aboutsummaryrefslogtreecommitdiff
path: root/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2016-02-18 11:02:55 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2016-02-18 11:02:55 +0100
commitc9370266c7553db65e9d18f7fe2a0230ab94d912 (patch)
tree041eaa2f9b715205bf377b586d4e8381887b2951 /id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment
parent98cdf5c84739362a2d41702f538c370fa3d2c86e (diff)
downloadmoa-id-spss-c9370266c7553db65e9d18f7fe2a0230ab94d912.tar.gz
moa-id-spss-c9370266c7553db65e9d18f7fe2a0230ab94d912.tar.bz2
moa-id-spss-c9370266c7553db65e9d18f7fe2a0230ab94d912.zip
refactor authentication process to use service-provider configuration from pending-request
Diffstat (limited to 'id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment')
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java6
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java51
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java146
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java32
4 files changed, 121 insertions, 114 deletions
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
index b4c8c37d4..61a73335c 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
@@ -35,8 +35,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.data.SLOInformationImpl;
import at.gv.egovernment.moa.id.data.SLOInformationInterface;
@@ -73,8 +72,7 @@ public class GetArtifactAction implements IAction {
}
try {
- OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance()
- .getOnlineApplicationParameter(oaURL);
+ IOAAuthParameters oaParam = req.getOnlineApplicationConfiguration();
// add other stork attributes to MOA assertion if available
IPersonalAttributeList storkAttributes = authData.getGenericData(
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index 1d06bb48a..5eb39880e 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -58,7 +58,7 @@ import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser;
import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.config.auth.data.SAML1ConfigurationParameters;
import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.id.moduls.IRequest;
@@ -100,20 +100,23 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
samlArtifact, ex.toString() });
}
Throwable error = null;
- //synchronized (authenticationDataStore) {
- try {
- error = authenticationDataStore
- .get(samlArtifact, Throwable.class);
+ try {
+ error = authenticationDataStore
+ .get(samlArtifact, Throwable.class);
- authenticationDataStore.remove(samlArtifact);
-
- } catch (MOADatabaseException e) {
+ if (error == null) {
Logger.error("Assertion not found for SAML Artifact: " + samlArtifact);
throw new AuthenticationException("1206", new Object[] { samlArtifact });
+
}
+
+ authenticationDataStore.remove(samlArtifact);
+
+ } catch (MOADatabaseException e) {
+ Logger.error("Assertion not found for SAML Artifact: " + samlArtifact);
+ throw new AuthenticationException("1206", new Object[] { samlArtifact });
+ }
- //}
-
return error;
}
@@ -170,22 +173,24 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
throw new AuthenticationException("1205", new Object[] {
samlArtifact, ex.toString() });
}
- String authData = null;
- //synchronized (authenticationDataStore) {
- // System.out.println("assertionHandle: " + assertionHandle);
-
- try {
- authData = authenticationDataStore
- .get(samlArtifact, String.class, authDataTimeOut);
+ String authData = null;
+ try {
+ authData = authenticationDataStore
+ .get(samlArtifact, String.class, authDataTimeOut);
- } catch (MOADatabaseException e) {
+ if (authData == null) {
Logger.error("Assertion not found for SAML Artifact: " + samlArtifact);
throw new AuthenticationException("1206", new Object[] { samlArtifact });
- }
- //}
+
+ }
- authenticationDataStore.remove(samlArtifact);
+ } catch (MOADatabaseException e) {
+ Logger.error("Assertion not found for SAML Artifact: " + samlArtifact);
+ throw new AuthenticationException("1206", new Object[] { samlArtifact });
+ }
+
+ authenticationDataStore.remove(samlArtifact);
Logger.debug("Assertion delivered for SAML Artifact: " + samlArtifact);
return authData;
@@ -203,7 +208,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
return samlArtifact;
}
- public String BuildSAMLArtifact(OAAuthParameter oaParam,
+ public String BuildSAMLArtifact(IOAAuthParameters oaParam,
