aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2014-03-10 08:43:14 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2014-03-10 08:43:14 +0100
commitcc30fc1467241bf3bc90a292ee88dcf07b542a49 (patch)
tree5e1aab3b384c454ae5e318d8d6983cccd9395580
parent114185c85148cddde3c5d24b3b92dc6ec881b2e8 (diff)
parent5b31c460806ae2e1900a3df323e7fecfdb798e32 (diff)
downloadmoa-id-spss-cc30fc1467241bf3bc90a292ee88dcf07b542a49.tar.gz
moa-id-spss-cc30fc1467241bf3bc90a292ee88dcf07b542a49.tar.bz2
moa-id-spss-cc30fc1467241bf3bc90a292ee88dcf07b542a49.zip
Merge branch 'Authentication_withOut_httpSessionBinding' into moa2_0_tlenz
-rw-r--r--id/ConfigWebTool/src/main/resources/applicationResources.properties2
-rw-r--r--id/server/doc/handbook/config/config.html13
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java27
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java118
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java81
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java62
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java4
14 files changed, 158 insertions, 173 deletions
diff --git a/id/ConfigWebTool/src/main/resources/applicationResources.properties b/id/ConfigWebTool/src/main/resources/applicationResources.properties
index 914c4cd62..830a638a1 100644
--- a/id/ConfigWebTool/src/main/resources/applicationResources.properties
+++ b/id/ConfigWebTool/src/main/resources/applicationResources.properties
@@ -107,7 +107,7 @@ webpages.moaconfig.certificates.trustmanagerrev=TrustManagerRevocationChecking
webpages.moaconfig.certificates.trustCACerts=TrustedCACertificates
webpages.moaconfig.certificates.chainingmode=ChainingMode
webpages.moaconfig.timeout.header=Session TimeOuts
-webpages.moaconfig.timeout.assertion=Assertion [sec]
+webpages.moaconfig.timeout.assertion=Anmeldedaten [sec]
webpages.moaconfig.timeout.MOASessionCreated=SSO Session authentifiziert [sec]
webpages.moaconfig.timeout.MOASessionUpdated=SSO Session letzter Zugriff [sec]
webpages.moaconfig.moasp.header=MOA-SP Konfiguration
diff --git a/id/server/doc/handbook/config/config.html b/id/server/doc/handbook/config/config.html
index b41389798..4d8976776 100644
--- a/id/server/doc/handbook/config/config.html
+++ b/id/server/doc/handbook/config/config.html
@@ -960,9 +960,14 @@ Checking</td>
<th width="921" scope="col">Beschreibung</th>
</tr>
<tr>
- <td>Assertion</td>
+ <td>Anmeldedaten</td>
<td>300</td>
- <td>Gibt die Zeitspanne in Sekunden an, f&uuml;r die die Anmeldedaten in der Authentisierungskomponente (MOA-ID-Auth) zum Abholen durch die eine nachfolgende Applikation bereitstehen. Nach Ablauf dieser Zeitspanne werden die Anmeldedaten gel&ouml;scht.</td>
+ <td><p>Gibt die Zeitspanne in Sekunden an, f&uuml;r die Anmeldedaten, tempor&auml;re Sessiondaten oder Assertions in der Authentisierungskomponente (MOA-ID-Auth) vorr&auml;tig gehalten werden. Nach Ablauf dieser Zeitspanne werden diese Daten gel&ouml;scht oder der Anmeldevorgang abgebrochen. Dieser Parameter hat Einfluss auf folgende Funktionen:</p>
+ <ul>
+ <li>maximale Zeitspanne eines Anmeldevorgangs vom Authentification Request bis zur Authentification Response gerechnet.</li>
+ <li>maximale Zeitspanne welche einer Online-Applikation zum Abholen der Anmeldedaten zur Verf&uuml;gung steht. (SAML mit Artifact Binding und OpenID Connect)</li>
+ <li>maximale Zeitspanne zum Abholen zus&auml;tzlicher STORK2 Attribute (Zeitdauer je Attribut)</li>
+ </ul> </td>
</tr>
<tr>
<td>SSO Session authentifiziert</td>
@@ -1418,11 +1423,11 @@ Soll die B&uuml;rgerkartenauswahl weiterhin, wie in MOA-ID 1.5.1 im Kontext der
<td>&nbsp;</td>
<td align="center">&nbsp;</td>
<td align="center">X</td>
- <td>Definiert ob eine Online-Applikation ausschlie&szlig;lich Anmeldungen mittels Online-Vollmachten unterst&uuml;tzt. Wenn ja, wird in w&auml;hrend der BKU-Auswahl die Option <em>in Vertretung</em> f&uuml;r eine Anmeldung in Vertretung standardm&auml;&szlig;ig aktiviert und diese Einstellung kann durch die BenutzerIn oder den Benutzer nicht ge&auml;ndert werden..</td>
