aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GUILayoutBuilder.java157
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java22
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java32
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java126
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java16
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java14
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java24
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationInterface.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java33
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java14
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java19
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractAuthProtocolModulController.java63
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java57
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/FormBuildUtils.java10
22 files changed, 517 insertions, 108 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GUILayoutBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GUILayoutBuilder.java
new file mode 100644
index 000000000..b95cbbc16
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GUILayoutBuilder.java
@@ -0,0 +1,157 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.builder;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.StringWriter;
+import java.net.URI;
+
+import org.apache.commons.io.IOUtils;
+
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.util.FormBuildUtils;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+public class GUILayoutBuilder {
+ private static final String CSS_LAYOUTTEMPLATE = "css_template.css";
+ private static final String JS_LAYOUTTEMPLATE = "javascript_tempalte.js";
+ private static final String HTMLTEMPLATESDIR = "htmlTemplates/";
+
+ private static String CONTEXTPATH = "#CONTEXTPATH#";
+ private static String MOASESSIONID = "#SESSIONID#";
+ private static String AUTH_URL = "#AUTH_URL#";
+ private static String BKU_ONLINE = "#ONLINE#";
+ private static String BKU_HANDY = "#HANDY#";
+ private static String BKU_LOCAL = "#LOCAL#";
+
+
+ public static String buildCSS(IRequest pendingReq, String authURL) {
+ return buildForm(pendingReq, authURL, CSS_LAYOUTTEMPLATE);
+
+ }
+
+ public static String buildJS(IRequest pendingReq, String authURL) {
+ return buildForm(pendingReq, authURL, JS_LAYOUTTEMPLATE);
+
+ }
+
+
+
+ private static String getTemplate(String templateName) {
+ String pathLocation;
+ InputStream input = null;
+ try {
+ String rootconfigdir = AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir();
+ pathLocation = rootconfigdir + HTMLTEMPLATESDIR + templateName;
+
+ try {
+ File file = new File(new URI(pathLocation));
+ input = new FileInputStream(file);
+
+ } catch (FileNotFoundException e) {
+ Logger.warn("No LoginFormTempaltes found. Use Generic Templates from package.");
+ pathLocation = "resources/templates/" + templateName;
+ input = Thread.currentThread()
+ .getContextClassLoader()
+ .getResourceAsStream(pathLocation);
+
+ }
+
+ return getTemplate(input);
+
+ } catch (Exception e) {
+ return null;
+
+ } finally {
+ try {
+ if (input != null)
+ input.close();
+
+ } catch (IOException e) {
+ Logger.warn("SendAssertionTemplate inputstream can not be closed.", e);
+
+ }
+ }
+ }
+
+ private static String getTemplate(InputStream input) {
+ String template = null;
+ try {
+
+ StringWriter writer = new StringWriter();
+ IOUtils.copy(input, writer);
+ template = writer.toString();
+
+ } catch (Exception e) {
+ Logger.error("Failed to read template", e);
+
+ }
+ return template;
+ }
+
+ private static String buildForm(IRequest pendingReq, String authURL, String templateName) {
+ //load default GUI-Layout template template
+ String value = getTemplate(templateName);
+
+ if (pendingReq != null) {
+ IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
+
+ if(value != null) {
+ //only for BKU-Selection step and JavaScript generation
+ value = value.replace(AUTH_URL, LoginFormBuilder.SERVLET);
+
+ value = value.replace(CONTEXTPATH, pendingReq.getAuthURL());
+ value = value.replace(MOASESSIONID, pendingReq.getRequestID());
+
+ value = value.replace(BKU_ONLINE, IOAAuthParameters.ONLINEBKU);
+ value = value.replace(BKU_HANDY, IOAAuthParameters.HANDYBKU);
+ value = value.replace(BKU_LOCAL, IOAAuthParameters.LOCALBKU);
+
+
+ value = FormBuildUtils.customiceLayoutBKUSelection(value,
+ oaParam.isShowMandateCheckBox(),
+ oaParam.isOnlyMandateAllowed(),
+ oaParam.getFormCustomizaten(),
+ oaParam.isShowStorkLogin());
+ }
+
+ } else {
+ value = FormBuildUtils.defaultLayoutBKUSelection(value);
+ value = value.replace(CONTEXTPATH, authURL);
+
+ }
+
+ return value;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java
