diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java | 180 |
1 files changed, 91 insertions, 89 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java index 094e25040..4d7936f25 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java @@ -35,6 +35,7 @@ import org.hibernate.Transaction; import org.hibernate.resource.transaction.spi.TransactionStatus; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import org.springframework.transaction.annotation.Transactional; import com.fasterxml.jackson.core.JsonProcessingException; @@ -65,7 +66,7 @@ import at.gv.egovernment.moa.util.MiscUtil; public class DBAuthenticationSessionStoreage implements IAuthenticationSessionStoreage{ @Autowired AuthConfiguration authConfig; - + @Autowired MOASessionDBUtils moaSessionDBUtils; private static JsonMapper mapper = new JsonMapper(); @Override @@ -74,7 +75,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt AuthenticatedSessionStore session; try { - session = searchInDatabase(moaSessionID, true); + session = searchInDatabase(moaSessionID); return session.isAuthenticated(); } catch (MOADatabaseException e) { @@ -104,7 +105,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt encryptSession(session, dbsession); //store AssertionStore element to Database - MOASessionDBUtils.saveOrUpdate(dbsession); + moaSessionDBUtils.saveOrUpdate(dbsession); Logger.info("Create MOASession with sessionID: " + id); return session; @@ -128,7 +129,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt return null; try { - AuthenticatedSessionStore dbsession = searchInDatabase(sessionID, true); + AuthenticatedSessionStore dbsession = searchInDatabase(sessionID); return decryptSession(dbsession); } catch (MOADatabaseException e) { @@ -143,7 +144,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt @Override public AuthenticationSessionExtensions getAuthenticationSessionExtensions(String sessionID) throws MOADatabaseException { - AuthenticatedSessionStore dbsession = searchInDatabase(sessionID, true); + AuthenticatedSessionStore dbsession = searchInDatabase(sessionID); if (MiscUtil.isNotEmpty(dbsession.getAdditionalInformation())) { try { @@ -161,12 +162,12 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt @Override public void setAuthenticationSessionExtensions(String sessionID, AuthenticationSessionExtensions sessionExtensions) throws MOADatabaseException { try { - AuthenticatedSessionStore dbsession = searchInDatabase(sessionID, true); + AuthenticatedSessionStore dbsession = searchInDatabase(sessionID); dbsession.setAdditionalInformation( mapper.serialize(sessionExtensions)); - MOASessionDBUtils.saveOrUpdate(dbsession); + moaSessionDBUtils.saveOrUpdate(dbsession); Logger.debug("MOASession with sessionID=" + sessionID + " is stored in Database"); @@ -185,7 +186,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt @Override public void storeSession(AuthenticationSession session) throws MOADatabaseException, BuildException { try { - AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID(), true); + AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID()); encryptSession(session, dbsession); @@ -193,7 +194,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt dbsession.setAuthenticated(session.isAuthenticated()); dbsession.setUpdated(new Date()); - MOASessionDBUtils.saveOrUpdate(dbsession); + moaSessionDBUtils.saveOrUpdate(dbsession); Logger.debug("MOASession with sessionID=" + session.getSessionID() + " is stored in Database"); } catch (MOADatabaseException e) { @@ -205,7 +206,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt @Override public void destroySession(String moaSessionID) throws MOADatabaseException { - Session session = MOASessionDBUtils.getCurrentSession(); + Session session = moaSessionDBUtils.getCurrentSession(); List<AuthenticatedSessionStore> result; Transaction tx = null; @@ -216,6 +217,8 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt Query query = session.getNamedQuery("getSessionWithID"); query.setParameter("sessionid", moaSessionID); result = query.list(); + + Logger.trace("Found entries: " + result.size()); @@ -243,7 +246,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt @Override public String changeSessionID(AuthenticationSession session, String newSessionID) throws BuildException, MOADatabaseException { - AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID(), true); + AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID()); Logger.debug("Change SessionID from " + session.getSessionID() + "to " + newSessionID); @@ -257,7 +260,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 dbsession.setUpdated(new Date()); - MOASessionDBUtils.saveOrUpdate(dbsession); + moaSessionDBUtils.saveOrUpdate(dbsession); Logger.trace("Change SessionID complete."); @@ -279,9 +282,9 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt AuthenticatedSessionStore session; try { - session = searchInDatabase(moaSessionID, true); + session = searchInDatabase(moaSessionID); session.setAuthenticated(isAuthenticated); - MOASessionDBUtils.saveOrUpdate(session); + moaSessionDBUtils.saveOrUpdate(session); } catch (MOADatabaseException e) { @@ -293,7 +296,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt public String getMOASessionSSOID(String SSOSessionID) { MiscUtil.assertNotNull(SSOSessionID, "SSOsessionID"); Logger.trace("Get authenticated