aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2013-07-12 11:06:06 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2013-07-12 11:06:06 +0200
commit31ab8aace485fb61f7c872ebaa143299c6e5dcf1 (patch)
tree41da03bf1ce918919fb73da1cecbe3baac7c9594 /id/server/idserverlib/src/main/java/at/gv/egovernment
parent4fd52221a71a7f9f7683c34cc573aa44b9adcc1c (diff)
downloadmoa-id-spss-31ab8aace485fb61f7c872ebaa143299c6e5dcf1.tar.gz
moa-id-spss-31ab8aace485fb61f7c872ebaa143299c6e5dcf1.tar.bz2
moa-id-spss-31ab8aace485fb61f7c872ebaa143299c6e5dcf1.zip
SSO Implementation
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java)111
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java57
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java70
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java170
11 files changed, 300 insertions, 141 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 19af66150..f7c0ff812 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -1850,7 +1850,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
// TODO See Bug #144
// Compare AuthBlock Data with information stored in session, especially
// date and time
-
+ CreateXMLSignatureResponseValidator.getInstance().validateSigningDateTime(csresp);
+
// compares the public keys from the identityLink with the AuthBlock
VerifyXMLSignatureResponseValidator.getInstance().validateCertificate(
vsresp, session.getIdentityLink());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java
index c41de1904..ed54683ca 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java
@@ -25,6 +25,7 @@
package at.gv.egovernment.moa.id.auth.data;
import java.io.Serializable;
+import java.util.Date;
import iaik.x509.X509Certificate;
@@ -64,6 +65,8 @@ public class VerifyXMLSignatureResponse implements Serializable{
*/
private int signatureManifestCheckCode = -1;
+ private Date signingDateTime;
+
/**
* Returns the certificateCheckCode.
* @return int
@@ -226,4 +229,13 @@ public class VerifyXMLSignatureResponse implements Serializable{
this.signatureManifestCheckCode = signatureManifestCheckCode;
}
+ public Date getSigningDateTime() {
+ return signingDateTime;
+ }
+
+ public void setSigningDateTime(Date signingDateTime) {
+ this.signingDateTime = signingDateTime;
+ }
+
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
index 16ff65477..571d4e738 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
@@ -50,8 +50,10 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.config.stork.CPEPS;
import at.gv.egovernment.moa.id.config.stork.STORKConfig;
+import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.moduls.RequestStorage;
+import at.gv.egovernment.moa.id.moduls.SSOManager;
import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.HTTPUtils;
@@ -66,103 +68,48 @@ import eu.stork.vidp.messages.exception.SAMLValidationException;
import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
import eu.stork.vidp.messages.stork.RequestedAttributes;
-/**
- * Servlet requested for starting a MOA ID authentication session.
- * Utilizes the {@link AuthenticationServer}.
- *
- * @author Paul Ivancsics
- * @version $Id$
- * @see AuthenticationServer#startAuthentication
- */
-public class StartAuthenticationServlet extends AuthServlet {
+public class LogOutServlet extends AuthServlet {
- /**
- *
- */
private static final long serialVersionUID = 3908001651893673395L;
-
-/**
- * Responds with an HTML form which upon submit requests the identity link
- * from the security layer implementation.
- * <br>
- * Response:
- * <ul>
- * <li>Content type: <code>"text/html"</code></li>
- * <li>Content: see return value of {@link AuthenticationServer#startAuthentication}</li>
- * <li>Error status: <code>500</code>
- * </ul>
- * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
- */
+ private static final String REDIRECT_URL = "redirect";
+
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
- Logger.debug("GET StartAuthentication");
-
- String sessionID = req.getParameter(PARAM_SESSIONID);
- sessionID = (String) req.getAttribute(PARAM_SESSIONID);
-
+ Logger.debug("receive LogOut Request");
+ String redirectUrl = (String) req.getParameter(REDIRECT_URL);
- try {
-
- if (StringUtils.isEmpty(sessionID))
- throw new MOAIDException("auth.18", null);
-
- sessionID = StringEscapeUtils.escapeHtml(sessionID);
-
- if (!ParamValidatorUtils.isValidSessionID(sessionID))
- throw new WrongParametersException("StartAuthentication", PARAM_SESSIONID, "auth.12");
-
- setNoCachingHeadersInHttpRespone(req, resp);
-
-
- //TODO: Load MOASession
- AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(sessionID);
+ SSOManager ssomanager = SSOManager.getInstance();
+
+ //get SSO token from request
+ String ssoid = ssomanager.getSSOSessionID(req);
- STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig();
-
- Logger.info("Starting authentication for a citizen of country: " + (StringUtils.isEmpty(moasession.getCcc()) ? "AT" : moasession.getCcc()));
- // STORK or normal authentication
- if (storkConfig.isSTORKAuthentication(moasession.getCcc())) {
- //STORK authentication
- Logger.trace("Found C-PEPS configuration for citizen of country: " + moasession.getCcc());
- Logger.debug("Starting STORK authentication");
-
- //TODO: insert sessionID to STORK!!
