diff options
| author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2016-02-15 18:12:06 +0100 | 
|---|---|---|
| committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2016-02-15 18:12:06 +0100 | 
| commit | 1b7401488933f031a68dfe929b25db86279b52d2 (patch) | |
| tree | 5b6126d66845e97d962e080396b740b2935deb07 /id/server/idserverlib/src/main | |
| parent | ff8ae7727e4de105a1179288b129429a29bc07ca (diff) | |
| download | moa-id-spss-1b7401488933f031a68dfe929b25db86279b52d2.tar.gz moa-id-spss-1b7401488933f031a68dfe929b25db86279b52d2.tar.bz2 moa-id-spss-1b7401488933f031a68dfe929b25db86279b52d2.zip | |
First untested part: Refactor authentication modules and process management to Spring
Diffstat (limited to 'id/server/idserverlib/src/main')
73 files changed, 4672 insertions, 3579 deletions
| diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java index 7ac026888..17e39f766 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java @@ -27,10 +27,12 @@ import java.util.Arrays;  import java.util.Date;  import java.util.List; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; +  import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;  import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; +import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;  import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;  import at.gv.egovernment.moa.id.data.MISMandate;  import at.gv.egovernment.moa.id.moduls.IRequest; @@ -42,9 +44,10 @@ import at.gv.egovernment.moa.util.MiscUtil;   * @author tlenz   *   */ +@Service("MOAReversionLogger")  public class MOAReversionLogger { - -	private static MOAReversionLogger instance = null;  +	 +	@Autowired protected AuthConfiguration authConfig;  	private static final List<Integer> defaultEventCodes = Arrays.asList(  			MOAIDEventConstants.SESSION_CREATED,  @@ -69,17 +72,6 @@ public class MOAReversionLogger {  			MOAIDEventConstants.AUTHPROCESS_STORK_REQUESTED,  			MOAIDEventConstants.AUTHPROCESS_SERVICEPROVIDER  	); -	 -	 -	public static synchronized MOAReversionLogger getInstance() { -		if (instance == null) { -			instance = new MOAReversionLogger(); -			MOAIDEventLog.reload(); -			 -		}			 -		 -		return instance; -	}  	public void logEvent(IOAAuthParameters oaConfig,   			int eventCode, String message) { @@ -91,8 +83,8 @@ public class MOAReversionLogger {  			int eventCode) {		  			if (selectOASpecificEventCodes(oaConfig).contains(eventCode))  			MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode,  -					pendingRequest.getSessionIdentifier(),  -					pendingRequest.getRequestID())); +					pendingRequest.getUniqueSessionIdentifier(),  +					pendingRequest.getUniqueTransactionIdentifier()));  	} @@ -101,8 +93,8 @@ public class MOAReversionLogger {  		if (selectOASpecificEventCodes(oaConfig).contains(eventCode))  			MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode,  					message, -					pendingRequest.getSessionIdentifier(),  -					pendingRequest.getRequestID() +					pendingRequest.getUniqueSessionIdentifier(),  +					pendingRequest.getUniqueTransactionIdentifier()  					));  	} @@ -140,8 +132,8 @@ public class MOAReversionLogger {  	 */  	public void logEvent(IRequest pendingRequest, int eventCode) {  		MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode,  -				pendingRequest.getSessionIdentifier(),  -				pendingRequest.getRequestID())); +				pendingRequest.getUniqueSessionIdentifier(),  +				pendingRequest.getUniqueTransactionIdentifier()));  	} @@ -249,15 +241,9 @@ public class MOAReversionLogger {  	}  	public List<Integer> getDefaulttReversionsLoggingEventCodes() { -		try { -			List<Integer> configuredDefaultEventCodes = AuthConfigurationProviderFactory.getInstance().getDefaultRevisionsLogEventCodes(); -			if (configuredDefaultEventCodes != null) -				return configuredDefaultEventCodes; -			 -		} catch (ConfigurationException e) { -			Logger.error("Access to configuration FAILED.", e); -			 -		} +		List<Integer> configuredDefaultEventCodes = authConfig.getDefaultRevisionsLogEventCodes(); +		if (configuredDefaultEventCodes != null) +			return configuredDefaultEventCodes;  		return defaultEventCodes;  	} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java index 5487152cf..87b3bc9ca 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java @@ -32,6 +32,8 @@ import javax.xml.bind.JAXBException;  import javax.xml.bind.Unmarshaller;  import org.apache.commons.lang3.StringEscapeUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service;  import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;  import at.gv.e_government.reference.namespace.mandates._20040701_.Mandator; @@ -47,16 +49,16 @@ import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog;  import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;  import at.gv.egovernment.moa.id.config.ConfigurationException;  import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;  import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;  import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;  import at.gv.egovernment.moa.id.data.IAuthData;  import at.gv.egovernment.moa.id.data.MISMandate;  import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;  import at.gv.egovernment.moa.logging.Logger;  import at.gv.egovernment.moa.util.MiscUtil; +@Service("StatisticLogger")  public class StatisticLogger {  	private static final String GENERIC_LOCALBKU = ":3496/https-security-layer-request"; @@ -73,45 +75,19 @@ public class StatisticLogger {  	private static final String ERRORTYPE_MANDATE = "mandate";  	private static final String ERRORTYPE_MOAID = "moa-id";  	private static final String ERRORTYPE_SZRGW = "szrgw"; -	 -	private static StatisticLogger instance; -	 -	private boolean isAktive = false; -	 -	public static StatisticLogger getInstance() { -		if (instance == null) -			instance = new StatisticLogger(); -		return instance; -	} -	 -	private StatisticLogger() { -		try { -			AuthConfiguration config = AuthConfigurationProviderFactory.getInstance(); -			 -			if (config != null)  -				isAktive = config.isAdvancedLoggingActive();			 -			 -		} catch (ConfigurationException e) { -			Logger.error("StatisticLogger can not be inizialized", e); -		} -	} -	 +	@Autowired AuthConfiguration authConfig; +	@Autowired IAuthenticationSessionStoreage authenticatedSessionStorage; +		  	public void logSuccessOperation(IRequest protocolRequest, IAuthData authData, boolean isSSOSession) { -		if ( isAktive && protocolRequest != null && authData != null) { +		if ( authConfig.isAdvancedLoggingActive() && protocolRequest != null && authData != null) { -			OAAuthParameter dbOA = null; -			try { -				dbOA = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(protocolRequest.getOAURL()); +			IOAAuthParameters dbOA = null; +			dbOA = protocolRequest.getOnlineApplicationConfiguration(); -				if (dbOA == null) { -					Logger.warn("Advanced logging failed: OA can not be found in database."); -					return; -				} -				 -			} catch (ConfigurationException e1) { -				Logger.error("Access MOA-ID configuration FAILED.", e1); +			if (dbOA == null) { +				Logger.warn("Advanced logging failed: OA can not be found in database.");  				return;  			} @@ -221,7 +197,7 @@ public class StatisticLogger {  	}  	public void logErrorOperation(Throwable throwable) { -		if ( isAktive )  { +		if ( authConfig.isAdvancedLoggingActive() )  {  			StatisticLog dblog = new StatisticLog();  			//set actual date and time @@ -249,7 +225,7 @@ public class StatisticLogger {  	public void logErrorOperation(Throwable throwable, IRequest errorRequest) { -		if (isAktive && throwable != null && errorRequest != null) { +		if (authConfig.isAdvancedLoggingActive() && throwable != null && errorRequest != null) {  			StatisticLog dblog = new StatisticLog();  			//set actual date and time @@ -260,44 +236,45 @@ public class StatisticLogger {  			dblog.setProtocoltype(errorRequest.requestedModule());  			dblog.setProtocolsubtype(errorRequest.requestedAction()); -			try {  -				OAAuthParameter dbOA = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(errorRequest.getOAURL()); -				if (dbOA != null) { -					dblog.setOafriendlyName(dbOA.getFriendlyName()); -					dblog.setOatarget(dbOA.getTarget()); -					//dblog.setOaID(dbOA.getHjid()); -					dblog.setBusinessservice(isBusinessService(dbOA)); -					 -			 -					AuthenticationSession moasession = AuthenticationSessionStoreage.getSessionWithPendingRequestID(errorRequest.getRequestID()); +			IOAAuthParameters dbOA = errorRequest.getOnlineApplicationConfiguration(); +			if (dbOA != null) { +				dblog.setOafriendlyName(dbOA.getFriendlyName()); +				dblog.setOatarget(dbOA.getTarget()); +				//dblog.setOaID(dbOA.getHjid()); +				dblog.setBusinessservice(isBusinessService(dbOA)); +				 +				try { +					AuthenticationSession moasession = authenticatedSessionStorage. +							getSession(errorRequest.getMOASessionIdentifier());  					if (moasession != null) {  						if (MiscUtil.isNotEmpty(moasession.getBkuURL())) {  							dblog.setBkuurl(moasession.getBkuURL());  							dblog.setBkutype(findBKUType(moasession.getBkuURL(), dbOA));  						} -				 +			  						dblog.setMandatelogin(moasession.getUseMandate());  					} -			 -					generateErrorLogFormThrowable(throwable, dblog); +				} catch (MOADatabaseException e) { +					Logger.debug(e.getMessage() + " --> StatistikLog will not include MOASession information."); -			 -					try { -						StatisticLogDBUtils.saveOrUpdate(dblog); +				} + +				generateErrorLogFormThrowable(throwable, dblog); -					} catch (MOADatabaseException e) { -						Logger.warn("Statistic Log can not be stored into Database", e); -					} +				 + +				try { +					StatisticLogDBUtils.saveOrUpdate(dblog); +			 +				} catch (MOADatabaseException e) { +					Logger.warn("Statistic Log can not be stored into Database", e);  				} -			} catch (ConfigurationException e) { -				Logger.error("Access MOA-ID configuration FAILED.", e); -				return;  			}  		}  	} -	private boolean isBusinessService(OAAuthParameter dbOA) { +	private boolean isBusinessService(IOAAuthParameters dbOA) {  		if (dbOA.getOaType().equals("businessService"))  			return true; @@ -360,7 +337,7 @@ public class StatisticLogger {  	} -	private String findBKUType(String bkuURL, OAAuthParameter dbOA) { +	private String findBKUType(String bkuURL, IOAAuthParameters dbOA) {  		if (dbOA != null) {  			if (bkuURL.equals(dbOA.getBKUURL(OAAuthParameter.HANDYBKU))) @@ -376,14 +353,13 @@ public class StatisticLogger {  		Logger.trace("Staticic Log search BKUType from DefaultBKUs");  		try { -			AuthConfiguration authconfig = AuthConfigurationProviderFactory.getInstance(); -			if (bkuURL.equals(authconfig.getDefaultBKUURL(IOAAuthParameters.ONLINEBKU))) +			if (bkuURL.equals(authConfig.getDefaultBKUURL(IOAAuthParameters.ONLINEBKU)))  				return IOAAuthParameters.ONLINEBKU; -			if (bkuURL.equals(authconfig.getDefaultBKUURL(IOAAuthParameters.LOCALBKU))) +			if (bkuURL.equals(authConfig.getDefaultBKUURL(IOAAuthParameters.LOCALBKU)))  				return IOAAuthParameters.LOCALBKU; -			if (bkuURL.equals(authconfig.getDefaultBKUURL(IOAAuthParameters.HANDYBKU))) +			if (bkuURL.equals(authConfig.getDefaultBKUURL(IOAAuthParameters.HANDYBKU)))  				return IOAAuthParameters.HANDYBKU;  		} catch (ConfigurationException e) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java index 1f12675ca..a1ba00e02 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java @@ -3,6 +3,14 @@  package at.gv.egovernment.moa.id.auth; +import java.util.Date; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.storage.ITransactionStorage;  import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;  import at.gv.egovernment.moa.logging.Logger; @@ -13,22 +21,47 @@ import at.gv.egovernment.moa.logging.Logger;   * @author Paul Ivancsics   * @version $Id$   */ +@Service("AuthenticationSessionCleaner")  public class AuthenticationSessionCleaner implements Runnable { +	@Autowired private IAuthenticationSessionStoreage authenticationSessionStorage; +	@Autowired private ITransactionStorage transactionStorage; +	@Autowired protected AuthConfiguration authConfig; +	    /** interval the <code>AuthenticationSessionCleaner</code> is run in */    private static final long SESSION_CLEANUP_INTERVAL = 5 * 60; // 5 min  	/**  	 * Runs the thread. Cleans the <code>AuthenticationServer</code> session store   	 * and authentication data store from garbage, then sleeps for given interval, and restarts. + 	 *  +   	 * Cleans up expired session and authentication data stores. + 	 *      */    public void run() {      while (true) {        try {        	Logger.debug("AuthenticationSessionCleaner run"); -      	BaseAuthenticationServer.cleanup(); -      }  -      catch (Exception e) { +    		Date now = new Date(); + +    		try { +    			int sessionTimeOutCreated = authConfig.getSSOCreatedTimeOut() * 1000; +    			int sessionTimeOutUpdated = authConfig.getSSOUpdatedTimeOut() * 1000; +    			int authDataTimeOut = authConfig.getTransactionTimeOut() * 1000; + +    			//clean AuthenticationSessionStore +    			authenticationSessionStorage.clean(now, sessionTimeOutCreated, sessionTimeOutUpdated); +    						 +    			//clean TransactionStorage +    			transactionStorage.clean(now, authDataTimeOut); + +    			 +    		} catch (Exception e) { +    			Logger.error("Session cleanUp FAILED!" , e); +    			 +    		} +    		 +      } catch (Exception e) {          Logger.error(MOAIDMessageProvider.getInstance().getMessage("cleaner.01", null), e);        }        try { @@ -42,10 +75,10 @@ public class AuthenticationSessionCleaner implements Runnable {    /**     * start the sessionCleaner     */ -  public static void start() { +  public static void start(Runnable clazz) {      // start the session cleanup thread      Thread sessionCleaner = -      new Thread(new AuthenticationSessionCleaner(), "AuthenticationSessionCleaner"); +      new Thread(clazz, "AuthenticationSessionCleaner");      sessionCleaner.setName("SessionCleaner");      sessionCleaner.setDaemon(true);      sessionCleaner.setPriority(Thread.MIN_PRIORITY); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/BaseAuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/BaseAuthenticationServer.java index 5e3b6653b..1ce6fa1e9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/BaseAuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/BaseAuthenticationServer.java @@ -1,37 +1,13 @@  package at.gv.egovernment.moa.id.auth; -import java.io.UnsupportedEncodingException; -import java.util.Date; -import java.util.List; -import java.util.UUID; - -import org.opensaml.xml.util.XMLHelper; - -import org.w3c.dom.Element; +import org.springframework.beans.factory.annotation.Autowired;  import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;  import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.client.SZRGWClient; -import at.gv.egovernment.moa.id.client.SZRGWClientException;  import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.ConnectionParameter;  import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.storage.AssertionStorage; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; -import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; -import at.gv.util.xsd.mis.MandateIdentifiers; -import at.gv.util.xsd.mis.Target; -import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest; -import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest.PEPSData; -import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; -import at.gv.util.xsd.srzgw.MISType; -import at.gv.util.xsd.srzgw.MISType.Filters; +import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;  /**   * API for MOA ID Authentication Service.<br> {@link AuthenticationSession} is @@ -43,6 +19,9 @@ import at.gv.util.xsd.srzgw.MISType.Filters;   */  public abstract class BaseAuthenticationServer extends MOAIDAuthConstants { +	@Autowired private IAuthenticationSessionStoreage authenticationSessionStorage; +	@Autowired protected AuthConfiguration authConfig; +	  	/**  	 * Retrieves a session from the session store.  	 * @@ -50,11 +29,11 @@ public abstract class BaseAuthenticationServer extends MOAIDAuthConstants {  	 * @return <code>AuthenticationSession</code> stored with given session ID (never {@code null}).  	 * @throws AuthenticationException in case the session id does not reflect a valic, active session.  	 */ -	public static AuthenticationSession getSession(String id) +	public AuthenticationSession getSession(String id)  			throws AuthenticationException {  		AuthenticationSession session;  		try { -			session = AuthenticationSessionStoreage.getSession(id); +			session = authenticationSessionStorage.getSession(id);  			if (session == null)  				throw new AuthenticationException("auth.02", new Object[]{id}); @@ -68,33 +47,4 @@ public abstract class BaseAuthenticationServer extends MOAIDAuthConstants {  		}  	} -	/** -	 * Cleans up expired session and authentication data stores. -	 */ -	public static void cleanup() { -		long now = new Date().getTime(); - -		try { -			int sessionTimeOutCreated = AuthConfigurationProviderFactory.getInstance().getSSOCreatedTimeOut() * 1000; -			int sessionTimeOutUpdated = AuthConfigurationProviderFactory.getInstance().getSSOUpdatedTimeOut() * 1000; -			int authDataTimeOut = AuthConfigurationProviderFactory.getInstance().getTransactionTimeOut() * 1000; - -			//clean AuthenticationSessionStore -			AuthenticationSessionStoreage.clean(now, sessionTimeOutCreated, sessionTimeOutUpdated); -						 -			//clean AssertionStore -			AssertionStorage assertionstore = AssertionStorage.getInstance(); -			assertionstore.clean(now, authDataTimeOut); - -			//clean ExeptionStore -			DBExceptionStoreImpl exstore = DBExceptionStoreImpl.getStore(); -			exstore.clean(now, authDataTimeOut); -			 -		} catch (Exception e) { -			Logger.error("Session cleanUp FAILED!" , e); -			 -		} -		 -	} -  } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java index fa30f9ffd..082ebcdcd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java @@ -10,8 +10,6 @@ import java.util.List;  import java.util.Map;  import at.gv.egovernment.moa.id.commons.MOAIDConstants; -import at.gv.egovernment.moa.id.commons.config.persistence.MOAIDConfiguration; -  import iaik.asn1.ObjectID; @@ -35,6 +33,7 @@ public class MOAIDAuthConstants extends MOAIDConstants{    public static final String PARAM_ACTION = "ACTION";    public static final String PARAM_SSO = "SSO";    public static final String INTERFEDERATION_IDP = "interIDP"; +  public static final String PARAM_TARGET_PENDINGREQUESTID = "pendingid";    public static final String PARAM_SLOSTATUS = "status";    public static final String PARAM_SLORESTART = "restart"; @@ -130,6 +129,8 @@ public class MOAIDAuthConstants extends MOAIDConstants{    public static final String REQ_BKU_TYPE_HANDY = "handy";     public static final List<String> REQ_BKU_TYPES = Arrays.asList(REQ_BKU_TYPE_LOCAL, REQ_BKU_TYPE_ONLINE, REQ_BKU_TYPE_HANDY); +  public static final List<String> LEGACYPARAMETERWHITELIST  +  	= Arrays.asList(PARAM_TARGET, PARAM_BKU, PARAM_OA, PARAM_TEMPLATE, PARAM_USEMANDATE, PARAM_CCC, PARAM_SOURCEID);    public final static String EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION = "OIDTextualDescription";    public final static String EXT_SAML_MANDATE_OID = "OID"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java index 4a004cdf0..5968736f8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java @@ -223,7 +223,6 @@ public class MOAIDAuthInitializer implements WebApplicationInitializer {          // Initialize configuration provider         	AuthConfiguration authConf = AuthConfigurationProviderFactory.reload(rootContext); -         	//test, if MOA-ID is already configured      	authConf.getPublicURLPrefix(); @@ -245,7 +244,9 @@ public class MOAIDAuthInitializer implements WebApplicationInitializer {          // Starts the session cleaner thread to remove unpicked authentication data -        AuthenticationSessionCleaner.start(); +        AuthenticationSessionCleaner sessioncleaner = rootContext.getBean("AuthenticationSessionCleaner", AuthenticationSessionCleaner.class); +        AuthenticationSessionCleaner.start(sessioncleaner); +                  MOAGarbageCollector.start();      } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringResourceProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringResourceProvider.java index 06a1f0936..a82a958db 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringResourceProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringResourceProvider.java @@ -40,8 +40,10 @@ public class MOAIDAuthSpringResourceProvider implements SpringResourceProvider {  	public Resource[] getResourcesToLoad() {  		ClassPathResource moaidauthConfig = new ClassPathResource("/moaid.configuration.beans.xml", MOAIDAuthSpringResourceProvider.class);  		ClassPathResource configurationDBConfig = new ClassPathResource("/configuration.beans.xml", MOAIDAuthSpringResourceProvider.class); -				 -		return new Resource[] {configurationDBConfig, moaidauthConfig};		 +		ClassPathResource moaIdAuthBeans = new ClassPathResource("/moaid.authentication.beans.xml", MOAIDAuthSpringResourceProvider.class);					 +		 +		return new Resource[] {configurationDBConfig, moaidauthConfig, moaIdAuthBeans};	 +		  	}  	/* (non-Javadoc) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index fe29dd2b7..5bde82899 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -22,8 +22,6 @@   */  package at.gv.egovernment.moa.id.auth.builder; -import iaik.x509.X509Certificate; -  import java.io.ByteArrayOutputStream;  import java.io.IOException;  import java.io.InputStream; @@ -51,6 +49,8 @@ import org.opensaml.saml2.core.Response;  import org.opensaml.ws.soap.common.SOAPException;  import org.opensaml.xml.XMLObject;  import org.opensaml.xml.security.SecurityException; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service;  import org.w3c.dom.Element;  import org.w3c.dom.Node; @@ -81,7 +81,6 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;  import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;  import at.gv.egovernment.moa.id.config.ConfigurationException;  import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;  import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;  import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;  import at.gv.egovernment.moa.id.data.AuthenticationData; @@ -89,6 +88,7 @@ import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory;  import at.gv.egovernment.moa.id.data.IAuthData;  import at.gv.egovernment.moa.id.data.MISMandate;  import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.moduls.RequestImpl;  import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;  import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;  import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder; @@ -96,11 +96,12 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExt  import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;  import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;  import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;  import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;  import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient;  import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine;  import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;  import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;  import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper;  import at.gv.egovernment.moa.id.util.ParamValidatorUtils; @@ -114,14 +115,19 @@ import at.gv.util.config.EgovUtilPropertiesConfiguration;  import at.gv.util.ex.EgovUtilException;  import at.gv.util.wsdl.szr.SZRException;  import at.gv.util.xsd.szr.PersonInfoType; +import iaik.x509.X509Certificate;  /**   * @author tlenz   *   */ +@Service("AuthenticationDataBuilder")  public class AuthenticationDataBuilder extends MOAIDAuthConstants { -	public static IAuthData buildAuthenticationData(IRequest protocolRequest,  +	@Autowired private IAuthenticationSessionStoreage authenticatedSessionStorage; +	@Autowired protected AuthConfiguration authConfig; +	 +	public IAuthData buildAuthenticationData(IRequest protocolRequest,               AuthenticationSession session, List<Attribute> reqAttributes) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException { @@ -166,7 +172,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {  		}  		//reuse some parameters if it is a reauthentication  -		OASessionStore activeOA = AuthenticationSessionStoreage.searchActiveOASSOSession(session, oaID, protocolRequest.requestedModule()); +		OASessionStore activeOA = authenticatedSessionStorage.searchActiveOASSOSession(session, oaID, protocolRequest.requestedModule());  		if (activeOA != null) {  			authdata.setSessionIndex(activeOA.getAssertionSessionID());  			authdata.setNameID(activeOA.getUserNameID()); @@ -187,13 +193,12 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {  			}  		} -		InterfederationSessionStore interfIDP = AuthenticationSessionStoreage.searchInterfederatedIDPFORAttributeQueryWithSessionID(session); +		InterfederationSessionStore interfIDP = authenticatedSessionStorage.searchInterfederatedIDPFORAttributeQueryWithSessionID(session);  		IOAAuthParameters oaParam = null;				  		if (reqAttributes == null) {  			//get OnlineApplication from MOA-ID-Auth configuration -			oaParam = AuthConfigurationProviderFactory.getInstance() -					.getOnlineApplicationParameter(oaID); +			oaParam = authConfig.getOnlineApplicationParameter(oaID);  			//build OA dynamically from STROK request if this OA is used as STORK<->PVP gateway  			if (oaParam.isSTORKPVPGateway()) @@ -215,7 +220,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {  			} else {						  				//get attributes from interfederated IDP -				OAAuthParameter idp = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(interfIDP.getIdpurlprefix()); +				OAAuthParameter idp = authConfig.getOnlineApplicationParameter(interfIDP.getIdpurlprefix());  				getAuthDataFromInterfederation(authdata, session, oaParam, protocolRequest, interfIDP, idp,  reqAttributes);  				//mark attribute request as used 				 @@ -248,7 +253,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {  	 * @throws BuildException   	 * @throws DynamicOABuildException   	 */ -	public static IAuthData buildAuthenticationData(IRequest req, +	public IAuthData buildAuthenticationData(IRequest req,  			AuthenticationSession session) throws WrongParametersException, ConfigurationException, BuildException, DynamicOABuildException {  		return buildAuthenticationData(req, session, null);  	} @@ -263,7 +268,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {  	 * @param reqQueryAttr   	 * @throws ConfigurationException   	 */ -	private static void getAuthDataFromInterfederation( +	private void getAuthDataFromInterfederation(  			AuthenticationData authdata, AuthenticationSession session,  			IOAAuthParameters oaParam, IRequest req,  			InterfederationSessionStore interfIDP, OAAuthParameter idp, List<Attribute> reqQueryAttr) throws BuildException, ConfigurationException{ @@ -280,11 +285,13 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {  			//IDP is a service provider IDP and request interfederated IDP to collect attributes				  			} else {												  				//get PVP 2.1 attributes from protocol specific requested attributes -				attributs = req.getRequestedAttributes(); +				attributs = (List<Attribute>) req.getGenericData(RequestImpl.DATAID_REQUESTED_ATTRIBUTES);  			} -			Response intfResp = (Response) req.getInterfederationResponse().getResponse(); +			Response intfResp =  +					(Response) req.getGenericData( +							RequestImpl.DATAID_INTERFEDERATIOIDP_RESPONSE, MOAResponse.class).getResponse();  			AssertionAttributeExtractor extractor =   					new AssertionAttributeExtractor(intfResp);			 @@ -362,7 +369,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {  		}  	} -	private static void buildAuthDataFormInterfederationResponse( +	private  void buildAuthDataFormInterfederationResponse(  			AuthenticationData authData,   			AuthenticationSession session,   			AssertionAttributeExtractor extractor, @@ -500,7 +507,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {  			if (MiscUtil.isEmpty(authData.getIdentificationValue())) {  				Logger.info("No baseID found. Connect SZR to reveive baseID ...");				  				try { -					EgovUtilPropertiesConfiguration eGovClientsConfig = AuthConfigurationProviderFactory.getInstance().geteGovUtilsConfig(); +					EgovUtilPropertiesConfiguration eGovClientsConfig = authConfig.geteGovUtilsConfig();  					if (eGovClientsConfig != null) {  						SZRClient szrclient = new SZRClient(eGovClientsConfig); @@ -534,11 +541,6 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {  					} -				} catch (ConfigurationException e) { -					 Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e); -					throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME -							+ " or " + PVPConstants.EID_SOURCE_PIN_NAME); -					  				} catch (EgovUtilException e) {  					Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e);  					throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME @@ -843,7 +845,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {  	 * @param authData  	 * @return  	 */ -	private static boolean matchsReceivedbPKToOnlineApplication( +	private boolean matchsReceivedbPKToOnlineApplication(  			IOAAuthParameters oaParam, AuthenticationData authData) {  		String oaTarget = null; @@ -870,7 +872,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {  			return false;  	} -	private static void buildAuthDataFormMOASession(AuthenticationData authData, AuthenticationSession session,  +	private void buildAuthDataFormMOASession(AuthenticationData authData, AuthenticationSession session,   			IOAAuthParameters oaParam, IRequest protocolRequest) throws BuildException, ConfigurationException {  		IdentityLink identityLink = session.getIdentityLink(); @@ -964,11 +966,11 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {  		}  		try { -			authData.setSsoSession(AuthenticationSessionStoreage.isSSOSession(session.getSessionID())); +			authData.setSsoSession(protocolRequest.needSingleSignOnFunctionality());  			//set max. SSO session time  			if (authData.isSsoSession()) { -				long maxSSOSessionTime = AuthConfigurationProviderFactory.getInstance().getSSOCreatedTimeOut() * 1000;		 +				long maxSSOSessionTime = authConfig.getSSOCreatedTimeOut() * 1000;		  				Date ssoSessionValidTo = new Date(session.getSessionCreated().getTime() + maxSSOSessionTime);  				authData.setSsoSessionValidTo(ssoSessionValidTo); @@ -1016,7 +1018,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {  	} -	private static void buildOAspecificIdentityLink(IOAAuthParameters oaParam, AuthenticationData authData, IdentityLink idl) throws MOAIDException { +	private void buildOAspecificIdentityLink(IOAAuthParameters oaParam, AuthenticationData authData, IdentityLink idl) throws MOAIDException {  		if (oaParam.getBusinessService()) {              Element idlassertion = idl.getSamlAssertion();              //set bpk/wpbk; @@ -1033,9 +1035,8 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {  			IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();					  			Element resignedilAssertion; -			AuthConfiguration config = AuthConfigurationProviderFactory.getInstance(); -			if (config.isIdentityLinkResigning()) { -				resignedilAssertion = identitylinkresigner.resignIdentityLink(businessServiceIdl.getSamlAssertion(), config.getIdentityLinkResigningKey()); +			if (authConfig.isIdentityLinkResigning()) { +				resignedilAssertion = identitylinkresigner.resignIdentityLink(businessServiceIdl.getSamlAssertion(), authConfig.getIdentityLinkResigningKey());  			} else {  				resignedilAssertion = businessServiceIdl.getSamlAssertion();  			} @@ -1050,7 +1051,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {  	}		 -	private static void buildOAspecificbPK(IRequest protocolRequest, IOAAuthParameters oaParam, AuthenticationData authData, String baseID, String baseIDType) throws BuildException  { +	private void buildOAspecificbPK(IRequest protocolRequest, IOAAuthParameters oaParam, AuthenticationData authData, String baseID, String baseIDType) throws BuildException  {          if (oaParam.getBusinessService()) {              //since we have foreigner, wbPK is not calculated in BKU @@ -1082,7 +1083,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {          		}	              	if (saml1Requst != null && protocolRequest.getClass().isInstance(saml1Requst)) -            		target = protocolRequest.getTarget(); +            		target = protocolRequest.getGenericData("target", String.class);              	else              		target = oaParam.getTarget(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java index d4350f97b..9a2baf873 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java @@ -47,7 +47,6 @@  package at.gv.egovernment.moa.id.auth.builder;  import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;  /**   * Builds a DataURL parameter meant for the security layer implementation @@ -76,31 +75,13 @@ public class DataURLBuilder {     * @return String     */    public String buildDataURL(String authBaseURL, String authServletName, String sessionID) { - -//		String individualDataURLPrefix = null; -		String dataURL; -		 -		//is removed from config in MOA-ID 2.0 -		//check if an individual prefix is configured -//      individualDataURLPrefix = AuthConfigurationProvider.getInstance(). -//      	getGenericConfigurationParameter(AuthConfigurationProvider.INDIVIDUAL_DATA_URL_PREFIX); -//			 -//			if (null != individualDataURLPrefix) { -//				 -//				//check individualDataURLPrefix -//				if(!individualDataURLPrefix.startsWith("http")) -//					throw(new ConfigurationException("config.13", new Object[] { individualDataURLPrefix})); -// -//				//when ok then use it -//				dataURL = individualDataURLPrefix + authServletName; -//			} else -		 +		String dataURL;		  		if (!authBaseURL.endsWith("/"))  			authBaseURL += "/";  		dataURL = authBaseURL + authServletName; -    dataURL = addParameter(dataURL, MOAIDAuthConstants.PARAM_SESSIONID, sessionID); +    dataURL = addParameter(dataURL, MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, sessionID);    	return dataURL;    } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java index 99ba49d26..c22432d0d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java @@ -36,7 +36,6 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;  import at.gv.egovernment.moa.id.config.ConfigurationException;  import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;  import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;  import at.gv.egovernment.moa.id.config.stork.CPEPS;  import at.gv.egovernment.moa.id.util.FormBuildUtils;  import at.gv.egovernment.moa.logging.Logger; @@ -119,7 +118,7 @@ public class LoginFormBuilder {  			return template;  	} -	public static String buildLoginForm(String modul, String action, OAAuthParameter oaParam, String contextpath, String moaSessionID) { +	public static String buildLoginForm(String modul, String action, IOAAuthParameters oaParam, String contextpath, String moaSessionID) {  		String value = null; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index ae3ec9a9b..3849eb8a2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -36,8 +36,6 @@  package at.gv.egovernment.moa.id.auth.data; -import iaik.x509.X509Certificate; -  import java.io.Serializable;  import java.security.cert.CertificateEncodingException;  import java.security.cert.CertificateException; @@ -53,6 +51,7 @@ import at.gv.egovernment.moa.id.data.MISMandate;  import at.gv.egovernment.moa.logging.Logger;  import at.gv.egovernment.moa.util.Constants;  import at.gv.egovernment.moa.util.MiscUtil; +import iaik.x509.X509Certificate;  /**   * Session data to be stored between <code>AuthenticationServer</code> API calls. @@ -218,16 +217,7 @@ public class AuthenticationSession implements Serializable {  	 */  	private String pushInfobox; -	// private AuthenticationData authData; -	 -	// protocol selection -	private String action; -	private String modul; -	 -	private String processInstanceId; -	  	private boolean authenticated; -	private boolean authenticatedUsed = false;  	private boolean ssoRequested = false; @@ -238,31 +228,7 @@ public class AuthenticationSession implements Serializable {  	private boolean isForeigner;  	private Map<String, Object> genericSessionDataStorate = new HashedMap<String, Object>(); -	 -	public String getModul() { -		return modul; -	} -	 -	public void setModul(String modul) { -		this.modul = modul; -	} -	 -	public String getAction() { -		return action; -	} -	 -	public void setAction(String action) { -		this.action = action; -	} -	public boolean isAuthenticatedUsed() { -		return authenticatedUsed; -	} -	 -	public void setAuthenticatedUsed(boolean authenticatedUsed) { -		this.authenticatedUsed = authenticatedUsed; -	} -	  	public boolean isAuthenticated() {  		return authenticated;  	} @@ -852,22 +818,6 @@ public class AuthenticationSession implements Serializable {  		return sessionCreated;  	} -	/** -	 * Returns the identifier of the process instance associated with this moaid session. -	 * @return The process instance id (may be {@code null} if no process has been created yet). -	 */ -	public String getProcessInstanceId() { -		return processInstanceId; -	} - -	/** -	 * Sets the process instance identifier in order to associate a certain process instance with this moaid session.  -	 * @param processInstanceId The process instance id. -	 */ -	public void setProcessInstanceId(String processInstanceId) { -		this.processInstanceId = processInstanceId; -	} -  	public Map<String, Object> getGenericSessionDataStorage() {  		return genericSessionDataStorate;  	} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java index 67ddd170a..a73fd6858 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java @@ -1,6 +1,12 @@  package at.gv.egovernment.moa.id.auth.modules;
 -import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;
 +import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_CACHE_CONTROL;
 +import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_EXPIRES;
 +import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_PRAGMA;
 +import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL;
 +import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE;
 +import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_VALUE_EXPIRES;
 +import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_VALUE_PRAGMA;
  import java.io.ByteArrayOutputStream;
  import java.io.IOException;
 @@ -24,17 +30,23 @@ import org.apache.commons.fileupload.FileUploadException;  import org.apache.commons.fileupload.disk.DiskFileItemFactory;
  import org.apache.commons.fileupload.servlet.ServletFileUpload;
  import org.apache.commons.lang3.ArrayUtils;
 +import org.springframework.beans.factory.annotation.Autowired;
 +import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
  import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger;
 +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
  import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
  import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
  import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 -import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
 +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
  import at.gv.egovernment.moa.id.config.ConfigurationException;
 -import at.gv.egovernment.moa.id.entrypoints.DispatcherServlet;
 +import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
 +import at.gv.egovernment.moa.id.moduls.IRequestStorage;
  import at.gv.egovernment.moa.id.process.springweb.MoaIdTask;
 -import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl;
 -import at.gv.egovernment.moa.id.storage.IExceptionStore;
 +import at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController;
 +import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 +import at.gv.egovernment.moa.id.storage.ITransactionStorage;
 +import at.gv.egovernment.moa.id.util.Random;
  import at.gv.egovernment.moa.id.util.ServletUtils;
  import at.gv.egovernment.moa.logging.Logger;
  import at.gv.egovernment.moa.util.MiscUtil;
 @@ -45,6 +57,13 @@ import at.gv.egovernment.moa.util.MiscUtil;   */
  public abstract class AbstractAuthServletTask extends MoaIdTask {
 +	@Autowired private StatisticLogger statisticLogger;
 +	@Autowired private ITransactionStorage transactionStorage;
 +	@Autowired protected IRequestStorage requestStoreage;
 +	@Autowired protected IAuthenticationSessionStoreage authenticatedSessionStorage;
 +	@Autowired protected MOAReversionLogger revisionsLogger;
 +	@Autowired protected AuthConfiguration authConfig;
 +	
  	protected static final String ERROR_CODE_PARAM = "errorid";
  	protected void handleErrorNoRedirect(String errorMessage, Throwable exceptionThrown,
 @@ -66,11 +85,8 @@ public abstract class AbstractAuthServletTask extends MoaIdTask {  			req.setAttribute("LogLevel", "debug");
  		}
 -		
 -		StatisticLogger logger = StatisticLogger.getInstance();
 -		logger.logErrorOperation(exceptionThrown);
 -		
 -		
 +		statisticLogger.logErrorOperation(exceptionThrown);
 +				
  		// forward this to errorpage-auth.jsp where the HTML error page is
  		// generated
  		ServletContext context = req.getServletContext();
 @@ -132,31 +148,42 @@ public abstract class AbstractAuthServletTask extends MoaIdTask {  			Logger.error("Receive an internal error: Message=" + exceptionThrown.getMessage(), exceptionThrown);
  		}
 +				
 -		IExceptionStore store = DBExceptionStoreImpl.getStore();
 -		String id = store.storeException(exceptionThrown);
 -
 -		if (id != null && MiscUtil.isNotEmpty(pendingRequestID)) {
 -		
 -			String redirectURL = null;
 -
 -			redirectURL = ServletUtils.getBaseUrl(req);
 -			redirectURL += "/dispatcher?" + ERROR_CODE_PARAM + "=" + id 
 -					+ "&" + DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID;
 -		
 -			resp.setContentType("text/html");
 -			resp.setStatus(302);
 -	
 -			resp.addHeader("Location", redirectURL);		
 -			Logger.debug("REDIRECT TO: " + redirectURL);	
 -		
 -			return;
 +		try {
 +			String key = Random.nextRandom();			
 +			transactionStorage.put(key, exceptionThrown);
 -		} else {
 +			if (key != null && MiscUtil.isNotEmpty(pendingRequestID)) {		
 +				String redirectURL = null;
 +				
 +				redirectURL = ServletUtils.getBaseUrl(req) + "/";
 +				redirectURL += AbstractProtocolModulController.FINALIZEPROTOCOL_ENDPOINT 
 +								+ "?" + ERROR_CODE_PARAM + "=" + key 
 +						+ "&" + MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID;
 -			//Exception can not be stored in database
 +				resp.setContentType("text/html");
 +				resp.setStatus(302);
 +		
 +				resp.addHeader("Location", redirectURL);		
 +				Logger.debug("REDIRECT TO: " + redirectURL);	
 +					
 +				return;
 +				
 +			} else {				
 +				//Exception can not be stored in database
 +				handleErrorNoRedirect(errorMessage, exceptionThrown, req, resp);
 +			}
 +						
 +		} catch (MOADatabaseException e) {
 +			Logger.warn("Exception can not be stored to Database.", e);
  			handleErrorNoRedirect(errorMessage, exceptionThrown, req, resp);
 +			
  		}
 +
 +
 +			
 +
  	}
  	/**
 diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java new file mode 100644 index 000000000..8b02a5bf6 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java @@ -0,0 +1,68 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules; + +import at.gv.egovernment.moa.id.process.api.ExecutionContext; + +/** + * @author tlenz + * + */ +public class BKUSelectionModuleImpl implements AuthModule { + +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getPriority() +	 */ +	@Override +	public int getPriority() { +		return 0; +	} + +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext) +	 */ +	@Override +	public String selectProcess(ExecutionContext context) { +		boolean performBKUSelection = false; +		Object performBKUSelectionObj = context.get("performBKUSelection"); +		if (performBKUSelectionObj != null && performBKUSelectionObj instanceof Boolean) +			performBKUSelection = (boolean) performBKUSelectionObj; +		 +		if (performBKUSelection) +			return "BKUSelectionProcess"; +		 +		else +			return null; +		 +	} + +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getProcessDefinitions() +	 */ +	@Override +	public String[] getProcessDefinitions() { +		return new String[] { "classpath:at/gv/egovernment/moa/id/auth/modules/internal/BKUSelection.process.xml" }; +		 +	} + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java index 4a6ecd56a..f1ab58ee0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java @@ -44,9 +44,9 @@ import org.opensaml.saml2.metadata.SingleSignOnService;  import org.opensaml.saml2.metadata.provider.MetadataProviderException;  import org.opensaml.ws.message.encoder.MessageEncodingException;  import org.opensaml.xml.security.SecurityException; +import org.springframework.stereotype.Service;  import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;  import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;  import at.gv.egovernment.moa.id.auth.exception.MOAIDException;  import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; @@ -55,13 +55,12 @@ import at.gv.egovernment.moa.id.config.ConfigurationException;  import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;  import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;  import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.moduls.RequestStorage; +import at.gv.egovernment.moa.id.moduls.RequestImpl;  import at.gv.egovernment.moa.id.process.api.ExecutionContext;  import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;  import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;  import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;  import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;  import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;  import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;  import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; @@ -73,6 +72,7 @@ import at.gv.egovernment.moa.util.MiscUtil;   * @author tlenz   *   */ +@Service("CreateInterfedeartionRequestTask")  public class CreateInterfedeartionRequestTask extends AbstractAuthServletTask {  	/* (non-Javadoc) @@ -84,8 +84,8 @@ public class CreateInterfedeartionRequestTask extends AbstractAuthServletTask {  			throws TaskExecutionException {  		boolean requiredLocalAuthentication = true; -		IRequest pendingReq = RequestStorage.getPendingRequest( -				(String) executionContext.get("pendingRequestID"));	 +		IRequest pendingReq = requestStoreage.getPendingRequest( +				(String) executionContext.get(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID));	  		String idpEntityID =   				(String) executionContext.get(MOAIDAuthConstants.PROCESSCONTEXT_INTERFEDERATION_ENTITYID); @@ -105,8 +105,10 @@ public class CreateInterfedeartionRequestTask extends AbstractAuthServletTask {  			OAAuthParameter idp = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(idpEntityID);  			OAAuthParameter sp = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(pendingReq.getOAURL()); +			String requestedIDP = pendingReq.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class); +			  			if (!idp.isInderfederationIDP() || !idp.isInboundSSOInterfederationAllowed()) { -				Logger.info("Requested interfederation IDP " + pendingReq.getRequestedIDP() + " is not valid for interfederation."); +				Logger.info("Requested interfederation IDP " + requestedIDP + " is not valid for interfederation.");  				Logger.debug("isInderfederationIDP:" + String.valueOf(idp.isInderfederationIDP())  					+ " isInboundSSOAllowed:" + String.valueOf(idp.isInboundSSOInterfederationAllowed()));  				Logger.info("Switch to local authentication on this IDP ... "); @@ -252,18 +254,18 @@ public class CreateInterfedeartionRequestTask extends AbstractAuthServletTask {  					//build and send request without an error  					requiredLocalAuthentication = false; -					MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),  +					revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(),   							pendingReq, MOAIDEventConstants.AUTHPROCESS_INTERFEDERATION_IDP, idpEntity.getEntityID());  				} else { -					Logger.warn("Requested IDP " + pendingReq.getRequestedIDP()  +					Logger.warn("Requested IDP " + requestedIDP   						+ " does not support POST or Redirect Binding.");  				}  			} else { -				Logger.warn("Requested IDP " + pendingReq.getRequestedIDP()  +				Logger.warn("Requested IDP " + requestedIDP   						+ " is not found in InterFederation configuration");  			} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java new file mode 100644 index 000000000..fe3e8680c --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java @@ -0,0 +1,119 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.internal.tasks; + +import java.util.Enumeration; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang.StringEscapeUtils; +import org.springframework.stereotype.Service; + +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +@Service("EvaluateBKUSelectionTask") +public class EvaluateBKUSelectionTask extends AbstractAuthServletTask { + +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) +	 */ +	@Override +	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) +			throws TaskExecutionException {		 +		try { +			//load pending request +			String pendingReqID = request.getParameter(MOAIDAuthConstants.PARAM_SESSIONID);	    		     +			pendingReqID = StringEscapeUtils.escapeHtml(pendingReqID);						 +			IRequest pendingReq = requestStoreage.getPendingRequest(pendingReqID); +			 +			if (pendingReq == null) { +				Logger.info("No PendingRequest with Id: " + executionContext.get("pendingRequestID") + " Maybe, a transaction timeout occure."); +				throw new MOAIDException("auth.28", new Object[]{executionContext.get("pendingRequestID")}); +				 +			} +			 +			//change pending-request ID +			String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq); +			executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID); +	    	 +	    	AuthenticationSession moaSession = null; +	    	String moaSessionID = pendingReq.getMOASessionIdentifier(); +	    	try { +	    	    moaSession = authenticatedSessionStorage.getSession(moaSessionID); +	    	     +	    	    if (moaSession == null) { +					Logger.info("MOASession with SessionID="+ moaSessionID + " is not found in Database"); +					throw new MOAIDException("init.04", new Object[] { +							moaSessionID}); +	    	    	 +	    	    } +	    	   	    	     +				// set parameter execution context			 +				Enumeration<String> reqParamNames = request.getParameterNames(); +				while(reqParamNames.hasMoreElements()) { +					String paramName = reqParamNames.nextElement(); +					if (MiscUtil.isNotEmpty(paramName)) +						executionContext.put(paramName, request.getParameter(paramName)); +					 +				} +	    	     +				Logger.info("BKU is selected finished -> Start BKU communication ..."); +	    	     +			} catch (MOADatabaseException e) { +				Logger.info("MOASession with SessionID="+ moaSessionID + " is not found in Database"); +				throw new MOAIDException("init.04", new Object[] { +						moaSessionID}); +				 +			} catch (Throwable e) { +				Logger.info("No HTTP Session found!"); +				throw new MOAIDException("auth.18", new Object[] {}); +			} +	    	 +	    	 +			 +			 +		} catch (MOAIDException e) { +			throw new TaskExecutionException(e.getMessage(), e); +			 +		} catch (Exception e) { +			Logger.warn("EvaluateBKUSelectionTask has an internal error", e); +			throw new TaskExecutionException(e.getMessage(), e); +			 +		} +	} + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java index 712ebb731..ed309d85a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java @@ -22,11 +22,12 @@   */  package at.gv.egovernment.moa.id.auth.modules.internal.tasks; -import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_SESSIONID; -  import javax.servlet.http.HttpServletRequest;  import javax.servlet.http.HttpServletResponse; +import org.springframework.stereotype.Service; + +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;  import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;  import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;  import at.gv.egovernment.moa.id.auth.exception.MOAIDException; @@ -34,10 +35,9 @@ import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;  import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;  import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;  import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.moduls.ModulUtils; -import at.gv.egovernment.moa.id.moduls.RequestStorage; +import at.gv.egovernment.moa.id.moduls.RequestImpl;  import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController;  import at.gv.egovernment.moa.logging.Logger;  import at.gv.egovernment.moa.util.MiscUtil; @@ -45,6 +45,7 @@ import at.gv.egovernment.moa.util.MiscUtil;   * @author tlenz   *   */ +@Service("FinalizeAuthenticationTask")  public class FinalizeAuthenticationTask extends AbstractAuthServletTask {  	/* (non-Javadoc) @@ -56,8 +57,8 @@ public class FinalizeAuthenticationTask extends AbstractAuthServletTask {  			throws TaskExecutionException {  		try { -			IRequest pendingReq = RequestStorage.getPendingRequest( -					(String) executionContext.get("pendingRequestID"));	 +			IRequest pendingReq = requestStoreage.getPendingRequest( +					(String) executionContext.get(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID));	  			if (pendingReq == null) {  				Logger.info("No PendingRequest with Id: " + executionContext.get("pendingRequestID") + " Maybe, a transaction timeout occure."); @@ -66,7 +67,7 @@ public class FinalizeAuthenticationTask extends AbstractAuthServletTask {  			}  			//get Session from context -			String moasessionid = (String) executionContext.get(PARAM_SESSIONID); +			String moasessionid = pendingReq.getMOASessionIdentifier();  			AuthenticationSession session = null;				  			if (MiscUtil.isEmpty(moasessionid)) {  				Logger.warn("MOASessionID is empty."); @@ -74,9 +75,14 @@ public class FinalizeAuthenticationTask extends AbstractAuthServletTask {  			}  			try {			 -				session = AuthenticationSessionStoreage.getSession(moasessionid); -				AuthenticationSessionStoreage.changeSessionID(session); -							 +				session = authenticatedSessionStorage.getSession(moasessionid); +				if (session == null) { +					Logger.info("MOASession with SessionID=" + moasessionid + " is not found in Database"); +					throw new MOAIDException("init.04", new Object[] { moasessionid }); +					 +				} +					 +				  			} catch (MOADatabaseException e) {  				Logger.info("MOASession with SessionID=" + moasessionid + " is not found in Database");  				throw new MOAIDException("init.04", new Object[] { moasessionid }); @@ -86,25 +92,25 @@ public class FinalizeAuthenticationTask extends AbstractAuthServletTask {  				throw new MOAIDException("auth.18", new Object[] {});  			} finally { -				executionContext.remove(PARAM_SESSIONID); +				executionContext.remove(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID);  			} -		 -			session.setAuthenticatedUsed(false); -			session.setAuthenticated(true); - -			String oldsessionID = session.getSessionID(); +			//set MOASession to authenticated and store MOASession +			session.setAuthenticated(true); +			String newMOASessionID = authenticatedSessionStorage.changeSessionID(session); -			//Session is implicte stored in changeSessionID!!! -			String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session); +			//set pendingRequest to authenticated and set new MOASessionID			 +			((RequestImpl)pendingReq).setMOASessionIdentifier(newMOASessionID); +			pendingReq.setAuthenticated(true); +			requestStoreage.storePendingRequest(pendingReq);  			Logger.info("AuthProcess finished. Redirect to Protocol Dispatcher."); -			String redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(),  -					ModulUtils.buildAuthURL(pendingReq.requestedModule(), pendingReq.requestedAction(), pendingReq.getRequestID()), newMOASessionID); -				 +			String redirectURL = new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(),  +					AbstractProtocolModulController.FINALIZEPROTOCOL_ENDPOINT, pendingReq.getRequestID()); +							  			response.setContentType("text/html");  			response.setStatus(302);  			response.addHeader("Location", redirectURL);		 diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java new file mode 100644 index 000000000..1bdc132d9 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java @@ -0,0 +1,102 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.internal.tasks; + +import java.io.PrintWriter; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.stereotype.Service; + +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +@Service("GenerateBKUSelectionFrameTask") +public class GenerateBKUSelectionFrameTask extends AbstractAuthServletTask { + +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) +	 */ +	@Override +	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) +			throws TaskExecutionException { +		try { +			IRequest pendingReq = requestStoreage.getPendingRequest( +					(String) executionContext.get(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID)); +			 +			if (pendingReq == null) { +				Logger.info("No PendingRequest with Id: " + executionContext.get("pendingRequestID") + " Maybe, a transaction timeout occure."); +				throw new MOAIDException("auth.28", new Object[]{executionContext.get("pendingRequestID")}); +				 +			} +			 +			revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(),  +					pendingReq, MOAIDEventConstants.AUTHPROCESS_BKUSELECTION_INIT); +							 +			//load Parameters from OnlineApplicationConfiguration +			IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); +			 +			if (oaParam == null) { +				throw new AuthenticationException("auth.00", new Object[] { pendingReq.getOAURL() }); +				 +			} +						 +			//Build authentication form						 +			String publicURLPreFix = pendingReq.getAuthURL(); +			if (publicURLPreFix.endsWith("/")) +				publicURLPreFix = publicURLPreFix.substring(0, publicURLPreFix.length() - 1); +			String loginForm = LoginFormBuilder.buildLoginForm(pendingReq.requestedModule(),  +					pendingReq.requestedAction(), oaParam, publicURLPreFix, MOAIDAuthConstants.PARAM_SESSIONID); +						 +			response.setContentType("text/html;charset=UTF-8"); +			PrintWriter out = new PrintWriter(response.getOutputStream());  +			out.print(loginForm); +			out.flush();  +			 +		 +		} catch (MOAIDException e) { +			throw new TaskExecutionException(e.getMessage(), e); +			 +		} catch (Exception e) { +			Logger.warn("FinalizeAuthenticationTask has an internal error", e); +			throw new TaskExecutionException(e.getMessage(), e); +			 +		} +	 +	} + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/ReceiveInterfederationResponseTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/ReceiveInterfederationResponseTask.java index f05ff07e9..77aab8ddb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/ReceiveInterfederationResponseTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/ReceiveInterfederationResponseTask.java @@ -25,6 +25,8 @@ package at.gv.egovernment.moa.id.auth.modules.internal.tasks;  import javax.servlet.http.HttpServletRequest;  import javax.servlet.http.HttpServletResponse; +import org.springframework.stereotype.Service; +  import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;  import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;  import at.gv.egovernment.moa.id.process.api.ExecutionContext; @@ -33,6 +35,7 @@ import at.gv.egovernment.moa.id.process.api.ExecutionContext;   * @author tlenz   *   */ +@Service("ReceiveInterfederationResponseTask")  public class ReceiveInterfederationResponseTask extends AbstractAuthServletTask {  	/* (non-Javadoc) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java new file mode 100644 index 000000000..d8b558846 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java @@ -0,0 +1,123 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.internal.tasks; + +import java.util.Set; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.auth.modules.registration.ModuleRegistration; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.moduls.RequestImpl; +import at.gv.egovernment.moa.id.process.ExecutionContextImpl; +import at.gv.egovernment.moa.id.process.ProcessEngine; +import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +@Service("RestartAuthProzessManagement") +public class RestartAuthProzessManagement  extends AbstractAuthServletTask { + +	@Autowired ProcessEngine processEngine; +	 +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) +	 */ +	@Override +	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) +			throws TaskExecutionException { +		try { +			IRequest pendingReq = requestStoreage.getPendingRequest( +					(String) executionContext.get(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID)); +			 +			if (pendingReq == null) { +				Logger.info("No PendingRequest with Id: " + executionContext.get("pendingRequestID") + " Maybe, a transaction timeout occure."); +				throw new MOAIDException("auth.28", new Object[]{executionContext.get("pendingRequestID")}); +				 +			} +			 +			//create a new execution context and copy all elements to new context +			ExecutionContext newec = new ExecutionContextImpl();  +			Set<String> entries = executionContext.keySet(); +			for (String key : entries) { +				newec.put(key, executionContext.get(key)); +				 +			} +			 +			//remove BKU selection flag +			newec.remove("performBKUSelection"); +			 + +			Logger.debug("Swicht to specific authentication process after BKU is selected"); +			 +			// select and create new process instance +			String processDefinitionId = ModuleRegistration.getInstance().selectProcess(newec); +			if (processDefinitionId == null) { +				Logger.warn("No suitable authentication process found for SessionID " + pendingReq.getRequestID()); +				throw new MOAIDException("process.02", new Object[] { pendingReq.getRequestID() }); +			}			 +			 +			String processInstanceId = processEngine.createProcessInstance(processDefinitionId, newec); + +			// keep process instance id in moa session +			((RequestImpl)pendingReq).setProcessInstanceId(processInstanceId); + +			// make sure pending request has been persisted before running the process +			try { +				requestStoreage.storePendingRequest(pendingReq); +				 +			} catch (MOAIDException e) { +				Logger.error("Database Error! MOASession is not stored!"); +				throw new MOAIDException("init.04", new Object[] { pendingReq.getRequestID() }); +				 +			} + +			Logger.info("BKU is selected -> Start BKU communication ..."); +			 +			// start process +			processEngine.start(processInstanceId); +			 +			 +		} catch (MOAIDException e) { +			throw new TaskExecutionException(e.getMessage(), e); +			 +		} catch (Exception e) { +			Logger.warn("RestartAuthProzessManagement has an internal error", e); +			throw new TaskExecutionException(e.getMessage(), e); +			 +		}			 +		 +	} + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java index e659c9447..8af8ed238 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java @@ -25,7 +25,6 @@ package at.gv.egovernment.moa.id.auth.parser;  import java.util.List;  import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse;  import org.apache.commons.lang.StringEscapeUtils; @@ -54,8 +53,6 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{  			String templateURL,  			String useMandate,  			String ccc, -			String module, -			String action,  			HttpServletRequest req,   			IRequest protocolReq) throws WrongParametersException, MOAIDException { @@ -129,7 +126,7 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{  			if (!oaParam.getBusinessService()) {  				if (StringUtils.isEmpty(targetConfig) -						|| (module.equals("id_saml1") &&  +						|| (protocolReq.requestedModule().equals("at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol") &&   								!StringUtils.isEmpty(target))   					) {  						//INFO: ONLY SAML1 legacy mode @@ -278,25 +275,8 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{  	public static void parse(ExecutionContext ec, HttpServletRequest req,   			AuthenticationSession moasession, IRequest request) throws WrongParametersException, MOAIDException { -		 -		 -	    String modul = request.requestedModule();//req.getParameter(PARAM_MODUL); -	    String action = request.requestedAction();//req.getParameter(PARAM_ACTION); -	     -	    modul = StringEscapeUtils.escapeHtml(modul); -	    action = StringEscapeUtils.escapeHtml(action); -//	    if(modul == null) { -//	    	modul = SAML1Protocol.PATH; -//	    } -//	     -//	    if(action == null) { -//	    	action = SAML1Protocol.GETARTIFACT; -//	    } -		moasession.setModul(modul); -		moasession.setAction(action); -				 +						  		//get Parameters from request -		String target = (String) ec.get(PARAM_TARGET);  	    String oaURL = (String) ec.get(PARAM_OA);  	    String bkuURL = (String) ec.get(PARAM_BKU);  	    String templateURL = (String) ec.get(PARAM_TEMPLATE); @@ -312,9 +292,11 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{  	    }  	    oaURL = request.getOAURL(); -	    target = request.getTarget(); +	     +	    //only needed for SAML1 +	    String target = request.getGenericData("target", String.class); -	    parse(moasession, target, oaURL, bkuURL, templateURL, useMandate, ccc, modul, action, req, request); +	    parse(moasession, target, oaURL, bkuURL, templateURL, useMandate, ccc, req, request);  	} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java new file mode 100644 index 000000000..26e24f5b4 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java @@ -0,0 +1,238 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.servlet; + +import java.io.IOException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.web.bind.annotation.ExceptionHandler; + +import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; +import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; +import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.moduls.IRequestStorage; +import at.gv.egovernment.moa.id.process.ProcessExecutionException; +import at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestValidatorException; +import at.gv.egovernment.moa.id.storage.ITransactionStorage; +import at.gv.egovernment.moa.id.util.ErrorResponseUtils; +import at.gv.egovernment.moa.id.util.Random; +import at.gv.egovernment.moa.id.util.ServletUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public abstract class AbstractController extends MOAIDAuthConstants { + +	public static final String ERROR_CODE_PARAM = "errorid"; +	 +	@Autowired protected StatisticLogger statisticLogger; +	@Autowired protected IRequestStorage requestStorage; +	@Autowired protected ITransactionStorage transactionStorage; +	@Autowired protected MOAReversionLogger revisionsLogger; +	@Autowired protected AuthConfiguration authConfig; +	 +	 +	protected void handleError(String errorMessage, Throwable exceptionThrown, +			HttpServletRequest req, HttpServletResponse resp, String pendingRequestID) throws IOException { + +		Throwable loggedException = null; + +		if (exceptionThrown != null  +				&& exceptionThrown instanceof ProcessExecutionException) { +			ProcessExecutionException procExc =  +					(ProcessExecutionException) exceptionThrown; +			if (procExc.getCause() != null &&  +					procExc.getCause() instanceof TaskExecutionException) { +				TaskExecutionException taskExc = (TaskExecutionException) procExc.getCause(); +				loggedException = taskExc.getOriginalException();	 +						 +			}			 +		} + +		if (loggedException == null) +			loggedException = exceptionThrown; + + +		if (!(loggedException instanceof MOAIDException)) { +			Logger.error("Receive an internal error: Message=" + loggedException.getMessage(), loggedException); +	 +		} else { +			if (Logger.isDebugEnabled() || Logger.isTraceEnabled()) { +				Logger.error(loggedException.getMessage(), loggedException); +	 +			} else { +				Logger.error(loggedException.getMessage()); +	 +			}			 +		} + +		//store error into transaction store +		try { +			String key = Random.nextRandom();			 +			transactionStorage.put(key, exceptionThrown); +			 +			if (key != null && MiscUtil.isNotEmpty(pendingRequestID)) { +				String redirectURL = null; + +				redirectURL = ServletUtils.getBaseUrl(req);	 +				redirectURL += AbstractProtocolModulController.FINALIZEPROTOCOL_ENDPOINT  +						+ "?" + ERROR_CODE_PARAM + "=" + key  +				+ "&" + MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID; + +				resp.setContentType("text/html"); +				resp.setStatus(302); + +				resp.addHeader("Location", redirectURL);		 +				Logger.debug("REDIRECT TO: " + redirectURL);	 + +				return; +		 +			} else {	 +				//Exception can not be stored in database +				handleErrorNoRedirect(loggedException, req, resp); +				 +			} +			 +		} catch (MOADatabaseException e) { +			Logger.warn("Exception can not be stored to Database.", e); +			handleErrorNoRedirect(loggedException, req, resp); +			 +		} +		 +		 +	} +	 +	 +	/** +	 * Handles all exceptions with no pending request. +	 * Therefore, the error is written to the users browser +	 *  +	 * @param throwable +	 * @param req +	 * @param resp +	 * @throws IOException  +	 */ +	protected void handleErrorNoRedirect(Throwable throwable, HttpServletRequest req,  +			HttpServletResponse resp) throws IOException { +		 +		//log Exception into statistic database +		statisticLogger.logErrorOperation(throwable); +		 +		//write errror to console +		Logger.error(throwable.getMessage(), throwable); +		 +		//return error to Web browser +		if (throwable instanceof MOAIDException) +			MOAIDExceptionHandler(req, resp, (MOAIDException)throwable); +		 +		else +			GenericExceptionHandler(req, resp, (Exception)throwable); +	} +	 +	@ExceptionHandler({MOAIDException.class}) +	public void MOAIDExceptionHandler(HttpServletRequest req, HttpServletResponse resp, MOAIDException e) throws IOException { +		if (e instanceof ProtocolNotActiveException) { +			resp.getWriter().write(e.getMessage()); +			resp.setContentType("text/html;charset=UTF-8"); +			resp.sendError(HttpServletResponse.SC_FORBIDDEN, e.getMessage()); +			return; +		 +		} else if (e instanceof AuthnRequestValidatorException) { +			AuthnRequestValidatorException ex = (AuthnRequestValidatorException)e; +			//log Error Message +			statisticLogger.logErrorOperation(ex, ex.getErrorRequest());				 +			return; +		 +		} else if (e instanceof InvalidProtocolRequestException) { +			//write log entry +			String samlRequest = req.getParameter("SAMLRequest");			 +			Logger.warn("Receive INVALID protocol request: " + samlRequest, e); +			 +			//send error response +			ErrorResponseUtils utils = ErrorResponseUtils.getInstance(); +			String code = utils.mapInternalErrorToExternalError(e.getMessageId()); +			String descr = e.getMessage(); +			resp.setContentType("text/html;charset=UTF-8"); +			resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "Protocol validation FAILED!" + +					"(Errorcode=" + code + +					" | Description=" + descr + ")"); +			return; +		} else if (e instanceof ConfigurationException) {	 +			resp.setContentType("text/html;charset=UTF-8"); +			resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "NO valid protocol request received!" + +					"(Errorcode=9199" +					+" | Description="+ e.getMessage() + ")"); +			return; +		 +			//TODO: check exception type +		} else if (e instanceof MOAIDException) { +			String samlRequest = req.getParameter("SAMLRequest"); +			if (MiscUtil.isNotEmpty(samlRequest)) +				Logger.warn("Receive INVALID protocol request: " + samlRequest, e); +			else			 +				Logger.error("Failed to generate a valid protocol request!"); +			 +			resp.setContentType("text/html;charset=UTF-8"); +			resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "NO valid protocol request received!" + +					"(Errorcode=6000" +					+" | Description=Das Authentifizierungsprotokoll wurde nicht erkannt oder wird nicht unterst\u00FCzt" + ")"); +			return; +		 +		} +		 +	} +	 +	@ExceptionHandler({Exception.class}) +	public void GenericExceptionHandler(HttpServletRequest req, HttpServletResponse resp, Exception exception) throws IOException { +		Logger.error("Internel Server Error." , exception); +		resp.setContentType("text/html;charset=UTF-8"); +		resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Internal Server Error!" + +				"(Errorcode=9199" +				+" | Description="+ exception.getMessage() + ")"); +		return; +		 +	} +	 +	@ExceptionHandler({IOException.class}) +	public void IOExceptionHandler(HttpServletRequest req, HttpServletResponse resp, IOException exception) { +		Logger.error("Internel Server Error." , exception); +		resp.setContentType("text/html;charset=UTF-8"); +		resp.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); +		return; +		 +	} +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java new file mode 100644 index 000000000..375afca4d --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java @@ -0,0 +1,84 @@ +package at.gv.egovernment.moa.id.auth.servlet;
 +
 +import java.io.IOException;
 +
 +import javax.servlet.http.HttpServletRequest;
 +import javax.servlet.http.HttpServletResponse;
 +
 +import org.apache.commons.lang.StringEscapeUtils;
 +import org.springframework.beans.factory.annotation.Autowired;
 +
 +import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
 +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 +import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 +import at.gv.egovernment.moa.id.moduls.IRequest;
 +import at.gv.egovernment.moa.id.process.ProcessEngine;
 +import at.gv.egovernment.moa.logging.Logger;
 +
 +/**
 + * Servlet that resumes a suspended process (in case of asynchronous tasks).
 + * 
 + * @author tknall
 + * 
 + */
 +public abstract class AbstractProcessEngineSignalController extends AbstractController {
 +		
 +	@Autowired ProcessEngine processEngine;
 +	
 +	protected void signalProcessManagement(HttpServletRequest req, HttpServletResponse resp) throws IOException {
 +		String pendingRequestID = StringEscapeUtils.escapeHtml(getPendingRequestId(req));
 +		
 +		try {	
 +			if (pendingRequestID == null) {
 +				throw new IllegalStateException("Unable to determine MOA pending-request id.");
 +			}
 +			
 +			IRequest pendingReq = requestStorage.getPendingRequest(pendingRequestID);
 +			if (pendingReq == null) {
 +				Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");
 +				throw new MOAIDException("auth.28", new Object[]{pendingRequestID});
 +				
 +			}
 +			
 +			//add transactionID and unique sessionID to Logger
 +			TransactionIDUtils.setSessionId(pendingReq.getUniqueSessionIdentifier());
 +			TransactionIDUtils.setTransactionId(pendingReq.getUniqueTransactionIdentifier());
 +			
 +			// process instance is mandatory
 +			if (pendingReq.getProcessInstanceId() == null) {
 +				throw new IllegalStateException("MOA session does not provide process instance id.");
 +			}
 +
 +			// wake up next task
 +			processEngine.signal(pendingReq.getProcessInstanceId());
 +
 +		} catch (Exception ex) {
 +			handleError(null, ex, req, resp, pendingRequestID);
 +			
 +		} finally {
 +			//MOASessionDBUtils.closeSession();
 +			TransactionIDUtils.removeTransactionId();
 +			TransactionIDUtils.removeSessionId();
 +			
 +		}
 +		
 +		
 +	}
 +	
 +	/**
 +	 * Retrieves the current pending-request id from the HttpServletRequest parameter
 +	 * {@link MOAIDAuthConstants#PARAM_TARGET_PENDINGREQUESTID}.
 +	 * <p/>
 +	 * Note that this class/method can be overwritten by modules providing their own strategy of retrieving the
 +	 * respective pending-request id.
 +	 * 
 +	 * @param request
 +	 *            The unterlying HttpServletRequest.
 +	 * @return The current pending-request id.
 +	 */
 +	public String getPendingRequestId(HttpServletRequest request) {
 +		return StringEscapeUtils.escapeHtml(request.getParameter(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID));
 +		
 +	}
 +
 +}
 diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java index fe24d45dd..fb6c71846 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java @@ -1,507 +1,378 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - *  - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - *  - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - *  - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - -package at.gv.egovernment.moa.id.auth.servlet; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.InputStream; -import java.util.Enumeration; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -import javax.servlet.RequestDispatcher; -import javax.servlet.ServletConfig; -import javax.servlet.ServletContext; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.commons.fileupload.FileItem; -import org.apache.commons.fileupload.FileItemFactory; -import org.apache.commons.fileupload.FileUploadException; -import org.apache.commons.fileupload.disk.DiskFileItemFactory; -import org.apache.commons.fileupload.servlet.ServletFileUpload; -import org.springframework.beans.BeansException; -import org.springframework.beans.factory.NoSuchBeanDefinitionException; -import org.springframework.beans.factory.NoUniqueBeanDefinitionException; -import org.springframework.web.context.WebApplicationContext; -import org.springframework.web.context.support.WebApplicationContextUtils; - -import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.entrypoints.DispatcherServlet; -import at.gv.egovernment.moa.id.process.ProcessEngine; -import at.gv.egovernment.moa.id.process.ProcessExecutionException; -import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl; -import at.gv.egovernment.moa.id.storage.IExceptionStore; -import at.gv.egovernment.moa.id.util.ServletUtils; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; -import at.gv.egovernment.moa.util.URLDecoder; - -/** - * Base class for MOA-ID Auth Servlets, providing standard error handling and - * constant names. - *  - * @author Paul Ivancsics - * @version $Id$ - */ -public class AuthServlet extends HttpServlet { - -	/** -	 *  -	 */ -	private static final long serialVersionUID = -6929905344382283738L; - -	protected static final String ERROR_CODE_PARAM = "errorid"; -	 -	/** -	 * The process engine. -	 */ -	private ProcessEngine processEngine; -	 -	@Override -	protected void doGet(HttpServletRequest req, HttpServletResponse resp) -			throws ServletException, IOException { -		Logger.debug("GET " + this.getServletName()); - -		this.setNoCachingHeadersInHttpRespone(req, resp); -	} - -	protected void handleErrorNoRedirect(String errorMessage, Throwable exceptionThrown, -			HttpServletRequest req, HttpServletResponse resp) { - -		if (null != errorMessage) { -			Logger.error(errorMessage); -			req.setAttribute("ErrorMessage", errorMessage); -		} - -		if (null != exceptionThrown) { -			if (null == errorMessage) -				errorMessage = exceptionThrown.getMessage(); -			Logger.error(errorMessage, exceptionThrown); -			req.setAttribute("ExceptionThrown", exceptionThrown); -		} - -		if (Logger.isDebugEnabled()) { -			req.setAttribute("LogLevel", "debug"); -		} -		 -		 -		StatisticLogger logger = StatisticLogger.getInstance(); -		logger.logErrorOperation(exceptionThrown); -		 -		 -		// forward this to errorpage-auth.jsp where the HTML error page is -		// generated -		ServletContext context = getServletContext(); -		RequestDispatcher dispatcher = context -				.getRequestDispatcher("/errorpage-auth.jsp"); -		try { - -			resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES, -					MOAIDAuthConstants.HEADER_VALUE_EXPIRES); -			resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA, -					MOAIDAuthConstants.HEADER_VALUE_PRAGMA); -			resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, -					MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); -			resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, -					MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); - -			dispatcher.forward(req, resp); -		} catch (ServletException e) { -			Logger.error(e); -		} catch (IOException e) { -			Logger.error(e); -		} -	} -	 -	/** -	 * Handles an error. <br>> -	 * <ul> -	 * <li>Logs the error</li> -	 * <li>Places error message and exception thrown into the request as request -	 * attributes (to be used by <code>"/errorpage-auth.jsp"</code>)</li> -	 * <li>Sets HTTP status 500 (internal server error)</li> -	 * </ul> -	 *  -	 * @param errorMessage -	 *            error message -	 * @param exceptionThrown -	 *            exception thrown -	 * @param req -	 *            servlet request -	 * @param resp -	 *            servlet response -	 */ -	protected void handleError(String errorMessage, Throwable exceptionThrown, -			HttpServletRequest req, HttpServletResponse resp, String pendingRequestID) { - -		Throwable loggedException = null; -		 -		if (exceptionThrown != null  -				&& exceptionThrown instanceof ProcessExecutionException) { -			ProcessExecutionException procExc =  -					(ProcessExecutionException) exceptionThrown; -			if (procExc.getCause() != null &&  -					procExc.getCause() instanceof TaskExecutionException) { -				TaskExecutionException taskExc = (TaskExecutionException) procExc.getCause(); -				loggedException = taskExc.getOriginalException();	 -								 -			}			 -		} -		 -		if (loggedException == null) -			loggedException = exceptionThrown; -		 - -		if (!(loggedException instanceof MOAIDException)) { -			Logger.error("Receive an internal error: Message=" + loggedException.getMessage(), loggedException); -			 -		} else { -			if (Logger.isDebugEnabled() || Logger.isTraceEnabled()) { -				Logger.error(loggedException.getMessage(), loggedException); -			 -			} else { -				Logger.error(loggedException.getMessage()); -			 -			}			 -		} -		 -		IExceptionStore store = DBExceptionStoreImpl.getStore(); -		String id = store.storeException(loggedException); - -		if (id != null && MiscUtil.isNotEmpty(pendingRequestID)) { -		 -			String redirectURL = null; - -			redirectURL = ServletUtils.getBaseUrl(req); -			redirectURL += "/dispatcher?" + ERROR_CODE_PARAM + "=" + id  -					+ "&" + DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID; -		 -			resp.setContentType("text/html"); -			resp.setStatus(302); -	 -			resp.addHeader("Location", redirectURL);		 -			Logger.debug("REDIRECT TO: " + redirectURL);	 -		 -			return; -			 -		} else { -			 -			//Exception can not be stored in database -			handleErrorNoRedirect(errorMessage, loggedException, req, resp); -		} -	} - -	/** -	 * Handles a <code>WrongParametersException</code>. -	 *  -	 * @param req -	 *            servlet request -	 * @param resp -	 *            servlet response -	 */ -	protected void handleWrongParameters(WrongParametersException ex, -			HttpServletRequest req, HttpServletResponse resp) { -		Logger.error(ex.toString()); -		req.setAttribute("WrongParameters", ex.getMessage()); - -		// forward this to errorpage-auth.jsp where the HTML error page is -		// generated -		ServletContext context = getServletContext(); -		RequestDispatcher dispatcher = context -				.getRequestDispatcher("/errorpage-auth.jsp"); -		try { -			resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES, -					MOAIDAuthConstants.HEADER_VALUE_EXPIRES); -			resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA, -					MOAIDAuthConstants.HEADER_VALUE_PRAGMA); -			resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, -					MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); -			resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, -					MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); - -			dispatcher.forward(req, resp); -		} catch (ServletException e) { -			Logger.error(e); -		} catch (IOException e) { -			Logger.error(e); -		} -	} - -	/** -	 * Logs all servlet parameters for debugging purposes. -	 */ -	protected void logParameters(HttpServletRequest req) { -		for (Enumeration params = req.getParameterNames(); params -				.hasMoreElements();) { -			String parname = (String) params.nextElement(); -			Logger.debug("Parameter " + parname + req.getParameter(parname)); -		} -	} - -	/** -	 * Parses the request input stream for parameters, assuming parameters are -	 * encoded UTF-8 (no standard exists how browsers should encode them). -	 *  -	 * @param req -	 *            servlet request -	 *  -	 * @return mapping parameter name -> value -	 *  -	 * @throws IOException -	 *             if parsing request parameters fails. -	 *  -	 * @throws FileUploadException -	 *             if parsing request parameters fails. -	 */ -	protected Map<String, String> getParameters(HttpServletRequest req) throws IOException, -			FileUploadException { - -		Map<String, String> parameters = new HashMap<String, String>(); - -		if (ServletFileUpload.isMultipartContent(req)) { -			// request is encoded as mulitpart/form-data -			FileItemFactory factory = new DiskFileItemFactory(); -			ServletFileUpload upload = null; -			upload = new ServletFileUpload(factory); -			List items = null; -			items = upload.parseRequest(req); -			for (int i = 0; i < items.size(); i++) { -				FileItem item = (FileItem) items.get(i); -				if (item.isFormField()) { -					// Process only form fields - no file upload items -					String logString = item.getString("UTF-8"); - -					// TODO use RegExp -					String startS = "<pr:Identification><pr:Value>"; -					String endS = "</pr:Value><pr:Type>urn:publicid:gv.at:baseid</pr:Type>"; -					String logWithMaskedBaseid = logString; -					int start = logString.indexOf(startS); -					if (start > -1) { -						int end = logString.indexOf(endS); -						if (end > -1) { -							logWithMaskedBaseid = logString.substring(0, start); -							logWithMaskedBaseid += startS; -							logWithMaskedBaseid += "xxxxxxxxxxxxxxxxxxxxxxxx"; -							logWithMaskedBaseid += logString.substring(end, -									logString.length()); -						} -					} -					parameters -							.put(item.getFieldName(), item.getString("UTF-8")); -					Logger.debug("Processed multipart/form-data request parameter: \nName: " -							+ item.getFieldName() -							+ "\nValue: " -							+ logWithMaskedBaseid); -				} -			} -		} - -		else { -			// request is encoded as application/x-www-urlencoded -			InputStream in = req.getInputStream(); - -			String paramName; -			String paramValueURLEncoded; -			do { -				paramName = new String(readBytesUpTo(in, '=')); -				if (paramName.length() > 0) { -					paramValueURLEncoded = readBytesUpTo(in, '&'); -					String paramValue = URLDecoder.decode(paramValueURLEncoded, -							"UTF-8"); -					parameters.put(paramName, paramValue); -				} -			} while (paramName.length() > 0); -			in.close(); -		} - -		return parameters; -	} - -	/** -	 * Reads bytes up to a delimiter, consuming the delimiter. -	 *  -	 * @param in -	 *            input stream -	 * @param delimiter -	 *            delimiter character -	 * @return String constructed from the read bytes -	 * @throws IOException -	 */ -	protected String readBytesUpTo(InputStream in, char delimiter) -			throws IOException { -		ByteArrayOutputStream bout = new ByteArrayOutputStream(); -		boolean done = false; -		int b; -		while (!done && (b = in.read()) >= 0) { -			if (b == delimiter) -				done = true; -			else -				bout.write(b); -		} -		return bout.toString(); -	} - -	/** -	 * Calls the web application initializer. -	 *  -	 * @see javax.servlet.Servlet#init(ServletConfig) -	 */ -	public void init(ServletConfig servletConfig) throws ServletException { -		super.init(servletConfig); -	} - -	 -//	public void contextDestroyed(ServletContextEvent arg0) { -//		Security.removeProvider((new IAIK()).getName()); -//		Security.removeProvider((new ECCProvider()).getName()); +///******************************************************************************* +// * Copyright 2014 Federal Chancellery Austria +// * MOA-ID has been developed in a cooperation between BRZ, the Federal +// * Chancellery Austria - ICT staff unit, and Graz University of Technology. +// *  +// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by +// * the European Commission - subsequent versions of the EUPL (the "Licence"); +// * You may not use this work except in compliance with the Licence. +// * You may obtain a copy of the Licence at: +// * http://www.osor.eu/eupl/ +// *  +// * Unless required by applicable law or agreed to in writing, software +// * distributed under the Licence is distributed on an "AS IS" basis, +// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// * See the Licence for the specific language governing permissions and +// * limitations under the Licence. +// *  +// * This product combines work with different licenses. See the "NOTICE" text +// * file for details on the various modules and licenses. +// * The "NOTICE" text file is part of the distribution. Any derivative works +// * that you distribute must include a readable copy of the "NOTICE" text file. +// ******************************************************************************/ +///* +// * Copyright 2003 Federal Chancellery Austria +// * MOA-ID has been developed in a cooperation between BRZ, the Federal +// * Chancellery Austria - ICT staff unit, and Graz University of Technology. +// * +// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by +// * the European Commission - subsequent versions of the EUPL (the "Licence"); +// * You may not use this work except in compliance with the Licence. +// * You may obtain a copy of the Licence at: +// * http://www.osor.eu/eupl/ +// * +// * Unless required by applicable law or agreed to in writing, software +// * distributed under the Licence is distributed on an "AS IS" basis, +// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// * See the Licence for the specific language governing permissions and +// * limitations under the Licence. +// * +// * This product combines work with different licenses. See the "NOTICE" text +// * file for details on the various modules and licenses. +// * The "NOTICE" text file is part of the distribution. Any derivative works +// * that you distribute must include a readable copy of the "NOTICE" text file. +// */ +// +//package at.gv.egovernment.moa.id.auth.servlet; +// +//import java.io.IOException; +// +//import javax.servlet.RequestDispatcher; +//import javax.servlet.ServletConfig; +//import javax.servlet.ServletContext; +//import javax.servlet.ServletException; +//import javax.servlet.http.HttpServlet; +//import javax.servlet.http.HttpServletRequest; +//import javax.servlet.http.HttpServletResponse; +// +//import org.springframework.beans.BeansException; +//import org.springframework.beans.factory.NoSuchBeanDefinitionException; +//import org.springframework.beans.factory.NoUniqueBeanDefinitionException; +//import org.springframework.web.context.WebApplicationContext; +//import org.springframework.web.context.support.WebApplicationContextUtils; +// +//import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger; +//import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +//import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +//import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +//import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; +//import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +//import at.gv.egovernment.moa.id.config.ConfigurationException; +//import at.gv.egovernment.moa.id.process.ProcessEngine; +//import at.gv.egovernment.moa.id.process.ProcessExecutionException; +//import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl; +//import at.gv.egovernment.moa.id.storage.IExceptionStore; +//import at.gv.egovernment.moa.id.util.ServletUtils; +//import at.gv.egovernment.moa.logging.Logger; +//import at.gv.egovernment.moa.util.MiscUtil; +// +///** +// * Base class for MOA-ID Auth Servlets, providing standard error handling and +// * constant names. +// *  +// * @author Paul Ivancsics +// * @version $Id$ +// */ +//public class AuthServlet extends HttpServlet { +// +//	/** +//	 *  +//	 */ +//	private static final long serialVersionUID = -6929905344382283738L; +// +//	protected static final String ERROR_CODE_PARAM = "errorid"; +//	 +//	/** +//	 * The process engine. +//	 */ +//	private ProcessEngine processEngine; +//	 +//	@Override +//	protected void doGet(HttpServletRequest req, HttpServletResponse resp) +//			throws ServletException, IOException { +//		Logger.debug("GET " + this.getServletName()); +// +//		this.setNoCachingHeadersInHttpRespone(req, resp);  //	} -	 -	/** -	 * Set response headers to avoid caching -	 *  -	 * @param request -	 *            HttpServletRequest -	 * @param response -	 *            HttpServletResponse -	 */ -	protected void setNoCachingHeadersInHttpRespone(HttpServletRequest request, -			HttpServletResponse response) { -		response.setHeader(MOAIDAuthConstants.HEADER_EXPIRES, -				MOAIDAuthConstants.HEADER_VALUE_EXPIRES); -		response.setHeader(MOAIDAuthConstants.HEADER_PRAGMA, -				MOAIDAuthConstants.HEADER_VALUE_PRAGMA); -		response.