diff options
Diffstat (limited to 'eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth')
7 files changed, 660 insertions, 660 deletions
diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/IAuthenticationManager.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/IAuthenticationManager.java index 4381211d..1f95bd57 100644 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/IAuthenticationManager.java +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/IAuthenticationManager.java @@ -1,94 +1,92 @@ -/******************************************************************************* - * Copyright 2017 Graz University of Technology - * EAAF-Core Components has been developed in a cooperation between EGIZ, - * A-SIT Plus, A-SIT, and Graz University of Technology. +/* + * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a + * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology. * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European + * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in + * compliance with the Licence. You may obtain a copy of the Licence at: * https://joinup.ec.europa.eu/news/understanding-eupl-v12 * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -/******************************************************************************* - *******************************************************************************/ -/******************************************************************************* - *******************************************************************************/ + * Unless required by applicable law or agreed to in writing, software distributed under the Licence + * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the Licence for the specific language governing permissions and limitations under + * the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text file for details on the + * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative + * works that you distribute must include a readable copy of the "NOTICE" text file. +*/ + package at.gv.egiz.eaaf.core.api.idp.auth; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; - import at.gv.egiz.eaaf.core.api.IRequest; -import at.gv.egiz.eaaf.core.api.idp.slo.ISLOInformationContainer; -import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.api.idp.slo.ISloInformationContainer; +import at.gv.egiz.eaaf.core.exceptions.EaafException; public interface IAuthenticationManager { - - public static int EVENT_AUTHENTICATION_PROCESS_FOR_SP = 4003; - public static int EVENT_AUTHENTICATION_PROCESS_STARTED = 4000; - public static int EVENT_AUTHENTICATION_PROCESS_FINISHED = 4001; - public static int EVENT_AUTHENTICATION_PROCESS_ERROR = 4002; - - - /** - * Add a request parameter to whitelist. All parameters that are part of the white list are added into {@link ExecutionContext} - * - * @param httpReqParam http parameter name, but never null - */ - void addParameterNameToWhiteList(String httpReqParam); - /** - * Add a request header to whitelist. All parameters that are part of the white list are added into {@link ExecutionContext} - * - * @param httpReqParam http header name, but never null - */ - void addHeaderNameToWhiteList(String httpReqParam); - + public static int EVENT_AUTHENTICATION_PROCESS_FOR_SP = 4003; + public static int EVENT_AUTHENTICATION_PROCESS_STARTED = 4000; + public static int EVENT_AUTHENTICATION_PROCESS_FINISHED = 4001; + public static int EVENT_AUTHENTICATION_PROCESS_ERROR = 4002; + + + /** + * Add a request parameter to whitelist. All parameters that are part of the white list are added + * into {@link ExecutionContext} + * + * @param httpReqParam http parameter name, but never null + */ + void addParameterNameToWhiteList(String httpReqParam); + + /** + * Add a request header to whitelist. All parameters that are part of the white list are added + * into {@link ExecutionContext} + * + * @param httpReqParam http header name, but never null + */ + void addHeaderNameToWhiteList(String httpReqParam); + + + /** + * Starts an authentication process for a specific pending request. + * + * @param httpReq http servlet request + * @param httpResp http servlet response + * @param pendingReq Pending request for that an authentication is required + * @return true if the pending request is already authenticated, otherwise false + * @throws EaafException In case of an authentication error + */ + boolean doAuthentication(HttpServletRequest httpReq, HttpServletResponse httpResp, + IRequest pendingReq) throws EaafException; + + /** + * Close an active authenticated session on IDP side. + * + * @param request http servlet request + * @param response http servlet response + * @param pendingReq ReqPending request for that an authentication session should be closed + */ + void performOnlyIdpLogOut(HttpServletRequest request, HttpServletResponse response, + IRequest pendingReq); + + + /** + * Close an active authenticated session on IDP side and get a list authenticated service + * providers. + * + * @param httpReq http servlet request + * @param httpResp http servlet response + * @param pendingReq ReqPending request for that an authentication session should be closed + * @param internalSsoId internal SSO session identifier + * @return A container that contains all active SP sessions + * @throws EaafException In case of an internal SLO error + */ + ISloInformationContainer performSingleLogOut(HttpServletRequest httpReq, + HttpServletResponse httpResp, IRequest pendingReq, String internalSsoId) throws EaafException; - /** - * Starts an authentication process for a specific pending request - * - * @param httpReq http servlet request - * @param httpResp