diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java | 120 |
1 files changed, 68 insertions, 52 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index 34b250bf0..f718777b0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -59,6 +59,7 @@ import at.gv.egovernment.moa.id.auth.modules.registration.ModuleRegistration; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; @@ -107,52 +108,77 @@ public class AuthenticationManager extends MOAIDAuthConstants { @Autowired(required=true) private MOAMetadataProvider metadataProvider; public void performSingleLogOut(HttpServletRequest httpReq, - HttpServletResponse httpResp, AuthenticationSession session, PVPTargetConfiguration pvpReq) throws MOAIDException { + HttpServletResponse httpResp, IAuthenticationSession session, PVPTargetConfiguration pvpReq) throws MOAIDException { performSingleLogOut(httpReq, httpResp, session, pvpReq, null); } public void performSingleLogOut(HttpServletRequest httpReq, - HttpServletResponse httpResp, AuthenticationSession session, String authURL) throws MOAIDException { + HttpServletResponse httpResp, IAuthenticationSession session, String authURL) throws MOAIDException { performSingleLogOut(httpReq, httpResp, session, null, authURL); } + /** + * @param req + * @param resp + * @param moasessionid + */ + public void performOnlyIDPLogOut(AuthenticationSession authSession) { + + if (authSession == null) { + Logger.info("No internal MOA SSO-Session found. Nothing to destroy"); + return; + + } + + try { + + authSession.setAuthenticated(false); + //HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session + + //log Session_Destroy to reversionslog + AuthenticationSessionExtensions sessionExtensions = authenticatedSessionStore.getAuthenticationSessionExtensions(authSession.getSessionID()); + revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, sessionExtensions.getUniqueSessionId()); + + authenticatedSessionStore.destroyInternalSSOSession(authSession.getSessionID()); + + //session.invalidate(); + + } catch (MOADatabaseException e) { + Logger.info("NO MOA Authentication data for ID " + authSession.getSessionID()); + return; + } + + } + + public void performOnlyIDPLogOut(HttpServletRequest request, - HttpServletResponse response, String moaSessionID) { + HttpServletResponse response, String internalMOASsoSessionID) { Logger.info("Remove active user-session"); - if(moaSessionID == null) { - moaSessionID = (String) request.getParameter(PARAM_SESSIONID); + if(internalMOASsoSessionID == null) { + internalMOASsoSessionID = (String) request.getParameter(PARAM_SESSIONID); } - if(moaSessionID == null) { + if(internalMOASsoSessionID == null) { Logger.info("NO MOA Session to logout"); return; } AuthenticationSession authSession; try { - authSession = authenticatedSessionStore.getSession(moaSessionID); + authSession = authenticatedSessionStore.getInternalSSOSession(internalMOASsoSessionID); if(authSession == null) { - Logger.info("NO MOA Authentication data for ID " + moaSessionID); + Logger.info("NO MOA Authentication data for ID " + internalMOASsoSessionID); return; } - - authSession.setAuthenticated(false); - //HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session - - //log Session_Destroy to reversionslog - AuthenticationSessionExtensions sessionExtensions = authenticatedSessionStore.getAuthenticationSessionExtensions(moaSessionID); - revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, sessionExtensions.getUniqueSessionId()); - - authenticatedSessionStore.destroySession(moaSessionID); - - //session.invalidate(); - + + performOnlyIDPLogOut(authSession); + } catch (MOADatabaseException e) { - Logger.info("NO MOA Authentication data for ID " + moaSessionID); + Logger.info("NO MOA Authentication data for ID " + internalMOASsoSessionID); return; } @@ -200,7 +226,8 @@ public class AuthenticationManager extends MOAIDAuthConstants { revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO_INVALID); - authenticatedSessionStore.destroySession(correspondingMOASession); + //destroy internal SSO-session object and SSO-session cooky + authenticatedSessionStore.destroyInternalSSOSession(correspondingMOASession); ssoManager.deleteSSOSessionID(httpReq, httpResp); } } @@ -224,12 +251,11 @@ public class AuthenticationManager extends MOAIDAuthConstants { pendingReq.setNeedSingleSignOnFunctionality(isSSOAllowed); //get MOASession from SSO-Cookie if SSO is allowed - AuthenticationSession moaSession = null; + AuthenticationSession ssoMOASession = null; if (isValidSSOSession && isSSOAllowed) { - String moasessionID = ssoManager.getMOASession(ssoId); - moaSession = authenticatedSessionStore.getSession(moasessionID); + ssoMOASession = ssoManager.getInternalMOASession(ssoId); - if (moaSession == null) + if (ssoMOASession == null) Logger.info("No MOASession FOUND with provided SSO-Cookie."); else { @@ -240,8 +266,8 @@ public class AuthenticationManager extends MOAIDAuthConstants { } //check if session is already authenticated - boolean isSessionAuthenticated = tryPerformAuthentication((RequestImpl) pendingReq, moaSession); - + boolean isSessionAuthenticated = tryPerformAuthentication((RequestImpl) pendingReq, ssoMOASession); + //force new authentication authentication process if (pendingReq.forceAuth()) { startAuthenticationProcess(httpReq, httpResp, pendingReq); @@ -256,7 +282,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { if (isSessionAuthenticated) { // Passive authentication ok! revisionsLogger.logEvent(oaParam, pendingReq, MOAIDEventConstants.AUTHPROCESS_FINISHED); - return moaSession; + return ssoMOASession; } else { throw new NoPassivAuthenticationException(); @@ -267,7 +293,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { // Is authenticated .. proceed revisionsLogger.logEvent(oaParam, pendingReq, MOAIDEventConstants.AUTHPROCESS_FINISHED); - return moaSession; + return ssoMOASession; } else { // Start authentication! @@ -286,29 +312,30 @@ public class AuthenticationManager extends MOAIDAuthConstants { * @return true if session is already authenticated, otherwise false * @throws MOAIDException */ - private boolean tryPerformAuthentication(RequestImpl protocolRequest, AuthenticationSession moaSession) { + private boolean tryPerformAuthentication(RequestImpl protocolRequest, AuthenticationSession ssoMOASession) { //if no MOASession exist -> authentication is required - if (moaSession == null) { + if (ssoMOASession == null) { return false; } else { - //if MOASession is Found but not authenticated --> authentication is required - if (!moaSession.isAuthenticated()) { + //if MOA SSO-Session is found but not authenticated --> authentication is required + if (!ssoMOASession.isAuthenticated()) { return false; } //if MOASession is already authenticated and protocol-request is authenticated // --> no authentication is required any more - else if (moaSession.isAuthenticated() && protocolRequest.isAuthenticated()) { + else if (ssoMOASession.isAuthenticated() && protocolRequest.isAuthenticated()) { + protocolRequest.setInternalSSOSessionIdentifier(ssoMOASession.getSessionID()); return true; // if MOASession is authenticated and SSO is allowed --> authenticate pendingRequest } else if (!protocolRequest.isAuthenticated() - && moaSession.isAuthenticated() && protocolRequest.needSingleSignOnFunctionality()) { + && ssoMOASession.isAuthenticated() && protocolRequest.needSingleSignOnFunctionality()) { Logger.debug("Found active MOASession and SSO is allowed --> pendingRequest is authenticted"); protocolRequest.setAuthenticated(true); - protocolRequest.setMOASessionIdentifier(moaSession.getSessionID()); + protocolRequest.setInternalSSOSessionIdentifier(ssoMOASession.getSessionID()); return true; } @@ -336,19 +363,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { //check legacy request parameter boolean legacyparamavail = ParamValidatorUtils.areAllLegacyParametersAvailable(httpReq); - - //create MOASession object - AuthenticationSession moasession; - try { - moasession = authenticatedSessionStore.createSession(pendingReq); - pendingReq.setMOASessionIdentifier(moasession.getSessionID()); - - } catch (MOADatabaseException e1) { - Logger.error("Database Error! MOASession can not be created!"); - throw new MOAIDException("init.04", new Object[] {}); - - } - + //create authentication process execution context ExecutionContext executionContext = new ExecutionContextImpl(); @@ -441,7 +456,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { } private void performSingleLogOut(HttpServletRequest httpReq, - HttpServletResponse httpResp, AuthenticationSession session, PVPTargetConfiguration pvpReq, String authURL) throws MOAIDException { + HttpServletResponse httpResp, IAuthenticationSession session, PVPTargetConfiguration pvpReq, String authURL) throws MOAIDException { String pvpSLOIssuer = null; String inboundRelayState = null; String uniqueSessionIdentifier = "notSet"; @@ -491,7 +506,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { //terminate MOASession try { - authenticatedSessionStore.destroySession(session.getSessionID()); + authenticatedSessionStore.destroyInternalSSOSession(session.getSessionID()); ssoManager.deleteSSOSessionID(httpReq, httpResp); revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, uniqueSessionIdentifier); @@ -663,4 +678,5 @@ public class AuthenticationManager extends MOAIDAuthConstants { e.printStackTrace(); } } + } |