diff options
Diffstat (limited to 'eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java')
-rw-r--r-- | eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java | 201 |
1 files changed, 105 insertions, 96 deletions
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java index a64ad45e..4b2cbd0e 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java @@ -20,7 +20,6 @@ package at.gv.egiz.eaaf.core.impl.idp.auth.services; import java.io.IOException; -import java.util.HashSet; import javax.annotation.PostConstruct; import javax.naming.ConfigurationException; @@ -53,7 +52,6 @@ import at.gv.egiz.eaaf.core.api.gui.ModifyableGuiBuilderConfiguration; import at.gv.egiz.eaaf.core.api.idp.IAction; import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.IAuthenticationDataBuilder; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.api.idp.IModulInfo; import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; import at.gv.egiz.eaaf.core.api.idp.auth.IAuthenticationManager; @@ -75,20 +73,17 @@ import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.gui.AbstractGuiFormBuilderConfiguration; import at.gv.egiz.eaaf.core.impl.http.HttpUtils; +import at.gv.egiz.eaaf.core.impl.idp.auth.services.IErrorService.ActionType; +import at.gv.egiz.eaaf.core.impl.idp.auth.services.IErrorService.IHandleData; +import at.gv.egiz.eaaf.core.impl.idp.auth.services.IErrorService.LogLevel; import at.gv.egiz.eaaf.core.impl.idp.controller.ProtocolFinalizationController; import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; -import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egiz.eaaf.core.impl.utils.ServletUtils; - - - @Service public class ProtocolAuthenticationService implements IProtocolAuthenticationService { private static final Logger log = LoggerFactory.getLogger(ProtocolAuthenticationService.class); - private static final String CONFIG_PROP_LOGGER_ON_INFO_LEVEL = "core.logging.level.info.errorcodes"; - @Autowired(required = true) private ApplicationContext applicationContext; @Autowired(required = true) @@ -103,8 +98,6 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer private IRequestStorage requestStorage; @Autowired(required = true) IPendingRequestIdGenerationStrategy pendingReqIdGenerationStrategy; - @Autowired - private IConfiguration basicConfig; @Autowired(required = true) private IErrorService errorTicketService; @@ -114,21 +107,15 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer @Autowired private IStatisticLogger statisticLogger; - + @Autowired private IRevisionLogger revisionsLogger; @Autowired(required = true) protected ITransactionStorage transactionStorage; - @Autowired - IPendingRequestIdGenerationStrategy requestIdValidationStragegy; - - private IGuiFormBuilder guiBuilder; - private final HashSet<String> logOnInfoLevel = new HashSet<>(); - /* * (non-Javadoc) * @@ -153,7 +140,7 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer if (oaParam == null) { throw new EaafAuthenticationException(IStatusMessenger.CODES_INTERNAL_ERROR_AUTH_NOSPCONFIG, - new Object[]{pendingReq.getSpEntityId()}); + new Object[] { pendingReq.getSpEntityId() }); } if (authmanager.doAuthentication(req, resp, pendingReq)) { @@ -163,7 +150,8 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer finalizeAuthentication(req, resp, pendingReq); // transaction is finished, log transaction finished event - revisionsLogger.logEvent(EventConstants.TRANSACTION_DESTROYED, pendingReq.getUniqueTransactionIdentifier()); + revisionsLogger.logEvent(EventConstants.TRANSACTION_DESTROYED, pendingReq + .getUniqueTransactionIdentifier()); } @@ -197,7 +185,8 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer if (pendingReq.isAbortedByUser()) { // send authentication aborted error to Service Provider buildProtocolSpecificErrorResponse( - new EaafAuthenticationException(IStatusMessenger.CODES_INTERNAL_ERROR_AUTH_USERSTOP, new Object[]{}), req, + new EaafAuthenticationException(IStatusMessenger.CODES_INTERNAL_ERROR_AUTH_USERSTOP, + new Object[] {}), req, resp, pendingReq); // check if pending-request are authenticated @@ -206,7 +195,8 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer } else { // suspect state: pending-request is not aborted but also are not authenticated - log.warn("PendingRequest flag for 'authenticated':{} and 'needConsent':{}", pendingReq.isAuthenticated(), + log.warn("PendingRequest flag for 'authenticated':{} and 'needConsent':{}", pendingReq + .isAuthenticated(), pendingReq.isNeedUserConsent()); if (pendingReq.isNeedUserConsent()) { log.error("PendingRequest NEEDS user-consent. " @@ -228,65 +218,56 