From e10256fe93208ef786d2e38a68a98e2548d501ee Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 31 Aug 2020 10:22:11 +0200 Subject: fix SSRF bug in SAML1 parameter validator --- .../data/deploy/conf/moa-id/moa-id.properties | 3 +- id/server/doc/handbook/config/config.html | 7 + .../StartAuthentificationParameterParser.java | 12 +- .../auth/AuthConfigurationProviderFactory.java | 15 + .../PropertyBasedAuthConfigurationProvider.java | 2 + .../moa/id/util/ParamValidatorUtils.java | 139 ++--- .../moa/id/config/auth/data/DummyAuthConfig.java | 50 +- .../moa/id/util/ParamValidatorUtilsTest.java | 588 +++++++++++++++++++++ 8 files changed, 739 insertions(+), 77 deletions(-) create mode 100644 id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/util/ParamValidatorUtilsTest.java (limited to 'id') diff --git a/id/server/data/deploy/conf/moa-id/moa-id.properties b/id/server/data/deploy/conf/moa-id/moa-id.properties index beeab5375..ba883d1a1 100644 --- a/id/server/data/deploy/conf/moa-id/moa-id.properties +++ b/id/server/data/deploy/conf/moa-id/moa-id.properties @@ -19,7 +19,8 @@ configuration.moaconfig.key=ConfigurationEncryptionKey configuration.ssl.validation.revocation.method.order=ocsp,crl general.moaidmode.active=true #configuration.ssl.validation.hostname=false -#configuration.validate.authblock.targetfriendlyname=true< +#configuration.validate.authblock.targetfriendlyname=true +#configuration.validate.saml1.parameter.strict=true #MOA-ID 3.x Monitoring Servlet diff --git a/id/server/doc/handbook/config/config.html b/id/server/doc/handbook/config/config.html index 9a90d1c49..62bde84bc 100644 --- a/id/server/doc/handbook/config/config.html +++ b/id/server/doc/handbook/config/config.html @@ -431,6 +431,13 @@ UNIX: moa.id.configuration=file:C:/Programme/apache/tomcat-8.x.x/conf/moa-id/moa

Hiermit kann die SSL Hostname validation für das abholen von PVP Metadaten deaktiviert werden.

Hinweis: Workaround, da der httpClient der openSAML2 Implementierung kein SNI (Server Name Indication) unterstützt.

+ + configuration.validate.saml1.parameter.strict + true / false +

Aktiviert oder deaktiviert die strikte Validierung von SecurityLayer Template URLs welche via HTTP Parameter "template" (siehe SAML1 Protokoll) angegeben werden können. Wenn dieser Parameter aktiviert (true) sind ausschließlich Tempalte URLs erlaubt die entweder in Allgemeinen Konfiguration oder in der jeweiligen SP Konfiguration konfiguriert sind. Ist die strikte Validierung deaktiviert (false) sind zusätzlich alle Template URLs erlaubut welche vom selben Host liegen wie die MOA-ID Instanz.

+

 

+

Defaultwert: false

+ configuration.validate.authblock.targetfriendlyname true / false diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java index ead80b117..03fd225e0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java @@ -42,6 +42,7 @@ import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; +import at.gv.egovernment.moa.id.config.auth.PropertyBasedAuthConfigurationProvider; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -182,14 +183,14 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ List defaulTemplateURLList = authConfig.getSLRequestTemplates(); - if ( templateURLList != null && templateURLList.size() > 0 + if ( templateURLList != null && !templateURLList.isEmpty() && MiscUtil.isNotEmpty(templateURLList.get(0)) ) { templateURL = FileUtils.makeAbsoluteURL( oaParam.getTemplateURL().get(0), authConfig.getRootConfigFileDir()); Logger.info("No SL-Template in request, load SL-Template from OA configuration (URL: " + templateURL + ")"); - } else if ( (defaulTemplateURLList.size() > 0) && MiscUtil.isNotEmpty(defaulTemplateURLList.get(0))) { + } else if ( !defaulTemplateURLList.isEmpty() && MiscUtil.isNotEmpty(defaulTemplateURLList.get(0))) { templateURL = FileUtils.makeAbsoluteURL( defaulTemplateURLList.get(0), authConfig.getRootConfigFileDir()); @@ -203,8 +204,13 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{ } - if (!ParamValidatorUtils.isValidTemplate(req, templateURL, oaParam.getTemplateURL())) + if (!ParamValidatorUtils.isValidTemplate(req, templateURL, oaParam.getTemplateURL(), + authConfig.getBasicConfigurationBoolean( + PropertyBasedAuthConfigurationProvider.PROP_STRICT_SAML1_PARAM_VALIDATION, + false))) { throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12"); + + } protocolReq.setRawDataToTransaction( MOAIDAuthConstants.AUTHPROCESS_DATA_SECURITYLAYERTEMPLATE, diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProviderFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProviderFactory.java