diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java')
| -rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java | 30 |
1 files changed, 15 insertions, 15 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java index 68f508103..17649487a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java @@ -13,7 +13,9 @@ import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ResponseTypeException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ServerErrorException; +import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; class OAuth20AuthAction implements IAction { @@ -32,25 +34,25 @@ class OAuth20AuthAction implements IAction { String responseType = oAuthRequest.getResponseType(); AuthenticationSession session = null; + String code = Random.nextRandom(); + try { - session = AuthenticationSessionStoreage.createSession(); - - String code = session.getSessionID();// AuthenticationSessionStoreage.changeSessionID(moasession); + Logger.debug("Stored session with id: " + code); OAuth20SessionObject o = new OAuth20SessionObject(); if (responseType.equals(OAuth20Constants.RESPONSE_CODE)) { o.setScope(oAuthRequest.getScope()); o.setCode(code); - o.setAuthDataSession(moasession); + o.setAuthDataSession(moasession.getSessionID()); } else if (responseType.equals(OAuth20Constants.RESPONSE_TOKEN)) { throw new OAuth20ResponseTypeException(); } - // store data in oath session - session.setoAuth20SessionObject(o); - AuthenticationSessionStoreage.storeSession(session); - Logger.debug("Saved OAuth20SessionObject in session with id: " + session.getSessionID()); + // store data in oath session + AssertionStorage.getInstance().put(code, o); + + Logger.debug("Saved OAuth20SessionObject in session with id: " + code); // add code and state to redirect url httpResp.setStatus(HttpServletResponse.SC_FOUND); @@ -65,14 +67,12 @@ class OAuth20AuthAction implements IAction { Logger.debug("REDIRECT TO: " + finalUrl.toString()); } catch (Exception e) { - try { - if (session != null) { - Logger.debug("Going to destroy session: " + session.getSessionID()); - AuthenticationSessionStoreage.destroySession(session.getSessionID()); - } - } - catch (MOADatabaseException e1) { + + //remove OAuthSessionObject if it already exists + if (AssertionStorage.getInstance().containsKey(code)) { + AssertionStorage.getInstance().remove(code); } + if (e instanceof OAuth20Exception) { throw (OAuth20Exception) e; } |