+ <td>Definiert ob eine Online-Applikation ausschlie&szlig;lich Anmeldungen mittels Online-Vollmachten unterst&uuml;tzt. Wenn ja, wird in w&auml;hrend der BKU-Auswahl die Option <em>in Vertretung</em> f&uuml;r eine Anmeldung in Vertretung standardm&auml;&szlig;ig aktiviert und diese Einstellung kann durch die BenutzerIn oder den Benutzer nicht ge&auml;ndert werden. </td>
</tr>
</table>
<p>&nbsp;</p>
-<p><strong>Hinweis:</strong> Werden f&uuml;r die Online-Applikation eigene Templates f&uuml;r die B&uuml;rgerkartenauswahl oder die zus&auml;tzliche Anmeldeabfrage im SSO Fall (siehe <a href="#konfigurationsparameter_oa_bku">Abschnitt 3.2.2</a>) verwendet, stehen alle Konfigurationsparameter die Einfluss auf die BKU-Auswahl haben nicht zur Verf&uuml;gung.</p>
+<p><strong>Hinweis:</strong> Werden f&uuml;r die Online-Applikation eigene Templates f&uuml;r die B&uuml;rgerkartenauswahl oder die zus&auml;tzliche Anmeldeabfrage im SSO Fall (siehe <a href="#konfigurationsparameter_oa_bku">Abschnitt 3.2.2</a>) verwendet, stehen alle Konfigurationsparameter die Einfluss auf die BKU-Auswahl haben nicht zur Verf&uuml;gung. Die Funktionalit&auml;t der entsprechenden Parameter hat jedoch weiterhin Einfluss auf den Anmeldevorgang.</p>
<h3><a name="konfigurationsparameter_oa_sso" id="uebersicht_zentraledatei_aktualisierung22"></a>3.2.4 Single Sign-On (SSO)</h3>
<p>Dieser Abschnitt behandelt online-applikationsspezifische Einstellungen zu Single Sign-On</p>
<table width="1248" border="1">
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 9ac9986c8..fd47c5f53 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -1886,7 +1886,9 @@ public class AuthenticationServer implements MOAIDAuthConstants {
String providerName= oaParam.getFriendlyName();
Logger.debug("Issuer value: " + issuerValue);
- String acsURL = issuerValue + PEPSConnectorServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN;
+// String acsURL = issuerValue + PEPSConnectorServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN
+ String acsURL = new DataURLBuilder().buildDataURL(issuerValue,
+ PEPSConnectorServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN, moasession.getSessionID());
Logger.debug("MOA Assertion Consumer URL (PEPSConnctor): " + acsURL);
// prepare collection of required attributes
@@ -1979,8 +1981,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
//send
moasession.setStorkAuthnRequest(authnRequest);
- HttpSession httpSession = req.getSession();
- httpSession.setAttribute("MOA-Session-ID", moasession.getSessionID());
+// HttpSession httpSession = req.getSession();
+// httpSession.setAttribute("MOA-Session-ID", moasession.getSessionID());
Logger.info("Preparing to send STORK AuthnRequest.");
@@ -2002,7 +2004,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
resp.getOutputStream().write(writer.toString().getBytes());
} catch (Exception e) {
Logger.error("Error sending STORK SAML AuthnRequest.", e);
- httpSession.invalidate();
+ //httpSession.invalidate();
throw new MOAIDException("stork.02", new Object[] { destination });
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
index f3495966a..12cf54e16 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
@@ -88,8 +88,7 @@ public class LogOutServlet extends AuthServlet {
AuthenticationManager authmanager = AuthenticationManager.getInstance();
String moasessionid = AuthenticationSessionStoreage.getMOASessionID(ssoid);
- RequestStorage.removePendingRequest(RequestStorage.getPendingRequest(req.getSession()),
- AuthenticationSessionStoreage.getPendingRequestID(moasessionid));
+ RequestStorage.removePendingRequest(AuthenticationSessionStoreage.getPendingRequestID(moasessionid));
authmanager.logout(req, resp, moasessionid);
Logger.info("User with SSO Id " + ssoid + " is logged out and get redirect to "+ redirectUrl);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
index c6cd5cd86..83d0ced20 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
@@ -40,6 +40,7 @@ import javax.xml.bind.JAXBElement;
import javax.xml.transform.stream.StreamSource;
import org.apache.commons.io.IOUtils;
+import org.apache.commons.lang.StringEscapeUtils;
import org.apache.velocity.Template;
import org.apache.velocity.VelocityContext;
import org.apache.velocity.app.VelocityEngine;
@@ -51,6 +52,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.stork.STORKException;
