add unique session ID for logging

author: Thomas Lenz <tlenz@iaik.tugraz.at> 2015-04-22 13:28:59 +0200
committer: Thomas Lenz <tlenz@iaik.tugraz.at> 2015-04-22 13:28:59 +0200
commit: 57a308e8e61dd1dd435b149ec01a66059f10adfb (patch)
tree: f4de9d06a78df1c62c00814d01961a9ea9987949
parent: ec2ab41165db55c77ebc203091f6d9f5effa95b5 (diff)
download: moa-id-spss-57a308e8e61dd1dd435b149ec01a66059f10adfb.tar.gz
moa-id-spss-57a308e8e61dd1dd435b149ec01a66059f10adfb.tar.bz2
moa-id-spss-57a308e8e61dd1dd435b149ec01a66059f10adfb.zip
18 files changed, 345 insertions, 50 deletions
diff --git a/id/server/data/deploy/conf/moa-id/log4j.properties b/id/server/data/deploy/conf/moa-id/log4j.properties
index c7dece5c5..7ad5aefde 100644
--- a/id/server/data/deploy/conf/moa-id/log4j.properties
+++ b/id/server/data/deploy/conf/moa-id/log4j.properties
@@ -14,8 +14,8 @@ log4j.logger.org.hibernate=warn
 # configure the stdout appender
 log4j.appender.stdout=org.apache.log4j.ConsoleAppender
 log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
-#log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %20c |  %10t | %m%n
-log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %20.20c | %10t | %m%n
+#log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %X{transactionId} | %20c |  %10t | %m%n
+log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %X{transactionId} |%20.20c | %10t | %m%n
 
 # configure the rolling file appender (R)
 log4j.appender.R=org.apache.log4j.RollingFileAppender
@@ -23,5 +23,5 @@ log4j.appender.R.File=${catalina.base}/logs/moa-id.log
 log4j.appender.R.MaxFileSize=10000KB
 log4j.appender.R.MaxBackupIndex=1
 log4j.appender.R.layout=org.apache.log4j.PatternLayout
-log4j.appender.R.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n
+log4j.appender.R.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %X{transactionId} | %t | %m%n
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/TransactionIDUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/TransactionIDUtils.java
index d428cddd1..7f6f2c6b3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/TransactionIDUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/TransactionIDUtils.java
@@ -22,9 +22,11 @@
  */
 package at.gv.egovernment.moa.id.advancedlogging;
 
-import org.slf4j.MDC;
+
+import java.util.Date;
 
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.util.MiscUtil;
 
 /**
  * @author tlenz
@@ -33,14 +35,32 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 public class TransactionIDUtils {
 
 	public static void setTransactionId(String pendingRequestID) {	  
-		MDC.put(MOAIDAuthConstants.MDC_TRANSACTION_ID, 
+		org.apache.log4j.MDC.put(MOAIDAuthConstants.MDC_TRANSACTION_ID, 
+				"TID-" + pendingRequestID);		
+		org.slf4j.MDC.put(MOAIDAuthConstants.MDC_TRANSACTION_ID, 
 				"TID-" + pendingRequestID);
 				    
 	}
 		
 	public static void removeTransactionId() {
-		MDC.remove(MOAIDAuthConstants.MDC_TRANSACTION_ID);
+		org.apache.log4j.MDC.remove(MOAIDAuthConstants.MDC_TRANSACTION_ID);
+		org.slf4j.MDC.remove(MOAIDAuthConstants.MDC_TRANSACTION_ID);
+		
+	}
+		
+	public static void setSessionId(String uniqueSessionId) {	  
+		org.apache.log4j.MDC.put(MOAIDAuthConstants.MDC_SESSION_ID, 
+				"TID-" + uniqueSessionId);		
+		org.slf4j.MDC.put(MOAIDAuthConstants.MDC_SESSION_ID, 
+				"TID-" + uniqueSessionId);
+				    
+	}
+		
+	public static void removeSessionId() {
+		org.apache.log4j.MDC.remove(MOAIDAuthConstants.MDC_SESSION_ID);
+		org.slf4j.MDC.remove(MOAIDAuthConstants.MDC_SESSION_ID);
 		
