aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2014-03-10 08:42:26 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2014-03-10 08:42:26 +0100
commit333ed628cc5be8dfbece822d9caff0a8fe49438a (patch)
tree39087b12c94a5efca9853a74a05631499a830969 /id/server/idserverlib/src/main
parent56ce62018a9f29f54991d7ea26c74da86305ee0a (diff)
downloadmoa-id-spss-333ed628cc5be8dfbece822d9caff0a8fe49438a.tar.gz
moa-id-spss-333ed628cc5be8dfbece822d9caff0a8fe49438a.tar.bz2
moa-id-spss-333ed628cc5be8dfbece822d9caff0a8fe49438a.zip
Improvement for cluster operations
- only use http GET parameter for session management and no information from browser sessions.
Diffstat (limited to 'id/server/idserverlib/src/main')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java18
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java62
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java3
5 files changed, 67 insertions, 20 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
index 7c96c2194..83d0ced20 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
@@ -52,6 +52,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.stork.STORKException;
import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor;
import at.gv.egovernment.moa.id.auth.stork.VelocityProvider;
@@ -62,6 +63,7 @@ import at.gv.egovernment.moa.id.moduls.ModulUtils;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.HTTPUtils;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.StringUtils;
import at.gv.util.xsd.xmldsig.SignatureType;
@@ -123,9 +125,18 @@ public class PEPSConnectorServlet extends AuthServlet {
Logger.error("MOA-SessionID was not found, no previous AuthnRequest had been started");
throw new AuthenticationException("auth.02", new Object[] { moaSessionID });
}
-
+
+ if (!ParamValidatorUtils.isValidSessionID(moaSessionID))
+ throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID, "auth.12");
+
pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID);
+ //load MOASession from database
+ AuthenticationSession moaSession = AuthenticationServer.getSession(moaSessionID);
+
+ //change MOASessionID
+ moaSessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
+
Logger.info("Found MOA sessionID: " + moaSessionID);
Logger.debug("Beginning to extract SAMLResponse out of HTTP Request");
@@ -166,10 +177,7 @@ public class PEPSConnectorServlet extends AuthServlet {
}
Logger.info("Got SAML response with authentication success message.");
-
- //check if authentication request was created before
- AuthenticationSession moaSession = AuthenticationServer.getSession(moaSessionID);
-
+
Logger.debug("MOA session is still valid");
STORKAuthnRequest storkAuthnRequest = moaSession.getStorkAuthnRequest();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java
index d28c5eeec..c1104f9f5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java
@@ -24,27 +24,51 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
import java.io.Serializable;
+import org.opensaml.Configuration;
import org.opensaml.saml2.core.RequestAbstractType;
+import org.opensaml.saml2.core.impl.RequestAbstractTypeMarshaller;
+import org.opensaml.saml2.core.impl.RequestAbstractTypeUnmarshaller;
import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.provider.MetadataProviderException;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.Unmarshaller;
+import org.opensaml.xml.io.UnmarshallerFactory;
+import org.opensaml.xml.io.UnmarshallingException;
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
+import at.gv.egovernment.moa.logging.Logger;
public class MOARequest implements Serializable{
private static final long serialVersionUID = 2395131650841669663L;
- private RequestAbstractType samlRequest;
- private EntityDescriptor entityMetadata;
+ private Element samlRequest;
private boolean verified = false;
-
+ private String entityID = null;
+
public MOARequest(RequestAbstractType request) {
- samlRequest = request;
+ samlRequest = request.getDOM();
}
public RequestAbstractType getSamlRequest() {
- return samlRequest;
+ UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
+ Unmarshaller unmashaller = unmarshallerFactory.getUnmarshaller(samlRequest);
+
+ try {
+ return (RequestAbstractType) unmashaller.unmarshall(samlRequest);
+
+ } catch (UnmarshallingException e) {
+ Logger.warn("AuthnRequest Unmarshaller error", e);
+ return null;
+ }
+
}
public void setSamlRequest(RequestAbstractType request) {
- this.samlRequest = request;
+ this.samlRequest = request.getDOM();
}
public boolean isVerified() {
@@ -55,13 +79,29 @@ public class MOARequest implements Serializable{
this.verified = verified;
}
- public EntityDescriptor getEntityMetadata() {
- return entityMetadata;
+ public EntityDescriptor getEntityMetadata() throws NoMetadataInformationException {
+
+ try {
+ return MOAMetadataProvider.getInstance().getEntityDescriptor(this.entityID);
+
+ } catch (MetadataProviderException e) {
+ Logger.warn("No Metadata for EntitiyID " + entityID);
+ throw new NoMetadataInformationException();
+ }
}
- public void setEntityMetadata(EntityDescriptor entityMetadata) {
- this.entityMetadata = entityMetadata;
+ /**
+ * @return the entitiyID
+ */
+ public String getEntityID() {
+ return entityID;
+ }
+
+ /**
+ * @param entitiyID the entitiyID to set
+ */
+ public void setEntityID(String entitiyID) {
+ this.entityID = entitiyID;
}
-
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
index af29054e1..d00b1cc16 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
@@ -128,7 +128,7 @@ public class PostBinding implements IDecoder, IEncoder {
MOARequest request = new MOARequest(inboundMessage);
request.setVerified(false);
- request.setEntityMetadata(messageContext.getPeerEntityMetadata());
+ request.setEntityID(messageContext.getPeerEntityMetadata().getEntityID());
return request;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
index 7c9cc6259..f09178f55 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
@@ -131,7 +131,7 @@ public class RedirectBinding implements IDecoder, IEncoder {
.getInboundMessage();
MOARequest request = new MOARequest(inboundMessage);
request.setVerified(true);
- request.setEntityMetadata(messageContext.getPeerEntityMetadata());
+ request.setEntityID(messageContext.getPeerEntityMetadata().getEntityID());
return request;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
index 4d143058b..b6ab357b8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
@@ -154,8 +154,7 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
}
- //TODO: insert!!!!!!
- if (encryptionCredentials != null && false) {
+ if (encryptionCredentials != null) {
//encrypt SAML2 assertion
try {