index 4bcda3517..e1aa41ce2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java
@@ -47,8 +47,6 @@ public class LoginFormBuilder {
private static final String HTMLTEMPLATEFULL = "loginFormFull.html";
private static String AUTH_URL = "#AUTH_URL#";
- private static String MODUL = "#MODUL#";
- private static String ACTION = "#ACTION#";
private static String OANAME = "#OAName#";
private static String BKU_ONLINE = "#ONLINE#";
private static String BKU_HANDY = "#HANDY#";
@@ -57,7 +55,7 @@ public class LoginFormBuilder {
private static String MOASESSIONID = "#SESSIONID#";
private static String PEPSLIST = "#PEPSLIST#";
- private static String SERVLET = CONTEXTPATH+"/GenerateIframeTemplate";
+ public static String SERVLET = CONTEXTPATH+"/GenerateIframeTemplate";
private static String getTemplate() {
String pathLocation ="";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java
index d52b76ebd..5b53a43bd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java
@@ -90,19 +90,21 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask {
if (ssoConsents) {
//authenticate pending-request
pendingReq.setAuthenticated(true);
-
- //store pending-request
- requestStoreage.storePendingRequest(pendingReq);
-
- //redirect to auth. protocol finalization
- performRedirectToProtocolFinialization(pendingReq, response);
-
+ pendingReq.setAbortedByUser(false);
+
} else {
//user deny single sign-on authentication
- throw new AuthenticationException("auth.21", new Object[] {});
-
+ Logger.debug("User deny the Single Sign-On authentication for SP: " + pendingReq.getOAURL());
+ pendingReq.setAbortedByUser(true);
+
}
-
+
+ //store pending-request
+ requestStoreage.storePendingRequest(pendingReq);
+
+ //redirect to auth. protocol finalization
+ performRedirectToProtocolFinialization(pendingReq, response);
+
} catch (MOAIDException e) {
throw new TaskExecutionException(pendingReq, e.getMessage(), e);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
index 8567d7834..36390ba62 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
@@ -56,6 +56,7 @@ import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestValidatorException;
import at.gv.egovernment.moa.id.storage.ITransactionStorage;
import at.gv.egovernment.moa.id.util.ErrorResponseUtils;
+import at.gv.egovernment.moa.id.util.HTTPUtils;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.id.util.ServletUtils;
@@ -73,6 +74,7 @@ public abstract class AbstractController extends MOAIDAuthConstants {
private static final String HTMLTEMPLATESDIR = "htmlTemplates/";
private static final String HTMLTEMPLATEFULL = "error_message.html";
+ private static String CONTEXTPATH = "#CONTEXTPATH#";
@Autowired protected StatisticLogger statisticLogger;
@Autowired protected IRequestStorage requestStorage;
@@ -185,7 +187,7 @@ public abstract class AbstractController extends MOAIDAuthConstants {
else {
//write generic message for general exceptions
String msg = MOAIDMessageProvider.getInstance().getMessage("internal.00", null);
- writeHTMLErrorResponse(resp, msg, "9199", (Exception) throwable);
+ writeHTMLErrorResponse(req, resp, msg, "9199", (Exception) throwable);
}
@@ -197,15 +199,16 @@ public abstract class AbstractController extends MOAIDAuthConstants {
* @param loggedException Exception to log
*/
protected void logExceptionToTechnicalLog(Throwable loggedException) {
- if (!(loggedException instanceof MOAIDException)) {
+ if (!( loggedException instanceof MOAIDException
+ || loggedException instanceof ProcessExecutionException )) {
Logger.error("Receive an internal error: Message=" + loggedException.getMessage(), loggedException);
} else {
if (Logger.isDebugEnabled() || Logger.isTraceEnabled()) {
- Logger.error(loggedException.getMessage(), loggedException);
+ Logger.warn(loggedException.getMessage(), loggedException);
} else {
- Logger.error(loggedException.getMessage());
+ Logger.info(loggedException.getMessage());
}
}
@@ -223,7 +226,7 @@ public abstract class AbstractController extends MOAIDAuthConstants {
}
- private void writeHTMLErrorResponse(HttpServletResponse httpResp, String msg, String errorCode, Exception error) throws IOException {
+ private void writeHTMLErrorResponse(HttpServletRequest req, HttpServletResponse httpResp, String msg, String errorCode, Exception error) throws IOException {
VelocityContext context = new VelocityContext();
//add errorcode and errormessage
@@ -236,11 +239,11 @@ public abstract class AbstractController extends MOAIDAuthConstants {
}
- writeHTMLErrorResponse(httpResp, context);
+ writeHTMLErrorResponse(req, httpResp, context);
}
- private void writeHTMLErrorResponse(HttpServletResponse httpResp, Exception error) throws IOException {
