aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2015-04-22 13:28:59 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2015-04-22 13:28:59 +0200
commit57a308e8e61dd1dd435b149ec01a66059f10adfb (patch)
treef4de9d06a78df1c62c00814d01961a9ea9987949
parentec2ab41165db55c77ebc203091f6d9f5effa95b5 (diff)
downloadmoa-id-spss-57a308e8e61dd1dd435b149ec01a66059f10adfb.tar.gz
moa-id-spss-57a308e8e61dd1dd435b149ec01a66059f10adfb.tar.bz2
moa-id-spss-57a308e8e61dd1dd435b149ec01a66059f10adfb.zip
add unique session ID for logging
-rw-r--r--id/server/data/deploy/conf/moa-id/log4j.properties6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/TransactionIDUtils.java26
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionExtensions.java52
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java33
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java25
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java87
-rw-r--r--id/server/moa-id-commons/pom.xml7
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java23
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/JsonMapper.java73
-rw-r--r--pom.xml21
18 files changed, 345 insertions, 50 deletions
diff --git a/id/server/data/deploy/conf/moa-id/log4j.properties b/id/server/data/deploy/conf/moa-id/log4j.properties
index c7dece5c5..7ad5aefde 100644
--- a/id/server/data/deploy/conf/moa-id/log4j.properties
+++ b/id/server/data/deploy/conf/moa-id/log4j.properties
@@ -14,8 +14,8 @@ log4j.logger.org.hibernate=warn
# configure the stdout appender
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
-#log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %20c | %10t | %m%n
-log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %20.20c | %10t | %m%n
+#log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %X{transactionId} | %20c | %10t | %m%n
+log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %X{transactionId} |%20.20c | %10t | %m%n
# configure the rolling file appender (R)
log4j.appender.R=org.apache.log4j.RollingFileAppender
@@ -23,5 +23,5 @@ log4j.appender.R.File=${catalina.base}/logs/moa-id.log
log4j.appender.R.MaxFileSize=10000KB
log4j.appender.R.MaxBackupIndex=1
log4j.appender.R.layout=org.apache.log4j.PatternLayout
-log4j.appender.R.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n
+log4j.appender.R.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %X{transactionId} | %t | %m%n
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/TransactionIDUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/TransactionIDUtils.java
index d428cddd1..7f6f2c6b3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/TransactionIDUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/TransactionIDUtils.java
@@ -22,9 +22,11 @@
*/
package at.gv.egovernment.moa.id.advancedlogging;
-import org.slf4j.MDC;
+
+import java.util.Date;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.util.MiscUtil;
/**
* @author tlenz
@@ -33,14 +35,32 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
public class TransactionIDUtils {
public static void setTransactionId(String pendingRequestID) {
- MDC.put(MOAIDAuthConstants.MDC_TRANSACTION_ID,
+ org.apache.log4j.MDC.put(MOAIDAuthConstants.MDC_TRANSACTION_ID,
+ "TID-" + pendingRequestID);
+ org.slf4j.MDC.put(MOAIDAuthConstants.MDC_TRANSACTION_ID,
"TID-" + pendingRequestID);
}
public static void removeTransactionId() {
- MDC.remove(MOAIDAuthConstants.MDC_TRANSACTION_ID);
+ org.apache.log4j.MDC.remove(MOAIDAuthConstants.MDC_TRANSACTION_ID);
+ org.slf4j.MDC.remove(MOAIDAuthConstants.MDC_TRANSACTION_ID);
+
+ }
+
+ public static void setSessionId(String uniqueSessionId) {
+ org.apache.log4j.MDC.put(MOAIDAuthConstants.MDC_SESSION_ID,
+ "TID-" + uniqueSessionId);
+ org.slf4j.MDC.put(MOAIDAuthConstants.MDC_SESSION_ID,
+ "TID-" + uniqueSessionId);
+
+ }
+
+ public static void removeSessionId() {
+ org.apache.log4j.MDC.remove(MOAIDAuthConstants.MDC_SESSION_ID);
+ org.slf4j.MDC.remove(MOAIDAuthConstants.MDC_SESSION_ID);
}
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
index ac8d00ac8..fe09e743d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
@@ -169,4 +169,5 @@ public interface MOAIDAuthConstants {
public static final String REGEX_PATTERN_TARGET = "^[A-Za-z]{2}(-.*)?$";
public static final String MDC_TRANSACTION_ID = "transactionId";
+ public static final String MDC_SESSION_ID = "sessionId";
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionExtensions.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionExtensions.java
new file mode 100644
