/******************************************************************************* * Copyright 2014 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. * * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by * the European Commission - subsequent versions of the EUPL (the "Licence"); * You may not use this work except in compliance with the Licence. * You may obtain a copy of the Licence at: * http://www.osor.eu/eupl/ * * Unless required by applicable law or agreed to in writing, software * distributed under the Licence is distributed on an "AS IS" basis, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Licence for the specific language governing permissions and * limitations under the Licence. * * This product combines work with different licenses. See the "NOTICE" text * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. ******************************************************************************/ package at.gv.egovernment.moa.id.auth.servlet; import java.io.IOException; import java.util.List; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.modules.registration.ModuleRegistration; import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol; import at.gv.egovernment.moa.id.process.ExecutionContextImpl; import at.gv.egovernment.moa.id.process.ProcessInstance; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; public class GenerateIFrameTemplateServlet extends AuthServlet { private static final long serialVersionUID = 1L; protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { Logger.info("Receive " + GenerateIFrameTemplateServlet.class + " Request"); String pendingRequestID = null; try { String bkuid = req.getParameter(PARAM_BKU); String useMandate = req.getParameter(PARAM_USEMANDATE); String ccc = req.getParameter(PARAM_CCC); String moasessionid = req.getParameter(PARAM_SESSIONID); moasessionid = StringEscapeUtils.escapeHtml(moasessionid); AuthenticationSession moasession = null; if (MiscUtil.isEmpty(bkuid) || MiscUtil.isEmpty(moasessionid)) { Logger.warn("MOASessionID or BKU-type is empty. Maybe an old BKU-selection template is in use."); throw new MOAIDException("auth.23", new Object[] {}); } try { pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moasessionid); moasession = AuthenticationSessionStoreage.getSession(moasessionid); // AuthenticationSessionStoreage.changeSessionID(moasession); } catch (MOADatabaseException e) { Logger.info("MOASession with SessionID="+ moasessionid + " is not found in Database"); throw new MOAIDException("init.04", new Object[] { moasessionid}); } catch (Throwable e) { Logger.info("No HTTP Session found!"); throw new MOAIDException("auth.18", new Object[] {}); } //load OA Config OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() .getOnlineApplicationParameter(moasession.getOAURLRequested()); if (oaParam == null) throw new AuthenticationException("auth.00", new Object[] { moasession.getOAURLRequested() }); else { //get Target from config or from request in case of SAML 1 String target = null; IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID); MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, MOAIDEventConstants.AUTHPROCESS_BKUTYPE_SELECTED, bkuid); if (MiscUtil.isNotEmpty(pendingReq.getTarget()) && pendingReq.requestedModule().equals(SAML1Protocol.PATH)) target = pendingReq.getTarget(); else target = oaParam.getTarget(); String bkuURL = oaParam.getBKUURL(bkuid); if (MiscUtil.isEmpty(bkuURL)) { Logger.info("No OA specific BKU defined. Use BKU from default configuration"); bkuURL = AuthConfigurationProvider.getInstance().getDefaultBKUURL(bkuid); } //search for OA specific template String templateURL = null; List oaTemplateURLList = oaParam.getTemplateURL(); if ( oaTemplateURLList != null && oaTemplateURLList.size() > 0 && MiscUtil.isNotEmpty(oaTemplateURLList.get(0).getURL()) ) { templateURL = oaTemplateURLList.get(0).getURL(); } else { templateURL = AuthConfigurationProvider.getInstance().getSLRequestTemplates(bkuid); } //make url absolut if it is a local url if (MiscUtil.isNotEmpty(templateURL)) templateURL = FileUtils.makeAbsoluteURL(templateURL, AuthConfigurationProvider.getInstance().getRootConfigFileDir()); if (oaParam.isOnlyMandateAllowed()) useMandate = "true"; if (!oaParam.isShowMandateCheckBox()) useMandate = "false"; //parse all OA parameters i StartAuthentificationParameterParser.parse(moasession, target, moasession.getOAURLRequested(), bkuURL, templateURL, useMandate, ccc, moasession.getModul(), moasession.getAction(), req); } ExecutionContext ec = new ExecutionContextImpl(); // set execution context ec.put("ccc", moasession.getCcc()); ec.put("useMandate", moasession.getUseMandate()); ec.put("bkuURL", moasession.getBkuURL()); ec.put("pendingRequestID", pendingRequestID); // select and create process instance String processDefinitionId = ModuleRegistration.getInstance().selectProcess(ec); String processInstanceId = getProcessEngine().createProcessInstance(processDefinitionId, ec); if (processDefinitionId == null) { Logger.warn("No suitable process found for SessionID " + moasession.getSessionID()); throw new MOAIDException("process.02", new Object[] { moasession.getSessionID() }); } // keep process instance id in moa session moasession.setProcessInstanceId(processInstanceId); // make sure moa session has been persisted before running the process try { AuthenticationSessionStoreage.storeSession(moasession); } catch (MOADatabaseException e) { Logger.error("Database Error! MOASession is not stored!"); throw new MOAIDException("init.04", new Object[] { moasession.getSessionID() }); } // start process getProcessEngine().start(processInstanceId); } catch (WrongParametersException ex) { handleWrongParameters(ex, req, resp); } catch (MOAIDException ex) { handleError(null, ex, req, resp, pendingRequestID); } catch (Exception e) { Logger.error("BKUSelectionServlet has an interal Error.", e); } finally { ConfigurationDBUtils.closeSession(); } } }