index 94bcae672..cf3e0efd7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProviderFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProviderFactory.java @@ -57,4 +57,19 @@ public class AuthConfigurationProviderFactory { return instance; } + + /** + * Set AuthConfig programmatically + * + * @param authConfig + */ + public static void setAuthConfig(AuthConfiguration authConfig) { + if (instance != null) { + throw new RuntimeException("AuthConfig can ONLY set once!"); + + } + + instance = authConfig; + + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java index f299e0e94..1ffdaa524 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java @@ -52,6 +52,8 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide public static final String PROP_MOAID_MODE = "general.moaidmode.active"; + public static final String PROP_STRICT_SAML1_PARAM_VALIDATION = + "configuration.validate.saml1.parameter.strict"; private static final boolean TRUST_MANAGER_REVOCATION_CHECKING_DEFAULT = true; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java index a44d8c1b6..065615666 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java @@ -220,11 +220,11 @@ public class ParamValidatorUtils extends MOAIDAuthConstants{ } // check if template is a valid URL - try { + try { + URL bkuUrl = new URL(bkuURI); // check if bku url starts with http or https - if (bkuURI.startsWith("http") || bkuURI.startsWith("https")) { - new URL(bkuURI); - + if (bkuUrl.getProtocol().equals("http") || bkuUrl.getProtocol().equals("https")) { + // check if bkuURI is a local BKU if (bkuURI.compareToIgnoreCase("https://localhost:3496/https-security-layer-request") == 0 || bkuURI.compareToIgnoreCase("http://localhost:3495/http-security-layer-request") == 0 || @@ -232,8 +232,8 @@ public class ParamValidatorUtils extends MOAIDAuthConstants{ bkuURI.compareToIgnoreCase("https://127.0.0.1:3496/https-security-layer-request") == 0) { Logger.debug("Parameter bkuURI erfolgreich ueberprueft"); return true; - } - else { + + } else { Logger.debug("Parameter bkuURI ist keine lokale BKU. Ueberpruefe Liste der vertrauenswuerdigen BKUs."); boolean b = allowedBKUs.contains(bkuURI); if (b) { @@ -246,17 +246,17 @@ public class ParamValidatorUtils extends MOAIDAuthConstants{ return false; } } - } - else if (MOAIDAuthConstants.REQ_BKU_TYPES.contains(bkuURI)) { + + } else if (MOAIDAuthConstants.REQ_BKU_TYPES.contains(bkuURI)) { Logger.debug("Parameter bkuURI from configuration is used."); return true; } else { Logger.error("Fehler Ueberpruefung Parameter bkuURI. bkuURI beginnt nicht mit http or https"); return false; + } - } catch (MalformedURLException e) { Logger.error("Fehler Ueberpruefung Parameter bkuURI", e); return false; @@ -268,9 +268,12 @@ public class ParamValidatorUtils extends MOAIDAuthConstants{ * Checks if the given template is valid * @param req * @param template + * @param oaSlTemplates + * @param useStrictValidation Enables strict validation with URLs from configuration, otherwise always allow templates from same host. * @return */ - public static boolean isValidTemplate(HttpServletRequest req, String template, List oaSlTemplates) { + public static boolean isValidTemplate(HttpServletRequest req, String template, + List oaSlTemplates, boolean useStrictValidation) { Logger.debug("Ueberpruefe Parameter Template bzw. bkuSelectionTemplateURL"); @@ -282,65 +285,38 @@ public class ParamValidatorUtils extends MOAIDAuthConstants{ // check if template is a valid URL try { - - // check if template url starts with http or https - if (template.startsWith("http") || template.startsWith("https")) { - - // check if template url is from same server - String name = req.getServerName(); - String httpName = "http://" + name; - String httpsName = "https://" + name; - - if (template.startsWith(httpName) || template.startsWith(httpsName)) { - new URL(template); - Logger.debug("Parameter Template bzw. bkuSelectionTemplateURL erfolgreich ueberprueft"); - return true; - } - else { - //check against configured trustet template urls - AuthConfiguration authConf = AuthConfigurationProviderFactory.getInstance(); - List trustedTemplateURLs = authConf.getSLRequestTemplates(); - - //get OA specific template URLs - if (oaSlTemplates != null && oaSlTemplates.size() > 0) { - for (String el : oaSlTemplates) - if (MiscUtil.isNotEmpty(el)) - trustedTemplateURLs.add(el); - } - - boolean b = trustedTemplateURLs.contains(template); - if (b) { - Logger.debug("Parameter Template erfolgreich ueberprueft"); - return true; - } - else { - Logger.error("Fehler Ueberpruefung Parameter Template bzw. bkuSelectionTemplateURL. Parameter liegt nicht am gleichen Server wie die MOA-Instanz (" + req.getServerName() + ") bzw. ist nicht auf Liste der vertrauenswuerdigen Template URLs (Konfigurationselement: MOA-IDConfiguration/TrustedTemplateURLs)"); - return false; - } - - } - - } else if (template.startsWith("file")){ - new URL(template); - Logger.debug("Parameter Template bzw. bkuSelectionTemplateURL erfolgreich ueberprueft"); - Logger.debug("Load SL-Layer Template from local filesystem " + template); - return true; - - } else { - Logger.error("Fehler Ueberpruefung Parameter Template bzw. bkuSelectionTemplateURL. Paramter beginnt nicht mit http oder https."); - return false; - } + if (useStrictValidation) { + Logger.trace("Use strict validation of Template bzw. bkuSelectionTemplateURL"); + return validateTemplateUrlToWhiteList(template, oaSlTemplates); + + } else { + Logger.trace("Use lazy validation of Template bzw. bkuSelectionTemplateURL"); + URL templateUrl = new URL(template); + String serverName = req.getServerName(); + + // check if template url starts with http or https + if (((templateUrl.getProtocol().startsWith("http") + || templateUrl.getProtocol().startsWith("https"))) + && templateUrl.getHost().equals(serverName)) { + Logger.debug("Parameter Template bzw. bkuSelectionTemplateURL erfolgreich ueberprueft" + + " Lazy check is activ and template is on same host as MOA-ID"); + return true; + + + } else { + return validateTemplateUrlToWhiteList(template, oaSlTemplates); + + } + } - } catch (MalformedURLException e) { + } catch (MalformedURLException | ConfigurationException e) { Logger.error("Fehler Ueberpruefung Parameter Template bzw. bkuSelectionTemplateURL.", e); return false; - } catch (ConfigurationException e) { - Logger.error("Fehler Ueberpruefung Parameter Template bzw. bkuSelectionTemplateURL.", e); - return false; - } + + } } - /** + /** * Checks if the given sessionID is valid * @param target HTTP parameter from request * @return @@ -540,13 +516,44 @@ public class ParamValidatorUtils extends MOAIDAuthConstants{ } catch (WrongParametersException e) { return false; + } - if (StringUtils.isEmpty(bkuURL) && StringUtils.isEmpty(useeIDAS)) + if (StringUtils.isEmpty(bkuURL) && StringUtils.isEmpty(useeIDAS)) { return false; - else + + } else { return true; + + } } + + private static boolean validateTemplateUrlToWhiteList(String template, List oaSlTemplates) + throws ConfigurationException { + //check against configured trustet template urls + AuthConfiguration authConf = AuthConfigurationProviderFactory.getInstance(); + List trustedTemplateURLs = authConf.getSLRequestTemplates(); + + //get OA specific template URLs + if (oaSlTemplates != null && oaSlTemplates.size() > 0) { + for (String el : oaSlTemplates) + if (MiscUtil.isNotEmpty(el)) + trustedTemplateURLs.add(el); + } + + boolean b = trustedTemplateURLs.contains(template); + if (b) { + Logger.debug("Parameter Template erfolgreich ueberprueft"); + return true; + + } else { + Logger.error("Fehler Ueberpruefung Parameter Template bzw. bkuSelectionTemplateURL. " + + "Parameter ist nicht auf Liste der vertrauenswuerdigen Template URLs " + + "(Konfigurationselement: MOA-IDConfiguration/TrustedTemplateURLs)"); + return false; + + } + } } diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthConfig.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthConfig.java index 1ab54471c..7707f3b90 100644 --- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthConfig.java +++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthConfig.java @@ -26,6 +26,9 @@ public class DummyAuthConfig implements AuthConfiguration { private Boolean isIDLEscapingEnabled = null; + private Map basicConfig = new HashMap<>(); + private List slRequestTemplates; + @Override public String getRootConfigFileDir() { // TODO Auto-generated method stub @@ -100,7 +103,10 @@ public class DummyAuthConfig implements AuthConfiguration { } else if (UserRestrictionTask.CONFIG_PROPS_CSV_USER_SECTOR.equals(key)) { return "urn:publicid:gv.at:cdid+ZP-MH"; - } + } else if (basicConfig.containsKey(key)) { + return basicConfig.get(key); + + } return null; @@ -108,8 +114,13 @@ public class DummyAuthConfig implements