aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2016-10-21 10:26:15 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2016-10-21 10:26:15 +0200
commit121e70662f53fe0820823a23784794021fbc7920 (patch)
tree85d7b652f4f94f4a34c3aa45851f202dfcc43437 /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage
parent65cdf9b59c2d2836bdc24cca27992a1f32f7876e (diff)
downloadmoa-id-spss-121e70662f53fe0820823a23784794021fbc7920.tar.gz
moa-id-spss-121e70662f53fe0820823a23784794021fbc7920.tar.bz2
moa-id-spss-121e70662f53fe0820823a23784794021fbc7920.zip
fix possible multi-threading problem with database connections
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java824
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java24
2 files changed, 339 insertions, 509 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
index 4d7936f25..7dd6d15cd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
@@ -26,15 +26,15 @@ import java.util.ArrayList;
import java.util.Date;
import java.util.List;
+import javax.persistence.EntityManager;
+import javax.persistence.PersistenceContext;
+import javax.persistence.Query;
+
import org.apache.commons.lang.SerializationUtils;
import org.apache.commons.lang.StringEscapeUtils;
import org.hibernate.HibernateException;
-import org.hibernate.Query;
-import org.hibernate.Session;
-import org.hibernate.Transaction;
-import org.hibernate.resource.transaction.spi.TransactionStatus;
import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Service;
+import org.springframework.stereotype.Repository;
import org.springframework.transaction.annotation.Transactional;
import com.fasterxml.jackson.core.JsonProcessingException;
@@ -46,7 +46,6 @@ import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.IRequest;
-import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
@@ -62,13 +61,19 @@ import at.gv.egovernment.moa.id.util.SessionEncrytionUtil;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
-@Service("AuthenticationSessionStoreage")
+@Repository("AuthenticationSessionStoreage")
+@Transactional("sessionTransactionManager")
public class DBAuthenticationSessionStoreage implements IAuthenticationSessionStoreage{
+ @PersistenceContext(unitName="session")
+ private EntityManager entityManager;
+
@Autowired AuthConfiguration authConfig;
- @Autowired MOASessionDBUtils moaSessionDBUtils;
+
private static JsonMapper mapper = new JsonMapper();
+ //@Autowired MOASessionDBUtils moaSessionDBUtils;
+
@Override
public boolean isAuthenticated(String moaSessionID) {
@@ -104,15 +109,15 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
AuthenticationSession session = new AuthenticationSession(id, now);
encryptSession(session, dbsession);
- //store AssertionStore element to Database
- moaSessionDBUtils.saveOrUpdate(dbsession);
+ //store AssertionStore element to Database
+ entityManager.persist(dbsession);
Logger.info("Create MOASession with sessionID: " + id);
return session;
- } catch (MOADatabaseException e) {
- Logger.warn("MOASession could not be created.");
- throw new MOADatabaseException(e);
+// } catch (MOADatabaseException e) {
+// Logger.warn("MOASession could not be created.");
+// throw new MOADatabaseException(e);
} catch (JsonProcessingException e) {
Logger.warn("Extended session information can not be stored.", e);
@@ -167,7 +172,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
dbsession.setAdditionalInformation(
mapper.serialize(sessionExtensions));
- moaSessionDBUtils.saveOrUpdate(dbsession);
+ entityManager.merge(dbsession);
Logger.debug("MOASession with sessionID=" + sessionID + " is stored in Database");
@@ -194,7 +199,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
dbsession.setAuthenticated(session.isAuthenticated());
dbsession.setUpdated(new Date());
- moaSessionDBUtils.saveOrUpdate(dbsession);
+ entityManager.merge(dbsession);
Logger.debug("MOASession with sessionID=" + session.getSessionID() + " is stored in Database");
} catch (MOADatabaseException e) {
@@ -206,40 +211,21 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
@Override
public void destroySession(String moaSessionID) throws MOADatabaseException {
- Session session = moaSessionDBUtils.getCurrentSession();
-
- List<AuthenticatedSessionStore> result;
- Transaction tx = null;
- try {
- synchronized (session) {
-
- tx = session.beginTransaction();
- Query query = session.getNamedQuery("getSessionWithID");
- query.setParameter("sessionid", moaSessionID);