- AuthenticationServer.startSTORKAuthentication(req, resp, moasession);
-
- } else {
- //normal MOA-ID authentication
- Logger.debug("Starting normal MOA-ID authentication");
-
- String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(moasession, req.getScheme());
-
- resp.setContentType("text/html;charset=UTF-8");
- PrintWriter out = new PrintWriter(resp.getOutputStream());
- out.print(getIdentityLinkForm);
- out.flush();
- }
- Logger.debug("Finished GET StartAuthentication");
+ if (ssomanager.isValidSSOSession(ssoid, req)) {
+
+ //TODO: Single LogOut Implementation
+ //delete SSO session and MOA session
+ AuthenticationManager authmanager = AuthenticationManager.getInstance();
+ authmanager.logout(req, resp);
+ Logger.info("User with SSO Id " + ssoid + " is logged out and get redirect to "+ redirectUrl);
+ } else {
+ Logger.info("No active SSO session found. User is maybe logout already and get redirect to "+ redirectUrl);
}
- catch (WrongParametersException ex) {
- handleWrongParameters(ex, req, resp);
- }
-
- catch (MOAIDException ex) {
- handleError(null, ex, req, resp);
-
- } catch (MOADatabaseException e) {
- handleError(null, e, req, resp);
- }
+ //Remove SSO token
+ ssomanager.deleteSSOSessionID(req, resp);
+
+ //invalidate Session
+ req.getSession().invalidate();
+
+ //Redirect to Application
+ resp.setStatus(301);
+ resp.addHeader("Location", redirectUrl);
}
- /**
- * @see javax.servlet.http.HttpServlet#doPost(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
- */
protected void doPost(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
index e77dd30d0..115c52688 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
@@ -55,6 +55,7 @@ public class CreateXMLSignatureResponseValidator {
/** Xpath expression to the dsig:Signature element */
private static final String SIGNATURE_XPATH = Constants.DSIG_PREFIX + ":Signature";
+ private static final String XADES_SIGNINGTIME_PATH = Constants.XADES_1_1_1_NS_PREFIX + ":SigningTime";
/** Singleton instance. <code>null</code>, if none has been created. */
private static CreateXMLSignatureResponseValidator instance;
@@ -331,4 +332,11 @@ public class CreateXMLSignatureResponseValidator {
throw new ValidateException("validator.05", new Object[] {"im AUTHBlock"}) ;
}
}
+
+ public void validateSigningDateTime( CreateXMLSignatureResponse csresp) throws ValidateException {
+
+ //TODO: insert Time validation!!!!
+
+ }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
index 90282a28c..892607c16 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
@@ -35,6 +35,7 @@ import java.security.interfaces.RSAPublicKey;
import java.util.List;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
@@ -154,7 +155,7 @@ public class VerifyXMLSignatureResponseValidator {
}
}
-
+
/**
* Method validateCertificate.