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, -				MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); -		response.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, -				MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); - -	} - -	/** -	 * Adds a parameter to a URL. -	 *  -	 * @param url -	 *            the URL -	 * @param paramname -	 *            parameter name -	 * @param paramvalue -	 *            parameter value -	 * @return the URL with parameter added -	 */ -	protected static String addURLParameter(String url, String paramname, -			String paramvalue) { -		String param = paramname + "=" + paramvalue; -		if (url.indexOf("?") < 0) -			return url + "?" + param; -		else -			return url + "&" + param; -	} - -	/** -	 * Checks if HTTP requests are allowed -	 *  -	 * @param authURL -	 *            requestURL -	 * @throws AuthenticationException -	 *             if HTTP requests are not allowed -	 * @throws ConfigurationException -	 */ -	protected void checkIfHTTPisAllowed(String authURL) -			throws AuthenticationException, ConfigurationException { -		// check if HTTP Connection may be allowed (through -		// FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY) -		 -		//Removed from MOA-ID 2.0 config -//		String boolStr = AuthConfigurationProvider -//				.getInstance() -//				.getGenericConfigurationParameter( -//						AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); -		if ((!authURL.startsWith("https:")) -				//&& (false == BoolUtils.valueOf(boolStr)) -				) -			throw new AuthenticationException("auth.07", new Object[] { authURL -					+ "*" }); - -	} - - -	/** -	 * Returns the underlying process engine instance. -	 *  -	 * @return The process engine (never {@code null}). -	 * @throws NoSuchBeanDefinitionException -	 *             if no {@link ProcessEngine} bean was found. -	 * @throws NoUniqueBeanDefinitionException -	 *             if more than one {@link ProcessEngine} bean was found. -	 * @throws BeansException -	 *             if a problem getting the {@link ProcessEngine} bean occurred. -	 * @throws IllegalStateException -	 *             if the Spring WebApplicationContext was not found, which means that the servlet is used outside a -	 *             Spring web environment. -	 */ -	public synchronized ProcessEngine getProcessEngine() { -		if (processEngine == null) { -			WebApplicationContext ctx = WebApplicationContextUtils.getWebApplicationContext(getServletContext()); -			if (ctx == null) { -				throw new IllegalStateException( -						"Unable to find Spring WebApplicationContext. Servlet needs to be executed within a Spring web environment."); -			} -			processEngine = ctx.getBean(ProcessEngine.class); -		} -		return processEngine; -	} -	 -} +// +//	protected void handleErrorNoRedirect(String errorMessage, Throwable exceptionThrown, +//			HttpServletRequest req, HttpServletResponse resp) { +// +//		if (null != errorMessage) { +//			Logger.error(errorMessage); +//			req.setAttribute("ErrorMessage", errorMessage); +//		} +// +//		if (null != exceptionThrown) { +//			if (null == errorMessage) +//				errorMessage = exceptionThrown.getMessage(); +//			Logger.error(errorMessage, exceptionThrown); +//			req.setAttribute("ExceptionThrown", exceptionThrown); +//		} +// +//		if (Logger.isDebugEnabled()) { +//			req.setAttribute("LogLevel", "debug"); +//		} +//		 +//		 +//		StatisticLogger logger = StatisticLogger.getInstance(); +//		logger.logErrorOperation(exceptionThrown); +//		 +//		 +//		// forward this to errorpage-auth.jsp where the HTML error page is +//		// generated +//		ServletContext context = getServletContext(); +//		RequestDispatcher dispatcher = context +//				.getRequestDispatcher("/errorpage-auth.jsp"); +//		try { +// +//			resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES, +//					MOAIDAuthConstants.HEADER_VALUE_EXPIRES); +//			resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA, +//					MOAIDAuthConstants.HEADER_VALUE_PRAGMA); +//			resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, +//					MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); +//			resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, +//					MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); +// +//			dispatcher.forward(req, resp); +//		} catch (ServletException e) { +//			Logger.error(e); +//		} catch (IOException e) { +//			Logger.error(e); +//		} +//	} +//	 +//	/** +//	 * Handles an error. <br>> +//	 * <ul> +//	 * <li>Logs the error</li> +//	 * <li>Places error message and exception thrown into the request as request +//	 * attributes (to be used by <code>"/errorpage-auth.jsp"</code>)</li> +//	 * <li>Sets HTTP status 500 (internal server error)</li> +//	 * </ul> +//	 *  +//	 * @param errorMessage +//	 *            error message +//	 * @param exceptionThrown +//	 *            exception thrown +//	 * @param req +//	 *            servlet request +//	 * @param resp +//	 *            servlet response +//	 */ +//	protected void handleError(String errorMessage, Throwable exceptionThrown, +//			HttpServletRequest req, HttpServletResponse resp, String pendingRequestID) { +// +//		Throwable loggedException = null; +//		 +//		if (exceptionThrown != null  +//				&& exceptionThrown instanceof ProcessExecutionException) { +//			ProcessExecutionException procExc =  +//					(ProcessExecutionException) exceptionThrown; +//			if (procExc.getCause() != null &&  +//					procExc.getCause() instanceof TaskExecutionException) { +//				TaskExecutionException taskExc = (TaskExecutionException) procExc.getCause(); +//				loggedException = taskExc.getOriginalException();	 +//								 +//			}			 +//		} +//		 +//		if (loggedException == null) +//			loggedException = exceptionThrown; +//		 +// +//		if (!(loggedException instanceof MOAIDException)) { +//			Logger.error("Receive an internal error: Message=" + loggedException.getMessage(), loggedException); +//			 +//		} else { +//			if (Logger.isDebugEnabled() || Logger.isTraceEnabled()) { +//				Logger.error(loggedException.getMessage(), loggedException); +//			 +//			} else { +//				Logger.error(loggedException.getMessage()); +//			 +//			}			 +//		} +//		 +//		IExceptionStore store = DBExceptionStoreImpl.getStore(); +//		String id = store.storeException(loggedException); +// +//		if (id != null && MiscUtil.isNotEmpty(pendingRequestID)) { +//		 +//			String redirectURL = null; +// +//			redirectURL = ServletUtils.getBaseUrl(req); +//			 +//			//TODO: DEVELOPMENT +////			redirectURL += "/dispatcher?" + ERROR_CODE_PARAM + "=" + id  +////					+ "&" + DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID; +//		 +//			resp.setContentType("text/html"); +//			resp.setStatus(302); +//	 +//			resp.addHeader("Location", redirectURL);		 +//			Logger.debug("REDIRECT TO: " + redirectURL);	 +//		 +//			return; +//			 +//		} else { +//			 +//			//Exception can not be stored in database +//			handleErrorNoRedirect(errorMessage, loggedException, req, resp); +//		} +//	} +// +//	/** +//	 * Handles a <code>WrongParametersException</code>. +//	 *  +//	 * @param req +//	 *            servlet request +//	 * @param resp +//	 *            servlet response +//	 */ +//	protected void handleWrongParameters(WrongParametersException ex, +//			HttpServletRequest req, HttpServletResponse resp) { +//		Logger.error(ex.toString()); +//		req.setAttribute("WrongParameters", ex.getMessage()); +// +//		// forward this to errorpage-auth.jsp where the HTML error page is +//		// generated +//		ServletContext context = getServletContext(); +//		RequestDispatcher dispatcher = context +//				.getRequestDispatcher("/errorpage-auth.jsp"); +//		try { +//			resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES, +//					MOAIDAuthConstants.HEADER_VALUE_EXPIRES); +//			resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA, +//					MOAIDAuthConstants.HEADER_VALUE_PRAGMA); +//			resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, +//					MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); +//			resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, +//					MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); +// +//			dispatcher.forward(req, resp); +//		} catch (ServletException e) { +//			Logger.error(e); +//		} catch (IOException e) { +//			Logger.error(e); +//		} +//	} +// +// +//	/** +//	 * Calls the web application initializer. +//	 *  +//	 * @see javax.servlet.Servlet#init(ServletConfig) +//	 */ +//	public void init(ServletConfig servletConfig) throws ServletException { +//		super.init(servletConfig); +//	} +// +//	 +//	/** +//	 * Set response headers to avoid caching +//	 *  +//	 * @param request +//	 *            HttpServletRequest +//	 * @param response +//	 *            HttpServletResponse +//	 */ +//	protected void setNoCachingHeadersInHttpRespone(HttpServletRequest request, +//			HttpServletResponse response) { +//		response.setHeader(MOAIDAuthConstants.HEADER_EXPIRES, +//				MOAIDAuthConstants.HEADER_VALUE_EXPIRES); +//		response.setHeader(MOAIDAuthConstants.HEADER_PRAGMA, +//				MOAIDAuthConstants.HEADER_VALUE_PRAGMA); +//		response.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, +//				MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); +//		response.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, +//				MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); +// +//	} +// +//	/** +//	 * Adds a parameter to a URL. +//	 *  +//	 * @param url +//	 *            the URL +//	 * @param paramname +//	 *            parameter name +//	 * @param paramvalue +//	 *            parameter value +//	 * @return the URL with parameter added +//	 */ +//	protected static String addURLParameter(String url, String paramname, +//			String paramvalue) { +//		String param = paramname + "=" + paramvalue; +//		if (url.indexOf("?") < 0) +//			return url + "?" + param; +//		else +//			return url + "&" + param; +//	} +// +//	/** +//	 * Checks if HTTP requests are allowed +//	 *  +//	 * @param authURL +//	 *            requestURL +//	 * @throws AuthenticationException +//	 *             if HTTP requests are not allowed +//	 * @throws ConfigurationException +//	 */ +//	protected void checkIfHTTPisAllowed(String authURL) +//			throws AuthenticationException, ConfigurationException { +//		// check if HTTP Connection may be allowed (through +//		// FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY) +//		 +//		//Removed from MOA-ID 2.0 config +////		String boolStr = AuthConfigurationProvider +////				.getInstance() +////				.getGenericConfigurationParameter( +////						AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); +//		if ((!authURL.startsWith("https:")) +//				//&& (false == BoolUtils.valueOf(boolStr)) +//				) +//			throw new AuthenticationException("auth.07", new Object[] { authURL +//					+ "*" }); +// +//	} +// +// +//	/** +//	 * Returns the underlying process engine instance. +//	 *  +//	 * @return The process engine (never {@code null}). +//	 * @throws NoSuchBeanDefinitionException +//	 *             if no {@link ProcessEngine} bean was found. +//	 * @throws NoUniqueBeanDefinitionException +//	 *             if more than one {@link ProcessEngine} bean was found. +//	 * @throws BeansException +//	 *             if a problem getting the {@link ProcessEngine} bean occurred. +//	 * @throws IllegalStateException +//	 *             if the Spring WebApplicationContext was not found, which means that the servlet is used outside a +//	 *             Spring web environment. +//	 */ +//	public synchronized ProcessEngine getProcessEngine() { +//		if (processEngine == null) { +//			WebApplicationContext ctx = WebApplicationContextUtils.getWebApplicationContext(getServletContext()); +//			if (ctx == null) { +//				throw new IllegalStateException( +//						"Unable to find Spring WebApplicationContext. Servlet needs to be executed within a Spring web environment."); +//			} +//			processEngine = ctx.getBean(ProcessEngine.class); +//		} +//		return processEngine; +//	} +//	 +//} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ExceptionStoreImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java index ce974c531..6bccd5b88 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ExceptionStoreImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java @@ -1,4 +1,4 @@ -/******************************************************************************* +/*   * Copyright 2014 Federal Chancellery Austria   * MOA-ID has been developed in a cooperation between BRZ, the Federal   * Chancellery Austria - ICT staff unit, and Graz University of Technology. @@ -19,40 +19,33 @@   * file for details on the various modules and licenses.   * The "NOTICE" text file is part of the distribution. Any derivative works   * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.storage; + */ +package at.gv.egovernment.moa.id.auth.servlet; -import java.util.HashMap; -import java.util.Map; +import java.io.IOException; -import at.gv.egovernment.moa.id.util.Random; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; -public class ExceptionStoreImpl implements IExceptionStore { +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; -	// Just a quick implementation -	private static IExceptionStore store; -	 -	public static IExceptionStore getStore() { -		if(store == null) { -			store = new ExceptionStoreImpl(); -		} -		return store; -	} -	 -	private Map<String, Throwable> exceptionStore = new HashMap<String, Throwable>(); -	 -	public String storeException(Throwable e) { -		String id = Random.nextRandom(); -		exceptionStore.put(id, e); -		return id; -	} - -	public Throwable fetchException(String id) { -		return exceptionStore.get(id); -	} +/** + * @author tlenz + * + */ +@Controller +public class GeneralProcessEngineSignalController extends AbstractProcessEngineSignalController { -	public void removeException(String id) { -		exceptionStore.remove(id); +	 +	@RequestMapping(value = {"/GenerateIframeTemplate",  +							 "/SSOSendAssertionServlet", +							 "/signalProcess" +			                },  +			        method = {RequestMethod.POST, RequestMethod.GET}) +	public void performGenericAuthenticationProcess(HttpServletRequest req, HttpServletResponse resp) throws IOException { +		signalProcessManagement(req, resp); +		  	} -  } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java index 15d596049..663a14881 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java @@ -1,168 +1,168 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - *  - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - *  - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - *  - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -package at.gv.egovernment.moa.id.auth.servlet; - -import java.io.IOException; -import java.util.Enumeration; - -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.commons.lang.StringEscapeUtils; - -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; -import at.gv.egovernment.moa.id.auth.modules.registration.ModuleRegistration; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.process.ExecutionContextImpl; -import at.gv.egovernment.moa.id.process.ProcessExecutionException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; - -public class GenerateIFrameTemplateServlet extends AuthServlet { - -	private static final long serialVersionUID = 1L; - -	protected void doGet(HttpServletRequest req, HttpServletResponse resp) -			throws ServletException, IOException { -		Logger.debug("Receive " + GenerateIFrameTemplateServlet.class + " Request"); - -    	String pendingRequestID = null; -		 -	    try { -	    	String moasessionid = req.getParameter(MOAIDAuthConstants.PARAM_SESSIONID);	    		     -	    	moasessionid = StringEscapeUtils.escapeHtml(moasessionid);	    	 -	    	AuthenticationSession moasession = null;	    	 -	    	try {	    		 -	    	    pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moasessionid);			 -	    	    moasession = AuthenticationSessionStoreage.getSession(moasessionid); -	    	    			 -			} catch (MOADatabaseException e) { -				Logger.info("MOASession with SessionID="+ moasessionid + " is not found in Database"); -				throw new MOAIDException("init.04", new Object[] { -						moasessionid}); -				 -			} catch (Throwable e) { -				Logger.info("No HTTP Session found!"); -				throw new MOAIDException("auth.18", new Object[] {}); -			} -	    	 - - -			ExecutionContext ec = new ExecutionContextImpl(); -			// set execution context			 -			Enumeration<String> reqParamNames = req.getParameterNames(); -			while(reqParamNames.hasMoreElements()) { -				String paramName = reqParamNames.nextElement(); -				if (MiscUtil.isNotEmpty(paramName)) -					ec.put(paramName, req.getParameter(paramName)); -				 -			} -			 -			ec.put("pendingRequestID", pendingRequestID); -			ec.put(MOAIDAuthConstants.PARAM_SESSIONID, moasessionid); -			 -//	    	String bkuid = req.getParameter(MOAIDAuthConstants.PARAM_BKU); -//	    	String useMandate = req.getParameter(MOAIDAuthConstants.PARAM_USEMANDATE); -//	    	String ccc = req.getParameter(MOAIDAuthConstants.PARAM_CCC); -//			ec.put("ccc", moasession.getCcc()); -//			ec.put("useMandate", moasession.getUseMandate()); -//			ec.put("bkuURL", moasession.getBkuURL()); -			 -			// select and create process instance -			String processDefinitionId = ModuleRegistration.getInstance().selectProcess(ec); -			if (processDefinitionId == null) { -				Logger.warn("No suitable process found for SessionID " + moasession.getSessionID()); -				throw new MOAIDException("process.02", new Object[] { moasession.getSessionID() }); -			}			 -			 -			String processInstanceId = getProcessEngine().createProcessInstance(processDefinitionId, ec); - -			// keep process instance id in moa session -			moasession.setProcessInstanceId(processInstanceId); - -			// make sure moa session has been persisted before running the process -			try { -				AuthenticationSessionStoreage.storeSession(moasession); -			} catch (MOADatabaseException e) { -				Logger.error("Database Error! MOASession is not stored!"); -				throw new MOAIDException("init.04", new Object[] { moasession.getSessionID() }); -			} - -			Logger.info("BKU is selected -> Start BKU communication ..."); -			 -			// start process -			getProcessEngine().start(processInstanceId); - -		} -	    catch (WrongParametersException ex) { -	    	handleWrongParameters(ex, req, resp); -	    } -	           -	    catch (MOAIDException ex) { -	    	handleError(null, ex, req, resp, pendingRequestID); - -	    } catch (ProcessExecutionException e) { -			Throwable cause = e.getCause(); -			if (cause != null && cause instanceof TaskExecutionException) { -				Throwable taskCause = cause.getCause(); -				if (taskCause != null && taskCause instanceof WrongParametersException) { -					WrongParametersException internalEx = (WrongParametersException) taskCause; -					handleWrongParameters(internalEx, req, resp); -					return; -					 -				} else if (taskCause != null && taskCause instanceof MOAIDException) { -					MOAIDException moaTaskCause = (MOAIDException) taskCause; -					handleError(null, moaTaskCause, req, resp, pendingRequestID); -					return; -					 -				}									 -			}  -			 -			Logger.error("BKUSelectionServlet has an interal Error.", e);				    	 -	    	 -	    } catch (Exception e) { -	    	Logger.error("BKUSelectionServlet has an interal Error.", e); -	    	 -	    } -	       	     -	    finally { -	    	 -	    } -	} - -	 -	 -	 -	 -	 -	 -	 - -} +///******************************************************************************* +// * Copyright 2014 Federal Chancellery Austria +// * MOA-ID has been developed in a cooperation between BRZ, the Federal +// * Chancellery Austria - ICT staff unit, and Graz University of Technology. +// *  +// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by +// * the European Commission - subsequent versions of the EUPL (the "Licence"); +// * You may not use this work except in compliance with the Licence. +// * You may obtain a copy of the Licence at: +// * http://www.osor.eu/eupl/ +// *  +// * Unless required by applicable law or agreed to in writing, software +// * distributed under the Licence is distributed on an "AS IS" basis, +// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// * See the Licence for the specific language governing permissions and +// * limitations under the Licence. +// *  +// * This product combines work with different licenses. See the "NOTICE" text +// * file for details on the various modules and licenses. +// * The "NOTICE" text file is part of the distribution. Any derivative works +// * that you distribute must include a readable copy of the "NOTICE" text file. +// ******************************************************************************/ +//package at.gv.egovernment.moa.id.auth.servlet; +// +//import java.io.IOException; +//import java.util.Enumeration; +// +//import javax.servlet.ServletException; +//import javax.servlet.http.HttpServletRequest; +//import javax.servlet.http.HttpServletResponse; +// +//import org.apache.commons.lang.StringEscapeUtils; +// +//import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +//import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +//import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +//import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; +//import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +//import at.gv.egovernment.moa.id.auth.modules.registration.ModuleRegistration; +//import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +//import at.gv.egovernment.moa.id.process.ExecutionContextImpl; +//import at.gv.egovernment.moa.id.process.ProcessExecutionException; +//import at.gv.egovernment.moa.id.process.api.ExecutionContext; +//import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +//import at.gv.egovernment.moa.logging.Logger; +//import at.gv.egovernment.moa.util.MiscUtil; +// +//public class GenerateIFrameTemplateServlet extends AuthServlet { +// +//	private static final long serialVersionUID = 1L; +// +//	protected void doGet(HttpServletRequest req, HttpServletResponse resp) +//			throws ServletException, IOException { +//		Logger.debug("Receive " + GenerateIFrameTemplateServlet.class + " Request"); +// +//    	String pendingRequestID = null; +//		 +//	    try { +//	    	String moasessionid = req.getParameter(MOAIDAuthConstants.PARAM_SESSIONID);	    		     +//	    	moasessionid = StringEscapeUtils.escapeHtml(moasessionid);	    	 +//	    	AuthenticationSession moasession = null;	    	 +//	    	try {	    		 +//	    	    pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moasessionid);			 +//	    	    moasession = AuthenticationSessionStoreage.getSession(moasessionid); +//	    	    			 +//			} catch (MOADatabaseException e) { +//				Logger.info("MOASession with SessionID="+ moasessionid + " is not found in Database"); +//				throw new MOAIDException("init.04", new Object[] { +//						moasessionid}); +//				 +//			} catch (Throwable e) { +//				Logger.info("No HTTP Session found!"); +//				throw new MOAIDException("auth.18", new Object[] {}); +//			} +//	    	 +// +// +//			ExecutionContext ec = new ExecutionContextImpl(); +//			// set execution context			 +//			Enumeration<String> reqParamNames = req.getParameterNames(); +//			while(reqParamNames.hasMoreElements()) { +//				String paramName = reqParamNames.nextElement(); +//				if (MiscUtil.isNotEmpty(paramName)) +//					ec.put(paramName, req.getParameter(paramName)); +//				 +//			} +//			 +//			ec.put("pendingRequestID", pendingRequestID); +//			ec.put(MOAIDAuthConstants.PARAM_SESSIONID, moasessionid); +//			 +////	    	String bkuid = req.getParameter(MOAIDAuthConstants.PARAM_BKU); +////	    	String useMandate = req.getParameter(MOAIDAuthConstants.PARAM_USEMANDATE); +////	    	String ccc = req.getParameter(MOAIDAuthConstants.PARAM_CCC); +////			ec.put("ccc", moasession.getCcc()); +////			ec.put("useMandate", moasession.getUseMandate()); +////			ec.put("bkuURL", moasession.getBkuURL()); +//			 +//			// select and create process instance +//			String processDefinitionId = ModuleRegistration.getInstance().selectProcess(ec); +//			if (processDefinitionId == null) { +//				Logger.warn("No suitable process found for SessionID " + moasession.getSessionID()); +//				throw new MOAIDException("process.02", new Object[] { moasession.getSessionID() }); +//			}			 +//			 +//			String processInstanceId = getProcessEngine().createProcessInstance(processDefinitionId, ec); +// +//			// keep process instance id in moa session +//			moasession.setProcessInstanceId(processInstanceId); +// +//			// make sure moa session has been persisted before running the process +//			try { +//				AuthenticationSessionStoreage.storeSession(moasession); +//			} catch (MOADatabaseException e) { +//				Logger.error("Database Error! MOASession is not stored!"); +//				throw new MOAIDException("init.04", new Object[] { moasession.getSessionID() }); +//			} +// +//			Logger.info("BKU is selected -> Start BKU communication ..."); +//			 +//			// start process +//			getProcessEngine().start(processInstanceId); +// +//		} +//	    catch (WrongParametersException ex) { +//	    	handleWrongParameters(ex, req, resp); +//	    } +//	           +//	    catch (MOAIDException ex) { +//	    	handleError(null, ex, req, resp, pendingRequestID); +// +//	    } catch (ProcessExecutionException e) { +//			Throwable cause = e.getCause(); +//			if (cause != null && cause instanceof TaskExecutionException) { +//				Throwable taskCause = cause.getCause(); +//				if (taskCause != null && taskCause instanceof WrongParametersException) { +//					WrongParametersException internalEx = (WrongParametersException) taskCause; +//					handleWrongParameters(internalEx, req, resp); +//					return; +//					 +//				} else if (taskCause != null && taskCause instanceof MOAIDException) { +//					MOAIDException moaTaskCause = (MOAIDException) taskCause; +//					handleError(null, moaTaskCause, req, resp, pendingRequestID); +//					return; +//					 +//				}									 +//			}  +//			 +//			Logger.error("BKUSelectionServlet has an interal Error.", e);				    	 +//	    	 +//	    } catch (Exception e) { +//	    	Logger.error("BKUSelectionServlet has an interal Error.", e); +//	    	 +//	    } +//	       	     +//	    finally { +//	    	 +//	    } +//	} +// +//	 +//	 +//	 +//	 +//	 +//	 +//	 +// +//} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java index fe5cd1ac0..48292cee1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java @@ -31,6 +31,8 @@ import javax.servlet.http.HttpServletResponse;  import org.apache.velocity.VelocityContext;  import org.opensaml.saml2.core.LogoutResponse;  import org.opensaml.saml2.metadata.SingleLogoutService; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Controller;  import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;  import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; @@ -43,8 +45,7 @@ import at.gv.egovernment.moa.id.moduls.SSOManager;  import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder;  import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NOSLOServiceDescriptorException;  import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException; -import at.gv.egovernment.moa.id.storage.AssertionStorage; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;  import at.gv.egovernment.moa.id.util.HTTPUtils;  import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;  import at.gv.egovernment.moa.id.util.Random; @@ -56,10 +57,13 @@ import at.gv.egovernment.moa.util.URLEncoder;   * @author tlenz   *   */ -public class IDPSingleLogOutServlet extends AuthServlet { +@Controller +public class IDPSingleLogOutServlet extends AbstractController { -	private static final long serialVersionUID = -1301786072691577221L; -		 +	@Autowired SSOManager ssoManager; +	@Autowired AuthenticationManager authManager; +	@Autowired IAuthenticationSessionStoreage authenicationStorage; +	  	protected void doGet(HttpServletRequest req, HttpServletResponse resp)  			    throws ServletException, IOException {  		Logger.debug("receive IDP SingleLogOut Request"); @@ -79,9 +83,8 @@ public class IDPSingleLogOutServlet extends AuthServlet {  			return;  		} -		 -		SSOManager ssomanager = SSOManager.getInstance();		 -		String ssoid = ssomanager.getSSOSessionID(req); +			 +		String ssoid = ssoManager.getSSOSessionID(req);  		Object restartProcessObj = req.getParameter(MOAIDAuthConstants.PARAM_SLORESTART); @@ -91,9 +94,9 @@ public class IDPSingleLogOutServlet extends AuthServlet {  		if (tokkenObj != null && tokkenObj instanceof String) {  			tokken = (String) tokkenObj;  			try {	 -				status = AssertionStorage.getInstance().get(tokken, String.class); +				status = transactionStorage.get(tokken, String.class);  				if (MiscUtil.isNotEmpty(status)) { -					AssertionStorage.getInstance().remove(tokken); +					transactionStorage.remove(tokken);  				}  				VelocityContext context = new VelocityContext(); @@ -104,13 +107,13 @@ public class IDPSingleLogOutServlet extends AuthServlet {  					context.put("errorMsg",   							MOAIDMessageProvider.getInstance().getMessage("slo.01", null)); -				ssomanager.printSingleLogOutInfo(context, resp);				 +				ssoManager.printSingleLogOutInfo(context, resp);				  			} catch (MOAIDException e) { -				handleErrorNoRedirect(e.getMessage(), e, req, resp); +				handleErrorNoRedirect(e, req, resp);  			} catch (MOADatabaseException e) { -				handleErrorNoRedirect(e.getMessage(), e, req, resp); +				handleErrorNoRedirect(e, req, resp);  			} @@ -118,16 +121,14 @@ public class IDPSingleLogOutServlet extends AuthServlet {  		} else if (MiscUtil.isNotEmpty(ssoid)) {  			try { -				if (ssomanager.isValidSSOSession(ssoid, null)) { +				if (ssoManager.isValidSSOSession(ssoid, null)) { -					AuthenticationManager authmanager = AuthenticationManager.getInstance(); -					String moaSessionID = AuthenticationSessionStoreage.getMOASessionSSOID(ssoid); +					String moaSessionID = authenicationStorage.getMOASessionSSOID(ssoid);  					if (MiscUtil.isNotEmpty(moaSessionID)) {					 -						AuthenticationSession authSession = AuthenticationSessionStoreage -								.getSession(moaSessionID); +						AuthenticationSession authSession = authenicationStorage.getSession(moaSessionID);  						if(authSession != null) { -							authmanager.performSingleLogOut(req, resp, authSession, authURL); +							authManager.performSingleLogOut(req, resp, authSession, authURL);  							return;  						} @@ -147,7 +148,7 @@ public class IDPSingleLogOutServlet extends AuthServlet {  			if (MiscUtil.isNotEmpty(restartProcess)) {  				Logger.info("Restart Single LogOut process after timeout ... ");  					try {						 -						SLOInformationContainer sloContainer = AssertionStorage.getInstance().get(restartProcess, SLOInformationContainer.class); +						SLOInformationContainer sloContainer = transactionStorage.get(restartProcess, SLOInformationContainer.class);  						if (sloContainer.hasFrontChannelOA())  							sloContainer.putFailedOA("differntent OAs"); @@ -171,13 +172,13 @@ public class IDPSingleLogOutServlet extends AuthServlet {  					        else  					        	statusCode  = MOAIDAuthConstants.SLOSTATUS_ERROR; -							AssertionStorage.getInstance().put(artifact, statusCode); -					        redirectURL = addURLParameter(redirectURL, MOAIDAuthConstants.PARAM_SLOSTATUS, artifact); +							transactionStorage.put(artifact, statusCode); +					        redirectURL = HTTPUtils.addURLParameter(redirectURL, MOAIDAuthConstants.PARAM_SLOSTATUS, artifact);  						}								 -						//redirect to Redirect Servlet -						String url = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + "/RedirectServlet"; -						url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(redirectURL, "UTF-8")); +						//redirect to Redirect Servlet						 +						String url = authURL + "/RedirectServlet"; +						url = HTTPUtils.addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(redirectURL, "UTF-8"));  						url = resp.encodeRedirectURL(url);  						resp.setContentType("text/html"); @@ -205,10 +206,11 @@ public class IDPSingleLogOutServlet extends AuthServlet {  							MOAIDMessageProvider.getInstance().getMessage("slo.01", null));  					try { -						ssomanager.printSingleLogOutInfo(context, resp); +						ssoManager.printSingleLogOutInfo(context, resp);  					} catch (MOAIDException e) {  						e.printStackTrace(); +						  					}  					return;  			}			 @@ -218,10 +220,11 @@ public class IDPSingleLogOutServlet extends AuthServlet {  		context.put("successMsg",  				MOAIDMessageProvider.getInstance().getMessage("slo.02", null));  		try {			 -			ssomanager.printSingleLogOutInfo(context, resp); +			ssoManager.printSingleLogOutInfo(context, resp);  		} catch (MOAIDException e) {  			e.printStackTrace(); +			  		}  	}  diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java index a5504ec4c..4ed276814 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java @@ -51,6 +51,7 @@ import java.io.IOException;  import javax.servlet.http.HttpServletRequest;  import javax.servlet.http.HttpServletResponse; +import org.springframework.beans.factory.annotation.Autowired;  import org.springframework.stereotype.Controller;  import org.springframework.web.bind.annotation.RequestMapping;  import org.springframework.web.bind.annotation.RequestMethod; @@ -58,9 +59,8 @@ import org.springframework.web.bind.annotation.RequestMethod;  import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;  import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;  import at.gv.egovernment.moa.id.moduls.AuthenticationManager; -import at.gv.egovernment.moa.id.moduls.RequestStorage;  import at.gv.egovernment.moa.id.moduls.SSOManager; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;  import at.gv.egovernment.moa.id.util.HTTPUtils;  import at.gv.egovernment.moa.logging.Logger;  import at.gv.egovernment.moa.util.MiscUtil; @@ -70,14 +70,16 @@ import at.gv.egovernment.moa.util.MiscUtil;  public class LogOutServlet {  	private static final String REDIRECT_URL = "redirect"; +	@Autowired private SSOManager ssomanager; +	@Autowired private AuthenticationManager authmanager; +	@Autowired private IAuthenticationSessionStoreage authenticatedSessionStorage; +	  	@RequestMapping(value = "/LogOut", method = {RequestMethod.POST, RequestMethod.GET})  	public void performLogOut(HttpServletRequest req, HttpServletResponse resp) throws IOException {  		Logger.debug("receive LogOut Request");    		String redirectUrl = (String) req.getParameter(REDIRECT_URL); -		 -		SSOManager ssomanager = SSOManager.getInstance(); -		 +				  		try {  			//get SSO token from request  			String ssoid = ssomanager.getSSOSessionID(req); @@ -103,15 +105,13 @@ public class LogOutServlet {  				//TODO: Single LogOut Implementation  				//delete SSO session and MOA session -				AuthenticationManager authmanager = AuthenticationManager.getInstance(); -				String moasessionid = AuthenticationSessionStoreage.getMOASessionSSOID(ssoid); -		 -				RequestStorage.removePendingRequest(AuthenticationSessionStoreage.getPendingRequestID(moasessionid)); -				 +				String moasessionid = authenticatedSessionStorage.getMOASessionSSOID(ssoid);  				authmanager.performOnlyIDPLogOut(req, resp, moasessionid); +				  				Logger.info("User with SSO Id " + ssoid + " is logged out and get redirect to "+ redirectUrl);  			} else {  				Logger.info("No active SSO session found. User is maybe logout already and get redirect to "+ redirectUrl); +				  			}  			//Remove SSO token diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java deleted file mode 100644 index f3e3ae8a4..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java +++ /dev/null @@ -1,122 +0,0 @@ -package at.gv.egovernment.moa.id.auth.servlet;
 -
 -import java.io.IOException;
 -
 -import javax.servlet.ServletException;
 -import javax.servlet.http.HttpServletRequest;
 -import javax.servlet.http.HttpServletResponse;
 -
 -import org.apache.commons.lang.StringEscapeUtils;
 -
 -import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
 -import at.gv.egovernment.moa.id.auth.BaseAuthenticationServer;
 -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 -import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
 -import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 -import at.gv.egovernment.moa.id.moduls.IRequest;
 -import at.gv.egovernment.moa.id.moduls.RequestStorage;
 -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
 -import at.gv.egovernment.moa.logging.Logger;
 -
 -/**
 - * Servlet that resumes a suspended process (in case of asynchronous tasks).
 - * 
 - * @author tknall
 - * 
 - */
 -public class ProcessEngineSignalServlet extends AuthServlet {
 -
 -	private static final long serialVersionUID = 1L;
 -	
 -	/**
 -	 * Sets response headers that prevent caching (code taken from {@link AuthServlet}).
 -	 * 
 -	 * @param resp
 -	 *            The HttpServletResponse.
 -	 */
 -	private void setNoCachingHeaders(HttpServletResponse resp) {
 -		resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES, MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
 -		resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA, MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
 -		resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
 -		resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
 -	}
 -
 -	/**
 -	 * Processes a GET request, delegating the call to {@link #doPost(HttpServletRequest, HttpServletResponse)}.
 -	 */
 -	@Override
 -	protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
 -		this.doPost(req, resp);
 -	}
 -
 -	/**
 -	 * Resumes the current process instance that has been suspended due to an asynchronous task. The process instance is
 -	 * retrieved from the MOA session referred to by the request parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}.
 -	 */
 -	@Override
 -	protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
 -		String sessionID = StringEscapeUtils.escapeHtml(getMoaSessionId(req));
 -
 -		setNoCachingHeaders(resp);		
 -		String pendingRequestID = null;
 -		try {
 -			
 -			if (sessionID == null) {
 -				throw new IllegalStateException("Unable to determine MOA session id.");
 -			}
 -
 -			// retrieve moa session
 -			pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
 -			
 -			IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID);
 -			if (pendingReq == null) {
 -				Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");
 -				throw new MOAIDException("auth.28", new Object[]{pendingRequestID});
 -				
 -			}
 -			
 -			AuthenticationSessionExtensions extendedSessionInformation = AuthenticationSessionStoreage.getAuthenticationSessionExtensions(sessionID);
 -			AuthenticationSession session = BaseAuthenticationServer.getSession(sessionID);
 -
 -			//add transactionID and unique sessionID to Logger
 -			if (extendedSessionInformation != null)
 -				TransactionIDUtils.setSessionId(extendedSessionInformation.getUniqueSessionId());
 -			TransactionIDUtils.setTransactionId(pendingRequestID);
 -			
 -			// process instance is mandatory
 -			if (session.getProcessInstanceId() == null) {
 -				throw new IllegalStateException("MOA session does not provide process instance id.");
 -			}
 -
 -			// wake up next task
 -			getProcessEngine().signal(session.getProcessInstanceId());
 -
 -		} catch (Exception ex) {
 -			handleError(null, ex, req, resp, pendingRequestID);
 -			
 -		} finally {
 -			//MOASessionDBUtils.closeSession();
 -			TransactionIDUtils.removeTransactionId();
 -			TransactionIDUtils.removeSessionId();
 -			
 -		}
 -
 -	}
 -
 -	/**
 -	 * Retrieves the current MOA session id from the HttpServletRequest parameter
 -	 * {@link MOAIDAuthConstants#PARAM_SESSIONID}.
 -	 * <p/>
 -	 * Note that this class/method can be overwritten by modules providing their own strategy of retrieving the
 -	 * respective MOA session id.
 -	 * 
 -	 * @param request
 -	 *            The unterlying HttpServletRequest.
 -	 * @return The current MOA session id.