+ private void writeHTMLErrorResponse(HttpServletRequest req, HttpServletResponse httpResp, Exception error) throws IOException {
VelocityContext context = new VelocityContext();
//add errorcode and errormessage
@@ -253,11 +256,14 @@ public abstract class AbstractController extends MOAIDAuthConstants {
}
- writeHTMLErrorResponse(httpResp, context);
+ writeHTMLErrorResponse(req, httpResp, context);
}
- private void writeHTMLErrorResponse(HttpServletResponse httpResp, VelocityContext context) throws IOException {
- try {
+ private void writeHTMLErrorResponse(HttpServletRequest req, HttpServletResponse httpResp, VelocityContext context) throws IOException {
+ try {
+ String authURL = HTTPUtils.extractAuthURLFromRequest(req);
+ context.put(CONTEXTPATH, authURL);
+
InputStream is = null;
String pathLocation = null;
try {
@@ -361,15 +367,15 @@ public abstract class AbstractController extends MOAIDAuthConstants {
} else if (e instanceof ConfigurationException) {
//send HTML formated error message
- writeHTMLErrorResponse(resp, (MOAIDException) e);
+ writeHTMLErrorResponse(req, resp, (MOAIDException) e);
} else if (e instanceof MOAIDException) {
//send HTML formated error message
- writeHTMLErrorResponse(resp, e);
+ writeHTMLErrorResponse(req, resp, e);
} else if (e instanceof ProcessExecutionException) {
//send HTML formated error message
- writeHTMLErrorResponse(resp, e);
+ writeHTMLErrorResponse(req, resp, e);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java
index 8b96b884e..6be0fce90 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java
@@ -23,7 +23,7 @@ import at.gv.egovernment.moa.logging.Logger;
*/
public abstract class AbstractProcessEngineSignalController extends AbstractController {
- @Autowired ProcessEngine processEngine;
+ @Autowired protected ProcessEngine processEngine;
protected void signalProcessManagement(HttpServletRequest req, HttpServletResponse resp) throws IOException {
String pendingRequestID = StringEscapeUtils.escapeHtml(getPendingRequestId(req));
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java
new file mode 100644
index 000000000..1d9a57b48
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java
@@ -0,0 +1,126 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.servlet;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang.StringEscapeUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.builder.GUILayoutBuilder;
+import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.IRequestStorage;
+import at.gv.egovernment.moa.id.util.HTTPUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+@Controller
+public class GUILayoutBuilderServlet extends AbstractController {
+
+ public static final String ENDPOINT_CSS = "/css/buildCSS";
+ public static final String ENDPOINT_JS = "/js/buildJS";
+
+ @Autowired AuthConfiguration authConfig;
+ @Autowired IRequestStorage requestStoreage;
+
+ public GUILayoutBuilderServlet() {
+ super();
+ Logger.debug("Registering servlet " + getClass().getName()
+ + " with mappings '" + ENDPOINT_CSS
+ + "' and '" + ENDPOINT_JS + "'.");
+
+ }
+
+ @RequestMapping(value = "/css/buildCSS", method = {RequestMethod.GET})
+ public void buildCSS(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+ IRequest pendingReq = extractPendingRequest(req);
+
+ //build Service-Provider specific CSS
+ String css = GUILayoutBuilder.buildCSS(pendingReq, HTTPUtils.extractAuthURLFromRequest(req));
+
+ resp.setContentType("text/css;charset=UTF-8");
+ writeResponse(resp, css, "CSS");
+
+ }
+
+ @RequestMapping(value = "/js/buildJS", method = {RequestMethod.GET})
+ public void buildJavaScript(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+ IRequest pendingReq = extractPendingRequest(req);
+
+ //build Service-Provider specific CSS
+ String js = GUILayoutBuilder.buildJS(pendingReq, HTTPUtils.extractAuthURLFromRequest(req));
+
+ resp.setContentType("text/javascript;charset=UTF-8");
+ writeResponse(resp, js, "JavaScript");
+
+ }
+
+ private void writeResponse(HttpServletResponse resp, String value, String ressourceID) throws IOException {
+ if (MiscUtil.isNotEmpty(value)) {
+ PrintWriter out = new PrintWriter(resp.getOutputStream());
+ out.print(value);
+ out.flush();
+
+ } else {
+ Logger.warn("GUI ressource: " + ressourceID + " generation FAILED.");
+ resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Created resource failed");
+
+ }
+
+ }
+
+ private IRequest extractPendingRequest(HttpServletRequest req) {
+ try {
+ String authURL = HTTPUtils.extractAuthURLFromRequest(req);
+ String pendingReqID = StringEscapeUtils.escapeHtml(
+ req.getParameter(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID));
+
+ if (MiscUtil.isNotEmpty(pendingReqID) && authConfig.getPublicURLPrefix().contains(authURL)) {
+ IRequest pendingReq = requestStorage.getPendingRequest(pendingReqID);
