aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java46
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java108
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java43
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/BaseAuthenticationServer.java64
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringResourceProvider.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java63
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java23
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java52
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java87
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java68
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java20
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java119
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java50
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java102
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/ReceiveInterfederationResponseTask.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java123
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java30
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java238
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java84
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java883
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ExceptionStoreImpl.java)55
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java336
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java57
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java20
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java122
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java28
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SAML2InterfederationSignalServlet.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java353
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java1234
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java668
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java159
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequestStorage.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IExceptionStore.java)26
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java92
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java266
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java78
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java85
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngine.java11
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java42
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAOImpl.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractProtocolModulController.java268
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java199
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/UniqueSessionIdentifierInterceptor.java93
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java15
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java446
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java27
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java22
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java121
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java82
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java)279
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBExceptionStoreImpl.java175
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java)72
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java281
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java90
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java9
-rw-r--r--id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule2
-rw-r--r--id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/BKUSelection.process.xml30
-rw-r--r--id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml61
-rw-r--r--id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml44
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties3
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties2
73 files changed, 4672 insertions, 3579 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
index 7ac026888..17e39f766 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
@@ -27,10 +27,12 @@ import java.util.Arrays;
import java.util.Date;
import java.util.List;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.data.MISMandate;
import at.gv.egovernment.moa.id.moduls.IRequest;
@@ -42,9 +44,10 @@ import at.gv.egovernment.moa.util.MiscUtil;
* @author tlenz
*
*/
+@Service("MOAReversionLogger")
public class MOAReversionLogger {
-
- private static MOAReversionLogger instance = null;
+
+ @Autowired protected AuthConfiguration authConfig;
private static final List<Integer> defaultEventCodes = Arrays.asList(
MOAIDEventConstants.SESSION_CREATED,
@@ -69,17 +72,6 @@ public class MOAReversionLogger {
MOAIDEventConstants.AUTHPROCESS_STORK_REQUESTED,
MOAIDEventConstants.AUTHPROCESS_SERVICEPROVIDER
);
-
-
- public static synchronized MOAReversionLogger getInstance() {
- if (instance == null) {
- instance = new MOAReversionLogger();
- MOAIDEventLog.reload();
-
- }
-
- return instance;
- }
public void logEvent(IOAAuthParameters oaConfig,
int eventCode, String message) {
@@ -91,8 +83,8 @@ public class MOAReversionLogger {
int eventCode) {
if (selectOASpecificEventCodes(oaConfig).contains(eventCode))
MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode,
- pendingRequest.getSessionIdentifier(),
- pendingRequest.getRequestID()));
+ pendingRequest.getUniqueSessionIdentifier(),
+ pendingRequest.getUniqueTransactionIdentifier()));
}
@@ -101,8 +93,8 @@ public class MOAReversionLogger {
if (selectOASpecificEventCodes(oaConfig).contains(eventCode))
MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode,
message,
- pendingRequest.getSessionIdentifier(),
- pendingRequest.getRequestID()
+ pendingRequest.getUniqueSessionIdentifier(),
+ pendingRequest.getUniqueTransactionIdentifier()
));
}
@@ -140,8 +132,8 @@ public class MOAReversionLogger {
*/
public void logEvent(IRequest pendingRequest, int eventCode) {
MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode,
- pendingRequest.getSessionIdentifier(),
- pendingRequest.getRequestID()));
+ pendingRequest.getUniqueSessionIdentifier(),
+ pendingRequest.getUniqueTransactionIdentifier()));
}
@@ -249,15 +241,9 @@ public class MOAReversionLogger {
}
public List<Integer> getDefaulttReversionsLoggingEventCodes() {
- try {
- List<Integer> configuredDefaultEventCodes = AuthConfigurationProviderFactory.getInstance().getDefaultRevisionsLogEventCodes();
- if (configuredDefaultEventCodes != null)
- return configuredDefaultEventCodes;
-
- } catch (ConfigurationException e) {
- Logger.error("Access to configuration FAILED.", e);
-
- }
+ List<Integer> configuredDefaultEventCodes = authConfig.getDefaultRevisionsLogEventCodes();
+ if (configuredDefaultEventCodes != null)
+ return configuredDefaultEventCodes;
return defaultEventCodes;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
index 5487152cf..87b3bc9ca 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
@@ -32,6 +32,8 @@ import javax.xml.bind.JAXBException;
import javax.xml.bind.Unmarshaller;
import org.apache.commons.lang3.StringEscapeUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandator;
@@ -47,16 +49,16 @@ import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.data.MISMandate;
import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
+@Service("StatisticLogger")
public class StatisticLogger {
private static final String GENERIC_LOCALBKU = ":3496/https-security-layer-request";
@@ -73,45 +75,19 @@ public class StatisticLogger {
private static final String ERRORTYPE_MANDATE = "mandate";
private static final String ERRORTYPE_MOAID = "moa-id";
private static final String ERRORTYPE_SZRGW = "szrgw";
-
- private static StatisticLogger instance;
-
- private boolean isAktive = false;
-
- public static StatisticLogger getInstance() {
- if (instance == null)
- instance = new StatisticLogger();
- return instance;
- }
-
- private StatisticLogger() {
- try {
- AuthConfiguration config = AuthConfigurationProviderFactory.getInstance();
-
- if (config != null)
- isAktive = config.isAdvancedLoggingActive();
-
- } catch (ConfigurationException e) {
- Logger.error("StatisticLogger can not be inizialized", e);
- }
- }
-
+ @Autowired AuthConfiguration authConfig;
+ @Autowired IAuthenticationSessionStoreage authenticatedSessionStorage;
+
public void logSuccessOperation(IRequest protocolRequest, IAuthData authData, boolean isSSOSession) {
- if ( isAktive && protocolRequest != null && authData != null) {
+ if ( authConfig.isAdvancedLoggingActive() && protocolRequest != null && authData != null) {
- OAAuthParameter dbOA = null;
- try {
- dbOA = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(protocolRequest.getOAURL());
+ IOAAuthParameters dbOA = null;
+ dbOA = protocolRequest.getOnlineApplicationConfiguration();
- if (dbOA == null) {
- Logger.warn("Advanced logging failed: OA can not be found in database.");
- return;
- }
-
- } catch (ConfigurationException e1) {
- Logger.error("Access MOA-ID configuration FAILED.", e1);
+ if (dbOA == null) {
+ Logger.warn("Advanced logging failed: OA can not be found in database.");
return;
}
@@ -221,7 +197,7 @@ public class StatisticLogger {
}
public void logErrorOperation(Throwable throwable) {
- if ( isAktive ) {
+ if ( authConfig.isAdvancedLoggingActive() ) {
StatisticLog dblog = new StatisticLog();
//set actual date and time
@@ -249,7 +225,7 @@ public class StatisticLogger {
public void logErrorOperation(Throwable throwable, IRequest errorRequest) {
- if (isAktive && throwable != null && errorRequest != null) {
+ if (authConfig.isAdvancedLoggingActive() && throwable != null && errorRequest != null) {
StatisticLog dblog = new StatisticLog();
//set actual date and time
@@ -260,44 +236,45 @@ public class StatisticLogger {
dblog.setProtocoltype(errorRequest.requestedModule());
dblog.setProtocolsubtype(errorRequest.requestedAction());
- try {
- OAAuthParameter dbOA = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(errorRequest.getOAURL());
- if (dbOA != null) {
- dblog.setOafriendlyName(dbOA.getFriendlyName());
- dblog.setOatarget(dbOA.getTarget());
- //dblog.setOaID(dbOA.getHjid());
- dblog.setBusinessservice(isBusinessService(dbOA));
-
-
- AuthenticationSession moasession = AuthenticationSessionStoreage.getSessionWithPendingRequestID(errorRequest.getRequestID());
+ IOAAuthParameters dbOA = errorRequest.getOnlineApplicationConfiguration();
+ if (dbOA != null) {
+ dblog.setOafriendlyName(dbOA.getFriendlyName());
+ dblog.setOatarget(dbOA.getTarget());
+ //dblog.setOaID(dbOA.getHjid());
+ dblog.setBusinessservice(isBusinessService(dbOA));
+
+ try {
+ AuthenticationSession moasession = authenticatedSessionStorage.