 -	 */
 -	public String getMoaSessionId(HttpServletRequest request) {
 -		return StringEscapeUtils.escapeHtml(request.getParameter(MOAIDAuthConstants.PARAM_SESSIONID));
 -	}
 -
 -}
 diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java index a914659b0..ba8ace6c9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java @@ -25,13 +25,16 @@ package at.gv.egovernment.moa.id.auth.servlet;  import java.io.IOException;  import java.io.PrintWriter; -import javax.servlet.ServletException;  import javax.servlet.http.HttpServletRequest;  import javax.servlet.http.HttpServletResponse; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; +  import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;  import at.gv.egovernment.moa.id.auth.builder.RedirectFormBuilder; -  import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;  import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;  import at.gv.egovernment.moa.id.moduls.SSOManager; @@ -42,18 +45,16 @@ import at.gv.egovernment.moa.util.MiscUtil;  import at.gv.egovernment.moa.util.URLEncoder; - -public class RedirectServlet extends AuthServlet{ - -	private static final long serialVersionUID = 1L; +@Controller +public class RedirectServlet {  	public static final String REDIRCT_PARAM_URL = "redirecturl"; -  	private static final String DEFAULT_REDIRECTTARGET = "_parent"; +	@Autowired SSOManager ssoManager; -	protected void doGet(HttpServletRequest req, HttpServletResponse resp) -			throws ServletException, IOException { +	@RequestMapping(value = "/RedirectServlet", method = RequestMethod.GET) +	public void performLogOut(HttpServletRequest req, HttpServletResponse resp) throws IOException {  		Logger.debug("Receive " + RedirectServlet.class + " Request");  		String url = req.getParameter(REDIRCT_PARAM_URL); @@ -89,12 +90,12 @@ public class RedirectServlet extends AuthServlet{  					if (MiscUtil.isNotEmpty(target)) {  //						redirectURL = addURLParameter(redirectURL, PARAM_TARGET,  //								URLEncoder.encode(session.getTarget(), "UTF-8")); -						url = addURLParameter(url, MOAIDAuthConstants.PARAM_TARGET, +						url = HTTPUtils.addURLParameter(url, MOAIDAuthConstants.PARAM_TARGET,  								URLEncoder.encode(target, "UTF-8"));  					} -					url = addURLParameter(url, MOAIDAuthConstants.PARAM_SAMLARTIFACT, +					url = HTTPUtils.addURLParameter(url, MOAIDAuthConstants.PARAM_SAMLARTIFACT,  							URLEncoder.encode(artifact, "UTF-8"));  					url = resp.encodeRedirectURL(url); @@ -109,8 +110,7 @@ public class RedirectServlet extends AuthServlet{  				} else if (MiscUtil.isNotEmpty(interIDP)) {  					//store IDP identifier and redirect to generate AuthRequst service					  					Logger.info("Receive an interfederation redirect request for IDP " + interIDP);					 -					SSOManager sso = SSOManager.getInstance(); -					sso.setInterfederationIDPCookie(req, resp, interIDP); +					ssoManager.setInterfederationIDPCookie(req, resp, interIDP);  					Logger.debug("Redirect to " + url);					  					url = resp.encodeRedirectURL(url);					 @@ -141,7 +141,7 @@ public class RedirectServlet extends AuthServlet{  		} +		  	} -  } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SAML2InterfederationSignalServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SAML2InterfederationSignalServlet.java index 62ee1ed85..1d18ccb2c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SAML2InterfederationSignalServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SAML2InterfederationSignalServlet.java @@ -28,9 +28,7 @@ package at.gv.egovernment.moa.id.auth.servlet;   */  public class SAML2InterfederationSignalServlet extends -		ProcessEngineSignalServlet { - -	private static final long serialVersionUID = 8208970012249149156L; +		AbstractProcessEngineSignalController {  	//TODO: getMOASessionID from SAML2 relayState diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java index 064431a6b..4c895e387 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java @@ -1,176 +1,177 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - *  - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - *  - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - *  - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -package at.gv.egovernment.moa.id.auth.servlet; - -import java.io.IOException; - -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.commons.lang.StringEscapeUtils; - -import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.moduls.ModulUtils; -import at.gv.egovernment.moa.id.moduls.RequestStorage; -import at.gv.egovernment.moa.id.moduls.SSOManager; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; -import at.gv.egovernment.moa.id.util.ParamValidatorUtils; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; - -public class SSOSendAssertionServlet extends AuthServlet{ - -	private static final long serialVersionUID = 1L; - -	private static final String PARAM = "value"; -	private static final String MODULE = "mod"; -	private static final String ACTION = "action"; -	private static final String ID = "identifier"; -	 -	protected void doPost(HttpServletRequest req, HttpServletResponse resp) -			throws ServletException, IOException { -		 -		String id = null; -		Logger.debug("Receive " + SSOSendAssertionServlet.class + " Request"); -		try { -			 -			Object idObject = req.getParameter(ID); -			 -			if (idObject != null && (idObject instanceof String)) { -				id = (String) idObject; -			} -			 -			String value = req.getParameter(PARAM); -			value = StringEscapeUtils.escapeHtml(value); -			if (!ParamValidatorUtils.isValidUseMandate(value)) -				throw new WrongParametersException("SSOSendAssertionServlet", PARAM, null);		     - -			//get module and action -			Object moduleObject = req.getParameter(MODULE); -			String module = null; -			if (moduleObject != null && (moduleObject instanceof String)) { -				module = (String) moduleObject; -			} -			 - -			Object actionObject = req.getParameter(ACTION); -			String action = null; -			if (actionObject != null && (actionObject instanceof String)) { -				action = (String) actionObject; -			} -						 -			if (MiscUtil.isEmpty(module) || MiscUtil.isEmpty(action) || MiscUtil.isEmpty(id)) { -				Logger.warn("No Moduel or Action parameter received!"); -				throw new WrongParametersException("Module or Action is empty", "", "auth.10"); -			} -			 -			 -			SSOManager ssomanager = SSOManager.getInstance(); -			//get SSO Cookie for Request -			String ssoId = ssomanager.getSSOSessionID(req); -		 -			//check SSO session -			if (ssoId != null) { -				String correspondingMOASession = ssomanager.existsOldSSOSession(ssoId); -			 -				if (correspondingMOASession != null) { -					Logger.warn("Request sends an old SSO Session ID("+ssoId+")! " + -							"Invalidate the corresponding MOASession with ID="+ correspondingMOASession); -				 - -					AuthenticationSessionStoreage.destroySession(correspondingMOASession); -					 -					ssomanager.deleteSSOSessionID(req, resp); -				} -			} -		 -			boolean isValidSSOSession = ssomanager.isValidSSOSession(ssoId, null); -		 -			String moaSessionID = null; -			 -			if (isValidSSOSession) { -			 -				 -				//check UseMandate flag -				String valueString = null;; -				if ((value != null) && (value.compareTo("") != 0)) { -					valueString = value; -				} else { -					valueString = "false"; -				} - -				if (valueString.compareToIgnoreCase("true") == 0) { -					moaSessionID = AuthenticationSessionStoreage.getMOASessionSSOID(ssoId); -					AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moaSessionID); -					AuthenticationSessionStoreage.setAuthenticated(moaSessionID, true); - -					//log event -					//String pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID); -					IRequest pendingReq = RequestStorage.getPendingRequest(id); -					MOAReversionLogger.getInstance().logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_FINISHED); -					 -					String redirectURL = new DataURLBuilder().buildDataURL(moasession.getAuthURL(),  -							ModulUtils.buildAuthURL(module, action, id), ""); -					 -					resp.setContentType("text/html"); -					resp.setStatus(302); -				 -					 -					resp.addHeader("Location", redirectURL);		 -					Logger.debug("REDIRECT TO: " + redirectURL); -					 -				} -					 -				else { -					throw new AuthenticationException("auth.21", new Object[] {}); -				} -			 -			} else { -				handleError("SSO Session is not valid", null, req, resp, id); -			} -			 -			 -		} catch (MOADatabaseException e) { -			handleError("SSO Session is not found", e, req, resp, id); -			 -		} catch (WrongParametersException e) { -			handleError("Parameter is not valid", e, req, resp, id); -			 -		} catch (AuthenticationException e) { -			handleError(e.getMessage(), e, req, resp, id); -			 -	    } catch (Exception e) { -	    	Logger.error("SSOSendAssertion has an interal Error.", e); -	    } -	        -	} - -} +///******************************************************************************* +// * Copyright 2014 Federal Chancellery Austria +// * MOA-ID has been developed in a cooperation between BRZ, the Federal +// * Chancellery Austria - ICT staff unit, and Graz University of Technology. +// *  +// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by +// * the European Commission - subsequent versions of the EUPL (the "Licence"); +// * You may not use this work except in compliance with the Licence. +// * You may obtain a copy of the Licence at: +// * http://www.osor.eu/eupl/ +// *  +// * Unless required by applicable law or agreed to in writing, software +// * distributed under the Licence is distributed on an "AS IS" basis, +// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// * See the Licence for the specific language governing permissions and +// * limitations under the Licence. +// *  +// * This product combines work with different licenses. See the "NOTICE" text +// * file for details on the various modules and licenses. +// * The "NOTICE" text file is part of the distribution. Any derivative works +// * that you distribute must include a readable copy of the "NOTICE" text file. +// ******************************************************************************/ +//package at.gv.egovernment.moa.id.auth.servlet; +// +//import java.io.IOException; +// +//import javax.servlet.ServletException; +//import javax.servlet.http.HttpServletRequest; +//import javax.servlet.http.HttpServletResponse; +// +//import org.apache.commons.lang.StringEscapeUtils; +// +//import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +//import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; +//import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +//import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +//import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; +//import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +//import at.gv.egovernment.moa.id.moduls.IRequest; +//import at.gv.egovernment.moa.id.moduls.RequestStorage; +//import at.gv.egovernment.moa.id.moduls.SSOManager; +//import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +//import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +//import at.gv.egovernment.moa.logging.Logger; +//import at.gv.egovernment.moa.util.MiscUtil; +// +//public class SSOSendAssertionServlet extends AuthServlet{ +// +//	private static final long serialVersionUID = 1L; +// +//	private static final String PARAM = "value"; +//	private static final String MODULE = "mod"; +//	private static final String ACTION = "action"; +//	private static final String ID = "identifier"; +//	 +//	protected void doPost(HttpServletRequest req, HttpServletResponse resp) +//			throws ServletException, IOException { +//		 +//		String id = null; +//		Logger.debug("Receive " + SSOSendAssertionServlet.class + " Request"); +//		try { +//			 +//			Object idObject = req.getParameter(ID); +//			 +//			if (idObject != null && (idObject instanceof String)) { +//				id = (String) idObject; +//			} +//			 +//			String value = req.getParameter(PARAM); +//			value = StringEscapeUtils.escapeHtml(value); +//			if (!ParamValidatorUtils.isValidUseMandate(value)) +//				throw new WrongParametersException("SSOSendAssertionServlet", PARAM, null);		     +// +//			//get module and action +//			Object moduleObject = req.getParameter(MODULE); +//			String module = null; +//			if (moduleObject != null && (moduleObject instanceof String)) { +//				module = (String) moduleObject; +//			} +//			 +// +//			Object actionObject = req.getParameter(ACTION); +//			String action = null; +//			if (actionObject != null && (actionObject instanceof String)) { +//				action = (String) actionObject; +//			} +//						 +//			if (MiscUtil.isEmpty(module) || MiscUtil.isEmpty(action) || MiscUtil.isEmpty(id)) { +//				Logger.warn("No Moduel or Action parameter received!"); +//				throw new WrongParametersException("Module or Action is empty", "", "auth.10"); +//			} +//			 +//			 +//			SSOManager ssomanager = SSOManager.getInstance(); +//			//get SSO Cookie for Request +//			String ssoId = ssomanager.getSSOSessionID(req); +//		 +//			//check SSO session +//			if (ssoId != null) { +//				String correspondingMOASession = ssomanager.existsOldSSOSession(ssoId); +//			 +//				if (correspondingMOASession != null) { +//					Logger.warn("Request sends an old SSO Session ID("+ssoId+")! " + +//							"Invalidate the corresponding MOASession with ID="+ correspondingMOASession); +//				 +// +//					AuthenticationSessionStoreage.destroySession(correspondingMOASession); +//					 +//					ssomanager.deleteSSOSessionID(req, resp); +//				} +//			} +//		 +//			boolean isValidSSOSession = ssomanager.isValidSSOSession(ssoId, null); +//		 +//			String moaSessionID = null; +//			 +//			if (isValidSSOSession) { +//			 +//				 +//				//check UseMandate flag +//				String valueString = null;; +//				if ((value != null) && (value.compareTo("") != 0)) { +//					valueString = value; +//				} else { +//					valueString = "false"; +//				} +// +//				if (valueString.compareToIgnoreCase("true") == 0) { +//					moaSessionID = AuthenticationSessionStoreage.getMOASessionSSOID(ssoId); +//					AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moaSessionID); +//					AuthenticationSessionStoreage.setAuthenticated(moaSessionID, true); +// +//					//log event +//					//String pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID); +//					IRequest pendingReq = RequestStorage.getPendingRequest(id); +//					MOAReversionLogger.getInstance().logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_FINISHED); +//					 +//					//TODO: only for development!!!!!!! +////					String redirectURL = new DataURLBuilder().buildDataURL(moasession.getAuthURL(),  +////							ModulUtils.buildAuthURL(module, action, id), ""); +//					 +//					String redirectURL = "Remove commants in Class:SSOSendAssertionServlet Line:141";  +//					 +//					resp.setContentType("text/html"); +//					resp.setStatus(302); +//				 +//					 +//					resp.addHeader("Location", redirectURL);		 +//					Logger.debug("REDIRECT TO: " + redirectURL); +//					 +//				} +//					 +//				else { +//					throw new AuthenticationException("auth.21", new Object[] {}); +//				} +//			 +//			} else { +//				handleError("SSO Session is not valid", null, req, resp, id); +//			} +//			 +//			 +//		} catch (MOADatabaseException e) { +//			handleError("SSO Session is not found", e, req, resp, id); +//			 +//		} catch (WrongParametersException e) { +//			handleError("Parameter is not valid", e, req, resp, id); +//			 +//		} catch (AuthenticationException e) { +//			handleError(e.getMessage(), e, req, resp, id); +//			 +//	    } catch (Exception e) { +//	    	Logger.error("SSOSendAssertion has an interal Error.", e); +//	    } +//	        +//	} +// +//} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java index b68f42086..7f0a1c157 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java @@ -74,6 +74,8 @@ public interface IOAAuthParameters {  	public boolean isSTORKPVPGateway(); +	public boolean isRemovePBKFromAuthBlock(); +	  	/**  	 * @return the identityLinkDomainIdentifier  	 */ diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java index 386e04f45..171940063 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java @@ -486,4 +486,13 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{  		// TODO Auto-generated method stub  		return false;  	} + +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isRemovePBKFromAuthBlock() +	 */ +	@Override +	public boolean isRemovePBKFromAuthBlock() { +		// TODO Auto-generated method stub +		return false; +	}  } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index d1c3401a1..c7f86c167 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -1,624 +1,624 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.entrypoints; - -import java.io.IOException; -import java.util.Iterator; - -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; -import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger; -import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; -import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; -import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.SLOInformationInterface; -import at.gv.egovernment.moa.id.moduls.AuthenticationManager; -import at.gv.egovernment.moa.id.moduls.IAction; -import at.gv.egovernment.moa.id.moduls.IModulInfo; -import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.moduls.ModulStorage; -import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException; -import at.gv.egovernment.moa.id.moduls.RequestStorage; -import at.gv.egovernment.moa.id.moduls.SSOManager; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestValidatorException; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; -import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl; -import at.gv.egovernment.moa.id.util.ErrorResponseUtils; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; -import at.gv.egovernment.moa.id.util.Random; -import at.gv.egovernment.moa.id.util.legacy.LegacyHelper; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; - -public class DispatcherServlet extends AuthServlet{ - -	/** -	 *  -	 */ -	private static final long serialVersionUID = 1L; - -	public static final String PARAM_TARGET_MODULE = "mod"; -	public static final String PARAM_TARGET_ACTION = "action"; -	public static final String PARAM_TARGET_PENDINGREQUESTID = "pendingid"; - -//	@Override -//	public void init(ServletConfig config) throws ServletException { -//		try { -//			super.init(config); -//			MOAIDAuthInitializer.initialize(); -//			Logger.info(MOAIDMessageProvider.getInstance().getMessage( -//					"init.00", null)); +///******************************************************************************* +// * Copyright 2014 Federal Chancellery Austria +// * MOA-ID has been developed in a cooperation between BRZ, the Federal +// * Chancellery Austria - ICT staff unit, and Graz University of Technology. +// * +// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by +// * the European Commission - subsequent versions of the EUPL (the "Licence"); +// * You may not use this work except in compliance with the Licence. +// * You may obtain a copy of the Licence at: +// * http://www.osor.eu/eupl/ +// * +// * Unless required by applicable law or agreed to in writing, software +// * distributed under the Licence is distributed on an "AS IS" basis, +// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// * See the Licence for the specific language governing permissions and +// * limitations under the Licence. +// * +// * This product combines work with different licenses. See the "NOTICE" text +// * file for details on the various modules and licenses. +// * The "NOTICE" text file is part of the distribution. Any derivative works +// * that you distribute must include a readable copy of the "NOTICE" text file. +// *******************************************************************************/ +//package at.gv.egovernment.moa.id.entrypoints; +// +//import java.io.IOException; +//import java.util.Iterator; +// +//import javax.servlet.ServletException; +//import javax.servlet.http.HttpServletRequest; +//import javax.servlet.http.HttpServletResponse; +// +//import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +//import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; +//import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger; +//import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; +//import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +//import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder; +//import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +//import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +//import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; +//import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +//import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; +//import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; +//import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; +//import at.gv.egovernment.moa.id.config.ConfigurationException; +//import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; +//import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +//import at.gv.egovernment.moa.id.data.IAuthData; +//import at.gv.egovernment.moa.id.data.SLOInformationInterface; +//import at.gv.egovernment.moa.id.moduls.AuthenticationManager; +//import at.gv.egovernment.moa.id.moduls.IAction; +//import at.gv.egovernment.moa.id.moduls.IModulInfo; +//import at.gv.egovernment.moa.id.moduls.IRequest; +//import at.gv.egovernment.moa.id.moduls.ModulStorage; +//import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException; +//import at.gv.egovernment.moa.id.moduls.RequestStorage; +//import at.gv.egovernment.moa.id.moduls.SSOManager; +//import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestValidatorException; +//import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +//import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl; +//import at.gv.egovernment.moa.id.util.ErrorResponseUtils; +//import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +//import at.gv.egovernment.moa.id.util.Random; +//import at.gv.egovernment.moa.id.util.legacy.LegacyHelper; +//import at.gv.egovernment.moa.logging.Logger; +//import at.gv.egovernment.moa.util.MiscUtil; +// +//public class DispatcherServlet extends AuthServlet{ +// +//	/** +//	 *  +//	 */ +//	private static final long serialVersionUID = 1L; +// +//	public static final String PARAM_TARGET_MODULE = "mod"; +//	public static final String PARAM_TARGET_ACTION = "action"; +//	public static final String PARAM_TARGET_PENDINGREQUESTID = "pendingid"; +// +////	@Override +////	public void init(ServletConfig config) throws ServletException { +////		try { +////			super.init(config); +////			MOAIDAuthInitializer.initialize(); +////			Logger.info(MOAIDMessageProvider.getInstance().getMessage( +////					"init.00", null)); +////		 +////			Logger.info("Dispatcher Servlet initialization finished."); +////			 +////		} catch (Exception ex) { +////			Logger.fatal( +////					MOAIDMessageProvider.getInstance().getMessage("init.02", +////							null), ex); +////			 +////			//throw new ServletException(ex); +////			 +////		} +////		 +////	} +// +//	protected void processRequest(HttpServletRequest req, +//			HttpServletResponse resp) throws ServletException, IOException { +//		boolean isValidSSOSession = false; +//		boolean useSSOOA = false; +//		String protocolRequestID = null;  //		 -//			Logger.info("Dispatcher Servlet initialization finished."); +//		try { +//			Logger.debug("REQUEST: " + req.getRequestURI()); +//			Logger.debug("QUERY  : " + req.getQueryString()); +//			 +// +//// *** start of error handling *** +//			 +//			String errorid = req.getParameter(ERROR_CODE_PARAM); +//			if (errorid != null) { +// +//				Throwable throwable = DBExceptionStoreImpl.getStore() +//						.fetchException(errorid); +//				DBExceptionStoreImpl.getStore().removeException(errorid); +//				 +//				Object idObject = req.getParameter(PARAM_TARGET_PENDINGREQUESTID); +// +//				//Map<String, IRequest> errorRequests = RequestStorage.getPendingRequest(req.getSession()); +//				 +//				String pendingRequestID = null; +//				if (idObject != null && (idObject instanceof String)) { +//					pendingRequestID = (String) idObject;  +//				} +//				 +//				if (throwable != null) { +//													 +//						IRequest errorRequest = null; +//						if (pendingRequestID != null) { +//							errorRequest = RequestStorage.getPendingRequest(pendingRequestID); +//						 +//						} +//						 +//						if (errorRequest != null) { +//							RequestStorage.removePendingRequest(pendingRequestID); +//							MOAReversionLogger.getInstance().logEvent(errorRequest, MOAIDEventConstants.TRANSACTION_ERROR); +//							 +//							try { +//								IModulInfo handlingModule = ModulStorage +//										.getModuleByPath(errorRequest +//												.requestedModule()); +//								if (handlingModule != null) { +//																	 +//									if (handlingModule.generateErrorMessage( +//											throwable, req, resp, errorRequest)) { +//								 +//										//log Error Message +//										StatisticLogger logger = StatisticLogger.getInstance(); +//										logger.logErrorOperation(throwable, errorRequest); +//										 +//										//remove MOASession +//										AuthenticationSession moaSession = AuthenticationSessionStoreage.getSessionWithPendingRequestID(pendingRequestID); +//										if (moaSession != null) +//											AuthenticationManager.getInstance().performOnlyIDPLogOut(req, resp, moaSession.getSessionID()); +//										 +//										return; +//										 +//									} else { +//										handleErrorNoRedirect(throwable.getMessage(), throwable, +//												req, resp); +//										 +//									} +//								} +//								 +//							} catch (Throwable e) { +//								Logger.error(e); +//								handleErrorNoRedirect(throwable.getMessage(), +//										throwable, req, resp); +//							} +//							 +//						} else { +//							handleErrorNoRedirect(throwable.getMessage(), throwable, +//									req, resp); +//						} +//						 +//					} else +//						handleErrorNoRedirect(MOAIDMessageProvider.getInstance().getMessage("auth.26", null),  +//								null, req, resp); +//					 +//				return; +//			} +// +//// *** end of error handling *** +// +//			 +//// *** start of protocol specific stuff *** +// +//			Object moduleObject = req.getParameter(PARAM_TARGET_MODULE); +//			String module = null; +//			if (moduleObject != null && (moduleObject instanceof String)) { +//				module = (String) moduleObject; +//			} +// +//			if (module == null) { +//				module = (String) req.getAttribute(PARAM_TARGET_MODULE); +//			} +// +//			Object actionObject = req.getParameter(PARAM_TARGET_ACTION); +//			String action = null; +//			if (actionObject != null && (actionObject instanceof String)) { +//				action = (String) actionObject; +//			} +// +//			if (action == null) { +//				action = req.getParameter(PARAM_TARGET_ACTION); +//			} +//			 +//			Logger.debug("dispatching to " + module + " protocol " + action); +// +//			IModulInfo info = ModulStorage.getModuleByPath(module); +// +//			IAction moduleAction = null; +// +//			if (info == null) { +// +//				Iterator<IModulInfo> modules = ModulStorage.getAllModules() +//						.iterator(); +//				while (modules.hasNext()) { +//					info = modules.next(); +//					moduleAction = info.canHandleRequest(req, resp); +//					if (moduleAction != null) { +//						action = moduleAction.getDefaultActionName(); +//						module = info.getPath(); +//						break; +//					} +//					info = null; +//				} +// +//				if (moduleAction == null) { +//					resp.sendError(HttpServletResponse.SC_NOT_FOUND); +//					Logger.error("Protocol " + module +//							+ " has no module registered"); +//					return; +//				} +//			} +// +//			if (moduleAction == null) { +//				moduleAction = info.getAction(action); +// +//				if (moduleAction == null) { +//					resp.sendError(HttpServletResponse.SC_NOT_FOUND); +//					Logger.error("Action " + action + " is not available!"); +//					return; +//				} +//			} +// +//			//get SSO Cookie for Request +//			SSOManager ssomanager = SSOManager.getInstance(); +//			String ssoId = ssomanager.getSSOSessionID(req);  //			 -//		} catch (Exception ex) { -//			Logger.fatal( -//					MOAIDMessageProvider.getInstance().getMessage("init.02", -//							null), ex); +//			IRequest protocolRequest = null; +//			String uniqueSessionIdentifier = null;  //			 -//			//throw new ServletException(ex); +//			try { +//				Object idObject = req.getParameter(PARAM_TARGET_PENDINGREQUESTID); +//	 +//				if (idObject != null && (idObject instanceof String)) { +//								 +//					protocolRequestID = (String) idObject; +//					protocolRequest = RequestStorage.getPendingRequest(protocolRequestID); +//					 +//					//get IRequest if it exits +//					if (protocolRequest != null) { +//						Logger.debug(DispatcherServlet.class.getName()+": Found PendingRequest with ID " + protocolRequestID); +//						 +//					} else { +//						Logger.error("No PendingRequest with ID " + protocolRequestID + " found.!");		 +//						handleErrorNoRedirect("Während des Anmeldevorgangs ist ein Fehler aufgetreten. Bitte versuchen Sie es noch einmal.", +//								null, req, resp);							 +//						return; +//					} +//				} else { +//					try { +//						 +//						//load unique session identifier with SSO-sessionID +//						uniqueSessionIdentifier = ssomanager.getUniqueSessionIdentifier(ssoId);											 +//						if (MiscUtil.isEmpty(uniqueSessionIdentifier)) +//							uniqueSessionIdentifier = Random.nextRandom(); +//						TransactionIDUtils.setSessionId(uniqueSessionIdentifier); +//												 +//						//set transactionID to Logger +//						protocolRequestID = Random.nextRandom(); +//						TransactionIDUtils.setTransactionId(protocolRequestID); +// +//						//log information for security and process reversion +//						MOAReversionLogger.getInstance().logEvent(MOAIDEventConstants.SESSION_CREATED, uniqueSessionIdentifier); +//						MOAReversionLogger.getInstance().logEvent(MOAIDEventConstants.TRANSACTION_CREATED, protocolRequestID);						 +//						MOAReversionLogger.getInstance().logEvent(uniqueSessionIdentifier, protocolRequestID, MOAIDEventConstants.TRANSACTION_IP, req.getRemoteAddr());						 +//						 +//						protocolRequest = info.preProcess(req, resp, action, uniqueSessionIdentifier, protocolRequestID); +//												 +//						//request is a valid interfederation response  +//						if (protocolRequest != null &&  +//								protocolRequest.getInterfederationResponse() != null ) {							 +//							Logger.debug("Create new interfederated MOA-Session and add to HTTPRequest"); +// +//							//reload SP protocol implementation  +//							info = ModulStorage.getModuleByPath(protocolRequest.requestedModule()); +//							moduleAction = info.getAction(protocolRequest.requestedAction()); +// +//							//create interfederated MOASession +//							String sessionID =  +//									AuthenticationSessionStoreage.createInterfederatedSession(protocolRequest, true, ssoId); +//							req.getParameterMap().put(MOAIDAuthConstants.PARAM_SESSIONID, new String[]{ sessionID }); +//														 +//							Logger.info("PreProcessing of SSO interfederation response complete. "); +// +//						//request is a not valid interfederation response    +//						} else if (protocolRequest != null && +//								MiscUtil.isNotEmpty(protocolRequest.getRequestID())) { +//							 +//							OAAuthParameter oaParams = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(protocolRequest.getOAURL()); +//							if (!oaParams.isPerformLocalAuthenticationOnInterfederationError()) { +//								// -> send end error to service provider +//								Logger.info("Federated authentication for entity " + protocolRequest.getOAURL()  +//										+ " FAILED. Sending error message to service provider.");								 +//								MOAIDException e = new MOAIDException("auth.27", new Object[]{});								 +//								IModulInfo requestedModul = ModulStorage.getModuleByPath(protocolRequest.requestedModule());								 +//								if (!requestedModul.generateErrorMessage(e, req, resp, protocolRequest)) +//									handleErrorNoRedirect(e.getMessage(), e, req, +//											resp); +//								 +//								return; +//																 +//							} else +//								//-> Restart local authentication +//								Logger.info("Restart authentication with stored " + protocolRequest.requestedModule()  +//										+ " AuthnRequest for OnlineApplication " + protocolRequest.getOAURL()); +//							 +//						//request is a new authentication request	 +//						} else if (protocolRequest != null && +//								MiscUtil.isEmpty(protocolRequest.getRequestID())) {															 +//							//Start new Authentication +//							protocolRequest.setModule(module); +//							 +//							//if preProcessing has not set a specific action from decoded request  +//							//   then set the default action +//							if (MiscUtil.isEmpty(protocolRequest.requestedAction())) +//									protocolRequest.setAction(action); +//							else +//								moduleAction = info.getAction(protocolRequest.requestedAction()); +//							 +//							protocolRequest.setRequestID(protocolRequestID); +//							protocolRequest.setSessionIdentifier(uniqueSessionIdentifier); +//							RequestStorage.setPendingRequest(protocolRequest);							 +//							Logger.debug(DispatcherServlet.class.getName()+": Create PendingRequest with ID " + protocolRequestID + "."); +// +//																										 +//						} else { +//							Logger.error("Failed to generate a valid protocol request!"); +//							resp.setContentType("text/html;charset=UTF-8"); +//							resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "NO valid protocol request received!"); +//							return; +//							 +//						} +//																	 +//					} catch (ProtocolNotActiveException e) { +//						resp.getWriter().write(e.getMessage()); +//						resp.setContentType("text/html;charset=UTF-8"); +//						resp.sendError(HttpServletResponse.SC_FORBIDDEN, e.getMessage()); +//						return; +//						 +//					} catch (AuthnRequestValidatorException e) { +//						//log Error Message +//						StatisticLogger logger = StatisticLogger.getInstance(); +//						logger.logErrorOperation(e, e.getErrorRequest()); +//						 +//						//TODO: maybe add some error message handling??? +//						 +//						return; +//						 +//					}catch (InvalidProtocolRequestException e) { +//						ErrorResponseUtils utils = ErrorResponseUtils.getInstance(); +//						String code = utils.mapInternalErrorToExternalError(e.getMessageId()); +//						String descr = e.getMessage(); +//						Logger.error("Protocol validation FAILED!"); +//						resp.setContentType("text/html;charset=UTF-8"); +//						resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "Protocol validation FAILED!" + +//								"(Errorcode=" + code + +//								" | Description=" + descr + ")"); +//						return; +//					} catch (ConfigurationException e) {	 +//						resp.setContentType("text/html;charset=UTF-8"); +//						resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "NO valid protocol request received!" + +//								"(Errorcode=9199" +//								+" | Description="+ e.getMessage() + ")"); +//						return; +//						 +//					} catch (MOAIDException e) {						 +//						Logger.error("Failed to generate a valid protocol request!"); +//						resp.setContentType("text/html;charset=UTF-8"); +//						resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "NO valid protocol request received!" + +//								"(Errorcode=6000" +//								+" | Description=Das Authentifizierungsprotokoll wurde nicht erkannt oder wird nicht unterst\u00FCzt" + ")"); +//						return; +//						 +//					} +//				} +//						 +//// *** end of protocol specific stuff *** +//				 +//				if (protocolRequest != null) +//					MOAReversionLogger.getInstance().logEvent(protocolRequest.getOnlineApplicationConfiguration(),  +//							protocolRequest, MOAIDEventConstants.AUTHPROTOCOL_TYPE, protocolRequest.requestedModule()); +//				 +//// *** start handling authentication *** +//				 +//				AuthenticationManager authmanager = AuthenticationManager.getInstance();									 +//				 +//				String moasessionID = null; +//				String newSSOSessionId = null; +//				AuthenticationSession moasession = null;	 +//				IAuthData authData = null; +//									 +//				boolean needAuthentication = moduleAction.needAuthentication(protocolRequest, req, resp);				 +//				 +//				if (needAuthentication) { +//										 +//					//check if interfederation IDP is requested +//					ssomanager.checkInterfederationIsRequested(req, resp, protocolRequest); +//					 +//					//check SSO session +//					if (ssoId != null) { +//						String correspondingMOASession = ssomanager.existsOldSSOSession(ssoId); +//						 +//						if (correspondingMOASession != null) { +//							Logger.warn("Request sends an old SSO Session ID("+ssoId+")! " + +//									"Invalidate the corresponding MOASession with ID="+ correspondingMOASession); +//							 +//							MOAReversionLogger.getInstance().logEvent(protocolRequest.getOnlineApplicationConfiguration(),  +//									protocolRequest, MOAIDEventConstants.AUTHPROCESS_SSO_INVALID); +//							 +//							AuthenticationSessionStoreage.destroySession(correspondingMOASession); +//							ssomanager.deleteSSOSessionID(req, resp); +//						} +//					} +//				 +//					//load Parameters from OnlineApplicationConfiguration +//					OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance() +//							.getOnlineApplicationParameter(protocolRequest.getOAURL()); +//					 +//					if (oaParam == null) { +//						throw new AuthenticationException("auth.00", new Object[] { protocolRequest.getOAURL() }); +//					} +// +//					 +//					isValidSSOSession = ssomanager.isValidSSOSession(ssoId, protocolRequest); +//					useSSOOA = oaParam.useSSO() || oaParam.isInderfederationIDP(); +//					 +//					 +//					//if a legacy request is used SSO should not be allowed, actually +//					boolean isUseMandateRequested = LegacyHelper.isUseMandateRequested(req); +//					 +//					if (protocolRequest.isPassiv() +//							&& protocolRequest.forceAuth()) { +//						// conflict! +//						throw new NoPassivAuthenticationException(); +//					} +//					 +//					boolean tryperform = authmanager.tryPerformAuthentication( +//							req, resp); +//					 +//					if (tryperform) +//						MOAReversionLogger.getInstance().logEvent(protocolRequest.getOnlineApplicationConfiguration(),  +//								protocolRequest, MOAIDEventConstants.AUTHPROCESS_FINISHED); +//					else +//						MOAReversionLogger.getInstance().logEvent(protocolRequest.getOnlineApplicationConfiguration(),  +//								protocolRequest, MOAIDEventConstants.AUTHPROCESS_SERVICEPROVIDER, protocolRequest.getOAURL()); +//										 +//					if (protocolRequest.forceAuth()) {	 +//						if (!tryperform) { +//							authmanager.doAuthentication(req, resp, +//									protocolRequest); +//							return; +//						} +//					} else if (protocolRequest.isPassiv()) { +//						if (tryperform || (isValidSSOSession && useSSOOA && !isUseMandateRequested) ) { +//							// Passive authentication ok! +//						} else { +//							throw new NoPassivAuthenticationException(); +//						} +//					} else { +//						if (tryperform || (isValidSSOSession && useSSOOA  && !isUseMandateRequested) ) { +//							// Is authenticated .. proceed +//						} else { +//							// Start authentication! +//							authmanager.doAuthentication(req, resp, +//									protocolRequest); +//							return; +//						} +//					} +//					 +//					if ((useSSOOA || isValidSSOSession)) //TODO: SSO with mandates requires an OVS extension   +//					{ +//					 +//						if (useSSOOA && isValidSSOSession) { +//						 +//							MOAReversionLogger.getInstance().logEvent(protocolRequest.getOnlineApplicationConfiguration(),  +//									protocolRequest, MOAIDEventConstants.AUTHPROCESS_SSO); +//							 +//							moasessionID = ssomanager.getMOASession(ssoId); +//							moasession = AuthenticationSessionStoreage.getSession(moasessionID); +//							 +//							//use new OAParameter						 +//							if (oaParam.useSSOQuestion() && !AuthenticationSessionStoreage.isAuthenticated(moasessionID)) {							 +//							  authmanager.sendTransmitAssertionQuestion(req, resp, protocolRequest, oaParam); +//							  return;  +//							} +//							 +//						} else {							 +//							moasessionID = (String) req.getParameter(MOAIDAuthConstants.PARAM_SESSIONID);														 +//							moasession = AuthenticationSessionStoreage.getSession(moasessionID); +//							 +//						}						 +//						//save SSO session usage in Database +//						if (useSSOOA) { +//							newSSOSessionId = ssomanager.createSSOSessionInformations(moasessionID, protocolRequest.getOAURL()); +//					 +//							if (MiscUtil.isNotEmpty(newSSOSessionId)) { +//								ssomanager.setSSOSessionID(req, resp, newSSOSessionId); +//						 +//							} else { +//								ssomanager.deleteSSOSessionID(req, resp); +//							 +//							} +//						} +//						 +//					} else {						 +//						moasessionID = (String) req.getParameter(MOAIDAuthConstants.PARAM_SESSIONID);						 +//						moasession = AuthenticationSessionStoreage.getSession(moasessionID); +//						moasessionID = AuthenticationSessionStoreage.changeSessionID(moasession); +//						 +//					} +// +//					//build authenticationdata from session information and OA configuration +//					authData = AuthenticationDataBuilder.buildAuthenticationData(protocolRequest, moasession);					 +//				} +// +//// *** end handling authentication *** +// +//// *** start finalizing authentication (SSO, final redirects, statistic logging etc) *** +//				 +//				SLOInformationInterface assertionID = moduleAction.processRequest(protocolRequest, req, resp, authData); +// +//				RequestStorage.removePendingRequest(protocolRequestID); +//				 +//				if (needAuthentication) { +//					boolean isSSOSession = MiscUtil.isNotEmpty(newSSOSessionId) && useSSOOA; +//					 +//					if ((useSSOOA || isSSOSession) //TODO: SSO with mandates requires an OVS extension  +//						&& !moasession.getUseMandate()) {  +//					 +//						try { +//							//Store OA specific SSO session information  +//							AuthenticationSessionStoreage.addSSOInformation(moasessionID,  +//									newSSOSessionId, assertionID, protocolRequest); +//														 +//						} catch (AuthenticationException e) { +//							Logger.warn("SSO Session information can not be stored  -> SSO is not enabled!"); +//							 +//							authmanager.performOnlyIDPLogOut(req, resp, moasessionID); +//							isSSOSession = false; +//						} +//					 +//					} else { +//						authmanager.performOnlyIDPLogOut(req, resp, moasessionID); +//					} +//				 +//					//Advanced statistic logging +//					StatisticLogger logger = StatisticLogger.getInstance(); +//					logger.logSuccessOperation(protocolRequest, authData, isSSOSession); +//					 +//				} +// +//// *** end finalizing authentication *** +// +//			} catch (Throwable e) { +//				Logger.warn("An authentication error occured: ", e);; +//				// Try handle module specific, if not possible rethrow +//				if (!info.generateErrorMessage(e, req, resp, protocolRequest)) +//					handleErrorNoRedirect(e.getMessage(), e, req, +//							resp); +//				 +//			}  //			 +//			//log transaction_destroy to reversionslog +//	    	MOAReversionLogger.getInstance().logEvent(MOAIDEventConstants.TRANSACTION_DESTROYED, protocolRequestID); +//			 +//		} catch (WrongParametersException ex) { +//			handleWrongParameters(ex, req, resp); +//			 +//		} catch (MOAIDException ex) { +//			handleError(null, ex, req, resp, protocolRequestID); +//			 +//		} catch (Throwable e) { +//			handleErrorNoRedirect(e.getMessage(), e, req, +//					resp);			  //		}  //		 +//	    finally { +//	    	 +//	    	 +//	    	TransactionIDUtils.removeTransactionId(); +//	    	TransactionIDUtils.removeSessionId(); +//	    } +// +//        Logger.debug("Clossing Dispatcher processing loop"); +//	} +//	 +//	@Override +//	protected void doGet(HttpServletRequest req, HttpServletResponse resp) +//			throws ServletException, IOException { +//		processRequest(req, resp); +//	} +// +//	@Override +//	protected void doPost(HttpServletRequest req, HttpServletResponse resp) +//			throws ServletException, IOException { +//		processRequest(req, resp);  //	} - -	protected void processRequest(HttpServletRequest req, -			HttpServletResponse resp) throws ServletException, IOException { -		boolean isValidSSOSession = false; -		boolean useSSOOA = false; -		String protocolRequestID = null; -		 -		try { -			Logger.debug("REQUEST: " + req.getRequestURI()); -			Logger.debug("QUERY  : " + req.getQueryString()); -			 - -// *** start of error handling *** -			 -			String errorid = req.getParameter(ERROR_CODE_PARAM); -			if (errorid != null) { - -				Throwable throwable = DBExceptionStoreImpl.getStore() -						.fetchException(errorid); -				DBExceptionStoreImpl.getStore().removeException(errorid); -				 -				Object idObject = req.getParameter(PARAM_TARGET_PENDINGREQUESTID); - -				//Map<String, IRequest> errorRequests = RequestStorage.getPendingRequest(req.getSession()); -				 -				String pendingRequestID = null; -				if (idObject != null && (idObject instanceof String)) { -					pendingRequestID = (String) idObject;  -				} -				 -				if (throwable != null) { -													 -						IRequest errorRequest = null; -						if (pendingRequestID != null) { -							errorRequest = RequestStorage.getPendingRequest(pendingRequestID); -						 -						} -						 -						if (errorRequest != null) { -							RequestStorage.removePendingRequest(pendingRequestID); -							MOAReversionLogger.getInstance().logEvent(errorRequest, MOAIDEventConstants.TRANSACTION_ERROR); -							 -							try { -								IModulInfo handlingModule = ModulStorage -										.getModuleByPath(errorRequest -												.requestedModule()); -								if (handlingModule != null) { -																	 -									if (handlingModule.generateErrorMessage( -											throwable, req, resp, errorRequest)) { -								 -										//log Error Message -										StatisticLogger logger = StatisticLogger.getInstance(); -										logger.logErrorOperation(throwable, errorRequest); -										 -										//remove MOASession -										AuthenticationSession moaSession = AuthenticationSessionStoreage.getSessionWithPendingRequestID(pendingRequestID); -										if (moaSession != null) -											AuthenticationManager.getInstance().performOnlyIDPLogOut(req, resp, moaSession.getSessionID()); -										 -										return; -										 -									} else { -										handleErrorNoRedirect(throwable.getMessage(), throwable, -												req, resp); -										 -									} -								} -								 -							} catch (Throwable e) { -								Logger.error(e); -								handleErrorNoRedirect(throwable.getMessage(), -										throwable, req, resp); -							} -							 -						} else { -							handleErrorNoRedirect(throwable.getMessage(), throwable, -									req, resp); -						} -						 -					} else -						handleErrorNoRedirect(MOAIDMessageProvider.getInstance().getMessage("auth.26", null),  -								null, req, resp); -					 -				return; -			} - -// *** end of error handling *** - -			 -// *** start of protocol specific stuff *** - -			Object moduleObject = req.getParameter(PARAM_TARGET_MODULE); -			String module = null; -			if (moduleObject != null && (moduleObject instanceof String)) { -				module = (String) moduleObject; -			} - -			if (module == null) { -				module = (String) req.getAttribute(PARAM_TARGET_MODULE); -			} - -			Object actionObject = req.getParameter(PARAM_TARGET_ACTION); -			String action = null; -			if (actionObject != null && (actionObject instanceof String)) { -				action = (String) actionObject; -			} - -			if (action == null) { -				action = req.getParameter(PARAM_TARGET_ACTION); -			} -			 -			Logger.debug("dispatching to " + module + " protocol " + action); - -			IModulInfo info = ModulStorage.getModuleByPath(module); - -			IAction moduleAction = null; - -			if (info == null) { - -				Iterator<IModulInfo> modules = ModulStorage.getAllModules() -						.iterator(); -				while (modules.hasNext()) { -					info = modules.next(); -					moduleAction = info.canHandleRequest(req, resp); -					if (moduleAction != null) { -						action = moduleAction.getDefaultActionName(); -						module = info.getPath(); -						break; -					} -					info = null; -				} - -				if (moduleAction == null) { -					resp.sendError(HttpServletResponse.SC_NOT_FOUND); -					Logger.error("Protocol " + module -							+ " has no module registered"); -					return; -				} -			} - -			if (moduleAction == null) { -				moduleAction = info.getAction(action); - -				if (moduleAction == null) { -					resp.sendError(HttpServletResponse.SC_NOT_FOUND); -					Logger.error("Action " + action + " is not available!"); -					return; -				} -			} - -			//get SSO Cookie for Request -			SSOManager ssomanager = SSOManager.getInstance(); -			String ssoId = ssomanager.getSSOSessionID(req); -			 -			IRequest protocolRequest = null; -			String uniqueSessionIdentifier = null; -			 -			try { -				Object idObject = req.getParameter(PARAM_TARGET_PENDINGREQUESTID); -	 -				if (idObject != null && (idObject instanceof String)) { -								 -					protocolRequestID = (String) idObject; -					protocolRequest = RequestStorage.getPendingRequest(protocolRequestID); -					 -					//get IRequest if it exits -					if (protocolRequest != null) { -						Logger.debug(DispatcherServlet.class.getName()+": Found PendingRequest with ID " + protocolRequestID); -						 -					} else { -						Logger.error("No PendingRequest with ID " + protocolRequestID + " found.!");		 -						handleErrorNoRedirect("Während des Anmeldevorgangs ist ein Fehler aufgetreten. Bitte versuchen Sie es noch einmal.", -								null, req, resp);							 -						return; -					} -				} else { -					try { -						 -						//load unique session identifier with SSO-sessionID -						uniqueSessionIdentifier = ssomanager.getUniqueSessionIdentifier(ssoId);											 -						if (MiscUtil.isEmpty(uniqueSessionIdentifier)) -							uniqueSessionIdentifier = Random.nextRandom(); -						TransactionIDUtils.setSessionId(uniqueSessionIdentifier); -												 -						//set transactionID to Logger -						protocolRequestID = Random.nextRandom(); -						TransactionIDUtils.setTransactionId(protocolRequestID); - -						//log information for security and process reversion -						MOAReversionLogger.getInstance().logEvent(MOAIDEventConstants.SESSION_CREATED, uniqueSessionIdentifier); -						MOAReversionLogger.getInstance().logEvent(MOAIDEventConstants.TRANSACTION_CREATED, protocolRequestID);						 -						MOAReversionLogger.getInstance().logEvent(uniqueSessionIdentifier, protocolRequestID, MOAIDEventConstants.TRANSACTION_IP, req.getRemoteAddr());						 -						 -						protocolRequest = info.preProcess(req, resp, action, uniqueSessionIdentifier, protocolRequestID); -												 -						//request is a valid interfederation response  -						if (protocolRequest != null &&  -								protocolRequest.getInterfederationResponse() != null ) {							 -							Logger.debug("Create new interfederated MOA-Session and add to HTTPRequest"); - -							//reload SP protocol implementation  -							info = ModulStorage.getModuleByPath(protocolRequest.requestedModule()); -							moduleAction = info.getAction(protocolRequest.requestedAction()); - -							//create interfederated MOASession -							String sessionID =  -									AuthenticationSessionStoreage.createInterfederatedSession(protocolRequest, true, ssoId); -							req.getParameterMap().put(MOAIDAuthConstants.PARAM_SESSIONID, new String[]{ sessionID }); -														 -							Logger.info("PreProcessing of SSO interfederation response complete. "); - -						//request is a not valid interfederation response    -						} else if (protocolRequest != null && -								MiscUtil.isNotEmpty(protocolRequest.getRequestID())) { -							 -							OAAuthParameter oaParams = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(protocolRequest.getOAURL()); -							if (!oaParams.isPerformLocalAuthenticationOnInterfederationError()) { -								// -> send end error to service provider -								Logger.info("Federated authentication for entity " + protocolRequest.getOAURL()  -										+ " FAILED. Sending error message to service provider.");								 -								MOAIDException e = new MOAIDException("auth.27", new Object[]{});								 -								IModulInfo requestedModul = ModulStorage.getModuleByPath(protocolRequest.requestedModule());								 -								if (!requestedModul.generateErrorMessage(e, req, resp, protocolRequest)) -									handleErrorNoRedirect(e.getMessage(), e, req, -											resp); -								 -								return; -																 -							} else -								//-> Restart local authentication -								Logger.info("Restart authentication with stored " + protocolRequest.requestedModule()  -										+ " AuthnRequest for OnlineApplication " + protocolRequest.getOAURL()); -							 -						//request is a new authentication request	 -						} else if (protocolRequest != null && -								MiscUtil.isEmpty(protocolRequest.getRequestID())) {															 -							//Start new Authentication -							protocolRequest.setModule(module); -							 -							//if preProcessing has not set a specific action from decoded request  -							//   then set the default action -							if (MiscUtil.isEmpty(protocolRequest.requestedAction())) -									protocolRequest.setAction(action); -							else -								moduleAction = info.getAction(protocolRequest.requestedAction()); -							 -							protocolRequest.setRequestID(protocolRequestID); -							protocolRequest.setSessionIdentifier(uniqueSessionIdentifier); -							RequestStorage.setPendingRequest(protocolRequest);							 -							Logger.debug(DispatcherServlet.class.getName()+": Create PendingRequest with ID " + protocolRequestID + "."); - -																										 -						} else { -							Logger.error("Failed to generate a valid protocol request!"); -							resp.setContentType("text/html;charset=UTF-8"); -							resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "NO valid protocol request received!"); -							return; -							 -						} -																	 -					} catch (ProtocolNotActiveException e) { -						resp.getWriter().write(e.getMessage()); -						resp.setContentType("text/html;charset=UTF-8"); -						resp.sendError(HttpServletResponse.SC_FORBIDDEN, e.getMessage()); -						return; -						 -					} catch (AuthnRequestValidatorException e) { -						//log Error Message -						StatisticLogger logger = StatisticLogger.getInstance(); -						logger.logErrorOperation(e, e.getErrorRequest()); -						 -						//TODO: maybe add some error message handling??? -						 -						return; -						 -					}catch (InvalidProtocolRequestException e) { -						ErrorResponseUtils utils = ErrorResponseUtils.getInstance(); -						String code = utils.mapInternalErrorToExternalError(e.getMessageId()); -						String descr = e.getMessage(); -						Logger.error("Protocol validation FAILED!"); -						resp.setContentType("text/html;charset=UTF-8"); -						resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "Protocol validation FAILED!" + -								"(Errorcode=" + code + -								" | Description=" + descr + ")"); -						return; -					} catch (ConfigurationException e) {	 -						resp.setContentType("text/html;charset=UTF-8"); -						resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "NO valid protocol request received!" + -								"(Errorcode=9199" -								+" | Description="+ e.getMessage() + ")"); -						return; -						 -					} catch (MOAIDException e) {						 -						Logger.error("Failed to generate a valid protocol request!"); -						resp.setContentType("text/html;charset=UTF-8"); -						resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "NO valid protocol request received!" + -								"(Errorcode=6000" -								+" | Description=Das Authentifizierungsprotokoll wurde nicht erkannt oder wird nicht unterst\u00FCzt" + ")"); -						return; -						 -					} -				} -						 -// *** end of protocol specific stuff *** -				 -				if (protocolRequest != null) -					MOAReversionLogger.getInstance().logEvent(protocolRequest.getOnlineApplicationConfiguration(),  -							protocolRequest, MOAIDEventConstants.AUTHPROTOCOL_TYPE, protocolRequest.requestedModule()); -				 -// *** start handling authentication *** -				 -				AuthenticationManager authmanager = AuthenticationManager.getInstance();									 -				 -				String moasessionID = null; -				String newSSOSessionId = null; -				AuthenticationSession moasession = null;	 -				IAuthData authData = null; -									 -				boolean needAuthentication = moduleAction.needAuthentication(protocolRequest, req, resp);				 -				 -				if (needAuthentication) { -										 -					//check if interfederation IDP is requested -					ssomanager.checkInterfederationIsRequested(req, resp, protocolRequest); -					 -					//check SSO session -					if (ssoId != null) { -						String correspondingMOASession = ssomanager.existsOldSSOSession(ssoId); -						 -						if (correspondingMOASession != null) { -							Logger.warn("Request sends an old SSO Session ID("+ssoId+")! " + -									"Invalidate the corresponding MOASession with ID="+ correspondingMOASession); -							 -							MOAReversionLogger.getInstance().logEvent(protocolRequest.getOnlineApplicationConfiguration(),  -									protocolRequest, MOAIDEventConstants.AUTHPROCESS_SSO_INVALID); -							 -							AuthenticationSessionStoreage.destroySession(correspondingMOASession); -							ssomanager.deleteSSOSessionID(req, resp); -						} -					} -				 -					//load Parameters from OnlineApplicationConfiguration -					OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance() -							.getOnlineApplicationParameter(protocolRequest.getOAURL()); -					 -					if (oaParam == null) { -						throw new AuthenticationException("auth.00", new Object[] { protocolRequest.getOAURL() }); -					} - -					 -					isValidSSOSession = ssomanager.isValidSSOSession(ssoId, protocolRequest); -					useSSOOA = oaParam.useSSO() || oaParam.isInderfederationIDP(); -					 -					 -					//if a legacy request is used SSO should not be allowed, actually -					boolean isUseMandateRequested = LegacyHelper.isUseMandateRequested(req); -					 -					if (protocolRequest.isPassiv() -							&& protocolRequest.forceAuth()) { -						// conflict! -						throw new NoPassivAuthenticationException(); -					} -					 -					boolean tryperform = authmanager.tryPerformAuthentication( -							req, resp); -					 -					if (tryperform) -						MOAReversionLogger.getInstance().logEvent(protocolRequest.getOnlineApplicationConfiguration(),  -								protocolRequest, MOAIDEventConstants.AUTHPROCESS_FINISHED); -					else -						MOAReversionLogger.getInstance().logEvent(protocolRequest.getOnlineApplicationConfiguration(),  -								protocolRequest, MOAIDEventConstants.AUTHPROCESS_SERVICEPROVIDER, protocolRequest.getOAURL()); -										 -					if (protocolRequest.forceAuth()) {	 -						if (!tryperform) { -							authmanager.doAuthentication(req, resp, -									protocolRequest); -							return; -						} -					} else if (protocolRequest.isPassiv()) { -						if (tryperform || (isValidSSOSession && useSSOOA && !isUseMandateRequested) ) { -							// Passive authentication ok! -						} else { -							throw new NoPassivAuthenticationException(); -						} -					} else { -						if (tryperform || (isValidSSOSession && useSSOOA  && !isUseMandateRequested) ) { -							// Is authenticated .. proceed -						} else { -							// Start authentication! -							authmanager.doAuthentication(req, resp, -									protocolRequest); -							return; -						} -					} -					 -					if ((useSSOOA || isValidSSOSession)) //TODO: SSO with mandates requires an OVS extension   -					{ -					 -						if (useSSOOA && isValidSSOSession) { -						 -							MOAReversionLogger.getInstance().logEvent(protocolRequest.getOnlineApplicationConfiguration(),  -									protocolRequest, MOAIDEventConstants.AUTHPROCESS_SSO); -							 -							moasessionID = ssomanager.getMOASession(ssoId); -							moasession = AuthenticationSessionStoreage.getSession(moasessionID); -							 -							//use new OAParameter						 -							if (oaParam.useSSOQuestion() && !AuthenticationSessionStoreage.isAuthenticated(moasessionID)) {							 -							  authmanager.sendTransmitAssertionQuestion(req, resp, protocolRequest, oaParam); -							  return;  -							} -							 -						} else {							 -							moasessionID = (String) req.getParameter(MOAIDAuthConstants.PARAM_SESSIONID);														 -							moasession = AuthenticationSessionStoreage.getSession(moasessionID); -							 -						}						 -						//save SSO session usage in Database -						if (useSSOOA) { -							newSSOSessionId = ssomanager.createSSOSessionInformations(moasessionID, protocolRequest.getOAURL()); -					 -							if (MiscUtil.isNotEmpty(newSSOSessionId)) { -								ssomanager.setSSOSessionID(req, resp, newSSOSessionId); -						 -							} else { -								ssomanager.deleteSSOSessionID(req, resp); -							 -							} -						} -						 -					} else {						 -						moasessionID = (String) req.getParameter(MOAIDAuthConstants.PARAM_SESSIONID);						 -						moasession = AuthenticationSessionStoreage.getSession(moasessionID); -						moasessionID = AuthenticationSessionStoreage.changeSessionID(moasession); -						 -					} - -					//build authenticationdata from session information and OA configuration -					authData = AuthenticationDataBuilder.buildAuthenticationData(protocolRequest, moasession);					 -				} - -// *** end handling authentication *** - -// *** start finalizing authentication (SSO, final redirects, statistic logging etc) *** -				 -				SLOInformationInterface assertionID = moduleAction.processRequest(protocolRequest, req, resp, authData); - -				RequestStorage.removePendingRequest(protocolRequestID); -				 -				if (needAuthentication) { -					boolean isSSOSession = MiscUtil.isNotEmpty(newSSOSessionId) && useSSOOA; -					 -					if ((useSSOOA || isSSOSession) //TODO: SSO with mandates requires an OVS extension  -						&& !moasession.getUseMandate()) {  -					 -						try { -							//Store OA specific SSO session information  -							AuthenticationSessionStoreage.addSSOInformation(moasessionID,  -									newSSOSessionId, assertionID, protocolRequest); -														 -						} catch (AuthenticationException e) { -							Logger.warn("SSO Session information can not be stored  -> SSO is not enabled!"); -							 -							authmanager.performOnlyIDPLogOut(req, resp, moasessionID); -							isSSOSession = false; -						} -					 -					} else { -						authmanager.performOnlyIDPLogOut(req, resp, moasessionID); -					} -				 -					//Advanced statistic logging -					StatisticLogger logger = StatisticLogger.getInstance(); -					logger.logSuccessOperation(protocolRequest, authData, isSSOSession); -					 -				} - -// *** end finalizing authentication *** - -			} catch (Throwable e) { -				Logger.warn("An authentication error occured: ", e);; -				// Try handle module specific, if not possible rethrow -				if (!info.generateErrorMessage(e, req, resp, protocolRequest)) -					handleErrorNoRedirect(e.getMessage(), e, req, -							resp); -				 -			} -			 -			//log transaction_destroy to reversionslog -	    	MOAReversionLogger.getInstance().logEvent(MOAIDEventConstants.TRANSACTION_DESTROYED, protocolRequestID); -			 -		} catch (WrongParametersException ex) { -			handleWrongParameters(ex, req, resp); -			 -		} catch (MOAIDException ex) { -			handleError(null, ex, req, resp, protocolRequestID); -			 -		} catch (Throwable e) { -			handleErrorNoRedirect(e.getMessage(), e, req, -					resp);			 -		} -		 -	    finally { -	    	 -	    	 -	    	TransactionIDUtils.removeTransactionId(); -	    	TransactionIDUtils.removeSessionId(); -	    } - -        Logger.debug("Clossing Dispatcher processing loop"); -	} -	 -	@Override -	protected void doGet(HttpServletRequest req, HttpServletResponse resp) -			throws ServletException, IOException { -		processRequest(req, resp); -	} - -	@Override -	protected void doPost(HttpServletRequest req, HttpServletResponse resp) -			throws ServletException, IOException { -		processRequest(req, resp); -	} -} +//} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index c38bbc68f..b6df5e5c6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -24,8 +24,6 @@ package at.gv.egovernment.moa.id.moduls;  import java.io.IOException;  import java.io.PrintWriter; -import java.lang.reflect.InvocationTargetException; -import java.security.NoSuchAlgorithmException;  import java.util.ArrayList;  import java.util.Collection;  import java.util.Enumeration; @@ -38,39 +36,21 @@ import javax.servlet.http.HttpServletRequest;  import javax.servlet.http.HttpServletResponse;  import org.apache.velocity.VelocityContext; -import org.joda.time.DateTime; -import org.opensaml.common.impl.SecureRandomIdentifierGenerator; -import org.opensaml.common.xml.SAMLConstants; -import org.opensaml.saml2.core.AuthnContextClassRef; -import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration; -import org.opensaml.saml2.core.AuthnRequest; -import org.opensaml.saml2.core.Issuer;  import org.opensaml.saml2.core.LogoutRequest;  import org.opensaml.saml2.core.LogoutResponse; -import org.opensaml.saml2.core.NameID; -import org.opensaml.saml2.core.NameIDPolicy; -import org.opensaml.saml2.core.NameIDType; -import org.opensaml.saml2.core.RequestedAuthnContext;  import org.opensaml.saml2.core.StatusCode; -import org.opensaml.saml2.metadata.EntityDescriptor;  import org.opensaml.saml2.metadata.SingleLogoutService; -import org.opensaml.saml2.metadata.SingleSignOnService; -import org.opensaml.saml2.metadata.provider.MetadataProviderException; -import org.opensaml.ws.message.encoder.MessageEncodingException;  import org.opensaml.ws.soap.common.SOAPException;  import org.opensaml.xml.XMLObject;  import org.opensaml.xml.security.SecurityException;  import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service;  import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;  import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;  import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder; -import at.gv.egovernment.moa.id.auth.builder.SendAssertionFormBuilder;  import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;  import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions; -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.BuildException;  import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;  import at.gv.egovernment.moa.id.auth.exception.MOAIDException;  import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; @@ -78,93 +58,93 @@ import at.gv.egovernment.moa.id.auth.modules.registration.ModuleRegistration;  import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;  import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;  import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;  import at.gv.egovernment.moa.id.data.SLOInformationContainer;  import at.gv.egovernment.moa.id.data.SLOInformationImpl;  import at.gv.egovernment.moa.id.process.ExecutionContextImpl;  import at.gv.egovernment.moa.id.process.ProcessEngine;  import at.gv.egovernment.moa.id.process.ProcessExecutionException;  import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;  import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;  import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;  import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; -import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;  import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;  import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine;  import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; -import at.gv.egovernment.moa.id.storage.AssertionStorage; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.storage.ITransactionStorage;  import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; -import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper;  import at.gv.egovernment.moa.id.util.ParamValidatorUtils;  import at.gv.egovernment.moa.id.util.Random; +import at.gv.egovernment.moa.id.util.legacy.LegacyHelper;  import at.gv.egovernment.moa.logging.Logger;  import at.gv.egovernment.moa.util.MiscUtil; +@Service("MOAID_AuthenticationManager")  public class AuthenticationManager extends MOAIDAuthConstants { -	private static final AuthenticationManager INSTANCE = new AuthenticationManager();  	public static final String MOA_SESSION = "MoaAuthenticationSession";  	public static final String MOA_AUTHENTICATED = "MoaAuthenticated";  	public static final int SLOTIMEOUT = 30 * 1000; //30 sec -	@Autowired -	private ProcessEngine processEngine; +	@Autowired private ProcessEngine processEngine;	 +	@Autowired private SSOManager ssoManager; +	@Autowired private IRequestStorage requestStoreage; +	@Autowired private ITransactionStorage transactionStorage; +	@Autowired private IAuthenticationSessionStoreage authenticatedSessionStore; +	@Autowired private MOAReversionLogger revisionsLogger; +	@Autowired protected AuthConfiguration authConfig; -	private AuthenticationManager() { -	} -	 -	public static AuthenticationManager getInstance() { -		return INSTANCE; +	public AuthenticationManager() { +		  	} -	 +		  	/** -	 * Checks if this request can authenticate a MOA Session +	 * Checks if a authenticated MOASession already exists and if {protocolRequest} is authenticated +	 *  +	 * @param protocolRequest Authentication request which is actually in process +	 * @param moaSession MOASession with authentication information or null if no MOASession exists  	 *  -	 * @param request -	 * @param response -	 * @return +	 * @return true if session is already authenticated, otherwise false +	 * @throws MOAIDException   	 */ -	public boolean tryPerformAuthentication(HttpServletRequest request, -			HttpServletResponse response) { -				 -		String sessionID = (String) request.getParameter(PARAM_SESSIONID); -		if (sessionID != null) { -			Logger.debug("Find MOASession: " + sessionID); -			AuthenticationSession authSession; -			try { -				authSession = AuthenticationSessionStoreage.getSession(sessionID); -							 -				if (authSession != null) { -					Logger.info("MOASession found! A: " -							+ authSession.isAuthenticated() + ", AU " -							+ authSession.isAuthenticatedUsed()); -					if (authSession.isAuthenticated() -							&& !authSession.isAuthenticatedUsed()) { -						authSession.setAuthenticatedUsed(true); -					 -						AuthenticationSessionStoreage.storeSession(authSession); -												 -						return true; // got authenticated -					} -				} +	private boolean tryPerformAuthentication(RequestImpl protocolRequest, AuthenticationSession moaSession) { + +		//if no MOASession exist -> authentication is required +		if (moaSession == null) { +			return false; -			} catch (MOADatabaseException e) { -				return false; -			} catch (BuildException e) { +		} else { +			//if MOASession is Found but not authenticated --> authentication is required +			if (!moaSession.isAuthenticated()) {  				return false;  			} +			 +			//if MOASession is already authenticated and protocol-request is authenticated  +			//  --> no authentication is required any more +			else if (moaSession.isAuthenticated() && protocolRequest.isAuthenticated()) { +				return true; + +			// if MOASession is authenticated and SSO is allowed --> authenticate pendingRequest +			} else if (!protocolRequest.isAuthenticated()  +					&& moaSession.isAuthenticated() && protocolRequest.needSingleSignOnFunctionality()) { +				Logger.debug("Found active MOASession and SSO is allowed --> pendingRequest is authenticted"); +				protocolRequest.setAuthenticated(true); +				protocolRequest.setMOASessionIdentifier(moaSession.getSessionID()); +				return true; +				 +			} +			 +			// force authentication as backup solution +			else { +				Logger.warn("Authentication-required check find an unsuspected state --> force authentication"); +				return false; +				 +			}					  		} -		return false;  	}  	public void performSingleLogOut(HttpServletRequest httpReq, @@ -193,11 +173,9 @@ public class AuthenticationManager extends MOAIDAuthConstants {  		} -		SSOManager ssomanager = SSOManager.getInstance(); -		  		//store active OAs to SLOContaine -		List<OASessionStore> dbOAs = AuthenticationSessionStoreage.getAllActiveOAFromMOASession(session); -		List<InterfederationSessionStore> dbIDPs = AuthenticationSessionStoreage.getAllActiveIDPsFromMOASession(session); +		List<OASessionStore> dbOAs = authenticatedSessionStore.getAllActiveOAFromMOASession(session); +		List<InterfederationSessionStore> dbIDPs = authenticatedSessionStore.getAllActiveIDPsFromMOASession(session);  		SLOInformationContainer sloContainer = new SLOInformationContainer();  		sloContainer.setSloRequest(pvpReq);  		sloContainer.parseActiveIDPs(dbIDPs, pvpSLOIssuer); @@ -205,8 +183,8 @@ public class AuthenticationManager extends MOAIDAuthConstants {  		//terminate MOASession  		try { -			AuthenticationSessionStoreage.destroySession(session.getSessionID()); -			ssomanager.deleteSSOSessionID(httpReq, httpResp); +			authenticatedSessionStore.destroySession(session.getSessionID()); +			ssoManager.deleteSSOSessionID(httpReq, httpResp);  		} catch (MOADatabaseException e) {  			Logger.warn("Delete MOASession FAILED."); @@ -276,7 +254,8 @@ public class AuthenticationManager extends MOAIDAuthConstants {  					}														  				} -				AssertionStorage.getInstance().put(relayState, sloContainer); +				//put SLO process-information into transaction storage +				transactionStorage.put(relayState, sloContainer);  				if (MiscUtil.isEmpty(authURL))  					authURL = pvpReq.getAuthURL(); @@ -289,7 +268,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {  		        context.put("redirectURLs", sloReqList);  		        context.put("timeoutURL", timeOutURL);  		        context.put("timeout", SLOTIMEOUT); -		        ssomanager.printSingleLogOutInfo(context, httpResp); +		        ssoManager.printSingleLogOutInfo(context, httpResp);  			} else { @@ -309,7 +288,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {  			        else  			        	context.put("errorMsg",   			        			MOAIDMessageProvider.getInstance().getMessage("slo.01", null)); -			        ssomanager.printSingleLogOutInfo(context, httpResp); +			        ssoManager.printSingleLogOutInfo(context, httpResp);  				} @@ -327,7 +306,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {  		        VelocityContext context = new VelocityContext();  	        	context.put("errorMsg",   	        			MOAIDMessageProvider.getInstance().getMessage("slo.01", null)); -		        ssomanager.printSingleLogOutInfo(context, httpResp); +		        ssoManager.printSingleLogOutInfo(context, httpResp);  			} @@ -352,8 +331,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {  		AuthenticationSession authSession;  		try { -			authSession = AuthenticationSessionStoreage -					.getSession(moaSessionID); +			authSession = authenticatedSessionStore.getSession(moaSessionID);  			if(authSession == null) {  				Logger.info("NO MOA Authentication data for ID " + moaSessionID); @@ -364,10 +342,10 @@ public class AuthenticationManager extends MOAIDAuthConstants {  			//HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session  			//log Session_Destroy to reversionslog -			AuthenticationSessionExtensions sessionExtensions = AuthenticationSessionStoreage.getAuthenticationSessionExtensions(moaSessionID); -			MOAReversionLogger.getInstance().logEvent(MOAIDEventConstants.SESSION_DESTROYED, sessionExtensions.getUniqueSessionId()); +			AuthenticationSessionExtensions sessionExtensions = authenticatedSessionStore.getAuthenticationSessionExtensions(moaSessionID); +			revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, sessionExtensions.getUniqueSessionId()); -			AuthenticationSessionStoreage.destroySession(moaSessionID); +			authenticatedSessionStore.destroySession(moaSessionID);  			//session.invalidate(); @@ -378,366 +356,209 @@ public class AuthenticationManager extends MOAIDAuthConstants {  	} -	public void doAuthentication(HttpServletRequest request, -			HttpServletResponse response, IRequest target) -			throws ServletException, IOException, MOAIDException { -		 -		Logger.info("Starting authentication ...");		 -		MOAReversionLogger.getInstance().logEvent(target.getOnlineApplicationConfiguration(),  -				target, MOAIDEventConstants.AUTHPROCESS_START); -		 -		if (MiscUtil.isEmpty(target.getRequestedIDP())) { -			perfomLocalAuthentication(request, response, target); -			 -		} else { -			Logger.info("Use IDP " + target.getRequestedIDP() + " for authentication ..."); -			MOAReversionLogger.getInstance().logEvent(target.getOnlineApplicationConfiguration(),  -					target, MOAIDEventConstants.AUTHPROCESS_INTERFEDERATION); -			buildPVP21AuthenticationRequest(request, response, target); -						 -		}		 -	} -			 -	public void sendTransmitAssertionQuestion(HttpServletRequest request, -			HttpServletResponse response, IRequest target, OAAuthParameter oaParam) -			throws ServletException, IOException, MOAIDException {  -		 -			String form = SendAssertionFormBuilder.buildForm(target.requestedModule(),  -					target.requestedAction(), target.getRequestID(), oaParam,  -					target.getAuthURL()); -			MOAReversionLogger.getInstance().logEvent(target.getOnlineApplicationConfiguration(),  -					target, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_START); -			 -			response.setContentType("text/html;charset=UTF-8"); -			PrintWriter out = new PrintWriter(response.getOutputStream());  -			out.print(form); -			out.flush();  -	} +	/** +	 * Authenticates the authentication request {pendingReq}, which is actually processed +	 *  +	 * @param httpReq HttpServletRequest	 +	 * @param httpResp HttpServletResponse +	 * @param protocolRequest Authentication request which is actually in process +	 *  +	 * @return Return already authenticated MOASession if exists, otherwise return null  +	 * @throws MOADatabaseException  +	 * @throws MOAIDException  +	 * @throws IOException  +	 * @throws ServletException  +	 *  +	 */ +	public AuthenticationSession doAuthentication(HttpServletRequest httpReq, +			HttpServletResponse httpResp, RequestImpl pendingReq) throws MOADatabaseException, ServletException, IOException, MOAIDException { -	private void buildPVP21AuthenticationRequest(HttpServletRequest request, -			HttpServletResponse response, IRequest target) -			throws ServletException, IOException, MOAIDException { -		 -		boolean requiredLocalAuthentication = true; +		//generic authentication request validation  +		if (pendingReq.isPassiv() +				&& pendingReq.forceAuth()) { +			// conflict! +			throw new NoPassivAuthenticationException(); +		} +				 +		//get SSO cookie from http request +		String ssoId = ssoManager.getSSOSessionID(httpReq); -		Logger.debug("Build PVP 2.1 authentication request"); - 		 -		//get IDP metadata +		//check if interfederation IDP is requested +		ssoManager.checkInterfederationIsRequested(httpReq, httpResp, pendingReq); -		OAAuthParameter idp = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(target.getRequestedIDP()); -		OAAuthParameter sp = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(target.getOAURL()); -			 -		if (!idp.isInderfederationIDP() || !idp.isInboundSSOInterfederationAllowed()) { -			Logger.info("Requested interfederation IDP " + target.getRequestedIDP() + " is not valid for interfederation."); -			Logger.debug("isInderfederationIDP:" + String.valueOf(idp.isInderfederationIDP()) -					+ " isInboundSSOAllowed:" + String.valueOf(idp.isInboundSSOInterfederationAllowed())); -			Logger.info("Switch to local authentication on this IDP ... "); -			 -			perfomLocalAuthentication(request, response, target); -			return; -				 -		} +		//check SSO session +		if (ssoId != null) { +			String correspondingMOASession = ssoManager.existsOldSSOSession(ssoId); -		try {	 -			EntityDescriptor idpEntity = MOAMetadataProvider.getInstance(). -					getEntityDescriptor(target.getRequestedIDP()); -			 -			if (idpEntity != null ) { +			if (correspondingMOASession != null) { +				Logger.warn("Request sends an old SSO Session ID("+ssoId+")! " + +						"Invalidate the corresponding MOASession with ID="+ correspondingMOASession); -				//fetch endpoint from IDP metadata -				SingleSignOnService redirectEndpoint = null;   -				for (SingleSignOnService sss :  -						idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleSignOnServices()) { -					 -					// use POST binding as default if it exists  -					//TODO: maybe use RedirectBinding as default  -					if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) {  -						redirectEndpoint = sss; -						 -					} else if ( sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI) && -							redirectEndpoint == null ) -						redirectEndpoint = sss; -				} -								 -				if (redirectEndpoint != null) { -					 -					AuthnRequest authReq = SAML2Utils -							.createSAMLObject(AuthnRequest.class); -					SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator(); -					authReq.setID(gen.generateIdentifier()); - -					//send passive AuthnRequest -					authReq.setIsPassive(idp.isPassivRequestUsedForInterfederation()); - -					authReq.setAssertionConsumerServiceIndex(0); -					authReq.setIssueInstant(new DateTime()); -					Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);					 -					String serviceURL = PVPConfiguration.getInstance().getIDPPublicPath().get(0); -					issuer.setValue(serviceURL); - -					issuer.setFormat(NameIDType.ENTITY); -					authReq.setIssuer(issuer); -					NameIDPolicy policy = SAML2Utils -							.createSAMLObject(NameIDPolicy.class); -					policy.setAllowCreate(true); -					policy.setFormat(NameID.TRANSIENT); -					authReq.setNameIDPolicy(policy); -					 -					authReq.setDestination(redirectEndpoint.getLocation()); -					 -					RequestedAuthnContext reqAuthContext =  -							SAML2Utils.createSAMLObject(RequestedAuthnContext.class); -					 -					AuthnContextClassRef authnClassRef =  -							SAML2Utils.createSAMLObject(AuthnContextClassRef.class); -					 -					//check if STORK protocol module is in ClassPath -					Class<?> storkRequstTemplate = null; -					Integer storkSecClass = null; -					try { -						storkRequstTemplate = Class.forName("at.gv.egovernment.moa.id.protocols.stork2.MOASTORKRequest"); -						if (storkRequstTemplate != null &&  -								storkRequstTemplate.isInstance(target)) { -							Object storkAuthnRequest = target.getClass().getMethod("getStorkAuthnRequest", null).invoke(target, null); -							storkSecClass = (Integer) storkAuthnRequest.getClass().getMethod("getQaa", null).invoke(storkAuthnRequest, null); -							 -						} -												 -					} catch (ClassNotFoundException | IllegalAccessException | IllegalArgumentException | InvocationTargetException | NoSuchMethodException | java.lang.SecurityException ex) { -						 -						 -					} -										 -					if (sp != null && sp.isSTORKPVPGateway()) { -						//use PVP SecClass instead of STORK QAA level -						String secClass = null; -						if (storkRequstTemplate != null &&  -								storkRequstTemplate.isInstance(target)) { -							 -							try {									 -								secClass = PVPtoSTORKMapper.getInstance().mapToSecClass( -										PVPConstants.STORK_QAA_PREFIX + String.valueOf(storkSecClass)); -							 -							} catch (Exception e) { -								Logger.warn("STORK-QAA level can not read from STORK request. Use default QAA 4", e); - -							}							 -						} -						 -						if (MiscUtil.isNotEmpty(secClass)) -							authnClassRef.setAuthnContextClassRef(secClass); -						else -							authnClassRef.setAuthnContextClassRef("http://www.ref.gv.at/ns/names/agiz/pvp/secclass/0-3"); -											 -					} else { -						if (storkRequstTemplate != null &&  -								storkRequstTemplate.isInstance(target)) { -							//use requested QAA level from STORK request -							try { -								authnClassRef.setAuthnContextClassRef( -										PVPConstants.STORK_QAA_PREFIX + String.valueOf(storkSecClass)); -								Logger.debug("Use STORK-QAA level " + authnClassRef.getAuthnContextClassRef()  -										+ " from STORK request"); -								 -							} catch (Exception e) { -								Logger.warn("STORK-QAA level can not read from STORK request. Use default QAA 4", e); -								 -							} -							 -						} -						 -						if (MiscUtil.isEmpty(authnClassRef.getAuthnContextClassRef())) -							//TODO: switch to eIDAS QAA-levels -							authnClassRef.setAuthnContextClassRef("http://www.stork.gov.eu/1.0/citizenQAALevel/4"); -						 -					} -					 -					reqAuthContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM);					 -					reqAuthContext.getAuthnContextClassRefs().add(authnClassRef);					 -					authReq.setRequestedAuthnContext(reqAuthContext); -										 -					IEncoder binding = null; -					if (redirectEndpoint.getBinding().equals( -							SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { -						binding = new RedirectBinding(); -																	 -					} else if (redirectEndpoint.getBinding().equals( -							SAMLConstants.SAML2_POST_BINDING_URI)) { -						binding = new PostBinding(); -						 -					} -					 -					binding.encodeRequest(request, response, authReq,  -							redirectEndpoint.getLocation(), target.getRequestID()); -					 -					//build and send request without an error -					requiredLocalAuthentication = false; -					 -					MOAReversionLogger.getInstance().logEvent(target.getOnlineApplicationConfiguration(),  -							target, MOAIDEventConstants.AUTHPROCESS_INTERFEDERATION_IDP, idpEntity.getEntityID()); -					 -					 -				} else { -					Logger.warn("Requested IDP " + target.getRequestedIDP()  -						+ " does not support POST or Redirect Binding."); -					 -				} -												 -			} else { -				Logger.warn("Requested IDP " + target.getRequestedIDP()  -						+ " is not found in InterFederation configuration"); +				revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(),  +						pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO_INVALID); +				authenticatedSessionStore.destroySession(correspondingMOASession); +				ssoManager.deleteSSOSessionID(httpReq, httpResp);  			} +		} +				 +		// check if Service-Provider allows SSO sessions +		IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); +		boolean useSSOOA = oaParam.useSSO() || oaParam.isInderfederationIDP(); +		 +		revisionsLogger.logEvent(oaParam,  +				pendingReq, MOAIDEventConstants.AUTHPROCESS_SERVICEPROVIDER, pendingReq.getOAURL()); +		 +		//if a legacy request is used SSO should not be allowed in case of mandate authentication +		boolean isUseMandateRequested = LegacyHelper.isUseMandateRequested(httpReq); +	 +		//check if SSO Session is valid +		boolean isValidSSOSession = ssoManager.isValidSSOSession(ssoId, pendingReq); +		 +		//check if SSO is allowed for the actually executed request +		boolean isSSOAllowed = (useSSOOA  && !isUseMandateRequested); +		pendingReq.setNeedSingleSignOnFunctionality(isSSOAllowed); -		} catch (MetadataProviderException e) { -			Logger.error("IDP metadata error." , e);			 -			 -		} catch (NoSuchAlgorithmException e) { -			Logger.error("Build IDP authentication request FAILED.", e); -			 -		} catch (MessageEncodingException e) { -			Logger.error("Build IDP authentication request FAILED.", e); -			 -		} catch (SecurityException e) { -			Logger.error("Build IDP authentication request FAILED.", e); +		//get MOASession from SSO-Cookie if SSO is allowed +		AuthenticationSession moaSession = null; +		if (isValidSSOSession && isSSOAllowed) { +			String moasessionID = ssoManager.getMOASession(ssoId); +			moaSession = authenticatedSessionStore.getSession(moasessionID); +			if (moaSession == null) +				Logger.info("No MOASession FOUND with provided SSO-Cookie."); +			else { +				Logger.debug("Found authenticated MOASession with provided SSO-Cookie."); +				revisionsLogger.logEvent(oaParam, pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO); +				 +			}			  		} +						 +		//check if session is already authenticated +		boolean tryperform = tryPerformAuthentication((RequestImpl) pendingReq, moaSession); -		if (requiredLocalAuthentication) { -			Logger.info("Switch to local authentication on this IDP ... "); -			if (idp.isPerformLocalAuthenticationOnInterfederationError()) -				perfomLocalAuthentication(request, response, target); +		//perfom SSO-Consents question if it it required +		if (tryperform && isSSOAllowed && oaParam.useSSOQuestion()) {			 +			sendTransmitAssertionQuestion(httpReq, httpResp, pendingReq, oaParam); +			return null; -			else -				throw new AuthenticationException("auth.29", new String[]{target.getRequestedIDP()});  		} +		 +		//force new authentication authentication process +		if (pendingReq.forceAuth()) {	 +			startAuthenticationProcess(httpReq, httpResp, pendingReq); +			return null; +							 +		} else if (pendingReq.isPassiv()) { +			if (tryperform) { +				// Passive authentication ok! +				revisionsLogger.logEvent(oaParam,  +						pendingReq, MOAIDEventConstants.AUTHPROCESS_FINISHED); +				return moaSession; +				 +			} else {				 +				throw new NoPassivAuthenticationException(); +				 +			} +		} else { +			if (tryperform) { +				// Is authenticated .. proceed +				revisionsLogger.logEvent(oaParam,  +						pendingReq, MOAIDEventConstants.AUTHPROCESS_FINISHED); +				return moaSession; +				 +			} else { +				// Start authentication! +				startAuthenticationProcess(httpReq, httpResp, pendingReq); +				return null; +			} +		}		  	} -	private void perfomLocalAuthentication(HttpServletRequest request, -			HttpServletResponse response, IRequest target) +	private void startAuthenticationProcess(HttpServletRequest httpReq, +			HttpServletResponse httpResp, RequestImpl pendingReq)  			throws ServletException, IOException, MOAIDException { -		Logger.debug("Starting authentication on this IDP ..."); - -		response.setHeader(MOAIDAuthConstants.HEADER_EXPIRES, MOAIDAuthConstants.HEADER_VALUE_EXPIRES); -		response.setHeader(MOAIDAuthConstants.HEADER_PRAGMA, MOAIDAuthConstants.HEADER_VALUE_PRAGMA); -		response.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); -		response.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); +				 +		Logger.info("Starting authentication ...");		 +		revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(),  +				pendingReq, MOAIDEventConstants.AUTHPROCESS_START); -		List<String> legacyallowed_prot = AuthConfigurationProviderFactory.getInstance().getLegacyAllowedProtocols(); - -		//is legacy allowed -		boolean legacyallowed = legacyallowed_prot.contains(target.requestedModule()); +		//is legacy allowed		 +		List<String> legacyallowed_prot = authConfig.getLegacyAllowedProtocols(); +		boolean legacyallowed = legacyallowed_prot.contains(pendingReq.requestedModule());  		//check legacy request parameter  -		boolean legacyparamavail = ParamValidatorUtils.areAllLegacyParametersAvailable(request); +		boolean legacyparamavail = ParamValidatorUtils.areAllLegacyParametersAvailable(httpReq); +		//create MOASession object  		AuthenticationSession moasession;  		try { -			//check if an MOASession exists and if not create an new MOASession -			//moasession = getORCreateMOASession(request); -			moasession = AuthenticationSessionStoreage.createSession(target); +			moasession = authenticatedSessionStore.createSession(pendingReq);  		} catch (MOADatabaseException e1) {  			Logger.error("Database Error! MOASession can not be created!");  			throw new MOAIDException("init.04", new Object[] {}); +			  		} +		//create authentication process execution context  		try { +			// create execution context				 +			ExecutionContext executionContext = new ExecutionContextImpl(); +			executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, pendingReq.getRequestID());			 +			executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_INTERFEDERATION_ENTITYID,  +					MiscUtil.isNotEmpty( +							pendingReq.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class))); -			if (legacyallowed && legacyparamavail) { - -				// create execution context				 -				ExecutionContext executionContext = new ExecutionContextImpl(); -				executionContext.put(MOAIDAuthConstants.PARAM_SESSIONID, moasession.getSessionID()); -				executionContext.put("pendingRequestID", target.getRequestID()); -				 -				executionContext.put("isLegacyRequest", true); -				 -				Enumeration<String> reqParamNames = request.getParameterNames(); +			boolean leagacyMode = (legacyallowed && legacyparamavail);			 +			executionContext.put("isLegacyRequest", leagacyMode); +			executionContext.put("performBKUSelection", leagacyMode  +					&& MiscUtil.isEmpty(pendingReq.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class))); +							 +			//add leagcy parameters to context +			if (leagacyMode) { +				Enumeration<String> reqParamNames = httpReq.getParameterNames();  				while(reqParamNames.hasMoreElements()) {  					String paramName = reqParamNames.nextElement(); -					if (MiscUtil.isNotEmpty(paramName)) -						executionContext.put(paramName, request.getParameter(paramName)); +					if (MiscUtil.isNotEmpty(paramName) &&  +							MOAIDAuthConstants.LEGACYPARAMETERWHITELIST.contains(paramName)) +						executionContext.put(paramName, httpReq.getParameter(paramName));  				}			 -				 -				// create process instance -				String processDefinitionId = ModuleRegistration.getInstance().selectProcess(executionContext); +			}						 +			// create process instance +			String processDefinitionId = ModuleRegistration.getInstance().selectProcess(executionContext); -				if (processDefinitionId == null) { -					Logger.warn("No suitable process found for SessionID " + moasession.getSessionID() ); -					throw new MOAIDException("process.02",new Object[] { -							moasession.getSessionID()}); -				} +			if (processDefinitionId == null) { +				Logger.warn("No suitable process found for SessionID " + moasession.getSessionID() ); +				throw new MOAIDException("process.02",new Object[] { +						moasession.getSessionID()}); +			} -				String processInstanceId = processEngine.createProcessInstance(processDefinitionId, executionContext); +			String processInstanceId = processEngine.createProcessInstance(processDefinitionId, executionContext); -				// keep process instance id in moa session -				moasession.setProcessInstanceId(processInstanceId); +			// keep process instance id in protocol pending-request +			pendingReq.setProcessInstanceId(processInstanceId); -				// make sure moa session has been persisted before running the process -				try { -					AuthenticationSessionStoreage.storeSession(moasession); -				} catch (MOADatabaseException e) { -					Logger.error("Database Error! MOASession is not stored!"); -					throw new MOAIDException("init.04", new Object[] { -							moasession.getSessionID()}); -				} -				 -		    	// start process -				processEngine.start(processInstanceId); -			     -			} else { -				MOAReversionLogger.getInstance().logEvent(target.getOnlineApplicationConfiguration(),  -						target, MOAIDEventConstants.AUTHPROCESS_BKUSELECTION_INIT); -								 -				//load Parameters from OnlineApplicationConfiguration -				OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance() -						.getOnlineApplicationParameter(target.getOAURL()); -				 -				if (oaParam == null) { -					throw new AuthenticationException("auth.00", new Object[] { target.getOAURL() }); -				} -								 -				else { -					 -					//check if an MOASession exists and if not create an new MOASession -					//moasession = getORCreateMOASession(request); -	 -					//set OnlineApplication configuration in Session -					moasession.setOAURLRequested(target.getOAURL()); -					moasession.setAction(target.requestedAction()); -					moasession.setModul(target.requestedModule()); -				} -							 -				//Build authentication form -				 -				 -				String publicURLPreFix = target.getAuthURL(); -				if (publicURLPreFix.endsWith("/")) -					publicURLPreFix = publicURLPreFix.substring(0, publicURLPreFix.length() - 1); -				String loginForm = LoginFormBuilder.buildLoginForm(target.requestedModule(),  -						target.requestedAction(), oaParam, publicURLPreFix, moasession.getSessionID()); -				 -				//store MOASession -				try { -					AuthenticationSessionStoreage.storeSession(moasession, target.getRequestID());				 -				} catch (MOADatabaseException e) { -					Logger.error("Database Error! MOASession is not stored!"); -					throw new MOAIDException("init.04", new Object[] { -							moasession.getSessionID()}); -				} -				 -				//set MOAIDSession -				//request.getSession().setAttribute(MOA_SESSION, moasession.getSessionID()); +			//store pending-request			 +			requestStoreage.storePendingRequest(pendingReq); +			 +			 +			// make sure moa session has been persisted before running the process +			try { +				authenticatedSessionStore.storeSession(moasession); -				response.setContentType("text/html;charset=UTF-8"); -				PrintWriter out = new PrintWriter(response.getOutputStream());  -				out.print(loginForm); -				out.flush();  +			} catch (MOADatabaseException e) { +				Logger.error("Database Error! MOASession is not stored!"); +				throw new MOAIDException("init.04", new Object[] { +						moasession.getSessionID()});  			} +						 +	    	// start process +			processEngine.start(processInstanceId); +			  		} catch (ProcessExecutionException e) {  			Throwable cause = e.getCause();  			if (cause != null && cause instanceof TaskExecutionException) { @@ -746,11 +567,36 @@ public class AuthenticationManager extends MOAIDAuthConstants {  					MOAIDException moaTaskCause = (MOAIDException) taskCause;  					Logger.warn(taskCause);  					throw moaTaskCause; -					 +				  				}									 -			}  -						 -			throw new MOAIDException("process.01", new Object[] { moasession.getProcessInstanceId(), moasession }, e); -		} +			} +			 +			throw new MOAIDException("process.01", new Object[] { pendingReq.getProcessInstanceId(), moasession }, e); +		}			 +	} +			 +	private void sendTransmitAssertionQuestion(HttpServletRequest request, +			HttpServletResponse response, IRequest target, IOAAuthParameters oaParam) +			throws ServletException, IOException, MOAIDException {  +		 +			//TODO: change to process management version!!!! +		 +			//set authenticated flag to false, because user consents is required +			target.setAuthenticated(false); +		 +			 +//			String form = SendAssertionFormBuilder.buildForm(target.requestedModule(),  +//					target.requestedAction(), target.getRequestID(), oaParam,  +//					target.getAuthURL()); + +			String form =null; +			 +			revisionsLogger.logEvent(target.getOnlineApplicationConfiguration(),  +					target, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_START); +			 +			response.setContentType("text/html;charset=UTF-8"); +			PrintWriter out = new PrintWriter(response.getOutputStream());  +			out.print(form); +			out.flush();   	}  } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java index fda92d71a..7833e795e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java @@ -25,9 +25,7 @@ package at.gv.egovernment.moa.id.moduls;  import javax.servlet.http.HttpServletRequest;  import javax.servlet.http.HttpServletResponse; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;  import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.data.AuthenticationData;  import at.gv.egovernment.moa.id.data.IAuthData;  import at.gv.egovernment.moa.id.data.SLOInformationInterface; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java index bdbb1b458..79e52f6e1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java @@ -25,22 +25,12 @@ package at.gv.egovernment.moa.id.moduls;  import javax.servlet.http.HttpServletRequest;  import javax.servlet.http.HttpServletResponse; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException;  public interface IModulInfo {  	//public List<ServletInfo> getServlets();  	public String getName();  	public String getPath(); -	 -	public IAction getAction(String action); -	 -	public IRequest preProcess(HttpServletRequest request,  -			HttpServletResponse response, String action, String sessionID, String transactionID) -	throws MOAIDException; -	 -	public IAction canHandleRequest(HttpServletRequest request,  -			HttpServletResponse response); -	 +		  	public boolean generateErrorMessage(Throwable e,  			HttpServletRequest request, HttpServletResponse response,  			IRequest protocolRequest) throws Throwable; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java index 4ae271bbc..f5d381e42 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java @@ -22,32 +22,121 @@   *******************************************************************************/  package at.gv.egovernment.moa.id.moduls; -import java.util.Date; -import java.util.List; - -import org.opensaml.saml2.core.Attribute; - +import at.gv.egovernment.moa.id.auth.exception.SessionDataStorageException;  import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;  public interface IRequest { +		 +	/** +	 * Indicates the module, which implements this authentication protocol. +	 * The class, which is referenced, had to implement the 'IModulInfo' interface. +	 *  +	 * @return Full-qualified name of the class which implements this protocol +	 */ +	public String requestedModule(); +	 +	/** +	 * Indicates the protocol specific action, which should executed if the request is processed.  +	 * The class, which is referenced, had to implement the 'IAction' interface. +	 *  +	 * @return Full-qualified name of the class which implements the action   +	 */ +	public String requestedAction(); +	 +	/** +	 * Unique identifier, which indicates the service provider.  +	 * In case of SAML1 protocol, it is the OA http-GET parameter +	 *  +	 * @return Unique identifier for the service provider +	 */  	public String getOAURL(); +	 +	/** +	 * Indicates the passive flag in authentication requests. +	 * If the passive flag is set, the identification and authentication process  +	 * failed if no active SSO session is found.  +	 *  +	 * @return true, if the is passive flag is set in authentication request, otherwise false +	 */  	public boolean isPassiv(); +	 +	/** +	 * Indicates the force authentication flag in authentication request +	 * If this flag is set, a new identification and authentication process +	 * is carried out in any case. +	 *  +	 * @return true, if the force authentication flag is set, otherwise false +	 */  	public boolean forceAuth(); -	public boolean isSSOSupported(); -	public String requestedModule(); -	public String requestedAction(); -	public void setModule(String module); -	public void setAction(String action); -	public String getTarget(); -	public void setRequestID(String id); -	public String getRequestID();	 -	public String getSessionIdentifier(); -	public void setSessionIdentifier(String sessionIdentifier); -	public String getRequestedIDP(); -	public MOAResponse getInterfederationResponse(); -	public List<Attribute> getRequestedAttributes(); -	public IOAAuthParameters getOnlineApplicationConfiguration(); +	 +	 +	/** +	 * Returns a generic request-data object with is stored with a specific identifier  +	 *  +	 * @param key The specific identifier of the request-data object +	 * @return The request-data object or null if no data is found with this key +	 */ +	public Object getGenericData(String key); +	 +	/** +	 * Returns a generic request-data object with is stored with a specific identifier  +	 *  +	 * @param key The specific identifier of the request-data object +	 * @param clazz The class type which is stored with this key +	 * @return The request-data object or null if no data is found with this key +	 */ +	public <T> T getGenericData(String key, final Class<T> clazz); +	 +	/** +	 * Store a generic data-object to request with a specific identifier +	 *  +	 * @param key Identifier for this data-object +	 * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface +	 * @throws SessionDataStorageException Error message if the data-object can not stored to generic request-data storage +	 */ +	public void setGenericDataToSession(String key, Object object) throws SessionDataStorageException; +		 +	/** +	 * Hold the identifier of this request object.  +	 * This identifier can be used to load the request from request storage  +	 *  +	 * @return Request identifier +	 */ +	public String getRequestID(); +	 + +	/** +	 * Hold the identifier of the MOASession which is associated with this request +	 *  +	 * @return MOASession identifier if a associated session exists, otherwise null +	 */ +	public String getMOASessionIdentifier(); + +	 +	/** +	 * Holds a unique transaction identifier, which could be used for looging +	 * This transaction identifier is unique for a single identification and authentication process +	 *  +	 * @return Unique transaction identifier.  +	 */ +	public String getUniqueTransactionIdentifier(); +	 +	/** +	 * Holds a unique session identifier, which could be used for logging  +	 * This session identifier is unique for the full Single Sign-On session time +	 *  +	 * @return Unique session identifier +	 */ +	public String getUniqueSessionIdentifier(); +	 +	 +	/** +	 * Hold the identifier if the process instance, which is associated with this request  +	 *  +	 * @return ProcessInstanceID if this request is associated with a authentication process, otherwise null +	 */ +	public String getProcessInstanceId(); +	  	/**  	 * get the IDP URL PreFix, which was used for authentication request @@ -57,5 +146,33 @@ public interface IRequest {  	public String getAuthURL();  	public String getAuthURLWithOutSlash(); -	//public void setTarget(); +	/** +	 * Indicates if this pending request needs authentication +	 *  +	 * @return true if this request needs authentication, otherwise false +	 */ +	public boolean isNeedAuthentication(); +	 +	/** +	 * Indicates, if this pending request needs Single Sign-On (SSO) functionality  +	 *  +	 * @return true if this request needs SSO, otherwise false +	 */ +	public boolean needSingleSignOnFunctionality(); +	public void setNeedSingleSignOnFunctionality(boolean needSSO); +	 +	/** +	 * Indicates, if this pending request is already authenticated +	 *  +	 * @return true if this request is already authenticated, otherwise false +	 */ +	public boolean isAuthenticated(); +	public void setAuthenticated(boolean isAuthenticated); +	 +	/** +	 * Get get Service-Provider configuration which is associated with this request. +	 *  +	 * @return Service-Provider configuration +	 */ +	public IOAAuthParameters getOnlineApplicationConfiguration();  } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IExceptionStore.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequestStorage.java index 4c76a49a4..6f46edce3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IExceptionStore.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequestStorage.java @@ -1,4 +1,4 @@ -/******************************************************************************* +/*   * Copyright 2014 Federal Chancellery Austria   * MOA-ID has been developed in a cooperation between BRZ, the Federal   * Chancellery Austria - ICT staff unit, and Graz University of Technology. @@ -19,11 +19,23 @@   * file for details on the various modules and licenses.   * The "NOTICE" text file is part of the distribution. Any derivative works   * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.storage; + */ +package at.gv.egovernment.moa.id.moduls; -public interface IExceptionStore { -	public String storeException(Throwable e); -	public Throwable fetchException(String id); -	public void removeException(String id); +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; + +/** + * @author tlenz + * + */ +public interface IRequestStorage { + +	public IRequest getPendingRequest(String pendingReqID); +	 +	public void storePendingRequest(IRequest pendingRequest) throws MOAIDException; +	 +	public void removePendingRequest(String requestID); +	 +	public String changePendingRequestID(IRequest pendingRequest) throws MOAIDException; +	  } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java index 99b7f4217..13768a343 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java @@ -1,46 +1,46 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.moduls; - -import at.gv.egovernment.moa.id.entrypoints.DispatcherServlet; - - -public class ModulUtils { - -	public static final String UNAUTHDISPATCHER = "dispatcher"; -	public static final String AUTHDISPATCHER = "dispatcher"; -	 -	public static String buildUnauthURL(String modul, String action, String pendingRequestID) { -		return UNAUTHDISPATCHER + "?" +  -				DispatcherServlet.PARAM_TARGET_MODULE + "=" + modul + "&" + -				DispatcherServlet.PARAM_TARGET_ACTION + "=" + action + "&" +  -				DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID; -	} -	 -	public static String buildAuthURL(String modul, String action, String pendingRequestID) { -		return AUTHDISPATCHER +  -				"?" + DispatcherServlet.PARAM_TARGET_MODULE + "=" + modul + "&" + -				DispatcherServlet.PARAM_TARGET_ACTION + "=" + action + "&" +  -				DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID; -	} -} +///******************************************************************************* +// * Copyright 2014 Federal Chancellery Austria +// * MOA-ID has been developed in a cooperation between BRZ, the Federal +// * Chancellery Austria - ICT staff unit, and Graz University of Technology. +// * +// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by +// * the European Commission - subsequent versions of the EUPL (the "Licence"); +// * You may not use this work except in compliance with the Licence. +// * You may obtain a copy of the Licence at: +// * http://www.osor.eu/eupl/ +// * +// * Unless required by applicable law or agreed to in writing, software +// * distributed under the Licence is distributed on an "AS IS" basis, +// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// * See the Licence for the specific language governing permissions and +// * limitations under the Licence. +// * +// * This product combines work with different licenses. See the "NOTICE" text +// * file for details on the various modules and licenses. +// * The "NOTICE" text file is part of the distribution. Any derivative works +// * that you distribute must include a readable copy of the "NOTICE" text file. +// *******************************************************************************/ +//package at.gv.egovernment.moa.id.moduls; +// +//import at.gv.egovernment.moa.id.entrypoints.DispatcherServlet; +// +// +//public class ModulUtils { +// +//	public static final String UNAUTHDISPATCHER = "dispatcher"; +//	public static final String AUTHDISPATCHER = "dispatcher"; +//	 +//	public static String buildUnauthURL(String modul, String action, String pendingRequestID) { +//		return UNAUTHDISPATCHER + "?" +  +//				DispatcherServlet.PARAM_TARGET_MODULE + "=" + modul + "&" + +//				DispatcherServlet.PARAM_TARGET_ACTION + "=" + action + "&" +  +//				DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID; +//	} +//	 +//	public static String buildAuthURL(String modul, String action, String pendingRequestID) { +//		return AUTHDISPATCHER +  +//				"?" + DispatcherServlet.PARAM_TARGET_MODULE + "=" + modul + "&" + +//				DispatcherServlet.PARAM_TARGET_ACTION + "=" + action + "&" +  +//				DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID; +//	} +//} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java index cdaade1bb..bba9f66ae 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java @@ -25,45 +25,73 @@ package at.gv.egovernment.moa.id.moduls;  import java.io.Serializable;  import java.net.MalformedURLException;  import java.net.URL; +import java.util.HashMap;  import java.util.List; +import java.util.Map;  import javax.servlet.http.HttpServletRequest;  import org.opensaml.saml2.core.Attribute; +import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; +import at.gv.egovernment.moa.id.auth.exception.SessionDataStorageException; +import at.gv.egovernment.moa.id.commons.MOAIDConstants;  import at.gv.egovernment.moa.id.config.ConfigurationException;  import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;  import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;  import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;  import at.gv.egovernment.moa.id.util.HTTPUtils; +import at.gv.egovernment.moa.id.util.Random;  import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil;  public abstract class RequestImpl implements IRequest, Serializable{ -	private static final long serialVersionUID = 1L; +	public static final String DATAID_INTERFEDERATIOIDP_URL = "interIDPURL"; +	public static final String DATAID_INTERFEDERATIOIDP_RESPONSE = "interIDPResponse"; +	public static final String DATAID_REQUESTED_ATTRIBUTES = "requestedAttributes"; -	private String oaURL; -	private boolean passiv = false; -	private boolean force = false; -	private boolean ssosupport = false; +	private static final long serialVersionUID = 1L; +  	private String module = null;  	private String action = null; -	private String target = null; +	  	private String requestID; -	private String sessionIdentifier; -	private IOAAuthParameters OAConfiguration = null; +	private String moaSessionIdentifier; +	private String processInstanceId; +	 +	private String uniqueTransactionIdentifer; +	private String uniqueSessionIdentifer; +	 +	private String oaURL;  	private String authURL = null; + +	private IOAAuthParameters OAConfiguration = null; +	 +	private boolean passiv = false; +	private boolean force = false; -	//MOA-ID interfederation -	private String requestedIDP = null; -	private MOAResponse response = null; +	private boolean needAuthentication = true; +	private boolean isAuthenticated = false; +	private boolean needSSO = false; +	 +	 +	private Map<String, Object> genericDataStorage = new HashMap<String, Object>();  	/**  	 * @throws ConfigurationException   	 *   	 */ -	public RequestImpl(HttpServletRequest req) throws ConfigurationException { +	public RequestImpl(HttpServletRequest req) throws ConfigurationException {				 +		//set requestID +		requestID = Random.nextRandom(); +		 +		//set unique transaction identifier for logging +		uniqueTransactionIdentifer = Random.nextRandom();		 +		TransactionIDUtils.setTransactionId(uniqueTransactionIdentifer); +		 +		 +		//check if End-Point is valid		  		String authURLString = HTTPUtils.extractAuthURLFromRequest(req);  		URL authURL;  		try { @@ -122,7 +150,16 @@ public abstract class RequestImpl implements IRequest, Serializable{  				this.authURL = resultURL.toExternalForm();  			}					 -		}				 +		} +				 +		//set unique session identifier +		String uniqueID = (String) req.getAttribute(MOAIDConstants.UNIQUESESSIONIDENTIFIER); +		if (MiscUtil.isNotEmpty(uniqueID)) +			uniqueSessionIdentifer = uniqueID; +		 +		else +			Logger.warn("No unique session-identifier FOUND, but it should be allready set into request!?!"); +		  	}  	/** @@ -156,83 +193,44 @@ public abstract class RequestImpl implements IRequest, Serializable{  		this.force = force;  	} -	public boolean isSSOSupported() { -		return ssosupport; -	} - -	public String requestedModule() { -		return module; -	} -  	public String requestedAction() {  		return action;  	} -	public void setSsosupport(boolean ssosupport) { -		this.ssosupport = ssosupport; -	} - -	public void setModule(String module) { -		this.module = module; -	} -  	public void setAction(String action) {  		this.action = action;  	} - -	public String getTarget() { -		return target; -	} -	public void setTarget(String target) { -		this.target = target; -	} - -	public void setRequestID(String id) { -		this.requestID = id; -		 -	} - -	public String getRequestID() { -		return requestID; -	} - -	/* (non-Javadoc) -	 * @see at.gv.egovernment.moa.id.moduls.IRequest#getRequestedIDP() +	/** +	 * @return the module  	 */ -	@Override -	public String getRequestedIDP() { -		return requestedIDP; +	public String requestedModule() { +		return module;  	}  	/** -	 * @param requestedIDP the requestedIDP to set +	 * @param module the module to set  	 */ -	public void setRequestedIDP(String requestedIDP) { -		this.requestedIDP = requestedIDP; +	public void setModule(String module) { +		this.module = module;  	} -	/** -	 * @return the response -	 */ -	public MOAResponse getInterfederationResponse() { -		return response; +	public void setRequestID(String id) { +		this.requestID = id; +		  	} -	/** -	 * @param response the response to set -	 */ -	public void setInterfederationResponse(MOAResponse response) { -		this.response = response; +	public String getRequestID() { +		return requestID;  	} -	public String getSessionIdentifier() { -		return this.sessionIdentifier; +	public String getMOASessionIdentifier() { +		return this.moaSessionIdentifier;  	} -	public void setSessionIdentifier(String sessionIdentifier) { -		this.sessionIdentifier = sessionIdentifier; +	public void setMOASessionIdentifier(String moaSessionIdentifier) { +		this.moaSessionIdentifier = moaSessionIdentifier;  	} @@ -246,6 +244,36 @@ public abstract class RequestImpl implements IRequest, Serializable{  	} +	public String getUniqueTransactionIdentifier() { +		return this.uniqueTransactionIdentifer; +		 +	} +	 +	public String getUniqueSessionIdentifier() { +		return this.uniqueSessionIdentifer; +		 +	} +	 +	public String getProcessInstanceId() { +		return this.processInstanceId; +		 +	} +	 +	public void setUniqueTransactionIdentifier(String id) { +		this.uniqueTransactionIdentifer = id; +		 +	} +	 +	public void setUniqueSessionIdentifier(String id) { +		this.uniqueSessionIdentifer = id; +		 +	} +	 +	public void setProcessInstanceId(String id) { +		this.processInstanceId = id; +		 +	} +	  	/**  	 * @return the authURL  	 */ @@ -261,11 +289,99 @@ public abstract class RequestImpl implements IRequest, Serializable{  	} -//	/** -//	 * @param authURL the authURL to set -//	 */ -//	public void setAuthURL(String authURL) { -//		this.authURL = authURL; -//	} +	/** +	 * @return the needAuthentication +	 */ +	public boolean isNeedAuthentication() { +		return needAuthentication; +	} + +	/** +	 * @param needAuthentication the needAuthentication to set +	 */ +	public void setNeedAuthentication(boolean needAuthentication) { +		this.needAuthentication = needAuthentication; +	} + +	/** +	 * @return the isAuthenticated +	 */ +	public boolean isAuthenticated() { +		return isAuthenticated; +	} + +	/** +	 * @param isAuthenticated the isAuthenticated to set +	 */ +	public void setAuthenticated(boolean isAuthenticated) { +		this.isAuthenticated = isAuthenticated; +	} + +	public boolean needSingleSignOnFunctionality() { +		return needSSO; +	} +	public void setNeedSingleSignOnFunctionality(boolean needSSO) { +		this.needSSO = needSSO; +		 +	} +	 +	public Object getGenericData(String key) { +		if (MiscUtil.isNotEmpty(key)) { +			return genericDataStorage.get(key); +			 +		}  +		 +		Logger.warn("Can not load generic request-data with key='null'"); +		return null;		 +	} +	 +	public <T> T getGenericData(String key, final Class<T> clazz) { +		if (MiscUtil.isNotEmpty(key)) { +			Object data =  genericDataStorage.get(key); +			 +			if (data == null) +				return null; +			 +			try { +				@SuppressWarnings("unchecked") +				T test = (T) data; +				return test; +				 +			} catch (Exception e) { +				Logger.warn("Generic request-data object can not be casted to requested type", e); +				return null; +				 +			} +			 +		}  +		 +		Logger.warn("Can not load generic request-data with key='null'"); +		return null; +		 +	} +	 +	public void setGenericDataToSession(String key, Object object) throws SessionDataStorageException { +		if (MiscUtil.isEmpty(key)) { +			Logger.warn("Generic request-data can not be stored with a 'null' key"); +			throw new SessionDataStorageException("Generic request-data can not be stored with a 'null' key", null); +			 +		} +		 +		if (object != null) { +			if (!Serializable.class.isInstance(object)) { +				Logger.warn("Generic request-data can only store objects which implements the 'Seralizable' interface"); +				throw new SessionDataStorageException("Generic request-data can only store objects which implements the 'Seralizable' interface", null); +				 +			}						 +		} +		 +		if (genericDataStorage.containsKey(key)) +			Logger.debug("Overwrite generic request-data with key:" + key); +		else +			Logger.trace("Add generic request-data with key:" + key + " to session."); +		 +		genericDataStorage.put(key, object); +		 +	}  } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java index f0b12431a..66ca42398 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java @@ -22,23 +22,32 @@   *******************************************************************************/  package at.gv.egovernment.moa.id.moduls; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; +  import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;  import at.gv.egovernment.moa.id.auth.exception.MOAIDException;  import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.storage.AssertionStorage; +import at.gv.egovernment.moa.id.process.dao.ProcessInstanceStoreDAO; +import at.gv.egovernment.moa.id.storage.ITransactionStorage; +import at.gv.egovernment.moa.id.util.Random;  import at.gv.egovernment.moa.logging.Logger; -public class RequestStorage { +@Service("RequestStorage") +public class RequestStorage implements IRequestStorage{ -	public static IRequest getPendingRequest(String pendingReqID) { +	@Autowired ITransactionStorage transactionStorage; +	@Autowired ProcessInstanceStoreDAO processInstanceStore; +	 +	@Override +	public IRequest getPendingRequest(String pendingReqID) {  		try { -			AssertionStorage storage = AssertionStorage.getInstance(); -			IRequest pendingRequest = storage.get(pendingReqID, IRequest.class); +			IRequest pendingRequest = transactionStorage.get(pendingReqID, IRequest.class);  			//set transactionID and sessionID to Logger -			TransactionIDUtils.setTransactionId(((IRequest)pendingRequest).getRequestID()); -			TransactionIDUtils.setSessionId(((IRequest)pendingRequest).getSessionIdentifier()); +			TransactionIDUtils.setTransactionId(pendingRequest.getUniqueTransactionIdentifier()); +			TransactionIDUtils.setSessionId(pendingRequest.getUniqueSessionIdentifier());  			return pendingRequest; @@ -49,12 +58,11 @@ public class RequestStorage {  		}  	} -	public static void setPendingRequest(Object pendingRequest) throws MOAIDException { -		try { -			AssertionStorage storage = AssertionStorage.getInstance(); -			 +	@Override +	public void storePendingRequest(IRequest pendingRequest) throws MOAIDException { +		try {			  			if (pendingRequest instanceof IRequest) { -				storage.put(((IRequest)pendingRequest).getRequestID(), pendingRequest); +				transactionStorage.put(((IRequest)pendingRequest).getRequestID(), pendingRequest);  			} else {  				throw new MOAIDException("auth.20", null); @@ -69,12 +77,52 @@ public class RequestStorage {  	} -	public static void removePendingRequest(String requestID) { +	@Override +	public void removePendingRequest(String requestID) {  		if (requestID != null) { -			AssertionStorage storage = AssertionStorage.getInstance(); -			storage.remove(requestID); +			 +			//remove process-management execution instance +			try { +				IRequest pendingReq = getPendingRequest(requestID); +						 +				if (pendingReq != null &&  +						pendingReq.getProcessInstanceId() != null) { +					processInstanceStore.remove(pendingReq.getProcessInstanceId()); +					 +				} + +			} catch (MOADatabaseException e) { +				Logger.warn("Removing process associated with pending-request:" + requestID + " FAILED.", e); +				 +			} +				 +			transactionStorage.remove(requestID);  		}  	} + +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.storage.IRequestStorage#changePendingRequestID(at.gv.egovernment.moa.id.moduls.IRequest) +	 */ +	@Override +	public String changePendingRequestID(IRequest pendingRequest) throws MOAIDException { + +		if (pendingRequest instanceof RequestImpl) { +			String newRequestID = Random.nextRandom(); +			 +			Logger.debug("Change pendingRequestID from " + pendingRequest.getRequestID()  +				+ " to " + newRequestID); +			 +			((RequestImpl)pendingRequest).setRequestID(newRequestID);			 +			storePendingRequest(pendingRequest); +			 +			return newRequestID; +						 +		} else { +			Logger.error("PendingRequest object is not of type 'RequestImpl.class'"); +			throw new MOAIDException("internal.00", null); +		} +		 +	}  } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java index 2a618272f..89d50425b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java @@ -40,23 +40,27 @@ import org.apache.velocity.VelocityContext;  import org.apache.velocity.app.VelocityEngine;  import org.hibernate.Query;  import org.hibernate.Session; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service;  import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;  import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;  import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.exception.SessionDataStorageException;  import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;  import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;  import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;  import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;  import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;  import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;  import at.gv.egovernment.moa.id.util.Random;  import at.gv.egovernment.moa.id.util.VelocityProvider;  import at.gv.egovernment.moa.logging.Logger;  import at.gv.egovernment.moa.util.MiscUtil; +@Service("MOAID_SSOManager")  public class SSOManager {  	private static final String HTMLTEMPLATESDIR = "htmlTemplates/"; @@ -65,27 +69,29 @@ public class SSOManager {  	private static final String SSOCOOKIE = "MOA_ID_SSO";  	private static final String SSOINTERFEDERATION = "MOA_INTERFEDERATION_SSO"; -	private static final int DEFAULTSSOTIMEOUT = 15 * 60; // sec -	  	private static final int INTERFEDERATIONCOOKIEMAXAGE = 5 * 60;// sec + +	@Autowired private IAuthenticationSessionStoreage authenticatedSessionStore; +	@Autowired protected AuthConfiguration authConfig; -	private static SSOManager instance = null; -	 -	public static SSOManager getInstance() { -		if (instance == null) { -			instance = new SSOManager(); -		 -		} -		 -		return instance; -	} -	 +	/** +	 * Check if interfederation IDP is requested via HTTP GET parameter or if interfederation cookie exists. +	 * Set the requested interfederation IDP as attribte of the {protocolRequest} +	 *  +	 * @param httpReq HttpServletRequest	 +	 * @param httpResp HttpServletResponse +	 * @param protocolRequest Authentication request which is actually in process +	 * @throws SessionDataStorageException  +	 *  +	 **/  	public void checkInterfederationIsRequested(HttpServletRequest httpReq, HttpServletResponse httpResp, -			IRequest protocolRequest) { +			IRequest protocolRequest) throws SessionDataStorageException {  		String interIDP = httpReq.getParameter(MOAIDAuthConstants.INTERFEDERATION_IDP); -		if (MiscUtil.isNotEmpty(protocolRequest.getRequestedIDP())) { -			Logger.debug("Protocolspecific preprocessing already set interfederation IDP " + protocolRequest.getRequestedIDP()); +		String interfederationIDP =  +				protocolRequest.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class); +		if (MiscUtil.isNotEmpty(interfederationIDP)) { +			Logger.debug("Protocolspecific preprocessing already set interfederation IDP " + interfederationIDP);  			return;  		} @@ -95,14 +101,14 @@ public class SSOManager {  			RequestImpl moaReq = (RequestImpl) protocolRequest;  			if (MiscUtil.isNotEmpty(interIDP)) {  				Logger.info("Receive SSO request for interfederation IDP " + interIDP); -				moaReq.setRequestedIDP(interIDP); +				moaReq.setGenericDataToSession(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, interIDP);  			} else {  				//check if IDP cookie is set  				String cookie = getValueFromCookie(httpReq, SSOINTERFEDERATION);  				if (MiscUtil.isNotEmpty(cookie)) {  					Logger.info("Receive SSO request for interfederated IDP from Cookie " + cookie); -					moaReq.setRequestedIDP(cookie); +					moaReq.setGenericDataToSession(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, cookie);  					deleteCookie(httpReq, httpResp, SSOINTERFEDERATION);									  				}				 @@ -120,7 +126,7 @@ public class SSOManager {  	} -	public boolean isValidSSOSession(String ssoSessionID, IRequest protocolRequest) throws ConfigurationException { +	public boolean isValidSSOSession(String ssoSessionID, IRequest protocolRequest) throws ConfigurationException, SessionDataStorageException {  		// search SSO Session  		if (ssoSessionID == null) { @@ -128,7 +134,7 @@ public class SSOManager {  			return false;  		} -		AuthenticatedSessionStore storedSession = AuthenticationSessionStoreage.isValidSessionWithSSOID(ssoSessionID, null); +		AuthenticatedSessionStore storedSession = authenticatedSessionStore.isValidSessionWithSSOID(ssoSessionID);  		if (storedSession == null)  			return false; @@ -137,7 +143,7 @@ public class SSOManager {  			//check if session is out of lifetime  			Date now = new Date(); -			long maxSSOSessionTime = AuthConfigurationProviderFactory.getInstance().getSSOCreatedTimeOut() * 1000;		 +			long maxSSOSessionTime = authConfig.getSSOCreatedTimeOut() * 1000;		  			Date ssoSessionValidTo = new Date(storedSession.getCreated().getTime() + maxSSOSessionTime);  			if (now.after(ssoSessionValidTo)) {  				Logger.info("Found outdated SSO session information. Start reauthentication process ... "); @@ -150,12 +156,16 @@ public class SSOManager {  					storedSession.isInterfederatedSSOSession() &&  					!storedSession.isAuthenticated()) { -				if (MiscUtil.isEmpty(((RequestImpl) protocolRequest).getRequestedIDP())) { -					InterfederationSessionStore selectedIDP = AuthenticationSessionStoreage.searchInterfederatedIDPFORSSOWithMOASession(storedSession.getSessionid()); +				String interfederationIDP =  +						protocolRequest.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class); +				 +				if (MiscUtil.isEmpty(interfederationIDP)) { +					InterfederationSessionStore selectedIDP = authenticatedSessionStore.searchInterfederatedIDPFORSSOWithMOASession(storedSession.getSessionid());  					if (selectedIDP != null) {				  						//no local SSO session exist -> request interfederated IDP -						((RequestImpl) protocolRequest).setRequestedIDP(selectedIDP.getIdpurlprefix()); +						protocolRequest.setGenericDataToSession( +								RequestImpl.DATAID_INTERFEDERATIOIDP_URL, selectedIDP.getIdpurlprefix());  					} else {  						Logger.warn("MOASession is marked as interfederated SSO session but no interfederated IDP is found. Switch to local authentication ..."); @@ -174,16 +184,17 @@ public class SSOManager {  	}  	public String getMOASession(String ssoSessionID) { -		return AuthenticationSessionStoreage.getMOASessionSSOID(ssoSessionID); +		return authenticatedSessionStore.getMOASessionSSOID(ssoSessionID);  	} +	//TODO: refactor for faster DB access  	public String getUniqueSessionIdentifier(String ssoSessionID) {  		try {  			if (MiscUtil.isNotEmpty(ssoSessionID)) {			 -				String moaSessionID = AuthenticationSessionStoreage.getMOASessionSSOID(ssoSessionID); +				String moaSessionID = authenticatedSessionStore.getMOASessionSSOID(ssoSessionID);  				if (MiscUtil.isNotEmpty(moaSessionID)) { -					AuthenticationSessionExtensions extSessionInformation = AuthenticationSessionStoreage.getAuthenticationSessionExtensions(moaSessionID); +					AuthenticationSessionExtensions extSessionInformation = authenticatedSessionStore.getAuthenticationSessionExtensions(moaSessionID);  						return extSessionInformation.getUniqueSessionId();  				} @@ -253,14 +264,6 @@ public class SSOManager {  	}  	public void setSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp, String ssoId) { -		int ssoTimeOut; -		try { -			ssoTimeOut = (int) AuthConfigurationProviderFactory.getInstance().getSSOCreatedTimeOut(); -			 -		} catch (ConfigurationException e) { -			Logger.info("SSO Timeout can not be loaded from MOA-ID configuration. Use default Timeout with " + DEFAULTSSOTIMEOUT); -			ssoTimeOut = DEFAULTSSOTIMEOUT; -		}  		setCookie(httpReq, httpResp, SSOCOOKIE, ssoId, -1);  	} @@ -285,12 +288,12 @@ public class SSOManager {  		if (MiscUtil.isNotEmpty(ssoSessionID)) { -			AuthenticatedSessionStore storedSession = AuthenticationSessionStoreage.isValidSessionWithSSOID(ssoSessionID, null); +			AuthenticatedSessionStore storedSession = authenticatedSessionStore.isValidSessionWithSSOID(ssoSessionID);  			if (storedSession == null)  				return false; -			InterfederationSessionStore selectedIDP = AuthenticationSessionStoreage.searchInterfederatedIDPFORSSOWithMOASessionIDPID(storedSession.getSessionid(), entityID); +			InterfederationSessionStore selectedIDP = authenticatedSessionStore.searchInterfederatedIDPFORSSOWithMOASessionIDPID(storedSession.getSessionid(), entityID);  			if (selectedIDP != null) {				  				//no local SSO session exist -> request interfederated IDP @@ -317,7 +320,7 @@ public class SSOManager {  			InputStream is = null;  			String pathLocation = null;  			try { -				String rootconfigdir = AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir(); +				String rootconfigdir = authConfig.getRootConfigFileDir();  				pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEFULL;  				File file = new File(new URI(pathLocation));  				is = new  FileInputStream(file); @@ -359,7 +362,7 @@ public class SSOManager {  		BufferedReader reader = new BufferedReader(new InputStreamReader(is ));  		//set default elements to velocity context -		context.put("contextpath", AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix()); +		context.put("contextpath", authConfig.getPublicURLPrefix());  		StringWriter writer = new StringWriter();			  		//velocityEngine.evaluate(context, writer, "SLO_Template", reader);			 diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngine.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngine.java index 5cf84abed..26301d664 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngine.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngine.java @@ -61,6 +61,17 @@ public interface ProcessEngine {  	 */  	String createProcessInstance(String processDefinitionId) throws ProcessExecutionException; +	 +	/** +	 * Delete a process instance  +	 *  +	 * @param processInstanceId +	 *            The identifier of the respective process. +	 * @throws ProcessExecutionException +	 *             Thrown in case of error, e.g. when a {@code processInstanceId} is referenced that does not exist. +	 */ +	void deleteProcessInstance(String processInstanceId) throws ProcessExecutionException; +	  	/**  	 * Returns the process instance with a given {@code processInstanceId}.  	 *  diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java index 096e5ee9e..6da695d75 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java @@ -12,8 +12,9 @@ import org.apache.commons.lang3.StringUtils;  import org.slf4j.Logger;  import org.slf4j.LoggerFactory;  import org.slf4j.MDC; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;  import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;  import at.gv.egovernment.moa.id.process.api.ExecutionContext;  import at.gv.egovernment.moa.id.process.api.ExpressionEvaluationContext; @@ -21,13 +22,13 @@ import at.gv.egovernment.moa.id.process.api.ExpressionEvaluator;  import at.gv.egovernment.moa.id.process.api.Task;  import at.gv.egovernment.moa.id.process.dao.ProcessInstanceStore;  import at.gv.egovernment.moa.id.process.dao.ProcessInstanceStoreDAO; -import at.gv.egovernment.moa.id.process.dao.ProcessInstanceStoreDAOImpl;  import at.gv.egovernment.moa.id.process.model.EndEvent;  import at.gv.egovernment.moa.id.process.model.ProcessDefinition;  import at.gv.egovernment.moa.id.process.model.ProcessNode;  import at.gv.egovernment.moa.id.process.model.StartEvent;  import at.gv.egovernment.moa.id.process.model.TaskInfo;  import at.gv.egovernment.moa.id.process.model.Transition; +import at.gv.egovernment.moa.util.MiscUtil;  /**   * Process engine implementation allowing starting and continuing processes as well as providing means for cleanup actions. @@ -36,10 +37,11 @@ public class ProcessEngineImpl implements ProcessEngine {  	private Logger log = LoggerFactory.getLogger(getClass()); +	@Autowired ProcessInstanceStoreDAO piStoreDao; +	@Autowired ApplicationContext context; +	  	private ProcessDefinitionParser pdp = new ProcessDefinitionParser(); -	ProcessInstanceStoreDAO piStoreDao = ProcessInstanceStoreDAOImpl.getInstance(); -  	private Map<String, ProcessDefinition> processDefinitions = new ConcurrentHashMap<String, ProcessDefinition>();  	private final static String MDC_CTX_PI_NAME = "processInstanceId"; @@ -176,17 +178,21 @@ public class ProcessEngineImpl implements ProcessEngine {  		if (clazz != null) {  			log.debug("Instantiating task implementing class '{}'.", clazz); -			Class<?> instanceClass = null; +			Object instanceClass = null;  			try { -				instanceClass = Class.forName(clazz, true, Thread.currentThread().getContextClassLoader()); +				instanceClass = context.getBean(clazz); +				  			} catch (Exception e) {  				throw new ProcessExecutionException("Unable to get class '" + clazz + "' associated with task '" + ti.getId() + "' .", e); +				  			} -			if (!Task.class.isAssignableFrom(instanceClass)) { +			if (instanceClass == null || !(instanceClass instanceof Task)) {  				throw new ProcessExecutionException("Class '" + clazz + "' associated with task '" + ti.getId() + "' is not assignable to " + Task.class.getName() + "."); +				  			}  			try { -				task = (Task) instanceClass.newInstance(); +				task = (Task) instanceClass; +				  			} catch (Exception e) {  				throw new ProcessExecutionException("Unable to instantiate class '" + clazz + "' associated with task '" + ti.getId() + "' .", e);  			} @@ -352,5 +358,25 @@ public class ProcessEngineImpl implements ProcessEngine {  		return pi;  	} + +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.process.ProcessEngine#deleteProcessInstance(java.lang.String) +	 */ +	@Override +	public void deleteProcessInstance(String processInstanceId) throws ProcessExecutionException { +		if (MiscUtil.isEmpty(processInstanceId)) { +			throw new ProcessExecutionException("Unable to remove process instance: ProcessInstanceId is empty"); +			 +		} +			 +		try { +			piStoreDao.remove(processInstanceId); +			 +		} catch (MOADatabaseException e) { +			throw new ProcessExecutionException("Unable to remove process instance.", e); +			 +		} +		 +	}  } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAOImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAOImpl.java index a75a5de8c..577e971db 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAOImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAOImpl.java @@ -6,6 +6,7 @@ import org.hibernate.Transaction;  import org.hibernate.criterion.Restrictions;  import org.slf4j.Logger;  import org.slf4j.LoggerFactory; +import org.springframework.stereotype.Service;  import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;  import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; @@ -14,16 +15,11 @@ import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;   * Database backed implementation of the {@link ProcessInstanceStoreDAO}   * interface.   */ +@Service("ProcessInstanceStoreage")  public class ProcessInstanceStoreDAOImpl implements ProcessInstanceStoreDAO {  	private Logger log = LoggerFactory.getLogger(getClass()); -	private static ProcessInstanceStoreDAO instance = new ProcessInstanceStoreDAOImpl(); - -	public static ProcessInstanceStoreDAO getInstance() { -		return instance; -	} -  	@Override  	public void saveOrUpdate(ProcessInstanceStore pIStore) throws MOADatabaseException {  		try { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractProtocolModulController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractProtocolModulController.java new file mode 100644 index 000000000..cc1886324 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractProtocolModulController.java @@ -0,0 +1,268 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols; + +import java.io.IOException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; + +import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.auth.servlet.AbstractController; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.data.SLOInformationInterface; +import at.gv.egovernment.moa.id.moduls.AuthenticationManager; +import at.gv.egovernment.moa.id.moduls.IAction; +import at.gv.egovernment.moa.id.moduls.IModulInfo; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.moduls.RequestImpl; +import at.gv.egovernment.moa.id.moduls.SSOManager; +import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ + +public abstract class AbstractProtocolModulController extends AbstractController implements IModulInfo { + +	public static final String FINALIZEPROTOCOL_ENDPOINT = "finalizeAuthProtocol";	 +	 +	@Autowired protected ApplicationContext applicationContext;	 +	@Autowired private SSOManager ssomanager;  +	@Autowired protected AuthenticationManager authmanager; +	@Autowired protected IAuthenticationSessionStoreage authenticatedSessionStorage; +	@Autowired private AuthenticationDataBuilder authDataBuilder; +		 +	/** +	 * Initialize an authentication process for this protocol request +	 *  +	 * @param httpReq HttpServletRequest	 +	 * @param httpResp HttpServletResponse +	 * @param protocolRequest Authentication request which is actually in process +	 * @throws IOException  +	 */ +	protected void performAuthentication(HttpServletRequest req, HttpServletResponse resp,  +			RequestImpl pendingReq) throws IOException { +		try { +			if (pendingReq.isNeedAuthentication()) { +				//request needs authentication --> start authentication process ... +			 +				//load Parameters from OnlineApplicationConfiguration +				IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); +				 +				if (oaParam == null) { +					throw new AuthenticationException("auth.00", new Object[] { pendingReq.getOAURL() }); +				} +		 +				 +				AuthenticationSession moaSession = authmanager.doAuthentication(req, resp, pendingReq); +				if (moaSession != null) {					 +					//authenticated MOASession already exists --> protocol-specific postProcessing can start directly 					 +					finalizeAuthenticationProcess(req, resp, pendingReq, moaSession); +					 +				} +							 +			} else {			 +				executeProtocolSpecificAction(req, resp, pendingReq, null); +			 +			} +			 +		} catch (Exception e) { +			buildProtocolSpecificErrorResponse(e, req, resp, pendingReq); +			 +		}		 +	} +	 +	/** +	 * Finalize the requested protocol operation +	 *  +	 * @param httpReq HttpServletRequest	 +	 * @param httpResp HttpServletResponse +	 * @param protocolRequest Authentication request which is actually in process +	 * @param moaSession MOASession object, which is used to generate the protocol specific authentication information +	 * @throws Exception  +	 */ +	protected void finalizeAuthenticationProcess(HttpServletRequest req, HttpServletResponse resp,  +			IRequest pendingReq, AuthenticationSession moaSession) throws Exception { + +		String newSSOSessionId = null; +		 +		//if Single Sign-On functionality is enabled for this request +		if (pendingReq.needSingleSignOnFunctionality()) { +			 +			//Store SSO information into database +			newSSOSessionId = ssomanager.createSSOSessionInformations(moaSession.getSessionID(),  +					pendingReq.getOAURL()); +	 +			//set SSO cookie to response +			if (MiscUtil.isNotEmpty(newSSOSessionId)) { +				ssomanager.setSSOSessionID(req, resp, newSSOSessionId); +		 +			} else { +				ssomanager.deleteSSOSessionID(req, resp); +			 +			} +			 +		} +		 +		//build authenticationdata from session information and OA configuration +		IAuthData authData = authDataBuilder.buildAuthenticationData(pendingReq, moaSession);	 +			 +		//execute the protocol-specific action +		SLOInformationInterface sloInformation = executeProtocolSpecificAction(req, resp, pendingReq, authData); +		 +		//check if SSO  +		boolean isSSOCookieSetted = MiscUtil.isNotEmpty(newSSOSessionId); +		 +		//Store OA specific SSO session information if an SSO cookie is set +		if (isSSOCookieSetted) { 		 +			try {				  +				authenticatedSessionStorage.addSSOInformation(moaSession.getSessionID(),  +						newSSOSessionId, sloInformation, pendingReq); +											 +			} catch (AuthenticationException e) { +				Logger.warn("SSO Session information can not be stored  -> SSO is not enabled!");				 +				authmanager.performOnlyIDPLogOut(req, resp, moaSession.getSessionID()); +				 +			} +		 +		} else { +			//remove MOASession from database +			authmanager.performOnlyIDPLogOut(req, resp, moaSession.getSessionID()); +			 +		} +	 +		//Advanced statistic logging +		statisticLogger.logSuccessOperation(pendingReq, authData, isSSOCookieSetted); +				 +	} +	 +	/** +	 * Executes the requested protocol action +	 *  +	 * @param httpReq HttpServletRequest	 +	 * @param httpResp HttpServletResponse +	 * @param protocolRequest Authentication request which is actually in process +	 * @param authData Service-provider specific authentication data +	 *  +	 * @return Return Single LogOut information or null if protocol supports no SSO +	 *  +	 * @throws Exception  +	 */ +	private SLOInformationInterface executeProtocolSpecificAction(HttpServletRequest httpReq, HttpServletResponse httpResp,  +			IRequest pendingReq, IAuthData authData) throws Exception { +		try { +		//	request needs no authentication --> start request processing +			Class<?> clazz = Class.forName(pendingReq.requestedAction()); +			if (clazz == null ||  +					!clazz.isInstance(IAction.class)) { +				Logger.fatal("Requested protocol-action processing Class is NULL or does not implement the IAction interface."); +				throw new Exception("Requested protocol-action processing Class is NULL or does not implement the IAction interface."); +				 +			} +							 +			IAction protocolAction = (IAction) applicationContext.getBean(clazz);			  +			return protocolAction.processRequest(pendingReq, httpReq, httpResp, authData); +			 +		} catch (ClassNotFoundException e) { +			Logger.fatal("Requested Auth. protocol processing Class is NULL or does not implement the IAction interface."); +			throw new Exception("Requested Auth. protocol processing Class is NULL or does not implement the IAction interface."); +		} +		 +	} +	 +	protected void buildProtocolSpecificErrorResponse(Throwable throwable, HttpServletRequest req,  +			HttpServletResponse resp, IRequest protocolRequest) throws IOException { +		try { +			 +			Class<?> clazz = Class.forName(protocolRequest.requestedModule()); +			if (clazz == null ||  +					!clazz.isInstance(IModulInfo.class)) { +				Logger.fatal("Requested protocol module Class is NULL or does not implement the IModulInfo interface."); +				throw new Exception("Requested protocol module Class is NULL or does not implement the IModulInfo interface."); +				 +			} +							 +			IModulInfo handlingModule = (IModulInfo) applicationContext.getBean(clazz); +												 +			if (handlingModule.generateErrorMessage( +					throwable, req, resp, protocolRequest)) { +		 +				//log Error Message +				statisticLogger.logErrorOperation(throwable, protocolRequest); +				 +				//remove MOASession +				AuthenticationSession moaSession = authenticatedSessionStorage.getSession( +						protocolRequest.getMOASessionIdentifier()); +				if (moaSession != null) +					authmanager.performOnlyIDPLogOut(req, resp, moaSession.getSessionID()); +				 +				return; +				 +			} else { +				handleErrorNoRedirect(throwable, req, resp); +				 +			} +			 +		} catch (Throwable e) { +			Logger.error(e); +			handleErrorNoRedirect(throwable, req, resp); +		} +		 +	} +	 +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.moduls.IModulInfo#getName() +	 */ +	@Override +	public abstract String getName(); + +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.moduls.IModulInfo#getPath() +	 */ +	@Override +	public abstract String getPath(); + +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.moduls.IModulInfo#generateErrorMessage(java.lang.Throwable, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.moduls.IRequest) +	 */ +	@Override +	public abstract boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response, +			IRequest protocolRequest) throws Throwable; + +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.moduls.IModulInfo#validate(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.moduls.IRequest) +	 */ +	@Override +	public abstract boolean validate(HttpServletRequest request, HttpServletResponse response, IRequest pending); + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java new file mode 100644 index 000000000..ed53d1a20 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java @@ -0,0 +1,199 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols; + +import java.io.IOException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; + +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +@Controller +public class ProtocolFinalizationController extends AbstractProtocolModulController { +	 +	@RequestMapping(value = "/finalizeAuthProtocol", method = {RequestMethod.GET}) +	public void finalizeAuthProtocol(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException { +		 +		//read pendingRequest from http request +		Object idObject = req.getParameter(PARAM_TARGET_PENDINGREQUESTID); +		IRequest pendingReq = null; +		String pendingRequestID = null; +		if (idObject != null && (idObject instanceof String)) { +			pendingRequestID = (String) idObject; +			pendingReq = requestStorage.getPendingRequest(pendingRequestID); +			 +		} + 				 +		//receive an authentication error +		String errorid = req.getParameter(ERROR_CODE_PARAM); +		if (errorid != null) { +			try {				 +				//load stored exception from database +				Throwable throwable = transactionStorage.get(errorid, Throwable.class); +				transactionStorage.remove(errorid); +							 +				if (throwable != null) {					 +					if (pendingReq != null) { +						revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR); +	 +						//build protocol-specific error message if possible +						buildProtocolSpecificErrorResponse(throwable, req, resp, pendingReq); +						 +						//log Error Message +						statisticLogger.logErrorOperation(throwable, pendingReq); +						 +						//get MOASession for this pendingRequest +						AuthenticationSession moaSession =  +								authenticatedSessionStorage.getSession( +										pendingReq.getMOASessionIdentifier()); +						 +						//remove MOASession if someone is found +						if (moaSession != null) +							authmanager.performOnlyIDPLogOut(req, resp, moaSession.getSessionID()); +	 +						return; +	 +					} else { +						handleErrorNoRedirect(throwable, req, resp); +	 +					} +				} else { +					handleErrorNoRedirect(new Exception( +							MOAIDMessageProvider.getInstance().getMessage("auth.26", null)),  +							req, resp); +					 +				} +				 +			} catch (Throwable e) { +			Logger.error(e); +			handleErrorNoRedirect(e, req, resp); +			 +			} +		 +			// receive a pending request  +		} else { +			if (pendingReq == null) { +				Logger.error("No PendingRequest with ID " + pendingRequestID + " found.!");		 +				handleErrorNoRedirect(new MOAIDException("auth.28", new Object[]{pendingRequestID}), req, resp);							 +				return; +				 +			} +			try { +				Logger.debug("Finalize PendingRequest with ID " + pendingRequestID); +			 +				//get MOASession from database				 +				String sessionID = pendingReq.getMOASessionIdentifier(); +			 +				// check parameter +				if (!ParamValidatorUtils.isValidSessionID(sessionID)) { +					throw new WrongParametersException("FinalizeAuthProtocol", PARAM_SESSIONID, "auth.12"); +				 +				}	 +				 +				//load MOASession from database +				AuthenticationSession moaSession = authenticatedSessionStorage.getSession(sessionID); +				if (moaSession == null) { +					Logger.error("No MOASession with ID " + sessionID + " found.!");		 +					handleErrorNoRedirect(new MOAIDException("auth.02", new Object[]{sessionID}), req, resp);							 +					return; +					 +				} +								 +				//check if MOASession and pending-request are authenticated +				if (moaSession.isAuthenticated() && pendingReq.isAuthenticated()) {				 +					finalizeAuthenticationProcess(req, resp, pendingReq, moaSession); +									 +				} else { +					Logger.error("MOASession oder Pending-Request are not authenticated --> Abort authentication process!");		 +					handleErrorNoRedirect(new MOAIDException("auth.20", null), req, resp);							 +					return; +									 +				} +							 +			} catch (Exception e) { +				Logger.error("Finalize authentication protocol FAILED." , e); +				buildProtocolSpecificErrorResponse(e, req, resp, pendingReq); +				 +			}		 +		} +		 +		//remove pending-request +		requestStorage.removePendingRequest(pendingRequestID); +		 +	} + +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController#getName() +	 */ +	@Override +	public String getName() { +		// TODO Auto-generated method stub +		return null; +	} + +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController#getPath() +	 */ +	@Override +	public String getPath() { +		// TODO Auto-generated method stub +		return null; +	} + +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController#generateErrorMessage(java.lang.Throwable, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.moduls.IRequest) +	 */ +	@Override +	public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response, +			IRequest protocolRequest) throws Throwable { +		// TODO Auto-generated method stub +		return false; +	} + +	/* (non-Javadoc) +	 * @see at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController#validate(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.moduls.IRequest) +	 */ +	@Override +	public boolean validate(HttpServletRequest request, HttpServletResponse response, IRequest pending) { +		// TODO Auto-generated method stub +		return false; +	} +	 +	 +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/UniqueSessionIdentifierInterceptor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/UniqueSessionIdentifierInterceptor.java new file mode 100644 index 000000000..e8b8022c4 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/UniqueSessionIdentifierInterceptor.java @@ -0,0 +1,93 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.web.servlet.HandlerInterceptor; +import org.springframework.web.servlet.ModelAndView; + +import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.MOAIDConstants; +import at.gv.egovernment.moa.id.moduls.SSOManager; +import at.gv.egovernment.moa.id.util.Random; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class UniqueSessionIdentifierInterceptor implements HandlerInterceptor { + +	@Autowired private SSOManager ssomanager; +	 +	/* (non-Javadoc) +	 * @see org.springframework.web.servlet.HandlerInterceptor#preHandle(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.Object) +	 */ +	@Override +	public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) +			throws Exception { +		 +		//get SSO Cookie for Request +		String ssoId = ssomanager.getSSOSessionID(request); +		 +		//search for unique session identifier +		String uniqueSessionIdentifier = ssomanager.getUniqueSessionIdentifier(ssoId);											 +		if (MiscUtil.isEmpty(uniqueSessionIdentifier)) +			uniqueSessionIdentifier = Random.nextRandom(); +		TransactionIDUtils.setSessionId(uniqueSessionIdentifier); +		 +		request.setAttribute(MOAIDConstants.UNIQUESESSIONIDENTIFIER, uniqueSessionIdentifier); +		 +		return true;  +	} + +	/* (non-Javadoc) +	 * @see org.springframework.web.servlet.HandlerInterceptor#postHandle(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.Object, org.springframework.web.servlet.ModelAndView) +	 */ +	@Override +	public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, +			ModelAndView modelAndView) throws Exception { +		 +		//set security headers +		response.setHeader(MOAIDAuthConstants.HEADER_EXPIRES, MOAIDAuthConstants.HEADER_VALUE_EXPIRES); +		response.setHeader(MOAIDAuthConstants.HEADER_PRAGMA, MOAIDAuthConstants.HEADER_VALUE_PRAGMA); +		response.