätigkeitsbereich JR */ + /** Tätigkeitsbereich JR */ public static String TARGET_JR_SECTOR = "Justiz/Zivilrechtswesen"; /** Bereichskennung KL */ public static String TARGET_KL = "KL"; - /** Tätigkeitsbereich KL */ + /** Tätigkeitsbereich KL */ public static String TARGET_KL_SECTOR = "Kultus"; /** Bereichskennung KU */ public static String TARGET_KU = "KU"; - /** Tätigkeitsbereich KU */ + /** Tätigkeitsbereich KU */ public static String TARGET_KU_SECTOR = "Kunst und Kultur"; /** Bereichskennung LF */ public static String TARGET_LF = "LF"; - /** Tätigkeitsbereich LF */ + /** Tätigkeitsbereich LF */ public static String TARGET_LF_SECTOR = "Land- und Forstwirtschaft"; /** Bereichskennung LV */ public static String TARGET_LV = "LV"; - /** Tätigkeitsbereich LV */ + /** Tätigkeitsbereich LV */ public static String TARGET_LV_SECTOR = "Landesverteidigung"; /** Bereichskennung RT */ public static String TARGET_RT = "RT"; - /** Tätigkeitsbereich RT */ + /** Tätigkeitsbereich RT */ public static String TARGET_RT_SECTOR = "Rundfunk und sonstige " + "Medien sowie Telekommunikation"; /** Bereichskennung SA */ public static String TARGET_SA = "SA"; - /** Tätigkeitsbereich SA */ + /** Tätigkeitsbereich SA */ public static String TARGET_SA_SECTOR = "Steuern und Abgaben"; /** Bereichskennung SF */ public static String TARGET_SF = "SF"; - /** Tätigkeitsbereich SF */ + /** Tätigkeitsbereich SF */ public static String TARGET_SF_SECTOR = "Sport und Freizeit"; /** Bereichskennung SO */ public static String TARGET_SO = "SO"; - /** Tätigkeitsbereich SO */ + /** Tätigkeitsbereich SO */ public static String TARGET_SO_SECTOR = "Sicherheit und Ordnung"; /** Bereichskennung SO-VR */ public static String TARGET_SO_VR = "SO-VR"; - /** Tätigkeitsbereich SO-VR */ + /** Tätigkeitsbereich SO-VR */ public static String TARGET_SO_VR_SECTOR = "Vereinsregister"; /** Bereichskennung SR-RG */ public static String TARGET_SR_RG = "SR-RG"; - /** Tätigkeitsbereich SR-RG */ + /** Tätigkeitsbereich SR-RG */ public static String TARGET_SR_RG_SECTOR = "Strafregister"; /** Bereichskennung SV */ public static String TARGET_SV = "SV"; - /** Tätigkeitsbereich SV */ + /** Tätigkeitsbereich SV */ public static String TARGET_SV_SECTOR = "Sozialversicherung"; /** Bereichskennung UW */ public static String TARGET_UW = "UW"; - /** Tätigkeitsbereich UW */ + /** Tätigkeitsbereich UW */ public static String TARGET_UW_SECTOR = "Umwelt"; /** Bereichskennung VT */ public static String TARGET_VT = "VT"; - /** Tätigkeitsbereich VT */ + /** Tätigkeitsbereich VT */ public static String TARGET_VT_SECTOR = "Verkehr und Technik"; /** Bereichskennung VV */ public static String TARGET_VV = "VV"; - /** Tätigkeitsbereich VV */ - public static String TARGET_VV_SECTOR = "Vermögensverwaltung"; + /** Tätigkeitsbereich VV */ + public static String TARGET_VV_SECTOR = "Vermögensverwaltung"; /** Bereichskennung WT */ public static String TARGET_WT = "WT"; - /** Tätigkeitsbereich WT */ + /** Tätigkeitsbereich WT */ public static String TARGET_WT_SECTOR = "Wirtschaft"; /** Bereichskennung ZP */ public static String TARGET_ZP = "ZP"; - /** Tätigkeitsbereich ZP */ - public static String TARGET_ZP_SECTOR = "Personenidentität und Bürgerrechte (zur Person)"; + /** Tätigkeitsbereich ZP */ + public static String TARGET_ZP_SECTOR = "Personenidentität und Bürgerrechte (zur Person)"; /** Bereichskennung BR */ public static String TARGET_BR = "BR"; - /** Tätigkeitsbereich BR */ - public static String TARGET_BR_SECTOR = "Bereichsübergreifender Rechtsschutz"; + /** Tätigkeitsbereich BR */ + public static String TARGET_BR_SECTOR = "Bereichsübergreifender Rechtsschutz"; /** Bereichskennung HR */ public static String TARGET_HR = "HR"; - /** Tätigkeitsbereich HR */ + /** Tätigkeitsbereich HR */ public static String TARGET_HR_SECTOR = "Zentrales Rechnungswesen"; /** Bereichskennung KI */ public static String TARGET_KI = "KI"; - /** Tätigkeitsbereich KI */ + /** Tätigkeitsbereich KI */ public static String TARGET_KI_SECTOR = "Auftraggeberinterne allgemeine Kanzleiindizes"; /** Bereichskennung OI */ public static String TARGET_OI = "OI"; - /** Tätigkeitsbereich OI */ - public static String TARGET_OI_SECTOR = "Öffentlichkeitsarbeit"; + /** Tätigkeitsbereich OI */ + public static String TARGET_OI_SECTOR = "öffentlichkeitsarbeit"; /** Bereichskennung PV */ public static String TARGET_PV = "PV"; - /** Tätigkeitsbereich PV */ + /** Tätigkeitsbereich PV */ public static String TARGET_PV_SECTOR = "Personalverwaltung"; /** Bereichskennung RD */ public static String TARGET_RD = "RD"; - /** Tätigkeitsbereich RD */ + /** Tätigkeitsbereich RD */ public static String TARGET_RD_SECTOR = "Zentraler Rechtsdienst"; /** Bereichskennung VS */ public static String TARGET_VS = "VS"; - /** Tätigkeitsbereich VS */ - public static String TARGET_VS_SECTOR = "Zentrale Durchführung von Verwaltungsstrafverfahren"; + /** Tätigkeitsbereich VS */ + public static String TARGET_VS_SECTOR = "Zentrale Durchführung von Verwaltungsstrafverfahren"; /** Bereichskennung VS-RG */ public static String TARGET_VS_RG = "VS-RG"; - /** Tätigkeitsbereich VS-RG */ + /** Tätigkeitsbereich VS-RG */ public static String TARGET_VS_RG_SECTOR = "Zentrales Verwaltungsstrafregister"; /** Bereichskennung ZU */ public static String TARGET_ZU = "ZU"; - /** Tätigkeitsbereich ZU */ + /** Tätigkeitsbereich ZU */ public static String TARGET_ZU_SECTOR = "Zustellungen"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java index bf8cbcdce..219b0f8ba 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java @@ -131,7 +131,7 @@ public class ProxyConfigurationBuilder extends ConfigurationBuilder { String name = XPathUtils.getAttributeValue(paramAuthElem, "@Name", null); String value = XPathUtils.getAttributeValue(paramAuthElem, "@Value", null); if (paramAuthMap.containsKey(name)) - throw new ConfigurationException("config.06", new Object[]{"Doppelter Wert für Parameter per HeaderAuthentication"}); + throw new ConfigurationException("config.06", new Object[]{"Doppelter Wert für Parameter per HeaderAuthentication"}); paramAuthMap.put(name, value); } oaConfiguration.setParamAuthMapping(paramAuthMap); @@ -153,7 +153,7 @@ public class ProxyConfigurationBuilder extends ConfigurationBuilder { XPathUtils.getAttributeValue(headerAuthElem, "@Value", null); // Contains Key (Neue Config-Exception: doppelte werte) if (headerAuthMap.containsKey(name)) - throw new ConfigurationException("config.06", new Object[]{"Doppelter Wert für Parameter per HeaderAuthentication"}); + throw new ConfigurationException("config.06", new Object[]{"Doppelter Wert für Parameter per HeaderAuthentication"}); headerAuthMap.put(name, value); } oaConfiguration.setHeaderAuthMapping(headerAuthMap); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/AuthDispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/AuthDispatcherServlet.java index 262854b50..e04600b42 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/AuthDispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/AuthDispatcherServlet.java @@ -17,9 +17,11 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; import at.gv.egovernment.moa.id.moduls.AuthenticationManager; +import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IModulInfo; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.moduls.ModulStorage; +import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException; import at.gv.egovernment.moa.id.moduls.ServletInfo; import at.gv.egovernment.moa.id.moduls.ServletType; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; @@ -34,7 +36,7 @@ public class AuthDispatcherServlet extends AuthServlet { public static final String PARAM_TARGET_PATH = "mod"; public static final String PARAM_TARGET_PROTOCOL = "action"; - public static final String PARAM_DISPATCHER_TARGETS = "DispatcherTargets"; +/* public static final String PARAM_DISPATCHER_TARGETS = "DispatcherTargets"; public static final String PARAM_DISPATCHER_TYPE = "DispatcherType"; public static final String PARAM_DISPATCHER_TYPE_UNAUTH = "UNAUTH"; public static final String PARAM_DISPATCHER_TYPE_AUTH = "AUTH"; @@ -103,7 +105,7 @@ public class AuthDispatcherServlet extends AuthServlet { + modulInfo.getClass().getName() + " FAILED!!", e); } } - +*/ @Override public void init(ServletConfig config) throws ServletException { try { @@ -118,7 +120,7 @@ public class AuthDispatcherServlet extends AuthServlet { throw new ServletException(ex); } Logger.info("Auth dispatcher Servlet initialization"); - +/* List modules = ModulStorage.getAllModules(); Iterator it = modules.iterator(); while (it.hasNext()) { @@ -130,7 +132,7 @@ public class AuthDispatcherServlet extends AuthServlet { Logger.error("Registering Class " + targetClass + " FAILED!!", e); } - } + }*/ } protected void processRequest(HttpServletRequest req, @@ -160,23 +162,49 @@ public class AuthDispatcherServlet extends AuthServlet { } Logger.debug("dispatching to " + path + " protocol " + protocol); - +/* if (path != null && protocol != null && endpointMap.containsKey(path)) { + IModulInfo info = ModulStorage.getModuleByPath(path); + if (info == null) { resp.sendError(HttpServletResponse.SC_NOT_FOUND); Logger.error("Path " + path + " has no module registered"); return; } - + + IAction action = info.getAction(protocol); + + if (action == null) { + resp.sendError(HttpServletResponse.SC_NOT_FOUND); + Logger.error("Action " + protocol + " is not available!"); + return; + } + + + + try { IRequest configuration = info.preProcess(req, resp, protocol); + if(configuration.forceAuth()) { + session.setAttribute(PARAM_TARGET_PATH, path); + session.setAttribute(PARAM_TARGET_PROTOCOL, protocol); + + AuthenticationManager.doAuthentication(req, resp, + configuration); + return; + } + if (!AuthenticationManager.isAuthenticated(req, resp)) { session.setAttribute(PARAM_TARGET_PATH, path); session.setAttribute(PARAM_TARGET_PROTOCOL, protocol); + if(configuration.isPassiv()) { + throw new NoPassivAuthenticationException(); + } + AuthenticationManager.doAuthentication(req, resp, configuration); return; @@ -201,13 +229,20 @@ public class AuthDispatcherServlet extends AuthServlet { resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); } } - } + } + catch (Throwable e) { + // Try handle module specific, if not possible rethrow + if(!info.generateErrorMessage(e, req, resp)) { + throw e; + } + } + }*/ resp.sendError(HttpServletResponse.SC_NOT_FOUND); - } catch (WrongParametersException ex) { + }/* catch (WrongParametersException ex) { handleWrongParameters(ex, req, resp); } catch (MOAIDException ex) { handleError(null, ex, req, resp); - } catch (Throwable e) { + } */catch (Throwable e) { e.printStackTrace(); resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index 48f44f97b..72ade4f25 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -1,103 +1,95 @@ package at.gv.egovernment.moa.id.entrypoints; import java.io.IOException; -import java.util.HashMap; -import java.util.Iterator; -import java.util.List; import javax.servlet.ServletConfig; import javax.servlet.ServletException; -import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; +import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; +import at.gv.egovernment.moa.id.moduls.AuthenticationManager; +import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IModulInfo; +import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.moduls.ModulStorage; -import