diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls')
3 files changed, 116 insertions, 64 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index 34b250bf0..f718777b0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -59,6 +59,7 @@ import at.gv.egovernment.moa.id.auth.modules.registration.ModuleRegistration; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; @@ -107,52 +108,77 @@ public class AuthenticationManager extends MOAIDAuthConstants { @Autowired(required=true) private MOAMetadataProvider metadataProvider; public void performSingleLogOut(HttpServletRequest httpReq, - HttpServletResponse httpResp, AuthenticationSession session, PVPTargetConfiguration pvpReq) throws MOAIDException { + HttpServletResponse httpResp, IAuthenticationSession session, PVPTargetConfiguration pvpReq) throws MOAIDException { performSingleLogOut(httpReq, httpResp, session, pvpReq, null); } public void performSingleLogOut(HttpServletRequest httpReq, - HttpServletResponse httpResp, AuthenticationSession session, String authURL) throws MOAIDException { + HttpServletResponse httpResp, IAuthenticationSession session, String authURL) throws MOAIDException { performSingleLogOut(httpReq, httpResp, session, null, authURL); } + /** + * @param req + * @param resp + * @param moasessionid + */ + public void performOnlyIDPLogOut(AuthenticationSession authSession) { + + if (authSession == null) { + Logger.info("No internal MOA SSO-Session found. Nothing to destroy"); + return; + + } + + try { + + authSession.setAuthenticated(false); + //HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session + + //log Session_Destroy to reversionslog + AuthenticationSessionExtensions sessionExtensions = authenticatedSessionStore.getAuthenticationSessionExtensions(authSession.getSessionID()); + revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, sessionExtensions.getUniqueSessionId()); + + authenticatedSessionStore.destroyInternalSSOSession(authSession.getSessionID()); + + //session.invalidate(); + + } catch (MOADatabaseException e) { + Logger.info("NO MOA Authentication data for ID " + authSession.getSessionID()); + return; + } + + } + + public void performOnlyIDPLogOut(HttpServletRequest request, - HttpServletResponse response, String moaSessionID) { + HttpServletResponse response, String internalMOASsoSessionID) { Logger.info("Remove active user-session"); - if(moaSessionID == null) { - moaSessionID = (String) request.getParameter(PARAM_SESSIONID); + if(internalMOASsoSessionID == null) { + internalMOASsoSessionID = (String) request.getParameter(PARAM_SESSIONID); } - if(moaSessionID == null) { + if(internalMOASsoSessionID == null) { Logger.info("NO MOA Session to logout"); return; } AuthenticationSession authSession; try { - authSession = authenticatedSessionStore.getSession(moaSessionID); + authSession = authenticatedSessionStore.getInternalSSOSession(internalMOASsoSessionID); if(authSession == null) { - Logger.info("NO MOA Authentication data for ID " + moaSessionID); + Logger.info("NO MOA Authentication data for ID " + internalMOASsoSessionID); return; } - - authSession.setAuthenticated(false); - //HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session - - //log Session_Destroy to reversionslog - AuthenticationSessionExtensions sessionExtensions = authenticatedSessionStore.getAuthenticationSessionExtensions(moaSessionID); - revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, sessionExtensions.getUniqueSessionId()); - - authenticatedSessionStore.destroySession(moaSessionID); - - //session.invalidate(); - + + performOnlyIDPLogOut(authSession); + } catch (MOADatabaseException e) { - Logger.info("NO MOA Authentication data for ID " + moaSessionID); + Logger.info("NO MOA Authentication data for ID " + internalMOASsoSessionID); return; } @@ -200,7 +226,8 @@ public class AuthenticationManager extends MOAIDAuthConstants { revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO_INVALID); - authenticatedSessionStore.destroySession(correspondingMOASession); + //destroy internal SSO-session object and SSO-session cooky + authenticatedSessionStore.destroyInternalSSOSession(correspondingMOASession); ssoManager.deleteSSOSessionID(httpReq, httpResp); } } @@ -224,12 +251,11 @@ public class AuthenticationManager extends MOAIDAuthConstants { pendingReq.setNeedSingleSignOnFunctionality(isSSOAllowed); //get MOASession from SSO-Cookie if SSO is allowed - AuthenticationSession moaSession = null; + AuthenticationSession ssoMOASession = null; if (isValidSSOSession && isSSOAllowed) { - String moasessionID = ssoManager.getMOASession(ssoId); - moaSession = authenticatedSessionStore.getSession(moasessionID); + ssoMOASession = ssoManager.getInternalMOASession(ssoId); - if (moaSession == null) + if (ssoMOASession == null) Logger.info("No MOASession FOUND with provided SSO-Cookie."); else { @@ -240,8 +266,8 @@ public class AuthenticationManager extends MOAIDAuthConstants { } //check if session is already authenticated - boolean isSessionAuthenticated = tryPerformAuthentication((RequestImpl) pendingReq, moaSession); - + boolean isSessionAuthenticated = tryPerformAuthentication((RequestImpl) pendingReq, ssoMOASession); + //force new authentication authentication process if (pendingReq.forceAuth()) { startAuthenticationProcess(httpReq, httpResp, pendingReq); @@ -256,7 +282,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { if (isSessionAuthenticated) { // Passive authentication ok! revisionsLogger.logEvent(oaParam, pendingReq, MOAIDEventConstants.AUTHPROCESS_FINISHED); - return moaSession; + return ssoMOASession; } else { throw new NoPassivAuthenticationException(); @@ -267,7 +293,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { // Is authenticated .. proceed revisionsLogger.logEvent(oaParam, pendingReq, MOAIDEventConstants.AUTHPROCESS_FINISHED); - return moaSession; + return ssoMOASession; } else { // Start authentication! @@ -286,29 +312,30 @@ public class AuthenticationManager extends MOAIDAuthConstants { * @return true if session is already authenticated, otherwise false * @throws MOAIDException */ - private boolean tryPerformAuthentication(RequestImpl protocolRequest, AuthenticationSession moaSession) { + private boolean tryPerformAuthentication(RequestImpl protocolRequest, AuthenticationSession ssoMOASession) { //if no MOASession exist -> authentication is required - if (moaSession == null) { + if (ssoMOASession == null) { return false; } else { - //if MOASession is Found but not authenticated --> authentication is required - if (!moaSession.isAuthenticated()) { + //if MOA SSO-Session is found but not authenticated --> authentication is required + if (!ssoMOASession.isAuthenticated()) { return false; } //if MOASession is already authenticated and protocol-request is authenticated // --> no authentication is required any more - else if (moaSession.isAuthenticated() && protocolRequest.isAuthenticated()) { + else if (ssoMOASession.isAuthenticated() && protocolRequest.isAuthenticated()) { + protocolRequest.setInternalSSOSessionIdentifier(ssoMOASession.getSessionID()); return true; // if MOASession is authenticated and SSO is allowed --> authenticate pendingRequest } else if (!protocolRequest.isAuthenticated() - && moaSession.isAuthenticated() && protocolRequest.needSingleSignOnFunctionality()) { + && ssoMOASession.isAuthenticated() && protocolRequest.needSingleSignOnFunctionality()) { Logger.debug("Found active MOASession and SSO is allowed --> pendingRequest is authenticted"); protocolRequest.setAuthenticated(true); - protocolRequest.setMOASessionIdentifier(moaSession.getSessionID()); + protocolRequest.setInternalSSOSessionIdentifier(ssoMOASession.getSessionID()); return true; } @@ -336,19 +363,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { //check legacy request parameter boolean legacyparamavail = ParamValidatorUtils.areAllLegacyParametersAvailable(httpReq); - - //create MOASession object - AuthenticationSession moasession; - try { - moasession = authenticatedSessionStore.createSession(pendingReq); - pendingReq.setMOASessionIdentifier(moasession.getSessionID()); - - } catch (MOADatabaseException e1) { - Logger.error("Database Error! MOASession can not be created!"); - throw new MOAIDException("init.04", new Object[] {}); - - } - + //create authentication process execution context ExecutionContext executionContext = new ExecutionContextImpl(); @@ -441,7 +456,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { } private void performSingleLogOut(HttpServletRequest httpReq, - HttpServletResponse httpResp, AuthenticationSession session, PVPTargetConfiguration pvpReq, String authURL) throws MOAIDException { + HttpServletResponse httpResp, IAuthenticationSession session, PVPTargetConfiguration pvpReq, String authURL) throws MOAIDException { String pvpSLOIssuer = null; String inboundRelayState = null; String uniqueSessionIdentifier = "notSet"; @@ -491,7 +506,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { //terminate MOASession try { - authenticatedSessionStore.destroySession(session.getSessionID()); + authenticatedSessionStore.destroyInternalSSOSession(session.getSessionID()); ssoManager.deleteSSOSessionID(httpReq, httpResp); revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, uniqueSessionIdentifier); @@ -663,4 +678,5 @@ public class AuthenticationManager extends MOAIDAuthConstants { e.printStackTrace(); } } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java index ffc6012c9..b612352c6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java @@ -26,6 +26,7 @@ import java.io.Serializable; import java.net.MalformedURLException; import java.net.URL; import java.util.Collection; +import