aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java121
1 files changed, 45 insertions, 76 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
index 7dd6d15cd..ad200e400 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
@@ -46,6 +46,7 @@ import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
@@ -75,12 +76,12 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
//@Autowired MOASessionDBUtils moaSessionDBUtils;
@Override
- public boolean isAuthenticated(String moaSessionID) {
+ public boolean isAuthenticated(String internalSsoSessionID) {
AuthenticatedSessionStore session;
try {
- session = searchInDatabase(moaSessionID);
+ session = searchInDatabase(internalSsoSessionID);
return session.isAuthenticated();
} catch (MOADatabaseException e) {
@@ -89,8 +90,8 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
}
@Override
- public AuthenticationSession createSession(IRequest target) throws MOADatabaseException, BuildException {
- String id = Random.nextRandom();
+ public AuthenticationSession createInternalSSOSession(IRequest target) throws MOADatabaseException, BuildException {
+ String id = Random.nextLongRandom();
try {
AuthenticatedSessionStore dbsession = new AuthenticatedSessionStore();
dbsession.setSessionid(id);
@@ -106,12 +107,12 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
sessionExt.setUniqueSessionId(target.getUniqueSessionIdentifier());
dbsession.setAdditionalInformation(mapper.serialize(sessionExt));
- AuthenticationSession session = new AuthenticationSession(id, now);
+ AuthenticationSession session = new AuthenticationSession(id, now, target.getMOASession());
encryptSession(session, dbsession);
//store AssertionStore element to Database
entityManager.persist(dbsession);
- Logger.info("Create MOASession with sessionID: " + id);
+ Logger.info("Create MOA SSO-Session with internal sessionID: " + id);
return session;
@@ -128,7 +129,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
}
@Override
- public AuthenticationSession getSession(String sessionID) throws MOADatabaseException {
+ public AuthenticationSession getInternalSSOSession(String sessionID) throws MOADatabaseException {
if (MiscUtil.isEmpty(sessionID))
return null;
@@ -189,30 +190,10 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
}
@Override
- public void storeSession(AuthenticationSession session) throws MOADatabaseException, BuildException {
- try {
- AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID());
-
- encryptSession(session, dbsession);
-
- //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
- dbsession.setAuthenticated(session.isAuthenticated());
- dbsession.setUpdated(new Date());
-
- entityManager.merge(dbsession);
- Logger.debug("MOASession with sessionID=" + session.getSessionID() + " is stored in Database");
-
- } catch (MOADatabaseException e) {
- Logger.warn("MOASession could not be stored.");
- throw new MOADatabaseException(e);
- }
- }
-
- @Override
- public void destroySession(String moaSessionID) throws MOADatabaseException {
+ public void destroyInternalSSOSession(String internalSsoSessionID) throws MOADatabaseException {
Query query = entityManager.createNamedQuery("getSessionWithID");
- query.setParameter("sessionid", moaSessionID);
+ query.setParameter("sessionid", internalSsoSessionID);
List<AuthenticatedSessionStore> results = query.getResultList();
Logger.trace("Found entries: " + results.size());
@@ -230,39 +211,6 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
}
@Override
- public String changeSessionID(AuthenticationSession session, String newSessionID) throws BuildException, MOADatabaseException {
-
- AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID());
-
- Logger.debug("Change SessionID from " + session.getSessionID()
- + "to " + newSessionID);
-
- session.setSessionID(newSessionID);
- encryptSession(session, dbsession);
-
- dbsession.setSessionid(newSessionID);
- dbsession.setAuthenticated(session.isAuthenticated());
-
- //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
- dbsession.setUpdated(new Date());
-
- entityManager.merge(dbsession);
-
- Logger.trace("Change SessionID complete.");
-
- return newSessionID;
-
- }
-
- @Override
- public String changeSessionID(AuthenticationSession session)
- throws BuildException, MOADatabaseException {
- String id = Random.nextRandom();
- return changeSessionID(session, id);
-
- }
-
- @Override
public void setAuthenticated(String moaSessionID, boolean isAuthenticated) {
AuthenticatedSessionStore session;
@@ -279,7 +227,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
}
@Override
- public String getMOASessionSSOID(String SSOSessionID) {
+ public AuthenticationSession getInternalMOASessionWithSSOID(String SSOSessionID) throws MOADatabaseException {
MiscUtil.assertNotNull(SSOSessionID, "SSOsessionID");
