diff options
| author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2014-09-11 07:51:25 +0200 | 
|---|---|---|
| committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2014-09-11 07:51:25 +0200 | 
| commit | 7008b0cb31761563c268ebcb53b13e32333fd931 (patch) | |
| tree | edfed3216f91a63e184abba505b34489d113e8e2 /id/server/idserverlib/src/main/java | |
| parent | a860c3d448cc136e8733d0827a0e46b72cd431e7 (diff) | |
| download | moa-id-spss-7008b0cb31761563c268ebcb53b13e32333fd931.tar.gz moa-id-spss-7008b0cb31761563c268ebcb53b13e32333fd931.tar.bz2 moa-id-spss-7008b0cb31761563c268ebcb53b13e32333fd931.zip | |
add exact timeout validation for SSO sessions
Diffstat (limited to 'id/server/idserverlib/src/main/java')
2 files changed, 30 insertions, 19 deletions
| diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java index a7ec4dcb6..c08d77f12 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java @@ -97,32 +97,31 @@ public class IDPSingleLogOutServlet extends AuthServlet {  			return;			 -		} else if (MiscUtil.isNotEmpty(ssoid)) {			 -			if (ssomanager.isValidSSOSession(ssoid, null)) { +		} else if (MiscUtil.isNotEmpty(ssoid)) { +			try { +				if (ssomanager.isValidSSOSession(ssoid, null)) { -				AuthenticationManager authmanager = AuthenticationManager.getInstance(); -				String moaSessionID = AuthenticationSessionStoreage.getMOASessionSSOID(ssoid); +					AuthenticationManager authmanager = AuthenticationManager.getInstance(); +					String moaSessionID = AuthenticationSessionStoreage.getMOASessionSSOID(ssoid); -				if (MiscUtil.isNotEmpty(moaSessionID)) { -					AuthenticationSession authSession; -					try { -						authSession = AuthenticationSessionStoreage +					if (MiscUtil.isNotEmpty(moaSessionID)) {					 +						AuthenticationSession authSession = AuthenticationSessionStoreage  								.getSession(moaSessionID);  						if(authSession != null) {  							authmanager.performSingleLogOut(req, resp, authSession, null);  							return;  						} -						 -					} catch (MOADatabaseException e) { -						//TODO: insert error Handling -						 -					} catch (MOAIDException e) { -						// TODO Auto-generated catch block -						e.printStackTrace();  					} -				}				 -			} +				} +			} catch (MOADatabaseException e) { +				//TODO: insert error Handling +				e.printStackTrace(); +				 +			} catch (MOAIDException e) { +				// TODO Auto-generated catch block +				e.printStackTrace(); +			}				  		} else if (restartProcessObj != null && restartProcessObj instanceof String) {  			String restartProcess = (String) restartProcessObj; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java index ca3117a79..ff294dc3d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java @@ -31,6 +31,7 @@ import java.io.InputStreamReader;  import java.io.Reader;  import java.io.StringWriter;  import java.net.URI; +import java.util.Date;  import java.util.List;  import javax.servlet.http.Cookie; @@ -132,7 +133,7 @@ public class SSOManager {  	} -	public boolean isValidSSOSession(String ssoSessionID, IRequest protocolRequest) { +	public boolean isValidSSOSession(String ssoSessionID, IRequest protocolRequest) throws ConfigurationException {  		// search SSO Session  		if (ssoSessionID == null) { @@ -144,8 +145,19 @@ public class SSOManager {  		if (storedSession == null)  			return false; -		 +			  		else { +			 +			//check if session is out of lifetime +			Date now = new Date(); +			long maxSSOSessionTime = AuthConfigurationProvider.getInstance().getTimeOuts().getMOASessionCreated().longValue() * 1000;		 +			Date ssoSessionValidTo = new Date(storedSession.getCreated().getTime() + maxSSOSessionTime); +			if (now.after(ssoSessionValidTo)) { +				Logger.info("Found outdated SSO session information. Start reauthentication process ... "); +				return false; +			} +						 +			//check if request starts an interfederated SSO session  			if (protocolRequest != null &&   					protocolRequest instanceof RequestImpl &&  					storedSession.isInterfederatedSSOSession() && | 
