aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2016-10-25 16:23:23 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2016-10-25 16:23:23 +0200
commitf10fb18bac8e4b98460d100a4af42a943ddb75df (patch)
treed53343fb928cb0186f6fa88ef2684bbea490b413 /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls
parent83a92eead9d389060ec43e9459c5a1367aefc29a (diff)
downloadmoa-id-spss-f10fb18bac8e4b98460d100a4af42a943ddb75df.tar.gz
moa-id-spss-f10fb18bac8e4b98460d100a4af42a943ddb75df.tar.bz2
moa-id-spss-f10fb18bac8e4b98460d100a4af42a943ddb75df.zip
fix another problem in session database
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java120
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java47
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java13
3 files changed, 116 insertions, 64 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 34b250bf0..f718777b0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -59,6 +59,7 @@ import at.gv.egovernment.moa.id.auth.modules.registration.ModuleRegistration;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
@@ -107,52 +108,77 @@ public class AuthenticationManager extends MOAIDAuthConstants {
@Autowired(required=true) private MOAMetadataProvider metadataProvider;
public void performSingleLogOut(HttpServletRequest httpReq,
- HttpServletResponse httpResp, AuthenticationSession session, PVPTargetConfiguration pvpReq) throws MOAIDException {
+ HttpServletResponse httpResp, IAuthenticationSession session, PVPTargetConfiguration pvpReq) throws MOAIDException {
performSingleLogOut(httpReq, httpResp, session, pvpReq, null);
}
public void performSingleLogOut(HttpServletRequest httpReq,
- HttpServletResponse httpResp, AuthenticationSession session, String authURL) throws MOAIDException {
+ HttpServletResponse httpResp, IAuthenticationSession session, String authURL) throws MOAIDException {
performSingleLogOut(httpReq, httpResp, session, null, authURL);
}
+ /**
+ * @param req
+ * @param resp
+ * @param moasessionid
+ */
+ public void performOnlyIDPLogOut(AuthenticationSession authSession) {
+
+ if (authSession == null) {
+ Logger.info("No internal MOA SSO-Session found. Nothing to destroy");
+ return;
+
+ }
+
+ try {
+
+ authSession.setAuthenticated(false);
+ //HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session
+
+ //log Session_Destroy to reversionslog
+ AuthenticationSessionExtensions sessionExtensions = authenticatedSessionStore.getAuthenticationSessionExtensions(authSession.getSessionID());
+ revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, sessionExtensions.getUniqueSessionId());
+
+ authenticatedSessionStore.destroyInternalSSOSession(authSession.getSessionID());
+
+ //session.invalidate();
+
+ } catch (MOADatabaseException e) {
+ Logger.info("NO MOA Authentication data for ID " + authSession.getSessionID());
+ return;
+ }
+
+ }
+
+
public void performOnlyIDPLogOut(HttpServletRequest request,
- HttpServletResponse response, String moaSessionID) {
+ HttpServletResponse response, String internalMOASsoSessionID) {
Logger.info("Remove active user-session");
- if(moaSessionID == null) {
- moaSessionID = (String) request.getParameter(PARAM_SESSIONID);
+ if(internalMOASsoSessionID == null) {
+ internalMOASsoSessionID = (String) request.getParameter(PARAM_SESSIONID);
}
- if(moaSessionID == null) {