http servlet response - * @param pendingReq Pending request for that an authentication is required - * @return true if the pending request is already authenticated, otherwise false - * @throws EAAFException - */ - boolean doAuthentication(HttpServletRequest httpReq, HttpServletResponse httpResp, - IRequest pendingReq) throws EAAFException; - - /** - * Close an active authenticated session on IDP side - * - * @param request http servlet request - * @param response http servlet response - * @param pendingReq ReqPending request for that an authentication session should be closed - */ - void performOnlyIDPLogOut(HttpServletRequest request, HttpServletResponse response, IRequest pendingReq); - - - /** - * Close an active authenticated session on IDP side and get a list authenticated service providers - * - * @param request http servlet request - * @param response http servlet response - * @param pendingReq ReqPending request for that an authentication session should be closed - * @param internalSSOId internal SSO session identifier - * @return A container that contains all active SP sessions - * @throws EAAFException - */ - ISLOInformationContainer performSingleLogOut(HttpServletRequest httpReq, HttpServletResponse httpResp, IRequest pendingReq, String internalSSOId) throws EAAFException; - -}
\ No newline at end of file +} diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/ISSOManager.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/ISSOManager.java deleted file mode 100644 index 5481fd52..00000000 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/ISSOManager.java +++ /dev/null @@ -1,130 +0,0 @@ -/******************************************************************************* - * Copyright 2017 Graz University of Technology - * EAAF-Core Components has been developed in a cooperation between EGIZ, - * A-SIT Plus, A-SIT, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * https://joinup.ec.europa.eu/news/understanding-eupl-v12 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -/******************************************************************************* - *******************************************************************************/ -/******************************************************************************* - *******************************************************************************/ -package at.gv.egiz.eaaf.core.api.idp.auth; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import at.gv.egiz.eaaf.core.api.IRequest; -import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface; -import at.gv.egiz.eaaf.core.exceptions.EAAFSSOException; - -public interface ISSOManager { - - //TODO - public static int EVENT_SSO_SESSION_INVALID = -1; - public static int EVENT_SSO_SESSION_VALID = -1; - - - public static final String PROCESS_ENGINE_SSO_CONSENTS_EVALUATION = "ssoconsentsevaluation"; - public static final String AUTH_DATA_SSO_SESSIONID = "eaaf_authdata_sso_sessionId"; - - - /** - * Check if there is an active and valid SSO session for the current pending request. - * <br> - * If there is an active SSO session, the pending request will be populated with eID information from SSO session - * - * @param pendingReq Current incoming pending request - * @param httpReq http Servlet request - * @param httpResp http Servlet response - * @return true if there is a valid SSO session, otherwise false - * @throws EAAFSSOException - */ - public boolean checkAndValidateSSOSession(IRequest pendingReq, HttpServletRequest httpReq, HttpServletResponse httpResp) throws EAAFSSOException; - - /** - * Populate service provider specific SSO settings - * - * Check if Single Sign-On is allowed for the current pending request and the requested service provider - * Set IRequest.needSingleSignOnFunctionality() to true if SSO is allowed - * - * @param pendingReq Current incoming pending request - * @param httpReq http Servlet request - */ - public void isSSOAllowedForSP(IRequest pendingReq, HttpServletRequest httpReq); - - - /** - * Populate the current pending request with eID information from an existing SSO session - * - * @param pendingReq pending request that should be populated by SSO session - * @throws EAAFSSOException if pending request contains no SSO information or population failed - */ - public void populatePendingRequestWithSSOInformation(IRequest pendingReq) throws EAAFSSOException; - - - /** - * Destroy an active SSO session on IDP site only - * - * @param httpReq http servlet request - * @param httpResp http servlet response - * @param pendingReq - * @return true if a SSO session was closed successfully, otherwise false - * @throws EAAFSSOException in case of an internal processing error - */ - public boolean destroySSOSessionOnIDPOnly(HttpServletRequest httpReq, HttpServletResponse httpResp, IRequest pendingReq) throws EAAFSSOException; - - - - /** - * Create a new SSO session-cookie for a specific pendingRequest and add it into http response - * - * @param req http Request - * @param resp http Response - * @param pendingReq Current open PendingRequest - * @return new created SSO identifier - * @throws EAAFSSOException - */ - public String createNewSSOSessionCookie(HttpServletRequest req, HttpServletResponse resp, IRequest pendingReq) throws EAAFSSOException; - - - /** - * Create a new SSO session in database - * - * @param pendingReq - * @param newSSOSessionId - * @throws EAAFSSOException - */ - public void createNewSSOSession(IRequest pendingReq, String newSSOSessionId) throws EAAFSSOException; - - - /** - * Updateing an existing SSO session in database - * - * @param pendingReq - * @param newSSOSessionId - * @param sloInformation - * @throws EAAFSSOException - */ - public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInformationInterface sloInformation) throws EAAFSSOException; - - - - - -} diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/ISsoManager.