From c02bd7c0a8b47fefa09e1eb73291f5ea14082a3a Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 27 Feb 2020 11:01:17 +0100 Subject: add new transactionId for PII related data only --- .../impl/idp/controller/protocols/RequestImpl.java | 65 ++++++++++++++++++++-- .../core/impl/idp/module/test/TestRequestImpl.java | 16 +++++- 2 files changed, 73 insertions(+), 8 deletions(-) (limited to 'eaaf_core') diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/protocols/RequestImpl.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/protocols/RequestImpl.java index 5110d2bf..adc8774a 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/protocols/RequestImpl.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/protocols/RequestImpl.java @@ -42,7 +42,6 @@ import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; import at.gv.egiz.eaaf.core.impl.utils.HttpUtils; -import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egiz.eaaf.core.impl.utils.TransactionIdUtils; import org.apache.commons.lang3.StringUtils; @@ -71,6 +70,7 @@ public abstract class RequestImpl implements IRequest, Serializable { private String uniqueTransactionIdentifer; private String uniqueSessionIdentifer; + private String uniquePiiTransactionIdentifier; private String requestedServiceProviderIdentifer; private String idpAuthUrl = null; @@ -104,7 +104,22 @@ public abstract class RequestImpl implements IRequest, Serializable { */ public final void initialize(final HttpServletRequest req, final IConfigurationWithSP authConfig) throws EaafException { - initialize(req, authConfig, null); + initialize(req, authConfig, null, null); + + } + + /** + * Initialize this pendingRequest object. + * + * @param req {@link HttpServletRequest} + * @param authConfig {@link IConfiguration} + * @param transactionId Unique ID for technical log correlation that should be used in this pendingRequest + * @throws EaafException + * + */ + public final void initialize(final HttpServletRequest req, final IConfigurationWithSP authConfig, + @Nullable final String transactionId) throws EaafException { + initialize(req, authConfig, transactionId, null); } @@ -113,25 +128,35 @@ public abstract class RequestImpl implements IRequest, Serializable { * * @param req {@link HttpServletRequest} * @param authConfig {@link IConfiguration} - * @param transactionId transactionId that should be used in this pendingRequest + * @param transactionId Unique ID for technical log correlation that should be used in this pendingRequest + * @param piiTransactionId Unique ID for PII data correlation that should be used in this pendingRequest * for logging. If 'null' a new one will be generated * * @throws EaafException * */ public final void initialize(@NonNull final HttpServletRequest req, - @NonNull final IConfigurationWithSP authConfig, @Nullable final String transactionId) + @NonNull final IConfigurationWithSP authConfig, @Nullable final String transactionId, + @Nullable final String piiTransactionId) throws EaafException { // use external transactionId or create new one if empty or null if (StringUtils.isNotEmpty(transactionId)) { uniqueTransactionIdentifer = transactionId; } else { - uniqueTransactionIdentifer = Random.nextLongRandom(); + uniqueTransactionIdentifer = UUID.randomUUID().toString(); } // set unique transaction identifier for logging TransactionIdUtils.setTransactionId(uniqueTransactionIdentifer); + // use external piiTransactionId or create new one if empty or null + if (StringUtils.isNotEmpty(piiTransactionId)) { + uniquePiiTransactionIdentifier = piiTransactionId; + } else { + uniquePiiTransactionIdentifier = UUID.randomUUID().toString(); + } + + // initialize session object genericDataStorage.put(EaafConstants.AUTH_DATA_CREATED, new Date()); // genericDataStorage.put(EAAFConstants.VALUE_SESSIONID, @@ -312,22 +337,52 @@ public abstract class RequestImpl implements IRequest, Serializable { } + @Override + public final String getUniquePiiTransactionIdentifier() { + return uniquePiiTransactionIdentifier; + } + @Override public final String getProcessInstanceId() { return this.processInstanceId; } + /** + * Set an unique transaction identifier to correlate technical logging + * in one single transaction. + * + * @param id Unique identifier + */ public final void setUniqueTransactionIdentifier(final String id) { this.uniqueTransactionIdentifer = id; } + /** + * Set an unique session identifier to correlate technical logging over a set of transactions, + * like SSO as one example. + * + * @param id Unique identifier + */ public final void setUniqueSessionIdentifier(final String id) { this.uniqueSessionIdentifer = id; } + /** + * Set an unique transaction identifier to correlate PII related data. + * + *

This identifier will be not used for technical logging.

+ * + * @param id Unique identifier + */ + public void setUniquePiiTransactionIdentifier(String id) { + this.uniquePiiTransactionIdentifier = id; + + } + + public void setProcessInstanceId(final String id) { this.processInstanceId = id; diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/module/test/TestRequestImpl.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/module/test/TestRequestImpl.java index 656e8d29..8f8f8114 100644 --- a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/module/test/TestRequestImpl.java +++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/module/test/TestRequestImpl.java @@ -24,13 +24,13 @@ import java.lang.reflect.InvocationTargetException; import java.util.HashMap; import java.util.Map; -import org.apache.commons.lang3.StringUtils; - import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; +import org.apache.commons.lang3.StringUtils; + /** * Test pending-request for jUnit tests. * @@ -49,6 +49,7 @@ public class TestRequestImpl implements IRequest { private boolean authenticated; private boolean needAuthentication = false; private boolean stoppedByUser; + private String piiTransactionId; /* * (non-Javadoc) @@ -139,6 +140,11 @@ public class TestRequestImpl implements IRequest { return null; } + @Override + public String getUniquePiiTransactionIdentifier() { + return this.piiTransactionId; + } + /* * (non-Javadoc) * @@ -247,7 +253,7 @@ public class TestRequestImpl implements IRequest { @Override public boolean isAbortedByUser() { return this.stoppedByUser; - + } /* @@ -370,6 +376,10 @@ public class TestRequestImpl implements IRequest { this.pendingReqId = pendingReqId; } + public void setPiiTransactionId(String piiTransactionId) { + this.piiTransactionId = piiTransactionId; + } + public void setAuthUrl(final String authUrl) { this.authUrl = authUrl; } -- cgit v1.2.3