+ getSession(errorRequest.getMOASessionIdentifier());
if (moasession != null) {
if (MiscUtil.isNotEmpty(moasession.getBkuURL())) {
dblog.setBkuurl(moasession.getBkuURL());
dblog.setBkutype(findBKUType(moasession.getBkuURL(), dbOA));
}
-
+
dblog.setMandatelogin(moasession.getUseMandate());
}
-
- generateErrorLogFormThrowable(throwable, dblog);
+ } catch (MOADatabaseException e) {
+ Logger.debug(e.getMessage() + " --> StatistikLog will not include MOASession information.");
-
- try {
- StatisticLogDBUtils.saveOrUpdate(dblog);
+ }
+
+ generateErrorLogFormThrowable(throwable, dblog);
- } catch (MOADatabaseException e) {
- Logger.warn("Statistic Log can not be stored into Database", e);
- }
+
+
+ try {
+ StatisticLogDBUtils.saveOrUpdate(dblog);
+
+ } catch (MOADatabaseException e) {
+ Logger.warn("Statistic Log can not be stored into Database", e);
}
- } catch (ConfigurationException e) {
- Logger.error("Access MOA-ID configuration FAILED.", e);
- return;
}
}
}
- private boolean isBusinessService(OAAuthParameter dbOA) {
+ private boolean isBusinessService(IOAAuthParameters dbOA) {
if (dbOA.getOaType().equals("businessService"))
return true;
@@ -360,7 +337,7 @@ public class StatisticLogger {
}
- private String findBKUType(String bkuURL, OAAuthParameter dbOA) {
+ private String findBKUType(String bkuURL, IOAAuthParameters dbOA) {
if (dbOA != null) {
if (bkuURL.equals(dbOA.getBKUURL(OAAuthParameter.HANDYBKU)))
@@ -376,14 +353,13 @@ public class StatisticLogger {
Logger.trace("Staticic Log search BKUType from DefaultBKUs");
try {
- AuthConfiguration authconfig = AuthConfigurationProviderFactory.getInstance();
- if (bkuURL.equals(authconfig.getDefaultBKUURL(IOAAuthParameters.ONLINEBKU)))
+ if (bkuURL.equals(authConfig.getDefaultBKUURL(IOAAuthParameters.ONLINEBKU)))
return IOAAuthParameters.ONLINEBKU;
- if (bkuURL.equals(authconfig.getDefaultBKUURL(IOAAuthParameters.LOCALBKU)))
+ if (bkuURL.equals(authConfig.getDefaultBKUURL(IOAAuthParameters.LOCALBKU)))
return IOAAuthParameters.LOCALBKU;
- if (bkuURL.equals(authconfig.getDefaultBKUURL(IOAAuthParameters.HANDYBKU)))
+ if (bkuURL.equals(authConfig.getDefaultBKUURL(IOAAuthParameters.HANDYBKU)))
return IOAAuthParameters.HANDYBKU;
} catch (ConfigurationException e) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java
index 1f12675ca..a1ba00e02 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java
@@ -3,6 +3,14 @@
package at.gv.egovernment.moa.id.auth;
+import java.util.Date;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.storage.ITransactionStorage;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.logging.Logger;
@@ -13,22 +21,47 @@ import at.gv.egovernment.moa.logging.Logger;
* @author Paul Ivancsics
* @version $Id$
*/
+@Service("AuthenticationSessionCleaner")
public class AuthenticationSessionCleaner implements Runnable {
+ @Autowired private IAuthenticationSessionStoreage authenticationSessionStorage;
+ @Autowired private ITransactionStorage transactionStorage;
+ @Autowired protected AuthConfiguration authConfig;
+
/** interval the <code>AuthenticationSessionCleaner</code> is run in */
private static final long SESSION_CLEANUP_INTERVAL = 5 * 60; // 5 min
/**
* Runs the thread. Cleans the <code>AuthenticationServer</code> session store
* and authentication data store from garbage, then sleeps for given interval, and restarts.
+ *
+ * Cleans up expired session and authentication data stores.
+ *
*/
public void run() {
while (true) {
try {
Logger.debug("AuthenticationSessionCleaner run");
- BaseAuthenticationServer.cleanup();
- }
- catch (Exception e) {
+ Date now = new Date();
+
+ try {
+ int sessionTimeOutCreated = authConfig.getSSOCreatedTimeOut() * 1000;
+ int sessionTimeOutUpdated = authConfig.getSSOUpdatedTimeOut() * 1000;
+ int authDataTimeOut = authConfig.getTransactionTimeOut() * 1000;
+
+ //clean AuthenticationSessionStore
+ authenticationSessionStorage.clean(now, sessionTimeOutCreated, sessionTimeOutUpdated);
+
+ //clean TransactionStorage
+ transactionStorage.clean(now, authDataTimeOut);
+
+
+ } catch (Exception e) {
+ Logger.error("Session cleanUp FAILED!" , e);
+
+ }
+
+ } catch (Exception e) {
Logger.error(MOAIDMessageProvider.getInstance().getMessage("cleaner.01", null), e);
}
try {
@@ -42,10 +75,10 @@ public class AuthenticationSessionCleaner implements Runnable {
/**
* start the sessionCleaner
*/
- public static void start() {
+ public static void start(Runnable clazz) {
// start the session cleanup thread
Thread sessionCleaner =
- new Thread(new AuthenticationSessionCleaner(), "AuthenticationSessionCleaner");
+ new Thread(clazz, "AuthenticationSessionCleaner");
sessionCleaner.setName("SessionCleaner");
sessionCleaner.setDaemon(true);
sessionCleaner.setPriority(Thread.MIN_PRIORITY);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/BaseAuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/BaseAuthenticationServer.java
index 5e3b6653b..1ce6fa1e9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/BaseAuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/BaseAuthenticationServer.java
@@ -1,37 +1,13 @@
package at.gv.egovernment.moa.id.auth;
-import java.io.UnsupportedEncodingException;
-import java.util.Date;
-import java.util.List;
-import java.util.UUID;
-
-import org.opensaml.xml.util.XMLHelper;
-
-import org.w3c.dom.Element;
+import org.springframework.beans.factory.annotation.Autowired;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.client.SZRGWClient;
-import at.gv.egovernment.moa.id.client.SZRGWClientException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.storage.AssertionStorage;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-import at.gv.util.xsd.mis.MandateIdentifiers;
-import at.gv.util.xsd.mis.Target;
-import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest;
-import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest.PEPSData;
-import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse;
-import at.gv.util.xsd.srzgw.MISType;
-import at.gv.util.xsd.srzgw.MISType.Filters;
+import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
/**
* API for MOA ID Authentication Service.<br> {@link AuthenticationSession} is
@@ -43,6 +19,9 @@ import at.gv.util.xsd.srzgw.MISType.Filters;
*/
public abstract class BaseAuthenticationServer extends MOAIDAuthConstants {
+ @Autowired private IAuthenticationSessionStoreage authenticationSessionStorage;
+ @Autowired protected AuthConfiguration authConfig;
+
/**
* Retrieves a session from the session store.
*
@@ -50,11 +29,11 @@ public abstract class BaseAuthenticationServer extends MOAIDAuthConstants {
* @return <code>AuthenticationSession</code> stored with given session ID (never {@code null}).
* @throws AuthenticationException in case the session id does not reflect a valic, active session.
*/
- public static AuthenticationSession getSession(String id)
+ public AuthenticationSession getSession(String id)
throws AuthenticationException {
AuthenticationSession session;
try {
- session = AuthenticationSessionStoreage.getSession(id);
+ session = authenticationSessionStorage.getSession(id);
if (session == null)
throw new AuthenticationException("auth.02", new Object[]{id});
@@ -68,33 +47,4 @@ public abstract class BaseAuthenticationServer extends MOAIDAuthConstants {
}
}
- /**
- * Cleans up expired session and authentication data stores.
- */
- public static void cleanup() {
- long now = new Date().getTime();
-
- try {
- int sessionTimeOutCreated = AuthConfigurationProviderFactory.getInstance().getSSOCreatedTimeOut() * 1000;
- int sessionTimeOutUpdated = AuthConfigurationProviderFactory.getInstance().getSSOUpdatedTimeOut() * 1000;
- int authDataTimeOut = AuthConfigurationProviderFactory.getInstance().getTransactionTimeOut() * 1000;
-
- //clean AuthenticationSessionStore
- AuthenticationSessionStoreage.clean(now, sessionTimeOutCreated, sessionTimeOutUpdated);
-
- //clean AssertionStore
- AssertionStorage assertionstore = AssertionStorage.getInstance();
- assertionstore.clean(now, authDataTimeOut);
-
- //clean ExeptionStore
- DBExceptionStoreImpl exstore = DBExceptionStoreImpl.getStore();
- exstore.clean(now, authDataTimeOut);
-
- } catch (Exception e) {
- Logger.error("Session cleanUp FAILED!" , e);
-
- }
-
- }
-
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
index fa30f9ffd..082ebcdcd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
@@ -10,8 +10,6 @@ import java.util.List;
import java.util.Map;
import at.gv.egovernment.moa.id.commons.MOAIDConstants;
-import at.gv.egovernment.moa.id.commons.config.persistence.MOAIDConfiguration;
-
import iaik.asn1.ObjectID;
@@ -35,6 +33,7 @@ public class MOAIDAuthConstants extends MOAIDConstants{
public static final String PARAM_ACTION = "ACTION";
public static final String PARAM_SSO = "SSO";
public static final String INTERFEDERATION_IDP = "interIDP";
+ public static final String PARAM_TARGET_PENDINGREQUESTID = "pendingid";
public static final String PARAM_SLOSTATUS = "status";
public static final String PARAM_SLORESTART = "restart";
@@ -130,6 +129,8 @@ public class MOAIDAuthConstants extends MOAIDConstants{
public static final String REQ_BKU_TYPE_HANDY = "handy";
public static final List<String> REQ_BKU_TYPES = Arrays.asList(REQ_BKU_TYPE_LOCAL, REQ_BKU_TYPE_ONLINE, REQ_BKU_TYPE_HANDY);
+ public static final List<String> LEGACYPARAMETERWHITELIST
+ = Arrays.asList(PARAM_TARGET, PARAM_BKU, PARAM_OA, PARAM_TEMPLATE, PARAM_USEMANDATE, PARAM_CCC, PARAM_SOURCEID);
public final static String EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION = "OIDTextualDescription";
public final static String EXT_SAML_MANDATE_OID = "OID";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
index 4a004cdf0..5968736f8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
@@ -223,7 +223,6 @@ public class MOAIDAuthInitializer implements WebApplicationInitializer {
// Initialize configuration provider
AuthConfiguration authConf = AuthConfigurationProviderFactory.reload(rootContext);
-
//test, if MOA-ID is already configured
authConf.getPublicURLPrefix();
@@ -245,7 +244,9 @@ public class MOAIDAuthInitializer implements WebApplicationInitializer {
// Starts the session cleaner thread to remove unpicked authentication data
- AuthenticationSessionCleaner.start();
+ AuthenticationSessionCleaner sessioncleaner = rootContext.getBean("AuthenticationSessionCleaner", AuthenticationSessionCleaner.class);
+ AuthenticationSessionCleaner.start(sessioncleaner);
+
MOAGarbageCollector.start();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringResourceProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringResourceProvider.java
index 06a1f0936..a82a958db 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringResourceProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringResourceProvider.java
@@ -40,8 +40,10 @@ public class MOAIDAuthSpringResourceProvider implements SpringResourceProvider {
public Resource[] getResourcesToLoad() {