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer } finally { // remove pending-request requestStorage.removePendingRequest(pendingReq.getPendingRequestId()); - revisionsLogger.logEvent(EventConstants.TRANSACTION_DESTROYED, pendingReq.getUniqueTransactionIdentifier()); + revisionsLogger.logEvent(EventConstants.TRANSACTION_DESTROYED, pendingReq + .getUniqueTransactionIdentifier()); } } - @Override public void buildProtocolSpecificErrorResponse(final Throwable throwable, final HttpServletRequest req, final HttpServletResponse resp, final IRequest protocolRequest) throws EaafException, IOException { try { - IErrorService.IHandleData errorData = errorTicketService.createHandleData(throwable, req); - if (errorData.getActionType().equals(IErrorService.ActionType.TICKET_REDIRECT) || errorData.getActionType() - .equals(IErrorService.ActionType.NOTICKET_REDIRECT)) { + final IErrorService.IHandleData errorData = errorTicketService.createHandleData(throwable, true); - // Put pending request - ExceptionContainer exceptionContainer = new ExceptionContainer(protocolRequest, throwable); - byte[] serialized = SerializationUtils.serialize(exceptionContainer); - // transactionStorage.put(req.getParameter(EaafConstants.PARAM_HTTP_ERROR_CODE), serialized, -1); - String errorId = requestIdValidationStragegy - .validateAndGetPendingRequestId(req.getParameter(EaafConstants.PARAM_HTTP_ERROR_CODE)); - transactionStorage.put(errorId, serialized, -1); + // log Error to technical log + logExceptionToTechnicalLog(errorData); - // log Error to technical log - errorData.logExceptionToTechnicalLog(logOnInfoLevel); + // log Error Message + statisticLogger.logErrorOperation(throwable, protocolRequest); - // log Error Message - statisticLogger.logErrorOperation(throwable, protocolRequest); + // write revision log entries + revisionsLogger.logEvent(protocolRequest, EventConstants.TRANSACTION_ERROR, + protocolRequest.getUniqueTransactionIdentifier()); - displayException(req, resp, errorData); + if (ActionType.TICKET.equals(errorData.getActionType())) { + // Put pending request + final ExceptionContainer exceptionContainer = new ExceptionContainer(protocolRequest, throwable); + final byte[] serialized = SerializationUtils.serialize(exceptionContainer); + transactionStorage.put(errorData.getErrorIdTokenForRedirect(), serialized, -1); - } else if (errorData.getActionType().equals(IErrorService.ActionType.NOTICKET_AUTOREDIRECT)) { - IModulInfo handlingModule = extractShibbolethHandling(protocolRequest, applicationContext); + // render GUI + displayException(req, resp, errorData); + } else { + final IModulInfo handlingModule = extractShibbolethHandling(protocolRequest, applicationContext); if (handlingModule.generateErrorMessage(throwable, req, resp, protocolRequest)) { - - // log Error to technical log - errorData.logExceptionToTechnicalLog(logOnInfoLevel); - - // log Error Message - statisticLogger.logErrorOperation(throwable, protocolRequest); - - // write revision log entries - revisionsLogger.logEvent(protocolRequest, EventConstants.TRANSACTION_ERROR, - protocolRequest.getUniqueTransactionIdentifier()); + log.debug("Error-response to SP successfully written"); } else { - throw throwable; //through it on to handleErrorNoRedirect + log.info("Error-response to SP FAILED. Writing error message into GUI ... "); + displayException(req, resp, errorData); } - - } else { - throw throwable; //through it on to handleErrorNoRedirect - } } catch (final Throwable e) { - // if building error response results in error, we try with with handleErrorNoRedirect - handleErrorNoRedirect(e, req, resp, true); + // if building error response results in error, we try with with + // handleErrorNoRedirect + log.error("ErrorHandling has an internel error. Show process-error in GUI ... ", e); + handleErrorNoRedirect(throwable, req, resp, false); + } } @@ -298,7 +279,8 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer * @return IModulInfo * @throws ClassNotFoundException If no shibboleth handling implementation found */ - public static IModulInfo extractShibbolethHandling(IRequest protocolRequest, ApplicationContext applicationContext) + public static IModulInfo extractShibbolethHandling(IRequest protocolRequest, + ApplicationContext applicationContext) throws ClassNotFoundException { final Class<?