import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor;
import at.gv.egovernment.moa.id.auth.stork.VelocityProvider;
@@ -61,6 +63,7 @@ import at.gv.egovernment.moa.id.moduls.ModulUtils;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.HTTPUtils;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.StringUtils;
import at.gv.util.xsd.xmldsig.SignatureType;
@@ -112,17 +115,28 @@ public class PEPSConnectorServlet extends AuthServlet {
super.checkIfHTTPisAllowed(request.getRequestURL().toString());
Logger.debug("Trying to find MOA Session-ID");
- HttpSession httpSession = request.getSession();
- String moaSessionID = (String) httpSession.getAttribute("MOA-Session-ID");
+ String moaSessionID = request.getParameter(PARAM_SESSIONID);
+
+ // escape parameter strings
+ moaSessionID= StringEscapeUtils.escapeHtml(moaSessionID);
if (StringUtils.isEmpty(moaSessionID)) {
//No authentication session has been started before
Logger.error("MOA-SessionID was not found, no previous AuthnRequest had been started");
throw new AuthenticationException("auth.02", new Object[] { moaSessionID });
}
-
+
+ if (!ParamValidatorUtils.isValidSessionID(moaSessionID))
+ throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID, "auth.12");
+
pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID);
+ //load MOASession from database
+ AuthenticationSession moaSession = AuthenticationServer.getSession(moaSessionID);
+
+ //change MOASessionID
+ moaSessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
+
Logger.info("Found MOA sessionID: " + moaSessionID);
Logger.debug("Beginning to extract SAMLResponse out of HTTP Request");
@@ -163,10 +177,7 @@ public class PEPSConnectorServlet extends AuthServlet {
}
Logger.info("Got SAML response with authentication success message.");
-
- //check if authentication request was created before
- AuthenticationSession moaSession = AuthenticationServer.getSession(moaSessionID);
-
+
Logger.debug("MOA session is still valid");
STORKAuthnRequest storkAuthnRequest = moaSession.getStorkAuthnRequest();
@@ -308,7 +319,7 @@ public class PEPSConnectorServlet extends AuthServlet {
response.getOutputStream().write(writer.toString().getBytes());
} catch (Exception e1) {
Logger.error("Error sending gender retrival form.", e1);
- httpSession.invalidate();
+// httpSession.invalidate();
throw new MOAIDException("stork.10", null);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
index 7c2a032a1..72b479112 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
@@ -147,8 +147,7 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
throw new IOException(e.getMessage());
}
String sessionID = req.getParameter(PARAM_SESSIONID);
-
-
+
// escape parameter strings
sessionID = StringEscapeUtils.escapeHtml(sessionID);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index 31c6f43c5..487e86b34 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -109,41 +109,24 @@ public class DispatcherServlet extends AuthServlet{
Object idObject = req.getParameter(PARAM_TARGET_PENDINGREQUESTID);
- Map<String, IRequest> errorRequests = RequestStorage.getPendingRequest(req.getSession());
+ //Map<String, IRequest> errorRequests = RequestStorage.getPendingRequest(req.getSession());
String pendingRequestID = null;
if (idObject != null && (idObject instanceof String)) {
- if (errorRequests.containsKey((String)idObject))
- pendingRequestID = (String) idObject;
+ pendingRequestID = (String) idObject;
}
if (throwable != null) {
- if (errorRequests != null) {
-
- synchronized (errorRequests) {
IRequest errorRequest = null;
if (pendingRequestID != null) {
- errorRequest = errorRequests.get(pendingRequestID);
+ errorRequest = RequestStorage.getPendingRequest(pendingRequestID);
- //remove the
- RequestStorage.removePendingRequest(errorRequests, pendingRequestID);
- }
- else {
- if (errorRequests.size() > 1) {
- handleErrorNoRedirect(throwable.getMessage(), throwable,
- req, resp);
-
- } else {
- Set<String> keys = errorRequests.keySet();
- errorRequest = errorRequests.get(keys.toArray()[0]);
- RequestStorage.removeAllPendingRequests(req.getSession());
- }
-
}
if (errorRequest != null) {
-
+ RequestStorage.removePendingRequest(pendingRequestID);
+
