diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2016-10-21 10:26:15 +0200 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2016-10-21 10:26:15 +0200 |
commit | 121e70662f53fe0820823a23784794021fbc7920 (patch) | |
tree | 85d7b652f4f94f4a34c3aa45851f202dfcc43437 /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage | |
parent | 65cdf9b59c2d2836bdc24cca27992a1f32f7876e (diff) | |
download | moa-id-spss-121e70662f53fe0820823a23784794021fbc7920.tar.gz moa-id-spss-121e70662f53fe0820823a23784794021fbc7920.tar.bz2 moa-id-spss-121e70662f53fe0820823a23784794021fbc7920.zip |
fix possible multi-threading problem with database connections
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage')
2 files changed, 339 insertions, 509 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java index 4d7936f25..7dd6d15cd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java @@ -26,15 +26,15 @@ import java.util.ArrayList; import java.util.Date; import java.util.List; +import javax.persistence.EntityManager; +import javax.persistence.PersistenceContext; +import javax.persistence.Query; + import org.apache.commons.lang.SerializationUtils; import org.apache.commons.lang.StringEscapeUtils; import org.hibernate.HibernateException; -import org.hibernate.Query; -import org.hibernate.Session; -import org.hibernate.Transaction; -import org.hibernate.resource.transaction.spi.TransactionStatus; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Service; +import org.springframework.stereotype.Repository; import org.springframework.transaction.annotation.Transactional; import com.fasterxml.jackson.core.JsonProcessingException; @@ -46,7 +46,6 @@ import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; @@ -62,13 +61,19 @@ import at.gv.egovernment.moa.id.util.SessionEncrytionUtil; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; -@Service("AuthenticationSessionStoreage") +@Repository("AuthenticationSessionStoreage") +@Transactional("sessionTransactionManager") public class DBAuthenticationSessionStoreage implements IAuthenticationSessionStoreage{ + @PersistenceContext(unitName="session") + private EntityManager entityManager; + @Autowired AuthConfiguration authConfig; - @Autowired MOASessionDBUtils moaSessionDBUtils; + private static JsonMapper mapper = new JsonMapper(); + //@Autowired MOASessionDBUtils moaSessionDBUtils; + @Override public boolean isAuthenticated(String moaSessionID) { @@ -104,15 +109,15 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt AuthenticationSession session = new AuthenticationSession(id, now); encryptSession(session, dbsession); - //store AssertionStore element to Database - moaSessionDBUtils.saveOrUpdate(dbsession); + //store AssertionStore element to Database + entityManager.persist(dbsession); Logger.info("Create MOASession with sessionID: " + id); return session; - } catch (MOADatabaseException e) { - Logger.warn("MOASession could not be created."); - throw new MOADatabaseException(e); +// } catch (MOADatabaseException e) { +// Logger.warn("MOASession could not be created."); +// throw new MOADatabaseException(e); } catch (JsonProcessingException e) { Logger.warn("Extended session information can not be stored.", e); @@ -167,7 +172,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt dbsession.setAdditionalInformation( mapper.serialize(sessionExtensions)); - moaSessionDBUtils.saveOrUpdate(dbsession); + entityManager.merge(dbsession); Logger.debug("MOASession with sessionID=" + sessionID + " is stored in Database"); @@ -194,7 +199,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt dbsession.setAuthenticated(session.isAuthenticated()); dbsession.setUpdated(new Date()); - moaSessionDBUtils.saveOrUpdate(dbsession); + entityManager.merge(dbsession); Logger.debug("MOASession with sessionID=" + session.getSessionID() + " is stored in Database"); } catch (MOADatabaseException e) { @@ -206,40 +211,21 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt @Override public void destroySession(String moaSessionID) throws MOADatabaseException { - Session session = moaSessionDBUtils.getCurrentSession(); - - List<AuthenticatedSessionStore> result; - Transaction tx = null; - try { - synchronized (session) { - - tx = session.beginTransaction(); - Query query = session.getNamedQuery("getSessionWithID"); - query.setParameter("sessionid", moaSessionID); - result = query.list(); - - - - - Logger.trace("Found entries: " + result.size()); + Query query = entityManager.createNamedQuery("getSessionWithID"); + query.setParameter("sessionid", moaSessionID); + List<AuthenticatedSessionStore> results = query.getResultList(); + + Logger.trace("Found entries: " + results.size()); - //Assertion requires an unique artifact - if (result.size() != 1) { - Logger.trace("No entries found."); - throw new MOADatabaseException("No session found with this sessionID"); - } + //Assertion requires an unique artifact + if (results.size() != 1) { + Logger.trace("No entries found."); + throw new MOADatabaseException("No session found with this sessionID"); + + } - AuthenticatedSessionStore dbsession = (AuthenticatedSessionStore) result.get(0); - tx.commit(); - cleanDelete(dbsession); - } - - } catch (Exception e) { - if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED)) - tx.rollback(); - throw e; - - } + AuthenticatedSessionStore dbsession = (AuthenticatedSessionStore) results.get(0); + cleanDelete(dbsession); } @@ -260,7 +246,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 dbsession.setUpdated(new Date()); - moaSessionDBUtils.saveOrUpdate(dbsession); + entityManager.merge(dbsession); Logger.trace("Change SessionID complete."); @@ -284,7 +270,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt try { session = searchInDatabase(moaSessionID); session.setAuthenticated(isAuthenticated); - moaSessionDBUtils.saveOrUpdate(session); + entityManager.merge(session); } catch (MOADatabaseException e) { @@ -294,41 +280,23 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt @Override public String getMOASessionSSOID(String SSOSessionID) { - MiscUtil.assertNotNull(SSOSessionID, "SSOsessionID"); - Logger.trace("Get authenticated session with SSOID " + SSOSessionID + " from database."); - Session session = moaSessionDBUtils.getCurrentSession(); - - List<AuthenticatedSessionStore> result; - Transaction tx = null; - try { - synchronized (session) { - - tx = session.beginTransaction(); - Query query = session.getNamedQuery("getSessionWithSSOID"); - query.setParameter("sessionid", SSOSessionID); - result = query.list(); - - //send transaction - tx.commit(); - - } - - Logger.trace("Found entries: " + result.size()); + MiscUtil.assertNotNull(SSOSessionID, "SSOsessionID"); + Logger.trace("Get authenticated session with SSOID " + SSOSessionID + " from database."); + + Query query = entityManager.createNamedQuery("getSessionWithSSOID"); + query.setParameter("sessionid", SSOSessionID); + List<AuthenticatedSessionStore> results = query.getResultList(); + + Logger.trace("Found entries: " + results.size()); - //Assertion requires an unique artifact - if (result.size() != 1) { - Logger.trace("No entries found."); - return null; + //Assertion requires an unique artifact + if (results.size() != 1) { + Logger.trace("No entries found."); + return null; - } else { - return result.get(0).getSessionid(); + } else + return results.get(0).getSessionid(); - } - } catch (Exception e) { - if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED)) - tx.rollback(); - throw e; - } } @Override @@ -347,144 +315,101 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt public AuthenticatedSessionStore isValidSessionWithSSOID(String SSOId) { //TODO: is this method really needed?? - MiscUtil.assertNotNull(SSOId, "SSOSessionID"); - Logger.trace("Get authenticated session with SSOID " + SSOId + " from database."); - Session session = moaSessionDBUtils.getCurrentSession(); + MiscUtil.assertNotNull(SSOId, "SSOSessionID"); + Logger.trace("Get authenticated session with SSOID " + SSOId + " from database."); - List<AuthenticatedSessionStore> result; - Transaction tx = null; - try { - synchronized (session) { - tx = session.beginTransaction(); - Query query = session.getNamedQuery("getSessionWithSSOID"); - query.setParameter("sessionid", SSOId); - result = query.list(); - - //send transaction - tx.commit(); - } + Query query = entityManager.createNamedQuery("getSessionWithSSOID"); + query.setParameter("sessionid", SSOId); + List<AuthenticatedSessionStore> results = query.getResultList(); - Logger.trace("Found entries: " + result.size()); + Logger.trace("Found entries: " + results.size()); - //Assertion requires an unique artifact - if (result.size() != 1) { - Logger.trace("No entries found."); - return null; + //Assertion requires an unique artifact + if (results.size() != 1) { + Logger.trace("No entries found."); + return