aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2016-10-25 16:23:23 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2016-10-25 16:23:23 +0200
commitf10fb18bac8e4b98460d100a4af42a943ddb75df (patch)
treed53343fb928cb0186f6fa88ef2684bbea490b413 /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules
parent83a92eead9d389060ec43e9459c5a1367aefc29a (diff)
downloadmoa-id-spss-f10fb18bac8e4b98460d100a4af42a943ddb75df.tar.gz
moa-id-spss-f10fb18bac8e4b98460d100a4af42a943ddb75df.tar.bz2
moa-id-spss-f10fb18bac8e4b98460d100a4af42a943ddb75df.zip
fix another problem in session database
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java32
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java18
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java7
3 files changed, 22 insertions, 35 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java
index 1b78ff677..ec6dbc951 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java
@@ -22,18 +22,16 @@ import org.springframework.beans.factory.annotation.Autowired;
import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.moduls.IRequestStorage;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.process.springweb.MoaIdTask;
import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController;
-import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
/**
* Task based counterpart to {@link AuthServlet}, providing the same utility methods (error handling, parameter parsing
@@ -42,14 +40,14 @@ import at.gv.egovernment.moa.util.MiscUtil;
public abstract class AbstractAuthServletTask extends MoaIdTask {
@Autowired protected IRequestStorage requestStoreage;
- @Autowired protected IAuthenticationSessionStoreage authenticatedSessionStorage;
+ //@Autowired protected IAuthenticationSessionStoreage authenticatedSessionStorage;
@Autowired protected MOAReversionLogger revisionsLogger;
@Autowired protected AuthConfiguration authConfig;
protected static final String ERROR_CODE_PARAM = "errorid";
protected IRequest pendingReq = null;
- protected AuthenticationSession moasession = null;
+ protected IAuthenticationSession moasession = null;
public abstract void execute(ExecutionContext executionContext, HttpServletRequest request,
HttpServletResponse response) throws TaskExecutionException;
@@ -77,28 +75,8 @@ public abstract class AbstractAuthServletTask extends MoaIdTask {
* @throws MOADatabaseException
*/
protected void defaultTaskInitialization(HttpServletRequest req, ExecutionContext executionContext) throws MOAIDException, MOADatabaseException {
- String moasessionid = pendingReq.getMOASessionIdentifier();
- if (MiscUtil.isEmpty(moasessionid)) {
- Logger.warn("MOASessionID is empty.");
- throw new MOAIDException("auth.18", new Object[] {});
- }
-
- try {
- moasession = authenticatedSessionStorage.getSession(moasessionid);
-
- if (moasession == null) {
- Logger.warn("MOASessionID is empty.");
- throw new MOAIDException("auth.18", new Object[] {});
- }
-
- } catch (MOADatabaseException e) {
- Logger.info("MOASession with SessionID=" + moasessionid + " is not found in Database");
- throw new MOAIDException("init.04", new Object[] { moasessionid });
-
- } catch (Throwable e) {
- Logger.info("No HTTP Session found!");
- throw new MOAIDException("auth.18", new Object[] {});
- }
+ Logger.trace("Get MOASessionData object from pendingReq:" + pendingReq.getRequestID());
+ moasession = pendingReq.getMOASession();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java
index dfb90da3a..1c26ff5ec 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java
@@ -30,6 +30,7 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
@@ -37,6 +38,7 @@ import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.moduls.SSOManager;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -53,6 +55,7 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask {
private static final String PARAM_SSO_CONSENTS = "value";
@Autowired private SSOManager ssoManager;
+ @Autowired protected IAuthenticationSessionStoreage authenticatedSessionStorage;
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
@@ -72,12 +75,16 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask {
ssoConsents = Boolean.parseBoolean(ssoConsentsString);
//perform default task initialization
- defaultTaskInitialization(request, executionContext);
+ //defaultTaskInitialization(request, executionContext);
//check SSO session cookie and MOASession object
String ssoId = ssoManager.getSSOSessionID(request);
- boolean isValidSSOSession = ssoManager.isValidSSOSession(ssoId, pendingReq);
- if (!(isValidSSOSession && moasession.isAuthenticated() )) {
+ boolean isValidSSOSession = ssoManager.isValidSSOSession(ssoId, pendingReq);
+
+ //load MOA SSO-session from database
+ AuthenticationSession ssoMOSSession = authenticatedSessionStorage.getInternalSSOSession(pendingReq.getInternalSSOSessionIdentifier());
+
+ if (!(isValidSSOSession && ssoMOSSession.isAuthenticated() )) {
Logger.info("Single Sign-On consents evaluator found NO valid SSO session. Stopping authentication process ...");
throw new AuthenticationException("auth.30", null);
@@ -86,8 +93,13 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask {
//Log consents evaluator event to revisionslog
revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_FINISHED, String.valueOf(ssoConsents));
+ //Populate this pending request with SSO session information
+ pendingReq.populateMOASessionWithSSOInformation(ssoMOSSession);
+
+
//user allow single sign-on authentication
if (ssoConsents) {
+
//authenticate pending-request
pendingReq.setAuthenticated(true);
pendingReq.setAbortedByUser(false);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java
index 6a1ed7203..4eff0fcf5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java
@@ -31,7 +31,6 @@ import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.moduls.RequestImpl;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.logging.Logger;
@@ -53,12 +52,10 @@ public class FinalizeAuthenticationTask extends AbstractAuthServletTask {
try {
defaultTaskInitialization(request, executionContext);
- //set MOASession to authenticated and store MOASession
+ //set MOASession to authenticated
moasession.setAuthenticated(true);
- String newMOASessionID = authenticatedSessionStorage.changeSessionID(moasession);
- //set pendingRequest to authenticated and set new MOASessionID
- ((RequestImpl)pendingReq).setMOASessionIdentifier(newMOASessionID);
+ //set pending request to authenticated
pendingReq.setAuthenticated(true);
requestStoreage.storePendingRequest(pendingReq);
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-13 16:42:40 +0000