ClassPathResource moaidauthConfig = new ClassPathResource("/moaid.configuration.beans.xml", MOAIDAuthSpringResourceProvider.class);
ClassPathResource configurationDBConfig = new ClassPathResource("/configuration.beans.xml", MOAIDAuthSpringResourceProvider.class);
-
- return new Resource[] {configurationDBConfig, moaidauthConfig};
+ ClassPathResource moaIdAuthBeans = new ClassPathResource("/moaid.authentication.beans.xml", MOAIDAuthSpringResourceProvider.class);
+
+ return new Resource[] {configurationDBConfig, moaidauthConfig, moaIdAuthBeans};
+
}
/* (non-Javadoc)
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index fe29dd2b7..5bde82899 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -22,8 +22,6 @@
*/
package at.gv.egovernment.moa.id.auth.builder;
-import iaik.x509.X509Certificate;
-
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
@@ -51,6 +49,8 @@ import org.opensaml.saml2.core.Response;
import org.opensaml.ws.soap.common.SOAPException;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.security.SecurityException;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
@@ -81,7 +81,6 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.AuthenticationData;
@@ -89,6 +88,7 @@ import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.data.MISMandate;
import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.RequestImpl;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder;
@@ -96,11 +96,12 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExt
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
@@ -114,14 +115,19 @@ import at.gv.util.config.EgovUtilPropertiesConfiguration;
import at.gv.util.ex.EgovUtilException;
import at.gv.util.wsdl.szr.SZRException;
import at.gv.util.xsd.szr.PersonInfoType;
+import iaik.x509.X509Certificate;
/**
* @author tlenz
*
*/
+@Service("AuthenticationDataBuilder")
public class AuthenticationDataBuilder extends MOAIDAuthConstants {
- public static IAuthData buildAuthenticationData(IRequest protocolRequest,
+ @Autowired private IAuthenticationSessionStoreage authenticatedSessionStorage;
+ @Autowired protected AuthConfiguration authConfig;
+
+ public IAuthData buildAuthenticationData(IRequest protocolRequest,
AuthenticationSession session, List<Attribute> reqAttributes) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException {
@@ -166,7 +172,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
}
//reuse some parameters if it is a reauthentication
- OASessionStore activeOA = AuthenticationSessionStoreage.searchActiveOASSOSession(session, oaID, protocolRequest.requestedModule());
+ OASessionStore activeOA = authenticatedSessionStorage.searchActiveOASSOSession(session, oaID, protocolRequest.requestedModule());
if (activeOA != null) {
authdata.setSessionIndex(activeOA.getAssertionSessionID());
authdata.setNameID(activeOA.getUserNameID());
@@ -187,13 +193,12 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
}
}
- InterfederationSessionStore interfIDP = AuthenticationSessionStoreage.searchInterfederatedIDPFORAttributeQueryWithSessionID(session);
+ InterfederationSessionStore interfIDP = authenticatedSessionStorage.searchInterfederatedIDPFORAttributeQueryWithSessionID(session);
IOAAuthParameters oaParam = null;
if (reqAttributes == null) {
//get OnlineApplication from MOA-ID-Auth configuration
- oaParam = AuthConfigurationProviderFactory.getInstance()
- .getOnlineApplicationParameter(oaID);
+ oaParam = authConfig.getOnlineApplicationParameter(oaID);
//build OA dynamically from STROK request if this OA is used as STORK<->PVP gateway
if (oaParam.isSTORKPVPGateway())
@@ -215,7 +220,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
} else {
//get attributes from interfederated IDP
- OAAuthParameter idp = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(interfIDP.getIdpurlprefix());
+ OAAuthParameter idp = authConfig.getOnlineApplicationParameter(interfIDP.getIdpurlprefix());
getAuthDataFromInterfederation(authdata, session, oaParam, protocolRequest, interfIDP, idp, reqAttributes);
//mark attribute request as used
@@ -248,7 +253,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
* @throws BuildException
* @throws DynamicOABuildException
*/
- public static IAuthData buildAuthenticationData(IRequest req,
+ public IAuthData buildAuthenticationData(IRequest req,
AuthenticationSession session) throws WrongParametersException, ConfigurationException, BuildException, DynamicOABuildException {
return buildAuthenticationData(req, session, null);
}
@@ -263,7 +268,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
* @param reqQueryAttr
* @throws ConfigurationException
*/
- private static void getAuthDataFromInterfederation(
+ private void getAuthDataFromInterfederation(
AuthenticationData authdata, AuthenticationSession session,
IOAAuthParameters oaParam, IRequest req,
InterfederationSessionStore interfIDP, OAAuthParameter idp, List<Attribute> reqQueryAttr) throws BuildException, ConfigurationException{
@@ -280,11 +285,13 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
//IDP is a service provider IDP and request interfederated IDP to collect attributes
} else {
//get PVP 2.1 attributes from protocol specific requested attributes
- attributs = req.getRequestedAttributes();
+ attributs = (List<Attribute>) req.getGenericData(RequestImpl.DATAID_REQUESTED_ATTRIBUTES);
}
- Response intfResp = (Response) req.getInterfederationResponse().getResponse();
+ Response intfResp =
+ (Response) req.getGenericData(
+ RequestImpl.DATAID_INTERFEDERATIOIDP_RESPONSE, MOAResponse.class).getResponse();
AssertionAttributeExtractor extractor =
new AssertionAttributeExtractor(intfResp);
@@ -362,7 +369,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
}
}
- private static void buildAuthDataFormInterfederationResponse(
+ private void buildAuthDataFormInterfederationResponse(
AuthenticationData authData,
AuthenticationSession session,
AssertionAttributeExtractor extractor,
@@ -500,7 +507,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
if (MiscUtil.isEmpty(authData.getIdentificationValue())) {
Logger.info("No baseID found. Connect SZR to reveive baseID ...");
try {
- EgovUtilPropertiesConfiguration eGovClientsConfig = AuthConfigurationProviderFactory.getInstance().geteGovUtilsConfig();
+ EgovUtilPropertiesConfiguration eGovClientsConfig = authConfig.geteGovUtilsConfig();
if (eGovClientsConfig != null) {
SZRClient szrclient = new SZRClient(eGovClientsConfig);
@@ -534,11 +541,6 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
}
- } catch (ConfigurationException e) {
- Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e);
- throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME
- + " or " + PVPConstants.EID_SOURCE_PIN_NAME);
-
} catch (EgovUtilException e) {
Logger.warn("SZR connection FAILED. Interfederation SSO login not possible.", e);
throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME
@@ -843,7 +845,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
* @param authData
* @return
*/
- private static boolean matchsReceivedbPKToOnlineApplication(
+ private boolean matchsReceivedbPKToOnlineApplication(
IOAAuthParameters oaParam, AuthenticationData authData) {
String oaTarget = null;
@@ -870,7 +872,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
return false;
}
- private static void buildAuthDataFormMOASession(AuthenticationData authData, AuthenticationSession session,
+ private void buildAuthDataFormMOASession(AuthenticationData authData, AuthenticationSession session,
IOAAuthParameters oaParam, IRequest protocolRequest) throws BuildException, ConfigurationException {
IdentityLink identityLink = session.getIdentityLink();
@@ -964,11 +966,11 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
}
try {
- authData.setSsoSession(AuthenticationSessionStoreage.isSSOSession(session.getSessionID()));
+ authData.setSsoSession(protocolRequest.needSingleSignOnFunctionality());
//set max. SSO session time
if (authData.isSsoSession()) {
- long maxSSOSessionTime = AuthConfigurationProviderFactory.getInstance().getSSOCreatedTimeOut() * 1000;
+ long maxSSOSessionTime = authConfig.getSSOCreatedTimeOut() * 1000;
Date ssoSessionValidTo = new Date(session.getSessionCreated().getTime() + maxSSOSessionTime);
authData.setSsoSessionValidTo(ssoSessionValidTo);
@@ -1016,7 +1018,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
}
- private static void buildOAspecificIdentityLink(IOAAuthParameters oaParam, AuthenticationData authData, IdentityLink idl) throws MOAIDException {
+ private void buildOAspecificIdentityLink(IOAAuthParameters oaParam, AuthenticationData authData, IdentityLink idl) throws MOAIDException {
if (oaParam.getBusinessService()) {
Element idlassertion = idl.getSamlAssertion();
//set bpk/wpbk;
@@ -1033,9 +1035,8 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();
Element resignedilAssertion;
- AuthConfiguration config = AuthConfigurationProviderFactory.getInstance();
- if (config.isIdentityLinkResigning()) {
- resignedilAssertion = identitylinkresigner.resignIdentityLink(businessServiceIdl.getSamlAssertion(), config.getIdentityLinkResigningKey());
+ if (authConfig.isIdentityLinkResigning()) {
+ resignedilAssertion = identitylinkresigner.resignIdentityLink(businessServiceIdl.getSamlAssertion(), authConfig.getIdentityLinkResigningKey());
} else {
resignedilAssertion = businessServiceIdl.getSamlAssertion();
}
@@ -1050,7 +1051,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
}
- private static void buildOAspecificbPK(IRequest protocolRequest, IOAAuthParameters oaParam, AuthenticationData authData, String baseID, String baseIDType) throws BuildException {
+ private void buildOAspecificbPK(IRequest protocolRequest, IOAAuthParameters oaParam, AuthenticationData authData, String baseID, String baseIDType) throws BuildException {
if (oaParam.getBusinessService()) {
//since we have foreigner, wbPK is not calculated in BKU
@@ -1082,7 +1083,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
}
if (saml1Requst != null && protocolRequest.getClass().isInstance(saml1Requst))
- target = protocolRequest.getTarget();
+ target = protocolRequest.getGenericData("target", String.class);
else
target = oaParam.getTarget();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java
index d4350f97b..9a2baf873 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java
@@ -47,7 +47,6 @@
package at.gv.egovernment.moa.id.auth.builder;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
/**
* Builds a DataURL parameter meant for the security layer implementation
@@ -76,31 +75,13 @@ public class DataURLBuilder {
* @return String
*/
public String buildDataURL(String authBaseURL, String authServletName, String sessionID) {
-
-// String individualDataURLPrefix = null;
- String dataURL;
-
- //is removed from config in MOA-ID 2.0
- //check if an individual prefix is configured
-// individualDataURLPrefix = AuthConfigurationProvider.getInstance().
