diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2013-07-12 11:06:06 +0200 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2013-07-12 11:06:06 +0200 |
commit | 31ab8aace485fb61f7c872ebaa143299c6e5dcf1 (patch) | |
tree | 41da03bf1ce918919fb73da1cecbe3baac7c9594 /id/server/idserverlib | |
parent | 4fd52221a71a7f9f7683c34cc573aa44b9adcc1c (diff) | |
download | moa-id-spss-31ab8aace485fb61f7c872ebaa143299c6e5dcf1.tar.gz moa-id-spss-31ab8aace485fb61f7c872ebaa143299c6e5dcf1.tar.bz2 moa-id-spss-31ab8aace485fb61f7c872ebaa143299c6e5dcf1.zip |
SSO Implementation
Diffstat (limited to 'id/server/idserverlib')
11 files changed, 300 insertions, 141 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 19af66150..f7c0ff812 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1850,7 +1850,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { // TODO See Bug #144 // Compare AuthBlock Data with information stored in session, especially // date and time - + CreateXMLSignatureResponseValidator.getInstance().validateSigningDateTime(csresp); + // compares the public keys from the identityLink with the AuthBlock VerifyXMLSignatureResponseValidator.getInstance().validateCertificate( vsresp, session.getIdentityLink()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java index c41de1904..ed54683ca 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java @@ -25,6 +25,7 @@ package at.gv.egovernment.moa.id.auth.data; import java.io.Serializable; +import java.util.Date; import iaik.x509.X509Certificate; @@ -64,6 +65,8 @@ public class VerifyXMLSignatureResponse implements Serializable{ */ private int signatureManifestCheckCode = -1; + private Date signingDateTime; + /** * Returns the certificateCheckCode. * @return int @@ -226,4 +229,13 @@ public class VerifyXMLSignatureResponse implements Serializable{ this.signatureManifestCheckCode = signatureManifestCheckCode; } + public Date getSigningDateTime() { + return signingDateTime; + } + + public void setSigningDateTime(Date signingDateTime) { + this.signingDateTime = signingDateTime; + } + + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java index 16ff65477..571d4e738 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java @@ -50,8 +50,10 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.config.stork.CPEPS; import at.gv.egovernment.moa.id.config.stork.STORKConfig; +import at.gv.egovernment.moa.id.moduls.AuthenticationManager; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.moduls.RequestStorage; +import at.gv.egovernment.moa.id.moduls.SSOManager; import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.HTTPUtils; @@ -66,103 +68,48 @@ import eu.stork.vidp.messages.exception.SAMLValidationException; import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel; import eu.stork.vidp.messages.stork.RequestedAttributes; -/** - * Servlet requested for starting a MOA ID authentication session. - * Utilizes the {@link AuthenticationServer}. - * - * @author Paul Ivancsics - * @version $Id$ - * @see AuthenticationServer#startAuthentication - */ -public class StartAuthenticationServlet extends AuthServlet { +public class LogOutServlet extends AuthServlet { - /** - * - */ private static final long serialVersionUID = 3908001651893673395L; - -/** - * Responds with an HTML form which upon submit requests the identity link - * from the security layer implementation. - * <br> - * Response: - * <ul> - * <li>Content type: <code>"text/html"</code></li> - * <li>Content: see return value of {@link AuthenticationServer#startAuthentication}</li> - * <li>Error status: <code>500</code> - * </ul> - * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse) - */ + private static final String REDIRECT_URL = "redirect"; + protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { - Logger.debug("GET StartAuthentication"); - - String sessionID = req.getParameter(PARAM_SESSIONID); - sessionID = (String) req.getAttribute(PARAM_SESSIONID); - + Logger.debug("receive LogOut Request"); + String redirectUrl = (String) req.getParameter(REDIRECT_URL); - try { - - if (StringUtils.isEmpty(sessionID)) - throw new MOAIDException("auth.18", null); - - sessionID = StringEscapeUtils.escapeHtml(sessionID); - - if (!ParamValidatorUtils.isValidSessionID(sessionID)) - throw