diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls')
2 files changed, 122 insertions, 116 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index c2dd7b4ba..6544766b2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -95,7 +95,7 @@ public class AuthenticationManager extends AbstractAuthenticationManager { } if (MiscUtil.isEmpty(internalSSOId)) - internalSSOId = pendingReq.getSSOSessionIdentifier(); + internalSSOId = pendingReq.getInternalSSOSessionIdentifier(); } else { AuthenticationSessionExtensions sessionExt; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java index 1274a0407..97c4f40cd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java @@ -43,11 +43,12 @@ import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException; import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; @@ -85,7 +86,7 @@ public class SSOManager implements ISSOManager { //@Autowired private MOASessionDBUtils moaSessionDBUtils; - + @Override public boolean checkAndValidateSSOSession(IRequest pendingReq, HttpServletRequest httpReq, HttpServletResponse httpResp) throws EAAFSSOException { try { //get SSO cookie from http request @@ -112,10 +113,7 @@ public class SSOManager implements ISSOManager { //check if SSO Session is valid boolean isSSOValid = isValidSSOSession(ssoId, pendingReq); - - if (isSSOValid) - pendingReq.setSSOSessionIdentifier(ssoId); - + return isSSOValid; @@ -130,7 +128,7 @@ public class SSOManager implements ISSOManager { } - + @Override public void isSSOAllowedForSP(IRequest pendingReq, HttpServletRequest httpReq) { // check if Service-Provider allows SSO sessions IOAAuthParameters oaConfig = pendingReq.getServiceProviderConfiguration(OAAuthParameterDecorator.class); @@ -155,11 +153,11 @@ public class SSOManager implements ISSOManager { } + @Override public void populatePendingRequestWithSSOInformation(IRequest pendingReq) throws EAAFSSOException { //populate pending request with eID data from SSO session if no userConsent is required - try { - String ssoSessionId = authenticatedSessionStore.getInternalSSOSessionWithSSOID(pendingReq.getSSOSessionIdentifier()); - AuthenticationSession ssoMOASession = authenticatedSessionStore.getInternalSSOSession(ssoSessionId); + try { + AuthenticationSession ssoMOASession = authenticatedSessionStore.getInternalSSOSession(pendingReq.getInternalSSOSessionIdentifier()); if (ssoMOASession == null) Logger.info("No MOASession FOUND with provided SSO-Cookie."); @@ -176,8 +174,7 @@ public class SSOManager implements ISSOManager { } catch (EAAFStorageException e) { Logger.warn("Can NOT populate pending request from SSO session.", e); - throw new EAAFSSOException("", new Object[] {}, - "Can NOT populate pending request from SSO session", e); + throw new EAAFSSOException("", new Object[] {}, e); } @@ -187,20 +184,23 @@ public class SSOManager implements ISSOManager { @Override public boolean destroySSOSessionOnIDPOnly(HttpServletRequest httpReq, HttpServletResponse httpResp, IRequest pendingReq) throws EAAFSSOException { //get SSO token from request - String ssoid = null; - if (pendingReq != null && MiscUtil.isNotEmpty(pendingReq.getSSOSessionIdentifier())) { - ssoid = pendingReq.getSSOSessionIdentifier(); - - } else { - ssoid = getSSOSessionID(httpReq); - - } + String internalSSOSessionId = null; try { - if (isValidSSOSession(ssoid, null)) { + if (pendingReq != null && MiscUtil.isNotEmpty(pendingReq.getInternalSSOSessionIdentifier())) { + internalSSOSessionId = pendingReq.getInternalSSOSessionIdentifier(); + + } else { + String ssoid = getSSOSessionID(httpReq); + if (isValidSSOSession(ssoid, null)) { + internalSSOSessionId = authenticatedSessionStore.getInternalSSOSessionWithSSOID(ssoid); + + } + } - //delete SSO session and MOA session - String ssoSessionId = authenticatedSessionStore.getInternalSSOSessionWithSSOID(ssoid); - AuthenticationSession ssoMOASession = authenticatedSessionStore.getInternalSSOSession(ssoSessionId); + //destroy SSO session if it was found + if (StringUtils.isNotEmpty(internalSSOSessionId)) { + //delete SSO session and MOA session + AuthenticationSession ssoMOASession = authenticatedSessionStore.getInternalSSOSession(internalSSOSessionId); if (ssoMOASession == null) { Logger.info("No internal MOA SSO-Session found. Nothing to destroy"); @@ -219,7 +219,7 @@ public class SSOManager implements ISSOManager { } } catch (ConfigurationException | SessionDataStorageException | EAAFStorageException e) { - Logger.info("NO MOA Authentication data for ID " + ssoid); + Logger.info("NO MOA Authentication data for ID " + internalSSOSessionId); return false; } @@ -232,6 +232,56 @@ public class SSOManager implements ISSOManager { } + @Override + public String createNewSSOSessionCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, IRequest pendingReq) + throws EAAFSSOException { + Logger.debug("Creating new SSO session-cookie for http response ... "); + + //Store SSO information into database + String newSSOSessionId = Random.nextHexRandom32(); + + //set SSO cookie to response + if (StringUtils.isNotEmpty(newSSOSessionId)) + setSSOSessionID(httpReq, httpResp, newSSOSessionId); + else + deleteSSOSessionID(httpReq, httpResp); + + return newSSOSessionId; + } + + +@Override +public void createNewSSOSession(IRequest pendingReq, String newSSOSessionId) throws EAAFSSOException { + AuthenticationSession internalDBSSOSession; + try { + internalDBSSOSession = authenticatedSessionStore.createInternalSSOSession(pendingReq); + pendingReq.setInternalSSOSessionIdentifier(internalDBSSOSession.getSSOSessionID()); + + } catch (MOADatabaseException | BuildException