diff options
Diffstat (limited to 'eaaf_core/src')
11 files changed, 390 insertions, 119 deletions
diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/RequestStorage.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/RequestStorage.java index 48c9d1bd..86c50be0 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/RequestStorage.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/RequestStorage.java @@ -69,10 +69,17 @@ public class RequestStorage implements IRequestStorage { // search invalid pending-request for errorHandling IRequest invalidPendingRequest = null; - try { + try { if (StringUtils.isNotEmpty(e.getInvalidInternalPendingReqId())) { + log.debug("Searching for expired pendingRequest with Id: {} ... ", e.getInvalidInternalPendingReqId()); invalidPendingRequest = transactionStorage.get(e.getInvalidInternalPendingReqId(), IRequest.class); + log.debug("{} expired pendingReq. Set it into Exception ...", + invalidPendingRequest != null ? "Find" : "Find NO "); + + } else { + log.debug("Get no internal pendingRequestId. Expired pendingRequest can not be set"); + } } catch (final EaafException e1) { diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java index 72fa1faf..50bf76db 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java @@ -22,13 +22,24 @@ package at.gv.egiz.eaaf.core.impl.idp.auth.services; import java.io.IOException; import java.io.PrintWriter; import java.io.StringWriter; -import java.util.Arrays; -import java.util.List; +import java.util.HashSet; +import javax.annotation.PostConstruct; import javax.naming.ConfigurationException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.commons.lang3.ArrayUtils; +import org.apache.commons.lang3.StringUtils; +import org.apache.commons.text.StringEscapeUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; +import org.springframework.lang.NonNull; +import org.springframework.lang.Nullable; +import org.springframework.stereotype.Service; + import at.gv.egiz.components.eventlog.api.EventConstants; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.IRequestStorage; @@ -41,6 +52,7 @@ import at.gv.egiz.eaaf.core.api.gui.ModifyableGuiBuilderConfiguration; import at.gv.egiz.eaaf.core.api.idp.IAction; import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.IAuthenticationDataBuilder; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.api.idp.IModulInfo; import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; import at.gv.egiz.eaaf.core.api.idp.auth.IAuthenticationManager; @@ -58,30 +70,22 @@ import at.gv.egiz.eaaf.core.exceptions.GuiBuildException; import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; import at.gv.egiz.eaaf.core.exceptions.ProcessExecutionException; import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.gui.AbstractGuiFormBuilderConfiguration; import at.gv.egiz.eaaf.core.impl.http.HttpUtils; import at.gv.egiz.eaaf.core.impl.idp.controller.ProtocolFinalizationController; import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egiz.eaaf.core.impl.utils.ServletUtils; -import org.apache.commons.lang3.ArrayUtils; -import org.apache.commons.lang3.StringUtils; -import org.apache.commons.text.StringEscapeUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.ApplicationContext; -import org.springframework.lang.NonNull; -import org.springframework.lang.Nullable; -import org.springframework.stereotype.Service; - @Service public class ProtocolAuthenticationService implements IProtocolAuthenticationService { private static final Logger log = LoggerFactory.getLogger(ProtocolAuthenticationService.class); - private static final List<String> ERROR_LOGGER_ON_INFO_LEVEL = - Arrays.asList(IStatusMessenger.CODES_INTERNAL_ERROR_AUTH_USERSTOP); + private static final String CONFIG_PROP_LOGGER_ON_INFO_LEVEL = + "core.logging.level.info.errorcodes"; + private static final String TECH_LOG_MSG = "errorCode={} Message={}"; @Autowired(required = true) private ApplicationContext applicationContext; @@ -97,6 +101,7 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer private IRequestStorage requestStorage; @Autowired(required = true) IPendingRequestIdGenerationStrategy