diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2013-07-26 07:47:08 +0200 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2013-07-26 07:47:08 +0200 |
commit | 59fd2c0ea0649c94340d67b735a2d53696065e4c (patch) | |
tree | 43722934ecabd4694c7675686c5541f857392cd9 | |
parent | cfb70f755c45a2cad582e8030b1542add9949efb (diff) | |
download | moa-id-spss-59fd2c0ea0649c94340d67b735a2d53696065e4c.tar.gz moa-id-spss-59fd2c0ea0649c94340d67b735a2d53696065e4c.tar.bz2 moa-id-spss-59fd2c0ea0649c94340d67b735a2d53696065e4c.zip |
Bugfixes:
- handle Error if more then one authentication is started for one Online-Application
- handle MultiThread error if more then one authentication process is active in one user session
Add:
- Add UserData database. (is required for the web-based configuration tool)
- Add additional OA parameter in MOA-ID 2.x configuration scheme to set OAs active or not
TODO: change 'searchOAWith....' to only get results with active=true
31 files changed, 736 insertions, 779 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java index 9ba11bebd..a80fcfa25 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java @@ -30,6 +30,7 @@ public class LoginFormBuilder { private static String BKU_HANDY = "#HANDY#"; private static String BKU_LOCAL = "#LOCAL#"; private static String CONTEXTPATH = "#CONTEXTPATH#"; + private static String MOASESSIONID = "#SESSIONID#"; private static String SERVLET = CONTEXTPATH+"/GenerateIframeTemplate"; @@ -84,7 +85,7 @@ public class LoginFormBuilder { return template; } - public static String buildLoginForm(String modul, String action, String oaname, String contextpath, boolean isIFrame) { + public static String buildLoginForm(String modul, String action, String oaname, String contextpath, boolean isIFrame, String moaSessionID) { String value = getTemplate(isIFrame); if(value != null) { @@ -98,6 +99,7 @@ public class LoginFormBuilder { value = value.replace(ACTION, action); value = value.replace(OANAME, oaname); value = value.replace(CONTEXTPATH, contextpath); + value = value.replace(MOASESSIONID, moaSessionID); } return value; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java index a72848832..956593237 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java @@ -25,6 +25,7 @@ public class SendAssertionFormBuilder { private static String URL = "#URL#"; private static String MODUL = "#MODUL#"; private static String ACTION = "#ACTION#"; + private static String ID = "#ID#"; private static String OANAME = "#OAName#"; private static String CONTEXTPATH = "#CONTEXTPATH#"; @@ -75,7 +76,7 @@ public class SendAssertionFormBuilder { return template; } - public static String buildForm(String modul, String action, String oaname, String contextpath, boolean isIFrame) { + public static String buildForm(String modul, String action, String id, String oaname, String contextpath, boolean isIFrame) { String value = getTemplate(isIFrame); if(value != null) { @@ -87,6 +88,7 @@ public class SendAssertionFormBuilder { } value = value.replace(MODUL, modul); value = value.replace(ACTION, action); + value = value.replace(ID, id); value = value.replace(OANAME, oaname); value = value.replace(CONTEXTPATH, contextpath); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java index c9a10b812..58cea2926 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java @@ -221,11 +221,11 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ } public static void parse(HttpServletRequest req, HttpServletResponse resp, - AuthenticationSession moasession) throws WrongParametersException, MOAIDException { + AuthenticationSession moasession, IRequest request) throws WrongParametersException, MOAIDException { - //check Module and Action - HttpSession httpSession = req.getSession(); - IRequest request = RequestStorage.getPendingRequest(httpSession); +// //check Module and Action +// HttpSession httpSession = req.getSession(); +// IRequest request = RequestStorage.getPendingRequest(httpSession); String modul = request.requestedModule();//req.getParameter(PARAM_MODUL); String action = request.requestedAction();//req.getParameter(PARAM_ACTION); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java index 4b15d80b4..022f21491 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java @@ -50,6 +50,7 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.entrypoints.DispatcherServlet; import at.gv.egovernment.moa.id.storage.ExceptionStoreImpl; import at.gv.egovernment.moa.id.storage.IExceptionStore; import at.gv.egovernment.moa.id.util.ServletUtils; @@ -143,7 +144,7 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants { * servlet response */ protected void handleError(String errorMessage, Throwable exceptionThrown, - HttpServletRequest req, HttpServletResponse resp) { + HttpServletRequest req, HttpServletResponse resp, String pendingRequestID) { if (null != errorMessage) { Logger.error(errorMessage); @@ -167,7 +168,8 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants { String redirectURL = null; redirectURL = ServletUtils.getBaseUrl(req); - redirectURL += "/dispatcher?" + ERROR_CODE_PARAM + "=" + id; + redirectURL += "/dispatcher?" + ERROR_CODE_PARAM + "=" + id + + "&" + DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID; resp.setContentType("text/html"); resp.setStatus(302); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java index 2ea34ee12..8d23f1a3b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java @@ -52,19 +52,26 @@ public class GenerateIFrameTemplateServlet extends AuthServlet { protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { Logger.info("Receive " + GenerateIFrameTemplateServlet.class + " Request"); - + + String pendingRequestID = null; + try { String bkuid = req.getParameter(PARAM_BKU); String useMandate = req.getParameter(PARAM_USEMANDATE); String ccc = req.getParameter(PARAM_CCC); - - String moasessionid = null; + String moasessionid = req.getParameter(PARAM_SESSIONID); + AuthenticationSession moasession = null; - + try { - moasessionid = (String) req.getSession().getAttribute(AuthenticationManager.MOA_SESSION); - moasession = AuthenticationSessionStoreage.getSession(moasessionid); - + //moasessionid = (String) req.getSession().getAttribute(AuthenticationManager.MOA_SESSION); + + pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moasessionid); + + moasession = AuthenticationSessionStoreage.getSession(moasessionid); + + String newmoasessionid = AuthenticationSessionStoreage.changeSessionID(moasession); + } catch (MOADatabaseException e) { Logger.info("MOASession with SessionID="+ moasessionid + " is not found in Database"); throw new MOAIDException("init.04", new Object[] { @@ -131,49 +138,9 @@ public class GenerateIFrameTemplateServlet extends AuthServlet { } catch (MOAIDException ex) { - handleError(null, ex, req, resp); + handleError(null, ex, req, resp, pendingRequestID); } } - -// private String getTemplateURIFromConfig(int bkuID, OAAuthParameter oaParam) throws WrongParametersException { -// //TODO: CHANGE to real OA config -// -// List<String> bkuURIs = Arrays.asList( -// "http://localhost:8080/moa-id-auth/template_onlineBKU.html", -// "http://localhost:8080/moa-id-auth/template_handyBKU.html", -// "http://127.0.0.1:8080/moa-id-auth/template_localBKU.html"); -// -//// List<String> bkuURIs = Arrays.asList( -//// "http://demo.egiz.gv.at/demoportal_moaid-2.0/template_onlineBKU.html", -//// "http://demo.egiz.gv.at/demoportal_moaid-2.0/template_handyBKU.html", -//// "http://demo.egiz.gv.at/demoportal_moaid-2.0/template_localBKU.html"); -// -// if (bkuID < bkuURIs.size()) -// return bkuURIs.get(bkuID); -// else -// throw new WrongParametersException("GenerateIFrameTemplate", PARAM_TEMPLATE, -// "auth.12"); -// } -// -// private String getBKUURIFromConfig(int bkuID, OAAuthParameter oaParam) throws WrongParametersException { -// //TODO: CHANGE to real OA config -// -// List<String> bkuURIs = Arrays.asList( -// "https://labda.iaik.tugraz.at:8843/bkuonline/https-security-layer-request", -// "https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx", -// "https://127.0.0.1:3496/https-security-layer-request"); -// -//// List<String> bkuURIs = Arrays.asList( -//// "https://demo.egiz.gv.at/demoportal_bkuonline/https-security-layer-request", -//// "https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx", -//// "https://127.0.0.1:3496/https-security-layer-request"); -// -// if (bkuID < bkuURIs.size()) -// return bkuURIs.get(bkuID); -// else -// throw new WrongParametersException("GenerateIFrameTemplate", PARAM_BKU, -// "auth.12"); -// } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java index d49f4e215..02c751a0a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java @@ -114,7 +114,10 @@ public class GetForeignIDServlet extends AuthServlet { resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
