aboutsummaryrefslogtreecommitdiff
path: root/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2016-02-24 17:25:47 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2016-02-24 17:25:47 +0100
commitf75314c2a1f8eb09f54a5ca912e67a4b1a932f6f (patch)
tree5b0215e5d349ece6e72c4c7c281de06f9bb5b4a2 /id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv
parent897fb60b521e647e15fbca4501066b11032558b6 (diff)
downloadmoa-id-spss-f75314c2a1f8eb09f54a5ca912e67a4b1a932f6f.tar.gz
moa-id-spss-f75314c2a1f8eb09f54a5ca912e67a4b1a932f6f.tar.bz2
moa-id-spss-f75314c2a1f8eb09f54a5ca912e67a4b1a932f6f.zip
update SSO session-transfer modul
Diffstat (limited to 'id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv')
-rw-r--r--id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferGUIServlet.java148
-rw-r--r--id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java45
-rw-r--r--id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/TransferToSmartPhoneServlet.java100
-rw-r--r--id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java1
4 files changed, 46 insertions, 248 deletions
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferGUIServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferGUIServlet.java
deleted file mode 100644
index 0bc4a4839..000000000
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferGUIServlet.java
+++ /dev/null
@@ -1,148 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth.modules.ssotransfer.servlet;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.util.Date;
-
-import javax.servlet.ServletException;
-import javax.servlet.annotation.WebServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.velocity.VelocityContext;
-
-import com.google.gson.JsonObject;
-
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants;
-import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils;
-import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils;
-import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.moduls.SSOManager;
-import at.gv.egovernment.moa.id.storage.AssertionStorage;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.util.HTTPUtils;
-import at.gv.egovernment.moa.id.util.Random;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.Base64Utils;
-import at.gv.egovernment.moa.util.MiscUtil;
-import net.glxn.qrgen.QRCode;
-import net.glxn.qrgen.image.ImageType;
-
-
-
-/**
- * @author tlenz
- *
- */
-@WebServlet(name = "SSOTransferGUI", value = "/TransferSSOSession")
-public class SSOTransferGUIServlet extends AuthServlet {
-
- private static final long serialVersionUID = 3974201828186450839L;
-
- public SSOTransferGUIServlet() {
- super();
- Logger.debug("Registering servlet " + getClass().getName() + " with mapping '/TransferSSOSession'.");
- }
-
- protected void doGet(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
- super.doGet(req, resp);
-
- //search SSO session
- SSOManager ssomanager = SSOManager.getInstance();
- String ssoid = ssomanager.getSSOSessionID(req);
-
- VelocityContext context = new VelocityContext();
-
- try {
- if (ssomanager.isValidSSOSession(ssoid, null)) {
- Object createQRObj = req.getParameter(SSOTransferConstants.REQ_PARAM_GENERATE_QR);
- if (createQRObj != null && createQRObj instanceof Integer) {
-
-
-
- } else {
- //create first step of SSO Transfer GUI
- String authURL = HTTPUtils.extractAuthURLFromRequest(req);
- if (!AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix().
- contains(authURL)) {
- Logger.warn("Requested URL is not allowed.");;
- resp.sendError(500, "Requested URL is not allowed.");
-
- }
-
- String moaSessionID = AuthenticationSessionStoreage.getMOASessionSSOID(ssoid);
- if (MiscUtil.isNotEmpty(moaSessionID)) {
- AuthenticationSession authSession = AuthenticationSessionStoreage
- .getSession(moaSessionID);
- if(authSession != null) {
- Date now = new Date();
- String encodedSSOContainer = SSOContainerUtils.generateSignedAndEncryptedSSOContainer(authURL, authSession, now);
-
- String token = Random.nextRandom();
- AssertionStorage.getInstance().put(token, encodedSSOContainer);
-
- String containerURL = authURL
- + SSOTransferConstants.SERVLET_SSOTRANSFER_TO_SMARTPHONE
- + "?"+ SSOTransferConstants.REQ_PARAM_TOKEN + "=" + token;
-
- JsonObject qrResult = new JsonObject();
- qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_TYPE,
- SSOTransferConstants.SSOCONTAINER_VALUE_TYPE_PERSIST);
- qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_URL, containerURL);
-
- ByteArrayOutputStream qrStream =
- QRCode.from(qrResult.toString()).to(ImageType.GIF).withSize(300, 300).stream();
- String base64EncodedImage = Base64Utils.encode(qrStream.toByteArray());
- context.put("QRImage", base64EncodedImage);
-
- context.put("successMsg", "Scan the QR-Code with your <i>SSO-Transfer App</i> to start the transfer operation.");
-
- GUIUtils.printSSOTransferGUI(context, resp);
-
- }
- }
- }
-
- } else {
- context.put("errorMsg",
- "No active Single Sign-On session found! SSO Session transfer is not possible.");
- GUIUtils.printSSOTransferGUI(context, resp);
- }
-
- } catch (MOAIDException | MOADatabaseException e) {
- e.printStackTrace();