 	}
 	
+	
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
index ac8d00ac8..fe09e743d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
@@ -169,4 +169,5 @@ public interface MOAIDAuthConstants {
   public static final String REGEX_PATTERN_TARGET = "^[A-Za-z]{2}(-.*)?$";
   
   public static final String MDC_TRANSACTION_ID = "transactionId";
+  public static final String MDC_SESSION_ID = "sessionId";
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionExtensions.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionExtensions.java
new file mode 100644
index 000000000..61b8f7bd3
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionExtensions.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.data;
+
+import java.io.Serializable;
+
+/**
+ * @author tlenz
+ *
+ */
+public class AuthenticationSessionExtensions implements Serializable{
+
+	private static final long serialVersionUID = 1L;
+	
+	private String uniqueSessionId = null;
+
+	/**
+	 * @return the uniqueSessionId
+	 */
+	public String getUniqueSessionId() {
+		return uniqueSessionId;
+	}
+
+	/**
+	 * @param uniqueSessionId the uniqueSessionId to set
+	 */
+	public void setUniqueSessionId(String uniqueSessionId) {
+		this.uniqueSessionId = uniqueSessionId;
+	}
+	
+	
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
index ee6f0d5a4..77f2cabc4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
@@ -10,6 +10,7 @@ import javax.servlet.http.HttpServletResponse;
 import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.commons.lang3.ObjectUtils;
 
+import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
 import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
@@ -114,6 +115,8 @@ public class CreateIdentityLinkFormTask extends AbstractAuthServletTask {
 
 		finally {
 			ConfigurationDBUtils.closeSession();
+			TransactionIDUtils.removeTransactionId();
+			TransactionIDUtils.removeSessionId();
 		}
 	}
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java
index 49aa1c0f5..40e9fc819 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java
@@ -13,6 +13,7 @@ import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
 import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
@@ -67,9 +68,12 @@ public class ProcessEngineSignalServlet extends AuthServlet {
 
 			// retrieve moa session
 			pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
+			AuthenticationSessionExtensions extendedSessionInformation = AuthenticationSessionStoreage.getAuthenticationSessionExtensions(sessionID);
 			AuthenticationSession session = AuthenticationServer.getSession(sessionID);
 
-			//add transactionID to Logger
+			//add transactionID and unique sessionID to Logger
+			if (extendedSessionInformation != null)
+				TransactionIDUtils.setSessionId(extendedSessionInformation.getUniqueSessionId());
 			TransactionIDUtils.setTransactionId(pendingRequestID);
 			
 			// process instance is mandatory
@@ -86,6 +90,7 @@ public class ProcessEngineSignalServlet extends AuthServlet {
 		} finally {
 			MOASessionDBUtils.closeSession();
 			TransactionIDUtils.removeTransactionId();
+			TransactionIDUtils.removeSessionId();
 			
 		}
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index cce260d04..b287eb014 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -52,6 +52,7 @@ import at.gv.egovernment.moa.id.moduls.IModulInfo;
 import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.moduls.ModulStorage;
 import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException;
+import at.gv.egovernment.moa.id.moduls.RequestImpl;
 import at.gv.egovernment.moa.id.moduls.RequestStorage;
 import at.gv.egovernment.moa.id.moduls.SSOManager;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestValidatorException;
@@ -240,12 +241,16 @@ public class DispatcherServlet extends AuthServlet{
 				}
 			}
 
+			IRequest protocolRequest = null;
+			String uniqueSessionIdentifier = null;
+
 			//get SSO Cookie for Request
 			SSOManager ssomanager = SSOManager.getInstance();
 			String ssoId = ssomanager.getSSOSessionID(req);
 			
-			IRequest protocolRequest = null;
-			
+			//load unique session identifier with SSO-sessionID
+			uniqueSessionIdentifier = ssomanager.getUniqueSessionIdentifier(ssoId);
+									
 			try {
 				Object idObject = req.getParameter(PARAM_TARGET_PENDINGREQUESTID);
 	