-// getGenericConfigurationParameter(AuthConfigurationProvider.INDIVIDUAL_DATA_URL_PREFIX);
-//
-// if (null != individualDataURLPrefix) {
-//
-// //check individualDataURLPrefix
-// if(!individualDataURLPrefix.startsWith("http"))
-// throw(new ConfigurationException("config.13", new Object[] { individualDataURLPrefix}));
-//
-// //when ok then use it
-// dataURL = individualDataURLPrefix + authServletName;
-// } else
-
+ String dataURL;
if (!authBaseURL.endsWith("/"))
authBaseURL += "/";
dataURL = authBaseURL + authServletName;
- dataURL = addParameter(dataURL, MOAIDAuthConstants.PARAM_SESSIONID, sessionID);
+ dataURL = addParameter(dataURL, MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, sessionID);
return dataURL;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java
index 99ba49d26..c22432d0d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java
@@ -36,7 +36,6 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.config.stork.CPEPS;
import at.gv.egovernment.moa.id.util.FormBuildUtils;
import at.gv.egovernment.moa.logging.Logger;
@@ -119,7 +118,7 @@ public class LoginFormBuilder {
return template;
}
- public static String buildLoginForm(String modul, String action, OAAuthParameter oaParam, String contextpath, String moaSessionID) {
+ public static String buildLoginForm(String modul, String action, IOAAuthParameters oaParam, String contextpath, String moaSessionID) {
String value = null;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index ae3ec9a9b..3849eb8a2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -36,8 +36,6 @@
package at.gv.egovernment.moa.id.auth.data;
-import iaik.x509.X509Certificate;
-
import java.io.Serializable;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
@@ -53,6 +51,7 @@ import at.gv.egovernment.moa.id.data.MISMandate;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.MiscUtil;
+import iaik.x509.X509Certificate;
/**
* Session data to be stored between <code>AuthenticationServer</code> API calls.
@@ -218,16 +217,7 @@ public class AuthenticationSession implements Serializable {
*/
private String pushInfobox;
- // private AuthenticationData authData;
-
- // protocol selection
- private String action;
- private String modul;
-
- private String processInstanceId;
-
private boolean authenticated;
- private boolean authenticatedUsed = false;
private boolean ssoRequested = false;
@@ -238,31 +228,7 @@ public class AuthenticationSession implements Serializable {
private boolean isForeigner;
private Map<String, Object> genericSessionDataStorate = new HashedMap<String, Object>();
-
- public String getModul() {
- return modul;
- }
-
- public void setModul(String modul) {
- this.modul = modul;
- }
-
- public String getAction() {
- return action;
- }
-
- public void setAction(String action) {
- this.action = action;
- }
- public boolean isAuthenticatedUsed() {
- return authenticatedUsed;
- }
-
- public void setAuthenticatedUsed(boolean authenticatedUsed) {
- this.authenticatedUsed = authenticatedUsed;
- }
-
public boolean isAuthenticated() {
return authenticated;
}
@@ -852,22 +818,6 @@ public class AuthenticationSession implements Serializable {
return sessionCreated;
}
- /**
- * Returns the identifier of the process instance associated with this moaid session.
- * @return The process instance id (may be {@code null} if no process has been created yet).
- */
- public String getProcessInstanceId() {
- return processInstanceId;
- }
-
- /**
- * Sets the process instance identifier in order to associate a certain process instance with this moaid session.
- * @param processInstanceId The process instance id.
- */
- public void setProcessInstanceId(String processInstanceId) {
- this.processInstanceId = processInstanceId;
- }
-
public Map<String, Object> getGenericSessionDataStorage() {
return genericSessionDataStorate;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java
index 67ddd170a..a73fd6858 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java
@@ -1,6 +1,12 @@
package at.gv.egovernment.moa.id.auth.modules;
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;
+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_CACHE_CONTROL;
+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_EXPIRES;
+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_PRAGMA;
+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL;
+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE;
+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_VALUE_EXPIRES;
+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_VALUE_PRAGMA;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
@@ -24,17 +30,23 @@ import org.apache.commons.fileupload.FileUploadException;
import org.apache.commons.fileupload.disk.DiskFileItemFactory;
import org.apache.commons.fileupload.servlet.ServletFileUpload;
import org.apache.commons.lang3.ArrayUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
-import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.entrypoints.DispatcherServlet;
+import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.moduls.IRequestStorage;
import at.gv.egovernment.moa.id.process.springweb.MoaIdTask;
-import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl;
-import at.gv.egovernment.moa.id.storage.IExceptionStore;
+import at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController;
+import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.storage.ITransactionStorage;
+import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.id.util.ServletUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -45,6 +57,13 @@ import at.gv.egovernment.moa.util.MiscUtil;
*/
public abstract class AbstractAuthServletTask extends MoaIdTask {
+ @Autowired private StatisticLogger statisticLogger;
+ @Autowired private ITransactionStorage transactionStorage;
+ @Autowired protected IRequestStorage requestStoreage;
+ @Autowired protected IAuthenticationSessionStoreage authenticatedSessionStorage;
+ @Autowired protected MOAReversionLogger revisionsLogger;
+ @Autowired protected AuthConfiguration authConfig;
+
protected static final String ERROR_CODE_PARAM = "errorid";
protected void handleErrorNoRedirect(String errorMessage, Throwable exceptionThrown,
@@ -66,11 +85,8 @@ public abstract class AbstractAuthServletTask extends MoaIdTask {
req.setAttribute("LogLevel", "debug");
}
-
- StatisticLogger logger = StatisticLogger.getInstance();
- logger.logErrorOperation(exceptionThrown);
-
-
+ statisticLogger.logErrorOperation(exceptionThrown);
+
// forward this to errorpage-auth.jsp where the HTML error page is
// generated
ServletContext context = req.getServletContext();
@@ -132,31 +148,42 @@ public abstract class AbstractAuthServletTask extends MoaIdTask {
Logger.error("Receive an internal error: Message=" + exceptionThrown.getMessage(), exceptionThrown);
}
+
- IExceptionStore store = DBExceptionStoreImpl.getStore();
- String id = store.storeException(exceptionThrown);
-
- if (id != null && MiscUtil.isNotEmpty(pendingRequestID)) {
-
- String redirectURL = null;
-
- redirectURL = ServletUtils.getBaseUrl(req);
- redirectURL += "/dispatcher?" + ERROR_CODE_PARAM + "=" + id
- + "&" + DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID;
-
- resp.setContentType("text/html");
- resp.setStatus(302);
-
- resp.addHeader("Location", redirectURL);
- Logger.debug("REDIRECT TO: " + redirectURL);
-
- return;
+ try {
+ String key = Random.nextRandom();
+ transactionStorage.put(key, exceptionThrown);
- } else {
+ if (key != null && MiscUtil.isNotEmpty(pendingRequestID)) {
+ String redirectURL = null;
+
+ redirectURL = ServletUtils.getBaseUrl(req) + "/";
+ redirectURL += AbstractProtocolModulController.FINALIZEPROTOCOL_ENDPOINT
+ + "?" + ERROR_CODE_PARAM + "=" + key
+ + "&" + MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID;
- //Exception can not be stored in database
+ resp.setContentType("text/html");
+ resp.setStatus(302);
+
+ resp.addHeader("Location", redirectURL);
+ Logger.debug("REDIRECT TO: " + redirectURL);
+
+ return;
+
+ } else {
+ //Exception can not be stored in database
+ handleErrorNoRedirect(errorMessage, exceptionThrown, req, resp);
+ }
+
+ } catch (MOADatabaseException e) {
+ Logger.warn("Exception can not be stored to Database.", e);
handleErrorNoRedirect(errorMessage, exceptionThrown, req, resp);
+
}
+
+
+
+
}
/**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java
new file mode 100644
index 000000000..8b02a5bf6
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java
@@ -0,0 +1,68 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules;
+
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+
+/**
+ * @author tlenz
+ *
+ */
+public class BKUSelectionModuleImpl implements AuthModule {
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getPriority()
+ */
+ @Override
+ public int getPriority() {
+ return 0;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext)
+ */
+ @Override
+ public String selectProcess(ExecutionContext context) {
+ boolean performBKUSelection = false;
+ Object performBKUSelectionObj = context.get("performBKUSelection");
+ if (performBKUSelectionObj != null && performBKUSelectionObj instanceof Boolean)
+ performBKUSelection = (boolean) performBKUSelectionObj;
