diff options
| author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2018-06-14 13:55:39 +0200 |
|---|---|---|
| committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2018-06-14 13:55:39 +0200 |
| commit | 3b26a365d832d4b0664777d2c348606247022564 (patch) | |
| tree | ce9d87c9144d75afad3be5fe4af503f7c4d78b4f /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls | |
| parent | 2a073c6727d704271e17d9b682be28410f23aae7 (diff) | |
| download | moa-id-spss-3b26a365d832d4b0664777d2c348606247022564.tar.gz moa-id-spss-3b26a365d832d4b0664777d2c348606247022564.tar.bz2 moa-id-spss-3b26a365d832d4b0664777d2c348606247022564.zip | |
some more stuff
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls')
2 files changed, 57 insertions, 280 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index 2e1af43e4..c05a271f6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -22,12 +22,8 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.moduls; -import java.util.ArrayList; -import java.util.Collection; import java.util.Enumeration; -import java.util.Iterator; import java.util.List; -import java.util.Map.Entry; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -35,46 +31,31 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils; import org.apache.commons.lang3.StringUtils; import org.opensaml.saml2.core.LogoutRequest; -import org.opensaml.saml2.core.LogoutResponse; -import org.opensaml.saml2.core.StatusCode; -import org.opensaml.saml2.metadata.SingleLogoutService; -import org.opensaml.ws.soap.common.SOAPException; -import org.opensaml.xml.XMLObject; -import org.opensaml.xml.security.SecurityException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.api.idp.slo.ISLOInformationContainer; import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; import at.gv.egiz.eaaf.core.exceptions.EAAFException; -import at.gv.egiz.eaaf.core.exceptions.GUIBuildException; -import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; import at.gv.egiz.eaaf.core.impl.idp.auth.AbstractAuthenticationManager; import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions; -import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; -import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; import at.gv.egovernment.moa.id.data.SLOInformationContainer; -import at.gv.egovernment.moa.id.data.SLOInformationImpl; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP; -import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; @@ -92,7 +73,7 @@ public class AuthenticationManager extends AbstractAuthenticationManager { public static final String MOA_SESSION = "MoaAuthenticationSession"; public static final String MOA_AUTHENTICATED = "MoaAuthenticated"; - public static final int SLOTIMEOUT = 30 * 1000; //30 sec + @Autowired private ITransactionStorage transactionStorage; @@ -105,87 +86,33 @@ public class AuthenticationManager extends AbstractAuthenticationManager { @Override - public void performSingleLogOut(HttpServletRequest httpReq, HttpServletResponse httpResp, IRequest pendingReq) - throws EAAFException { - // TODO Auto-generated method stub - - } - - @Override - public void performSingleLogOut(HttpServletRequest httpReq, HttpServletResponse httpResp, IRequest pendingReq, String arg3) + public ISLOInformationContainer performSingleLogOut(HttpServletRequest httpReq, HttpServletResponse httpResp, IRequest pendingReq, String internalSSOId) throws EAAFException { - // TODO Auto-generated method stub - - } - - - - public void performSingleLogOut(HttpServletRequest httpReq, - HttpServletResponse httpResp, IAuthenticationSession session, PVPTargetConfiguration pvpReq) throws MOAIDException { - performSingleLogOut(httpReq, httpResp, session, pvpReq, null); - - } - - public void performSingleLogOut(HttpServletRequest httpReq, - HttpServletResponse httpResp, IAuthenticationSession session, String authURL) throws MOAIDException { - performSingleLogOut(httpReq, httpResp, session, null, authURL); - - } - - - public void performOnlyIDPLogOut(HttpServletRequest request, - HttpServletResponse response, String internalMOASsoSessionID) { - Logger.info("Remove active user-session"); - - if(internalMOASsoSessionID == null) { - internalMOASsoSessionID = StringEscapeUtils.escapeHtml((String) request.getParameter(PARAM_SESSIONID)); - } - - if(internalMOASsoSessionID == null) { - Logger.info("NO MOA Session to