- resp.sendError(500, e.getMessage());
-
- }
-
- }
-
-
-}
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java
index b53916338..0b3bd892a 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java
@@ -27,11 +27,15 @@ import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.lang.StringEscapeUtils;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
+import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.servlet.AbstractProcessEngineSignalController;
+import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.logging.Logger;
/**
@@ -53,4 +57,45 @@ public class SSOTransferSignalServlet extends AbstractProcessEngineSignalControl
signalProcessManagement(req, resp);
}
+
+ @Override
+ protected void signalProcessManagement(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+ String pendingRequestID = StringEscapeUtils.escapeHtml(getPendingRequestId(req));
+
+ try {
+ if (pendingRequestID == null) {
+ throw new IllegalStateException("Unable to determine MOA pending-request id.");
+ }
+
+ IRequest pendingReq = requestStorage.getPendingRequest(pendingRequestID);
+ if (pendingReq == null) {
+ Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");
+ throw new MOAIDException("auth.28", new Object[]{pendingRequestID});
+
+ }
+
+ //add transactionID and unique sessionID to Logger
+ TransactionIDUtils.setSessionId(pendingReq.getUniqueSessionIdentifier());
+ TransactionIDUtils.setTransactionId(pendingReq.getUniqueTransactionIdentifier());
+
+ // process instance is mandatory
+ if (pendingReq.getProcessInstanceId() == null) {
+ throw new IllegalStateException("MOA session does not provide process instance id.");
+ }
+
+ // wake up next task
+ processEngine.signal(pendingReq);
+
+ } catch (Exception ex) {
+ handleError(null, ex, req, resp, pendingRequestID);
+
+ } finally {
+ //MOASessionDBUtils.closeSession();
+ TransactionIDUtils.removeTransactionId();
+ TransactionIDUtils.removeSessionId();
+
+ }
+
+
+ }
}
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/TransferToSmartPhoneServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/TransferToSmartPhoneServlet.java
deleted file mode 100644
index 8ea15f985..000000000
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/TransferToSmartPhoneServlet.java
+++ /dev/null
@@ -1,100 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth.modules.ssotransfer.servlet;
-
-import java.io.IOException;
-import java.io.PrintWriter;
-
-import javax.servlet.ServletException;
-import javax.servlet.annotation.WebServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants;
-import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.storage.AssertionStorage;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-/**
- * @author tlenz
- *
- */
-@WebServlet(name = "SendSSOSessionEndpoint", value = "/TransmitSSOSession")
-public class TransferToSmartPhoneServlet extends AuthServlet {
-
- private static final long serialVersionUID = 4323605569040872262L;
-
- private static final long transmisionTimeOut = 90 * 1000; // default 90 secundes
-
- public TransferToSmartPhoneServlet() {
- super();
- Logger.debug("Registering servlet " + getClass().getName() + " with mapping '/TransmitSSOSession'.");
- }
-
- protected void doGet(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
- super.doGet(req, resp);
-
- Object tokenObj = req.getParameter(SSOTransferConstants.REQ_PARAM_TOKEN);
- if (tokenObj != null && tokenObj instanceof String) {
- String token = (String)tokenObj;
- try {
- String signedEncSession = AssertionStorage.getInstance().get(token, String.class, transmisionTimeOut);
- if (MiscUtil.isNotEmpty(signedEncSession)) {
- resp.setContentType("text/html;charset=UTF-8");
- PrintWriter out = new PrintWriter(resp.getOutputStream());
- out.print(signedEncSession);
- out.flush();
-
- } else {
- Logger.info("Servlet " + getClass().getName() + " receive a token:" +
- token + ", which references an empty data object.");
- resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Empty data object.");
-
- }
-
- } catch (MOADatabaseException e) {
- Logger.info("Servlet " + getClass().getName() + " receive a token:" +
- token + ", which is UNKNOWN.");
- resp.sendError(HttpServletResponse.SC_NOT_FOUND, "Transfer token is UNKOWN:");
-
-
- } catch (AuthenticationException e) {
- Logger.info("Servlet " + getClass().getName() + " receive a token:" +
- token + ", which has a timeout.");
- resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Single Sign-On session transfer token is not valid any more.");
-
- }
-
- } else {
- Logger.info("Servlet " + getClass().getName() + " receive a NOT valid request.");
- resp.sendError(HttpServletResponse.SC_NOT_FOUND, "Request not valid.");
-
- }
-
- }
-
-}
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
index 6ba29fe3a..1d37b916c 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
@@ -131,6 +131,7 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask {
}
executionContext.put(SSOTransferConstants.FLAG_SSO_SESSION_RESTORED, true);
+ executionContext.put("sessionRestoreFinished", false);
} else {
Logger.info("Received SSO session-data is from IDP: " + entityID