diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java index 1e863ec81..84817ba7a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java @@ -1,5 +1,7 @@ package at.gv.egovernment.moa.id.moduls; +import java.security.NoSuchAlgorithmException; +import java.security.SecureRandom; import java.util.List; import javax.servlet.http.Cookie; @@ -13,6 +15,8 @@ import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.HTTPSessionUtils; import at.gv.egovernment.moa.id.util.Random; @@ -34,7 +38,14 @@ public class SSOManager { instance = new SSOManager(); //TODO: move to config based timeout! - sso_timeout = DEFAULTSSOTIMEOUT; + try { + sso_timeout = (int) AuthConfigurationProvider.getInstance().getTimeOuts().getMOASessionUpdated().longValue(); + + } catch (ConfigurationException e) { + Logger.info("SSO Timeout can not be loaded from MOA-ID configuration. Use default Timeout with " + DEFAULTSSOTIMEOUT); + sso_timeout = DEFAULTSSOTIMEOUT; + } + } return instance; @@ -100,10 +111,8 @@ public class SSOManager { public String storeSSOSessionInformations(String moaSessionID, String OAUrl) { - //TODO: use secure random number generation!!!!! String newSSOId = Random.nextRandom(); - - + System.out.println("generate new SSO Tokken (" + newSSOId + ")"); if (MiscUtil.isEmpty(moaSessionID) || MiscUtil.isEmpty(OAUrl)) { |