pendingReqIdGenerationStrategy; + @Autowired private IConfiguration basicConfig; @Autowired(required = false) private ISsoManager ssoManager; @@ -107,6 +112,8 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer private IGuiFormBuilder guiBuilder; + private final HashSet<String> logOnInfoLevel = new HashSet<>(); + /* * (non-Javadoc) * @@ -170,7 +177,7 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer @Override public void finalizeAuthentication(final HttpServletRequest req, final HttpServletResponse resp, final IRequest pendingReq) throws EaafException, IOException { - log.debug("Finalize PendingRequest with ID " + pendingReq.getPendingRequestId()); + log.debug("Finalize PendingRequest with ID={} ", pendingReq.getPendingRequestId()); try { // check if pending-request has 'abortedByUser' flag set @@ -204,7 +211,7 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer } } catch (final Exception e) { - log.error("Finalize authentication protocol FAILED.", e); + log.info("Finalize authentication protocol FAILED. Reason: {}", e.getMessage()); buildProtocolSpecificErrorResponse(e, req, resp, pendingReq); } finally { @@ -227,7 +234,7 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer if (clazz == null || !IModulInfo.class.isAssignableFrom(clazz)) { log.error( "Requested protocol module Class is NULL or does not implement the IModulInfo interface."); - throw new Exception( + throw new ClassCastException( "Requested protocol module Class is NULL or does not implement the IModulInfo interface."); } @@ -246,8 +253,6 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer revisionsLogger.logEvent(protocolRequest, EventConstants.TRANSACTION_ERROR, protocolRequest.getUniqueTransactionIdentifier()); - return; - } else { handleErrorNoRedirect(throwable, req, resp, true); @@ -302,31 +307,11 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer resp.setContentType("text/html"); resp.setStatus(302); resp.addHeader("Location", redirectUrl); - log.debug("REDIRECT TO: " + redirectUrl); + log.debug("REDIRECT TO: {}", redirectUrl); } } - private IGuiBuilderConfiguration evaluateRequiredErrorHandlingMethod(IRequest first, String errorId) { - if (first != null && first.isProcessInIframe()) { - return guiConfigFactory.getDefaultIFrameParentHopGui(first, - "/" + ProtocolFinalizationController.ENDPOINT_ERRORHANDLING, - errorId); - - } - - return null; - } - - private String generateErrorRedirectUrl(final HttpServletRequest req, String errorKey) { - String redirectUrl = null; - redirectUrl = ServletUtils.getBaseUrl(req); - redirectUrl += "/" + ProtocolFinalizationController.ENDPOINT_ERRORHANDLING + "?" - + EaafConstants.PARAM_HTTP_ERROR_CODE + "=" + errorKey; - return redirectUrl; - - } - public void setGuiBuilder(final IGuiFormBuilder guiBuilder) { this.guiBuilder = guiBuilder; } @@ -391,6 +376,51 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer } /** + * Write a Exception to the MOA-ID-Auth internal technical log. + * + * @param loggedException Exception to log + */ + protected void logExceptionToTechnicalLog(final Throwable loggedException) { + // In case of a TaskExecutionException, which is only a container for process-errors, + // extract internal exception + Throwable toLog; + if (loggedException instanceof TaskExecutionException + && ((TaskExecutionException)loggedException).getOriginalException() != null) { + toLog = ((TaskExecutionException)loggedException).getOriginalException(); + + } else { + toLog = loggedException; + + } + + // Log exception + if (!(toLog instanceof EaafException)) { + log.error(TECH_LOG_MSG, IStatusMessenger.CODES_INTERNAL_ERROR_GENERIC, + toLog.getMessage(), toLog); + + } else { + if (logOnInfoLevel.contains(((EaafException) toLog).getErrorId())) { + log.info(TECH_LOG_MSG, ((EaafException) toLog).getErrorId(), + toLog.getMessage(), toLog); + + } else { + log.warn(TECH_LOG_MSG, ((EaafException) toLog).getErrorId(), + toLog.getMessage(), toLog); + + } + } + } + + @PostConstruct + private void initializer() { + log.trace("Initializing {} ...", ProtocolAuthenticationService.class.getName()); + logOnInfoLevel.addAll(KeyValueUtils.getListOfCsvValues( + basicConfig.getBasicConfiguration(CONFIG_PROP_LOGGER_ON_INFO_LEVEL))); + log.info("Set