add Interfederation to redirect servlet

author: Thomas Lenz <tlenz@iaik.tugraz.at> 2014-05-08 14:39:32 +0200
committer: Thomas Lenz <tlenz@iaik.tugraz.at> 2014-05-08 14:39:32 +0200
commit: f1fc72bdc42766c8195be1c150cf165685dc3abb (patch)
tree: ab6c9e4e76e1b79ca595e9956f1b29ef13dc8524 /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
parent: 49e202080467e3da1b43505ace711001b6c18c4b (diff)
download: moa-id-spss-f1fc72bdc42766c8195be1c150cf165685dc3abb.tar.gz
moa-id-spss-f1fc72bdc42766c8195be1c150cf165685dc3abb.tar.bz2
moa-id-spss-f1fc72bdc42766c8195be1c150cf165685dc3abb.zip
1 files changed, 87 insertions, 39 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
index c2e6cd273..c2b9bab52 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
@@ -31,6 +31,7 @@ import javax.servlet.http.HttpServletResponse;
 import org.hibernate.Query;
 import org.hibernate.Session;
 
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
 import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
@@ -47,9 +48,12 @@ import at.gv.egovernment.moa.util.MiscUtil;
 public class SSOManager {
 	
 	private static final String SSOCOOKIE = "MOA_ID_SSO";
+	private static final String SSOINTERFEDERATION = "MOA_INTERFEDERATION_SSO";
 	
 	private static final int DEFAULTSSOTIMEOUT = 15 * 60; // sec
 	
+	private static final int INTERFEDERATIONCOOKIEMAXAGE = 5 * 60;// sec
+	
 	private static SSOManager instance = null;
 	private static int sso_timeout;
 	
@@ -71,6 +75,45 @@ public class SSOManager {
 		return instance;
 	}
 	
+	public void checkInterfederationIsRequested(HttpServletRequest httpReq, HttpServletResponse httpResp,
+			IRequest protocolRequest) {
+		String interIDP = httpReq.getParameter(MOAIDAuthConstants.INTERFEDERATION_IDP);
+
+		if (MiscUtil.isNotEmpty(protocolRequest.getRequestedIDP())) {
+			Logger.info("Protocolspecific preprocessing already set interfederation IDP " + protocolRequest.getRequestedIDP());
+			
+		}
+		
+		if (protocolRequest instanceof RequestImpl) {						
+			//check if IDP is requested									
+			RequestImpl moaReq = (RequestImpl) protocolRequest;
+			if (MiscUtil.isNotEmpty(interIDP)) {
+				Logger.info("Receive SSO request for interfederation IDP " + interIDP);
+				moaReq.setRequestedIDP(interIDP);
+				
+			} else {
+				//check if IDP cookie is set
+				String cookie = getValueFromCookie(httpReq, SSOINTERFEDERATION);
+				if (MiscUtil.isNotEmpty(cookie)) {
+					Logger.info("Receive SSO request for interfederation IDP from Cookie " + cookie);
+					moaReq.setRequestedIDP(cookie);
+				
+					deleteCookie(httpReq, httpResp, SSOINTERFEDERATION);									
+				}				
+			}
+						
+		} else {
+			Logger.warn("Request is not of type RequestImpl");
+			
+		}		
+	}
+	
+	public void setInterfederationIDPCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, String value) {
+		setCookie(httpReq, httpResp, SSOINTERFEDERATION, value, INTERFEDERATIONCOOKIEMAXAGE);
+		
+	}
+	
+	
 	public boolean isValidSSOSession(String ssoSessionID, IRequest protocolRequest) {
 		
 		// search SSO Session
@@ -113,7 +156,8 @@ public class SSOManager {
 	}
 	
 	public String getMOASession(String ssoSessionID) {
-		return AuthenticationSessionStoreage.getMOASessionID(ssoSessionID);
+		return AuthenticationSessionStoreage.getMOASessionSSOID(ssoSessionID);
+		
 	}
 	
 	public String existsOldSSOSession(String ssoId) {
@@ -171,49 +215,21 @@ public class SSOManager {
 		return newSSOId;
 		