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/ISsoManager.java new file mode 100644 index 00000000..a0734684 --- /dev/null +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/ISsoManager.java @@ -0,0 +1,127 @@ +/* + * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a + * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European + * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in + * compliance with the Licence. You may obtain a copy of the Licence at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software distributed under the Licence + * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the Licence for the specific language governing permissions and limitations under + * the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text file for details on the + * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative + * works that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.gv.egiz.eaaf.core.api.idp.auth; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.slo.SloInformationInterface; +import at.gv.egiz.eaaf.core.exceptions.EaafSsoException; + +public interface ISsoManager { + + // TODO + public static int EVENT_SSO_SESSION_INVALID = -1; + public static int EVENT_SSO_SESSION_VALID = -1; + + + public static final String PROCESS_ENGINE_SSO_CONSENTS_EVALUATION = "ssoconsentsevaluation"; + public static final String AUTH_DATA_SSO_SESSIONID = "eaaf_authdata_sso_sessionId"; + + + /** + * Check if there is an active and valid SSO session for the current pending request. <br> + * If there is an active SSO session, the pending request will be populated with eID information + * from SSO session + * + * @param pendingReq Current incoming pending request + * @param httpReq http Servlet request + * @param httpResp http Servlet response + * @return true if there is a valid SSO session, otherwise false + * @throws EaafSsoException In case of an internal error + */ + public boolean checkAndValidateSsoSession(IRequest pendingReq, HttpServletRequest httpReq, + HttpServletResponse httpResp) throws EaafSsoException; + + /** + * Populate service provider specific SSO settings. + * + * <p> + * Check if Single Sign-On is allowed for the current pending request and the requested service + * provider Set IRequest.needSingleSignOnFunctionality() to true if SSO is allowed + * </p> + * + * @param pendingReq Current incoming pending request + * @param httpReq http Servlet request + */ + public void isSsoAllowedForSp(IRequest pendingReq, HttpServletRequest httpReq); + + + /** + * Populate the current pending request with eID information from an existing SSO session. + * + * @param pendingReq pending request that should be populated by SSO session + * @throws EaafSsoException if pending request contains no SSO information or population failed + */ + public void populatePendingRequestWithSsoInformation(IRequest pendingReq) throws EaafSsoException; + + + /** + * Destroy an active SSO session on IDP site only. + * + * @param httpReq http servlet request + * @param httpResp http servlet response + * @param pendingReq current pending request + * @return true if a SSO session was closed successfully, otherwise false + * @throws EaafSsoException in case of an internal processing error + */ + public boolean destroySsoSessionOnIdpOnly(HttpServletRequest httpReq, + HttpServletResponse httpResp, IRequest pendingReq) throws EaafSsoException; + + + + /** + * Create a new SSO session-cookie for a specific pendingRequest and add it into http response. + * + * @param req http Request + * @param resp http Response + * @param pendingReq Current open PendingRequest + * @return new created SSO identifier + * @throws EaafSsoException In case of an internal error + */ + public String createNewSsoSessionCookie(HttpServletRequest req, HttpServletResponse resp, + IRequest pendingReq) throws EaafSsoException; + + + /** + * Create a new SSO session in database. + * + * @param pendingReq current pending request + * @param newSsoSessionId new SSO sessionId + * @throws EaafSsoException In case of an internal error + */ + public void createNewSsoSession(IRequest pendingReq, String newSsoSessionId) + throws EaafSsoException; + + + /** + * Updateing an existing SSO session in database. + * + * @param pendingReq current pending request + * @param newSsoSessionId new SSO session Id + * @param sloInformation SLO information container + * @throws EaafSsoException In case of an internal error + */ + public void updateSsoSession(IRequest pendingReq, String newSsoSessionId, + SloInformationInterface sloInformation) throws EaafSsoException; + + + +} diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java index 17ec6445..77fc025c 100644 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java @@ -1,24 +1,20 @@ /******************************************************************************* - * Copyright 2017 Graz University of Technology - * EAAF-Core Components has been developed in a cooperation between EGIZ, - * A-SIT Plus, A-SIT, and Graz University of Technology. + * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a + * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology. * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European + * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in + * compliance with the Licence. You may obtain a copy of the Licence at: * https://joinup.ec.europa.eu/news/understanding-eupl-v12 * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. + * Unless required by applicable law or agreed to in writing, software distributed under the Licence + * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the Licence for the specific language governing permissions and limitations under + * the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text file for details on the + * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative + * works that you distribute must include a readable copy of the "NOTICE" text file. *******************************************************************************/ /******************************************************************************* *******************************************************************************/ @@ -29,157 +25,158 @@ package at.gv.egiz.eaaf.core.api.idp.auth.data; import java.util.Date; import java.util.Map; -import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; +import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; public interface IAuthProcessDataContainer { - /** - * Returns the issuing time of the AUTH-Block SAML assertion. - * - * @return The issuing time of the AUTH-Block SAML assertion. - */ - String getIssueInstant(); - - /** - * Sets the issuing time of the AUTH-Block SAML assertion. - * - * @param issueInstant - * The issueInstant to set. - */ - void setIssueInstant(String issueInstant); - - /** - * Indicate if the authentication process is finished - * - * @return - */ - boolean isAuthenticated(); - - /** - * Mark the authentication as authenticated, which means that the authenication process is completed - * - * @param authenticated - */ - void setAuthenticated(boolean authenticated); - - /** - * Returns the identityLink. - * - * @return IdentityLink - */ - @Deprecated - IIdentityLink getIdentityLink(); - - /** - * Sets the identityLink. - * - * @param identityLink - * The identityLink to set - */ - @Deprecated - void setIdentityLink(IIdentityLink identityLink); - - - /** - * Flag marks the authentication process as new E-ID process - * - * @return true if E-ID process, otherwise false - */ - boolean isEIDProcess(); - - - /** - * Set the flag to make the process as new E-ID process - * - * @param value true if new E-ID process, otherwise false - */ - void setEIDProcess(boolean value); - - /** - * Indicate that mandates was used in this auth. process - * - * @return - */ - boolean isMandateUsed(); - - /** - * Mark that mandates was used in this auth. process - * - * @param useMandates - */ - void setUseMandates(boolean useMandates); - - /** - * Indicate that the auth. process was performed by a foreigner - * - * @return - */ - boolean isForeigner(); - - /** - * Mark that the auth. process was done by a foreigner - * - * @param isForeigner - */ - void setForeigner(boolean isForeigner); - - /** - * Indicate that the auth. process was performed by an official representatives - * - * @return is official representatives - */ - boolean isOW(); - - /** - * Mark that the auth. process was done by an official representatives - * - */ - void setOW(boolean isOW); - - /** - * eIDAS QAA level - * - * @return the qAALevel - */ - String getQAALevel(); - - /** - * set QAA level in eIDAS form - * - * @param qAALevel the qAALevel to set - */ - void setQAALevel(String qAALevel); - - /** - * @return the sessionCreated - */ - Date getSessionCreated(); - - Map<String, Object> getGenericSessionDataStorage(); - - /** - * Returns a generic session-data object with is stored with a specific identifier - * - * @param key The specific identifier of the session-data object - * @return The session-data object or null if no data is found with this key - */ - Object getGenericDataFromSession(String key); - - /** - * Returns a generic session-data object with is stored with a specific identifier - * - * @param key The specific identifier of the session-data object - * @param clazz The class type which is stored with this key - * @return The session-data object or null if no data is found with this key - */ - <T> T getGenericDataFromSession(String key, Class<T> clazz); - - /** - * Store a generic data-object to session with a specific identifier - * - * @param key Identifier for this data-object - * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface - * @throws EAAFStorageException Error message if the data-object can not stored to generic session-data storage - */ - void setGenericDataToSession(String key, Object object) throws EAAFStorageException; + /** + * Returns the issuing time of the AUTH-Block SAML assertion. + * + * @return The issuing time of the AUTH-Block SAML assertion. + */ + String getIssueInstant(); + + /** + * Sets the issuing time of the AUTH-Block SAML assertion. + * + * @param issueInstant The issueInstant to set. + */ + void setIssueInstant(String issueInstant); + + /** + * Indicate if the authentication process is finished + * + * @return + */ + boolean isAuthenticated(); + + /** + * Mark the authentication as authenticated, which means that the authenication process is + * completed + * + * @param authenticated + */ + void setAuthenticated(boolean authenticated); + + /** + * Returns the identityLink. + * + * @return IdentityLink + */ + @Deprecated + IIdentityLink getIdentityLink(); + + /** + * Sets the identityLink. + * + * @param identityLink The identityLink to set + */ + @Deprecated + void setIdentityLink(IIdentityLink identityLink); + + + /** + * Flag marks the authentication process as new E-ID process + * + * @return true if E-ID process, otherwise false + */ + boolean isEIDProcess(); + + + /** + * Set the flag to make the process as new E-ID process + * + * @param value true if new E-ID process, otherwise false + */ + void setEIDProcess(boolean value); + + /** + * Indicate that mandates was used in this auth. process + * + * @return + */ + boolean isMandateUsed(); + + /** + * Mark that mandates was used in this auth. process + * + * @param useMandates + */ + void setUseMandates(boolean useMandates); + + /** + * Indicate that the auth. process was performed by a foreigner + * + * @return + */ + boolean isForeigner(); + + /** + * Mark that the auth. process was done by a foreigner + * + * @param isForeigner + */ + void setForeigner(boolean isForeigner); + + /** + * Indicate that the auth. process was performed by an official representatives + * + * @return is official representatives + */ + boolean isOW(); + + /** + * Mark that the auth. process was done by an official representatives + * + */ + void setOW(boolean isOW); + + /** + * eIDAS QAA level + * + * @return the qAALevel + */ + String getQAALevel(); + + /** + * set QAA level in eIDAS form + * + * @param qAALevel the qAALevel to set + */ + void setQAALevel(String qAALevel); + + /** + * @return the sessionCreated + */ + Date getSessionCreated(); + + Map<String, Object> getGenericSessionDataStorage(); + + /** + * Returns a generic session-data object with is stored with a specific identifier + * + * @param key The specific identifier of the session-data object + * @return The session-data object or null if no data is found with this key + */ + Object getGenericDataFromSession(String key); + + /** + * Returns a generic session-data object with is stored with a specific identifier + * + * @param key The specific identifier of the session-data object + * @param clazz The class type which is stored with this key + * @return The session-data object or null if no data is found with this key + */ + <T> T getGenericDataFromSession(String key, Class<T> clazz); + + /** + * Store a generic data-object to session with a specific identifier + * + * @param key Identifier for this data-object + * @param object Generic data-object which should be stored. This data-object had to be implement + * the 'java.io.Serializable' interface + * @throws EaafStorageException Error message if the data-object can not stored to generic + * session-data storage + */ + void setGenericDataToSession(String key, Object object) throws EaafStorageException; } diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IIdentityLink.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IIdentityLink.java index df71b30a..b37d41e3 100644 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IIdentityLink.java +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IIdentityLink.java @@ -1,24 +1,20 @@ /******************************************************************************* - * Copyright 2017 Graz University of Technology - * EAAF-Core Components has been developed in a cooperation between EGIZ, - * A-SIT Plus, A-SIT, and Graz University of Technology. + * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a + * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology. * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European + * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in + * compliance with the Licence. You may obtain a copy of the Licence at: * https://joinup.ec.europa.eu/news/understanding-eupl-v12 * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. + * Unless required by applicable law or agreed to in writing, software distributed under the Licence + * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the Licence for the specific language governing permissions and limitations under + * the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text file for details on the + * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative + * works that you distribute must include a readable copy of the "NOTICE" text file. *******************************************************************************/ /******************************************************************************* *******************************************************************************/ @@ -39,144 +35,163 @@ import org.w3c.dom.Element; */ public interface IIdentityLink { - /** - * Returns the dateOfBirth. - * @return Calendar - */ - String getDateOfBirth(); - - /** - * Returns the familyName. - * @return String - */ - String getFamilyName(); - - /** - * Returns the givenName. - * @return String - */ - String getGivenName(); - - /** - * Return the name as 'givenName + " " + familyName'<br> - * This method should be used any more. Use getFamilyName() and getGivenName() separately. - * - * @return The name. - */ - @Deprecated - String getName(); - - /** - * Returns the identificationValue. - * <code>"identificationValue"</code> is the translation of <code>"Stammzahl"</code>. - * @return String - */ - String getIdentificationValue(); - - /** - * Returns the identificationType. - * <code>"identificationType"</code> type of the identificationValue in the IdentityLink. - * @return String - */ - String getIdentificationType(); - - /** - * Sets the dateOfBirth. - * @param dateOfBirth The dateOfBirth to set - */ - void setDateOfBirth(String dateOfBirth); - - /** - * Sets the familyName. - * @param familyName The familyName to set - */ - void setFamilyName(String familyName); - - /** - * Sets the givenName. - * @param givenName The givenName to set - */ - void setGivenName(String givenName); - - /** - * Sets the identificationValue. - * <code>"identificationValue"</code> is the translation of <code>"Stammzahl"</code>. - * @param identificationValue The identificationValue to set - */ - void