-- add AssertionID to Single LogOut session information

-- split hibernate configuration into two files (moasession and statistic)
author: Thomas Lenz <tlenz@iaik.tugraz.at> 2013-09-26 11:32:21 +0200
committer: Thomas Lenz <tlenz@iaik.tugraz.at> 2013-09-26 11:32:21 +0200
commit: 1dbab6b07a8996a7f291e0ddc4b02c0d3e15a64d (patch)
tree: 476d55cadbb56b56d52d0ca56bb5291b3eb06ec1 /id/server/idserverlib/src/main/java/at/gv/egovernment/moa
parent: 2c82d41a98e2617088cdcf3db72b40d9747ae292 (diff)
download: moa-id-spss-1dbab6b07a8996a7f291e0ddc4b02c0d3e15a64d.tar.gz
moa-id-spss-1dbab6b07a8996a7f291e0ddc4b02c0d3e15a64d.tar.bz2
moa-id-spss-1dbab6b07a8996a7f291e0ddc4b02c0d3e15a64d.zip
12 files changed, 55 insertions, 59 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index 75695d2db..f39fde6be 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -43,6 +43,7 @@ import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.util.Random;
 import at.gv.egovernment.moa.id.util.legacy.LegacyHelper;
 import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
 
 public class DispatcherServlet extends AuthServlet{
 
@@ -329,6 +330,7 @@ public class DispatcherServlet extends AuthServlet{
 				SSOManager ssomanager = SSOManager.getInstance();
 				
 				String moasessionID = null;
+				String newSSOSessionId = null;
 				AuthenticationSession moasession = null;	
 				
 				//get SSO Cookie for Request
@@ -398,7 +400,6 @@ public class DispatcherServlet extends AuthServlet{
 						}
 					}
 					
-									
 					if ((useSSOOA || isValidSSOSession)) //TODO: SSO with mandates requires an OVS extension  
 					{
 					
@@ -416,17 +417,13 @@ public class DispatcherServlet extends AuthServlet{
 						}
 						else {
 							
-							//TODO: maybe transmit moasessionID with http GET to handle more then one PendingRequest!
 							moasessionID = (String) req.getParameter(PARAM_SESSIONID);
-							
-//							moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(),
-//												AuthenticationManager.MOA_SESSION, null);
-							
+														
 							moasession = AuthenticationSessionStoreage.getSession(moasessionID);
 						}
 						
 						//save SSO session usage in Database				
-						String newSSOSessionId = ssomanager.storeSSOSessionInformations(moasessionID, protocolRequest.getOAURL());
+						newSSOSessionId = ssomanager.createSSOSessionInformations(moasessionID, protocolRequest.getOAURL());
 					
 						if (newSSOSessionId != null) {
 							ssomanager.setSSOSessionID(req, resp, newSSOSessionId);
@@ -449,16 +446,28 @@ public class DispatcherServlet extends AuthServlet{
 
 				}
 		
-				moduleAction.processRequest(protocolRequest, req, resp, moasession);
+				String assertionID = moduleAction.processRequest(protocolRequest, req, resp, moasession);
 
 				RequestStorage.removePendingRequest(protocolRequests, protocolRequestID);
 				
 				if (needAuthentication) {
-					boolean isSSOSession = AuthenticationSessionStoreage.isSSOSession(moasessionID);
-				
+					//boolean isSSOSession = AuthenticationSessionStoreage.isSSOSession(moasessionID);
+					boolean isSSOSession = MiscUtil.isNotEmpty(newSSOSessionId);
+					
 					if ((useSSOOA || isSSOSession) //TODO: SSO with mandates requires an OVS extension 
-						&& !moasession.getUseMandate()) 
-					{
+						&& !moasession.getUseMandate()) { 
+					
+						try {
+							//Store OA specific SSO session information 
+							AuthenticationSessionStoreage.addSSOInformation(moasessionID, 
+									newSSOSessionId, assertionID, protocolRequest.getOAURL());
+														
+						} catch (AuthenticationException e) {
+							Logger.warn("SSO Session information can not be stored  -> SSO is not enabled!");
+							
+							authmanager.logout(req, resp, moasessionID);
+							isSSOSession = false;
+						}
 					
 					} else {
 						authmanager.logout(req, resp, moasessionID);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java
index aa8a8d9a9..8a5462cc9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java
@@ -8,7 +8,7 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 
 public interface IAction extends MOAIDAuthConstants {
-	public void processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) 
+	public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) 
 			throws MOAIDException;
 	public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp);
 	
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
index e8639a162..78140afc4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
@@ -112,7 +112,7 @@ public class SSOManager {
 
 	}
 	
-	public String storeSSOSessionInformations(String moaSessionID, String OAUrl) {
+	public String createSSOSessionInformations(String moaSessionID, String OAUrl) {
 		
