diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2014-03-10 08:43:14 +0100 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2014-03-10 08:43:14 +0100 |
commit | cc30fc1467241bf3bc90a292ee88dcf07b542a49 (patch) | |
tree | 5e1aab3b384c454ae5e318d8d6983cccd9395580 | |
parent | 114185c85148cddde3c5d24b3b92dc6ec881b2e8 (diff) | |
parent | 5b31c460806ae2e1900a3df323e7fecfdb798e32 (diff) | |
download | moa-id-spss-cc30fc1467241bf3bc90a292ee88dcf07b542a49.tar.gz moa-id-spss-cc30fc1467241bf3bc90a292ee88dcf07b542a49.tar.bz2 moa-id-spss-cc30fc1467241bf3bc90a292ee88dcf07b542a49.zip |
Merge branch 'Authentication_withOut_httpSessionBinding' into moa2_0_tlenz
14 files changed, 158 insertions, 173 deletions
diff --git a/id/ConfigWebTool/src/main/resources/applicationResources.properties b/id/ConfigWebTool/src/main/resources/applicationResources.properties index 914c4cd62..830a638a1 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources.properties @@ -107,7 +107,7 @@ webpages.moaconfig.certificates.trustmanagerrev=TrustManagerRevocationChecking webpages.moaconfig.certificates.trustCACerts=TrustedCACertificates webpages.moaconfig.certificates.chainingmode=ChainingMode webpages.moaconfig.timeout.header=Session TimeOuts -webpages.moaconfig.timeout.assertion=Assertion [sec] +webpages.moaconfig.timeout.assertion=Anmeldedaten [sec] webpages.moaconfig.timeout.MOASessionCreated=SSO Session authentifiziert [sec] webpages.moaconfig.timeout.MOASessionUpdated=SSO Session letzter Zugriff [sec] webpages.moaconfig.moasp.header=MOA-SP Konfiguration diff --git a/id/server/doc/handbook/config/config.html b/id/server/doc/handbook/config/config.html index b41389798..4d8976776 100644 --- a/id/server/doc/handbook/config/config.html +++ b/id/server/doc/handbook/config/config.html @@ -960,9 +960,14 @@ Checking</td> <th width="921" scope="col">Beschreibung</th> </tr> <tr> - <td>Assertion</td> + <td>Anmeldedaten</td> <td>300</td> - <td>Gibt die Zeitspanne in Sekunden an, für die die Anmeldedaten in der Authentisierungskomponente (MOA-ID-Auth) zum Abholen durch die eine nachfolgende Applikation bereitstehen. Nach Ablauf dieser Zeitspanne werden die Anmeldedaten gelöscht.</td> + <td><p>Gibt die Zeitspanne in Sekunden an, für die Anmeldedaten, temporäre Sessiondaten oder Assertions in der Authentisierungskomponente (MOA-ID-Auth) vorrätig gehalten werden. Nach Ablauf dieser Zeitspanne werden diese Daten gelöscht oder der Anmeldevorgang abgebrochen. Dieser Parameter hat Einfluss auf folgende Funktionen:</p> + <ul> + <li>maximale Zeitspanne eines Anmeldevorgangs vom Authentification Request bis zur Authentification Response gerechnet.</li> + <li>maximale Zeitspanne welche einer Online-Applikation zum Abholen der Anmeldedaten zur Verfügung steht. (SAML mit Artifact Binding und OpenID Connect)</li> + <li>maximale Zeitspanne zum Abholen zusätzlicher STORK2 Attribute (Zeitdauer je Attribut)</li> + </ul> </td> </tr> <tr> <td>SSO Session authentifiziert</td> @@ -1418,11 +1423,11 @@ Soll die Bürgerkartenauswahl weiterhin, wie in MOA-ID 1.5.1 im Kontext der <td> </td> <td align="center"> </td> <td align="center">X</td> - <td>Definiert ob eine Online-Applikation ausschließlich Anmeldungen mittels Online-Vollmachten unterstützt. Wenn ja, wird in während der BKU-Auswahl die Option <em>in Vertretung</em> für eine Anmeldung in Vertretung standardmäßig aktiviert und diese Einstellung kann durch die BenutzerIn oder den Benutzer nicht geändert werden..</td> + <td>Definiert ob eine Online-Applikation ausschließlich Anmeldungen mittels Online-Vollmachten unterstützt. Wenn ja, wird in während der BKU-Auswahl die Option <em>in Vertretung</em> für eine Anmeldung in Vertretung standardmäßig aktiviert und diese Einstellung kann durch die BenutzerIn oder den Benutzer nicht geändert werden. </td> </tr> </table> <p> </p> -<p><strong>Hinweis:</strong> Werden für die Online-Applikation eigene Templates für die Bürgerkartenauswahl oder die zusätzliche Anmeldeabfrage im SSO Fall (siehe <a href="#konfigurationsparameter_oa_bku">Abschnitt 3.2.2</a>) verwendet, stehen alle Konfigurationsparameter die Einfluss auf die BKU-Auswahl haben nicht zur Verfügung.</p> +<p><strong>Hinweis:</strong> Werden für die Online-Applikation eigene Templates für die Bürgerkartenauswahl oder die zusätzliche Anmeldeabfrage im SSO Fall (siehe <a href="#konfigurationsparameter_oa_bku">Abschnitt 3.2.2</a>) verwendet, stehen alle Konfigurationsparameter die Einfluss auf die BKU-Auswahl haben nicht zur Verfügung. Die Funktionalität der entsprechenden Parameter hat jedoch weiterhin Einfluss auf den Anmeldevorgang.</p> <h3><a name="konfigurationsparameter_oa_sso" id="uebersicht_zentraledatei_aktualisierung22"></a>3.2.4 Single Sign-On (SSO)</h3> <p>Dieser Abschnitt behandelt online-applikationsspezifische Einstellungen zu Single Sign-On</p> <table width="1248" border="1"> diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 9ac9986c8..fd47c5f53 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1886,7 +1886,9 @@ public class AuthenticationServer implements MOAIDAuthConstants { String providerName= oaParam.getFriendlyName(); Logger.debug("Issuer value: " + issuerValue); - String acsURL = issuerValue + PEPSConnectorServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN; +// String acsURL = issuerValue + PEPSConnectorServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN + String acsURL = new DataURLBuilder().buildDataURL(issuerValue, + PEPSConnectorServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN, moasession.getSessionID()); Logger.debug("MOA Assertion Consumer URL (PEPSConnctor): " + acsURL); // prepare collection of required attributes @@ -1979,8 +1981,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { //send moasession.setStorkAuthnRequest(authnRequest); - HttpSession httpSession = req.getSession(); - httpSession.setAttribute("MOA-Session-ID", moasession.getSessionID()); +// HttpSession httpSession = req.getSession(); +// httpSession.setAttribute("MOA-Session-ID", moasession.getSessionID()); Logger.info("Preparing to send STORK AuthnRequest."); @@ -2002,7 +2004,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { resp.getOutputStream().write(writer.toString().getBytes()); } catch (Exception e) { Logger.error("Error sending STORK SAML AuthnRequest.", e); - httpSession.invalidate(); + //httpSession.invalidate(); throw new MOAIDException("stork.02", new Object[] { destination }); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java index f3495966a..12cf54e16 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java @@ -88,8 +88,7 @@ public class LogOutServlet extends AuthServlet { AuthenticationManager authmanager = AuthenticationManager.getInstance(); String moasessionid = AuthenticationSessionStoreage.getMOASessionID(ssoid); - RequestStorage.removePendingRequest(RequestStorage.getPendingRequest(req.getSession()), - AuthenticationSessionStoreage.getPendingRequestID(moasessionid)); + RequestStorage.removePendingRequest(AuthenticationSessionStoreage.getPendingRequestID(moasessionid)); authmanager.logout(req, resp, moasessionid); Logger.info("User with SSO Id " + ssoid + " is logged out and get redirect to "+ redirectUrl); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index c6cd5cd86..83d0ced20 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -40,6 +40,7 @@ import javax.xml.bind.JAXBElement; import javax.xml.transform.stream.StreamSource;
import org.apache.commons.io.IOUtils;
+import org.apache.commons.lang.StringEscapeUtils;
import org.apache.velocity.Template;
import org.apache.velocity.VelocityContext;
import org.apache.velocity.app.VelocityEngine;
@@ -51,6 +52,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.stork.STORKException;
import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor;
import at.gv.egovernment.moa.id.auth.stork.VelocityProvider;
@@ -61,6 +63,7 @@ import at.gv.egovernment.moa.id.moduls.ModulUtils; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.HTTPUtils;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.StringUtils;
import at.gv.util.xsd.xmldsig.SignatureType;
@@ -112,17 +115,28 @@ public class PEPSConnectorServlet extends AuthServlet { super.checkIfHTTPisAllowed(request.getRequestURL().toString());
Logger.debug("Trying to find MOA Session-ID");
- HttpSession httpSession = request.getSession();
- String moaSessionID = (String) httpSession.getAttribute("MOA-Session-ID");
+ String moaSessionID = request.getParameter(PARAM_SESSIONID);
+
+ // escape parameter strings
+ moaSessionID= StringEscapeUtils.escapeHtml(moaSessionID);
if (StringUtils.isEmpty(moaSessionID)) {
//No authentication session has been started before
Logger.error("MOA-SessionID was not found, no previous AuthnRequest had been started");
throw new AuthenticationException("auth.02", new Object[] { moaSessionID });
}
-
+
+ if (!ParamValidatorUtils.isValidSessionID(moaSessionID))
+ throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID, "auth.12");
+
pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID);
+ //load MOASession from database
+ AuthenticationSession moaSession = AuthenticationServer.getSession(moaSessionID);
+
+ //change MOASessionID
+ moaSessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
+
Logger.info("Found MOA sessionID: " + moaSessionID);
Logger.debug("Beginning to extract SAMLResponse out of HTTP Request");
@@ -163,10 +177,7 @@ public class PEPSConnectorServlet extends AuthServlet { }
Logger.info("Got SAML response with authentication success message.");
-
- //check if authentication request was created before
- AuthenticationSession moaSession = AuthenticationServer.getSession(moaSessionID);
-
+
Logger.debug("MOA session is still valid");
STORKAuthnRequest storkAuthnRequest = moaSession.getStorkAuthnRequest();
@@ -308,7 +319,7 @@ public class PEPSConnectorServlet extends AuthServlet { response.getOutputStream().write(writer.toString().getBytes());
} catch (Exception e1) {
Logger.error("Error sending gender retrival form.", e1);
- httpSession.invalidate();
+// httpSession.invalidate();
throw new MOAIDException("stork.10", null);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java index 7c2a032a1..72b479112 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java @@ -147,8 +147,7 @@ public class VerifyIdentityLinkServlet extends AuthServlet { throw new IOException(e.getMessage()); } String sessionID = req.getParameter(PARAM_SESSIONID); - - + // escape parameter strings sessionID = StringEscapeUtils.escapeHtml(sessionID); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index 31c6f43c5..487e86b34 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -109,41 +109,24 @@ public class DispatcherServlet extends AuthServlet{ Object idObject = req.getParameter(PARAM_TARGET_PENDINGREQUESTID); - Map<String, IRequest> errorRequests = RequestStorage.getPendingRequest(req.getSession()); + //Map<String, IRequest> errorRequests = RequestStorage.getPendingRequest(req.getSession()); String pendingRequestID = null; if (idObject != null && (idObject instanceof String)) { - if (errorRequests.containsKey((String)idObject)) - pendingRequestID = (String) idObject; + pendingRequestID = (String) idObject; } if (throwable != null) { - if (errorRequests != null) { - - synchronized (errorRequests) { IRequest errorRequest = null; if (pendingRequestID != null) { - errorRequest = errorRequests.get(pendingRequestID); + errorRequest = RequestStorage.getPendingRequest(pendingRequestID); - //remove the - RequestStorage.removePendingRequest(errorRequests, pendingRequestID); - } - else { - if (errorRequests.size() > 1) { - handleErrorNoRedirect(throwable.getMessage(), throwable, - req, resp); - - } else { - Set<String> keys = errorRequests.keySet(); - errorRequest = errorRequests.get(keys.toArray()[0]); - RequestStorage.removeAllPendingRequests(req.getSession()); - } - } if (errorRequest != null) { - + RequestStorage.removePendingRequest(pendingRequestID); + try { IModulInfo handlingModule = ModulStorage .getModuleByPath(errorRequest @@ -177,16 +160,9 @@ public class DispatcherServlet extends AuthServlet{ } handleErrorNoRedirect(throwable.getMessage(), throwable, req, resp); - - } else { - // TODO: use better string - handleErrorNoRedirect("UNKOWN ERROR DETECTED!", null, req, - resp); - } return; } - } Object