diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java')
| -rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java | 23 |
1 files changed, 13 insertions, 10 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index c993290e9..5342cd0d3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -188,7 +188,8 @@ public class DispatcherServlet extends AuthServlet { // check if pending request is same protocol and action if (!protocolRequest.requestedModule().equals(module) || !protocolRequest.requestedAction() - .equals(action)) { + .equals(action) + || !info.validate(req, resp, protocolRequest)) { resp.sendError(HttpServletResponse.SC_CONFLICT); Logger.error("Different Request is pending in this session!"); return; @@ -210,7 +211,9 @@ public class DispatcherServlet extends AuthServlet { } RequestStorage.setPendingRequest(httpSession, protocolRequest); - + + AuthenticationManager authmanager = AuthenticationManager.getInstance(); + if (moduleAction.needAuthentication(protocolRequest, req, resp)) { if (protocolRequest.isPassiv() && protocolRequest.forceAuth()) { @@ -219,30 +222,30 @@ public class DispatcherServlet extends AuthServlet { } if (protocolRequest.forceAuth()) { - if (!AuthenticationManager.tryPerformAuthentication( + if (!authmanager.tryPerformAuthentication( req, resp)) { - AuthenticationManager.doAuthentication(req, resp, + authmanager.doAuthentication(req, resp, protocolRequest); return; } } else if (protocolRequest.isPassiv()) { - if (AuthenticationManager.tryPerformAuthentication(req, + if (authmanager.tryPerformAuthentication(req, resp) - || AuthenticationManager.isAuthenticated(req, + || authmanager.isAuthenticated(req, resp)) { // Passive authentication ok! } else { throw new NoPassivAuthenticationException(); } } else { - if (AuthenticationManager.tryPerformAuthentication(req, + if (authmanager.tryPerformAuthentication(req, resp) - || AuthenticationManager.isAuthenticated(req, + || authmanager.isAuthenticated(req, resp)) { // Is authenticated .. proceed } else { // Start authentication! - AuthenticationManager.doAuthentication(req, resp, + authmanager.doAuthentication(req, resp, protocolRequest); return; } @@ -253,7 +256,7 @@ public class DispatcherServlet extends AuthServlet { RequestStorage.removePendingRequest(httpSession); - AuthenticationManager.logout(req, resp); + authmanager.logout(req, resp); } catch (Throwable e) { e.printStackTrace(); |