summaryrefslogtreecommitdiff
path: root/BKUOnline
diff options
context:
space:
mode:
Diffstat (limited to 'BKUOnline')
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/bku/online/accesscontroller/SpringSecurityManager.java48
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/Configurator.java47
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java27
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/BKURequestHandler.java177
-rw-r--r--BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/accessControlConfig.xml98
-rw-r--r--BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties3
-rw-r--r--BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml92
-rw-r--r--BKUOnline/src/main/webapp/applet/BKUApplet-1.0-SNAPSHOT.jarbin0 -> 132767 bytes
-rw-r--r--BKUOnline/src/main/webapp/applet/commons-logging-1.1.1.jarbin0 -> 60686 bytes
-rw-r--r--BKUOnline/src/main/webapp/applet/iaik_jce_me4se-3.04.jarbin0 -> 99061 bytes
10 files changed, 344 insertions, 148 deletions
diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/accesscontroller/SpringSecurityManager.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/accesscontroller/SpringSecurityManager.java
new file mode 100644
index 00000000..404e254e
--- /dev/null
+++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/accesscontroller/SpringSecurityManager.java
@@ -0,0 +1,48 @@
+package at.gv.egiz.bku.online.accesscontroller;
+
+import java.io.IOException;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.springframework.context.ResourceLoaderAware;
+import org.springframework.core.io.Resource;
+import org.springframework.core.io.ResourceLoader;
+
+import at.gv.egiz.bku.accesscontroller.SecurityManagerFacade;
+import at.gv.egiz.bku.online.conf.Configurator;
+
+public class SpringSecurityManager extends SecurityManagerFacade implements
+ ResourceLoaderAware {
+
+ private ResourceLoader resourceLoader;
+
+ private static Log log = LogFactory.getLog(SpringSecurityManager.class);
+
+ protected Configurator config;
+
+ public void setConfig(Configurator config) {
+ this.config = config;
+ }
+
+ public void init() {
+ String noMatch = config.getProperty("AccessController.acceptNoMatch");
+ if (noMatch != null) {
+ log.debug("Setting allow now match to: " + noMatch);
+ setAllowUnmatched(Boolean.getBoolean(noMatch));
+ }
+ String policy = config.getProperty("AccessController.policyResource");
+ log.info("Loading resource: " + policy);
+ try {
+ Resource res = resourceLoader.getResource(policy);
+ init(res.getInputStream());
+ } catch (IOException e) {
+ log.error(e);
+ }
+ }
+
+ @Override
+ public void setResourceLoader(ResourceLoader loader) {
+ this.resourceLoader = loader;
+ }
+
+}
diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/Configurator.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/Configurator.java
index 0cb717c4..f51335e1 100644
--- a/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/Configurator.java
+++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/Configurator.java
@@ -16,29 +16,31 @@
*/
package at.gv.egiz.bku.online.conf;
-import iaik.security.ecc.provider.ECCProvider;
-import iaik.xml.crypto.XSecProvider;
-
-import java.net.HttpURLConnection;
-import java.security.Provider;
-import java.security.Security;
-
-import javax.net.ssl.HttpsURLConnection;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-import at.gv.egiz.bku.slcommands.impl.xsect.STALProvider;
+import iaik.security.ecc.provider.ECCProvider;
+import iaik.xml.crypto.XSecProvider;
+
+import java.net.HttpURLConnection;
+import java.security.Provider;
+import java.security.Security;
+import java.util.Properties;
+
+import javax.net.ssl.HttpsURLConnection;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import at.gv.egiz.bku.slcommands.impl.xsect.STALProvider;
/**
*
* TODO currently only the code to get started.