setIdentificationValue(String identificationValue); - - /** - * Sets the Type of the identificationValue. - * @param identificationType The type of identificationValue to set - */ - void setIdentificationType(String identificationType); - - /** - * Returns the samlAssertion. - * @return Element - */ - Element getSamlAssertion(); - - /** - * Returns the samlAssertion. - * @return Element - */ - String getSerializedSamlAssertion(); - - /** - * Sets the samlAssertion and the serializedSamlAssertion. - * @param samlAssertion The samlAssertion to set - */ - void setSamlAssertion(Element samlAssertion) throws TransformerException, IOException; - - /** - * Returns the dsigReferenceTransforms. - * @return Element[] - */ - Element[] getDsigReferenceTransforms(); - - /** - * Sets the dsigReferenceTransforms. - * @param dsigReferenceTransforms The dsigReferenceTransforms to set - */ - void setDsigReferenceTransforms(Element[] dsigReferenceTransforms); - - /** - * Returns the publicKey. - * @return PublicKey[] - */ - PublicKey[] getPublicKey(); - - /** - * Sets the publicKey. - * @param publicKey The publicKey to set - */ - void setPublicKey(PublicKey[] publicKey); - - /** - * Returns the prPerson. - * @return Element - */ - Element getPrPerson(); - - /** - * Sets the prPerson. - * @param prPerson The prPerson to set - */ - void setPrPerson(Element prPerson); - - /** - * Returns the issuing time of the identity link SAML assertion. - * - * @return The issuing time of the identity link SAML assertion. - */ - String getIssueInstant(); - - /** - * Sets the issuing time of the identity link SAML assertion. - * - * @param issueInstant The issueInstant to set. - */ - void setIssueInstant(String issueInstant); - -}
\ No newline at end of file + /** + * Returns the dateOfBirth. + * + * @return Calendar + */ + String getDateOfBirth(); + + /** + * Returns the familyName. + * + * @return String + */ + String getFamilyName(); + + /** + * Returns the givenName. + * + * @return String + */ + String getGivenName(); + + /** + * Return the name as 'givenName + " " + familyName'<br> + * This method should be used any more. Use getFamilyName() and getGivenName() separately. + * + * @return The name. + */ + @Deprecated + String getName(); + + /** + * Returns the identificationValue. <code>"identificationValue"</code> is the translation of + * <code>"Stammzahl"</code>. + * + * @return String + */ + String getIdentificationValue(); + + /** + * Returns the identificationType. <code>"identificationType"</code> type of the + * identificationValue in the IdentityLink. + * + * @return String + */ + String getIdentificationType(); + + /** + * Sets the dateOfBirth. + * + * @param dateOfBirth The dateOfBirth to set + */ + void setDateOfBirth(String dateOfBirth); + + /** + * Sets the familyName. + * + * @param familyName The familyName to set + */ + void setFamilyName(String familyName); + + /** + * Sets the givenName. + * + * @param givenName The givenName to set + */ + void setGivenName(String givenName); + + /** + * Sets the identificationValue. <code>"identificationValue"</code> is the translation of + * <code>"Stammzahl"</code>. + * + * @param identificationValue The identificationValue to set + */ + void setIdentificationValue(String identificationValue); + + /** + * Sets the Type of the identificationValue. + * + * @param identificationType The type of identificationValue to set + */ + void setIdentificationType(String identificationType); + + /** + * Returns the samlAssertion. + * + * @return Element + */ + Element getSamlAssertion(); + + /** + * Returns the samlAssertion. + * + * @return Element + */ + String getSerializedSamlAssertion(); + + /** + * Sets the samlAssertion and the serializedSamlAssertion. + * + * @param samlAssertion The samlAssertion to set + */ + void setSamlAssertion(Element samlAssertion) throws TransformerException, IOException; + + /** + * Returns the dsigReferenceTransforms. + * + * @return Element[] + */ + Element[] getDsigReferenceTransforms(); + + /** + * Sets the dsigReferenceTransforms. + * + * @param dsigReferenceTransforms The dsigReferenceTransforms to set + */ + void setDsigReferenceTransforms(Element[] dsigReferenceTransforms); + + /** + * Returns the publicKey. + * + * @return PublicKey[] + */ + PublicKey[] getPublicKey(); + + /** + * Sets the publicKey. + * + * @param publicKey The publicKey to set + */ + void setPublicKey(PublicKey[] publicKey); + + /** + * Returns the prPerson. + * + * @return Element + */ + Element getPrPerson(); + + /** + * Sets the prPerson. + * + * @param prPerson The prPerson to set + */ + void setPrPerson(Element prPerson); + + /** + * Returns the issuing time of the identity link SAML assertion. + * + * @return The issuing time of the identity link SAML assertion. + */ + String getIssueInstant(); + + /** + * Sets the issuing time of the identity link SAML assertion. + * + * @param issueInstant The issueInstant to set. + */ + void setIssueInstant(String issueInstant); + +} diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/modules/AuthModule.