aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2014-09-11 07:51:25 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2014-09-11 07:51:25 +0200
commit7008b0cb31761563c268ebcb53b13e32333fd931 (patch)
treeedfed3216f91a63e184abba505b34489d113e8e2 /id/server/idserverlib/src/main/java/at/gv/egovernment/moa
parenta860c3d448cc136e8733d0827a0e46b72cd431e7 (diff)
downloadmoa-id-spss-7008b0cb31761563c268ebcb53b13e32333fd931.tar.gz
moa-id-spss-7008b0cb31761563c268ebcb53b13e32333fd931.tar.bz2
moa-id-spss-7008b0cb31761563c268ebcb53b13e32333fd931.zip
add exact timeout validation for SSO sessions
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java33
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java16
2 files changed, 30 insertions, 19 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
index a7ec4dcb6..c08d77f12 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
@@ -97,32 +97,31 @@ public class IDPSingleLogOutServlet extends AuthServlet {
return;
- } else if (MiscUtil.isNotEmpty(ssoid)) {
- if (ssomanager.isValidSSOSession(ssoid, null)) {
+ } else if (MiscUtil.isNotEmpty(ssoid)) {
+ try {
+ if (ssomanager.isValidSSOSession(ssoid, null)) {
- AuthenticationManager authmanager = AuthenticationManager.getInstance();
- String moaSessionID = AuthenticationSessionStoreage.getMOASessionSSOID(ssoid);
+ AuthenticationManager authmanager = AuthenticationManager.getInstance();
+ String moaSessionID = AuthenticationSessionStoreage.getMOASessionSSOID(ssoid);
- if (MiscUtil.isNotEmpty(moaSessionID)) {
- AuthenticationSession authSession;
- try {
- authSession = AuthenticationSessionStoreage
+ if (MiscUtil.isNotEmpty(moaSessionID)) {
+ AuthenticationSession authSession = AuthenticationSessionStoreage
.getSession(moaSessionID);
if(authSession != null) {
authmanager.performSingleLogOut(req, resp, authSession, null);
return;
}
-
- } catch (MOADatabaseException e) {
- //TODO: insert error Handling
-
- } catch (MOAIDException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
}
- }
- }
+ }
+ } catch (MOADatabaseException e) {
+ //TODO: insert error Handling
+ e.printStackTrace();
+
+ } catch (MOAIDException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
} else if (restartProcessObj != null && restartProcessObj instanceof String) {
String restartProcess = (String) restartProcessObj;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
index ca3117a79..ff294dc3d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
@@ -31,6 +31,7 @@ import java.io.InputStreamReader;
import java.io.Reader;
import java.io.StringWriter;
import java.net.URI;
+import java.util.Date;
import java.util.List;
import javax.servlet.http.Cookie;
@@ -132,7 +133,7 @@ public class SSOManager {
}
- public boolean isValidSSOSession(String ssoSessionID, IRequest protocolRequest) {
+ public boolean isValidSSOSession(String ssoSessionID, IRequest protocolRequest) throws ConfigurationException {
// search SSO Session
if (ssoSessionID == null) {
@@ -144,8 +145,19 @@ public class SSOManager {
if (storedSession == null)
return false;
-
+
else {
+
+ //check if session is out of lifetime
+ Date now = new Date();
+ long maxSSOSessionTime = AuthConfigurationProvider.getInstance().getTimeOuts().getMOASessionCreated().longValue() * 1000;
+ Date ssoSessionValidTo = new Date(storedSession.getCreated().getTime() + maxSSOSessionTime);
+ if (now.after(ssoSessionValidTo)) {
+ Logger.info("Found outdated SSO session information. Start reauthentication process ... ");
+ return false;
+ }
+
+ //check if request starts an interfederated SSO session
if (protocolRequest != null &&
protocolRequest instanceof RequestImpl &&
storedSession.isInterfederatedSSOSession() &&