+
+ if (performBKUSelection)
+ return "BKUSelectionProcess";
+
+ else
+ return null;
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getProcessDefinitions()
+ */
+ @Override
+ public String[] getProcessDefinitions() {
+ return new String[] { "classpath:at/gv/egovernment/moa/id/auth/modules/internal/BKUSelection.process.xml" };
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java
index 4a6ecd56a..f1ab58ee0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java
@@ -44,9 +44,9 @@ import org.opensaml.saml2.metadata.SingleSignOnService;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.opensaml.xml.security.SecurityException;
+import org.springframework.stereotype.Service;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
@@ -55,13 +55,12 @@ import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.moduls.RequestStorage;
+import at.gv.egovernment.moa.id.moduls.RequestImpl;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
@@ -73,6 +72,7 @@ import at.gv.egovernment.moa.util.MiscUtil;
* @author tlenz
*
*/
+@Service("CreateInterfedeartionRequestTask")
public class CreateInterfedeartionRequestTask extends AbstractAuthServletTask {
/* (non-Javadoc)
@@ -84,8 +84,8 @@ public class CreateInterfedeartionRequestTask extends AbstractAuthServletTask {
throws TaskExecutionException {
boolean requiredLocalAuthentication = true;
- IRequest pendingReq = RequestStorage.getPendingRequest(
- (String) executionContext.get("pendingRequestID"));
+ IRequest pendingReq = requestStoreage.getPendingRequest(
+ (String) executionContext.get(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID));
String idpEntityID =
(String) executionContext.get(MOAIDAuthConstants.PROCESSCONTEXT_INTERFEDERATION_ENTITYID);
@@ -105,8 +105,10 @@ public class CreateInterfedeartionRequestTask extends AbstractAuthServletTask {
OAAuthParameter idp = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(idpEntityID);
OAAuthParameter sp = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(pendingReq.getOAURL());
+ String requestedIDP = pendingReq.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class);
+
if (!idp.isInderfederationIDP() || !idp.isInboundSSOInterfederationAllowed()) {
- Logger.info("Requested interfederation IDP " + pendingReq.getRequestedIDP() + " is not valid for interfederation.");
+ Logger.info("Requested interfederation IDP " + requestedIDP + " is not valid for interfederation.");
Logger.debug("isInderfederationIDP:" + String.valueOf(idp.isInderfederationIDP())
+ " isInboundSSOAllowed:" + String.valueOf(idp.isInboundSSOInterfederationAllowed()));
Logger.info("Switch to local authentication on this IDP ... ");
@@ -252,18 +254,18 @@ public class CreateInterfedeartionRequestTask extends AbstractAuthServletTask {
//build and send request without an error
requiredLocalAuthentication = false;
- MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(),
pendingReq, MOAIDEventConstants.AUTHPROCESS_INTERFEDERATION_IDP, idpEntity.getEntityID());
} else {
- Logger.warn("Requested IDP " + pendingReq.getRequestedIDP()
+ Logger.warn("Requested IDP " + requestedIDP
+ " does not support POST or Redirect Binding.");
}
} else {
- Logger.warn("Requested IDP " + pendingReq.getRequestedIDP()
+ Logger.warn("Requested IDP " + requestedIDP
+ " is not found in InterFederation configuration");
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java
new file mode 100644
index 000000000..fe3e8680c
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java
@@ -0,0 +1,119 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
+
+import java.util.Enumeration;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang.StringEscapeUtils;
+import org.springframework.stereotype.Service;
+
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+@Service("EvaluateBKUSelectionTask")
+public class EvaluateBKUSelectionTask extends AbstractAuthServletTask {
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+ */
+ @Override
+ public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
+ throws TaskExecutionException {
+ try {
+ //load pending request
+ String pendingReqID = request.getParameter(MOAIDAuthConstants.PARAM_SESSIONID);
+ pendingReqID = StringEscapeUtils.escapeHtml(pendingReqID);
+ IRequest pendingReq = requestStoreage.getPendingRequest(pendingReqID);
+
+ if (pendingReq == null) {
+ Logger.info("No PendingRequest with Id: " + executionContext.get("pendingRequestID") + " Maybe, a transaction timeout occure.");
+ throw new MOAIDException("auth.28", new Object[]{executionContext.get("pendingRequestID")});
+
+ }
+
+ //change pending-request ID
+ String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq);
+ executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID);
+
+ AuthenticationSession moaSession = null;
+ String moaSessionID = pendingReq.getMOASessionIdentifier();
+ try {
+ moaSession = authenticatedSessionStorage.getSession(moaSessionID);
+
+ if (moaSession == null) {
+ Logger.info("MOASession with SessionID="+ moaSessionID + " is not found in Database");
+ throw new MOAIDException("init.04", new Object[] {
+ moaSessionID});
+
+ }
+
+ // set parameter execution context
+ Enumeration<String> reqParamNames = request.getParameterNames();
+ while(reqParamNames.hasMoreElements()) {
+ String paramName = reqParamNames.nextElement();
+ if (MiscUtil.isNotEmpty(paramName))
+ executionContext.put(paramName, request.getParameter(paramName));
+
+ }
+
+ Logger.info("BKU is selected finished -> Start BKU communication ...");
+
+ } catch (MOADatabaseException e) {
+ Logger.info("MOASession with SessionID="+ moaSessionID + " is not found in Database");
+ throw new MOAIDException("init.04", new Object[] {
+ moaSessionID});
+
+ } catch (Throwable e) {
+ Logger.info("No HTTP Session found!");
+ throw new MOAIDException("auth.18", new Object[] {});
+ }
+
+
+
+
+ } catch (MOAIDException e) {
+ throw new TaskExecutionException(e.getMessage(), e);
+
+ } catch (Exception e) {
+ Logger.warn("EvaluateBKUSelectionTask has an internal error", e);
+ throw new TaskExecutionException(e.getMessage(), e);
+
+ }
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java
index 712ebb731..ed309d85a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java
@@ -22,11 +22,12 @@
*/
package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_SESSIONID;
-
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.springframework.stereotype.Service;
+
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
@@ -34,10 +35,9 @@ import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.moduls.ModulUtils;
-import at.gv.egovernment.moa.id.moduls.RequestStorage;
+import at.gv.egovernment.moa.id.moduls.RequestImpl;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -45,6 +45,7 @@ import at.gv.egovernment.moa.util.MiscUtil;
* @author tlenz
*
*/
+@Service("FinalizeAuthenticationTask")
public class FinalizeAuthenticationTask extends AbstractAuthServletTask {
/* (non-Javadoc)
@@ -56,8 +57,8 @@ public class FinalizeAuthenticationTask extends AbstractAuthServletTask {
throws TaskExecutionException {
try {
- IRequest pendingReq = RequestStorage.getPendingRequest(
- (String) executionContext.get("pendingRequestID"));
+ IRequest pendingReq = requestStoreage.getPendingRequest(
+ (String) executionContext.get(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID));
if (pendingReq == null) {
Logger.info("No PendingRequest with Id: " + executionContext.get("pendingRequestID") + " Maybe, a transaction timeout occure.");
@@ -66,7 +67,7 @@ public class FinalizeAuthenticationTask extends AbstractAuthServletTask {
}
//get Session from context
- String moasessionid = (String) executionContext.get(PARAM_SESSIONID);
+ String moasessionid = pendingReq.getMOASessionIdentifier();
AuthenticationSession session = null;
if (MiscUtil.isEmpty(moasessionid)) {
Logger.warn("MOASessionID is empty.");
@@ -74,9 +75,14 @@ public class FinalizeAuthenticationTask extends AbstractAuthServletTask {
}
try {
- session = AuthenticationSessionStoreage.getSession(moasessionid);
- AuthenticationSessionStoreage.changeSessionID(session);
-
+ session = authenticatedSessionStorage.getSession(moasessionid);
+ if (session == null) {
+ Logger.info("MOASession with SessionID=" + moasessionid + " is not found in Database");
+ throw new MOAIDException("init.04", new Object[] { moasessionid });
+
+ }
+
+
} catch (MOADatabaseException e) {
Logger.info("MOASession with SessionID=" + moasessionid + " is not found in Database");
throw new MOAIDException("init.04", new Object[] { moasessionid });
@@ -86,25 +92,25 @@ public class FinalizeAuthenticationTask extends AbstractAuthServletTask {
throw new MOAIDException("auth.18", new Object[] {});
} finally {
- executionContext.remove(PARAM_SESSIONID);
+ executionContext.remove(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID);
}
-
- session.setAuthenticatedUsed(false);
- session.setAuthenticated(true);
-
- String oldsessionID = session.getSessionID();
+ //set MOASession to authenticated and store MOASession
+ session.setAuthenticated(true);
+ String newMOASessionID = authenticatedSessionStorage.changeSessionID(session);
- //Session is implicte stored in changeSessionID!!!
