diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2014-06-06 13:49:25 +0200 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2014-06-06 13:49:25 +0200 |
commit | f54870a55c9830caa2862d95e2e7f8f3cd6e0243 (patch) | |
tree | fb25a52c2f8afad1adafa3d92696aa21ad9e81ed /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet | |
parent | 0334cd30ddd9719b0801a274250be8476e0e95be (diff) | |
download | moa-id-spss-f54870a55c9830caa2862d95e2e7f8f3cd6e0243.tar.gz moa-id-spss-f54870a55c9830caa2862d95e2e7f8f3cd6e0243.tar.bz2 moa-id-spss-f54870a55c9830caa2862d95e2e7f8f3cd6e0243.zip |
final betaversion if MOA-ID-Auth Single LogOut
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet')
3 files changed, 135 insertions, 11 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java new file mode 100644 index 000000000..ac4e56023 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java @@ -0,0 +1,122 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.servlet; + +import java.io.IOException; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.velocity.VelocityContext; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.moduls.AuthenticationManager; +import at.gv.egovernment.moa.id.moduls.SSOManager; +import at.gv.egovernment.moa.id.storage.AssertionStorage; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class IDPSingleLogOutServlet extends AuthServlet { + + private static final long serialVersionUID = -1301786072691577221L; + + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + Logger.debug("receive IDP SingleLogOut Request"); + SSOManager ssomanager = SSOManager.getInstance(); + String ssoid = ssomanager.getSSOSessionID(req); + + Object tokkenObj = req.getParameter(PARAM_SLOSTATUS); + String tokken = null; + String status = null; + if (tokkenObj != null && tokkenObj instanceof String) { + tokken = (String) tokkenObj; + try { + status = AssertionStorage.getInstance().get(tokken, String.class); + if (MiscUtil.isNotEmpty(status)) { + AssertionStorage.getInstance().remove(tokken); + + } + VelocityContext context = new VelocityContext(); + if (SLOSTATUS_SUCCESS.equals(status)) + context.put("successMsg", + MOAIDMessageProvider.getInstance().getMessage("slo.00", null)); + else + context.put("errorMsg", + MOAIDMessageProvider.getInstance().getMessage("slo.01", null)); + + ssomanager.printSingleLogOutInfo(context, resp); + + } catch (MOAIDException e) { + handleErrorNoRedirect(e.getMessage(), e, req, resp); + + } catch (MOADatabaseException e) { + handleErrorNoRedirect(e.getMessage(), e, req, resp); + + } + + } + + if (MiscUtil.isNotEmpty(status)) { + //print status information + + + } else if (MiscUtil.isNotEmpty(ssoid)) { + if (ssomanager.isValidSSOSession(ssoid, null)) { + + AuthenticationManager authmanager = AuthenticationManager.getInstance(); + String moaSessionID = AuthenticationSessionStoreage.getMOASessionSSOID(ssoid); + + if (MiscUtil.isNotEmpty(moaSessionID)) { + AuthenticationSession authSession; + try { + authSession = AuthenticationSessionStoreage + .getSession(moaSessionID); + if(authSession != null) { + authmanager.performSingleLogOut(req, resp, authSession, null); + + } + + } catch (MOADatabaseException e) { + //TODO: insert error Handling + + } catch (MOAIDException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + } + } + } + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java index 9b300578a..d7de985a4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java @@ -109,7 +109,7 @@ public class LogOutServlet extends AuthServlet { RequestStorage.removePendingRequest(AuthenticationSessionStoreage.getPendingRequestID(moasessionid)); - authmanager.logout(req, resp, moasessionid); + authmanager.performOnlyIDPLogOut(req, resp, moasessionid); Logger.info("User with SSO Id " + ssoid + " is logged out and get redirect to "+ redirectUrl); } else { Logger.info("No active SSO session found. User is maybe logout already and get redirect to "+ redirectUrl); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java index 57755ca9f..6e1811c8b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java @@ -46,6 +46,8 @@ public class RedirectServlet extends AuthServlet{ public static final String REDIRCT_PARAM_URL = "redirecturl"; + private static final String DEFAULT_REDIRECTTARGET = "_parent"; + protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { @@ -55,16 +57,10 @@ public class RedirectServlet extends AuthServlet{ String target = req.getParameter(PARAM_TARGET); String artifact = req.getParameter(PARAM_SAMLARTIFACT); String interIDP = req.getParameter(INTERFEDERATION_IDP); - - if (MiscUtil.isEmpty(artifact) && MiscUtil.isEmpty(interIDP)) { - resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Parameters not valid"); - return; - } - Logger.debug("Check URL against online-applications"); OnlineApplication oa = null; - String redirectTarget = "_parent"; + String redirectTarget = DEFAULT_REDIRECTTARGET; try { oa = ConfigurationDBRead.getActiveOnlineApplication(url); if (oa == null) { @@ -118,10 +114,16 @@ public class RedirectServlet extends AuthServlet{ resp.addHeader("Location", url); - } else { - resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Parameters not valid"); - return; + } else { + Logger.debug("Redirect to " + url); + String redirect_form = RedirectFormBuilder.buildLoginForm(url, DEFAULT_REDIRECTTARGET); + resp.setContentType("text/html;charset=UTF-8"); + resp.setStatus(HttpServletResponse.SC_OK); + PrintWriter out = new PrintWriter(resp.getOutputStream()); + out.write(redirect_form); + out.flush(); + } } |