diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index a453010da..22f4a00ad 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -17,6 +17,7 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.AuthenticationManager; @@ -273,11 +274,17 @@ public class DispatcherServlet extends AuthServlet{ RequestStorage.removePendingRequest(httpSession); - if (useSSOOA || isValidSSOSession) { + String moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(), + AuthenticationManager.MOA_SESSION, null); + + AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moasessionID); + + if ((useSSOOA || isValidSSOSession) + && moasession.isSsoRequested() + && !moasession.getUseMandate()) //TODO: SSO with mandates requires an OVS extension + { + //save SSO session usage in Database - String moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(), - AuthenticationManager.MOA_SESSION, null); - String newSSOSessionId = ssomanager.storeSSOSessionInformations(moasessionID, protocolRequest.getOAURL()); if (newSSOSessionId != null) { @@ -290,7 +297,9 @@ public class DispatcherServlet extends AuthServlet{ } else { authmanager.logout(req, resp); } - + + ConfigurationDBUtils.closeSession(); + //authmanager.logout(req, resp); } catch (Throwable e) { |