- String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session);
+ //set pendingRequest to authenticated and set new MOASessionID
+ ((RequestImpl)pendingReq).setMOASessionIdentifier(newMOASessionID);
+ pendingReq.setAuthenticated(true);
+ requestStoreage.storePendingRequest(pendingReq);
Logger.info("AuthProcess finished. Redirect to Protocol Dispatcher.");
- String redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(),
- ModulUtils.buildAuthURL(pendingReq.requestedModule(), pendingReq.requestedAction(), pendingReq.getRequestID()), newMOASessionID);
-
+ String redirectURL = new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(),
+ AbstractProtocolModulController.FINALIZEPROTOCOL_ENDPOINT, pendingReq.getRequestID());
+
response.setContentType("text/html");
response.setStatus(302);
response.addHeader("Location", redirectURL);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java
new file mode 100644
index 000000000..1bdc132d9
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java
@@ -0,0 +1,102 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
+
+import java.io.PrintWriter;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.stereotype.Service;
+
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+@Service("GenerateBKUSelectionFrameTask")
+public class GenerateBKUSelectionFrameTask extends AbstractAuthServletTask {
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+ */
+ @Override
+ public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
+ throws TaskExecutionException {
+ try {
+ IRequest pendingReq = requestStoreage.getPendingRequest(
+ (String) executionContext.get(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID));
+
+ if (pendingReq == null) {
+ Logger.info("No PendingRequest with Id: " + executionContext.get("pendingRequestID") + " Maybe, a transaction timeout occure.");
+ throw new MOAIDException("auth.28", new Object[]{executionContext.get("pendingRequestID")});
+
+ }
+
+ revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_BKUSELECTION_INIT);
+
+ //load Parameters from OnlineApplicationConfiguration
+ IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
+
+ if (oaParam == null) {
+ throw new AuthenticationException("auth.00", new Object[] { pendingReq.getOAURL() });
+
+ }
+
+ //Build authentication form
+ String publicURLPreFix = pendingReq.getAuthURL();
+ if (publicURLPreFix.endsWith("/"))
+ publicURLPreFix = publicURLPreFix.substring(0, publicURLPreFix.length() - 1);
+ String loginForm = LoginFormBuilder.buildLoginForm(pendingReq.requestedModule(),
+ pendingReq.requestedAction(), oaParam, publicURLPreFix, MOAIDAuthConstants.PARAM_SESSIONID);
+
+ response.setContentType("text/html;charset=UTF-8");
+ PrintWriter out = new PrintWriter(response.getOutputStream());
+ out.print(loginForm);
+ out.flush();
+
+
+ } catch (MOAIDException e) {
+ throw new TaskExecutionException(e.getMessage(), e);
+
+ } catch (Exception e) {
+ Logger.warn("FinalizeAuthenticationTask has an internal error", e);
+ throw new TaskExecutionException(e.getMessage(), e);
+
+ }
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/ReceiveInterfederationResponseTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/ReceiveInterfederationResponseTask.java
index f05ff07e9..77aab8ddb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/ReceiveInterfederationResponseTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/ReceiveInterfederationResponseTask.java
@@ -25,6 +25,8 @@ package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.springframework.stereotype.Service;
+
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
@@ -33,6 +35,7 @@ import at.gv.egovernment.moa.id.process.api.ExecutionContext;
* @author tlenz
*
*/
+@Service("ReceiveInterfederationResponseTask")
public class ReceiveInterfederationResponseTask extends AbstractAuthServletTask {
/* (non-Javadoc)
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java
new file mode 100644
index 000000000..d8b558846
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java
@@ -0,0 +1,123 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
+
+import java.util.Set;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.auth.modules.registration.ModuleRegistration;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.RequestImpl;
+import at.gv.egovernment.moa.id.process.ExecutionContextImpl;
+import at.gv.egovernment.moa.id.process.ProcessEngine;
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+@Service("RestartAuthProzessManagement")
+public class RestartAuthProzessManagement extends AbstractAuthServletTask {
+
+ @Autowired ProcessEngine processEngine;
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+ */
+ @Override
+ public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
+ throws TaskExecutionException {
+ try {
+ IRequest pendingReq = requestStoreage.getPendingRequest(
+ (String) executionContext.get(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID));
+
+ if (pendingReq == null) {
+ Logger.info("No PendingRequest with Id: " + executionContext.get("pendingRequestID") + " Maybe, a transaction timeout occure.");
+ throw new MOAIDException("auth.28", new Object[]{executionContext.get("pendingRequestID")});
+
+ }
+
+ //create a new execution context and copy all elements to new context
+ ExecutionContext newec = new ExecutionContextImpl();
+ Set<String> entries = executionContext.keySet();
+ for (String key : entries) {
+ newec.put(key, executionContext.get(key));
+
+ }
+
+ //remove BKU selection flag
+ newec.remove("performBKUSelection");
+
+
+ Logger.debug("Swicht to specific authentication process after BKU is selected");
+
+ // select and create new process instance
+ String processDefinitionId = ModuleRegistration.getInstance().selectProcess(newec);
+ if (processDefinitionId == null) {
+ Logger.warn("No suitable authentication process found for SessionID " + pendingReq.getRequestID());
+ throw new MOAIDException("process.02", new Object[] { pendingReq.getRequestID() });
+ }
+
+ String processInstanceId = processEngine.createProcessInstance(processDefinitionId, newec);
+
+ // keep process instance id in moa session
+ ((RequestImpl)pendingReq).setProcessInstanceId(processInstanceId);
+
+ // make sure pending request has been persisted before running the process
+ try {
+ requestStoreage.storePendingRequest(pendingReq);
+
+ } catch (MOAIDException e) {
+ Logger.error("Database Error! MOASession is not stored!");
+ throw new MOAIDException("init.04", new Object[] { pendingReq.getRequestID() });
+
+ }
+
+ Logger.info("BKU is selected -> Start BKU communication ...");
+
+ // start process
+ processEngine.start(processInstanceId);
+
+
+ } catch (MOAIDException e) {
+ throw new TaskExecutionException(e.getMessage(), e);
+
+ } catch (Exception e) {
+ Logger.warn("RestartAuthProzessManagement has an internal error", e);
+ throw new TaskExecutionException(e.getMessage(), e);
+
+ }
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
index e659c9447..8af8ed238 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
@@ -25,7 +25,6 @@ package at.gv.egovernment.moa.id.auth.parser;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringEscapeUtils;
@@ -54,8 +53,6 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
String templateURL,
String useMandate,
String ccc,
- String module,
- String action,
HttpServletRequest req,
IRequest protocolReq) throws WrongParametersException, MOAIDException {
@@ -129,7 +126,7 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
if (!oaParam.getBusinessService()) {
if (StringUtils.isEmpty(targetConfig)
- || (module.equals("id_saml1") &&
+ || (protocolReq.requestedModule().equals("at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol") &&
!StringUtils.isEmpty(target))
) {
//INFO: ONLY SAML1 legacy mode
@@ -278,25 +275,8 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
public static void parse(ExecutionContext ec, HttpServletRequest req,
AuthenticationSession moasession, IRequest request) throws WrongParametersException, MOAIDException {
-
-
- String modul = request.requestedModule();//req.getParameter(PARAM_MODUL);
- String action = request.requestedAction();//req.getParameter(PARAM_ACTION);
-
- modul = StringEscapeUtils.escapeHtml(modul);
- action = StringEscapeUtils.escapeHtml(action);
-// if(modul == null) {
-// modul = SAML1Protocol.PATH;
-// }
-//
-// if(action == null) {
-// action = SAML1Protocol.GETARTIFACT;
-// }
- moasession.setModul(modul);
- moasession.setAction(action);
-
+
//get Parameters from request
- String target = (String) ec.get(PARAM_TARGET);
String oaURL = (String) ec.get(PARAM_OA);
String bkuURL = (String) ec.get(PARAM_BKU);
String templateURL = (String) ec.get(PARAM_TEMPLATE);
@@ -312,9 +292,11 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
}
oaURL = request.getOAURL();
- target = request.getTarget();
+
+ //only needed for SAML1
+ String target = request.getGenericData("target", String.class);
- parse(moasession, target, oaURL, bkuURL, templateURL, useMandate, ccc, modul, action, req, request);
+ parse(moasession, target, oaURL, bkuURL, templateURL, useMandate, ccc, req, request);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
new file mode 100644
index 000000000..26e24f5b4
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
@@ -0,0 +1,238 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.servlet;
+
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.ExceptionHandler;
+
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
+import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.moduls.IRequestStorage;
+import at.gv.egovernment.moa.id.process.ProcessExecutionException;
+import at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestValidatorException;
+import at.gv.egovernment.moa.id.storage.ITransactionStorage;
+import at.gv.egovernment.moa.id.util.ErrorResponseUtils;
+import at.gv.egovernment.moa.id.util.Random;
+import at.gv.egovernment.moa.id.util.ServletUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public abstract class AbstractController extends MOAIDAuthConstants {
+
+ public static final String ERROR_CODE_PARAM = "errorid";
+
+ @Autowired protected StatisticLogger statisticLogger;
+ @Autowired protected IRequestStorage requestStorage;
+ @Autowired protected ITransactionStorage transactionStorage;
+ @Autowired protected MOAReversionLogger revisionsLogger;
+ @Autowired protected AuthConfiguration authConfig;
+
+
+ protected void handleError(String errorMessage, Throwable exceptionThrown,
+ HttpServletRequest req, HttpServletResponse resp, String pendingRequestID) throws IOException {
+
+ Throwable loggedException = null;
+
+ if (exceptionThrown != null
+ && exceptionThrown instanceof ProcessExecutionException) {
+ ProcessExecutionException procExc =
+ (ProcessExecutionException) exceptionThrown;
+ if (procExc.getCause() != null &&
+ procExc.getCause() instanceof TaskExecutionException) {
+ TaskExecutionException taskExc = (TaskExecutionException) procExc.getCause();
+ loggedException = taskExc.getOriginalException();
+
+ }
+ }
+
+ if (loggedException == null)
+ loggedException = exceptionThrown;
+
+
+ if (!(loggedException instanceof MOAIDException)) {
+ Logger.error("Receive an internal error: Message=" + loggedException.getMessage(), loggedException);
+
+ } else {
+ if (Logger.isDebugEnabled() || Logger.isTraceEnabled()) {
+ Logger.error(loggedException.getMessage(), loggedException);
+
+ } else {
+ Logger.error(loggedException.getMessage());
+
+ }
+ }
+
+ //store error into transaction store
+ try {
+ String key = Random.nextRandom();
+ transactionStorage.put(key, exceptionThrown);
+
+ if (key != null && MiscUtil.isNotEmpty(pendingRequestID)) {
+ String redirectURL = null;
+
+ redirectURL = ServletUtils.getBaseUrl(req);
+ redirectURL += AbstractProtocolModulController.FINALIZEPROTOCOL_ENDPOINT
+ + "?" + ERROR_CODE_PARAM + "=" + key
+ + "&" + MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID;
+
+ resp.setContentType("text/html");
+ resp.setStatus(302);
+
+ resp.addHeader("Location", redirectURL);
+ Logger.debug("REDIRECT TO: " + redirectURL);
+
+ return;
+
+ } else {
+ //Exception can not be stored in database
+ handleErrorNoRedirect(loggedException, req, resp);
+
+ }
+
+ } catch (MOADatabaseException e) {
+ Logger.warn("Exception can not be stored to Database.", e);
+ handleErrorNoRedirect(loggedException, req, resp);
+
+ }
+
+
+ }
+
+
+ /**
+ * Handles all exceptions with no pending request.