+ if(internalMOASsoSessionID == null) {
Logger.info("NO MOA Session to logout");
return;
}
AuthenticationSession authSession;
try {
- authSession = authenticatedSessionStore.getSession(moaSessionID);
+ authSession = authenticatedSessionStore.getInternalSSOSession(internalMOASsoSessionID);
if(authSession == null) {
- Logger.info("NO MOA Authentication data for ID " + moaSessionID);
+ Logger.info("NO MOA Authentication data for ID " + internalMOASsoSessionID);
return;
}
-
- authSession.setAuthenticated(false);
- //HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session
-
- //log Session_Destroy to reversionslog
- AuthenticationSessionExtensions sessionExtensions = authenticatedSessionStore.getAuthenticationSessionExtensions(moaSessionID);
- revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, sessionExtensions.getUniqueSessionId());
-
- authenticatedSessionStore.destroySession(moaSessionID);
-
- //session.invalidate();
-
+
+ performOnlyIDPLogOut(authSession);
+
} catch (MOADatabaseException e) {
- Logger.info("NO MOA Authentication data for ID " + moaSessionID);
+ Logger.info("NO MOA Authentication data for ID " + internalMOASsoSessionID);
return;
}
@@ -200,7 +226,8 @@ public class AuthenticationManager extends MOAIDAuthConstants {
revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(),
pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO_INVALID);
- authenticatedSessionStore.destroySession(correspondingMOASession);
+ //destroy internal SSO-session object and SSO-session cooky
+ authenticatedSessionStore.destroyInternalSSOSession(correspondingMOASession);
ssoManager.deleteSSOSessionID(httpReq, httpResp);
}
}
@@ -224,12 +251,11 @@ public class AuthenticationManager extends MOAIDAuthConstants {
pendingReq.setNeedSingleSignOnFunctionality(isSSOAllowed);
//get MOASession from SSO-Cookie if SSO is allowed
- AuthenticationSession moaSession = null;
+ AuthenticationSession ssoMOASession = null;
if (isValidSSOSession && isSSOAllowed) {
- String moasessionID = ssoManager.getMOASession(ssoId);
- moaSession = authenticatedSessionStore.getSession(moasessionID);
+ ssoMOASession = ssoManager.getInternalMOASession(ssoId);
- if (moaSession == null)
+ if (ssoMOASession == null)
Logger.info("No MOASession FOUND with provided SSO-Cookie.");
else {
@@ -240,8 +266,8 @@ public class AuthenticationManager extends MOAIDAuthConstants {
}
//check if session is already authenticated
- boolean isSessionAuthenticated = tryPerformAuthentication((RequestImpl) pendingReq, moaSession);
-
+ boolean isSessionAuthenticated = tryPerformAuthentication((RequestImpl) pendingReq, ssoMOASession);
+
//force new authentication authentication process
if (pendingReq.forceAuth()) {
startAuthenticationProcess(httpReq, httpResp, pendingReq);
@@ -256,7 +282,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
if (isSessionAuthenticated) {
// Passive authentication ok!
revisionsLogger.logEvent(oaParam, pendingReq, MOAIDEventConstants.AUTHPROCESS_FINISHED);
- return moaSession;
+ return ssoMOASession;
} else {
throw new NoPassivAuthenticationException();
@@ -267,7 +293,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
// Is authenticated .. proceed
revisionsLogger.logEvent(oaParam,
pendingReq, MOAIDEventConstants.AUTHPROCESS_FINISHED);
- return moaSession;
+ return ssoMOASession;
} else {
// Start authentication!
