diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java | 33 |
1 files changed, 21 insertions, 12 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index 75695d2db..f39fde6be 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -43,6 +43,7 @@ import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.id.util.legacy.LegacyHelper; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; public class DispatcherServlet extends AuthServlet{ @@ -329,6 +330,7 @@ public class DispatcherServlet extends AuthServlet{ SSOManager ssomanager = SSOManager.getInstance(); String moasessionID = null; + String newSSOSessionId = null; AuthenticationSession moasession = null; //get SSO Cookie for Request @@ -398,7 +400,6 @@ public class DispatcherServlet extends AuthServlet{ } } - if ((useSSOOA || isValidSSOSession)) //TODO: SSO with mandates requires an OVS extension { @@ -416,17 +417,13 @@ public class DispatcherServlet extends AuthServlet{ } else { - //TODO: maybe transmit moasessionID with http GET to handle more then one PendingRequest! moasessionID = (String) req.getParameter(PARAM_SESSIONID); - -// moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(), -// AuthenticationManager.MOA_SESSION, null); - + moasession = AuthenticationSessionStoreage.getSession(moasessionID); } //save SSO session usage in Database - String newSSOSessionId = ssomanager.storeSSOSessionInformations(moasessionID, protocolRequest.getOAURL()); + newSSOSessionId = ssomanager.createSSOSessionInformations(moasessionID, protocolRequest.getOAURL()); if (newSSOSessionId != null) { ssomanager.setSSOSessionID(req, resp, newSSOSessionId); @@ -449,16 +446,28 @@ public class DispatcherServlet extends AuthServlet{ } - moduleAction.processRequest(protocolRequest, req, resp, moasession); + String assertionID = moduleAction.processRequest(protocolRequest, req, resp, moasession); RequestStorage.removePendingRequest(protocolRequests, protocolRequestID); if (needAuthentication) { - boolean isSSOSession = AuthenticationSessionStoreage.isSSOSession(moasessionID); - + //boolean isSSOSession = AuthenticationSessionStoreage.isSSOSession(moasessionID); + boolean isSSOSession = MiscUtil.isNotEmpty(newSSOSessionId); + if ((useSSOOA || isSSOSession) //TODO: SSO with mandates requires an OVS extension - && !moasession.getUseMandate()) - { + && !moasession.getUseMandate()) { + + try { + //Store OA specific SSO session information + AuthenticationSessionStoreage.addSSOInformation(moasessionID, + newSSOSessionId, assertionID, protocolRequest.getOAURL()); + + } catch (AuthenticationException e) { + Logger.warn("SSO Session information can not be stored -> SSO is not enabled!"); + + authmanager.logout(req, resp, moasessionID); + isSSOSession = false; + } } else { authmanager.logout(req, resp, moasessionID); |