aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java111
1 files changed, 76 insertions, 35 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
index 73308e607..da5556b30 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
@@ -16,6 +16,7 @@ import org.hibernate.Session;
import org.hibernate.Transaction;
import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.BuildException;
import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
@@ -25,6 +26,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.util.Random;
+import at.gv.egovernment.moa.id.util.SessionEncrytionUtil;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -45,6 +47,20 @@ public class AuthenticationSessionStoreage {
}
}
+ public static void setAuthenticated(String moaSessionID, boolean value) {
+
+ AuthenticatedSessionStore session;
+
+ try {
+ session = searchInDatabase(moaSessionID);
+ session.setAuthenticated(value);
+ MOASessionDBUtils.saveOrUpdate(session);
+
+
+ } catch (MOADatabaseException e) {
+ Logger.warn("isAuthenticated can not be stored in MOASession " + moaSessionID, e);
+ }
+ }
public static AuthenticationSession createSession() throws MOADatabaseException {
String id = Random.nextRandom();
@@ -73,12 +89,14 @@ public class AuthenticationSessionStoreage {
return session;
}
- public static void storeSession(AuthenticationSession session) throws MOADatabaseException {
+ public static void storeSession(AuthenticationSession session) throws MOADatabaseException, BuildException {
try {
AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID());
dbsession.setAuthenticated(session.isAuthenticated());
- dbsession.setSession(SerializationUtils.serialize(session));
+ byte[] serialized = SerializationUtils.serialize(session);
+
+ dbsession.setSession(SessionEncrytionUtil.encrypt(serialized));
//set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
dbsession.setUpdated(new Date());
@@ -138,7 +156,7 @@ public class AuthenticationSessionStoreage {
// }
public static String changeSessionID(AuthenticationSession session)
- throws AuthenticationException {
+ throws AuthenticationException, BuildException {
try {
AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID());
@@ -148,7 +166,10 @@ public class AuthenticationSessionStoreage {
dbsession.setSessionid(id);
dbsession.setAuthenticated(session.isAuthenticated());
- dbsession.setSession(SerializationUtils.serialize(session));
+
+ byte[] serialized = SerializationUtils.serialize(session);
+
+ dbsession.setSession(SessionEncrytionUtil.encrypt(serialized));
//set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
dbsession.setUpdated(new Date());
@@ -160,24 +181,6 @@ public class AuthenticationSessionStoreage {
} catch (MOADatabaseException e) {
throw new AuthenticationException("TODO!", null);
}
-
-
-// synchronized (sessionStore) {
-// if (sessionStore.containsKey(session.getSessionID())) {
-// AuthenticationSession theSession = sessionStore.get(session
-// .getSessionID());
-// if (theSession != session) {
-// throw new AuthenticationException("TODO!", null);
-// }
-//
-// sessionStore.remove(session.getSessionID());
-// String id = Random.nextRandom();
-// session.setSessionID(id);
-// sessionStore.put(id, session);
-// return id;
-// }
-// }
-// throw new AuthenticationException("TODO!", null);
}
public static void addSSOInformation(String moaSessionID, String SSOSessionID,
@@ -232,6 +235,7 @@ public class AuthenticationSessionStoreage {
dbsession.setSSOSession(true);
dbsession.setSSOsessionid(SSOSessionID);
+ dbsession.setAuthenticated(false);
//Store MOASession
session.saveOrUpdate(dbsession);
@@ -255,7 +259,11 @@ public class AuthenticationSessionStoreage {
try {
AuthenticatedSessionStore dbsession = searchInDatabase(sessionID);
- AuthenticationSession session = (AuthenticationSession) SerializationUtils.deserialize(dbsession.getSession());
+
+ //decrypt Session
+ byte[] decrypted = SessionEncrytionUtil.decrypt(dbsession.getSession());
+
+ AuthenticationSession session = (AuthenticationSession) SerializationUtils.deserialize(decrypted);
return session;
@@ -282,6 +290,37 @@ public class AuthenticationSessionStoreage {
}
+ public static String getMOASessionID(String SSOSessionID) {
+ MiscUtil.assertNotNull(SSOSessionID, "moasessionID");
+ Logger.trace("Get authenticated session with SSOID " + SSOSessionID + " from database.");
+ Session session = MOASessionDBUtils.getCurrentSession();
+
+ List<AuthenticatedSessionStore> result;
+
+ synchronized (session) {
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getSessionWithSSOID");
+ query.setString("sessionid", SSOSessionID);
+ result = query.list();
+
+ //send transaction
+ session.getTransaction().commit();
+ }
+
+ Logger.trace("Found entries: " + result.size());
+
+ //Assertion requires an unique artifact
+ if (result.size() != 1) {
+ Logger.trace("No entries found.");
+ return null;
+
+ } else {
+ return result.get(0).getSessionid();
+
+ }
+
+ }
+
public static boolean isValidSessionWithSSOID(String SSOId, String moaSessionId) {
MiscUtil.assertNotNull(SSOId, "moasessionID");
@@ -308,19 +347,21 @@ public class AuthenticationSessionStoreage {
return false;
} else {
- AuthenticatedSessionStore dbsession = result.get(0);
+ return true;
-
- if (dbsession.getSessionid().equals(moaSessionId) && dbsession.isAuthenticated()) {
- Log.info("Found SSO Session Cookie for MOA Session =" + moaSessionId);
- return true;
-
- } else {
- Log.warn("Found SSO Session with ID="+ dbsession.getSessionid()
- + " but this Session does not match to MOA Sesson ID=" + moaSessionId);
- }
-
- return false;
+// AuthenticatedSessionStore dbsession = result.get(0);
+//
+//
+// if (dbsession.getSessionid().equals(moaSessionId) && dbsession.isAuthenticated()) {
+// Log.info("Found SSO Session Cookie for MOA Session =" + moaSessionId);
+// return true;
+//
+// } else {
+// Log.warn("Found SSO Session with ID="+ dbsession.getSessionid()
+// + " but this Session does not match to MOA Sesson ID=" + moaSessionId);
+// }
+//
+// return false;
}
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-10 12:12:05 +0000