index 000000000..61b8f7bd3
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionExtensions.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.data;
+
+import java.io.Serializable;
+
+/**
+ * @author tlenz
+ *
+ */
+public class AuthenticationSessionExtensions implements Serializable{
+
+ private static final long serialVersionUID = 1L;
+
+ private String uniqueSessionId = null;
+
+ /**
+ * @return the uniqueSessionId
+ */
+ public String getUniqueSessionId() {
+ return uniqueSessionId;
+ }
+
+ /**
+ * @param uniqueSessionId the uniqueSessionId to set
+ */
+ public void setUniqueSessionId(String uniqueSessionId) {
+ this.uniqueSessionId = uniqueSessionId;
+ }
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
index ee6f0d5a4..77f2cabc4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
@@ -10,6 +10,7 @@ import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.lang3.ObjectUtils;
+import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
@@ -114,6 +115,8 @@ public class CreateIdentityLinkFormTask extends AbstractAuthServletTask {
finally {
ConfigurationDBUtils.closeSession();
+ TransactionIDUtils.removeTransactionId();
+ TransactionIDUtils.removeSessionId();
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java
index 49aa1c0f5..40e9fc819 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java
@@ -13,6 +13,7 @@ import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
@@ -67,9 +68,12 @@ public class ProcessEngineSignalServlet extends AuthServlet {
// retrieve moa session
pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
+ AuthenticationSessionExtensions extendedSessionInformation = AuthenticationSessionStoreage.getAuthenticationSessionExtensions(sessionID);
AuthenticationSession session = AuthenticationServer.getSession(sessionID);
- //add transactionID to Logger
+ //add transactionID and unique sessionID to Logger
+ if (extendedSessionInformation != null)
+ TransactionIDUtils.setSessionId(extendedSessionInformation.getUniqueSessionId());
TransactionIDUtils.setTransactionId(pendingRequestID);
// process instance is mandatory
@@ -86,6 +90,7 @@ public class ProcessEngineSignalServlet extends AuthServlet {
} finally {
MOASessionDBUtils.closeSession();
TransactionIDUtils.removeTransactionId();
+ TransactionIDUtils.removeSessionId();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index cce260d04..b287eb014 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -52,6 +52,7 @@ import at.gv.egovernment.moa.id.moduls.IModulInfo;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.moduls.ModulStorage;
import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException;
+import at.gv.egovernment.moa.id.moduls.RequestImpl;
import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.moduls.SSOManager;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestValidatorException;
@@ -240,12 +241,16 @@ public class DispatcherServlet extends AuthServlet{
}
}
+ IRequest protocolRequest = null;
+ String uniqueSessionIdentifier = null;
+
//get SSO Cookie for Request
SSOManager ssomanager = SSOManager.getInstance();
String ssoId = ssomanager.getSSOSessionID(req);
- IRequest protocolRequest = null;
-
+ //load unique session identifier with SSO-sessionID
+ uniqueSessionIdentifier = ssomanager.getUniqueSessionIdentifier(ssoId);
+
try {
Object idObject = req.getParameter(PARAM_TARGET_PENDINGREQUESTID);
@@ -256,6 +261,10 @@ public class DispatcherServlet extends AuthServlet{
//get IRequest if it exits
if (protocolRequest != null) {
+
+ //set session and transaction IDs
+ TransactionIDUtils.setTransactionId(protocolRequestID);
+ TransactionIDUtils.setSessionId(protocolRequest.getSessionIdentifier());
Logger.debug(DispatcherServlet.class.getName()+": Found PendingRequest with ID " + protocolRequestID);
} else {
@@ -266,6 +275,15 @@ public class DispatcherServlet extends AuthServlet{
}
} else {
try {
+ //set transactionID to Logger
+ protocolRequestID = Random.nextRandom();
+
+ if (MiscUtil.isEmpty(uniqueSessionIdentifier))
+ uniqueSessionIdentifier = Random.nextRandom();
+
+ TransactionIDUtils.setTransactionId(protocolRequestID);
+ TransactionIDUtils.setSessionId(uniqueSessionIdentifier);
+
protocolRequest = info.preProcess(req, resp, action);
//request is a valid interfederation response
@@ -319,8 +337,8 @@ public class DispatcherServlet extends AuthServlet{
else
moduleAction = info.getAction(protocolRequest.requestedAction());
- protocolRequestID = Random.nextRandom();
- protocolRequest.setRequestID(protocolRequestID);
