diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2018-07-16 18:34:17 +0200 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2018-07-16 18:34:17 +0200 |
commit | 43b57a3c903669fc9de36c46e99773bac97a2102 (patch) | |
tree | 1e5cd74c040f79709d0265acb134bb50085848e3 /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java | |
parent | 05d5c29bb3be38d40484f9c5bb5fdbdc131cba9f (diff) | |
parent | 4ae32fabc822b3c8ed51d380969f7db682d1bfae (diff) | |
download | moa-id-spss-43b57a3c903669fc9de36c46e99773bac97a2102.tar.gz moa-id-spss-43b57a3c903669fc9de36c46e99773bac97a2102.tar.bz2 moa-id-spss-43b57a3c903669fc9de36c46e99773bac97a2102.zip |
Merge branch 'huge_refactoring' into development_preview
# Conflicts:
# id/server/doc/handbook/config/config.html
# id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java
# id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
# id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java
# id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java | 142 |
1 files changed, 61 insertions, 81 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java index f709da213..68158cd61 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java @@ -35,30 +35,31 @@ import org.opensaml.saml2.metadata.SingleLogoutService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IAction; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.auth.IAuthenticationManager; +import at.gv.egiz.eaaf.core.api.idp.slo.ISLOInformationContainer; +import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface; +import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger; +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.exceptions.SLOException; +import at.gv.egiz.eaaf.core.impl.utils.Random; +import at.gv.egiz.eaaf.modules.pvp2.idp.impl.PVPSProfilePendingRequest; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileRequest; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileResponse; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.ISLOInformationContainer; import at.gv.egovernment.moa.id.data.SLOInformationContainer; -import at.gv.egovernment.moa.id.data.SLOInformationInterface; -import at.gv.egovernment.moa.id.moduls.AuthenticationManager; -import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.SSOManager; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SLOException; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; -import at.gv.egovernment.moa.id.storage.ITransactionStorage; -import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.URLEncoder; @@ -71,11 +72,11 @@ import at.gv.egovernment.moa.util.URLEncoder; public class SingleLogOutAction implements IAction { @Autowired private SSOManager ssomanager; - @Autowired private AuthenticationManager authManager; + @Autowired private IAuthenticationManager authManager; @Autowired private IAuthenticationSessionStoreage authenticationSessionStorage; @Autowired private ITransactionStorage transactionStorage; @Autowired private SingleLogOutBuilder sloBuilder; - @Autowired private MOAReversionLogger revisionsLogger; + @Autowired private IRevisionLogger revisionsLogger; /* (non-Javadoc) @@ -84,22 +85,22 @@ public class SingleLogOutAction implements IAction { @Override public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, - IAuthData authData) throws MOAIDException { + IAuthData authData) throws EAAFException { - PVPTargetConfiguration pvpReq = (PVPTargetConfiguration) req; + PVPSProfilePendingRequest pvpReq = (PVPSProfilePendingRequest) req; - if (pvpReq.getRequest() instanceof MOARequest && - ((MOARequest)pvpReq.getRequest()).getSamlRequest() instanceof LogoutRequest) { + if (pvpReq.getRequest() instanceof PVPSProfileRequest && + ((PVPSProfileRequest)pvpReq.getRequest()).getSamlRequest() instanceof LogoutRequest) { Logger.debug("Process Single LogOut request"); - MOARequest samlReq = (MOARequest) pvpReq.getRequest(); + PVPSProfileRequest samlReq = (PVPSProfileRequest) pvpReq.getRequest(); LogoutRequest logOutReq = (LogoutRequest) samlReq.getSamlRequest(); - IAuthenticationSession session = - authenticationSessionStorage.searchMOASessionWithNameIDandOAID( + String ssoSessionId = + authenticationSessionStorage.searchSSOSessionWithNameIDandOAID( logOutReq.getIssuer().getValue(), logOutReq.getNameID().getValue()); - if (session == null) { + if (MiscUtil.isEmpty(ssoSessionId)) { Logger.warn("Can not find active SSO session with nameID " + logOutReq.getNameID().getValue() + " and OA " + logOutReq.getIssuer().getValue()); @@ -116,10 +117,10 @@ public class SingleLogOutAction implements IAction { } else { try { - session = ssomanager.getInternalMOASession(ssoID); + ssoSessionId = authenticationSessionStorage.getInternalSSOSessionWithSSOID(ssoID); - if (session == null) - throw new MOADatabaseException(); + if (MiscUtil.isEmpty(ssoSessionId)) + throw new MOADatabaseException(""); } catch (MOADatabaseException e) { Logger.info("Can not find active Session. Single LogOut not possible!"); @@ -134,12 +135,17 @@ public class SingleLogOutAction implements IAction { } } - authManager.performSingleLogOut(httpReq, httpResp, session, pvpReq); - - } else if (pvpReq.getRequest() instanceof MOAResponse && - ((MOAResponse)pvpReq.getRequest()).getResponse() instanceof LogoutResponse) { + pvpReq.setInternalSSOSessionIdentifier(ssoSessionId); + ISLOInformationContainer sloInformationContainer + = authManager.performSingleLogOut(httpReq, httpResp, pvpReq, ssoSessionId); + + Logger.debug("Starting technical SLO process ... "); + sloBuilder.toTechnicalLogout(sloInformationContainer, httpReq, httpResp, null); + + } else if (pvpReq.getRequest() instanceof PVPSProfileResponse && + ((PVPSProfileResponse)pvpReq.getRequest()).getResponse() instanceof LogoutResponse) { Logger.debug("Process Single LogOut response"); - LogoutResponse logOutResp = (LogoutResponse) ((MOAResponse)pvpReq.getRequest()).getResponse(); + LogoutResponse logOutResp = (LogoutResponse) ((PVPSProfileResponse)pvpReq.getRequest()).getResponse(); //Transaction tx = null; @@ -159,26 +165,8 @@ public class SingleLogOutAction implements IAction { //TODO: add counter to prevent deadlock synchronized(this){ while (!storageSuccess) { - // tx = session.beginTransaction(); - // - // List result; - // Query query = session.getNamedQuery("getAssertionWithArtifact"); - // query.setParameter("artifact", relayState); - // result = query.list(); - // - // - // Logger.trace("Found entries: " + result.size()); - // - // //Assertion requires an unique artifact - // if (result.size() != 1) { - // Logger.trace("No entries found."); - // throw new MOADatabaseException("No sessioninformation found with this ID"); - // } - // - // AssertionStore element = (AssertionStore) result.get(0); - // Object data = SerializationUtils.deserialize(element.getAssertion()); - Logger.debug("Current Thread getAssertionStore: "+Thread.currentThread().getId()); - Object o = transactionStorage.getAssertionStore(relayState); + Logger.debug("Current Thread: " +Thread.currentThread().getId() + " requests TransactionStore"); + Object o = transactionStorage.getRaw(relayState); if(o==null){ Logger.trace("No entries found."); throw new MOADatabaseException("No sessioninformation found with this ID"); @@ -198,43 +186,44 @@ public class SingleLogOutAction implements IAction { byte[] serializedSLOContainer = SerializationUtils.serialize((Serializable) sloContainer); element.setAssertion(serializedSLOContainer); element.setType(sloContainer.getClass().getName()); - - // session.saveOrUpdate(element); - // tx.commit(); - Logger.debug("Current Thread putAssertionStore: "+Thread.currentThread().getId()); - transactionStorage.putAssertionStore(element); + Logger.debug("Current Thread: " + Thread.currentThread().getId() + " puts SLOInformation into TransactionStore"); + transactionStorage.putRaw(element.getArtifact(), element); //sloContainer could be stored to database storageSuccess = true; - } catch(MOADatabaseException e) { - //tx.rollback(); - + } catch(EAAFException e) { counter++; Logger.debug("SLOContainter could not stored to database. Wait some time and restart storage process ... "); - java.util.Random rand = new java.util.Random(); - + if (counter > 1000) { + Logger.warn("Stopping SLO process with an error, because it runs in a loop.", e); + throw new EAAFException("internal.01", null, e); + + } + + try { + java.util.Random rand = new java.util.Random(); Thread.sleep(rand.nextInt(20)*10); } catch (InterruptedException e1) { Logger.warn("Thread could not stopped. ReStart storage process immediately", e1); + } } } else { - Logger.debug("Current Thread removeElement by Artifact: "+Thread.currentThread().getId()); + Logger.debug("Current Thread: " + Thread.currentThread().getId() + " remove SLOInformation from TransactionStore"); transactionStorage.remove(element.getArtifact()); - // session.delete(element); - // tx.commit(); storageSuccess = true; String redirectURL = null; - if (sloContainer.getSloRequest() != null) { - //send SLO response to SLO request issuer - SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor(sloContainer.getSloRequest()); - LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, sloContainer.getSloRequest(), sloContainer.getSloFailedOAs()); - redirectURL = sloBuilder.getFrontChannelSLOMessageURL(sloService, message, httpReq, httpResp, sloContainer.getSloRequest().getRequest().getRelayState()); + IRequest sloReq = sloContainer.getSloRequest(); + if (sloReq != null && sloReq instanceof PVPSProfilePendingRequest) { + //send SLO response to SLO request issuer + SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor((PVPSProfilePendingRequest)sloReq); + LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, (PVPSProfilePendingRequest)sloReq, sloContainer.getSloFailedOAs()); + redirectURL = sloBuilder.getFrontChannelSLOMessageURL(sloService, message, httpReq, httpResp, ((PVPSProfilePendingRequest)sloReq).getRequest().getRelayState()); } else { //print SLO information directly @@ -276,7 +265,7 @@ public class SingleLogOutAction implements IAction { } } } - } catch (MOADatabaseException e) { + } catch (EAAFException e) { Logger.error("MOA AssertionDatabase ERROR", e); throw new SLOException("pvp2.19", null); @@ -285,16 +274,7 @@ public class SingleLogOutAction implements IAction { throw new AuthenticationException("pvp2.13", new Object[]{}); } - - // finally { - // if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED)) { - // tx.commit(); - // - // } - // } - - - + } else { Logger.error("Process SingleLogOutAction but request is NOT of type LogoutRequest or LogoutResponse."); throw new MOAIDException("pvp2.13", null); @@ -318,7 +298,7 @@ public class SingleLogOutAction implements IAction { */ @Override public String getDefaultActionName() { - return PVP2XProtocol.SINGLELOGOUT; + return PVPConstants.SINGLELOGOUT; } protected static String addURLParameter(String url, String paramname, |