@@ -286,29 +312,30 @@ public class AuthenticationManager extends MOAIDAuthConstants {
* @return true if session is already authenticated, otherwise false
* @throws MOAIDException
*/
- private boolean tryPerformAuthentication(RequestImpl protocolRequest, AuthenticationSession moaSession) {
+ private boolean tryPerformAuthentication(RequestImpl protocolRequest, AuthenticationSession ssoMOASession) {
//if no MOASession exist -> authentication is required
- if (moaSession == null) {
+ if (ssoMOASession == null) {
return false;
} else {
- //if MOASession is Found but not authenticated --> authentication is required
- if (!moaSession.isAuthenticated()) {
+ //if MOA SSO-Session is found but not authenticated --> authentication is required
+ if (!ssoMOASession.isAuthenticated()) {
return false;
}
//if MOASession is already authenticated and protocol-request is authenticated
// --> no authentication is required any more
- else if (moaSession.isAuthenticated() && protocolRequest.isAuthenticated()) {
+ else if (ssoMOASession.isAuthenticated() && protocolRequest.isAuthenticated()) {
+ protocolRequest.setInternalSSOSessionIdentifier(ssoMOASession.getSessionID());
return true;
// if MOASession is authenticated and SSO is allowed --> authenticate pendingRequest
} else if (!protocolRequest.isAuthenticated()
- && moaSession.isAuthenticated() && protocolRequest.needSingleSignOnFunctionality()) {
+ && ssoMOASession.isAuthenticated() && protocolRequest.needSingleSignOnFunctionality()) {
Logger.debug("Found active MOASession and SSO is allowed --> pendingRequest is authenticted");
protocolRequest.setAuthenticated(true);
- protocolRequest.setMOASessionIdentifier(moaSession.getSessionID());
+ protocolRequest.setInternalSSOSessionIdentifier(ssoMOASession.getSessionID());
return true;
}
@@ -336,19 +363,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
//check legacy request parameter
boolean legacyparamavail = ParamValidatorUtils.areAllLegacyParametersAvailable(httpReq);
-
- //create MOASession object
- AuthenticationSession moasession;
- try {
- moasession = authenticatedSessionStore.createSession(pendingReq);
- pendingReq.setMOASessionIdentifier(moasession.getSessionID());
-
- } catch (MOADatabaseException e1) {
- Logger.error("Database Error! MOASession can not be created!");
- throw new MOAIDException("init.04", new Object[] {});
-
- }
-
+
//create authentication process execution context
ExecutionContext executionContext = new ExecutionContextImpl();
@@ -441,7 +456,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
}
private void performSingleLogOut(HttpServletRequest httpReq,
- HttpServletResponse httpResp, AuthenticationSession session, PVPTargetConfiguration pvpReq, String authURL) throws MOAIDException {
+ HttpServletResponse httpResp, IAuthenticationSession session, PVPTargetConfiguration pvpReq, String authURL) throws MOAIDException {
String pvpSLOIssuer = null;
String inboundRelayState = null;
String uniqueSessionIdentifier = "notSet";
@@ -491,7 +506,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
//terminate MOASession
try {
- authenticatedSessionStore.destroySession(session.getSessionID());
+ authenticatedSessionStore.destroyInternalSSOSession(session.getSessionID());
ssoManager.deleteSSOSessionID(httpReq, httpResp);
revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, uniqueSessionIdentifier);
@@ -663,4 +678,5 @@ public class AuthenticationManager extends MOAIDAuthConstants {
e.printStackTrace();
}
}
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
index ffc6012c9..b612352c6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
@@ -26,6 +26,7 @@ import java.io.Serializable;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Collection;
+import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@@ -35,10 +36,14 @@ import javax.servlet.http.HttpServletRequest;
import org.opensaml.saml2.metadata.provider.MetadataProvider;
import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
import at.gv.egovernment.moa.id.commons.MOAIDConstants;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.data.AuthProzessDataConstants;
+import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
@@ -67,8 +72,8 @@ public abstract class RequestImpl implements IRequest, Serializable{
private String action = null;
private String requestID;
- private String moaSessionIdentifier;
private String processInstanceId;
+ private String ssoMoaSessionId;
private String uniqueTransactionIdentifer;
private String uniqueSessionIdentifer;
@@ -91,6 +96,8 @@ public abstract class RequestImpl implements IRequest, Serializable{
private Map<String, Object> genericDataStorage = new HashMap<String, Object>();
+ private IAuthenticationSession moaSSOSessionContainer = null;
+
/**
* @throws ConfigurationException
@@ -99,11 +106,14 @@ public abstract class RequestImpl implements IRequest, Serializable{
public final void initialize(HttpServletRequest req) throws ConfigurationException {
//set requestID
requestID = Random.nextLongRandom();
-
+
//set unique transaction identifier for logging
uniqueTransactionIdentifer = Random.nextLongRandom();
TransactionIDUtils.setTransactionId(uniqueTransactionIdentifer);
+ //initialize session object
+ genericDataStorage.put(AuthProzessDataConstants.VALUE_CREATED, new Date());
+ genericDataStorage.put(AuthProzessDataConstants.VALUE_SESSIONID, Random.nextLongRandom());
//check if End-Point is valid
String authURLString = HTTPUtils.extractAuthURLFromRequest(req);
@@ -247,16 +257,41 @@ public abstract class RequestImpl implements IRequest, Serializable{
return requestID;
}
- public String getMOASessionIdentifier() {
- return this.moaSessionIdentifier;
+ public String getInternalSSOSessionIdentifier() {
+ return this.ssoMoaSessionId;
+ }
+
+ /**
+ * Set the internal SSO session identifier, which associated with this pending request
+ *
+ * @param internalSSOSessionId
+ */
+ public void setInternalSSOSessionIdentifier(String internalSSOSessionId) {
+ this.ssoMoaSessionId = internalSSOSessionId;
}
- public void setMOASessionIdentifier(String moaSessionIdentifier) {
- this.moaSessionIdentifier = moaSessionIdentifier;
+ public IAuthenticationSession getMOASession() {
+ //if SSO session information are set, use this
+ if (moaSSOSessionContainer != null)
+ return moaSSOSessionContainer;
+ else
+ return new AuthenticationSessionWrapper(genericDataStorage);
+
}
+ public void populateMOASessionWithSSOInformation(IAuthenticationSession ssoSession) {
+ if (ssoSession instanceof AuthenticationSession) {
+ moaSSOSessionContainer = ssoSession;
+
+ } else
+ throw new IllegalStateException("Session information can only be populated with SSO information from database");
+
+
+ }
+
+
public IOAAuthParameters getOnlineApplicationConfiguration() {
return this.OAConfiguration;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
index c27012ba9..557d9af48 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
@@ -31,6 +31,7 @@ import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
@@ -157,7 +158,7 @@ public class SSOManager {
} else {
Logger.warn("MOASession is marked as interfederated SSO session but no interfederated IDP is found. Switch to local authentication ...");
try {
- authenticatedSessionStore.destroySession(storedSession.getSessionid());
+ authenticatedSessionStore.destroyInternalSSOSession(storedSession.getSessionid());
} catch (MOADatabaseException e) {
Logger.error("Delete MOASession with ID:" + storedSession.getSessionid() + " FAILED!" , e);
@@ -175,8 +176,8 @@ public class SSOManager {
}
- public String getMOASession(String ssoSessionID) {
- return authenticatedSessionStore.getMOASessionSSOID(ssoSessionID);
+ public AuthenticationSession getInternalMOASession(String ssoSessionID) throws MOADatabaseException {
+ return authenticatedSessionStore.getInternalMOASessionWithSSOID(ssoSessionID);
}
@@ -184,9 +185,9 @@ public class SSOManager {
public String getUniqueSessionIdentifier(String ssoSessionID) {
try {
if (MiscUtil.isNotEmpty(ssoSessionID)) {
- String moaSessionID = authenticatedSessionStore.getMOASessionSSOID(ssoSessionID);
- if (MiscUtil.isNotEmpty(moaSessionID)) {
- AuthenticationSessionExtensions extSessionInformation = authenticatedSessionStore.getAuthenticationSessionExtensions(moaSessionID);
+ AuthenticationSession moaSession = authenticatedSessionStore.getInternalMOASessionWithSSOID(ssoSessionID);
+ if (moaSession != null) {
+ AuthenticationSessionExtensions extSessionInformation = authenticatedSessionStore.getAuthenticationSessionExtensions(moaSession.getSessionID());
return extSessionInformation.getUniqueSessionId();
}