* @param verifyXMLSignatureResponse The VerifyXMLSignatureResponse
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index 244197379..4c5b82db8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -1,5 +1,7 @@
package at.gv.egovernment.moa.id.entrypoints;
+import iaik.util.logging.Log;
+
import java.io.IOException;
import java.util.Iterator;
@@ -12,6 +14,7 @@ import javax.servlet.http.HttpSession;
import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
import at.gv.egovernment.moa.id.moduls.IAction;
@@ -20,11 +23,14 @@ import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.moduls.ModulStorage;
import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException;
import at.gv.egovernment.moa.id.moduls.RequestStorage;
+import at.gv.egovernment.moa.id.moduls.SSOManager;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.storage.ExceptionStoreImpl;
+import at.gv.egovernment.moa.id.util.HTTPSessionUtils;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.logging.Logger;
-public class DispatcherServlet extends AuthServlet {
+public class DispatcherServlet extends AuthServlet{
/**
*
@@ -189,7 +195,31 @@ public class DispatcherServlet extends AuthServlet {
AuthenticationManager authmanager = AuthenticationManager.getInstance();
+ SSOManager ssomanager = SSOManager.getInstance();
+
+ //get SSO Cookie for Request
+ String ssoId = ssomanager.getSSOSessionID(req);
+
if (moduleAction.needAuthentication(protocolRequest, req, resp)) {
+
+ //check SSO session
+ if (ssoId != null) {
+ String correspondingMOASession = ssomanager.existsOldSSOSession(ssoId);
+
+ if (correspondingMOASession != null) {
+ Log.warn("Request sends an old SSO Session ID("+ssoId+")! " +
+ "Invalidate the corresponding MOASession with ID="+ correspondingMOASession);
+
+ AuthenticationSessionStoreage.destroySession(correspondingMOASession);
+ ssomanager.deleteSSOSessionID(req, resp);
+ }
+ }
+
+ boolean isValidSSOSession = ssomanager.isValidSSOSession(ssoId, req);
+
+ //TODO: load useSSO from config!
+ boolean useSSOOA = true;
+
if (protocolRequest.isPassiv()
&& protocolRequest.forceAuth()) {
// conflict!
@@ -206,8 +236,7 @@ public class DispatcherServlet extends AuthServlet {
} else if (protocolRequest.isPassiv()) {
if (authmanager.tryPerformAuthentication(req,
resp)
- || authmanager.isAuthenticated(req,
- resp)) {
+ || (isValidSSOSession && useSSOOA) ) {
// Passive authentication ok!
} else {
throw new NoPassivAuthenticationException();
@@ -215,8 +244,7 @@ public class DispatcherServlet extends AuthServlet {
} else {
if (authmanager.tryPerformAuthentication(req,
resp)
- || authmanager.isAuthenticated(req,
- resp)) {
+ || (isValidSSOSession && useSSOOA) ) {
// Is authenticated .. proceed
} else {
// Start authentication!
@@ -226,11 +254,26 @@ public class DispatcherServlet extends AuthServlet {
}
}
}
-
+
moduleAction.processRequest(protocolRequest, req, resp);
+ //save SSO session usage in Database
+ String moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(),
+ AuthenticationManager.MOA_SESSION, null);
+
+ String newSSOSessionId = ssomanager.storeSSOSessionInformations(moasessionID, protocolRequest.getOAURL());
+
+ if (newSSOSessionId != null) {
+ ssomanager.setSSOSessionID(req, resp, newSSOSessionId);
+
+ } else {
+ ssomanager.deleteSSOSessionID(req, resp);
+ }
+
RequestStorage.removePendingRequest(httpSession);
- authmanager.logout(req, resp);
+
+
+ //authmanager.logout(req, resp);
} catch (Throwable e) {
e.printStackTrace();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 58fec9790..d04c0b3d5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -66,45 +66,45 @@ public class AuthenticationManager extends AuthServlet {
return null;
}
- /**
- * Checks if the session is authenticated
- *
- * @param request
- * @param response
- * @return
- */
- public boolean isAuthenticated(HttpServletRequest request,
- HttpServletResponse response) {
- Logger.info("Checking authentication");
-
- HttpSession session = request.getSession();
-
- String moaSessionID = HTTPSessionUtils.getHTTPSessionString(session, MOA_SESSION, null);
-
- if(moaSessionID == null) {
- Logger.info("NO MOA Session to logout");
- return false;
- }
-
-// AuthenticationSession authSession;
-// try {
-// authSession = AuthenticationSessionStoreage
-// .getSession(moaSessionID);
-//
-// } catch (MOADatabaseException e) {
-// Logger.info("NO MOA Authentication data for ID " + moaSessionID);
-// return false;
-// }
+// /**
+// * Checks if the session is authenticated
