diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java | 90 |
1 files changed, 60 insertions, 30 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java index 6c2900752..1c74aea55 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java @@ -64,7 +64,7 @@ public class AuthenticationSessionStoreage { AuthenticatedSessionStore session; try { - session = searchInDatabase(moaSessionID); + session = searchInDatabase(moaSessionID, true); return session.isAuthenticated(); } catch (MOADatabaseException e) { @@ -72,19 +72,20 @@ public class AuthenticationSessionStoreage { } } - public static AuthenticationSession createSession() throws MOADatabaseException { + public static AuthenticationSession createSession() throws MOADatabaseException, BuildException { String id = Random.nextRandom(); - AuthenticationSession session = new AuthenticationSession(id); - + AuthenticatedSessionStore dbsession = new AuthenticatedSessionStore(); dbsession.setSessionid(id); dbsession.setAuthenticated(false); - //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 - dbsession.setCreated(new Date()); - dbsession.setUpdated(new Date()); + //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 + Date now = new Date(); + dbsession.setCreated(now); + dbsession.setUpdated(now); - dbsession.setSession(SerializationUtils.serialize(session)); + AuthenticationSession session = new AuthenticationSession(id, now); + encryptSession(session, dbsession); //store AssertionStore element to Database try { @@ -102,7 +103,7 @@ public class AuthenticationSessionStoreage { public static AuthenticationSession getSession(String sessionID) throws MOADatabaseException { try { - AuthenticatedSessionStore dbsession = searchInDatabase(sessionID); + AuthenticatedSessionStore dbsession = searchInDatabase(sessionID, true); return decryptSession(dbsession); } catch (MOADatabaseException e) { @@ -122,7 +123,7 @@ public class AuthenticationSessionStoreage { public static void storeSession(AuthenticationSession session, String pendingRequestID) throws MOADatabaseException, BuildException { try { - AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID()); + AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID(), true); if (MiscUtil.isNotEmpty(pendingRequestID)) dbsession.setPendingRequestID(pendingRequestID); @@ -175,7 +176,7 @@ public class AuthenticationSessionStoreage { throws AuthenticationException, BuildException { try { - AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID()); + AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID(), true); String id = Random.nextRandom(); @@ -207,7 +208,7 @@ public class AuthenticationSessionStoreage { AuthenticatedSessionStore session; try { - session = searchInDatabase(moaSessionID); + session = searchInDatabase(moaSessionID, true); session.setAuthenticated(value); MOASessionDBUtils.saveOrUpdate(session); @@ -249,7 +250,7 @@ public class AuthenticationSessionStoreage { public static boolean isSSOSession(String sessionID) throws MOADatabaseException { try { - AuthenticatedSessionStore dbsession = searchInDatabase(sessionID); + AuthenticatedSessionStore dbsession = searchInDatabase(sessionID, true); return dbsession.isSSOSession(); } catch (MOADatabaseException e) { @@ -391,8 +392,36 @@ public class AuthenticationSessionStoreage { MiscUtil.assertNotNull(moaSession, "MOASession"); try { - AuthenticatedSessionStore dbsession = searchInDatabase(moaSession.getSessionID()); - return dbsession.getActiveOAsessions(); + List<OASessionStore> oas = new ArrayList<OASessionStore>(); + + AuthenticatedSessionStore dbsession = searchInDatabase(moaSession.getSessionID(), false); + oas.addAll(dbsession.getActiveOAsessions()); + + Session session = MOASessionDBUtils.getCurrentSession(); + session.getTransaction().commit(); + + return oas; + + } catch (MOADatabaseException e) { + Logger.warn("NO session information found for sessionID " + moaSession.getSessionID(), e); + + } + + return null; + } + + public static List<InterfederationSessionStore> getAllActiveIDPsFromMOASession(AuthenticationSession moaSession) { + MiscUtil.assertNotNull(moaSession, "MOASession"); + + try { + List<InterfederationSessionStore> idps = new ArrayList<InterfederationSessionStore>(); + AuthenticatedSessionStore dbsession = searchInDatabase(moaSession.getSessionID(), false); + idps.addAll(dbsession.getInderfederation()); + + Session session = MOASessionDBUtils.getCurrentSession(); + session.getTransaction().commit(); + + return idps; } catch (MOADatabaseException e) { Logger.warn("NO session information found for sessionID " + moaSession.getSessionID(), e); @@ -475,7 +504,7 @@ public class AuthenticationSessionStoreage { public static String getPendingRequestID(String sessionID) { try { - AuthenticatedSessionStore dbsession = searchInDatabase(sessionID); + AuthenticatedSessionStore dbsession = searchInDatabase(sessionID, true); return dbsession.getPendingRequestID(); } catch (MOADatabaseException e) { @@ -646,7 +675,7 @@ public class AuthenticationSessionStoreage { return result.get(0).getInderfederation().get(0); } - public static String createInterfederatedSession(IRequest req, boolean isAuthenticated, String ssoID) throws MOADatabaseException, AssertionAttributeExtractorExeption { + public static String createInterfederatedSession(IRequest req, boolean isAuthenticated, String ssoID) throws MOADatabaseException, AssertionAttributeExtractorExeption, BuildException { AuthenticatedSessionStore dbsession = null; //search for active SSO session @@ -654,7 +683,7 @@ public class AuthenticationSessionStoreage { String moaSession = getMOASessionSSOID(ssoID); if (MiscUtil.isNotEmpty(moaSession)) { try { - dbsession = searchInDatabase(moaSession); + dbsession = searchInDatabase(moaSession, true); }catch (MOADatabaseException e) { @@ -664,28 +693,28 @@ public class AuthenticationSessionStoreage { String id = null; Date now = new Date(); - //create new MOASession if any exists + AuthenticationSession session = null; if (dbsession == null) { id = Random.nextRandom(); dbsession = new AuthenticatedSessionStore(); dbsession.setSessionid(id); dbsession.setCreated(now); - + session = new AuthenticationSession(id, now); + } else { id = dbsession.getSessionid(); - + session = decryptSession(dbsession); + } - + dbsession.setInterfederatedSSOSession(true); dbsession.setAuthenticated(isAuthenticated); - dbsession.setUpdated(now); - - AuthenticationSession session = new AuthenticationSession(id); + dbsession.setUpdated(now); session.setAuthenticated(true); - session.setAuthenticatedUsed(false); - dbsession.setSession(SerializationUtils.serialize(session)); - + session.setAuthenticatedUsed(false); + encryptSession(session, dbsession); + //add interfederation information List<InterfederationSessionStore> idpList = dbsession.getInderfederation(); InterfederationSessionStore idp = null; @@ -889,7 +918,7 @@ public class AuthenticationSessionStoreage { } @SuppressWarnings("rawtypes") - private static AuthenticatedSessionStore searchInDatabase(String sessionID) throws MOADatabaseException { + private static AuthenticatedSessionStore searchInDatabase(String sessionID, boolean commit) throws MOADatabaseException { MiscUtil.assertNotNull(sessionID, "moasessionID"); Logger.trace("Get authenticated session with sessionID " + sessionID + " from database."); Session session = MOASessionDBUtils.getCurrentSession(); @@ -903,7 +932,8 @@ public class AuthenticationSessionStoreage { result = query.list(); //send transaction - session.getTransaction().commit(); + if (commit) + session.getTransaction().commit(); } Logger.trace("Found entries: " + result.size()); |