diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2016-02-19 12:08:52 +0100 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2016-02-19 12:08:52 +0100 |
commit | 7cc2776bfc79dd6e83f2b3c9b642b560a6b1ec94 (patch) | |
tree | 676bcadc6507aa557a2024df7bffd1e1d62dce64 /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules | |
parent | 18f7c6609058ed5c3bfb59c625682f4f4a53d75d (diff) | |
download | moa-id-spss-7cc2776bfc79dd6e83f2b3c9b642b560a6b1ec94.tar.gz moa-id-spss-7cc2776bfc79dd6e83f2b3c9b642b560a6b1ec94.tar.bz2 moa-id-spss-7cc2776bfc79dd6e83f2b3c9b642b560a6b1ec94.zip |
optimize authentication process in respect to session-transaction and transaction-store read/write operations
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules')
6 files changed, 51 insertions, 151 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java index 559d4fd4f..8c7583855 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java @@ -1,7 +1,5 @@ package at.gv.egovernment.moa.id.auth.modules;
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID;
-
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
@@ -19,13 +17,10 @@ import org.apache.commons.fileupload.FileItemFactory; import org.apache.commons.fileupload.FileUploadException;
import org.apache.commons.fileupload.disk.DiskFileItemFactory;
import org.apache.commons.fileupload.servlet.ServletFileUpload;
-import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.lang3.ArrayUtils;
-import org.apache.commons.lang3.ObjectUtils;
import org.springframework.beans.factory.annotation.Autowired;
import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
@@ -56,31 +51,40 @@ public abstract class AbstractAuthServletTask extends MoaIdTask { protected IRequest pendingReq = null;
protected AuthenticationSession moasession = null;
- protected void defaultTaskInitialization(HttpServletRequest req, ExecutionContext executionContext) throws MOAIDException, MOADatabaseException {
- String pendingRequestID = StringEscapeUtils.escapeHtml(
- ObjectUtils.defaultIfNull(
- (String) executionContext.get(PARAM_TARGET_PENDINGREQUESTID),
- req.getParameter(PARAM_TARGET_PENDINGREQUESTID)));
+ public abstract void execute(ExecutionContext executionContext, HttpServletRequest request,
+ HttpServletResponse response) throws TaskExecutionException;
+
+
+ protected final IRequest internalExecute(IRequest pendingReq, ExecutionContext executionContext, HttpServletRequest request,
+ HttpServletResponse response) throws TaskExecutionException {
+ //set pending-request object
+ this.pendingReq = pendingReq;
- if (MiscUtil.isEmpty(pendingRequestID)) {
- Logger.info("No PendingRequestID received");
- throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"});
- }
+ //execute task specific action
+ execute(executionContext, request, response);
- pendingReq = requestStoreage.getPendingRequest(pendingRequestID);
+ //return pending-request object
+ return this.pendingReq;
+ }
- if (pendingReq == null) {
- Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");
- throw new MOAIDException("auth.28", new Object[]{pendingRequestID});
-
+
+ /**
+ * Default initialization loads the MOASession object from database
+ *
+ * @param req
+ * @param executionContext
+ * @throws MOAIDException
+ * @throws MOADatabaseException
+ */
+ protected void defaultTaskInitialization(HttpServletRequest req, ExecutionContext executionContext) throws MOAIDException, MOADatabaseException {
+ String moasessionid = pendingReq.getMOASessionIdentifier();
+ if (MiscUtil.isEmpty(moasessionid)) {
+ Logger.warn("MOASessionID is empty.");
+ throw new MOAIDException("auth.18", new Object[] {});
}
-
- //change pending-request ID
- String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq);
- executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID);
-
+
try {
- moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier());
+ moasession = authenticatedSessionStorage.getSession(moasessionid);
if (moasession == null) {
Logger.warn("MOASessionID is empty.");
@@ -88,8 +92,8 @@ public abstract class AbstractAuthServletTask extends MoaIdTask { }
} catch (MOADatabaseException e) {
- Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database");
- throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() });
+ Logger.info("MOASession with SessionID=" + moasessionid + " is not found in Database");
+ throw new MOAIDException("init.04", new Object[] { moasessionid });
} catch (Throwable e) {
Logger.info("No HTTP Session found!");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java index d0c12a6f3..951a04cf6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java @@ -55,7 +55,6 @@ import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; @@ -85,9 +84,6 @@ public class CreateInterfedeartionRequestTask extends AbstractAuthServletTask { throws TaskExecutionException { boolean requiredLocalAuthentication = true; - IRequest pendingReq = requestStoreage.getPendingRequest( - (String) executionContext.get(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID)); - String idpEntityID = (String) executionContext.get(MOAIDAuthConstants.PROCESSCONTEXT_INTERFEDERATION_ENTITYID); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java index 3b18959a5..2f6137244 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java @@ -31,10 +31,8 @@ import org.apache.commons.lang.StringEscapeUtils; import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -53,60 +51,19 @@ public class EvaluateBKUSelectionTask extends AbstractAuthServletTask { public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { try { - //load pending request - String pendingReqID = request.getParameter(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID); - pendingReqID = StringEscapeUtils.escapeHtml(pendingReqID); - pendingReq = requestStoreage.getPendingRequest(pendingReqID); - - if (pendingReq == null) { - Logger.info("No PendingRequest with Id: " + executionContext.get("pendingRequestID") + " Maybe, a transaction timeout occure."); - throw new MOAIDException("auth.28", new Object[]{executionContext.get("pendingRequestID")}); - - } - - //change pending-request ID - String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq); - executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID); - - String moaSessionID = pendingReq.getMOASessionIdentifier(); - try { - moasession = authenticatedSessionStorage.getSession(moaSessionID); - - if (moasession == null) { - Logger.info("MOASession with SessionID="+ moaSessionID + " is not found in Database"); - throw new MOAIDException("init.04", new Object[] { - moaSessionID}); - - } - - // set parameter execution context - Enumeration<String> reqParamNames = request.getParameterNames(); - while(reqParamNames.hasMoreElements()) { - String paramName = reqParamNames.nextElement(); - if (MiscUtil.isNotEmpty(paramName) && - !MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID.equalsIgnoreCase(paramName)) - executionContext.put(paramName, request.getParameter(paramName)); - - } - - Logger.info("BKU is selected finished -> Start BKU communication ..."); - - } catch (MOADatabaseException e) { - Logger.info("MOASession with SessionID="+ moaSessionID + " is not found in Database"); - throw new MOAIDException("init.04", new Object[] { - moaSessionID}); + // set parameter execution context + Enumeration<String> reqParamNames = request.getParameterNames(); + while(reqParamNames.hasMoreElements()) { + String paramName = reqParamNames.nextElement(); + if (MiscUtil.isNotEmpty(paramName) && + !MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID.equalsIgnoreCase(paramName)) + executionContext.put(paramName, + StringEscapeUtils.escapeHtml(request.getParameter(paramName))); - } catch (Throwable e) { - Logger.info("No HTTP Session found!"); - throw new MOAIDException("auth.18", new Object[] {}); } - - - - - } catch (MOAIDException e) { - throw new TaskExecutionException(pendingReq, e.getMessage(), e); - + + Logger.info("BKU is selected finished -> Start BKU selection evaluation ..."); + } catch (Exception e) { Logger.warn("EvaluateBKUSelectionTask has an internal error", e); throw new TaskExecutionException(pendingReq, e.getMessage(), e); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java index d1d2cdca8..816c05eab 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java @@ -31,11 +31,9 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; /** * @author tlenz @@ -53,44 +51,8 @@ public class FinalizeAuthenticationTask extends AbstractAuthServletTask { throws TaskExecutionException { try { - pendingReq = requestStoreage.getPendingRequest( - (String) executionContext.get(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID)); - - if (pendingReq == null) { - Logger.info("No PendingRequest with Id: " + executionContext.get("pendingRequestID") + " Maybe, a transaction timeout occure."); - throw new MOAIDException("auth.28", new Object[]{executionContext.get("pendingRequestID")}); - - } - - //get Session from context - String moasessionid = pendingReq.getMOASessionIdentifier(); - if (MiscUtil.isEmpty(moasessionid)) { - Logger.warn("MOASessionID is empty."); - throw new MOAIDException("auth.18", new Object[] {}); - } - - try { - moasession = authenticatedSessionStorage.getSession(moasessionid); - if (moasession == null) { - Logger.info("MOASession with SessionID=" + moasessionid + " is not found in Database"); - throw new MOAIDException("init.04", new Object[] { moasessionid }); - - } - - - } catch (MOADatabaseException e) { - Logger.info("MOASession with SessionID=" + moasessionid + " is not found in Database"); - throw new MOAIDException("init.04", new Object[] { moasessionid }); - - } catch (Throwable e) { - Logger.info("No HTTP Session found!"); - throw new MOAIDException("auth.18", new Object[] {}); - - } finally { - executionContext.remove(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID); - - } - + defaultTaskInitialization(request, executionContext); + //set MOASession to authenticated and store MOASession moasession.setAuthenticated(true); String newMOASessionID = authenticatedSessionStorage.changeSessionID(moasession); @@ -110,8 +72,11 @@ public class FinalizeAuthenticationTask extends AbstractAuthServletTask { Logger.warn("FinalizeAuthenticationTask has an internal error", e); throw new TaskExecutionException(pendingReq, e.getMessage(), e); + } finally { + executionContext.remove(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID); + } - + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java index 47b68bc51..6ff730898 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java @@ -30,7 +30,6 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; @@ -53,16 +52,7 @@ public class GenerateBKUSelectionFrameTask extends AbstractAuthServletTask { @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { - try { - pendingReq = requestStoreage.getPendingRequest( - (String) executionContext.get(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID)); - - if (pendingReq == null) { - Logger.info("No PendingRequest with Id: " + executionContext.get("pendingRequestID") + " Maybe, a transaction timeout occure."); - throw new MOAIDException("auth.28", new Object[]{executionContext.get("pendingRequestID")}); - - } - + try { revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, MOAIDEventConstants.AUTHPROCESS_BKUSELECTION_INIT); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java index d7859dd8b..920b0e2b4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java @@ -30,12 +30,10 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.registration.ModuleRegistration; -import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.process.ExecutionContextImpl; import at.gv.egovernment.moa.id.process.ProcessEngine; @@ -57,17 +55,7 @@ public class RestartAuthProzessManagement extends AbstractAuthServletTask { @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { - IRequest pendingReq = null; - try { - pendingReq = requestStoreage.getPendingRequest( - (String) executionContext.get(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID)); - - if (pendingReq == null) { - Logger.info("No PendingRequest with Id: " + executionContext.get("pendingRequestID") + " Maybe, a transaction timeout occure."); - throw new MOAIDException("auth.28", new Object[]{executionContext.get("pendingRequestID")}); - - } - + try { //create a new execution context and copy all elements to new context ExecutionContext newec = new ExecutionContextImpl(); Set<String> entries = executionContext.keySet(); @@ -107,7 +95,7 @@ public class RestartAuthProzessManagement extends AbstractAuthServletTask { Logger.info("BKU is selected -> Start BKU communication ..."); // start process - processEngine.start(processInstanceId); + processEngine.start(pendingReq); } catch (MOAIDException e) { |