diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java | 250 |
1 files changed, 213 insertions, 37 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index 3254927ed..5e792ab78 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -1,31 +1,67 @@ package at.gv.egovernment.moa.id.moduls; import java.io.IOException; +import java.io.PrintWriter; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; +import javax.servlet.RequestDispatcher; +import javax.servlet.ServletContext; import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; +import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder; +import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser; +import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.HTTPSessionUtils; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.StringUtils; -public class AuthenticationManager implements MOAIDAuthConstants { +public class AuthenticationManager extends AuthServlet { + private static AuthenticationManager instance = null; + + private static final long serialVersionUID = 1L; + public static final String MOA_SESSION = "MoaAuthenticationSession"; public static final String MOA_AUTHENTICATED = "MoaAuthenticated"; - public static AuthenticationSession getAuthenticationSession( + + public static AuthenticationManager getInstance() { + if (instance == null) { + instance = new AuthenticationManager(); + } + + return instance; + } + + + public AuthenticationSession getAuthenticationSession( HttpSession session) { String sessionID = HTTPSessionUtils.getHTTPSessionString(session, MOA_SESSION, null); if (sessionID != null) { - return AuthenticationSessionStore.getSession(sessionID); + try { + return AuthenticationSessionStoreage.getSession(sessionID); + + } catch (MOADatabaseException e) { + return null; + } } return null; } @@ -37,7 +73,7 @@ public class AuthenticationManager implements MOAIDAuthConstants { * @param response * @return */ - public static boolean isAuthenticated(HttpServletRequest request, + public boolean isAuthenticated(HttpServletRequest request, HttpServletResponse response) { Logger.info("Checking authentication"); @@ -50,15 +86,24 @@ public class AuthenticationManager implements MOAIDAuthConstants { return false; } - AuthenticationSession authSession = AuthenticationSessionStore - .getSession(moaSessionID); +// AuthenticationSession authSession; +// try { +// authSession = AuthenticationSessionStoreage +// .getSession(moaSessionID); +// +// } catch (MOADatabaseException e) { +// Logger.info("NO MOA Authentication data for ID " + moaSessionID); +// return false; +// } +// +// if(authSession == null) { +// Logger.info("NO MOA Authentication data for ID " + moaSessionID); +// return false; +// } +// +// return authSession.isAuthenticated(); - if(authSession == null) { - Logger.info("NO MOA Authentication data for ID " + moaSessionID); - return false; - } - - return authSession.isAuthenticated(); + return AuthenticationSessionStoreage.isAuthenticated(moaSessionID); } /** @@ -68,7 +113,7 @@ public class AuthenticationManager implements MOAIDAuthConstants { * @param response * @return */ - public static boolean tryPerformAuthentication(HttpServletRequest request, + public boolean tryPerformAuthentication(HttpServletRequest request, HttpServletResponse response) { HttpSession session = request.getSession(); @@ -76,8 +121,14 @@ public class AuthenticationManager implements MOAIDAuthConstants { String sessionID = (String) request.getParameter(PARAM_SESSIONID); if (sessionID != null) { Logger.info("got MOASession: " + sessionID); - AuthenticationSession authSession = AuthenticationSessionStore - .getSession(sessionID); + AuthenticationSession authSession; + try { + authSession = AuthenticationSessionStoreage.getSession(sessionID); + + } catch (MOADatabaseException e) { + return false; + } + if (authSession != null) { Logger.info("MOASession found! A: " + authSession.isAuthenticated() + ", AU " @@ -94,7 +145,7 @@ public class AuthenticationManager implements MOAIDAuthConstants { return false; } - public static void logout(HttpServletRequest request, + public void logout(HttpServletRequest request, HttpServletResponse response) { Logger.info("Logout"); @@ -111,24 +162,33 @@ public class AuthenticationManager implements MOAIDAuthConstants { return; } - AuthenticationSession authSession = AuthenticationSessionStore - .getSession(moaSessionID); + AuthenticationSession authSession; + try { + authSession = AuthenticationSessionStoreage + .getSession(moaSessionID); - if(authSession == null) { + if(authSession == null) { + Logger.info("NO MOA Authentication data for ID " + moaSessionID); + return; + } + + authSession.setAuthenticated(false); + HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session + + AuthenticationSessionStoreage.destroySession(moaSessionID); + + session.invalidate(); + + } catch (MOADatabaseException e) { Logger.info("NO MOA Authentication data for ID " + moaSessionID); return; } - - authSession.setAuthenticated(false); - HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session - AuthenticationSessionStore.destroySession(moaSessionID); - session.invalidate(); + } - public static void doAuthentication(HttpServletRequest request, + public void doAuthentication(HttpServletRequest request, HttpServletResponse response, IRequest target) throws ServletException, IOException, MOAIDException { - HttpSession session = request.getSession(); Logger.info("Starting authentication ..."); if (!ParamValidatorUtils.isValidOA(target.getOAURL())) @@ -140,18 +200,134 @@ public class AuthenticationManager implements MOAIDAuthConstants { "auth.12"); } - // TODO: Build authentication form + setNoCachingHeadersInHttpRespone(request, response); + + //TODO:move this to config!!! + final List<String> PROTOCOLS_LEGACY_ALLOWED = Arrays.asList("id_saml1","id_pvp2x"); - /* - * String loginForm = LoginFormBuilder.buildLoginForm(target.getOAURL(), - * modul, protocol); - * - * response.setContentType("text/html;charset=UTF-8"); PrintWriter out = - * new PrintWriter(response.getOutputStream()); out.print(loginForm); - * out.flush(); return; - */ + //is legacy allowed + boolean legacyallowed = PROTOCOLS_LEGACY_ALLOWED.contains(target.requestedModule()); - session.getServletContext().getNamedDispatcher("StartAuthentication") - .forward(request, response); + //check legacy request parameter + boolean legacyparamavail = ParamValidatorUtils.areAllLegacyParametersAvailable(request); + + AuthenticationSession moasession; + + if (legacyallowed && legacyparamavail) { + + //check if an MOASession exists and if not create an new MOASession + moasession = getORCreateMOASession(request); + + //parse request parameter into MOASession + try{ + StartAuthentificationParameterParser.parse(request, response, moasession); + + } + catch (WrongParametersException ex) { + handleWrongParameters(ex, request, response); + } + + catch (MOAIDException ex) { + handleError(null, ex, request, response); + } + + Logger.info("Start Authentication Module: " + moasession.getModul() + + " Action: " + moasession.getAction()); + + //start authentication process +// session.getServletContext().getNamedDispatcher("StartAuthentication") +// .forward(request, response); + + StartAuthenticationBuilder startauth = StartAuthenticationBuilder.getInstance(); + + String getIdentityLinkForm = startauth.build(moasession, request, response); + + //store MOASession + try { + AuthenticationSessionStoreage.storeSession(moasession); + } catch (MOADatabaseException e) { + Logger.error("Database Error! MOASession is not stored!"); + throw new MOAIDException("init.04", new Object[] { + moasession.getSessionID()}); + } + + if (!StringUtils.isEmpty(getIdentityLinkForm)) { + response.setContentType("text/html;charset=UTF-8"); + PrintWriter out = new PrintWriter(response.getOutputStream()); + out.print(getIdentityLinkForm); + out.flush(); + Logger.debug("Finished GET StartAuthentication"); + } + + } else { + //load Parameters from OnlineApplicationConfiguration + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(target.getOAURL()); + + if (oaParam == null) { + //TODO: Find a better place for this!! + request.getSession().invalidate(); + throw new AuthenticationException("auth.00", new Object[] { target.getOAURL() }); + } + + + else { + + //check if an MOASession exists and if not create an new MOASession + moasession = getORCreateMOASession(request); + + //set OnlineApplication configuration in Session + moasession.setOAURLRequested(target.getOAURL()); + moasession.setAction(target.requestedAction()); + moasession.setModul(target.requestedModule()); + } + + //Build authentication form + String loginForm = LoginFormBuilder.buildLoginForm(target.requestedModule(), + target.requestedAction(), oaParam.getFriendlyName()); + + //store MOASession + try { + AuthenticationSessionStoreage.storeSession(moasession); + } catch (MOADatabaseException e) { + Logger.error("Database Error! MOASession is not stored!"); + throw new MOAIDException("init.04", new Object[] { + moasession.getSessionID()}); + } + + //set MOAIDSession + request.getSession().setAttribute(MOA_SESSION, moasession.getSessionID()); + + response.setContentType("text/html;charset=UTF-8"); + PrintWriter out = new PrintWriter(response.getOutputStream()); + out.print(loginForm); + out.flush(); + } } + + private AuthenticationSession getORCreateMOASession(HttpServletRequest request) throws MOAIDException { + + //String sessionID = request.getParameter(PARAM_SESSIONID); + String sessionID = (String) request.getSession().getAttribute(MOA_SESSION); + AuthenticationSession moasession; + + try { + moasession = AuthenticationSessionStoreage.getSession(sessionID); + Logger.info("Found existing MOASession with sessionID=" + sessionID + + ". This session is used for reauthentification."); + + } catch (MOADatabaseException e) { + try { + moasession = AuthenticationSessionStoreage.createSession(); + Logger.info("Create a new MOASession with sessionID=" + sessionID + "."); + + } catch (MOADatabaseException e1) { + Logger.error("Database Error! MOASession are not created."); + throw new MOAIDException("init.04", new Object[] { + "0"}); + } + } + + return moasession; + } } |