aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2013-07-26 07:47:08 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2013-07-26 07:47:08 +0200
commit59fd2c0ea0649c94340d67b735a2d53696065e4c (patch)
tree43722934ecabd4694c7675686c5541f857392cd9 /id/server/idserverlib/src/main/java/at/gv/egovernment
parentcfb70f755c45a2cad582e8030b1542add9949efb (diff)
downloadmoa-id-spss-59fd2c0ea0649c94340d67b735a2d53696065e4c.tar.gz
moa-id-spss-59fd2c0ea0649c94340d67b735a2d53696065e4c.tar.bz2
moa-id-spss-59fd2c0ea0649c94340d67b735a2d53696065e4c.zip
Bugfixes:
- handle Error if more then one authentication is started for one Online-Application - handle MultiThread error if more then one authentication process is active in one user session Add: - Add UserData database. (is required for the web-based configuration tool) - Add additional OA parameter in MOA-ID 2.x configuration scheme to set OAs active or not TODO: change 'searchOAWith....' to only get results with active=true
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java63
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java15
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java19
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java43
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java13
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java50
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java18
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java208
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java57
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java71
21 files changed, 442 insertions, 191 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java
index 9ba11bebd..a80fcfa25 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java
@@ -30,6 +30,7 @@ public class LoginFormBuilder {
private static String BKU_HANDY = "#HANDY#";
private static String BKU_LOCAL = "#LOCAL#";
private static String CONTEXTPATH = "#CONTEXTPATH#";
+ private static String MOASESSIONID = "#SESSIONID#";
private static String SERVLET = CONTEXTPATH+"/GenerateIframeTemplate";
@@ -84,7 +85,7 @@ public class LoginFormBuilder {
return template;
}
- public static String buildLoginForm(String modul, String action, String oaname, String contextpath, boolean isIFrame) {
+ public static String buildLoginForm(String modul, String action, String oaname, String contextpath, boolean isIFrame, String moaSessionID) {
String value = getTemplate(isIFrame);
if(value != null) {
@@ -98,6 +99,7 @@ public class LoginFormBuilder {
value = value.replace(ACTION, action);
value = value.replace(OANAME, oaname);
value = value.replace(CONTEXTPATH, contextpath);
+ value = value.replace(MOASESSIONID, moaSessionID);
}
return value;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java
index a72848832..956593237 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java
@@ -25,6 +25,7 @@ public class SendAssertionFormBuilder {
private static String URL = "#URL#";
private static String MODUL = "#MODUL#";
private static String ACTION = "#ACTION#";
+ private static String ID = "#ID#";
private static String OANAME = "#OAName#";
private static String CONTEXTPATH = "#CONTEXTPATH#";
@@ -75,7 +76,7 @@ public class SendAssertionFormBuilder {
return template;
}
- public static String buildForm(String modul, String action, String oaname, String contextpath, boolean isIFrame) {
+ public static String buildForm(String modul, String action, String id, String oaname, String contextpath, boolean isIFrame) {
String value = getTemplate(isIFrame);
if(value != null) {
@@ -87,6 +88,7 @@ public class SendAssertionFormBuilder {
}
value = value.replace(MODUL, modul);
value = value.replace(ACTION, action);
+ value = value.replace(ID, id);
value = value.replace(OANAME, oaname);
value = value.replace(CONTEXTPATH, contextpath);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
index c9a10b812..58cea2926 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
@@ -221,11 +221,11 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{
}
public static void parse(HttpServletRequest req, HttpServletResponse resp,
- AuthenticationSession moasession) throws WrongParametersException, MOAIDException {
+ AuthenticationSession moasession, IRequest request) throws WrongParametersException, MOAIDException {
- //check Module and Action
- HttpSession httpSession = req.getSession();
- IRequest request = RequestStorage.getPendingRequest(httpSession);
+// //check Module and Action
+// HttpSession httpSession = req.getSession();
+// IRequest request = RequestStorage.getPendingRequest(httpSession);
String modul = request.requestedModule();//req.getParameter(PARAM_MODUL);
String action = request.requestedAction();//req.getParameter(PARAM_ACTION);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
index 4b15d80b4..022f21491 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
@@ -50,6 +50,7 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.entrypoints.DispatcherServlet;
import at.gv.egovernment.moa.id.storage.ExceptionStoreImpl;
import at.gv.egovernment.moa.id.storage.IExceptionStore;
import at.gv.egovernment.moa.id.util.ServletUtils;
@@ -143,7 +144,7 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
* servlet response
*/
protected void handleError(String errorMessage, Throwable exceptionThrown,
