diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2013-07-24 17:13:31 +0200 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2013-07-24 17:13:31 +0200 |
commit | cfb70f755c45a2cad582e8030b1542add9949efb (patch) | |
tree | 039123854ab630f81dd2387d0f7636056e9e304a /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls | |
parent | 71da4a9bc7e2ff79b2fb4cf8903d15fd75372859 (diff) | |
download | moa-id-spss-cfb70f755c45a2cad582e8030b1542add9949efb.tar.gz moa-id-spss-cfb70f755c45a2cad582e8030b1542add9949efb.tar.bz2 moa-id-spss-cfb70f755c45a2cad582e8030b1542add9949efb.zip |
- SSO finalized
- SSO Session is not closed if a new single authentication operation is started
- PVP2 Configuration from Database (but without Metadata) --> TODO: change MetaDataProvider
- Add additional UserFrame in case of SSO
- MOASession encryption
TODO: MetaDataProvider, IdentityLink resign, SSO with Mandates, Legacy Template generation
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls')
3 files changed, 98 insertions, 68 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index 4ec734c41..b6742fb9e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -10,14 +10,17 @@ import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.BuildException; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder; +import at.gv.egovernment.moa.id.auth.builder.SendAssertionFormBuilder; import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser; import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.config.OAParameter; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; @@ -119,33 +122,40 @@ public class AuthenticationManager extends AuthServlet { try { authSession = AuthenticationSessionStoreage.getSession(sessionID); - } catch (MOADatabaseException e) { - return false; - } + - if (authSession != null) { - Logger.info("MOASession found! A: " - + authSession.isAuthenticated() + ", AU " - + authSession.isAuthenticatedUsed()); - if (authSession.isAuthenticated() - && !authSession.isAuthenticatedUsed()) { - authSession.setAuthenticatedUsed(true); - HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, - sessionID); - return true; // got authenticated + if (authSession != null) { + Logger.info("MOASession found! A: " + + authSession.isAuthenticated() + ", AU " + + authSession.isAuthenticatedUsed()); + if (authSession.isAuthenticated() + && !authSession.isAuthenticatedUsed()) { + authSession.setAuthenticatedUsed(true); + + AuthenticationSessionStoreage.storeSession(authSession); + + HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, + sessionID); + return true; // got authenticated + } } + + } catch (MOADatabaseException e) { + return false; + } catch (BuildException e) { + return false; } } return false; } public void logout(HttpServletRequest request, - HttpServletResponse response) { + HttpServletResponse response, String moaSessionID) { Logger.info("Logout"); HttpSession session = request.getSession(); - String moaSessionID = HTTPSessionUtils.getHTTPSessionString(session, MOA_SESSION, null); + //String moaSessionID = HTTPSessionUtils.getHTTPSessionString(session, MOA_SESSION, null); if(moaSessionID == null) { moaSessionID = (String) request.getParameter(PARAM_SESSIONID); @@ -171,7 +181,7 @@ public class AuthenticationManager extends AuthServlet { AuthenticationSessionStoreage.destroySession(moaSessionID); - session.invalidate(); + //session.invalidate(); } catch (MOADatabaseException e) { Logger.info("NO MOA Authentication data for ID " + moaSessionID); @@ -185,14 +195,14 @@ public class AuthenticationManager extends AuthServlet { throws ServletException, IOException, MOAIDException { Logger.info("Starting authentication ..."); - if (!ParamValidatorUtils.isValidOA(target.getOAURL())) - throw new WrongParametersException("StartAuthentication", PARAM_OA, - "auth.12"); - - if (target.getOAURL() == null) { - throw new WrongParametersException("StartAuthentication", PARAM_OA, - "auth.12"); - } +// if (!ParamValidatorUtils.isValidOA(target.getOAURL())) +// throw new WrongParametersException("StartAuthentication", PARAM_OA, +// "auth.12"); +// +// if (target.getOAURL() == null) { +// throw new WrongParametersException("StartAuthentication", PARAM_OA, +// "auth.12"); +// } setNoCachingHeadersInHttpRespone(request, response); @@ -205,12 +215,19 @@ public class AuthenticationManager extends AuthServlet { boolean legacyparamavail = ParamValidatorUtils.areAllLegacyParametersAvailable(request); AuthenticationSession moasession; + try { + //check if an MOASession exists and if not create an new MOASession + //moasession = getORCreateMOASession(request); + moasession = AuthenticationSessionStoreage.createSession(); + + } catch (MOADatabaseException e1) { + Logger.error("Database Error! MOASession can not be created!"); + throw new MOAIDException("init.04", new Object[] {}); + } + if (legacyallowed && legacyparamavail) { - //check if an MOASession exists and if not create an new MOASession - moasession = getORCreateMOASession(request); - //parse request parameter into MOASession StartAuthentificationParameterParser.parse(request, response, moasession); @@ -255,7 +272,7 @@ public class