/* * Copyright 2014 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. * * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by * the European Commission - subsequent versions of the EUPL (the "Licence"); * You may not use this work except in compliance with the Licence. * You may obtain a copy of the Licence at: * http://www.osor.eu/eupl/ * * Unless required by applicable law or agreed to in writing, software * distributed under the Licence is distributed on an "AS IS" basis, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Licence for the specific language governing permissions and * limitations under the Licence. * * This product combines work with different licenses. See the "NOTICE" text * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. */ package at.gv.egovernment.moa.id.auth.servlet.interceptor; import java.io.IOException; import java.net.MalformedURLException; import java.net.URL; import java.util.List; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import org.springframework.context.ApplicationContext; import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.logging.Logger; /** * @author tlenz * */ public class VHostUrlRewriteServletFilter implements Filter { private static final String VHOST_PATH = "/vhost/"; private static final String AUTHURL = "authURL"; private ApplicationContext context = null; public VHostUrlRewriteServletFilter(ApplicationContext context) { Logger.info("Register vHost Servelt Filter"); this.context = context; } /* (non-Javadoc) * @see javax.servlet.Filter#init(javax.servlet.FilterConfig) */ @Override public void init(FilterConfig filterConfig) throws ServletException { } /* (non-Javadoc) * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain) */ @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest httpReq = (HttpServletRequest) request; try { AuthConfiguration authConfig = context.getBean(AuthConfiguration.class); List configuredPublicURLPrefix = authConfig.getPublicURLPrefix(); //check if End-Point is valid String publicURLString = HTTPUtils.extractAuthURLFromRequest(httpReq); URL publicURL; try { publicURL = new URL(publicURLString); } catch (MalformedURLException e) { Logger.error("IDP AuthenticationServiceURL Prefix is not a valid URL." + publicURLString, e); throw new ConfigurationException("1299", null, e); } //check if virtual IDPs are enabled if (!authConfig.isVirtualIDPsEnabled()) { Logger.trace("Virtual IDPs are disabled. Use default IDP PublicURLPrefix from configuration: " + configuredPublicURLPrefix.get(0)); httpReq.setAttribute(AUTHURL, configuredPublicURLPrefix.get(0)); chain.doFilter(request, response); } else { String authURLString = HTTPUtils.extractAuthServletPathFromRequest(httpReq); URL authURL; try { authURL = new URL(authURLString); } catch (MalformedURLException e) { Logger.error("IDP AuthenticationServiceURL Prefix is not a valid URL." + authURLString, e); throw new ConfigurationException("1299", null, e); } Logger.debug("Extract AuthenticationServiceURL: " + authURLString); URL resultURL = null; for (String el : configuredPublicURLPrefix) { try { URL configuredURL = new URL(el); //get Ports from URL int configPort = configuredURL.getPort(); if (configPort == -1) configPort = configuredURL.getDefaultPort(); int authURLPort = authURL.getPort(); if (authURLPort == -1) authURLPort = authURL.getDefaultPort(); //check AuthURL against ConfigurationURL if (configuredURL.getHost().equals(authURL.getHost()) && configPort == authURLPort && authURL.getPath().startsWith(configuredURL.getPath())) { Logger.debug("Select configurated PublicURLPrefix: " + configuredURL + " for authURL: " + authURLString); resultURL = configuredURL; } } catch (MalformedURLException e) { Logger.error("Configurated IDP PublicURLPrefix is not a valid URL." + el); } } if (resultURL == null) { Logger.warn("Extract AuthenticationServiceURL: " + authURL + " is NOT found in configuration."); throw new ConfigurationException("config.25", new Object[]{authURLString}); } else { httpReq.setAttribute(AUTHURL, resultURL.toExternalForm()); } String servletPath = httpReq.getServletPath(); if (servletPath.startsWith(VHOST_PATH)) { Logger.trace("Found V-IDP selection via REST URL ... "); String vHostDescriptor = resultURL.toExternalForm().substring(0, publicURLString.length()); String requestedServlet = authURLString.substring(0, vHostDescriptor.length()); String newURL = publicURL.toExternalForm().concat(requestedServlet); httpReq.setAttribute(AUTHURL, newURL); httpReq.getRequestDispatcher(newURL).forward(httpReq, response); } else { Logger.trace("Found V-IDP selection via Domain ..."); chain.doFilter(request, response); } } } catch (ConfigurationException e) { } } /* (non-Javadoc) * @see javax.servlet.Filter#destroy() */ @Override public void destroy() { // TODO Auto-generated method stub } }