summaryrefslogtreecommitdiff
path: root/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/ISsoManager.java
diff options
context:
space:
mode:
Diffstat (limited to 'eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/ISsoManager.java')
-rw-r--r--eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/ISsoManager.java122
1 files changed, 122 insertions, 0 deletions
diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/ISsoManager.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/ISsoManager.java
new file mode 100644
index 00000000..f0d6cfca
--- /dev/null
+++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/ISsoManager.java
@@ -0,0 +1,122 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.gv.egiz.eaaf.core.api.idp.auth;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.slo.SloInformationInterface;
+import at.gv.egiz.eaaf.core.exceptions.EaafSsoException;
+
+public interface ISsoManager {
+
+ // TODO
+ int EVENT_SSO_SESSION_INVALID = -1;
+ int EVENT_SSO_SESSION_VALID = -1;
+
+ String PROCESS_ENGINE_SSO_CONSENTS_EVALUATION = "ssoconsentsevaluation";
+ String AUTH_DATA_SSO_SESSIONID = "eaaf_authdata_sso_sessionId";
+
+ /**
+ * Check if there is an active and valid SSO session for the current pending
+ * request. <br>
+ * If there is an active SSO session, the pending request will be populated with
+ * eID information from SSO session
+ *
+ * @param pendingReq Current incoming pending request
+ * @param httpReq http Servlet request
+ * @param httpResp http Servlet response
+ * @return true if there is a valid SSO session, otherwise false
+ * @throws EaafSsoException In case of an internal error
+ */
+ boolean checkAndValidateSsoSession(IRequest pendingReq, HttpServletRequest httpReq, HttpServletResponse httpResp)
+ throws EaafSsoException;
+
+ /**
+ * Populate service provider specific SSO settings.
+ *
+ * <p>
+ * Check if Single Sign-On is allowed for the current pending request and the
+ * requested service provider Set IRequest.needSingleSignOnFunctionality() to
+ * true if SSO is allowed
+ * </p>
+ *
+ * @param pendingReq Current incoming pending request
+ * @param httpReq http Servlet request
+ */
+ void isSsoAllowedForSp(IRequest pendingReq, HttpServletRequest httpReq);
+
+ /**
+ * Populate the current pending request with eID information from an existing
+ * SSO session.
+ *
+ * @param pendingReq pending request that should be populated by SSO session
+ * @throws EaafSsoException if pending request contains no SSO information or
+ * population failed
+ */
+ void populatePendingRequestWithSsoInformation(IRequest pendingReq) throws EaafSsoException;
+
+ /**
+ * Destroy an active SSO session on IDP site only.
+ *
+ * @param httpReq http servlet request
+ * @param httpResp http servlet response
+ * @param pendingReq current pending request
+ * @return true if a SSO session was closed successfully, otherwise false
+ * @throws EaafSsoException in case of an internal processing error
+ */
+ boolean destroySsoSessionOnIdpOnly(HttpServletRequest httpReq, HttpServletResponse httpResp, IRequest pendingReq)
+ throws EaafSsoException;
+
+ /**
+ * Create a new SSO session-cookie for a specific pendingRequest and add it into
+ * http response.
+ *
+ * @param req http Request
+ * @param resp http Response
+ * @param pendingReq Current open PendingRequest
+ * @return new created SSO identifier
+ * @throws EaafSsoException In case of an internal error
+ */
+ String createNewSsoSessionCookie(HttpServletRequest req, HttpServletResponse resp, IRequest pendingReq)
+ throws EaafSsoException;
+
+ /**
+ * Create a new SSO session in database.
+ *
+ * @param pendingReq current pending request
+ * @param newSsoSessionId new SSO sessionId
+ * @throws EaafSsoException In case of an internal error
+ */
+ void createNewSsoSession(IRequest pendingReq, String newSsoSessionId) throws EaafSsoException;
+
+ /**
+ * Updateing an existing SSO session in database.
+ *
+ * @param pendingReq current pending request
+ * @param newSsoSessionId new SSO session Id
+ * @param sloInformation SLO information container
+ * @throws EaafSsoException In case of an internal error
+ */
+ void updateSsoSession(IRequest pendingReq, String newSsoSessionId, SloInformationInterface sloInformation)
+ throws EaafSsoException;
+
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-27 14:32:57 +0000