BKU Auswahl in Kontext von MOA-ID für standardkonforme Variante

1 files changed, 163 insertions, 20 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 21e431bf8..5e792ab78 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -1,28 +1,57 @@
 package at.gv.egovernment.moa.id.moduls;
 
 import java.io.IOException;
+import java.io.PrintWriter;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
 
+import javax.servlet.RequestDispatcher;
+import javax.servlet.ServletContext;
 import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
+import at.gv.egovernment.moa.id.AuthenticationException;
 import at.gv.egovernment.moa.id.MOAIDException;
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder;
+import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser;
+import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
 import at.gv.egovernment.moa.id.util.HTTPSessionUtils;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.StringUtils;
 
-public class AuthenticationManager implements MOAIDAuthConstants {
+public class AuthenticationManager extends AuthServlet {
 
+	private static AuthenticationManager instance = null;
+	
+	private static final long serialVersionUID = 1L;
+	
 	public static final String MOA_SESSION = "MoaAuthenticationSession";
 	public static final String MOA_AUTHENTICATED = "MoaAuthenticated";
 
-	public static AuthenticationSession getAuthenticationSession(
+	
+	public static AuthenticationManager getInstance() {
+		if (instance == null) {
+			instance = new AuthenticationManager();
+		}
+		
+		return instance;
+	}
+	
+	
+	public AuthenticationSession getAuthenticationSession(
 			HttpSession session) {
 		String sessionID = HTTPSessionUtils.getHTTPSessionString(session,
 				MOA_SESSION, null);
@@ -44,7 +73,7 @@ public class AuthenticationManager implements MOAIDAuthConstants {
 	 * @param response
 	 * @return
 	 */
-	public static boolean isAuthenticated(HttpServletRequest request,
+	public boolean isAuthenticated(HttpServletRequest request,
 			HttpServletResponse response) {
 		Logger.info("Checking authentication");
 
@@ -84,7 +113,7 @@ public class AuthenticationManager implements MOAIDAuthConstants {
 	 * @param response
 	 * @return
 	 */
-	public static boolean tryPerformAuthentication(HttpServletRequest request,
+	public boolean tryPerformAuthentication(HttpServletRequest request,
 			HttpServletResponse response) {
 		
 		HttpSession session = request.getSession();
@@ -116,7 +145,7 @@ public class AuthenticationManager implements MOAIDAuthConstants {
 		return false;
 	}
 	
-	public static void logout(HttpServletRequest request,
+	public void logout(HttpServletRequest request,
 			HttpServletResponse response) {
 		Logger.info("Logout");
 
@@ -146,8 +175,7 @@ public class AuthenticationManager implements MOAIDAuthConstants {
 			authSession.setAuthenticated(false);
 			HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session
 			
-			//TODO: delete session from Database!!!
-			//AuthenticationSessionStoreage.destroySession(moaSessionID);
+			AuthenticationSessionStoreage.destroySession(moaSessionID);
 			
 			session.invalidate();
 		
@@ -158,10 +186,9 @@ public class AuthenticationManager implements MOAIDAuthConstants {
 
 	}
 
-	public static void doAuthentication(HttpServletRequest request,
+	public void doAuthentication(HttpServletRequest request,
 			HttpServletResponse response, IRequest target)
 			throws ServletException, IOException, MOAIDException {
-		HttpSession session = request.getSession();
 		Logger.info("Starting authentication ...");
 
 		if (!ParamValidatorUtils.isValidOA(target.getOAURL()))
@@ -173,18 +200,134 @@ public class AuthenticationManager implements MOAIDAuthConstants {
 					"auth.12");
 		}
 
-		// TODO: Build authentication form
+		setNoCachingHeadersInHttpRespone(request, response);
+		
+		//TODO:move this to config!!!
+		final List<String> PROTOCOLS_LEGACY_ALLOWED = Arrays.asList("id_saml1","id_pvp2x");
+
+		//is legacy allowed
+		boolean legacyallowed = PROTOCOLS_LEGACY_ALLOWED.contains(target.requestedModule());
 
