diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2013-07-24 17:13:31 +0200 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2013-07-24 17:13:31 +0200 |
commit | cfb70f755c45a2cad582e8030b1542add9949efb (patch) | |
tree | 039123854ab630f81dd2387d0f7636056e9e304a /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java | |
parent | 71da4a9bc7e2ff79b2fb4cf8903d15fd75372859 (diff) | |
download | moa-id-spss-cfb70f755c45a2cad582e8030b1542add9949efb.tar.gz moa-id-spss-cfb70f755c45a2cad582e8030b1542add9949efb.tar.bz2 moa-id-spss-cfb70f755c45a2cad582e8030b1542add9949efb.zip |
- SSO finalized
- SSO Session is not closed if a new single authentication operation is started
- PVP2 Configuration from Database (but without Metadata) --> TODO: change MetaDataProvider
- Add additional UserFrame in case of SSO
- MOASession encryption
TODO: MetaDataProvider, IdentityLink resign, SSO with Mandates, Legacy Template generation
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java | 79 |
1 files changed, 56 insertions, 23 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index 22f4a00ad..e995a1c2e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -32,6 +32,7 @@ import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.storage.ExceptionStoreImpl; import at.gv.egovernment.moa.id.util.HTTPSessionUtils; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.id.util.legacy.LegacyHelper; import at.gv.egovernment.moa.logging.Logger; public class DispatcherServlet extends AuthServlet{ @@ -80,6 +81,10 @@ public class DispatcherServlet extends AuthServlet{ IRequest errorRequest = RequestStorage .getPendingRequest(req.getSession()); + + //remove the + RequestStorage.removePendingRequest(req.getSession()); + if (errorRequest != null) { try { IModulInfo handlingModule = ModulStorage @@ -204,7 +209,7 @@ public class DispatcherServlet extends AuthServlet{ .getOnlineApplicationParameter(protocolRequest.getOAURL()); if (oaParam == null) { //TODO: Find a better place for this!! - req.getSession().invalidate(); + //req.getSession().invalidate(); throw new AuthenticationException("auth.00", new Object[] { protocolRequest.getOAURL() }); } @@ -235,31 +240,32 @@ public class DispatcherServlet extends AuthServlet{ isValidSSOSession = ssomanager.isValidSSOSession(ssoId, req); useSSOOA = oaParam.useSSO(); + //if a legacy request is used SSO should not be allowed, actually + boolean isUseMandateRequested = LegacyHelper.isUseMandateRequested(req); + if (protocolRequest.isPassiv() && protocolRequest.forceAuth()) { // conflict! throw new NoPassivAuthenticationException(); } - - if (protocolRequest.forceAuth()) { - if (!authmanager.tryPerformAuthentication( - req, resp)) { + + boolean tryperform = authmanager.tryPerformAuthentication( + req, resp); + + if (protocolRequest.forceAuth()) { + if (!tryperform) { authmanager.doAuthentication(req, resp, protocolRequest); return; } } else if (protocolRequest.isPassiv()) { - if (authmanager.tryPerformAuthentication(req, - resp) - || (isValidSSOSession && useSSOOA) ) { + if (tryperform || (isValidSSOSession && useSSOOA && !isUseMandateRequested) ) { // Passive authentication ok! } else { throw new NoPassivAuthenticationException(); } } else { - if (authmanager.tryPerformAuthentication(req, - resp) - || (isValidSSOSession && useSSOOA) ) { + if (tryperform || (isValidSSOSession && useSSOOA && !isUseMandateRequested) ) { // Is authenticated .. proceed } else { // Start authentication! @@ -268,21 +274,32 @@ public class DispatcherServlet extends AuthServlet{ return; } } + } - - moduleAction.processRequest(protocolRequest, req, resp); - RequestStorage.removePendingRequest(httpSession); + String moasessionID = null; + AuthenticationSession moasession = null; - String moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(), - AuthenticationManager.MOA_SESSION, null); - - AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moasessionID); - - if ((useSSOOA || isValidSSOSession) - && moasession.isSsoRequested() - && !moasession.getUseMandate()) //TODO: SSO with mandates requires an OVS extension + if ((useSSOOA || isValidSSOSession)) //TODO: SSO with mandates requires an OVS extension { + + //TODO SSO Question!!!! + if (useSSOOA && isValidSSOSession) { + + moasessionID = ssomanager.getMOASession(ssoId); + moasession = AuthenticationSessionStoreage.getSession(moasessionID); + + //use new OAParameter + if (!oaParam.useSSOWithoutQuestion() && !AuthenticationSessionStoreage.isAuthenticated(moasessionID)) { + authmanager.sendTransmitAssertionQuestion(req, resp, protocolRequest, oaParam); + return; + } + } + else { + moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(), + AuthenticationManager.MOA_SESSION, null); + moasession = AuthenticationSessionStoreage.getSession(moasessionID); + } //save SSO session usage in Database String newSSOSessionId = ssomanager.storeSSOSessionInformations(moasessionID, protocolRequest.getOAURL()); @@ -295,7 +312,23 @@ public class DispatcherServlet extends AuthServlet{ } } else { - authmanager.logout(req, resp); + moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(), + AuthenticationManager.MOA_SESSION, null); + moasession = AuthenticationSessionStoreage.getSession(moasessionID); + } + + moduleAction.processRequest(protocolRequest, req, resp, moasession); + + RequestStorage.removePendingRequest(httpSession); + + boolean isSSOSession = AuthenticationSessionStoreage.isSSOSession(moasessionID); + + if ((useSSOOA || isSSOSession) //TODO: SSO with mandates requires an OVS extension + && !moasession.getUseMandate()) + { + + } else { + authmanager.logout(req, resp, moasessionID); } ConfigurationDBUtils.closeSession(); |