+ if (pendingReq != null)
+ return pendingReq;
+
+ }
+
+ Logger.info("Prohibit GUI-Layout builder-request. No pending-request or wrong auth-URL.");
+
+ } catch (Exception e) {
+ Logger.warn("GUI-Layout builder-servlet has an error during request-preprocessing.", e);
+ }
+
+ return null;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java
index 6bccd5b88..26a0488ca 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java
@@ -39,6 +39,8 @@ import org.springframework.web.bind.annotation.RequestMethod;
public class GeneralProcessEngineSignalController extends AbstractProcessEngineSignalController {
+
+
@RequestMapping(value = {"/GenerateIframeTemplate",
"/SSOSendAssertionServlet",
"/signalProcess"
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
index 307b668b7..427bb9464 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
@@ -62,7 +62,7 @@ import at.gv.egovernment.moa.util.URLEncoder;
*/
@Controller
public class IDPSingleLogOutServlet extends AbstractController {
-
+
@Autowired SSOManager ssoManager;
@Autowired AuthenticationManager authManager;
@Autowired IAuthenticationSessionStoreage authenicationStorage;
@@ -71,7 +71,7 @@ public class IDPSingleLogOutServlet extends AbstractController {
@RequestMapping(value = "/idpSingleLogout", method = {RequestMethod.GET})
public void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
- Logger.debug("receive IDP SingleLogOut Request");
+ Logger.debug("Receive IDP-initiated SingleLogOut");
String authURL = HTTPUtils.extractAuthURLFromRequest(req);
try {
@@ -111,7 +111,9 @@ public class IDPSingleLogOutServlet extends AbstractController {
else
context.put("errorMsg",
MOAIDMessageProvider.getInstance().getMessage("slo.01", null));
-
+
+ context.put(SSOManager.CONTEXTPATH, authURL);
+
ssoManager.printSingleLogOutInfo(context, resp);
} catch (MOAIDException e) {
@@ -139,13 +141,9 @@ public class IDPSingleLogOutServlet extends AbstractController {
}
}
}
- } catch (MOADatabaseException e) {
- //TODO: insert error Handling
- e.printStackTrace();
+ } catch (Exception e) {
+ handleErrorNoRedirect(e, req, resp, false);
- } catch (MOAIDException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
}
} else if (restartProcessObj != null && restartProcessObj instanceof String) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
index 4ed276814..4fcf166c9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
@@ -76,7 +76,7 @@ public class LogOutServlet {
@RequestMapping(value = "/LogOut", method = {RequestMethod.POST, RequestMethod.GET})
public void performLogOut(HttpServletRequest req, HttpServletResponse resp) throws IOException {
- Logger.debug("receive LogOut Request");
+ Logger.debug("Receive simple LogOut Request");
String redirectUrl = (String) req.getParameter(REDIRECT_URL);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
index c5a9ad34b..ce384d1a0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
@@ -50,7 +50,7 @@ public class WebFrontEndSecurityInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
-
+
//only for SAML1 GetAuthenticationData webService functionality
String requestedServlet = request.getServletPath();
if (MiscUtil.isNotEmpty(requestedServlet) && requestedServlet.startsWith("/services/GetAuthenticationData")) {
@@ -61,7 +61,9 @@ public class WebFrontEndSecurityInterceptor implements HandlerInterceptor {
//check AuthURL
String authURL = HTTPUtils.extractAuthURLFromRequest(request);
- if (!authURL.startsWith("https:") && !authConfig.isHTTPAuthAllowed()) {
+ if (!authURL.startsWith("https:") && !authConfig.isHTTPAuthAllowed() &&
+ !authConfig.getPublicURLPrefix().contains(authURL)) {
+ Logger.info("Receive request, which is not in IDP URL-Prefix whitelist.");
String errorMsg = MOAIDMessageProvider.getInstance().getMessage("auth.07", new Object[] { authURL + "*" });
Logger.info(errorMsg);
response.sendError(
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java
index ba7f33821..fd1749129 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java
@@ -41,10 +41,20 @@ public class SLOInformationContainer implements Serializable, ISLOInformationCon
private static final long serialVersionUID = 7148730740582881862L;
private PVPTargetConfiguration sloRequest = null;
- private LinkedHashMap<String, SLOInformationImpl> activeFrontChannalOAs = null;
- private LinkedHashMap<String, SLOInformationImpl> activeBackChannelOAs = null;
+ private LinkedHashMap<String, SLOInformationImpl> activeFrontChannalOAs;
+ private LinkedHashMap<String, SLOInformationImpl> activeBackChannelOAs;
private List<String> sloFailedOAs = null;
+ /**
+ *
+ */
+ public SLOInformationContainer() {
+ this.activeBackChannelOAs = new LinkedHashMap<String, SLOInformationImpl>();