@@ -256,6 +261,10 @@ public class DispatcherServlet extends AuthServlet{
 					
 					//get IRequest if it exits
 					if (protocolRequest != null) {
+
+						//set session and transaction IDs
+						TransactionIDUtils.setTransactionId(protocolRequestID);
+						TransactionIDUtils.setSessionId(protocolRequest.getSessionIdentifier());						
 						Logger.debug(DispatcherServlet.class.getName()+": Found PendingRequest with ID " + protocolRequestID);
 						
 					} else {
@@ -266,6 +275,15 @@ public class DispatcherServlet extends AuthServlet{
 					}
 				} else {
 					try {
+						//set transactionID to Logger
+						protocolRequestID = Random.nextRandom();
+						
+						if (MiscUtil.isEmpty(uniqueSessionIdentifier))
+							uniqueSessionIdentifier = Random.nextRandom();
+						
+						TransactionIDUtils.setTransactionId(protocolRequestID);
+						TransactionIDUtils.setSessionId(uniqueSessionIdentifier);
+						
 						protocolRequest = info.preProcess(req, resp, action);
 						
 						//request is a valid interfederation response 
@@ -319,8 +337,8 @@ public class DispatcherServlet extends AuthServlet{
 							else
 								moduleAction = info.getAction(protocolRequest.requestedAction());
 							
-							protocolRequestID = Random.nextRandom();
-							protocolRequest.setRequestID(protocolRequestID);							
+							protocolRequest.setRequestID(protocolRequestID);
+							((RequestImpl)protocolRequest).setSessionIdentifier(uniqueSessionIdentifier);
 							RequestStorage.setPendingRequest(protocolRequest);							
 							Logger.debug(DispatcherServlet.class.getName()+": Create PendingRequest with ID " + protocolRequestID + ".");
 
@@ -546,12 +564,11 @@ public class DispatcherServlet extends AuthServlet{
 		
 	    finally {
 	    	ConfigurationDBUtils.closeSession();
+	        Logger.trace("Clossing Dispatcher processing loop");
+	        
 	    	TransactionIDUtils.removeTransactionId();
-	    	
+	    	TransactionIDUtils.removeSessionId();	    	
 	    }
-
-        Logger.info("Clossing Dispatcher processing loop");
-        Logger.info("Http response prepared sent: " + resp.toString());
 	}
 	
 	@Override
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 49f3df25c..cbfdfc36b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -569,7 +569,7 @@ public class AuthenticationManager implements MOAIDAuthConstants {
 		try {
 			//check if an MOASession exists and if not create an new MOASession
 			//moasession = getORCreateMOASession(request);
-			moasession = AuthenticationSessionStoreage.createSession(target.getRequestID());
+			moasession = AuthenticationSessionStoreage.createSession(target);
 			
 		} catch (MOADatabaseException e1) {
 			Logger.error("Database Error! MOASession can not be created!");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
index aaeb84f92..7fe933695 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
@@ -22,6 +22,7 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.moduls;
 
+import java.util.Date;
 import java.util.List;
 
 import org.opensaml.saml2.core.Attribute;
@@ -40,6 +41,7 @@ public interface IRequest {
 	public String getTarget();
 	public void setRequestID(String id);
 	public String getRequestID();	
+	public String getSessionIdentifier();
 	public String getRequestedIDP();
 	public MOAResponse getInterfederationResponse();
 	public List<Attribute> getRequestedAttributes();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
index 4a54a516b..77256c897 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
@@ -41,6 +41,7 @@ public abstract class RequestImpl implements IRequest, Serializable{
 	private String action = null;
 	private String target = null;
 	private String requestID;
+	private String sessionIdentifier;
 	
 	//MOA-ID interfederation
 	private String requestedIDP = null;
@@ -147,6 +148,14 @@ public abstract class RequestImpl implements IRequest, Serializable{
 		this.response = response;
 	}
 	
+	public String getSessionIdentifier() {
+		return this.sessionIdentifier;
+		
+	}
 	
+	public void setSessionIdentifier(String sessionIdentifier) {
+		this.sessionIdentifier = sessionIdentifier;
+		
+	}
 	