-		/*
-		 * String loginForm = LoginFormBuilder.buildLoginForm(target.getOAURL(),
-		 * modul, protocol);
-		 * 
-		 * response.setContentType("text/html;charset=UTF-8"); PrintWriter out =
-		 * new PrintWriter(response.getOutputStream()); out.print(loginForm);
-		 * out.flush(); return;
-		 */
+		//check legacy request parameter 
+		boolean legacyparamavail = ParamValidatorUtils.areAllLegacyParametersAvailable(request);
+		
+		AuthenticationSession moasession;
+		
+		if (legacyallowed && legacyparamavail) {
+			
+			//check if an MOASession exists and if not create an new MOASession
+			moasession = getORCreateMOASession(request);
+			
+			//parse request parameter into MOASession
+			try{
+				StartAuthentificationParameterParser.parse(request, response, moasession);
+				
+			}
+	    	catch (WrongParametersException ex) {
+	            handleWrongParameters(ex, request, response);
+	          }
+	          
+	      	catch (MOAIDException ex) {
+	      			handleError(null, ex, request, response);
+	      	}
+						
+		    Logger.info("Start Authentication Module: " + moasession.getModul() 
+		    		+ " Action: " + moasession.getAction());
+			
+			//start authentication process
+//			session.getServletContext().getNamedDispatcher("StartAuthentication")
+//				.forward(request, response);
+		    
+		    StartAuthenticationBuilder startauth = StartAuthenticationBuilder.getInstance();
+			
+		    String getIdentityLinkForm = startauth.build(moasession, request, response);
+			
+			//store MOASession
+			try {
+				AuthenticationSessionStoreage.storeSession(moasession);				
+			} catch (MOADatabaseException e) {
+				Logger.error("Database Error! MOASession is not stored!");
+				throw new MOAIDException("init.04", new Object[] {
+						moasession.getSessionID()});
+			}
+		    
+		    if (!StringUtils.isEmpty(getIdentityLinkForm)) {
+		    	response.setContentType("text/html;charset=UTF-8");
+		    	PrintWriter out = new PrintWriter(response.getOutputStream());
+		    	out.print(getIdentityLinkForm);
+		    	out.flush();
+		    	Logger.debug("Finished GET StartAuthentication");
+		    }
+			
+		} else {
+			//load Parameters from OnlineApplicationConfiguration
+			OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
+					.getOnlineApplicationParameter(target.getOAURL());
+			
+			if (oaParam == null) {
+				//TODO: Find a better place for this!!
+				request.getSession().invalidate();
+				throw new AuthenticationException("auth.00", new Object[] { target.getOAURL() });
+			}
+				
+			
+			else {
+				
+				//check if an MOASession exists and if not create an new MOASession
+				moasession = getORCreateMOASession(request);
 
-		session.getServletContext().getNamedDispatcher("StartAuthentication")
-				.forward(request, response);
+				//set OnlineApplication configuration in Session
+				moasession.setOAURLRequested(target.getOAURL());
+				moasession.setAction(target.requestedAction());
+				moasession.setModul(target.requestedModule());
+			}
+						
+			//Build authentication form
+			String loginForm = LoginFormBuilder.buildLoginForm(target.requestedModule(), 
+					target.requestedAction(), oaParam.getFriendlyName());
+			
+			//store MOASession
+			try {
+				AuthenticationSessionStoreage.storeSession(moasession);				
+			} catch (MOADatabaseException e) {
+				Logger.error("Database Error! MOASession is not stored!");
+				throw new MOAIDException("init.04", new Object[] {
+						moasession.getSessionID()});
+			}
+			
+			//set MOAIDSession
+			request.getSession().setAttribute(MOA_SESSION, moasession.getSessionID());
+			
+			response.setContentType("text/html;charset=UTF-8");
+			PrintWriter out = new PrintWriter(response.getOutputStream()); 
+			out.print(loginForm);
+			out.flush(); 
+		}
 	}
+	
+	private AuthenticationSession getORCreateMOASession(HttpServletRequest request) throws MOAIDException {
+		
+		//String sessionID = request.getParameter(PARAM_SESSIONID); 
+		String sessionID = (String) request.getSession().getAttribute(MOA_SESSION);
+		AuthenticationSession moasession;
+		
+		try {
+			moasession = AuthenticationSessionStoreage.getSession(sessionID);
+			Logger.info("Found existing MOASession with sessionID=" + sessionID 
+					+ ". This session is used for reauthentification.");
+			
+		} catch (MOADatabaseException e) {
+			try {
+				moasession = AuthenticationSessionStoreage.createSession();
+				Logger.info("Create a new MOASession with sessionID=" + sessionID + ".");
+				
+			} catch (MOADatabaseException e1) {
+				Logger.error("Database Error! MOASession are not created.");
+				throw new MOAIDException("init.04", new Object[] {
+						"0"});
+			}
+		}
+		
+		return moasession;
+	}	
 }