e) { + Logger.warn("Can NOT create SSO session.", e); + throw new EAAFSSOException("builder.10", null, e); + + } + +} + + +@Override +public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInformationInterface sloInformation) throws EAAFSSOException { + try { + authenticatedSessionStore.addSSOInformation( + pendingReq.getInternalSSOSessionIdentifier(), + newSSOSessionId, + sloInformation, + pendingReq); + + } catch (AuthenticationException e) { + Logger.warn("Can NOT update SSO session.", e); + throw new EAAFSSOException("builder.10", null, e); + } + +} + //*********************************** old ************************************** @@ -287,26 +337,6 @@ public class SSOManager implements ISSOManager { } - protected String createNewSSOSessionCookie(HttpServletRequest req, HttpServletResponse resp, - IRequest pendingReq, IAuthenticationSession moaSession) { - Logger.debug("Add SSO information to MOASession."); - - //Store SSO information into database - String newSSOSessionId = createSSOSessionInformations(moaSession.getSSOSessionID(), - pendingReq.getSPEntityId()); - - //set SSO cookie to response - if (StringUtils.isNotEmpty(newSSOSessionId)) { - setSSOSessionID(req, resp, newSSOSessionId); - - } else { - deleteSSOSessionID(req, resp); - - } - - return newSSOSessionId; - } - public boolean isValidSSOSession(String ssoSessionID, IRequest protocolRequest) throws ConfigurationException, SessionDataStorageException, EAAFStorageException { // search SSO Session @@ -363,7 +393,11 @@ public class SSOManager implements ISSOManager { return false; } - + + //set internal SSO SessionID + if (protocolRequest != null) + protocolRequest.setInternalSSOSessionIdentifier(storedSession.getSessionid()); + return true; } @@ -381,7 +415,10 @@ public class SSOManager implements ISSOManager { String ssoSessionId = authenticatedSessionStore.getInternalSSOSessionWithSSOID(ssoSessionID); if (MiscUtil.isNotEmpty(ssoSessionId)) { AuthenticationSessionExtensions extSessionInformation = authenticatedSessionStore.getAuthenticationSessionExtensions(ssoSessionId); + if (extSessionInformation != null) return extSessionInformation.getUniqueSessionId(); + else + Logger.warn("Extended SSO-Session Information ARE NULL. Something looks wrong!"); } } @@ -392,55 +429,13 @@ public class SSOManager implements ISSOManager { return null; } - - public String existsOldSSOSession(String ssoId) { - - Logger.trace("Check that the SSOID has already been used"); - - OldSSOSessionIDStore oldSSOSession = authenticatedSessionStore.checkSSOTokenAlreadyUsed(ssoId); - - if (oldSSOSession == null) { - Logger.debug("SSO session-cookie was not used in parst"); - return null; - } - - AuthenticatedSessionStore correspondingMoaSession = oldSSOSession.getMoasession(); - - if (correspondingMoaSession == null) { - Logger.info("Get request with old SSO SessionID but no corresponding SSO Session is found."); - return null; - } - - return correspondingMoaSession.getSessionid(); - - } - - public String createSSOSessionInformations(String moaSessionID, String OAUrl) { - - String newSSOId = Random.nextRandom(); - - if (MiscUtil.isEmpty(moaSessionID) || MiscUtil.isEmpty(OAUrl)) { - Logger.warn("MoaSessionID or OAUrl are empty -> SSO is not enabled!"); - return null; - } - - return newSSOId; - - } - - public void setSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp, String ssoId) { - setCookie(httpReq, httpResp, SSOCOOKIE, ssoId, -1); - - } - + public String getSSOSessionID(HttpServletRequest httpReq) { return getValueFromCookie(httpReq, SSOCOOKIE); } - public void deleteSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp) { - deleteCookie(httpReq, httpResp, SSOCOOKIE); - } + /** * @param entityID @@ -477,7 +472,41 @@ public class SSOManager implements ISSOManager { return false; } - + + + private String existsOldSSOSession(String ssoId) { + + Logger.trace("Check that the SSOID has already been used"); + + OldSSOSessionIDStore oldSSOSession = authenticatedSessionStore.checkSSOTokenAlreadyUsed(ssoId); + + if (oldSSOSession == null) { + Logger.debug("SSO session-cookie was not used in parst"); + return null; + } + + AuthenticatedSessionStore correspondingMoaSession = oldSSOSession.getMoasession(); + + if (correspondingMoaSession == null) { + Logger.info("Get request with old SSO SessionID but no corresponding SSO Session is found."); + return null; + } + + return correspondingMoaSession.getSessionid(); + + } + + + private void setSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp, String ssoId) { + setCookie(httpReq, httpResp, SSOCOOKIE, ssoId, -1); + + } + + private void deleteSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp) { + deleteCookie(httpReq, httpResp, SSOCOOKIE); + + } + private String getValueFromCookie(HttpServletRequest httpReq, String cookieName) { Cookie[] cookies = httpReq.getCookies(); @@ -505,30 +534,7 @@ public class SSOManager implements ISSOManager { private void deleteCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, String cookieName) { setCookie(httpReq, httpResp, cookieName, "", 0); - } - - - - @Override - public void createNewSSOSession(IRequest arg0, String arg1, SLOInformationInterface arg2) throws EAAFSSOException { - // TODO Auto-generated method stub } - - - - @Override - public String createNewSSOSessionCookie(HttpServletRequest arg0, HttpServletResponse arg1, IRequest arg2) - throws EAAFSSOException { - // TODO Auto-generated method stub - return null; - } - - - @Override - public void updateSSOSession(IRequest arg0, String arg1, SLOInformationInterface arg2) throws EAAFSSOException { - // TODO Auto-generated method stub - - } - + } |