diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2016-02-25 10:26:41 +0100 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2016-02-25 10:26:41 +0100 |
commit | 1f88acc4f47eb8b9e01ff3c9d8262871fe314b42 (patch) | |
tree | ac717490924db6c1d5fecd3056210ee9568de8a0 /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java | |
parent | 14b1e1a2840a210754ac063ee3aa0b6884bf6ce9 (diff) | |
download | moa-id-spss-1f88acc4f47eb8b9e01ff3c9d8262871fe314b42.tar.gz moa-id-spss-1f88acc4f47eb8b9e01ff3c9d8262871fe314b42.tar.bz2 moa-id-spss-1f88acc4f47eb8b9e01ff3c9d8262871fe314b42.zip |
add 'isAbortedByUser' flag to pending-request to indicate that this request is aborted, but the auth. process is not broken
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java | 36 |
1 files changed, 20 insertions, 16 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java index 8c3f2c946..009ef4b6d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java @@ -33,6 +33,7 @@ import org.springframework.web.bind.annotation.RequestMethod; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.moduls.IRequest; @@ -74,10 +75,7 @@ public class ProtocolFinalizationController extends AbstractAuthProtocolModulCon //build protocol-specific error message if possible buildProtocolSpecificErrorResponse(throwable, req, resp, pendingReq); - - //log Error Message - statisticLogger.logErrorOperation(throwable, pendingReq); - + //get MOASession for this pendingRequest AuthenticationSession moaSession = authenticatedSessionStorage.getSession( @@ -132,19 +130,25 @@ public class ProtocolFinalizationController extends AbstractAuthProtocolModulCon if (moaSession == null) { Logger.error("No MOASession with ID " + sessionID + " found.!"); handleErrorNoRedirect(new MOAIDException("auth.02", new Object[]{sessionID}), req, resp, true); - return; - } - - //check if MOASession and pending-request are authenticated - if (moaSession.isAuthenticated() && pendingReq.isAuthenticated()) { - finalizeAuthenticationProcess(req, resp, pendingReq, moaSession); - } else { - Logger.error("MOASession oder Pending-Request are not authenticated --> Abort authentication process!"); - handleErrorNoRedirect(new MOAIDException("auth.20", null), req, resp, true); - return; - + + //check if pending-request has 'abortedByUser' flag set + if (pendingReq.isAbortedByUser()) { + buildProtocolSpecificErrorResponse( + new AuthenticationException("auth.21", new Object[] {}), + req, resp, pendingReq); + + //check if MOASession and pending-request are authenticated + } else if (moaSession.isAuthenticated() && pendingReq.isAuthenticated()) { + finalizeAuthenticationProcess(req, resp, pendingReq, moaSession); + + } else { + //suspect state: pending-request is not aborted but also are not authenticated + Logger.error("MOASession oder Pending-Request are not authenticated --> Abort authentication process!"); + handleErrorNoRedirect(new MOAIDException("auth.20", null), req, resp, true); + + } } } catch (Exception e) { @@ -156,7 +160,7 @@ public class ProtocolFinalizationController extends AbstractAuthProtocolModulCon //remove pending-request if (pendingReq != null) - requestStorage.removePendingRequest(pendingReq.getRequestID()); + requestStorage.removePendingRequest(pendingReq.getRequestID()); } |