/*
* Copyright 2003 Federal Chancellery Austria
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package at.gv.egovernment.moa.id.auth.servlet;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
/**
* Servlet requested for starting a MOA ID authentication session.
* Utilizes the {@link AuthenticationServer}.
*
* @author Paul Ivancsics
* @version $Id$
* @see AuthenticationServer#startAuthentication
*/
public class StartAuthenticationServlet extends AuthServlet {
/**
* Responds with an HTML form which upon submit requests the identity link
* from the security layer implementation.
*
* Response:
*
* - Content type:
"text/html"
* - Content: see return value of {@link AuthenticationServer#startAuthentication}
* - Error status:
500
*
* @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
*/
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
Logger.debug("GET StartAuthentication");
String authURL = req.getScheme() + "://" + req.getServerName();
if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) {
authURL = authURL.concat(":" + req.getServerPort());
}
authURL = authURL.concat(req.getContextPath() + "/");
String target = req.getParameter(PARAM_TARGET);
String oaURL = req.getParameter(PARAM_OA);
String bkuURL = req.getParameter(PARAM_BKU);
String templateURL = req.getParameter(PARAM_TEMPLATE);
String sessionID = req.getParameter(PARAM_SESSIONID);
resp.setHeader(HEADER_EXPIRES,HEADER_VALUE_EXPIRES);
resp.setHeader(HEADER_PRAGMA,HEADER_VALUE_PRAGMA);
resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL);
resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE);
try {
// check parameter
if (!ParamValidatorUtils.isValidTarget(target))
throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12");
if (!ParamValidatorUtils.isValidOA(oaURL))
throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12");
if (!ParamValidatorUtils.isValidBKUURI(bkuURL))
throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12");
if (!ParamValidatorUtils.isValidTemplate(templateURL))
throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12");
if (!ParamValidatorUtils.isValidSessionID(sessionID))
throw new WrongParametersException("StartAuthentication", PARAM_SESSIONID, "auth.12");
String getIdentityLinkForm =
AuthenticationServer.getInstance().startAuthentication(authURL, target, oaURL, templateURL, bkuURL, sessionID, req.getScheme());
resp.setContentType("text/html;charset=UTF-8");
PrintWriter out = new PrintWriter(resp.getOutputStream());
out.print(getIdentityLinkForm);
out.flush();
Logger.debug("Finished GET StartAuthentication");
}
catch (WrongParametersException ex) {
handleWrongParameters(ex, req, resp);
}
catch (MOAIDException ex) {
handleError(null, ex, req, resp);
}
}
/**
* @see javax.servlet.http.HttpServlet#doPost(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
*/
protected void doPost(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
doGet(req, resp);
}
/**
* Calls the web application initializer.
*
* @see javax.servlet.Servlet#init(ServletConfig)
*/
public void init(ServletConfig servletConfig) throws ServletException {
try {
super.init(servletConfig);
MOAIDAuthInitializer.initialize();
Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null));
}
catch (Exception ex) {
Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex);
throw new ServletException(ex);
}
}
}