Logger.trace("Get authenticated session with SSOID " + SSOSessionID + " from database.");
@@ -295,7 +243,13 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
return null;
} else
- return results.get(0).getSessionid();
+ try {
+ return decryptSession(results.get(0));
+
+ } catch (Throwable e) {
+ Logger.warn("MOASession deserialization-exception by using internal MOASessionID=" + results.get(0).getSessionid(), e);
+ throw new MOADatabaseException("MOASession deserialization-exception");
+ }
}
@@ -413,7 +367,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
}
@Override
- public List<OASessionStore> getAllActiveOAFromMOASession(AuthenticationSession moaSession) {
+ public List<OASessionStore> getAllActiveOAFromMOASession(IAuthenticationSession moaSession) {
MiscUtil.assertNotNull(moaSession, "MOASession");
Logger.trace("Get OAs for moaSession " + moaSession.getSessionID() + " from database.");
@@ -429,7 +383,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
}
@Override
- public List<InterfederationSessionStore> getAllActiveIDPsFromMOASession(AuthenticationSession moaSession) {
+ public List<InterfederationSessionStore> getAllActiveIDPsFromMOASession(IAuthenticationSession moaSession) {
MiscUtil.assertNotNull(moaSession, "MOASession");
Logger.trace("Get active IDPs for moaSession " + moaSession.getSessionID() + " from database.");
@@ -444,7 +398,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
}
@Override
- public AuthenticationSession searchMOASessionWithNameIDandOAID(String oaID, String userNameID) {
+ public IAuthenticationSession searchMOASessionWithNameIDandOAID(String oaID, String userNameID) {
MiscUtil.assertNotNull(oaID, "OnlineApplicationIdentifier");
MiscUtil.assertNotNull(userNameID, "userNameID");
Logger.trace("Get moaSession for userNameID " + userNameID + " and OA "
@@ -475,7 +429,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
}
@Override
- public OASessionStore searchActiveOASSOSession(AuthenticationSession moaSession, String oaID, String protocolType) {
+ public OASessionStore searchActiveOASSOSession(IAuthenticationSession moaSession, String oaID, String protocolType) {
MiscUtil.assertNotNull(moaSession, "MOASession");
MiscUtil.assertNotNull(oaID, "OnlineApplicationIdentifier");
MiscUtil.assertNotNull(protocolType, "usedProtocol");
@@ -505,7 +459,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
* @see at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage#markOAWithAttributeQueryUsedFlag(at.gv.egovernment.moa.id.auth.data.AuthenticationSession, java.lang.String, java.lang.String)
*/
@Override
- public void markOAWithAttributeQueryUsedFlag(AuthenticationSession session, String oaurl, String requestedModule) {
+ public void markOAWithAttributeQueryUsedFlag(IAuthenticationSession session, String oaurl, String requestedModule) {
OASessionStore activeOA = searchActiveOASSOSession(session, oaurl, requestedModule);
if (activeOA != null) {
activeOA.setAttributeQueryUsed(true);
@@ -516,7 +470,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
}
@Override
- public AuthenticationSession getSessionWithUserNameID(String nameID) {
+ public IAuthenticationSession getSessionWithUserNameID(String nameID) {
MiscUtil.assertNotNull(nameID, "nameID");
Logger.trace("Get authenticated session with pedingRequestID " + nameID + " from database.");
@@ -592,20 +546,35 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
@Override
public void addFederatedSessionInformation(IRequest req, String idpEntityID, AssertionAttributeExtractor extractor) throws MOADatabaseException, AssertionAttributeExtractorExeption, BuildException {
AuthenticatedSessionStore dbsession = null;
+ AuthenticationSession moaSession = null;
Date now = new Date();
//search for active session
- String moaSession = getMOASessionSSOID(req.getMOASessionIdentifier());
- if (MiscUtil.isNotEmpty(moaSession)) {
+ if (MiscUtil.isNotEmpty(req.getInternalSSOSessionIdentifier())) {
+ Logger.debug("Internal SSO-Session object: " + req.getInternalSSOSessionIdentifier() + " used for federated SSO");
+ moaSession = getInternalMOASessionWithSSOID(req.getInternalSSOSessionIdentifier());
+
+ } else {
+ Logger.debug("No internal SSO-Session object exists for federated SSO --> create new session object");
+ moaSession = createInternalSSOSession(req);
+
+ }
+
+ if (moaSession != null) {
try {
- dbsession = searchInDatabase(moaSession);
+ dbsession = searchInDatabase(moaSession.getSessionID());
}catch (MOADatabaseException e) {
Logger.error("NO MOASession found but MOASession MUST already exist!");
throw e;
- }
- }
-
+ }
+
+ } else {
+ Logger.error("NO MOASession found but MOASession MUST already exist!");
+ throw new MOADatabaseException("NO MOASession found but MOASession MUST already exist!");
+
+ }
+
dbsession.setUpdated(now);
//decrypt MOASession
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-13 18:23:47 +0000