+ this.activeFrontChannalOAs = new LinkedHashMap<String, SLOInformationImpl>();
+ this.sloFailedOAs = new ArrayList<String>();
+
+ }
+
/**
* @return the activeFrontChannalOAs
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java
index 55a56056d..2d84bf472 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java
@@ -40,16 +40,18 @@ public class SLOInformationImpl implements SLOInformationInterface, Serializable
private String binding = null;
private String serviceURL = null;
private String authURL = null;
+ private String spEntityID = null;
- public SLOInformationImpl(String authURL, String sessionID, String nameID, String nameIDFormat, String protocolType) {
- new SLOInformationImpl(authURL, sessionID, nameID, nameIDFormat, protocolType, null);
+ public SLOInformationImpl(String authURL, String spEntityID, String sessionID, String nameID, String nameIDFormat, String protocolType) {
+ new SLOInformationImpl(authURL, spEntityID, sessionID, nameID, nameIDFormat, protocolType, null);
}
- public SLOInformationImpl(String authURL, String sessionID, String nameID, String nameIDFormat, String protocolType, SingleLogoutService sloService) {
+ public SLOInformationImpl(String authURL, String spEntityID, String sessionID, String nameID, String nameIDFormat, String protocolType, SingleLogoutService sloService) {
this.sessionIndex = sessionID;
this.nameID = nameID;
this.nameIDFormat = nameIDFormat;
this.protocolType = protocolType;
+ this.spEntityID = spEntityID;
if (authURL.endsWith("/"))
this.authURL = authURL.substring(0, authURL.length()-1);
@@ -72,6 +74,14 @@ public class SLOInformationImpl implements SLOInformationInterface, Serializable
}
+
+ /**
+ * @return the spEntityID
+ */
+ public String getSpEntityID() {
+ return spEntityID;
+ }
+
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.data.SLOInformationInterface#getSessionIndex()
*/
@@ -161,6 +171,14 @@ public class SLOInformationImpl implements SLOInformationInterface, Serializable
public String getAuthURL() {
return authURL;
}
+
+ /**
+ * @param spEntityID the spEntityID to set
+ */
+ public void setSpEntityID(String spEntityID) {
+ this.spEntityID = spEntityID;
+ }
+
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationInterface.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationInterface.java
index b2241f8ed..31fdaacfd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationInterface.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationInterface.java
@@ -59,5 +59,12 @@ public interface SLOInformationInterface{
*/
public String getUserNameIDFormat();
+ /**
+ * Get the unique entityID of this Service-Provider
+ *
+ * @return unique identifier, but never null
+ */
+ public String getSpEntityID();
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 22561e435..73d682c21 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -115,7 +115,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
public void performOnlyIDPLogOut(HttpServletRequest request,
HttpServletResponse response, String moaSessionID) {
- Logger.info("Logout");
+ Logger.info("Remove active user-session");
if(moaSessionID == null) {
moaSessionID = (String) request.getParameter(PARAM_SESSIONID);
@@ -440,6 +440,8 @@ public class AuthenticationManager extends MOAIDAuthConstants {
String pvpSLOIssuer = null;
String inboundRelayState = null;
+ Logger.debug("Start technical Single LogOut process ... ");
+
if (pvpReq != null) {
MOARequest samlReq = (MOARequest) pvpReq.getRequest();
LogoutRequest logOutReq = (LogoutRequest) samlReq.getSamlRequest();
@@ -455,18 +457,25 @@ public class AuthenticationManager extends MOAIDAuthConstants {
sloContainer.setSloRequest(pvpReq);
sloBuilder.parseActiveIDPs(sloContainer, dbIDPs, pvpSLOIssuer);
sloBuilder.parseActiveOAs(sloContainer, dbOAs, pvpSLOIssuer);
-
+
+ Logger.debug("Active SSO Service-Provider: "
+ + " BackChannel:" + sloContainer.getActiveBackChannelOAs().size()
+ + " FrontChannel:" + sloContainer.getActiveFrontChannalOAs().size()
+ + " NO_SLO_Support:" + sloContainer.getSloFailedOAs().size());
+
//terminate MOASession
try {
authenticatedSessionStore.destroySession(session.getSessionID());
- ssoManager.deleteSSOSessionID(httpReq, httpResp);
-
+ ssoManager.deleteSSOSessionID(httpReq, httpResp);
+ Logger.debug("Active SSO Session on IDP is remove.");
+
} catch (MOADatabaseException e) {
Logger.warn("Delete MOASession FAILED.");
sloContainer.putFailedOA(pvpReq.getAuthURL());
}
+ Logger.trace("Starting Service-Provider logout process ... ");
//start service provider back channel logout process
Iterator<String> nextOAInterator = sloContainer.getNextBackChannelOA();
while (nextOAInterator.hasNext()) {
@@ -474,6 +483,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
