aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2013-09-26 11:32:21 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2013-09-26 11:32:21 +0200
commit1dbab6b07a8996a7f291e0ddc4b02c0d3e15a64d (patch)
tree476d55cadbb56b56d52d0ca56bb5291b3eb06ec1 /id/server/idserverlib/src/main/java/at/gv
parent2c82d41a98e2617088cdcf3db72b40d9747ae292 (diff)
downloadmoa-id-spss-1dbab6b07a8996a7f291e0ddc4b02c0d3e15a64d.tar.gz
moa-id-spss-1dbab6b07a8996a7f291e0ddc4b02c0d3e15a64d.tar.bz2
moa-id-spss-1dbab6b07a8996a7f291e0ddc4b02c0d3e15a64d.zip
-- add AssertionID to Single LogOut session information
-- split hibernate configuration into two files (moasession and statistic)
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java33
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java13
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java29
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java6
12 files changed, 55 insertions, 59 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index 75695d2db..f39fde6be 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -43,6 +43,7 @@ import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.id.util.legacy.LegacyHelper;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
public class DispatcherServlet extends AuthServlet{
@@ -329,6 +330,7 @@ public class DispatcherServlet extends AuthServlet{
SSOManager ssomanager = SSOManager.getInstance();
String moasessionID = null;
+ String newSSOSessionId = null;
AuthenticationSession moasession = null;
//get SSO Cookie for Request
@@ -398,7 +400,6 @@ public class DispatcherServlet extends AuthServlet{
}
}
-
if ((useSSOOA || isValidSSOSession)) //TODO: SSO with mandates requires an OVS extension
{
@@ -416,17 +417,13 @@ public class DispatcherServlet extends AuthServlet{
}
else {
- //TODO: maybe transmit moasessionID with http GET to handle more then one PendingRequest!
moasessionID = (String) req.getParameter(PARAM_SESSIONID);
-
-// moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(),
-// AuthenticationManager.MOA_SESSION, null);
-
+
moasession = AuthenticationSessionStoreage.getSession(moasessionID);
}
//save SSO session usage in Database
- String newSSOSessionId = ssomanager.storeSSOSessionInformations(moasessionID, protocolRequest.getOAURL());
+ newSSOSessionId = ssomanager.createSSOSessionInformations(moasessionID, protocolRequest.getOAURL());
if (newSSOSessionId != null) {
ssomanager.setSSOSessionID(req, resp, newSSOSessionId);
@@ -449,16 +446,28 @@ public class DispatcherServlet extends AuthServlet{
}
- moduleAction.processRequest(protocolRequest, req, resp, moasession);
+ String assertionID = moduleAction.processRequest(protocolRequest, req, resp, moasession);
RequestStorage.removePendingRequest(protocolRequests, protocolRequestID);
if (needAuthentication) {
- boolean isSSOSession = AuthenticationSessionStoreage.isSSOSession(moasessionID);
-
+ //boolean isSSOSession = AuthenticationSessionStoreage.isSSOSession(moasessionID);
+ boolean isSSOSession = MiscUtil.isNotEmpty(newSSOSessionId);
+
if ((useSSOOA || isSSOSession) //TODO: SSO with mandates requires an OVS extension
- && !moasession.getUseMandate())
- {
+ && !moasession.getUseMandate()) {
+
+ try {
+ //Store OA specific SSO session information
+ AuthenticationSessionStoreage.addSSOInformation(moasessionID,
+ newSSOSessionId, assertionID, protocolRequest.getOAURL());
+
+ } catch (AuthenticationException e) {
+ Logger.warn("SSO Session information can not be stored -> SSO is not enabled!");
+
+ authmanager.logout(req, resp, moasessionID);
+ isSSOSession = false;
+ }
} else {
authmanager.logout(req, resp, moasessionID);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java
index aa8a8d9a9..8a5462cc9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java
@@ -8,7 +8,7 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
public interface IAction extends MOAIDAuthConstants {
- public void processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession)
+ public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession)
throws MOAIDException;
public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
index e8639a162..78140afc4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