+ protocolRequest.setRequestID(protocolRequestID);
+ ((RequestImpl)protocolRequest).setSessionIdentifier(uniqueSessionIdentifier);
RequestStorage.setPendingRequest(protocolRequest);
Logger.debug(DispatcherServlet.class.getName()+": Create PendingRequest with ID " + protocolRequestID + ".");
@@ -546,12 +564,11 @@ public class DispatcherServlet extends AuthServlet{
finally {
ConfigurationDBUtils.closeSession();
+ Logger.trace("Clossing Dispatcher processing loop");
+
TransactionIDUtils.removeTransactionId();
-
+ TransactionIDUtils.removeSessionId();
}
-
- Logger.info("Clossing Dispatcher processing loop");
- Logger.info("Http response prepared sent: " + resp.toString());
}
@Override
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 49f3df25c..cbfdfc36b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -569,7 +569,7 @@ public class AuthenticationManager implements MOAIDAuthConstants {
try {
//check if an MOASession exists and if not create an new MOASession
//moasession = getORCreateMOASession(request);
- moasession = AuthenticationSessionStoreage.createSession(target.getRequestID());
+ moasession = AuthenticationSessionStoreage.createSession(target);
} catch (MOADatabaseException e1) {
Logger.error("Database Error! MOASession can not be created!");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
index aaeb84f92..7fe933695 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
@@ -22,6 +22,7 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.moduls;
+import java.util.Date;
import java.util.List;
import org.opensaml.saml2.core.Attribute;
@@ -40,6 +41,7 @@ public interface IRequest {
public String getTarget();
public void setRequestID(String id);
public String getRequestID();
+ public String getSessionIdentifier();
public String getRequestedIDP();
public MOAResponse getInterfederationResponse();
public List<Attribute> getRequestedAttributes();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
index 4a54a516b..77256c897 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
@@ -41,6 +41,7 @@ public abstract class RequestImpl implements IRequest, Serializable{
private String action = null;
private String target = null;
private String requestID;
+ private String sessionIdentifier;
//MOA-ID interfederation
private String requestedIDP = null;
@@ -147,6 +148,14 @@ public abstract class RequestImpl implements IRequest, Serializable{
this.response = response;
}
+ public String getSessionIdentifier() {
+ return this.sessionIdentifier;
+
+ }
+ public void setSessionIdentifier(String sessionIdentifier) {
+ this.sessionIdentifier = sessionIdentifier;
+
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java
index be8e2dc2a..f0b12431a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java
@@ -36,8 +36,9 @@ public class RequestStorage {
AssertionStorage storage = AssertionStorage.getInstance();
IRequest pendingRequest = storage.get(pendingReqID, IRequest.class);
- //set transactionID to Logger
+ //set transactionID and sessionID to Logger
TransactionIDUtils.setTransactionId(((IRequest)pendingRequest).getRequestID());
+ TransactionIDUtils.setSessionId(((IRequest)pendingRequest).getSessionIdentifier());
return pendingRequest;
@@ -54,10 +55,7 @@ public class RequestStorage {
if (pendingRequest instanceof IRequest) {
storage.put(((IRequest)pendingRequest).getRequestID(), pendingRequest);
-
- //set transactionID to Logger
- TransactionIDUtils.setTransactionId(((IRequest)pendingRequest).getRequestID());
-
+
} else {
throw new MOAIDException("auth.20", null);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
index 68545e1c2..04af8cea9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
@@ -25,10 +25,8 @@ package at.gv.egovernment.moa.id.moduls;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
-import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
-import java.io.Reader;
import java.io.StringWriter;
import java.net.URI;
import java.util.Date;
@@ -38,23 +36,21 @@ import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import org.apache.velocity.Template;
import org.apache.velocity.VelocityContext;
-import org.apache.velocity.app.Velocity;
import org.apache.velocity.app.VelocityEngine;
import org.hibernate.Query;
import org.hibernate.Session;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.id.util.VelocityProvider;
@@ -192,6 +188,23 @@ public class SSOManager {
}
+ public String getUniqueSessionIdentifier(String ssoSessionID) {
+ try {
+ if (MiscUtil.isNotEmpty(ssoSessionID)) {
+ String moaSessionID = AuthenticationSessionStoreage.getMOASessionSSOID(ssoSessionID);
