aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2016-02-18 11:02:55 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2016-02-18 11:02:55 +0100
commitc9370266c7553db65e9d18f7fe2a0230ab94d912 (patch)
tree041eaa2f9b715205bf377b586d4e8381887b2951 /id/server/idserverlib/src/main/java
parent98cdf5c84739362a2d41702f538c370fa3d2c86e (diff)
downloadmoa-id-spss-c9370266c7553db65e9d18f7fe2a0230ab94d912.tar.gz
moa-id-spss-c9370266c7553db65e9d18f7fe2a0230ab94d912.tar.bz2
moa-id-spss-c9370266c7553db65e9d18f7fe2a0230ab94d912.zip
refactor authentication process to use service-provider configuration from pending-request
Diffstat (limited to 'id/server/idserverlib/src/main/java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java16
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java352
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java51
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java239
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequestStorage.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java14
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java11
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java27
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java88
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java15
20 files changed, 296 insertions, 558 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
index 082ebcdcd..d76021bbd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
@@ -177,4 +177,10 @@ public class MOAIDAuthConstants extends MOAIDConstants{
public static final String PROCESSCONTEXT_INTERFEDERATION_ENTITYID = "interfederationIDPEntityID";
public static final String PROCESSCONTEXT_REQUIRELOCALAUTHENTICATION = "requireLocalAuthentication";
+ //General protocol-request data-store keys
+ public static final String AUTHPROCESS_DATA_TARGET = "authProces_Target";
+ public static final String AUTHPROCESS_DATA_TARGETFRIENDLYNAME = "authProces_TargetFriendlyName";
+ public static final String AUTHPROCESS_DATA_SECURITYLAYERTEMPLATE = "authProces_SecurityLayerTemplate";
+
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index 5bde82899..2f882f41e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -198,7 +198,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
IOAAuthParameters oaParam = null;
if (reqAttributes == null) {
//get OnlineApplication from MOA-ID-Auth configuration
- oaParam = authConfig.getOnlineApplicationParameter(oaID);
+ oaParam = protocolRequest.getOnlineApplicationConfiguration();
//build OA dynamically from STROK request if this OA is used as STORK<->PVP gateway
if (oaParam.isSTORKPVPGateway())
@@ -879,7 +879,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
VerifyXMLSignatureResponse verifyXMLSigResp = session.getXMLVerifySignatureResponse();
- authData.setIssuer(session.getAuthURL());
+ authData.setIssuer(protocolRequest.getAuthURL());
//baseID or wbpk in case of BusinessService without SSO or BusinessService SSO
authData.setIdentificationValue(identityLink.getIdentificationValue());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
index bbbfacbd1..e763c5355 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
@@ -50,9 +50,10 @@ import java.text.MessageFormat;
import java.util.Calendar;
import java.util.List;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DateTimeUtils;
import at.gv.egovernment.moa.util.StringUtils;
@@ -156,7 +157,7 @@ public class CreateXMLSignatureRequestBuilder implements Constants {
* @param session current session
* @return String representation of <code>&lt;CreateXMLSignatureRequest&gt;</code>
*/
- public String buildForeignID(String subject, OAAuthParameter oaParam, AuthenticationSession session) {
+ public String buildForeignID(String subject, IRequest pendingReq) {
String request = "";
request += "<sl:CreateXMLSignatureRequest xmlns:sl=\"http://www.buergerkarte.at/namespaces/securitylayer/1.2#\">";
@@ -165,7 +166,7 @@ public class CreateXMLSignatureRequestBuilder implements Constants {
request += "<sl:DataObject>";
request += "<sl:XMLContent>";
- request += buildForeignIDTextToBeSigned(subject, oaParam, session);
+ request += buildForeignIDTextToBeSigned(subject,pendingReq);
request += "</sl:XMLContent>";
request += "</sl:DataObject>";
@@ -180,9 +181,10 @@ public class CreateXMLSignatureRequestBuilder implements Constants {
return request;
}
- public static String buildForeignIDTextToBeSigned(String subject, OAAuthParameter oaParam, AuthenticationSession session) {
-
- String target = session.getTarget();
+ public static String buildForeignIDTextToBeSigned(String subject, IRequest pendingReq) {
+ IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
+ String target = pendingReq.getGenericData(
+ MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class);
String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(target);
Calendar cal = Calendar.getInstance();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index 3849eb8a2..196415ddc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -75,53 +75,12 @@ public class AuthenticationSession implements Serializable {
private String sessionID;
private Date sessionCreated = null;
-
- /**
- * "Gesch&auml;ftsbereich" the online application belongs to; maybe <code>null</code> if the
- * online application is a business application
- */
- private String target;
- /**
- * Friendly name for the target, if target is configured via MOA-ID configuration
- */
- private String targetFriendlyName;
-
- /**
- * SourceID
- */
- private String sourceID;
-
- /**
- * public online application URL requested
- */
- private String oaURLRequested;
- /**
- * public online application URL prefix
- */
- private String oaPublicURLPrefix;
- /**
- * URL of MOA ID authentication component
- */
- private String authURL;
- /**
- * HTML template URL
- */
- private String templateURL;
-
+
/**
* URL of the BKU
*/
private String bkuURL;
- /**
- * Indicates whether the corresponding online application is a business service or not
- */
- private boolean businessService;
-
- /**
- * Indicates whether the corresponding online application is a stork service or not
- */
- private boolean storkService;
// Store Mandate
/**
@@ -132,11 +91,6 @@ public class AuthenticationSession implements Serializable {
private boolean isOW = false;
/**
- * STORK
- */
- private String ccc;
-
- /**
*
* Mandate element
*/
@@ -158,12 +112,6 @@ public class AuthenticationSession implements Serializable {
*/
private IdentityLink identityLink;
- // /**
- // * timestamp logging when identity link has been received
- // */
- // private Date timestampIdentityLink;
-
- // store Authblock
/**
* authentication block to be signed by the user
*/
@@ -176,11 +124,9 @@ public class AuthenticationSession implements Serializable {
*/
private String issueInstant;
- // Signer certificate
/**
* Signer certificate of the foreign citizen or for mandate mode
*/
- // private X509Certificate signerCertificate;
private byte[] signerCertificate;
/**
@@ -200,26 +146,8 @@ public class AuthenticationSession implements Serializable {
* the AUTHBlock.