SAML1AuthenticationData authData, String sourceID)
throws ConfigurationException, BuildException, AuthenticationException {
@@ -428,7 +433,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
}
- private String generateMandateDate(OAAuthParameter oaParam, AuthenticationData authData
+ private String generateMandateDate(IOAAuthParameters oaParam, AuthenticationData authData
) throws AuthenticationException, BuildException,
ParseException, ConfigurationException, ServiceException,
ValidateException {
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
index 417bf4dc9..3facdb50f 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -58,8 +58,8 @@ public class SAML1Protocol extends AbstractProtocolModulController {
@Autowired private SAML1AuthenticationServer saml1AuthServer;
- public static final String REQ_DATA_SOURCEID = "sourceID";
- public static final String REQ_DATA_TARGET = "target";
+ public static final String REQ_DATA_SOURCEID = "saml1_sourceID";
+ public static final String REQ_DATA_TARGET = "saml1_target";
public static final String NAME = SAML1Protocol.class.getName();
public static final String PATH = "id_saml1";
@@ -111,71 +111,87 @@ public class SAML1Protocol extends AbstractProtocolModulController {
public void preProcess(HttpServletRequest request,
HttpServletResponse response, SAML1RequestImpl pendingRequest) throws MOAIDException {
+ try {
+ String oaURL = (String) request.getParameter(PARAM_OA);
+ //oaURL = StringEscapeUtils.escapeHtml(oaURL);
- String oaURL = (String) request.getParameter(PARAM_OA);
- //oaURL = StringEscapeUtils.escapeHtml(oaURL);
-
- String target = (String) request.getParameter(PARAM_TARGET);
- target = StringEscapeUtils.escapeHtml(target);
-
- String sourceID = request.getParameter(PARAM_SOURCEID);
- sourceID = StringEscapeUtils.escapeHtml(sourceID);
-
- //the target parameter is used to define the OA in SAML1 standard
- if (target != null && target.startsWith("http")) {
- oaURL = target;
- target = null;
- }
-
- if (MiscUtil.isEmpty(oaURL)) {
- Logger.info("Receive SAML1 request with no OA parameter. Authentication STOPPED!");
- throw new WrongParametersException("StartAuthentication", PARAM_OA,
- "auth.12");
+ String target = (String) request.getParameter(PARAM_TARGET);
+ target = StringEscapeUtils.escapeHtml(target);
- }
-
- if (!ParamValidatorUtils.isValidOA(oaURL))
- throw new WrongParametersException("StartAuthentication", PARAM_OA,
- "auth.12");
-
- pendingRequest.setOAURL(oaURL);
-
- Logger.info("Dispatch SAML1 Request: OAURL=" + oaURL);
-
- if (!ParamValidatorUtils.isValidSourceID(sourceID))
- throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12");
-
-
- //load Target only from OA config
- OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance()
- .getOnlineApplicationParameter(oaURL);
-
- if (oaParam == null)
- throw new InvalidProtocolRequestException("auth.00",
- new Object[] { null });
+ String sourceID = request.getParameter(PARAM_SOURCEID);
+ sourceID = StringEscapeUtils.escapeHtml(sourceID);
+
+ //the target parameter is used to define the OA in SAML1 standard
+ if (target != null && target.startsWith("http")) {
+ oaURL = target;
+ target = null;
+ }
+
+ if (MiscUtil.isEmpty(oaURL)) {
+ Logger.info("Receive SAML1 request with no OA parameter. Authentication STOPPED!");
+ throw new WrongParametersException("StartAuthentication", PARAM_OA,
+ "auth.12");
+
+ }
+
+ if (!ParamValidatorUtils.isValidOA(oaURL))
+ throw new WrongParametersException("StartAuthentication", PARAM_OA,
+ "auth.12");
+
+ pendingRequest.setOAURL(oaURL);
+
+ Logger.info("Dispatch SAML1 Request: OAURL=" + oaURL);
+
+ if (!ParamValidatorUtils.isValidSourceID(sourceID))
+ throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12");
+
+
+ //load Target only from OA config
+ OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance()
+ .getOnlineApplicationParameter(oaURL);
+
+ if (oaParam == null)
+ throw new InvalidProtocolRequestException("auth.00",
+ new Object[] { null });
+
+ SAML1ConfigurationParameters saml1 = oaParam.getSAML1Parameter();
+ if (saml1 == null || !(saml1.isIsActive() != null && saml1.isIsActive()) ) {
+ Logger.info("Online-Application " + oaURL + " can not use SAML1 for authentication.");
+ throw new InvalidProtocolRequestException("auth.00",
+ new Object[] { null });
+ }