- HttpServletRequest req, HttpServletResponse resp) {
+ HttpServletRequest req, HttpServletResponse resp, String pendingRequestID) {
if (null != errorMessage) {
Logger.error(errorMessage);
@@ -167,7 +168,8 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
String redirectURL = null;
redirectURL = ServletUtils.getBaseUrl(req);
- redirectURL += "/dispatcher?" + ERROR_CODE_PARAM + "=" + id;
+ redirectURL += "/dispatcher?" + ERROR_CODE_PARAM + "=" + id
+ + "&" + DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID;
resp.setContentType("text/html");
resp.setStatus(302);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
index 2ea34ee12..8d23f1a3b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
@@ -52,19 +52,26 @@ public class GenerateIFrameTemplateServlet extends AuthServlet {
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
Logger.info("Receive " + GenerateIFrameTemplateServlet.class + " Request");
-
+
+ String pendingRequestID = null;
+
try {
String bkuid = req.getParameter(PARAM_BKU);
String useMandate = req.getParameter(PARAM_USEMANDATE);
String ccc = req.getParameter(PARAM_CCC);
-
- String moasessionid = null;
+ String moasessionid = req.getParameter(PARAM_SESSIONID);
+
AuthenticationSession moasession = null;
-
+
try {
- moasessionid = (String) req.getSession().getAttribute(AuthenticationManager.MOA_SESSION);
- moasession = AuthenticationSessionStoreage.getSession(moasessionid);
-
+ //moasessionid = (String) req.getSession().getAttribute(AuthenticationManager.MOA_SESSION);
+
+ pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moasessionid);
+
+ moasession = AuthenticationSessionStoreage.getSession(moasessionid);
+
+ String newmoasessionid = AuthenticationSessionStoreage.changeSessionID(moasession);
+
} catch (MOADatabaseException e) {
Logger.info("MOASession with SessionID="+ moasessionid + " is not found in Database");
throw new MOAIDException("init.04", new Object[] {
@@ -131,49 +138,9 @@ public class GenerateIFrameTemplateServlet extends AuthServlet {
}
catch (MOAIDException ex) {
- handleError(null, ex, req, resp);
+ handleError(null, ex, req, resp, pendingRequestID);
}
}
-
-// private String getTemplateURIFromConfig(int bkuID, OAAuthParameter oaParam) throws WrongParametersException {
-// //TODO: CHANGE to real OA config
-//
-// List<String> bkuURIs = Arrays.asList(
-// "http://localhost:8080/moa-id-auth/template_onlineBKU.html",
-// "http://localhost:8080/moa-id-auth/template_handyBKU.html",
-// "http://127.0.0.1:8080/moa-id-auth/template_localBKU.html");
-//
-//// List<String> bkuURIs = Arrays.asList(
-//// "http://demo.egiz.gv.at/demoportal_moaid-2.0/template_onlineBKU.html",
-//// "http://demo.egiz.gv.at/demoportal_moaid-2.0/template_handyBKU.html",
-//// "http://demo.egiz.gv.at/demoportal_moaid-2.0/template_localBKU.html");
-//
-// if (bkuID < bkuURIs.size())
-// return bkuURIs.get(bkuID);
-// else
-// throw new WrongParametersException("GenerateIFrameTemplate", PARAM_TEMPLATE,
-// "auth.12");
-// }
-//
-// private String getBKUURIFromConfig(int bkuID, OAAuthParameter oaParam) throws WrongParametersException {
-// //TODO: CHANGE to real OA config
-//
-// List<String> bkuURIs = Arrays.asList(
-// "https://labda.iaik.tugraz.at:8843/bkuonline/https-security-layer-request",
-// "https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx",
-// "https://127.0.0.1:3496/https-security-layer-request");
-//
-//// List<String> bkuURIs = Arrays.asList(
-//// "https://demo.egiz.gv.at/demoportal_bkuonline/https-security-layer-request",
-//// "https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx",
-//// "https://127.0.0.1:3496/https-security-layer-request");
-//
-// if (bkuID < bkuURIs.size())
-// return bkuURIs.get(bkuID);
-// else
-// throw new WrongParametersException("GenerateIFrameTemplate", PARAM_BKU,
-// "auth.12");
-// }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
index d49f4e215..02c751a0a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
@@ -114,7 +114,10 @@ public class GetForeignIDServlet extends AuthServlet {
resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
- Map parameters;
+ Map parameters;
+
+ String pendingRequestID = null;
+
try
{
parameters = getParameters(req);
@@ -123,7 +126,8 @@ public class GetForeignIDServlet extends AuthServlet {
Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
throw new IOException(e.getMessage());
}
- String sessionID = req.getParameter(PARAM_SESSIONID);
+ String sessionID = req.getParameter(PARAM_SESSIONID);
+ pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
// escape parameter strings
sessionID = StringEscapeUtils.escapeHtml(sessionID);
@@ -195,8 +199,9 @@ public class GetForeignIDServlet extends AuthServlet {
}
redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
redirectURL = resp.encodeRedirectURL(redirectURL);*/
+
redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(),
- ModulUtils.buildAuthURL(session.getModul(), session.getAction()), newMOASessionID);
+ ModulUtils.buildAuthURL(session.getModul(), session.getAction(), pendingRequestID), newMOASessionID);
redirectURL = resp.encodeRedirectURL(redirectURL);
} else {
@@ -219,10 +224,10 @@ public class GetForeignIDServlet extends AuthServlet {
}
catch (MOAIDException ex) {
- handleError(null, ex, req, resp);
+ handleError(null, ex, req, resp, pendingRequestID);