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java
index be8e2dc2a..f0b12431a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java
@@ -36,8 +36,9 @@ public class RequestStorage {
 			AssertionStorage storage = AssertionStorage.getInstance();
 			IRequest pendingRequest = storage.get(pendingReqID, IRequest.class);
 			
-			//set transactionID to Logger
+			//set transactionID and sessionID to Logger
 			TransactionIDUtils.setTransactionId(((IRequest)pendingRequest).getRequestID());
+			TransactionIDUtils.setSessionId(((IRequest)pendingRequest).getSessionIdentifier());
 			
 			return pendingRequest;
 		
@@ -54,10 +55,7 @@ public class RequestStorage {
 			
 			if (pendingRequest instanceof IRequest) {
 				storage.put(((IRequest)pendingRequest).getRequestID(), pendingRequest);
-				
-				//set transactionID to Logger
-				TransactionIDUtils.setTransactionId(((IRequest)pendingRequest).getRequestID());
-								
+												
 			} else {
 				throw new MOAIDException("auth.20", null);
 				
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
index 68545e1c2..04af8cea9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
@@ -25,10 +25,8 @@ package at.gv.egovernment.moa.id.moduls;
 import java.io.BufferedReader;
 import java.io.File;
 import java.io.FileInputStream;
-import java.io.IOException;
 import java.io.InputStream;
 import java.io.InputStreamReader;
-import java.io.Reader;
 import java.io.StringWriter;
 import java.net.URI;
 import java.util.Date;
@@ -38,23 +36,21 @@ import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.apache.velocity.Template;
 import org.apache.velocity.VelocityContext;
-import org.apache.velocity.app.Velocity;
 import org.apache.velocity.app.VelocityEngine;
 import org.hibernate.Query;
 import org.hibernate.Session;
 
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
 import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.config.ConfigurationException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
 import at.gv.egovernment.moa.id.util.Random;
 import at.gv.egovernment.moa.id.util.VelocityProvider;
@@ -192,6 +188,23 @@ public class SSOManager {
 		
 	}
 	
+	public String getUniqueSessionIdentifier(String ssoSessionID) {
+		try {
+			if (MiscUtil.isNotEmpty(ssoSessionID)) {			
+				String moaSessionID = AuthenticationSessionStoreage.getMOASessionSSOID(ssoSessionID);
+				if (MiscUtil.isNotEmpty(moaSessionID)) {
+					AuthenticationSessionExtensions extSessionInformation = AuthenticationSessionStoreage.getAuthenticationSessionExtensions(moaSessionID);
+						return extSessionInformation.getUniqueSessionId();
+			
+				}
+			} 
+		} catch (MOADatabaseException e) {
+			Logger.debug("No SSO Session with SSO sessionID: " + ssoSessionID);
+		}
+					
+		return null;		
+	}
+	
 	public String existsOldSSOSession(String ssoId) {
 		
 		Logger.trace("Check that the SSOID has already been used");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index cf20db7d9..045db3f45 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -57,6 +57,7 @@ import org.opensaml.xml.signature.SignableXMLObject;
 
 import java.util.Arrays;
 
+import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
@@ -252,11 +253,16 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
 				IRequest obj = RequestStorage.getPendingRequest(msg.getRelayState());
 				if (obj instanceof RequestImpl) {
 					RequestImpl iReqSP = (RequestImpl) obj;
-
+					
 					MOAResponse processedMsg = preProcessAuthResponse((MOAResponse) msg);
 					
 					if ( processedMsg != null ) {
-						iReqSP.setInterfederationResponse(processedMsg);						
+						iReqSP.setInterfederationResponse(processedMsg);
+
+						Logger.info("Receive a valid assertion from IDP " + msg.getEntityID() 
+								+ ". Switch to original transaction with ID " + iReqSP.getRequestID());
+						TransactionIDUtils.setTransactionId(iReqSP.getRequestID());
+						TransactionIDUtils.setSessionId(iReqSP.getSessionIdentifier());
 												