+ if (MiscUtil.isNotEmpty(moaSessionID)) {
+ AuthenticationSessionExtensions extSessionInformation = AuthenticationSessionStoreage.getAuthenticationSessionExtensions(moaSessionID);
+ return extSessionInformation.getUniqueSessionId();
+
+ }
+ }
+ } catch (MOADatabaseException e) {
+ Logger.debug("No SSO Session with SSO sessionID: " + ssoSessionID);
+ }
+
+ return null;
+ }
+
public String existsOldSSOSession(String ssoId) {
Logger.trace("Check that the SSOID has already been used");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index cf20db7d9..045db3f45 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -57,6 +57,7 @@ import org.opensaml.xml.signature.SignableXMLObject;
import java.util.Arrays;
+import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
@@ -252,11 +253,16 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
IRequest obj = RequestStorage.getPendingRequest(msg.getRelayState());
if (obj instanceof RequestImpl) {
RequestImpl iReqSP = (RequestImpl) obj;
-
+
MOAResponse processedMsg = preProcessAuthResponse((MOAResponse) msg);
if ( processedMsg != null ) {
- iReqSP.setInterfederationResponse(processedMsg);
+ iReqSP.setInterfederationResponse(processedMsg);
+
+ Logger.info("Receive a valid assertion from IDP " + msg.getEntityID()
+ + ". Switch to original transaction with ID " + iReqSP.getRequestID());
+ TransactionIDUtils.setTransactionId(iReqSP.getRequestID());
+ TransactionIDUtils.setSessionId(iReqSP.getSessionIdentifier());
} else {
Logger.info("Interfederated IDP " + msg.getEntityID() + " has NO valid SSO session."
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
index 4288f48ad..541dc23b6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
@@ -33,7 +33,10 @@ import org.hibernate.Query;
import org.hibernate.Session;
import org.hibernate.Transaction;
+import com.fasterxml.jackson.core.JsonProcessingException;
+
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
@@ -42,6 +45,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionSto
import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.commons.utils.JsonMapper;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
@@ -60,6 +64,8 @@ public class AuthenticationSessionStoreage {
//private static HashMap<String, AuthenticationSession> sessionStore = new HashMap<String, AuthenticationSession>();
+ private static JsonMapper mapper = new JsonMapper();
+
public static boolean isAuthenticated(String moaSessionID) {
AuthenticatedSessionStore session;
@@ -73,34 +79,44 @@ public class AuthenticationSessionStoreage {
}
}
- public static AuthenticationSession createSession(String pendingRequestID) throws MOADatabaseException, BuildException {
+ public static AuthenticationSession createSession(IRequest target) throws MOADatabaseException, BuildException {
String id = Random.nextRandom();
-
- AuthenticatedSessionStore dbsession = new AuthenticatedSessionStore();
- dbsession.setSessionid(id);
- dbsession.setAuthenticated(false);
+ try {
+ AuthenticatedSessionStore dbsession = new AuthenticatedSessionStore();
+ dbsession.setSessionid(id);
+ dbsession.setAuthenticated(false);
- //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
- Date now = new Date();
- dbsession.setCreated(now);
- dbsession.setUpdated(now);
+ //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
+ Date now = new Date();
+ dbsession.setCreated(now);
+ dbsession.setUpdated(now);
- dbsession.setPendingRequestID(pendingRequestID);
+ dbsession.setPendingRequestID(target.getRequestID());
- AuthenticationSession session = new AuthenticationSession(id, now);
- encryptSession(session, dbsession);
+ //set additional session informations
+ AuthenticationSessionExtensions sessionExt = new AuthenticationSessionExtensions();
+ sessionExt.setUniqueSessionId(target.getSessionIdentifier());
+ dbsession.setAdditionalInformation(mapper.serialize(sessionExt));
- //store AssertionStore element to Database
- try {
+ AuthenticationSession session = new AuthenticationSession(id, now);
+ encryptSession(session, dbsession);
+
+ //store AssertionStore element to Database
MOASessionDBUtils.saveOrUpdate(dbsession);
Logger.info("MOASession with sessionID=" + id + " is stored in Database");
+ return session;
+
} catch (MOADatabaseException e) {
Logger.warn("MOASession could not be created.");
throw new MOADatabaseException(e);
+
+ } catch (JsonProcessingException e) {
+ Logger.warn("Extended session information can not be stored.", e);
+ throw new MOADatabaseException(e);
+
}
-
