diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java | 129 |
1 files changed, 96 insertions, 33 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index eeb16fcf9..302031fe3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -8,70 +8,133 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; +import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.entrypoints.AuthDispatcherServlet; import at.gv.egovernment.moa.id.util.HTTPSessionUtils; +import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; public class AuthenticationManager implements MOAIDAuthConstants { - + public static final String MOA_SESSION = "MoaAuthenticationSession"; public static final String MOA_AUTHENTICATED = "MoaAuthenticated"; - - public static AuthenticationSession getAuthenticationSession(HttpSession session) { - String sessionID = HTTPSessionUtils.getHTTPSessionString(session, MOA_SESSION, null); - if(sessionID != null) { + + public static AuthenticationSession getAuthenticationSession( + HttpSession session) { + String sessionID = HTTPSessionUtils.getHTTPSessionString(session, + MOA_SESSION, null); + if (sessionID != null) { return AuthenticationSessionStore.getSession(sessionID); } return null; } - + /** - * Checks if the session is authenticated + * Checks if the session is authenticated + * * @param request * @param response * @return */ - public static boolean isAuthenticated(HttpServletRequest request, HttpServletResponse response) { + public static boolean isAuthenticated(HttpServletRequest request, + HttpServletResponse response) { Logger.info("Checking authentication"); - + HttpSession session = request.getSession(); - - String sessionID = (String)request.getAttribute(PARAM_SESSIONID); - if(sessionID != null) { - AuthenticationSession authSession = AuthenticationSessionStore.getSession(sessionID); - if(authSession != null) { - if(authSession.isAuthenticated() && !authSession.isAuthenticatedUsed()) { + + String sessionID = (String) request.getParameter(PARAM_SESSIONID); + if (sessionID != null) { + Logger.info("got MOASession: " + sessionID); + AuthenticationSession authSession = AuthenticationSessionStore + .getSession(sessionID); + //AuthenticationSessionStore.dumpSessionStore(); + if (authSession != null) { + Logger.info("MOASession found! A: " + + authSession.isAuthenticated() + ", AU " + + authSession.isAuthenticatedUsed()); + if (authSession.isAuthenticated() + && !authSession.isAuthenticatedUsed()) { session.invalidate(); session = request.getSession(); - HTTPSessionUtils.setHTTPSessionBoolean(session, MOA_AUTHENTICATED, true); + // HTTPSessionUtils.setHTTPSessionBoolean(session, + // MOA_AUTHENTICATED, true); authSession.setAuthenticatedUsed(true); - HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, sessionID); + HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, + sessionID); } + return authSession.isAuthenticated(); } } - - return HTTPSessionUtils.getHTTPSessionBoolean(session, MOA_AUTHENTICATED, false); + + return false; } - - public static void doAuthentication(HttpServletRequest request, HttpServletResponse response, - ITargetConfiguration target) - throws ServletException, IOException { + + public static void logout(HttpServletRequest request, + HttpServletResponse response) { + Logger.info("Logout"); + HttpSession session = request.getSession(); - Logger.info("Starting authentication ..."); - String modul = (String)session.getAttribute(AuthDispatcherServlet.PARAM_TARGET_PATH); - String protocol = (String)session.getAttribute(AuthDispatcherServlet.PARAM_TARGET_PROTOCOL); - String loginForm = LoginFormBuilder.buildLoginForm(target.getOAURL(), modul, protocol); + String moaSessionID = HTTPSessionUtils.getHTTPSessionString(session, MOA_SESSION, null); - response.setContentType("text/html;charset=UTF-8"); - PrintWriter out = new PrintWriter(response.getOutputStream()); - out.print(loginForm); - out.flush(); - return; + if(moaSessionID == null) { + moaSessionID = (String) request.getParameter(PARAM_SESSIONID); + } + + if(moaSessionID == null) { + Logger.info("NO MOA Session to logout"); + return; + } + + AuthenticationSession authSession = AuthenticationSessionStore + .getSession(moaSessionID); + + if(authSession == null) { + Logger.info("NO MOA Authentication data for ID " + moaSessionID); + return; + } + + authSession.setAuthenticated(false); + HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session + AuthenticationSessionStore.destroySession(moaSessionID); + session.invalidate(); + } + + public static void doAuthentication(HttpServletRequest request, + HttpServletResponse response, ITargetConfiguration target) + throws ServletException, IOException, MOAIDException { + HttpSession session = request.getSession(); + Logger.info("Starting authentication ..."); + String modul = (String) session + .getAttribute(AuthDispatcherServlet.PARAM_TARGET_PATH); + String protocol = (String) session + .getAttribute(AuthDispatcherServlet.PARAM_TARGET_PROTOCOL); + + if (!ParamValidatorUtils.isValidOA(target.getOAURL())) + throw new WrongParametersException("StartAuthentication", PARAM_OA, + "auth.12"); + + if (target.getOAURL() == null) { + throw new WrongParametersException("StartAuthentication", PARAM_OA, + "auth.12"); + } + // TODO: Build authentication form - //session.getServletContext().getNamedDispatcher("StartAuthenticationServlet").forward(request, response); + + /* + * String loginForm = LoginFormBuilder.buildLoginForm(target.getOAURL(), + * modul, protocol); + * + * response.setContentType("text/html;charset=UTF-8"); PrintWriter out = + * new PrintWriter(response.getOutputStream()); out.print(loginForm); + * out.flush(); return; + */ + + session.getServletContext().getNamedDispatcher("StartAuthentication") + .forward(request, response); } } |