First untested part: Refactor authentication modules and process management to Spring

author: Thomas Lenz <tlenz@iaik.tugraz.at> 2016-02-15 18:12:06 +0100
committer: Thomas Lenz <tlenz@iaik.tugraz.at> 2016-02-15 18:12:06 +0100
commit: 1b7401488933f031a68dfe929b25db86279b52d2 (patch)
tree: 5b6126d66845e97d962e080396b740b2935deb07 /id/server/modules/moa-id-module-openID
parent: ff8ae7727e4de105a1179288b129429a29bc07ca (diff)
download: moa-id-spss-1b7401488933f031a68dfe929b25db86279b52d2.tar.gz
moa-id-spss-1b7401488933f031a68dfe929b25db86279b52d2.tar.bz2
moa-id-spss-1b7401488933f031a68dfe929b25db86279b52d2.zip
6 files changed, 102 insertions, 26 deletions
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
index 88e26da76..fcde874b4 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
@@ -30,6 +30,9 @@ import java.util.UUID;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
@@ -51,20 +54,23 @@ import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ServerErrorE
 import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuth20SignatureUtil;
 import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuthJsonToken;
 import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuthSigner;
-import at.gv.egovernment.moa.id.storage.AssertionStorage;
+import at.gv.egovernment.moa.id.storage.ITransactionStorage;
 import at.gv.egovernment.moa.id.util.Random;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
 
+@Service("OAuth20AuthAction")
 class OAuth20AuthAction implements IAction {
 	
+	@Autowired protected MOAReversionLogger revisionsLogger;
+	@Autowired protected ITransactionStorage transactionStorage;
+	
 	public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp,
 			IAuthData authData) throws MOAIDException {
 		
 		OAuth20AuthRequest oAuthRequest = (OAuth20AuthRequest) req;		
 		String responseType = oAuthRequest.getResponseType();
 		
-		MOAReversionLogger.getInstance().logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_OPENIDCONNECT_AUTHREQUEST);
+		revisionsLogger.logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_OPENIDCONNECT_AUTHREQUEST);
 		
 		String code = Random.nextRandom();		
 				
@@ -87,7 +93,7 @@ class OAuth20AuthAction implements IAction {
 			}
 			
 			// store data in oath session			
-			AssertionStorage.getInstance().put(code, o);
+			transactionStorage.put(code, o);
 			
 			Logger.debug("Saved OAuth20SessionObject in session with id: " + code);
 			
@@ -113,8 +119,8 @@ class OAuth20AuthAction implements IAction {
 			Logger.warn("An error occur during OpenID-Connect idToken generation.", e);
 			
 			//remove OAuthSessionObject if it already exists
-			if (AssertionStorage.getInstance().containsKey(code)) {
-				AssertionStorage.getInstance().remove(code);
+			if (transactionStorage.containsKey(code)) {
+				transactionStorage.remove(code);
 			}
 			
 			if (e instanceof OAuth20Exception) {
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
index e5d8db873..ecef9b0a3 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
@@ -34,6 +34,7 @@ import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.config.ConfigurationException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util;
 import at.gv.egovernment.moa.id.protocols.oauth20.attributes.OAuth20AttributeBuilder;
@@ -43,7 +44,6 @@ import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ResponseType
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
 import at.gv.egovernment.moa.logging.Logger;
 
 public class OAuth20AuthRequest extends OAuth20BaseRequest {
@@ -55,6 +55,12 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest {
 	public OAuth20AuthRequest(HttpServletRequest req)
 			throws ConfigurationException {
 		super(req);
+				
+		//AuthnRequest needs authentication
+		this.setNeedAuthentication(true);
+
+		//set protocol action, which should be executed after authentication
+		this.setAction(OAuth20AuthAction.class.getName());
 	}
 
 	private static final long serialVersionUID = 1L;
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
index 5fcac0b2f..5906964a4 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
@@ -81,7 +81,6 @@ abstract class OAuth20BaseRequest extends RequestImpl {
 			if (oaParam == null) {
 				throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
 			}
-			this.setTarget(oaParam.getTarget());
 			
 			if (StringUtils.isEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTSECRET)) 
 					|| StringUtils.isEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))
@@ -120,7 +119,7 @@ abstract class OAuth20BaseRequest extends RequestImpl {
 	
 	protected abstract void populateSpecialParameters(final HttpServletRequest request) throws OAuth20Exception;
 	