at.gv.egovernment.moa.id.moduls.ServletInfo; -import at.gv.egovernment.moa.id.moduls.ServletType; +import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException; +import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.logging.Logger; -public class DispatcherServlet extends HttpServlet { +public class DispatcherServlet extends AuthServlet { /** * */ private static final long serialVersionUID = 1L; - public static final String PARAM_TARGET_PATH = "mod"; - public static final String PARAM_TARGET_PROTOCOL = "action"; - public static final String PARAM_DISPATCHER_TARGETS = "DispatcherTargets"; - public static final String PARAM_DISPATCHER_TYPE = "DispatcherType"; - public static final String PARAM_DISPATCHER_TYPE_UNAUTH = "UNAUTH"; - public static final String PARAM_DISPATCHER_TYPE_AUTH = "AUTH"; - public static String SYSTEM_NEWLINE = System.getProperty("line.separator"); - - private HashMap> endpointMap = new HashMap>(); - - private void registerModule(IModulInfo modulInfo) { - - HashMap tempMap = new HashMap(); - - try { - - String path = modulInfo.getPath(); - - if (path == null) { - throw new Exception(String.format( - "%s does not return a valid target path!", - new Object[] { modulInfo.getClass().getName() })); - } - - Logger.debug("Registering: " + modulInfo.getName() + " under " - + path); - - List servletInfos = modulInfo.getServlets(); - - Iterator servletInfoIterator = servletInfos.iterator(); - - while (servletInfoIterator.hasNext()) { - - ServletInfo servletInfo = servletInfoIterator.next(); - - if (servletInfo.getType() == ServletType.UNAUTH) { - HttpServlet servlet = servletInfo.getServletInstance(); - String target = servletInfo.getTarget(); - - if (target == null) { - throw new Exception( - String.format( - "%s does not return a valid target identifier!", - new Object[] { servlet.getClass() - .getName() })); - } - - if (tempMap.containsKey(target)) { - throw new Exception(String.format( - "%s tried to overwrite %s/%s", new Object[] { - servlet.getClass().getName(), path, - target })); - } - - tempMap.put(target, servlet); - Logger.info("Registered Servlet class: " - + servlet.getClass().getName() + " OK"); - } - - } - - // when there was no error we register all servlets into the real - // endpoint map ... - if (!tempMap.isEmpty()) { - endpointMap.put(path, tempMap); - } - } catch (Throwable e) { - Logger.error("Registering Modul class: " - + modulInfo.getClass().getName() + " FAILED!!", e); - } - } + public static final String PARAM_TARGET_MODULE = "mod"; + public static final String PARAM_TARGET_ACTION = "action"; + /* + * public static final String PARAM_DISPATCHER_TARGETS = + * "DispatcherTargets"; public static final String PARAM_DISPATCHER_TYPE = + * "DispatcherType"; public static final String PARAM_DISPATCHER_TYPE_UNAUTH + * = "UNAUTH"; public static final String PARAM_DISPATCHER_TYPE_AUTH = + * "AUTH"; public static String SYSTEM_NEWLINE = + * System.getProperty("line.separator"); + */ + /* + * private HashMap> endpointMap = new + * HashMap>(); + * + * private void registerModule(IModulInfo modulInfo) { + * + * HashMap tempMap = new HashMap(); + * + * try { + * + * String path = modulInfo.getPath(); + * + * if (path == null) { throw new Exception(String.format( + * "%s does not return a valid target path!", new Object[] { + * modulInfo.getClass().getName() })); } + * + * Logger.debug("Registering: " + modulInfo.getName() + " under " + path); + * + * List servletInfos = modulInfo.getServlets(); + * + * Iterator servletInfoIterator = servletInfos.iterator(); + * + * while (servletInfoIterator.hasNext()) { + * + * ServletInfo servletInfo = servletInfoIterator.next(); + * + * if (servletInfo.getType() == ServletType.UNAUTH) { HttpServlet servlet = + * servletInfo.getServletInstance(); String target = + * servletInfo.getTarget(); + * + * if (target == null) { throw new Exception( String.format( + * "%s does not return a valid target identifier!", new Object[] { + * servlet.getClass() .getName() })); } + * + * if (tempMap.containsKey(target)) { throw new Exception(String.format( + * "%s tried to overwrite %s/%s", new Object[] { + * servlet.getClass().getName(), path, target })); } + * + * tempMap.put(target, servlet); Logger.info("Registered Servlet class: " + + * servlet.getClass().getName() + " OK"); } + * + * } + * + * // when there was no error we register all servlets into the real // + * endpoint map ... if (!tempMap.isEmpty()) { endpointMap.put(path, + * tempMap); } } catch (Throwable e) { + * Logger.error("Registering Modul class: " + modulInfo.getClass().getName() + * + " FAILED!!", e); } } + */ @Override public void init(ServletConfig config) throws ServletException { try { @@ -113,69 +105,147 @@ public class DispatcherServlet extends HttpServlet { } Logger.info("Dispatcher Servlet initialization"); - List modules = ModulStorage.getAllModules(); - Iterator it = modules.iterator(); - while (it.hasNext()) { - IModulInfo info = it.next(); - String targetClass = info.getClass().getName(); - try { - registerModule(info); - } catch (Throwable e) { - Logger.error("Registering Class " + targetClass + " FAILED!!", - e); - } - } + /* + * List modules = ModulStorage.getAllModules(); + * Iterator it = modules.iterator(); while (it.hasNext()) { + * IModulInfo info = it.next(); String targetClass = + * info.getClass().getName(); try { registerModule(info); } catch + * (Throwable e) { Logger.error("Registering Class " + targetClass + + * " FAILED!!", e); } } + */ } protected void processRequest(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { - Object pathObject = req.getParameter(PARAM_TARGET_PATH); - String path = null; - if (pathObject != null && (pathObject instanceof String)) { - path = (String) pathObject; - } + try { + Object moduleObject = req.getParameter(PARAM_TARGET_MODULE); + String module = null; + if (moduleObject != null && (moduleObject instanceof String)) { + module = (String) moduleObject; + } - if (path == null) { - path = (String) req.getAttribute(PARAM_TARGET_PATH); - } + if (module == null) { + module = (String) req.getAttribute(PARAM_TARGET_MODULE); + } - Object protocolObject = req.getParameter(PARAM_TARGET_PROTOCOL); - String protocol = null; - if (protocolObject != null && (protocolObject instanceof String)) { - protocol = (String) protocolObject; - } + Object actionObject = req.getParameter(PARAM_TARGET_ACTION); + String action = null; + if (actionObject != null && (actionObject instanceof String)) { + action = (String) actionObject; + } - if (protocol == null) { - protocol = req.getParameter(PARAM_TARGET_PROTOCOL); - } + if (action == null) { + action = req.getParameter(PARAM_TARGET_ACTION); + } + + Logger.debug("dispatching to " + module + " protocol " + action); + + IModulInfo info = ModulStorage.getModuleByPath(module); + + if (info == null) { + resp.sendError(HttpServletResponse.SC_NOT_FOUND); + Logger.error("Protocol " + module + " has no module registered"); + return; + } + + IAction moduleAction = info.getAction(action); + + if (moduleAction == null) { + resp.sendError(HttpServletResponse.SC_NOT_FOUND); + Logger.error("Action " + action + " is not available!"); + return; + } - Logger.debug("dispatching to " + path + " protocol " + protocol); - - if (path != null && protocol != null && endpointMap.containsKey(path)) { - HashMap pathMap = endpointMap.get(path); - Logger.debug("found path"); - if (pathMap.containsKey(protocol)) { - Logger.debug("found protocol"); - try { - HttpServlet servlet = (HttpServlet) pathMap.get(protocol); - String forward = servlet.getClass().getName(); - Logger.info("Forwarding to Servlet: " + forward); - getServletContext().getNamedDispatcher(forward).forward( - req, resp); + HttpSession httpSession = req.getSession(); + + try { + IRequest protocolRequest = RequestStorage + .getPendingRequest(httpSession); + + if (protocolRequest != null) { + // check if pending request is same protocol and action + if (!protocolRequest.requestedModule().equals(module) + || !protocolRequest.requestedAction() + .equals(action)) { + resp.sendError(HttpServletResponse.SC_CONFLICT); + Logger.error("Different Request is pending in this session!"); + return; + } + } + + if (protocolRequest == null) { + protocolRequest = info.preProcess(req, resp, action); + if(protocolRequest != null) { + protocolRequest.setAction(action); + protocolRequest.setModule(module); + } + } + + if (protocolRequest == null) { + resp.sendError(HttpServletResponse.SC_BAD_REQUEST); + Logger.error("Failed to generate a valid protocol request!"); return; - } catch (Throwable e) { - Logger.error("Failed to process request!", e); - IModulInfo info = ModulStorage.getModuleByPath(path); - if(info != null) { - if(info.generateErrorMessage(e, req, resp)) { + } + + RequestStorage.setPendingRequest(httpSession, protocolRequest); + + if (moduleAction.needAuthentication(protocolRequest, req, resp)) { + if (protocolRequest.isPassiv() + && protocolRequest.forceAuth()) { + // conflict! + throw new NoPassivAuthenticationException(); + } + + if (protocolRequest.forceAuth()) { + if (!AuthenticationManager.tryPerformAuthentication( + req, resp)) { + AuthenticationManager.doAuthentication(req, resp, + protocolRequest); + return; + } + } else if (protocolRequest.isPassiv()) { + if (AuthenticationManager.tryPerformAuthentication(req, + resp) + || AuthenticationManager.isAuthenticated(req, + resp)) { + // Passive authentication ok! + } else { + throw new NoPassivAuthenticationException(); + } + } else { + if (AuthenticationManager.tryPerformAuthentication(req, + resp) + || AuthenticationManager.isAuthenticated(req, + resp)) { + // Is authenticated .. proceed + } else { + // Start authentication! + AuthenticationManager.doAuthentication(req, resp, + protocolRequest); return; } } - resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); + } + + moduleAction.processRequest(protocolRequest, req, resp); + + RequestStorage.removePendingRequest(httpSession); + + } catch (Throwable e) { + // Try handle module specific, if not possible rethrow + if (!info.generateErrorMessage(e, req, resp)) { + throw e; } } + } catch (WrongParametersException ex) { + handleWrongParameters(ex, req, resp); + } catch (MOAIDException ex) { + handleError(null, ex, req, resp); + } catch (Throwable e) { + e.printStackTrace(); + resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); } - resp.sendError(HttpServletResponse.SC_NOT_FOUND); + } @Override diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index 0bba644bb..a45540726 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -1,7 +1,6 @@ package at.gv.egovernment.moa.id.moduls; import java.io.IOException; -import java.io.PrintWriter; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; @@ -11,9 +10,7 @@ import javax.servlet.http.HttpSession; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.WrongParametersException; -import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.entrypoints.AuthDispatcherServlet; import at.gv.egovernment.moa.id.util.HTTPSessionUtils; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; @@ -45,34 +42,58 @@ public class AuthenticationManager implements MOAIDAuthConstants { Logger.info("Checking authentication"); HttpSession session = request.getSession(); + + String moaSessionID = HTTPSessionUtils.getHTTPSessionString(session, MOA_SESSION, null); + + if(moaSessionID == null) { + Logger.info("NO MOA Session to logout"); + return false; + } + + AuthenticationSession authSession = AuthenticationSessionStore + .getSession(moaSessionID); + + if(authSession == null) { + Logger.info("NO MOA Authentication data for ID " + moaSessionID); + return false; + } + + return authSession.isAuthenticated(); + } + /** + * Checks if this request can authenticate a MOA Session + * + * @param request + * @param response + * @return + */ + public static boolean tryPerformAuthentication(HttpServletRequest request, + HttpServletResponse response) { + + HttpSession session = request.getSession(); + String sessionID = (String) request.getParameter(PARAM_SESSIONID); if (sessionID != null) { Logger.info("got MOASession: " + sessionID); AuthenticationSession authSession = AuthenticationSessionStore .getSession(sessionID); - //AuthenticationSessionStore.dumpSessionStore(); if (authSession != null) { Logger.info("MOASession found! A: " + authSession.isAuthenticated() + ", AU " + authSession.isAuthenticatedUsed()); if (authSession.isAuthenticated() && !authSession.isAuthenticatedUsed()) { - session.invalidate(); - session = request.getSession(); - // HTTPSessionUtils.setHTTPSessionBoolean(session, - // MOA_AUTHENTICATED, true); authSession.setAuthenticatedUsed(true); HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, sessionID); + return true; // got authenticated } - return authSession.isAuthenticated(); } } - return false; } - + public static void logout(HttpServletRequest request, HttpServletResponse response) { Logger.info("Logout"); @@ -109,10 +130,8 @@ public class AuthenticationManager implements MOAIDAuthConstants { throws ServletException, IOException, MOAIDException { HttpSession session = request.getSession(); Logger.info("Starting authentication ..."); - String modul = (String) session - .getAttribute(AuthDispatcherServlet.PARAM_TARGET_PATH); - String protocol = (String) session - .getAttribute(AuthDispatcherServlet.PARAM_TARGET_PROTOCOL); + String modul = target.requestedModule(); + String protocol = target.requestedAction(); if (!ParamValidatorUtils.isValidOA(target.getOAURL())) throw new WrongParametersException("StartAuthentication", PARAM_OA, diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java new file mode 100644 index 000000000..10f3ff696 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java @@ -0,0 +1,11 @@ +package at.gv.egovernment.moa.id.moduls; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; + +public interface IAction extends MOAIDAuthConstants { + public void processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp); + public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp); +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java index 64afc8880..0098ec5af 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java @@ -8,10 +8,12 @@ import javax.servlet.http.HttpServletResponse; import at.gv.egovernment.moa.id.MOAIDException; public interface IModulInfo { - public List getServlets(); + //public List getServlets(); public String getName(); public String getPath(); + public IAction getAction(String action); + public IRequest preProcess(HttpServletRequest request, HttpServletResponse response, String action) throws MOAIDException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java index f05a0f088..51e375b82 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java @@ -7,4 +7,6 @@ public interface IRequest { public boolean isSSOSupported(); public String requestedModule(); public String requestedAction(); + public void setModule(String module); + public void setAction(String action); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java index 918201dd4..9ce835c7e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java @@ -5,18 +5,18 @@ import at.gv.egovernment.moa.id.entrypoints.DispatcherServlet; public class ModulUtils { - public static final String UNAUTHDISPATCHER = "UnauthDispatcher"; - public static final String AUTHDISPATCHER = "AuthDispatcher"; + public static final String UNAUTHDISPATCHER = "dispatcher"; + public static final String AUTHDISPATCHER = "dispatcher"; public static String buildUnauthURL(String modul, String action) { return UNAUTHDISPATCHER + "?" + - DispatcherServlet.PARAM_TARGET_PATH + "=" + modul + "&" + - DispatcherServlet.PARAM_TARGET_PROTOCOL + "=" + action; + DispatcherServlet.PARAM_TARGET_MODULE + "=" + modul + "&" + + DispatcherServlet.PARAM_TARGET_ACTION + "=" + action; } public static String buildAuthURL(String modul, String action) { return AUTHDISPATCHER + - "?" + DispatcherServlet.PARAM_TARGET_PATH + "=" + modul + "&" + - DispatcherServlet.PARAM_TARGET_PROTOCOL + "=" + action; + "?" + DispatcherServlet.PARAM_TARGET_MODULE + "=" + modul + "&" + + DispatcherServlet.PARAM_TARGET_ACTION + "=" + action; } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/NoPassivAuthenticationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/NoPassivAuthenticationException.java new file mode 100644 index 000000000..286da5a91 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/NoPassivAuthenticationException.java @@ -0,0 +1,16 @@ +package at.gv.egovernment.moa.id.moduls; + +import at.gv.egovernment.moa.id.MOAIDException; + +public class NoPassivAuthenticationException extends MOAIDException { + + public NoPassivAuthenticationException() { + super("auth.18", null); + } + + /** + * + */ + private static final long serialVersionUID = 596920452166197688L; + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java new file mode 100644 