new WrongParametersException("StartAuthentication", PARAM_SESSIONID, "auth.12"); - - setNoCachingHeadersInHttpRespone(req, resp); - - - //TODO: Load MOASession - AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(sessionID); + SSOManager ssomanager = SSOManager.getInstance(); + + //get SSO token from request + String ssoid = ssomanager.getSSOSessionID(req); - STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig(); - - Logger.info("Starting authentication for a citizen of country: " + (StringUtils.isEmpty(moasession.getCcc()) ? "AT" : moasession.getCcc())); - // STORK or normal authentication - if (storkConfig.isSTORKAuthentication(moasession.getCcc())) { - //STORK authentication - Logger.trace("Found C-PEPS configuration for citizen of country: " + moasession.getCcc()); - Logger.debug("Starting STORK authentication"); - - //TODO: insert sessionID to STORK!! - AuthenticationServer.startSTORKAuthentication(req, resp, moasession); - - } else { - //normal MOA-ID authentication - Logger.debug("Starting normal MOA-ID authentication"); - - String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(moasession, req.getScheme()); - - resp.setContentType("text/html;charset=UTF-8"); - PrintWriter out = new PrintWriter(resp.getOutputStream()); - out.print(getIdentityLinkForm); - out.flush(); - } - Logger.debug("Finished GET StartAuthentication"); + if (ssomanager.isValidSSOSession(ssoid, req)) { + + //TODO: Single LogOut Implementation + //delete SSO session and MOA session + AuthenticationManager authmanager = AuthenticationManager.getInstance(); + authmanager.logout(req, resp); + Logger.info("User with SSO Id " + ssoid + " is logged out and get redirect to "+ redirectUrl); + } else { + Logger.info("No active SSO session found. User is maybe logout already and get redirect to "+ redirectUrl); } - catch (WrongParametersException ex) { - handleWrongParameters(ex, req, resp); - } - - catch (MOAIDException ex) { - handleError(null, ex, req, resp); - - } catch (MOADatabaseException e) { - handleError(null, e, req, resp); - } + //Remove SSO token + ssomanager.deleteSSOSessionID(req, resp); + + //invalidate Session + req.getSession().invalidate(); + + //Redirect to Application + resp.setStatus(301); + resp.addHeader("Location", redirectUrl); } - /** - * @see javax.servlet.http.HttpServlet#doPost(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) - */ protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java index e77dd30d0..115c52688 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java @@ -55,6 +55,7 @@ public class CreateXMLSignatureResponseValidator { /** Xpath expression to the dsig:Signature element */ private static final String SIGNATURE_XPATH = Constants.DSIG_PREFIX + ":Signature"; + private static final String XADES_SIGNINGTIME_PATH = Constants.XADES_1_1_1_NS_PREFIX + ":SigningTime"; /** Singleton instance. <code>null</code>, if none has been created. */ private static CreateXMLSignatureResponseValidator instance; @@ -331,4 +332,11 @@ public class CreateXMLSignatureResponseValidator { throw new ValidateException("validator.05", new Object[] {"im AUTHBlock"}) ; } } + + public void validateSigningDateTime( CreateXMLSignatureResponse csresp) throws ValidateException { + + //TODO: insert Time validation!!!! + + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java index 90282a28c..892607c16 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java @@ -35,6 +35,7 @@ import java.security.interfaces.RSAPublicKey; import java.util.List; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; @@ -154,7 +155,7 @@ public class VerifyXMLSignatureResponseValidator { } } - + /** * Method validateCertificate. * @param verifyXMLSignatureResponse The VerifyXMLSignatureResponse diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index 244197379..4c5b82db8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -1,5 +1,7 @@ package at.gv.egovernment.moa.id.entrypoints; +import iaik.util.logging.Log; + import java.io.IOException; import java.util.Iterator; @@ -12,6 +14,7 @@ import javax.servlet.http.HttpSession; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; import at.gv.egovernment.moa.id.moduls.AuthenticationManager; import at.gv.egovernment.moa.id.moduls.IAction; @@ -20,11 +23,14 @@ import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.moduls.ModulStorage; import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException; import at.gv.egovernment.moa.id.moduls.RequestStorage; +import at.gv.egovernment.moa.id.moduls.SSOManager; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.storage.ExceptionStoreImpl; +import at.gv.egovernment.moa.id.util.HTTPSessionUtils; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.logging.Logger; -public class DispatcherServlet extends AuthServlet { +public class DispatcherServlet extends AuthServlet{ /** * @@ -189,7 +195,31 @@ public class DispatcherServlet extends AuthServlet { AuthenticationManager authmanager = AuthenticationManager.getInstance(); + SSOManager ssomanager = SSOManager.getInstance(); + + //get SSO Cookie for Request + String ssoId = ssomanager.getSSOSessionID(req); + if (moduleAction.needAuthentication(protocolRequest, req, resp)) { + + //check SSO session + if (ssoId != null) { + String correspondingMOASession = ssomanager.existsOldSSOSession(ssoId); + + if (correspondingMOASession != null) { + Log.warn("Request sends an old SSO Session ID("+ssoId+")! " + + "Invalidate the corresponding MOASession with ID="+ correspondingMOASession); + + AuthenticationSessionStoreage.destroySession(correspondingMOASession); + ssomanager.deleteSSOSessionID(req, resp); + } + } + + boolean isValidSSOSession = ssomanager.isValidSSOSession(ssoId, req); + + //TODO: load useSSO from config! + boolean useSSOOA = true; + if (protocolRequest.isPassiv() && protocolRequest.forceAuth()) { // conflict! @@ -206,8 +236,7 @@ public class DispatcherServlet extends AuthServlet { } else if (protocolRequest.isPassiv()) { if (authmanager.tryPerformAuthentication(req, resp) - || authmanager.isAuthenticated(req, - resp)) { + || (isValidSSOSession && useSSOOA) ) { // Passive authentication ok! } else { throw new NoPassivAuthenticationException(); @@ -215,8 +244,7 @@ public class DispatcherServlet extends AuthServlet { } else { if (authmanager.tryPerformAuthentication(req, resp) - || authmanager.isAuthenticated(req, - resp)) { + || (isValidSSOSession && useSSOOA) ) { // Is authenticated .. proceed } else { // Start authentication! @@ -226,11 +254,26 @@ public class DispatcherServlet extends AuthServlet { } } } - + moduleAction.processRequest(protocolRequest, req, resp); + //save SSO session usage in Database + String moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(), + AuthenticationManager.MOA_SESSION, null); + + String newSSOSessionId = ssomanager.storeSSOSessionInformations(moasessionID, protocolRequest.getOAURL()); + + if (newSSOSessionId != null) { + ssomanager.setSSOSessionID(req, resp, newSSOSessionId); + + } else { + ssomanager.deleteSSOSessionID(req, resp); + } + RequestStorage.removePendingRequest(httpSession); - authmanager.logout(req, resp); + + + //authmanager.logout(req, resp); } catch (Throwable e) { e.printStackTrace(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index 58fec9790..d04c0b3d5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -66,45 +66,45 @@ public class AuthenticationManager extends AuthServlet { return null; } - /** - * Checks if the session is authenticated - * - * @param request - * @param response - * @return - */ - public boolean isAuthenticated(HttpServletRequest request, - HttpServletResponse response) { - Logger.info("Checking authentication"); - - HttpSession session = request.getSession(); - - String moaSessionID = HTTPSessionUtils.getHTTPSessionString(session, MOA_SESSION, null); - - if(moaSessionID == null) { - Logger.info("NO MOA Session to logout"); - return false; - } - -// AuthenticationSession authSession; -// try { -// authSession = AuthenticationSessionStoreage -// .getSession(moaSessionID); -// -// } catch (MOADatabaseException e) { -// Logger.info("NO MOA Authentication data for ID " + moaSessionID); -// return false; -// } +// /** +// * Checks if the session is authenticated +// * +// * @param request +// * @param response +// * @return +// */ +// public boolean isAuthenticated(HttpServletRequest request, +// HttpServletResponse response) { +// Logger.info("Checking authentication"); +// +// HttpSession session = request.getSession(); +// +// String moaSessionID = HTTPSessionUtils.getHTTPSessionString(session, MOA_SESSION, null); // -// if(authSession == null) { -// Logger.info("NO MOA Authentication data for ID " + moaSessionID); +// if(moaSessionID == null) { +// Logger.info("NO MOA Session to logout"); // return false; // } // -// return authSession.isAuthenticated(); - - return AuthenticationSessionStoreage.isAuthenticated(moaSessionID); - } +//// AuthenticationSession authSession; +//// try { +//// authSession = AuthenticationSessionStoreage +//// .getSession(moaSessionID); +//// +//// } catch (MOADatabaseException e) { +//// Logger.info("NO MOA Authentication data for ID " + moaSessionID); +//// return false; +//// } +//// +//// if(authSession == null) { +//// Logger.info("NO MOA Authentication data for ID " + moaSessionID); +//// return false; +//// } +//// +//// return authSession.isAuthenticated(); +// +// return AuthenticationSessionStoreage.isAuthenticated(moaSessionID); +// } /** * Checks if this request can authenticate a MOA Session diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index 9dcef5778..3bbb3bd2a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -174,6 +174,8 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { SPSSODescriptor spSSODescriptor = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS); AssertionConsumerService consumerService = spSSODescriptor.getAssertionConsumerServices().get(assertionidx); AttributeConsumingService attributeConsumer = spSSODescriptor.getAttributeConsumingServices().get(attributeIdx); + + //TODO: maybe change to getEntityID() String oaURL = consumerService.getLocation(); String binding = consumerService.getBinding(); String entityID = moaRequest.getEntityMetadata().getEntityID(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java index 3634c9983..2c4b7c4c5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java @@ -32,9 +32,6 @@ public class GetArtifactAction implements IAction { AuthenticationManager authmanager = AuthenticationManager.getInstance(); AuthenticationSession session = authmanager.getAuthenticationSession(httpSession); - -// String oaURL = (String) httpReq.getAttribute(PARAM_OA); -// oaURL = StringEscapeUtils.escapeHtml(oaURL); String oaURL = (String) req.getOAURL(); String target = (String) req.getTarget(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java index 09314ba37..d6cf84d86 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java @@ -95,6 +95,8 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants { config.setTarget(oaParam.getTarget()); + //TODO: set reauthenticate if OA.useSSO=false + request.getSession().setAttribute(PARAM_OA, oaURL); request.getSession().setAttribute(PARAM_TARGET, oaParam.getTarget()); return config; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java index 44f0563b1..8ea6a6633 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java @@ -13,6 +13,7 @@ import org.apache.commons.lang.SerializationUtils; import org.hibernate.HibernateException; import org.hibernate.Query; import org.hibernate.Session; +import org.hibernate.Transaction; import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.MOAIDException; @@ -20,6 +21,8 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.commons.db.HibernateUtil; import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; @@ -93,16 +96,48 @@ public class AuthenticationSessionStoreage { public static void destroySession(String moaSessionID) throws MOADatabaseException { - try { - AuthenticatedSessionStore dbsession = searchInDatabase(moaSessionID); - HibernateUtil.delete(dbsession); + Session session = HibernateUtil.getCurrentSession(); + + List result; + + synchronized (session) { + + session.beginTransaction(); + Query query = session.getNamedQuery("getSessionWithID"); + query.setString("sessionid", moaSessionID); + result = query.list(); + + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() != 1) { + Logger.trace("No entries found."); + throw new MOADatabaseException("No session found with this sessionID"); + } + + AuthenticatedSessionStore dbsession = (AuthenticatedSessionStore) result.get(0); - } catch (MOADatabaseException e) { - Logger.warn("MOASession could not be destroyed."); - throw new MOADatabaseException(e); - } +// //delete old SSO Session