> clazz = Class.forName(protocolRequest.requestedModule()); @@ -308,17 +290,16 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer "Requested protocol module Class is NULL or does not implement the IModulInfo interface."); } - + return (IModulInfo) applicationContext.getBean(clazz); } - @Override public void handleErrorNoRedirect(final Throwable throwable, final HttpServletRequest req, - final HttpServletResponse resp, final boolean writeExceptionToStatisticLog) throws EaafException, IOException { + final HttpServletResponse resp, final boolean writeExceptionToStatisticLog) throws EaafException, + IOException { - IErrorService.IHandleData errorData = null; - errorData = errorTicketService.createHandleData(throwable, req); + final IErrorService.IHandleData errorData = errorTicketService.createHandleData(throwable, true); // log Exception into statistic database if (writeExceptionToStatisticLog) { @@ -326,24 +307,45 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer } // write errror to console - errorData.logExceptionToTechnicalLog(logOnInfoLevel); + logExceptionToTechnicalLog(errorData); + + // render GUI + displayException(req, resp, errorData); + + } + + private void logExceptionToTechnicalLog(IHandleData errorData) { + // In case of a TaskExecutionException, which is only a container for + // process-errors, + // extract internal exception + + // Log exception + if (!(errorData.getThrowable() instanceof EaafException) + || LogLevel.ERROR.equals(errorData.getLogLevel())) { + log.error(errorData.getPreFormatedErrorMessage(), errorData.getThrowable()); + + } else if (LogLevel.WARN.equals(errorData.getLogLevel())) { + log.warn(errorData.getPreFormatedErrorMessage(), errorData.getThrowable()); + + } else if (LogLevel.INFO.equals(errorData.getLogLevel())) { + log.info(errorData.getPreFormatedErrorMessage(), errorData.getThrowable()); + + } else if (LogLevel.DEBUG.equals(errorData.getLogLevel())) { + log.debug(errorData.getPreFormatedErrorMessage(), errorData.getThrowable()); - if (errorData.getActionType().equals(IErrorService.ActionType.NOTICKET_NOREDIRECT) || errorData - .getActionType().equals(IErrorService.ActionType.TICKET_NOREDIRECT)) { - // return error to Web browser - displayException(req, resp, errorData); } else { - // TODO introduce separate error type? - throw new EaafException("internal.configuration.01", new Object[]{ - errorData.getInternalErrorCode() + " in on_error_action" + ".properties", "Erroraction mapping mismatch"}); + log.warn("Get unsupported LogLevelType: {}. Use {} as default", + errorData.getLogLevel(), LogLevel.ERROR); + log.error(errorData.getPreFormatedErrorMessage(), errorData.getThrowable()); + } } - @Override public void forwardToErrorHandler(Pair<IRequest, Throwable> errorToHandle, String errorKey, final HttpServletRequest req, final HttpServletResponse resp) throws GuiBuildException { - final IGuiBuilderConfiguration parentHopGuiConfig = evaluateRequiredErrorHandlingMethod(errorToHandle.getFirst(), + final IGuiBuilderConfiguration parentHopGuiConfig = evaluateRequiredErrorHandlingMethod(errorToHandle + .getFirst(), errorKey); if (parentHopGuiConfig != null) { log.trace("iFrame to parent hop requested. Building GUI step for error handling ... "); @@ -372,7 +374,8 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer * @param pendingReq Authentication request which is actually in process * @throws Exception In case of an error */ - protected void internalFinalizeAuthenticationProcess(final HttpServletRequest req, final HttpServletResponse resp, + protected void internalFinalizeAuthenticationProcess(final HttpServletRequest req, + final HttpServletResponse resp, final IRequest pendingReq) throws Exception { String newSsoSessionId = null; @@ -395,7 +398,8 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer final IAuthData authData = authDataBuilder.buildAuthenticationData(pendingReq); // execute the protocol-specific action - final SloInformationInterface sloInformation = executeProtocolSpecificAction(req, resp, pendingReq, authData); + final SloInformationInterface sloInformation = executeProtocolSpecificAction(req, resp, pendingReq, + authData); // Store OA specific SSO session information if an SSO cookie is set if (StringUtils.isNotEmpty(newSsoSessionId)) { @@ -422,9 +426,6 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer @PostConstruct private void initializer() { log.trace("Initializing {} ...", ProtocolAuthenticationService.class.getName()); - logOnInfoLevel - .addAll(KeyValueUtils.getListOfCsvValues(basicConfig.getBasicConfiguration(CONFIG_PROP_LOGGER_ON_INFO_LEVEL))); - log.info("Set errorCodes={} to LogLevel:INFO", String.join(",", logOnInfoLevel)); } @@ -439,12 +440,14 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer * @throws Exception in case of an error */ private SloInformationInterface executeProtocolSpecificAction(final HttpServletRequest httpReq, - final HttpServletResponse httpResp, final IRequest pendingReq, final IAuthData authData) throws Exception { + final HttpServletResponse httpResp, final IRequest pendingReq, final IAuthData authData) + throws Exception { try { // request needs no authentication --> start request processing final Class<?