}
catch (SZRGWClientException ex) {
- handleError(null, ex, req, resp);
+ handleError(null, ex, req, resp, pendingRequestID);
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
index 7d825da17..8e5fccfef 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
@@ -143,12 +143,15 @@ public class GetMISSessionIDServlet extends AuthServlet {
sessionID = StringEscapeUtils.escapeHtml(sessionID);
AuthenticationSession session = null;
+ String pendingRequestID = null;
try {
// check parameter
if (!ParamValidatorUtils.isValidSessionID(sessionID))
throw new WrongParametersException("VerifyCertificate",
PARAM_SESSIONID, "auth.12");
+ pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
+
session = AuthenticationServer.getSession(sessionID);
String misSessionID = session.getMISSessionID();
@@ -209,11 +212,11 @@ public class GetMISSessionIDServlet extends AuthServlet {
Logger.info("Changed MOASession " + oldsessionID + " to Session " + newMOASessionID);
Logger.info("Daten angelegt zu MOASession " + newMOASessionID);
-
+
String redirectURL = new DataURLBuilder().buildDataURL(
session.getAuthURL(),
ModulUtils.buildAuthURL(session.getModul(),
- session.getAction()), newMOASessionID);
+ session.getAction(), pendingRequestID), newMOASessionID);
redirectURL = resp.encodeRedirectURL(redirectURL);
@@ -252,17 +255,17 @@ public class GetMISSessionIDServlet extends AuthServlet {
Logger.debug("REDIRECT TO: " + redirectURL);
} catch (MOAIDException ex) {
- handleError(null, ex, req, resp);
+ handleError(null, ex, req, resp, pendingRequestID);
} catch (GeneralSecurityException ex) {
- handleError(null, ex, req, resp);
+ handleError(null, ex, req, resp, pendingRequestID);
} catch (PKIException e) {
- handleError(null, e, req, resp);
+ handleError(null, e, req, resp, pendingRequestID);
} catch (MISSimpleClientException e) {
- handleError(null, e, req, resp);
+ handleError(null, e, req, resp, pendingRequestID);
} catch (SAXException e) {
- handleError(null, e, req, resp);
+ handleError(null, e, req, resp, pendingRequestID);
} catch (ParserConfigurationException e) {
- handleError(null, e, req, resp);
+ handleError(null, e, req, resp, pendingRequestID);
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
index caf2e4490..8dc5d7469 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
@@ -83,29 +83,34 @@ public class LogOutServlet extends AuthServlet {
SSOManager ssomanager = SSOManager.getInstance();
- //get SSO token from request
- String ssoid = ssomanager.getSSOSessionID(req);
-
- if (ssomanager.isValidSSOSession(ssoid, req)) {
-
- //TODO: Single LogOut Implementation
+ try {
+ //get SSO token from request
+ String ssoid = ssomanager.getSSOSessionID(req);
- //delete SSO session and MOA session
- AuthenticationManager authmanager = AuthenticationManager.getInstance();
- String moasessionid = AuthenticationSessionStoreage.getMOASessionID(ssoid);
-
- authmanager.logout(req, resp, moasessionid);
- Logger.info("User with SSO Id " + ssoid + " is logged out and get redirect to "+ redirectUrl);
- } else {
- Logger.info("No active SSO session found. User is maybe logout already and get redirect to "+ redirectUrl);
- }
+ if (ssomanager.isValidSSOSession(ssoid, req)) {
- //Remove SSO token
- ssomanager.deleteSSOSessionID(req, resp);
+ //TODO: Single LogOut Implementation
- //invalidate Session
- req.getSession().invalidate();
+ //delete SSO session and MOA session
+ AuthenticationManager authmanager = AuthenticationManager.getInstance();
+ String moasessionid = AuthenticationSessionStoreage.getMOASessionID(ssoid);
+ RequestStorage.removePendingRequest(RequestStorage.getPendingRequest(req.getSession()),
+ AuthenticationSessionStoreage.getPendingRequestID(moasessionid));
+
+ authmanager.logout(req, resp, moasessionid);
+ Logger.info("User with SSO Id " + ssoid + " is logged out and get redirect to "+ redirectUrl);
+ } else {
+ Logger.info("No active SSO session found. User is maybe logout already and get redirect to "+ redirectUrl);
+ }
+
+ //Remove SSO token
+ ssomanager.deleteSSOSessionID(req, resp);
+
+ } catch (Exception e) {
+ Logger.warn(LogOutServlet.class.getName() + " has an LogOut Error. Redirect to Applikation " + redirectUrl, e);
+ }
+
//Redirect to Application
resp.setStatus(301);
resp.addHeader("Location", redirectUrl);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
index 63bc2a8cc..f6412f897 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
@@ -56,6 +56,8 @@ public class PEPSConnectorServlet extends AuthServlet {
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+ String pendingRequestID = null;
+
try {
Logger.info("PEPSConnector Servlet invoked, expecting C-PEPS message.");
@@ -80,6 +82,8 @@ public class PEPSConnectorServlet extends AuthServlet {
httpSession.invalidate();
}
+ pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID);
+
Logger.info("Found MOA sessionID: " + moaSessionID);
Logger.debug("Beginning to extract SAMLResponse out of HTTP Request");
@@ -199,7 +203,7 @@ public class PEPSConnectorServlet extends AuthServlet {
AuthenticationServer.getInstance().getForeignAuthenticationData(moaSession);
Logger.info("MOA assertion assembled and SAML Artifact generated.");
- //session is implicit stored in changeSessionID!!!!
+ //session is implicit stored in changeSessionID!!!!
