/*******************************************************************************
* Copyright 2014 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
* Chancellery Austria - ICT staff unit, and Graz University of Technology.
*
* Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
* the European Commission - subsequent versions of the EUPL (the "Licence");
* You may not use this work except in compliance with the Licence.
* You may obtain a copy of the Licence at:
* http://www.osor.eu/eupl/
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the Licence is distributed on an "AS IS" basis,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the Licence for the specific language governing permissions and
* limitations under the Licence.
*
* This product combines work with different licenses. See the "NOTICE" text
* file for details on the various modules and licenses.
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
******************************************************************************/
/*
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
* Chancellery Austria - ICT staff unit, and Graz University of Technology.
*
* Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
* the European Commission - subsequent versions of the EUPL (the "Licence");
* You may not use this work except in compliance with the Licence.
* You may obtain a copy of the Licence at:
* http://www.osor.eu/eupl/
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the Licence is distributed on an "AS IS" basis,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the Licence for the specific language governing permissions and
* limitations under the Licence.
*
* This product combines work with different licenses. See the "NOTICE" text
* file for details on the various modules and licenses.
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
*/
package at.gv.egovernment.moa.id.auth.servlet;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.fileupload.FileItem;
import org.apache.commons.fileupload.FileItemFactory;
import org.apache.commons.fileupload.FileUploadException;
import org.apache.commons.fileupload.disk.DiskFileItemFactory;
import org.apache.commons.fileupload.servlet.ServletFileUpload;
import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.entrypoints.DispatcherServlet;
import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl;
import at.gv.egovernment.moa.id.storage.IExceptionStore;
import at.gv.egovernment.moa.id.util.ServletUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.URLDecoder;
/**
* Base class for MOA-ID Auth Servlets, providing standard error handling and
* constant names.
*
* @author Paul Ivancsics
* @version $Id$
*/
public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
/**
*
*/
private static final long serialVersionUID = -6929905344382283738L;
protected static final String ERROR_CODE_PARAM = "errorid";
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
Logger.debug("GET " + this.getServletName());
this.setNoCachingHeadersInHttpRespone(req, resp);
}
protected void handleErrorNoRedirect(String errorMessage, Throwable exceptionThrown,
HttpServletRequest req, HttpServletResponse resp) {
if (null != errorMessage) {
Logger.error(errorMessage);
req.setAttribute("ErrorMessage", errorMessage);
}
if (null != exceptionThrown) {
if (null == errorMessage)
errorMessage = exceptionThrown.getMessage();
Logger.error(errorMessage, exceptionThrown);
req.setAttribute("ExceptionThrown", exceptionThrown);
}
if (Logger.isDebugEnabled()) {
req.setAttribute("LogLevel", "debug");
}
StatisticLogger logger = StatisticLogger.getInstance();
logger.logErrorOperation(exceptionThrown);
// forward this to errorpage-auth.jsp where the HTML error page is
// generated
ServletContext context = getServletContext();
RequestDispatcher dispatcher = context
.getRequestDispatcher("/errorpage-auth.jsp");
try {
resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,
MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,
MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
dispatcher.forward(req, resp);
} catch (ServletException e) {
Logger.error(e);
} catch (IOException e) {
Logger.error(e);
}
}
/**
* Handles an error.
>
*
"/errorpage-auth.jsp"
)WrongParametersException
.
*
* @param req
* servlet request
* @param resp
* servlet response
*/
protected void handleWrongParameters(WrongParametersException ex,
HttpServletRequest req, HttpServletResponse resp) {
Logger.error(ex.toString());
req.setAttribute("WrongParameters", ex.getMessage());
// forward this to errorpage-auth.jsp where the HTML error page is
// generated
ServletContext context = getServletContext();
RequestDispatcher dispatcher = context
.getRequestDispatcher("/errorpage-auth.jsp");
try {
resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,
MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,
MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
dispatcher.forward(req, resp);
} catch (ServletException e) {
Logger.error(e);
} catch (IOException e) {
Logger.error(e);
}
}
/**
* Logs all servlet parameters for debugging purposes.
*/
protected void logParameters(HttpServletRequest req) {
for (Enumeration params = req.getParameterNames(); params
.hasMoreElements();) {
String parname = (String) params.nextElement();
Logger.debug("Parameter " + parname + req.getParameter(parname));
}
}
/**
* Parses the request input stream for parameters, assuming parameters are
* encoded UTF-8 (no standard exists how browsers should encode them).
*
* @param req
* servlet request
*
* @return mapping parameter name -> value
*
* @throws IOException
* if parsing request parameters fails.
*
* @throws FileUploadException
* if parsing request parameters fails.
*/
protected Map