- Map parameters;
+ Map parameters; + + String pendingRequestID = null; +
try
{
parameters = getParameters(req);
@@ -123,7 +126,8 @@ public class GetForeignIDServlet extends AuthServlet { Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
throw new IOException(e.getMessage());
}
- String sessionID = req.getParameter(PARAM_SESSIONID);
+ String sessionID = req.getParameter(PARAM_SESSIONID); + pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
// escape parameter strings
sessionID = StringEscapeUtils.escapeHtml(sessionID);
@@ -195,8 +199,9 @@ public class GetForeignIDServlet extends AuthServlet { } redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); redirectURL = resp.encodeRedirectURL(redirectURL);*/ + redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), - ModulUtils.buildAuthURL(session.getModul(), session.getAction()), newMOASessionID); + ModulUtils.buildAuthURL(session.getModul(), session.getAction(), pendingRequestID), newMOASessionID); redirectURL = resp.encodeRedirectURL(redirectURL); } else { @@ -219,10 +224,10 @@ public class GetForeignIDServlet extends AuthServlet { }
catch (MOAIDException ex) {
- handleError(null, ex, req, resp);
+ handleError(null, ex, req, resp, pendingRequestID);
}
catch (SZRGWClientException ex) {
- handleError(null, ex, req, resp);
+ handleError(null, ex, req, resp, pendingRequestID);
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java index 7d825da17..8e5fccfef 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java @@ -143,12 +143,15 @@ public class GetMISSessionIDServlet extends AuthServlet { sessionID = StringEscapeUtils.escapeHtml(sessionID); AuthenticationSession session = null; + String pendingRequestID = null; try { // check parameter if (!ParamValidatorUtils.isValidSessionID(sessionID)) throw new WrongParametersException("VerifyCertificate", PARAM_SESSIONID, "auth.12"); + pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID); + session = AuthenticationServer.getSession(sessionID); String misSessionID = session.getMISSessionID(); @@ -209,11 +212,11 @@ public class GetMISSessionIDServlet extends AuthServlet { Logger.info("Changed MOASession " + oldsessionID + " to Session " + newMOASessionID); Logger.info("Daten angelegt zu MOASession " + newMOASessionID); - + String redirectURL = new DataURLBuilder().buildDataURL( session.getAuthURL(), ModulUtils.buildAuthURL(session.getModul(), - session.getAction()), newMOASessionID); + session.getAction(), pendingRequestID), newMOASessionID); redirectURL = resp.encodeRedirectURL(redirectURL); @@ -252,17 +255,17 @@ public class GetMISSessionIDServlet extends AuthServlet { Logger.debug("REDIRECT TO: " + redirectURL); } catch (MOAIDException ex) { - handleError(null, ex, req, resp); + handleError(null, ex, req, resp, pendingRequestID); } catch (GeneralSecurityException ex) { - handleError(null, ex, req, resp); + handleError(null, ex, req, resp, pendingRequestID); } catch (PKIException e) { - handleError(null, e, req, resp); + handleError(null, e, req, resp, pendingRequestID); } catch (MISSimpleClientException e) { - handleError(null, e, req, resp); + handleError(null, e, req, resp, pendingRequestID); } catch (SAXException e) { - handleError(null, e, req, resp); + handleError(null, e, req, resp, pendingRequestID); } catch (ParserConfigurationException e) { - handleError(null, e, req, resp); + handleError(null, e, req, resp, pendingRequestID); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java index caf2e4490..8dc5d7469 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java @@ -83,29 +83,34 @@ public class LogOutServlet extends AuthServlet { SSOManager ssomanager = SSOManager.getInstance(); - //get SSO token from request - String ssoid = ssomanager.getSSOSessionID(req); - - if (ssomanager.isValidSSOSession(ssoid, req)) { - - //TODO: Single LogOut Implementation + try { + //get SSO token from request + String ssoid = ssomanager.getSSOSessionID(req); - //delete SSO session and MOA session - AuthenticationManager authmanager = AuthenticationManager.getInstance(); - String moasessionid = AuthenticationSessionStoreage.getMOASessionID(ssoid); - - authmanager.logout(req, resp, moasessionid); - Logger.info("User with SSO Id " + ssoid + " is logged out and get redirect to "+ redirectUrl); - } else { - Logger.info("No active SSO session found. User is maybe logout already and get redirect to "+ redirectUrl); - } + if (ssomanager.isValidSSOSession(ssoid, req)) { - //Remove SSO token - ssomanager.deleteSSOSessionID(req, resp); + //TODO: Single LogOut Implementation - //invalidate Session - req.getSession().invalidate(); + //delete SSO session and MOA session + AuthenticationManager authmanager = AuthenticationManager.getInstance(); + String moasessionid = AuthenticationSessionStoreage.getMOASessionID(ssoid); + RequestStorage.removePendingRequest(RequestStorage.getPendingRequest(req.getSession()), + AuthenticationSessionStoreage.getPendingRequestID(moasessionid)); + + authmanager.logout(req, resp, moasessionid); + Logger.info("User with SSO Id " + ssoid + " is logged out and get redirect to "+ redirectUrl); + } else { + Logger.info("No active SSO session found. User is maybe logout already and get redirect to "+ redirectUrl); + } + + //Remove SSO token + ssomanager.deleteSSOSessionID(req, resp); + + } catch (Exception e) { + Logger.warn(LogOutServlet.class.getName() + " has an LogOut Error. Redirect to Applikation " + redirectUrl, e); + } + //Redirect to Application resp.setStatus(301); resp.addHeader("Location", redirectUrl); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index 63bc2a8cc..f6412f897 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -56,6 +56,8 @@ public class PEPSConnectorServlet extends AuthServlet { */
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+ String pendingRequestID = null;
+
try {
Logger.info("PEPSConnector Servlet invoked, expecting C-PEPS message.");
@@ -80,6 +82,8 @@ public class PEPSConnectorServlet extends AuthServlet { httpSession.invalidate();
}
+ pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID);
+
Logger.info("Found MOA sessionID: " + moaSessionID);
Logger.debug("Beginning to extract SAMLResponse out of HTTP Request");
@@ -199,7 +203,7 @@ public class PEPSConnectorServlet extends AuthServlet { AuthenticationServer.getInstance().getForeignAuthenticationData(moaSession);
Logger.info("MOA assertion assembled and SAML Artifact generated.");
- //session is implicit stored in changeSessionID!!!!
+ //session is implicit stored in changeSessionID!!!!
String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
Logger.info("Changed MOASession " + moaSessionID + " to Session " + newMOASessionID);
@@ -214,8 +218,9 @@ public class PEPSConnectorServlet extends AuthServlet { }
redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
redirectURL = response.encodeRedirectURL(redirectURL);*/
+
redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(),
- ModulUtils.buildAuthURL(moaSession.getModul(), moaSession.getAction()), newMOASessionID);
+ ModulUtils.buildAuthURL(moaSession.getModul(), moaSession.getAction(), pendingRequestID), newMOASessionID);
redirectURL = response.encodeRedirectURL(redirectURL);
} else {
@@ -236,9 +241,9 @@ public class PEPSConnectorServlet extends AuthServlet { } catch (AuthenticationException e) {
- handleError(null, e, request, response);
+ handleError(null, e, request, response, pendingRequestID);
} catch (MOAIDException e) {
- handleError(null, e, request, response);
+ handleError(null, e, request, response, pendingRequestID);
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java index 200d25fbe..ba8698934 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java @@ -135,7 +135,7 @@ public class ProcessValidatorInputServlet extends AuthServlet { handleWrongParameters(ex, req, resp); }
catch (MOAIDException ex) {
- handleError(null, ex, req, resp);
+ handleError(null, ex, req, resp, null); //TODO: is this Class required?