null; - } else { - return result.get(0); - } - } catch (Exception e) { - if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED)) - tx.rollback(); - throw e; - } + } else + return results.get(0); + } @Override public void addSSOInformation(String moaSessionID, String SSOSessionID, SLOInformationInterface SLOInfo, IRequest protocolRequest) throws AuthenticationException { - AuthenticatedSessionStore dbsession; - Transaction tx = null; - - try { - - Session session = moaSessionDBUtils.getCurrentSession(); - List<AuthenticatedSessionStore> result; - - Logger.trace("Add SSO information to session " + moaSessionID); - - synchronized (session) { - - tx = session.beginTransaction(); - Query query = session.getNamedQuery("getSessionWithID"); - query.setParameter("sessionid", moaSessionID); - result = query.list(); - - - Logger.trace("Found entries: " + result.size()); + Query query = entityManager.createNamedQuery("getSessionWithID"); + query.setParameter("sessionid", moaSessionID); + List<AuthenticatedSessionStore> results = query.getResultList(); + + Logger.trace("Found entries: " + results.size()); - //Assertion requires an unique artifact - if (result.size() != 1) { - Logger.trace("No entries found."); - tx.rollback(); - throw new MOADatabaseException("No session found with this sessionID"); - } + //Assertion requires an unique artifact + if (results.size() != 1) { + Logger.trace("No entries found."); + throw new AuthenticationException("No session found with this sessionID", null); + + } - dbsession = (AuthenticatedSessionStore) result.get(0); + AuthenticatedSessionStore dbsession = results.get(0); - OASessionStore activeOA = null; - //check if OA already has an active OA session - if (dbsession.getActiveOAsessions() != null) { - for (OASessionStore el : dbsession.getActiveOAsessions()) { - if (el.getOaurlprefix().equals(protocolRequest.getOAURL())) - activeOA = el; - } - } - - if (activeOA == null) - activeOA = new OASessionStore(); + OASessionStore activeOA = null; + //check if OA already has an active OA session + if (dbsession.getActiveOAsessions() != null) { + for (OASessionStore el : dbsession.getActiveOAsessions()) { + if (el.getOaurlprefix().equals(protocolRequest.getOAURL())) + activeOA = el; + } + } - //set active OA applications - activeOA.setOaurlprefix(protocolRequest.getOAURL()); - activeOA.setMoasession(dbsession); - activeOA.setCreated(new Date()); + if (activeOA == null) + activeOA = new OASessionStore(); - //set additional information for SLO - if (SLOInfo != null) { - activeOA.setAssertionSessionID(SLOInfo.getSessionIndex()); - activeOA.setUserNameID(SLOInfo.getUserNameIdentifier()); - activeOA.setUserNameIDFormat(SLOInfo.getUserNameIDFormat()); - activeOA.setProtocolType(SLOInfo.getProtocolType()); - activeOA.setAttributeQueryUsed(false); - activeOA.setAuthURL(protocolRequest.getAuthURL()); - - - } - - List<OASessionStore> activeOAs = dbsession.getActiveOAsessions(); - activeOAs.add(activeOA); - dbsession.setActiveOAsessions(activeOAs); + //set active OA applications + activeOA.setOaurlprefix(protocolRequest.getOAURL()); + activeOA.setMoasession(dbsession); + activeOA.setCreated(new Date()); + + //set additional information for SLO + if (SLOInfo != null) { + activeOA.setAssertionSessionID(SLOInfo.getSessionIndex()); + activeOA.setUserNameID(SLOInfo.getUserNameIdentifier()); + activeOA.setUserNameIDFormat(SLOInfo.getUserNameIDFormat()); + activeOA.setProtocolType(SLOInfo.getProtocolType()); + activeOA.setAttributeQueryUsed(false); + activeOA.setAuthURL(protocolRequest.getAuthURL()); + + + } + + List<OASessionStore> activeOAs = dbsession.getActiveOAsessions(); + activeOAs.add(activeOA); + dbsession.setActiveOAsessions(activeOAs); + + //Store used SSOId + if (dbsession.getSSOsessionid() != null) { + OldSSOSessionIDStore oldSSOId = new OldSSOSessionIDStore(); + oldSSOId.setOldsessionid(dbsession.getSSOsessionid()); + oldSSOId.setMoasession(dbsession); + + List<OldSSOSessionIDStore> oldSSOIds = dbsession.getOldssosessionids(); + oldSSOIds.add(oldSSOId); + } - //Store used SSOId - if (dbsession.getSSOsessionid() != null) { - OldSSOSessionIDStore oldSSOId = new OldSSOSessionIDStore(); - oldSSOId.setOldsessionid(dbsession.getSSOsessionid()); - oldSSOId.setMoasession(dbsession); - - List<OldSSOSessionIDStore> oldSSOIds = dbsession.getOldssosessionids(); - oldSSOIds.add(oldSSOId); - } - - dbsession.setSSOSession(true); - dbsession.setSSOsessionid(SSOSessionID); - dbsession.setAuthenticated(false); + dbsession.setSSOSession(true); + dbsession.setSSOsessionid(SSOSessionID); + dbsession.setAuthenticated(false); - //Store MOASession - session.saveOrUpdate(dbsession); - - //send transaction - tx.commit(); + //Store MOASession + entityManager.merge(dbsession); - if (SLOInfo != null) - Logger.info("Add SSO-Session login information for OA: " + protocolRequest.getOAURL() - + " and AssertionID: " + SLOInfo.getSessionIndex()); - else - Logger.info("Add SSO-Session login information for OA: " + protocolRequest.getOAURL()); + if (SLOInfo != null) + Logger.info("Add SSO-Session login information for OA: " + protocolRequest.getOAURL() + + " and AssertionID: " + SLOInfo.getSessionIndex()); + else + Logger.info("Add SSO-Session login information for OA: " + protocolRequest.getOAURL()); - } - - } catch (MOADatabaseException e) { - throw new AuthenticationException("No MOASession found with Id="+moaSessionID, null); - - } catch(HibernateException e) { - Logger.warn("Error during database saveOrUpdate. Rollback.", e); - if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED)) - tx.rollback(); - throw new AuthenticationException("SSO Session information can not be stored! --> SSO is deactivated", null); - } } @Override @@ -492,30 +417,15 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt MiscUtil.assertNotNull(moaSession, "MOASession"); Logger.trace("Get OAs for moaSession " + moaSession.getSessionID() + " from database."); - Session session = moaSessionDBUtils.getCurrentSession(); - List<OASessionStore> result; - Transaction tx = null; - try { - synchronized (session) { - tx = session.beginTransaction(); - Query query = session.getNamedQuery("getAllActiveOAsForSessionID"); - query.setParameter("sessionID", moaSession.getSessionID()); - result = query.list(); - - //send transaction - tx.commit(); - } + Query query = entityManager.createNamedQuery("getAllActiveOAsForSessionID"); + query.setParameter("sessionID", moaSession.getSessionID()); + List<OASessionStore> results = query.getResultList(); - Logger.trace("Found entries: " + result.size()); + Logger.trace("Found entries: " + results.size()); - return result; + return results; - } catch (Exception e) { - if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED)) - tx.rollback(); - throw e; - } } @Override @@ -523,30 +433,14 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt MiscUtil.assertNotNull(moaSession, "MOASession"); Logger.trace("Get active IDPs for moaSession " + moaSession.getSessionID() + " from database."); - Session session = moaSessionDBUtils.getCurrentSession(); - List<InterfederationSessionStore> result; - Transaction tx = null; - try { - synchronized (session) { - tx = session.beginTransaction(); - Query query = session.getNamedQuery("getAllActiveIDPsForSessionID"); - query.setParameter("sessionID", moaSession.getSessionID()); - result = query.list(); - - //send transaction - tx.commit(); - } - - Logger.trace("Found entries: " + result.size()); - - return result; + Query query = entityManager.createNamedQuery("getAllActiveIDPsForSessionID"); + query.setParameter("sessionID", moaSession.getSessionID()); + List<InterfederationSessionStore> results = query.getResultList(); + + Logger.trace("Found entries: " + results.size()); - } catch (Exception e) { - if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED)) - tx.rollback(); - throw e; - } + return results; } @Override @@ -555,43 +449,29 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt MiscUtil.assertNotNull(userNameID, "userNameID"); Logger.trace("Get moaSession for userNameID " + userNameID + " and OA " + oaID + " from database."); - Session session = moaSessionDBUtils.getCurrentSession(); - Transaction tx = null; - List<AuthenticatedSessionStore> result = null;; - try { - synchronized (session) { - tx = session.beginTransaction(); - Query query = session.getNamedQuery("getMOASessionWithNameIDandOAID"); - query.setParameter("oaID", oaID); - query.setParameter("nameID", userNameID); - result = query.list(); - - //send transaction - tx.commit(); - } - - Logger.trace("Found entries: " + result.size()); - - //Assertion requires an unique artifact - if (result.size() != 1) { - Logger.trace("No unique entry found."); - return null; - - } - - return decryptSession(result.get(0)); - - } catch (BuildException e) { - Logger.warn("MOASession