aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java129
1 files changed, 96 insertions, 33 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index eeb16fcf9..302031fe3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -8,70 +8,133 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
+import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.entrypoints.AuthDispatcherServlet;
import at.gv.egovernment.moa.id.util.HTTPSessionUtils;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
public class AuthenticationManager implements MOAIDAuthConstants {
-
+
public static final String MOA_SESSION = "MoaAuthenticationSession";
public static final String MOA_AUTHENTICATED = "MoaAuthenticated";
-
- public static AuthenticationSession getAuthenticationSession(HttpSession session) {
- String sessionID = HTTPSessionUtils.getHTTPSessionString(session, MOA_SESSION, null);
- if(sessionID != null) {
+
+ public static AuthenticationSession getAuthenticationSession(
+ HttpSession session) {
+ String sessionID = HTTPSessionUtils.getHTTPSessionString(session,
+ MOA_SESSION, null);
+ if (sessionID != null) {
return AuthenticationSessionStore.getSession(sessionID);
}
return null;
}
-
+
/**
- * Checks if the session is authenticated
+ * Checks if the session is authenticated
+ *
* @param request
* @param response
* @return
*/
- public static boolean isAuthenticated(HttpServletRequest request, HttpServletResponse response) {
+ public static boolean isAuthenticated(HttpServletRequest request,
+ HttpServletResponse response) {
Logger.info("Checking authentication");
-
+
HttpSession session = request.getSession();
-
- String sessionID = (String)request.getAttribute(PARAM_SESSIONID);
- if(sessionID != null) {
- AuthenticationSession authSession = AuthenticationSessionStore.getSession(sessionID);
- if(authSession != null) {
- if(authSession.isAuthenticated() && !authSession.isAuthenticatedUsed()) {
+
+ String sessionID = (String) request.getParameter(PARAM_SESSIONID);
+ if (sessionID != null) {
+ Logger.info("got MOASession: " + sessionID);
+ AuthenticationSession authSession = AuthenticationSessionStore
+ .getSession(sessionID);
+ //AuthenticationSessionStore.dumpSessionStore();
+ if (authSession != null) {
+ Logger.info("MOASession found! A: "
+ + authSession.isAuthenticated() + ", AU "
+ + authSession.isAuthenticatedUsed());
+ if (authSession.isAuthenticated()
+ && !authSession.isAuthenticatedUsed()) {
session.invalidate();
session = request.getSession();
- HTTPSessionUtils.setHTTPSessionBoolean(session, MOA_AUTHENTICATED, true);
+ // HTTPSessionUtils.setHTTPSessionBoolean(session,
+ // MOA_AUTHENTICATED, true);
authSession.setAuthenticatedUsed(true);
- HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, sessionID);
+ HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION,
+ sessionID);
}
+ return authSession.isAuthenticated();
}
}
-
- return HTTPSessionUtils.getHTTPSessionBoolean(session, MOA_AUTHENTICATED, false);
+
+ return false;
}
-
- public static void doAuthentication(HttpServletRequest request, HttpServletResponse response,
- ITargetConfiguration target)
- throws ServletException, IOException {
+
+ public static void logout(HttpServletRequest request,
+ HttpServletResponse response) {
+ Logger.info("Logout");
+
HttpSession session = request.getSession();
- Logger.info("Starting authentication ...");
- String modul = (String)session.getAttribute(AuthDispatcherServlet.PARAM_TARGET_PATH);
- String protocol = (String)session.getAttribute(AuthDispatcherServlet.PARAM_TARGET_PROTOCOL);
- String loginForm = LoginFormBuilder.buildLoginForm(target.getOAURL(), modul, protocol);
+ String moaSessionID = HTTPSessionUtils.getHTTPSessionString(session, MOA_SESSION, null);
- response.setContentType("text/html;charset=UTF-8");
- PrintWriter out = new PrintWriter(response.getOutputStream());
- out.print(loginForm);
- out.flush();
- return;
+ if(moaSessionID == null) {
+ moaSessionID = (String) request.getParameter(PARAM_SESSIONID);
+ }
+
+ if(moaSessionID == null) {
+ Logger.info("NO MOA Session to logout");
+ return;
+ }
+
+ AuthenticationSession authSession = AuthenticationSessionStore
+ .getSession(moaSessionID);
+
+ if(authSession == null) {
+ Logger.info("NO MOA Authentication data for ID " + moaSessionID);
+ return;
+ }
+
+ authSession.setAuthenticated(false);
+ HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session
+ AuthenticationSessionStore.destroySession(moaSessionID);
+ session.invalidate();
+ }
+
+ public static void doAuthentication(HttpServletRequest request,
+ HttpServletResponse response, ITargetConfiguration target)
+ throws ServletException, IOException, MOAIDException {
+ HttpSession session = request.getSession();
+ Logger.info("Starting authentication ...");
+ String modul = (String) session
+ .getAttribute(AuthDispatcherServlet.PARAM_TARGET_PATH);
+ String protocol = (String) session
+ .getAttribute(AuthDispatcherServlet.PARAM_TARGET_PROTOCOL);
+
+ if (!ParamValidatorUtils.isValidOA(target.getOAURL()))
+ throw new WrongParametersException("StartAuthentication", PARAM_OA,
+ "auth.12");
+
+ if (target.getOAURL() == null) {
+ throw new WrongParametersException("StartAuthentication", PARAM_OA,
+ "auth.12");
+ }
+
// TODO: Build authentication form
- //session.getServletContext().getNamedDispatcher("StartAuthenticationServlet").forward(request, response);
+
+ /*
+ * String loginForm = LoginFormBuilder.buildLoginForm(target.getOAURL(),
+ * modul, protocol);
+ *
+ * response.setContentType("text/html;charset=UTF-8"); PrintWriter out =
+ * new PrintWriter(response.getOutputStream()); out.print(loginForm);
+ * out.flush(); return;
+ */
+
+ session.getServletContext().getNamedDispatcher("StartAuthentication")
+ .forward(request, response);
}
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-23 20:38:01 +0000