 		String newSSOId = Random.nextRandom();
 			
@@ -123,15 +123,8 @@ public class SSOManager {
 			return null;
 		}
 		
-		try {
-			AuthenticationSessionStoreage.addSSOInformation(moaSessionID, newSSOId, OAUrl);
-			
-			return newSSOId;			
-			
-		} catch (AuthenticationException e) {
-			Logger.warn("SSO Session information can not be stored  -> SSO is not enabled!");
-			return null;
-		}
+		return newSSOId;
+		
 	}
 	
 	
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
index 59a5158bd..0fa5e3e8d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
@@ -11,12 +11,12 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler.RequestManager;
 
 public class AuthenticationAction implements IAction {
 
-	public void processRequest(IRequest req, HttpServletRequest httpReq,
+	public String processRequest(IRequest req, HttpServletRequest httpReq,
 			HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
 		
 		System.out.println("Process PVP2 auth request!");
 		PVPTargetConfiguration pvpRequest = (PVPTargetConfiguration) req;
-		RequestManager.getInstance().handle(pvpRequest.request, httpReq, httpResp, moasession);
+		return RequestManager.getInstance().handle(pvpRequest.request, httpReq, httpResp, moasession);
 	}
 
 	public boolean needAuthentication(IRequest req, HttpServletRequest httpReq,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
index 3d0fd80bd..beae42992 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
@@ -44,7 +44,7 @@ import at.gv.egovernment.moa.logging.Logger;
 
 public class MetadataAction implements IAction {
 
-	public void processRequest(IRequest req, HttpServletRequest httpReq,
+	public String processRequest(IRequest req, HttpServletRequest httpReq,
 			HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
 		try {
 
@@ -191,6 +191,8 @@ public class MetadataAction implements IAction {
 
 			httpResp.getOutputStream().close();
 
+			return null;
+			
 		} catch (Exception e) {
 			Logger.error("Failed to generate metadata", e);
 			throw new MOAIDException("pvp2.13", null);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java
index 946f62066..313d323a3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java
@@ -1,9 +1,14 @@
 package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
 
+import java.io.Serializable;
+
 import org.opensaml.saml2.core.RequestAbstractType;
 import org.opensaml.saml2.metadata.EntityDescriptor;
 
-public class MOARequest {
+public class MOARequest implements Serializable{
+
+	private static final long serialVersionUID = 2395131650841669663L;
+	
 	private RequestAbstractType samlRequest;
 	private EntityDescriptor entityMetadata; 
 	private boolean verified = false;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java
index d479de2d7..89c273da6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java
@@ -23,7 +23,7 @@ public class ArtifactResolution implements IRequestHandler {
 		return (obj.getSamlRequest() instanceof ArtifactResolve);
 	}
 
-	public void process(MOARequest obj, HttpServletRequest req,
+	public String process(MOARequest obj, HttpServletRequest req,
 			HttpServletResponse resp, AuthenticationSession moasession) throws MOAIDException {
 		if (!handleObject(obj)) {
 			throw new MOAIDException("pvp2.13", null);
@@ -50,7 +50,8 @@ public class ArtifactResolution implements IRequestHandler {
 				Logger.error("Failed to resolve artifact", e);
 			}
 		}
-
+		
+		return null;
 	}
 
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
index 1444cdecf..ed56dbaaa 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
@@ -39,7 +39,7 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
 		return (obj.getSamlRequest() instanceof AuthnRequest);
 	}
 
-	public void process(MOARequest obj, HttpServletRequest req,
+	public String process(MOARequest obj, HttpServletRequest req,
 			HttpServletResponse resp, AuthenticationSession authSession) throws MOAIDException {
 		if (!handleObject(obj)) {
 			throw new MOAIDException("pvp2.13", null);
@@ -113,6 +113,8 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
 			binding.encodeRespone(req, resp, authResponse, oaURL);
 			// TODO add remoteSessionID to AuthSession ExternalPVPSessionStore
 			
+			return assertion.getID();
+			
 		} catch (MessageEncodingException e) {
 			Logger.error("Message Encoding exception", e);
 			throw new MOAIDException("pvp2.01", null, e);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java
index 458316c6d..c8a56e537 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java
@@ -10,6 +10,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
 public interface IRequestHandler {
 	public boolean handleObject(MOARequest obj);
 
-	public void process(MOARequest obj, HttpServletRequest req,
+	public String process(MOARequest obj, HttpServletRequest req,
 			HttpServletResponse resp, AuthenticationSession moasession) throws MOAIDException;
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
index a043bfde5..50176b6dd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
@@ -31,14 +31,13 @@ public class RequestManager {
 		handler.add(new ArtifactResolution());
 	}
 	
