1 files changed, 35 insertions, 12 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java
index 466364adb..5aa3a691f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java
@@ -25,14 +25,18 @@ package at.gv.egovernment.moa.id.auth.servlet.interceptor;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.commons.lang3.StringUtils;
+import org.apache.commons.text.StringEscapeUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.servlet.HandlerInterceptor;
 import org.springframework.web.servlet.ModelAndView;
 
-import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
-import at.gv.egovernment.moa.id.commons.MOAIDConstants;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.IRequestStorage;
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
+import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils;
 import at.gv.egovernment.moa.id.moduls.SSOManager;
-import at.gv.egovernment.moa.id.util.Random;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 /**
@@ -41,7 +45,9 @@ import at.gv.egovernment.moa.util.MiscUtil;
  */
 public class UniqueSessionIdentifierInterceptor implements HandlerInterceptor {
 
-	@Autowired private SSOManager ssomanager;
+	@Autowired private IRequestStorage requestStorage;
+	@Autowired(required=false) private SSOManager ssomanager;
+	
 	
 	/* (non-Javadoc)
 	 * @see org.springframework.web.servlet.HandlerInterceptor#preHandle(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.Object)
@@ -50,18 +56,35 @@ public class UniqueSessionIdentifierInterceptor implements HandlerInterceptor {
 	public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
 			throws Exception {
 		
-		//get SSO Cookie for Request
-		String ssoId = ssomanager.getSSOSessionID(request);
+		String uniqueSessionIdentifier = null;
 		
-		//search for unique session identifier
-		String uniqueSessionIdentifier = ssomanager.getUniqueSessionIdentifier(ssoId);											
-		if (MiscUtil.isEmpty(uniqueSessionIdentifier))
-			uniqueSessionIdentifier = Random.nextRandom();
+		//if SSOManager is available, search SessionIdentifier in SSO session
+		if (ssomanager != null) {
+			String ssoId = ssomanager.getSSOSessionID(request);			
+			uniqueSessionIdentifier = ssomanager.getUniqueSessionIdentifier(ssoId);
+			
+		}
 		
-		TransactionIDUtils.setSessionId(uniqueSessionIdentifier);		
-		request.setAttribute(MOAIDConstants.UNIQUESESSIONIDENTIFIER, uniqueSessionIdentifier);
+		// search SessionIdentifier in PendingRequest if available
+		if (MiscUtil.isEmpty(uniqueSessionIdentifier)) {
+			String pendingReqId = StringEscapeUtils.escapeHtml4(
+					request.getParameter(EAAFConstants.PARAM_HTTP_TARGET_PENDINGREQUESTID));			
+			if (StringUtils.isNotEmpty(pendingReqId)) {
+				IRequest pendingReq = requestStorage.getPendingRequest(pendingReqId);
+				if (pendingReq != null)
+					uniqueSessionIdentifier = pendingReq.getUniqueSessionIdentifier();
+				
+			}						
+		}
+		
+		//if NO SSOSession and no PendingRequest create new SessionIdentifier
+		if (StringUtils.isEmpty(uniqueSessionIdentifier))
+			uniqueSessionIdentifier = Random.nextHexRandom16();
 		
+		TransactionIDUtils.setSessionId(uniqueSessionIdentifier);		
+		request.setAttribute(EAAFConstants.UNIQUESESSIONIDENTIFIER, uniqueSessionIdentifier);		
 		return true; 
+		
 	}
 
 	/* (non-Javadoc)