LogoutRequest sloReq = sloBuilder.buildSLORequestMessage(sloDescr);
try {
+ Logger.trace("Send backchannel SLO Request to " + sloDescr.getSpEntityID());
List<XMLObject> soapResp = MOASAMLSOAPClient.send(sloDescr.getServiceURL(), sloReq);
LogoutResponse sloResp = null;
@@ -483,9 +493,9 @@ public class AuthenticationManager extends MOAIDAuthConstants {
}
if (sloResp == null) {
- Logger.warn("Single LogOut for OA " + sloReq.getIssuer().getValue()
+ Logger.warn("Single LogOut for OA " + sloDescr.getSpEntityID()
+ " FAILED. NO LogOut response received.");
- sloContainer.putFailedOA(sloReq.getIssuer().getValue());
+ sloContainer.putFailedOA(sloDescr.getSpEntityID());
} else {
samlVerificationEngine.verifySLOResponse(sloResp,
@@ -496,14 +506,14 @@ public class AuthenticationManager extends MOAIDAuthConstants {
sloBuilder.checkStatusCode(sloContainer, sloResp);
} catch (SOAPException e) {
- Logger.warn("Single LogOut for OA " + sloReq.getIssuer().getValue()
+ Logger.warn("Single LogOut for OA " + sloDescr.getSpEntityID()
+ " FAILED.", e);
- sloContainer.putFailedOA(sloReq.getIssuer().getValue());
+ sloContainer.putFailedOA(sloDescr.getSpEntityID());
} catch (SecurityException | InvalidProtocolRequestException e) {
- Logger.warn("Single LogOut for OA " + sloReq.getIssuer().getValue()
+ Logger.warn("Single LogOut for OA " + sloDescr.getSpEntityID()
+ " FAILED.", e);
- sloContainer.putFailedOA(sloReq.getIssuer().getValue());
+ sloContainer.putFailedOA(sloDescr.getSpEntityID());
}
}
@@ -516,6 +526,8 @@ public class AuthenticationManager extends MOAIDAuthConstants {
Collection<Entry<String, SLOInformationImpl>> sloDescr = sloContainer.getFrontChannelOASessionDescriptions();
List<String> sloReqList = new ArrayList<String>();
for (Entry<String, SLOInformationImpl> el : sloDescr) {
+ Logger.trace("Build frontChannel SLO Request for " + el.getValue().getSpEntityID());
+
LogoutRequest sloReq = sloBuilder.buildSLORequestMessage(el.getValue());
try {
sloReqList.add(sloBuilder.getFrontChannelSLOMessageURL(el.getValue().getServiceURL(), el.getValue().getBinding(),
@@ -542,6 +554,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
context.put("redirectURLs", sloReqList);
context.put("timeoutURL", timeOutURL);
context.put("timeout", SLOTIMEOUT);
+ context.put(SSOManager.CONTEXTPATH, authURL);
ssoManager.printSingleLogOutInfo(context, httpResp);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
index f5d381e42..e1edb6b77 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
@@ -175,4 +175,18 @@ public interface IRequest {
* @return Service-Provider configuration
*/
public IOAAuthParameters getOnlineApplicationConfiguration();
+
+ /**
+ * Indicates, if this pending-request is aborted by the user
+ *
+ * @return true, if it is aborted, otherwise false
+ */
+ public boolean isAbortedByUser();
+
+ /**
+ * Set the 'isAboredByUser' flag of this pending-request
+ *
+ * @param b true, if the user has abort the authentication process, otherwise false
+ */
+ public void setAbortedByUser(boolean isAborted);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
index 961700651..4dade61fa 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
@@ -69,13 +69,17 @@ public abstract class RequestImpl implements IRequest, Serializable{
private boolean passiv = false;
private boolean force = false;
-
- private boolean needAuthentication = true;
- private boolean isAuthenticated = false;
private boolean needSSO = false;
+ private boolean isAbortedByUser = false;
+ //every request needs authentication by default
+ private boolean needAuthentication = true;
+ //every request is not authenticated by default
+ private boolean isAuthenticated = false;
+
private Map<String, Object> genericDataStorage = new HashMap<String, Object>();
+
/**
* @throws ConfigurationException
@@ -324,6 +328,15 @@ public abstract class RequestImpl implements IRequest, Serializable{
}
+ public boolean isAbortedByUser() {
+ return this.isAbortedByUser;
+ }
+
+ public void setAbortedByUser(boolean isAborted) {
+ this.isAbortedByUser = isAborted;
+
+ }
+
public Object getGenericData(String key) {
if (MiscUtil.isNotEmpty(key)) {
return genericDataStorage.get(key);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
index 89d50425b..856410d7b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
@@ -61,10 +61,10 @@ import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@Service("MOAID_SSOManager")
-public class SSOManager {
-
+public class SSOManager {
private static final String HTMLTEMPLATESDIR = "htmlTemplates/";
private static final String HTMLTEMPLATEFULL = "slo_template.html";
+ public static String CONTEXTPATH = "#CONTEXTPATH#";
private static final String SSOCOOKIE = "MOA_ID_SSO";