> clazz = Class.forName(pendingReq.requestedAction()); if (clazz == null || !IAction.class.isAssignableFrom(clazz)) { - log.error("Requested protocol-action processing Class is NULL or does not implement the IAction interface."); + log.error( + "Requested protocol-action processing Class is NULL or does not implement the IAction interface."); throw new ClassCastException( "Requested protocol-action processing Class is NULL or does not implement the IAction interface."); @@ -454,20 +457,24 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer return protocolAction.processRequest(pendingReq, httpReq, httpResp, authData); } catch (final ClassNotFoundException e) { - log.error("Requested Auth. protocol processing Class is NULL or does not implement the IAction interface."); + log.error( + "Requested Auth. protocol processing Class is NULL or does not implement the IAction interface."); throw new ClassNotFoundException( - "Requested Auth. protocol processing Class is NULL or does not implement the IAction interface.", e); + "Requested Auth. protocol processing Class is NULL or does not implement the IAction interface.", + e); } } - - // private void writeHtmlErrorResponse(@NonNull final HttpServletRequest httpReq, - // @NonNull final HttpServletResponse httpResp, @NonNull final String msg, @NonNull final String errorCode, - // @Nullable final Object[] params, String externalErrorCode) throws EaafException { - // this.writeHtmlErrorResponse(httpReq, httpResp, msg, errorCode, params, externalErrorCode, null, null); - // } - + // private void writeHtmlErrorResponse(@NonNull final HttpServletRequest + // httpReq, + // @NonNull final HttpServletResponse httpResp, @NonNull final String msg, + // @NonNull final String errorCode, + // @Nullable final Object[] params, String externalErrorCode) throws + // EaafException { + // this.writeHtmlErrorResponse(httpReq, httpResp, msg, errorCode, params, + // externalErrorCode, null, null); + // } private void writeHtmlErrorResponse(@NonNull final HttpServletRequest httpReq, @NonNull final HttpServletResponse httpResp, @NonNull final String msg, @NonNull final String errorCode, @@ -480,7 +487,7 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer String[] errorCodeParams = null; if (params == null) { - errorCodeParams = new String[]{}; + errorCodeParams = new String[] {}; } else { errorCodeParams = new String[params.length]; for (int i = 0; i < params.length; i++) { @@ -495,16 +502,17 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer // add errorcode and errormessage if (config instanceof ModifyableGuiBuilderConfiguration) { - ModifyableGuiBuilderConfiguration c = (ModifyableGuiBuilderConfiguration) config; + final ModifyableGuiBuilderConfiguration c = (ModifyableGuiBuilderConfiguration) config; c.putCustomParameter(AbstractGuiFormBuilderConfiguration.PARAM_GROUP_MSG, PARAM_GUI_ERROMSG, msg); - c.putCustomParameter(AbstractGuiFormBuilderConfiguration.PARAM_GROUP_MSG, PARAM_GUI_ERRORCODE, errorCode); + c.putCustomParameter(AbstractGuiFormBuilderConfiguration.PARAM_GROUP_MSG, PARAM_GUI_ERRORCODE, + errorCode); // TODO: should we keep the internal errorcode secret? - c.putCustomParameter(AbstractGuiFormBuilderConfiguration.PARAM_GROUP_MSG, PARAM_GUI_EXTERNAL_ERRORCODE, + c.putCustomParameter(AbstractGuiFormBuilderConfiguration.PARAM_GROUP_MSG, + PARAM_GUI_EXTERNAL_ERRORCODE, externalErrorCode); c.putCustomParameterWithOutEscaption(AbstractGuiFormBuilderConfiguration.PARAM_GROUP_MSG, PARAM_GUI_ERRORCODEPARAMS, ArrayUtils.toString(errorCodeParams)); - errorTicketService.displayErrorData(c, errorData); - + errorTicketService.displayErrorData(c, errorData, httpReq); } else { log.info("Can not ADD error message, because 'GUIBuilderConfiguration' is not modifieable "); @@ -555,7 +563,8 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer private IGuiBuilderConfiguration evaluateRequiredErrorHandlingMethod(IRequest first, String errorId) { if (first != null && first.isProcessInIframe()) { return guiConfigFactory - .getDefaultIFrameParentHopGui(first, "/" + ProtocolFinalizationController.ENDPOINT_ERRORHANDLING, errorId); + .getDefaultIFrameParentHopGui(first, ProtocolFinalizationController.ENDPOINT_ERRORHANDLING, + errorId); } return null; |