diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java | 183 |
1 files changed, 105 insertions, 78 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index d587092eb..260a4fd79 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -1,12 +1,35 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ package at.gv.egovernment.moa.id.entrypoints; +import iaik.security.ecc.provider.ECCProvider; +import iaik.security.provider.IAIK; + import java.io.IOException; -import java.util.ConcurrentModificationException; -import java.util.HashMap; +import java.security.Security; import java.util.Iterator; -import java.util.List; import java.util.Map; import java.util.Set; import java.util.concurrent.ConcurrentHashMap; @@ -16,13 +39,13 @@ import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; -import javax.swing.ListModel; -import at.gv.egovernment.moa.id.AuthenticationException; -import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger; import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; -import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; @@ -36,12 +59,12 @@ import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException; import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.moduls.SSOManager; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; -import at.gv.egovernment.moa.id.storage.ExceptionStoreImpl; -import at.gv.egovernment.moa.id.util.HTTPSessionUtils; +import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.id.util.legacy.LegacyHelper; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; public class DispatcherServlet extends AuthServlet{ @@ -72,7 +95,6 @@ public class DispatcherServlet extends AuthServlet{ protected void processRequest(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { - boolean isValidSSOSession = false; boolean useSSOOA = false; String protocolRequestID = null; @@ -84,9 +106,9 @@ public class DispatcherServlet extends AuthServlet{ String errorid = req.getParameter(ERROR_CODE_PARAM); if (errorid != null) { - Throwable throwable = ExceptionStoreImpl.getStore() + Throwable throwable = DBExceptionStoreImpl.getStore() .fetchException(errorid); - ExceptionStoreImpl.getStore().removeException(errorid); + DBExceptionStoreImpl.getStore().removeException(errorid); Object idObject = req.getParameter(PARAM_TARGET_PENDINGREQUESTID); @@ -130,8 +152,14 @@ public class DispatcherServlet extends AuthServlet{ .getModuleByPath(errorRequest .requestedModule()); if (handlingModule != null) { + if (handlingModule.generateErrorMessage( throwable, req, resp, errorRequest)) { + + //log Error Message + StatisticLogger logger = StatisticLogger.getInstance(); + logger.logErrorOperation(throwable, errorRequest); + return; } } @@ -154,7 +182,7 @@ public class DispatcherServlet extends AuthServlet{ handleErrorNoRedirect("UNKOWN ERROR DETECTED!", null, req, resp); } - + return; } } @@ -228,35 +256,26 @@ public class DispatcherServlet extends AuthServlet{ Object idObject = req.getParameter(PARAM_TARGET_PENDINGREQUESTID); if (protocolRequests != null && - idObject != null && (idObject instanceof String)) { + idObject != null && (idObject instanceof String)) { + + protocolRequestID = (String) idObject; -// synchronized (protocolRequests) { - - protocolRequestID = (String) idObject; - - //get IRequest if it exits - if (protocolRequests.containsKey(protocolRequestID)) { - protocolRequest = protocolRequests.get(protocolRequestID); - - - - Logger.debug(DispatcherServlet.class.getName()+": Found PendingRequest with ID " + protocolRequestID); - - //RequestStorage.setPendingRequest(httpSession, protocolRequests); + //get IRequest if it exits + if (protocolRequests.containsKey(protocolRequestID)) { + protocolRequest = protocolRequests.get(protocolRequestID); + Logger.debug(DispatcherServlet.class.getName()+": Found PendingRequest with ID " + protocolRequestID); - } else { - Logger.error("No PendingRequest with ID " + protocolRequestID + " found.!"); + } else { + Logger.error("No PendingRequest with ID " + protocolRequestID + " found.!"); - Set<String> mapkeys = protocolRequests.keySet(); - for (String el : mapkeys) - Logger.debug("PendingRequest| ID=" + el + " OAIdentifier=" + protocolRequests.get(el)); - - handleErrorNoRedirect("Während des Anmeldevorgangs ist ein Fehler aufgetreten. Bitte versuchen Sie es noch einmal.", - null, req, resp); - //resp.sendError(HttpServletResponse.SC_CONFLICT); - return; - } -// } + Set<String> mapkeys = protocolRequests.keySet(); + for (String el : mapkeys) + Logger.debug("PendingRequest| ID=" + el + " OAIdentifier=" + protocolRequests.get(el)); + + handleErrorNoRedirect("Während des Anmeldevorgangs ist ein Fehler aufgetreten. Bitte versuchen Sie es noch einmal.", + null, req, resp); + return; + } } else { try { protocolRequest = info.preProcess(req, resp, action); @@ -265,26 +284,22 @@ public class DispatcherServlet extends AuthServlet{ if(protocolRequests != null) { -// synchronized (protocolRequests) { -// synchronized (protocolRequest) { - Set<String> mapkeys = protocolRequests.keySet(); - for (String el : mapkeys) { - IRequest value = protocolRequests.get(el); + Set<String> mapkeys = protocolRequests.keySet(); + for (String el : mapkeys) { + IRequest value = protocolRequests.get(el); + + if (value.getOAURL().equals(protocolRequest.getOAURL())) { - if (value.getOAURL().equals(protocolRequest.getOAURL())) { - - if(!AuthenticationSessionStoreage.deleteSessionWithPendingRequestID(el)) { - Logger.warn(DispatcherServlet.class.getName()+": NO MOASession with PendingRequestID " + el + " found. Delete all user sessions!"); - RequestStorage.removeAllPendingRequests(req.getSession()); - - } else { - RequestStorage.removePendingRequest(protocolRequests, el); - } - } + if(!AuthenticationSessionStoreage.deleteSessionWithPendingRequestID(el)) { + Logger.warn(DispatcherServlet.class.getName()+": NO MOASession with PendingRequestID " + el + " found. Delete all user sessions!"); + RequestStorage.removeAllPendingRequests(req.getSession()); + + } else { + RequestStorage.removePendingRequest(protocolRequests, el); } -// } -// } - + } + } + } else { protocolRequests = new ConcurrentHashMap<String, IRequest>(); } @@ -303,25 +318,29 @@ public class DispatcherServlet extends AuthServlet{ } } } catch (MOAIDException e) { - resp.sendError(HttpServletResponse.SC_BAD_REQUEST); Logger.error("Failed to generate a valid protocol request!"); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST); + resp.setContentType("text/html;charset=UTF-8"); + resp.getWriter().write("NO valid protocol request received!"); return; } if (protocolRequest == null) { - resp.sendError(HttpServletResponse.SC_BAD_REQUEST); Logger.error("Failed to generate a valid protocol request!"); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST); + resp.setContentType("text/html;charset=UTF-8"); + resp.getWriter().write("NO valid protocol request received!"); return; } } - RequestStorage.setPendingRequest(httpSession, protocolRequests); AuthenticationManager authmanager = AuthenticationManager.getInstance(); SSOManager ssomanager = SSOManager.getInstance(); String moasessionID = null; + String newSSOSessionId = null; AuthenticationSession moasession = null; //get SSO Cookie for Request @@ -356,6 +375,7 @@ public class DispatcherServlet extends AuthServlet{ isValidSSOSession = ssomanager.isValidSSOSession(ssoId, req); useSSOOA = oaParam.useSSO(); + //if a legacy request is used SSO should not be allowed, actually boolean isUseMandateRequested = LegacyHelper.isUseMandateRequested(req); @@ -391,11 +411,9 @@ public class DispatcherServlet extends AuthServlet{ } } - if ((useSSOOA || isValidSSOSession)) //TODO: SSO with mandates requires an OVS extension { - //TODO SSO Question!!!! if (useSSOOA && isValidSSOSession) { moasessionID = ssomanager.getMOASession(ssoId); @@ -409,17 +427,13 @@ public class DispatcherServlet extends AuthServlet{ } else { - //TODO: maybe transmit moasessionID with http GET to handle more then one PendingRequest! moasessionID = (String) req.getParameter(PARAM_SESSIONID); - -// moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(), -// AuthenticationManager.MOA_SESSION, null); - + moasession = AuthenticationSessionStoreage.getSession(moasessionID); } //save SSO session usage in Database - String newSSOSessionId = ssomanager.storeSSOSessionInformations(moasessionID, protocolRequest.getOAURL()); + newSSOSessionId = ssomanager.createSSOSessionInformations(moasessionID, protocolRequest.getOAURL()); if (newSSOSessionId != null) { ssomanager.setSSOSessionID(req, resp, newSSOSessionId); @@ -429,34 +443,47 @@ public class DispatcherServlet extends AuthServlet{ } } else { -// moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(), -// AuthenticationManager.MOA_SESSION, null); moasessionID = (String) req.getParameter(PARAM_SESSIONID); moasession = AuthenticationSessionStoreage.getSession(moasessionID); + moasessionID = AuthenticationSessionStoreage.changeSessionID(moasession); } } - moduleAction.processRequest(protocolRequest, req, resp, moasession); + String assertionID = moduleAction.processRequest(protocolRequest, req, resp, moasession); RequestStorage.removePendingRequest(protocolRequests, protocolRequestID); if (needAuthentication) { - boolean isSSOSession = AuthenticationSessionStoreage.isSSOSession(moasessionID); - + boolean isSSOSession = MiscUtil.isNotEmpty(newSSOSessionId); + if ((useSSOOA || isSSOSession) //TODO: SSO with mandates requires an OVS extension - && !moasession.getUseMandate()) - { + && !moasession.getUseMandate()) { + + try { + //Store OA specific SSO session information + AuthenticationSessionStoreage.addSSOInformation(moasessionID, + newSSOSessionId, assertionID, protocolRequest.getOAURL()); + + } catch (AuthenticationException e) { + Logger.warn("SSO Session information can not be stored -> SSO is not enabled!"); + + authmanager.logout(req, resp, moasessionID); + isSSOSession = false; + } } else { authmanager.logout(req, resp, moasessionID); } - //authmanager.logout(req, resp); + //Advanced statistic logging + StatisticLogger logger = StatisticLogger.getInstance(); + logger.logSuccessOperation(protocolRequest, moasession, isSSOSession); + } } catch (Throwable e) { @@ -471,7 +498,7 @@ public class DispatcherServlet extends AuthServlet{ } catch (MOAIDException ex) { handleError(null, ex, req, resp, protocolRequestID); } catch (Throwable e) { - handleErrorNoRedirect(e.getMessage(), null, req, + handleErrorNoRedirect(e.getMessage(), e, req, resp); } @@ -480,7 +507,7 @@ public class DispatcherServlet extends AuthServlet{ } } - + @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { |