diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java | 127 |
1 files changed, 66 insertions, 61 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index 2a28bcd15..604077844 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -315,27 +315,21 @@ public class DispatcherServlet extends AuthServlet{ } } - - - - //load Parameters from OnlineApplicationConfiguration - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter(protocolRequest.getOAURL()); - - if (oaParam == null) { - throw new AuthenticationException("auth.00", new Object[] { protocolRequest.getOAURL() }); - } RequestStorage.setPendingRequest(httpSession, protocolRequests); - AuthenticationManager authmanager = AuthenticationManager.getInstance(); - + AuthenticationManager authmanager = AuthenticationManager.getInstance(); SSOManager ssomanager = SSOManager.getInstance(); + String moasessionID = null; + AuthenticationSession moasession = null; + //get SSO Cookie for Request String ssoId = ssomanager.getSSOSessionID(req); - - if (moduleAction.needAuthentication(protocolRequest, req, resp)) { + + boolean needAuthentication = moduleAction.needAuthentication(protocolRequest, req, resp); + + if (needAuthentication) { //check SSO session if (ssoId != null) { @@ -349,6 +343,15 @@ public class DispatcherServlet extends AuthServlet{ ssomanager.deleteSSOSessionID(req, resp); } } + + //load Parameters from OnlineApplicationConfiguration + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(protocolRequest.getOAURL()); + + if (oaParam == null) { + throw new AuthenticationException("auth.00", new Object[] { protocolRequest.getOAURL() }); + } + isValidSSOSession = ssomanager.isValidSSOSession(ssoId, req); useSSOOA = oaParam.useSSO(); @@ -387,72 +390,74 @@ public class DispatcherServlet extends AuthServlet{ return; } } - - } - - String moasessionID = null; - AuthenticationSession moasession = null; - - if ((useSSOOA || isValidSSOSession)) //TODO: SSO with mandates requires an OVS extension - { - - //TODO SSO Question!!!! - if (useSSOOA && isValidSSOSession) { - moasessionID = ssomanager.getMOASession(ssoId); - moasession = AuthenticationSessionStoreage.getSession(moasessionID); + + if ((useSSOOA || isValidSSOSession)) //TODO: SSO with mandates requires an OVS extension + { + + //TODO SSO Question!!!! + if (useSSOOA && isValidSSOSession) { - //use new OAParameter - if (oaParam.useSSOQuestion() && !AuthenticationSessionStoreage.isAuthenticated(moasessionID)) { - authmanager.sendTransmitAssertionQuestion(req, resp, protocolRequest, oaParam); - return; - } - } - else { + moasessionID = ssomanager.getMOASession(ssoId); + moasession = AuthenticationSessionStoreage.getSession(moasessionID); + + //use new OAParameter + if (oaParam.useSSOQuestion() && !AuthenticationSessionStoreage.isAuthenticated(moasessionID)) { + authmanager.sendTransmitAssertionQuestion(req, resp, protocolRequest, oaParam); + return; + } + } + else { + + //TODO: maybe transmit moasessionID with http GET to handle more then one PendingRequest! + moasessionID = (String) req.getParameter(PARAM_SESSIONID); + +// moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(), +// AuthenticationManager.MOA_SESSION, null); + + moasession = AuthenticationSessionStoreage.getSession(moasessionID); + } - //TODO: maybe transmit moasessionID with http GET to handle more then one PendingRequest! - moasessionID = (String) req.getParameter(PARAM_SESSIONID); + //save SSO session usage in Database + String newSSOSessionId = ssomanager.storeSSOSessionInformations(moasessionID, protocolRequest.getOAURL()); + + if (newSSOSessionId != null) { + ssomanager.setSSOSessionID(req, resp, newSSOSessionId); + } else { + ssomanager.deleteSSOSessionID(req, resp); + } + + } else { // moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(), -// AuthenticationManager.MOA_SESSION, null); +// AuthenticationManager.MOA_SESSION, null); + + moasessionID = (String) req.getParameter(PARAM_SESSIONID); moasession = AuthenticationSessionStoreage.getSession(moasessionID); } + - //save SSO session usage in Database - String newSSOSessionId = ssomanager.storeSSOSessionInformations(moasessionID, protocolRequest.getOAURL()); - - if (newSSOSessionId != null) { - ssomanager.setSSOSessionID(req, resp, newSSOSessionId); - - } else { - ssomanager.deleteSSOSessionID(req, resp); - } - - } else { -// moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(), -// AuthenticationManager.MOA_SESSION, null); - - moasessionID = (String) req.getParameter(PARAM_SESSIONID); - - moasession = AuthenticationSessionStoreage.getSession(moasessionID); + } - + moduleAction.processRequest(protocolRequest, req, resp, moasession); RequestStorage.removePendingRequest(protocolRequests, protocolRequestID); - boolean isSSOSession = AuthenticationSessionStoreage.isSSOSession(moasessionID); + if (needAuthentication) { + boolean isSSOSession = AuthenticationSessionStoreage.isSSOSession(moasessionID); - if ((useSSOOA || isSSOSession) //TODO: SSO with mandates requires an OVS extension + if ((useSSOOA || isSSOSession) //TODO: SSO with mandates requires an OVS extension && !moasession.getUseMandate()) - { + { - } else { - authmanager.logout(req, resp, moasessionID); - } + } else { + authmanager.logout(req, resp, moasessionID); + } //authmanager.logout(req, resp); + } } catch (Throwable e) { e.printStackTrace(); |