String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
Logger.info("Changed MOASession " + moaSessionID + " to Session " + newMOASessionID);
@@ -214,8 +218,9 @@ public class PEPSConnectorServlet extends AuthServlet {
}
redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
redirectURL = response.encodeRedirectURL(redirectURL);*/
+
redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(),
- ModulUtils.buildAuthURL(moaSession.getModul(), moaSession.getAction()), newMOASessionID);
+ ModulUtils.buildAuthURL(moaSession.getModul(), moaSession.getAction(), pendingRequestID), newMOASessionID);
redirectURL = response.encodeRedirectURL(redirectURL);
} else {
@@ -236,9 +241,9 @@ public class PEPSConnectorServlet extends AuthServlet {
} catch (AuthenticationException e) {
- handleError(null, e, request, response);
+ handleError(null, e, request, response, pendingRequestID);
} catch (MOAIDException e) {
- handleError(null, e, request, response);
+ handleError(null, e, request, response, pendingRequestID);
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java
index 200d25fbe..ba8698934 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java
@@ -135,7 +135,7 @@ public class ProcessValidatorInputServlet extends AuthServlet {
handleWrongParameters(ex, req, resp);
}
catch (MOAIDException ex) {
- handleError(null, ex, req, resp);
+ handleError(null, ex, req, resp, null); //TODO: is this Class required?
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java
index ecbd87498..9b559770f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java
@@ -36,18 +36,48 @@ public class SSOSendAssertionServlet extends AuthServlet{
private static final long serialVersionUID = 1L;
private static final String PARAM = "value";
+ private static final String MODULE = "mod";
+ private static final String ACTION = "action";
+ private static final String ID = "identifier";
protected void doPost(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
+
+ String id = null;
Logger.info("Receive " + SSOSendAssertionServlet.class + " Request");
try {
+ Object idObject = req.getParameter(ID);
+
+ if (idObject != null && (idObject instanceof String)) {
+ id = (String) idObject;
+ }
+
String value = req.getParameter(PARAM);
value = StringEscapeUtils.escapeHtml(value);
if (!ParamValidatorUtils.isValidUseMandate(value))
throw new WrongParametersException("SSOSendAssertionServlet", PARAM, null);
-
+ //get module and action
+ Object moduleObject = req.getParameter(MODULE);
+ String module = null;
+ if (moduleObject != null && (moduleObject instanceof String)) {
+ module = (String) moduleObject;
+ }
+
+
+ Object actionObject = req.getParameter(ACTION);
+ String action = null;
+ if (actionObject != null && (actionObject instanceof String)) {
+ action = (String) actionObject;
+ }
+
+ if (MiscUtil.isEmpty(module) || MiscUtil.isEmpty(action) || MiscUtil.isEmpty(id)) {
+ Logger.warn("No Moduel or Action parameter received!");
+ throw new WrongParametersException("Module or Action is empty", "", "auth.10");
+ }
+
+
SSOManager ssomanager = SSOManager.getInstance();
//get SSO Cookie for Request
String ssoId = ssomanager.getSSOSessionID(req);
@@ -86,15 +116,9 @@ public class SSOSendAssertionServlet extends AuthServlet{
moaSessionID = AuthenticationSessionStoreage.getMOASessionID(ssoId);
AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moaSessionID);
AuthenticationSessionStoreage.setAuthenticated(moaSessionID, true);
-
- HttpSession httpSession = req.getSession();
- IRequest protocolRequest = RequestStorage.getPendingRequest(httpSession);
-
- if (protocolRequest == null)
- throw new AuthenticationException("auth.21", new Object[] {});
-
+
String redirectURL = new DataURLBuilder().buildDataURL(moasession.getAuthURL(),
- ModulUtils.buildAuthURL(protocolRequest.requestedModule(), protocolRequest.requestedAction()), "");
+ ModulUtils.buildAuthURL(module, action, id), "");
resp.setContentType("text/html");
resp.setStatus(302);
@@ -109,16 +133,16 @@ public class SSOSendAssertionServlet extends AuthServlet{
}
} else {
- handleError("SSO Session is not valid", null, req, resp);
+ handleError("SSO Session is not valid", null, req, resp, id);
}
} catch (MOADatabaseException e) {
- handleError("SSO Session is not found", e, req, resp);
+ handleError("SSO Session is not found", e, req, resp, id);
} catch (WrongParametersException e) {
- handleError("Parameter is not valid", e, req, resp);
+ handleError("Parameter is not valid", e, req, resp, id);
} catch (AuthenticationException e) {
- handleError(e.getMessage(), e, req, resp);
+ handleError(e.getMessage(), e, req, resp, id);
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
index adef74370..96914647e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
@@ -136,6 +136,7 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+ String pendingRequestID = null;
Map parameters;
try
@@ -152,6 +153,8 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
// escape parameter strings
sessionID = StringEscapeUtils.escapeHtml(sessionID);
+ pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
+
String redirectURL = null;
try {
// check parameter
@@ -161,7 +164,7 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_XMLRESPONSE, "auth.12");
AuthenticationSession session = AuthenticationServer.getSession(sessionID);
-
+
String samlArtifactBase64 = AuthenticationServer.getInstance().verifyAuthenticationBlock(session, createXMLSignatureResponse);
