+ cleanup MOAIDSession class

+ update authentication process to use new MOAIDSession class
+ move MOAIDSession to Hibernate Database
+ activate Mandates for SAML1

!!Stork authentication not tested!!

1 files changed, 24 insertions, 17 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
index 04fbc0588..a74635232 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
@@ -50,6 +50,7 @@ import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.config.ConnectionParameter;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.moduls.ModulUtils;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 import at.gv.egovernment.moa.id.util.SSLUtils;
 import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
@@ -164,7 +165,7 @@ public class GetMISSessionIDServlet extends AuthServlet {
 	    	

 	    	

 	    	// verify mandate signature

-	    	AuthenticationServer.getInstance().verifyMandate(sessionID, mandate);

+	    	AuthenticationServer.getInstance().verifyMandate(session, mandate);

 
 	    	byte[] byteMandate = mandate.getMandate();
 	    	String stringMandate = new String(byteMandate);
@@ -176,26 +177,32 @@ public class GetMISSessionIDServlet extends AuthServlet {
 	    	
 	    	String redirectURL = null;
 	    	String samlArtifactBase64 = 
-				AuthenticationServer.getInstance().verifyAuthenticationBlockMandate(sessionID, mandateDoc);
+				AuthenticationServer.getInstance().verifyAuthenticationBlockMandate(session, mandateDoc);
 	    	
 	    	
 	    	if (!samlArtifactBase64.equals("Redirect to Input Processor")) {
-				  redirectURL = session.getOAURLRequested();
-	  			if (!session.getBusinessService()) {
-	          redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8"));
-	        }
-	  			redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
-	  			redirectURL = resp.encodeRedirectURL(redirectURL);
-				} else {
-		      redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());
-				}
-				resp.setContentType("text/html");
-				resp.setStatus(302);
+//				redirectURL = session.getOAURLRequested();
+//	  			
+//				if (!session.getBusinessService()) {
+//					redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8"));
+//				}
+//				
+//	  			redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
+//	  			redirectURL = resp.encodeRedirectURL(redirectURL);
+	    		
+				redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), 
+						ModulUtils.buildAuthURL(session.getModul(), session.getAction()), samlArtifactBase64);
 				
-				resp.addHeader("Location", redirectURL);			
-				Logger.debug("REDIRECT TO: " + redirectURL);
-	    		    	

-			    		      

+	    	} else {
+		      redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());
+		      
+			}
+			resp.setContentType("text/html");
+			resp.setStatus(302);
+			
+			resp.addHeader("Location", redirectURL);			
+			Logger.debug("REDIRECT TO: " + redirectURL);
+	    		    	    		      

 	    }

 	    catch (MOAIDException ex) {

 	      handleError(null, ex, req, resp);