implement configuration tool single logout

1 files changed, 32 insertions, 15 deletions

diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java
index 190773bf0..9ca1d08cc 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java
@@ -43,6 +43,7 @@ import javax.servlet.http.HttpSession;
 
 import at.gv.egovernment.moa.id.configuration.Constants;
 import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
+import at.gv.egovernment.moa.id.configuration.auth.AuthenticationManager;
 import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
 import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -136,12 +137,26 @@ public class AuthenticationFilter implements Filter{
 		
 		HttpSession session = httpServletRequest.getSession();
 		
-		Object authuser = session.getAttribute(Constants.SESSION_AUTH);
+		Object authuserobj = session.getAttribute(Constants.SESSION_AUTH);		
+		AuthenticatedUser authuser = (AuthenticatedUser) authuserobj;
 		
         String requestURL = WebAppUtil.getRequestURLWithParameters(httpServletRequest, true);
         
 		log.trace("Request URL: " + requestURL);
 		
+		AuthenticationManager authManager = AuthenticationManager.getInstance();
+		if (!authManager.isActiveUser(authuser)) {
+			//user is not active anymore. Invalidate session and reauthenticate user
+			String authID = (String) session.getAttribute(Constants.SESSION_PVP2REQUESTID);
+			session.invalidate();
+			authuser = null;
+			
+			//TODO: set infotext
+			
+			session = httpServletRequest.getSession(true);
+			session.setAttribute(Constants.SESSION_PVP2REQUESTID, authID);
+		}
+				
 		if (authuser == null && !this.isExcluded(requestURL)) {
 			
 			if (config.isLoginDeaktivated()) {
@@ -151,6 +166,8 @@ public class AuthenticationFilter implements Filter{
 				if (authuser == null) {
 
 					authuser = AuthenticatedUser.generateDefaultUser();
+					authManager.setActiveUser(authuser);
+					
 					//authuser = new AuthenticatedUser(1, "Max", "TestUser", true, false);
 					httpServletRequest.getSession().setAttribute(Constants.SESSION_AUTH, authuser);
 				}
@@ -188,23 +205,23 @@ public class AuthenticationFilter implements Filter{
 	            	return;
 	                   
 	            }
-
 			}
-		}
-		try {	
-			filterchain.doFilter(req, resp);
 			
-		} catch (Exception e) {
+		} else {
+			try {	
+				filterchain.doFilter(req, resp);
+			
+			} catch (Exception e) {
 						
-//			String redirectURL = "./index.action";
-//			HttpServletResponse httpResp = (HttpServletResponse) resp;
-//			redirectURL = httpResp.encodeRedirectURL(redirectURL);
-//			resp.setContentType("text/html");
-//			((HttpServletResponse) resp).setStatus(302);
-//			httpResp.addHeader("Location", redirectURL);
-//			log.warn("A Filter Error occurs -> Redirect to Login-Form");
-		}
-		
+				//String redirectURL = "./index.action";
+				//HttpServletResponse httpResp = (HttpServletResponse) resp;
+				//redirectURL = httpResp.encodeRedirectURL(redirectURL);
+				//resp.setContentType("text/html");
+				//((HttpServletResponse) resp).setStatus(302);
+				//httpResp.addHeader("Location", redirectURL);
+				//log.warn("A Filter Error occurs -> Redirect to Login-Form");
+			}
+		}		
 	}
 
 	public void init(FilterConfig filterConfig) throws ServletException {