-	public static OAuth20BaseRequest newInstance(final String action, final HttpServletRequest request, String sessionId, String transactionId) throws OAuth20Exception {
+	public static OAuth20BaseRequest newInstance(final String action, final HttpServletRequest request) throws OAuth20Exception {
 		OAuth20BaseRequest res;
 		try {
 			if (action.equals(OAuth20Protocol.AUTH_ACTION)) {
@@ -139,7 +138,6 @@ abstract class OAuth20BaseRequest extends RequestImpl {
 			
 		}
 		
-		res.setAction(action);
 		res.setModule(OAuth20Protocol.NAME);
 		
 		res.populateParameters(request);
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
index 70c29359e..52204d7f6 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
@@ -1,6 +1,8 @@
 package at.gv.egovernment.moa.id.protocols.oauth20.protocol;
 
+import java.io.IOException;
 import java.net.URLEncoder;
+import java.util.Arrays;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -9,12 +11,18 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.apache.commons.lang.StringUtils;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+
+import com.google.gson.JsonObject;
 
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException;
 import at.gv.egovernment.moa.id.moduls.IAction;
-import at.gv.egovernment.moa.id.moduls.IModulInfo;
 import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.RequestImpl;
+import at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
@@ -23,11 +31,7 @@ import at.gv.egovernment.moa.id.util.ErrorResponseUtils;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
-import com.google.gson.JsonObject;
-
-import java.util.Arrays;
-
-public class OAuth20Protocol implements IModulInfo {
+public class OAuth20Protocol extends AbstractProtocolModulController {
 	
 	public static final String NAME = OAuth20Protocol.class.getName();
 	public static final String PATH = "id_oauth20";
@@ -60,16 +64,65 @@ public class OAuth20Protocol implements IModulInfo {
 		return actions.get(action);
 	}
 	
+	//OpenID Connect auth request
+	@RequestMapping(value = "/oauth2/auth", method = {RequestMethod.POST, RequestMethod.GET})
+	public void openIDConnectAuthRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException {
+		if (!authConfig.getAllowedProtocols().isOAUTHActive()) {
+			Logger.info("OpenID-Connect is deaktivated!");
+			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
+			
+		}
+		
+		//PreProcess
+		IRequest pendingReq = preProcess(req, resp, AUTH_ACTION);
+		
+		revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier());
+		revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_CREATED, pendingReq.getUniqueTransactionIdentifier());						
+		revisionsLogger.logEvent(
+				pendingReq.getUniqueSessionIdentifier(), 
+				pendingReq.getUniqueTransactionIdentifier(), 
+				MOAIDEventConstants.TRANSACTION_IP, 
+				req.getRemoteAddr());
+		
+		//process request
+		performAuthentication(req, resp, (RequestImpl)pendingReq);
+		
+	}
+	
+	//openID Connect tokken request
+	@RequestMapping(value = "/oauth2/token", method = {RequestMethod.POST, RequestMethod.GET})
+	public void OpenIDConnectTokkenRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException {
+		if (!authConfig.getAllowedProtocols().isOAUTHActive()) {
+			Logger.info("OpenID-Connect is deaktivated!");
+			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
+			
+		}
+		
+		//PreProcess
+		IRequest pendingReq = preProcess(req, resp, TOKEN_ACTION);
+		
+		revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier());
+		revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_CREATED, pendingReq.getUniqueTransactionIdentifier());						
+		revisionsLogger.logEvent(
+				pendingReq.getUniqueSessionIdentifier(), 
+				pendingReq.getUniqueTransactionIdentifier(), 
+				MOAIDEventConstants.TRANSACTION_IP, 
+				req.getRemoteAddr());
+		
+		//process request
+		performAuthentication(req, resp, (RequestImpl)pendingReq);
+		
+	}
+	
 	/*
 	 * (non-Javadoc)
 	 * @see
 	 * at.gv.egovernment.moa.id.moduls.IModulInfo#preProcess(javax.servlet.http.HttpServletRequest,
 	 * javax.servlet.http.HttpServletResponse, java.lang.String)
 	 */
-	public IRequest preProcess(HttpServletRequest request, HttpServletResponse resp, String action,
-			String sessionId, String transactionId) throws MOAIDException {
+	public IRequest preProcess(HttpServletRequest request, HttpServletResponse resp, String action) throws MOAIDException {
 		// validation is done inside creation
-		OAuth20BaseRequest res = OAuth20BaseRequest.newInstance(action, request, sessionId, transactionId);
+		OAuth20BaseRequest res = OAuth20BaseRequest.newInstance(action, request);
 		Logger.debug("Created: " + res);
 		return res;
 	}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java
index 2238a25e1..bb0126a7b 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java
@@ -26,6 +26,11 @@ package at.gv.egovernment.moa.id.protocols.oauth20.protocol;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import com.google.gson.JsonObject;
+
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
@@ -38,13 +43,15 @@ import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ServerErrorException;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20UnauthorizedClientException;
-import at.gv.egovernment.moa.id.storage.AssertionStorage;
+import at.gv.egovernment.moa.id.storage.ITransactionStorage;
 import at.gv.egovernment.moa.logging.Logger;
 