 					} else {
 						Logger.info("Interfederated IDP " + msg.getEntityID() + " has NO valid SSO session." 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
index 4288f48ad..541dc23b6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
@@ -33,7 +33,10 @@ import org.hibernate.Query;
 import org.hibernate.Session;
 import org.hibernate.Transaction;
 
+import com.fasterxml.jackson.core.JsonProcessingException;
+
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
@@ -42,6 +45,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionSto
 import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.commons.utils.JsonMapper;
 import at.gv.egovernment.moa.id.config.ConfigurationException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
@@ -60,6 +64,8 @@ public class AuthenticationSessionStoreage {
 
 	//private static HashMap<String, AuthenticationSession> sessionStore = new HashMap<String, AuthenticationSession>();
 
+	private static JsonMapper mapper = new JsonMapper();
+	
 	public static boolean isAuthenticated(String moaSessionID) {
 		
 		AuthenticatedSessionStore session;
@@ -73,34 +79,44 @@ public class AuthenticationSessionStoreage {
 		}
 	}
 
-	public static AuthenticationSession createSession(String pendingRequestID) throws MOADatabaseException, BuildException {
+	public static AuthenticationSession createSession(IRequest target) throws MOADatabaseException, BuildException {
 		String id = Random.nextRandom();
-
-		AuthenticatedSessionStore dbsession = new AuthenticatedSessionStore();
-		dbsession.setSessionid(id);
-		dbsession.setAuthenticated(false);
+		try {
+			AuthenticatedSessionStore dbsession = new AuthenticatedSessionStore();
+			dbsession.setSessionid(id);
+			dbsession.setAuthenticated(false);
 		
-		//set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
-		Date now = new Date();
-		dbsession.setCreated(now);
-		dbsession.setUpdated(now);
+			//set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
+			Date now = new Date();
+			dbsession.setCreated(now);
+			dbsession.setUpdated(now);
 		
-		dbsession.setPendingRequestID(pendingRequestID);
+			dbsession.setPendingRequestID(target.getRequestID());
 		
-		AuthenticationSession session = new AuthenticationSession(id, now);
-		encryptSession(session, dbsession);
+			//set additional session informations
+			AuthenticationSessionExtensions sessionExt = new AuthenticationSessionExtensions();
+			sessionExt.setUniqueSessionId(target.getSessionIdentifier());
+			dbsession.setAdditionalInformation(mapper.serialize(sessionExt));
 		
-		//store AssertionStore element to Database
-		try {
+			AuthenticationSession session = new AuthenticationSession(id, now);
+			encryptSession(session, dbsession);
+		
+			//store AssertionStore element to Database		
 			MOASessionDBUtils.saveOrUpdate(dbsession);
 			Logger.info("MOASession with sessionID=" + id + " is stored in Database");
 			
+			return session;
+			
 		} catch (MOADatabaseException e) {
 			Logger.warn("MOASession could not be created.");
 			throw new MOADatabaseException(e);
+			
+		} catch (JsonProcessingException e) {
+			Logger.warn("Extended session information can not be stored.", e);
+			throw new MOADatabaseException(e);
+			
 		}
-		
-		return session;
+				
 	}
 
 	public static AuthenticationSession getSession(String sessionID) throws MOADatabaseException {
@@ -118,6 +134,45 @@ public class AuthenticationSessionStoreage {
 			throw new MOADatabaseException("MOASession deserialization-exception");
 		}
 	}
+
+	public static AuthenticationSessionExtensions getAuthenticationSessionExtensions(String sessionID) throws MOADatabaseException {
+		AuthenticatedSessionStore dbsession = searchInDatabase(sessionID, true);
+		
+		if (MiscUtil.isNotEmpty(dbsession.getAdditionalInformation())) {
+			try {
+				return (AuthenticationSessionExtensions)mapper.deserialize(dbsession.getAdditionalInformation(), 
+						AuthenticationSessionExtensions.class);
+				
+			} catch (Exception e) {
+				Logger.warn("Extended session information extraction FAILED!", e);
+			}			
+		}
+		return null;
+		
+	}
+	
+	public static void setAuthenticationSessionExtensions(String sessionID, AuthenticationSessionExtensions sessionExtensions) throws MOADatabaseException {
+		try {
+			AuthenticatedSessionStore dbsession = searchInDatabase(sessionID, true);
+			
+			dbsession.setAdditionalInformation(
+					mapper.serialize(sessionExtensions));
+			
+			MOASessionDBUtils.saveOrUpdate(dbsession);
+			Logger.debug("MOASession with sessionID=" + sessionID + " is stored in Database");
+			
+			
+		} catch (MOADatabaseException e) {
+			Logger.warn("MOASession could not be stored.");
+			throw new MOADatabaseException(e);
+			
+		} catch (JsonProcessingException e) {
+			Logger.warn("Extended session information can not be stored.", e);
+			throw new MOADatabaseException("Extended session information can not be stored.", e);
+			
+		} 
+		
+	}
 	