- return session;
+
}
public static AuthenticationSession getSession(String sessionID) throws MOADatabaseException {
@@ -118,6 +134,45 @@ public class AuthenticationSessionStoreage {
throw new MOADatabaseException("MOASession deserialization-exception");
}
}
+
+ public static AuthenticationSessionExtensions getAuthenticationSessionExtensions(String sessionID) throws MOADatabaseException {
+ AuthenticatedSessionStore dbsession = searchInDatabase(sessionID, true);
+
+ if (MiscUtil.isNotEmpty(dbsession.getAdditionalInformation())) {
+ try {
+ return (AuthenticationSessionExtensions)mapper.deserialize(dbsession.getAdditionalInformation(),
+ AuthenticationSessionExtensions.class);
+
+ } catch (Exception e) {
+ Logger.warn("Extended session information extraction FAILED!", e);
+ }
+ }
+ return null;
+
+ }
+
+ public static void setAuthenticationSessionExtensions(String sessionID, AuthenticationSessionExtensions sessionExtensions) throws MOADatabaseException {
+ try {
+ AuthenticatedSessionStore dbsession = searchInDatabase(sessionID, true);
+
+ dbsession.setAdditionalInformation(
+ mapper.serialize(sessionExtensions));
+
+ MOASessionDBUtils.saveOrUpdate(dbsession);
+ Logger.debug("MOASession with sessionID=" + sessionID + " is stored in Database");
+
+
+ } catch (MOADatabaseException e) {
+ Logger.warn("MOASession could not be stored.");
+ throw new MOADatabaseException(e);
+
+ } catch (JsonProcessingException e) {
+ Logger.warn("Extended session information can not be stored.", e);
+ throw new MOADatabaseException("Extended session information can not be stored.", e);
+
+ }
+
+ }
public static void storeSession(AuthenticationSession session) throws MOADatabaseException, BuildException {
storeSession(session, null);
diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml
index 27beeaaf3..a8653509b 100644
--- a/id/server/moa-id-commons/pom.xml
+++ b/id/server/moa-id-commons/pom.xml
@@ -123,6 +123,13 @@
<artifactId>mysql-connector-java</artifactId>
<version>${mysql-connector.java}</version>
</dependency>
+
+ <dependency>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-databind</artifactId>
+ </dependency>
+
+
</dependencies>
<build>
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java
index e27bd6cd7..af5950c98 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java
@@ -96,6 +96,10 @@ public class AuthenticatedSessionStore implements Serializable{
@Column(name = "pendingRequestID", nullable=true)
private String pendingRequestID = "";
+ @Column(name = "additionalInformation", nullable=true)
+ @Lob
+ private String additionalInformation;
+
@Column(name = "created", updatable=false, nullable=false)
@Temporal(TemporalType.TIMESTAMP)
private Date created;
@@ -113,11 +117,6 @@ public class AuthenticatedSessionStore implements Serializable{
@OneToMany(mappedBy="moasession", cascade=CascadeType.ALL, fetch=FetchType.EAGER)
private List<InterfederationSessionStore> inderfederation = null;
- @PrePersist
- protected void created() {
- this.updated = this.created = new Date();
- }
-
@PreUpdate
protected void lastUpdate() {
this.updated = new Date();
@@ -262,6 +261,20 @@ public class AuthenticatedSessionStore implements Serializable{
public void setInterfederatedSSOSession(boolean isInterfederatedSSOSession) {
this.isInterfederatedSSOSession = isInterfederatedSSOSession;
}
+
+ /**
+ * @return the additionalInformation
+ */
+ public String getAdditionalInformation() {
+ return additionalInformation;
+ }
+
+ /**
+ * @param additionalInformation the additionalInformation to set
+ */
+ public void setAdditionalInformation(String additionalInformation) {
+ this.additionalInformation = additionalInformation;
+ }
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/JsonMapper.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/JsonMapper.java
new file mode 100644
index 000000000..7940955e2
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/JsonMapper.java
@@ -0,0 +1,73 @@
+package at.gv.egovernment.moa.id.commons.utils;
+
+import java.io.IOException;
+
+import com.fasterxml.jackson.annotation.JsonAutoDetect.Visibility;
+import com.fasterxml.jackson.annotation.PropertyAccessor;
+import com.fasterxml.jackson.core.JsonParseException;
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.JavaType;
+import com.fasterxml.jackson.databind.JsonMappingException;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.SerializationFeature;
+import com.fasterxml.jackson.databind.type.TypeFactory;
+
+/**
+ * Helper class to handle the JSON (de-)serialization.
+ *
+ */
+public class JsonMapper {
+
+ private ObjectMapper mapper = new ObjectMapper();
+
+ /**
+ * The default constructor where the default pretty printer is disabled.
+ */
+ public JsonMapper() {
+ this(false);
+ }
+
+ /**
+ * The constructor.
+ * @param prettyPrint enables or disables the default pretty printer
+ */
+ public JsonMapper(boolean prettyPrint) {
+ mapper.setVisibility(PropertyAccessor.ALL, Visibility.NONE);
+ mapper.setVisibility(PropertyAccessor.GETTER, Visibility.PUBLIC_ONLY);
+ mapper.setVisibility(PropertyAccessor.IS_GETTER, Visibility.PUBLIC_ONLY);
+ if (prettyPrint) {
+ mapper.enable(SerializationFeature.INDENT_OUTPUT);
+ }
+ }
+
+ /**
+ * Serialize an object to a JSON string.
+ * @param value the object to serialize
+ * @return a JSON string
+ * @throws JsonProcessingException thrown when an error occurs during serialization
+ */
+ public String serialize(Object value) throws JsonProcessingException {
+ return mapper.writeValueAsString(value);
+ }
+
+ /**
+ * Deserialize a JSON string.
+ *
+ * @param value the JSON string to deserialize
+ * @param clazz optional parameter that determines the type of the returned object. If not set, an {@link Object} is returned.
+ * @return the deserialized JSON string as an object of type {@code clazz} or {@link Object}
+ * @throws JsonParseException if the JSON string contains invalid content.
+ * @throws JsonMappingException if the input JSON structure does not match structure expected for result type
+ * @throws IOException if an I/O problem occurs (e.g. unexpected end-of-input)
+ */
+ public <T> Object deserialize(String value, Class<T> clazz) throws JsonParseException, JsonMappingException, IOException{
+
+ ObjectMapper mapper = new ObjectMapper();
+ if (clazz != null) {
+ JavaType javaType = TypeFactory.defaultInstance().constructType(clazz);
+ return mapper.readValue(value, javaType);
+ } else {
+ return mapper.readValue(value, Object.class);
+ }
+ }
+}
diff --git a/pom.xml b/pom.xml
index 2ecc43a21..fcf249349 100644
--- a/pom.xml
+++ b/pom.xml
@@ -45,6 +45,7 @@
<org.apache.commons.lang3.version>3.4</org.apache.commons.lang3.version>
<org.apache.commons.collections4.version>4.0</org.apache.commons.collections4.version>
<jodatime.version>2.7</jodatime.version>
+ <jackson-version>2.5.0</jackson-version>
</properties>
@@ -658,6 +659,26 @@
<version>${org.springframework.version}</version>
</dependency>
+
+ <!-- the core, which includes Streaming API, shared low-level abstractions (but NOT data-binding) -->
+ <dependency>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ <version>${jackson-version}</version>
+ </dependency>
+ <!-- databinding; ObjectMapper, JsonNode and related classes are here -->
+ <dependency>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-databind</artifactId>
+ <version>${jackson-version}</version>
+ </dependency>
+ <dependency>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-annotations</artifactId>
+ <version>${jackson-version}</version>
+ </dependency>
+
+
</dependencies>
</dependencyManagement>