- result = query.list();
-
-
-
-
- Logger.trace("Found entries: " + result.size());
+ Query query = entityManager.createNamedQuery("getSessionWithID");
+ query.setParameter("sessionid", moaSessionID);
+ List<AuthenticatedSessionStore> results = query.getResultList();
+
+ Logger.trace("Found entries: " + results.size());
- //Assertion requires an unique artifact
- if (result.size() != 1) {
- Logger.trace("No entries found.");
- throw new MOADatabaseException("No session found with this sessionID");
- }
+ //Assertion requires an unique artifact
+ if (results.size() != 1) {
+ Logger.trace("No entries found.");
+ throw new MOADatabaseException("No session found with this sessionID");
+
+ }
- AuthenticatedSessionStore dbsession = (AuthenticatedSessionStore) result.get(0);
- tx.commit();
- cleanDelete(dbsession);
- }
-
- } catch (Exception e) {
- if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED))
- tx.rollback();
- throw e;
-
- }
+ AuthenticatedSessionStore dbsession = (AuthenticatedSessionStore) results.get(0);
+ cleanDelete(dbsession);
}
@@ -260,7 +246,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
//set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
dbsession.setUpdated(new Date());
- moaSessionDBUtils.saveOrUpdate(dbsession);
+ entityManager.merge(dbsession);
Logger.trace("Change SessionID complete.");
@@ -284,7 +270,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
try {
session = searchInDatabase(moaSessionID);
session.setAuthenticated(isAuthenticated);
- moaSessionDBUtils.saveOrUpdate(session);
+ entityManager.merge(session);
} catch (MOADatabaseException e) {
@@ -294,41 +280,23 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
@Override
public String getMOASessionSSOID(String SSOSessionID) {
- MiscUtil.assertNotNull(SSOSessionID, "SSOsessionID");
- Logger.trace("Get authenticated session with SSOID " + SSOSessionID + " from database.");
- Session session = moaSessionDBUtils.getCurrentSession();
-
- List<AuthenticatedSessionStore> result;
- Transaction tx = null;
- try {
- synchronized (session) {
-
- tx = session.beginTransaction();
- Query query = session.getNamedQuery("getSessionWithSSOID");
- query.setParameter("sessionid", SSOSessionID);
- result = query.list();
-
- //send transaction
- tx.commit();
-
- }
-
- Logger.trace("Found entries: " + result.size());
+ MiscUtil.assertNotNull(SSOSessionID, "SSOsessionID");
+ Logger.trace("Get authenticated session with SSOID " + SSOSessionID + " from database.");
+
+ Query query = entityManager.createNamedQuery("getSessionWithSSOID");
+ query.setParameter("sessionid", SSOSessionID);
+ List<AuthenticatedSessionStore> results = query.getResultList();
+
+ Logger.trace("Found entries: " + results.size());
- //Assertion requires an unique artifact
- if (result.size() != 1) {
- Logger.trace("No entries found.");
- return null;
+ //Assertion requires an unique artifact
+ if (results.size() != 1) {
+ Logger.trace("No entries found.");
+ return null;
- } else {
- return result.get(0).getSessionid();
+ } else
+ return results.get(0).getSessionid();
- }
- } catch (Exception e) {
- if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED))
- tx.rollback();
- throw e;
- }
}
@Override
@@ -347,144 +315,101 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
public AuthenticatedSessionStore isValidSessionWithSSOID(String SSOId) {
//TODO: is this method really needed??
- MiscUtil.assertNotNull(SSOId, "SSOSessionID");
- Logger.trace("Get authenticated session with SSOID " + SSOId + " from database.");
- Session session = moaSessionDBUtils.getCurrentSession();
+ MiscUtil.assertNotNull(SSOId, "SSOSessionID");
+ Logger.trace("Get authenticated session with SSOID " + SSOId + " from database.");
- List<AuthenticatedSessionStore> result;
- Transaction tx = null;
- try {
- synchronized (session) {
- tx = session.beginTransaction();
- Query query = session.getNamedQuery("getSessionWithSSOID");
- query.setParameter("sessionid", SSOId);
- result = query.list();
-
- //send transaction
- tx.commit();
- }
+ Query query = entityManager.createNamedQuery("getSessionWithSSOID");
+ query.setParameter("sessionid", SSOId);
+ List<AuthenticatedSessionStore> results = query.getResultList();
- Logger.trace("Found entries: " + result.size());
+ Logger.trace("Found entries: " + results.size());
- //Assertion requires an unique artifact
- if (result.size() != 1) {
- Logger.trace("No entries found.");
- return null;
+ //Assertion requires an unique artifact
+ if (results.size() != 1) {
+ Logger.trace("No entries found.");
+ return null;
- } else {
- return result.get(0);
- }
- } catch (Exception e) {
- if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED))
- tx.rollback();
- throw e;
- }
+ } else
+ return results.get(0);
+
}
@Override
public void addSSOInformation(String moaSessionID, String SSOSessionID,
SLOInformationInterface SLOInfo, IRequest protocolRequest) throws AuthenticationException {
- AuthenticatedSessionStore dbsession;
- Transaction tx = null;
-
- try {
-
- Session session = moaSessionDBUtils.getCurrentSession();
- List<AuthenticatedSessionStore> result;
-
- Logger.trace("Add SSO information to session " + moaSessionID);
-
- synchronized (session) {
-
- tx = session.beginTransaction();
- Query query = session.getNamedQuery("getSessionWithID");
- query.setParameter("sessionid", moaSessionID);
- result = query.list();
-
-
- Logger.trace("Found entries: " + result.size());
+ Query query = entityManager.createNamedQuery("getSessionWithID");
+ query.setParameter("sessionid", moaSessionID);
+ List<AuthenticatedSessionStore> results = query.getResultList();
+
+ Logger.trace("Found entries: " + results.size());
- //Assertion requires an unique artifact
- if (result.size() != 1) {
- Logger.trace("No entries found.");
- tx.rollback();
- throw new MOADatabaseException("No session found with this sessionID");
- }
+ //Assertion requires an unique artifact
+ if (results.size() != 1) {
+ Logger.trace("No entries found.");
+ throw new AuthenticationException("No session found with this sessionID", null);
+
+ }
- dbsession = (AuthenticatedSessionStore) result.get(0);
+ AuthenticatedSessionStore dbsession = results.get(0);
- OASessionStore activeOA = null;
- //check if OA already has an active OA session
- if (dbsession.getActiveOAsessions() != null) {
- for (OASessionStore el : dbsession.getActiveOAsessions()) {
- if (el.getOaurlprefix().equals(protocolRequest.getOAURL()))
- activeOA = el;
- }
- }
-
- if (activeOA == null)
- activeOA = new OASessionStore();
+ OASessionStore activeOA = null;
+ //check if OA already has an active OA session
+ if (dbsession.getActiveOAsessions() != null) {
+ for (OASessionStore el : dbsession.getActiveOAsessions()) {
+ if (el.getOaurlprefix().equals(protocolRequest.getOAURL()))
+ activeOA = el;
+ }
+ }
- //set active OA applications
- activeOA.setOaurlprefix(protocolRequest.getOAURL());
- activeOA.setMoasession(dbsession);
- activeOA.setCreated(new Date());
+ if (activeOA == null)
+ activeOA = new OASessionStore();
- //set additional information for SLO
- if (SLOInfo != null) {
- activeOA.setAssertionSessionID(SLOInfo.getSessionIndex());
- activeOA.setUserNameID(SLOInfo.getUserNameIdentifier());
- activeOA.setUserNameIDFormat(SLOInfo.getUserNameIDFormat());
- activeOA.setProtocolType(SLOInfo.getProtocolType());
- activeOA.setAttributeQueryUsed(false);
- activeOA.setAuthURL(protocolRequest.getAuthURL());
-
-
- }
-
- List<OASessionStore> activeOAs = dbsession.getActiveOAsessions();
- activeOAs.add(activeOA);
- dbsession.setActiveOAsessions(activeOAs);
+ //set active OA applications
+ activeOA.setOaurlprefix(protocolRequest.getOAURL());
+ activeOA.setMoasession(dbsession);
+ activeOA.setCreated(new Date());
+
+ //set additional information for SLO
+ if (SLOInfo != null) {
+ activeOA.setAssertionSessionID(SLOInfo.getSessionIndex());
+ activeOA.setUserNameID(SLOInfo.getUserNameIdentifier());
+ activeOA.setUserNameIDFormat(SLOInfo.getUserNameIDFormat());
+ activeOA.setProtocolType(SLOInfo.getProtocolType());
+ activeOA.setAttributeQueryUsed(false);
+ activeOA.setAuthURL(protocolRequest.getAuthURL());
+
+
+ }
+
+ List<OASessionStore> activeOAs = dbsession.getActiveOAsessions();
+ activeOAs.add(activeOA);
+ dbsession.setActiveOAsessions(activeOAs);
+
+ //Store used SSOId
+ if (dbsession.getSSOsessionid() != null) {
+ OldSSOSessionIDStore oldSSOId = new OldSSOSessionIDStore();
+ oldSSOId.setOldsessionid(dbsession.getSSOsessionid());
+ oldSSOId.setMoasession(dbsession);
+
+ List<OldSSOSessionIDStore> oldSSOIds = dbsession.getOldssosessionids();
+ oldSSOIds.add(oldSSOId);
+ }
- //Store used SSOId
- if (dbsession.getSSOsessionid() != null) {
- OldSSOSessionIDStore oldSSOId = new OldSSOSessionIDStore();
- oldSSOId.setOldsessionid(dbsession.getSSOsessionid());
- oldSSOId.setMoasession(dbsession);
-
- List<OldSSOSessionIDStore> oldSSOIds = dbsession.getOldssosessionids();