*/
private List<ExtendedSAMLAttribute> extendedSAMLAttributesAUTH;
-
-// /**
-// * If infobox validators are needed after signing, they can be stored in this list.
-// */
-// private List infoboxValidators;
-
- /**
- * The register and number in the register parameter in case of a business service application.
- */
- private String domainIdentifier;
-
- /**
- * This string contains all identifiers of infoboxes, the online application is configured to
- * accept. The infobox identifiers are comma separated.
- */
- private String pushInfobox;
-
+
private boolean authenticated;
-
- private boolean ssoRequested = false;
private String QAALevel = null;
@@ -228,15 +156,8 @@ public class AuthenticationSession implements Serializable {
private boolean isForeigner;
private Map<String, Object> genericSessionDataStorate = new HashedMap<String, Object>();
-
- public boolean isAuthenticated() {
- return authenticated;
- }
-
- public void setAuthenticated(boolean authenticated) {
- this.authenticated = authenticated;
- }
-
+
+
/**
* Constructor for AuthenticationSession.
*
@@ -249,6 +170,14 @@ public class AuthenticationSession implements Serializable {
}
+ public boolean isAuthenticated() {
+ return authenticated;
+ }
+
+ public void setAuthenticated(boolean authenticated) {
+ this.authenticated = authenticated;
+ }
+
public X509Certificate getSignerCertificate() {
try {
return new X509Certificate(signerCertificate);
@@ -311,24 +240,6 @@ public class AuthenticationSession implements Serializable {
}
/**
- * Returns the oaURLRequested.
- *
- * @return String
- */
- public String getOAURLRequested() {
- return oaURLRequested;
- }
-
- /**
- * Returns the oaURLRequested.
- *
- * @return String
- */
- public String getPublicOAURLPrefix() {
- return oaPublicURLPrefix;
- }
-
- /**
* Returns the BKU URL.
*
* @return String
@@ -336,54 +247,7 @@ public class AuthenticationSession implements Serializable {
public String getBkuURL() {
return bkuURL;
}
-
- /**
- * Returns the target.
- *
- * @return String
- */
- public String getTarget() {
- return target;
- }
-
- /**
- * Returns the sourceID.
- *
- * @return String
- */
- public String getSourceID() {
- return sourceID;
- }
-
- /**
- * Returns the target friendly name.
- *
- * @return String
- */
- public String getTargetFriendlyName() {
- return targetFriendlyName;
- }
-
- /**
- * Sets the oaURLRequested.
- *
- * @param oaURLRequested
- * The oaURLRequested to set
- */
- public void setOAURLRequested(String oaURLRequested) {
- this.oaURLRequested = oaURLRequested;
- }
-
- /**
- * Sets the oaPublicURLPrefix
- *
- * @param oaPublicURLPrefix
- * The oaPublicURLPrefix to set
- */
- public void setPublicOAURLPrefix(String oaPublicURLPrefix) {
- this.oaPublicURLPrefix = oaPublicURLPrefix;
- }
-
+
/**
* Sets the bkuURL
*
@@ -393,63 +257,7 @@ public class AuthenticationSession implements Serializable {
public void setBkuURL(String bkuURL) {
this.bkuURL = bkuURL;
}
-
- /**
- * Sets the target. If the target includes the target prefix, the prefix will be stripped off.
- *
- * @param target
- * The target to set
- */
- public void setTarget(String target) {
- if (target != null && target.startsWith(TARGET_PREFIX_)) {
- // If target starts with prefix "urn:publicid:gv.at:cdid+"; remove
- // prefix
- this.target = target.substring(TARGET_PREFIX_.length());
- Logger.debug("Target prefix stripped off; resulting target: " + this.target);
- } else {
- this.target = target;
- }
- }
-
- /**
- * Sets the sourceID
- *
- * @param sourceID
- * The sourceID to set
- */
- public void setSourceID(String sourceID) {
- this.sourceID = sourceID;
- }
-
- /**
- * Sets the target. If the target includes the target prefix, the prefix will be stripped off.
- *
- * @param target
- * The target to set
- */
- public void setTargetFriendlyName(String targetFriendlyName) {
- this.targetFriendlyName = targetFriendlyName;
- }
-
- /**
- * Returns the authURL.
- *
- * @return String
- */
- public String getAuthURL() {
- return authURL;
- }
-
- /**
- * Sets the authURL.
- *
- * @param authURL
- * The authURL to set
- */
- public void setAuthURL(String authURL) {
- this.authURL = authURL;
- }
-
+
/**
* Returns the authBlock.
*
@@ -469,61 +277,6 @@ public class AuthenticationSession implements Serializable {
this.authBlock = authBlock;
}
- /**
- * Returns the businessService.
- *
- * @return <code>true</code> if the corresponding online application is a business application,
- * otherwise <code>false</code>
- */
- public boolean getBusinessService() {
- return businessService;
- }
-
- /**
- * Sets the businessService variable.
- *
- * @param businessService
- * the value for setting the businessService variable.
- */
- public void setBusinessService(boolean businessService) {
- this.businessService = businessService;
- }
-
-
- /**
- * Returns the storkService.
- *
- * @return <code>true</code> if the corresponding online application is a stork application,
- * otherwise <code>false</code>
- */
- public boolean getStorkService() {
- return storkService;
- }
-
- /**
- * Sets the storkService variable.
- *
- * @param storkService
- * the value for setting the storkService variable.
- */
- public void setStorkService(boolean storkService) {
- this.storkService = storkService;
- }
-
- /**
- * @return template URL
- */
- public String getTemplateURL() {
- return templateURL;
- }
-
- /**
- * @param string
- * the template URL
- */
- public void setTemplateURL(String string) {
- templateURL = string;
- }
/**
* Returns the SAML Attributes to be appended to the AUTHBlock. Maybe <code>null</code>.
