diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java | 79 |
1 files changed, 56 insertions, 23 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index 22f4a00ad..e995a1c2e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -32,6 +32,7 @@ import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.storage.ExceptionStoreImpl; import at.gv.egovernment.moa.id.util.HTTPSessionUtils; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.id.util.legacy.LegacyHelper; import at.gv.egovernment.moa.logging.Logger; public class DispatcherServlet extends AuthServlet{ @@ -80,6 +81,10 @@ public class DispatcherServlet extends AuthServlet{ IRequest errorRequest = RequestStorage .getPendingRequest(req.getSession()); + + //remove the + RequestStorage.removePendingRequest(req.getSession()); + if (errorRequest != null) { try { IModulInfo handlingModule = ModulStorage @@ -204,7 +209,7 @@ public class DispatcherServlet extends AuthServlet{ .getOnlineApplicationParameter(protocolRequest.getOAURL()); if (oaParam == null) { //TODO: Find a better place for this!! - req.getSession().invalidate(); + //req.getSession().invalidate(); throw new AuthenticationException("auth.00", new Object[] { protocolRequest.getOAURL() }); } @@ -235,31 +240,32 @@ public class DispatcherServlet extends AuthServlet{ isValidSSOSession = ssomanager.isValidSSOSession(ssoId, req); useSSOOA = oaParam.useSSO(); + //if a legacy request is used SSO should not be allowed, actually + boolean isUseMandateRequested = LegacyHelper.isUseMandateRequested(req); + if (protocolRequest.isPassiv() && protocolRequest.forceAuth()) { // conflict! throw new NoPassivAuthenticationException(); } - - if (protocolRequest.forceAuth()) { - if (!authmanager.tryPerformAuthentication( - req, resp)) { + + boolean tryperform = authmanager.tryPerformAuthentication( + req, resp); + + if (protocolRequest.forceAuth()) { + if (!tryperform) { authmanager.doAuthentication(req, resp, protocolRequest); return; } } else if (protocolRequest.isPassiv()) { - if (authmanager.tryPerformAuthentication(req, - resp) - || (isValidSSOSession && useSSOOA) ) { + if (tryperform || (isValidSSOSession && useSSOOA && !isUseMandateRequested) ) { // Passive authentication ok! } else { throw new NoPassivAuthenticationException(); } } else { - if (authmanager.tryPerformAuthentication(req, - resp) - || (isValidSSOSession && useSSOOA) ) { + if (tryperform || (isValidSSOSession && useSSOOA && !isUseMandateRequested) ) { // Is authenticated .. proceed } else { // Start authentication! @@ -268,21 +274,32 @@ public class DispatcherServlet extends AuthServlet{ return; } } + } - - moduleAction.processRequest(protocolRequest, req, resp); - RequestStorage.removePendingRequest(httpSession); + String moasessionID = null; + AuthenticationSession moasession = null; - String moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(), - AuthenticationManager.MOA_SESSION, null); - - AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moasessionID); - - if ((useSSOOA || isValidSSOSession) - && moasession.isSsoRequested() - && !moasession.getUseMandate()) //TODO: SSO with mandates requires an OVS extension + if ((useSSOOA || isValidSSOSession)) //TODO: SSO with mandates requires an OVS extension { + + //TODO SSO Question!!!! + if (useSSOOA && isValidSSOSession) { + + moasessionID = ssomanager.getMOASession(ssoId); + moasession = AuthenticationSessionStoreage.getSession(moasessionID); + + //use new OAParameter + if (!oaParam.useSSOWithoutQuestion() && !AuthenticationSessionStoreage.isAuthenticated(moasessionID)) { + authmanager.sendTransmitAssertionQuestion(req, resp, protocolRequest, oaParam); + return; + } + } + else { + moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(), + AuthenticationManager.MOA_SESSION, null); + moasession = AuthenticationSessionStoreage.getSession(moasessionID); + } //save SSO session usage in Database String newSSOSessionId = ssomanager.storeSSOSessionInformations(moasessionID, protocolRequest.getOAURL()); @@ -295,7 +312,23 @@ public class DispatcherServlet extends AuthServlet{ } } else { - authmanager.logout(req, resp); + moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(), + AuthenticationManager.MOA_SESSION, null); + moasession = AuthenticationSessionStoreage.getSession(moasessionID); + } + + moduleAction.processRequest(protocolRequest, req, resp, moasession); + + RequestStorage.removePendingRequest(httpSession); + + boolean isSSOSession = AuthenticationSessionStoreage.isSSOSession(moasessionID); + + if ((useSSOOA || isSSOSession) //TODO: SSO with mandates requires an OVS extension + && !moasession.getUseMandate()) + { + + } else { + authmanager.logout(req, resp, moasessionID); } ConfigurationDBUtils.closeSession(); |