- oldSSOIds.add(oldSSOId);
- }
-
- dbsession.setSSOSession(true);
- dbsession.setSSOsessionid(SSOSessionID);
- dbsession.setAuthenticated(false);
+ dbsession.setSSOSession(true);
+ dbsession.setSSOsessionid(SSOSessionID);
+ dbsession.setAuthenticated(false);
- //Store MOASession
- session.saveOrUpdate(dbsession);
-
- //send transaction
- tx.commit();
+ //Store MOASession
+ entityManager.merge(dbsession);
- if (SLOInfo != null)
- Logger.info("Add SSO-Session login information for OA: " + protocolRequest.getOAURL()
- + " and AssertionID: " + SLOInfo.getSessionIndex());
- else
- Logger.info("Add SSO-Session login information for OA: " + protocolRequest.getOAURL());
+ if (SLOInfo != null)
+ Logger.info("Add SSO-Session login information for OA: " + protocolRequest.getOAURL()
+ + " and AssertionID: " + SLOInfo.getSessionIndex());
+ else
+ Logger.info("Add SSO-Session login information for OA: " + protocolRequest.getOAURL());
- }
-
- } catch (MOADatabaseException e) {
- throw new AuthenticationException("No MOASession found with Id="+moaSessionID, null);
-
- } catch(HibernateException e) {
- Logger.warn("Error during database saveOrUpdate. Rollback.", e);
- if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED))
- tx.rollback();
- throw new AuthenticationException("SSO Session information can not be stored! --> SSO is deactivated", null);
- }
}
@Override
@@ -492,30 +417,15 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
MiscUtil.assertNotNull(moaSession, "MOASession");
Logger.trace("Get OAs for moaSession " + moaSession.getSessionID() + " from database.");
- Session session = moaSessionDBUtils.getCurrentSession();
- List<OASessionStore> result;
- Transaction tx = null;
- try {
- synchronized (session) {
- tx = session.beginTransaction();
- Query query = session.getNamedQuery("getAllActiveOAsForSessionID");
- query.setParameter("sessionID", moaSession.getSessionID());
- result = query.list();
-
- //send transaction
- tx.commit();
- }
+ Query query = entityManager.createNamedQuery("getAllActiveOAsForSessionID");
+ query.setParameter("sessionID", moaSession.getSessionID());
+ List<OASessionStore> results = query.getResultList();
- Logger.trace("Found entries: " + result.size());
+ Logger.trace("Found entries: " + results.size());
- return result;
+ return results;
- } catch (Exception e) {
- if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED))
- tx.rollback();
- throw e;
- }
}
@Override
@@ -523,30 +433,14 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
MiscUtil.assertNotNull(moaSession, "MOASession");
Logger.trace("Get active IDPs for moaSession " + moaSession.getSessionID() + " from database.");
- Session session = moaSessionDBUtils.getCurrentSession();
- List<InterfederationSessionStore> result;
- Transaction tx = null;
- try {
- synchronized (session) {
- tx = session.beginTransaction();
- Query query = session.getNamedQuery("getAllActiveIDPsForSessionID");
- query.setParameter("sessionID", moaSession.getSessionID());
- result = query.list();
-
- //send transaction
- tx.commit();
- }
-
- Logger.trace("Found entries: " + result.size());
-
- return result;
+ Query query = entityManager.createNamedQuery("getAllActiveIDPsForSessionID");
+ query.setParameter("sessionID", moaSession.getSessionID());
+ List<InterfederationSessionStore> results = query.getResultList();
+
+ Logger.trace("Found entries: " + results.size());
- } catch (Exception e) {
- if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED))
- tx.rollback();
- throw e;
- }
+ return results;
}
@Override
@@ -555,43 +449,29 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
MiscUtil.assertNotNull(userNameID, "userNameID");
Logger.trace("Get moaSession for userNameID " + userNameID + " and OA "
+ oaID + " from database.");
- Session session = moaSessionDBUtils.getCurrentSession();
- Transaction tx = null;
- List<AuthenticatedSessionStore> result = null;;
- try {
- synchronized (session) {
- tx = session.beginTransaction();
- Query query = session.getNamedQuery("getMOASessionWithNameIDandOAID");
- query.setParameter("oaID", oaID);
- query.setParameter("nameID", userNameID);
- result = query.list();
-
- //send transaction
- tx.commit();
- }
-
- Logger.trace("Found entries: " + result.size());
-
- //Assertion requires an unique artifact
- if (result.size() != 1) {
- Logger.trace("No unique entry found.");
- return null;
-
- }
-
- return decryptSession(result.get(0));