moduleObject = req.getParameter(PARAM_TARGET_MODULE); String module = null; @@ -247,32 +223,24 @@ public class DispatcherServlet extends AuthServlet{ } } - HttpSession httpSession = req.getSession(); - Map<String, IRequest> protocolRequests = null; + //HttpSession httpSession = req.getSession(); + //Map<String, IRequest> protocolRequests = null; IRequest protocolRequest = null; try { - protocolRequests = RequestStorage.getPendingRequest(httpSession); - Object idObject = req.getParameter(PARAM_TARGET_PENDINGREQUESTID); - if (protocolRequests != null && - idObject != null && (idObject instanceof String)) { + if (idObject != null && (idObject instanceof String)) { protocolRequestID = (String) idObject; - + protocolRequest = RequestStorage.getPendingRequest(protocolRequestID); + //get IRequest if it exits - if (protocolRequests.containsKey(protocolRequestID)) { - protocolRequest = protocolRequests.get(protocolRequestID); + if (protocolRequest != null) { Logger.debug(DispatcherServlet.class.getName()+": Found PendingRequest with ID " + protocolRequestID); } else { - Logger.error("No PendingRequest with ID " + protocolRequestID + " found.!"); - - Set<String> mapkeys = protocolRequests.keySet(); - for (String el : mapkeys) - Logger.debug("PendingRequest| ID=" + el + " OAIdentifier=" + protocolRequests.get(el)); - + Logger.error("No PendingRequest with ID " + protocolRequestID + " found.!"); handleErrorNoRedirect("Während des Anmeldevorgangs ist ein Fehler aufgetreten. Bitte versuchen Sie es noch einmal.", null, req, resp); return; @@ -282,43 +250,25 @@ public class DispatcherServlet extends AuthServlet{ protocolRequest = info.preProcess(req, resp, action); if (protocolRequest != null) { + + //Start new Authentication + protocolRequest.setAction(action); + protocolRequest.setModule(module); + protocolRequestID = Random.nextRandom(); + protocolRequest.setRequestID(protocolRequestID); - if(protocolRequests != null) { + RequestStorage.setPendingRequest(protocolRequest); - Set<String> mapkeys = protocolRequests.keySet(); - for (String el : mapkeys) { - IRequest value = protocolRequests.get(el); - - if (value.getOAURL().equals(protocolRequest.getOAURL())) { - - if(!AuthenticationSessionStoreage.deleteSessionWithPendingRequestID(el)) { - Logger.warn(DispatcherServlet.class.getName()+": NO MOASession with PendingRequestID " + el + " found. Delete all user sessions!"); - RequestStorage.removeAllPendingRequests(req.getSession()); - - } else { - RequestStorage.removePendingRequest(protocolRequests, el); - } - } - } - - } else { - protocolRequests = new ConcurrentHashMap<String, IRequest>(); - } + Logger.debug(DispatcherServlet.class.getName()+": Create PendingRequest with ID " + protocolRequestID + "."); + + } else { + Logger.error("Failed to generate a valid protocol request!"); + resp.setContentType("text/html;charset=UTF-8"); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "NO valid protocol request received!"); + return; - synchronized (protocolRequest) { - synchronized (protocolRequests) { - - //Start new Authentication - protocolRequest.setAction(action); - protocolRequest.setModule(module); - protocolRequestID = Random.nextRandom(); - protocolRequest.setRequestID(protocolRequestID); - protocolRequests.put(protocolRequestID, protocolRequest); - Logger.debug(DispatcherServlet.class.getName()+": Create PendingRequest with ID " + protocolRequestID + "."); - } - } } - + } catch (ProtocolNotActiveException e) { resp.getWriter().write(e.getMessage()); resp.setContentType("text/html;charset=UTF-8"); @@ -338,18 +288,8 @@ public class DispatcherServlet extends AuthServlet{ return; } - - if (protocolRequest == null) { - Logger.error("Failed to generate a valid protocol request!"); - resp.setContentType("text/html;charset=UTF-8"); - resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "NO valid protocol request received!"); - return; - - } } - - RequestStorage.setPendingRequest(httpSession, protocolRequests); - + AuthenticationManager authmanager = AuthenticationManager.getInstance(); SSOManager ssomanager = SSOManager.getInstance(); @@ -470,7 +410,7 @@ public class DispatcherServlet extends AuthServlet{ String assertionID = moduleAction.processRequest(protocolRequest, req, resp, moasession); - RequestStorage.removePendingRequest(protocolRequests, protocolRequestID); + RequestStorage.removePendingRequest(protocolRequestID); if (needAuthentication) { boolean isSSOSession = MiscUtil.isNotEmpty(newSSOSessionId); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index 666224b3a..03a61d08f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -252,7 +252,7 @@ public class AuthenticationManager extends AuthServlet { } //set MOAIDSession - request.getSession().setAttribute(MOA_SESSION, moasession.getSessionID()); + //request.getSession().setAttribute(MOA_SESSION, moasession.getSessionID()); response.setContentType("text/html;charset=UTF-8"); PrintWriter out = new PrintWriter(response.getOutputStream()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java index bfe1151c4..21b4e2b65 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java @@ -22,64 +22,53 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.moduls; -import java.util.Map; - -import javax.servlet.http.HttpSession; - +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.logging.Logger; public class RequestStorage { - private static final String PENDING_REQUEST = "PENDING_REQUEST"; - - public static Map<String,IRequest> getPendingRequest(HttpSession session) { + public static IRequest getPendingRequest(String pendingReqID) { - - Object obj = session.getAttribute(PENDING_REQUEST); - if (obj != null) { - synchronized (obj) { - if (obj instanceof Map<?,?>) { - if (((Map<?,?>) obj).size() > 0) { - if ( ((Map<?,?>) obj).keySet().toArray()[0] instanceof String) { - if (((Map<?,?>) obj).get(((Map<?,?>) obj).keySet().toArray()[0]) - instanceof IRequest) { - return (Map<String, IRequest>) obj; - - - - } - } - } - } - } - session.setAttribute(PENDING_REQUEST, null); - } + try { + AssertionStorage storage = AssertionStorage.getInstance(); + IRequest pendingRequest = storage.get(pendingReqID, IRequest.class); + return pendingRequest; + + } catch (MOADatabaseException e) { + Logger.info("No PendingRequst found with pendingRequestID " + pendingReqID); return null; + + } } - public static void setPendingRequest(HttpSession session, Map<String, IRequest> request) { - session.setAttribute(PENDING_REQUEST, request); - } - - public static void removeAllPendingRequests(HttpSession session) { - - Logger.debug(RequestStorage.class.getName()+": Remove all PendingRequests"); + public static void setPendingRequest(Object pendingRequest) throws MOAIDException { + try { + AssertionStorage storage = AssertionStorage.getInstance(); + + if (pendingRequest instanceof IRequest) { + storage.put(((IRequest)pendingRequest).getRequestID(), pendingRequest); + + } else { + throw new MOAIDException("auth.20", null); + + } + + } catch (MOADatabaseException e) { + Logger.warn("Pending Request with ID=" + ((IRequest)pendingRequest).getRequestID() + + " can not stored.", e); + throw new MOAIDException("auth.20", null); + } - session.setAttribute(PENDING_REQUEST, null); } - public static void removePendingRequest(Map<String, IRequest> requestmap, String requestID) { - - if (requestmap != null && requestID != null) { + public static void removePendingRequest(String requestID) { - synchronized (requestmap) { - - if (requestmap.containsKey(requestID)) { - requestmap.remove(requestID); - Logger.debug(RequestStorage.class.getName()+": Remove PendingRequest with ID " + requestID); - - } - } + if (requestID != null) { + AssertionStorage storage = AssertionStorage.getInstance(); + storage.remove(requestID); + } } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index 1d85f29bf..db83233fe 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -245,7 +245,7 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { } } - request.getSession().setAttribute(PARAM_OA, oaURL); + //request.getSession().setAttribute(PARAM_OA, oaURL); return config; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java index d28c5eeec..c1104f9f5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java @@ -24,27 +24,51 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.binding; import java.io.Serializable; +import org.opensaml.Configuration; import org.opensaml.saml2.core.RequestAbstractType; +import org.opensaml.saml2.core.impl.RequestAbstractTypeMarshaller; +import org.opensaml.saml2.core.impl.RequestAbstractTypeUnmarshaller; import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml2.metadata.provider.MetadataProviderException; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.io.Unmarshaller; +import org.opensaml.xml.io.UnmarshallerFactory; +import org.opensaml.xml.io.UnmarshallingException; +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException; +import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; +import at.gv.egovernment.moa.logging.Logger; public class MOARequest implements Serializable{ private static final long serialVersionUID = 2395131650841669663L; - private RequestAbstractType samlRequest; - private EntityDescriptor entityMetadata; + private Element samlRequest; private boolean verified = false; - + private String entityID = null; + public MOARequest(RequestAbstractType request) { - samlRequest = request; + samlRequest = request.getDOM(); } public RequestAbstractType getSamlRequest() { - return samlRequest; + UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory(); + Unmarshaller unmashaller = unmarshallerFactory.getUnmarshaller(samlRequest); + + try { + return (RequestAbstractType) unmashaller.unmarshall(samlRequest); + + } catch (UnmarshallingException e) { + Logger.warn("AuthnRequest Unmarshaller error", e); + return null; + } + } public void setSamlRequest(RequestAbstractType request) { - this.samlRequest = request; + this.samlRequest = request.getDOM(); } public boolean isVerified() { @@ -55,13 +79,29 @@ public class MOARequest implements Serializable{ this.verified = verified; } - public EntityDescriptor getEntityMetadata() { - return entityMetadata; + public EntityDescriptor getEntityMetadata() throws NoMetadataInformationException { + + try { + return MOAMetadataProvider.getInstance().getEntityDescriptor(this.entityID); + + } catch (MetadataProviderException e) { + Logger.warn("No Metadata for EntitiyID " + entityID); + throw new NoMetadataInformationException(); + } } - public void setEntityMetadata(EntityDescriptor entityMetadata) { - this.entityMetadata = entityMetadata; + /** + * @return the entitiyID + */ + public String getEntityID() { + return entityID; + } + + /** + * @param entitiyID the entitiyID to set + */ + public void setEntityID(String entitiyID) { + this.entityID = entitiyID; } - } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java index af29054e1..d00b1cc16 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java @@ -128,7 +128,7 @@ public class PostBinding implements IDecoder, IEncoder { MOARequest request = new MOARequest(inboundMessage); request.setVerified(false); - request.setEntityMetadata(messageContext.getPeerEntityMetadata()); + request.setEntityID(messageContext.getPeerEntityMetadata().getEntityID()); return request; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java index 7c9cc6259..f09178f55 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java @@ -131,7 +131,7 @@ public class RedirectBinding implements IDecoder, IEncoder { .getInboundMessage(); MOARequest request = new MOARequest(inboundMessage); request.setVerified(true); - request.setEntityMetadata(messageContext.getPeerEntityMetadata()); + request.setEntityID(messageContext.getPeerEntityMetadata().getEntityID()); return request; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java index e587ef0e1..d82bd1496 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java @@ -125,8 +125,8 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants { config.setTarget(oaParam.getTarget()); - request.getSession().setAttribute(PARAM_OA, oaURL); - request.getSession().setAttribute(PARAM_TARGET, oaParam.getTarget()); +// request.getSession().setAttribute(PARAM_OA, oaURL); +// request.getSession().setAttribute(PARAM_TARGET, oaParam.getTarget()); return config; } |