@@ -252,8 +255,9 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
redirectURL = resp.encodeRedirectURL(redirectURL);*/
+
redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(),
- ModulUtils.buildAuthURL(session.getModul(), session.getAction()), samlArtifactBase64);
+ ModulUtils.buildAuthURL(session.getModul(), session.getAction(), pendingRequestID), samlArtifactBase64);
} else {
redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());
@@ -270,15 +274,15 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
}
catch (MOAIDException ex) {
- handleError(null, ex, req, resp);
+ handleError(null, ex, req, resp, pendingRequestID);
} catch (GeneralSecurityException e) {
- handleError(null, e, req, resp);
+ handleError(null, e, req, resp, pendingRequestID);
} catch (PKIException e) {
- handleError(null, e, req, resp);
+ handleError(null, e, req, resp, pendingRequestID);
} catch (MISSimpleClientException e) {
- handleError(null, e, req, resp);
+ handleError(null, e, req, resp, pendingRequestID);
} catch (TransformerException e) {
- handleError(null, e, req, resp);
+ handleError(null, e, req, resp, pendingRequestID);
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
index e07be8420..896bd0864 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
@@ -106,6 +106,8 @@ public class VerifyCertificateServlet extends AuthServlet {
resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+
+ String pendingRequestID = null;
Map parameters;
try
@@ -120,7 +122,9 @@ public class VerifyCertificateServlet extends AuthServlet {
// escape parameter strings
sessionID = StringEscapeUtils.escapeHtml(sessionID);
-
+
+ pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
+
AuthenticationSession session = null;
try {
// check parameter
@@ -177,7 +181,7 @@ public class VerifyCertificateServlet extends AuthServlet {
}
catch (MOAIDException ex) {
- handleError(null, ex, req, resp);
+ handleError(null, ex, req, resp, pendingRequestID);
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
index 2f12c7ae6..c6310d8c0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
@@ -113,6 +113,8 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
Logger.debug("POST VerifyIdentityLink");
Map parameters;
+ String pendingRequestID = null;
+
try
{
parameters = getParameters(req);
@@ -127,6 +129,8 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
// escape parameter strings
sessionID = StringEscapeUtils.escapeHtml(sessionID);
+ pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
+
resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
@@ -175,7 +179,7 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
}
catch(Exception e) {
- handleError(null, e, req, resp);
+ handleError(null, e, req, resp, pendingRequestID);
}
}
@@ -234,11 +238,11 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
}
}
catch (ParseException ex) {
- handleError(null, ex, req, resp);
+ handleError(null, ex, req, resp, pendingRequestID);
}
catch (MOAIDException ex) {
- handleError(null, ex, req, resp);
+ handleError(null, ex, req, resp, pendingRequestID);
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index e995a1c2e..e7b41e3c9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -3,13 +3,20 @@ package at.gv.egovernment.moa.id.entrypoints;
import iaik.util.logging.Log;
import java.io.IOException;
+import java.util.ConcurrentModificationException;
+import java.util.HashMap;
import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.concurrent.ConcurrentHashMap;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
+import javax.swing.ListModel;
import at.gv.egovernment.moa.id.AuthenticationException;
import at.gv.egovernment.moa.id.MOAIDException;
@@ -32,6 +39,7 @@ import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.storage.ExceptionStoreImpl;
import at.gv.egovernment.moa.id.util.HTTPSessionUtils;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.id.util.legacy.LegacyHelper;
import at.gv.egovernment.moa.logging.Logger;
@@ -44,6 +52,7 @@ public class DispatcherServlet extends AuthServlet{
public static final String PARAM_TARGET_MODULE = "mod";
public static final String PARAM_TARGET_ACTION = "action";
+ public static final String PARAM_TARGET_PENDINGREQUESTID = "pendingid";
@Override
public void init(ServletConfig config) throws ServletException {
@@ -66,6 +75,8 @@ public class DispatcherServlet extends AuthServlet{
boolean isValidSSOSession = false;
boolean useSSOOA = false;
+ String protocolRequestID = null;
+
try {
Logger.info("REQUEST: " + req.getRequestURI());
@@ -76,30 +87,65 @@ public class DispatcherServlet extends AuthServlet{
Throwable throwable = ExceptionStoreImpl.getStore()
.fetchException(errorid);
ExceptionStoreImpl.getStore().removeException(errorid);
+
+ Object idObject = req.getParameter(PARAM_TARGET_PENDINGREQUESTID);
- if (throwable != null) {
+ Map<String, IRequest> errorRequests = RequestStorage.getPendingRequest(req.getSession());
+
+ String pendingRequestID = null;
+ if (idObject != null && (idObject instanceof String)) {
+ if (errorRequests.containsKey((String)idObject))
+ pendingRequestID = (String) idObject;
+ }
+
+ if (throwable != null) {
+ if (errorRequests != null) {
+
+ synchronized (errorRequests) {
+
+ IRequest errorRequest = null;
+ if (pendingRequestID != null) {
+ errorRequest = errorRequests.get(pendingRequestID);
+
+ //remove the
