aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java84
1 files changed, 44 insertions, 40 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
index 9ae41c06c..c5f02e7de 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
@@ -40,15 +40,17 @@ import org.springframework.transaction.annotation.Transactional;
import com.fasterxml.jackson.core.JsonProcessingException;
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
import at.gv.egiz.eaaf.core.impl.utils.Random;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
@@ -56,6 +58,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.commons.utils.JsonMapper;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
import at.gv.egovernment.moa.id.data.EncryptedData;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
@@ -68,14 +71,12 @@ import at.gv.egovernment.moa.util.MiscUtil;
public class DBAuthenticationSessionStoreage implements IAuthenticationSessionStoreage{
@PersistenceContext(unitName="session")
- private EntityManager entityManager;
+ private EntityManager entityManager;
@Autowired AuthConfiguration authConfig;
private static JsonMapper mapper = new JsonMapper();
-
- //@Autowired MOASessionDBUtils moaSessionDBUtils;
-
+
@Override
public boolean isAuthenticated(String internalSsoSessionID) {
@@ -108,7 +109,8 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
sessionExt.setUniqueSessionId(target.getUniqueSessionIdentifier());
dbsession.setAdditionalInformation(mapper.serialize(sessionExt).getBytes("UTF-8"));
- AuthenticationSession session = new AuthenticationSession(id, now, target.getMOASession());
+ AuthenticationSession session = new AuthenticationSession(id, now,
+ new AuthenticationSessionWrapper(target.genericFullDataStorage()));
encryptSession(session, dbsession);
//store AssertionStore element to Database
@@ -123,7 +125,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
} catch (JsonProcessingException | UnsupportedEncodingException e) {
Logger.warn("Extended session information can not be stored.", e);
- throw new MOADatabaseException(e);
+ throw new MOADatabaseException("Extended session information can not be stored.", e);
}
@@ -180,7 +182,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
} catch (MOADatabaseException e) {
Logger.warn("MOASession could not be stored.");
- throw new MOADatabaseException(e);
+ throw new MOADatabaseException("MOASession could not be stored.", e);
} catch (JsonProcessingException | UnsupportedEncodingException e) {
Logger.warn("Extended session information can not be stored.", e);
@@ -228,12 +230,12 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
}
@Override
- public AuthenticationSession getInternalMOASessionWithSSOID(String SSOSessionID) throws MOADatabaseException {
- MiscUtil.assertNotNull(SSOSessionID, "SSOsessionID");
- Logger.trace("Get authenticated session with SSOID " + SSOSessionID + " from database.");
+ public String getInternalSSOSessionWithSSOID(String externelSSOId) throws MOADatabaseException {
+ MiscUtil.assertNotNull(externelSSOId, "SSOsessionID");
+ Logger.trace("Get authenticated session with SSOID " + externelSSOId + " from database.");
Query query = entityManager.createNamedQuery("getSessionWithSSOID");
- query.setParameter("sessionid", SSOSessionID);
+ query.setParameter("sessionid", externelSSOId);
List<AuthenticatedSessionStore> results = query.getResultList();
Logger.trace("Found entries: " + results.size());
@@ -245,7 +247,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
} else
try {
- return decryptSession(results.get(0));
+ return decryptSession(results.get(0)).getSSOSessionID();
} catch (Throwable e) {
Logger.warn("MOASession deserialization-exception by using internal MOASessionID=" + results.get(0).getSessionid(), e);
@@ -312,7 +314,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
//check if OA already has an active OA session
if (dbsession.getActiveOAsessions() != null) {
for (OASessionStore el : dbsession.getActiveOAsessions()) {
- if (el.getOaurlprefix().equals(protocolRequest.getOAURL()))
+ if (el.getOaurlprefix().equals(protocolRequest.getSPEntityId()))
activeOA = el;
}
}
@@ -321,7 +323,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
activeOA = new OASessionStore();
//set active OA applications
- activeOA.setOaurlprefix(protocolRequest.getOAURL());
+ activeOA.setOaurlprefix(protocolRequest.getSPEntityId());
activeOA.setMoasession(dbsession);
activeOA.setCreated(new Date());
@@ -360,21 +362,21 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
entityManager.merge(dbsession);
if (SLOInfo != null)
- Logger.info("Add SSO-Session login information for OA: " + protocolRequest.getOAURL()
+ Logger.info("Add SSO-Session login information for OA: " + protocolRequest.getSPEntityId()
+ " and AssertionID: " + SLOInfo.getSessionIndex());
else
- Logger.info("Add SSO-Session login information for OA: " + protocolRequest.getOAURL());
+ Logger.info("Add SSO-Session login information for OA: " + protocolRequest.getSPEntityId());
}
@Override
- public List<OASessionStore> getAllActiveOAFromMOASession(IAuthenticationSession moaSession) {
- MiscUtil.assertNotNull(moaSession, "MOASession");
+ public List<OASessionStore> getAllActiveOAFromMOASession(String ssoSessionId) {
+ MiscUtil.assertNotNull( ssoSessionId, "MOASession");