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java index ecbd87498..9b559770f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java @@ -36,18 +36,48 @@ public class SSOSendAssertionServlet extends AuthServlet{ private static final long serialVersionUID = 1L; private static final String PARAM = "value"; + private static final String MODULE = "mod"; + private static final String ACTION = "action"; + private static final String ID = "identifier"; protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { + + String id = null; Logger.info("Receive " + SSOSendAssertionServlet.class + " Request"); try { + Object idObject = req.getParameter(ID); + + if (idObject != null && (idObject instanceof String)) { + id = (String) idObject; + } + String value = req.getParameter(PARAM); value = StringEscapeUtils.escapeHtml(value); if (!ParamValidatorUtils.isValidUseMandate(value)) throw new WrongParametersException("SSOSendAssertionServlet", PARAM, null); - + //get module and action + Object moduleObject = req.getParameter(MODULE); + String module = null; + if (moduleObject != null && (moduleObject instanceof String)) { + module = (String) moduleObject; + } + + + Object actionObject = req.getParameter(ACTION); + String action = null; + if (actionObject != null && (actionObject instanceof String)) { + action = (String) actionObject; + } + + if (MiscUtil.isEmpty(module) || MiscUtil.isEmpty(action) || MiscUtil.isEmpty(id)) { + Logger.warn("No Moduel or Action parameter received!"); + throw new WrongParametersException("Module or Action is empty", "", "auth.10"); + } + + SSOManager ssomanager = SSOManager.getInstance(); //get SSO Cookie for Request String ssoId = ssomanager.getSSOSessionID(req); @@ -86,15 +116,9 @@ public class SSOSendAssertionServlet extends AuthServlet{ moaSessionID = AuthenticationSessionStoreage.getMOASessionID(ssoId); AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moaSessionID); AuthenticationSessionStoreage.setAuthenticated(moaSessionID, true); - - HttpSession httpSession = req.getSession(); - IRequest protocolRequest = RequestStorage.getPendingRequest(httpSession); - - if (protocolRequest == null) - throw new AuthenticationException("auth.21", new Object[] {}); - + String redirectURL = new DataURLBuilder().buildDataURL(moasession.getAuthURL(), - ModulUtils.buildAuthURL(protocolRequest.requestedModule(), protocolRequest.requestedAction()), ""); + ModulUtils.buildAuthURL(module, action, id), ""); resp.setContentType("text/html"); resp.setStatus(302); @@ -109,16 +133,16 @@ public class SSOSendAssertionServlet extends AuthServlet{ } } else { - handleError("SSO Session is not valid", null, req, resp); + handleError("SSO Session is not valid", null, req, resp, id); } } catch (MOADatabaseException e) { - handleError("SSO Session is not found", e, req, resp); + handleError("SSO Session is not found", e, req, resp, id); } catch (WrongParametersException e) { - handleError("Parameter is not valid", e, req, resp); + handleError("Parameter is not valid", e, req, resp, id); } catch (AuthenticationException e) { - handleError(e.getMessage(), e, req, resp); + handleError(e.getMessage(), e, req, resp, id); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java index adef74370..96914647e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java @@ -136,6 +136,7 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + String pendingRequestID = null; Map parameters; try @@ -152,6 +153,8 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { // escape parameter strings sessionID = StringEscapeUtils.escapeHtml(sessionID); + pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID); + String redirectURL = null; try { // check parameter @@ -161,7 +164,7 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_XMLRESPONSE, "auth.12"); AuthenticationSession session = AuthenticationServer.getSession(sessionID); - + String samlArtifactBase64 = AuthenticationServer.getInstance().verifyAuthenticationBlock(session, createXMLSignatureResponse); @@ -252,8 +255,9 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); redirectURL = resp.encodeRedirectURL(redirectURL);*/ + redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), - ModulUtils.buildAuthURL(session.getModul(), session.getAction()), samlArtifactBase64); + ModulUtils.buildAuthURL(session.getModul(), session.getAction(), pendingRequestID), samlArtifactBase64); } else { redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID()); @@ -270,15 +274,15 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { } catch (MOAIDException ex) { - handleError(null, ex, req, resp); + handleError(null, ex, req, resp, pendingRequestID); } catch (GeneralSecurityException e) { - handleError(null, e, req, resp); + handleError(null, e, req, resp, pendingRequestID); } catch (PKIException e) { - handleError(null, e, req, resp); + handleError(null, e, req, resp, pendingRequestID); } catch (MISSimpleClientException e) { - handleError(null, e, req, resp); + handleError(null, e, req, resp, pendingRequestID); } catch (TransformerException e) { - handleError(null, e, req, resp); + handleError(null, e, req, resp, pendingRequestID); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java index e07be8420..896bd0864 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java @@ -106,6 +106,8 @@ public class VerifyCertificateServlet extends AuthServlet { resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+ + String pendingRequestID = null; Map parameters;
try
@@ -120,7 +122,9 @@ public class VerifyCertificateServlet extends AuthServlet { // escape parameter strings
sessionID = StringEscapeUtils.escapeHtml(sessionID);
-
+ + pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID); +
AuthenticationSession session = null;
try {
// check parameter
@@ -177,7 +181,7 @@ public class VerifyCertificateServlet extends AuthServlet { }
catch (MOAIDException ex) {
- handleError(null, ex, req, resp);
+ handleError(null, ex, req, resp, pendingRequestID);
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java index 2f12c7ae6..c6310d8c0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java @@ -113,6 +113,8 @@ public class VerifyIdentityLinkServlet extends AuthServlet { Logger.debug("POST VerifyIdentityLink"); Map parameters; + String pendingRequestID = null; + try { parameters = getParameters(req); @@ -127,6 +129,8 @@ public class VerifyIdentityLinkServlet extends AuthServlet { // escape parameter strings sessionID = StringEscapeUtils.escapeHtml(sessionID); + pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID); + resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); @@ -175,7 +179,7 @@ public class VerifyIdentityLinkServlet extends AuthServlet { } catch(Exception e) { - handleError(null, e, req, resp); + handleError(null, e, req, resp, pendingRequestID); } } @@ -234,11 +238,11 @@ public class VerifyIdentityLinkServlet extends AuthServlet { } } catch (ParseException ex) { - handleError(null, ex, req, resp); + handleError(null, ex, req, resp, pendingRequestID); } catch (MOAIDException ex) { - handleError(null, ex, req, resp); + handleError(null, ex, req, resp, pendingRequestID); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index e995a1c2e..e7b41e3c9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -3,13 +3,20 @@ package at.gv.egovernment.moa.id.entrypoints; import iaik.util.logging.Log; import java.io.IOException; +import java.util.ConcurrentModificationException; +import java.util.HashMap; import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Set; +import java.util.concurrent.ConcurrentHashMap; import javax.servlet.ServletConfig; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; +import javax.swing.ListModel; import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.MOAIDException; @@ -32,6 +39,7 @@ import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.storage.ExceptionStoreImpl; import at.gv.egovernment.moa.id.util.HTTPSessionUtils; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.id.util.legacy.LegacyHelper; import at.gv.egovernment.moa.logging.Logger; @@ -44,6 +52,7 @@ public class DispatcherServlet extends AuthServlet{ public static final String PARAM_TARGET_MODULE = "mod"; public static final String PARAM_TARGET_ACTION = "action"; + public static final String PARAM_TARGET_PENDINGREQUESTID = "pendingid"; @Override public void init(ServletConfig config) throws ServletException { @@ -66,6 +75,8 @@ public class DispatcherServlet extends AuthServlet{ boolean isValidSSOSession = false; boolean useSSOOA = false; + String protocolRequestID = null; + try { Logger.info("REQUEST: " + req.getRequestURI()); @@ -76,30 +87,65 @@ public class DispatcherServlet extends AuthServlet{ Throwable throwable = ExceptionStoreImpl.getStore() .fetchException(errorid); ExceptionStoreImpl.getStore().removeException(errorid); + + Object idObject = req.getParameter(PARAM_TARGET_PENDINGREQUESTID); - if (throwable != null) { + Map<String, IRequest> errorRequests = RequestStorage.getPendingRequest(req.getSession()); + + String pendingRequestID = null; + if (idObject != null && (idObject instanceof String)) { + if (errorRequests.containsKey((String)idObject)) + pendingRequestID = (String) idObject; + } + + if (throwable != null) { + if (errorRequests != null) { + + synchronized (errorRequests) { + + IRequest errorRequest = null; + if (pendingRequestID != null) { + errorRequest = errorRequests.get(pendingRequestID); + + //remove the + RequestStorage.removePendingRequest(errorRequests, pendingRequestID); + } + else { + if (errorRequests.size() > 