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); +		response.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + +	} + +	/* (non-Javadoc) +	 * @see org.springframework.web.servlet.HandlerInterceptor#afterCompletion(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.Object, java.lang.Exception) +	 */ +	@Override +	public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) +			throws Exception { +		// TODO Auto-generated method stub + +	} + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java index 9327cabd7..c9a34496a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java @@ -24,6 +24,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x;  import java.util.ArrayList; +import java.util.Arrays;  import java.util.List;  import javax.servlet.http.HttpServletRequest; @@ -36,8 +37,8 @@ import org.opensaml.saml2.core.AttributeQuery;  import org.opensaml.saml2.core.Response;  import org.opensaml.ws.message.encoder.MessageEncodingException;  import org.opensaml.xml.security.SecurityException; - -import java.util.Arrays; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service;  import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder;  import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; @@ -51,15 +52,19 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AuthResponseBuilder;  import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder;  import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;  import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;  import at.gv.egovernment.moa.logging.Logger;  /**   * @author tlenz   *   */ +@Service("AttributQueryAction")  public class AttributQueryAction implements IAction { +	@Autowired IAuthenticationSessionStoreage authenticationSessionStorage; +	@Autowired private AuthenticationDataBuilder authDataBuilder; +	  	private final static List<String> DEFAULTSTORKATTRIBUTES = Arrays.asList(  			new String[]{PVPConstants.EID_STORK_TOKEN_NAME});	 @@ -86,7 +91,7 @@ public class AttributQueryAction implements IAction {  			//load moaSession  			String nameID = attrQuery.getSubject().getNameID().getValue(); -			AuthenticationSession session = AuthenticationSessionStoreage.getSessionWithUserNameID(nameID); +			AuthenticationSession session = authenticationSessionStorage.getSessionWithUserNameID(nameID);  			if (session == null) {  				Logger.warn("AttributeQuery nameID does not match to an active single sign-on session.");  				throw new AttributQueryException("AttributeQuery nameID does not match to an active single sign-on session.", null); @@ -96,7 +101,7 @@ public class AttributQueryAction implements IAction {  			DateTime date = new DateTime();  			//generate authData -			authData = AuthenticationDataBuilder.buildAuthenticationData(req, session, attrQuery.getAttributes()); +			authData = authDataBuilder.buildAuthenticationData(req, session, attrQuery.getAttributes());  			//add default attributes in case of mandates or STORK is in use  			List<String> attrList = addDefaultAttributes(attrQuery, authData);			 diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java index 04b7854b1..eb4cb8a18 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java @@ -25,6 +25,8 @@ package at.gv.egovernment.moa.id.protocols.pvp2x;  import javax.servlet.http.HttpServletRequest;  import javax.servlet.http.HttpServletResponse; +import org.springframework.stereotype.Service; +  import at.gv.egovernment.moa.id.auth.exception.MOAIDException;  import at.gv.egovernment.moa.id.data.IAuthData;  import at.gv.egovernment.moa.id.data.SLOInformationImpl; @@ -33,6 +35,7 @@ import at.gv.egovernment.moa.id.moduls.IAction;  import at.gv.egovernment.moa.id.moduls.IRequest;  import at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler.RequestManager; +@Service("PVPAuthenticationRequestAction")  public class AuthenticationAction implements IAction {  	public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, @@ -54,7 +57,8 @@ public class AuthenticationAction implements IAction {  	}  	public String getDefaultActionName() { -		return (PVP2XProtocol.REDIRECT); +		return "PVPAuthenticationRequestAction"; +		  	}  } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java index 50f91df44..5c1c60dc8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java @@ -62,6 +62,8 @@ import org.opensaml.xml.security.x509.X509Credential;  import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory;  import org.opensaml.xml.signature.Signature;  import org.opensaml.xml.signature.Signer; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service;  import org.w3c.dom.Document;  import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; @@ -79,15 +81,18 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableEx  import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;  import at.gv.egovernment.moa.logging.Logger; +@Service("pvpMetadataService")  public class MetadataAction implements IAction {  	private static final int VALIDUNTIL_IN_HOURS = 24; -		 + +	@Autowired private MOAReversionLogger revisionsLogger; +	  	public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq,  			HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {  		try { -			MOAReversionLogger.getInstance().logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_PVP_METADATA); +			revisionsLogger.logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_PVP_METADATA);  			EntitiesDescriptor idpEntitiesDescriptor =   					SAML2Utils.createSAMLObject(EntitiesDescriptor.class); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index c0ec086ed..fc4928366 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -23,10 +23,7 @@  package at.gv.egovernment.moa.id.protocols.pvp2x;  import java.io.IOException; -import java.util.ArrayList;  import java.util.Arrays; -import java.util.HashMap; -import java.util.Iterator;  import java.util.List;  import javax.servlet.http.HttpServletRequest; @@ -55,10 +52,11 @@ import org.opensaml.ws.security.SecurityPolicyException;  import org.opensaml.xml.io.MarshallingException;  import org.opensaml.xml.security.SecurityException;  import org.opensaml.xml.signature.SignableXMLObject; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod;  import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; -import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;  import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;  import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;  import at.gv.egovernment.moa.id.auth.exception.MOAIDException; @@ -66,14 +64,9 @@ import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException;  import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;  import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;  import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.moduls.IAction; -import at.gv.egovernment.moa.id.moduls.IModulInfo;  import at.gv.egovernment.moa.id.moduls.IRequest;  import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException; -import at.gv.egovernment.moa.id.moduls.RequestImpl; -import at.gv.egovernment.moa.id.moduls.RequestStorage; -import at.gv.egovernment.moa.id.moduls.SSOManager; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IDecoder; +import at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController;  import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;  import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;  import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding; @@ -103,7 +96,8 @@ import at.gv.egovernment.moa.id.util.VelocityLogAdapter;  import at.gv.egovernment.moa.logging.Logger;  import at.gv.egovernment.moa.util.MiscUtil; -public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo  { +@Controller +public class PVP2XProtocol extends AbstractProtocolModulController  {  	public static final String NAME = PVP2XProtocol.class.getName();  	public static final String PATH = "id_pvp2x"; @@ -119,41 +113,15 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo  {  	public static final String ENDPOINT_SP = "sp";  	public static final String PARAMETER_ENDPOINT = "endpointtype"; -	 -	private static List<IDecoder> decoder = new ArrayList<IDecoder>(); - -	private static HashMap<String, IAction> actions = new HashMap<String, IAction>(); -	 +		  	public static final List<String> DEFAULTREQUESTEDATTRFORINTERFEDERATION = Arrays.asList(  			new String[] {  					PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME  			}); -	static {		 -		decoder.add(new PostBinding()); -		decoder.add(new RedirectBinding()); -		decoder.add(new SoapBinding()); -		 -		actions.put(REDIRECT, new AuthenticationAction()); -		actions.put(POST, new AuthenticationAction()); -		actions.put(METADATA, new MetadataAction()); -		actions.put(ATTRIBUTEQUERY, new AttributQueryAction()); -		actions.put(SINGLELOGOUT, new SingleLogOutAction()); -		 -		//TODO: insert getArtifact action -		 -		instance = new PVP2XProtocol(); -		 +	static {			  		new VelocityLogAdapter(); -	} - -	private static PVP2XProtocol instance = null; - -	public static PVP2XProtocol getInstance() { -		if (instance == null) { -			instance = new PVP2XProtocol(); -		} -		return instance; +		  	}  	public String getName() { @@ -163,65 +131,139 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo  {  	public String getPath() {  		return PATH;  	} - -	private IDecoder findDecoder(String action, HttpServletRequest req) { -		Iterator<IDecoder> decoderIT = decoder.iterator(); -		while (decoderIT.hasNext()) { -			IDecoder decoder = decoderIT.next(); -			if (decoder.handleDecode(action,  req)) { -				return decoder; -			} -		} - -		return null; -	} - -	private boolean isServiceProviderEndPointUsed(HttpServletRequest req) throws InvalidProtocolRequestException { -		Object obj = req.getParameter(PARAMETER_ENDPOINT); -		if (obj instanceof String) { -			String param = (String) obj; -			if (MiscUtil.isNotEmpty(param)) { -				if (ENDPOINT_IDP.equals(param)) -					return false; -				 -				else if (ENDPOINT_SP.equals(param)) -					return true; -			}			 -		} -		 -		Logger.error("No valid PVP 2.1 entpoint descriptor"); -		throw new InvalidProtocolRequestException("pvp2.20", new Object[] {}); -	}  	public PVP2XProtocol() {  		super();  	} -	 -	public IRequest preProcess(HttpServletRequest request, -			HttpServletResponse response, String action, -			String sessionId, String transactionId) throws MOAIDException { - -		if (!AuthConfigurationProviderFactory.getInstance().getAllowedProtocols().isPVP21Active()) { +	//PVP2.x metadata end-point +	@RequestMapping(value = "/pvp2/metadata", method = {RequestMethod.POST, RequestMethod.GET}) +	public void PVPMetadataRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException { +		if (!authConfig.getAllowedProtocols().isPVP21Active()) {  			Logger.info("PVP2.1 is deaktivated!");  			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });  		} +		//create pendingRequest object +		PVPTargetConfiguration pendingReq = new PVPTargetConfiguration(req); +		pendingReq.setModule(NAME); +		 +		revisionsLogger.logEvent( +				pendingReq.getUniqueSessionIdentifier(),  +				pendingReq.getUniqueTransactionIdentifier(),  +				MOAIDEventConstants.TRANSACTION_IP,  +				req.getRemoteAddr()); +				 +		MetadataAction metadataAction = applicationContext.getBean(MetadataAction.class); +		metadataAction.processRequest(new PVPTargetConfiguration(req),  +				req, resp, null); -		 -		if(METADATA.equals(action)) { -			return new PVPTargetConfiguration(request); +	} +	 +	//PVP2.x IDP POST-Binding end-point +	@RequestMapping(value = "/pvp2/post", method = {RequestMethod.POST}) +	public void PVPIDPPostRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException { +		if (!authConfig.getAllowedProtocols().isPVP21Active()) { +			Logger.info("PVP2.1 is deaktivated!"); +			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });  		} -		IDecoder decoder = findDecoder(action, request); -		if (decoder == null) { -			return null; +		try { +			//create pendingRequest object +			PVPTargetConfiguration pendingReq = new PVPTargetConfiguration(req); +			pendingReq.setModule(NAME); +			 +			revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier()); +			revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_CREATED, pendingReq.getUniqueTransactionIdentifier());						 +			revisionsLogger.logEvent( +					pendingReq.getUniqueSessionIdentifier(),  +					pendingReq.getUniqueTransactionIdentifier(),  +					MOAIDEventConstants.TRANSACTION_IP,  +					req.getRemoteAddr()); +			 +			//get POST-Binding decoder implementation +			PostBinding coder = applicationContext.getBean(PostBinding.class); +			InboundMessage msg = (InboundMessage) coder.decode(req, resp, false); +			pendingReq.setRequest(msg); +			 +			//preProcess Message +			preProcess(req, resp, pendingReq); +						 +		} catch (SecurityPolicyException e) { +			String samlRequest = req.getParameter("SAMLRequest");			 +			Logger.warn("Receive INVALID protocol request: " + samlRequest, e); +			throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}); +			 +		} catch (SecurityException e) { +			String samlRequest = req.getParameter("SAMLRequest");			 +			Logger.warn("Receive INVALID protocol request: " + samlRequest, e); +			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}); +			 +		} catch (Throwable e) {			 +			String samlRequest = req.getParameter("SAMLRequest");			 +			Logger.warn("Receive INVALID protocol request: " + samlRequest, e); +						 +			throw new MOAIDException(e.getMessage(), new Object[] {}); +		}					 +	} +	 +	//PVP2.x IDP Redirect-Binding end-point +	@RequestMapping(value = "/pvp2/redirect", method = {RequestMethod.GET}) +	public void PVPIDPRedirecttRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException { +		if (!AuthConfigurationProviderFactory.getInstance().getAllowedProtocols().isPVP21Active()) { +			Logger.info("PVP2.1 is deaktivated!"); +			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); +			  		} +		  		try { +			//create pendingRequest object +			PVPTargetConfiguration pendingReq = new PVPTargetConfiguration(req); +			pendingReq.setModule(NAME); +			 +			revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier()); +			revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_CREATED, pendingReq.getUniqueTransactionIdentifier());						 +			revisionsLogger.logEvent( +					pendingReq.getUniqueSessionIdentifier(),  +					pendingReq.getUniqueTransactionIdentifier(),  +					MOAIDEventConstants.TRANSACTION_IP,  +					req.getRemoteAddr()); +			 +			//get POST-Binding decoder implementation +			RedirectBinding coder = applicationContext.getBean(RedirectBinding.class); +			InboundMessage msg = (InboundMessage) coder.decode(req, resp, false); +			pendingReq.setRequest(msg); +			 +			//preProcess Message +			preProcess(req, resp, pendingReq); +						 +		} catch (SecurityPolicyException e) { +			String samlRequest = req.getParameter("SAMLRequest");			 +			Logger.warn("Receive INVALID protocol request: " + samlRequest, e); +			throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}); +			 +		} catch (SecurityException e) { +			String samlRequest = req.getParameter("SAMLRequest");			 +			Logger.warn("Receive INVALID protocol request: " + samlRequest, e); +			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}); +			 +		} catch (Throwable e) {			 +			String samlRequest = req.getParameter("SAMLRequest");			 +			Logger.warn("Receive INVALID protocol request: " + samlRequest, e); -			InboundMessage msg = (InboundMessage) decoder.decode(request, response, isServiceProviderEndPointUsed(request)); +			throw new MOAIDException(e.getMessage(), new Object[] {}); +		}					 +	} +	 +	 +	 +	 +	public void preProcess(HttpServletRequest request, +			HttpServletResponse response, PVPTargetConfiguration pendingReq) throws Throwable { +			InboundMessage msg = pendingReq.getRequest(); +		  			if (MiscUtil.isEmpty(msg.getEntityID())) {  				throw new InvalidProtocolRequestException("pvp2.20", new Object[] {}); @@ -236,91 +278,76 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo  {  			if (msg instanceof MOARequest &&   					((MOARequest)msg).getSamlRequest() instanceof AuthnRequest) -				return preProcessAuthRequest(request, response, (MOARequest) msg, sessionId, transactionId); +				preProcessAuthRequest(request, response, pendingReq);  			else if (msg instanceof MOARequest &&   					((MOARequest)msg).getSamlRequest() instanceof AttributeQuery) -				return preProcessAttributQueryRequest(request, response, (MOARequest) msg, sessionId, transactionId); +				preProcessAttributQueryRequest(request, response, pendingReq);  			else if (msg instanceof MOARequest &&   					((MOARequest)msg).getSamlRequest() instanceof LogoutRequest) -				return preProcessLogOut(request, response, msg, sessionId, transactionId); +				preProcessLogOut(request, response, pendingReq);  			else if (msg instanceof MOAResponse &&   					((MOAResponse)msg).getResponse() instanceof LogoutResponse) -				return preProcessLogOut(request, response, msg, sessionId, transactionId); -			 -			else if (msg instanceof MOAResponse && -					((MOAResponse)msg).getResponse() instanceof Response) { -				//load service provider AuthRequest from session -											 -				IRequest obj = RequestStorage.getPendingRequest(msg.getRelayState()); -				if (obj instanceof RequestImpl) { -					RequestImpl iReqSP = (RequestImpl) obj; - -					MOAReversionLogger.getInstance().logEvent(iReqSP, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_AUTHRESPONSE); -					 -					MOAResponse processedMsg = preProcessAuthResponse((MOAResponse) msg); -					 -					if ( processedMsg != null ) { -						iReqSP.setInterfederationResponse(processedMsg); - -						MOAReversionLogger.getInstance().logEvent(iReqSP, MOAIDEventConstants.AUTHPROCESS_INTERFEDERATION_REVEIVED); -						 -						Logger.info("Receive a valid assertion from IDP " + msg.getEntityID()  -								+ ". Switch to original transaction with ID " + iReqSP.getRequestID()); -						TransactionIDUtils.setTransactionId(iReqSP.getRequestID()); -						TransactionIDUtils.setSessionId(iReqSP.getSessionIdentifier()); -												 -					} else { -						Logger.info("Interfederated IDP " + msg.getEntityID() + " has NO valid SSO session."  -								+". Switch back local authentication process ...");			 -						 -						SSOManager ssomanager = SSOManager.getInstance();						 -						ssomanager.removeInterfederatedSSOIDP(msg.getEntityID(), request); -						 -						iReqSP.setRequestedIDP(null);	 -						 -					} -									 -					return iReqSP; -					 -				} - -				Logger.error("Stored PVP21 authrequest from service provider has an unsuppored type."); -				return null; -							 -			} else { +				preProcessLogOut(request, response, pendingReq); +			 +			else {  				Logger.error("Receive unsupported PVP21 message");  				throw new MOAIDException("Unsupported PVP21 message", new Object[] {});  			} -		} catch (PVP2Exception e) { -			String samlRequest = request.getParameter("SAMLRequest");			 -			Logger.warn("Receive INVALID protocol request: " + samlRequest, e); -			throw e; -		 -		} catch (SecurityPolicyException e) { -			String samlRequest = request.getParameter("SAMLRequest");			 -			Logger.warn("Receive INVALID protocol request: " + samlRequest, e); -			throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}); +			revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(),  +					pendingReq, MOAIDEventConstants.AUTHPROTOCOL_TYPE, PATH); -		} catch (SecurityException e) { -			String samlRequest = request.getParameter("SAMLRequest");			 -			Logger.warn("Receive INVALID protocol request: " + samlRequest, e); -			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}); +			//switch to session authentication +			performAuthentication(request, response, pendingReq); +						 +//			else if (msg instanceof MOAResponse && +//					((MOAResponse)msg).getResponse() instanceof Response) { +//				//load service provider AuthRequest from session +//											 +//				IRequest obj = RequestStorage.getPendingRequest(msg.getRelayState()); +//				if (obj instanceof RequestImpl) { +//					RequestImpl iReqSP = (RequestImpl) obj; +// +//					MOAReversionLogger.getInstance().logEvent(iReqSP, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_AUTHRESPONSE); +//					 +//					MOAResponse processedMsg = preProcessAuthResponse((MOAResponse) msg); +//					 +//					if ( processedMsg != null ) { +//						iReqSP.setInterfederationResponse(processedMsg); +// +//						MOAReversionLogger.getInstance().logEvent(iReqSP, MOAIDEventConstants.AUTHPROCESS_INTERFEDERATION_REVEIVED); +//						 +//						Logger.info("Receive a valid assertion from IDP " + msg.getEntityID()  +//								+ ". Switch to original transaction with ID " + iReqSP.getRequestID()); +//						TransactionIDUtils.setTransactionId(iReqSP.getRequestID()); +//						TransactionIDUtils.setSessionId(iReqSP.getSessionIdentifier()); +//												 +//					} else { +//						Logger.info("Interfederated IDP " + msg.getEntityID() + " has NO valid SSO session."  +//								+". Switch back local authentication process ...");			 +//						 +//						SSOManager ssomanager = SSOManager.getInstance();						 +//						ssomanager.removeInterfederatedSSOIDP(msg.getEntityID(), request); +//						 +//						iReqSP.setRequestedIDP(null);	 +//						 +//					} +//									 +//					return iReqSP; +//					 +//				} +// +//				Logger.error("Stored PVP21 authrequest from service provider has an unsuppored type."); +//				return null; +							 +//			} -		} catch (InvalidProtocolRequestException e) { -			String samlRequest = request.getParameter("SAMLRequest");			 -			Logger.warn("Receive INVALID protocol request: " + samlRequest, e); -			throw e; -		} catch (Throwable e) {			 -			String samlRequest = request.getParameter("SAMLRequest");			 -			Logger.warn("Receive INVALID protocol request: " + samlRequest, e); -						 -			throw new MOAIDException(e.getMessage(), new Object[] {}); -		} + +			  	}  	public boolean generateErrorMessage(Throwable e, @@ -423,26 +450,6 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo  {  		return true;  	} -	public IAction getAction(String action) { -		return actions.get(action); -	} - -	public IAction canHandleRequest(HttpServletRequest request, -			HttpServletResponse response) { -		if(request.getParameter("SAMLRequest") != null && request.getMethod().equals("GET")) { -			return getAction(REDIRECT); -			 -		} else if(request.getParameter("SAMLRequest") != null && request.getMethod().equals("POST")) { -			return getAction(POST); -			 -		}  -		 -		if(METADATA.equals(request.getParameter("action"))) { -			return getAction(METADATA); -		} -		return null; -	} -  	public boolean validate(HttpServletRequest request,  			HttpServletResponse response, IRequest pending) { @@ -458,12 +465,10 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo  {  	 * @return  	 * @throws MOAIDException   	 */ -	private IRequest preProcessLogOut(HttpServletRequest request, -			HttpServletResponse response, InboundMessage inMsg, -			String sessionId, String transactionId) throws MOAIDException { +	private void preProcessLogOut(HttpServletRequest request, +			HttpServletResponse response, PVPTargetConfiguration pendingReq) throws MOAIDException { -		PVPTargetConfiguration config = new PVPTargetConfiguration(request); -		 +		InboundMessage inMsg = pendingReq.getRequest();		  		MOARequest msg;  		if (inMsg instanceof MOARequest &&   				((MOARequest)inMsg).getSamlRequest() instanceof LogoutRequest) { @@ -482,11 +487,11 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo  {  			Logger.info("Dispatch PVP2 SingleLogOut: OAURL=" + oaURL + " Binding=" + msg.getRequestBinding()); -			config.setOAURL(oaURL); -			config.setOnlineApplicationConfiguration(oa); -			config.setBinding(msg.getRequestBinding()); +			pendingReq.setOAURL(oaURL); +			pendingReq.setOnlineApplicationConfiguration(oa); +			pendingReq.setBinding(msg.getRequestBinding()); -			MOAReversionLogger.getInstance().logEvent(sessionId, transactionId, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_SLO); +			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_SLO); @@ -524,23 +529,26 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo  {  			throw new MOAIDException("Unsupported request", new Object[] {}); -		config.setRequest(inMsg); -		config.setAction(SINGLELOGOUT); -		return config; +		pendingReq.setRequest(inMsg); +		pendingReq.setAction(SINGLELOGOUT); +		 +		//Single LogOut Request needs no authentication  +		pendingReq.setNeedAuthentication(false); +		 +		//set protocol action, which should be executed +		pendingReq.setAction(SingleLogOutAction.class.getName());  	}  	/**  	 * PreProcess AttributeQuery request   	 * @param request  	 * @param response -	 * @param moaRequest -	 * @return +	 * @param pendingReq  	 * @throws Throwable  	 */ -	private IRequest preProcessAttributQueryRequest(HttpServletRequest request, -			HttpServletResponse response, MOARequest moaRequest, -			String sessionId, String transactionId) throws Throwable { -		 +	private void preProcessAttributQueryRequest(HttpServletRequest request, +			HttpServletResponse response, PVPTargetConfiguration pendingReq) throws Throwable { +		MOARequest moaRequest = ((MOARequest)pendingReq.getRequest());  		AttributeQuery attrQuery = (AttributeQuery) moaRequest.getSamlRequest();  		moaRequest.setEntityID(attrQuery.getIssuer().getValue()); @@ -571,29 +579,34 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo  {  		} -		PVPTargetConfiguration config = new PVPTargetConfiguration(request); -		config.setRequest(moaRequest); -		config.setOAURL(moaRequest.getEntityID()); -		config.setOnlineApplicationConfiguration(oa); -		config.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI); +		pendingReq.setRequest(moaRequest); +		pendingReq.setOAURL(moaRequest.getEntityID()); +		pendingReq.setOnlineApplicationConfiguration(oa); +		pendingReq.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI); +		 +		//Attribute-Query Request needs authentication  +		pendingReq.setNeedAuthentication(true); +		 +		//set protocol action, which should be executed after authentication +		pendingReq.setAction(AttributQueryAction.class.getName()); +		 +		//write revisionslog entry +		revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_ATTRIBUTQUERY); -		MOAReversionLogger.getInstance().logEvent(sessionId, transactionId, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_ATTRIBUTQUERY); -		return config;  	}  	/**  	 * PreProcess Authn request  	 * @param request  	 * @param response -	 * @param moaRequest -	 * @return +	 * @param pendingReq  	 * @throws Throwable  	 */ -	private IRequest preProcessAuthRequest(HttpServletRequest request, -			HttpServletResponse response, MOARequest moaRequest, -			String sessionId, String transactionId) throws Throwable { -		 +	private void preProcessAuthRequest(HttpServletRequest request, +			HttpServletResponse response, PVPTargetConfiguration pendingReq) throws Throwable { + +		MOARequest moaRequest = ((MOARequest)pendingReq.getRequest());		  		SignableXMLObject samlReq =  moaRequest.getSamlRequest();  		if(!(samlReq instanceof AuthnRequest)) { @@ -620,7 +633,6 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo  {  		} -		  		//parse AssertionConsumerService  		AssertionConsumerService consumerService = null;  		if (MiscUtil.isNotEmpty(authnRequest.getAssertionConsumerServiceURL()) &&  @@ -699,21 +711,25 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo  {  		Logger.info("Dispatch PVP2 AuthnRequest: OAURL=" + oaURL + " Binding=" + consumerService.getBinding());		 -		PVPTargetConfiguration config = new PVPTargetConfiguration(request);		 -		config.setOAURL(oaURL); -		config.setOnlineApplicationConfiguration(oa); -		config.setBinding(consumerService.getBinding()); -		config.setRequest(moaRequest); -		config.setConsumerURL(consumerService.getLocation()); +		pendingReq.setOAURL(oaURL); +		pendingReq.setOnlineApplicationConfiguration(oa); +		pendingReq.setBinding(consumerService.getBinding()); +		pendingReq.setRequest(moaRequest); +		pendingReq.setConsumerURL(consumerService.getLocation());  		//parse AuthRequest -		config.setPassiv(authReq.isPassive()); -		config.setForce(authReq.isForceAuthn()); +		pendingReq.setPassiv(authReq.isPassive()); +		pendingReq.setForce(authReq.isForceAuthn()); +		//AuthnRequest needs authentication +		pendingReq.setNeedAuthentication(true); -		MOAReversionLogger.getInstance().logEvent(sessionId, transactionId, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_AUTHREQUEST); +		//set protocol action, which should be executed after authentication +		pendingReq.setAction(AuthenticationAction.class.getName()); +		 +		//write revisionslog entry +		revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_AUTHREQUEST); -		return config;  	}  	/** @@ -753,5 +769,5 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo  {  		}  		return null; -	} +	}	  } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java index 5062646b6..0dd309154 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java @@ -25,27 +25,20 @@ package at.gv.egovernment.moa.id.protocols.pvp2x;  import org.opensaml.common.SAMLObject;  import org.opensaml.common.binding.artifact.SAMLArtifactMap;  import org.opensaml.xml.io.MarshallingException; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service;  import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;  import at.gv.egovernment.moa.id.protocols.pvp2x.utils.StoredAssertion; -import at.gv.egovernment.moa.id.storage.AssertionStorage; +import at.gv.egovernment.moa.id.storage.ITransactionStorage; +@Service("PVPAssertionStorage")  public class PVPAssertionStorage implements SAMLArtifactMap { - -	private static PVPAssertionStorage instance = null; -	 -	public static PVPAssertionStorage getInstance() { -		if(instance == null) { -			instance = new PVPAssertionStorage(); -		} -		return instance; -	} -	 -	//private Map<String, SAMLArtifactMapEntry> assertions = new HashMap<String, SAMLArtifactMapEntry>(); -	private AssertionStorage assertions = AssertionStorage.getInstance(); +	@Autowired private ITransactionStorage transactionStorage; +		  	public boolean contains(String artifact) { -		return assertions.containsKey(artifact); +		return transactionStorage.containsKey(artifact);  	}  	public void put(String artifact, String relyingPartyId, String issuerId, @@ -56,7 +49,7 @@ public class PVPAssertionStorage implements SAMLArtifactMap {  				samlMessage);  		try { -			assertions.put(artifact, assertion); +			transactionStorage.put(artifact, assertion);  		} catch (MOADatabaseException e) {  			// TODO Insert Error Handling, if Assertion could not be stored @@ -66,7 +59,7 @@ public class PVPAssertionStorage implements SAMLArtifactMap {  	public SAMLArtifactMapEntry get(String artifact) {  		try { -			return assertions.get(artifact, SAMLArtifactMapEntry.class); +			return transactionStorage.get(artifact, SAMLArtifactMapEntry.class);  		} catch (MOADatabaseException e) {  			// TODO Insert Error Handling, if Assertion could not be read @@ -76,7 +69,7 @@ public class PVPAssertionStorage implements SAMLArtifactMap {  	}  	public void remove(String artifact) { -		assertions.remove(artifact); +		transactionStorage.remove(artifact);  	}  } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java index 0b402a0fd..07367e1d0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java @@ -43,7 +43,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder;  import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;  import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;  import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;  import at.gv.egovernment.moa.logging.Logger;  public class PVPTargetConfiguration extends RequestImpl { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java index 582f5939d..8928aaeca 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java @@ -37,6 +37,8 @@ import org.hibernate.Transaction;  import org.opensaml.saml2.core.LogoutRequest;  import org.opensaml.saml2.core.LogoutResponse;  import org.opensaml.saml2.metadata.SingleLogoutService; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service;  import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;  import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; @@ -57,8 +59,8 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder;  import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SLOException;  import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;  import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; -import at.gv.egovernment.moa.id.storage.AssertionStorage; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.storage.ITransactionStorage;  import at.gv.egovernment.moa.id.util.Random;  import at.gv.egovernment.moa.logging.Logger;  import at.gv.egovernment.moa.util.MiscUtil; @@ -68,8 +70,14 @@ import at.gv.egovernment.moa.util.URLEncoder;   * @author tlenz   *   */ +@Service("pvpSingleLogOutService")  public class SingleLogOutAction implements IAction { +	@Autowired private SSOManager ssomanager; +	@Autowired private AuthenticationManager authManager; +	@Autowired private IAuthenticationSessionStoreage authenticationSessionStorage; +	@Autowired private ITransactionStorage transactionStorage; +	  	/* (non-Javadoc)  	 * @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.data.IAuthData)  	 */ @@ -87,7 +95,7 @@ public class SingleLogOutAction implements IAction {  			LogoutRequest logOutReq = (LogoutRequest) samlReq.getSamlRequest();  			AuthenticationSession session =  -					AuthenticationSessionStoreage.searchMOASessionWithNameIDandOAID( +					authenticationSessionStorage.searchMOASessionWithNameIDandOAID(  							logOutReq.getIssuer().getValue(),   							logOutReq.getNameID().getValue()); @@ -96,7 +104,6 @@ public class SingleLogOutAction implements IAction {  							+ logOutReq.getNameID().getValue() + " and OA "   							+ logOutReq.getIssuer().getValue());  					Logger.info("Search active SSO session with SSO session cookie"); -					SSOManager ssomanager =  SSOManager.getInstance();  					String ssoID = ssomanager.getSSOSessionID(httpReq);  					if (MiscUtil.isEmpty(ssoID)) {  						Logger.info("Can not find active Session. Single LogOut not possible!"); @@ -110,7 +117,7 @@ public class SingleLogOutAction implements IAction {  					} else {  						String moasession = ssomanager.getMOASession(ssoID);						  						try { -							session = AuthenticationSessionStoreage.getSession(moasession); +							session = authenticationSessionStorage.getSession(moasession);  						} catch (MOADatabaseException e) {  							Logger.info("Can not find active Session. Single LogOut not possible!"); @@ -124,8 +131,7 @@ public class SingleLogOutAction implements IAction {  						}						  					}					  				} - -				AuthenticationManager authManager = AuthenticationManager.getInstance(); +				  				authManager.performSingleLogOut(httpReq, httpResp, session, pvpReq);  			} else if (pvpReq.getRequest() instanceof MOAResponse && @@ -235,7 +241,7 @@ public class SingleLogOutAction implements IAction {  							        else  							        	statusCode  = MOAIDAuthConstants.SLOSTATUS_ERROR; -									AssertionStorage.getInstance().put(artifact, statusCode); +									transactionStorage.put(artifact, statusCode);  							        redirectURL = addURLParameter(redirectURL, MOAIDAuthConstants.PARAM_SLOSTATUS, artifact);  								}								 diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java deleted file mode 100644 index 4d353ffcd..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java +++ /dev/null @@ -1,121 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x.binding; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.velocity.app.VelocityEngine; -import org.apache.velocity.runtime.RuntimeConstants; -import org.opensaml.common.SAMLObject; -import org.opensaml.common.binding.BasicSAMLMessageContext; -import org.opensaml.common.xml.SAMLConstants; -import org.opensaml.saml2.binding.encoding.HTTPArtifactEncoder; -import org.opensaml.saml2.core.RequestAbstractType; -import org.opensaml.saml2.core.StatusResponseType; -import org.opensaml.saml2.metadata.SingleSignOnService; -import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder; -import org.opensaml.ws.message.decoder.MessageDecodingException; -import org.opensaml.ws.message.encoder.MessageEncodingException; -import org.opensaml.ws.transport.http.HttpServletResponseAdapter; -import org.opensaml.xml.security.SecurityException; -import org.opensaml.xml.security.credential.Credential; -import org.opensaml.xml.signature.Signature; - -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPAssertionStorage; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; - -public class ArtifactBinding implements IDecoder, IEncoder { - -	public void encodeRequest(HttpServletRequest req, HttpServletResponse resp, -			RequestAbstractType request, String targetLocation, String relayState) -			throws MessageEncodingException, SecurityException { - -	} - -	public void encodeRespone(HttpServletRequest req, HttpServletResponse resp, -			StatusResponseType response, String targetLocation, String relayState) -			throws MessageEncodingException, SecurityException { -		try { -			Credential credentials = CredentialProvider -					.getIDPAssertionSigningCredential(); - -			Signature signer = CredentialProvider.getIDPSignature(credentials); -			response.setSignature(signer); -			 -			VelocityEngine engine = new VelocityEngine(); -			engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); -			engine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8"); -			engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); -			engine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath"); -			engine.setProperty("classpath.resource.loader.class", -					"org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader"); -			engine.init(); - -			HTTPArtifactEncoder encoder = new HTTPArtifactEncoder(engine, -					"resources/templates/pvp_postbinding_template.html", -					PVPAssertionStorage.getInstance()); - -			encoder.setPostEncoding(false); -			HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( -					resp, true); -			BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); -			SingleSignOnService service = new SingleSignOnServiceBuilder() -					.buildObject(); -			service.setBinding(SAMLConstants.SAML2_ARTIFACT_BINDING_URI); -			service.setLocation(targetLocation); -			context.setOutboundSAMLMessageSigningCredential(credentials); -			context.setPeerEntityEndpoint(service); -			context.setOutboundSAMLMessage(response); -			context.setOutboundMessageTransport(responseAdapter); - -			encoder.encode(context); -		} catch (CredentialsNotAvailableException e) { -			e.printStackTrace(); -			throw new SecurityException(e); -			 -		} catch (Exception e) { -			throw new SecurityException(e); -		} -	} - -	public InboundMessageInterface decode(HttpServletRequest req, -			HttpServletResponse resp, boolean isSPEndPoint) throws MessageDecodingException, -			SecurityException { - -		return null; -	} - - -	public boolean handleDecode(String action, HttpServletRequest req) { - -		return false; -	} -	 -	public String getSAML2BindingName() { -		return SAMLConstants.SAML2_ARTIFACT_BINDING_URI; -	} - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java index b8f7e6d80..9e176f724 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java @@ -28,7 +28,6 @@ import javax.servlet.http.HttpServletResponse;  import org.apache.velocity.app.VelocityEngine;  import org.opensaml.common.SAMLObject;  import org.opensaml.common.binding.BasicSAMLMessageContext; -import org.opensaml.common.binding.SAMLMessageContext;  import org.opensaml.common.xml.SAMLConstants;  import org.opensaml.saml2.binding.decoding.HTTPPostDecoder;  import org.opensaml.saml2.binding.encoding.HTTPPostEncoder; @@ -48,6 +47,7 @@ import org.opensaml.ws.transport.http.HttpServletResponseAdapter;  import org.opensaml.xml.parse.BasicParserPool;  import org.opensaml.xml.security.SecurityException;  import org.opensaml.xml.security.x509.X509Credential; +import org.springframework.stereotype.Service;  import at.gv.egovernment.moa.id.config.ConfigurationException;  import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; @@ -67,6 +67,7 @@ import at.gv.egovernment.moa.id.util.VelocityProvider;  import at.gv.egovernment.moa.logging.Logger;  import at.gv.egovernment.moa.util.MiscUtil; +@Service("PVPPostBindingCoder")  public class PostBinding implements IDecoder, IEncoder {  	public void encodeRequest(HttpServletRequest req, HttpServletResponse resp, diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java deleted file mode 100644 index 7f6054f2d..