- Logger.trace("Get OAs for moaSession " + moaSession.getSessionID() + " from database.");
+ Logger.trace("Get OAs for moaSession " + ssoSessionId + " from database.");
Query query = entityManager.createNamedQuery("getAllActiveOAsForSessionID");
- query.setParameter("sessionID", moaSession.getSessionID());
+ query.setParameter("sessionID", ssoSessionId);
List<OASessionStore> results = query.getResultList();
Logger.trace("Found entries: " + results.size());
@@ -384,13 +386,13 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
}
@Override
- public List<InterfederationSessionStore> getAllActiveIDPsFromMOASession(IAuthenticationSession moaSession) {
- MiscUtil.assertNotNull(moaSession, "MOASession");
+ public List<InterfederationSessionStore> getAllActiveIDPsFromMOASession(String ssoSessionId) {
+ MiscUtil.assertNotNull( ssoSessionId, "MOASession");
- Logger.trace("Get active IDPs for moaSession " + moaSession.getSessionID() + " from database.");
+ Logger.trace("Get active IDPs for moaSession " + ssoSessionId + " from database.");
Query query = entityManager.createNamedQuery("getAllActiveIDPsForSessionID");
- query.setParameter("sessionID", moaSession.getSessionID());
+ query.setParameter("sessionID", ssoSessionId);
List<InterfederationSessionStore> results = query.getResultList();
Logger.trace("Found entries: " + results.size());
@@ -399,7 +401,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
}
@Override
- public IAuthenticationSession searchMOASessionWithNameIDandOAID(String oaID, String userNameID) {
+ public String searchSSOSessionWithNameIDandOAID(String oaID, String userNameID) {
MiscUtil.assertNotNull(oaID, "OnlineApplicationIdentifier");
MiscUtil.assertNotNull(userNameID, "userNameID");
Logger.trace("Get moaSession for userNameID " + userNameID + " and OA "
@@ -419,8 +421,10 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
}
- try {
- return decryptSession(results.get(0));
+ try {
+ AuthenticationSession decrytedSession = decryptSession(results.get(0));
+
+ return decrytedSession.getSSOSessionID();
} catch (BuildException e) {
Logger.warn("MOASession deserialization-exception by using MOASessionID=" + results.get(0).getSessionid(), e);
@@ -434,11 +438,11 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
MiscUtil.assertNotNull(moaSession, "MOASession");
MiscUtil.assertNotNull(oaID, "OnlineApplicationIdentifier");
MiscUtil.assertNotNull(protocolType, "usedProtocol");
- Logger.trace("Get active OnlineApplication for sessionID " + moaSession.getSessionID() + " with OAID "
+ Logger.trace("Get active OnlineApplication for sessionID " + moaSession.getSSOSessionID() + " with OAID "
+ oaID + " from database.");
Query query = entityManager.createNamedQuery("getActiveOAWithSessionIDandOAIDandProtocol");
- query.setParameter("sessionID", moaSession.getSessionID());
+ query.setParameter("sessionID", moaSession.getSSOSessionID());
query.setParameter("oaID", oaID);
query.setParameter("protocol", protocolType);
List<AuthenticatedSessionStore> results = query.getResultList();
@@ -545,25 +549,25 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
}
@Override
- public void addFederatedSessionInformation(IRequest req, String idpEntityID, AssertionAttributeExtractor extractor) throws MOADatabaseException, AssertionAttributeExtractorExeption, BuildException {
+ public void addFederatedSessionInformation(IRequest req, String idpEntityID, AssertionAttributeExtractor extractor) throws MOADatabaseException, AssertionAttributeExtractorExeption, BuildException, EAAFConfigurationException {
AuthenticatedSessionStore dbsession = null;
- AuthenticationSession moaSession = null;
+ String ssoSessionId = null;
Date now = new Date();
//search for active session
- if (MiscUtil.isNotEmpty(req.getInternalSSOSessionIdentifier())) {
- Logger.debug("Internal SSO-Session object: " + req.getInternalSSOSessionIdentifier() + " used for federated SSO");
- moaSession = getInternalMOASessionWithSSOID(req.getInternalSSOSessionIdentifier());
+ if (MiscUtil.isNotEmpty(req.getSSOSessionIdentifier())) {
+ Logger.debug("Internal SSO-Session object: " + req.getSSOSessionIdentifier() + " used for federated SSO");
+ ssoSessionId = getInternalSSOSessionWithSSOID(req.getSSOSessionIdentifier());
} else {
Logger.debug("No internal SSO-Session object exists for federated SSO --> create new session object");
- moaSession = createInternalSSOSession(req);
+ ssoSessionId = createInternalSSOSession(req).getSSOSessionID();
}
- if (moaSession != null) {
+ if (MiscUtil.isNotEmpty(ssoSessionId)) {
try {
- dbsession = searchInDatabase(moaSession.getSessionID());
+ dbsession = searchInDatabase(ssoSessionId);
}catch (MOADatabaseException e) {
Logger.error("NO MOASession found but MOASession MUST already exist!");
@@ -617,7 +621,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
idp.setIdpurlprefix(idpEntityID);
idp.setAuthURL(req.getAuthURL());
- IOAAuthParameters oa = authConfig.getOnlineApplicationParameter(idp.getIdpurlprefix());
+ IOAAuthParameters oa = authConfig.getServiceProviderConfiguration(idp.getIdpurlprefix(), OAAuthParameterDecorator.class);
idp.setStoreSSOInformation(oa.isInterfederationSSOStorageAllowed());
idp.setMoasession(dbsession);
idpList.add(idp);
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-13 04:26:20 +0000