Ids +// List<OldSSOSessionIDStore> oldssosessionids = dbsession.getOldssosessionids(); +// +// for (OldSSOSessionIDStore oldsssid : oldssosessionids) { +// session.delete(oldsssid); +// } +// +// //delete active OA +// List<OASessionStore> activeOAs = dbsession.getActiveOAsessions(); +// +// for (OASessionStore activeOA : activeOAs) { +// session.delete(activeOA); +// +// } + + //delete MOA Session + session.delete(dbsession); + session.getTransaction().commit(); + } - } // public static void dumpSessionStore() { @@ -141,10 +176,7 @@ public class AuthenticationSessionStoreage { throw new AuthenticationException("TODO!", null); } - - - - + // synchronized (sessionStore) { // if (sessionStore.containsKey(session.getSessionID())) { // AuthenticationSession theSession = sessionStore.get(session @@ -163,6 +195,77 @@ public class AuthenticationSessionStoreage { // throw new AuthenticationException("TODO!", null); } + public static void addSSOInformation(String moaSessionID, String SSOSessionID, + String OAUrl) throws AuthenticationException { + + AuthenticatedSessionStore dbsession; + Transaction tx = null; + + try { + + Session session = HibernateUtil.getCurrentSession(); + List result; + + synchronized (session) { + + tx = session.beginTransaction(); + Query query = session.getNamedQuery("getSessionWithID"); + query.setString("sessionid", moaSessionID); + result = query.list(); + + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() != 1) { + Logger.trace("No entries found."); + throw new MOADatabaseException("No session found with this sessionID"); + } + + dbsession = (AuthenticatedSessionStore) result.get(0); + + //set active OA applications + OASessionStore activeOA = new OASessionStore(); + activeOA.setOaurlprefix(OAUrl); + activeOA.setMoasession(dbsession); + activeOA.setCreated(new Date()); + + List<OASessionStore> activeOAs = dbsession.getActiveOAsessions(); + activeOAs.add(activeOA); + dbsession.setActiveOAsessions(activeOAs); + + + //Store used SSOId + if (dbsession.getSSOsessionid() != null) { + OldSSOSessionIDStore oldSSOId = new OldSSOSessionIDStore(); + oldSSOId.setOldsessionid(dbsession.getSSOsessionid()); + oldSSOId.setMoasession(dbsession); + + List<OldSSOSessionIDStore> oldSSOIds = dbsession.getOldssosessionids(); + oldSSOIds.add(oldSSOId); + } + + dbsession.setSSOSession(true); + dbsession.setSSOsessionid(SSOSessionID); + + //Store MOASession + session.saveOrUpdate(dbsession); + + //send transaction + tx.commit(); + } + + } catch (MOADatabaseException e) { + throw new AuthenticationException("No MOASession found with Id="+moaSessionID, null); + + } catch(HibernateException e) { + Logger.warn("Error during database saveOrUpdate. Rollback.", e); + tx.rollback(); + throw new AuthenticationException("SSO Session information can not be stored! --> SSO is deactivated", null); + } + } + + public static AuthenticationSession getSession(String sessionID) throws MOADatabaseException { try { @@ -181,6 +284,49 @@ public class AuthenticationSessionStoreage { } } + public static boolean isValidSessionWithSSOID(String SSOId, String moaSessionId) { + + MiscUtil.assertNotNull(SSOId, "moasessionID"); + Logger.trace("Get authenticated session with SSOID " + SSOId + " from database."); + Session session = HibernateUtil.getCurrentSession(); + + List<AuthenticatedSessionStore> result; + + synchronized (session) { + session.beginTransaction(); + Query query = session.getNamedQuery("getSessionWithSSOID"); + query.setString("sessionid", SSOId); + result = query.list(); + + //send transaction + session.getTransaction().commit(); + } + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() != 1) { + Logger.trace("No entries found."); + return false; + + } else { + AuthenticatedSessionStore dbsession = result.get(0); + + + if (dbsession.getSessionid().equals(moaSessionId) && dbsession.isAuthenticated()) { + Log.info("Found SSO Session Cookie for MOA Session =" + moaSessionId); + return true; + + } else { + Log.warn("Found SSO Session with ID="+ dbsession.getSessionid() + + " but this Session does not match to MOA Sesson ID=" + moaSessionId); + } + + return false; + } + + } + public static void clean(long now, long authDataTimeOut) { Date expioredate = new Date(now - authDataTimeOut); |