add different strategies for pendingRequestId generation

3 files changed, 152 insertions, 64 deletions

diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/RequestStorage.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/RequestStorage.java
index e4288e62..2115d9b0 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/RequestStorage.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/RequestStorage.java
@@ -26,6 +26,7 @@
  *******************************************************************************/
 package at.gv.egiz.eaaf.core.impl.idp.auth;
 
+import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -35,35 +36,55 @@ import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.IRequestStorage;
 import at.gv.egiz.eaaf.core.api.idp.process.ProcessInstanceStoreDAO;
 import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
+import at.gv.egiz.eaaf.core.api.utils.IPendingRequestIdGenerationStrategy;
 import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
+import at.gv.egiz.eaaf.core.exceptions.PendingReqIdValidationException;
 import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
-import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils;
 
 @Service("RequestStorage")
 public class RequestStorage implements IRequestStorage{
 	private static final Logger log = LoggerFactory.getLogger(RequestStorage.class);
 	
-	@Autowired ITransactionStorage transactionStorage;
-	@Autowired ProcessInstanceStoreDAO processInstanceStore;
-	
+	@Autowired(required=true) ITransactionStorage transactionStorage;
+	@Autowired(required=true) ProcessInstanceStoreDAO processInstanceStore;
+	@Autowired(required=true) IPendingRequestIdGenerationStrategy pendingReqIdGenerationStrategy; 
+		
 	@Override
-	public IRequest getPendingRequest(String pendingReqID) {
+	public IRequest getPendingRequest(String pendingReqID) throws PendingReqIdValidationException {
 		
 		try {
-			IRequest pendingRequest = transactionStorage.get(pendingReqID, IRequest.class);
-			if (pendingRequest == null) {
-				log.info("No PendingRequst found with pendingRequestID " + pendingReqID);			
-				return null;
-				
-			}
+			final String internalPendingReqId = 
+					pendingReqIdGenerationStrategy.validateAndGetPendingRequestId(pendingReqID);
+			log.debug("PendingReqId is valid");
+						
+			//get pending-request from storage 
+			final IRequest pendingRequest = getInternalPendingRequest(internalPendingReqId);
 					
 			//set transactionID and sessionID to Logger
 			TransactionIDUtils.setAllLoggingVariables(pendingRequest);
 						
 			return pendingRequest;
-		
+			
+		} catch (final PendingReqIdValidationException e) {
+			log.info("PendingRequestId is invalid. Reason: {} ", e.getMessage());
+			
+			// search invalid pending-request for errorHandling
+			IRequest invalidPendingRequest = null;
+			try {
+				if (StringUtils.isNotEmpty(e.getInvalidInternalPendingReqId()))
+					invalidPendingRequest = transactionStorage.get(e.getInvalidInternalPendingReqId(), IRequest.class);
+				
+			} catch (final EAAFException e1) {
+				log.info("No PendingRequst found with pendingRequestID " + pendingReqID);
+				return null;
+				
+			}
+			
+			e.setInvalidPendingReq(invalidPendingRequest);
+			throw e;
+								
 		} catch (EAAFException | NullPointerException e) {
 			log.info("No PendingRequst found with pendingRequestID " + pendingReqID);			
 			return null;
@@ -74,17 +95,27 @@ public class RequestStorage implements IRequestStorage{
 	@Override
 	public void storePendingRequest(IRequest pendingRequest) throws EAAFException {
 		try {			
-			if (pendingRequest instanceof IRequest) 
-				transactionStorage.put(((IRequest)pendingRequest).getPendingRequestId(), pendingRequest, -1);
-												
-			else
+			if (pendingRequest instanceof IRequest) {			
+				try {
+					//validate pending-requestId
+					final String internalPendingRequestId = pendingReqIdGenerationStrategy.validateAndGetPendingRequestId(pendingRequest.getPendingRequestId());
+					
+					//store pending request
+					transactionStorage.put(internalPendingRequestId, pendingRequest, -1);
+					
+				} catch (final PendingReqIdValidationException e) {
+					log.warn("Invalid pending-request-Id. Reason: {}", e.getMessage());
+					log.warn("Do NOT store pending-request with invalid pending-request-Id. The process will break soon!");
+					
+				}
+						
+			} else
 				throw new EAAFException("PendigRequest is NOT of type 'IRequest'", null);
-				
-			
-		} catch (EAAFException e) {
-			log.warn("PendingRequest with ID=" + ((IRequest)pendingRequest).getPendingRequestId() +
+					
+		} catch (final EAAFException e) {
+			log.warn("PendingRequest with ID=" + pendingRequest.getPendingRequestId() +
 					" can not stored.", e);
-			throw new EAAFStorageException("PendingRequest with Id: " + ((IRequest)pendingRequest).getPendingRequestId()
+			throw new EAAFStorageException("PendingRequest with Id: " + pendingRequest.getPendingRequestId()
 					+ " can not be stored", e);
 			