@@ -610,54 +363,6 @@ public class AuthenticationSession implements Serializable {
public void setIssueInstant(String issueInstant) {
this.issueInstant = issueInstant;
}
-
- /**
- * Returns domain identifier (the register and number in the register parameter).
- * <code>null</code> in the case of not a business service.
- *
- * @return the domainIdentifier
- */
- public String getDomainIdentifier() {
- return domainIdentifier;
- }
-
- /**
- * Sets the register and number in the register parameter if the application is a business
- * service. If the domain identifier includes the registerAndOrdNr prefix, the prefix will be
- * stripped off.
- *
- * @param domainIdentifier
- * the domain identifier to set
- */
- public void setDomainIdentifier(String domainIdentifier) {
- if (domainIdentifier != null && domainIdentifier.startsWith(REGISTERANDORDNR_PREFIX_)) {
- // If domainIdentifier starts with prefix
- // "urn:publicid:gv.at:wbpk+"; remove this prefix
- this.domainIdentifier = domainIdentifier.substring(REGISTERANDORDNR_PREFIX_.length());
- Logger.debug("Register and ordernumber prefix stripped off; resulting register string: " + this.domainIdentifier);
- } else {
- this.domainIdentifier = domainIdentifier;
- }
- }
-
- /**
- * Gets all identifiers of infoboxes, the online application is configured to accept. The
- * infobox identifiers are comma separated.
- *
- * @return the string containing infobox identifiers
- */
- public String getPushInfobox() {
- if (pushInfobox == null) return "";
- return pushInfobox;
- }
-
- /**
- * @param pushInfobox
- * the infobox identifiers to set (comma separated)
- */
- public void setPushInfobox(String pushInfobox) {
- this.pushInfobox = pushInfobox;
- }
/**
*
@@ -713,15 +418,7 @@ public class AuthenticationSession implements Serializable {
public void setMandateReferenceValue(String mandateReferenceValue) {
this.mandateReferenceValue = mandateReferenceValue;
}
-
- public String getCcc() {
- return ccc;
- }
-
- public void setCcc(String ccc) {
- this.ccc = ccc;
- }
-
+
public boolean isForeigner() {
return isForeigner;
}
@@ -745,24 +442,7 @@ public class AuthenticationSession implements Serializable {
public void setMISMandate(MISMandate mandate) {
this.mandate = mandate;
}
-
- /**
- * @return the ssoRequested
- */
-
- // TODO: SSO only allowed without mandates, actually!!!!!!
- public boolean isSsoRequested() {
- return ssoRequested && !useMandate;
- }
-
- /**
- * @param ssoRequested
- * the ssoRequested to set
- */
- public void setSsoRequested(boolean ssoRequested) {
- this.ssoRequested = ssoRequested;
- }
-
+
/**
* @return the isOW
*/
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java
index a73fd6858..66f91266f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java
@@ -7,6 +7,7 @@ import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_VALUE_CACH
import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE;
import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_VALUE_EXPIRES;
import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_VALUE_PRAGMA;
+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
@@ -29,19 +30,24 @@ import org.apache.commons.fileupload.FileItemFactory;
import org.apache.commons.fileupload.FileUploadException;
import org.apache.commons.fileupload.disk.DiskFileItemFactory;
import org.apache.commons.fileupload.servlet.ServletFileUpload;
+import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.lang3.ArrayUtils;
+import org.apache.commons.lang3.ObjectUtils;
import org.springframework.beans.factory.annotation.Autowired;
import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.moduls.IRequestStorage;
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.process.springweb.MoaIdTask;
import at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController;
import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
@@ -66,6 +72,51 @@ public abstract class AbstractAuthServletTask extends MoaIdTask {
protected static final String ERROR_CODE_PARAM = "errorid";
+ protected IRequest pendingReq = null;
+ protected AuthenticationSession moasession = null;
+
+ protected void defaultTaskInitialization(HttpServletRequest req, ExecutionContext executionContext) throws MOAIDException, MOADatabaseException {
+ String pendingRequestID = StringEscapeUtils.escapeHtml(
+ ObjectUtils.defaultIfNull(
+ (String) executionContext.get(PARAM_TARGET_PENDINGREQUESTID),
+ req.getParameter(PARAM_TARGET_PENDINGREQUESTID)));
+
+ if (MiscUtil.isEmpty(pendingRequestID)) {
+ Logger.info("No PendingRequestID received");
+ throw new MOAIDException("auth.10", new Object[]{"VerifyIdentityLink", "pendingRequestID"});
+ }
+
+ pendingReq = requestStoreage.getPendingRequest(pendingRequestID);
+
+ if (pendingReq == null) {
+ Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");
+ throw new MOAIDException("auth.28", new Object[]{pendingRequestID});
+
+ }
+
+ //change pending-request ID
+ String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq);
+ executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID);
+
+ try {
+ moasession = authenticatedSessionStorage.getSession(pendingReq.getMOASessionIdentifier());
+
+ if (moasession == null) {
+ Logger.warn("MOASessionID is empty.");
+ throw new MOAIDException("auth.18", new Object[] {});
+ }
+
+ } catch (MOADatabaseException e) {
+ Logger.info("MOASession with SessionID=" + pendingReq.getMOASessionIdentifier() + " is not found in Database");
+ throw new MOAIDException("init.04", new Object[] { pendingReq.getMOASessionIdentifier() });
+
+ } catch (Throwable e) {
+ Logger.info("No HTTP Session found!");
+ throw new MOAIDException("auth.18", new Object[] {});
+ }
+
+ }
+
protected void handleErrorNoRedirect(String errorMessage, Throwable exceptionThrown,
HttpServletRequest req, HttpServletResponse resp) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java
index f1ab58ee0..053f5d7ff 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java
@@ -53,6 +53,7 @@ import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.moduls.RequestImpl;
@@ -103,7 +104,7 @@ public class CreateInterfedeartionRequestTask extends AbstractAuthServletTask {
try {
