diff options
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASSignalServlet.java')
| -rw-r--r-- | eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASSignalServlet.java | 89 |
1 files changed, 69 insertions, 20 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASSignalServlet.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASSignalServlet.java index 51d1bd0c..77f799e7 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASSignalServlet.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/gv/egiz/eidas/specific/modules/authmodule_eIDASv2/eIDASSignalServlet.java @@ -8,14 +8,25 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang3.StringUtils; -import org.apache.commons.text.StringEscapeUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; -import at.gv.egovernment.moa.id.auth.servlet.AbstractProcessEngineSignalController; +import com.google.common.collect.ImmutableSortedSet; + +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; +import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.exception.eIDASAuthenticationException; +import at.gv.egiz.eidas.specific.modules.authmodule_eIDASv2.service.eIDASAttributeRegistry; +import eu.eidas.auth.commons.EidasParameterKeys; +import eu.eidas.auth.commons.light.ILightResponse; +import eu.eidas.specificcommunication.SpecificCommunicationDefinitionBeanNames; +import eu.eidas.specificcommunication.exception.SpecificCommunicationException; +import eu.eidas.specificcommunication.protocol.impl.SpecificConnectorCommunicationServiceImpl; + /** * @author tlenz @@ -25,9 +36,10 @@ import at.gv.egovernment.moa.id.auth.servlet.AbstractProcessEngineSignalControll public class eIDASSignalServlet extends AbstractProcessEngineSignalController { private static final Logger log = LoggerFactory.getLogger(eIDASSignalServlet.class); + @Autowired private ApplicationContext context; + @Autowired private eIDASAttributeRegistry attrRegistry; - - public eIDASSignalServlet() { + public eIDASSignalServlet() { super(); log.debug("Registering servlet " + getClass().getName() + " with mappings '"+ Constants.eIDAS_HTTP_ENDPOINT_SP_POST + @@ -39,11 +51,11 @@ public class eIDASSignalServlet extends AbstractProcessEngineSignalController { Constants.eIDAS_HTTP_ENDPOINT_SP_REDIRECT }, method = {RequestMethod.POST, RequestMethod.GET}) - public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException { + public void restoreEidasAuthProcess(HttpServletRequest req, HttpServletResponse resp) throws IOException { signalProcessManagement(req, resp); } - @Override + /** * Protocol specific implementation to get the pending-requestID * from http request object @@ -52,31 +64,68 @@ public class eIDASSignalServlet extends AbstractProcessEngineSignalController { * @return The Pending-request id * */ + @Override public String getPendingRequestId(HttpServletRequest request) { - String sessionId = super.getPendingRequestId(request); + //String sessionId = super.getPendingRequestId(request); try { - - // use SAML2 relayState - if (sessionId == null) { - log.trace("No transaction identifier from pendingReq. Search for SAML2 'RelayState' ..."); - sessionId = StringEscapeUtils.escapeHtml4(request.getParameter("RelayState")); - - if (StringUtils.isEmpty(sessionId)) - log.info("NO transaction identifier found! Stopping process ...."); - else - log.debug("Find transaction identifier in SAML2 'RelayState': " + sessionId); + //get token from Request + final String tokenBase64 = request.getParameter(EidasParameterKeys.TOKEN.toString()); + if (StringUtils.isEmpty(tokenBase64)) { + log.warn("NO eIDAS message token found."); + throw new eIDASAuthenticationException("eidas.04", null); + } + log.trace("Receive eIDAS-node token: " + tokenBase64 + " Starting transaction-restore process ... "); - } else - log.trace("Find transaction identifier from pendingReq."); + + + final SpecificConnectorCommunicationServiceImpl specificConnectorCommunicationService = + (SpecificConnectorCommunicationServiceImpl) context.getBean(SpecificCommunicationDefinitionBeanNames.SPECIFIC_CONNECTOR_COMMUNICATION_SERVICE.toString()); + ILightResponse eIDASResponse = specificConnectorCommunicationService.getAndRemoveResponse(tokenBase64, + ImmutableSortedSet.copyOf(attrRegistry.getCoreAttributeRegistry().getAttributes())); + + String pendingReqId = null; + if (StringUtils.isEmpty(eIDASResponse.getRelayState())) { + log.debug("eIDAS Node returns no RelayState. "); + + if (authConfig.getBasicMOAIDConfigurationBoolean( + Constants.CONIG_PROPS_EIDAS_NODE_WORKAROUND_USEREQUESTIDASTRANSACTIONIDENTIFIER, + false)) { + log.trace("Use lightRequestId to recover session ... "); + pendingReqId = transactionStorage.get(eIDASResponse.getInResponseToId(), String.class); + if (StringUtils.isNotEmpty(pendingReqId)) { + log.debug("Restoring session with lightRequestId ... "); + transactionStorage.remove(eIDASResponse.getInResponseToId()); + + } + } + + } else { + log.debug("Find transaction identifier in SAML2 'RelayState': " + eIDASResponse.getRelayState()); + pendingReqId = eIDASResponse.getRelayState(); + + } + if (StringUtils.isNotEmpty(pendingReqId)) { + request.setAttribute(Constants.DATA_FULL_EIDAS_RESPONSE, eIDASResponse); + return pendingReqId; + + } + + log.info("NO transaction identifier found! Stopping process ...."); + log.trace("FullResponse: " + eIDASResponse.toString()); + + } catch (SpecificCommunicationException e) { + log.warn("Can NOT load eIDAS Response from cache.", e); + log.debug("eIDAS response token was: " + request.getParameter(EidasParameterKeys.TOKEN.toString())); + } catch (Exception e) { log.warn("Unable to retrieve moa session id.", e); } - return sessionId; + return null; } } |