diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java')
| -rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java | 496 |
1 files changed, 496 insertions, 0 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java new file mode 100644 index 000000000..498188ffe --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java @@ -0,0 +1,496 @@ +package at.gv.egovernment.moa.id.storage; + +import iaik.util.logging.Log; + +import java.io.Serializable; +import java.util.Date; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Set; + +import org.apache.commons.lang.SerializationUtils; +import org.hibernate.HibernateException; +import org.hibernate.Query; +import org.hibernate.Session; +import org.hibernate.Transaction; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; +import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.util.Random; +import at.gv.egovernment.moa.id.util.SessionEncrytionUtil; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +public class AuthenticationSessionStoreage { + + //private static HashMap<String, AuthenticationSession> sessionStore = new HashMap<String, AuthenticationSession>(); + + public static boolean isAuthenticated(String moaSessionID) { + + AuthenticatedSessionStore session; + + try { + session = searchInDatabase(moaSessionID); + return session.isAuthenticated(); + + } catch (MOADatabaseException e) { + return false; + } + } + + public static void setAuthenticated(String moaSessionID, boolean value) { + + AuthenticatedSessionStore session; + + try { + session = searchInDatabase(moaSessionID); + session.setAuthenticated(value); + MOASessionDBUtils.saveOrUpdate(session); + + + } catch (MOADatabaseException e) { + Logger.warn("isAuthenticated can not be stored in MOASession " + moaSessionID, e); + } + } + + public static AuthenticationSession createSession() throws MOADatabaseException { + String id = Random.nextRandom(); + AuthenticationSession session = new AuthenticationSession(id); + + AuthenticatedSessionStore dbsession = new AuthenticatedSessionStore(); + dbsession.setSessionid(id); + dbsession.setAuthenticated(false); + + //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 + dbsession.setCreated(new Date()); + dbsession.setUpdated(new Date()); + + dbsession.setSession(SerializationUtils.serialize(session)); + + //store AssertionStore element to Database + try { + MOASessionDBUtils.saveOrUpdate(dbsession); + Log.info("MOASession with sessionID=" + id + " is stored in Database"); + + } catch (MOADatabaseException e) { + Logger.warn("MOASession could not be created."); + throw new MOADatabaseException(e); + } + + return session; + } + + public static void storeSession(AuthenticationSession session) throws MOADatabaseException, BuildException { + + try { + AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID()); + dbsession.setAuthenticated(session.isAuthenticated()); + byte[] serialized = SerializationUtils.serialize(session); + + dbsession.setSession(SessionEncrytionUtil.encrypt(serialized)); + + //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 + dbsession.setUpdated(new Date()); + + MOASessionDBUtils.saveOrUpdate(dbsession); + Log.info("MOASession with sessionID=" + session.getSessionID() + " is stored in Database"); + + } catch (MOADatabaseException e) { + Logger.warn("MOASession could not be stored."); + throw new MOADatabaseException(e); + } + } + + public static void storeSession(AuthenticationSession session, String pendingRequestID) throws MOADatabaseException, BuildException { + + try { + AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID()); + dbsession.setPendingRequestID(pendingRequestID); + + dbsession.setAuthenticated(session.isAuthenticated()); + byte[] serialized = SerializationUtils.serialize(session); + + dbsession.setSession(SessionEncrytionUtil.encrypt(serialized)); + + //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 + dbsession.setUpdated(new Date()); + + MOASessionDBUtils.saveOrUpdate(dbsession); + Log.info("MOASession with sessionID=" + session.getSessionID() + " is stored in Database"); + + } catch (MOADatabaseException e) { + Logger.warn("MOASession could not be stored."); + throw new MOADatabaseException(e); + } + } + + + public static void destroySession(String moaSessionID) throws MOADatabaseException { + + Session session = MOASessionDBUtils.getCurrentSession(); + + List result; + + synchronized (session) { + + session.beginTransaction(); + Query query = session.getNamedQuery("getSessionWithID"); + query.setString("sessionid", moaSessionID); + result = query.list(); + + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() != 1) { + Logger.trace("No entries found."); + throw new MOADatabaseException("No session found with