OAAuthParameter idp = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(idpEntityID);
- OAAuthParameter sp = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(pendingReq.getOAURL());
+ IOAAuthParameters sp = pendingReq.getOnlineApplicationConfiguration();
String requestedIDP = pendingReq.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java
index fe3e8680c..9db5baeab 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java
@@ -56,7 +56,7 @@ public class EvaluateBKUSelectionTask extends AbstractAuthServletTask {
throws TaskExecutionException {
try {
//load pending request
- String pendingReqID = request.getParameter(MOAIDAuthConstants.PARAM_SESSIONID);
+ String pendingReqID = request.getParameter(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID);
pendingReqID = StringEscapeUtils.escapeHtml(pendingReqID);
IRequest pendingReq = requestStoreage.getPendingRequest(pendingReqID);
@@ -86,7 +86,8 @@ public class EvaluateBKUSelectionTask extends AbstractAuthServletTask {
Enumeration<String> reqParamNames = request.getParameterNames();
while(reqParamNames.hasMoreElements()) {
String paramName = reqParamNames.nextElement();
- if (MiscUtil.isNotEmpty(paramName))
+ if (MiscUtil.isNotEmpty(paramName) &&
+ !MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID.equalsIgnoreCase(paramName))
executionContext.put(paramName, request.getParameter(paramName));
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java
index 1bdc132d9..cb0b63276 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java
@@ -80,7 +80,7 @@ public class GenerateBKUSelectionFrameTask extends AbstractAuthServletTask {
if (publicURLPreFix.endsWith("/"))
publicURLPreFix = publicURLPreFix.substring(0, publicURLPreFix.length() - 1);
String loginForm = LoginFormBuilder.buildLoginForm(pendingReq.requestedModule(),
- pendingReq.requestedAction(), oaParam, publicURLPreFix, MOAIDAuthConstants.PARAM_SESSIONID);
+ pendingReq.requestedAction(), oaParam, publicURLPreFix, pendingReq.getRequestID());
response.setContentType("text/html;charset=UTF-8");
PrintWriter out = new PrintWriter(response.getOutputStream());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
index 8af8ed238..3699633bd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
@@ -27,6 +27,8 @@ import java.util.List;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang.StringEscapeUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
@@ -34,8 +36,8 @@ import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
@@ -44,9 +46,12 @@ import at.gv.egovernment.moa.util.FileUtils;
import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.StringUtils;
+@Service("StartAuthentificationParameterParser")
public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
- public static void parse(AuthenticationSession moasession,
+ @Autowired AuthConfiguration authConfig;
+
+ public void parse(AuthenticationSession moasession,
String target,
String oaURL,
String bkuURL,
@@ -57,30 +62,20 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
IRequest protocolReq) throws WrongParametersException, MOAIDException {
String targetFriendlyName = null;
-
-// String sso = req.getParameter(PARAM_SSO);
-
+
// escape parameter strings
target = StringEscapeUtils.escapeHtml(target);
- //oaURL = StringEscapeUtils.escapeHtml(oaURL);
bkuURL = StringEscapeUtils.escapeHtml(bkuURL);
templateURL = StringEscapeUtils.escapeHtml(templateURL);
useMandate = StringEscapeUtils.escapeHtml(useMandate);
ccc = StringEscapeUtils.escapeHtml(ccc);
- // sso = StringEscapeUtils.escapeHtml(sso);
-
- // check parameter
-
- //pvp2.x can use general identifier (equals oaURL in SAML1)
-// if (!ParamValidatorUtils.isValidOA(oaURL))
-// throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12");
+ //validate parameters
if (!ParamValidatorUtils.isValidUseMandate(useMandate))
throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12");
if (!ParamValidatorUtils.isValidCCC(ccc))
throw new WrongParametersException("StartAuthentication", PARAM_CCC, "auth.12");
-// if (!ParamValidatorUtils.isValidUseMandate(sso))
-// throw new WrongParametersException("StartAuthentication", PARAM_SSO, "auth.12");
+
//check UseMandate flag
String useMandateString = null;
@@ -100,161 +95,98 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
//load OnlineApplication configuration
- OAAuthParameter oaParam;
- if (moasession.getPublicOAURLPrefix() != null) {
- Logger.debug("Loading OA parameters for PublicURLPrefix: " + moasession.getPublicOAURLPrefix());
- oaParam = AuthConfigurationProviderFactory.getInstance()
- .getOnlineApplicationParameter(
- moasession.getPublicOAURLPrefix());
-
- if (oaParam == null)
- throw new AuthenticationException("auth.00",
- new Object[] { moasession.getPublicOAURLPrefix() });
-
- } else {
- oaParam = AuthConfigurationProviderFactory.getInstance()
- .getOnlineApplicationParameter(oaURL);
-
- if (oaParam == null)
+ IOAAuthParameters oaParam = protocolReq.getOnlineApplicationConfiguration();
+ if (oaParam == null)
throw new AuthenticationException("auth.00",
- new Object[] { oaURL });
+ new Object[] { protocolReq.getOAURL() });
- // get target and target friendly name from config
- String targetConfig = oaParam.getTarget();
- String targetFriendlyNameConfig = oaParam.getTargetFriendlyName();
+ // get target and target friendly name from config
+ String targetConfig = oaParam.getTarget();
+ String targetFriendlyNameConfig = oaParam.getTargetFriendlyName();
- if (!oaParam.getBusinessService()) {
- if (StringUtils.isEmpty(targetConfig)
- || (protocolReq.requestedModule().equals("at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol") &&
- !StringUtils.isEmpty(target))
- ) {
- //INFO: ONLY SAML1 legacy mode
- // if SAML1 is used and target attribute is given in request
- // use requested target
- // check target parameter
- if (!ParamValidatorUtils.isValidTarget(target)) {
- Logger.error("Selected target is invalid. Using target: " + target);
- throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12");
- }
- if (MiscUtil.isNotEmpty(targetConfig))
- targetFriendlyName = targetFriendlyNameConfig;
+ if (!oaParam.getBusinessService()) {
+ if (StringUtils.isEmpty(targetConfig)
