diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2014-05-08 14:39:32 +0200 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2014-05-08 14:39:32 +0200 |
commit | f1fc72bdc42766c8195be1c150cf165685dc3abb (patch) | |
tree | ab6c9e4e76e1b79ca595e9956f1b29ef13dc8524 /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java | |
parent | 49e202080467e3da1b43505ace711001b6c18c4b (diff) | |
download | moa-id-spss-f1fc72bdc42766c8195be1c150cf165685dc3abb.tar.gz moa-id-spss-f1fc72bdc42766c8195be1c150cf165685dc3abb.tar.bz2 moa-id-spss-f1fc72bdc42766c8195be1c150cf165685dc3abb.zip |
add Interfederation to redirect servlet
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java | 126 |
1 files changed, 87 insertions, 39 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java index c2e6cd273..c2b9bab52 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java @@ -31,6 +31,7 @@ import javax.servlet.http.HttpServletResponse; import org.hibernate.Query; import org.hibernate.Session; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; @@ -47,9 +48,12 @@ import at.gv.egovernment.moa.util.MiscUtil; public class SSOManager { private static final String SSOCOOKIE = "MOA_ID_SSO"; + private static final String SSOINTERFEDERATION = "MOA_INTERFEDERATION_SSO"; private static final int DEFAULTSSOTIMEOUT = 15 * 60; // sec + private static final int INTERFEDERATIONCOOKIEMAXAGE = 5 * 60;// sec + private static SSOManager instance = null; private static int sso_timeout; @@ -71,6 +75,45 @@ public class SSOManager { return instance; } + public void checkInterfederationIsRequested(HttpServletRequest httpReq, HttpServletResponse httpResp, + IRequest protocolRequest) { + String interIDP = httpReq.getParameter(MOAIDAuthConstants.INTERFEDERATION_IDP); + + if (MiscUtil.isNotEmpty(protocolRequest.getRequestedIDP())) { + Logger.info("Protocolspecific preprocessing already set interfederation IDP " + protocolRequest.getRequestedIDP()); + + } + + if (protocolRequest instanceof RequestImpl) { + //check if IDP is requested + RequestImpl moaReq = (RequestImpl) protocolRequest; + if (MiscUtil.isNotEmpty(interIDP)) { + Logger.info("Receive SSO request for interfederation IDP " + interIDP); + moaReq.setRequestedIDP(interIDP); + + } else { + //check if IDP cookie is set + String cookie = getValueFromCookie(httpReq, SSOINTERFEDERATION); + if (MiscUtil.isNotEmpty(cookie)) { + Logger.info("Receive SSO request for interfederation IDP from Cookie " + cookie); + moaReq.setRequestedIDP(cookie); + + deleteCookie(httpReq, httpResp, SSOINTERFEDERATION); + } + } + + } else { + Logger.warn("Request is not of type RequestImpl"); + + } + } + + public void setInterfederationIDPCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, String value) { + setCookie(httpReq, httpResp, SSOINTERFEDERATION, value, INTERFEDERATIONCOOKIEMAXAGE); + + } + + public boolean isValidSSOSession(String ssoSessionID, IRequest protocolRequest) { // search SSO Session @@ -113,7 +156,8 @@ public class SSOManager { } public String getMOASession(String ssoSessionID) { - return AuthenticationSessionStoreage.getMOASessionID(ssoSessionID); + return AuthenticationSessionStoreage.getMOASessionSSOID(ssoSessionID); + } public String existsOldSSOSession(String ssoId) { @@ -171,49 +215,21 @@ public class SSOManager { return newSSOId; } - + public void setSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp, String ssoId) { - Cookie[] cookies = httpReq.getCookies(); + setCookie(httpReq, httpResp, SSOCOOKIE, ssoId, sso_timeout); - if (cookies != null) { - deleteSSOSessionID(httpReq, httpResp); - } - - Cookie cookie = new Cookie(SSOCOOKIE, ssoId); - cookie.setMaxAge(sso_timeout); - cookie.setSecure(true); - cookie.setPath(httpReq.getContextPath()); - httpResp.addCookie(cookie); } - + public String getSSOSessionID(HttpServletRequest httpReq) { - Cookie[] cookies = httpReq.getCookies(); + return getValueFromCookie(httpReq, SSOCOOKIE); - if (cookies != null) { - for (Cookie cookie : cookies) { - - // funktioniert nicht, da Cookie seltsamerweise immer unsecure übertragen wird - // (firefox) - // if (cookie.getName().equals(SSOCOOKIE) && cookie.getSecure()) { - - if (cookie.getName().equals(SSOCOOKIE)) { - return cookie.getValue(); - } - } - } - return null; } - - public void deleteSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp) { - Cookie[] cookies = httpReq.getCookies(); - if (cookies != null) { - for (Cookie cookie : cookies) { - if (!cookie.getName().equals(SSOCOOKIE)) httpResp.addCookie(cookie); - } - } + public void deleteSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp) { + deleteCookie(httpReq, httpResp, SSOCOOKIE); } - + /** * @param entityID * @param request @@ -242,9 +258,6 @@ public class SSOManager { Logger.warn("MOASession is marked as interfederated SSO session but no interfederated IDP is found. Switch to local authentication ..."); } - - - return true; @@ -252,5 +265,40 @@ public class SSOManager { return false; } + + private String getValueFromCookie(HttpServletRequest httpReq, String cookieName) { + Cookie[] cookies = httpReq.getCookies(); + + if (cookies != null) { + for (Cookie cookie : cookies) { + + // funktioniert nicht, da Cookie seltsamerweise immer unsecure übertragen wird + // (firefox) + // if (cookie.getName().equals(SSOCOOKIE) && cookie.getSecure()) { + + if (cookie.getName().equals(cookieName)) { + return cookie.getValue(); + } + } + } + return null; + } + + private void setCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, + String cookieName, String cookieValue, int maxAge) { + + Cookie cookie = new Cookie(cookieName, cookieValue); + cookie.setMaxAge(maxAge); + cookie.setSecure(true); + + //TODO: could be a problem if the IDP is accessible from different contextPaths or Domains + cookie.setPath(httpReq.getContextPath()); + + httpResp.addCookie(cookie); + } + + private void deleteCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, String cookieName) { + setCookie(httpReq, httpResp, cookieName, "", 1); + } } |