java.util.Date; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -35,10 +36,14 @@ import javax.servlet.http.HttpServletRequest; import org.opensaml.saml2.metadata.provider.MetadataProvider; import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.commons.MOAIDConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.data.AuthProzessDataConstants; +import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; @@ -67,8 +72,8 @@ public abstract class RequestImpl implements IRequest, Serializable{ private String action = null; private String requestID; - private String moaSessionIdentifier; private String processInstanceId; + private String ssoMoaSessionId; private String uniqueTransactionIdentifer; private String uniqueSessionIdentifer; @@ -91,6 +96,8 @@ public abstract class RequestImpl implements IRequest, Serializable{ private Map<String, Object> genericDataStorage = new HashMap<String, Object>(); + private IAuthenticationSession moaSSOSessionContainer = null; + /** * @throws ConfigurationException @@ -99,11 +106,14 @@ public abstract class RequestImpl implements IRequest, Serializable{ public final void initialize(HttpServletRequest req) throws ConfigurationException { //set requestID requestID = Random.nextLongRandom(); - + //set unique transaction identifier for logging uniqueTransactionIdentifer = Random.nextLongRandom(); TransactionIDUtils.setTransactionId(uniqueTransactionIdentifer); + //initialize session object + genericDataStorage.put(AuthProzessDataConstants.VALUE_CREATED, new Date()); + genericDataStorage.put(AuthProzessDataConstants.VALUE_SESSIONID, Random.nextLongRandom()); //check if End-Point is valid String authURLString = HTTPUtils.extractAuthURLFromRequest(req); @@ -247,16 +257,41 @@ public abstract class RequestImpl implements IRequest, Serializable{ return requestID; } - public String getMOASessionIdentifier() { - return this.moaSessionIdentifier; + public String getInternalSSOSessionIdentifier() { + return this.ssoMoaSessionId; + } + + /** + * Set the internal SSO session identifier, which associated with this pending request + * + * @param internalSSOSessionId + */ + public void setInternalSSOSessionIdentifier(String internalSSOSessionId) { + this.ssoMoaSessionId = internalSSOSessionId; } - public void setMOASessionIdentifier(String moaSessionIdentifier) { - this.moaSessionIdentifier = moaSessionIdentifier; + public IAuthenticationSession getMOASession() { + //if SSO session information are set, use this + if (moaSSOSessionContainer != null) + return moaSSOSessionContainer; + else + return new AuthenticationSessionWrapper(genericDataStorage); + } + public void populateMOASessionWithSSOInformation(IAuthenticationSession ssoSession) { + if (ssoSession instanceof AuthenticationSession) { + moaSSOSessionContainer = ssoSession; + + } else + throw new IllegalStateException("Session information can only be populated with SSO information from database"); + + + } + + public IOAAuthParameters getOnlineApplicationConfiguration() { return this.OAConfiguration; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java index c27012ba9..557d9af48 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java @@ -31,6 +31,7 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; @@ -157,7 +158,7 @@ public class SSOManager { } else { Logger.warn("MOASession is marked as interfederated SSO session but no interfederated IDP is found. Switch to local authentication ..."); try { - authenticatedSessionStore.destroySession(storedSession.getSessionid()); + authenticatedSessionStore.destroyInternalSSOSession(storedSession.getSessionid()); } catch (MOADatabaseException e) { Logger.error("Delete MOASession with ID:" + storedSession.getSessionid() + " FAILED!" , e); @@ -175,8 +176,8 @@ public class SSOManager { } - public String getMOASession(String ssoSessionID) { - return authenticatedSessionStore.getMOASessionSSOID(ssoSessionID); + public AuthenticationSession getInternalMOASession(String ssoSessionID) throws MOADatabaseException { + return authenticatedSessionStore.getInternalMOASessionWithSSOID(ssoSessionID); } @@ -184,9 +185,9 @@ public class SSOManager { public String getUniqueSessionIdentifier(String ssoSessionID) { try { if (MiscUtil.isNotEmpty(ssoSessionID)) { - String moaSessionID = authenticatedSessionStore.getMOASessionSSOID(ssoSessionID); - if (MiscUtil.isNotEmpty(moaSessionID)) { - AuthenticationSessionExtensions extSessionInformation = authenticatedSessionStore.getAuthenticationSessionExtensions(moaSessionID); + AuthenticationSession moaSession = authenticatedSessionStore.getInternalMOASessionWithSSOID(ssoSessionID); + if (moaSession != null) { + AuthenticationSessionExtensions extSessionInformation = authenticatedSessionStore.getAuthenticationSessionExtensions(moaSession.getSessionID()); return extSessionInformation.getUniqueSessionId(); } |