session with SSOID " + SSOSessionID + " from database."); - Session session = MOASessionDBUtils.getCurrentSession(); + Session session = moaSessionDBUtils.getCurrentSession(); List<AuthenticatedSessionStore> result; Transaction tx = null; @@ -331,7 +334,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt @Override public boolean isSSOSession(String sessionID) throws MOADatabaseException { try { - AuthenticatedSessionStore dbsession = searchInDatabase(sessionID, true); + AuthenticatedSessionStore dbsession = searchInDatabase(sessionID); return dbsession.isSSOSession(); } catch (MOADatabaseException e) { @@ -346,7 +349,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt //TODO: is this method really needed?? MiscUtil.assertNotNull(SSOId, "SSOSessionID"); Logger.trace("Get authenticated session with SSOID " + SSOId + " from database."); - Session session = MOASessionDBUtils.getCurrentSession(); + Session session = moaSessionDBUtils.getCurrentSession(); List<AuthenticatedSessionStore> result; Transaction tx = null; @@ -387,7 +390,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt try { - Session session = MOASessionDBUtils.getCurrentSession(); + Session session = moaSessionDBUtils.getCurrentSession(); List<AuthenticatedSessionStore> result; Logger.trace("Add SSO information to session " + moaSessionID); @@ -487,63 +490,63 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt @Override public List<OASessionStore> getAllActiveOAFromMOASession(AuthenticationSession moaSession) { MiscUtil.assertNotNull(moaSession, "MOASession"); - Session session = null; - - try { - List<OASessionStore> oas = new ArrayList<OASessionStore>(); - - AuthenticatedSessionStore dbsession = searchInDatabase(moaSession.getSessionID(), false); - oas.addAll(dbsession.getActiveOAsessions()); - - session = MOASessionDBUtils.getCurrentSession(); - session.getTransaction().commit(); - - return oas; - - } catch (MOADatabaseException e) { - Logger.warn("NO session information found for sessionID " + moaSession.getSessionID(), e); - - } catch (Exception e) { - if (session != null && session.getTransaction() != null - && !session.getTransaction().getStatus().equals(TransactionStatus.COMMITTED)) { - session.getTransaction().rollback(); - throw e; - - } - - } - - return null; + + Logger.trace("Get OAs for moaSession " + moaSession.getSessionID() + " from database."); + Session session = moaSessionDBUtils.getCurrentSession(); + + List<OASessionStore> result; + Transaction tx = null; + try { + synchronized (session) { + tx = session.beginTransaction(); + Query query = session.getNamedQuery("getAllActiveOAsForSessionID"); + query.setParameter("sessionID", moaSession.getSessionID()); + result = query.list(); + + //send transaction + tx.commit(); + } + + Logger.trace("Found entries: " + result.size()); + + return result; + + } catch (Exception e) { + if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED)) + tx.rollback(); + throw e; + } } @Override public List<InterfederationSessionStore> getAllActiveIDPsFromMOASession(AuthenticationSession moaSession) { MiscUtil.assertNotNull(moaSession, "MOASession"); - Session session = null; - try { - List<InterfederationSessionStore> idps = new ArrayList<InterfederationSessionStore>(); - AuthenticatedSessionStore dbsession = searchInDatabase(moaSession.getSessionID(), false); - idps.addAll(dbsession.getInderfederation()); - - session = MOASessionDBUtils.getCurrentSession(); - session.getTransaction().commit(); - - return idps; - - } catch (MOADatabaseException e) { - Logger.warn("NO session information found for sessionID " + moaSession.getSessionID(), e); - - } catch (Exception e) { - if (session != null && session.getTransaction() != null - && !session.getTransaction().getStatus().equals(TransactionStatus.COMMITTED)) { - session.getTransaction().rollback(); - throw e; - - } - - } - - return null; + + Logger.trace("Get active IDPs for moaSession " + moaSession.getSessionID() + " from database."); + Session session = moaSessionDBUtils.getCurrentSession(); + + List<InterfederationSessionStore> result; + Transaction tx = null; + try { + synchronized (session) { + tx = session.beginTransaction(); + Query query = session.getNamedQuery("getAllActiveIDPsForSessionID"); + query.setParameter("sessionID", moaSession.getSessionID()); + result = query.list(); + + //send transaction + tx.commit(); + } + + Logger.trace("Found entries: " + result.size()); + + return result; + + } catch (Exception e) { + if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED)) + tx.rollback(); + throw e; + } } @Override @@ -552,7 +555,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt MiscUtil.assertNotNull(userNameID, "userNameID"); Logger.trace("Get moaSession for userNameID " + userNameID + " and OA " + oaID + " from database."); - Session session = MOASessionDBUtils.getCurrentSession(); + Session session = moaSessionDBUtils.getCurrentSession(); Transaction tx = null; List<AuthenticatedSessionStore> result = null;; @@ -598,7 +601,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt MiscUtil.assertNotNull(protocolType, "usedProtocol"); Logger.trace("Get active OnlineApplication for sessionID " + moaSession.getSessionID() + " with OAID " + oaID + " from database."); - Session session = MOASessionDBUtils.getCurrentSession(); + Session session = moaSessionDBUtils.getCurrentSession(); List<AuthenticatedSessionStore> result; Transaction tx = null; @@ -640,7 +643,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt try { MiscUtil.assertNotNull(nameID, "nameID"); Logger.trace("Get authenticated session with pedingRequestID " + nameID + " from database."); - Session session = MOASessionDBUtils.getCurrentSession(); + Session session = moaSessionDBUtils.getCurrentSession(); List<AuthenticatedSessionStore> result; @@ -677,7 +680,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt public InterfederationSessionStore searchInterfederatedIDPFORSSOWithMOASession(String sessionID) { MiscUtil.assertNotNull(sessionID, "MOASession"); Logger.trace("Get interfederated IDP for SSO with sessionID " + sessionID + " from database."); - Session session = MOASessionDBUtils.getCurrentSession(); + Session session = moaSessionDBUtils.getCurrentSession(); List<AuthenticatedSessionStore> result; Transaction tx = null; @@ -714,7 +717,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt MiscUtil.assertNotNull(sessionID, "MOASession"); MiscUtil.assertNotNull(idpID, "Interfederated IDP ID"); Logger.trace("Get interfederated IDP "+ idpID + " for SSO with sessionID " + sessionID + " from database."); - Session session = MOASessionDBUtils.getCurrentSession(); + Session session = moaSessionDBUtils.getCurrentSession(); List<AuthenticatedSessionStore> result; Transaction tx = null; @@ -756,7 +759,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt String moaSession = getMOASessionSSOID(req.getMOASessionIdentifier()); if (MiscUtil.isNotEmpty(moaSession)) { try { - dbsession = searchInDatabase(moaSession, true); + dbsession = searchInDatabase(moaSession); }catch (MOADatabaseException e) { Logger.error("NO MOASession found but MOASession MUST already exist!"); @@ -818,7 +821,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt //store AssertionStore element to Database try { - MOASessionDBUtils.saveOrUpdate(dbsession); + moaSessionDBUtils.saveOrUpdate(dbsession); } catch (MOADatabaseException e) { Logger.warn("MOASession could not be created."); @@ -831,7 +834,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt public InterfederationSessionStore searchInterfederatedIDPFORAttributeQueryWithSessionID(String moaSessionID) { MiscUtil.assertNotNull(moaSessionID, "MOASessionID"); Logger.trace("Get interfederated IDP for AttributeQuery with sessionID " + moaSessionID + " from database."); - Session session = MOASessionDBUtils.getCurrentSession(); + Session session = moaSessionDBUtils.getCurrentSession(); List<AuthenticatedSessionStore> result; Transaction tx = null; @@ -872,7 +875,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt MiscUtil.assertNotNull(pedingRequestID, "pedingRequestID"); Logger.trace("Get authenticated session with pedingRequestID " + pedingRequestID + " from database."); - Session session = MOASessionDBUtils.getCurrentSession(); + Session session = moaSessionDBUtils.getCurrentSession(); List<AuthenticatedSessionStore> result; @@ -907,7 +910,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt } } - MOASessionDBUtils.saveOrUpdate(authsession); + moaSessionDBUtils.saveOrUpdate(authsession); return true; } catch (Throwable e) { @@ -922,7 +925,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt Date expioredateupdate = new Date(now.getTime() - authDataTimeOutUpdated); List<AuthenticatedSessionStore> results; - Session session = MOASessionDBUtils.getCurrentSession(); + Session session = moaSessionDBUtils.getCurrentSession(); Transaction tx = null; try { synchronized (session) { @@ -972,26 +975,26 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt } - private static void cleanDelete(AuthenticatedSessionStore result) { + private void cleanDelete(AuthenticatedSessionStore result) { try { result.setSession("blank".getBytes()); - MOASessionDBUtils.saveOrUpdate(result); + moaSessionDBUtils.saveOrUpdate(result); } catch (MOADatabaseException e) { Logger.warn("Blank authenticated session with sessionID=" + result.getSessionid() + " FAILED.", e); } finally { - if (!MOASessionDBUtils.delete(result)) + if (!moaSessionDBUtils.delete(result)) Logger.error("Authenticated session with sessionID=" + result.getSessionid() + " not removed! (Error during Database communication)"); } } @SuppressWarnings("rawtypes") - private static AuthenticatedSessionStore searchInDatabase(String sessionID, boolean commit) throws MOADatabaseException { + private AuthenticatedSessionStore searchInDatabase(String sessionID) throws MOADatabaseException { MiscUtil.assertNotNull(sessionID, "moasessionID"); Logger.trace("Get authenticated session with sessionID " + sessionID + " from database."); - Session session = MOASessionDBUtils.getCurrentSession(); + Session session = moaSessionDBUtils.getCurrentSession(); List result; Transaction tx = null; @@ -1003,8 +1006,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt result = query.list(); //send transaction - if (commit) - tx.commit(); + tx.commit(); } Logger.trace("Found entries: " + result.size()); @@ -1019,7 +1021,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt return (AuthenticatedSessionStore) result.get(0); } catch (Exception e) { - if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED) && commit) + if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED)) tx.rollback(); throw e; } |