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/modules/AuthModule.java index 7f5eef06..e74bed63 100644 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/modules/AuthModule.java +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/modules/AuthModule.java @@ -1,29 +1,22 @@ -/******************************************************************************* - * Copyright 2017 Graz University of Technology - * EAAF-Core Components has been developed in a cooperation between EGIZ, - * A-SIT Plus, A-SIT, and Graz University of Technology. +/* + * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a + * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology. * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European + * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in + * compliance with the Licence. You may obtain a copy of the Licence at: * https://joinup.ec.europa.eu/news/understanding-eupl-v12 * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -/******************************************************************************* - *******************************************************************************/ -/******************************************************************************* - *******************************************************************************/ + * Unless required by applicable law or agreed to in writing, software distributed under the Licence + * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the Licence for the specific language governing permissions and limitations under + * the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text file for details on the + * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative + * works that you distribute must include a readable copy of the "NOTICE" text file. +*/ + package at.gv.egiz.eaaf.core.api.idp.auth.modules; import at.gv.egiz.eaaf.core.api.IRequest; @@ -34,36 +27,36 @@ import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; */ public interface AuthModule { - /** - * Returns the priority of the module. The priority defines the order of the respective module within the chain of - * discovered modules. Higher priorized modules are asked before lower priorized modules for a process that they can - * handle. - * <p/> - * Internal default modules are priorized neutral ({@code 0}. Use a higher priority ({@code 1...Integer.MAX_VALUE}) - * in order to have your module(s) priorized or a lower priority ({@code Integer.MIN_VALUE...-1}) in order to put - * your modules behind default modules. - * - * @return the priority of the module. - */ - int getPriority(); + /** + * Returns the priority of the module. The priority defines the order of the respective module + * within the chain of discovered modules. Higher priorized modules are asked before lower + * priorized modules for a process that they can handle. + * <p/> + * Internal default modules are priorized neutral ({@code 0}. Use a higher priority + * ({@code 1...Integer.MAX_VALUE}) in order to have your module(s) priorized or a lower priority + * ({@code Integer.MIN_VALUE...-1}) in order to put your modules behind default modules. + * + * @return the priority of the module. + */ + int getPriority(); - /** - * Selects a process (description), referenced by its unique id, which is able to perform authentication with the - * given {@link ExecutionContext}. Returns {@code null} if no appropriate process (description) was available within - * this module. - * - * @param context - * an ExecutionContext for a process. - * @param pendingReq the current processed pending request - * @return the process-ID of a process which is able to work with the given ExecutionContext, or {@code null}. - */ - String selectProcess(ExecutionContext context, IRequest pendingReq); + /** + * Selects a process (description), referenced by its unique id, which is able to perform + * authentication with the given {@link ExecutionContext}. Returns {@code null} if no appropriate + * process (description) was available within this module. + * + * @param context an ExecutionContext for a process. + * @param pendingReq the current processed pending request + * @return the process-ID of a process which is able to work with the given ExecutionContext, or + * {@code null}. + */ + String selectProcess(ExecutionContext context, IRequest pendingReq); - /** - * Returns the an Array of {@link ProcessDefinition}s of the processes included in this module. - * - * @return an array of resource uris of the processes included in this module. - */ - String[] getProcessDefinitions(); + /** + * Returns the an Array of {@link ProcessDefinition}s of the processes included in this module. + * + * @return an array of resource uris of the processes included in this module. + */ + String[] getProcessDefinitions(); } diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/services/IProtocolAuthenticationService.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/services/IProtocolAuthenticationService.java index de5eb036..14ce0989 100644 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/services/IProtocolAuthenticationService.java +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/services/IProtocolAuthenticationService.java @@ -1,89 +1,89 @@ -/******************************************************************************* - * Copyright 2017 Graz University of Technology - * EAAF-Core Components has been developed in a cooperation between EGIZ, - * A-SIT Plus, A-SIT, and Graz University of Technology. +/* + * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a + * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology. * - * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European + * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in + * compliance with the Licence. You may obtain a copy of the Licence at: * https://joinup.ec.europa.eu/news/understanding-eupl-v12 * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ + * Unless required by applicable law or agreed to in writing, software distributed under the Licence + * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the Licence for the specific language governing permissions and limitations under + * the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text file