1) { + handleErrorNoRedirect(throwable.getMessage(), throwable, + req, resp); + + } else { + Set<String> keys = errorRequests.keySet(); + errorRequest = errorRequests.get(keys.toArray()[0]); + RequestStorage.removeAllPendingRequests(req.getSession()); + } + + } + - IRequest errorRequest = RequestStorage - .getPendingRequest(req.getSession()); - - //remove the - RequestStorage.removePendingRequest(req.getSession()); - - if (errorRequest != null) { - try { - IModulInfo handlingModule = ModulStorage - .getModuleByPath(errorRequest - .requestedModule()); - if (handlingModule != null) { - if (handlingModule.generateErrorMessage( - throwable, req, resp, errorRequest)) { - return; + + if (errorRequest != null) { + + try { + IModulInfo handlingModule = ModulStorage + .getModuleByPath(errorRequest + .requestedModule()); + if (handlingModule != null) { + if (handlingModule.generateErrorMessage( + throwable, req, resp, errorRequest)) { + return; + } } + } catch (Throwable e) { + Logger.error(e); + handleErrorNoRedirect(throwable.getMessage(), + throwable, req, resp); } - } catch (Throwable e) { - Logger.error(e); - handleErrorNoRedirect(throwable.getMessage(), - throwable, req, resp); + } + else { + handleErrorNoRedirect(throwable.getMessage(), throwable, + req, resp); } } handleErrorNoRedirect(throwable.getMessage(), throwable, @@ -113,6 +159,7 @@ public class DispatcherServlet extends AuthServlet{ return; } + } Object moduleObject = req.getParameter(PARAM_TARGET_MODULE); String module = null; @@ -133,7 +180,7 @@ public class DispatcherServlet extends AuthServlet{ if (action == null) { action = req.getParameter(PARAM_TARGET_ACTION); } - + Logger.debug("dispatching to " + module + " protocol " + action); IModulInfo info = ModulStorage.getModuleByPath(module); @@ -174,46 +221,103 @@ public class DispatcherServlet extends AuthServlet{ } HttpSession httpSession = req.getSession(); + Map<String, IRequest> protocolRequests = null; IRequest protocolRequest = null; + try { - protocolRequest = RequestStorage.getPendingRequest(httpSession); - - if (protocolRequest != null) { - // check if pending request is same protocol and action - if (!protocolRequest.requestedModule().equals(module) - || !protocolRequest.requestedAction() - .equals(action) - || !info.validate(req, resp, protocolRequest)) { - resp.sendError(HttpServletResponse.SC_CONFLICT); - Logger.error("Different Request is pending in this session!"); + protocolRequests = RequestStorage.getPendingRequest(httpSession); + + Object idObject = req.getParameter(PARAM_TARGET_PENDINGREQUESTID); + + if (protocolRequests != null && + idObject != null && (idObject instanceof String)) { + +// synchronized (protocolRequests) { + + protocolRequestID = (String) idObject; + + //get IRequest if it exits + if (protocolRequests.containsKey(protocolRequestID)) { + protocolRequest = protocolRequests.get(protocolRequestID); + + //RequestStorage.setPendingRequest(httpSession, protocolRequests); + + } else { + resp.sendError(HttpServletResponse.SC_CONFLICT); + Logger.error("No PendingRequest with ID " + protocolRequestID + " found for this session!"); + return; + } +// } + } else { + try { + protocolRequest = info.preProcess(req, resp, action); + + if (protocolRequest != null) { + + if(protocolRequests != null) { + +// synchronized (protocolRequests) { +// synchronized (protocolRequest) { + Set<String> mapkeys = protocolRequests.keySet(); + for (String el : mapkeys) { + IRequest value = protocolRequests.get(el); + + if (value.getOAURL().equals(protocolRequest.getOAURL())) { + + if(!AuthenticationSessionStoreage.deleteSessionWithPendingRequestID(el)) { + Logger.warn("NO MOASession with PendingRequestID " + el + " found. Delete all user sessions!"); + RequestStorage.removeAllPendingRequests(req.getSession()); + + } else { + + + RequestStorage.removePendingRequest(protocolRequests, el); + } + } + } +// } +// } + + } else { + protocolRequests = new ConcurrentHashMap<String, IRequest>(); + } + + synchronized (protocolRequest) { + synchronized (protocolRequests) { + + //Start new Authentication + protocolRequest.setAction(action); + protocolRequest.setModule(module); + protocolRequestID = Random.nextRandom(); + protocolRequest.setRequestID(protocolRequestID); + protocolRequests.put(protocolRequestID, protocolRequest); + } + } + } + } catch (MOAIDException e) { + resp.sendError(HttpServletResponse.SC_BAD_REQUEST); + Logger.error("Failed to generate a valid protocol request!"); return; } - } - - if (protocolRequest == null) { - protocolRequest = info.preProcess(req, resp, action); - if (protocolRequest != null) { - protocolRequest.setAction(action); - protocolRequest.setModule(module); + + if (protocolRequest == null) { + resp.sendError(HttpServletResponse.SC_BAD_REQUEST); + Logger.error("Failed to generate a valid protocol request!"); + return; } } + + - if (protocolRequest == null) { - resp.sendError(HttpServletResponse.SC_BAD_REQUEST); - Logger.error("Failed to generate a valid protocol request!"); - return; - } - + //load Parameters from OnlineApplicationConfiguration OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() .getOnlineApplicationParameter(protocolRequest.getOAURL()); if (oaParam == null) { - //TODO: Find a better place for this!! - //req.getSession().invalidate(); throw new AuthenticationException("auth.00", new Object[] { protocolRequest.getOAURL() }); } - - RequestStorage.setPendingRequest(httpSession, protocolRequest); + + RequestStorage.setPendingRequest(httpSession, protocolRequests); AuthenticationManager authmanager = AuthenticationManager.getInstance(); @@ -296,6 +400,8 @@ public class DispatcherServlet extends AuthServlet{ } } else { + + //TODO: maybe transmit moasessionID with http GET to handle more then one PendingRequest! moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(), AuthenticationManager.MOA_SESSION, null); moasession = AuthenticationSessionStoreage.getSession(moasessionID); @@ -319,7 +425,7 @@ public class DispatcherServlet extends AuthServlet{ moduleAction.processRequest(protocolRequest, req, resp, moasession); - RequestStorage.removePendingRequest(httpSession); + RequestStorage.removePendingRequest(protocolRequests, protocolRequestID); boolean isSSOSession = AuthenticationSessionStoreage.isSSOSession(moasessionID); @@ -331,7 +437,7 @@ public class DispatcherServlet extends AuthServlet{ authmanager.logout(req, resp, moasessionID); } - ConfigurationDBUtils.closeSession(); +// ConfigurationDBUtils.closeSession(); //authmanager.logout(req, resp); @@ -345,7 +451,7 @@ public class DispatcherServlet extends AuthServlet{ } catch (WrongParametersException ex) { handleWrongParameters(ex, req, resp); } catch (MOAIDException ex) { - handleError(null, ex, req, resp); + handleError(null, ex, req, resp, protocolRequestID); } catch (Throwable e) { e.printStackTrace(); resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index b6742fb9e..b9f0b2144 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -177,7 +177,7 @@ public class AuthenticationManager extends AuthServlet { } authSession.setAuthenticated(false); - HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session + //HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session AuthenticationSessionStoreage.destroySession(moaSessionID); @@ -230,7 +230,7 @@ public class AuthenticationManager extends AuthServlet { //parse request parameter into MOASession - StartAuthentificationParameterParser.parse(request, response, moasession); + StartAuthentificationParameterParser.parse(request, response, moasession, target); Logger.info("Start Authentication Module: " + moasession.getModul() + " Action: " + moasession.getAction()); @@ -245,7 +245,7 @@ public class AuthenticationManager extends AuthServlet { //store MOASession try { - AuthenticationSessionStoreage.storeSession(moasession); + AuthenticationSessionStoreage.storeSession(moasession, target.getRequestID()); } catch (MOADatabaseException e) { Logger.error("Database Error! MOASession is not stored!"); throw new MOAIDException("init.04", new Object[] { @@ -284,11 +284,11 @@ public class AuthenticationManager extends AuthServlet { String loginForm = LoginFormBuilder.buildLoginForm(target.requestedModule(), - target.requestedAction(), oaParam.getFriendlyName(), request.getContextPath(), oaParam.useIFrame()); + target.requestedAction(), oaParam.getFriendlyName(), request.getContextPath(), oaParam.useIFrame(), moasession.getSessionID()); //store MOASession try { - AuthenticationSessionStoreage.storeSession(moasession); + AuthenticationSessionStoreage.storeSession(moasession, target.getRequestID()); } catch (MOADatabaseException e) { Logger.error("Database Error! MOASession is not stored!"); throw new MOAIDException("init.04", new Object[] { @@ -310,7 +310,7 @@ public class AuthenticationManager extends AuthServlet { throws ServletException, IOException, MOAIDException { String form = SendAssertionFormBuilder.buildForm(target.requestedModule(), - target.requestedAction(), oaParam.getFriendlyName(), request.getContextPath(), oaParam.useIFrame()); + target.requestedAction(), target.getRequestID(), oaParam.getFriendlyName(), request.getContextPath(), oaParam.useIFrame()); response.setContentType("text/html;charset=UTF-8"); PrintWriter out = new PrintWriter(response.getOutputStream()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java index f63b0049f..824b210cf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java @@ -10,6 +10,8 @@ public interface IRequest { public void setModule(String module); public