-import com.google.gson.JsonObject;
-
+@Service("OAuth20TokenAction")
 class OAuth20TokenAction implements IAction {
 	
+	@Autowired protected MOAReversionLogger revisionsLogger;
+	@Autowired protected ITransactionStorage transactionStorage;
+	
 	public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp,
 			IAuthData authData) throws MOAIDException {
 		
@@ -53,13 +60,13 @@ class OAuth20TokenAction implements IAction {
 		try {
 			OAuth20TokenRequest oAuthRequest = (OAuth20TokenRequest) req;
 		
-			MOAReversionLogger.getInstance().logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_OPENIDCONNECT_TOKENREQUEST);
+			revisionsLogger.logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_OPENIDCONNECT_TOKENREQUEST);
 			
 			try {
 				Logger.debug("Loaded OAuth20SessionObject from session: " + oAuthRequest.getCode());
 				
 				auth20SessionObject = 
-						AssertionStorage.getInstance().get(oAuthRequest.getCode(), OAuth20SessionObject.class);
+						transactionStorage.get(oAuthRequest.getCode(), OAuth20SessionObject.class);
 			
 			} catch (MOADatabaseException e) {
 				throw new OAuth20UnauthorizedClientException();
@@ -97,7 +104,7 @@ class OAuth20TokenAction implements IAction {
 				// destroy session for clean up
 
 				Logger.debug("Going to destroy session: " + auth20SessionObject.getCode());
-				AssertionStorage.getInstance().remove(auth20SessionObject.getCode());
+				transactionStorage.remove(auth20SessionObject.getCode());
 
 			}
 		}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
index abfe4ce15..9b0ee099e 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
@@ -48,6 +48,12 @@ class OAuth20TokenRequest extends OAuth20BaseRequest {
 	public OAuth20TokenRequest(HttpServletRequest req)
 			throws ConfigurationException {
 		super(req);
+		
+		//AuthnRequest needs authentication
+		this.setNeedAuthentication(false);
+
+		//set protocol action, which should be executed after authentication
+		this.setAction(OAuth20TokenAction.class.getName());
 	}
 
 	private static final long serialVersionUID = 1L;
author	Thomas Lenz <tlenz@iaik.tugraz.at>	2016-02-15 18:12:06 +0100
committer	Thomas Lenz <tlenz@iaik.tugraz.at>	2016-02-15 18:12:06 +0100
commit	1b7401488933f031a68dfe929b25db86279b52d2 (patch)
tree	5b6126d66845e97d962e080396b740b2935deb07 /id/server/modules/moa-id-module-openID
parent	ff8ae7727e4de105a1179288b129429a29bc07ca (diff)
download	moa-id-spss-1b7401488933f031a68dfe929b25db86279b52d2.tar.gz moa-id-spss-1b7401488933f031a68dfe929b25db86279b52d2.tar.bz2 moa-id-spss-1b7401488933f031a68dfe929b25db86279b52d2.zip