try {
IModulInfo handlingModule = ModulStorage
.getModuleByPath(errorRequest
@@ -177,16 +160,9 @@ public class DispatcherServlet extends AuthServlet{
}
handleErrorNoRedirect(throwable.getMessage(), throwable,
req, resp);
-
- } else {
- // TODO: use better string
- handleErrorNoRedirect("UNKOWN ERROR DETECTED!", null, req,
- resp);
- }
return;
}
- }
Object moduleObject = req.getParameter(PARAM_TARGET_MODULE);
String module = null;
@@ -247,32 +223,24 @@ public class DispatcherServlet extends AuthServlet{
}
}
- HttpSession httpSession = req.getSession();
- Map<String, IRequest> protocolRequests = null;
+ //HttpSession httpSession = req.getSession();
+ //Map<String, IRequest> protocolRequests = null;
IRequest protocolRequest = null;
try {
- protocolRequests = RequestStorage.getPendingRequest(httpSession);
-
Object idObject = req.getParameter(PARAM_TARGET_PENDINGREQUESTID);
- if (protocolRequests != null &&
- idObject != null && (idObject instanceof String)) {
+ if (idObject != null && (idObject instanceof String)) {
protocolRequestID = (String) idObject;
-
+ protocolRequest = RequestStorage.getPendingRequest(protocolRequestID);
+
//get IRequest if it exits
- if (protocolRequests.containsKey(protocolRequestID)) {
- protocolRequest = protocolRequests.get(protocolRequestID);
+ if (protocolRequest != null) {
Logger.debug(DispatcherServlet.class.getName()+": Found PendingRequest with ID " + protocolRequestID);
} else {
- Logger.error("No PendingRequest with ID " + protocolRequestID + " found.!");
-
- Set<String> mapkeys = protocolRequests.keySet();
- for (String el : mapkeys)
- Logger.debug("PendingRequest| ID=" + el + " OAIdentifier=" + protocolRequests.get(el));
-
+ Logger.error("No PendingRequest with ID " + protocolRequestID + " found.!");
handleErrorNoRedirect("Während des Anmeldevorgangs ist ein Fehler aufgetreten. Bitte versuchen Sie es noch einmal.",
null, req, resp);
return;
@@ -282,43 +250,25 @@ public class DispatcherServlet extends AuthServlet{
protocolRequest = info.preProcess(req, resp, action);
if (protocolRequest != null) {
+
+ //Start new Authentication
+ protocolRequest.setAction(action);
+ protocolRequest.setModule(module);
+ protocolRequestID = Random.nextRandom();
+ protocolRequest.setRequestID(protocolRequestID);
- if(protocolRequests != null) {
+ RequestStorage.setPendingRequest(protocolRequest);
- Set<String> mapkeys = protocolRequests.keySet();
- for (String el : mapkeys) {
- IRequest value = protocolRequests.get(el);
-
- if (value.getOAURL().equals(protocolRequest.getOAURL())) {
-
- if(!AuthenticationSessionStoreage.deleteSessionWithPendingRequestID(el)) {
- Logger.warn(DispatcherServlet.class.getName()+": NO MOASession with PendingRequestID " + el + " found. Delete all user sessions!");
- RequestStorage.removeAllPendingRequests(req.getSession());
-
- } else {
- RequestStorage.removePendingRequest(protocolRequests, el);
- }
- }
- }
-
- } else {
- protocolRequests = new ConcurrentHashMap<String, IRequest>();
- }
+ Logger.debug(DispatcherServlet.class.getName()+": Create PendingRequest with ID " + protocolRequestID + ".");
+
+ } else {
+ Logger.error("Failed to generate a valid protocol request!");
+ resp.setContentType("text/html;charset=UTF-8");
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "NO valid protocol request received!");
+ return;
- synchronized (protocolRequest) {
- synchronized (protocolRequests) {
-
- //Start new Authentication
- protocolRequest.setAction(action);
- protocolRequest.setModule(module);
- protocolRequestID = Random.nextRandom();
- protocolRequest.setRequestID(protocolRequestID);
- protocolRequests.put(protocolRequestID, protocolRequest);
- Logger.debug(DispatcherServlet.class.getName()+": Create PendingRequest with ID " + protocolRequestID + ".");
- }
- }
}
-
+
} catch (ProtocolNotActiveException e) {
resp.getWriter().write(e.getMessage());
resp.setContentType("text/html;charset=UTF-8");
@@ -338,18 +288,8 @@ public class DispatcherServlet extends AuthServlet{
return;
}
-
- if (protocolRequest == null) {
- Logger.error("Failed to generate a valid protocol request!");
- resp.setContentType("text/html;charset=UTF-8");
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "NO valid protocol request received!");