private static final String SSOINTERFEDERATION = "MOA_INTERFEDERATION_SSO";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractAuthProtocolModulController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractAuthProtocolModulController.java
index e6f08abd9..bf00cadaf 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractAuthProtocolModulController.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractAuthProtocolModulController.java
@@ -34,6 +34,7 @@ import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.servlet.AbstractController;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.data.SLOInformationInterface;
@@ -99,9 +100,32 @@ public abstract class AbstractAuthProtocolModulController extends AbstractContro
} catch (Exception e) {
buildProtocolSpecificErrorResponse(e, req, resp, pendingReq);
+ removeUserSession(pendingReq, req, resp);
+
}
}
+
+ protected String createNewSSOSessionCookie(HttpServletRequest req, HttpServletResponse resp,
+ IRequest pendingReq, AuthenticationSession moaSession) {
+ Logger.debug("Add SSO information to MOASession.");
+
+ //Store SSO information into database
+ String newSSOSessionId = ssomanager.createSSOSessionInformations(moaSession.getSessionID(),
+ pendingReq.getOAURL());
+
+ //set SSO cookie to response
+ if (MiscUtil.isNotEmpty(newSSOSessionId)) {
+ ssomanager.setSSOSessionID(req, resp, newSSOSessionId);
+
+ } else {
+ ssomanager.deleteSSOSessionID(req, resp);
+
+ }
+
+ return newSSOSessionId;
+ }
+
/**
* Finalize the requested protocol operation
*
@@ -118,21 +142,7 @@ public abstract class AbstractAuthProtocolModulController extends AbstractContro
//if Single Sign-On functionality is enabled for this request
if (pendingReq.needSingleSignOnFunctionality()) {
-
- Logger.debug("Add SSO information to MOASession.");
-
- //Store SSO information into database
- newSSOSessionId = ssomanager.createSSOSessionInformations(moaSession.getSessionID(),
- pendingReq.getOAURL());
-
- //set SSO cookie to response
- if (MiscUtil.isNotEmpty(newSSOSessionId)) {
- ssomanager.setSSOSessionID(req, resp, newSSOSessionId);
-
- } else {
- ssomanager.deleteSSOSessionID(req, resp);
-
- }
+ newSSOSessionId = createNewSSOSessionCookie(req, resp, pendingReq, moaSession);
}
@@ -202,6 +212,23 @@ public abstract class AbstractAuthProtocolModulController extends AbstractContro
}
+ protected void removeUserSession(IRequest pendingReq, HttpServletRequest req,
+ HttpServletResponse resp) {
+ try {
+ AuthenticationSession moaSession = authenticatedSessionStorage.getSession(
+ pendingReq.getMOASessionIdentifier());
+
+ if (moaSession != null)
+ authmanager.performOnlyIDPLogOut(req, resp, moaSession.getSessionID());
+
+ } catch (MOADatabaseException e) {
+ Logger.error("Remove user-session FAILED." , e);
+
+ }
+
+
+ }
+
protected void buildProtocolSpecificErrorResponse(Throwable throwable, HttpServletRequest req,
HttpServletResponse resp, IRequest protocolRequest) throws IOException {
try {
@@ -226,12 +253,6 @@ public abstract class AbstractAuthProtocolModulController extends AbstractContro
//log Error Message
statisticLogger.logErrorOperation(throwable, protocolRequest);
- //remove MOASession
- AuthenticationSession moaSession = authenticatedSessionStorage.getSession(
- protocolRequest.getMOASessionIdentifier());
- if (moaSession != null)
- authmanager.performOnlyIDPLogOut(req, resp, moaSession.getSessionID());
-
return;
} else {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java
index 8c3f2c946..a9fc994ec 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java
@@ -33,6 +33,7 @@ import org.springframework.web.bind.annotation.RequestMethod;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.moduls.IRequest;
@@ -74,18 +75,9 @@ public class ProtocolFinalizationController extends AbstractAuthProtocolModulCon
//build protocol-specific error message if possible
buildProtocolSpecificErrorResponse(throwable, req, resp, pendingReq);
-
- //log Error Message
- statisticLogger.logErrorOperation(throwable, pendingReq);
-
- //get MOASession for this pendingRequest
- AuthenticationSession moaSession =
- authenticatedSessionStorage.getSession(
- pendingReq.getMOASessionIdentifier());
-
- //remove MOASession if someone is found
- if (moaSession != null)
- authmanager.performOnlyIDPLogOut(req, resp, moaSession.getSessionID());
+
+ //remove active user-session
+ removeUserSession(pendingReq, req, resp);
return;
@@ -132,31 +124,48 @@ public class ProtocolFinalizationController extends AbstractAuthProtocolModulCon
if (moaSession == null) {
Logger.error("No MOASession with ID " + sessionID + " found.!");
handleErrorNoRedirect(new MOAIDException("auth.02", new Object[]{sessionID}), req, resp, true);
- return;
- }
-
- //check if MOASession and pending-request are authenticated