+// *
+// * @param request
+// * @param response
+// * @return
+// */
+// public boolean isAuthenticated(HttpServletRequest request,
+// HttpServletResponse response) {
+// Logger.info("Checking authentication");
+//
+// HttpSession session = request.getSession();
+//
+// String moaSessionID = HTTPSessionUtils.getHTTPSessionString(session, MOA_SESSION, null);
//
-// if(authSession == null) {
-// Logger.info("NO MOA Authentication data for ID " + moaSessionID);
+// if(moaSessionID == null) {
+// Logger.info("NO MOA Session to logout");
// return false;
// }
//
-// return authSession.isAuthenticated();
-
- return AuthenticationSessionStoreage.isAuthenticated(moaSessionID);
- }
+//// AuthenticationSession authSession;
+//// try {
+//// authSession = AuthenticationSessionStoreage
+//// .getSession(moaSessionID);
+////
+//// } catch (MOADatabaseException e) {
+//// Logger.info("NO MOA Authentication data for ID " + moaSessionID);
+//// return false;
+//// }
+////
+//// if(authSession == null) {
+//// Logger.info("NO MOA Authentication data for ID " + moaSessionID);
+//// return false;
+//// }
+////
+//// return authSession.isAuthenticated();
+//
+// return AuthenticationSessionStoreage.isAuthenticated(moaSessionID);
+// }
/**
* Checks if this request can authenticate a MOA Session
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index 9dcef5778..3bbb3bd2a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -174,6 +174,8 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
SPSSODescriptor spSSODescriptor = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
AssertionConsumerService consumerService = spSSODescriptor.getAssertionConsumerServices().get(assertionidx);
AttributeConsumingService attributeConsumer = spSSODescriptor.getAttributeConsumingServices().get(attributeIdx);
+
+ //TODO: maybe change to getEntityID()
String oaURL = consumerService.getLocation();
String binding = consumerService.getBinding();
String entityID = moaRequest.getEntityMetadata().getEntityID();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
index 3634c9983..2c4b7c4c5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
@@ -32,9 +32,6 @@ public class GetArtifactAction implements IAction {
AuthenticationManager authmanager = AuthenticationManager.getInstance();
AuthenticationSession session = authmanager.getAuthenticationSession(httpSession);
-
-// String oaURL = (String) httpReq.getAttribute(PARAM_OA);
-// oaURL = StringEscapeUtils.escapeHtml(oaURL);
String oaURL = (String) req.getOAURL();
String target = (String) req.getTarget();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
index 09314ba37..d6cf84d86 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -95,6 +95,8 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants {
config.setTarget(oaParam.getTarget());
+ //TODO: set reauthenticate if OA.useSSO=false
+
request.getSession().setAttribute(PARAM_OA, oaURL);
request.getSession().setAttribute(PARAM_TARGET, oaParam.getTarget());
return config;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
index 44f0563b1..8ea6a6633 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
@@ -13,6 +13,7 @@ import org.apache.commons.lang.SerializationUtils;
import org.hibernate.HibernateException;
import org.hibernate.Query;
import org.hibernate.Session;
+import org.hibernate.Transaction;
import at.gv.egovernment.moa.id.AuthenticationException;
import at.gv.egovernment.moa.id.MOAIDException;
@@ -20,6 +21,8 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.commons.db.HibernateUtil;
import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.logging.Logger;
@@ -93,16 +96,48 @@ public class AuthenticationSessionStoreage {
public static void destroySession(String moaSessionID) throws MOADatabaseException {
- try {
- AuthenticatedSessionStore dbsession = searchInDatabase(moaSessionID);
- HibernateUtil.delete(dbsession);
+ Session session = HibernateUtil.getCurrentSession();
+
+ List result;
+
+ synchronized (session) {
+
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getSessionWithID");
+ query.setString("sessionid", moaSessionID);
+ result = query.list();
+
+
+ Logger.trace("Found entries: " + result.size());
+
+ //Assertion requires an unique artifact
+ if (result.size() != 1) {
+ Logger.trace("No entries found.");
+ throw new MOADatabaseException("No session found with this sessionID");
+ }
+
+ AuthenticatedSessionStore dbsession = (AuthenticatedSessionStore) result.get(0);
- } catch (MOADatabaseException e) {