AuthConfiguration { @Override public String getBasicConfiguration(String key, String defaultValue) { - // TODO Auto-generated method stub - return null; + if (basicConfig.containsKey(key)) { + return basicConfig.get(key); + + } else { + return defaultValue; + + } } @Override @@ -235,8 +246,8 @@ public class DummyAuthConfig implements AuthConfiguration { @Override public List getSLRequestTemplates() throws ConfigurationException { - // TODO Auto-generated method stub - return null; + return slRequestTemplates; + } @Override @@ -428,8 +439,14 @@ public class DummyAuthConfig implements AuthConfiguration { } + if (basicConfig.containsKey(key)) { + return Boolean.parseBoolean(basicConfig.get(key)); + + } else { + return defaultValue; + + } - return false; } @Override @@ -462,8 +479,27 @@ public class DummyAuthConfig implements AuthConfiguration { @Override public Boolean getBasicConfigurationBoolean(String key) { - // TODO Auto-generated method stub + if (basicConfig.containsKey(key)) { + return Boolean.parseBoolean(basicConfig.get(key)); + + } + return null; } + public void putIntoBasicConfig(String key, String value) { + basicConfig.put(key, value); + + } + + public void removeFromBasicConfig(String key) { + basicConfig.remove(key); + + } + + public void setSlRequestTemplateUrls(List templates) { + slRequestTemplates = templates; + + } + } diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/util/ParamValidatorUtilsTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/util/ParamValidatorUtilsTest.java new file mode 100644 index 000000000..ad9e2c90e --- /dev/null +++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/util/ParamValidatorUtilsTest.java @@ -0,0 +1,588 @@ +package test.at.gv.egovernment.moa.id.util; + +import java.io.BufferedReader; +import java.io.IOException; +import java.io.UnsupportedEncodingException; +import java.security.Principal; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.Enumeration; +import java.util.List; +import java.util.Locale; +import java.util.Map; + +import javax.servlet.AsyncContext; +import javax.servlet.DispatcherType; +import javax.servlet.RequestDispatcher; +import javax.servlet.ServletContext; +import javax.servlet.ServletException; +import javax.servlet.ServletInputStream; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.Cookie; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; +import javax.servlet.http.Part; + +import org.junit.Assert; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.BlockJUnit4ClassRunner; + +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; +import at.gv.egovernment.moa.id.config.auth.data.DummyAuthConfig; +import at.gv.egovernment.moa.id.util.ParamValidatorUtils; + +@RunWith(BlockJUnit4ClassRunner.class) +public class ParamValidatorUtilsTest { + + private static DummyAuthConfig config; + + @BeforeClass + public static void classInitializer() { + config = new DummyAuthConfig(); + AuthConfigurationProviderFactory.setAuthConfig(config); + config.setSlRequestTemplateUrls(new ArrayList()); + + } + + @Test + public void templateStrictWhitelistFirst() { + + HttpServletRequest req = getDummyHttpRequest("junit.com"); + String template = "https://aaaa.com/bbbb"; + List oaSlTemplates = Arrays.asList( + "http://aaaa.com/bbbb", + "https://aaaa.com/bbbb", + "file://aaaa.com/bbbb"); + + Assert.assertTrue("Template should be valid", + ParamValidatorUtils.isValidTemplate(req, template, oaSlTemplates, true)); + + } + + @Test + public void templateStrictWhitelistSecond() { + + HttpServletRequest req = getDummyHttpRequest("junit.com"); + String template = "file://aaaa.com/ccc"; + List oaSlTemplates = Arrays.asList( + "http://aaaa.com/bbbb", + "https://aaaa.com/bbbb", + "file://aaaa.com/bbbb"); + + Assert.assertFalse("Template should NOT be valid", + ParamValidatorUtils.isValidTemplate(req, template, oaSlTemplates, true)); + + } + + @Test + public void templateLazyWhitelistFirst() { + + HttpServletRequest req = getDummyHttpRequest("junit.com"); + String template = "https://aaaa.com/bbbb"; + List oaSlTemplates = Arrays.asList( + "http://aaaa.com/bbbb", + "https://aaaa.com/bbbb", + "file://aaaa.com/bbbb"); + + Assert.assertTrue("Template should be valid", + ParamValidatorUtils.isValidTemplate(req, template, oaSlTemplates, false)); + + } + + @Test + public void templateLaczWhitelistSecond() { + + HttpServletRequest req = getDummyHttpRequest("junit.com"); + String template = "file://aaaa.com/ccc"; + List