errorCodes={} to LogLevel:INFO", String.join(",", logOnInfoLevel)); + + } + + /** * Executes the requested protocol action. * * @param httpReq HttpServletRequest @@ -411,7 +441,7 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer if (clazz == null || !IAction.class.isAssignableFrom(clazz)) { log.error( "Requested protocol-action processing Class is NULL or does not implement the IAction interface."); - throw new Exception( + throw new ClassCastException( "Requested protocol-action processing Class is NULL or does not implement the IAction interface."); } @@ -422,50 +452,16 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer } catch (final ClassNotFoundException e) { log.error( "Requested Auth. protocol processing Class is NULL or does not implement the IAction interface."); - throw new Exception( - "Requested Auth. protocol processing Class is NULL or does not implement the IAction interface."); + throw new ClassNotFoundException( + "Requested Auth. protocol processing Class is NULL or does not implement the IAction interface.", e); } } - /** - * Write a Exception to the MOA-ID-Auth internal technical log. - * - * @param loggedException Exception to log - */ - protected void logExceptionToTechnicalLog(final Throwable loggedException) { - if (!(loggedException instanceof EaafException - || loggedException instanceof ProcessExecutionException)) { - log.error("Receive an internal error: Message=" + loggedException.getMessage(), - loggedException); - - } else { - if (loggedException instanceof EaafAuthenticationException && ERROR_LOGGER_ON_INFO_LEVEL - .contains(((EaafAuthenticationException) loggedException).getErrorId())) { - if (log.isDebugEnabled() || log.isTraceEnabled()) { - log.info(loggedException.getMessage(), loggedException); - - } else { - log.info(loggedException.getMessage()); - - } - - } else { - if (log.isDebugEnabled() || log.isTraceEnabled()) { - log.warn(loggedException.getMessage(), loggedException); - - } else { - log.warn(loggedException.getMessage()); - - } - } - } - } - private void writeHtmlErrorResponse(@NonNull final HttpServletRequest httpReq, @NonNull final HttpServletResponse httpResp, @NonNull final String msg, @NonNull final String errorCode, @Nullable final Object[] params, - @NonNull final Exception error) throws IOException, EaafException { + @NonNull final Exception error) throws EaafException { try { final IGuiBuilderConfiguration config = @@ -543,13 +539,11 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer } // write error message - // writeBadRequestErrorResponse(req, resp, (EAAFException) e); writeHtmlErrorResponse(req, resp, e.getMessage(), statusMessager.getResponseErrorCode(e), null, e); } else if (e instanceof InvalidProtocolRequestException) { // send error response - // writeBadRequestErrorResponse(req, resp, (EAAFException) e); writeHtmlErrorResponse(req, resp, e.getMessage(), statusMessager.getResponseErrorCode(e), null, e); @@ -572,4 +566,24 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer } + private IGuiBuilderConfiguration evaluateRequiredErrorHandlingMethod(IRequest first, String errorId) { + if (first != null && first.isProcessInIframe()) { + return guiConfigFactory.getDefaultIFrameParentHopGui(first, + "/" + ProtocolFinalizationController.ENDPOINT_ERRORHANDLING, + errorId); + + } + + return null; + } + + private String generateErrorRedirectUrl(final HttpServletRequest req, String errorKey) { + String redirectUrl = null; + redirectUrl = ServletUtils.getBaseUrl(req); + redirectUrl += "/" + ProtocolFinalizationController.ENDPOINT_ERRORHANDLING + "?" + + EaafConstants.PARAM_HTTP_ERROR_CODE + "=" + errorKey; + return redirectUrl; + + } + } diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/PiiTransactionIdAttributeBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/PiiTransactionIdAttributeBuilder.java new file mode 100644 index 00000000..08911ac7 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/PiiTransactionIdAttributeBuilder.java @@ -0,0 +1,37 @@ +package at.gv.egiz.eaaf.core.impl.idp.builder.attributes; + +import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import lombok.extern.slf4j.Slf4j; + +@Slf4j +public class PiiTransactionIdAttributeBuilder implements IAttributeBuilder, ExtendedPvpAttributeDefinitions { + + @Override + public String getName() { + return EID_PII_TRANSACTION_ID_NAME; + + } + + @Override + public <ATT> ATT build(ISpConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + String piiTransactionId = authData.getGenericData(EID_PII_TRANSACTION_ID_NAME, String.class); + log.trace("{} piiTransactionId: {} as attribute", + piiTransactionId != null ? "Set" : "Notset", log.isTraceEnabled() ? piiTransactionId : "********"); + return g.buildStringAttribute(EID_PII_TRANSACTION_ID_FRIENDLY_NAME, EID_PII_TRANSACTION_ID_NAME, + piiTransactionId); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(EID_PII_TRANSACTION_ID_FRIENDLY_NAME, EID_PII_TRANSACTION_ID_NAME); + + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/SpUsesMandates.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/SpUsesMandates.java index 44ff4e50..924e2a9f 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/SpUsesMandates.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/SpUsesMandates.java @@ -30,7 +30,7 @@ public class SpUsesMandates implements IAttributeBuilder, ExtendedPvpAttributeDe @Override public String getName() { - return SP_USESMANDATES_NAME; + return SP_USED_MANDATE_PROFILES_NAME; } @Override @@ -44,7 +44,7 @@ public class SpUsesMandates implements IAttributeBuilder, ExtendedPvpAttributeDe @Override public <ATT> ATT buildEmpty(final IAttributeGenerator<ATT> g) { - return g.buildEmptyAttribute(SP_USESMANDATES_FRIENDLY_NAME, SP_USESMANDATES_NAME); + return g.buildEmptyAttribute(SP_USED_MANDATE_PROFILES_FRIENDLY_NAME, SP_USED_MANDATE_PROFILES_NAME); } diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/TransactionIdAttributeBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/TransactionIdAttributeBuilder.java new file mode 100644 index 00000000..17b830dc --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/TransactionIdAttributeBuilder.java @@ -0,0 +1,33 @@ +package at.gv.egiz.eaaf.core.impl.idp.builder.attributes; + +import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.impl.utils.TransactionIdUtils; + +public class TransactionIdAttributeBuilder implements IAttributeBuilder, ExtendedPvpAttributeDefinitions { + + @Override + public String getName() { + return EID_TRANSACTION_ID_NAME; + + } + + @Override + public <ATT> ATT build(ISpConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + return g.buildStringAttribute(EID_TRANSACTION_ID_FRIENDLY_NAME, EID_TRANSACTION_ID_NAME, + TransactionIdUtils.getTransactionId()); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(EID_TRANSACTION_ID_FRIENDLY_NAME, EID_TRANSACTION_ID_NAME); + + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractController.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractController.java index e9687833..0479a8c5 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractController.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractController.java @@ -26,6 +26,14 @@ import javax.annotation.Nullable; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.commons.text.StringEscapeUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; +import org.springframework.util.SerializationUtils; +import org.springframework.web.bind.annotation.ExceptionHandler; + import at.gv.egiz.components.eventlog.api.EventConstants; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.IStatusMessenger; @@ -35,19 +43,12 @@ import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; import at.gv.egiz.eaaf.core.api.idp.auth.services.IProtocolAuthenticationService; import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger; import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.api.utils.IPendingRequestIdGenerationStrategy; import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.exceptions.PendingReqIdValidationException; import at.gv.egiz.eaaf.core.exceptions.ProcessExecutionException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.data.Pair; -import at.gv.egiz.eaaf.core.impl.utils.Random; - -import