- Logger.warn("MOASession could not be destroyed.");
- throw new MOADatabaseException(e);
- }
+// //delete old SSO Session Ids
+// List<OldSSOSessionIDStore> oldssosessionids = dbsession.getOldssosessionids();
+//
+// for (OldSSOSessionIDStore oldsssid : oldssosessionids) {
+// session.delete(oldsssid);
+// }
+//
+// //delete active OA
+// List<OASessionStore> activeOAs = dbsession.getActiveOAsessions();
+//
+// for (OASessionStore activeOA : activeOAs) {
+// session.delete(activeOA);
+//
+// }
+
+ //delete MOA Session
+ session.delete(dbsession);
+ session.getTransaction().commit();
+ }
-
}
// public static void dumpSessionStore() {
@@ -141,10 +176,7 @@ public class AuthenticationSessionStoreage {
throw new AuthenticationException("TODO!", null);
}
-
-
-
-
+
// synchronized (sessionStore) {
// if (sessionStore.containsKey(session.getSessionID())) {
// AuthenticationSession theSession = sessionStore.get(session
@@ -163,6 +195,77 @@ public class AuthenticationSessionStoreage {
// throw new AuthenticationException("TODO!", null);
}
+ public static void addSSOInformation(String moaSessionID, String SSOSessionID,
+ String OAUrl) throws AuthenticationException {
+
+ AuthenticatedSessionStore dbsession;
+ Transaction tx = null;
+
+ try {
+
+ Session session = HibernateUtil.getCurrentSession();
+ List result;
+
+ synchronized (session) {
+
+ tx = session.beginTransaction();
+ Query query = session.getNamedQuery("getSessionWithID");
+ query.setString("sessionid", moaSessionID);
+ result = query.list();
+
+
+ Logger.trace("Found entries: " + result.size());
+
+ //Assertion requires an unique artifact
+ if (result.size() != 1) {
+ Logger.trace("No entries found.");
+ throw new MOADatabaseException("No session found with this sessionID");
+ }
+
+ dbsession = (AuthenticatedSessionStore) result.get(0);
+
+ //set active OA applications
+ OASessionStore activeOA = new OASessionStore();
+ activeOA.setOaurlprefix(OAUrl);
+ activeOA.setMoasession(dbsession);
+ activeOA.setCreated(new Date());
+
+ List<OASessionStore> activeOAs = dbsession.getActiveOAsessions();
+ activeOAs.add(activeOA);
+ dbsession.setActiveOAsessions(activeOAs);
+
+
+ //Store used SSOId
+ if (dbsession.getSSOsessionid() != null) {
+ OldSSOSessionIDStore oldSSOId = new OldSSOSessionIDStore();
+ oldSSOId.setOldsessionid(dbsession.getSSOsessionid());
+ oldSSOId.setMoasession(dbsession);
+
+ List<OldSSOSessionIDStore> oldSSOIds = dbsession.getOldssosessionids();
+ oldSSOIds.add(oldSSOId);
+ }
+
+ dbsession.setSSOSession(true);
+ dbsession.setSSOsessionid(SSOSessionID);
+
+ //Store MOASession
+ session.saveOrUpdate(dbsession);
+
+ //send transaction
+ tx.commit();
+ }
+
+ } catch (MOADatabaseException e) {
+ throw new AuthenticationException("No MOASession found with Id="+moaSessionID, null);
+
+ } catch(HibernateException e) {
+ Logger.warn("Error during database saveOrUpdate. Rollback.", e);
+ tx.rollback();
+ throw new AuthenticationException("SSO Session information can not be stored! --> SSO is deactivated", null);
+ }
+ }
+
+
public static AuthenticationSession getSession(String sessionID) throws MOADatabaseException {
try {
@@ -181,6 +284,49 @@ public class AuthenticationSessionStoreage {
}
}
+ public static boolean isValidSessionWithSSOID(String SSOId, String moaSessionId) {
+
+ MiscUtil.assertNotNull(SSOId, "moasessionID");
+ Logger.trace("Get authenticated session with SSOID " + SSOId + " from database.");
+ Session session = HibernateUtil.getCurrentSession();
+
+ List<AuthenticatedSessionStore> result;
+
+ synchronized (session) {
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getSessionWithSSOID");
+ query.setString("sessionid", SSOId);
+ result = query.list();
+
+ //send transaction
+ session.getTransaction().commit();
+ }
+
+ Logger.trace("Found entries: " + result.size());
+
+ //Assertion requires an unique artifact
+ if (result.size() != 1) {
+ Logger.trace("No entries found.");
+ return false;
+
+ } else {
+ AuthenticatedSessionStore dbsession = result.get(0);
+
+
+ if (dbsession.getSessionid().equals(moaSessionId) && dbsession.isAuthenticated()) {
+ Log.info("Found SSO Session Cookie for MOA Session =" + moaSessionId);
+ return true;
+
+ } else {
+ Log.warn("Found SSO Session with ID="+ dbsession.getSessionid()
+ + " but this Session does not match to MOA Sesson ID=" + moaSessionId);
+ }
+
+ return false;
+ }
+
+ }
+
public static void clean(long now, long authDataTimeOut) {
Date expioredate = new Date(now - authDataTimeOut);