AuthenticationManager extends AuthServlet { else { //check if an MOASession exists and if not create an new MOASession - moasession = getORCreateMOASession(request); + //moasession = getORCreateMOASession(request); //set OnlineApplication configuration in Session moasession.setOAURLRequested(target.getOAURL()); @@ -264,8 +281,10 @@ public class AuthenticationManager extends AuthServlet { } //Build authentication form + + String loginForm = LoginFormBuilder.buildLoginForm(target.requestedModule(), - target.requestedAction(), oaParam.getFriendlyName(), request.getContextPath()); + target.requestedAction(), oaParam.getFriendlyName(), request.getContextPath(), oaParam.useIFrame()); //store MOASession try { @@ -286,29 +305,43 @@ public class AuthenticationManager extends AuthServlet { } } - private AuthenticationSession getORCreateMOASession(HttpServletRequest request) throws MOAIDException { + public void sendTransmitAssertionQuestion(HttpServletRequest request, + HttpServletResponse response, IRequest target, OAAuthParameter oaParam) + throws ServletException, IOException, MOAIDException { - //String sessionID = request.getParameter(PARAM_SESSIONID); - String sessionID = (String) request.getSession().getAttribute(MOA_SESSION); - AuthenticationSession moasession; - - try { - moasession = AuthenticationSessionStoreage.getSession(sessionID); - Logger.info("Found existing MOASession with sessionID=" + sessionID - + ". This session is used for reauthentification."); - - } catch (MOADatabaseException e) { - try { - moasession = AuthenticationSessionStoreage.createSession(); - Logger.info("Create a new MOASession with sessionID=" + moasession.getSessionID() + "."); - - } catch (MOADatabaseException e1) { - Logger.error("Database Error! MOASession are not created."); - throw new MOAIDException("init.04", new Object[] { - "0"}); - } - } - - return moasession; - } + String form = SendAssertionFormBuilder.buildForm(target.requestedModule(), + target.requestedAction(), oaParam.getFriendlyName(), request.getContextPath(), oaParam.useIFrame()); + + response.setContentType("text/html;charset=UTF-8"); + PrintWriter out = new PrintWriter(response.getOutputStream()); + out.print(form); + out.flush(); + } + + +// private AuthenticationSession getORCreateMOASession(HttpServletRequest request) throws MOAIDException { +// +// //String sessionID = request.getParameter(PARAM_SESSIONID); +// String sessionID = (String) request.getSession().getAttribute(MOA_SESSION); +// AuthenticationSession moasession; +// +// try { +// moasession = AuthenticationSessionStoreage.getSession(sessionID); +// Logger.info("Found existing MOASession with sessionID=" + sessionID +// + ". This session is used for reauthentification."); +// +// } catch (MOADatabaseException e) { +// try { +// moasession = AuthenticationSessionStoreage.createSession(); +// Logger.info("Create a new MOASession with sessionID=" + moasession.getSessionID() + "."); +// +// } catch (MOADatabaseException e1) { +// Logger.error("Database Error! MOASession are not created."); +// throw new MOAIDException("init.04", new Object[] { +// "0"}); +// } +// } +// +// return moasession; +// } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java index 6630693a6..aa8a8d9a9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java @@ -5,9 +5,10 @@ import javax.servlet.http.HttpServletResponse; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; public interface IAction extends MOAIDAuthConstants { - public void processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) + public void processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException; public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java index 84817ba7a..82273da83 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java @@ -61,10 +61,15 @@ public class SSOManager { String moaSessionId =HTTPSessionUtils.getHTTPSessionString(httpReq.getSession(), AuthenticationManager.MOA_SESSION, null); + return AuthenticationSessionStoreage.isValidSessionWithSSOID(ssoSessionID, moaSessionId); } + public String getMOASession(String ssoSessionID) { + return AuthenticationSessionStoreage.getMOASessionID(ssoSessionID); + } + public String existsOldSSOSession(String ssoId) { Logger.trace("Check that the SSOID has already been used"); @@ -136,23 +141,14 @@ public class SSOManager { Cookie[] cookies = httpReq.getCookies(); if (cookies != null) { - for (Cookie cookie : cookies) { - if (cookie.getName().equals(SSOCOOKIE)) { - cookie.setValue(ssoId); - cookie.setMaxAge(sso_timeout); - cookie.setSecure(true); - httpResp.addCookie(cookie); - return; - } - } - + deleteSSOSessionID(httpReq, httpResp); } + Cookie cookie = new Cookie(SSOCOOKIE, ssoId); cookie.setMaxAge(sso_timeout); cookie.setSecure(true); - httpResp.addCookie(cookie); - return; - + cookie.setPath(httpReq.getContextPath()); + httpResp.addCookie(cookie); } @@ -165,7 +161,7 @@ public class SSOManager { //TODO: funktioniert nicht, da Cookie seltsamerweise immer unsecure übertragen wird (firefox) //if (cookie.getName().equals(SSOCOOKIE) && cookie.getSecure()) { - + if (cookie.getName().equals(SSOCOOKIE)) { return cookie.getValue(); } |