 	public static void storeSession(AuthenticationSession session) throws MOADatabaseException, BuildException {
 		storeSession(session, null);
diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml
index 27beeaaf3..a8653509b 100644
--- a/id/server/moa-id-commons/pom.xml
+++ b/id/server/moa-id-commons/pom.xml
@@ -123,6 +123,13 @@
             <artifactId>mysql-connector-java</artifactId>
             <version>${mysql-connector.java}</version>
         </dependency>
+        
+        <dependency>
+					<groupId>com.fasterxml.jackson.core</groupId>
+					<artifactId>jackson-databind</artifactId>
+				</dependency>
+        
+        
     </dependencies>
 
     <build>
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java
index e27bd6cd7..af5950c98 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java
@@ -96,6 +96,10 @@ public class AuthenticatedSessionStore implements Serializable{
 	@Column(name = "pendingRequestID", nullable=true)
 	private String pendingRequestID =  "";
 	
+	@Column(name = "additionalInformation", nullable=true)
+	@Lob
+	private String additionalInformation;
+	
 	@Column(name = "created", updatable=false, nullable=false)
     @Temporal(TemporalType.TIMESTAMP)
     private Date created;
@@ -113,11 +117,6 @@ public class AuthenticatedSessionStore implements Serializable{
 	@OneToMany(mappedBy="moasession", cascade=CascadeType.ALL, fetch=FetchType.EAGER)
     private List<InterfederationSessionStore> inderfederation = null;
 
-    @PrePersist
-    protected void created() {
-    this.updated = this.created = new Date();
-    }
-
     @PreUpdate
     protected void lastUpdate() {
     this.updated = new Date();
@@ -262,6 +261,20 @@ public class AuthenticatedSessionStore implements Serializable{
 	public void setInterfederatedSSOSession(boolean isInterfederatedSSOSession) {
 		this.isInterfederatedSSOSession = isInterfederatedSSOSession;
 	}
+
+	/**
+	 * @return the additionalInformation
+	 */
+	public String getAdditionalInformation() {
+		return additionalInformation;
+	}
+
+	/**
+	 * @param additionalInformation the additionalInformation to set
+	 */
+	public void setAdditionalInformation(String additionalInformation) {
+		this.additionalInformation = additionalInformation;
+	}
 	
 	
 
