Index: lams_central/src/java/org/lamsfoundation/lams/webservice/SPEnrolmentServlet.java =================================================================== diff -u -rd3e92c2e32eabb05116f035967e2d13ec96fed46 -r04d3decb34de254cdc01bb21fe04fb176c95f3e3 --- lams_central/src/java/org/lamsfoundation/lams/webservice/SPEnrolmentServlet.java (.../SPEnrolmentServlet.java) (revision d3e92c2e32eabb05116f035967e2d13ec96fed46) +++ lams_central/src/java/org/lamsfoundation/lams/webservice/SPEnrolmentServlet.java (.../SPEnrolmentServlet.java) (revision 04d3decb34de254cdc01bb21fe04fb176c95f3e3) @@ -116,6 +116,7 @@ private static final String FILE_INPUT_PARAM = "file-input"; private static final int THREADS_DEFAULT_VALUE = 4; private static final String THREADS_PARAM = "threads"; + private static final String PASSWORD_PARAM = "password"; private static final String DELIMITER = "\\|"; private static final String INTEGRATED_SERVER_NAME = "saml"; @@ -143,21 +144,29 @@ ? Paths.get(Configuration.get(ConfigurationKeys.LAMS_TEMP_DIR), FILE_INPUT_DEFAULT_NAME) : Paths.get(fileInputParam); if (!Files.isReadable(fileInput)) { - throw new IOException("File not readable: " + fileInput.toAbsolutePath().toString()); + throw new IllegalArgumentException("File not readable: " + fileInput.toAbsolutePath().toString()); } + ExtServer extServer = integrationService.getExtServer(INTEGRATED_SERVER_NAME); + if (extServer == null) { + throw new IOException("Integrated server not found: " + INTEGRATED_SERVER_NAME); + } + String password = request.getParameter(PASSWORD_PARAM); + if (StringUtils.isBlank(password)) { + throw new IllegalArgumentException("Missing password parameter \"password\""); + } + String existingPassword = HashUtil.sha256(extServer.getServerkey()); + if (!password.strip().equals(existingPassword)) { + throw new IllegalArgumentException("Invalid sha256 of integrated server key"); + } + // run processing in a separate thread as it can take a while and request would time out new Thread(() -> { try { logger.info("SP enrolments provisioning starting"); // start interacting with DB HibernateSessionManager.openSession(); - ExtServer extServer = integrationService.getExtServer(INTEGRATED_SERVER_NAME); - if (extServer == null) { - throw new ServletException("Integrated server not found: " + INTEGRATED_SERVER_NAME); - } - // split each line into list of trimmed pieces List> allLines = Files.readAllLines(fileInput).parallelStream().unordered() .map(line -> Arrays.stream(line.split(DELIMITER)).map(elem -> elem.trim())