summaryrefslogtreecommitdiff
path: root/eaaf_core
diff options
context:
space:
mode:
authorThomas <thomas.lenz@egiz.gv.at>2019-10-16 15:06:58 +0200
committerThomas <thomas.lenz@egiz.gv.at>2019-10-16 15:06:58 +0200
commit77d1fee107c2673c85e0fdba93cdb0cfe27b5f4f (patch)
treeccccb895d3928081e1640040074644f2df8cfa90 /eaaf_core
parenteb96b99fa4e72eeba245a2b0c81a9f6a32002866 (diff)
downloadEAAF-Components-77d1fee107c2673c85e0fdba93cdb0cfe27b5f4f.tar.gz
EAAF-Components-77d1fee107c2673c85e0fdba93cdb0cfe27b5f4f.tar.bz2
EAAF-Components-77d1fee107c2673c85e0fdba93cdb0cfe27b5f4f.zip
Check if Consent is required before protocol post-processing starts. The process stops if Consent is needed
Diffstat (limited to 'eaaf_core')
-rw-r--r--eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java21
1 files changed, 13 insertions, 8 deletions
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java
index b4b188b6..090ea501 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java
@@ -157,17 +157,25 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer
//do not remove the full active SSO-Session
// in case of only one Service-Provider authentication request is aborted
if ( !pendingReq.needSingleSignOnFunctionality()) {
- transactionStorage.remove(pendingReq.getPendingRequestId());
-
+ requestStorage.removePendingRequest(pendingReq.getPendingRequestId());
+
}
//check if pending-request are authenticated
- } else if (pendingReq.isAuthenticated()) {
+ } else if (pendingReq.isAuthenticated() && !pendingReq.isNeedUserConsent()) {
internalFinalizeAuthenticationProcess(req, resp, pendingReq);
} else {
- //suspect state: pending-request is not aborted but also are not authenticated
- log.error("PendingRequest is NOT authenticated --> Abort authentication process!");
+ //suspect state: pending-request is not aborted but also are not authenticated
+ log.warn("PendingRequest flag for 'authenticated':{} and 'needConsent':{}", pendingReq.isAuthenticated(), pendingReq.isNeedUserConsent());
+ if (pendingReq.isNeedUserConsent()) {
+ log.error("PendingRequest NEEDS user-consent. Can NOT fininalize authentication --> Abort authentication process!");
+
+ } else {
+ log.error("PendingRequest is NOT authenticated --> Abort authentication process!");
+
+ }
+
handleErrorNoRedirect(
new EAAFException(
"auth.20",
@@ -179,9 +187,6 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer
log.error("Finalize authentication protocol FAILED." , e);
buildProtocolSpecificErrorResponse(e, req, resp, pendingReq);
- if (pendingReq != null)
- transactionStorage.remove(pendingReq.getPendingRequestId());
-
}
//remove pending-request