index 000000000..4e7d8d2ed --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java @@ -0,0 +1,28 @@ +package at.gv.egovernment.moa.id.moduls; + +import javax.servlet.http.HttpSession; + +public class RequestStorage { + + private static final String PENDING_REQUEST = "PENDING_REQUEST"; + + public static IRequest getPendingRequest(HttpSession session) { + Object obj = session.getAttribute(PENDING_REQUEST); + if (obj != null) { + if (obj instanceof IRequest) { + return (IRequest) obj; + } else { + session.setAttribute(PENDING_REQUEST, null); + } + } + return null; + } + + public static void setPendingRequest(HttpSession session, IRequest request) { + session.setAttribute(PENDING_REQUEST, request); + } + + public static void removePendingRequest(HttpSession session) { + session.setAttribute(PENDING_REQUEST, null); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java new file mode 100644 index 000000000..efdfd9c47 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java @@ -0,0 +1,21 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.moduls.IAction; +import at.gv.egovernment.moa.id.moduls.IRequest; + +public class AuthenticationAction implements IAction { + + public void processRequest(IRequest req, HttpServletRequest httpReq, + HttpServletResponse httpResp) { + System.out.println("Process PVP2 auth request!"); + } + + public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, + HttpServletResponse httpResp) { + return true; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index f58b411d1..fa5ff9ecf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -3,6 +3,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x; import iaik.pkcs.pkcs11.objects.Object; import java.util.ArrayList; +import java.util.HashMap; import java.util.Iterator; import java.util.List; @@ -11,17 +12,24 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils; import org.opensaml.saml2.core.RequestAbstractType; +import org.opensaml.saml2.core.Response; +import org.opensaml.saml2.core.Status; +import org.opensaml.saml2.core.StatusCode; +import org.opensaml.saml2.core.StatusMessage; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IModulInfo; import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException; import at.gv.egovernment.moa.id.moduls.ServletInfo; import at.gv.egovernment.moa.id.moduls.ServletType; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IDecoder; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { @@ -36,6 +44,8 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { private static List decoder = new ArrayList(); + private static HashMap actions = new HashMap(); + static { servletList.add(new ServletInfo(PVPProcessor.class, REDIRECT, ServletType.AUTH)); @@ -44,7 +54,10 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { decoder.add(new PostBinding()); decoder.add(new RedirectBinding()); - + + actions.put(REDIRECT, new AuthenticationAction()); + actions.put(POST, new AuthenticationAction()); + instance = new PVP2XProtocol(); } @@ -99,6 +112,7 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); config.setOAURL(oaURL); + config.setRequest(samlReq); request.getSession().setAttribute(PARAM_OA, oaURL); return config; @@ -110,8 +124,26 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response) { - // TODO Auto-generated method stub + Response samlResponse = SAML2Utils.createSAMLObject(Response.class); + Status status = SAML2Utils.createSAMLObject(Status.class); + StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class); + StatusMessage statusMessage = SAML2Utils.createSAMLObject(StatusMessage.class); + if(e instanceof NoPassivAuthenticationException) { + statusCode.setValue(StatusCode.NO_PASSIVE_URI); + statusMessage.setMessage(e.getLocalizedMessage()); + } else { + statusCode.setValue(StatusCode.RESPONDER_URI); + statusMessage.setMessage(e.getLocalizedMessage()); + } + + status.setStatusCode(statusCode); + status.setStatusMessage(statusMessage); + samlResponse.setStatus(status); return false; } + public IAction getAction(String action) { + return actions.get(action); + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java new file mode 100644 index 000000000..203d743be --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java @@ -0,0 +1,25 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.utils; + +import javax.xml.namespace.QName; + +import org.opensaml.Configuration; +import org.opensaml.xml.XMLObjectBuilderFactory; + +public class SAML2Utils { + + public static T createSAMLObject(final Class clazz) { + try { + XMLObjectBuilderFactory builderFactory = Configuration + .getBuilderFactory(); + + QName defaultElementName = (QName) clazz.getDeclaredField( + "DEFAULT_ELEMENT_NAME").get(null); + T object = (T) builderFactory.getBuilder(defaultElementName) + .buildObject(defaultElementName); + return object; + } catch (Throwable e) { + e.printStackTrace(); + return null; + } + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java new file mode 100644 index 000000000..d4ee5f46c --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java @@ -0,0 +1,127 @@ +package at.gv.egovernment.moa.id.protocols.saml1; + +import java.io.UnsupportedEncodingException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import org.apache.commons.lang.StringEscapeUtils; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.moduls.AuthenticationManager; +import at.gv.egovernment.moa.id.moduls.IAction; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.URLEncoder; + +public class GetArtifactAction implements IAction { + + public void processRequest(IRequest req, HttpServletRequest httpReq, + HttpServletResponse httpResp) { + HttpSession httpSession = httpReq.getSession(); + + AuthenticationSession session = AuthenticationManager + .getAuthenticationSession(httpSession); + + String oaURL = (String) httpReq.getAttribute(PARAM_OA); + oaURL = StringEscapeUtils.escapeHtml(oaURL); + + try { + + // check parameter + if (!ParamValidatorUtils.isValidOA(oaURL)) + throw new WrongParametersException("StartAuthentication", + PARAM_OA, "auth.12"); + + if (oaURL == null) { + oaURL = session.getOAURLRequested(); + } + + if (oaURL == null) { + throw new WrongParametersException("StartAuthentication", + PARAM_OA, "auth.12"); + } + + String samlArtifactBase64 = SAML1AuthenticationServer + .BuildSAMLArtifact(session); + + String redirectURL = oaURL; + session.getOAURLRequested(); + if (!session.getBusinessService()) { + redirectURL = addURLParameter(redirectURL, PARAM_TARGET, + URLEncoder.encode(session.getTarget(), "UTF-8")); + + } + redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, + URLEncoder.encode(samlArtifactBase64, "UTF-8")); + redirectURL = httpResp.encodeRedirectURL(redirectURL); + + httpResp.setContentType("text/html"); + httpResp.setStatus(302); + + httpResp.addHeader("Location", redirectURL); + Logger.debug("REDIRECT TO: " + redirectURL); + + // CONFIRMATION FOR SSO! + /* + * OAAuthParameter oaParam = + * AuthConfigurationProvider.getInstance(). + * getOnlineApplicationParameter(oaURL); + * + * String friendlyName = oaParam.getFriendlyName(); if(friendlyName + * == null) { friendlyName = oaURL; } + * + * + * LoginConfirmationBuilder builder = new + * LoginConfirmationBuilder(); + * builder.addParameter(PARAM_SAMLARTIFACT, samlArtifactBase64); + * String form = builder.finish(oaURL, session.getIdentityLink() + * .getName(), friendlyName); + */ + + /* + * resp.setContentType("text/html"); + * + * OutputStream out = resp.getOutputStream(); + * out.write(form.getBytes("UTF-8")); out.flush(); out.close(); + */ + + } catch (WrongParametersException ex) { + // handleWrongParameters(ex, req, httpResp); + ex.printStackTrace(); + } catch (ConfigurationException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } catch (BuildException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } catch (AuthenticationException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } catch (UnsupportedEncodingException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + } + + protected static String addURLParameter(String url, String paramname, + String paramvalue) { + String param = paramname + "=" + paramvalue; + if (url.indexOf("?") < 0) + return url + "?" + param; + else + return url + "&" + param; + } + + public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, + HttpServletResponse httpResp) { + return true; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java index ca1f9c380..fbb296a9e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java @@ -1,6 +1,7 @@ package at.gv.egovernment.moa.id.protocols.saml1; import java.util.ArrayList; +import java.util.HashMap; import java.util.List; import javax.servlet.http.HttpServletRequest; @@ -11,6 +12,7 @@ import org.apache.commons.lang.StringEscapeUtils; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IModulInfo; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.moduls.ServletInfo; @@ -27,10 +29,14 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants { private static List servletList = new ArrayList(); + private static HashMap actions = new HashMap(); + static { servletList.add(new ServletInfo(GetArtifactServlet.class, GETARTIFACT, ServletType.AUTH)); + actions.put(GETARTIFACT, new GetArtifactAction()); + instance = new SAML1Protocol(); } @@ -75,4 +81,8 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants { return false; } + public IAction getAction(String action) { + return actions.get(action); + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java index c1e64dd53..850f2438a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java @@ -113,7 +113,7 @@ public class DefaultConnectionBuilder implements ConnectionBuilder { //conn.setAllowUserInteraction(true); conn.setInstanceFollowRedirects(false); - // JSSE Abhängigkeit + // JSSE Abhängigkeit if (conn instanceof HttpsURLConnection && sslSocketFactory != null) { HttpsURLConnection httpsConn = (HttpsURLConnection) conn; httpsConn.setSSLSocketFactory(sslSocketFactory); @@ -187,7 +187,7 @@ public class DefaultConnectionBuilder implements ConnectionBuilder { * Hostname Verification Check */ - // JSSE Abhängigkeit + // JSSE Abhängigkeit private class HostnameNonVerifier implements HostnameVerifier { public boolean verify(String hostname, SSLSession session) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java index 29c8b3bca..49e3c09b8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java @@ -204,7 +204,7 @@ public class ElakConnectionBuilder implements ConnectionBuilder { //conn.setUseCaches(false); webDavConn.setAllowUserInteraction(true); webDavConn.setInstanceFollowRedirects(false); - // JSSE Abhängigkeit + // JSSE Abhängigkeit if (conn instanceof HttpsURLConnection && sslSocketFactory != null) { HttpsURLConnection httpsConn = (HttpsURLConnection) conn; httpsConn.setSSLSocketFactory(sslSocketFactory); @@ -258,7 +258,7 @@ public class ElakConnectionBuilder implements ConnectionBuilder { * A private class to change the standard HostName verifier to disable the * Hostname Verification Check */ -//JSSE Abhängigkeit +//JSSE Abhängigkeit private class HostnameNonVerifier implements HostnameVerifier { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java index 023b2c272..d4a3e4634 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java @@ -46,7 +46,7 @@ import