- if (moaSession.isAuthenticated() && pendingReq.isAuthenticated()) {
- finalizeAuthenticationProcess(req, resp, pendingReq, moaSession);
-
} else {
- Logger.error("MOASession oder Pending-Request are not authenticated --> Abort authentication process!");
- handleErrorNoRedirect(new MOAIDException("auth.20", null), req, resp, true);
- return;
-
+
+ //check if pending-request has 'abortedByUser' flag set
+ if (pendingReq.isAbortedByUser()) {
+ //send authentication aborted error to Service Provider
+ buildProtocolSpecificErrorResponse(
+ new AuthenticationException("auth.21", new Object[] {}),
+ req, resp, pendingReq);
+
+ //do not remove the full active SSO-Session
+ // in case of only one Service-Provider authentication request is aborted
+ if ( !(moaSession.isAuthenticated()
+ && pendingReq.needSingleSignOnFunctionality()) ) {
+ removeUserSession(pendingReq, req, resp);
+
+ }
+
+ //check if MOASession and pending-request are authenticated
+ } else if (moaSession.isAuthenticated() && pendingReq.isAuthenticated()) {
+ finalizeAuthenticationProcess(req, resp, pendingReq, moaSession);
+
+ } else {
+ //suspect state: pending-request is not aborted but also are not authenticated
+ Logger.error("MOASession oder Pending-Request are not authenticated --> Abort authentication process!");
+ handleErrorNoRedirect(new MOAIDException("auth.20", null), req, resp, true);
+
+ }
}
} catch (Exception e) {
Logger.error("Finalize authentication protocol FAILED." , e);
buildProtocolSpecificErrorResponse(e, req, resp, pendingReq);
+ removeUserSession(pendingReq, req, resp);
+
}
}
//remove pending-request
if (pendingReq != null)
- requestStorage.removePendingRequest(pendingReq.getRequestID());
+ requestStorage.removePendingRequest(pendingReq.getRequestID());
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
index 21f505bf1..2882f20e1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
@@ -76,6 +76,7 @@ public class AuthenticationAction implements IAction {
DateTime date = new DateTime();
SLOInformationImpl sloInformation = new SLOInformationImpl();
+
//build Assertion
Assertion assertion = PVP2AssertionBuilder.buildAssertion(pvpRequest, authnRequest, authData,
@@ -106,6 +107,7 @@ public class AuthenticationAction implements IAction {
//set protocol type
sloInformation.setProtocolType(req.requestedModule());
+ sloInformation.setSpEntityID(req.getOnlineApplicationConfiguration().getPublicURLPrefix());
return sloInformation;
} catch (MessageEncodingException e) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
index a7fc8295a..63452bee0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
@@ -439,7 +439,7 @@ public class SingleLogOutBuilder {
if (!oa.getOaurlprefix().equals(removeOAID)) {
//Actually only PVP 2.1 support Single LogOut
- if (PVP2XProtocol.PATH.equals(oa.getProtocolType())) {
+ if (PVP2XProtocol.NAME.equals(oa.getProtocolType())) {
SingleLogoutService sloDesc;
try {
sloDesc = getRequestSLODescriptor(oa.getOaurlprefix());
@@ -447,7 +447,8 @@ public class SingleLogOutBuilder {
if (sloDesc.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI))
container.getActiveBackChannelOAs().put(oa.getOaurlprefix(),
new SLOInformationImpl(
- oa.getAuthURL(),
+ oa.getAuthURL(),
+ oa.getOaurlprefix(),
oa.getAssertionSessionID(),
oa.getUserNameID(),
oa.getUserNameIDFormat(),
@@ -458,6 +459,7 @@ public class SingleLogOutBuilder {
container.getActiveFrontChannalOAs().put(oa.getOaurlprefix(),
new SLOInformationImpl(
oa.getAuthURL(),
+ oa.getOaurlprefix(),
oa.getAssertionSessionID(),
oa.getUserNameID(),
oa.getUserNameIDFormat(),
@@ -498,10 +500,11 @@ public class SingleLogOutBuilder {
container.getActiveFrontChannalOAs().put(el.getIdpurlprefix(),
new SLOInformationImpl(
el.getAuthURL(),
+ el.getIdpurlprefix(),
el.getSessionIndex(),
el.getUserNameID(),
NameID.TRANSIENT,
- PVP2XProtocol.PATH,
+ PVP2XProtocol.NAME,
sloDesc));
} catch (NOSLOServiceDescriptorException e) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/FormBuildUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/FormBuildUtils.java
index d3ac574f8..9a1237b80 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/FormBuildUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/FormBuildUtils.java
@@ -26,7 +26,6 @@ import java.util.HashMap;
import java.util.Map;
import java.util.Set;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.util.MiscUtil;
public class FormBuildUtils {
@@ -123,6 +122,15 @@ public class FormBuildUtils {
public static Map<String, String> getDefaultMap() {
return defaultmap;
}
+
+ /**
+ * @param value
+ * @return
+ */
+ public static String defaultLayoutBKUSelection(String value) {
+ return customiceLayoutBKUSelection(value, false, false, getDefaultMap(), false);
+
+ }
}