deserialization-exception by using MOASessionID=" + result.get(0).getSessionid(), e); - return null; + Query query = entityManager.createNamedQuery("getMOASessionWithNameIDandOAID"); + query.setParameter("oaID", oaID); + query.setParameter("nameID", userNameID); + List<AuthenticatedSessionStore> results = query.getResultList(); + + Logger.trace("Found entries: " + results.size()); + + //Assertion requires an unique artifact + if (results.size() != 1) { + Logger.trace("No unique entry found."); + return null; + + } + + try { + return decryptSession(results.get(0)); - } catch (Exception e) { - if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED)) - tx.rollback(); - throw e; - } - + } catch (BuildException e) { + Logger.warn("MOASession deserialization-exception by using MOASessionID=" + results.get(0).getSessionid(), e); + return null; + + } } @Override @@ -601,76 +481,64 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt MiscUtil.assertNotNull(protocolType, "usedProtocol"); Logger.trace("Get active OnlineApplication for sessionID " + moaSession.getSessionID() + " with OAID " + oaID + " from database."); - Session session = moaSessionDBUtils.getCurrentSession(); - List<AuthenticatedSessionStore> result; - Transaction tx = null; - try { - synchronized (session) { - tx = session.beginTransaction(); - Query query = session.getNamedQuery("getActiveOAWithSessionIDandOAIDandProtocol"); - query.setParameter("sessionID", moaSession.getSessionID()); - query.setParameter("oaID", oaID); - query.setParameter("protocol", protocolType); - result = query.list(); - - //send transaction - tx.commit(); - } - - Logger.trace("Found entries: " + result.size()); + Query query = entityManager.createNamedQuery("getActiveOAWithSessionIDandOAIDandProtocol"); + query.setParameter("sessionID", moaSession.getSessionID()); + query.setParameter("oaID", oaID); + query.setParameter("protocol", protocolType); + List<AuthenticatedSessionStore> results = query.getResultList(); + + Logger.trace("Found entries: " + results.size()); - //Assertion requires an unique artifact - if (result.size() == 0) { - Logger.trace("No entries found."); - return null; + //Assertion requires an unique artifact + if (results.size() == 0) { + Logger.trace("No entries found."); + return null; - } - - return result.get(0).getActiveOAsessions().get(0); + } - } catch (Exception e) { - if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED)) - tx.rollback(); - throw e; - } + return results.get(0).getActiveOAsessions().get(0); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage#markOAWithAttributeQueryUsedFlag(at.gv.egovernment.moa.id.auth.data.AuthenticationSession, java.lang.String, java.lang.String) + */ + @Override + public void markOAWithAttributeQueryUsedFlag(AuthenticationSession session, String oaurl, String requestedModule) { + OASessionStore activeOA = searchActiveOASSOSession(session, oaurl, requestedModule); + if (activeOA != null) { + activeOA.setAttributeQueryUsed(true); + entityManager.merge(activeOA); + + } + } @Override public AuthenticationSession getSessionWithUserNameID(String nameID) { - Transaction tx = null; - try { - MiscUtil.assertNotNull(nameID, "nameID"); - Logger.trace("Get authenticated session with pedingRequestID " + nameID + " from database."); - Session session = moaSessionDBUtils.getCurrentSession(); - - List<AuthenticatedSessionStore> result; - - synchronized (session) { - tx = session.beginTransaction(); - Query query = session.getNamedQuery("getMOAISessionWithUserNameID"); - query.setParameter("usernameid", StringEscapeUtils.escapeHtml(nameID)); - result = query.list(); - - //send transaction - tx.commit(); - } + MiscUtil.assertNotNull(nameID, "nameID"); + Logger.trace("Get authenticated session with pedingRequestID " + nameID + " from database."); - Logger.trace("Found entries: " + result.size()); + Query query = entityManager.createNamedQuery("getMOAISessionWithUserNameID"); + query.setParameter("usernameid", StringEscapeUtils.escapeHtml(nameID)); + List<AuthenticatedSessionStore> results = query.getResultList(); + + Logger.trace("Found entries: " + results.size()); - //Assertion requires an unique artifact - if (result.size() == 0) { - Logger.trace("No entries found."); - return null; - } + //Assertion requires an unique artifact + if (results.size() == 0) { + Logger.trace("No entries found."); + return null; + + } - return decryptSession(result.get(0)); + try { + return decryptSession(results.get(0)); } catch (Throwable e) { Logger.warn("MOASession deserialization-exception by using MOASessionID=" + nameID); - if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED)) - tx.rollback(); return null; } @@ -680,36 +548,21 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt public InterfederationSessionStore searchInterfederatedIDPFORSSOWithMOASession(String sessionID) { MiscUtil.assertNotNull(sessionID, "MOASession"); Logger.trace("Get interfederated IDP for SSO with sessionID " + sessionID + " from database."); - Session session = moaSessionDBUtils.getCurrentSession(); - List<AuthenticatedSessionStore> result; - Transaction tx = null; - try { - synchronized (session) { - tx = session.beginTransaction(); - Query query = session.getNamedQuery("getInterfederatedIDPForSSOWithSessionID"); - query.setParameter("sessionID", sessionID); - result = query.list(); - - //send transaction - tx.commit(); - } - - Logger.trace("Found entries: " + result.size()); + Query query = entityManager.createNamedQuery("getInterfederatedIDPForSSOWithSessionID"); + query.setParameter("sessionID", sessionID); + List<AuthenticatedSessionStore> results = query.getResultList(); + + Logger.trace("Found entries: " + results.size()); - //Assertion requires an unique artifact - if (result.size() == 0) { - Logger.trace("No entries found."); - return null; - - } + //Assertion requires an unique artifact + if (results.size() == 0) { + Logger.trace("No entries found."); + return null; + + } - return result.get(0).getInderfederation().get(0); - } catch (Exception e) { - if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED)) - tx.rollback(); - throw e; - } + return results.get(0).getInderfederation().get(0); } @Override @@ -717,37 +570,23 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt MiscUtil.assertNotNull(sessionID, "MOASession"); MiscUtil.assertNotNull(idpID, "Interfederated IDP ID"); Logger.trace("Get interfederated IDP "+ idpID + " for SSO with sessionID " + sessionID + " from database."); - Session session = moaSessionDBUtils.getCurrentSession(); - List<AuthenticatedSessionStore> result; - Transaction tx = null; - try { - synchronized (session) { - tx = session.beginTransaction(); - Query query = session.getNamedQuery("getInterfederatedIDPForSSOWithSessionIDIDPID"); - query.setParameter("sessionID", sessionID); - query.setParameter("idpID", idpID); - result = query.list(); - - //send transaction - tx.commit(); - } - - Logger.trace("Found entries: " + result.size()); + Query query = entityManager.createNamedQuery("getInterfederatedIDPForSSOWithSessionIDIDPID"); + query.setParameter("sessionID", sessionID); + query.setParameter("idpID", idpID); + List<AuthenticatedSessionStore> results = query.getResultList(); + + Logger.trace("Found entries: " + results.size()); - //Assertion requires an unique artifact - if (result.size() == 0) { - Logger.trace("No entries found."); - return null; - - } + //Assertion requires an unique artifact + if (results.size() == 0) { + Logger.trace("No entries found."); + return null; + + } - return result.get(0).getInderfederation().get(0); - } catch (Exception e) { - if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED)) - tx.rollback(); - throw e; - } + return results.get(0).getInderfederation().get(0); + } @Override @@ -819,14 +658,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt idp.setAttributesRequested(false); idp.setQAALevel(extractor.getQAALevel()); - //store AssertionStore element to Database - try { - moaSessionDBUtils.saveOrUpdate(dbsession); - - } catch (MOADatabaseException e) { - Logger.warn("MOASession could not be created."); - throw new MOADatabaseException(e); - } + entityManager.merge(dbsession); } @@ -834,36 +666,22 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt public InterfederationSessionStore searchInterfederatedIDPFORAttributeQueryWithSessionID(String moaSessionID) { MiscUtil.assertNotNull(moaSessionID, "MOASessionID"); Logger.trace("Get interfederated IDP for AttributeQuery with sessionID " + moaSessionID + " from database."); - Session session = moaSessionDBUtils.getCurrentSession(); - List<AuthenticatedSessionStore> result; - Transaction tx = null; - try { - synchronized (session) { - tx = session.beginTransaction(); - Query query = session.getNamedQuery("getInterfederatedIDPForAttributeQueryWithSessionID"); - query.setParameter("sessionID", moaSessionID); - result = query.list(); - - //send transaction - tx.commit(); - } - - Logger.trace("Found entries: " + result.size()); - - //Assertion requires an unique artifact - if (result.size() == 0) { - Logger.trace("No entries found."); - return null; - - } + Query query = entityManager.createNamedQuery("getInterfederatedIDPForAttributeQueryWithSessionID"); + query.setParameter("sessionID", moaSessionID); + List<AuthenticatedSessionStore> results = query.getResultList(); + + Logger.trace("Found entries: " + results.size()); + + //Assertion requires an unique artifact + if (results.size() == 0) { + Logger.trace("No entries found."); + return null; + + } - return result.get(0).getInderfederation().get(0); - } catch (Exception e) { - if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED)) - tx.rollback(); - throw e; - } + return results.get(0).getInderfederation().get(0); + } @Override @@ -875,31 +693,20 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt MiscUtil.assertNotNull(pedingRequestID, "pedingRequestID"); Logger.trace("Get authenticated session with pedingRequestID " + pedingRequestID + " from database."); - Session session = moaSessionDBUtils.getCurrentSession(); - - List<AuthenticatedSessionStore> result; - //TODO: !!!!!!!!!!! PendingRequestID does not work - - synchronized (session) { - session.beginTransaction(); - Query query = session.getNamedQuery("getSessionWithPendingRequestID"); - query.setParameter("sessionid", pedingRequestID); - result = query.list(); - - //send transaction - session.getTransaction().commit(); - } - - Logger.trace("Found entries: " + result.size()); + Query query = entityManager.createNamedQuery("getSessionWithPendingRequestID"); + query.setParameter("sessionid", pedingRequestID); + List<AuthenticatedSessionStore> results = query.getResultList(); + + Logger.trace("Found entries: " + results.size()); //Assertion requires an unique artifact - if (result.size() != 1) { + if (results.size() != 1) { Logger.trace("No entries found."); return false; } - AuthenticatedSessionStore authsession = result.get(0); + AuthenticatedSessionStore authsession = results.get(0); List<InterfederationSessionStore> idpSessions = authsession.getInderfederation(); if (idpSessions != null) { @@ -909,8 +716,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt } } - - moaSessionDBUtils.saveOrUpdate(authsession); + entityManager.merge(authsession); return true; } catch (Throwable e) { @@ -924,38 +730,25 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt Date expioredatecreate = new Date(now.getTime() - authDataTimeOutCreated); Date expioredateupdate = new Date(now.getTime() - authDataTimeOutUpdated); - List<AuthenticatedSessionStore> results; - Session session = moaSessionDBUtils.getCurrentSession(); - Transaction tx = null; - try { - synchronized (session) { - tx = session.beginTransaction(); - Query query = session.getNamedQuery("getMOAISessionsWithTimeOut"); - query.setTimestamp("timeoutcreate", expioredatecreate); - query.setTimestamp("timeoutupdate", expioredateupdate); - results = query.list(); - tx.commit(); + Query query = entityManager.createNamedQuery("getMOAISessionsWithTimeOut"); + query.setParameter("timeoutcreate", expioredatecreate); + query.setParameter("timeoutupdate", expioredateupdate); + List<AuthenticatedSessionStore> results = query.getResultList(); - if (results.size() != 0) { - for(AuthenticatedSessionStore result : results) { - try { - cleanDelete(result); - Logger.info("Authenticated session with sessionID=" + result.getSessionid() - + " after session timeout."); + if (results.size() != 0) { + for(AuthenticatedSessionStore result : results) { + try { + cleanDelete(result); + Logger.info("Authenticated session with sessionID=" + result.getSessionid() + + " after session timeout."); - } catch (HibernateException e){ - Logger.warn("Authenticated session with sessionID=" + result.getSessionid() - + " not removed after timeout! (Error during Database communication)", e); - } - } + } catch (HibernateException e){ + Logger.warn("Authenticated session with sessionID=" + result.getSessionid() + + " not removed after timeout! (Error during Database communication)", e); } } - - } catch (Exception e) { - if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED)) - tx.rollback(); - throw e; - } + } + } private static void encryptSession(AuthenticationSession session, AuthenticatedSessionStore