void setAction(String action); public String getTarget(); + public void setRequestID(String id); + public String getRequestID(); //public void setTarget(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java index 9ce835c7e..b07695938 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java @@ -8,15 +8,17 @@ public class ModulUtils { public static final String UNAUTHDISPATCHER = "dispatcher"; public static final String AUTHDISPATCHER = "dispatcher"; - public static String buildUnauthURL(String modul, String action) { + public static String buildUnauthURL(String modul, String action, String pendingRequestID) { return UNAUTHDISPATCHER + "?" + DispatcherServlet.PARAM_TARGET_MODULE + "=" + modul + "&" + - DispatcherServlet.PARAM_TARGET_ACTION + "=" + action; + DispatcherServlet.PARAM_TARGET_ACTION + "=" + action + "&" + + DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID; } - public static String buildAuthURL(String modul, String action) { + public static String buildAuthURL(String modul, String action, String pendingRequestID) { return AUTHDISPATCHER + "?" + DispatcherServlet.PARAM_TARGET_MODULE + "=" + modul + "&" + - DispatcherServlet.PARAM_TARGET_ACTION + "=" + action; + DispatcherServlet.PARAM_TARGET_ACTION + "=" + action + "&" + + DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID; } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java index 29f9ff69b..420f11622 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java @@ -9,6 +9,7 @@ public class RequestImpl implements IRequest { private String module = null; private String action = null; private String target = null; + private String requestID; public void setOAURL(String value) { @@ -66,4 +67,13 @@ public class RequestImpl implements IRequest { public void setTarget(String target) { this.target = target; } + + public void setRequestID(String id) { + this.requestID = id; + + } + + public String getRequestID() { + return requestID; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java index 4e7d8d2ed..35481a0a1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java @@ -1,28 +1,65 @@ package at.gv.egovernment.moa.id.moduls; +import java.util.List; +import java.util.Map; + import javax.servlet.http.HttpSession; +import at.gv.egovernment.moa.logging.Logger; + public class RequestStorage { private static final String PENDING_REQUEST = "PENDING_REQUEST"; - public static IRequest getPendingRequest(HttpSession session) { - Object obj = session.getAttribute(PENDING_REQUEST); - if (obj != null) { - if (obj instanceof IRequest) { - return (IRequest) obj; - } else { + public static Map<String,IRequest> getPendingRequest(HttpSession session) { + + + Object obj = session.getAttribute(PENDING_REQUEST); + if (obj != null) { + synchronized (obj) { + if (obj instanceof Map<?,?>) { + if (((Map<?,?>) obj).size() > 0) { + if ( ((Map<?,?>) obj).keySet().toArray()[0] instanceof String) { + if (((Map<?,?>) obj).get(((Map<?,?>) obj).keySet().toArray()[0]) + instanceof IRequest) { + return (Map<String, IRequest>) obj; + + + + } + } + } + } + } session.setAttribute(PENDING_REQUEST, null); } - } - return null; + return null; } - public static void setPendingRequest(HttpSession session, IRequest request) { + public static void setPendingRequest(HttpSession session, Map<String, IRequest> request) { session.setAttribute(PENDING_REQUEST, request); } - public static void removePendingRequest(HttpSession session) { + public static void removeAllPendingRequests(HttpSession session) { session.setAttribute(PENDING_REQUEST, null); } + + public static void removePendingRequest(Map<String, IRequest> requestmap, String requestID) { + + if (requestmap != null && requestID != null) { + + synchronized (requestmap) { + + //Map<String, IRequest> requestmap = getPendingRequest(session); + + if (requestmap.containsKey(requestID)) { + requestmap.remove(requestID); + Logger.debug("Remove PendingRequest with ID " + requestID); + + } + + //setPendingRequest(session, requestmap); + } + } + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java index da5556b30..1f71bf8bf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java @@ -107,11 +107,33 @@ public class AuthenticationSessionStoreage { } catch (MOADatabaseException e) { Logger.warn("MOASession could not be stored."); throw new MOADatabaseException(e); - } - + } + } + + public static void storeSession(AuthenticationSession session, String pendingRequestID) throws MOADatabaseException, BuildException { + try { + AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID()); + dbsession.setPendingRequestID(pendingRequestID); + + dbsession.setAuthenticated(session.isAuthenticated()); + byte[] serialized = SerializationUtils.serialize(session); + + dbsession.setSession(SessionEncrytionUtil.encrypt(serialized)); + + //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 + dbsession.setUpdated(new Date()); + + MOASessionDBUtils.saveOrUpdate(dbsession); + Log.info("MOASession with sessionID=" + session.getSessionID() + " is stored in Database"); + + } catch (MOADatabaseException e) { + Logger.warn("MOASession could not be stored."); + throw new MOADatabaseException(e); + } } + public static void destroySession(String moaSessionID) throws MOADatabaseException { Session session = MOASessionDBUtils.getCurrentSession(); @@ -236,6 +258,7 @@ public class AuthenticationSessionStoreage { dbsession.setSSOSession(true); dbsession.setSSOsessionid(SSOSessionID); dbsession.setAuthenticated(false); + dbsession.setPendingRequestID(""); //Store MOASession session.saveOrUpdate(dbsession); @@ -365,7 +388,51 @@ public class AuthenticationSessionStoreage { } } + + public static boolean deleteSessionWithPendingRequestID(String id) { + MiscUtil.assertNotNull(id, "PendingRequestID"); + Logger.trace("Delete MOAsession with PendingRequestID " + id + " from database."); + Session session = MOASessionDBUtils.getCurrentSession(); + + List<AuthenticatedSessionStore> result; + + synchronized (session) { + session.beginTransaction(); + Query query = session.getNamedQuery("getSessionWithPendingRequestID"); + query.setString("sessionid", id); + result = query.list(); + + //send transaction + session.getTransaction().commit(); + } + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() != 1) { + Logger.trace("No entries found."); + return false; + + } else { + MOASessionDBUtils.delete(result.get(0)); + return true; + } + + } + + public static String getPendingRequestID(String sessionID) { + try { + AuthenticatedSessionStore dbsession = searchInDatabase(sessionID); + return dbsession.getPendingRequestID(); + + } catch (MOADatabaseException e) { + Logger.warn("MOASession with ID " + sessionID + " not found"); + return ""; + } + + } + public static void clean(long now, long authDataTimeOutCreated, long authDataTimeOutUpdated) { Date expioredatecreate = new Date(now - authDataTimeOutCreated); Date expioredateupdate = new Date(now - authDataTimeOutUpdated); diff --git a/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html b/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html deleted file mode 100644 index 1228ba90e..000000000 --- a/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html +++ /dev/null @@ -1,315 +0,0 @@ -<html> -<head> - <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> - <meta content="text/css" http-equiv="Content-Style-Type"> - <link rel="stylesheet" type="text/css" href="#CONTEXTPATH#/css/index.css"> - <link type="text/css" rel="stylesheet" href="#CONTEXTPATH#/css/2.0/stammzahl.css"> - <link type="text/css" rel="stylesheet" href="#CONTEXTPATH#/css/2.0/stylesnew.css"> - <link type="text/css" rel="stylesheet" href="#CONTEXTPATH#/css/2.0/stylesinput.css"> - - <script type="text/javascript"> - function isIE() { - return (/MSIE (\d+\.\d+);/.test(navigator.userAgent)); - } - - function isFullscreen() { - try { - return ((top.innerWidth == screen.width) && (top.innerHeight == screen.height)); - } catch (e) { - return false; - } - } - - function isActivexEnabled() { - var supported = null; - try { - supported = !!new ActiveXObject("htmlfile"); - } catch (e) { - supported = false; - } - return supported; - } - - function isMetro() { - if (!isIE()) - return false; - return !isActivexEnabled() && isFullscreen(); - } - - window.onload=function() { - document.getElementById("localBKU").style.display="none"; - return; - } - - function bkuOnlineClicked() { - if (isMetro()) - document.getElementById("metroDetected").style.display="block"; - document.getElementById("localBKU").style.display="block"; - -/* if (checkMandateSSO()) - return; */ - - setMandateSelection(); -/* setSSOSelection(); */ - - var iFrameURL = "#AUTH_URL#" + "?"; - iFrameURL += "bkuURI=" + "#ONLINE#"; - iFrameURL += "&useMandate=" + document.getElementById("useMandate").value; -/* iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */ - iFrameURL += "&MODUL=" + "#MODUL#"; - iFrameURL += "&ACTION=" + "#ACTION#"; - - generateIFrame(iFrameURL); - } - - function bkuHandyClicked() { - document.getElementById("localBKU").style.display="none"; - -/* if (checkMandateSSO()) - return; */ - - setMandateSelection(); -/* setSSOSelection(); */ - - var iFrameURL = "#AUTH_URL#" + "?"; - iFrameURL += "bkuURI=" + "#HANDY#"; - iFrameURL += "&useMandate=" + document.getElementById("useMandate").value; -/* iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */ - iFrameURL += "&MODUL=" + "#MODUL#"; - iFrameURL += "&ACTION=" + "#ACTION#"; - - generateIFrame(iFrameURL); - } - - function storkClicked() { - document.getElementById("localBKU").style.display="none"; - -/* if (checkMandateSSO()) - return; */ - - setMandateSelection(); -/* setSSOSelection(); */ - - var ccc = "AT"; - var countrySelection = document.getElementById("cccSelection"); - - if (countrySelection != null) { - ccc = document.getElementById("cccSelection").value; - } - - var iFrameURL = "#AUTH_URL#" + "?"; - iFrameURL += "bkuURI=" + "#ONLINE#"; - iFrameURL += "&useMandate=" + document.getElementById("useMandate").value; - iFrameURL += "&CCC=" + ccc; -/* iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */ - iFrameURL += "&MODUL=" + "#MODUL#"; - iFrameURL += "&ACTION=" + "#ACTION#"; - - generateIFrame(iFrameURL); - } - - function generateIFrame(iFrameURL) { - var el = document.getElementById("bkulogin"); - var parent = el.parentNode; - - var iframe = document.createElement("iframe"); - iframe.setAttribute("src", iFrameURL); - iframe.setAttribute("width", "220"); - iframe.setAttribute("height", "165"); - iframe.setAttribute("frameborder", "0"); - iframe.setAttribute("scrolling", "no"); - iframe.setAttribute("title", "Login"); - - parent.replaceChild(iframe, el); - } - - function setMandateSelection() { - document.getElementById("moaidform").action = "#AUTH_URL#"; - - document.getElementById("useMandate").value = "false"; - var checkbox = document.getElementById("mandateCheckBox"); - if (checkbox != null) { - if (document.getElementById("mandateCheckBox").checked) { - document.getElementById("useMandate").value = "true"; - } - } - } - -/* function setSSOSelection() { - document.getElementById("useSSO").value = "false"; - var checkbox = document.getElementById("SSOCheckBox"); - if (checkbox != null) { - if (document.getElementById("SSOCheckBox").checked) { - document.getElementById("useSSO").value = "true"; - } - } - } */ - -/* function checkMandateSSO() { - var sso = document.getElementById("SSOCheckBox"); - var mandate = document.getElementById("mandateCheckBox"); - - - if (sso.checked && mandate.checked) { - alert("Anmeldung in Vertretung in kombination mit Single Sign-On wird aktuell noch nicht unterstützt!") - mandate.checked = false; - sso.checked = false; - return true; - } else { - return false; - } - } */ - </script> -</head> - - -<body> - <div class="pageWidth"> - - <div id="pagebase"> - <div id="page"> - - <div id="header" class="header clearfix"> - <h1 class="main_header">MOA-ID 2.0 - Login Preview</h1> - -<!-- <ul id="servicenav"> - <li><a href="http://www.dsk.gv.at">Datenschutzkommission<span class="hidden">.</span></a></li> - <li><a href="http://www.stammzahlenregister.gv.at/site/5109/default.aspx">Stammzahlenregister<span class="hidden">.</span></a></li> - <li><a href="http://www.dsk.gv.at/DesktopDefault.aspx?alias=dvr">Datenverarbeitungsregister<span class="hidden">.</span></a></li> - <li><a href="http://www.dsk.gv.at/DesktopDefault.aspx?alias=dsken" lang="en" class="last-item">English<span class="hidden">.</span></a></li> - </ul> --> - - <div id="mainnavjump"></div> - <p id="homelink"><img src="#CONTEXTPATH#/img/2.0/logo.png" style="width: 250px" alt="EGIZ"></p> - <ul id="mainnav" class="clearfix"> -<!-- <li><a href="http://www2.egiz.gv.at">Home<span class="hidden">.</span></a></li> --> -<!-- <li><a href="http://www.stammzahlenregister.gv.at/site/5970/default.aspx">bPK<span class="hidden">.</span></a></li> - <li><a href="http://www.stammzahlenregister.gv.at/site/5981/default.aspx">Ergänzungsregister<span class="hidden">.</span></a></li> - <li class="selected"><a href="http://www.stammzahlenregister.gv.at/site/5983/default.aspx" class="current">Vollmachten<span class="hidden"> (gewählt)</span><span class="hidden">.</span></a></li> - <li><a href="http://www.stammzahlenregister.gv.at/site/6001/default.aspx">Veröffentlichungen<span class="hidden">.</span></a></li> --> - </ul> - - </div> - - - <br class="clearAll"> - - <div id="viewcontrol" class="switch"> - <div id="page1" class="case selected-case"> - <div style="margin-left: 0px;"> - - <h2 class="OA_header">Anmeldung an: #OAName#</h2> - - <div id="main"> - <div id="leftcontent"> - <h2 id="tabheader" class="dunkel"> - Login mit Bürgerkarte - </h2> - <div id="bkulogin" class="hell"> - - <div id="mandateLogin" style="margin-top: 10px; margin-bottom: 10px"> - <table style="margin-left: auto; margin-right: auto;"> - <tr> - <td><input tabindex="1" type="checkbox" name="Mandate" - style="vertical-align: middle; margin-right: 5px" - id="mandateCheckBox"></td> - <td><label for="mandateCheckBox">in Vertretung anmelden</label></td> - <td><a href="info_mandates.html" target="_blank" - class="infobutton" style="margin-left: 5px" tabindex="5">i</a></td> - </tr> -<!-- <tr> - <td><input tabindex="1" type="checkbox" name="SSO" - style="vertical-align: middle; margin-right: 5px" - id="SSOCheckBox"></td> - <td><label for="SSOCheckBox">Single Sign-On</label></td> - <td></td> - </tr> --> - </table> - </div> - - <div id="bkukarte" class="hell"> - <button name="bkuButton" type="button" onClick="bkuOnlineClicked();">KARTE</button> - </div> - - <div id="bkuhandy" class="hell"> - <button name="bkuButton" type="button" onClick="bkuHandyClicked();">HANDY</button> - </div> - - <!-- <div id="mandate"> - <input type="checkbox" name="Mandate" style="vertical-align: middle; margin-right: 5px;" id="mandateCheckBox"> - <label>in Vertretung anmelden</label> - <a href="info_mandates.html" target="_blank" class="infobutton" style="color:#FFF">i</a> - </div> --> - - <div id="stork" class="hell" align="center"> - <div id="leftcontent" style="margin-bottom:10px"> - <h2 id="tabheader" class="dunkel"> - Home Country Selection - </h2> - </div> - <p> - <select name="cccSelection" id="cccSelection" size="1" style="width: 120px; margin-right: 5px;" > - <option value="BE">België/Belgique</option> - <option value="EE">Eesti</option> - <option value="ES">España</option> - <option value="IS">Ísland</option> - <option value="IT">Italia</option> - <option value="LI">Liechtenstein</option> - <option value="LT">Lithuania</option> - <option value="PT">Portugal</option> - <option value="SI">Slovenija</option> - <option value="FI">Suomi</option> - <option value="SE">Sverige</option> - </select> - <button name="bkuButton" type="button" onClick="storkClicked();">Send</button> - <a href="info_stork.html" target="_blank" class="infobutton" style="color:#FFF">i</a> - </p> - </div> - </div> - - <div id="metroDetected" style="display:none" class="hell"> - <p> - Anscheinend verwenden Sie Internet Explorer im Metro-Modus. Wählen Sie bitte "Auf dem Desktop anzeigen" aus den Optionen um die Karten-Anmeldung starten zu können. - </p> - </div> - - <div id="localBKU" style="display:none" class="hell"> - <hr> - <form method="get" id="moaidform"> - <input type="hidden" name="bkuURI" value="#LOCAL#"> - <input type="hidden" name="useMandate" id="useMandate"> -<!-- <input type="hidden" name="SSO" id="useSSO"> --> - <input type="hidden" name="CCC" id="ccc"> - <input type="hidden" name="MODUL" value="#MODUL#"> - <input type="hidden" name="ACTION" value="#ACTION#"> - <input type="submit" size="400" value="lokale BKU" class="sendButton"> - </form> - <p> - <small>Alternativ können Sie eine lokal installierte BKU verwenden.</small> - </p> - </div> - </div> - </div> - </div> - </div> - </div> - - <br style="clear: both"> - <div id="footer" class="clearfix"> - -<!-- <h2 class="hidden">Über die Website der Stammzahlenregisterbehörde</h2> - <ul> - <li><a href="http://www.stammzahlenregister.gv.at/site/5115/Default.aspx" class="first-item">Impressum<span class="hidden">.</span></a></li> - <li><a href="http://www.stammzahlenregister.gv.at/site/6004/Default.aspx" lang="en">Sitemap<span class="hidden">.</span></a></li> - - <li><a href="http://www.stammzahlenregister.gv.at/site/5122/Default.aspx">Kontakt<span class="hidden">.</span></a></li> - <li><a href="http://www.stammzahlenregister.gv.at/site/6005/Default.aspx">Hilfe<span class="hidden">.</span></a></li> - </ul> --> - </div> - - - </div> - </div> - </div> -</body> -</html> diff --git a/id/server/idserverlib/src/main/resources/resources/templates/loginFormIFrame.html b/id/server/idserverlib/src/main/resources/resources/templates/loginFormIFrame.html deleted file mode 100644 index 3d39f9233..000000000 --- a/id/server/idserverlib/src/main/resources/resources/templates/loginFormIFrame.html +++ /dev/null @@ -1,260 +0,0 @@ -<html> -<head> - <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> - <meta content="text/css" http-equiv="Content-Style-Type"> - <link rel="stylesheet" type="text/css" href="#CONTEXTPATH#/css/index.css"> - - <script type="text/javascript"> - function isIE() { - return (/MSIE (\d+\.