diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2016-10-25 16:23:23 +0200 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2016-10-25 16:23:23 +0200 |
commit | f10fb18bac8e4b98460d100a4af42a943ddb75df (patch) | |
tree | d53343fb928cb0186f6fa88ef2684bbea490b413 /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules | |
parent | 83a92eead9d389060ec43e9459c5a1367aefc29a (diff) | |
download | moa-id-spss-f10fb18bac8e4b98460d100a4af42a943ddb75df.tar.gz moa-id-spss-f10fb18bac8e4b98460d100a4af42a943ddb75df.tar.bz2 moa-id-spss-f10fb18bac8e4b98460d100a4af42a943ddb75df.zip |
fix another problem in session database
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules')
3 files changed, 22 insertions, 35 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java index 1b78ff677..ec6dbc951 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java @@ -22,18 +22,16 @@ import org.springframework.beans.factory.annotation.Autowired; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.moduls.IRequestStorage;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.process.springweb.MoaIdTask;
import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController;
-import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
/**
* Task based counterpart to {@link AuthServlet}, providing the same utility methods (error handling, parameter parsing
@@ -42,14 +40,14 @@ import at.gv.egovernment.moa.util.MiscUtil; public abstract class AbstractAuthServletTask extends MoaIdTask {
@Autowired protected IRequestStorage requestStoreage;
- @Autowired protected IAuthenticationSessionStoreage authenticatedSessionStorage;
+ //@Autowired protected IAuthenticationSessionStoreage authenticatedSessionStorage;
@Autowired protected MOAReversionLogger revisionsLogger;
@Autowired protected AuthConfiguration authConfig;
protected static final String ERROR_CODE_PARAM = "errorid";
protected IRequest pendingReq = null;
- protected AuthenticationSession moasession = null;
+ protected IAuthenticationSession moasession = null;
public abstract void execute(ExecutionContext executionContext, HttpServletRequest request,
HttpServletResponse response) throws TaskExecutionException;
@@ -77,28 +75,8 @@ public abstract class AbstractAuthServletTask extends MoaIdTask { * @throws MOADatabaseException
*/
protected void defaultTaskInitialization(HttpServletRequest req, ExecutionContext executionContext) throws MOAIDException, MOADatabaseException {
- String moasessionid = pendingReq.getMOASessionIdentifier();
- if (MiscUtil.isEmpty(moasessionid)) {
- Logger.warn("MOASessionID is empty.");
- throw new MOAIDException("auth.18", new Object[] {});
- }
-
- try {
- moasession = authenticatedSessionStorage.getSession(moasessionid);
-
- if (moasession == null) {
- Logger.warn("MOASessionID is empty.");
- throw new MOAIDException("auth.18", new Object[] {});
- }
-
- } catch (MOADatabaseException e) {
- Logger.info("MOASession with SessionID=" + moasessionid + " is not found in Database");
- throw new MOAIDException("init.04", new Object[] { moasessionid });
-
- } catch (Throwable e) {
- Logger.info("No HTTP Session found!");
- throw new MOAIDException("auth.18", new Object[] {});
- }
+ Logger.trace("Get MOASessionData object from pendingReq:" + pendingReq.getRequestID());
+ moasession = pendingReq.getMOASession();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java index dfb90da3a..1c26ff5ec 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java @@ -30,6 +30,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; @@ -37,6 +38,7 @@ import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.moduls.SSOManager; import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -53,6 +55,7 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask { private static final String PARAM_SSO_CONSENTS = "value"; @Autowired private SSOManager ssoManager; + @Autowired protected IAuthenticationSessionStoreage authenticatedSessionStorage; /* (non-Javadoc) * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) @@ -72,12 +75,16 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask { ssoConsents = Boolean.parseBoolean(ssoConsentsString); //perform default task initialization - defaultTaskInitialization(request, executionContext); + //defaultTaskInitialization(request, executionContext); //check SSO session cookie and MOASession object String ssoId = ssoManager.getSSOSessionID(request); - boolean isValidSSOSession = ssoManager.isValidSSOSession(ssoId, pendingReq); - if (!(isValidSSOSession && moasession.isAuthenticated() )) { + boolean isValidSSOSession = ssoManager.isValidSSOSession(ssoId, pendingReq); + + //load MOA SSO-session from database + AuthenticationSession ssoMOSSession = authenticatedSessionStorage.getInternalSSOSession(pendingReq.getInternalSSOSessionIdentifier()); + + if (!(isValidSSOSession && ssoMOSSession.isAuthenticated() )) { Logger.info("Single Sign-On consents evaluator found NO valid SSO session. Stopping authentication process ..."); throw new AuthenticationException("auth.30", null); @@ -86,8 +93,13 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask { //Log consents evaluator event to revisionslog revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_FINISHED, String.valueOf(ssoConsents)); + //Populate this pending request with SSO session information + pendingReq.populateMOASessionWithSSOInformation(ssoMOSSession); + + //user allow single sign-on authentication if (ssoConsents) { + //authenticate pending-request pendingReq.setAuthenticated(true); pendingReq.setAbortedByUser(false); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java index 6a1ed7203..4eff0fcf5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java @@ -31,7 +31,6 @@ import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; @@ -53,12 +52,10 @@ public class FinalizeAuthenticationTask extends AbstractAuthServletTask { try { defaultTaskInitialization(request, executionContext); - //set MOASession to authenticated and store MOASession + //set MOASession to authenticated moasession.setAuthenticated(true); - String newMOASessionID = authenticatedSessionStorage.changeSessionID(moasession); - //set pendingRequest to authenticated and set new MOASessionID - ((RequestImpl)pendingReq).setMOASessionIdentifier(newMOASessionID); + //set pending request to authenticated pendingReq.setAuthenticated(true); requestStoreage.storePendingRequest(pendingReq); |