for details on the + * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative + * works that you distribute must include a readable copy of the "NOTICE" text file. + */ + package at.gv.egiz.eaaf.core.api.idp.auth.services; import java.io.IOException; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; - import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.logging.IStatisticLogger; -import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; public interface IProtocolAuthenticationService { - public String PARAM_GUI_ERROMSG = "errorMsg"; - public String PARAM_GUI_ERRORCODE = "errorCode"; - public String PARAM_GUI_ERRORCODEPARAMS = "errorParams"; - public String PARAM_GUI_ERRORSTACKTRACE = "stacktrace"; - - - /** - * Initialize an authentication process for this protocol request - * - * @param httpReq HttpServletRequest - * @param httpResp HttpServletResponse - * @param protocolRequest Authentication request which is actually in process - * @throws IOException - * @throws EAAFException - */ - void performAuthentication(HttpServletRequest req, HttpServletResponse resp, IRequest pendingReq) - throws IOException, EAAFException; + public String PARAM_GUI_ERROMSG = "errorMsg"; + public String PARAM_GUI_ERRORCODE = "errorCode"; + public String PARAM_GUI_ERRORCODEPARAMS = "errorParams"; + public String PARAM_GUI_ERRORSTACKTRACE = "stacktrace"; + + + /** + * Initialize an authentication process for this protocol request. + * + * @param httpReq HttpServletRequest + * @param httpResp HttpServletResponse + * @param pendingReq Authentication request which is actually in process + * @throws IOException In case of a communication error + * @throws EaafException In case of an application error + */ + void performAuthentication(HttpServletRequest httpReq, HttpServletResponse httpResp, IRequest pendingReq) + throws IOException, EaafException; - /** - * Finalize the requested protocol operation - * - * @param httpReq HttpServletRequest - * @param httpResp HttpServletResponse - * @param protocolRequest Authentication request which is actually in process - * @throws IOException If response can not be written into {@link HttpServletResponse} - * @throws EAAFException If an internal error occur - */ - void finalizeAuthentication(HttpServletRequest req, HttpServletResponse resp, IRequest pendingReq) throws EAAFException, IOException; + /** + * Finalize the requested protocol operation. + * + * @param httpReq HttpServletRequest + * @param httpResp HttpServletResponse + * @param pendingReq Authentication request which is actually in process + * @throws IOException If response can not be written into {@link HttpServletResponse} + * @throws EaafException If an internal error occur + */ + void finalizeAuthentication(HttpServletRequest httpReq, HttpServletResponse httpResp, IRequest pendingReq) + throws EaafException, IOException; - /** - * @param throwable Exception that should be handled - * @param req Current open http request as {@link HttpServletRequest} - * @param resp Current open http response as {@link HttpServletResponse} - * @param pendingReq Authentication request which is actually in process - * @throws IOException If response can not be written into {@link HttpServletResponse} - * @throws EAAFException If an internal error occur - */ - void buildProtocolSpecificErrorResponse(Throwable throwable, HttpServletRequest req, HttpServletResponse resp, - IRequest pendingReq) throws IOException, EAAFException; + /** + * Build protocol-specific error message. + * + * @param throwable Exception that should be handled + * @param req Current open http request as {@link HttpServletRequest} + * @param resp Current open http response as {@link HttpServletResponse} + * @param pendingReq Authentication request which is actually in process + * @throws IOException If response can not be written into {@link HttpServletResponse} + * @throws EaafException If an internal error occur + */ + void buildProtocolSpecificErrorResponse(Throwable throwable, HttpServletRequest req, + HttpServletResponse resp, IRequest pendingReq) throws IOException, EaafException; - /** - * Handles all exceptions with no pending request. - * Therefore, the error is written to the users browser - * - * @param throwable Exception that should be handled - * @param req Current open http request as {@link HttpServletRequest} - * @param resp Current open http response as {@link HttpServletResponse} - * @param writeExceptionToStatisticLog if <code>true</code>, the exception get logged into {@link IStatisticLogger} - * @throws IOException If response can not be written into {@link HttpServletResponse} - * @throws EAAFException If an internal error occure - */ - void handleErrorNoRedirect(Throwable throwable, HttpServletRequest req, HttpServletResponse resp, boolean writeExceptionToStatisticLog) throws IOException, EAAFException; + /** + * Handles all exceptions with no pending request. Therefore, the error is written to the users + * browser + * + * @param throwable Exception that should be handled + * @param req Current open http request as {@link HttpServletRequest} + * @param resp Current open http response as {@link HttpServletResponse} + * @param writeExceptionToStatisticLog if <code>true</code>, the exception get logged into + * {@link IStatisticLogger} + * @throws IOException If response can not be written into {@link HttpServletResponse} + * @throws EaafException If an internal error occure + */ + void handleErrorNoRedirect(Throwable throwable, HttpServletRequest req, HttpServletResponse resp, + boolean writeExceptionToStatisticLog) throws IOException, EaafException; -}
\ No newline at end of file +} |