/******************************************************************************* *******************************************************************************/ package at.gv.egiz.eaaf.core.impl.idp.controller; import java.io.IOException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.text.StringEscapeUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import at.gv.egiz.components.eventlog.api.EventConstants; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.IStatusMessager; import at.gv.egiz.eaaf.core.api.data.EAAFConstants; import at.gv.egiz.eaaf.core.api.data.ExceptionContainer; import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException; import at.gv.egiz.eaaf.core.exceptions.EAAFException; /** * @author tlenz * */ @Controller public class ProtocolFinalizationController extends AbstractAuthProtocolModulController { private static final Logger log = LoggerFactory.getLogger(ProtocolFinalizationController.class); @RequestMapping(value = ENDPOINT_ERRORHANDLING, method = {RequestMethod.GET}) public void errorHandling(HttpServletRequest req, HttpServletResponse resp) throws EAAFException, IOException { //receive an authentication error String errorid = StringEscapeUtils.escapeHtml4(req.getParameter(EAAFConstants.PARAM_HTTP_ERROR_CODE)); if (errorid != null) { IRequest pendingReq = null; try { //load stored exception from database ExceptionContainer container = transactionStorage.get(errorid, ExceptionContainer.class); if (container != null) { //remove exception if it was found transactionStorage.remove(errorid); Throwable throwable = container.getExceptionThrown(); pendingReq = container.getPendingRequest(); if (pendingReq != null) { //build protocol-specific error message if possible buildProtocolSpecificErrorResponse(throwable, req, resp, pendingReq); //remove active user-session transactionStorage.remove(pendingReq.getPendingRequestId()); return; } else { handleErrorNoRedirect(throwable, req, resp, true); } } else { handleErrorNoRedirect( new EAAFException( IStatusMessager.CODES_INTERNAL_ERROR_AUTH_NOPENDIGREQID, null, "NO Error with this Id found" ), req, resp, false); } } catch (Throwable e) { log.error(e.getMessage(), e); handleErrorNoRedirect(e, req, resp, false); } finally { //remove pending-request if (pendingReq != null) { requestStorage.removePendingRequest(pendingReq.getPendingRequestId()); revisionsLogger.logEvent(EventConstants.TRANSACTION_DESTROYED, pendingReq.getUniqueTransactionIdentifier()); } } } else { log.debug("Request contains NO ErrorId"); handleErrorNoRedirect( new EAAFException( IStatusMessager.CODES_INTERNAL_ERROR_AUTH_NOPENDIGREQID, null, "Request containts NO error id." ), req, resp, false); } } @RequestMapping(value = ENDPOINT_FINALIZEPROTOCOL, method = {RequestMethod.GET}) public void finalizeAuthProtocol(HttpServletRequest req, HttpServletResponse resp) throws EAAFException, IOException { //read pendingRequest from http request Object idObject = StringEscapeUtils.escapeHtml4(req.getParameter(EAAFConstants.PARAM_HTTP_TARGET_PENDINGREQUESTID)); IRequest pendingReq = null; String pendingRequestID = null; if (idObject != null && (idObject instanceof String)) { pendingRequestID = (String) idObject; pendingReq = requestStorage.getPendingRequest(pendingRequestID); } if (pendingReq == null) { log.error("No PendingRequest with ID " + pendingRequestID + " found.!"); handleErrorNoRedirect( new EAAFException( IStatusMessager.CODES_INTERNAL_ERROR_AUTH_TIMEOUT, new Object[]{pendingRequestID, }, "No pendigReq with Id: " + pendingRequestID), req, resp, false); } else { try { log.debug("Finalize PendingRequest with ID " + pendingRequestID); //check if pending-request has 'abortedByUser' flag set if (pendingReq.isAbortedByUser()) { //send authentication aborted error to Service Provider buildProtocolSpecificErrorResponse( new EAAFAuthenticationException( IStatusMessager.CODES_INTERNAL_ERROR_AUTH_USERSTOP, new Object[] {}, "User stops authentication process"), req, resp, pendingReq); //do not remove the full active SSO-Session // in case of only one Service-Provider authentication request is aborted if ( !pendingReq.needSingleSignOnFunctionality()) { transactionStorage.remove(pendingReq.getPendingRequestId()); } //check if pending-request are authenticated } else if (pendingReq.isAuthenticated()) { finalizeAuthenticationProcess(req, resp, pendingReq); } else { //suspect state: pending-request is not aborted but also are not authenticated log.error("PendingRequest is NOT authenticated --> Abort authentication process!"); handleErrorNoRedirect( new EAAFException( "auth.20", null, "PendingRequest is NOT authenticated --> Abort authentication process!" ), req, resp, true); } } catch (Exception e) { log.error("Finalize authentication protocol FAILED." , e); buildProtocolSpecificErrorResponse(e, req, resp, pendingReq); if (pendingReq != null) transactionStorage.remove(pendingReq.getPendingRequestId()); } } //remove pending-request if (pendingReq != null) { requestStorage.removePendingRequest(pendingReq.getPendingRequestId()); revisionsLogger.logEvent(EventConstants.TRANSACTION_DESTROYED, pendingReq.getUniqueTransactionIdentifier()); } } }