@@ -112,7 +112,7 @@ public class SSOManager {
}
- public String storeSSOSessionInformations(String moaSessionID, String OAUrl) {
+ public String createSSOSessionInformations(String moaSessionID, String OAUrl) {
String newSSOId = Random.nextRandom();
@@ -123,15 +123,8 @@ public class SSOManager {
return null;
}
- try {
- AuthenticationSessionStoreage.addSSOInformation(moaSessionID, newSSOId, OAUrl);
-
- return newSSOId;
-
- } catch (AuthenticationException e) {
- Logger.warn("SSO Session information can not be stored -> SSO is not enabled!");
- return null;
- }
+ return newSSOId;
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
index 59a5158bd..0fa5e3e8d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
@@ -11,12 +11,12 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler.RequestManager;
public class AuthenticationAction implements IAction {
- public void processRequest(IRequest req, HttpServletRequest httpReq,
+ public String processRequest(IRequest req, HttpServletRequest httpReq,
HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
System.out.println("Process PVP2 auth request!");
PVPTargetConfiguration pvpRequest = (PVPTargetConfiguration) req;
- RequestManager.getInstance().handle(pvpRequest.request, httpReq, httpResp, moasession);
+ return RequestManager.getInstance().handle(pvpRequest.request, httpReq, httpResp, moasession);
}
public boolean needAuthentication(IRequest req, HttpServletRequest httpReq,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
index 3d0fd80bd..beae42992 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
@@ -44,7 +44,7 @@ import at.gv.egovernment.moa.logging.Logger;
public class MetadataAction implements IAction {
- public void processRequest(IRequest req, HttpServletRequest httpReq,
+ public String processRequest(IRequest req, HttpServletRequest httpReq,
HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
try {
@@ -191,6 +191,8 @@ public class MetadataAction implements IAction {
httpResp.getOutputStream().close();
+ return null;
+
} catch (Exception e) {
Logger.error("Failed to generate metadata", e);
throw new MOAIDException("pvp2.13", null);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java
index 946f62066..313d323a3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java
@@ -1,9 +1,14 @@
package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
+import java.io.Serializable;
+
import org.opensaml.saml2.core.RequestAbstractType;
import org.opensaml.saml2.metadata.EntityDescriptor;
-public class MOARequest {
+public class MOARequest implements Serializable{
+
+ private static final long serialVersionUID = 2395131650841669663L;
+
private RequestAbstractType samlRequest;
private EntityDescriptor entityMetadata;
private boolean verified = false;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java
index d479de2d7..89c273da6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java
@@ -23,7 +23,7 @@ public class ArtifactResolution implements IRequestHandler {
return (obj.getSamlRequest() instanceof ArtifactResolve);
}
- public void process(MOARequest obj, HttpServletRequest req,
+ public String process(MOARequest obj, HttpServletRequest req,
HttpServletResponse resp, AuthenticationSession moasession) throws MOAIDException {
if (!handleObject(obj)) {
throw new MOAIDException("pvp2.13", null);
@@ -50,7 +50,8 @@ public class ArtifactResolution implements IRequestHandler {
Logger.error("Failed to resolve artifact", e);
}
}
-
+
+ return null;
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
index 1444cdecf..ed56dbaaa 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
@@ -39,7 +39,7 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
return (obj.getSamlRequest() instanceof AuthnRequest);
}
- public void process(MOARequest obj, HttpServletRequest req,
+ public String process(MOARequest obj, HttpServletRequest req,
HttpServletResponse resp, AuthenticationSession authSession) throws MOAIDException {
if (!handleObject(obj)) {
throw new MOAIDException("pvp2.13", null);
@@ -113,6 +113,8 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
binding.encodeRespone(req, resp, authResponse, oaURL);
// TODO add remoteSessionID to AuthSession ExternalPVPSessionStore
