aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2016-02-25 10:26:41 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2016-02-25 10:26:41 +0100
commit1f88acc4f47eb8b9e01ff3c9d8262871fe314b42 (patch)
treeac717490924db6c1d5fecd3056210ee9568de8a0 /id/server/idserverlib/src
parent14b1e1a2840a210754ac063ee3aa0b6884bf6ce9 (diff)
downloadmoa-id-spss-1f88acc4f47eb8b9e01ff3c9d8262871fe314b42.tar.gz
moa-id-spss-1f88acc4f47eb8b9e01ff3c9d8262871fe314b42.tar.bz2
moa-id-spss-1f88acc4f47eb8b9e01ff3c9d8262871fe314b42.zip
add 'isAbortedByUser' flag to pending-request to indicate that this request is aborted, but the auth. process is not broken
Diffstat (limited to 'id/server/idserverlib/src')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java22
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java14
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java19
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java36
4 files changed, 62 insertions, 29 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java
index d52b76ebd..5b53a43bd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java
@@ -90,19 +90,21 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask {
if (ssoConsents) {
//authenticate pending-request
pendingReq.setAuthenticated(true);
-
- //store pending-request
- requestStoreage.storePendingRequest(pendingReq);
-
- //redirect to auth. protocol finalization
- performRedirectToProtocolFinialization(pendingReq, response);
-
+ pendingReq.setAbortedByUser(false);
+
} else {
//user deny single sign-on authentication
- throw new AuthenticationException("auth.21", new Object[] {});
-
+ Logger.debug("User deny the Single Sign-On authentication for SP: " + pendingReq.getOAURL());
+ pendingReq.setAbortedByUser(true);
+
}
-
+
+ //store pending-request
+ requestStoreage.storePendingRequest(pendingReq);
+
+ //redirect to auth. protocol finalization
+ performRedirectToProtocolFinialization(pendingReq, response);
+
} catch (MOAIDException e) {
throw new TaskExecutionException(pendingReq, e.getMessage(), e);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
index f5d381e42..e1edb6b77 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
@@ -175,4 +175,18 @@ public interface IRequest {
* @return Service-Provider configuration
*/
public IOAAuthParameters getOnlineApplicationConfiguration();
+
+ /**
+ * Indicates, if this pending-request is aborted by the user
+ *
+ * @return true, if it is aborted, otherwise false
+ */
+ public boolean isAbortedByUser();
+
+ /**
+ * Set the 'isAboredByUser' flag of this pending-request
+ *
+ * @param b true, if the user has abort the authentication process, otherwise false
+ */
+ public void setAbortedByUser(boolean isAborted);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
index 961700651..4dade61fa 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
@@ -69,13 +69,17 @@ public abstract class RequestImpl implements IRequest, Serializable{
private boolean passiv = false;
private boolean force = false;
-
- private boolean needAuthentication = true;
- private boolean isAuthenticated = false;
private boolean needSSO = false;
+ private boolean isAbortedByUser = false;
+ //every request needs authentication by default
+ private boolean needAuthentication = true;
+ //every request is not authenticated by default
+ private boolean isAuthenticated = false;
+
private Map<String, Object> genericDataStorage = new HashMap<String, Object>();
+
/**
* @throws ConfigurationException
@@ -324,6 +328,15 @@ public abstract class RequestImpl implements IRequest, Serializable{
}
+ public boolean isAbortedByUser() {
+ return this.isAbortedByUser;
+ }
+
+ public void setAbortedByUser(boolean isAborted) {
+ this.isAbortedByUser = isAborted;
+
+ }
+
public Object getGenericData(String key) {
if (MiscUtil.isNotEmpty(key)) {
return genericDataStorage.get(key);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java
index 8c3f2c946..009ef4b6d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java
@@ -33,6 +33,7 @@ import org.springframework.web.bind.annotation.RequestMethod;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.moduls.IRequest;
@@ -74,10 +75,7 @@ public class ProtocolFinalizationController extends AbstractAuthProtocolModulCon
//build protocol-specific error message if possible
buildProtocolSpecificErrorResponse(throwable, req, resp, pendingReq);
-
- //log Error Message
- statisticLogger.logErrorOperation(throwable, pendingReq);
-
+
//get MOASession for this pendingRequest
AuthenticationSession moaSession =
authenticatedSessionStorage.getSession(
@@ -132,19 +130,25 @@ public class ProtocolFinalizationController extends AbstractAuthProtocolModulCon
if (moaSession == null) {
Logger.error("No MOASession with ID " + sessionID + " found.!");
handleErrorNoRedirect(new MOAIDException("auth.02", new Object[]{sessionID}), req, resp, true);
- return;
- }
-
- //check if MOASession and pending-request are authenticated
- if (moaSession.isAuthenticated() && pendingReq.isAuthenticated()) {
- finalizeAuthenticationProcess(req, resp, pendingReq, moaSession);
-
} else {
- Logger.error("MOASession oder Pending-Request are not authenticated --> Abort authentication process!");
- handleErrorNoRedirect(new MOAIDException("auth.20", null), req, resp, true);
- return;
-
+
+ //check if pending-request has 'abortedByUser' flag set
+ if (pendingReq.isAbortedByUser()) {
+ buildProtocolSpecificErrorResponse(
+ new AuthenticationException("auth.21", new Object[] {}),
+ req, resp, pendingReq);
+
+ //check if MOASession and pending-request are authenticated
+ } else if (moaSession.isAuthenticated() && pendingReq.isAuthenticated()) {
+ finalizeAuthenticationProcess(req, resp, pendingReq, moaSession);
+
+ } else {
+ //suspect state: pending-request is not aborted but also are not authenticated
+ Logger.error("MOASession oder Pending-Request are not authenticated --> Abort authentication process!");
+ handleErrorNoRedirect(new MOAIDException("auth.20", null), req, resp, true);
+
+ }
}
} catch (Exception e) {
@@ -156,7 +160,7 @@ public class ProtocolFinalizationController extends AbstractAuthProtocolModulCon
//remove pending-request
if (pendingReq != null)
- requestStorage.removePendingRequest(pendingReq.getRequestID());
+ requestStorage.removePendingRequest(pendingReq.getRequestID());
}