aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java176
1 files changed, 0 insertions, 176 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java
deleted file mode 100644
index 064431a6b..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java
+++ /dev/null
@@ -1,176 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-package at.gv.egovernment.moa.id.auth.servlet;
-
-import java.io.IOException;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.lang.StringEscapeUtils;
-
-import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
-import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.moduls.ModulUtils;
-import at.gv.egovernment.moa.id.moduls.RequestStorage;
-import at.gv.egovernment.moa.id.moduls.SSOManager;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-public class SSOSendAssertionServlet extends AuthServlet{
-
- private static final long serialVersionUID = 1L;
-
- private static final String PARAM = "value";
- private static final String MODULE = "mod";
- private static final String ACTION = "action";
- private static final String ID = "identifier";
-
- protected void doPost(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
-
- String id = null;
- Logger.debug("Receive " + SSOSendAssertionServlet.class + " Request");
- try {
-
- Object idObject = req.getParameter(ID);
-
- if (idObject != null && (idObject instanceof String)) {
- id = (String) idObject;
- }
-
- String value = req.getParameter(PARAM);
- value = StringEscapeUtils.escapeHtml(value);
- if (!ParamValidatorUtils.isValidUseMandate(value))
- throw new WrongParametersException("SSOSendAssertionServlet", PARAM, null);
-
- //get module and action
- Object moduleObject = req.getParameter(MODULE);
- String module = null;
- if (moduleObject != null && (moduleObject instanceof String)) {
- module = (String) moduleObject;
- }
-
-
- Object actionObject = req.getParameter(ACTION);
- String action = null;
- if (actionObject != null && (actionObject instanceof String)) {
- action = (String) actionObject;
- }
-
- if (MiscUtil.isEmpty(module) || MiscUtil.isEmpty(action) || MiscUtil.isEmpty(id)) {
- Logger.warn("No Moduel or Action parameter received!");
- throw new WrongParametersException("Module or Action is empty", "", "auth.10");
- }
-
-
- SSOManager ssomanager = SSOManager.getInstance();
- //get SSO Cookie for Request
- String ssoId = ssomanager.getSSOSessionID(req);
-
- //check SSO session
- if (ssoId != null) {
- String correspondingMOASession = ssomanager.existsOldSSOSession(ssoId);
-
- if (correspondingMOASession != null) {
- Logger.warn("Request sends an old SSO Session ID("+ssoId+")! " +
- "Invalidate the corresponding MOASession with ID="+ correspondingMOASession);
-
-
- AuthenticationSessionStoreage.destroySession(correspondingMOASession);
-
- ssomanager.deleteSSOSessionID(req, resp);
- }
- }
-
- boolean isValidSSOSession = ssomanager.isValidSSOSession(ssoId, null);
-
- String moaSessionID = null;
-
- if (isValidSSOSession) {
-
-
- //check UseMandate flag
- String valueString = null;;
- if ((value != null) && (value.compareTo("") != 0)) {
- valueString = value;
- } else {
- valueString = "false";
- }
-
- if (valueString.compareToIgnoreCase("true") == 0) {
- moaSessionID = AuthenticationSessionStoreage.getMOASessionSSOID(ssoId);
- AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moaSessionID);
- AuthenticationSessionStoreage.setAuthenticated(moaSessionID, true);
-
- //log event
- //String pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID);
- IRequest pendingReq = RequestStorage.getPendingRequest(id);
- MOAReversionLogger.getInstance().logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_FINISHED);
-
- String redirectURL = new DataURLBuilder().buildDataURL(moasession.getAuthURL(),
- ModulUtils.buildAuthURL(module, action, id), "");
-
- resp.setContentType("text/html");
- resp.setStatus(302);
-
-
- resp.addHeader("Location", redirectURL);
- Logger.debug("REDIRECT TO: " + redirectURL);
-
- }
-
- else {
- throw new AuthenticationException("auth.21", new Object[] {});
- }
-
- } else {
- handleError("SSO Session is not valid", null, req, resp, id);
- }
-
-
- } catch (MOADatabaseException e) {
- handleError("SSO Session is not found", e, req, resp, id);
-
- } catch (WrongParametersException e) {
- handleError("Parameter is not valid", e, req, resp, id);
-
- } catch (AuthenticationException e) {
- handleError(e.getMessage(), e, req, resp, id);
-
- } catch (Exception e) {
- Logger.error("SSOSendAssertion has an interal Error.", e);
- }
-
- }
-
-}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-18 12:06:18 +0000