+ || (protocolReq.requestedModule().equals("at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol") &&
+ !StringUtils.isEmpty(target))
+ ) {
+ //INFO: ONLY SAML1 legacy mode
+ // if SAML1 is used and target attribute is given in request
+ // use requested target
+ // check target parameter
+ if (!ParamValidatorUtils.isValidTarget(target)) {
+ Logger.error("Selected target is invalid. Using target: " + target);
+ throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12");
+ }
+ if (MiscUtil.isNotEmpty(targetConfig))
+ targetFriendlyName = targetFriendlyNameConfig;
+
+ else {
+ String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(target);
+ if (MiscUtil.isNotEmpty(sectorName))
+ targetFriendlyName = sectorName;
else {
- String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(target);
- if (MiscUtil.isNotEmpty(sectorName))
- targetFriendlyName = sectorName;
-
- else {
- //check target contains subSector
- int delimiter = target.indexOf("-");
- if (delimiter > 0) {
- targetFriendlyName =
- TargetToSectorNameMapper.getSectorNameViaTarget(target.substring(0, delimiter));
-
- }
- }
- }
-
- } else {
- // use target from config
- target = targetConfig;
- targetFriendlyName = targetFriendlyNameConfig;
+ //check target contains subSector
+ int delimiter = target.indexOf("-");
+ if (delimiter > 0) {
+ targetFriendlyName =
+ TargetToSectorNameMapper.getSectorNameViaTarget(target.substring(0, delimiter));
+
+ }
+ }
}
- moasession.setTarget(target);
- moasession.setTargetFriendlyName(targetFriendlyName);
-
+
} else {
- Logger.debug("Business: " + moasession.getBusinessService() + " stork: " + moasession.getStorkService());
- moasession.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier());
-
+ // use target from config
+ target = targetConfig;
+ targetFriendlyName = targetFriendlyNameConfig;
}
+ if (isEmpty(target))
+ throw new WrongParametersException("StartAuthentication",
+ PARAM_TARGET, "auth.05");
-// //check useSSO flag
-// String useSSOString = null;
-// boolean useSSOBoolean = false;
-// if ((sso != null) && (sso.compareTo("") != 0)) {
-// useSSOString = sso;
-// } else {
-// useSSOString = "false";
-// }
- //
-// if (useSSOString.compareToIgnoreCase("true") == 0)
-// useSSOBoolean = true;
-// else
-// useSSOBoolean = false;
-
- //moasession.setSsoRequested(useSSOBoolean);
- moasession.setSsoRequested(true && oaParam.useSSO()); //make always SSO if OA requested it!!!!
+ protocolReq.setGenericDataToSession(MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, target);
+ protocolReq.setGenericDataToSession(
+ MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, targetFriendlyName);
+ Logger.debug("Service-Provider is of type 'PublicService' with DomainIdentifier:" + target);
+
+ } else {
+ Logger.debug("Service-Provider is of type 'PrivateService' with DomainIdentifier:" + oaParam.getIdentityLinkDomainIdentifier());
- //Validate BKU URI
- List<String> allowedbkus = oaParam.getBKUURL();
- allowedbkus.addAll(AuthConfigurationProviderFactory.getInstance().getDefaultBKUURLs());
- if (!ParamValidatorUtils.isValidBKUURI(bkuURL, allowedbkus))
- throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12");
-
- moasession.setBkuURL(bkuURL);
-
- if ((!oaParam.getBusinessService())) {
- if (isEmpty(target))
- throw new WrongParametersException("StartAuthentication",
- PARAM_TARGET, "auth.05");
-
- } else {
- if (useMandateBoolean) {
- Logger.error("Online-Mandate Mode for business application not supported.");
- throw new AuthenticationException("auth.17", null);
- }
- target = null;
- targetFriendlyName = null;
+ if (useMandateBoolean) {
+ Logger.error("Online-Mandate Mode for business application not supported.");
+ throw new AuthenticationException("auth.17", null);
}
- moasession.setPublicOAURLPrefix(oaParam.getPublicURLPrefix());
- moasession.setBusinessService(oaParam.getBusinessService());
-
- //moasession.setStorkService(oaParam.getStorkService());
- }
-
- //check OnlineApplicationURL
- if (isEmpty(oaURL))
- throw new WrongParametersException("StartAuthentication",
- PARAM_OA, "auth.05");
- moasession.setOAURLRequested(oaURL);
-
- //check AuthURL
- String authURL = protocolReq.getAuthURL();
- if (!authURL.startsWith("https:") && !AuthConfigurationProviderFactory.getInstance().isHTTPAuthAllowed())
- throw new AuthenticationException("auth.07",
- new Object[] { authURL + "*" });
-
- //set Auth URL from configuration
- moasession.setAuthURL(authURL);
-
- //check and set SourceID
- if (oaParam.getSAML1Parameter() != null) {
- String sourceID = oaParam.getSAML1Parameter().getSourceID();
- if (MiscUtil.isNotEmpty(sourceID))
- moasession.setSourceID(sourceID);
}
-
+
+ //Validate BKU URI
+ List<String> allowedbkus = oaParam.getBKUURL();
+ allowedbkus.addAll(authConfig.getDefaultBKUURLs());
+ if (!ParamValidatorUtils.isValidBKUURI(bkuURL, allowedbkus))
+ throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12");
+ moasession.setBkuURL(bkuURL);
+
+ //validate securityLayer-template
if (MiscUtil.isEmpty(templateURL)) {
List<String> templateURLList = oaParam.getTemplateURL();
List<String> defaulTemplateURLList =
- AuthConfigurationProviderFactory.getInstance().getSLRequestTemplates();
+ authConfig.getSLRequestTemplates();
if ( templateURLList != null && templateURLList.size() > 0
&& MiscUtil.isNotEmpty(templateURLList.get(0)) ) {
templateURL = FileUtils.makeAbsoluteURL(
oaParam.getTemplateURL().get(0),
- AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir());
+ authConfig.getRootConfigFileDir());
Logger.info("No SL-Template in request, load SL-Template from OA configuration (URL: " + templateURL + ")");
} else if ( (defaulTemplateURLList.size() > 0) && MiscUtil.isNotEmpty(defaulTemplateURLList.get(0))) {
templateURL = FileUtils.makeAbsoluteURL(
defaulTemplateURLList.get(0),
- AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir());
+ authConfig.getRootConfigFileDir());
Logger.info("No SL-Template in request, load SL-Template from general configuration (URL: " + templateURL + ")");
} else {
@@ -267,13 +199,22 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
if (!ParamValidatorUtils.isValidTemplate(req, templateURL, oaParam.getTemplateURL()))
throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12");
