diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java | 111 |
1 files changed, 76 insertions, 35 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java index 73308e607..da5556b30 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java @@ -16,6 +16,7 @@ import org.hibernate.Session; import org.hibernate.Transaction; import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.BuildException; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; @@ -25,6 +26,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.util.Random; +import at.gv.egovernment.moa.id.util.SessionEncrytionUtil; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -45,6 +47,20 @@ public class AuthenticationSessionStoreage { } } + public static void setAuthenticated(String moaSessionID, boolean value) { + + AuthenticatedSessionStore session; + + try { + session = searchInDatabase(moaSessionID); + session.setAuthenticated(value); + MOASessionDBUtils.saveOrUpdate(session); + + + } catch (MOADatabaseException e) { + Logger.warn("isAuthenticated can not be stored in MOASession " + moaSessionID, e); + } + } public static AuthenticationSession createSession() throws MOADatabaseException { String id = Random.nextRandom(); @@ -73,12 +89,14 @@ public class AuthenticationSessionStoreage { return session; } - public static void storeSession(AuthenticationSession session) throws MOADatabaseException { + public static void storeSession(AuthenticationSession session) throws MOADatabaseException, BuildException { try { AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID()); dbsession.setAuthenticated(session.isAuthenticated()); - dbsession.setSession(SerializationUtils.serialize(session)); + byte[] serialized = SerializationUtils.serialize(session); + + dbsession.setSession(SessionEncrytionUtil.encrypt(serialized)); //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 dbsession.setUpdated(new Date()); @@ -138,7 +156,7 @@ public class AuthenticationSessionStoreage { // } public static String changeSessionID(AuthenticationSession session) - throws AuthenticationException { + throws AuthenticationException, BuildException { try { AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID()); @@ -148,7 +166,10 @@ public class AuthenticationSessionStoreage { dbsession.setSessionid(id); dbsession.setAuthenticated(session.isAuthenticated()); - dbsession.setSession(SerializationUtils.serialize(session)); + + byte[] serialized = SerializationUtils.serialize(session); + + dbsession.setSession(SessionEncrytionUtil.encrypt(serialized)); //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 dbsession.setUpdated(new Date()); @@ -160,24 +181,6 @@ public class AuthenticationSessionStoreage { } catch (MOADatabaseException e) { throw new AuthenticationException("TODO!", null); } - - -// synchronized (sessionStore) { -// if (sessionStore.containsKey(session.getSessionID())) { -// AuthenticationSession theSession = sessionStore.get(session -// .getSessionID()); -// if (theSession != session) { -// throw new AuthenticationException("TODO!", null); -// } -// -// sessionStore.remove(session.getSessionID()); -// String id = Random.nextRandom(); -// session.setSessionID(id); -// sessionStore.put(id, session); -// return id; -// } -// } -// throw new AuthenticationException("TODO!", null); } public static void addSSOInformation(String moaSessionID, String SSOSessionID, @@ -232,6 +235,7 @@ public class AuthenticationSessionStoreage { dbsession.setSSOSession(true); dbsession.setSSOsessionid(SSOSessionID); + dbsession.setAuthenticated(false); //Store MOASession session.saveOrUpdate(dbsession); @@ -255,7 +259,11 @@ public class AuthenticationSessionStoreage { try { AuthenticatedSessionStore dbsession = searchInDatabase(sessionID); - AuthenticationSession session = (AuthenticationSession) SerializationUtils.deserialize(dbsession.getSession()); + + //decrypt Session + byte[] decrypted = SessionEncrytionUtil.decrypt(dbsession.getSession()); + + AuthenticationSession session = (AuthenticationSession) SerializationUtils.deserialize(decrypted); return session; @@ -282,6 +290,37 @@ public class AuthenticationSessionStoreage { } + public static String getMOASessionID(String SSOSessionID) { + MiscUtil.assertNotNull(SSOSessionID, "moasessionID"); + Logger.trace("Get authenticated session with SSOID " + SSOSessionID + " from database."); + Session session = MOASessionDBUtils.getCurrentSession(); + + List<AuthenticatedSessionStore> result; + + synchronized (session) { + session.beginTransaction(); + Query query = session.getNamedQuery("getSessionWithSSOID"); + query.setString("sessionid", SSOSessionID); + result = query.list(); + + //send transaction + session.getTransaction().commit(); + } + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() != 1) { + Logger.trace("No entries found."); + return null; + + } else { + return result.get(0).getSessionid(); + + } + + } + public static boolean isValidSessionWithSSOID(String SSOId, String moaSessionId) { MiscUtil.assertNotNull(SSOId, "moasessionID"); @@ -308,19 +347,21 @@ public class AuthenticationSessionStoreage { return false; } else { - AuthenticatedSessionStore dbsession = result.get(0); + return true; - - if (dbsession.getSessionid().equals(moaSessionId) && dbsession.isAuthenticated()) { - Log.info("Found SSO Session Cookie for MOA Session =" + moaSessionId); - return true; - - } else { - Log.warn("Found SSO Session with ID="+ dbsession.getSessionid() - + " but this Session does not match to MOA Sesson ID=" + moaSessionId); - } - - return false; +// AuthenticatedSessionStore dbsession = result.get(0); +// +// +// if (dbsession.getSessionid().equals(moaSessionId) && dbsession.isAuthenticated()) { +// Log.info("Found SSO Session Cookie for MOA Session =" + moaSessionId); +// return true; +// +// } else { +// Log.warn("Found SSO Session with ID="+ dbsession.getSessionid() +// + " but this Session does not match to MOA Sesson ID=" + moaSessionId); +// } +// +// return false; } } |