+ * Therefore, the error is written to the users browser
+ *
+ * @param throwable
+ * @param req
+ * @param resp
+ * @throws IOException
+ */
+ protected void handleErrorNoRedirect(Throwable throwable, HttpServletRequest req,
+ HttpServletResponse resp) throws IOException {
+
+ //log Exception into statistic database
+ statisticLogger.logErrorOperation(throwable);
+
+ //write errror to console
+ Logger.error(throwable.getMessage(), throwable);
+
+ //return error to Web browser
+ if (throwable instanceof MOAIDException)
+ MOAIDExceptionHandler(req, resp, (MOAIDException)throwable);
+
+ else
+ GenericExceptionHandler(req, resp, (Exception)throwable);
+ }
+
+ @ExceptionHandler({MOAIDException.class})
+ public void MOAIDExceptionHandler(HttpServletRequest req, HttpServletResponse resp, MOAIDException e) throws IOException {
+ if (e instanceof ProtocolNotActiveException) {
+ resp.getWriter().write(e.getMessage());
+ resp.setContentType("text/html;charset=UTF-8");
+ resp.sendError(HttpServletResponse.SC_FORBIDDEN, e.getMessage());
+ return;
+
+ } else if (e instanceof AuthnRequestValidatorException) {
+ AuthnRequestValidatorException ex = (AuthnRequestValidatorException)e;
+ //log Error Message
+ statisticLogger.logErrorOperation(ex, ex.getErrorRequest());
+ return;
+
+ } else if (e instanceof InvalidProtocolRequestException) {
+ //write log entry
+ String samlRequest = req.getParameter("SAMLRequest");
+ Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
+
+ //send error response
+ ErrorResponseUtils utils = ErrorResponseUtils.getInstance();
+ String code = utils.mapInternalErrorToExternalError(e.getMessageId());
+ String descr = e.getMessage();
+ resp.setContentType("text/html;charset=UTF-8");
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "Protocol validation FAILED!" +
+ "(Errorcode=" + code +
+ " | Description=" + descr + ")");
+ return;
+ } else if (e instanceof ConfigurationException) {
+ resp.setContentType("text/html;charset=UTF-8");
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "NO valid protocol request received!" +
+ "(Errorcode=9199"
+ +" | Description="+ e.getMessage() + ")");
+ return;
+
+ //TODO: check exception type
+ } else if (e instanceof MOAIDException) {
+ String samlRequest = req.getParameter("SAMLRequest");
+ if (MiscUtil.isNotEmpty(samlRequest))
+ Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
+ else
+ Logger.error("Failed to generate a valid protocol request!");
+
+ resp.setContentType("text/html;charset=UTF-8");
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "NO valid protocol request received!" +
+ "(Errorcode=6000"
+ +" | Description=Das Authentifizierungsprotokoll wurde nicht erkannt oder wird nicht unterst\u00FCzt" + ")");
+ return;
+
+ }
+
+ }
+
+ @ExceptionHandler({Exception.class})
+ public void GenericExceptionHandler(HttpServletRequest req, HttpServletResponse resp, Exception exception) throws IOException {
+ Logger.error("Internel Server Error." , exception);
+ resp.setContentType("text/html;charset=UTF-8");
+ resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Internal Server Error!" +
+ "(Errorcode=9199"
+ +" | Description="+ exception.getMessage() + ")");
+ return;
+
+ }
+
+ @ExceptionHandler({IOException.class})
+ public void IOExceptionHandler(HttpServletRequest req, HttpServletResponse resp, IOException exception) {
+ Logger.error("Internel Server Error." , exception);
+ resp.setContentType("text/html;charset=UTF-8");
+ resp.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+ return;
+
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java
new file mode 100644
index 000000000..375afca4d
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java
@@ -0,0 +1,84 @@
+package at.gv.egovernment.moa.id.auth.servlet;
+
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang.StringEscapeUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.process.ProcessEngine;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * Servlet that resumes a suspended process (in case of asynchronous tasks).
+ *
+ * @author tknall
+ *
+ */
+public abstract class AbstractProcessEngineSignalController extends AbstractController {
+
+ @Autowired ProcessEngine processEngine;
+
+ protected void signalProcessManagement(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+ String pendingRequestID = StringEscapeUtils.escapeHtml(getPendingRequestId(req));
+
+ try {
+ if (pendingRequestID == null) {
+ throw new IllegalStateException("Unable to determine MOA pending-request id.");
+ }
+
+ IRequest pendingReq = requestStorage.getPendingRequest(pendingRequestID);
+ if (pendingReq == null) {
+ Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");
+ throw new MOAIDException("auth.28", new Object[]{pendingRequestID});
+
+ }
+
+ //add transactionID and unique sessionID to Logger
+ TransactionIDUtils.setSessionId(pendingReq.getUniqueSessionIdentifier());
+ TransactionIDUtils.setTransactionId(pendingReq.getUniqueTransactionIdentifier());
+
+ // process instance is mandatory
+ if (pendingReq.getProcessInstanceId() == null) {
+ throw new IllegalStateException("MOA session does not provide process instance id.");
+ }
+
+ // wake up next task
+ processEngine.signal(pendingReq.getProcessInstanceId());
+
+ } catch (Exception ex) {
+ handleError(null, ex, req, resp, pendingRequestID);
+
+ } finally {
+ //MOASessionDBUtils.closeSession();
+ TransactionIDUtils.removeTransactionId();
+ TransactionIDUtils.removeSessionId();
+
+ }
+
+
+ }
+
+ /**
+ * Retrieves the current pending-request id from the HttpServletRequest parameter
+ * {@link MOAIDAuthConstants#PARAM_TARGET_PENDINGREQUESTID}.
+ * <p/>
+ * Note that this class/method can be overwritten by modules providing their own strategy of retrieving the
+ * respective pending-request id.
+ *
+ * @param request
+ * The unterlying HttpServletRequest.
+ * @return The current pending-request id.
+ */
+ public String getPendingRequestId(HttpServletRequest request) {
+ return StringEscapeUtils.escapeHtml(request.getParameter(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID));
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
index fe24d45dd..fb6c71846 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
@@ -1,507 +1,378 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-package at.gv.egovernment.moa.id.auth.servlet;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import javax.servlet.RequestDispatcher;
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletContext;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.fileupload.FileItem;
-import org.apache.commons.fileupload.FileItemFactory;
-import org.apache.commons.fileupload.FileUploadException;
-import org.apache.commons.fileupload.disk.DiskFileItemFactory;
-import org.apache.commons.fileupload.servlet.ServletFileUpload;
-import org.springframework.beans.BeansException;
-import org.springframework.beans.factory.NoSuchBeanDefinitionException;
-import org.springframework.beans.factory.NoUniqueBeanDefinitionException;
-import org.springframework.web.context.WebApplicationContext;
-import org.springframework.web.context.support.WebApplicationContextUtils;
-
-import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.entrypoints.DispatcherServlet;
-import at.gv.egovernment.moa.id.process.ProcessEngine;
-import at.gv.egovernment.moa.id.process.ProcessExecutionException;
-import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl;
-import at.gv.egovernment.moa.id.storage.IExceptionStore;
-import at.gv.egovernment.moa.id.util.ServletUtils;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-import at.gv.egovernment.moa.util.URLDecoder;
-
-/**
- * Base class for MOA-ID Auth Servlets, providing standard error handling and
- * constant names.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class AuthServlet extends HttpServlet {
-
- /**
- *
- */
- private static final long serialVersionUID = -6929905344382283738L;
-
- protected static final String ERROR_CODE_PARAM = "errorid";
-
- /**
- * The process engine.