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java +++ /dev/null @@ -1,82 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.joda.time.DateTime; -import org.opensaml.common.binding.artifact.SAMLArtifactMap.SAMLArtifactMapEntry; -import org.opensaml.saml2.core.ArtifactResolve; -import org.opensaml.saml2.core.ArtifactResponse; - -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.SLOInformationInterface; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPAssertionStorage; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.RequestDeniedException; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; -import at.gv.egovernment.moa.logging.Logger; - -public class ArtifactResolution implements IRequestHandler { - -	public boolean handleObject(InboundMessage obj) { -		return (obj instanceof MOARequest &&  -				((MOARequest)obj).getSamlRequest() instanceof ArtifactResolve); -	} - -	public SLOInformationInterface process(PVPTargetConfiguration obj, HttpServletRequest req, -			HttpServletResponse resp, IAuthData authData) throws MOAIDException { -		if (!handleObject(obj.getRequest())) { -			throw new MOAIDException("pvp2.13", null); -		} -		 -		ArtifactResolve artifactResolve = (ArtifactResolve) ((MOARequest)obj.getRequest()).getSamlRequest(); -		String artifactID = artifactResolve.getArtifact().getArtifact(); - -		PVPAssertionStorage pvpAssertion = PVPAssertionStorage.getInstance(); - -		if (!pvpAssertion.contains(artifactID)) { -			throw new RequestDeniedException(); -		} else { -			try { -				SAMLArtifactMapEntry assertion = pvpAssertion.get(artifactID); -				ArtifactResponse response = SAML2Utils -						.createSAMLObject(ArtifactResponse.class); -				response.setMessage(assertion.getSamlMessage()); -				response.setIssueInstant(new DateTime()); -				SoapBinding encoder = new SoapBinding(); -				encoder.encodeRespone(req, resp, response, null, null); -			} catch (Exception e) { -				Logger.error("Failed to resolve artifact", e); -			} -		} -		 -		return null; -	} - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java index 059e68865..974d90e11 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java @@ -41,15 +41,14 @@ import at.gv.egovernment.moa.id.data.SLOInformationImpl;  import at.gv.egovernment.moa.id.data.SLOInformationInterface;  import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;  import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.ArtifactBinding;  import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;  import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;  import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;  import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AuthResponseBuilder;  import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder;  import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;  import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;  import at.gv.egovernment.moa.logging.Logger; @@ -92,12 +91,7 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {  		if (consumerService.getBinding().equals(  				SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {  			binding = new RedirectBinding(); -			 -		} else if (consumerService.getBinding().equals( -				SAMLConstants.SAML2_ARTIFACT_BINDING_URI)) { -			// TODO: not supported YET!! -			binding = new ArtifactBinding(); -			 +						  		} else if (consumerService.getBinding().equals(  				SAMLConstants.SAML2_POST_BINDING_URI)) {  			binding = new PostBinding(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java index b58b09f12..f26b2a735 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java @@ -30,12 +30,9 @@ import javax.servlet.http.HttpServletRequest;  import javax.servlet.http.HttpServletResponse;  import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.data.AuthenticationData;  import at.gv.egovernment.moa.id.data.IAuthData;  import at.gv.egovernment.moa.id.data.SLOInformationInterface;  import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;  import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSupported;  public class RequestManager { @@ -54,7 +51,7 @@ public class RequestManager {  	private RequestManager() {  		handler = new ArrayList<IRequestHandler>();  		handler.add(new AuthnRequestHandler()); -		handler.add(new ArtifactResolution()); +		  	}  	public SLOInformationInterface handle(PVPTargetConfiguration pvpRequest, HttpServletRequest req, HttpServletResponse resp, IAuthData authData)  diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java index 9dee39fe8..743caec55 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java @@ -32,6 +32,7 @@ import org.hibernate.HibernateException;  import org.hibernate.Query;  import org.hibernate.Session;  import org.hibernate.Transaction; +import org.springframework.stereotype.Service;  import com.fasterxml.jackson.core.JsonProcessingException; @@ -52,21 +53,22 @@ import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;  import at.gv.egovernment.moa.id.data.EncryptedData;  import at.gv.egovernment.moa.id.data.SLOInformationInterface;  import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.process.dao.ProcessInstanceStoreDAOImpl; +import at.gv.egovernment.moa.id.moduls.RequestImpl;  import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;  import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;  import at.gv.egovernment.moa.id.util.Random;  import at.gv.egovernment.moa.id.util.SessionEncrytionUtil;  import at.gv.egovernment.moa.logging.Logger;  import at.gv.egovernment.moa.util.MiscUtil; -public class AuthenticationSessionStoreage { - -	//private static HashMap<String, AuthenticationSession> sessionStore = new HashMap<String, AuthenticationSession>(); +@Service("AuthenticationSessionStoreage") +public class DBAuthenticationSessionStoreage implements IAuthenticationSessionStoreage{  	private static JsonMapper mapper = new JsonMapper(); -	public static boolean isAuthenticated(String moaSessionID) { +	@Override +	public boolean isAuthenticated(String moaSessionID) {  		AuthenticatedSessionStore session; @@ -79,7 +81,8 @@ public class AuthenticationSessionStoreage {  		}  	} -	public static AuthenticationSession createSession(IRequest target) throws MOADatabaseException, BuildException { +	@Override +	public AuthenticationSession createSession(IRequest target) throws MOADatabaseException, BuildException {  		String id = Random.nextRandom();  		try {  			AuthenticatedSessionStore dbsession = new AuthenticatedSessionStore(); @@ -95,7 +98,7 @@ public class AuthenticationSessionStoreage {  			//set additional session informations  			AuthenticationSessionExtensions sessionExt = new AuthenticationSessionExtensions(); -			sessionExt.setUniqueSessionId(target.getSessionIdentifier()); +			sessionExt.setUniqueSessionId(target.getUniqueSessionIdentifier());  			dbsession.setAdditionalInformation(mapper.serialize(sessionExt));  			AuthenticationSession session = new AuthenticationSession(id, now); @@ -119,7 +122,11 @@ public class AuthenticationSessionStoreage {  	} -	public static AuthenticationSession getSession(String sessionID) throws MOADatabaseException { +	@Override +	public AuthenticationSession getSession(String sessionID) throws MOADatabaseException { +		 +		if (MiscUtil.isEmpty(sessionID)) +			return null;  		try {  			AuthenticatedSessionStore dbsession = searchInDatabase(sessionID, true); @@ -127,7 +134,7 @@ public class AuthenticationSessionStoreage {  		} catch (MOADatabaseException e) {  			Logger.info("No MOA Session with id: " + sessionID); -			throw new MOADatabaseException("No MOA Session with id: " + sessionID); +			return null;  		} catch (Throwable e) {  			Logger.warn("MOASession deserialization-exception by using MOASessionID=" + sessionID, e); @@ -135,7 +142,8 @@ public class AuthenticationSessionStoreage {  		}  	} -	public static AuthenticationSessionExtensions getAuthenticationSessionExtensions(String sessionID) throws MOADatabaseException { +	@Override +	public AuthenticationSessionExtensions getAuthenticationSessionExtensions(String sessionID) throws MOADatabaseException {  		AuthenticatedSessionStore dbsession = searchInDatabase(sessionID, true);  		if (MiscUtil.isNotEmpty(dbsession.getAdditionalInformation())) { @@ -151,7 +159,8 @@ public class AuthenticationSessionStoreage {  	} -	public static void setAuthenticationSessionExtensions(String sessionID, AuthenticationSessionExtensions sessionExtensions) throws MOADatabaseException { +	@Override +	public void setAuthenticationSessionExtensions(String sessionID, AuthenticationSessionExtensions sessionExtensions) throws MOADatabaseException {  		try {  			AuthenticatedSessionStore dbsession = searchInDatabase(sessionID, true); @@ -174,18 +183,11 @@ public class AuthenticationSessionStoreage {  	} -	public static void storeSession(AuthenticationSession session) throws MOADatabaseException, BuildException { -		storeSession(session, null); -	} -	 -	public static void storeSession(AuthenticationSession session, String pendingRequestID) throws MOADatabaseException, BuildException { -		 +	@Override +	public void storeSession(AuthenticationSession session) throws MOADatabaseException, BuildException {  		try {  			AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID(), true); -			 -			if (MiscUtil.isNotEmpty(pendingRequestID)) -				dbsession.setPendingRequestID(pendingRequestID); -						 +									  			encryptSession(session, dbsession);  			//set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 @@ -198,10 +200,11 @@ public class AuthenticationSessionStoreage {  		} catch (MOADatabaseException e) {  			Logger.warn("MOASession could not be stored.");  			throw new MOADatabaseException(e); -		} 	 +		}   	} -	public static void destroySession(String moaSessionID) throws MOADatabaseException { +	@Override +	public void destroySession(String moaSessionID) throws MOADatabaseException {  		Session session = MOASessionDBUtils.getCurrentSession(); @@ -238,52 +241,47 @@ public class AuthenticationSessionStoreage {  	} -	public static String changeSessionID(AuthenticationSession session, String newSessionID) throws BuildException, AuthenticationException { -		try {			 -			AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID(), true); -			 -			 -			 -			Logger.debug("Change SessionID from " + session.getSessionID()  -					+ "to " + newSessionID); +	@Override +	public String changeSessionID(AuthenticationSession session, String newSessionID) throws BuildException, MOADatabaseException  { -			session.setSessionID(newSessionID); -			encryptSession(session, dbsession); -			 -			dbsession.setSessionid(newSessionID); -			dbsession.setAuthenticated(session.isAuthenticated()); -						 -			//set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 -			dbsession.setUpdated(new Date()); -			 -			MOASessionDBUtils.saveOrUpdate(dbsession); -			 -			Logger.trace("Change SessionID complete."); -			 -			return newSessionID; -				 -		} catch (MOADatabaseException e) { -			throw new AuthenticationException("TODO!", null); -		} +		AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID(), true); +					 +		Logger.debug("Change SessionID from " + session.getSessionID()  +				+ "to " + newSessionID); +		 +		session.setSessionID(newSessionID); +		encryptSession(session, dbsession); +		 +		dbsession.setSessionid(newSessionID); +		dbsession.setAuthenticated(session.isAuthenticated()); +					 +		//set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 +		dbsession.setUpdated(new Date()); +		MOASessionDBUtils.saveOrUpdate(dbsession); +		Logger.trace("Change SessionID complete."); +		return newSessionID; +				  	} -	public static String changeSessionID(AuthenticationSession session) -			throws AuthenticationException, BuildException {				 +	@Override +	public String changeSessionID(AuthenticationSession session) +			throws BuildException, MOADatabaseException {				  		String id = Random.nextRandom();  		return changeSessionID(session, id);  	} -		 -	public static void setAuthenticated(String moaSessionID, boolean value) { + +	@Override +	public void setAuthenticated(String moaSessionID, boolean isAuthenticated) {  		AuthenticatedSessionStore session;  		try {  			session = searchInDatabase(moaSessionID, true); -			session.setAuthenticated(value); +			session.setAuthenticated(isAuthenticated);  			MOASessionDBUtils.saveOrUpdate(session); @@ -292,7 +290,8 @@ public class AuthenticationSessionStoreage {  		}  	} -	public static String getMOASessionSSOID(String SSOSessionID) { +	@Override +	public String getMOASessionSSOID(String SSOSessionID) {  		  MiscUtil.assertNotNull(SSOSessionID, "SSOsessionID");	    		  Logger.trace("Get authenticated session with SSOID " + SSOSessionID + " from database.");  		  Session session = MOASessionDBUtils.getCurrentSession(); @@ -330,7 +329,8 @@ public class AuthenticationSessionStoreage {  		  }  	} -	public static boolean isSSOSession(String sessionID) throws MOADatabaseException { +	@Override +	public boolean isSSOSession(String sessionID) throws MOADatabaseException {  		try {  			AuthenticatedSessionStore dbsession = searchInDatabase(sessionID, true);  			return dbsession.isSSOSession(); @@ -341,7 +341,10 @@ public class AuthenticationSessionStoreage {  		}				  	} -	public static AuthenticatedSessionStore isValidSessionWithSSOID(String SSOId, String moaSessionId) {		 +	@Override +	public AuthenticatedSessionStore isValidSessionWithSSOID(String SSOId) { +		 +		//TODO: is this method really needed??  		  MiscUtil.assertNotNull(SSOId, "SSOSessionID");	    		  Logger.trace("Get authenticated session with SSOID " + SSOId + " from database.");  		  Session session = MOASessionDBUtils.getCurrentSession(); @@ -376,7 +379,8 @@ public class AuthenticationSessionStoreage {  		  }  	} -	public static void addSSOInformation(String moaSessionID, String SSOSessionID,  +	@Override +	public void addSSOInformation(String moaSessionID, String SSOSessionID,   			SLOInformationInterface SLOInfo, IRequest protocolRequest) throws AuthenticationException {  		AuthenticatedSessionStore dbsession; @@ -482,7 +486,8 @@ public class AuthenticationSessionStoreage {  	  	}  	} -	public static List<OASessionStore> getAllActiveOAFromMOASession(AuthenticationSession moaSession) { +	@Override +	public List<OASessionStore> getAllActiveOAFromMOASession(AuthenticationSession moaSession) {  		MiscUtil.assertNotNull(moaSession, "MOASession");  		Session session = null; @@ -513,7 +518,8 @@ public class AuthenticationSessionStoreage {  		return null;  	} -	public static List<InterfederationSessionStore> getAllActiveIDPsFromMOASession(AuthenticationSession moaSession) { +	@Override +	public List<InterfederationSessionStore> getAllActiveIDPsFromMOASession(AuthenticationSession moaSession) {  		MiscUtil.assertNotNull(moaSession, "MOASession");  		Session session = null;  		try { @@ -542,7 +548,8 @@ public class AuthenticationSessionStoreage {  		return null;  	} -	public static AuthenticationSession searchMOASessionWithNameIDandOAID(String oaID, String userNameID) {	   +	@Override +	public AuthenticationSession searchMOASessionWithNameIDandOAID(String oaID, String userNameID) {	    		  MiscUtil.assertNotNull(oaID, "OnlineApplicationIdentifier");  		  MiscUtil.assertNotNull(userNameID, "userNameID");  		  Logger.trace("Get moaSession for userNameID " + userNameID + " and OA "  @@ -586,7 +593,8 @@ public class AuthenticationSessionStoreage {  	} -	public static OASessionStore searchActiveOASSOSession(AuthenticationSession moaSession, String oaID, String protocolType) { +	@Override +	public OASessionStore searchActiveOASSOSession(AuthenticationSession moaSession, String oaID, String protocolType) {  		  MiscUtil.assertNotNull(moaSession, "MOASession");	    		  MiscUtil.assertNotNull(oaID, "OnlineApplicationIdentifier");  		  MiscUtil.assertNotNull(protocolType, "usedProtocol"); @@ -627,95 +635,8 @@ public class AuthenticationSessionStoreage {  			}  	} -	public static String getPendingRequestID(String sessionID) { -		try { -			AuthenticatedSessionStore dbsession = searchInDatabase(sessionID, true); -			return dbsession.getPendingRequestID(); -			 -		} catch (MOADatabaseException e) { -			Logger.warn("MOASession with ID " + sessionID + " not found"); -			return ""; -		} -	} -	 -	public static AuthenticationSession getSessionWithPendingRequestID(String pedingRequestID) { -		Transaction tx = null; -		try { -			  MiscUtil.assertNotNull(pedingRequestID, "pedingRequestID");	   -			  Logger.trace("Get authenticated session with pedingRequestID " + pedingRequestID + " from database."); -			  Session session = MOASessionDBUtils.getCurrentSession(); -			   -			  List<AuthenticatedSessionStore> result; -			   -			  synchronized (session) { -				  tx  = session.beginTransaction(); -				  Query query = session.getNamedQuery("getSessionWithPendingRequestID"); -				  query.setParameter("sessionid", pedingRequestID); -				  result = query.list(); -				   -				  //send transaction -				  tx.commit(); -			  } -			   -			  Logger.trace("Found entries: " + result.size()); -			   -			  //Assertion requires an unique artifact -			  if (result.size() != 1) { -				 Logger.trace("No entries found."); -			   	return null; -			  } -			 -			  return decryptSession(result.get(0)); -			  								 -		} catch (Throwable e) { -			Logger.warn("MOASession deserialization-exception by using MOASessionID=" + pedingRequestID); -			 -			if (tx != null && !tx.wasCommitted()) -				tx.rollback(); -			 -			return null; -			 -		}  -	} -	 -	public static boolean deleteSessionWithPendingRequestID(String id) { -		  MiscUtil.assertNotNull(id, "PendingRequestID");	   -		  Logger.trace("Delete MOAsession with PendingRequestID " + id + " from database."); -		  Session session = MOASessionDBUtils.getCurrentSession(); -		   -		  List<AuthenticatedSessionStore> result; -		  Transaction tx = null; -		  try { -			  synchronized (session) { -				  tx = session.beginTransaction(); -				  Query query = session.getNamedQuery("getSessionWithPendingRequestID"); -				  query.setParameter("sessionid", id); -				  result = query.list(); -				   -				  //send transaction -				  tx.commit(); -			  			   -				  Logger.trace("Found entries: " + result.size()); -				   -				  //Assertion requires an unique artifact -				  if (result.size() != 1) { -					 Logger.trace("No entries found."); -					 return false; -							  -				  } else { -					  cleanDelete(result.get(0)); -					  return true; -				  } -			  } -			   -		  } catch (Exception e) { -				if (tx != null && !tx.wasCommitted()) -					tx.rollback(); -				throw e; -		  }		 -	} -			 -	public static AuthenticationSession getSessionWithUserNameID(String nameID) { +	@Override +	public AuthenticationSession getSessionWithUserNameID(String nameID) {  		Transaction tx = null;  		try { @@ -753,8 +674,9 @@ public class AuthenticationSessionStoreage {  		}  	} -				 -	public static InterfederationSessionStore searchInterfederatedIDPFORSSOWithMOASession(String sessionID) { + +	@Override +	public InterfederationSessionStore searchInterfederatedIDPFORSSOWithMOASession(String sessionID) {  		  MiscUtil.assertNotNull(sessionID, "MOASession");	    		  Logger.trace("Get interfederated IDP for SSO with sessionID " + sessionID + " from database.");  		  Session session = MOASessionDBUtils.getCurrentSession(); @@ -789,7 +711,8 @@ public class AuthenticationSessionStoreage {  		}	  	} -	public static InterfederationSessionStore searchInterfederatedIDPFORSSOWithMOASessionIDPID(String sessionID, String idpID) { +	@Override +	public InterfederationSessionStore searchInterfederatedIDPFORSSOWithMOASessionIDPID(String sessionID, String idpID) {  		  MiscUtil.assertNotNull(sessionID, "MOASession");	    		  MiscUtil.assertNotNull(idpID, "Interfederated IDP ID");  		  Logger.trace("Get interfederated IDP "+ idpID + " for SSO with sessionID " + sessionID + " from database."); @@ -826,7 +749,7 @@ public class AuthenticationSessionStoreage {  		  }	  	} -	public static String createInterfederatedSession(IRequest req, boolean isAuthenticated, String ssoID) throws MOADatabaseException, AssertionAttributeExtractorExeption, BuildException {		 +	public String createInterfederatedSession(IRequest req, boolean isAuthenticated, String ssoID) throws MOADatabaseException, AssertionAttributeExtractorExeption, BuildException {		  		AuthenticatedSessionStore dbsession = null;  		//search for active SSO session @@ -863,12 +786,15 @@ public class AuthenticationSessionStoreage {  		dbsession.setInterfederatedSSOSession(true);  		dbsession.setAuthenticated(isAuthenticated);  		dbsession.setUpdated(now);		 -		session.setAuthenticated(true); -		session.setAuthenticatedUsed(false);		 +		session.setAuthenticated(true);		  		encryptSession(session, dbsession);  		//add interfederation information  		List<InterfederationSessionStore> idpList = dbsession.getInderfederation(); +		 +		MOAResponse interfederationResp = req.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_RESPONSE, MOAResponse.class); +		String interFedEntityID = interfederationResp.getEntityID(); +		  		InterfederationSessionStore idp = null;  		if (idpList == null) {  			idpList = new ArrayList<InterfederationSessionStore>(); @@ -877,7 +803,7 @@ public class AuthenticationSessionStoreage {  		} else {  			for (InterfederationSessionStore el : idpList) {  				//resue old entry if interfederation IDP is reused for authentication -				if (el.getIdpurlprefix().equals(req.getInterfederationResponse().getEntityID())) +				if (el.getIdpurlprefix().equals(interFedEntityID))  					idp = el;  			}			 @@ -887,7 +813,7 @@ public class AuthenticationSessionStoreage {  		if (idp == null) {  			idp = new InterfederationSessionStore();  			idp.setCreated(now); -			idp.setIdpurlprefix(req.getInterfederationResponse().getEntityID()); +			idp.setIdpurlprefix(interFedEntityID);  			idp.setAuthURL(req.getAuthURL());  			try { @@ -904,7 +830,7 @@ public class AuthenticationSessionStoreage {  			idpList.add(idp);  		} -		AssertionAttributeExtractor extract = new AssertionAttributeExtractor(req.getInterfederationResponse().getResponse());		 +		AssertionAttributeExtractor extract = new AssertionAttributeExtractor(interfederationResp.getResponse());		  		idp.setSessionIndex(extract.getSessionIndex());  		idp.setUserNameID(extract.getNameID());  		idp.setAttributesRequested(false); @@ -923,7 +849,8 @@ public class AuthenticationSessionStoreage {  		return id;  	} -	public static InterfederationSessionStore searchInterfederatedIDPFORAttributeQueryWithSessionID(AuthenticationSession moaSession) { +	@Override +	public InterfederationSessionStore searchInterfederatedIDPFORAttributeQueryWithSessionID(AuthenticationSession moaSession) {  		  MiscUtil.assertNotNull(moaSession, "MOASession");	    		  Logger.trace("Get interfederated IDP for AttributeQuery with sessionID " + moaSession.getSessionID() + " from database.");  		  Session session = MOASessionDBUtils.getCurrentSession(); @@ -958,11 +885,8 @@ public class AuthenticationSessionStoreage {  		}	  	} -	/** -	 * @param entityID -	 * @param requestID -	 */ -	public static boolean removeInterfederetedSession(String entityID, +	@Override +	public boolean removeInterfederetedSession(String entityID,  			String pedingRequestID) {  		try { @@ -974,6 +898,8 @@ public class AuthenticationSessionStoreage {  			  List<AuthenticatedSessionStore> result; +			  //TODO: !!!!!!!!!!! PendingRequestID does not work +			    			  synchronized (session) {  				  session.beginTransaction();  				  Query query = session.getNamedQuery("getSessionWithPendingRequestID"); @@ -1012,9 +938,10 @@ public class AuthenticationSessionStoreage {  		}		  	} -	public static void clean(long now, long authDataTimeOutCreated, long authDataTimeOutUpdated) { -		Date expioredatecreate = new Date(now - authDataTimeOutCreated);		 -		Date expioredateupdate = new Date(now - authDataTimeOutUpdated); +	@Override +	public void clean(Date now, long authDataTimeOutCreated, long authDataTimeOutUpdated) { +		Date expioredatecreate = new Date(now.getTime() - authDataTimeOutCreated);		 +		Date expioredateupdate = new Date(now.getTime() - authDataTimeOutUpdated);  		List<AuthenticatedSessionStore> results;  		Session session = MOASessionDBUtils.getCurrentSession(); @@ -1070,16 +997,6 @@ public class AuthenticationSessionStoreage {  	private static void cleanDelete(AuthenticatedSessionStore result) {  		try { -			AuthenticationSession session = getSession(result.getSessionid()); -			if (session.getProcessInstanceId() != null) { -				ProcessInstanceStoreDAOImpl.getInstance().remove(session.getProcessInstanceId()); -			} - -		} catch (MOADatabaseException e) { -			Logger.warn("Removing process associated with moa session " + result.getSessionid() + " FAILED.", e); -		} - -		try {  			result.setSession("blank".getBytes());  			MOASessionDBUtils.saveOrUpdate(result); @@ -1117,10 +1034,12 @@ public class AuthenticationSessionStoreage {  			  //Assertion requires an unique artifact  			  if (result.size() != 1) {  				 Logger.trace("No entries found."); -			   	throw new MOADatabaseException("No session found with this sessionID"); +			   	throw new MOADatabaseException("No session found with this sessionID");			    +				   			  }  			  return (AuthenticatedSessionStore) result.get(0); +			    		  } catch (Exception e) {  				if (tx != null && !tx.wasCommitted() && commit)  					tx.rollback(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBExceptionStoreImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBExceptionStoreImpl.java deleted file mode 100644 index 4cddd141b..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBExceptionStoreImpl.java +++ /dev/null @@ -1,175 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.storage; - -import java.util.Date; -import java.util.List; - -import org.apache.commons.lang.SerializationUtils; -import org.hibernate.HibernateException; -import org.hibernate.Query; -import org.hibernate.Session; - -import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; -import at.gv.egovernment.moa.id.commons.db.dao.session.ExceptionStore; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.util.Random; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; - -public class DBExceptionStoreImpl implements IExceptionStore { - -	private static DBExceptionStoreImpl store; -	 -	public static DBExceptionStoreImpl getStore() { -		if(store == null) { -			store = new DBExceptionStoreImpl(); -		} -		return store; -	} -	 -	public String storeException(Throwable e) {		 -		String id = Random.nextRandom(); - -		Logger.debug("Store Exception with ID " + id); -		 -		ExceptionStore dbexception = new ExceptionStore(); -		dbexception.setExid(id); -		 -		byte[] data = SerializationUtils.serialize(e); -		dbexception.setException(data); -		 -		dbexception.setTimestamp(new Date()); -		 -		try {			 -			MOASessionDBUtils.saveOrUpdate(dbexception); -			 -		} catch (MOADatabaseException e1) { -			Logger.warn("Exception can not be stored in Database.", e); -			return null; -		} -		 -		return id; -	} - -	public Throwable fetchException(String id) { -		 -		try { -			Logger.debug("Fetch Exception with ID " + id); -			 -			ExceptionStore ex = searchInDatabase(id); -			 -			Object data = SerializationUtils.deserialize(ex.getException()); -			if (data instanceof Throwable) -				return (Throwable) data; -			 -			else { -				Logger.warn("Exeption is not of classtype Throwable"); -				return null; -			} -			 -			 -		} catch (MOADatabaseException e) { -			Logger.info("No Exception found with ID=" + id); -			return null; -			 -		} catch (Exception e) { -			Logger.warn("Exception can not deserialized from Database.",e); -			return null; -		} -		 -	} - -	public void removeException(String id) { -		try { -			ExceptionStore ex = searchInDatabase(id); -			MOASessionDBUtils.delete(ex); -			 -			Logger.debug("Delete Execption with ID " + id); -			 -		} catch (MOADatabaseException e) { -			Logger.info("No Exception found with ID=" + id); -		} -		 - -	} -	 -	public void clean(long now, long exceptionTimeOut) { -		Date expioredate = new Date(now - exceptionTimeOut);		 -		 -		List<ExceptionStore> results; -		Session session = MOASessionDBUtils.getCurrentSession(); -		 -		synchronized (session) {			 -			session.beginTransaction(); -			Query query = session.getNamedQuery("getExceptionWithTimeOut"); -			query.setTimestamp("timeout", expioredate);		 -			results = query.list(); -			session.getTransaction().commit(); -				 -			if (results.size() != 0) { -				for(ExceptionStore result : results) { -					try {  -						MOASessionDBUtils.delete(result); -						Logger.info("Remove Exception with ID=" + result.getExid()  -								+ " after timeout."); -					 -					} catch (HibernateException e){ -						Logger.warn("Exception with ID=" + result.getExid()  -								+ " not removed after timeout! (Error during Database communication)", e); -					} -	 -				}	 -			} -		} -	} -	 -	@SuppressWarnings("rawtypes") -	private ExceptionStore searchInDatabase(String id) throws MOADatabaseException { -		  MiscUtil.assertNotNull(id, "exceptionID");	   -		  Logger.trace("Getting Exception with ID " + id + " from database."); -		  Session session = MOASessionDBUtils.getCurrentSession(); -		  List result; -		   -		  synchronized (session) { -			  session.beginTransaction(); -			  Query query = session.getNamedQuery("getExceptionWithID"); -			  query.setParameter("id", id); -			  result = query.list(); -		   -			  //send transaction -			  session.getTransaction().commit(); -		  } -		   -		  Logger.trace("Found entries: " + result.size()); -		   -		  //Assertion requires an unique artifact -		  if (result.size() != 1) { -			 Logger.trace("No entries found."); -		   	throw new MOADatabaseException("No Exception found with ID " + id); -		  } -		   -		  return (ExceptionStore) result.get(0); -	} - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java index 3b97f3b08..f33a7549c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java @@ -30,29 +30,21 @@ import org.apache.commons.lang.SerializationUtils;  import org.hibernate.HibernateException;  import org.hibernate.Query;  import org.hibernate.Session; +import org.springframework.stereotype.Service;  import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;  import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;  import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;  import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.data.AuthenticationData;  import at.gv.egovernment.moa.logging.Logger;  import at.gv.egovernment.moa.util.MiscUtil; -public class AssertionStorage { - -	private static AssertionStorage instance = null; -	 -	public static AssertionStorage getInstance() { -		if(instance == null) { -			instance = new AssertionStorage(); -		} -		return instance; -	} -	  -	public boolean containsKey(String artifact) { +@Service("TransactionStorage") +public class DBTransactionStorage implements ITransactionStorage { +		 +	public boolean containsKey(String key) {  		try { -			searchInDatabase(artifact); +			searchInDatabase(key);  			return true;  		} catch (MOADatabaseException e) { @@ -61,21 +53,21 @@ public class AssertionStorage {  	} -	public void put(String artifact, Object assertion) throws MOADatabaseException {	 +	public void put(String key, Object value) throws MOADatabaseException {	  		//setup AssertionStore element  		AssertionStore element = new AssertionStore(); -		element.setArtifact(artifact); -		element.setType(assertion.getClass().getName()); +		element.setArtifact(key); +		element.setType(value.getClass().getName());  		element.setDatatime(new Date());  		//serialize the Assertion for Database storage -		byte[] data = SerializationUtils.serialize((Serializable) assertion); +		byte[] data = SerializationUtils.serialize((Serializable) value);  		element.setAssertion(data);  		//store AssertionStore element to Database  		try {  			MOASessionDBUtils.saveOrUpdate(element); -			Logger.info(assertion.getClass().getName() + " with ID: " + artifact + " is stored in Database"); +			Logger.info(value.getClass().getName() + " with ID: " + key + " is stored in Database");  		} catch (MOADatabaseException e) {  			Logger.warn("Sessioninformation could not be stored.");  			throw new MOADatabaseException(e); @@ -83,38 +75,33 @@ public class AssertionStorage {  	} -	 -	/** -	 * @param samlArtifact -	 * @param class1 -	 * @param authdatatimeout -	 * @return -	 * @throws MOADatabaseException  -	 * @throws AuthenticationException  -	 */ -	public <T> T get(String samlArtifact, +	public <T> T get(String key,  			final Class<T> clazz) throws MOADatabaseException {  		try { -			return get(samlArtifact, clazz, -1); +			return get(key, clazz, -1);  		} catch (AuthenticationException e) {  			//this execption only occurs if an additional timeOut is used  			Logger.error("This exeption should not occur!!!!", e);  			return null; +			  		}  	} -	public <T> T get(String artifact, final Class<T> clazz, long authdatatimeout) throws MOADatabaseException, AuthenticationException { +	public <T> T get(String key, final Class<T> clazz, long dataTimeOut) throws MOADatabaseException, AuthenticationException { -	  AssertionStore element = searchInDatabase(artifact); +	  AssertionStore element = searchInDatabase(key); -	  if (authdatatimeout > -1) { +	  if (dataTimeOut > -1) {  		  //check timeout  			long now = new Date().getTime(); -			if (now - element.getDatatime().getTime() > authdatatimeout) -				throw new AuthenticationException("1207", new Object[] { artifact });		   +			if (now - element.getDatatime().getTime() > dataTimeOut) { +				Logger.info("Transaction-Data with key: " + key + " is out of time."); +				throw new AuthenticationException("1207", new Object[] { key }); +				 +			}  	  } @@ -128,13 +115,14 @@ public class AssertionStorage {  		return test;  	  } catch (Exception e) { -		Logger.warn("Sessioninformation Cast-Exception by using Artifact=" + artifact); +		Logger.warn("Sessioninformation Cast-Exception by using Artifact=" + key);  		throw new MOADatabaseException("Sessioninformation Cast-Exception"); +		  	  }  	} -	public void clean(long now, long authDataTimeOut) { -		Date expioredate = new Date(now - authDataTimeOut);		 +	public void clean(Date now, long dataTimeOut) { +		Date expioredate = new Date(now.getTime() - dataTimeOut);		  		List<AssertionStore> results;  		Session session = MOASessionDBUtils.getCurrentSession(); @@ -163,16 +151,16 @@ public class AssertionStorage {  		}  	} -	public void remove(String artifact) { +	public void remove(String key) {  		 try { -			AssertionStore element = searchInDatabase(artifact); +			AssertionStore element = searchInDatabase(key);  			cleanDelete(element); -			Logger.info("Remove stored information with ID: " + artifact); +			Logger.info("Remove stored information with ID: " + key);  		} catch (MOADatabaseException e) { -			Logger.info("Sessioninformation not removed! (Sessioninformation with ID=" + artifact  +			Logger.info("Sessioninformation not removed! (Sessioninformation with ID=" + key   					+ "not found)");  		} catch (HibernateException e) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java new file mode 100644 index 000000000..e89713b2e --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java @@ -0,0 +1,281 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.storage; + +import java.util.Date; +import java.util.List; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.auth.exception.BuildException; +import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.data.SLOInformationInterface; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption; + +/** + * @author tlenz + * + */ +public interface IAuthenticationSessionStoreage { + +	/** +	 * Check if the stored MOASession is already authenticated +	 *  +	 * @param moaSessionID MOASession identifier +	 * @return true if the MOASession is authenticated, otherwise false +	 */ +	public boolean isAuthenticated(String moaSessionID); +	 +	/** +	 * Create a new MOASession +	 *  +	 * @param target Pending Request which is associated with this MOASession +	 * @return MOASession object +	 * @throws MOADatabaseException MOASession storage operation FAILED +	 * @throws BuildException MOASession encryption FAILED +	 */ +	public AuthenticationSession createSession(IRequest target) throws MOADatabaseException, BuildException; +	 +	/** +	 * Get a MOASession with sessionID +	 *  +	 * @param sessionID SessionID which corresponds to a MOASession +	 * @return MOASession, or null if no session exists with this ID +	 * @throws MOADatabaseException MOASession load operation FAILED +	 */ +	public AuthenticationSession getSession(String sessionID) throws MOADatabaseException; +	 +	/** +	 * Get the session-data extension-object for a MOASession +	 *  +	 * @param sessionID SessionID which corresponds to a MOASession +	 * @return AuthenticationSessionExtensions, or null if no session exists with this ID or extensionobject is null +	 * @throws MOADatabaseException MOASession load operation FAILED +	 */ +	public AuthenticationSessionExtensions getAuthenticationSessionExtensions(String sessionID) throws MOADatabaseException; +	 +	/** +	 * Store a session-data extension-object to MOASession +	 *  +	 * @param sessionID SessionID which corresponds to a MOASession +	 * @param sessionExtensions AuthenticationSessionExtensions object +	 * @throws MOADatabaseException MOASession storage operation FAILED +	 */ +	public void setAuthenticationSessionExtensions(String sessionID, AuthenticationSessionExtensions sessionExtensions) throws MOADatabaseException; +	 +	 +	/** +	 * Store a MOASession +	 *  +	 * @param session MOASession which should be stored +	 * @throws MOADatabaseException MOASession storage operation FAILED +	 * @throws BuildException MOASession encryption FAILED +	 */ +	public void storeSession(AuthenticationSession session) throws MOADatabaseException, BuildException; +	 +	/** +	 * Delete a MOASession +	 *  +	 * @param moaSessionID SessionID which corresponds to a MOASession +	 * @throws MOADatabaseException MOASession delete operation FAILED +	 */ +	public void destroySession(String moaSessionID) throws MOADatabaseException; +	 +	 +	/** +	 * Change the sessionID of a MOASession +	 *  +	 * @param session MOASession for which the sessionID should be changed +	 * @param newSessionID new MOASessionID which should be used +	 * @return new MOASessionID +	 * @throws MOADatabaseException MOASession storage operation FAILED +	 * @throws BuildException MOASession encryption/decryption FAILED +	 */ +	public String changeSessionID(AuthenticationSession session, String newSessionID) throws BuildException, MOADatabaseException; +	 +	/** +	 * Change the sessionID of a MOASession +	 *  +	 * @param session MOASession for which the sessionID should be changed +	 * @return new MOASessionID +	 * @throws MOADatabaseException MOASession storage operation FAILED +	 * @throws BuildException MOASession encryption/decryption FAILED +	 */ +	public String changeSessionID(AuthenticationSession session) throws BuildException, MOADatabaseException; +	 +	/** +	 * Set the isAuthenticated flag to MOASession +	 *  +	 * @param moaSessionID SessionID which corresponds to a MOASession +	 * @param isAuthenticated Is authenticated flag (true/false) +	 */ +	public void setAuthenticated(String moaSessionID, boolean isAuthenticated); +	 +	/** +	 * Find the MOASessionId of an active Single Sign-On session +	 *  +	 * @param SSOSessionID Single Sign-On sessionID +	 * @return MOASessionID of the associated MOASession +	 */ +	public String getMOASessionSSOID(String SSOSessionID); +	 +	/** +	 * Check if a MOASession is an active Single Sign-On session +	 *  +	 * @param sessionID SessionID which corresponds to a MOASession +	 * @return true, if the MOASession is a SSO session, otherwise false +	 * @throws MOADatabaseException MOASession load operation FAILED +	 */ +	public boolean isSSOSession(String sessionID) throws MOADatabaseException; +	 + +	/** +	 * @param SSOId +	 * @return +	 */ +	public AuthenticatedSessionStore isValidSessionWithSSOID(String SSOId); +	 +	/** +	 * Add Single Sign-On processing information to a MOASession. +	 * This processing information is required to execute a Single Log-Out process +	 *  +	 * @param moaSessionID SessionID which corresponds to a MOASession +	 * @param SSOSessionID Single Sign-On sessionID +	 * @param SLOInfo Data object with Single LogOut information +	 * @param protocolRequest Protocol-request object of the authentication request  +	 * @throws AuthenticationException Single Sign-On information store operation FAILED  +	 */ +	public void addSSOInformation(String moaSessionID, String SSOSessionID,  +			SLOInformationInterface SLOInfo, IRequest protocolRequest) throws AuthenticationException; +	 +	 +	/** +	 * Get all Single Sign-On authenticated Service-Provider of a MOASession +	 *  +	 * @param moaSession MOASession data object +	 * @return List of Service-Provider information +	 */ +	public List<OASessionStore> getAllActiveOAFromMOASession(AuthenticationSession moaSession); +	 +	 +	/** +	 * Get all active interfederation connections for a MOASession +	 *  +	 * @param moaSession MOASession data object +	 * @return List of Interfederation-IDP information +	 */ +	public List<InterfederationSessionStore> getAllActiveIDPsFromMOASession(AuthenticationSession moaSession); +	 +	/** +	 * Search a MOASession by using already transfered authentication information  +	 *  +	 * @param oaID Service-Provider identifier, which has received the authentication information +	 * @param userNameID UserId (bPK), which was send to this Service-Provider +	 * @return MOASession, or null if no corresponding MOASession is found +	 */ +	public AuthenticationSession searchMOASessionWithNameIDandOAID(String oaID, String userNameID); +	 +	/** +	 * Search a active Single Sign-On session for a specific Service-Provider +	 *  +	 * @param moaSession MOASession data object +	 * @param oaID Service-Provider identifier, which has received the authentication information +	 * @param protocolType Authentication protocol, which was used for SSO from this Service-Provider +	 * @return Internal Single Sign-On information for this Service-Provider +	 */ +	public OASessionStore searchActiveOASSOSession(AuthenticationSession moaSession, String oaID, String protocolType); +	 +	 +	/** +	 * Search a active MOASession with a userID +	 *  +	 * @param nameID UserID (bPK) +	 * @return MOASession, or null if no corresponding MOASession is found +	 */ +	public AuthenticationSession getSessionWithUserNameID(String nameID); +	 +	/** +	 * Search an active federation IDP which could be used for federated Single Sign-On  +	 *  +	 * @param sessionID SessionID which corresponds to a MOASession +	 * @return Information of the federated IDP, or null if no active federated IDP is found +	 */ +	public InterfederationSessionStore searchInterfederatedIDPFORSSOWithMOASession(String sessionID); +	 +	/** +	 * Get information to an active federated IDP of MOASession +	 *  +	 * @param sessionID SessionID which corresponds to a MOASession +	 * @param idpID Unique identifier of the federated IDP +	 * @return Information of the federated IDP, or null if no active federated IDP is found +	 */ +	public InterfederationSessionStore searchInterfederatedIDPFORSSOWithMOASessionIDPID(String sessionID, String idpID); +	 +	 +	/** +	 * Create a MOASession from interfederation information +	 *  +	 * @param req Pending request +	 * @param isAuthenticated true if the session should be marked as authenticated, otherwise false +	 * @param ssoID Single Sign-On session identifer +	 * @return MOASessionID of new created MOASession +	 * @throws MOADatabaseException +	 * @throws AssertionAttributeExtractorExeption +	 * @throws BuildException +	 */ +	@Deprecated +	public String createInterfederatedSession(IRequest req, boolean isAuthenticated, String ssoID) throws MOADatabaseException, AssertionAttributeExtractorExeption, BuildException; +	 +	/** +	 * Search an active federation IDP which could be used for federated Single Sign-On by using an AttributeQuery +	 *  +	 * @param moaSession MOASession data object +	 * @return Information of the federated IDP, or null if no active federated IDP is found +	 */ +	public InterfederationSessionStore searchInterfederatedIDPFORAttributeQueryWithSessionID(AuthenticationSession moaSession); +	 +	/** +	 * Remove an active federation IDP from MOASession +	 *  +	 * @param entityID Unique identifier of the federated IDP +	 * @param pedingRequestID  +	 * @return true if the federated IDP could be remove, otherwise false +	 */ +	@Deprecated +	public boolean removeInterfederetedSession(String entityID, String pedingRequestID); +	 +	/** +	 * Clean all MOASessions which has a timeOut +	 *  +	 * @param now Current Time +	 * @param authDataTimeOutCreated timeOut after MOASession is created [ms] +	 * @param authDataTimeOutUpdated timeOut after MOASession is updated last time [ms]  +	 */ +	public void clean(Date now, long authDataTimeOutCreated, long authDataTimeOutUpdated); +} + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java new file mode 100644 index 000000000..d05689e68 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java @@ -0,0 +1,90 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.storage; + +import java.util.Date; + +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; + +/** + * @author tlenz + * + */ +public interface ITransactionStorage { + +	/** +	 * Check if transaction storage contains a data object with a specific key +	 *  +	 * @param key Key, which identifies a data object +	 * @return true if key is found, otherwise false +	 */ +	public boolean containsKey(String key); +	 +	/** +	 * Store a data object with a key to transaction storage +	 *  +	 * @param key Id which identifiers the data object +	 * @param value Data object which should be stored +	 * @throws MOADatabaseException In case of store operation failed +	 */ +	public void put(String key, Object value) throws MOADatabaseException; +	 +	/** +	 * Get a data object from transaction storage +	 *  +	 * @param key Id which identifiers the data object +	 * @param clazz The class type which is stored with this key +	 * @return The transaction-data object from type class +	 * @throws MOADatabaseException In case of load operation failed +	 */ +	public <T> T get(String key, final Class<T> clazz) throws MOADatabaseException; +	 +	/** +	 * Get a data object from transaction storage +	 *  +	 * @param key Id which identifiers the data object +	 * @param clazz The class type which is stored with this key +	 * @param Data-object timeout in [ms] +	 * @return The transaction-data object from type class +	 * @throws MOADatabaseException In case of load operation failed +	 * @throws AuthenticationException In case of data-object timeout occurs +	 */ +	public <T> T get(String key, final Class<T> clazz, long dataTimeOut) throws MOADatabaseException, AuthenticationException; +	 +	/** +	 * Remove a data object from transaction storage +	 *  +	 * @param key Id which identifiers the data object +	 */ +	public void remove(String key); +	 +	/** +	 * Clean-up the transaction storage +	 *  +	 * @param now Current time +	 * @param dataTimeOut Data-object timeout in [ms] +	 */ +	public void clean(Date now, long dataTimeOut); +	 +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java index 2aceb833c..d2499af9d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java @@ -172,5 +172,14 @@ public class HTTPUtils {  	    return authURL;  	} +	 +	public static String addURLParameter(String url, String paramname, +			String paramvalue) { +		String param = paramname + "=" + paramvalue; +		if (url.indexOf("?") < 0) +			return url + "?" + param; +		else +			return url + "&" + param; +	}  } diff --git a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule new file mode 100644 index 000000000..7e2315fd7 --- /dev/null +++ b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule @@ -0,0 +1,2 @@ +# The default moaid process +at.gv.egovernment.moa.id.auth.modules.BKUSelectionModuleImpl diff --git a/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/BKUSelection.process.xml b/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/BKUSelection.process.xml new file mode 100644 index 000000000..b61ee5f2d --- /dev/null +++ b/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/BKUSelection.process.xml @@ -0,0 +1,30 @@ +<?xml version="1.0" encoding="UTF-8"?> +<pd:ProcessDefinition id="BKUSelectionProcess" xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1"> + +<!-- +	- National authentication with Austrian Citizen Card and mobile signature with our without mandate. +	- Legacy authentication for foreign citizens using MOCCA supported signature cards. +--> +	<pd:Task id="initializeBKUSelection" 				class="GenerateBKUSelectionFrameTask" async="true"/> +	<pd:Task id="parseBKUSelection"    					class="EvaluateBKUSelectionTask" /> +	<pd:Task id="restartAuthProzessManagement"  class="RestartAuthnProcessManagment"/> + +	<!-- Process is triggered either by GenerateIFrameTemplateServlet (upon bku selection) or by AuthenticationManager (upon legacy authentication start using legacy parameters. --> +	<pd:StartEvent id="start" /> +	 +	<pd:Transition from="start"                     to="initializeBKUSelection" /> +	 +	<pd:Transition from="initializeBKUSelection" 		to="parseBKUSelection" /> + + +	<!--  +			BKU selection process MUST always end with 'restartAuthProzessManagement'!  +			Last synchron steps before 'restartAuthProzessManagement' MUST NOT write to httpServletResponse object! +	-->	 +	<pd:Transition from="parseBKUSelection"    			to="restartAuthProzessManagement" /> +	 +	<pd:Transition from="restartAuthProzessManagement"   			to="end" /> +		 +	<pd:EndEvent id="end" /> + +</pd:ProcessDefinition> diff --git a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml new file mode 100644 index 000000000..05ceb65f4 --- /dev/null +++ b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml @@ -0,0 +1,61 @@ +<?xml version="1.0" encoding="UTF-8"?> +<beans xmlns="http://www.springframework.org/schema/beans" +	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" +	xmlns:context="http://www.springframework.org/schema/context" +	xmlns:tx="http://www.springframework.org/schema/tx" +	xmlns:aop="http://www.springframework.org/schema/aop" +	xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd +		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd +		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd +		http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> +  +	<bean id="MOAID_AuthenticationManager"  +				class="at.gv.egovernment.moa.id.moduls.AuthenticationManager"/> + +	<bean id="AuthenticationDataBuilder"  +				class="at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder"/> + +	<bean id="MOAID_SSOManager"  +				class="at.gv.egovernment.moa.id.moduls.SSOManager"/> + +	<bean id="TransactionStorage"  +				class="at.gv.egovernment.moa.id.storage.DBTransactionStorage"/> + +	<bean id="AuthenticationSessionStoreage"  +				class="at.gv.egovernment.moa.id.storage.DBAuthenticationSessionStoreage"/> +				 +	<bean id="RequestStorage"  +				class="at.gv.egovernment.moa.id.moduls.RequestStorage"/> +				 +	<bean id="ProcessInstanceStoreage"  +				class="at.gv.egovernment.moa.id.process.dao.ProcessInstanceStoreDAOImpl"/> + +	<bean id="StatisticLogger"  +				class="at.gv.egovernment.moa.id.advancedlogging.StatisticLogger"/> + +	<bean id="MOAReversionLogger"  +				class="at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger"/> +				 +	<bean id="AuthenticationSessionCleaner"  +				class="at.gv.egovernment.moa.id.auth.AuthenticationSessionCleaner"/>								 +				 +<!-- Authentication Process Tasks --> +	<bean id="GenerateBKUSelectionFrameTask"  +				class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.GenerateBKUSelectionFrameTask"/> +				 +	<bean id="EvaluateBKUSelectionTask"  +				class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.EvaluateBKUSelectionTask"/> +				 +	<bean id="RestartAuthProzessManagement"  +				class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.RestartAuthProzessManagement"/>				 + +	<bean id="FinalizeAuthenticationTask"  +				class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.FinalizeAuthenticationTask"/> + +	<bean id="CreateInterfedeartionRequestTask"  +				class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.CreateInterfedeartionRequestTask"/>				 + +	<bean id="ReceiveInterfederationResponseTask"  +				class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.ReceiveInterfederationResponseTask"/>				 +				 +</beans>
\ No newline at end of file diff --git a/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml b/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml deleted file mode 100644 index 5855fc766..000000000 --- a/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml +++ /dev/null @@ -1,44 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<beans xmlns="http://www.springframework.org/schema/beans" -	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" -	xmlns:context="http://www.springframework.org/schema/context" -	xmlns:tx="http://www.springframework.org/schema/tx" -	xmlns:aop="http://www.springframework.org/schema/aop" -	xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd -		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd -		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd -		http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> - -	<context:property-placeholder location="${moa.id.configuration}"/>  - -	<bean id="moaidauthconfig" class="at.gv.egovernment.moa.id.config.auth.PropertyBasedAuthConfigurationProvider"> -		<constructor-arg value="#{systemProperties['moa.id.configuration']}"/> -	</bean> -	 -	<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource" lazy-init="true" destroy-method="close"> -		<aop:scoped-proxy/> -		<property name="driverClassName" value="${configuration.hibernate.connection.driver_class}" /> -		<property name="url" value="${configuration.hibernate.connection.url}"/> -		<property name="username" value="${configuration.hibernate.connection.username}" /> -		<property name="password" value="${configuration.hibernate.connection.password}" /> -				 -		<property name="connectionProperties" value="${configuration.dbcp.connectionProperties}" /> -		<property name="initialSize" value="${configuration.dbcp.initialSize}" />		 -		<property name="maxActive" value="${configuration.dbcp.maxActive}" /> -		<property name="maxIdle" value="${configuration.dbcp.maxIdle}" /> -		<property name="minIdle" value="${configuration.dbcp.minIdle}" /> -		<property name="maxWait" value="${configuration.dbcp.maxWaitMillis}" /> -		<property name="testOnBorrow" value="${configuration.dbcp.testOnBorrow}" /> -		<property name="testOnReturn" value="${configuration.dbcp.testOnReturn}" /> -		<property name="testWhileIdle" value="${configuration.dbcp.testWhileIdle}" /> -		<property name="validationQuery" value="${configuration.dbcp.validationQuery}" /> -	</bean> -	 -	<bean id="jpaVendorAdapter" class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter"> -		<property name="showSql" value="${configuration.hibernate.show_sql}" /> -		<property name="generateDdl" value="${configuration.jpaVendorAdapter.generateDdl}" /> -		<property name="databasePlatform" value="${configuration.hibernate.dialect}" /> -	</bean> -	 -	 -</beans>
\ No newline at end of file diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index cabf1557e..8329db941 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -52,7 +52,8 @@ init.00=MOA ID Authentisierung wurde erfolgreich gestartet  init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround\: SSL ist m\u00F6glicherweise nicht verf\u00FCgbar
  init.02=Fehler beim Starten des Service MOA-ID-Auth
  init.04=Fehler beim Datenbankzugriff mit der SessionID {0}
 - 
 +
 +internal.00=W\u00e4hrend des Anmeldevorgangs wurde ein nicht erlaubter Prozesszustand erreicht wodurch der Anmeldeprozess aus sicherheitsgr\u00FCnden abgebrochen wurde. 
  config.00=MOA ID Konfiguration erfolgreich geladen: {0}
  config.01=Umgebungsvariable "moa.id.configuration" nicht gesetzt
 diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties index abd5d15f3..a8583d945 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties @@ -32,6 +32,8 @@ init.00=9199  init.01=9199  init.02=9199  init.04=9101 + +internal.00=9199  config.00=9199  config.01=9199 | 