\d+);/.test(navigator.userAgent)); - } - - function isFullscreen() { - try { - return ((top.innerWidth == screen.width) && (top.innerHeight == screen.height)); - } catch (e) { - return false; - } - } - - function isActivexEnabled() { - var supported = null; - try { - supported = !!new ActiveXObject("htmlfile"); - } catch (e) { - supported = false; - } - return supported; - } - - function isMetro() { - if (!isIE()) - return false; - return !isActivexEnabled() && isFullscreen(); - } - - window.onload=function() { - document.getElementById("localBKU").style.display="block"; - return; - } - - function bkuLocalClicked() { - if (isMetro()) - document.getElementById("metroDetected").style.display="block"; - -/* if (checkMandateSSO()) - return; */ - - setMandateSelection(); -/* setSSOSelection(); */ - - document.getElementById("moaidform").submit(); - } - - function bkuOnlineClicked() { - if (isMetro()) - document.getElementById("metroDetected").style.display="block"; - -/* if (checkMandateSSO()) - return; */ - - setMandateSelection(); -/* setSSOSelection(); */ - - var iFrameURL = "#AUTH_URL#" + "?"; - iFrameURL += "bkuURI=" + "#ONLINE#"; - iFrameURL += "&useMandate=" + document.getElementById("useMandate").value; - iFrameURL += "&SSO=" + document.getElementById("useSSO").value; - iFrameURL += "&MODUL=" + "#MODUL#"; - iFrameURL += "&ACTION=" + "#ACTION#"; - - generateIFrame(iFrameURL); - } - - function bkuHandyClicked() { - document.getElementById("localBKU").style.display="none"; - -/* if (checkMandateSSO()) - return; */ - - setMandateSelection(); -/* setSSOSelection(); */ - - var iFrameURL = "#AUTH_URL#" + "?"; - iFrameURL += "bkuURI=" + "#HANDY#"; - iFrameURL += "&useMandate=" + document.getElementById("useMandate").value; - iFrameURL += "&SSO=" + document.getElementById("useSSO").value; - iFrameURL += "&MODUL=" + "#MODUL#"; - iFrameURL += "&ACTION=" + "#ACTION#"; - - generateIFrame(iFrameURL); - } - - function storkClicked() { - document.getElementById("localBKU").style.display="none"; - -/* if (checkMandateSSO()) - return; */ - - setMandateSelection(); -/* setSSOSelection(); */ - - var ccc = "AT"; - var countrySelection = document.getElementById("cccSelection"); - - if (countrySelection != null) { - ccc = document.getElementById("cccSelection").value; - } - - var iFrameURL = "#AUTH_URL#" + "?"; - iFrameURL += "bkuURI=" + "#ONLINE#"; - iFrameURL += "&useMandate=" + document.getElementById("useMandate").value; - iFrameURL += "&CCC=" + ccc; - iFrameURL += "&SSO=" + document.getElementById("useSSO").value; - iFrameURL += "&MODUL=" + "#MODUL#"; - iFrameURL += "&ACTION=" + "#ACTION#"; - - generateIFrame(iFrameURL); - } - - function generateIFrame(iFrameURL) { - var el = document.getElementById("bkulogin"); - var parent = el.parentNode; - - var iframe = document.createElement("iframe"); - iframe.setAttribute("src", iFrameURL); - iframe.setAttribute("width", "220"); - iframe.setAttribute("height", "165"); - iframe.setAttribute("frameborder", "0"); - iframe.setAttribute("scrolling", "no"); - iframe.setAttribute("title", "Login"); - - parent.replaceChild(iframe, el); - -/* document.location.href=iFrameURL; */ - } - - function setMandateSelection() { - document.getElementById("useMandate").value = "false"; - var checkbox = document.getElementById("mandateCheckBox"); - if (checkbox != null) { - if (document.getElementById("mandateCheckBox").checked) { - document.getElementById("useMandate").value = "true"; - } - } - } - -/* function setSSOSelection() { - document.getElementById("useSSO").value = "false"; - var checkbox = document.getElementById("SSOCheckBox"); - if (checkbox != null) { - if (document.getElementById("SSOCheckBox").checked) { - document.getElementById("useSSO").value = "true"; - } - } - } - - function checkMandateSSO() { - var sso = document.getElementById("SSOCheckBox"); - var mandate = document.getElementById("mandateCheckBox"); - - - if (sso.checked && mandate.checked) { - alert("Anmeldung in Vertretung in kombination mit Single Sign-On wird aktuell noch nicht unterstützt!") - mandate.checked = false; - sso.checked = false; - return true; - } else { - return false; - } - } */ - </script> -</head> - - -<body> - <div id="leftcontent"> - <h2 id="tabheader" class="dunkel"> - Login mit Bürgerkarte - </h2> - <div id="bkulogin" class="hell"> - - <div id="mandateLogin" style="margin-top: 10px; margin-bottom: 10px"> - <table style="margin-left: auto; margin-right: auto;"> - <tr> - <td><input tabindex="1" type="checkbox" name="Mandate" - style="vertical-align: middle; margin-right: 5px" - id="mandateCheckBox"></td> - <td><label for="mandateCheckBox">in Vertretung anmelden</label></td> - <td><a href="info_mandates.html" target="_blank" - class="infobutton" style="margin-left: 5px" tabindex="5">i</a></td> - </tr> -<!-- <tr> - <td><input tabindex="1" type="checkbox" name="SSO" - style="vertical-align: middle; margin-right: 5px" - id="SSOCheckBox"></td> - <td><label for="SSOCheckBox">Single Sign-On</label></td> - <td></td> - </tr> --> - </table> - </div> - - <div id="bkukarte" class="hell"> - <button name="bkuButton" type="button" onClick="bkuOnlineClicked();">KARTE</button> - </div> - - <div id="bkuhandy" class="hell"> - <button name="bkuButton" type="button" onClick="bkuHandyClicked();">HANDY</button> - </div> - - <div id="localBKU" style="display:none" class="hell"> - <hr> - <form method="get" id="moaidform" action="#AUTH_URL#"> - <input type="hidden" name="bkuURI" value="#LOCAL#"> - <input type="hidden" name="useMandate" id="useMandate"> - <input type="hidden" name="SSO" id="useSSO"> - <input type="hidden" name="CCC" id="ccc"> - <input type="hidden" name="MODUL" value="#MODUL#"> - <input type="hidden" name="ACTION" value="#ACTION#"> - <input type="submit" size="400" value="lokale BKU" class="sendButton" style="margin-top: 5px;"> - </form> - <p style="margin-bottom: 0px; margin-top: 3px;"> - <small>Alternativ können Sie eine lokal installierte BKU verwenden.</small> - </p> - </div> - - <div id="stork" class="hell" align="center"> - <div id="leftcontent" style="margin-bottom:10px"> - <h2 id="tabheader" class="dunkel"> - Home Country Selection - </h2> - </div> - <p> - <select name="cccSelection" id="cccSelection" size="1" style="width: 120px; margin-right: 5px;" > - <option value="BE">België/Belgique</option> - <option value="EE">Eesti</option> - <option value="ES">España</option> - <option value="IS">Ísland</option> - <option value="IT">Italia</option> - <option value="LI">Liechtenstein</option> - <option value="LT">Lithuania</option> - <option value="PT">Portugal</option> - <option value="SI">Slovenija</option> - <option value="FI">Suomi</option> - <option value="SE">Sverige</option> - </select> - <button name="bkuButton" type="button" onClick="storkClicked();">Send</button> - <a href="info_stork.html" target="_blank" class="infobutton" style="color:#FFF">i</a> - </p> - </div> - </div> - - <div id="metroDetected" style="display:none" class="hell"> - <p> - Anscheinend verwenden Sie Internet Explorer im Metro-Modus. Wählen Sie bitte "Auf dem Desktop anzeigen" aus den Optionen um die Karten-Anmeldung starten zu können. - </p> - </div> - - </div> -</body> -</html> diff --git a/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html b/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html index c4b7196b1..f4377ace4 100644 --- a/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html +++ b/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html @@ -65,6 +65,7 @@ <input type="hidden" name="value" value="true"> <input type="hidden" name="mod" value="#MODUL#"> <input type="hidden" name="action" value="#ACTION#"> + <input type="hidden" name="identifier" value="#ID#"> <input type="submit" size="400" value="Ja" class="setAssertionButton_full"> </form> </div> @@ -73,6 +74,7 @@ <input type="hidden" name="value" value="false"> <input type="hidden" name="mod" value="#MODUL#"> <input type="hidden" name="action" value="#ACTION#"> + <input type="hidden" name="identifier" value="#ID#"> <input type="submit" size="400" value="Nein" class="setAssertionButton_full"> </form> </div> diff --git a/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormIFrame.html b/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormIFrame.html index 46e8f46d8..a30bbfa9a 100644 --- a/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormIFrame.html +++ b/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormIFrame.html @@ -24,6 +24,7 @@ <input type="hidden" name="value" value="true"> <input type="hidden" name="mod" value="#MODUL#"> <input type="hidden" name="action" value="#ACTION#"> + <input type="hidden" name="identifier" value="#ID#"> <input type="submit" size="400" value="Ja" class="setAssertionButton"> </form> </div> @@ -32,6 +33,7 @@ <input type="hidden" name="value" value="false"> <input type="hidden" name="mod" value="#MODUL#"> <input type="hidden" name="action" value="#ACTION#"> + <input type="hidden" name="identifier" value="#ID#"> <input type="submit" size="400" value="Nein" class="setAssertionButton"> </form> </div> diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml index 540bd7b89..f04de3ad8 100644 --- a/id/server/moa-id-commons/pom.xml +++ b/id/server/moa-id-commons/pom.xml @@ -122,10 +122,8 @@ <extension>true</extension> <schemaDirectory>src/main/resources/config</schemaDirectory> <bindingDirectory>src/main/resources/config</bindingDirectory> - <!-- persistenceXml>src/main/resources/config/persistence_template.xml</persistenceXml--> + <persistenceXml>src/main/resources/config/persistence_template.xml</persistenceXml> <generatePackage>at.gv.egovernment.moa.id.commons.db.dao.config</generatePackage> - - <!