- moasession.setTemplateURL(templateURL);
-
- moasession.setCcc(ccc);
-
+ protocolReq.setGenericDataToSession(
+ MOAIDAuthConstants.AUTHPROCESS_DATA_SECURITYLAYERTEMPLATE,
+ templateURL);
+
+
+ //validate SSO functionality
+ String domainIdentifier = authConfig.getSSOTagetIdentifier().trim();
+ if (MiscUtil.isEmpty(domainIdentifier) && protocolReq.needSingleSignOnFunctionality()) {
+ //do not use SSO if no Target is set
+ Logger.warn("NO SSO-Target found in configuration. Single Sign-On is deaktivated!");
+ protocolReq.setNeedSingleSignOnFunctionality(false);
+
+ }
}
- public static void parse(ExecutionContext ec, HttpServletRequest req,
+ public void parse(ExecutionContext ec, HttpServletRequest req,
AuthenticationSession moasession, IRequest request) throws WrongParametersException, MOAIDException {
//get Parameters from request
@@ -294,7 +235,7 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
oaURL = request.getOAURL();
//only needed for SAML1
- String target = request.getGenericData("target", String.class);
+ String target = request.getGenericData("saml1_target", String.class);
parse(moasession, target, oaURL, bkuURL, templateURL, useMandate, ccc, req, request);
@@ -307,7 +248,7 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
* parameter
* @return true if the parameter is null or empty
*/
- private static boolean isEmpty(String param) {
+ private boolean isEmpty(String param) {
return param == null || param.length() == 0;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
index 48292cee1..87d41dbf1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
@@ -110,10 +110,10 @@ public class IDPSingleLogOutServlet extends AbstractController {
ssoManager.printSingleLogOutInfo(context, resp);
} catch (MOAIDException e) {
- handleErrorNoRedirect(e, req, resp);
+ handleErrorNoRedirect(e, req, resp, false);
} catch (MOADatabaseException e) {
- handleErrorNoRedirect(e, req, resp);
+ handleErrorNoRedirect(e, req, resp, false);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java
index 7f0a1c157..58034cc7b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java
@@ -66,6 +66,11 @@ public interface IOAAuthParameters {
public boolean getBusinessService();
+ /**
+ * Get target of a public service-provider
+ *
+ * @return target identifier without prefix
+ */
public String getTarget();
public String getTargetFriendlyName();
@@ -77,6 +82,8 @@ public interface IOAAuthParameters {
public boolean isRemovePBKFromAuthBlock();
/**
+ * Return the private-service domain-identifier with PreFix
+ *
* @return the identityLinkDomainIdentifier
*/
public String getIdentityLinkDomainIdentifier();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index b6df5e5c6..4131e49fc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -496,6 +496,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
AuthenticationSession moasession;
try {
moasession = authenticatedSessionStore.createSession(pendingReq);
+ pendingReq.setMOASessionIdentifier(moasession.getSessionID());
} catch (MOADatabaseException e1) {
Logger.error("Database Error! MOASession can not be created!");
@@ -514,7 +515,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
boolean leagacyMode = (legacyallowed && legacyparamavail);
executionContext.put("isLegacyRequest", leagacyMode);
- executionContext.put("performBKUSelection", leagacyMode
+ executionContext.put("performBKUSelection", !leagacyMode
&& MiscUtil.isEmpty(pendingReq.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class)));
//add leagcy parameters to context
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequestStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequestStorage.java
index 6f46edce3..d26af89a2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequestStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequestStorage.java
@@ -23,6 +23,7 @@
package at.gv.egovernment.moa.id.moduls;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
/**
* @author tlenz
@@ -36,6 +37,6 @@ public interface IRequestStorage {
public void removePendingRequest(String requestID);
- public String changePendingRequestID(IRequest pendingRequest) throws MOAIDException;
+ public String changePendingRequestID(IRequest pendingRequest) throws MOAIDException, MOADatabaseException;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java
index 66ca42398..c49df43fa 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java
@@ -44,14 +44,19 @@ public class RequestStorage implements IRequestStorage{
try {
IRequest pendingRequest = transactionStorage.get(pendingReqID, IRequest.class);
-
+ if (pendingRequest == null) {
+ Logger.info("No PendingRequst found with pendingRequestID " + pendingReqID);
+ return null;
+
+ }
+
//set transactionID and sessionID to Logger
TransactionIDUtils.setTransactionId(pendingRequest.getUniqueTransactionIdentifier());
TransactionIDUtils.setSessionId(pendingRequest.getUniqueSessionIdentifier());
return pendingRequest;
- } catch (MOADatabaseException e) {
+ } catch (MOADatabaseException | NullPointerException e) {
Logger.info("No PendingRequst found with pendingRequestID " + pendingReqID);
return null;
@@ -106,16 +111,17 @@ public class RequestStorage implements IRequestStorage{
* @see at.gv.egovernment.moa.id.storage.IRequestStorage#changePendingRequestID(at.gv.egovernment.moa.id.moduls.IRequest)
*/
@Override
- public String changePendingRequestID(IRequest pendingRequest) throws MOAIDException {
+ public String changePendingRequestID(IRequest pendingRequest) throws MOAIDException, MOADatabaseException {
if (pendingRequest instanceof RequestImpl) {
String newRequestID = Random.nextRandom();
+ String oldRequestID = pendingRequest.getRequestID();
Logger.debug("Change pendingRequestID from " + pendingRequest.getRequestID()
+ " to " + newRequestID);
((RequestImpl)pendingRequest).setRequestID(newRequestID);
- storePendingRequest(pendingRequest);
+ transactionStorage.changeKey(oldRequestID, newRequestID, pendingRequest);
return newRequestID;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
index c9a34496a..36145375b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
@@ -107,7 +107,7 @@ public class AttributQueryAction implements IAction {