logout"); - return; - } - - AuthenticationSession authSession; - try { - authSession = authenticatedSessionStore.getInternalSSOSession(internalMOASsoSessionID); - - if(authSession == null) { - Logger.info("NO MOA Authentication data for ID " + internalMOASsoSessionID); - return; - } - - performOnlyIDPLogOut(authSession); - - } catch (MOADatabaseException e) { - Logger.info("NO MOA Authentication data for ID " + internalMOASsoSessionID); - return; - } - - } - - - private void performSingleLogOut(HttpServletRequest httpReq, - HttpServletResponse httpResp, IAuthenticationSession session, PVPTargetConfiguration pvpReq, String authURL) throws MOAIDException { String pvpSLOIssuer = null; - String inboundRelayState = null; String uniqueSessionIdentifier = "notSet"; String uniqueTransactionIdentifier = "notSet"; - + PVPTargetConfiguration pvpReq = null; Logger.debug("Start technical Single LogOut process ... "); - if (pvpReq != null) { - MOARequest samlReq = (MOARequest) pvpReq.getRequest(); - LogoutRequest logOutReq = (LogoutRequest) samlReq.getSamlRequest(); - pvpSLOIssuer = logOutReq.getIssuer().getValue(); - inboundRelayState = samlReq.getRelayState(); - uniqueSessionIdentifier = pvpReq.getUniqueSessionIdentifier(); - uniqueTransactionIdentifier = pvpReq.getUniqueTransactionIdentifier(); + + if (pendingReq != null) { + uniqueSessionIdentifier = pendingReq.getUniqueSessionIdentifier(); + uniqueTransactionIdentifier = pendingReq.getUniqueTransactionIdentifier(); + + if (pendingReq instanceof PVPTargetConfiguration) { + pvpReq = ((PVPTargetConfiguration)pendingReq); + MOARequest samlReq = (MOARequest) pvpReq.getRequest(); + LogoutRequest logOutReq = (LogoutRequest) samlReq.getSamlRequest(); + pvpSLOIssuer = logOutReq.getIssuer().getValue(); + } + if (MiscUtil.isEmpty(internalSSOId)) + internalSSOId = pendingReq.getSSOSessionIdentifier(); + } else { AuthenticationSessionExtensions sessionExt; try { - sessionExt = authenticatedSessionStore.getAuthenticationSessionExtensions(session.getSessionID()); + sessionExt = authenticatedSessionStore.getAuthenticationSessionExtensions(internalSSOId); if (sessionExt != null) uniqueSessionIdentifier = sessionExt.getUniqueSessionId(); @@ -199,8 +126,8 @@ public class AuthenticationManager extends AbstractAuthenticationManager { } //store active OAs to SLOContaine - List<OASessionStore> dbOAs = authenticatedSessionStore.getAllActiveOAFromMOASession(session); - List<InterfederationSessionStore> dbIDPs = authenticatedSessionStore.getAllActiveIDPsFromMOASession(session); + List<OASessionStore> dbOAs = authenticatedSessionStore.getAllActiveOAFromMOASession(internalSSOId); + List<InterfederationSessionStore> dbIDPs = authenticatedSessionStore.getAllActiveIDPsFromMOASession(internalSSOId); SLOInformationContainer sloContainer = new SLOInformationContainer(); sloContainer.setTransactionID(uniqueTransactionIdentifier); sloContainer.setSessionID(uniqueSessionIdentifier); @@ -213,13 +140,13 @@ public class AuthenticationManager extends AbstractAuthenticationManager { + " BackChannel:" + sloContainer.getActiveBackChannelOAs().size() + " FrontChannel:" + sloContainer.getActiveFrontChannalOAs().size() + " NO_SLO_Support:" + sloContainer.getSloFailedOAs().size()); - + + //terminate MOASession try { - authenticatedSessionStore.destroyInternalSSOSession(session.getSessionID()); - ssoManager.deleteSSOSessionID(httpReq, httpResp); + authenticatedSessionStore.destroyInternalSSOSession(internalSSOId); + ssoManager.destroySSOSessionOnIDPOnly(httpReq, httpResp, pendingReq); revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, uniqueSessionIdentifier); - Logger.debug("Active SSO Session on IDP is remove."); } catch (MOADatabaseException e) { @@ -228,165 +155,8 @@ public class AuthenticationManager extends AbstractAuthenticationManager { } - Logger.trace("Starting Service-Provider logout process ... "); - revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_STARTED); - //start service provider back channel logout process - Iterator<String> nextOAInterator = sloContainer.getNextBackChannelOA(); - while (nextOAInterator.hasNext()) { - SLOInformationImpl sloDescr = sloContainer.getBackChannelOASessionDescripten(nextOAInterator.next()); - LogoutRequest sloReq = sloBuilder.buildSLORequestMessage(sloDescr); - - try { - Logger.trace("Send backchannel SLO Request to " + sloDescr.getSpEntityID()); - List<XMLObject> soapResp = MOASAMLSOAPClient.send(sloDescr.getServiceURL(), sloReq); - - LogoutResponse sloResp = null; - for (XMLObject el : soapResp) { - if (el instanceof LogoutResponse) - sloResp = (LogoutResponse) el; - } - - if (sloResp == null) { - Logger.warn("Single LogOut for OA " + sloDescr.getSpEntityID() - + " FAILED. NO LogOut response received."); - sloContainer.putFailedOA(sloDescr.getSpEntityID()); - - } else { - samlVerificationEngine.verifySLOResponse(sloResp, - TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider)); - - } - - sloBuilder.checkStatusCode(sloContainer, sloResp); - - } catch (SOAPException e) { - Logger.warn("Single LogOut for OA " + sloDescr.getSpEntityID() - + " FAILED.", e); - sloContainer.putFailedOA(sloDescr.getSpEntityID()); - - } catch (SecurityException | InvalidProtocolRequestException e) { - Logger.warn("Single LogOut for OA " + sloDescr.getSpEntityID() - + " FAILED.", e); - sloContainer.putFailedOA(sloDescr.getSpEntityID()); - - } - } - - //start service provider front channel logout process - try { - if (sloContainer.hasFrontChannelOA()) { - String relayState = Random.nextRandom(); - - Collection<Entry<String, SLOInformationImpl>> sloDescr = sloContainer.getFrontChannelOASessionDescriptions(); - List<String> sloReqList = new ArrayList<String>(); - for (Entry<String, SLOInformationImpl> el : sloDescr) { - Logger.trace("Build frontChannel SLO Request for " + el.getValue().getSpEntityID()); - - LogoutRequest sloReq = sloBuilder.buildSLORequestMessage(el.getValue()); - try { - sloReqList.add(sloBuilder.getFrontChannelSLOMessageURL(el.getValue().getServiceURL(), el.getValue().getBinding(), - sloReq, httpReq, httpResp, relayState)); - - } catch (Exception e) { - Logger.warn("Failed to build SLO request for OA:" + el.getKey()); - sloContainer.putFailedOA(el.getKey()); - - } - } - - //put SLO process-information into transaction storage - transactionStorage.put(relayState, sloContainer, -1); - - if (MiscUtil.isEmpty(authURL)) - authURL = pvpReq.getAuthURL(); - - String timeOutURL = authURL - + "/idpSingleLogout" - + "?restart=" + relayState; - - DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration( - authURL, - DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT, - null); - - config.putCustomParameterWithOutEscaption("redirectURLs", sloReqList); - config.putCustomParameterWithOutEscaption("timeoutURL", timeOutURL); - config.putCustomParameter("timeout", String.valueOf(SLOTIMEOUT)); - - guiBuilder.build(httpResp, config, "Single-LogOut GUI"); - - - } else { - if (pvpReq != null) { - //send SLO response to SLO request issuer - SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor(pvpReq); - LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, pvpReq, sloContainer.getSloFailedOAs()); - sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, inboundRelayState, pvpReq); - - } else { - //print SLO information directly - DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration( - authURL, - DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT, - null); - - if (sloContainer.getSloFailedOAs() == null || - sloContainer.getSloFailedOAs().size() == 0) { - revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_ALL_VALID); - config.putCustomParameter("successMsg", - MOAIDMessageProvider.getInstance().getMessage("slo.00", null)); - - } else { - revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID); - config.putCustomParameterWithOutEscaption("errorMsg", - MOAIDMessageProvider.getInstance().getMessage("slo.01", null)); - - } - guiBuilder.build(httpResp, config, "Single-LogOut GUI"); - - } - - } + return sloContainer; - } catch (GUIBuildException e) { - Logger.warn("Can not build GUI:'Single-LogOut'. Msg:" + e.getMessage()); - throw new MOAIDException("builder.09", new Object[]{e.getMessage()}, e); - - } catch (MOADatabaseException e) { - Logger.error("MOA AssertionDatabase ERROR", e); - if (pvpReq != null) { - SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor(pvpReq); - LogoutResponse message = sloBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI); - sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, inboundRelayState, pvpReq); - - revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID); - - }else { - //print SLO information directly - DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration( - authURL, - DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT, - null); - - revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID); - config.putCustomParameterWithOutEscaption("errorMsg", - MOAIDMessageProvider.getInstance().getMessage("slo.01", null)); - - try { - guiBuilder.build(httpResp, config, "Single-LogOut GUI"); - - } catch (GUIBuildException e1) { - Logger.warn("Can not build GUI:'Single-LogOut'. Msg:" + e.getMessage()); - throw new MOAIDException("builder.09", new Object[]{e.getMessage()}, e); - - } - - } - - } catch (Exception e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } } @Override diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java index bded1943b..d3d7a9456 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java @@ -72,11 +72,15 @@ public class SSOManager implements ISSOManager { private static final int INTERFEDERATIONCOOKIEMAXAGE = 5 * 60;// sec + public static final String DATAID_INTERFEDERATIOIDP_URL = "INTERFEDERATIOIDP_URL"; + @Autowired private IAuthenticationSessionStoreage authenticatedSessionStore; @Autowired private AuthConfiguration authConfig; @Autowired private IRevisionLogger revisionsLogger; + + //@Autowired private MOASessionDBUtils moaSessionDBUtils; @@ -113,7 +117,7 @@ public class SSOManager implements ISSOManager { return isSSOValid; - } catch (SessionDataStorageException | ConfigurationException | MOADatabaseException e) { + } catch (SessionDataStorageException | ConfigurationException | EAAFStorageException e) { Logger.warn("Cann not process SSO session. Reason: " + e.getMessage(), e); Logger.info("All SSO session will be ignored."); @@ -151,8 +155,9 @@ public class SSOManager implements ISSOManager { public void populatePendingRequestWithSSOInformation(IRequest pendingReq) throws EAAFSSOException { //populate pending request with eID data from SSO session if no userConsent is required - try { - AuthenticationSession ssoMOASession = getInternalMOASession(pendingReq.getSSOSessionIdentifier()); + try { + String ssoSessionId = authenticatedSessionStore.getInternalSSOSessionWithSSOID(pendingReq.getSSOSessionIdentifier()); + AuthenticationSession ssoMOASession = authenticatedSessionStore.getInternalSSOSession(ssoSessionId); if (ssoMOASession == null) Logger.info("No MOASession FOUND with provided SSO-Cookie."); @@ -192,25 +197,26 @@ public class SSOManager implements ISSOManager { if (isValidSSOSession(ssoid, null)) { //delete SSO session and MOA session - AuthenticationSession ssoSession = authenticatedSessionStore.getInternalMOASessionWithSSOID(ssoid); + String ssoSessionId = authenticatedSessionStore.getInternalSSOSessionWithSSOID(ssoid); + AuthenticationSession ssoMOASession = authenticatedSessionStore.getInternalSSOSession(ssoSessionId); - if (ssoSession == null) { + if (ssoMOASession == null) { Logger.info("No internal MOA SSO-Session found. Nothing to destroy"); return false; } - ssoSession.setAuthenticated(false); + ssoMOASession.setAuthenticated(false); //log Session_Destroy to reversionslog AuthenticationSessionExtensions sessionExtensions = - authenticatedSessionStore.getAuthenticationSessionExtensions(ssoSession.getSSOSessionID()); + authenticatedSessionStore.getAuthenticationSessionExtensions(ssoMOASession.getSSOSessionID()); revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, sessionExtensions.getUniqueSessionId()); - authenticatedSessionStore.destroyInternalSSOSession(ssoSession.getSSOSessionID()); + authenticatedSessionStore.destroyInternalSSOSession(ssoMOASession.getSSOSessionID()); } - } catch (MOADatabaseException | ConfigurationException | SessionDataStorageException e) { + } catch (ConfigurationException | SessionDataStorageException | EAAFStorageException e) { Logger.info("NO MOA Authentication data for ID " + ssoid); return false; @@ -235,14 +241,15 @@ public class SSOManager implements ISSOManager { * @param httpResp HttpServletResponse * @param protocolRequest Authentication request which is actually in process * @throws SessionDataStorageException + * @throws EAAFStorageException * **/ public void checkInterfederationIsRequested(HttpServletRequest httpReq, HttpServletResponse httpResp, - IRequest protocolRequest) throws SessionDataStorageException { + IRequest protocolRequest) throws SessionDataStorageException, EAAFStorageException { String interIDP = httpReq.getParameter(MOAIDAuthConstants.INTERFEDERATION_IDP); String interfederationIDP = - protocolRequest.