- return;
-
- }
}
-
- RequestStorage.setPendingRequest(httpSession, protocolRequests);
-
+
AuthenticationManager authmanager = AuthenticationManager.getInstance();
SSOManager ssomanager = SSOManager.getInstance();
@@ -470,7 +410,7 @@ public class DispatcherServlet extends AuthServlet{
String assertionID = moduleAction.processRequest(protocolRequest, req, resp, moasession);
- RequestStorage.removePendingRequest(protocolRequests, protocolRequestID);
+ RequestStorage.removePendingRequest(protocolRequestID);
if (needAuthentication) {
boolean isSSOSession = MiscUtil.isNotEmpty(newSSOSessionId);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 666224b3a..03a61d08f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -252,7 +252,7 @@ public class AuthenticationManager extends AuthServlet {
}
//set MOAIDSession
- request.getSession().setAttribute(MOA_SESSION, moasession.getSessionID());
+ //request.getSession().setAttribute(MOA_SESSION, moasession.getSessionID());
response.setContentType("text/html;charset=UTF-8");
PrintWriter out = new PrintWriter(response.getOutputStream());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java
index bfe1151c4..21b4e2b65 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java
@@ -22,64 +22,53 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.moduls;
-import java.util.Map;
-
-import javax.servlet.http.HttpSession;
-
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.storage.AssertionStorage;
import at.gv.egovernment.moa.logging.Logger;
public class RequestStorage {
- private static final String PENDING_REQUEST = "PENDING_REQUEST";
-
- public static Map<String,IRequest> getPendingRequest(HttpSession session) {
+ public static IRequest getPendingRequest(String pendingReqID) {
-
- Object obj = session.getAttribute(PENDING_REQUEST);
- if (obj != null) {
- synchronized (obj) {
- if (obj instanceof Map<?,?>) {
- if (((Map<?,?>) obj).size() > 0) {
- if ( ((Map<?,?>) obj).keySet().toArray()[0] instanceof String) {
- if (((Map<?,?>) obj).get(((Map<?,?>) obj).keySet().toArray()[0])
- instanceof IRequest) {
- return (Map<String, IRequest>) obj;
-
-
-
- }
- }
- }
- }
- }
- session.setAttribute(PENDING_REQUEST, null);
- }
+ try {
+ AssertionStorage storage = AssertionStorage.getInstance();
+ IRequest pendingRequest = storage.get(pendingReqID, IRequest.class);
+ return pendingRequest;
+
+ } catch (MOADatabaseException e) {
+ Logger.info("No PendingRequst found with pendingRequestID " + pendingReqID);
return null;
+
+ }
}
- public static void setPendingRequest(HttpSession session, Map<String, IRequest> request) {
- session.setAttribute(PENDING_REQUEST, request);
- }
-
- public static void removeAllPendingRequests(HttpSession session) {
-
- Logger.debug(RequestStorage.class.getName()+": Remove all PendingRequests");
+ public static void setPendingRequest(Object pendingRequest) throws MOAIDException {
+ try {
+ AssertionStorage storage = AssertionStorage.getInstance();
+
+ if (pendingRequest instanceof IRequest) {
+ storage.put(((IRequest)pendingRequest).getRequestID(), pendingRequest);
+
+ } else {
+ throw new MOAIDException("auth.20", null);
+
+ }
+
+ } catch (MOADatabaseException e) {
+ Logger.warn("Pending Request with ID=" + ((IRequest)pendingRequest).getRequestID() +
+ " can not stored.", e);
+ throw new MOAIDException("auth.20", null);
+ }
- session.setAttribute(PENDING_REQUEST, null);
}
- public static void removePendingRequest(Map<String, IRequest> requestmap, String requestID) {
-
- if (requestmap != null && requestID != null) {
+ public static void removePendingRequest(String requestID) {
- synchronized (requestmap) {
-
- if (requestmap.containsKey(requestID)) {
- requestmap.remove(requestID);
- Logger.debug(RequestStorage.class.getName()+": Remove PendingRequest with ID " + requestID);
-
- }
- }
+ if (requestID != null) {
+ AssertionStorage storage = AssertionStorage.getInstance();
+ storage.remove(requestID);
+
}
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index 1d85f29bf..db83233fe 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -245,7 +245,7 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
}
}
