diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java | 103 |
1 files changed, 29 insertions, 74 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index be0132c14..655c507be 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -1,3 +1,25 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ package at.gv.egovernment.moa.id.moduls; import java.io.IOException; @@ -7,24 +29,20 @@ import java.util.List; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; -import at.gv.egovernment.moa.id.AuthenticationException; -import at.gv.egovernment.moa.id.BuildException; -import at.gv.egovernment.moa.id.MOAIDException; -import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder; import at.gv.egovernment.moa.id.auth.builder.SendAssertionFormBuilder; import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.auth.exception.BuildException; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser; import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.OAParameter; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; -import at.gv.egovernment.moa.id.util.HTTPSessionUtils; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.StringUtils; @@ -48,61 +66,6 @@ public class AuthenticationManager extends AuthServlet { } -// public AuthenticationSession getAuthenticationSession( -// HttpSession session) { -// String sessionID = HTTPSessionUtils.getHTTPSessionString(session, -// MOA_SESSION, null); -// if (sessionID != null) { -// try { -// return AuthenticationSessionStoreage.getSession(sessionID); -// -// } catch (MOADatabaseException e) { -// return null; -// } -// } -// return null; -// } - -// /** -// * Checks if the session is authenticated -// * -// * @param request -// * @param response -// * @return -// */ -// public boolean isAuthenticated(HttpServletRequest request, -// HttpServletResponse response) { -// Logger.info("Checking authentication"); -// -// HttpSession session = request.getSession(); -// -// String moaSessionID = HTTPSessionUtils.getHTTPSessionString(session, MOA_SESSION, null); -// -// if(moaSessionID == null) { -// Logger.info("NO MOA Session to logout"); -// return false; -// } -// -//// AuthenticationSession authSession; -//// try { -//// authSession = AuthenticationSessionStoreage -//// .getSession(moaSessionID); -//// -//// } catch (MOADatabaseException e) { -//// Logger.info("NO MOA Authentication data for ID " + moaSessionID); -//// return false; -//// } -//// -//// if(authSession == null) { -//// Logger.info("NO MOA Authentication data for ID " + moaSessionID); -//// return false; -//// } -//// -//// return authSession.isAuthenticated(); -// -// return AuthenticationSessionStoreage.isAuthenticated(moaSessionID); -// } - /** * Checks if this request can authenticate a MOA Session * @@ -112,9 +75,7 @@ public class AuthenticationManager extends AuthServlet { */ public boolean tryPerformAuthentication(HttpServletRequest request, HttpServletResponse response) { - - HttpSession session = request.getSession(); - + String sessionID = (String) request.getParameter(PARAM_SESSIONID); if (sessionID != null) { Logger.info("got MOASession: " + sessionID); @@ -133,9 +94,7 @@ public class AuthenticationManager extends AuthServlet { authSession.setAuthenticatedUsed(true); AuthenticationSessionStoreage.storeSession(authSession); - -// HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, -// sessionID); + return true; // got authenticated } } @@ -153,10 +112,6 @@ public class AuthenticationManager extends AuthServlet { HttpServletResponse response, String moaSessionID) { Logger.info("Logout"); - HttpSession session = request.getSession(); - - //String moaSessionID = HTTPSessionUtils.getHTTPSessionString(session, MOA_SESSION, null); - if(moaSessionID == null) { moaSessionID = (String) request.getParameter(PARAM_SESSIONID); } @@ -284,7 +239,7 @@ public class AuthenticationManager extends AuthServlet { String loginForm = LoginFormBuilder.buildLoginForm(target.requestedModule(), - target.requestedAction(), oaParam.getFriendlyName(), request.getContextPath(), oaParam.useIFrame(), moasession.getSessionID()); + target.requestedAction(), oaParam, request.getContextPath(), moasession.getSessionID()); //store MOASession try { @@ -310,7 +265,7 @@ public class AuthenticationManager extends AuthServlet { throws ServletException, IOException, MOAIDException { String form = SendAssertionFormBuilder.buildForm(target.requestedModule(), - target.requestedAction(), target.getRequestID(), oaParam.getFriendlyName(), request.getContextPath(), oaParam.useIFrame()); + target.requestedAction(), target.getRequestID(), oaParam, request.getContextPath()); response.setContentType("text/html;charset=UTF-8"); PrintWriter out = new PrintWriter(response.getOutputStream()); |