diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java | 49 |
1 files changed, 34 insertions, 15 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index 0bba644bb..a45540726 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -1,7 +1,6 @@ package at.gv.egovernment.moa.id.moduls; import java.io.IOException; -import java.io.PrintWriter; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; @@ -11,9 +10,7 @@ import javax.servlet.http.HttpSession; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.WrongParametersException; -import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.entrypoints.AuthDispatcherServlet; import at.gv.egovernment.moa.id.util.HTTPSessionUtils; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; @@ -45,34 +42,58 @@ public class AuthenticationManager implements MOAIDAuthConstants { Logger.info("Checking authentication"); HttpSession session = request.getSession(); + + String moaSessionID = HTTPSessionUtils.getHTTPSessionString(session, MOA_SESSION, null); + + if(moaSessionID == null) { + Logger.info("NO MOA Session to logout"); + return false; + } + + AuthenticationSession authSession = AuthenticationSessionStore + .getSession(moaSessionID); + + if(authSession == null) { + Logger.info("NO MOA Authentication data for ID " + moaSessionID); + return false; + } + + return authSession.isAuthenticated(); + } + /** + * Checks if this request can authenticate a MOA Session + * + * @param request + * @param response + * @return + */ + public static boolean tryPerformAuthentication(HttpServletRequest request, + HttpServletResponse response) { + + HttpSession session = request.getSession(); + String sessionID = (String) request.getParameter(PARAM_SESSIONID); if (sessionID != null) { Logger.info("got MOASession: " + sessionID); AuthenticationSession authSession = AuthenticationSessionStore .getSession(sessionID); - //AuthenticationSessionStore.dumpSessionStore(); if (authSession != null) { Logger.info("MOASession found! A: " + authSession.isAuthenticated() + ", AU " + authSession.isAuthenticatedUsed()); if (authSession.isAuthenticated() && !authSession.isAuthenticatedUsed()) { - session.invalidate(); - session = request.getSession(); - // HTTPSessionUtils.setHTTPSessionBoolean(session, - // MOA_AUTHENTICATED, true); authSession.setAuthenticatedUsed(true); HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, sessionID); + return true; // got authenticated } - return authSession.isAuthenticated(); } } - return false; } - + public static void logout(HttpServletRequest request, HttpServletResponse response) { Logger.info("Logout"); @@ -109,10 +130,8 @@ public class AuthenticationManager implements MOAIDAuthConstants { throws ServletException, IOException, MOAIDException { HttpSession session = request.getSession(); Logger.info("Starting authentication ..."); - String modul = (String) session - .getAttribute(AuthDispatcherServlet.PARAM_TARGET_PATH); - String protocol = (String) session - .getAttribute(AuthDispatcherServlet.PARAM_TARGET_PROTOCOL); + String modul = target.requestedModule(); + String protocol = target.requestedAction(); if (!ParamValidatorUtils.isValidOA(target.getOAURL())) throw new WrongParametersException("StartAuthentication", PARAM_OA, |