diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java index ca3117a79..ff294dc3d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java @@ -31,6 +31,7 @@ import java.io.InputStreamReader; import java.io.Reader; import java.io.StringWriter; import java.net.URI; +import java.util.Date; import java.util.List; import javax.servlet.http.Cookie; @@ -132,7 +133,7 @@ public class SSOManager { } - public boolean isValidSSOSession(String ssoSessionID, IRequest protocolRequest) { + public boolean isValidSSOSession(String ssoSessionID, IRequest protocolRequest) throws ConfigurationException { // search SSO Session if (ssoSessionID == null) { @@ -144,8 +145,19 @@ public class SSOManager { if (storedSession == null) return false; - + else { + + //check if session is out of lifetime + Date now = new Date(); + long maxSSOSessionTime = AuthConfigurationProvider.getInstance().getTimeOuts().getMOASessionCreated().longValue() * 1000; + Date ssoSessionValidTo = new Date(storedSession.getCreated().getTime() + maxSSOSessionTime); + if (now.after(ssoSessionValidTo)) { + Logger.info("Found outdated SSO session information. Start reauthentication process ... "); + return false; + } + + //check if request starts an interfederated SSO session if (protocolRequest != null && protocolRequest instanceof RequestImpl && storedSession.isInterfederatedSSOSession() && |