diff options
Diffstat (limited to 'eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/ISsoManager.java')
-rw-r--r-- | eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/ISsoManager.java | 122 |
1 files changed, 122 insertions, 0 deletions
diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/ISsoManager.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/ISsoManager.java new file mode 100644 index 00000000..f0d6cfca --- /dev/null +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/ISsoManager.java @@ -0,0 +1,122 @@ +/* + * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a + * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European + * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in + * compliance with the Licence. You may obtain a copy of the Licence at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software distributed under the Licence + * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the Licence for the specific language governing permissions and limitations under + * the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text file for details on the + * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative + * works that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.gv.egiz.eaaf.core.api.idp.auth; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.slo.SloInformationInterface; +import at.gv.egiz.eaaf.core.exceptions.EaafSsoException; + +public interface ISsoManager { + + // TODO + int EVENT_SSO_SESSION_INVALID = -1; + int EVENT_SSO_SESSION_VALID = -1; + + String PROCESS_ENGINE_SSO_CONSENTS_EVALUATION = "ssoconsentsevaluation"; + String AUTH_DATA_SSO_SESSIONID = "eaaf_authdata_sso_sessionId"; + + /** + * Check if there is an active and valid SSO session for the current pending + * request. <br> + * If there is an active SSO session, the pending request will be populated with + * eID information from SSO session + * + * @param pendingReq Current incoming pending request + * @param httpReq http Servlet request + * @param httpResp http Servlet response + * @return true if there is a valid SSO session, otherwise false + * @throws EaafSsoException In case of an internal error + */ + boolean checkAndValidateSsoSession(IRequest pendingReq, HttpServletRequest httpReq, HttpServletResponse httpResp) + throws EaafSsoException; + + /** + * Populate service provider specific SSO settings. + * + * <p> + * Check if Single Sign-On is allowed for the current pending request and the + * requested service provider Set IRequest.needSingleSignOnFunctionality() to + * true if SSO is allowed + * </p> + * + * @param pendingReq Current incoming pending request + * @param httpReq http Servlet request + */ + void isSsoAllowedForSp(IRequest pendingReq, HttpServletRequest httpReq); + + /** + * Populate the current pending request with eID information from an existing + * SSO session. + * + * @param pendingReq pending request that should be populated by SSO session + * @throws EaafSsoException if pending request contains no SSO information or + * population failed + */ + void populatePendingRequestWithSsoInformation(IRequest pendingReq) throws EaafSsoException; + + /** + * Destroy an active SSO session on IDP site only. + * + * @param httpReq http servlet request + * @param httpResp http servlet response + * @param pendingReq current pending request + * @return true if a SSO session was closed successfully, otherwise false + * @throws EaafSsoException in case of an internal processing error + */ + boolean destroySsoSessionOnIdpOnly(HttpServletRequest httpReq, HttpServletResponse httpResp, IRequest pendingReq) + throws EaafSsoException; + + /** + * Create a new SSO session-cookie for a specific pendingRequest and add it into + * http response. + * + * @param req http Request + * @param resp http Response + * @param pendingReq Current open PendingRequest + * @return new created SSO identifier + * @throws EaafSsoException In case of an internal error + */ + String createNewSsoSessionCookie(HttpServletRequest req, HttpServletResponse resp, IRequest pendingReq) + throws EaafSsoException; + + /** + * Create a new SSO session in database. + * + * @param pendingReq current pending request + * @param newSsoSessionId new SSO sessionId + * @throws EaafSsoException In case of an internal error + */ + void createNewSsoSession(IRequest pendingReq, String newSsoSessionId) throws EaafSsoException; + + /** + * Updateing an existing SSO session in database. + * + * @param pendingReq current pending request + * @param newSsoSessionId new SSO session Id + * @param sloInformation SLO information container + * @throws EaafSsoException In case of an internal error + */ + void updateSsoSession(IRequest pendingReq, String newSsoSessionId, SloInformationInterface sloInformation) + throws EaafSsoException; + +} |