1 files changed, 25 insertions, 42 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java
index 0da43d818..0f9b615a4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java
@@ -32,14 +32,12 @@ import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.data.ExceptionContainer;
-import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
@@ -112,48 +110,33 @@ public class ProtocolFinalizationController extends AbstractAuthProtocolModulCon
 			try {
 				Logger.debug("Finalize PendingRequest with ID " + pendingRequestID);
 			
-				//get MOASession from database				
-				String sessionID = pendingReq.getMOASessionIdentifier();
-			
-				// check parameter
-				if (!ParamValidatorUtils.isValidSessionID(sessionID)) {
-					throw new WrongParametersException("FinalizeAuthProtocol", PARAM_SESSIONID, "auth.12");
-				
-				}	
+				//get MOA session data object from pending request
+				IAuthenticationSession pendingMoaSession = pendingReq.getMOASession();
 				
-				//load MOASession from database
-				AuthenticationSession moaSession = authenticatedSessionStorage.getSession(sessionID);
-				if (moaSession == null) {
-					Logger.error("No MOASession with ID " + sessionID + " found.!");		
-					handleErrorNoRedirect(new MOAIDException("auth.02", new Object[]{sessionID}), req, resp, true);							
-					
-				} else {
+					//check if pending-request has 'abortedByUser' flag set
+				if (pendingReq.isAbortedByUser()) {
+					//send authentication aborted error to Service Provider
+					buildProtocolSpecificErrorResponse(
+							new AuthenticationException("auth.21", new Object[] {}), 
+							req, resp, pendingReq);
 					
-						//check if pending-request has 'abortedByUser' flag set
-					if (pendingReq.isAbortedByUser()) {
-						//send authentication aborted error to Service Provider
-						buildProtocolSpecificErrorResponse(
-								new AuthenticationException("auth.21", new Object[] {}), 
-								req, resp, pendingReq);
+					//do not remove the full active SSO-Session 
+					// in case of only one Service-Provider authentication request is aborted   
+					if ( !(pendingMoaSession.isAuthenticated() 
+							&& pendingReq.needSingleSignOnFunctionality()) ) {
+						removeUserSession(pendingReq, req, resp);
 						
-						//do not remove the full active SSO-Session 
-						// in case of only one Service-Provider authentication request is aborted   
-						if ( !(moaSession.isAuthenticated() 
-								&& pendingReq.needSingleSignOnFunctionality()) ) {
-							removeUserSession(pendingReq, req, resp);
-							
-						}							
-	
-						//check if MOASession and pending-request are authenticated					
-					} else if (moaSession.isAuthenticated() && pendingReq.isAuthenticated()) {				
-						finalizeAuthenticationProcess(req, resp, pendingReq, moaSession);
-	
-					} else {
-						//suspect state: pending-request is not aborted but also are not authenticated 
-						Logger.error("MOASession oder Pending-Request are not authenticated --> Abort authentication process!");		
-						handleErrorNoRedirect(new MOAIDException("auth.20", null), req, resp, true);							
-										
-					}
+					}							
+
+					//check if MOASession and pending-request are authenticated					
+				} else if (pendingMoaSession.isAuthenticated() && pendingReq.isAuthenticated()) {				
+					finalizeAuthenticationProcess(req, resp, pendingReq, pendingMoaSession);
+
+				} else {
+					//suspect state: pending-request is not aborted but also are not authenticated 
+					Logger.error("MOASession oder Pending-Request are not authenticated --> Abort authentication process!");		
+					handleErrorNoRedirect(new MOAIDException("auth.20", null), req, resp, true);							
+									
 				}
 							
 			} catch (Exception e) {