+ return assertion.getID();
+
} catch (MessageEncodingException e) {
Logger.error("Message Encoding exception", e);
throw new MOAIDException("pvp2.01", null, e);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java
index 458316c6d..c8a56e537 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java
@@ -10,6 +10,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
public interface IRequestHandler {
public boolean handleObject(MOARequest obj);
- public void process(MOARequest obj, HttpServletRequest req,
+ public String process(MOARequest obj, HttpServletRequest req,
HttpServletResponse resp, AuthenticationSession moasession) throws MOAIDException;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
index a043bfde5..50176b6dd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
@@ -31,14 +31,13 @@ public class RequestManager {
handler.add(new ArtifactResolution());
}
- public void handle(MOARequest obj, HttpServletRequest req, HttpServletResponse resp, AuthenticationSession moasession)
+ public String handle(MOARequest obj, HttpServletRequest req, HttpServletResponse resp, AuthenticationSession moasession)
throws SAMLRequestNotSupported, MOAIDException {
Iterator<IRequestHandler> it = handler.iterator();
while(it.hasNext()) {
IRequestHandler handler = it.next();
if(handler.handleObject(obj)) {
- handler.process(obj, req, resp, moasession);
- return;
+ return handler.process(obj, req, resp, moasession);
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
index 75825d92d..8dac55922 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
@@ -32,7 +32,7 @@ import at.gv.egovernment.moa.util.URLEncoder;
public class GetArtifactAction implements IAction {
- public void processRequest(IRequest req, HttpServletRequest httpReq,
+ public String processRequest(IRequest req, HttpServletRequest httpReq,
HttpServletResponse httpResp, AuthenticationSession session) throws AuthenticationException {
// HttpSession httpSession = httpReq.getSession();
@@ -117,30 +117,9 @@ public class GetArtifactAction implements IAction {
httpResp.addHeader("Location", redirectURL);
Logger.debug("REDIRECT TO: " + redirectURL);
}
- // CONFIRMATION FOR SSO!
- /*
- * OAAuthParameter oaParam =
- * AuthConfigurationProvider.getInstance().
- * getOnlineApplicationParameter(oaURL);
- *
- * String friendlyName = oaParam.getFriendlyName(); if(friendlyName
- * == null) { friendlyName = oaURL; }
- *
- *
- * LoginConfirmationBuilder builder = new
- * LoginConfirmationBuilder();
- * builder.addParameter(PARAM_SAMLARTIFACT, samlArtifactBase64);
- * String form = builder.finish(oaURL, session.getIdentityLink()
- * .getName(), friendlyName);
- */
-
- /*
- * resp.setContentType("text/html");
- *
- * OutputStream out = resp.getOutputStream();
- * out.write(form.getBytes("UTF-8")); out.flush(); out.close();
- */
+ return authData.getAssertionID();
+
} catch (WrongParametersException ex) {
// handleWrongParameters(ex, req, httpResp);
ex.printStackTrace();
@@ -163,6 +142,8 @@ public class GetArtifactAction implements IAction {
// TODO Auto-generated catch block
e.printStackTrace();
}
+
+ return null;
}
protected static String addURLParameter(String url, String paramname,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
index 89ed369f8..1089113b1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
@@ -204,7 +204,7 @@ public class AuthenticationSessionStoreage {
}
public static void addSSOInformation(String moaSessionID, String SSOSessionID,
- String OAUrl) throws AuthenticationException {
+ String assertionID, String OAUrl) throws AuthenticationException {
AuthenticatedSessionStore dbsession;
Transaction tx = null;
@@ -237,6 +237,7 @@ public class AuthenticationSessionStoreage {
activeOA.setOaurlprefix(OAUrl);
activeOA.setMoasession(dbsession);
activeOA.setCreated(new Date());
+ activeOA.setAssertionSessionID(assertionID);
List<OASessionStore> activeOAs = dbsession.getActiveOAsessions();
activeOAs.add(activeOA);
@@ -263,6 +264,9 @@ public class AuthenticationSessionStoreage {
//send transaction
tx.commit();
+
+ Logger.debug("Add SSO-Session login information for OA: " + OAUrl
+ + " and AssertionID: " + assertionID);
}
} catch (MOADatabaseException e) {