*/
public class Configurator {
- private Log log = LogFactory.getLog(Configurator.class);
+ private Log log = LogFactory.getLog(Configurator.class);
+
+ protected Properties properties;
public Configurator() {
- configure();
}
protected void configUrlConnections() {
@@ -63,7 +65,18 @@ public class Configurator {
public void configure() {
configureProviders();
configUrlConnections();
-
}
-
+
+ public void setConfiguration(Properties props) {
+ this.properties = props;
+ configure();
+ }
+
+ public String getProperty(String key) {
+ if (properties != null) {
+ return properties.getProperty(key);
+ }
+ return null;
+ }
+
}
diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java
new file mode 100644
index 00000000..96588d7d
--- /dev/null
+++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java
@@ -0,0 +1,27 @@
+package at.gv.egiz.bku.online.conf;
+
+import java.io.IOException;
+import java.util.Properties;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.springframework.core.io.Resource;
+
+public class SpringConfigurator extends Configurator {
+
+ private final static Log log = LogFactory.getLog(SpringConfigurator.class);
+
+ public void setResource(Resource resource) {
+ log.debug("Loading config from: " + resource);
+ if (resource != null) {
+ Properties props = new Properties();
+ try {
+ props.load(resource.getInputStream());
+ super.setConfiguration(props);
+ } catch (IOException e) {
+ log.error("Cannot load config", e);
+ }
+ }
+ }
+
+}
diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/BKURequestHandler.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/BKURequestHandler.java
index 53a7c164..20320d8e 100644
--- a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/BKURequestHandler.java
+++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/BKURequestHandler.java
@@ -1,91 +1,88 @@
/*
-* Copyright 2008 Federal Chancellery Austria and
-* Graz University of Technology
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-* http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
-*/
-package at.gv.egiz.bku.online.webapp;
-
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.Locale;
-import java.util.Map;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-import at.gv.egiz.bku.binding.HTTPBindingProcessor;
-import at.gv.egiz.bku.binding.HttpUtil;
-import at.gv.egiz.org.apache.tomcat.util.http.AcceptLanguage;
-
-/**
- * Handles SL requests and instantiates BindingProcessors
- *
- */
-public class BKURequestHandler extends SpringBKUServlet {
-
- public final static String REDIRECT_URL ="appletPage.jsp";
-
- protected Log log = LogFactory.getLog(BKURequestHandler.class);
-
- protected void doPost(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, java.io.IOException {
- log.debug("Got new request");
- String lang = req.getHeader("Accept-Language");
- Locale locale = AcceptLanguage.getLocale(lang);
- log.debug("Using locale: "+locale);
- HttpSession session = req.getSession();
- if (session != null) {
- session.invalidate();
- }
- String id = req.getSession(true).getId();
- log.debug("Using session id: "+id);
- HTTPBindingProcessor bindingProcessor;
- if (req.isSecure()) {
- bindingProcessor = (HTTPBindingProcessor) getBindingProcessorManager()
- .createBindingProcessor("https", id, locale);
- } else {
- bindingProcessor = (HTTPBindingProcessor) getBindingProcessorManager()
- .createBindingProcessor("http", id, locale);
- }
- Map<String, String> headerMap = new HashMap<String, String>();
- for (Enumeration<String> headerName = req.getHeaderNames(); headerName
- .hasMoreElements();) {
- String header = headerName.nextElement();
- if (header != null) {
- headerMap.put(header, req.getHeader(header));
- }
- }
- String charset = req.getCharacterEncoding();
- String contentType = req.getContentType();
- if (charset != null) {
- contentType += ";"+charset;
- }
- headerMap.put(HttpUtil.HTTP_HEADER_CONTENT_TYPE, contentType);
- bindingProcessor.setHTTPHeaders(headerMap);
- bindingProcessor.consumeRequestStream(req.getInputStream());
- req.getInputStream().close();
- getBindingProcessorManager().process(bindingProcessor);
- resp.sendRedirect(REDIRECT_URL);
- }
-
- protected void doGet(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, java.io.IOException {
- doPost(req, resp);
- }
-}
+ * Copyright 2008 Federal Chancellery Austria and
+ * Graz University of Technology
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package at.gv.egiz.bku.online.webapp;
+
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.Locale;