 		}
@@ -92,25 +123,35 @@ public class RequestStorage implements IRequestStorage{
 	}
 	
 	@Override
-	public void removePendingRequest(String requestID) {
+	public void removePendingRequest(String pendingReqID) {
 		
-		if (requestID != null) {
-			
-			//remove process-management execution instance
+		if (pendingReqID != null) {
+			String internalPendingReqId = null;
 			try {
-				IRequest pendingReq = getPendingRequest(requestID);
-						
-				if (pendingReq != null && 
-						pendingReq.getProcessInstanceId() != null)
-					processInstanceStore.remove(pendingReq.getProcessInstanceId());
-					
-			} catch (EAAFException e) {
-				log.warn("Removing process associated with pending-request:" + requestID + " FAILED.", e);
+				internalPendingReqId = pendingReqIdGenerationStrategy.validateAndGetPendingRequestId(pendingReqID);
+																
+			} catch (final PendingReqIdValidationException e) {
+				internalPendingReqId = e.getInvalidInternalPendingReqId();
 				
 			}
-				
-			transactionStorage.remove(requestID);
 			
+			try {
+				//remove process-management execution instance#
+				if (internalPendingReqId != null) {
+					final IRequest pendingReq = getInternalPendingRequest(internalPendingReqId);				
+					if (pendingReq != null && 
+							pendingReq.getProcessInstanceId() != null)
+						processInstanceStore.remove(pendingReq.getProcessInstanceId());
+			
+					//remove pending-request 																					
+					transactionStorage.remove(internalPendingReqId);
+				}
+				
+			} catch (final EAAFException e) {
+				log.warn("Removing process associated with pending-request:" + pendingReqID + " FAILED.", e);
+				
+			}
+										
 		}
 	}
 
@@ -119,25 +160,59 @@ public class RequestStorage implements IRequestStorage{
 	 */
 	@Override
 	public String changePendingRequestID(IRequest pendingRequest) throws EAAFException {
-
+		
+		//TODO!!!!
+		
 		if (pendingRequest instanceof RequestImpl) {
-			String newRequestID = Random.nextHexRandom32();
-			String oldRequestID = pendingRequest.getPendingRequestId();
+			//final String newRequestID = Random.nextHexRandom32();
+			final String newRequestID = pendingReqIdGenerationStrategy.generateExternalPendingRequestId();			
+			((RequestImpl)pendingRequest).setPendingRequestId(newRequestID);
 			
-			log.debug("Change pendingRequestID from " + pendingRequest.getPendingRequestId() 
-				+ " to " + newRequestID);
+			String newInternalPendingRequestId = null;
+			try {
+				 newInternalPendingRequestId = pendingReqIdGenerationStrategy.validateAndGetPendingRequestId(newRequestID);
+				 
+			} catch (final PendingReqIdValidationException e) {
+				throw new EAAFException("internal.99", new Object[]{"Generate invalid pendingRequestId. Something looks WRONG"}, e);
+				
+			}	 
+			
+			String oldInternalRequestID = null;
+			try {
+			oldInternalRequestID = 
+					pendingReqIdGenerationStrategy.validateAndGetPendingRequestId(pendingRequest.getPendingRequestId());
 			
-			((RequestImpl)pendingRequest).setPendingRequestId(newRequestID);			
-			transactionStorage.changeKey(oldRequestID, newRequestID, pendingRequest);
+			} catch (final PendingReqIdValidationException e) {
+				//it's no problem, because it must be valid before when pending-request was loaded and we change it now
+				oldInternalRequestID = e.getInvalidInternalPendingReqId();
+				
+			}
 			
-			//only delete oldRequestID, no change.			
+			log.debug("Change pendingRequestID from " + pendingRequest.getPendingRequestId() 
+				+ " to " + newRequestID);
+									
+			transactionStorage.changeKey(oldInternalRequestID, newInternalPendingRequestId, pendingRequest);
 			
