diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java | 132 |
1 files changed, 41 insertions, 91 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index 647c8bb39..480deb867 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -54,6 +54,7 @@ import at.gv.egovernment.moa.id.moduls.ModulStorage; import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException; import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.moduls.SSOManager; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestValidatorException; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; @@ -108,41 +109,24 @@ public class DispatcherServlet extends AuthServlet{ Object idObject = req.getParameter(PARAM_TARGET_PENDINGREQUESTID); - Map<String, IRequest> errorRequests = RequestStorage.getPendingRequest(req.getSession()); + //Map<String, IRequest> errorRequests = RequestStorage.getPendingRequest(req.getSession()); String pendingRequestID = null; if (idObject != null && (idObject instanceof String)) { - if (errorRequests.containsKey((String)idObject)) - pendingRequestID = (String) idObject; + pendingRequestID = (String) idObject; } if (throwable != null) { - if (errorRequests != null) { - - synchronized (errorRequests) { IRequest errorRequest = null; if (pendingRequestID != null) { - errorRequest = errorRequests.get(pendingRequestID); + errorRequest = RequestStorage.getPendingRequest(pendingRequestID); - //remove the - RequestStorage.removePendingRequest(errorRequests, pendingRequestID); - } - else { - if (errorRequests.size() > 1) { - handleErrorNoRedirect(throwable.getMessage(), throwable, - req, resp); - - } else { - Set<String> keys = errorRequests.keySet(); - errorRequest = errorRequests.get(keys.toArray()[0]); - RequestStorage.removeAllPendingRequests(req.getSession()); - } - } if (errorRequest != null) { - + RequestStorage.removePendingRequest(pendingRequestID); + try { IModulInfo handlingModule = ModulStorage .getModuleByPath(errorRequest @@ -156,6 +140,10 @@ public class DispatcherServlet extends AuthServlet{ StatisticLogger logger = StatisticLogger.getInstance(); logger.logErrorOperation(throwable, errorRequest); + //remove MOASession + AuthenticationSession moaSession = AuthenticationSessionStoreage.getSessionWithPendingRequestID(pendingRequestID); + AuthenticationManager.getInstance().logout(req, resp, moaSession.getSessionID()); + return; } } @@ -172,16 +160,9 @@ public class DispatcherServlet extends AuthServlet{ } handleErrorNoRedirect(throwable.getMessage(), throwable, req, resp); - - } else { - // TODO: use better string - handleErrorNoRedirect("UNKOWN ERROR DETECTED!", null, req, - resp); - } return; } - } Object moduleObject = req.getParameter(PARAM_TARGET_MODULE); String module = null; @@ -242,32 +223,24 @@ public class DispatcherServlet extends AuthServlet{ } } - HttpSession httpSession = req.getSession(); - Map<String, IRequest> protocolRequests = null; + //HttpSession httpSession = req.getSession(); + //Map<String, IRequest> protocolRequests = null; IRequest protocolRequest = null; try { - protocolRequests = RequestStorage.getPendingRequest(httpSession); - Object idObject = req.getParameter(PARAM_TARGET_PENDINGREQUESTID); - if (protocolRequests != null && - idObject != null && (idObject instanceof String)) { + if (idObject != null && (idObject instanceof String)) { protocolRequestID = (String) idObject; - + protocolRequest = RequestStorage.getPendingRequest(protocolRequestID); + //get IRequest if it exits - if (protocolRequests.containsKey(protocolRequestID)) { - protocolRequest = protocolRequests.get(protocolRequestID); + if (protocolRequest != null) { Logger.debug(DispatcherServlet.class.getName()+": Found PendingRequest with ID " + protocolRequestID); } else { - Logger.error("No PendingRequest with ID " + protocolRequestID + " found.!"); - - Set<String> mapkeys = protocolRequests.keySet(); - for (String el : mapkeys) - Logger.debug("PendingRequest| ID=" + el + " OAIdentifier=" + protocolRequests.get(el)); - + Logger.error("No