org.apache.commons.text.StringEscapeUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.ApplicationContext; -import org.springframework.web.bind.annotation.ExceptionHandler; /** * Basic application controller that implements core error-handling. @@ -73,6 +74,9 @@ public abstract class AbstractController { @Autowired protected IRevisionLogger revisionsLogger; + @Autowired + protected IPendingRequestIdGenerationStrategy reqIdGenerationStrategy; + /** * EAAF framework exception handler. * @@ -167,18 +171,30 @@ public abstract class AbstractController { } // put exception into transaction store for redirect - final String errorKey = Random.nextLongRandom(); + final String errorToken = reqIdGenerationStrategy.generateExternalPendingRequestId(); + final String errorKey = reqIdGenerationStrategy.getPendingRequestIdWithOutChecks(errorToken); + if (errorToHandle.getFirst() != null) { revisionsLogger.logEvent(errorToHandle.getFirst(), EventConstants.TRANSACTION_ERROR); - transactionStorage.put(errorKey, new ExceptionContainer(errorToHandle.getFirst(), errorToHandle - .getSecond()), -1); + + log.trace("Serializing {} ... ", ExceptionContainer.class.getName()); + final byte[] serializedError = SerializationUtils.serialize( + new ExceptionContainer(errorToHandle.getFirst(), errorToHandle.getSecond())); + + log.debug("Put 'ExceptionContainer' into cache with id: {}... ", errorKey); + transactionStorage.put(errorKey, serializedError, -1); } else { - transactionStorage.put(errorKey, new ExceptionContainer(null, errorToHandle.getSecond()), -1); + log.trace("Serializing {} ... ", ExceptionContainer.class.getName()); + final byte[] serializedError = SerializationUtils.serialize( + new ExceptionContainer(null, errorToHandle.getSecond())); + + log.trace("Put 'ExceptionContainer' into cache with id: {}... ",errorKey); + transactionStorage.put(errorKey, serializedError, -1); } - return errorKey; + return errorToken; } diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractProcessEngineSignalController.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractProcessEngineSignalController.java index 098bca4c..2ce728c1 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractProcessEngineSignalController.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractProcessEngineSignalController.java @@ -36,6 +36,7 @@ import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.idp.process.ProcessEngine; import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.exceptions.EaafIllegalStateException; +import at.gv.egiz.eaaf.core.exceptions.PendingReqIdValidationException; import at.gv.egiz.eaaf.core.impl.utils.TransactionIdUtils; /** @@ -85,6 +86,9 @@ public abstract class AbstractProcessEngineSignalController extends AbstractCont // wake up next task processEngine.signal(pendingReq); + } catch (PendingReqIdValidationException e) { + handleError(null, e, req, resp, e.getInvalidPendingReq()); + } catch (final Exception ex) { handleError(null, ex, req, resp, pendingReq); diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java index 17da63f5..4ff41836 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java @@ -29,6 +29,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Controller; +import org.springframework.util.SerializationUtils; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; @@ -38,7 +39,9 @@ import at.gv.egiz.eaaf.core.api.IRequestStorage; import at.gv.egiz.eaaf.core.api.IStatusMessenger; import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.data.ExceptionContainer; +import at.gv.egiz.eaaf.core.api.utils.IPendingRequestIdGenerationStrategy; import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.utils.TransactionIdUtils; /** * Protocol finialization end-point. @@ -54,6 +57,7 @@ public class ProtocolFinalizationController extends AbstractController { @Autowired(required = true) IRequestStorage requestStorage; + @Autowired IPendingRequestIdGenerationStrategy requestIdValidationStragegy; /** * End-Point to handle errors. @@ -67,35 +71,57 @@ public class ProtocolFinalizationController extends AbstractController { public void errorHandling(final HttpServletRequest req, final HttpServletResponse