+			//only delete oldRequestID, no change.						
 			return newRequestID;
 						
 		} else {
 			log.error("PendingRequest object is not of type 'RequestImpl.class'");
 			throw new EAAFException("PendingRequest object is not of type 'RequestImpl.class'", null);
+			
 		}
 		
 	}
+	
+	private IRequest getInternalPendingRequest(String internalPendingReqId) throws EAAFException {
+		final IRequest pendingRequest = transactionStorage.get(internalPendingReqId, IRequest.class);
+		if (pendingRequest == null) {
+			log.info("No PendingRequst found with pendingRequestID " + internalPendingReqId);			
+			return null;
+			
+		}
+		
+		return pendingRequest;
+		
+	}
 }
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractController.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractController.java
index 4e58868b..1da8036c 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractController.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractController.java
@@ -27,6 +27,7 @@
 package at.gv.egiz.eaaf.core.impl.idp.controller;
 
 import java.io.IOException;
+
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -47,6 +48,7 @@ import at.gv.egiz.eaaf.core.api.idp.auth.services.IProtocolAuthenticationService
 import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
 import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
 import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.exceptions.PendingReqIdValidationException;
 import at.gv.egiz.eaaf.core.exceptions.ProcessExecutionException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
@@ -105,7 +107,7 @@ public abstract class AbstractController {
 	}
 	
 	protected void handleError(final String errorMessage, final Throwable exceptionThrown,
-			final HttpServletRequest req, final HttpServletResponse resp, final IRequest pendingReq) throws IOException, EAAFException {
+			final HttpServletRequest req, final HttpServletResponse resp, IRequest pendingReq) throws IOException, EAAFException {
 		
 		Throwable loggedException = null;
 		final Throwable extractedException = extractOriginalExceptionFromProcessException(exceptionThrown);
@@ -115,13 +117,17 @@ public abstract class AbstractController {
 			//set original exception
 			loggedException = ((TaskExecutionException) extractedException).getOriginalException();
 			
-			//use TaskExecutionException directly, if no Original Exeception is included
-			if (loggedException == null)
-				loggedException = exceptionThrown;
-									
-		} else
+		} else if (exceptionThrown instanceof PendingReqIdValidationException) {
+			log.trace("Find pendingRequestId validation exception. Looking for invalid pending-request ... ");
+			if (((PendingReqIdValidationException) exceptionThrown).getInvalidPendingReq() != null)
+				pendingReq = ((PendingReqIdValidationException) exceptionThrown).getInvalidPendingReq();
+						
+		} 
+			
+		//use TaskExecutionException directly, if no Original Exeception is included
+		if (loggedException == null)
 			loggedException = exceptionThrown;
-					
+		
 		try {			
 			//switch to protocol-finalize method to generate a protocol-specific error message
 
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/protocols/RequestImpl.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/protocols/RequestImpl.java
index 527b79a1..5667fad7 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/protocols/RequestImpl.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/protocols/RequestImpl.java
@@ -41,6 +41,7 @@ import javax.servlet.http.HttpServletRequest;
 import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.lang.NonNull;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
@@ -61,11 +62,11 @@ public abstract class RequestImpl implements IRequest, Serializable{
 	public static final String DATAID_REQUESTER_IP_ADDRESS = "reqestImpl_requesterIPAddr";
 	
 	private static final long serialVersionUID = 1L;
-
+ 	
 	private String module = null;
 	private String action = null;
 	
-	private String pendingRequestId;
+	private String pendingRequestId = null;
 	private String processInstanceId;
 	private String internalSSOSessionId;
 	
@@ -92,7 +93,7 @@ public abstract class RequestImpl implements IRequest, Serializable{
 	 
 	private boolean needUserConsent = false;
 	
-	private Map<String, Object> genericDataStorage = new HashMap<String, Object>();
+	private final Map<String, Object> genericDataStorage = new HashMap<String, Object>();
 
 	
 			 	
@@ -100,10 +101,7 @@ public abstract class RequestImpl implements IRequest, Serializable{
 	 * @throws ConfigurationException 
 	 * 
 	 */
-	public final void initialize(HttpServletRequest req, IConfiguration authConfig) throws EAAFException {				
-		//set pendingRequestId
-		pendingRequestId = Random.nextLongRandom();
-				
+	public final void initialize(HttpServletRequest req, IConfiguration authConfig) throws EAAFException {								
 		//set unique transaction identifier for logging
 		uniqueTransactionIdentifer = Random.nextLongRandom();		
 		TransactionIDUtils.setTransactionId(uniqueTransactionIdentifer);
@@ -113,12 +111,12 @@ public abstract class RequestImpl implements IRequest, Serializable{
 		//genericDataStorage.put(EAAFConstants.VALUE_SESSIONID, Random.nextLongRandom());
 		