+ pendingRequest.setOnlineApplicationConfiguration(oaParam);
+
+
+ //check and set SourceID
+ if (oaParam.getSAML1Parameter() != null &&
+ MiscUtil.isNotEmpty(oaParam.getSAML1Parameter().getSourceID())) {
+ pendingRequest.setSourceID(oaParam.getSAML1Parameter().getSourceID());
- SAML1ConfigurationParameters saml1 = oaParam.getSAML1Parameter();
- if (saml1 == null || !(saml1.isIsActive() != null && saml1.isIsActive()) ) {
- Logger.info("Online-Application " + oaURL + " can not use SAML1 for authentication.");
- throw new InvalidProtocolRequestException("auth.00",
- new Object[] { null });
+ } else
+ pendingRequest.setSourceID(sourceID);
+
+ revisionsLogger.logEvent(pendingRequest, MOAIDEventConstants.AUTHPROTOCOL_SAML1_AUTHNREQUEST);
+
+ if (MiscUtil.isNotEmpty(target))
+ pendingRequest.setGenericDataToSession(REQ_DATA_TARGET, target);
+
+ else
+ pendingRequest.setGenericDataToSession(REQ_DATA_TARGET, oaParam.getTarget());
+
+ //AuthnRequest needs authentication
+ pendingRequest.setNeedAuthentication(true);
+
+ //set protocol action, which should be executed after authentication
+ pendingRequest.setAction(AuthenticationAction.class.getName());
+
+ } catch (WrongParametersException e) {
+ throw new InvalidProtocolRequestException(e.getMessageId(), e.getParameters());
+
+ } catch (InvalidProtocolRequestException e) {
+ throw e;
+
}
- pendingRequest.setOnlineApplicationConfiguration(oaParam);
- pendingRequest.setSourceID(sourceID);
-
- revisionsLogger.logEvent(pendingRequest, MOAIDEventConstants.AUTHPROTOCOL_SAML1_AUTHNREQUEST);
-
- if (MiscUtil.isNotEmpty(target))
- pendingRequest.setGenericDataToSession(REQ_DATA_TARGET, target);
-
- else
- pendingRequest.setGenericDataToSession(REQ_DATA_TARGET, oaParam.getTarget());
-
- //AuthnRequest needs authentication
- pendingRequest.setNeedAuthentication(true);
-
- //set protocol action, which should be executed after authentication
- pendingRequest.setAction(AuthenticationAction.class.getName());
}
@@ -183,9 +199,7 @@ public class SAML1Protocol extends AbstractProtocolModulController {
HttpServletRequest request, HttpServletResponse response,
IRequest protocolRequest)
throws Throwable{
-
- OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(protocolRequest.getOAURL());
- if (!oa.getSAML1Parameter().isProvideAllErrors())
+ if (!protocolRequest.getOnlineApplicationConfiguration().getSAML1Parameter().isProvideAllErrors())
return false;
else {
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java
index 3da7cab80..5867bbac6 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java
@@ -30,13 +30,10 @@ import javax.servlet.http.HttpServletRequest;
import org.opensaml.saml2.core.Attribute;
import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.config.auth.data.SAML1ConfigurationParameters;
import at.gv.egovernment.moa.id.moduls.RequestImpl;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder;
-import at.gv.egovernment.moa.logging.Logger;
/**
* @author tlenz
@@ -81,26 +78,19 @@ public class SAML1RequestImpl extends RequestImpl {
List<String> reqAttr = new ArrayList<String>();
reqAttr.addAll(SAML1Protocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION);
- try {
- OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(getOAURL());
- SAML1ConfigurationParameters saml1 = oa.getSAML1Parameter();
- if (saml1 != null) {
- if (saml1.isProvideAUTHBlock())
- reqAttr.add(PVPConstants.EID_AUTH_BLOCK_NAME);
-
- if (saml1.isProvideCertificate())
- reqAttr.add(PVPConstants.EID_SIGNER_CERTIFICATE_NAME);
-
- if (saml1.isProvideFullMandatorData())
- reqAttr.add(PVPConstants.MANDATE_FULL_MANDATE_NAME);
- }
-
- return AttributQueryBuilder.buildSAML2AttributeList(oa, reqAttr.iterator());
+ SAML1ConfigurationParameters saml1 = this.getOnlineApplicationConfiguration().getSAML1Parameter();
+ if (saml1 != null) {
+ if (saml1.isProvideAUTHBlock())
+ reqAttr.add(PVPConstants.EID_AUTH_BLOCK_NAME);
- } catch (ConfigurationException e) {
- Logger.error("Load configuration for OA " + getOAURL() + " FAILED", e);
- return null;
+ if (saml1.isProvideCertificate())
+ reqAttr.add(PVPConstants.EID_SIGNER_CERTIFICATE_NAME);
+
+ if (saml1.isProvideFullMandatorData())
+ reqAttr.add(PVPConstants.MANDATE_FULL_MANDATE_NAME);
}
+
+ return AttributQueryBuilder.buildSAML2AttributeList(this.getOnlineApplicationConfiguration(), reqAttr.iterator());
}