refactor protocol finalization to support protocol response without final redirect

4 files changed, 93 insertions, 3 deletions

diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java
index e8e41999..7dcd643d 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java
@@ -119,6 +119,7 @@ public interface IAuthData {
 	 * 
 	 * @return
 	 */
+	@Deprecated
 	String getBPK();
 	
 	/**
@@ -127,6 +128,7 @@ public interface IAuthData {
 	 * 
 	 * @return Sector identifier with prefix
 	 */
+	@Deprecated
 	String getBPKType();
 
 	
@@ -134,6 +136,7 @@ public interface IAuthData {
 	 * Get List of bPK/bPKType tuples for this service provider  
 	 * @return List of Pairs<bPK, bPKType>
 	 */
+	@Deprecated
 	List<Pair<String, String>> getAdditionalbPKs();
 	
 	/**
@@ -141,6 +144,7 @@ public interface IAuthData {
 	 * 
 	 * @return
 	 */
+	@Deprecated
 	String getIdentificationValue();
 	
 	/**
@@ -149,6 +153,7 @@ public interface IAuthData {
 	 * 
 	 * @return
 	 */
+	@Deprecated
 	String getIdentificationType();
 	 
 
@@ -157,6 +162,7 @@ public interface IAuthData {
 	 * 
 	 * @return IDL, or NULL if no IDL is available
 	 */
+	@Deprecated
 	IIdentityLink getIdentityLink();
 	
 	 /**
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/ISSOManager.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/ISSOManager.java
index cba8fde7..5481fd52 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/ISSOManager.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/ISSOManager.java
@@ -60,11 +60,11 @@ public interface ISSOManager {
 	/**
 	 * Populate service provider specific SSO settings
 	 * 
-	 * Check if Single Sign-On is allowed for the current pending request and the requested service provider 
+	 * Check if Single Sign-On is allowed for the current pending request and the requested service provider
+	 * Set IRequest.needSingleSignOnFunctionality() to true if SSO is allowed  
 	 * 
 	 * @param pendingReq Current incoming pending request
 	 * @param httpReq http Servlet request
-	 * @return true if SSO is allowed for this service provider, otherwise false
 	 */
 	public void isSSOAllowedForSP(IRequest pendingReq, HttpServletRequest httpReq);
 	
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java
index 76e071c6..46dd3850 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java
@@ -67,6 +67,7 @@ public interface IAuthProcessDataContainer {
 	 * 
 	 * @return IdentityLink
 	 */
+	@Deprecated
 	IIdentityLink getIdentityLink();
 	
 	/**
@@ -75,9 +76,9 @@ public interface IAuthProcessDataContainer {
 	 * @param identityLink
 	 *            The identityLink to set
 	 */
+	@Deprecated
 	void setIdentityLink(IIdentityLink identityLink);
 	
-
 	/**
 	 * Indicate that mandates was used in this auth. process
 	 * 
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/services/IProtocolAuthenticationService.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/services/IProtocolAuthenticationService.java
new file mode 100644
index 00000000..f6f8e576
--- /dev/null
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/services/IProtocolAuthenticationService.java
@@ -0,0 +1,83 @@
+/*******************************************************************************
+ * Copyright 2017 Graz University of Technology
+ * EAAF-Core Components has been developed in a cooperation between EGIZ,  
+ * A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *  
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egiz.eaaf.core.api.idp.auth.services;
+
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.logging.IStatisticLogger;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+
+public interface IProtocolAuthenticationService {
+
+	/**
+	 * Initialize an authentication process for this protocol request
+	 * 
+	 * @param httpReq HttpServletRequest	
+	 * @param httpResp HttpServletResponse
+	 * @param protocolRequest Authentication request which is actually in process
+	 * @throws IOException 
+	 * @throws EAAFException 
+	 */
+	void performAuthentication(HttpServletRequest req, HttpServletResponse resp, IRequest pendingReq)
+			throws IOException, EAAFException;
+
+	/**
+	 * Finalize the requested protocol operation
+	 * 
+	 * @param httpReq HttpServletRequest	
+	 * @param httpResp HttpServletResponse
+	 * @param protocolRequest Authentication request which is actually in process
+	 * @throws IOException If response can not be written into {@link HttpServletResponse}
+	 * @throws EAAFException If an internal error occur 
+	 */
+	void finalizeAuthentication(HttpServletRequest req, HttpServletResponse resp, IRequest pendingReq) throws EAAFException, IOException;
+
+	/**
+	 * @param throwable Exception that should be handled
+	 * @param req Current open http request as {@link HttpServletRequest}
+	 * @param resp Current open http response as {@link HttpServletResponse}
+	 * @param pendingReq Authentication request which is actually in process
+	 * @throws IOException If response can not be written into {@link HttpServletResponse}
+	 * @throws EAAFException If an internal error occur
+	 */
+	void buildProtocolSpecificErrorResponse(Throwable throwable, HttpServletRequest req, HttpServletResponse resp,
+			IRequest pendingReq) throws IOException, EAAFException;
+
+	/**
+	 * Handles all exceptions with no pending request.
+	 * Therefore, the error is written to the users browser
+	 * 
+	 * @param throwable Exception that should be handled
+	 * @param req Current open http request as {@link HttpServletRequest}
+	 * @param resp Current open http response as {@link HttpServletResponse}
+	 * @param writeExceptionToStatisticLog if <code>true</code>, the exception get logged into {@link IStatisticLogger}
+	 * @throws IOException If response can not be written into {@link HttpServletResponse}
+	 * @throws EAAFException If an internal error occure
+	 */
+	void handleErrorNoRedirect(Throwable throwable, HttpServletRequest req, HttpServletResponse resp, boolean writeExceptionToStatisticLog) throws IOException, EAAFException;
+
+}
\ No newline at end of file