1 files changed, 68 insertions, 52 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 34b250bf0..f718777b0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -59,6 +59,7 @@ import at.gv.egovernment.moa.id.auth.modules.registration.ModuleRegistration;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
@@ -107,52 +108,77 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 	@Autowired(required=true) private MOAMetadataProvider metadataProvider;
 	
 	public void performSingleLogOut(HttpServletRequest httpReq,
-	HttpServletResponse httpResp, AuthenticationSession session, PVPTargetConfiguration pvpReq) throws MOAIDException {
+	HttpServletResponse httpResp, IAuthenticationSession session, PVPTargetConfiguration pvpReq) throws MOAIDException {
 		performSingleLogOut(httpReq, httpResp, session, pvpReq, null);
 		
 	}
 	
 	public void performSingleLogOut(HttpServletRequest httpReq,
-	HttpServletResponse httpResp, AuthenticationSession session, String authURL) throws MOAIDException {
+	HttpServletResponse httpResp, IAuthenticationSession session, String authURL) throws MOAIDException {
 		performSingleLogOut(httpReq, httpResp, session, null, authURL);
 		
 	}
 	
+	/**
+	 * @param req
+	 * @param resp
+	 * @param moasessionid
+	 */
+	public void performOnlyIDPLogOut(AuthenticationSession authSession) {
+		
+		if (authSession == null) {
+			Logger.info("No internal MOA SSO-Session found. Nothing to destroy");
+			return;
+			
+		}
+		
+		try {
+									
+			authSession.setAuthenticated(false);
+			//HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session
+
+			//log Session_Destroy to reversionslog
+			AuthenticationSessionExtensions sessionExtensions = authenticatedSessionStore.getAuthenticationSessionExtensions(authSession.getSessionID());
+			revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, sessionExtensions.getUniqueSessionId());
+			
+			authenticatedSessionStore.destroyInternalSSOSession(authSession.getSessionID());
+			
+			//session.invalidate();
+		
+		} catch (MOADatabaseException e) {
+			Logger.info("NO MOA Authentication data for ID " + authSession.getSessionID());
+			return;
+		}
+		
+	}
+	
+	
 	public void performOnlyIDPLogOut(HttpServletRequest request,
-			HttpServletResponse response, String moaSessionID) {
+			HttpServletResponse response, String internalMOASsoSessionID) {
 		Logger.info("Remove active user-session");
 
-		if(moaSessionID == null) {
-			moaSessionID = (String) request.getParameter(PARAM_SESSIONID);
+		if(internalMOASsoSessionID == null) {
+			internalMOASsoSessionID = (String) request.getParameter(PARAM_SESSIONID);
 		}
 		
-		if(moaSessionID == null) {
+		if(internalMOASsoSessionID == null) {
 			Logger.info("NO MOA Session to logout");
 			return;
 		}
 		
 		AuthenticationSession authSession;
 		try {
-			authSession = authenticatedSessionStore.getSession(moaSessionID);
+			authSession = authenticatedSessionStore.getInternalSSOSession(internalMOASsoSessionID);
 
 			if(authSession == null) {
-				Logger.info("NO MOA Authentication data for ID " + moaSessionID);
+				Logger.info("NO MOA Authentication data for ID " + internalMOASsoSessionID);
 				return;
 			}
-			
-			authSession.setAuthenticated(false);
-			//HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session
-
-			//log Session_Destroy to reversionslog
-			AuthenticationSessionExtensions sessionExtensions = authenticatedSessionStore.getAuthenticationSessionExtensions(moaSessionID);
-			revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, sessionExtensions.getUniqueSessionId());
-			
-			authenticatedSessionStore.destroySession(moaSessionID);
-			
-			//session.invalidate();
-		
+						
+			performOnlyIDPLogOut(authSession);
+					
 		} catch (MOADatabaseException e) {
-			Logger.info("NO MOA Authentication data for ID " + moaSessionID);
+			Logger.info("NO MOA Authentication data for ID " + internalMOASsoSessionID);
 			return;
 		}
 
@@ -200,7 +226,8 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 				revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), 
 						pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO_INVALID);
 				
-				authenticatedSessionStore.destroySession(correspondingMOASession);
+				//destroy internal SSO-session object and SSO-session cooky
+				authenticatedSessionStore.destroyInternalSSOSession(correspondingMOASession);
 				ssoManager.deleteSSOSessionID(httpReq, httpResp);
 			}
 		}
@@ -224,12 +251,11 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 		pendingReq.setNeedSingleSignOnFunctionality(isSSOAllowed);
 						
 		//get MOASession from SSO-Cookie if SSO is allowed
-		AuthenticationSession moaSession = null;
+		AuthenticationSession ssoMOASession = null;
 		if (isValidSSOSession && isSSOAllowed) {
-			String moasessionID = ssoManager.getMOASession(ssoId);
-			moaSession = authenticatedSessionStore.getSession(moasessionID);
+			ssoMOASession = ssoManager.getInternalMOASession(ssoId);
 			
-			if (moaSession == null)
+			if (ssoMOASession == null)
 				Logger.info("No MOASession FOUND with provided SSO-Cookie.");
 			
 			else {
@@ -240,8 +266,8 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 		}
 						
 		//check if session is already authenticated
-		boolean isSessionAuthenticated = tryPerformAuthentication((RequestImpl) pendingReq, moaSession);
-				
+		boolean isSessionAuthenticated = tryPerformAuthentication((RequestImpl) pendingReq, ssoMOASession);
+
 		//force new authentication authentication process
 		if (pendingReq.forceAuth()) {	
 			startAuthenticationProcess(httpReq, httpResp, pendingReq);
@@ -256,7 +282,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 			if (isSessionAuthenticated) {
 				// Passive authentication ok!
 				revisionsLogger.logEvent(oaParam, pendingReq, MOAIDEventConstants.AUTHPROCESS_FINISHED);
-				return moaSession;
+				return ssoMOASession;
 				
 			} else {				
 				throw new NoPassivAuthenticationException();
@@ -267,7 +293,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 				// Is authenticated .. proceed
 				revisionsLogger.logEvent(oaParam, 
 						pendingReq, MOAIDEventConstants.AUTHPROCESS_FINISHED);
-				return moaSession;
+				return ssoMOASession;
 				
 			} else {
 				// Start authentication!
@@ -286,29 +312,30 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 	 * @return true if session is already authenticated, otherwise false
 	 * @throws MOAIDException 
 	 */
-	private boolean tryPerformAuthentication(RequestImpl protocolRequest, AuthenticationSession moaSession) {
+	private boolean tryPerformAuthentication(RequestImpl protocolRequest, AuthenticationSession ssoMOASession) {
 
 		//if no MOASession exist -> authentication is required
-		if (moaSession == null) {
+		if (ssoMOASession == null) {
 			return false;
 			
 		} else {
-			//if MOASession is Found but not authenticated --> authentication is required
-			if (!moaSession.isAuthenticated()) {
+			//if MOA SSO-Session is found but not authenticated --> authentication is required
+			if (!ssoMOASession.isAuthenticated()) {
 				return false;
 			}
 			
 			//if MOASession is already authenticated and protocol-request is authenticated 
 			//  --> no authentication is required any more
-			else if (moaSession.isAuthenticated() && protocolRequest.isAuthenticated()) {
+			else if (ssoMOASession.isAuthenticated() && protocolRequest.isAuthenticated()) {
+				protocolRequest.setInternalSSOSessionIdentifier(ssoMOASession.getSessionID());
 				return true;
 
 			// if MOASession is authenticated and SSO is allowed --> authenticate pendingRequest
 			} else if (!protocolRequest.isAuthenticated() 
-					&& moaSession.isAuthenticated() && protocolRequest.needSingleSignOnFunctionality()) {
+					&& ssoMOASession.isAuthenticated() && protocolRequest.needSingleSignOnFunctionality()) {
 				Logger.debug("Found active MOASession and SSO is allowed --> pendingRequest is authenticted");
 				protocolRequest.setAuthenticated(true);
-				protocolRequest.setMOASessionIdentifier(moaSession.getSessionID());
+				protocolRequest.setInternalSSOSessionIdentifier(ssoMOASession.getSessionID());
 				return true;
 				
 			}
@@ -336,19 +363,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 
 		//check legacy request parameter 
 		boolean legacyparamavail = ParamValidatorUtils.areAllLegacyParametersAvailable(httpReq);
-		
-		//create MOASession object
-		AuthenticationSession moasession;
-		try {
-			moasession = authenticatedSessionStore.createSession(pendingReq);
-			pendingReq.setMOASessionIdentifier(moasession.getSessionID());
-			
-		} catch (MOADatabaseException e1) {
-			Logger.error("Database Error! MOASession can not be created!");
-			throw new MOAIDException("init.04", new Object[] {});
-			
-		}
-		
+				
 		//create authentication process execution context
 		ExecutionContext executionContext = new ExecutionContextImpl();
 		
@@ -441,7 +456,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 	}
 	
 	private void performSingleLogOut(HttpServletRequest httpReq,
-	HttpServletResponse httpResp, AuthenticationSession session, PVPTargetConfiguration pvpReq, String authURL) throws MOAIDException {		
+	HttpServletResponse httpResp, IAuthenticationSession session, PVPTargetConfiguration pvpReq, String authURL) throws MOAIDException {		
 		String pvpSLOIssuer = null;
 		String inboundRelayState = null;
 		String uniqueSessionIdentifier = "notSet";
@@ -491,7 +506,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 		
 		//terminate MOASession
 		try {			
-			authenticatedSessionStore.destroySession(session.getSessionID());
+			authenticatedSessionStore.destroyInternalSSOSession(session.getSessionID());
 			ssoManager.deleteSSOSessionID(httpReq, httpResp);
 			revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, uniqueSessionIdentifier);
 
@@ -663,4 +678,5 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 			e.printStackTrace();
 		}				
 	}
+
 }