oaSlTemplates = Arrays.asList( + "http://aaaa.com/bbbb", + "https://aaaa.com/bbbb", + "file://aaaa.com/bbbb"); + + Assert.assertFalse("Template should NOT be valid", + ParamValidatorUtils.isValidTemplate(req, template, oaSlTemplates, false)); + + } + + @Test + public void templateLaczWhitelistThird() { + + HttpServletRequest req = getDummyHttpRequest("junit.com"); + String template = "https://aaaa.com/ccc"; + List oaSlTemplates = Arrays.asList( + "http://aaaa.com/bbbb", + "https://aaaa.com/bbbb", + "file://aaaa.com/bbbb"); + + Assert.assertFalse("Template should NOT be valid", + ParamValidatorUtils.isValidTemplate(req, template, oaSlTemplates, false)); + + } + + @Test + public void templateLaczWhitelistFour() { + + HttpServletRequest req = getDummyHttpRequest("junit.com"); + String template = "http://aaaa.com/ccc"; + List oaSlTemplates = Arrays.asList( + "http://aaaa.com/bbbb", + "https://aaaa.com/bbbb", + "file://aaaa.com/bbbb"); + + Assert.assertFalse("Template should NOT be valid", + ParamValidatorUtils.isValidTemplate(req, template, oaSlTemplates, false)); + + } + + @Test + public void templateLaczWhitelistFife() { + + HttpServletRequest req = getDummyHttpRequest("junit.com"); + String template = "http://junit.com/ccc"; + List oaSlTemplates = Arrays.asList( + "http://aaaa.com/bbbb", + "https://aaaa.com/bbbb", + "file://aaaa.com/bbbb"); + + Assert.assertTrue("Template should be valid", + ParamValidatorUtils.isValidTemplate(req, template, oaSlTemplates, false)); + + } + + @Test + public void templateLaczWhitelistSix() { + + HttpServletRequest req = getDummyHttpRequest("junit.com"); + String template = "https://junit.com/ccc"; + List oaSlTemplates = Arrays.asList( + "http://aaaa.com/bbbb", + "https://aaaa.com/bbbb", + "file://aaaa.com/bbbb"); + + Assert.assertTrue("Template should be valid", + ParamValidatorUtils.isValidTemplate(req, template, oaSlTemplates, false)); + + } + + @Test + public void templateLaczWhitelistSeven() { + + HttpServletRequest req = getDummyHttpRequest("junit.com"); + String template = "file://junit.com/ccc"; + List oaSlTemplates = Arrays.asList( + "http://aaaa.com/bbbb", + "https://aaaa.com/bbbb", + "file://aaaa.com/bbbb"); + + Assert.assertFalse("Template should Not be valid", + ParamValidatorUtils.isValidTemplate(req, template, oaSlTemplates, false)); + + } + + private HttpServletRequest getDummyHttpRequest(final String serverName) { + return new HttpServletRequest() { + + @Override + public AsyncContext startAsync(ServletRequest servletRequest, ServletResponse servletResponse) + throws IllegalStateException { + // TODO Auto-generated method stub + return null; + } + + @Override + public AsyncContext startAsync() throws IllegalStateException { + // TODO Auto-generated method stub + return null; + } + + @Override + public void setCharacterEncoding(String env) throws UnsupportedEncodingException { + // TODO Auto-generated method stub + + } + + @Override + public void setAttribute(String name, Object o) { + // TODO Auto-generated method stub + + } + + @Override + public void removeAttribute(String name) { + // TODO Auto-generated method stub + + } + + @Override + public boolean isSecure() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isAsyncSupported() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isAsyncStarted() { + // TODO Auto-generated method stub + return false; + } + + @Override + public ServletContext getServletContext() { + // TODO Auto-generated method stub + return null; + } + + @Override + public int getServerPort() { + // TODO Auto-generated method stub + return 0; + } + + @Override + public String getServerName() { + return serverName; + + } + + @Override + public String getScheme() { + // TODO Auto-generated method stub + return null; + } + + @Override + public RequestDispatcher getRequestDispatcher(String path) { + // TODO Auto-generated method stub + return null; + } + + @Override + public int getRemotePort() { + // TODO Auto-generated method stub + return 0; + } + + @Override + public String getRemoteHost() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getRemoteAddr() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getRealPath(String path) { + // TODO Auto-generated method stub + return null; + } + + @Override + public BufferedReader getReader() throws IOException { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getProtocol() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String[] getParameterValues(String