diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java')
| -rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java | 72 |
1 files changed, 39 insertions, 33 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java index 68545e1c2..2a618272f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java @@ -25,10 +25,8 @@ package at.gv.egovernment.moa.id.moduls; import java.io.BufferedReader; import java.io.File; import java.io.FileInputStream; -import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; -import java.io.Reader; import java.io.StringWriter; import java.net.URI; import java.util.Date; @@ -38,23 +36,21 @@ import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.apache.velocity.Template; import org.apache.velocity.VelocityContext; -import org.apache.velocity.app.Velocity; import org.apache.velocity.app.VelocityEngine; import org.hibernate.Query; import org.hibernate.Session; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.id.util.VelocityProvider; @@ -74,21 +70,11 @@ public class SSOManager { private static final int INTERFEDERATIONCOOKIEMAXAGE = 5 * 60;// sec private static SSOManager instance = null; - private static int sso_timeout; public static SSOManager getInstance() { if (instance == null) { instance = new SSOManager(); - - try { - sso_timeout = (int) AuthConfigurationProvider.getInstance().getTimeOuts().getMOASessionUpdated().longValue(); - - } - catch (ConfigurationException e) { - Logger.info("SSO Timeout can not be loaded from MOA-ID configuration. Use default Timeout with " + DEFAULTSSOTIMEOUT); - sso_timeout = DEFAULTSSOTIMEOUT; - } - + } return instance; @@ -99,7 +85,7 @@ public class SSOManager { String interIDP = httpReq.getParameter(MOAIDAuthConstants.INTERFEDERATION_IDP); if (MiscUtil.isNotEmpty(protocolRequest.getRequestedIDP())) { - Logger.info("Protocolspecific preprocessing already set interfederation IDP " + protocolRequest.getRequestedIDP()); + Logger.debug("Protocolspecific preprocessing already set interfederation IDP " + protocolRequest.getRequestedIDP()); return; } @@ -151,7 +137,7 @@ public class SSOManager { //check if session is out of lifetime Date now = new Date(); - long maxSSOSessionTime = AuthConfigurationProvider.getInstance().getTimeOuts().getMOASessionCreated().longValue() * 1000; + long maxSSOSessionTime = AuthConfigurationProviderFactory.getInstance().getSSOCreatedTimeOut() * 1000; Date ssoSessionValidTo = new Date(storedSession.getCreated().getTime() + maxSSOSessionTime); if (now.after(ssoSessionValidTo)) { Logger.info("Found outdated SSO session information. Start reauthentication process ... "); @@ -192,6 +178,24 @@ public class SSOManager { } + public String getUniqueSessionIdentifier(String ssoSessionID) { + try { + if (MiscUtil.isNotEmpty(ssoSessionID)) { + String moaSessionID = AuthenticationSessionStoreage.getMOASessionSSOID(ssoSessionID); + if (MiscUtil.isNotEmpty(moaSessionID)) { + AuthenticationSessionExtensions extSessionInformation = AuthenticationSessionStoreage.getAuthenticationSessionExtensions(moaSessionID); + return extSessionInformation.getUniqueSessionId(); + + } + } + } catch (MOADatabaseException e) { + Logger.debug("No SSO Session with SSO sessionID: " + ssoSessionID); + } + + return null; + } + + public String existsOldSSOSession(String ssoId) { Logger.trace("Check that the SSOID has already been used"); @@ -249,7 +253,15 @@ public class SSOManager { } public void setSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp, String ssoId) { - setCookie(httpReq, httpResp, SSOCOOKIE, ssoId, sso_timeout); + int ssoTimeOut; + try { + ssoTimeOut = (int) AuthConfigurationProviderFactory.getInstance().getSSOCreatedTimeOut(); + + } catch (ConfigurationException e) { + Logger.info("SSO Timeout can not be loaded from MOA-ID configuration. Use default Timeout with " + DEFAULTSSOTIMEOUT); + ssoTimeOut = DEFAULTSSOTIMEOUT; + } + setCookie(httpReq, httpResp, SSOCOOKIE, ssoId, -1); } @@ -305,7 +317,7 @@ public class SSOManager { InputStream is = null; String pathLocation = null; try { - String rootconfigdir = AuthConfigurationProvider.getInstance().getRootConfigFileDir(); + String rootconfigdir = AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir(); pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEFULL; File file = new File(new URI(pathLocation)); is = new FileInputStream(file); @@ -347,7 +359,7 @@ public class SSOManager { BufferedReader reader = new BufferedReader(new InputStreamReader(is )); //set default elements to velocity context - context.put("contextpath", AuthConfigurationProvider.getInstance().getPublicURLPrefix()); + context.put("contextpath", AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix()); StringWriter writer = new StringWriter(); //velocityEngine.evaluate(context, writer, "SLO_Template", reader); @@ -363,12 +375,7 @@ public class SSOManager { Cookie[] cookies = httpReq.getCookies(); if (cookies != null) { - for (Cookie cookie : cookies) { - - // funktioniert nicht, da Cookie seltsamerweise immer unsecure übertragen wird - // (firefox) - // if (cookie.getName().equals(SSOCOOKIE) && cookie.getSecure()) { - + for (Cookie cookie : cookies) { if (cookie.getName().equals(cookieName)) { return cookie.getValue(); } @@ -383,15 +390,14 @@ public class SSOManager { Cookie cookie = new Cookie(cookieName, cookieValue); cookie.setMaxAge(maxAge); cookie.setSecure(true); - - //TODO: could be a problem if the IDP is accessible from different contextPaths or Domains + cookie.setHttpOnly(true); cookie.setPath(httpReq.getContextPath()); - + httpResp.addCookie(cookie); } private void deleteCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, String cookieName) { - setCookie(httpReq, httpResp, cookieName, "", 1); + setCookie(httpReq, httpResp, cookieName, "", 0); } } |