diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java | 50 |
1 files changed, 34 insertions, 16 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index 4c5b82db8..a453010da 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -11,11 +11,14 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; +import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.AuthenticationManager; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IModulInfo; @@ -58,6 +61,10 @@ public class DispatcherServlet extends AuthServlet{ protected void processRequest(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { + + boolean isValidSSOSession = false; + boolean useSSOOA = false; + try { Logger.info("REQUEST: " + req.getRequestURI()); Logger.info("QUERY : " + req.getQueryString()); @@ -191,10 +198,19 @@ public class DispatcherServlet extends AuthServlet{ return; } + //load Parameters from OnlineApplicationConfiguration + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(protocolRequest.getOAURL()); + if (oaParam == null) { + //TODO: Find a better place for this!! + req.getSession().invalidate(); + throw new AuthenticationException("auth.00", new Object[] { protocolRequest.getOAURL() }); + } + RequestStorage.setPendingRequest(httpSession, protocolRequest); AuthenticationManager authmanager = AuthenticationManager.getInstance(); - + SSOManager ssomanager = SSOManager.getInstance(); //get SSO Cookie for Request @@ -215,10 +231,8 @@ public class DispatcherServlet extends AuthServlet{ } } - boolean isValidSSOSession = ssomanager.isValidSSOSession(ssoId, req); - - //TODO: load useSSO from config! - boolean useSSOOA = true; + isValidSSOSession = ssomanager.isValidSSOSession(ssoId, req); + useSSOOA = oaParam.useSSO(); if (protocolRequest.isPassiv() && protocolRequest.forceAuth()) { @@ -257,22 +271,26 @@ public class DispatcherServlet extends AuthServlet{ moduleAction.processRequest(protocolRequest, req, resp); - //save SSO session usage in Database - String moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(), - AuthenticationManager.MOA_SESSION, null); + RequestStorage.removePendingRequest(httpSession); + + if (useSSOOA || isValidSSOSession) { + //save SSO session usage in Database + String moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(), + AuthenticationManager.MOA_SESSION, null); - String newSSOSessionId = ssomanager.storeSSOSessionInformations(moasessionID, protocolRequest.getOAURL()); + String newSSOSessionId = ssomanager.storeSSOSessionInformations(moasessionID, protocolRequest.getOAURL()); - if (newSSOSessionId != null) { - ssomanager.setSSOSessionID(req, resp, newSSOSessionId); + if (newSSOSessionId != null) { + ssomanager.setSSOSessionID(req, resp, newSSOSessionId); + + } else { + ssomanager.deleteSSOSessionID(req, resp); + } } else { - ssomanager.deleteSSOSessionID(req, resp); + authmanager.logout(req, resp); } - - RequestStorage.removePendingRequest(httpSession); - - + //authmanager.logout(req, resp); } catch (Throwable e) { |