+import java.util.Map;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import at.gv.egiz.bku.binding.HTTPBindingProcessor;
+import at.gv.egiz.bku.binding.HttpUtil;
+import at.gv.egiz.org.apache.tomcat.util.http.AcceptLanguage;
+
+/**
+ * Handles SL requests and instantiates BindingProcessors
+ *
+ */
+public class BKURequestHandler extends SpringBKUServlet {
+
+ public final static String REDIRECT_URL = "appletPage.jsp";
+
+ protected Log log = LogFactory.getLog(BKURequestHandler.class);
+
+ protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, java.io.IOException {
+ log.debug("Got new request");
+ String lang = req.getHeader("Accept-Language");
+ Locale locale = AcceptLanguage.getLocale(lang);
+ log.debug("Using locale: " + locale);
+ HttpSession session = req.getSession();
+ if (session != null) {
+ session.invalidate();
+ }
+ String id = req.getSession(true).getId();
+ log.debug("Using session id: " + id);
+ HTTPBindingProcessor bindingProcessor;
+
+ bindingProcessor = (HTTPBindingProcessor) getBindingProcessorManager()
+ .createBindingProcessor(req.getRequestURL().toString(), id, locale);
+
+ Map<String, String> headerMap = new HashMap<String, String>();
+ for (Enumeration<String> headerName = req.getHeaderNames(); headerName
+ .hasMoreElements();) {
+ String header = headerName.nextElement();
+ if (header != null) {
+ headerMap.put(header, req.getHeader(header));
+ }
+ }
+ String charset = req.getCharacterEncoding();
+ String contentType = req.getContentType();
+ if (charset != null) {
+ contentType += ";" + charset;
+ }
+ headerMap.put(HttpUtil.HTTP_HEADER_CONTENT_TYPE, contentType);
+ bindingProcessor.setHTTPHeaders(headerMap);
+ bindingProcessor.consumeRequestStream(req.getInputStream());
+ req.getInputStream().close();
+ getBindingProcessorManager().process(bindingProcessor);
+ resp.sendRedirect(REDIRECT_URL);
+ }
+
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, java.io.IOException {
+ doPost(req, resp);
+ }
+}
diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/accessControlConfig.xml b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/accessControlConfig.xml
new file mode 100644
index 00000000..15d62155
--- /dev/null
+++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/accessControlConfig.xml
@@ -0,0 +1,98 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<AccessControl>
+ <Chains>
+ <Chain Id="InputChain">
+ <Rules>
+ <Rule Id="rule-1">
+ <AuthClass>certifiedGovAgency</AuthClass>
+ <AnyPeer />
+ <Action>
+ <RuleAction>allow</RuleAction>
+ </Action>
+ <UserInteraction>confirm</UserInteraction>
+ </Rule>
+ <Rule Id="rule-2">
+ <AuthClass>pseudoanonymous</AuthClass>
+ <AnyPeer />
+ <Action>
+ <ChainRef>Command</ChainRef>
+ </Action>
+ <UserInteraction>none</UserInteraction>
+ </Rule>
+ <Rule Id="rule-3">
+ <AuthClass>anonymous</AuthClass>
+ <IPv4Address>127.0.0.1</IPv4Address>
+ <Action>
+ <ChainRef>Command</ChainRef>
+ </Action>
+ <UserInteraction>none</UserInteraction>
+ </Rule>
+ <Rule Id="rule-4">
+ <AuthClass>anonymous</AuthClass>
+ <DomainName>$.gv.at</DomainName>
+ <Action>
+ <RuleAction>allow</RuleAction>
+ </Action>
+ <UserInteraction>confirm</UserInteraction>
+ </Rule>
+ </Rules>
+ </Chain>
+ <Chain Id="Command">
+ <Rules>
+ <Rule Id="cmd-rule-1">
+ <AuthClass>certified</AuthClass>
+ <AnyPeer />
+ <Command Name="Infobox*">
+ <Param Name="InfoboxIdentifier">IdentityLink</Param>
+ <Param Name="PersonIdentifier">.*</Param>
+ </Command>
+ <Action>
+ <RuleAction>allow</RuleAction>
+ </Action>
+ <UserInteraction>confirm</UserInteraction>
+ </Rule>
+ <Rule Id="cmd-rule-2">
+ <AuthClass>certified</AuthClass>
+ <URL>https://finanzonline.bmf.gv.at/*
+ </URL>
+ <Command Name="InfoboxReadRequest">
+ <Param Name="InfoboxIdentifier">Mandates</Param>
+ <Param Name="PersonIdentifier">.*</Param>
+ </Command>
+ <Action>
+ <RuleAction>allow</RuleAction>
+ </Action>
+ <UserInteraction>info</UserInteraction>
+ </Rule>
+ <Rule Id="cmd-rule-3">
+ <AuthClass>certified</AuthClass>
+ <AnyPeer />
+ <Command Name="InfoboxReadRequest" />
+ <Action>
+ <RuleAction>allow</RuleAction>
+ </Action>
+ <UserInteraction>none</UserInteraction>
+ </Rule>
+ <Rule Id="cmd-rule-4">
+ <AuthClass>anonymous</AuthClass>
+ <AnyPeer />
+ <Command Name="InfoboxReadRequest" />
+ <IPv4Address>127.0.0.1</IPv4Address>
+ <Action>
+ <RuleAction>allow</RuleAction>
+ </Action>
+ <UserInteraction>none</UserInteraction>
+ </Rule>
+ </Rules>
+ </Chain>
+ <Chain Id="OutputChain">
+ <Rules>
+ <Rule Id="out-1">
+ <Action>
+ <RuleAction>allow</RuleAction>
+ </Action>
+ </Rule>
+ </Rules>
+ </Chain>
+ </Chains>
+</AccessControl>
diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties
new file mode 100644
index 00000000..12deac35
--- /dev/null
+++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties
@@ -0,0 +1,3 @@
+# Configuration for online CCE
+AccessController.acceptUnmatched=false
+AccessController.policyResource=classpath:at/gv/egiz/bku/online/conf/accessControlConfig.xml \ No newline at end of file
diff --git a/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml b/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml
index 7a2f12b8..c5da25c0 100644
--- a/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml
+++ b/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml
@@ -1,43 +1,53 @@
<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Copyright 2008 Federal Chancellery Austria and
- Graz University of Technology
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tx="http://www.springframework.org/schema/tx"
- xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.0.xsd">
- <bean id="STALFactory" class="at.gv.egiz.stal.service.impl.RequestBrokerSTALFactory"
- scope="singleton" />
- <bean id="commandInvoker" class="at.gv.egiz.bku.binding.SLCommandInvokerImpl" />
- <bean id="bindingProcessorManager" class="at.gv.egiz.bku.binding.BindingProcessorManagerImpl"
- scope="singleton">
- <constructor-arg ref="STALFactory"></constructor-arg>
- <constructor-arg ref="commandInvoker"></constructor-arg>
- </bean>
- <bean
- class="org.springframework.web.context.support.ServletContextAttributeExporter">
- <property name="attributes">
- <map>
- <entry key="bindingProcessorManager">
- <ref bean="bindingProcessorManager" />
- </entry>
- </map>
- </property>
- </bean>
- <!-- Configure Configuration -->
- <bean id="configurator" class="at.gv.egiz.bku.online.conf.Configurator"
- scope="singleton">
- </bean>
+ <!--
+ Copyright 2008 Federal Chancellery Austria and Graz University of
+ Technology Licensed under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance with the
+ License. You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0 Unless required by
+ applicable law or agreed to in writing, software distributed under the
+ License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+ CONDITIONS OF ANY KIND, either express or implied. See the License for
+ the specific language governing permissions and limitations under the
+ License.
+ -->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tx="http://www.springframework.org/schema/tx"
+ xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.0.xsd">
+
+ <bean id="STALFactory" class="at.gv.egiz.stal.service.impl.RequestBrokerSTALFactory"
+ scope="singleton" />
+
+ <bean id="accessController" class="at.gv.egiz.bku.online.accesscontroller.SpringSecurityManager"
+ scope="singleton" init-method="init">
+ <property name="config" ref="configurator"/>
+ </bean>
+
+ <bean id="commandInvoker" class="at.gv.egiz.bku.binding.SLCommandInvokerImpl">
+ <property name="securityManager" ref="accessController" />
+ </bean>
+
+ <bean id="bindingProcessorManager" class="at.gv.egiz.bku.binding.BindingProcessorManagerImpl"
+ scope="singleton">
+ <constructor-arg ref="STALFactory"></constructor-arg>
+ <constructor-arg ref="commandInvoker"></constructor-arg>
+ </bean>
+
+ <bean
+ class="org.springframework.web.context.support.ServletContextAttributeExporter">
+ <property name="attributes">
+ <map>
+ <entry key="bindingProcessorManager">
+ <ref bean="bindingProcessorManager" />
+ </entry>
+ </map>
+ </property>
+ </bean>
+
+ <!-- Configure Configuration -->
+ <bean id="configurator" class="at.gv.egiz.bku.online.conf.SpringConfigurator"
+ scope="singleton">
+ <property name="resource" value="classpath:at/gv/egiz/bku/online/conf/defaultConf.properties"/>
+ </bean>
+
</beans> \ No newline at end of file
diff --git a/BKUOnline/src/main/webapp/applet/BKUApplet-1.0-SNAPSHOT.jar b/BKUOnline/src/main/webapp/applet/BKUApplet-1.0-SNAPSHOT.jar
new file mode 100644
index 00000000..986842db
--- /dev/null
+++ b/BKUOnline/src/main/webapp/applet/BKUApplet-1.0-SNAPSHOT.jar
Binary files differ
diff --git a/BKUOnline/src/main/webapp/applet/commons-logging-1.1.1.jar b/BKUOnline/src/main/webapp/applet/commons-logging-1.1.1.jar
new file mode 100644
index 00000000..1deef144
--- /dev/null
+++ b/BKUOnline/src/main/webapp/applet/commons-logging-1.1.1.jar
Binary files differ
diff --git a/BKUOnline/src/main/webapp/applet/iaik_jce_me4se-3.04.jar b/BKUOnline/src/main/webapp/applet/iaik_jce_me4se-3.04.jar
new file mode 100644
index 00000000..f2173562
--- /dev/null
+++ b/BKUOnline/src/main/webapp/applet/iaik_jce_me4se-3.04.jar
Binary files differ