-
- } catch (BuildException e) {
- Logger.warn("MOASession deserialization-exception by using MOASessionID=" + result.get(0).getSessionid(), e);
- return null;
+ Query query = entityManager.createNamedQuery("getMOASessionWithNameIDandOAID");
+ query.setParameter("oaID", oaID);
+ query.setParameter("nameID", userNameID);
+ List<AuthenticatedSessionStore> results = query.getResultList();
+
+ Logger.trace("Found entries: " + results.size());
+
+ //Assertion requires an unique artifact
+ if (results.size() != 1) {
+ Logger.trace("No unique entry found.");
+ return null;
+
+ }
+
+ try {
+ return decryptSession(results.get(0));
- } catch (Exception e) {
- if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED))
- tx.rollback();
- throw e;
- }
-
+ } catch (BuildException e) {
+ Logger.warn("MOASession deserialization-exception by using MOASessionID=" + results.get(0).getSessionid(), e);
+ return null;
+
+ }
}
@Override
@@ -601,76 +481,64 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
MiscUtil.assertNotNull(protocolType, "usedProtocol");
Logger.trace("Get active OnlineApplication for sessionID " + moaSession.getSessionID() + " with OAID "
+ oaID + " from database.");
- Session session = moaSessionDBUtils.getCurrentSession();
- List<AuthenticatedSessionStore> result;
- Transaction tx = null;
- try {
- synchronized (session) {
- tx = session.beginTransaction();
- Query query = session.getNamedQuery("getActiveOAWithSessionIDandOAIDandProtocol");
- query.setParameter("sessionID", moaSession.getSessionID());
- query.setParameter("oaID", oaID);
- query.setParameter("protocol", protocolType);
- result = query.list();
-
- //send transaction
- tx.commit();
- }
-
- Logger.trace("Found entries: " + result.size());
+ Query query = entityManager.createNamedQuery("getActiveOAWithSessionIDandOAIDandProtocol");
+ query.setParameter("sessionID", moaSession.getSessionID());
+ query.setParameter("oaID", oaID);
+ query.setParameter("protocol", protocolType);
+ List<AuthenticatedSessionStore> results = query.getResultList();
+
+ Logger.trace("Found entries: " + results.size());
- //Assertion requires an unique artifact
- if (result.size() == 0) {
- Logger.trace("No entries found.");
- return null;
+ //Assertion requires an unique artifact
+ if (results.size() == 0) {
+ Logger.trace("No entries found.");
+ return null;
- }
-
- return result.get(0).getActiveOAsessions().get(0);
+ }
- } catch (Exception e) {
- if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED))
- tx.rollback();
- throw e;
- }
+ return results.get(0).getActiveOAsessions().get(0);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage#markOAWithAttributeQueryUsedFlag(at.gv.egovernment.moa.id.auth.data.AuthenticationSession, java.lang.String, java.lang.String)
+ */
+ @Override
+ public void markOAWithAttributeQueryUsedFlag(AuthenticationSession session, String oaurl, String requestedModule) {
+ OASessionStore activeOA = searchActiveOASSOSession(session, oaurl, requestedModule);
+ if (activeOA != null) {
+ activeOA.setAttributeQueryUsed(true);
+ entityManager.merge(activeOA);
+
+ }
+
}
@Override
public AuthenticationSession getSessionWithUserNameID(String nameID) {
- Transaction tx = null;
- try {
- MiscUtil.assertNotNull(nameID, "nameID");
- Logger.trace("Get authenticated session with pedingRequestID " + nameID + " from database.");
- Session session = moaSessionDBUtils.getCurrentSession();
-
- List<AuthenticatedSessionStore> result;
-
- synchronized (session) {
- tx = session.beginTransaction();
- Query query = session.getNamedQuery("getMOAISessionWithUserNameID");
- query.setParameter("usernameid", StringEscapeUtils.escapeHtml(nameID));
- result = query.list();
-
- //send transaction
- tx.commit();
- }
+ MiscUtil.assertNotNull(nameID, "nameID");
+ Logger.trace("Get authenticated session with pedingRequestID " + nameID + " from database.");
- Logger.trace("Found entries: " + result.size());
+ Query query = entityManager.createNamedQuery("getMOAISessionWithUserNameID");
+ query.setParameter("usernameid", StringEscapeUtils.escapeHtml(nameID));
+ List<AuthenticatedSessionStore> results = query.getResultList();
+
+ Logger.trace("Found entries: " + results.size());
- //Assertion requires an unique artifact
- if (result.size() == 0) {
- Logger.trace("No entries found.");
- return null;
- }
+ //Assertion requires an unique artifact
+ if (results.size() == 0) {
+ Logger.trace("No entries found.");
+ return null;
