summaryrefslogtreecommitdiff
path: root/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/ISsoManager.java
diff options
context:
space:
mode:
Diffstat (limited to 'eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/ISsoManager.java')
-rw-r--r--eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/ISsoManager.java127
1 files changed, 127 insertions, 0 deletions
diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/ISsoManager.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/ISsoManager.java
new file mode 100644
index 00000000..a0734684
--- /dev/null
+++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/ISsoManager.java
@@ -0,0 +1,127 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.gv.egiz.eaaf.core.api.idp.auth;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.slo.SloInformationInterface;
+import at.gv.egiz.eaaf.core.exceptions.EaafSsoException;
+
+public interface ISsoManager {
+
+ // TODO
+ public static int EVENT_SSO_SESSION_INVALID = -1;
+ public static int EVENT_SSO_SESSION_VALID = -1;
+
+
+ public static final String PROCESS_ENGINE_SSO_CONSENTS_EVALUATION = "ssoconsentsevaluation";
+ public static final String AUTH_DATA_SSO_SESSIONID = "eaaf_authdata_sso_sessionId";
+
+
+ /**
+ * Check if there is an active and valid SSO session for the current pending request. <br>
+ * If there is an active SSO session, the pending request will be populated with eID information
+ * from SSO session
+ *
+ * @param pendingReq Current incoming pending request
+ * @param httpReq http Servlet request
+ * @param httpResp http Servlet response
+ * @return true if there is a valid SSO session, otherwise false
+ * @throws EaafSsoException In case of an internal error
+ */
+ public boolean checkAndValidateSsoSession(IRequest pendingReq, HttpServletRequest httpReq,
+ HttpServletResponse httpResp) throws EaafSsoException;
+
+ /**
+ * Populate service provider specific SSO settings.
+ *
+ * <p>
+ * Check if Single Sign-On is allowed for the current pending request and the requested service
+ * provider Set IRequest.needSingleSignOnFunctionality() to true if SSO is allowed
+ * </p>
+ *
+ * @param pendingReq Current incoming pending request
+ * @param httpReq http Servlet request
+ */
+ public void isSsoAllowedForSp(IRequest pendingReq, HttpServletRequest httpReq);
+
+
+ /**
+ * Populate the current pending request with eID information from an existing SSO session.
+ *
+ * @param pendingReq pending request that should be populated by SSO session
+ * @throws EaafSsoException if pending request contains no SSO information or population failed
+ */
+ public void populatePendingRequestWithSsoInformation(IRequest pendingReq) throws EaafSsoException;
+
+
+ /**
+ * Destroy an active SSO session on IDP site only.
+ *
+ * @param httpReq http servlet request
+ * @param httpResp http servlet response
+ * @param pendingReq current pending request
+ * @return true if a SSO session was closed successfully, otherwise false
+ * @throws EaafSsoException in case of an internal processing error
+ */
+ public boolean destroySsoSessionOnIdpOnly(HttpServletRequest httpReq,
+ HttpServletResponse httpResp, IRequest pendingReq) throws EaafSsoException;
+
+
+
+ /**
+ * Create a new SSO session-cookie for a specific pendingRequest and add it into http response.
+ *
+ * @param req http Request
+ * @param resp http Response
+ * @param pendingReq Current open PendingRequest
+ * @return new created SSO identifier
+ * @throws EaafSsoException In case of an internal error
+ */
+ public String createNewSsoSessionCookie(HttpServletRequest req, HttpServletResponse resp,
+ IRequest pendingReq) throws EaafSsoException;
+
+
+ /**
+ * Create a new SSO session in database.
+ *
+ * @param pendingReq current pending request
+ * @param newSsoSessionId new SSO sessionId
+ * @throws EaafSsoException In case of an internal error
+ */
+ public void createNewSsoSession(IRequest pendingReq, String newSsoSessionId)
+ throws EaafSsoException;
+
+
+ /**
+ * Updateing an existing SSO session in database.
+ *
+ * @param pendingReq current pending request
+ * @param newSsoSessionId new SSO session Id
+ * @param sloInformation SLO information container
+ * @throws EaafSsoException In case of an internal error
+ */
+ public void updateSsoSession(IRequest pendingReq, String newSsoSessionId,
+ SloInformationInterface sloInformation) throws EaafSsoException;
+
+
+
+}