+ RequestStorage.removePendingRequest(errorRequests, pendingRequestID);
+ }
+ else {
+ if (errorRequests.size() > 1) {
+ handleErrorNoRedirect(throwable.getMessage(), throwable,
+ req, resp);
+
+ } else {
+ Set<String> keys = errorRequests.keySet();
+ errorRequest = errorRequests.get(keys.toArray()[0]);
+ RequestStorage.removeAllPendingRequests(req.getSession());
+ }
+
+ }
+
- IRequest errorRequest = RequestStorage
- .getPendingRequest(req.getSession());
-
- //remove the
- RequestStorage.removePendingRequest(req.getSession());
-
- if (errorRequest != null) {
- try {
- IModulInfo handlingModule = ModulStorage
- .getModuleByPath(errorRequest
- .requestedModule());
- if (handlingModule != null) {
- if (handlingModule.generateErrorMessage(
- throwable, req, resp, errorRequest)) {
- return;
+
+ if (errorRequest != null) {
+
+ try {
+ IModulInfo handlingModule = ModulStorage
+ .getModuleByPath(errorRequest
+ .requestedModule());
+ if (handlingModule != null) {
+ if (handlingModule.generateErrorMessage(
+ throwable, req, resp, errorRequest)) {
+ return;
+ }
}
+ } catch (Throwable e) {
+ Logger.error(e);
+ handleErrorNoRedirect(throwable.getMessage(),
+ throwable, req, resp);
}
- } catch (Throwable e) {
- Logger.error(e);
- handleErrorNoRedirect(throwable.getMessage(),
- throwable, req, resp);
+ }
+ else {
+ handleErrorNoRedirect(throwable.getMessage(), throwable,
+ req, resp);
}
}
handleErrorNoRedirect(throwable.getMessage(), throwable,
@@ -113,6 +159,7 @@ public class DispatcherServlet extends AuthServlet{
return;
}
+ }
Object moduleObject = req.getParameter(PARAM_TARGET_MODULE);
String module = null;
@@ -133,7 +180,7 @@ public class DispatcherServlet extends AuthServlet{
if (action == null) {
action = req.getParameter(PARAM_TARGET_ACTION);
}
-
+
Logger.debug("dispatching to " + module + " protocol " + action);
IModulInfo info = ModulStorage.getModuleByPath(module);
@@ -174,46 +221,103 @@ public class DispatcherServlet extends AuthServlet{
}
HttpSession httpSession = req.getSession();
+ Map<String, IRequest> protocolRequests = null;
IRequest protocolRequest = null;
+
try {
- protocolRequest = RequestStorage.getPendingRequest(httpSession);
-
- if (protocolRequest != null) {
- // check if pending request is same protocol and action
- if (!protocolRequest.requestedModule().equals(module)
- || !protocolRequest.requestedAction()
- .equals(action)
- || !info.validate(req, resp, protocolRequest)) {
- resp.sendError(HttpServletResponse.SC_CONFLICT);
- Logger.error("Different Request is pending in this session!");
+ protocolRequests = RequestStorage.getPendingRequest(httpSession);
+
+ Object idObject = req.getParameter(PARAM_TARGET_PENDINGREQUESTID);
+
+ if (protocolRequests != null &&
+ idObject != null && (idObject instanceof String)) {
+
+// synchronized (protocolRequests) {
+
+ protocolRequestID = (String) idObject;
+
+ //get IRequest if it exits
+ if (protocolRequests.containsKey(protocolRequestID)) {
+ protocolRequest = protocolRequests.get(protocolRequestID);
+
+ //RequestStorage.setPendingRequest(httpSession, protocolRequests);
+
+ } else {
+ resp.sendError(HttpServletResponse.SC_CONFLICT);
+ Logger.error("No PendingRequest with ID " + protocolRequestID + " found for this session!");
+ return;
+ }
+// }
+ } else {
+ try {
+ protocolRequest = info.preProcess(req, resp, action);
+
+ if (protocolRequest != null) {
+
+ if(protocolRequests != null) {
+
+// synchronized (protocolRequests) {
+// synchronized (protocolRequest) {
+ Set<String> mapkeys = protocolRequests.keySet();
+ for (String el : mapkeys) {
+ IRequest value = protocolRequests.get(el);
+
+ if (value.getOAURL().equals(protocolRequest.getOAURL())) {
+
+ if(!AuthenticationSessionStoreage.deleteSessionWithPendingRequestID(el)) {
+ Logger.warn("NO MOASession with PendingRequestID " + el + " found. Delete all user sessions!");
+ RequestStorage.removeAllPendingRequests(req.getSession());
+
+ } else {
+
+
+ RequestStorage.removePendingRequest(protocolRequests, el);
+ }
+ }
+ }
+// }
+// }
+
+ } else {
+ protocolRequests = new ConcurrentHashMap<String, IRequest>();
+ }
+
+ synchronized (protocolRequest) {
+ synchronized (protocolRequests) {
+
+ //Start new Authentication
+ protocolRequest.setAction(action);
+ protocolRequest.setModule(module);
+ protocolRequestID = Random.nextRandom();
+ protocolRequest.setRequestID(protocolRequestID);
+ protocolRequests.put(protocolRequestID, protocolRequest);
+ }
+ }
+ }
+ } catch (MOAIDException e) {
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST);
+ Logger.error("Failed to generate a valid protocol request!");
return;
}
- }
-
- if (protocolRequest == null) {
- protocolRequest = info.preProcess(req, resp, action);
- if (protocolRequest != null) {
- protocolRequest.setAction(action);
- protocolRequest.setModule(module);
+
+ if (protocolRequest == null) {
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST);
+ Logger.error("Failed to generate a valid protocol request!");
+ return;
}
}
+
+
- if (protocolRequest == null) {
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST);
- Logger.error("Failed to generate a valid protocol request!");
- return;
- }
-
+
//load Parameters from OnlineApplicationConfiguration
OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
.getOnlineApplicationParameter(protocolRequest.getOAURL());
if (oaParam == null) {
- //TODO: Find a better place for this!!