resp) throws EaafException, IOException { // receive an authentication error - final String errorid = + final String errorToken = StringEscapeUtils.escapeHtml4(req.getParameter(EaafConstants.PARAM_HTTP_ERROR_CODE)); - if (errorid != null) { + if (errorToken != null) { IRequest pendingReq = null; - try { + try { + String errorId = requestIdValidationStragegy.validateAndGetPendingRequestId(errorToken); + log.debug("Searching exception with internal error-token: {}", errorId); + // load stored exception from database - final ExceptionContainer container = - transactionStorage.get(errorid, ExceptionContainer.class); - if (container != null) { + final byte[] containerSerialized = + transactionStorage.get(errorId, byte[].class); + if (containerSerialized != null) { // remove exception if it was found - transactionStorage.remove(errorid); - - final Throwable throwable = container.getExceptionThrown(); - pendingReq = container.getPendingRequest(); - - if (pendingReq != null) { - // build protocol-specific error message if possible - protAuthService.buildProtocolSpecificErrorResponse(throwable, req, resp, pendingReq); - - // remove active user-session - transactionStorage.remove(pendingReq.getPendingRequestId()); - - return; + transactionStorage.remove(errorId); + log.trace("Find exception with internal error-token: {}", errorId); + + //final Object containerObj = EaafSerializationUtils.deserialize(containerSerialized, + // Arrays.asList( + // ExceptionContainer.class.getName() + // )); + final Object containerObj = SerializationUtils.deserialize(containerSerialized); + + if (containerObj instanceof ExceptionContainer) { + final ExceptionContainer container = (ExceptionContainer) containerObj; + final Throwable throwable = container.getExceptionThrown(); + pendingReq = container.getPendingRequest(); + + if (pendingReq != null) { + //set MDC variables + TransactionIdUtils.setAllLoggingVariables(pendingReq); + + // build protocol-specific error message if possible + protAuthService.buildProtocolSpecificErrorResponse(throwable, req, resp, pendingReq); + + // remove active user-session + transactionStorage.remove(pendingReq.getPendingRequestId()); + + } else { + protAuthService.handleErrorNoRedirect(throwable, req, resp, true); + + } } else { - protAuthService.handleErrorNoRedirect(throwable, req, resp, true); + protAuthService.handleErrorNoRedirect( + new EaafException(IStatusMessenger.CODES_INTERNAL_ERROR_GENERIC, null), + req, resp, false); } + } else { + log.info("Find no exception with internal error-token: {}", errorId); protAuthService.handleErrorNoRedirect( new EaafException(IStatusMessenger.CODES_INTERNAL_ERROR_AUTH_NOPENDIGREQID, null), req, resp, false); @@ -114,6 +140,9 @@ public class ProtocolFinalizationController extends AbstractController { pendingReq.getUniqueTransactionIdentifier()); } + + //remove all Logger variables + TransactionIdUtils.removeAllLoggingVariables(); } @@ -152,9 +181,14 @@ public class ProtocolFinalizationController extends AbstractController { req, resp, false); } else { + //set MDC variables + TransactionIdUtils.setAllLoggingVariables(pendingReq); + + //perform protocol finalization steps protAuthService.finalizeAuthentication(req, resp, pendingReq); + } - + } } diff --git a/eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder b/eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder index 30f1cb57..f57c3787 100644 --- a/eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder +++ b/eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder @@ -12,4 +12,6 @@ at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EidIdentityLinkBuilder at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EidEidTokenBuilder at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EidSignerCertificate at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EidIdentityStatusLevelAttributeBuiler -at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EidCcsUrl
