package at.gv.egovernment.moa.id.auth.modules; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.InputStream; import java.util.HashMap; import java.util.Iterator; import java.util.List; import java.util.Map; import java.util.Map.Entry; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.fileupload.FileItem; import org.apache.commons.fileupload.FileItemFactory; import org.apache.commons.fileupload.FileUploadException; import org.apache.commons.fileupload.disk.DiskFileItemFactory; import org.apache.commons.fileupload.servlet.ServletFileUpload; import org.apache.commons.lang3.ArrayUtils; import org.springframework.beans.factory.annotation.Autowired; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.moduls.IRequestStorage; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.process.springweb.MoaIdTask; import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController; import at.gv.egovernment.moa.logging.Logger; /** * Task based counterpart to {@link AuthServlet}, providing the same utility methods (error handling, parameter parsing * etc.).
The code has been taken from {@link AuthServlet}. */ public abstract class AbstractAuthServletTask extends MoaIdTask { @Autowired protected IRequestStorage requestStoreage; //@Autowired protected IAuthenticationSessionStoreage authenticatedSessionStorage; @Autowired protected MOAReversionLogger revisionsLogger; @Autowired protected AuthConfiguration authConfig; protected static final String ERROR_CODE_PARAM = "errorid"; protected IRequest pendingReq = null; protected IAuthenticationSession moasession = null; public abstract void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException; protected final IRequest internalExecute(IRequest pendingReq, ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { //set pending-request object this.pendingReq = pendingReq; //execute task specific action execute(executionContext, request, response); //return pending-request object return this.pendingReq; } /** * Default initialization loads the MOASession object from database * * @param req * @param executionContext * @throws MOAIDException * @throws MOADatabaseException */ protected void defaultTaskInitialization(HttpServletRequest req, ExecutionContext executionContext) throws MOAIDException, MOADatabaseException { Logger.trace("Get MOASessionData object from pendingReq:" + pendingReq.getRequestID()); moasession = pendingReq.getMOASession(); } /** * Redirect the authentication process to protocol specific finalization endpoint. * * @param pendingReq Actually processed protocol specific authentication request * @param httpResp */ protected void performRedirectToProtocolFinialization(IRequest pendingReq, HttpServletResponse httpResp) { performRedirectToItself(pendingReq, httpResp, AbstractAuthProtocolModulController.FINALIZEPROTOCOL_ENDPOINT); } /** * Redirect the authentication process to MOA-ID-Auth itself * * @param pendingReq Actually processed protocol specific authentication request * @param httpResp * @param moaIDEndPoint Servlet EndPoint that should receive the redirect */ protected void performRedirectToItself(IRequest pendingReq, HttpServletResponse httpResp, String moaIDEndPoint) { String redirectURL = new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), moaIDEndPoint, pendingReq.getRequestID()); httpResp.setContentType("text/html"); httpResp.setStatus(302); httpResp.addHeader("Location", redirectURL); Logger.debug("REDIRECT TO: " + redirectURL); } /** * Parses the request input stream for parameters, assuming parameters are * encoded UTF-8 (no standard exists how browsers should encode them). * * @param req * servlet request * * @return mapping parameter name -> value * * @throws IOException * if parsing request parameters fails. * * @throws FileUploadException * if parsing request parameters fails. */ protected Map