- //req.getSession().invalidate();
throw new AuthenticationException("auth.00", new Object[] { protocolRequest.getOAURL() });
}
-
- RequestStorage.setPendingRequest(httpSession, protocolRequest);
+
+ RequestStorage.setPendingRequest(httpSession, protocolRequests);
AuthenticationManager authmanager = AuthenticationManager.getInstance();
@@ -296,6 +400,8 @@ public class DispatcherServlet extends AuthServlet{
}
}
else {
+
+ //TODO: maybe transmit moasessionID with http GET to handle more then one PendingRequest!
moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(),
AuthenticationManager.MOA_SESSION, null);
moasession = AuthenticationSessionStoreage.getSession(moasessionID);
@@ -319,7 +425,7 @@ public class DispatcherServlet extends AuthServlet{
moduleAction.processRequest(protocolRequest, req, resp, moasession);
- RequestStorage.removePendingRequest(httpSession);
+ RequestStorage.removePendingRequest(protocolRequests, protocolRequestID);
boolean isSSOSession = AuthenticationSessionStoreage.isSSOSession(moasessionID);
@@ -331,7 +437,7 @@ public class DispatcherServlet extends AuthServlet{
authmanager.logout(req, resp, moasessionID);
}
- ConfigurationDBUtils.closeSession();
+// ConfigurationDBUtils.closeSession();
//authmanager.logout(req, resp);
@@ -345,7 +451,7 @@ public class DispatcherServlet extends AuthServlet{
} catch (WrongParametersException ex) {
handleWrongParameters(ex, req, resp);
} catch (MOAIDException ex) {
- handleError(null, ex, req, resp);
+ handleError(null, ex, req, resp, protocolRequestID);
} catch (Throwable e) {
e.printStackTrace();
resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index b6742fb9e..b9f0b2144 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -177,7 +177,7 @@ public class AuthenticationManager extends AuthServlet {
}
authSession.setAuthenticated(false);
- HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session
+ //HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session
AuthenticationSessionStoreage.destroySession(moaSessionID);
@@ -230,7 +230,7 @@ public class AuthenticationManager extends AuthServlet {
//parse request parameter into MOASession
- StartAuthentificationParameterParser.parse(request, response, moasession);
+ StartAuthentificationParameterParser.parse(request, response, moasession, target);
Logger.info("Start Authentication Module: " + moasession.getModul()
+ " Action: " + moasession.getAction());
@@ -245,7 +245,7 @@ public class AuthenticationManager extends AuthServlet {
//store MOASession
try {
- AuthenticationSessionStoreage.storeSession(moasession);
+ AuthenticationSessionStoreage.storeSession(moasession, target.getRequestID());
} catch (MOADatabaseException e) {
Logger.error("Database Error! MOASession is not stored!");
throw new MOAIDException("init.04", new Object[] {
@@ -284,11 +284,11 @@ public class AuthenticationManager extends AuthServlet {
String loginForm = LoginFormBuilder.buildLoginForm(target.requestedModule(),
- target.requestedAction(), oaParam.getFriendlyName(), request.getContextPath(), oaParam.useIFrame());
+ target.requestedAction(), oaParam.getFriendlyName(), request.getContextPath(), oaParam.useIFrame(), moasession.getSessionID());
//store MOASession
try {
- AuthenticationSessionStoreage.storeSession(moasession);
+ AuthenticationSessionStoreage.storeSession(moasession, target.getRequestID());
} catch (MOADatabaseException e) {
Logger.error("Database Error! MOASession is not stored!");
throw new MOAIDException("init.04", new Object[] {
@@ -310,7 +310,7 @@ public class AuthenticationManager extends AuthServlet {
throws ServletException, IOException, MOAIDException {
String form = SendAssertionFormBuilder.buildForm(target.requestedModule(),
- target.requestedAction(), oaParam.getFriendlyName(), request.getContextPath(), oaParam.useIFrame());
+ target.requestedAction(), target.getRequestID(), oaParam.getFriendlyName(), request.getContextPath(), oaParam.useIFrame());
response.setContentType("text/html;charset=UTF-8");
PrintWriter out = new PrintWriter(response.getOutputStream());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
index f63b0049f..824b210cf 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
@@ -10,6 +10,8 @@ public interface IRequest {
public void setModule(String module);
public void setAction(String action);
public String getTarget();
+ public void setRequestID(String id);
+ public String getRequestID();
//public void setTarget();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java
index 9ce835c7e..b07695938 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java
@@ -8,15 +8,17 @@ public class ModulUtils {
public static final String UNAUTHDISPATCHER = "dispatcher";
public static final String AUTHDISPATCHER = "dispatcher";
- public static String buildUnauthURL(String modul, String action) {
+ public static String buildUnauthURL(String modul, String action, String pendingRequestID) {
return UNAUTHDISPATCHER + "?" +
DispatcherServlet.PARAM_TARGET_MODULE + "=" + modul + "&" +
- DispatcherServlet.PARAM_TARGET_ACTION + "=" + action;
+ DispatcherServlet.PARAM_TARGET_ACTION + "=" + action + "&" +
+ DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID;
}
- public static String buildAuthURL(String modul, String action) {
+ public static String buildAuthURL(String modul, String action, String pendingRequestID) {
return AUTHDISPATCHER +
"?" + DispatcherServlet.PARAM_TARGET_MODULE + "=" + modul + "&" +
- DispatcherServlet.PARAM_TARGET_ACTION + "=" + action;
+ DispatcherServlet.PARAM_TARGET_ACTION + "=" + action + "&" +
+ DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID;