at.gv.egovernment.moa.util.BoolUtils; /** * Outlook Web Access (OWA) Implementierung von ConnectionBuilder. - * uses the HTTP(s)Client from Ronald Tschalär. + * uses the HTTP(s)Client from Ronald Tschalär. * origin version (without https support) is available at http://www.innovation.ch/java/HTTPClient/ * * @author pdanner @@ -168,7 +168,7 @@ public class EnhancedConnectionBuilder implements ConnectionBuilder { * A private class to change the standard HostName verifier to disable the * Hostname Verification Check */ - // JSSE Abhängigkeit + // JSSE Abhängigkeit private class HostnameNonVerifier implements HostnameVerifier { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java index f2aca057a..134bd21a8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java @@ -130,7 +130,7 @@ public class AuthenticationDataAssertionParser implements Constants { try { AuthenticationData authData = new AuthenticationData(); - //ÄNDERN: NUR der Identification-Teil + //ÄNDERN: NUR der Identification-Teil authData.setSamlAssertion(DOMUtils.serializeNode(samlAssertion)); authData.setMajorVersion(new Integer( XPathUtils.getAttributeValue(samlAssertion, MAJOR_VERSION_XPATH, "-1")).intValue()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java index a55e02cdd..6a497f174 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java @@ -440,7 +440,7 @@ private int tunnelRequest(HttpServletRequest req, HttpServletResponse resp, Map } } - /* Soll auch bei anderen bindings zuerst ein passwort probiert werden können: + /* Soll auch bei anderen bindings zuerst ein passwort probiert werden k�nnen: //if we have the first Login-Try and we have Binding to Username and a predefined Password we try this one first // full binding will be covered by next block if (loginTry==1 && !OAConfiguration.BINDUNG_FULL.equals(binding)) { @@ -662,7 +662,7 @@ private int tunnelRequest(HttpServletRequest req, HttpServletResponse resp, Map } } -// // Überschrift im Browser-Passworteingabedialog setzen (sonst ist der reale host eingetragen) +// // Ãœberschrift im Browser-Passworteingabedialog setzen (sonst ist der reale host eingetragen) // if (headerKey.equalsIgnoreCase("WWW-Authenticate") && headerValue.startsWith("Basic realm=\"")) { // headerValue = "Basic realm=\"" + publicURLPrefix + "\""; // if (OAConfiguration.BINDUNG_USERNAME.equals(originBinding) || OAConfiguration.BINDUNG_NOMATCH.equals(originBinding)) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPSessionUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPSessionUtils.java index a8eef06a7..896fc6d5d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPSessionUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPSessionUtils.java @@ -1,9 +1,38 @@ package at.gv.egovernment.moa.id.util; +import java.util.Enumeration; +import java.util.HashMap; +import java.util.Iterator; +import java.util.Set; + import javax.servlet.http.HttpSession; public class HTTPSessionUtils { + public static HashMap extractAllProperties(HttpSession session) { + @SuppressWarnings("unchecked") + Enumeration keys = (Enumeration)session.getAttributeNames(); + HashMap properties = new HashMap(); + + while(keys.hasMoreElements()) { + Object keyObject = keys.nextElement(); + String key = keyObject.toString(); + Object value = session.getAttribute(key); + properties.put(key, value); + } + + return properties; + } + + public static void pushAllProperties(HttpSession session, HashMap properties) { + Set keys = properties.keySet(); + Iterator keysIterator = keys.iterator(); + while(keysIterator.hasNext()) { + String key = keysIterator.next(); + session.setAttribute(key, properties.get(key)); + } + } + public static boolean getHTTPSessionBoolean(HttpSession session, String name, boolean fallback) { Object obj = session.getAttribute(name); if(obj == null) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java index a0add1054..705b4e881 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java @@ -79,7 +79,7 @@ public class SSLUtils { */ public static void initialize() { sslSocketFactories = new HashMap(); - // JSSE Abhängigkeit + // JSSE Abhängigkeit //Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); Security.addProvider(new IAIK()); //System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java index d97953270..1f5f1ea20 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java @@ -27,13 +27,13 @@ package at.gv.egovernment.moa.id.util.client.mis.simple; public class MISMandate { final static private String OID_NOTAR = "1.2.40.0.10.3.1"; - final static private String TEXT_NOTAR = "berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft"; + final static private String TEXT_NOTAR = "berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft"; final static private String OID_RECHTSANWALT = "1.2.40.0.10.3.2"; - final static private String TEXT_RECHTSANWALT = "berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"; + final static private String TEXT_RECHTSANWALT = "berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"; final static private String OID_ZIVILTECHNIKER = "1.2.40.0.10.3.3"; - final static private String TEXT_ZIVILTECHNIKER = "berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft"; + final static private String TEXT_ZIVILTECHNIKER = "berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft"; final static public String OID_ORGANWALTER = "1.2.40.0.10.3.4"; final static private String TEXT_ORGANWALTER = "Organwalter"; @@ -73,7 +73,7 @@ public class MISMandate { if (this.oid.equalsIgnoreCase(OID_ORGANWALTER)) return TEXT_ORGANWALTER; - return "Keine textuelle Beschreibung für OID " + oid; + return "Keine textuelle Beschreibung für OID " + oid; } -- cgit v1.2.3