/******************************************************************************* * Copyright 2014 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. * * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by * the European Commission - subsequent versions of the EUPL (the "Licence"); * You may not use this work except in compliance with the Licence. * You may obtain a copy of the Licence at: * http://www.osor.eu/eupl/ * * Unless required by applicable law or agreed to in writing, software * distributed under the Licence is distributed on an "AS IS" basis, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Licence for the specific language governing permissions and * limitations under the Licence. * * This product combines work with different licenses. See the "NOTICE" text * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. ******************************************************************************/ package at.gv.egovernment.moa.id.auth.servlet; import java.io.IOException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration; import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.moduls.SSOManager; import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.URLEncoder; @Controller public class RedirectServlet { public static final String REDIRCT_PARAM_URL = "redirecturl"; private static final String DEFAULT_REDIRECTTARGET = "_parent"; private static final String URL = "URL"; private static final String TARGET = "TARGET"; @Autowired SSOManager ssoManager; @Autowired IGUIFormBuilder guiBuilder; @RequestMapping(value = "/RedirectServlet", method = RequestMethod.GET) public void performLogOut(HttpServletRequest req, HttpServletResponse resp) throws IOException { Logger.debug("Receive " + RedirectServlet.class + " Request"); String url = req.getParameter(REDIRCT_PARAM_URL); String target = req.getParameter(MOAIDAuthConstants.PARAM_TARGET); String artifact = req.getParameter(MOAIDAuthConstants.PARAM_SAMLARTIFACT); String interIDP = req.getParameter(MOAIDAuthConstants.INTERFEDERATION_IDP); Logger.debug("Check URL against online-applications"); IOAAuthParameters oa = null; String redirectTarget = DEFAULT_REDIRECTTARGET; try { oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(url); String authURL = HTTPUtils.extractAuthURLFromRequest(req); if (oa == null && !AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix().contains(authURL)) { resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Parameters not valid"); return; } else { //Redirect is a SAML1 send Artifact redirct if (MiscUtil.isNotEmpty(artifact)) { try { String test = oa.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETREDIRECTTARGET); if (MiscUtil.isNotEmpty(test)) redirectTarget = test; } catch (Exception e) { Logger.debug("Use default redirectTarget."); } Logger.info("Redirect to " + url); if (MiscUtil.isNotEmpty(target)) { // redirectURL = addURLParameter(redirectURL, PARAM_TARGET, // URLEncoder.encode(session.getTarget(), "UTF-8")); url = HTTPUtils.addURLParameter(url, MOAIDAuthConstants.PARAM_TARGET, URLEncoder.encode(target, "UTF-8")); } url = HTTPUtils.addURLParameter(url, MOAIDAuthConstants.PARAM_SAMLARTIFACT, URLEncoder.encode(artifact, "UTF-8")); url = resp.encodeRedirectURL(url); DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration( authURL, DefaultGUIFormBuilderConfiguration.VIEW_REDIRECT, null); config.putCustomParameter(URL, url); config.putCustomParameter(TARGET, redirectTarget); guiBuilder.build(resp, config, "RedirectForm.html"); } else if (MiscUtil.isNotEmpty(interIDP)) { //store IDP identifier and redirect to generate AuthRequst service Logger.info("Receive an interfederation redirect request for IDP " + interIDP); ssoManager.setInterfederationIDPCookie(req, resp, interIDP); Logger.debug("Redirect to " + url); url = resp.encodeRedirectURL(url); resp.setContentType("text/html"); resp.setStatus(HttpServletResponse.SC_FOUND); resp.addHeader("Location", url); } else { Logger.debug("Redirect to " + url); DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration( authURL, DefaultGUIFormBuilderConfiguration.VIEW_REDIRECT, null); config.putCustomParameter(URL, url); guiBuilder.build(resp, config, "RedirectForm.html"); } } } catch (Throwable e) { resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Request not allowed."); return; } finally { } } }