diff options
Diffstat (limited to 'id/server/idserverlib/src/main')
9 files changed, 294 insertions, 64 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index afe0bd1d6..57c14b15e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -1945,6 +1945,10 @@ public class AuthenticationServer implements MOAIDAuthConstants { } else { session.setAuthData(authData); + session.setAuthenticatedUsed(false); + session.setAuthenticated(true); + + session.setXMLVerifySignatureResponse(vsresp); String newMOASessionID = AuthenticationSessionStore.changeSessionID(session); Logger.info("Changed MOASession " + sessionID + " to Session " + newMOASessionID); @@ -2145,6 +2149,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.setAuthData(authData); session.setMandateData(mandateData); + session.setAuthenticatedUsed(false); + session.setAuthenticated(true); String newMOASessionID = AuthenticationSessionStore.changeSessionID(session); Logger.info("Changed MOASession " + sessionID + " to Session " + newMOASessionID); @@ -2309,6 +2315,9 @@ public class AuthenticationServer implements MOAIDAuthConstants { useUTC, true); session.setAuthData(authData); + session.setAuthenticatedUsed(false); + session.setAuthenticated(true); + session.setXMLVerifySignatureResponse(vsresp); String newMOASessionID = AuthenticationSessionStore.changeSessionID(session); Logger.info("Changed MOASession " + sessionID + " to Session " + newMOASessionID); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index 6a69a8002..3e909ecd4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -272,6 +272,10 @@ public class AuthenticationSession { public boolean isAuthenticated() { return authenticated; } + + public void setAuthenticated(boolean authenticated) { + this.authenticated = authenticated; + } public String getRequestedProtocolURL() { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java index 5ff5b6f63..029aeadc2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java @@ -32,6 +32,7 @@ import javax.servlet.ServletConfig; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import javax.swing.text.StyleContext.SmallAttributeSet; import org.apache.commons.lang.StringEscapeUtils; import org.opensaml.saml2.metadata.RequestedAttribute; @@ -46,6 +47,7 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.config.stork.CPEPS; import at.gv.egovernment.moa.id.config.stork.STORKConfig; +import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol; import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; @@ -108,6 +110,7 @@ public class StartAuthenticationServlet extends AuthServlet { String action = req.getParameter(PARAM_ACTION); // escape parameter strings + //TODO: use URLEncoder.encode!! target = StringEscapeUtils.escapeHtml(target); sourceID = StringEscapeUtils.escapeHtml(sourceID); oaURL = StringEscapeUtils.escapeHtml(oaURL); @@ -139,7 +142,13 @@ public class StartAuthenticationServlet extends AuthServlet { if (!ParamValidatorUtils.isValidCCC(ccc)) throw new WrongParametersException("StartAuthentication", PARAM_CCC, "auth.12"); - + if(modul == null) { + modul = SAML1Protocol.PATH; + } + + if(action == null) { + action = SAML1Protocol.GETARTIFACT; + } OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/AuthDispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/AuthDispatcherServlet.java index ae0717a6d..38b876e76 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/AuthDispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/AuthDispatcherServlet.java @@ -12,7 +12,10 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; +import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; import at.gv.egovernment.moa.id.moduls.AuthenticationManager; import at.gv.egovernment.moa.id.moduls.IModulInfo; import at.gv.egovernment.moa.id.moduls.ITargetConfiguration; @@ -22,7 +25,7 @@ import at.gv.egovernment.moa.id.moduls.ServletType; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.logging.Logger; -public class AuthDispatcherServlet extends HttpServlet { +public class AuthDispatcherServlet extends AuthServlet { /** * @@ -135,9 +138,9 @@ public class AuthDispatcherServlet extends HttpServlet { try { Object pathObject = req.getParameter(PARAM_TARGET_PATH); String path = null; - + HttpSession session = req.getSession(); - + if (pathObject != null && (pathObject instanceof String)) { path = (String) pathObject; } @@ -170,10 +173,10 @@ public class AuthDispatcherServlet extends HttpServlet { ITargetConfiguration configuration = info.preProcess(req, resp); if (!AuthenticationManager.isAuthenticated(req, resp)) { - + session.setAttribute(PARAM_TARGET_PATH, path); session.setAttribute(PARAM_TARGET_PROTOCOL, protocol); - + AuthenticationManager.doAuthentication(req, resp, configuration); return; @@ -190,6 +193,8 @@ public class AuthDispatcherServlet extends HttpServlet { Logger.info("Forwarding to Servlet: " + forward); getServletContext().getNamedDispatcher(forward) .forward(req, resp); + // TODO: disabled SSO + AuthenticationManager.logout(req, resp); return; } catch (Throwable e) { e.printStackTrace(); @@ -198,6 +203,10 @@ public class AuthDispatcherServlet extends HttpServlet { } } resp.sendError(HttpServletResponse.SC_NOT_FOUND); + } catch (WrongParametersException ex) { + handleWrongParameters(ex, req, resp); + } catch (MOAIDException ex) { + handleError(null, ex, req, resp); } catch (Throwable e) { e.printStackTrace(); resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index eeb16fcf9..302031fe3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -8,70 +8,133 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; +import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.entrypoints.AuthDispatcherServlet; import at.gv.egovernment.moa.id.util.HTTPSessionUtils; +import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; public class AuthenticationManager implements MOAIDAuthConstants { - + public static final String MOA_SESSION = "MoaAuthenticationSession"; public static final String MOA_AUTHENTICATED = "MoaAuthenticated"; - - public static AuthenticationSession getAuthenticationSession(HttpSession session) { - String sessionID = HTTPSessionUtils.getHTTPSessionString(session, MOA_SESSION, null); - if(sessionID != null) { + + public static AuthenticationSession getAuthenticationSession( + HttpSession session) { + String sessionID = HTTPSessionUtils.getHTTPSessionString(session, + MOA_SESSION, null); + if (sessionID != null) { return AuthenticationSessionStore.getSession(sessionID); } return null; } - + /** - * Checks if the session is authenticated + * Checks if the session is authenticated + * * @param request * @param response * @return */ - public static boolean isAuthenticated(HttpServletRequest request, HttpServletResponse response) { + public static boolean isAuthenticated(HttpServletRequest request, + HttpServletResponse response) { Logger.info("Checking authentication"); - + HttpSession session = request.getSession(); - - String sessionID = (String)request.getAttribute(PARAM_SESSIONID); - if(sessionID != null) { - AuthenticationSession authSession = AuthenticationSessionStore.getSession(sessionID); - if(authSession != null) { - if(authSession.isAuthenticated() && !authSession.isAuthenticatedUsed()) { + + String sessionID = (String) request.getParameter(PARAM_SESSIONID); + if (sessionID != null) { + Logger.info("got MOASession: " + sessionID); + AuthenticationSession authSession = AuthenticationSessionStore + .getSession(sessionID); + //AuthenticationSessionStore.dumpSessionStore(); + if (authSession != null) { + Logger.info("MOASession found! A: " + + authSession.isAuthenticated() + ", AU " + + authSession.isAuthenticatedUsed()); + if (authSession.isAuthenticated() + && !authSession.isAuthenticatedUsed()) { session.invalidate(); session = request.getSession(); - HTTPSessionUtils.setHTTPSessionBoolean(session, MOA_AUTHENTICATED, true); + // HTTPSessionUtils.setHTTPSessionBoolean(session, + // MOA_AUTHENTICATED, true); authSession.setAuthenticatedUsed(true); - HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, sessionID); + HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, + sessionID); } + return authSession.isAuthenticated(); } } - - return HTTPSessionUtils.getHTTPSessionBoolean(session, MOA_AUTHENTICATED, false); + + return false; } - - public static void doAuthentication(HttpServletRequest request, HttpServletResponse response, - ITargetConfiguration target) - throws ServletException, IOException { + + public static void logout(HttpServletRequest request, + HttpServletResponse response) { + Logger.info("Logout"); + HttpSession session = request.getSession(); - Logger.info("Starting authentication ..."); - String modul = (String)session.getAttribute(AuthDispatcherServlet.PARAM_TARGET_PATH); - String protocol = (String)session.getAttribute(AuthDispatcherServlet.PARAM_TARGET_PROTOCOL); - String loginForm = LoginFormBuilder.buildLoginForm(target.getOAURL(), modul, protocol); + String moaSessionID = HTTPSessionUtils.getHTTPSessionString(session, MOA_SESSION, null); - response.setContentType("text/html;charset=UTF-8"); - PrintWriter out = new PrintWriter(response.getOutputStream()); - out.print(loginForm); - out.flush(); - return; + if(moaSessionID == null) { + moaSessionID = (String) request.getParameter(PARAM_SESSIONID); + } + + if(moaSessionID == null) { + Logger.info("NO MOA Session to logout"); + return; + } + + AuthenticationSession authSession = AuthenticationSessionStore + .getSession(moaSessionID); + + if(authSession == null) { + Logger.info("NO MOA Authentication data for ID " + moaSessionID); + return; + } + + authSession.setAuthenticated(false); + HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session + AuthenticationSessionStore.destroySession(moaSessionID); + session.invalidate(); + } + + public static void doAuthentication(HttpServletRequest request, + HttpServletResponse response, ITargetConfiguration target) + throws ServletException, IOException, MOAIDException { + HttpSession session = request.getSession(); + Logger.info("Starting authentication ..."); + String modul = (String) session + .getAttribute(AuthDispatcherServlet.PARAM_TARGET_PATH); + String protocol = (String) session + .getAttribute(AuthDispatcherServlet.PARAM_TARGET_PROTOCOL); + + if (!ParamValidatorUtils.isValidOA(target.getOAURL())) + throw new WrongParametersException("StartAuthentication", PARAM_OA, + "auth.12"); + + if (target.getOAURL() == null) { + throw new WrongParametersException("StartAuthentication", PARAM_OA, + "auth.12"); + } + // TODO: Build authentication form - //session.getServletContext().getNamedDispatcher("StartAuthenticationServlet").forward(request, response); + + /* + * String loginForm = LoginFormBuilder.buildLoginForm(target.getOAURL(), + * modul, protocol); + * + * response.setContentType("text/html;charset=UTF-8"); PrintWriter out = + * new PrintWriter(response.getOutputStream()); out.print(loginForm); + * out.flush(); return; + */ + + session.getServletContext().getNamedDispatcher("StartAuthentication") + .forward(request, response); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationSessionStore.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationSessionStore.java index 3096341e0..e54bba10d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationSessionStore.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationSessionStore.java @@ -32,6 +32,14 @@ public class AuthenticationSessionStore { return session; } + public static void destroySession(String moaSessionID) { + synchronized (sessionStore) { + if (sessionStore.containsKey(moaSessionID)) { + sessionStore.remove(moaSessionID); + } + } + } + public static void dumpSessionStore() { synchronized (sessionStore) { Set<String> keys = sessionStore.keySet(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/DoAuthentication.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/DoAuthentication.java new file mode 100644 index 000000000..bcc4111af --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/DoAuthentication.java @@ -0,0 +1,33 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x; + +import java.io.IOException; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; + +public class DoAuthentication extends AuthServlet { + + /** + * + */ + private static final long serialVersionUID = 1L; + + protected void process(HttpServletRequest req, HttpServletResponse resp) { + + } + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + process(req, resp); + } + + @Override + protected void doPost(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + process(req, resp); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java new file mode 100644 index 000000000..57485f7a2 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -0,0 +1,79 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x; + +import java.util.ArrayList; +import java.util.List; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang.StringEscapeUtils; + +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.moduls.IModulInfo; +import at.gv.egovernment.moa.id.moduls.ITargetConfiguration; +import at.gv.egovernment.moa.id.moduls.ServletInfo; +import at.gv.egovernment.moa.id.moduls.ServletType; +import at.gv.egovernment.moa.id.moduls.TargetConfigurationImpl; +import at.gv.egovernment.moa.id.protocols.saml1.GetArtifactServlet; +import at.gv.egovernment.moa.id.util.ParamValidatorUtils; + +public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { + + public static final String NAME = PVP2XProtocol.class.getName(); + public static final String PATH = "id_pvp2x"; + + public static final String GETARTIFACT = "GetArtifact"; + + private static List<ServletInfo> servletList = new ArrayList<ServletInfo>(); + + static { + servletList.add(new ServletInfo(GetArtifactServlet.class, GETARTIFACT, + ServletType.AUTH)); + + instance = new PVP2XProtocol(); + } + + private static PVP2XProtocol instance = null; + + public static PVP2XProtocol getInstance() { + if (instance == null) { + instance = new PVP2XProtocol(); + } + return instance; + } + + public List<ServletInfo> getServlets() { + return servletList; + } + + + public String getName() { + return NAME; + } + + public String getPath() { + return PATH; + } + + public ITargetConfiguration preProcess(HttpServletRequest request, + HttpServletResponse response) throws MOAIDException { + TargetConfigurationImpl config = new TargetConfigurationImpl(); + String oaURL = (String) request.getParameter(PARAM_OA); + oaURL = StringEscapeUtils.escapeHtml(oaURL); + if (!ParamValidatorUtils.isValidOA(oaURL)) + throw new WrongParametersException("StartAuthentication", PARAM_OA, + "auth.12"); + config.setOAURL(oaURL); + request.getSession().setAttribute(PARAM_OA, oaURL); + return config; + } + + public boolean generateErrorMessage(Throwable e, + HttpServletRequest request, HttpServletResponse response) { + // TODO Auto-generated method stub + return false; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java index 4dc4a2b35..54bea4bb4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java @@ -21,6 +21,8 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.AuthenticationManager; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.URLEncoder; public class GetArtifactServlet extends AuthServlet { @@ -54,45 +56,59 @@ public class GetArtifactServlet extends AuthServlet { throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); + if (oaURL == null) { + oaURL = session.getOAURLRequested(); + } + + if (oaURL == null) { + throw new WrongParametersException("StartAuthentication", + PARAM_OA, "auth.12"); + } + String samlArtifactBase64 = SAML1AuthenticationServer .BuildSAMLArtifact(session); + String redirectURL = oaURL; + session.getOAURLRequested(); + if (!session.getBusinessService()) { + redirectURL = addURLParameter(redirectURL, PARAM_TARGET, + URLEncoder.encode(session.getTarget(), "UTF-8")); + + } + redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, + URLEncoder.encode(samlArtifactBase64, "UTF-8")); + redirectURL = resp.encodeRedirectURL(redirectURL); + + resp.setContentType("text/html"); + resp.setStatus(302); + + resp.addHeader("Location", redirectURL); + Logger.debug("REDIRECT TO: " + redirectURL); + + // CONFIRMATION FOR SSO! /* - * String redirectURL = oaURL;//session.getOAURLRequested(); if - * (!session.getBusinessService()) { redirectURL = - * addURLParameter(redirectURL, PARAM_TARGET, - * URLEncoder.encode(session.getTarget(), "UTF-8")); + * OAAuthParameter oaParam = + * AuthConfigurationProvider.getInstance(). + * getOnlineApplicationParameter(oaURL); * - * } redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, - * URLEncoder.encode(samlArtifactBase64, "UTF-8")); redirectURL = - * resp.encodeRedirectURL(redirectURL); + * String friendlyName = oaParam.getFriendlyName(); if(friendlyName + * == null) { friendlyName = oaURL; } * - * resp.setContentType("text/html"); resp.setStatus(302); * - * resp.addHeader("Location", redirectURL); - * Logger.debug("REDIRECT TO: " + redirectURL); + * LoginConfirmationBuilder builder = new + * LoginConfirmationBuilder(); + * builder.addParameter(PARAM_SAMLARTIFACT, samlArtifactBase64); + * String form = builder.finish(oaURL, session.getIdentityLink() + * .getName(), friendlyName); */ - OAAuthParameter oaParam = - AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); - - String friendlyName = oaParam.getFriendlyName(); - if(friendlyName == null) { - friendlyName = oaURL; - } - - LoginConfirmationBuilder builder = new LoginConfirmationBuilder(); - builder.addParameter(PARAM_SAMLARTIFACT, - samlArtifactBase64); - String form = builder.finish(oaURL, session.getIdentityLink() - .getName(), friendlyName); - + /* resp.setContentType("text/html"); OutputStream out = resp.getOutputStream(); out.write(form.getBytes("UTF-8")); out.flush(); - out.close(); + out.close();*/ } catch (WrongParametersException ex) { handleWrongParameters(ex, req, resp); |