name) { + // TODO Auto-generated method stub + return null; + } + + @Override + public Enumeration getParameterNames() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Map getParameterMap() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getParameter(String name) { + // TODO Auto-generated method stub + return null; + } + + @Override + public Enumeration getLocales() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Locale getLocale() { + // TODO Auto-generated method stub + return null; + } + + @Override + public int getLocalPort() { + // TODO Auto-generated method stub + return 0; + } + + @Override + public String getLocalName() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getLocalAddr() { + // TODO Auto-generated method stub + return null; + } + + @Override + public ServletInputStream getInputStream() throws IOException { + // TODO Auto-generated method stub + return null; + } + + @Override + public DispatcherType getDispatcherType() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getContentType() { + // TODO Auto-generated method stub + return null; + } + + @Override + public int getContentLength() { + // TODO Auto-generated method stub + return 0; + } + + @Override + public String getCharacterEncoding() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Enumeration getAttributeNames() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Object getAttribute(String name) { + // TODO Auto-generated method stub + return null; + } + + @Override + public AsyncContext getAsyncContext() { + // TODO Auto-generated method stub + return null; + } + + @Override + public void logout() throws ServletException { + // TODO Auto-generated method stub + + } + + @Override + public void login(String username, String password) throws ServletException { + // TODO Auto-generated method stub + + } + + @Override + public boolean isUserInRole(String role) { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isRequestedSessionIdValid() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isRequestedSessionIdFromUrl() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isRequestedSessionIdFromURL() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isRequestedSessionIdFromCookie() { + // TODO Auto-generated method stub + return false; + } + + @Override + public Principal getUserPrincipal() { + // TODO Auto-generated method stub + return null; + } + + @Override + public HttpSession getSession(boolean create) { + // TODO Auto-generated method stub + return null; + } + + @Override + public HttpSession getSession() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getServletPath() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getRequestedSessionId() { + // TODO Auto-generated method stub + return null; + } + + @Override + public StringBuffer getRequestURL() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getRequestURI() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getRemoteUser() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getQueryString() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getPathTranslated() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getPathInfo() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Collection getParts() throws IOException, ServletException { + // TODO Auto-generated method stub + return null; + } + + @Override + public Part getPart(String name) throws IOException, ServletException { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getMethod() { + // TODO Auto-generated method stub + return null; + } + + @Override + public int getIntHeader(String name) { + // TODO Auto-generated method stub + return 0; + } + + @Override + public Enumeration getHeaders(String name) { + // TODO Auto-generated method stub + return null; + } + + @Override + public Enumeration getHeaderNames() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getHeader(String name) { + // TODO Auto-generated method stub + return null; + } + + @Override + public long getDateHeader(String name) { + // TODO Auto-generated method stub + return 0; + } + + @Override + public Cookie[] getCookies() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getContextPath() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getAuthType() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean authenticate(HttpServletResponse response) throws IOException, ServletException { + // TODO Auto-generated method stub + return false; + } + }; + } +} -- cgit v1.2.3