List<String> attrList = addDefaultAttributes(attrQuery, authData);
//build PVP 2.1 assertion
- Assertion assertion = PVP2AssertionBuilder.buildAssertion(req.getAuthURL(), attrQuery, attrList, authData, date, authData.getSessionIndex());
+ Assertion assertion = PVP2AssertionBuilder.buildAssertion(req, attrQuery, attrList, authData, date, authData.getSessionIndex());
//build PVP 2.1 response
Response authResponse = AuthResponseBuilder.buildResponse(req.getAuthURL(), attrQuery, date, assertion);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
index 07367e1d0..181e89806 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
@@ -36,8 +36,6 @@ import org.opensaml.saml2.metadata.RequestedAttribute;
import org.opensaml.saml2.metadata.SPSSODescriptor;
import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.moduls.RequestImpl;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
@@ -98,9 +96,7 @@ public class PVPTargetConfiguration extends RequestImpl {
for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION)
reqAttr.put(el, "");
- try {
- OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(getOAURL());
-
+ try {
SPSSODescriptor spSSODescriptor = getRequest().getEntityMetadata().getSPSSODescriptor(SAMLConstants.SAML20P_NS);
if (spSSODescriptor.getAttributeConsumingServices() != null &&
spSSODescriptor.getAttributeConsumingServices().size() > 0) {
@@ -136,15 +132,12 @@ public class PVPTargetConfiguration extends RequestImpl {
reqAttr.put(attr.getName(), "");
}
- return AttributQueryBuilder.buildSAML2AttributeList(oa, reqAttr.keySet().iterator());
+ return AttributQueryBuilder.buildSAML2AttributeList(this.getOnlineApplicationConfiguration(), reqAttr.keySet().iterator());
} catch (NoMetadataInformationException e) {
Logger.warn("NO metadata found for Entity " + getRequest().getEntityID());
return null;
- } catch (ConfigurationException e) {
- Logger.error("Load configuration for OA " + getOAURL() + " FAILED", e);
- return null;
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
index 065118e2b..208cd67f2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
@@ -55,7 +55,6 @@ import org.opensaml.saml2.metadata.RequestedAttribute;
import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.w3c.dom.Element;
-
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
@@ -64,21 +63,18 @@ import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.data.SLOInformationImpl;
+import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.MandateAttributesNotHandleAbleException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.QAANotSupportedException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.CheckMandateAttributes;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.id.util.MandateBuilder;
import at.gv.egovernment.moa.id.util.QAALevelVerifier;
@@ -90,7 +86,7 @@ import at.gv.egovernment.moa.util.MiscUtil;
public class PVP2AssertionBuilder implements PVPConstants {
- public static Assertion buildAssertion(String authURL, AttributeQuery attrQuery,
+ public static Assertion buildAssertion(IRequest pendingReq, AttributeQuery attrQuery,
List<String> reqAttributes, IAuthData authData, DateTime date, String sessionIndex) throws ConfigurationException {
@@ -136,12 +132,12 @@ public class PVP2AssertionBuilder implements PVPConstants {
SubjectConfirmationData subjectConfirmationData = null;
- return buildGenericAssertion(authURL, attrQuery.getIssuer().getValue(), date,
+ return buildGenericAssertion(pendingReq, attrQuery.getIssuer().getValue(), date,
authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex,
new DateTime(authData.getSsoSessionValidTo().getTime()));
}
- public static Assertion buildAssertion(String authURL, AuthnRequest authnRequest,
+ public static Assertion buildAssertion(PVPTargetConfiguration pendingReq, AuthnRequest authnRequest,
IAuthData authData, EntityDescriptor peerEntity, DateTime date,
AssertionConsumerService assertionConsumerService, SLOInformationImpl sloInformation)
throws MOAIDException {
@@ -153,9 +149,7 @@ public class PVP2AssertionBuilder implements PVPConstants {
AuthnContextClassRef authnContextClassRef = SAML2Utils
.createSAMLObject(AuthnContextClassRef.class);
- OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance()
- .getOnlineApplicationParameter(
- peerEntity.getEntityID());
+ IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
if (reqAuthnContext == null) {
authnContextClassRef.setAuthnContextClassRef(authData.getQAALevel());
@@ -416,12 +410,12 @@ public class PVP2AssertionBuilder implements PVPConstants {
sloInformation.setNameIDFormat(subjectNameID.getFormat());
sloInformation.setSessionIndex(sessionIndex);
- return buildGenericAssertion(authURL, peerEntity.getEntityID(), date, authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex, subjectConfirmationData.getNotOnOrAfter());
+ return buildGenericAssertion(pendingReq, peerEntity.getEntityID(), date, authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex, subjectConfirmationData.getNotOnOrAfter());
}
/**
*
- * @param authURL IDP PublicURL PreFix
+ * @param pendingReq IDP PublicURL PreFix
* @param entityID Service Provider EntityID
* @param date
* @param authnContextClassRef
@@ -434,7 +428,7 @@ public class PVP2AssertionBuilder implements PVPConstants {
* @throws ConfigurationException
*/
- private static Assertion buildGenericAssertion(String authURL, String entityID, DateTime date,
+ private static Assertion buildGenericAssertion(IRequest pendingReq, String entityID, DateTime date,
AuthnContextClassRef authnContextClassRef, List<Attribute> attrList,
NameID subjectNameID, SubjectConfirmationData subjectConfirmationData,
String sessionIndex, DateTime isValidTo) throws ConfigurationException {
@@ -486,6 +480,7 @@ public class PVP2AssertionBuilder implements PVPConstants {
Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
+ String authURL = pendingReq.getAuthURL();
if (authURL.endsWith("/"))
authURL = authURL.substring(0, authURL.length()-1);
issuer.setValue(authURL);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
index 974d90e11..4fbca5b13 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
@@ -81,7 +81,7 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