-- roundtripTestClassName>RoundtripTest</roundtripTestClassName --> </configuration> </plugin> <plugin> diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBUtils.java index dc0e493d1..4bb0a08ea 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBUtils.java @@ -23,7 +23,7 @@ public final class ConfigurationDBUtils { protected ConfigurationDBUtils() { } - public static void initHibernate(Properties props) { + public static void initHibernate(Properties props) throws MOADatabaseException { try { @@ -44,13 +44,15 @@ public final class ConfigurationDBUtils { entitymanagerfactory = Persistence.createEntityManagerFactory("at.gv.egovernment.moa.id.commons.db.dao.config", props); + + Logger.debug("Initial session factory successfully created."); } catch (Throwable ex) { Logger.error("Initial session factory creation failed: " + ex.getMessage()); - throw new ExceptionInInitializerError(ex); + throw new MOADatabaseException("Initialization of Configuration Hibernate session factory failed.",ex); } } @@ -71,7 +73,7 @@ public final class ConfigurationDBUtils { EntityManager session = (EntityManager) THREAD_LOCAL_CONFIG.get(); // Open a new Session, if this Thread has none yet - if (session == null) { + if (session == null || !session.isOpen()) { session = getNewSession(); } return session; @@ -85,7 +87,7 @@ public final class ConfigurationDBUtils { return entitymanagerfactory.createEntityManager(); } EntityManager session = (EntityManager) THREAD_LOCAL_CONFIG.get(); - if (session != null) { + if (session != null ) { Logger.warn("Previous session has not been closed; closing session now."); closeSession(); } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/UserDatabase.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/UserDatabase.java new file mode 100644 index 000000000..d1887bfa6 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/UserDatabase.java @@ -0,0 +1,263 @@ +package at.gv.egovernment.moa.id.commons.db.dao.config; + +import java.io.Serializable; +import java.util.Date; +import java.util.List; + +import javax.persistence.CascadeType; +import javax.persistence.Column; +import javax.persistence.Entity; +import javax.persistence.GeneratedValue; +import javax.persistence.GenerationType; +import javax.persistence.Id; +import javax.persistence.OneToMany; +import javax.persistence.PreUpdate; +import javax.persistence.Table; +import javax.persistence.Temporal; +import javax.persistence.TemporalType; + +import org.hibernate.annotations.DynamicUpdate; + +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; + + +@Entity +@DynamicUpdate(value=true) +@Table(name = "userdatabase") +public class UserDatabase implements Serializable{ + + private static final long serialVersionUID = 1L; + + @Id + @GeneratedValue(strategy = GenerationType.IDENTITY) + @Column(name = "id", unique=true, nullable=false) + private long id; + + @Column(name = "givenname", nullable=false) + private String givenname; + + @Column(name = "familyname", nullable=false) + private String familyname; + + @Column(name = "institut", nullable=false) + private String institut; + + @Column(name = "mail", nullable=false) + private String mail; + + @Column(name = "phone", nullable=false) + private String phone; + + @Column(name = "username", unique=true, nullable=false) + private String username; + + @Column(name = "password", nullable=false) + private String password; + + @Column(name = "bpk", unique=true, nullable=false) + private String bpk; + + @Column(name = "isadmin", nullable=false) + private boolean isadmin; + + @Column(name = "isactive", nullable=false) + private boolean isactive; + + @OneToMany(mappedBy="hjid", cascade=CascadeType.REFRESH) + private List<OnlineApplication> registratedOAs = null; + + @Column(name = "lastlogin") + @Temporal(TemporalType.TIMESTAMP) + private Date lastlogin; + + @PreUpdate + protected void lastUpdate() { + this.lastlogin = new Date(); + } + + /** + * @return the id + */ + public long getId() { + return id; + } + + /** + * @param id the id to set + */ + public void setId(long id) { + this.id = id; + } + + /** + * @return the givenname + */ + public String getGivenname() { + return givenname; + } + + /** + * @param givenname the givenname to set + */ + public void setGivenname(String givenname) { + this.givenname = givenname; + } + + /** + * @return the familyname + */ + public String getFamilyname() { + return familyname; + } + + /** + * @param familyname the familyname to set + */ + public void setFamilyname(String familyname) { + this.familyname = familyname; + } + + /** + * @return the institut + */ + public String getInstitut() { + return institut; + } + + /** + * @param institut the institut to set + */ + public void setInstitut(String institut) { + this.institut = institut; + } + + /** + * @return the mail + */ + public String getMail() { + return mail; + } + + /** + * @param mail the mail to set + */ + public void setMail(String mail) { + this.mail = mail; + } + + /** + * @return the phone + */ + public String getPhone() { + return phone; + } + + /** + * @param phone the phone to set + */ + public void setPhone(String phone) { + this.phone = phone; + } + + /** + * @return the username + */ + public String getUsername() { + return username; + } + + /** + * @param username the username to set + */ + public void setUsername(String username) { + this.username = username; + } + + /** + * @return the password + */ + public String getPassword() { + return password; + } + + /** + * @param password the password to set + */ + public void setPassword(String password) { + this.password = password; + } + + /** + * @return the bpk + */ + public String getBpk() { + return bpk; + } + + /** + * @param bpk the bpk to set + */ + public void setBpk(String bpk) { + this.bpk = bpk; + } + + /** + * @return the isadmin + */ + public boolean isIsadmin() { + return isadmin; + } + + /** + * @param isadmin the isadmin to set + */ + public void setIsadmin(boolean isadmin) { + this.isadmin = isadmin; + } + + /** + * @return the isactive + */ + public boolean isIsactive() { + return isactive; + } + + /** + * @param isactive the isactive to set + */ + public void setIsactive(boolean isactive) { + this.isactive = isactive; + } + + /** + * @return the registratedOAs + */ + public List<OnlineApplication> getRegistratedOAs() { + return registratedOAs; + } + + /** + * @param registratedOAs the registratedOAs to set + */ + public void setRegistratedOAs(List<OnlineApplication> registratedOAs) { + this.registratedOAs = registratedOAs; + } + + /** + * @return the lastlogin + */ + public Date getLastlogin() { + return lastlogin; + } + + /** + * @param lastlogin the lastlogin to set + */ + public void setLastlogin(Date lastlogin) { + this.lastlogin = lastlogin; + } + + +} + + diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java index c08fe1bb2..ed865d70f 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java @@ -30,6 +30,7 @@ import org.hibernate.annotations.DynamicUpdate; @NamedQueries({ @NamedQuery(name="getSessionWithID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore where authenticatedsessionstore.sessionid = :sessionid"), @NamedQuery(name="getSessionWithSSOID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore where authenticatedsessionstore.SSOsessionid = :sessionid"), + @NamedQuery(name="getSessionWithPendingRequestID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore where authenticatedsessionstore.pendingRequestID = :sessionid"), @NamedQuery(name="getMOAISessionsWithTimeOut", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore where authenticatedsessionstore.created < :timeoutcreate or authenticatedsessionstore.updated < :timeoutupdate") }) @@ -57,6 +58,9 @@ public class AuthenticatedSessionStore implements Serializable{ @Column(name = "isSSOSession", nullable=false) private boolean isSSOSession = false; + @Column(name = "pendingRequestID", nullable=false) + private String pendingRequestID = ""; + @Column(name = "created", updatable=false, nullable=false) @Temporal(TemporalType.TIMESTAMP) private Date created; @@ -165,7 +169,19 @@ public class AuthenticatedSessionStore implements Serializable{ this.oldssosessionids = oldssosessionids; } - + /** + * @return the pendingRequestID + */ + public String getPendingRequestID() { + return pendingRequestID; + } + + /** + * @param pendingRequestID the pendingRequestID to set + */ + public void setPendingRequestID(String pendingRequestID) { + this.pendingRequestID = pendingRequestID; + } + - } diff --git a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd index 9f4e54212..a90205260 100644 --- a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd +++ b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd @@ -504,6 +504,7 @@ <xsd:complexType name="ProxyComponentType"/> <xsd:complexType name="OnlineApplicationType"> <xsd:sequence> + <xsd:element name="isActive" type="xsd:boolean" minOccurs="1" maxOccurs="1" default="false"/> <xsd:element name="AuthComponent_OA" minOccurs="0"> <xsd:annotation> <xsd:documentation>enthält Parameter über die OA, die die diff --git a/id/server/moa-id-commons/src/main/resources/config/persistence_template.xml b/id/server/moa-id-commons/src/main/resources/config/persistence_template.xml index d7ec8c625..727be25ec 100644 --- a/id/server/moa-id-commons/src/main/resources/config/persistence_template.xml +++ b/id/server/moa-id-commons/src/main/resources/config/persistence_template.xml @@ -2,9 +2,6 @@ <persistence version="1.0" xsi:schemaLocation="http://java.sun.com/xml/ns/persistence http://java.sun.com/xml/ns/persistence/persistence_1_0.xsd http://java.sun.com/xml/ns/persistence/orm http://java.sun.com/xml/ns/persistence/orm_1_0.xsd" xmlns="http://java.sun.com/xml/ns/persistence" xmlns:orm="http://java.sun.com/xml/ns/persistence/orm" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <persistence-unit name="##generated"> - <class>at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore</class> - <class>at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore</class> - <class>at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore</class> - <class>at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore</class> + <class>at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase</class> </persistence-unit> </persistence> |