+
+ }
- return decryptSession(result.get(0));
+ try {
+ return decryptSession(results.get(0));
} catch (Throwable e) {
Logger.warn("MOASession deserialization-exception by using MOASessionID=" + nameID);
- if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED))
- tx.rollback();
return null;
}
@@ -680,36 +548,21 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
public InterfederationSessionStore searchInterfederatedIDPFORSSOWithMOASession(String sessionID) {
MiscUtil.assertNotNull(sessionID, "MOASession");
Logger.trace("Get interfederated IDP for SSO with sessionID " + sessionID + " from database.");
- Session session = moaSessionDBUtils.getCurrentSession();
- List<AuthenticatedSessionStore> result;
- Transaction tx = null;
- try {
- synchronized (session) {
- tx = session.beginTransaction();
- Query query = session.getNamedQuery("getInterfederatedIDPForSSOWithSessionID");
- query.setParameter("sessionID", sessionID);
- result = query.list();
-
- //send transaction
- tx.commit();
- }
-
- Logger.trace("Found entries: " + result.size());
+ Query query = entityManager.createNamedQuery("getInterfederatedIDPForSSOWithSessionID");
+ query.setParameter("sessionID", sessionID);
+ List<AuthenticatedSessionStore> results = query.getResultList();
+
+ Logger.trace("Found entries: " + results.size());
- //Assertion requires an unique artifact
- if (result.size() == 0) {
- Logger.trace("No entries found.");
- return null;
-
- }
+ //Assertion requires an unique artifact
+ if (results.size() == 0) {
+ Logger.trace("No entries found.");
+ return null;
+
+ }
- return result.get(0).getInderfederation().get(0);
- } catch (Exception e) {
- if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED))
- tx.rollback();
- throw e;
- }
+ return results.get(0).getInderfederation().get(0);
}
@Override
@@ -717,37 +570,23 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
MiscUtil.assertNotNull(sessionID, "MOASession");
MiscUtil.assertNotNull(idpID, "Interfederated IDP ID");
Logger.trace("Get interfederated IDP "+ idpID + " for SSO with sessionID " + sessionID + " from database.");
- Session session = moaSessionDBUtils.getCurrentSession();
- List<AuthenticatedSessionStore> result;
- Transaction tx = null;
- try {
- synchronized (session) {
- tx = session.beginTransaction();
- Query query = session.getNamedQuery("getInterfederatedIDPForSSOWithSessionIDIDPID");
- query.setParameter("sessionID", sessionID);
- query.setParameter("idpID", idpID);
- result = query.list();
-
- //send transaction
- tx.commit();
- }
-
- Logger.trace("Found entries: " + result.size());
+ Query query = entityManager.createNamedQuery("getInterfederatedIDPForSSOWithSessionIDIDPID");
+ query.setParameter("sessionID", sessionID);
+ query.setParameter("idpID", idpID);
+ List<AuthenticatedSessionStore> results = query.getResultList();
+
+ Logger.trace("Found entries: " + results.size());
- //Assertion requires an unique artifact
- if (result.size() == 0) {
- Logger.trace("No entries found.");
- return null;
-
- }
+ //Assertion requires an unique artifact
+ if (results.size() == 0) {
+ Logger.trace("No entries found.");
+ return null;
+
+ }
- return result.get(0).getInderfederation().get(0);
- } catch (Exception e) {
- if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED))
- tx.rollback();
- throw e;
- }
+ return results.get(0).getInderfederation().get(0);
+
}
@Override
@@ -819,14 +658,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
idp.setAttributesRequested(false);
idp.setQAALevel(extractor.getQAALevel());
- //store AssertionStore element to Database
- try {
- moaSessionDBUtils.saveOrUpdate(dbsession);
-
- } catch (MOADatabaseException e) {
- Logger.warn("MOASession could not be created.");
- throw new MOADatabaseException(e);
- }
+ entityManager.merge(dbsession);
}
@@ -834,36 +666,22 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
public InterfederationSessionStore searchInterfederatedIDPFORAttributeQueryWithSessionID(String moaSessionID) {
MiscUtil.assertNotNull(moaSessionID, "MOASessionID");
Logger.trace("Get interfederated IDP for AttributeQuery with sessionID " + moaSessionID + " from database.");
- Session session = moaSessionDBUtils.getCurrentSession();
- List<AuthenticatedSessionStore> result;
- Transaction tx = null;
- try {
- synchronized (session) {
- tx = session.beginTransaction();
- Query query = session.getNamedQuery("getInterfederatedIDPForAttributeQueryWithSessionID");