\ No newline at end of file +at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EidCcsUrl +at.gv.egiz.eaaf.core.impl.idp.builder.attributes.TransactionIdAttributeBuilder +at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PiiTransactionIdAttributeBuilder diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/PiiTransactionIdAttributeBuilderTest.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/PiiTransactionIdAttributeBuilderTest.java new file mode 100644 index 00000000..82ac0abf --- /dev/null +++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/PiiTransactionIdAttributeBuilderTest.java @@ -0,0 +1,64 @@ +package at.gv.egiz.eaaf.core.impl.idp.auth.attributes; + +import java.util.UUID; + +import org.junit.Assert; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PiiTransactionIdAttributeBuilder; +import at.gv.egiz.eaaf.core.impl.utils.TransactionIdUtils; + +/** + * Attribute builder to generate an attribute that holds the unique TransactionId for this process. + * <br> + * The attribute-value is read from {@link TransactionIdUtils} with method <code>getTransactionId()</code> + * + * @author tlenz + * + */ +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration("/SpringTest-context_eaaf_core.xml") +public class PiiTransactionIdAttributeBuilderTest extends AbstractAttributeBuilderTest { + + private final IAttributeBuilder attrBuilder = new PiiTransactionIdAttributeBuilder(); + + @Test + public void attributeName() { + Assert.assertEquals("Wrong attribute name", + "urn:eidgvat:attributes.piiTransactionId", attrBuilder.getName()); + + } + + @Test + public void checkEmptyAttribute() { + String value = attrBuilder.buildEmpty(gen); + Assert.assertNull("Attr. not null", value); + + } + + @Test + public void noPiiTransactionId() throws AttributeBuilderException, Exception { + String value = attrBuilder.build(spConfig, buildAuthData(), gen); + Assert.assertNull("Attr. not null", value); + + } + + @Test + public void withPiiTransactionId() throws AttributeBuilderException, Exception { + String piiTransId = UUID.randomUUID().toString(); + IAuthData authData = buildAuthData(); + ((AuthenticationData)authData).setGenericData("urn:eidgvat:attributes.piiTransactionId", piiTransId); + + String value = attrBuilder.build(spConfig, authData, gen); + Assert.assertEquals("piiTransactionId", piiTransId, value); + + } + +} diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/TransactionIdAttributeBuilderTest.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/TransactionIdAttributeBuilderTest.java new file mode 100644 index 00000000..d82bdf5c --- /dev/null +++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/TransactionIdAttributeBuilderTest.java @@ -0,0 +1,60 @@ +package at.gv.egiz.eaaf.core.impl.idp.auth.attributes; + +import org.junit.Assert; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.TransactionIdAttributeBuilder; +import at.gv.egiz.eaaf.core.impl.utils.TransactionIdUtils; + +/** + * Attribute builder to generate an attribute that holds the unique TransactionId for this process. + * <br> + * The attribute-value is read from {@link TransactionIdUtils} with method <code>getTransactionId()</code> + * + * @author tlenz + * + */ +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration("/SpringTest-context_eaaf_core.xml") +public class TransactionIdAttributeBuilderTest extends AbstractAttributeBuilderTest { + + private final IAttributeBuilder attrBuilder = new TransactionIdAttributeBuilder(); + + @Test + public void attributeName() { + Assert.assertEquals("Wrong attribute name", + "urn:eidgvat:attributes.transactionId", attrBuilder.getName()); + + } + + @Test + public void checkEmptyAttribute() { + String value = attrBuilder.buildEmpty(gen); + Assert.assertNull("Attr. not null", value); + + } + + @Test + public void noTransactionId() throws AttributeBuilderException, Exception { + String value = attrBuilder.build(spConfig, buildAuthData(), gen); + Assert.assertNull("Attr. not null", value); + + } + + @Test + public void withTransactionId() throws AttributeBuilderException, Exception { + TransactionIdUtils.setTransactionId(); + String transId = TransactionIdUtils.getTransactionId(); + Assert.assertNull("Inputdata is null", transId); + + String value = attrBuilder.build(spConfig, buildAuthData(), gen); + Assert.assertEquals("TransactionId", transId, value); + + } + +} |