From a90e8da7e616818a938281d02246a8ed3a03921c Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Tue, 14 Sep 2021 07:35:35 +0200 Subject: work-around to solve possible multi-thread issue in authentication-data builder --- .../builder/AbstractAuthenticationDataBuilder.java | 48 ++++++++++++++-------- 1 file changed, 31 insertions(+), 17 deletions(-) diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java index f1811022..d0ee8f5c 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java @@ -22,8 +22,9 @@ package at.gv.egiz.eaaf.core.impl.idp.auth.builder; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; -import java.util.ArrayList; import java.util.Collection; +import java.util.HashSet; +import java.util.Set; import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; @@ -72,9 +73,11 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati public static final String CONFIG_PROP_ENABLE_IDL_ATTRIBUTE_ESCAPEING = "configuration.bugfix.enable.idl.escaping"; - protected Collection includedToGenericAuthData = null; @Autowired protected IConfigurationWithSP basicConfig; + + protected ThreadLocal> includedToGenericAuthData = null; + @Override public IAuthData buildAuthenticationData(final IRequest pendingReq) @@ -137,7 +140,7 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati */ protected abstract void buildServiceSpecificAuthenticationData(IAuthData authData, IRequest pendingReq) throws EaafException; - + /** * Add generic E-ID information into already existing AuthData. * @@ -169,7 +172,7 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati // includedToGenericAuthData = // authProcessData.getGenericSessionDataStorage().keySet(); // else - includedToGenericAuthData = new ArrayList<>(); + initializeThreadLocalVariable(new HashSet<>()); // #################################################### // set general authData info's @@ -218,6 +221,17 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati }); } + /** + * Initialize Thread-Local holder for generic attributes set in authenticated session. + * + * @param set {@link Collection} of generic attribute-names + */ + protected void initializeThreadLocalVariable(Set set) { + includedToGenericAuthData = new ThreadLocal>(); + includedToGenericAuthData.set(set); + + } + /** * Parse citzen country-code into AuthData. * @@ -228,7 +242,7 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati */ private void setCitizenCountryCode(final AuthenticationData authData, final IAuthProcessDataContainer authProcessData) throws EaafAuthenticationException { - includedToGenericAuthData.remove(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME); + includedToGenericAuthData.get().remove(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME); final String pvpCccAttr = authProcessData .getGenericDataFromSession(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, String.class); if (StringUtils.isNotEmpty(pvpCccAttr)) { @@ -261,7 +275,7 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati */ private void setQaaLevel(@NonNull final AuthenticationData authData, @NonNull final IAuthProcessDataContainer authProcessData) { - includedToGenericAuthData.remove(PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME); + includedToGenericAuthData.get().remove(PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME); String currentLoA = null; if (StringUtils.isNotEmpty(authProcessData.getQaaLevel())) { currentLoA = authProcessData.getQaaLevel(); @@ -327,9 +341,9 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati if (authProcessData.getGenericSessionDataStorage() != null && !authProcessData.getGenericSessionDataStorage().isEmpty()) { - includedToGenericAuthData = authProcessData.getGenericSessionDataStorage().keySet(); + initializeThreadLocalVariable(authProcessData.getGenericSessionDataStorage().keySet()); } else { - includedToGenericAuthData = new ArrayList<>(); + initializeThreadLocalVariable(new HashSet<>()); } // #################################################### @@ -344,7 +358,7 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati IIdentityLink idlFromPvpAttr = null; final IIdentityLink identityLink = authProcessData.getIdentityLink(); if (identityLink != null) { - parseBasicUserInfosFromIdl(authData, identityLink, includedToGenericAuthData); + parseBasicUserInfosFromIdl(authData, identityLink, includedToGenericAuthData.get()); } else { // identityLink is not direct in MOASession @@ -358,7 +372,7 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati try { idlStream = new ByteArrayInputStream(Base64Utils.decodeFromString(pvpAttrIdl)); idlFromPvpAttr = new SimpleIdentityLinkAssertionParser(idlStream).parseIdentityLink(); - parseBasicUserInfosFromIdl(authData, idlFromPvpAttr, includedToGenericAuthData); + parseBasicUserInfosFromIdl(authData, idlFromPvpAttr, includedToGenericAuthData.get()); // set identitylink into AuthProcessData authProcessData.setIdentityLink(idlFromPvpAttr); @@ -371,7 +385,7 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati } finally { try { - includedToGenericAuthData.remove(PvpAttributeDefinitions.EID_IDENTITY_LINK_NAME); + includedToGenericAuthData.get().remove(PvpAttributeDefinitions.EID_IDENTITY_LINK_NAME); if (idlStream != null) { idlStream.close(); } @@ -399,11 +413,11 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati PvpAttributeDefinitions.EID_SOURCE_PIN_TYPE_NAME, String.class)); // remove corresponding keys from genericSessionData if exists - includedToGenericAuthData.remove(PvpAttributeDefinitions.PRINCIPAL_NAME_NAME); - includedToGenericAuthData.remove(PvpAttributeDefinitions.GIVEN_NAME_NAME); - includedToGenericAuthData.remove(PvpAttributeDefinitions.BIRTHDATE_NAME); - includedToGenericAuthData.remove(PvpAttributeDefinitions.EID_SOURCE_PIN_NAME); - includedToGenericAuthData.remove(PvpAttributeDefinitions.EID_SOURCE_PIN_TYPE_NAME); + includedToGenericAuthData.get().remove(PvpAttributeDefinitions.PRINCIPAL_NAME_NAME); + includedToGenericAuthData.get().remove(PvpAttributeDefinitions.GIVEN_NAME_NAME); + includedToGenericAuthData.get().remove(PvpAttributeDefinitions.BIRTHDATE_NAME); + includedToGenericAuthData.get().remove(PvpAttributeDefinitions.EID_SOURCE_PIN_NAME); + includedToGenericAuthData.get().remove(PvpAttributeDefinitions.EID_SOURCE_PIN_TYPE_NAME); } } @@ -621,7 +635,7 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati */ @Deprecated private void parseBasicUserInfosFromIdl(final AuthenticationData authData, - final IIdentityLink identityLink, final Collection includedGenericSessionData) { + final IIdentityLink identityLink, final Set includedGenericSessionData) { authData.setIdentificationValue(identityLink.getIdentificationValue()); authData.setIdentificationType(identityLink.getIdentificationType()); -- cgit v1.2.3