1 files changed, 20 insertions, 16 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java
index 8c3f2c946..009ef4b6d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java
@@ -33,6 +33,7 @@ import org.springframework.web.bind.annotation.RequestMethod;
 
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.moduls.IRequest;
@@ -74,10 +75,7 @@ public class ProtocolFinalizationController extends AbstractAuthProtocolModulCon
 	
 						//build protocol-specific error message if possible
 						buildProtocolSpecificErrorResponse(throwable, req, resp, pendingReq);
-						
-						//log Error Message
-						statisticLogger.logErrorOperation(throwable, pendingReq);
-						
+																		
 						//get MOASession for this pendingRequest
 						AuthenticationSession moaSession = 
 								authenticatedSessionStorage.getSession(
@@ -132,19 +130,25 @@ public class ProtocolFinalizationController extends AbstractAuthProtocolModulCon
 				if (moaSession == null) {
 					Logger.error("No MOASession with ID " + sessionID + " found.!");		
 					handleErrorNoRedirect(new MOAIDException("auth.02", new Object[]{sessionID}), req, resp, true);							
-					return;
 					
-				}
-								
-				//check if MOASession and pending-request are authenticated
-				if (moaSession.isAuthenticated() && pendingReq.isAuthenticated()) {				
-					finalizeAuthenticationProcess(req, resp, pendingReq, moaSession);
-									
 				} else {
-					Logger.error("MOASession oder Pending-Request are not authenticated --> Abort authentication process!");		
-					handleErrorNoRedirect(new MOAIDException("auth.20", null), req, resp, true);							
-					return;
-									
+					
+						//check if pending-request has 'abortedByUser' flag set
+					if (pendingReq.isAbortedByUser()) {
+						buildProtocolSpecificErrorResponse(
+								new AuthenticationException("auth.21", new Object[] {}), 
+								req, resp, pendingReq);
+	
+						//check if MOASession and pending-request are authenticated					
+					} else if (moaSession.isAuthenticated() && pendingReq.isAuthenticated()) {				
+						finalizeAuthenticationProcess(req, resp, pendingReq, moaSession);
+	
+					} else {
+						//suspect state: pending-request is not aborted but also are not authenticated 
+						Logger.error("MOASession oder Pending-Request are not authenticated --> Abort authentication process!");		
+						handleErrorNoRedirect(new MOAIDException("auth.20", null), req, resp, true);							
+										
+					}
 				}
 							
 			} catch (Exception e) {
@@ -156,7 +160,7 @@ public class ProtocolFinalizationController extends AbstractAuthProtocolModulCon
 		
 		//remove pending-request
 		if (pendingReq != null)
-		requestStorage.removePendingRequest(pendingReq.getRequestID());
+			requestStorage.removePendingRequest(pendingReq.getRequestID());
 		
 	}