this sessionID"); + } + + AuthenticatedSessionStore dbsession = (AuthenticatedSessionStore) result.get(0); + + //delete MOA Session + session.delete(dbsession); + session.getTransaction().commit(); + } + + } + +// public static void dumpSessionStore() { +// synchronized (sessionStore) { +// Set<String> keys = sessionStore.keySet(); +// Iterator<String> keyIterator = keys.iterator(); +// while(keyIterator.hasNext()) { +// String key = keyIterator.next(); +// AuthenticationSession session = sessionStore.get(key); +// Logger.info("Key: " + key + " -> " + session.toString()); +// } +// } +// } + + public static String changeSessionID(AuthenticationSession session) + throws AuthenticationException, BuildException { + + try { + AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID()); + + String id = Random.nextRandom(); + session.setSessionID(id); + + dbsession.setSessionid(id); + dbsession.setAuthenticated(session.isAuthenticated()); + + byte[] serialized = SerializationUtils.serialize(session); + + dbsession.setSession(SessionEncrytionUtil.encrypt(serialized)); + + //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 + dbsession.setUpdated(new Date()); + + MOASessionDBUtils.saveOrUpdate(dbsession); + + return id; + + } catch (MOADatabaseException e) { + throw new AuthenticationException("TODO!", null); + } + } + + public static void addSSOInformation(String moaSessionID, String SSOSessionID, + String OAUrl) throws AuthenticationException { + + AuthenticatedSessionStore dbsession; + Transaction tx = null; + + try { + + Session session = MOASessionDBUtils.getCurrentSession(); + List result; + + synchronized (session) { + + tx = session.beginTransaction(); + Query query = session.getNamedQuery("getSessionWithID"); + query.setString("sessionid", moaSessionID); + result = query.list(); + + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() != 1) { + Logger.trace("No entries found."); + throw new MOADatabaseException("No session found with this sessionID"); + } + + dbsession = (AuthenticatedSessionStore) result.get(0); + + //set active OA applications + OASessionStore activeOA = new OASessionStore(); + activeOA.setOaurlprefix(OAUrl); + activeOA.setMoasession(dbsession); + activeOA.setCreated(new Date()); + + List<OASessionStore> activeOAs = dbsession.getActiveOAsessions(); + activeOAs.add(activeOA); + dbsession.setActiveOAsessions(activeOAs); + + + //Store used SSOId + if (dbsession.getSSOsessionid() != null) { + OldSSOSessionIDStore oldSSOId = new OldSSOSessionIDStore(); + oldSSOId.setOldsessionid(dbsession.getSSOsessionid()); + oldSSOId.setMoasession(dbsession); + + List<OldSSOSessionIDStore> oldSSOIds = dbsession.getOldssosessionids(); + oldSSOIds.add(oldSSOId); + } + + dbsession.setSSOSession(true); + dbsession.setSSOsessionid(SSOSessionID); + dbsession.setAuthenticated(false); + dbsession.setPendingRequestID(""); + + //Store MOASession + session.saveOrUpdate(dbsession); + + //send transaction + tx.commit(); + } + + } catch (MOADatabaseException e) { + throw new AuthenticationException("No MOASession found with Id="+moaSessionID, null); + + } catch(HibernateException e) { + Logger.warn("Error during database saveOrUpdate. Rollback.", e); + tx.rollback(); + throw new AuthenticationException("SSO Session information can not be stored! --> SSO is deactivated", null); + } + } + + + public static AuthenticationSession getSession(String sessionID) throws MOADatabaseException { + + try { + AuthenticatedSessionStore dbsession = searchInDatabase(sessionID); + + //decrypt Session + byte[] decrypted = SessionEncrytionUtil.decrypt(dbsession.getSession()); + + AuthenticationSession session = (AuthenticationSession) SerializationUtils.deserialize(decrypted); + + return session; + + } catch (MOADatabaseException e) { + Logger.info("No MOA Session with id: " + sessionID); + throw new MOADatabaseException("No MOA Session with id: " + sessionID); + + } catch (Throwable e) { + Log.warn("MOASession deserialization-exception by using MOASessionID=" + sessionID); + throw new MOADatabaseException("MOASession deserialization-exception"); + } + } + + public static boolean isSSOSession(String sessionID) throws MOADatabaseException { + try { + AuthenticatedSessionStore dbsession = searchInDatabase(sessionID); + return dbsession.isSSOSession(); + + } catch (MOADatabaseException e) { + Logger.info("No MOA Session with id: " + sessionID); + throw new MOADatabaseException("No MOA Session with id: " + sessionID); + } + + + } + + public static String getMOASessionID(String SSOSessionID) { + MiscUtil.assertNotNull(SSOSessionID, "moasessionID"); + Logger.trace("Get authenticated session with SSOID " + SSOSessionID + " from database."); + Session session = MOASessionDBUtils.getCurrentSession(); + + List<AuthenticatedSessionStore> result; + + synchronized (session) { + session.beginTransaction(); + Query query = session.getNamedQuery("getSessionWithSSOID"); + query.setString("sessionid", SSOSessionID); + result = query.list(); + + //send transaction + session.getTransaction().commit(); + } + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() != 1) { + Logger.trace("No entries found."); + return null; + + } else { + return result.get(0).getSessionid(); + + } + + } + + public static boolean isValidSessionWithSSOID(String SSOId, String moaSessionId) { + + MiscUtil.assertNotNull(SSOId, "SSOSessionID"); + Logger.trace("Get authenticated session with SSOID " + SSOId + " from database."); + Session session = MOASessionDBUtils.getCurrentSession(); + + List<AuthenticatedSessionStore> result; + + synchronized (session) { + session.beginTransaction(); + Query query = session.getNamedQuery("getSessionWithSSOID"); + query.setString("sessionid", SSOId); + result = query.list(); + + //send transaction + session.getTransaction().commit(); + } + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() != 1) { + Logger.trace("No entries found."); + return false; + + } else { + return true; + +// AuthenticatedSessionStore dbsession = result.get(0); +// +// +// if (dbsession.getSessionid().equals(moaSessionId) && dbsession.isAuthenticated()) { +// Log.info("Found SSO Session Cookie for MOA Session =" + moaSessionId); +// return true; +// +// } else { +// Log.warn("Found SSO Session with ID="+ dbsession.getSessionid() +// + " but this Session does not match to MOA Sesson ID=" + moaSessionId); +// } +// +// return false; + } + + } + + public static boolean deleteSessionWithPendingRequestID(String id) { + MiscUtil.assertNotNull(id, "PendingRequestID"); + Logger.trace("Delete MOAsession with PendingRequestID " + id + " from database."); + Session session = MOASessionDBUtils.getCurrentSession(); + + List<AuthenticatedSessionStore> result; + + synchronized (session) { + session.beginTransaction(); + Query query = session.getNamedQuery("getSessionWithPendingRequestID"); + query.setString("sessionid", id); + result = query.list(); + + //send transaction + session.getTransaction().commit(); + } + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() != 1) { + Logger.trace("No entries found."); + return false; + + } else { + MOASessionDBUtils.delete(result.get(0)); + return true; + } + + + } + + public static String getPendingRequestID(String sessionID) { + try { + AuthenticatedSessionStore dbsession = searchInDatabase(sessionID); + return dbsession.getPendingRequestID(); + + } catch (MOADatabaseException e) { + Logger.warn("MOASession with ID " + sessionID + " not found"); + return ""; + } + + } + + public static void clean(long now, long authDataTimeOutCreated, long authDataTimeOutUpdated) { + Date expioredatecreate = new Date(now - authDataTimeOutCreated); + Date expioredateupdate = new Date(now - authDataTimeOutUpdated); + + List<AuthenticatedSessionStore> results; + Session session = MOASessionDBUtils.getCurrentSession(); + + synchronized (session) { + session.beginTransaction(); + Query query = session.getNamedQuery("getMOAISessionsWithTimeOut"); + query.setTimestamp("timeoutcreate", expioredatecreate); + query.setTimestamp("timeoutupdate", expioredateupdate); + results = query.list(); + session.getTransaction().commit(); + } + + if (results.size() != 0) { + for(AuthenticatedSessionStore result : results) { + try { + MOASessionDBUtils.delete(result); + Logger.info("Authenticated session with sessionID=" + result.getSessionid() + + " after session timeout."); + + } catch (HibernateException e){ + Logger.warn("Authenticated session with sessionID=" + result.getSessionid() + + " not removed after timeout! (Error during Database communication)", e); + } + + } + } + } + + @SuppressWarnings("rawtypes") + private static AuthenticatedSessionStore searchInDatabase(String sessionID) throws MOADatabaseException { + MiscUtil.assertNotNull(sessionID, "moasessionID"); + Logger.trace("Get authenticated session with sessionID " + sessionID + " from database."); + Session session = MOASessionDBUtils.getCurrentSession(); + + List result; + + synchronized (session) { + session.beginTransaction(); + Query query = session.getNamedQuery("getSessionWithID"); + query.setString("sessionid", sessionID); + result = query.list(); + + //send transaction + session.getTransaction().commit(); + } + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() != 1) { + Logger.trace("No entries found."); + throw new MOADatabaseException("No session found with this sessionID"); + } + + return (AuthenticatedSessionStore) result.get(0); + } +} |