SLOInformationImpl sloInformation = new SLOInformationImpl();
//build Assertion
- Assertion assertion = PVP2AssertionBuilder.buildAssertion(obj.getAuthURL(), authnRequest, authData,
+ Assertion assertion = PVP2AssertionBuilder.buildAssertion(obj, authnRequest, authData,
peerEntity, date, consumerService, sloInformation);
Response authResponse = AuthResponseBuilder.buildResponse(obj.getAuthURL(), authnRequest, date, assertion);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java
index f33a7549c..ff631a720 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java
@@ -53,28 +53,38 @@ public class DBTransactionStorage implements ITransactionStorage {
}
- public void put(String key, Object value) throws MOADatabaseException {
- //setup AssertionStore element
- AssertionStore element = new AssertionStore();
- element.setArtifact(key);
- element.setType(value.getClass().getName());
- element.setDatatime(new Date());
-
- //serialize the Assertion for Database storage
- byte[] data = SerializationUtils.serialize((Serializable) value);
- element.setAssertion(data);
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.storage.ITransactionStorage#changeKey(java.lang.String, java.lang.String, java.lang.Object)
+ */
+ @Override
+ public void changeKey(String oldKey, String newKey, Object value) throws MOADatabaseException {
+ //search if key already exists
+ AssertionStore element = searchInDatabase(oldKey);
+ if (element == null) {
+ Logger.info("No transaction-data with oldKey:" + oldKey
+ + " found. Process gets stopped.");
+ throw new MOADatabaseException("No transaction-data with oldKey:" + oldKey
+ + " found. Process gets stopped.");
+
+ }
- //store AssertionStore element to Database
- try {
- MOASessionDBUtils.saveOrUpdate(element);
- Logger.info(value.getClass().getName() + " with ID: " + key + " is stored in Database");
- } catch (MOADatabaseException e) {
- Logger.warn("Sessioninformation could not be stored.");
- throw new MOADatabaseException(e);
+ put(element, newKey, value);
+
+ }
+
+ public void put(String key, Object value) throws MOADatabaseException {
+ //search if key already exists
+ AssertionStore element = searchInDatabase(key);
+
+ //create a new entry if key does not exists already
+ if (element == null) {
+ element = new AssertionStore();
+
}
+ put(element, key, value);
}
-
+
public <T> T get(String key,
final Class<T> clazz) throws MOADatabaseException {
@@ -93,6 +103,9 @@ public class DBTransactionStorage implements ITransactionStorage {
AssertionStore element = searchInDatabase(key);
+ if (element == null)
+ return null;
+
if (dataTimeOut > -1) {
//check timeout
long now = new Date().getTime();
@@ -155,13 +168,18 @@ public class DBTransactionStorage implements ITransactionStorage {
try {
AssertionStore element = searchInDatabase(key);
+ if (element == null) {
+ Logger.debug("Sessioninformation not removed! (Sessioninformation with ID=" + key
+ + "not found)");
+ return;
+ }
+
cleanDelete(element);
- Logger.info("Remove stored information with ID: " + key);
+ Logger.debug("Remove stored information with ID: " + key);
} catch (MOADatabaseException e) {
- Logger.info("Sessioninformation not removed! (Sessioninformation with ID=" + key
- + "not found)");
+ Logger.info("Sessioninformation not removed! (Message:"+ e.getMessage() + ")");
} catch (HibernateException e) {
Logger.warn("Sessioninformation not removed! (Error during Database communication)", e);
@@ -206,10 +224,34 @@ public class DBTransactionStorage implements ITransactionStorage {
//Assertion requires an unique artifact
if (result.size() != 1) {
- Logger.trace("No entries found.");
- throw new MOADatabaseException("No sessioninformation found with this ID");
+ Logger.debug("No transaction information with ID:" + artifact + " found.");
+ return null;
+
}
return (AssertionStore) result.get(0);
}
+
+ private void put(AssertionStore element, String key, Object value) throws MOADatabaseException {
+ element.setArtifact(key);
+ element.setType(value.getClass().getName());
+ element.setDatatime(new Date());
+
+ //serialize the Assertion for Database storage
+ byte[] data = SerializationUtils.serialize((Serializable) value);
+ element.setAssertion(data);
+
+ //store AssertionStore element to Database
+ try {
+ MOASessionDBUtils.saveOrUpdate(element);
+ Logger.debug(value.getClass().getName() + " with ID: " + key + " is stored in Database");
+
+ } catch (MOADatabaseException e) {
+ Logger.warn("Sessioninformation could not be stored.");
+ throw new MOADatabaseException(e);
+
+ }
+
+ }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java
index d05689e68..48283d2b6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java
@@ -55,7 +55,7 @@ public interface ITransactionStorage {
*
* @param key Id which identifiers the data object
* @param clazz The class type which is stored with this key
- * @return The transaction-data object from type class
+ * @return The transaction-data object from type class, or null
* @throws MOADatabaseException In case of load operation failed
*/
public <T> T get(String key, final Class<T> clazz) throws MOADatabaseException;
@@ -66,12 +66,23 @@ public interface ITransactionStorage {
* @param key Id which identifiers the data object
* @param clazz The class type which is stored with this key
* @param Data-object timeout in [ms]
- * @return The transaction-data object from type class
+ * @return The transaction-data object from type class, or null
* @throws MOADatabaseException In case of load operation failed
* @throws AuthenticationException In case of data-object timeout occurs
*/
public <T> T get(String key, final Class<T> clazz, long dataTimeOut) throws MOADatabaseException, AuthenticationException;
+
+ /**
+ * Change the key of a data object and store it under the new key
+ *
+ * @param oldKey Old key of the data object
+ * @param newKey New key, which should be used to store the data object
+ * @param value Data object which should be stored
+ * @throws MOADatabaseException In case of store operation failed
+ */
+ public void changeKey(String oldKey, String newKey, Object value) throws MOADatabaseException;
+
/**
* Remove a data object from transaction storage
*