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class); + protocolRequest.getGenericData(DATAID_INTERFEDERATIOIDP_URL, String.class); if (MiscUtil.isNotEmpty(interfederationIDP)) { Logger.debug("Protocolspecific preprocessing already set interfederation IDP " + interfederationIDP); return; @@ -254,14 +261,14 @@ public class SSOManager implements ISSOManager { RequestImpl moaReq = (RequestImpl) protocolRequest; if (MiscUtil.isNotEmpty(interIDP)) { Logger.info("Receive SSO request for interfederation IDP " + interIDP); - moaReq.setGenericDataToSession(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, interIDP); + moaReq.setGenericDataToSession(DATAID_INTERFEDERATIOIDP_URL, interIDP); } else { //check if IDP cookie is set String cookie = getValueFromCookie(httpReq, SSOINTERFEDERATION); if (MiscUtil.isNotEmpty(cookie)) { Logger.info("Receive SSO request for interfederated IDP from Cookie " + cookie); - moaReq.setGenericDataToSession(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, cookie); + moaReq.setGenericDataToSession(DATAID_INTERFEDERATIOIDP_URL, cookie); deleteCookie(httpReq, httpResp, SSOINTERFEDERATION); } @@ -283,7 +290,7 @@ public class SSOManager implements ISSOManager { Logger.debug("Add SSO information to MOASession."); //Store SSO information into database - String newSSOSessionId = createSSOSessionInformations(moaSession.getSessionID(), + String newSSOSessionId = createSSOSessionInformations(moaSession.getSSOSessionID(), pendingReq.getSPEntityId()); //set SSO cookie to response @@ -298,7 +305,7 @@ public class SSOManager implements ISSOManager { return newSSOSessionId; } - public boolean isValidSSOSession(String ssoSessionID, IRequest protocolRequest) throws ConfigurationException, SessionDataStorageException { + public boolean isValidSSOSession(String ssoSessionID, IRequest protocolRequest) throws ConfigurationException, SessionDataStorageException, EAAFStorageException { // search SSO Session if (ssoSessionID == null) { @@ -328,7 +335,7 @@ public class SSOManager implements ISSOManager { //in case of federated SSO session, jump to federated IDP for authentication String interfederationIDP = - protocolRequest.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class); + protocolRequest.getGenericData(DATAID_INTERFEDERATIOIDP_URL, String.class); if (MiscUtil.isEmpty(interfederationIDP)) { InterfederationSessionStore selectedIDP = authenticatedSessionStore.searchInterfederatedIDPFORSSOWithMOASession(storedSession.getSessionid()); @@ -337,7 +344,7 @@ public class SSOManager implements ISSOManager { //no local SSO session exist -> request interfederated IDP Logger.info("SSO Session refer to federated IDP: " + selectedIDP.getIdpurlprefix()); protocolRequest.setGenericDataToSession( - RequestImpl.DATAID_INTERFEDERATIOIDP_URL, selectedIDP.getIdpurlprefix()); + DATAID_INTERFEDERATIOIDP_URL, selectedIDP.getIdpurlprefix()); } else { Logger.warn("MOASession is marked as interfederated SSO session but no interfederated IDP is found. Switch to local authentication ..."); @@ -360,18 +367,18 @@ public class SSOManager implements ISSOManager { } - public AuthenticationSession getInternalMOASession(String ssoSessionID) throws MOADatabaseException { - return authenticatedSessionStore.getInternalMOASessionWithSSOID(ssoSessionID); - - } +// public String getInternalSSOSession(String ssoSessionID) throws MOADatabaseException { +// return authenticatedSessionStore.getInternalSSOSessionWithSSOID(ssoSessionID); +// +// } //TODO: refactor for faster DB access public String getUniqueSessionIdentifier(String ssoSessionID) { try { if (MiscUtil.isNotEmpty(ssoSessionID)) { - AuthenticationSession moaSession = authenticatedSessionStore.getInternalMOASessionWithSSOID(ssoSessionID); - if (moaSession != null) { - AuthenticationSessionExtensions extSessionInformation = authenticatedSessionStore.getAuthenticationSessionExtensions(moaSession.getSSOSessionID()); + String ssoSessionId = authenticatedSessionStore.getInternalSSOSessionWithSSOID(ssoSessionID); + if (MiscUtil.isNotEmpty(ssoSessionId)) { + AuthenticationSessionExtensions extSessionInformation = authenticatedSessionStore.getAuthenticationSessionExtensions(ssoSessionId); return extSessionInformation.getUniqueSessionId(); } |