- request.getSession().setAttribute(PARAM_OA, oaURL);
+ //request.getSession().setAttribute(PARAM_OA, oaURL);
return config;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java
index d28c5eeec..c1104f9f5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java
@@ -24,27 +24,51 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
import java.io.Serializable;
+import org.opensaml.Configuration;
import org.opensaml.saml2.core.RequestAbstractType;
+import org.opensaml.saml2.core.impl.RequestAbstractTypeMarshaller;
+import org.opensaml.saml2.core.impl.RequestAbstractTypeUnmarshaller;
import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.provider.MetadataProviderException;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.Unmarshaller;
+import org.opensaml.xml.io.UnmarshallerFactory;
+import org.opensaml.xml.io.UnmarshallingException;
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
+import at.gv.egovernment.moa.logging.Logger;
public class MOARequest implements Serializable{
private static final long serialVersionUID = 2395131650841669663L;
- private RequestAbstractType samlRequest;
- private EntityDescriptor entityMetadata;
+ private Element samlRequest;
private boolean verified = false;
-
+ private String entityID = null;
+
public MOARequest(RequestAbstractType request) {
- samlRequest = request;
+ samlRequest = request.getDOM();
}
public RequestAbstractType getSamlRequest() {
- return samlRequest;
+ UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
+ Unmarshaller unmashaller = unmarshallerFactory.getUnmarshaller(samlRequest);
+
+ try {
+ return (RequestAbstractType) unmashaller.unmarshall(samlRequest);
+
+ } catch (UnmarshallingException e) {
+ Logger.warn("AuthnRequest Unmarshaller error", e);
+ return null;
+ }
+
}
public void setSamlRequest(RequestAbstractType request) {
- this.samlRequest = request;
+ this.samlRequest = request.getDOM();
}
public boolean isVerified() {
@@ -55,13 +79,29 @@ public class MOARequest implements Serializable{
this.verified = verified;
}
- public EntityDescriptor getEntityMetadata() {
- return entityMetadata;
+ public EntityDescriptor getEntityMetadata() throws NoMetadataInformationException {
+
+ try {
+ return MOAMetadataProvider.getInstance().getEntityDescriptor(this.entityID);
+
+ } catch (MetadataProviderException e) {
+ Logger.warn("No Metadata for EntitiyID " + entityID);
+ throw new NoMetadataInformationException();
+ }
}
- public void setEntityMetadata(EntityDescriptor entityMetadata) {
- this.entityMetadata = entityMetadata;
+ /**
+ * @return the entitiyID
+ */
+ public String getEntityID() {
+ return entityID;
+ }
+
+ /**
+ * @param entitiyID the entitiyID to set
+ */
+ public void setEntityID(String entitiyID) {
+ this.entityID = entitiyID;
}
-
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
index af29054e1..d00b1cc16 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
@@ -128,7 +128,7 @@ public class PostBinding implements IDecoder, IEncoder {
MOARequest request = new MOARequest(inboundMessage);
request.setVerified(false);
- request.setEntityMetadata(messageContext.getPeerEntityMetadata());
+ request.setEntityID(messageContext.getPeerEntityMetadata().getEntityID());
return request;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
index 7c9cc6259..f09178f55 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
@@ -131,7 +131,7 @@ public class RedirectBinding implements IDecoder, IEncoder {
.getInboundMessage();
MOARequest request = new MOARequest(inboundMessage);
request.setVerified(true);
- request.setEntityMetadata(messageContext.getPeerEntityMetadata());
+ request.setEntityID(messageContext.getPeerEntityMetadata().getEntityID());
return request;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
index e587ef0e1..d82bd1496 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -125,8 +125,8 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants {
config.setTarget(oaParam.getTarget());
- request.getSession().setAttribute(PARAM_OA, oaURL);
- request.getSession().setAttribute(PARAM_TARGET, oaParam.getTarget());
+// request.getSession().setAttribute(PARAM_OA, oaURL);
+// request.getSession().setAttribute(PARAM_TARGET, oaParam.getTarget());
return config;
}