-	public void handle(MOARequest obj, HttpServletRequest req, HttpServletResponse resp, AuthenticationSession moasession) 
+	public String handle(MOARequest obj, HttpServletRequest req, HttpServletResponse resp, AuthenticationSession moasession) 
 			throws SAMLRequestNotSupported, MOAIDException {
 		Iterator<IRequestHandler> it = handler.iterator();
 		while(it.hasNext()) {
 			IRequestHandler handler = it.next();
 			if(handler.handleObject(obj)) {
-				handler.process(obj, req, resp, moasession);
-				return;
+				return handler.process(obj, req, resp, moasession);
 			}
 		}
 		
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
index 75825d92d..8dac55922 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
@@ -32,7 +32,7 @@ import at.gv.egovernment.moa.util.URLEncoder;
 
 public class GetArtifactAction implements IAction {
 
-	public void processRequest(IRequest req, HttpServletRequest httpReq,
+	public String processRequest(IRequest req, HttpServletRequest httpReq,
 			HttpServletResponse httpResp, AuthenticationSession session) throws AuthenticationException {
 		
 //		HttpSession httpSession = httpReq.getSession();
@@ -117,30 +117,9 @@ public class GetArtifactAction implements IAction {
 				httpResp.addHeader("Location", redirectURL);
 				Logger.debug("REDIRECT TO: " + redirectURL);
 			}
-			// CONFIRMATION FOR SSO!
-			/*
-			 * OAAuthParameter oaParam =
-			 * AuthConfigurationProvider.getInstance().
-			 * getOnlineApplicationParameter(oaURL);
-			 * 
-			 * String friendlyName = oaParam.getFriendlyName(); if(friendlyName
-			 * == null) { friendlyName = oaURL; }
-			 * 
-			 * 
-			 * LoginConfirmationBuilder builder = new
-			 * LoginConfirmationBuilder();
-			 * builder.addParameter(PARAM_SAMLARTIFACT, samlArtifactBase64);
-			 * String form = builder.finish(oaURL, session.getIdentityLink()
-			 * .getName(), friendlyName);
-			 */
-
-			/*
-			 * resp.setContentType("text/html");
-			 * 
-			 * OutputStream out = resp.getOutputStream();
-			 * out.write(form.getBytes("UTF-8")); out.flush(); out.close();
-			 */
 
+			return authData.getAssertionID();
+			
 		} catch (WrongParametersException ex) {
 			// handleWrongParameters(ex, req, httpResp);
 			ex.printStackTrace();
@@ -163,6 +142,8 @@ public class GetArtifactAction implements IAction {
 			// TODO Auto-generated catch block
 			e.printStackTrace();
 		}
+		
+		return null;
 	}
 
 	protected static String addURLParameter(String url, String paramname,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
index 89ed369f8..1089113b1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
@@ -204,7 +204,7 @@ public class AuthenticationSessionStoreage {
 	}
 
 	public static void addSSOInformation(String moaSessionID, String SSOSessionID, 
-			String OAUrl) throws AuthenticationException {
+			String assertionID, String OAUrl) throws AuthenticationException {
 		
 		AuthenticatedSessionStore dbsession;
 		Transaction tx =  null;
@@ -237,6 +237,7 @@ public class AuthenticationSessionStoreage {
 				  activeOA.setOaurlprefix(OAUrl);
 				  activeOA.setMoasession(dbsession);
 				  activeOA.setCreated(new Date());
+				  activeOA.setAssertionSessionID(assertionID);
 				  
 				  List<OASessionStore> activeOAs = dbsession.getActiveOAsessions();				  
 				  activeOAs.add(activeOA);
@@ -263,6 +264,9 @@ public class AuthenticationSessionStoreage {
 					
 					//send transaction
 					tx.commit();
+					
+					Logger.debug("Add SSO-Session login information for OA: " + OAUrl 
+							+ " and AssertionID: " + assertionID);
 			}
 			
 		} catch (MOADatabaseException e) {
author	Thomas Lenz <tlenz@iaik.tugraz.at>	2013-09-26 11:32:21 +0200
committer	Thomas Lenz <tlenz@iaik.tugraz.at>	2013-09-26 11:32:21 +0200
commit	1dbab6b07a8996a7f291e0ddc4b02c0d3e15a64d (patch)
tree	476d55cadbb56b56d52d0ca56bb5291b3eb06ec1 /id/server/idserverlib/src/main/java/at/gv/egovernment/moa
parent	2c82d41a98e2617088cdcf3db72b40d9747ae292 (diff)
download	moa-id-spss-1dbab6b07a8996a7f291e0ddc4b02c0d3e15a64d.tar.gz moa-id-spss-1dbab6b07a8996a7f291e0ddc4b02c0d3e15a64d.tar.bz2 moa-id-spss-1dbab6b07a8996a7f291e0ddc4b02c0d3e15a64d.zip