dbsession) throws BuildException { @@ -976,55 +769,68 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt } private void cleanDelete(AuthenticatedSessionStore result) { - - try { result.setSession("blank".getBytes()); - moaSessionDBUtils.saveOrUpdate(result); - - } catch (MOADatabaseException e) { - Logger.warn("Blank authenticated session with sessionID=" + result.getSessionid() + " FAILED.", e); - - } finally { - if (!moaSessionDBUtils.delete(result)) - Logger.error("Authenticated session with sessionID=" + result.getSessionid() + " not removed! (Error during Database communication)"); - } + entityManager.merge(result); + entityManager.remove(result); + } @SuppressWarnings("rawtypes") private AuthenticatedSessionStore searchInDatabase(String sessionID) throws MOADatabaseException { MiscUtil.assertNotNull(sessionID, "moasessionID"); Logger.trace("Get authenticated session with sessionID " + sessionID + " from database."); - Session session = moaSessionDBUtils.getCurrentSession(); - List result; - Transaction tx = null; - try { - synchronized (session) { - tx = session.beginTransaction(); - Query query = session.getNamedQuery("getSessionWithID"); - query.setParameter("sessionid", sessionID); - result = query.list(); - - //send transaction - tx.commit(); - } - - Logger.trace("Found entries: " + result.size()); - - //Assertion requires an unique artifact - if (result.size() != 1) { - Logger.trace("No entries found."); - throw new MOADatabaseException("No session found with this sessionID"); + Query query = entityManager.createNamedQuery("getSessionWithID"); + query.setParameter("sessionid", sessionID); + List<AuthenticatedSessionStore> results = query.getResultList(); + + Logger.trace("Found entries: " + results.size()); + + //Assertion requires an unique artifact + if (results.size() != 1) { + Logger.trace("No entries found."); + throw new MOADatabaseException("No session found with this sessionID"); - } - - return (AuthenticatedSessionStore) result.get(0); + } - } catch (Exception e) { - if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED)) - tx.rollback(); - throw e; - } + return (AuthenticatedSessionStore) results.get(0); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage#deleteIdpInformation(at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore) + */ + @Override + public void deleteIdpInformation(InterfederationSessionStore nextIDPInformation) { + entityManager.remove(nextIDPInformation); + } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage#persistIdpInformation(at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore) + */ + @Override + public void persistIdpInformation(InterfederationSessionStore nextIDPInformation) { + entityManager.merge(nextIDPInformation); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage#checkSSOTokenAlreadyUsed(java.lang.String) + */ + @Override + public OldSSOSessionIDStore checkSSOTokenAlreadyUsed(String ssoId) { + + Query query = entityManager.createNamedQuery("getSSOSessionWithOldSessionID"); + query.setParameter("sessionid", ssoId); + List<OldSSOSessionIDStore> results = query.getResultList(); + + Logger.trace("Found entries: " + results.size()); + + // Assertion requires an unique artifact + if (results.size() == 0) { + return null; + } + + return results.get(0); + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java index b5d816eaf..934b7ca65 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java @@ -33,6 +33,7 @@ import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.data.SLOInformationInterface; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption; @@ -276,5 +277,28 @@ public interface IAuthenticationSessionStoreage { * @param authDataTimeOutUpdated timeOut after MOASession is updated last time [ms] */ public void clean(Date now, long authDataTimeOutCreated, long authDataTimeOutUpdated); + + /** + * @param session + * @param oaurl + * @param requestedModule + */ + public void markOAWithAttributeQueryUsedFlag(AuthenticationSession session, String oaurl, String requestedModule); + + /** + * @param nextIDPInformation + */ + public void deleteIdpInformation(InterfederationSessionStore nextIDPInformation); + + /** + * @param nextIDPInformation + */ + public void persistIdpInformation(InterfederationSessionStore nextIDPInformation); + + /** + * @param ssoId + * @return + */ + public OldSSOSessionIDStore checkSSOTokenAlreadyUsed(String ssoId); } |