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/JsonMapper.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/JsonMapper.java
new file mode 100644
index 000000000..7940955e2
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/JsonMapper.java
@@ -0,0 +1,73 @@
+package at.gv.egovernment.moa.id.commons.utils;
+
+import java.io.IOException;
+
+import com.fasterxml.jackson.annotation.JsonAutoDetect.Visibility;
+import com.fasterxml.jackson.annotation.PropertyAccessor;
+import com.fasterxml.jackson.core.JsonParseException;
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.JavaType;
+import com.fasterxml.jackson.databind.JsonMappingException;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.SerializationFeature;
+import com.fasterxml.jackson.databind.type.TypeFactory;
+
+/**
+ * Helper class to handle the JSON (de-)serialization.
+ *
+ */
+public class JsonMapper {
+
+	private ObjectMapper mapper = new ObjectMapper();
+
+	/**
+	 * The default constructor where the default pretty printer is disabled.
+	 */
+	public JsonMapper() {
+		this(false);
+	}
+
+	/**
+	 * The constructor.
+	 * @param prettyPrint enables or disables the default pretty printer
+	 */
+	public JsonMapper(boolean prettyPrint) {
+		mapper.setVisibility(PropertyAccessor.ALL, Visibility.NONE);
+		mapper.setVisibility(PropertyAccessor.GETTER, Visibility.PUBLIC_ONLY);
+		mapper.setVisibility(PropertyAccessor.IS_GETTER, Visibility.PUBLIC_ONLY);
+		if (prettyPrint) {
+			mapper.enable(SerializationFeature.INDENT_OUTPUT);
+		}
+	}
+
+	/**
+	 * Serialize an object to a JSON string.
+	 * @param value the object to serialize
+	 * @return a JSON string
+	 * @throws JsonProcessingException thrown when an error occurs during serialization
+	 */
+	public String serialize(Object value) throws JsonProcessingException {
+		return mapper.writeValueAsString(value);
+	}
+
+	/**
+	 * Deserialize a JSON string.
+	 * 
+	 * @param value the JSON string to deserialize
+	 * @param clazz optional parameter that determines the type of the returned object. If not set, an {@link Object} is returned.
+	 * @return the deserialized JSON string as an object of type {@code clazz} or {@link Object}
+	 * @throws JsonParseException if the JSON string contains invalid content.
+	 * @throws JsonMappingException if the input JSON structure does not match structure expected for result type
+	 * @throws IOException if an I/O problem occurs (e.g. unexpected end-of-input)
+	 */
+	public <T> Object deserialize(String value, Class<T> clazz) throws JsonParseException, JsonMappingException, IOException{
+
+		ObjectMapper mapper = new ObjectMapper();
+		if (clazz != null) {
+			JavaType javaType = TypeFactory.defaultInstance().constructType(clazz);
+			return mapper.readValue(value, javaType);
+		} else {
+			return mapper.readValue(value, Object.class);
+		}
+	}
+}
diff --git a/pom.xml b/pom.xml
index 2ecc43a21..fcf249349 100644
--- a/pom.xml
+++ b/pom.xml
@@ -45,6 +45,7 @@
 			<org.apache.commons.lang3.version>3.4</org.apache.commons.lang3.version>
 			<org.apache.commons.collections4.version>4.0</org.apache.commons.collections4.version>
 			<jodatime.version>2.7</jodatime.version>
+			<jackson-version>2.5.0</jackson-version>
 			
     </properties>
 
@@ -658,6 +659,26 @@
 				<version>${org.springframework.version}</version>
 			</dependency>
 			
+			
+			            <!-- the core, which includes Streaming API, shared low-level abstractions (but NOT data-binding) -->
+            <dependency>
+                <groupId>com.fasterxml.jackson.core</groupId>
+                <artifactId>jackson-core</artifactId>
+                <version>${jackson-version}</version>
+			</dependency>
+			<!-- databinding; ObjectMapper, JsonNode and related classes are here -->
+			<dependency>
+                <groupId>com.fasterxml.jackson.core</groupId>
+                <artifactId>jackson-databind</artifactId>
+                <version>${jackson-version}</version>
+            </dependency>
+            <dependency>
+                <groupId>com.fasterxml.jackson.core</groupId>
+                <artifactId>jackson-annotations</artifactId>
+                <version>${jackson-version}</version>
+            </dependency>
+			
+			
         </dependencies>
     </dependencyManagement>
author	Thomas Lenz <tlenz@iaik.tugraz.at>	2015-04-22 13:28:59 +0200
committer	Thomas Lenz <tlenz@iaik.tugraz.at>	2015-04-22 13:28:59 +0200
commit	57a308e8e61dd1dd435b149ec01a66059f10adfb (patch)
tree	f4de9d06a78df1c62c00814d01961a9ea9987949
parent	ec2ab41165db55c77ebc203091f6d9f5effa95b5 (diff)
download	moa-id-spss-57a308e8e61dd1dd435b149ec01a66059f10adfb.tar.gz moa-id-spss-57a308e8e61dd1dd435b149ec01a66059f10adfb.tar.bz2 moa-id-spss-57a308e8e61dd1dd435b149ec01a66059f10adfb.zip