PendingRequest with ID " + protocolRequestID + " found.!"); handleErrorNoRedirect("Während des Anmeldevorgangs ist ein Fehler aufgetreten. Bitte versuchen Sie es noch einmal.", null, req, resp); return; @@ -277,59 +250,38 @@ public class DispatcherServlet extends AuthServlet{ protocolRequest = info.preProcess(req, resp, action); if (protocolRequest != null) { + + //Start new Authentication + protocolRequest.setAction(action); + protocolRequest.setModule(module); + protocolRequestID = Random.nextRandom(); + protocolRequest.setRequestID(protocolRequestID); - if(protocolRequests != null) { + RequestStorage.setPendingRequest(protocolRequest); - Set<String> mapkeys = protocolRequests.keySet(); - for (String el : mapkeys) { - IRequest value = protocolRequests.get(el); - - if (value.getOAURL().equals(protocolRequest.getOAURL())) { - - if(!AuthenticationSessionStoreage.deleteSessionWithPendingRequestID(el)) { - Logger.warn(DispatcherServlet.class.getName()+": NO MOASession with PendingRequestID " + el + " found. Delete all user sessions!"); - RequestStorage.removeAllPendingRequests(req.getSession()); - - } else { - RequestStorage.removePendingRequest(protocolRequests, el); - } - } - } - - } else { - protocolRequests = new ConcurrentHashMap<String, IRequest>(); - } + Logger.debug(DispatcherServlet.class.getName()+": Create PendingRequest with ID " + protocolRequestID + "."); + + } else { + Logger.error("Failed to generate a valid protocol request!"); + resp.setContentType("text/html;charset=UTF-8"); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "NO valid protocol request received!"); + return; - synchronized (protocolRequest) { - synchronized (protocolRequests) { - - //Start new Authentication - protocolRequest.setAction(action); - protocolRequest.setModule(module); - protocolRequestID = Random.nextRandom(); - protocolRequest.setRequestID(protocolRequestID); - protocolRequests.put(protocolRequestID, protocolRequest); - Logger.debug(DispatcherServlet.class.getName()+": Create PendingRequest with ID " + protocolRequestID + "."); - } - } } - + } catch (ProtocolNotActiveException e) { resp.getWriter().write(e.getMessage()); resp.setContentType("text/html;charset=UTF-8"); resp.sendError(HttpServletResponse.SC_FORBIDDEN, e.getMessage()); return; - - } catch (MOAIDException e) { - Logger.error("Failed to generate a valid protocol request!"); - resp.setContentType("text/html;charset=UTF-8"); - resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "NO valid protocol request received!"); + } catch (AuthnRequestValidatorException e) { + //log Error Message + StatisticLogger logger = StatisticLogger.getInstance(); + logger.logErrorOperation(e, e.getErrorRequest()); return; - - } - - if (protocolRequest == null) { + + } catch (MOAIDException e) { Logger.error("Failed to generate a valid protocol request!"); resp.setContentType("text/html;charset=UTF-8"); resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "NO valid protocol request received!"); @@ -337,9 +289,7 @@ public class DispatcherServlet extends AuthServlet{ } } - - RequestStorage.setPendingRequest(httpSession, protocolRequests); - + AuthenticationManager authmanager = AuthenticationManager.getInstance(); SSOManager ssomanager = SSOManager.getInstance(); @@ -460,7 +410,7 @@ public class DispatcherServlet extends AuthServlet{ String assertionID = moduleAction.processRequest(protocolRequest, req, resp, moasession); - RequestStorage.removePendingRequest(protocolRequests, protocolRequestID); + RequestStorage.removePendingRequest(protocolRequestID); if (needAuthentication) { boolean isSSOSession = MiscUtil.isNotEmpty(newSSOSessionId); @@ -491,7 +441,7 @@ public class DispatcherServlet extends AuthServlet{ } } catch (Throwable e) { - Logger.info("An authentication error occured: " + e.getMessage());; + Logger.warn("An authentication error occured: ", e);; // Try handle module specific, if not possible rethrow if (!info.generateErrorMessage(e, req, resp, protocolRequest)) { throw e; |