- query.setParameter("sessionID", moaSessionID);
- result = query.list();
-
- //send transaction
- tx.commit();
- }
-
- Logger.trace("Found entries: " + result.size());
-
- //Assertion requires an unique artifact
- if (result.size() == 0) {
- Logger.trace("No entries found.");
- return null;
-
- }
+ Query query = entityManager.createNamedQuery("getInterfederatedIDPForAttributeQueryWithSessionID");
+ query.setParameter("sessionID", moaSessionID);
+ List<AuthenticatedSessionStore> results = query.getResultList();
+
+ Logger.trace("Found entries: " + results.size());
+
+ //Assertion requires an unique artifact
+ if (results.size() == 0) {
+ Logger.trace("No entries found.");
+ return null;
+
+ }
- return result.get(0).getInderfederation().get(0);
- } catch (Exception e) {
- if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED))
- tx.rollback();
- throw e;
- }
+ return results.get(0).getInderfederation().get(0);
+
}
@Override
@@ -875,31 +693,20 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
MiscUtil.assertNotNull(pedingRequestID, "pedingRequestID");
Logger.trace("Get authenticated session with pedingRequestID " + pedingRequestID + " from database.");
- Session session = moaSessionDBUtils.getCurrentSession();
-
- List<AuthenticatedSessionStore> result;
- //TODO: !!!!!!!!!!! PendingRequestID does not work
-
- synchronized (session) {
- session.beginTransaction();
- Query query = session.getNamedQuery("getSessionWithPendingRequestID");
- query.setParameter("sessionid", pedingRequestID);
- result = query.list();
-
- //send transaction
- session.getTransaction().commit();
- }
-
- Logger.trace("Found entries: " + result.size());
+ Query query = entityManager.createNamedQuery("getSessionWithPendingRequestID");
+ query.setParameter("sessionid", pedingRequestID);
+ List<AuthenticatedSessionStore> results = query.getResultList();
+
+ Logger.trace("Found entries: " + results.size());
//Assertion requires an unique artifact
- if (result.size() != 1) {
+ if (results.size() != 1) {
Logger.trace("No entries found.");
return false;
}
- AuthenticatedSessionStore authsession = result.get(0);
+ AuthenticatedSessionStore authsession = results.get(0);
List<InterfederationSessionStore> idpSessions = authsession.getInderfederation();
if (idpSessions != null) {
@@ -909,8 +716,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
}
}
-
- moaSessionDBUtils.saveOrUpdate(authsession);
+ entityManager.merge(authsession);
return true;
} catch (Throwable e) {
@@ -924,38 +730,25 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
Date expioredatecreate = new Date(now.getTime() - authDataTimeOutCreated);
Date expioredateupdate = new Date(now.getTime() - authDataTimeOutUpdated);
- List<AuthenticatedSessionStore> results;
- Session session = moaSessionDBUtils.getCurrentSession();
- Transaction tx = null;
- try {
- synchronized (session) {
- tx = session.beginTransaction();
- Query query = session.getNamedQuery("getMOAISessionsWithTimeOut");
- query.setTimestamp("timeoutcreate", expioredatecreate);
- query.setTimestamp("timeoutupdate", expioredateupdate);
- results = query.list();
- tx.commit();
+ Query query = entityManager.createNamedQuery("getMOAISessionsWithTimeOut");
+ query.setParameter("timeoutcreate", expioredatecreate);
+ query.setParameter("timeoutupdate", expioredateupdate);
+ List<AuthenticatedSessionStore> results = query.getResultList();
- if (results.size() != 0) {
- for(AuthenticatedSessionStore result : results) {
- try {
- cleanDelete(result);
- Logger.info("Authenticated session with sessionID=" + result.getSessionid()
- + " after session timeout.");
+ if (results.size() != 0) {
+ for(AuthenticatedSessionStore result : results) {
+ try {
+ cleanDelete(result);
+ Logger.info("Authenticated session with sessionID=" + result.getSessionid()
+ + " after session timeout.");
- } catch (HibernateException e){
- Logger.warn("Authenticated session with sessionID=" + result.getSessionid()
- + " not removed after timeout! (Error during Database communication)", e);
- }
- }
+ } catch (HibernateException e){
+ Logger.warn("Authenticated session with sessionID=" + result.getSessionid()
+ + " not removed after timeout! (Error during Database communication)", e);
}
}
-
- } catch (Exception e) {
- if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED))
- tx.rollback();
- throw e;
- }
+ }
+
}
private static void encryptSession(AuthenticationSession session, AuthenticatedSessionStore dbsession) throws BuildException {
@@ -976,55 +769,68 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
}
private void cleanDelete(AuthenticatedSessionStore result) {
-
- try {
result.setSession("blank".getBytes());
- moaSessionDBUtils.saveOrUpdate(result);
-
- } catch (MOADatabaseException e) {
- Logger.warn("Blank authenticated session with sessionID=" + result.getSessionid() + " FAILED.", e);
-
- } finally {
- if (!moaSessionDBUtils.delete(result))
- Logger.error("Authenticated session with sessionID=" + result.getSessionid() + " not removed! (Error during Database communication)");
- }
+ entityManager.merge(result);
+ entityManager.remove(result);
+
}
@SuppressWarnings("rawtypes")
private AuthenticatedSessionStore searchInDatabase(String sessionID) throws MOADatabaseException {
MiscUtil.assertNotNull(sessionID, "moasessionID");
Logger.trace("Get authenticated session with sessionID " + sessionID + " from database.");
- Session session = moaSessionDBUtils.getCurrentSession();
- List result;
- Transaction tx = null;
- try {
- synchronized (session) {
- tx = session.beginTransaction();
- Query query = session.getNamedQuery("getSessionWithID");
- query.setParameter("sessionid", sessionID);
- result = query.list();
-
- //send transaction
- tx.commit();
- }
-
- Logger.trace("Found entries: " + result.size());
-
- //Assertion requires an unique artifact
- if (result.size() != 1) {
- Logger.trace("No entries found.");
- throw new MOADatabaseException("No session found with this sessionID");
+ Query query = entityManager.createNamedQuery("getSessionWithID");
+ query.setParameter("sessionid", sessionID);
+ List<AuthenticatedSessionStore> results = query.getResultList();
+
+ Logger.trace("Found entries: " + results.size());
+
+ //Assertion requires an unique artifact
+ if (results.size() != 1) {
+ Logger.trace("No entries found.");
+ throw new MOADatabaseException("No session found with this sessionID");
- }
-
- return (AuthenticatedSessionStore) result.get(0);
+ }
- } catch (Exception e) {
- if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED))
- tx.rollback();
- throw e;
- }
+ return (AuthenticatedSessionStore) results.get(0);
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage#deleteIdpInformation(at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore)
+ */
+ @Override
+ public void deleteIdpInformation(InterfederationSessionStore nextIDPInformation) {
+ entityManager.remove(nextIDPInformation);
+
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage#persistIdpInformation(at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore)
+ */
+ @Override
+ public void persistIdpInformation(InterfederationSessionStore nextIDPInformation) {
+ entityManager.merge(nextIDPInformation);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage#checkSSOTokenAlreadyUsed(java.lang.String)
+ */
+ @Override
+ public OldSSOSessionIDStore checkSSOTokenAlreadyUsed(String ssoId) {
+
+ Query query = entityManager.createNamedQuery("getSSOSessionWithOldSessionID");
+ query.setParameter("sessionid", ssoId);
+ List<OldSSOSessionIDStore> results = query.getResultList();
+
+ Logger.trace("Found entries: " + results.size());
+
+ // Assertion requires an unique artifact
+ if (results.size() == 0) {
+ return null;
+ }
+
+ return results.get(0);
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java
index b5d816eaf..934b7ca65 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java
@@ -33,6 +33,7 @@ import at.gv.egovernment.moa.id.commons.api.IRequest;
import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
@@ -276,5 +277,28 @@ public interface IAuthenticationSessionStoreage {
* @param authDataTimeOutUpdated timeOut after MOASession is updated last time [ms]
*/
public void clean(Date now, long authDataTimeOutCreated, long authDataTimeOutUpdated);
+
+ /**
+ * @param session
+ * @param oaurl
+ * @param requestedModule
+ */
+ public void markOAWithAttributeQueryUsedFlag(AuthenticationSession session, String oaurl, String requestedModule);
+
+ /**
+ * @param nextIDPInformation
+ */
+ public void deleteIdpInformation(InterfederationSessionStore nextIDPInformation);
+
+ /**
+ * @param nextIDPInformation
+ */
+ public void persistIdpInformation(InterfederationSessionStore nextIDPInformation);
+
+ /**
+ * @param ssoId
+ * @return
+ */
+ public OldSSOSessionIDStore checkSSOTokenAlreadyUsed(String ssoId);
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-03 07:31:47 +0000