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
index 29f9ff69b..420f11622 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
@@ -9,6 +9,7 @@ public class RequestImpl implements IRequest {
private String module = null;
private String action = null;
private String target = null;
+ private String requestID;
public void setOAURL(String value) {
@@ -66,4 +67,13 @@ public class RequestImpl implements IRequest {
public void setTarget(String target) {
this.target = target;
}
+
+ public void setRequestID(String id) {
+ this.requestID = id;
+
+ }
+
+ public String getRequestID() {
+ return requestID;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java
index 4e7d8d2ed..35481a0a1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java
@@ -1,28 +1,65 @@
package at.gv.egovernment.moa.id.moduls;
+import java.util.List;
+import java.util.Map;
+
import javax.servlet.http.HttpSession;
+import at.gv.egovernment.moa.logging.Logger;
+
public class RequestStorage {
private static final String PENDING_REQUEST = "PENDING_REQUEST";
- public static IRequest getPendingRequest(HttpSession session) {
- Object obj = session.getAttribute(PENDING_REQUEST);
- if (obj != null) {
- if (obj instanceof IRequest) {
- return (IRequest) obj;
- } else {
+ public static Map<String,IRequest> getPendingRequest(HttpSession session) {
+
+
+ Object obj = session.getAttribute(PENDING_REQUEST);
+ if (obj != null) {
+ synchronized (obj) {
+ if (obj instanceof Map<?,?>) {
+ if (((Map<?,?>) obj).size() > 0) {
+ if ( ((Map<?,?>) obj).keySet().toArray()[0] instanceof String) {
+ if (((Map<?,?>) obj).get(((Map<?,?>) obj).keySet().toArray()[0])
+ instanceof IRequest) {
+ return (Map<String, IRequest>) obj;
+
+
+
+ }
+ }
+ }
+ }
+ }
session.setAttribute(PENDING_REQUEST, null);
}
- }
- return null;
+ return null;
}
- public static void setPendingRequest(HttpSession session, IRequest request) {
+ public static void setPendingRequest(HttpSession session, Map<String, IRequest> request) {
session.setAttribute(PENDING_REQUEST, request);
}
- public static void removePendingRequest(HttpSession session) {
+ public static void removeAllPendingRequests(HttpSession session) {
session.setAttribute(PENDING_REQUEST, null);
}
+
+ public static void removePendingRequest(Map<String, IRequest> requestmap, String requestID) {
+
+ if (requestmap != null && requestID != null) {
+
+ synchronized (requestmap) {
+
+ //Map<String, IRequest> requestmap = getPendingRequest(session);
+
+ if (requestmap.containsKey(requestID)) {
+ requestmap.remove(requestID);
+ Logger.debug("Remove PendingRequest with ID " + requestID);
+
+ }
+
+ //setPendingRequest(session, requestmap);
+ }
+ }
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
index da5556b30..1f71bf8bf 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
@@ -107,11 +107,33 @@ public class AuthenticationSessionStoreage {
} catch (MOADatabaseException e) {
Logger.warn("MOASession could not be stored.");
throw new MOADatabaseException(e);
- }
-
+ }
+ }
+
+ public static void storeSession(AuthenticationSession session, String pendingRequestID) throws MOADatabaseException, BuildException {
+ try {
+ AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID());
+ dbsession.setPendingRequestID(pendingRequestID);
+
+ dbsession.setAuthenticated(session.isAuthenticated());
+ byte[] serialized = SerializationUtils.serialize(session);
+
+ dbsession.setSession(SessionEncrytionUtil.encrypt(serialized));
+
+ //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
+ dbsession.setUpdated(new Date());
+
+ MOASessionDBUtils.saveOrUpdate(dbsession);
+ Log.info("MOASession with sessionID=" + session.getSessionID() + " is stored in Database");
+
+ } catch (MOADatabaseException e) {
+ Logger.warn("MOASession could not be stored.");
+ throw new MOADatabaseException(e);
+ }
}
+
public static void destroySession(String moaSessionID) throws MOADatabaseException {
Session session = MOASessionDBUtils.getCurrentSession();
@@ -236,6 +258,7 @@ public class AuthenticationSessionStoreage {
dbsession.setSSOSession(true);
dbsession.setSSOsessionid(SSOSessionID);
dbsession.setAuthenticated(false);
+ dbsession.setPendingRequestID("");
//Store MOASession
session.saveOrUpdate(dbsession);
@@ -365,7 +388,51 @@ public class AuthenticationSessionStoreage {
}
}
+
+ public static boolean deleteSessionWithPendingRequestID(String id) {
+ MiscUtil.assertNotNull(id, "PendingRequestID");
+ Logger.trace("Delete MOAsession with PendingRequestID " + id + " from database.");
+ Session session = MOASessionDBUtils.getCurrentSession();
+
+ List<AuthenticatedSessionStore> result;
+
+ synchronized (session) {
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getSessionWithPendingRequestID");
+ query.setString("sessionid", id);
+ result = query.list();
+
+ //send transaction
+ session.getTransaction().commit();
+ }
+
+ Logger.trace("Found entries: " + result.size());
+
+ //Assertion requires an unique artifact
+ if (result.size() != 1) {
+ Logger.trace("No entries found.");
+ return false;
+
+ } else {
+ MOASessionDBUtils.delete(result.get(0));
+ return true;
+ }
+
+ }
+
+ public static String getPendingRequestID(String sessionID) {
+ try {
+ AuthenticatedSessionStore dbsession = searchInDatabase(sessionID);
+ return dbsession.getPendingRequestID();
+
+ } catch (MOADatabaseException e) {
+ Logger.warn("MOASession with ID " + sessionID + " not found");
+ return "";
+ }
+
+ }
+
public static void clean(long now, long authDataTimeOutCreated, long authDataTimeOutUpdated) {
Date expioredatecreate = new Date(now - authDataTimeOutCreated);
Date expioredateupdate = new Date(now - authDataTimeOutUpdated);