 	}
-	
+
 	public void setSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp, String ssoId) {
-		Cookie[] cookies = httpReq.getCookies();
+		setCookie(httpReq, httpResp, SSOCOOKIE, ssoId, sso_timeout);
 		
-		if (cookies != null) {
-			deleteSSOSessionID(httpReq, httpResp);
-		}
-		
-		Cookie cookie = new Cookie(SSOCOOKIE, ssoId);
-		cookie.setMaxAge(sso_timeout);
-		cookie.setSecure(true);
-		cookie.setPath(httpReq.getContextPath());
-		httpResp.addCookie(cookie);
 	}
-	
+		
 	public String getSSOSessionID(HttpServletRequest httpReq) {
-		Cookie[] cookies = httpReq.getCookies();
+		return getValueFromCookie(httpReq, SSOCOOKIE);
 		
-		if (cookies != null) {
-			for (Cookie cookie : cookies) {
-				
-				// funktioniert nicht, da Cookie seltsamerweise immer unsecure übertragen wird
-				// (firefox)
-				// if (cookie.getName().equals(SSOCOOKIE) && cookie.getSecure()) {
-				
-				if (cookie.getName().equals(SSOCOOKIE)) {
-					return cookie.getValue();
-				}
-			}
-		}
-		return null;
 	}
-	
-	public void deleteSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp) {
-		Cookie[] cookies = httpReq.getCookies();
 		
-		if (cookies != null) {
-			for (Cookie cookie : cookies) {
-				if (!cookie.getName().equals(SSOCOOKIE)) httpResp.addCookie(cookie);
-			}
-		}
+	public void deleteSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp) {
+		deleteCookie(httpReq, httpResp, SSOCOOKIE);
 	}
-
+	
 	/**
 	 * @param entityID
 	 * @param request
@@ -242,9 +258,6 @@ public class SSOManager {
 				Logger.warn("MOASession is marked as interfederated SSO session but no interfederated IDP is found. Switch to local authentication ...");
 				
 			}
-
-			
-			
 			
 			return true;
 			
@@ -252,5 +265,40 @@ public class SSOManager {
 			return false;
 		
 	}
+	
+	private String getValueFromCookie(HttpServletRequest httpReq, String cookieName) {
+		Cookie[] cookies = httpReq.getCookies();
+		
+		if (cookies != null) {
+			for (Cookie cookie : cookies) {
+				
+				// funktioniert nicht, da Cookie seltsamerweise immer unsecure übertragen wird
+				// (firefox)
+				// if (cookie.getName().equals(SSOCOOKIE) && cookie.getSecure()) {
+				
+				if (cookie.getName().equals(cookieName)) {
+					return cookie.getValue();
+				}
+			}
+		}
+		return null;
+	}
+	
+	private void setCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, 
+			String cookieName, String cookieValue, int maxAge) {
+		
+		Cookie cookie = new Cookie(cookieName, cookieValue);
+		cookie.setMaxAge(maxAge);
+		cookie.setSecure(true);
+		
+		//TODO: could be a problem if the IDP is accessible from different contextPaths or Domains
+		cookie.setPath(httpReq.getContextPath());
+		
+		httpResp.addCookie(cookie);
+	}
+	
+	private void deleteCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, String cookieName) {
+		setCookie(httpReq, httpResp, cookieName, "", 1);
+	}
 
 }
author	Thomas Lenz <tlenz@iaik.tugraz.at>	2014-05-08 14:39:32 +0200
committer	Thomas Lenz <tlenz@iaik.tugraz.at>	2014-05-08 14:39:32 +0200
commit	f1fc72bdc42766c8195be1c150cf165685dc3abb (patch)
tree	ab6c9e4e76e1b79ca595e9956f1b29ef13dc8524 /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
parent	49e202080467e3da1b43505ace711001b6c18c4b (diff)
download	moa-id-spss-f1fc72bdc42766c8195be1c150cf165685dc3abb.tar.gz moa-id-spss-f1fc72bdc42766c8195be1c150cf165685dc3abb.tar.bz2 moa-id-spss-f1fc72bdc42766c8195be1c150cf165685dc3abb.zip