diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java')
| -rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java | 195 |
1 files changed, 0 insertions, 195 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java deleted file mode 100644 index 41a4c9835..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java +++ /dev/null @@ -1,195 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.protocols; - -import java.io.IOException; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.commons.lang.StringEscapeUtils; -import org.springframework.stereotype.Controller; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; - -import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; -import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.data.ExceptionContainer; -import at.gv.egovernment.moa.logging.Logger; - -/** - * @author tlenz - * - */ -@Controller -public class ProtocolFinalizationController extends AbstractAuthProtocolModulController { - - @RequestMapping(value = "/finalizeAuthProtocol", method = {RequestMethod.GET}) - public void finalizeAuthProtocol(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException { - - //read pendingRequest from http request - Object idObject = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_TARGET_PENDINGREQUESTID)); - IRequest pendingReq = null; - String pendingRequestID = null; - if (idObject != null && (idObject instanceof String)) { - pendingRequestID = (String) idObject; - pendingReq = requestStorage.getPendingRequest(pendingRequestID); - - } - - //receive an authentication error - String errorid = StringEscapeUtils.escapeHtml(req.getParameter(ERROR_CODE_PARAM)); - if (errorid != null) { - try { - //load stored exception from database - ExceptionContainer container = transactionStorage.get(errorid, ExceptionContainer.class); - if (container != null) { - //remove exception if it was found - transactionStorage.remove(errorid); - - Throwable throwable = container.getExceptionThrown(); - - if (pendingReq != null) { - //build protocol-specific error message if possible - buildProtocolSpecificErrorResponse(throwable, req, resp, pendingReq); - - //remove active user-session - removeUserSession(pendingReq, req, resp); - - return; - - } else { - handleErrorNoRedirect(throwable, req, resp, true); - - } - } else { - handleErrorNoRedirect(new MOAIDException("auth.26", null), req, resp, false); - - } - - } catch (Throwable e) { - Logger.error(e); - handleErrorNoRedirect(e, req, resp, false); - - } - - // receive a pending request - } else { - if (pendingReq == null) { - Logger.error("No PendingRequest with ID " + pendingRequestID + " found.!"); - handleErrorNoRedirect(new MOAIDException("auth.28", new Object[]{pendingRequestID}), req, resp, false); - return; - - } - try { - Logger.debug("Finalize PendingRequest with ID " + pendingRequestID); - - //get MOA session data object from pending request - IAuthenticationSession pendingMoaSession = pendingReq.getMOASession(); - - //check if pending-request has 'abortedByUser' flag set - if (pendingReq.isAbortedByUser()) { - //send authentication aborted error to Service Provider - buildProtocolSpecificErrorResponse( - new AuthenticationException("auth.21", new Object[] {}), - req, resp, pendingReq); - - //do not remove the full active SSO-Session - // in case of only one Service-Provider authentication request is aborted - if ( !(pendingMoaSession.isAuthenticated() - && pendingReq.needSingleSignOnFunctionality()) ) { - removeUserSession(pendingReq, req, resp); - - } - - //check if MOASession and pending-request are authenticated - } else if (pendingMoaSession.isAuthenticated() && pendingReq.isAuthenticated()) { - finalizeAuthenticationProcess(req, resp, pendingReq, pendingMoaSession); - - } else { - //suspect state: pending-request is not aborted but also are not authenticated - Logger.error("MOASession oder Pending-Request are not authenticated --> Abort authentication process!"); - handleErrorNoRedirect(new MOAIDException("auth.20", null), req, resp, true); - - } - - } catch (Exception e) { - Logger.error("Finalize authentication protocol FAILED." , e); - buildProtocolSpecificErrorResponse(e, req, resp, pendingReq); - - removeUserSession(pendingReq, req, resp); - - } - } - - //remove pending-request - if (pendingReq != null) { - requestStorage.removePendingRequest(pendingReq.getRequestID()); - revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_DESTROYED, pendingReq.getUniqueTransactionIdentifier()); - - } - - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController#getName() - */ - @Override - public String getName() { - // TODO Auto-generated method stub - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController#getPath() - */ - @Override - public String getPath() { - // TODO Auto-generated method stub - return null; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController#generateErrorMessage(java.lang.Throwable, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.moduls.IRequest) - */ - @Override - public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response, - IRequest protocolRequest) throws Throwable { - // TODO Auto-generated method stub - return false; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController#validate(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.moduls.IRequest) - */ - @Override - public boolean validate(HttpServletRequest request, HttpServletResponse response, IRequest pending) { - // TODO Auto-generated method stub - return false; - } - - -} |