 		//check if End-Point is valid		
-		String authURLString = HTTPUtils.extractAuthURLFromRequest(req);
+		final String authURLString = HTTPUtils.extractAuthURLFromRequest(req);
 		URL authReqURL;
 		try {
 			authReqURL = new URL(authURLString);
 			
-		} catch (MalformedURLException e) {
+		} catch (final MalformedURLException e) {
 			log.error("IDP AuthenticationServiceURL Prefix is not a valid URL." + authURLString, e);
 			throw new EAAFAuthenticationException("errorId", new Object[]{authURLString},  e);
 			
@@ -131,7 +129,7 @@ public abstract class RequestImpl implements IRequest, Serializable{
 		}
 		
 		//set unique session identifier
-		String uniqueID = (String) req.getAttribute(EAAFConstants.UNIQUESESSIONIDENTIFIER);
+		final String uniqueID = (String) req.getAttribute(EAAFConstants.UNIQUESESSIONIDENTIFIER);
 		if (StringUtils.isNotEmpty(uniqueID))
 			this.uniqueSessionIdentifer = uniqueID;		
 		
@@ -145,7 +143,7 @@ public abstract class RequestImpl implements IRequest, Serializable{
 		try {
 			setRawDataToTransaction(DATAID_REQUESTER_IP_ADDRESS, req.getRemoteAddr());
 			
-		} catch (EAAFStorageException e) {
+		} catch (final EAAFStorageException e) {
 			log.info("Can NOT store remote IP address into 'pendingRequest'." , e);
 			
 		}
@@ -203,7 +201,11 @@ public abstract class RequestImpl implements IRequest, Serializable{
 	}
 
 	@Override
+	@NonNull
 	public final String getPendingRequestId() {
+		if (pendingRequestId == null)
+			throw new IllegalStateException("No PendingRequestId set!!!");
+		
 		return pendingRequestId;
 	}
 	
@@ -333,6 +335,7 @@ public abstract class RequestImpl implements IRequest, Serializable{
 		return isAuthenticated;
 	}
 
+	@Override
 	public final void setAuthenticated(boolean isAuthenticated) {
 		this.isAuthenticated = isAuthenticated;
 	}
@@ -341,6 +344,7 @@ public abstract class RequestImpl implements IRequest, Serializable{
 	public final boolean needSingleSignOnFunctionality() {
 		return needSSO;
 	}
+	@Override
 	public final void setNeedSingleSignOnFunctionality(boolean needSSO) {
 		this.needSSO = needSSO;
 		
@@ -352,6 +356,7 @@ public abstract class RequestImpl implements IRequest, Serializable{
 		
 	}
 	
+	@Override
 	public final void setNeedUserConsent(boolean needConsent) {
 		this.needUserConsent = needConsent;
 		
@@ -362,6 +367,7 @@ public abstract class RequestImpl implements IRequest, Serializable{
 		return this.isAbortedByUser;
 	}
 
+	@Override
 	public final void setAbortedByUser(boolean isAborted) {
 		this.isAbortedByUser = isAborted;
 		
@@ -381,17 +387,18 @@ public abstract class RequestImpl implements IRequest, Serializable{
 	@Override
 	public final <T> T getRawData(String key, final Class<T> clazz) {
 		if (StringUtils.isNotEmpty(key)) {
-			Object data =  genericDataStorage.get(key);
+			final Object data =  genericDataStorage.get(key);
 			
 			if (data == null)
 				return null;
 			
 			try {
 				@SuppressWarnings("unchecked")
+				final
 				T test = (T) data;
 				return test;
 				
-			} catch (Exception e) {
+			} catch (final Exception e) {
 				log.warn("Generic request-data object can not be casted to requested type", e);
 				return null;
 				
@@ -438,7 +445,7 @@ public abstract class RequestImpl implements IRequest, Serializable{
 		}
 		
 		//validate and store values
-		for (Entry<String, Object> el : map.entrySet())
+		for (final Entry<String, Object> el : map.entrySet())
 			setRawDataToTransaction(el.getKey(), el.getValue());
 					
 	}