aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java46
1 files changed, 32 insertions, 14 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 49f3df25c..06b55fb66 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -61,10 +61,13 @@ import org.opensaml.xml.XMLObject;
import org.opensaml.xml.security.SecurityException;
import org.springframework.beans.factory.annotation.Autowired;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder;
import at.gv.egovernment.moa.id.auth.builder.SendAssertionFormBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
@@ -73,7 +76,7 @@ import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser
import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.SLOInformationContainer;
import at.gv.egovernment.moa.id.data.SLOInformationImpl;
@@ -103,7 +106,7 @@ import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
-public class AuthenticationManager implements MOAIDAuthConstants {
+public class AuthenticationManager extends MOAIDAuthConstants {
private static final AuthenticationManager INSTANCE = new AuthenticationManager();
@@ -148,7 +151,7 @@ public class AuthenticationManager implements MOAIDAuthConstants {
authSession.setAuthenticatedUsed(true);
AuthenticationSessionStoreage.storeSession(authSession);
-
+
return true; // got authenticated
}
}
@@ -191,7 +194,7 @@ public class AuthenticationManager implements MOAIDAuthConstants {
} catch (MOADatabaseException e) {
Logger.warn("Delete MOASession FAILED.");
- sloContainer.putFailedOA(AuthConfigurationProvider.getInstance().getPublicURLPrefix());
+ sloContainer.putFailedOA(AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix());
}
@@ -254,7 +257,7 @@ public class AuthenticationManager implements MOAIDAuthConstants {
AssertionStorage.getInstance().put(relayState, sloContainer);
- String timeOutURL = AuthConfigurationProvider.getInstance().getPublicURLPrefix()
+ String timeOutURL = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix()
+ "/idpSingleLogout"
+ "?restart=" + relayState;
@@ -335,6 +338,10 @@ public class AuthenticationManager implements MOAIDAuthConstants {
authSession.setAuthenticated(false);
//HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session
+
+ //log Session_Destroy to reversionslog
+ AuthenticationSessionExtensions sessionExtensions = AuthenticationSessionStoreage.getAuthenticationSessionExtensions(moaSessionID);
+ MOAReversionLogger.getInstance().logEvent(MOAIDEventConstants.SESSION_DESTROYED, sessionExtensions.getUniqueSessionId());
AuthenticationSessionStoreage.destroySession(moaSessionID);
@@ -351,13 +358,17 @@ public class AuthenticationManager implements MOAIDAuthConstants {
HttpServletResponse response, IRequest target)
throws ServletException, IOException, MOAIDException {
- Logger.info("Starting authentication ...");
+ Logger.info("Starting authentication ...");
+ MOAReversionLogger.getInstance().logEvent(target.getOnlineApplicationConfiguration(),
+ target, MOAIDEventConstants.AUTHPROCESS_START);
if (MiscUtil.isEmpty(target.getRequestedIDP())) {
perfomLocalAuthentication(request, response, target);
} else {
Logger.info("Use IDP " + target.getRequestedIDP() + " for authentication ...");
+ MOAReversionLogger.getInstance().logEvent(target.getOnlineApplicationConfiguration(),
+ target, MOAIDEventConstants.AUTHPROCESS_INTERFEDERATION);
buildPVP21AuthenticationRequest(request, response, target);
}
@@ -369,8 +380,11 @@ public class AuthenticationManager implements MOAIDAuthConstants {
String form = SendAssertionFormBuilder.buildForm(target.requestedModule(),
target.requestedAction(), target.getRequestID(), oaParam,
- AuthConfigurationProvider.getInstance().getPublicURLPrefix());
-
+ AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix());
+
+ MOAReversionLogger.getInstance().logEvent(target.getOnlineApplicationConfiguration(),
+ target, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_START);
+
response.setContentType("text/html;charset=UTF-8");
PrintWriter out = new PrintWriter(response.getOutputStream());
out.print(form);
@@ -387,8 +401,8 @@ public class AuthenticationManager implements MOAIDAuthConstants {
//get IDP metadata
try {
- OAAuthParameter idp = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(target.getRequestedIDP());
- OAAuthParameter sp = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(target.getOAURL());
+ OAAuthParameter idp = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(target.getRequestedIDP());
+ OAAuthParameter sp = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(target.getOAURL());
if (!idp.isInderfederationIDP() || !idp.isInboundSSOInterfederationAllowed()) {
Logger.info("Requested interfederation IDP " + target.getRequestedIDP() + " is not valid for interfederation.");
@@ -557,7 +571,7 @@ public class AuthenticationManager implements MOAIDAuthConstants {
response.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
response.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
- List<String> legacyallowed_prot = AuthConfigurationProvider.getInstance().getLegacyAllowedProtocols();
+ List<String> legacyallowed_prot = AuthConfigurationProviderFactory.getInstance().getLegacyAllowedProtocols();
//is legacy allowed
boolean legacyallowed = legacyallowed_prot.contains(target.requestedModule());
@@ -569,7 +583,7 @@ public class AuthenticationManager implements MOAIDAuthConstants {
try {
//check if an MOASession exists and if not create an new MOASession
//moasession = getORCreateMOASession(request);
- moasession = AuthenticationSessionStoreage.createSession(target.getRequestID());
+ moasession = AuthenticationSessionStoreage.createSession(target);
} catch (MOADatabaseException e1) {
Logger.error("Database Error! MOASession can not be created!");
@@ -592,6 +606,7 @@ public class AuthenticationManager implements MOAIDAuthConstants {
executionContext.put("useMandate", moasession.getUseMandate());
executionContext.put("bkuURL", moasession.getBkuURL());
executionContext.put(PARAM_SESSIONID, moasession.getSessionID());
+ executionContext.put("pendingRequestID", target.getRequestID());
// create process instance
String processDefinitionId = ModuleRegistration.getInstance().selectProcess(executionContext);
@@ -620,8 +635,11 @@ public class AuthenticationManager implements MOAIDAuthConstants {
processEngine.start(processInstanceId);
} else {
+ MOAReversionLogger.getInstance().logEvent(target.getOnlineApplicationConfiguration(),
+ target, MOAIDEventConstants.AUTHPROCESS_BKUSELECTION_INIT);
+
//load Parameters from OnlineApplicationConfiguration
- OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
+ OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance()
.getOnlineApplicationParameter(target.getOAURL());
if (oaParam == null) {
@@ -642,7 +660,7 @@ public class AuthenticationManager implements MOAIDAuthConstants {
//Build authentication form
- String publicURLPreFix = AuthConfigurationProvider.getInstance().getPublicURLPrefix();
+ String publicURLPreFix = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix();
String loginForm = LoginFormBuilder.buildLoginForm(target.requestedModule(),
target.requestedAction(), oaParam, publicURLPreFix, moasession.getSessionID());
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-10 07:27:28 +0000