- */
- private ProcessEngine processEngine;
-
- @Override
- protected void doGet(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
- Logger.debug("GET " + this.getServletName());
-
- this.setNoCachingHeadersInHttpRespone(req, resp);
- }
-
- protected void handleErrorNoRedirect(String errorMessage, Throwable exceptionThrown,
- HttpServletRequest req, HttpServletResponse resp) {
-
- if (null != errorMessage) {
- Logger.error(errorMessage);
- req.setAttribute("ErrorMessage", errorMessage);
- }
-
- if (null != exceptionThrown) {
- if (null == errorMessage)
- errorMessage = exceptionThrown.getMessage();
- Logger.error(errorMessage, exceptionThrown);
- req.setAttribute("ExceptionThrown", exceptionThrown);
- }
-
- if (Logger.isDebugEnabled()) {
- req.setAttribute("LogLevel", "debug");
- }
-
-
- StatisticLogger logger = StatisticLogger.getInstance();
- logger.logErrorOperation(exceptionThrown);
-
-
- // forward this to errorpage-auth.jsp where the HTML error page is
- // generated
- ServletContext context = getServletContext();
- RequestDispatcher dispatcher = context
- .getRequestDispatcher("/errorpage-auth.jsp");
- try {
-
- resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,
- MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
- resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,
- MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
- resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
- MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
- resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
- MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
-
- dispatcher.forward(req, resp);
- } catch (ServletException e) {
- Logger.error(e);
- } catch (IOException e) {
- Logger.error(e);
- }
- }
-
- /**
- * Handles an error. <br>>
- * <ul>
- * <li>Logs the error</li>
- * <li>Places error message and exception thrown into the request as request
- * attributes (to be used by <code>"/errorpage-auth.jsp"</code>)</li>
- * <li>Sets HTTP status 500 (internal server error)</li>
- * </ul>
- *
- * @param errorMessage
- * error message
- * @param exceptionThrown
- * exception thrown
- * @param req
- * servlet request
- * @param resp
- * servlet response
- */
- protected void handleError(String errorMessage, Throwable exceptionThrown,
- HttpServletRequest req, HttpServletResponse resp, String pendingRequestID) {
-
- Throwable loggedException = null;
-
- if (exceptionThrown != null
- && exceptionThrown instanceof ProcessExecutionException) {
- ProcessExecutionException procExc =
- (ProcessExecutionException) exceptionThrown;
- if (procExc.getCause() != null &&
- procExc.getCause() instanceof TaskExecutionException) {
- TaskExecutionException taskExc = (TaskExecutionException) procExc.getCause();
- loggedException = taskExc.getOriginalException();
-
- }
- }
-
- if (loggedException == null)
- loggedException = exceptionThrown;
-
-
- if (!(loggedException instanceof MOAIDException)) {
- Logger.error("Receive an internal error: Message=" + loggedException.getMessage(), loggedException);
-
- } else {
- if (Logger.isDebugEnabled() || Logger.isTraceEnabled()) {
- Logger.error(loggedException.getMessage(), loggedException);
-
- } else {
- Logger.error(loggedException.getMessage());
-
- }
- }
-
- IExceptionStore store = DBExceptionStoreImpl.getStore();
- String id = store.storeException(loggedException);
-
- if (id != null && MiscUtil.isNotEmpty(pendingRequestID)) {
-
- String redirectURL = null;
-
- redirectURL = ServletUtils.getBaseUrl(req);
- redirectURL += "/dispatcher?" + ERROR_CODE_PARAM + "=" + id
- + "&" + DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID;
-
- resp.setContentType("text/html");
- resp.setStatus(302);
-
- resp.addHeader("Location", redirectURL);
- Logger.debug("REDIRECT TO: " + redirectURL);
-
- return;
-
- } else {
-
- //Exception can not be stored in database
- handleErrorNoRedirect(errorMessage, loggedException, req, resp);
- }
- }
-
- /**
- * Handles a <code>WrongParametersException</code>.
- *
- * @param req
- * servlet request
- * @param resp
- * servlet response
- */
- protected void handleWrongParameters(WrongParametersException ex,
- HttpServletRequest req, HttpServletResponse resp) {
- Logger.error(ex.toString());
- req.setAttribute("WrongParameters", ex.getMessage());
-
- // forward this to errorpage-auth.jsp where the HTML error page is
- // generated
- ServletContext context = getServletContext();
- RequestDispatcher dispatcher = context
- .getRequestDispatcher("/errorpage-auth.jsp");
- try {
- resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,
- MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
- resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,
- MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
- resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
- MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
- resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
- MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
-
- dispatcher.forward(req, resp);
- } catch (ServletException e) {
- Logger.error(e);
- } catch (IOException e) {
- Logger.error(e);
- }
- }
-
- /**
- * Logs all servlet parameters for debugging purposes.
- */
- protected void logParameters(HttpServletRequest req) {
- for (Enumeration params = req.getParameterNames(); params
- .hasMoreElements();) {
- String parname = (String) params.nextElement();
- Logger.debug("Parameter " + parname + req.getParameter(parname));
- }
- }
-
- /**
- * Parses the request input stream for parameters, assuming parameters are
- * encoded UTF-8 (no standard exists how browsers should encode them).
- *
- * @param req
- * servlet request
- *
- * @return mapping parameter name -> value
- *
- * @throws IOException
- * if parsing request parameters fails.
- *
- * @throws FileUploadException
- * if parsing request parameters fails.
- */
- protected Map<String, String> getParameters(HttpServletRequest req) throws IOException,
- FileUploadException {
-
- Map<String, String> parameters = new HashMap<String, String>();
-
- if (ServletFileUpload.isMultipartContent(req)) {
- // request is encoded as mulitpart/form-data
- FileItemFactory factory = new DiskFileItemFactory();
- ServletFileUpload upload = null;
- upload = new ServletFileUpload(factory);
- List items = null;
- items = upload.parseRequest(req);
- for (int i = 0; i < items.size(); i++) {
- FileItem item = (FileItem) items.get(i);
- if (item.isFormField()) {
- // Process only form fields - no file upload items
- String logString = item.getString("UTF-8");
-
- // TODO use RegExp
- String startS = "<pr:Identification><pr:Value>";
- String endS = "</pr:Value><pr:Type>urn:publicid:gv.at:baseid</pr:Type>";
- String logWithMaskedBaseid = logString;
- int start = logString.indexOf(startS);
- if (start > -1) {
- int end = logString.indexOf(endS);
- if (end > -1) {
- logWithMaskedBaseid = logString.substring(0, start);
- logWithMaskedBaseid += startS;
- logWithMaskedBaseid += "xxxxxxxxxxxxxxxxxxxxxxxx";
- logWithMaskedBaseid += logString.substring(end,
- logString.length());
- }
- }
- parameters
- .put(item.getFieldName(), item.getString("UTF-8"));
- Logger.debug("Processed multipart/form-data request parameter: \nName: "
- + item.getFieldName()
- + "\nValue: "
- + logWithMaskedBaseid);
- }
- }
- }
-
- else {
- // request is encoded as application/x-www-urlencoded
- InputStream in = req.getInputStream();
-
- String paramName;
- String paramValueURLEncoded;
- do {
- paramName = new String(readBytesUpTo(in, '='));
- if (paramName.length() > 0) {
- paramValueURLEncoded = readBytesUpTo(in, '&');
- String paramValue = URLDecoder.decode(paramValueURLEncoded,
- "UTF-8");
- parameters.put(paramName, paramValue);
- }
- } while (paramName.length() > 0);
- in.close();
- }
-
- return parameters;
- }
-
- /**
- * Reads bytes up to a delimiter, consuming the delimiter.
- *
- * @param in
- * input stream
- * @param delimiter
- * delimiter character
- * @return String constructed from the read bytes
- * @throws IOException
- */
- protected String readBytesUpTo(InputStream in, char delimiter)
- throws IOException {
- ByteArrayOutputStream bout = new ByteArrayOutputStream();
- boolean done = false;
- int b;
- while (!done && (b = in.read()) >= 0) {
- if (b == delimiter)
- done = true;
- else
- bout.write(b);
- }
- return bout.toString();
- }
-
- /**
- * Calls the web application initializer.
- *
- * @see javax.servlet.Servlet#init(ServletConfig)
- */
- public void init(ServletConfig servletConfig) throws ServletException {
- super.init(servletConfig);
- }
-
-
-// public void contextDestroyed(ServletContextEvent arg0) {
-// Security.removeProvider((new IAIK()).getName());
-// Security.removeProvider((new ECCProvider()).getName());
+///*******************************************************************************
+// * Copyright 2014 Federal Chancellery Austria
+// * MOA-ID has been developed in a cooperation between BRZ, the Federal
+// * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+// *
+// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+// * the European Commission - subsequent versions of the EUPL (the "Licence");
+// * You may not use this work except in compliance with the Licence.
+// * You may obtain a copy of the Licence at:
+// * http://www.osor.eu/eupl/
+// *
+// * Unless required by applicable law or agreed to in writing, software
+// * distributed under the Licence is distributed on an "AS IS" basis,
+// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// * See the Licence for the specific language governing permissions and
+// * limitations under the Licence.
+// *
+// * This product combines work with different licenses. See the "NOTICE" text
+// * file for details on the various modules and licenses.
+// * The "NOTICE" text file is part of the distribution. Any derivative works
+// * that you distribute must include a readable copy of the "NOTICE" text file.
+// ******************************************************************************/
+///*
+// * Copyright 2003 Federal Chancellery Austria
+// * MOA-ID has been developed in a cooperation between BRZ, the Federal
+// * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+// *
+// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+// * the European Commission - subsequent versions of the EUPL (the "Licence");
+// * You may not use this work except in compliance with the Licence.
+// * You may obtain a copy of the Licence at:
+// * http://www.osor.eu/eupl/
+// *
+// * Unless required by applicable law or agreed to in writing, software
+// * distributed under the Licence is distributed on an "AS IS" basis,
+// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// * See the Licence for the specific language governing permissions and
+// * limitations under the Licence.
+// *
+// * This product combines work with different licenses. See the "NOTICE" text
+// * file for details on the various modules and licenses.
+// * The "NOTICE" text file is part of the distribution. Any derivative works
+// * that you distribute must include a readable copy of the "NOTICE" text file.
+// */
+//
+//package at.gv.egovernment.moa.id.auth.servlet;
+//
+//import java.io.IOException;
+//
+//import javax.servlet.RequestDispatcher;
+//import javax.servlet.ServletConfig;
+//import javax.servlet.ServletContext;
+//import javax.servlet.ServletException;
+//import javax.servlet.http.HttpServlet;
+//import javax.servlet.http.HttpServletRequest;
+//import javax.servlet.http.HttpServletResponse;
+//
+//import org.springframework.beans.BeansException;
+//import org.springframework.beans.factory.NoSuchBeanDefinitionException;
+//import org.springframework.beans.factory.NoUniqueBeanDefinitionException;
+//import org.springframework.web.context.WebApplicationContext;
+//import org.springframework.web.context.support.WebApplicationContextUtils;
+//
+//import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger;
+//import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+//import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+//import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+//import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+//import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+//import at.gv.egovernment.moa.id.config.ConfigurationException;
+//import at.gv.egovernment.moa.id.process.ProcessEngine;
+//import at.gv.egovernment.moa.id.process.ProcessExecutionException;
+//import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl;
+//import at.gv.egovernment.moa.id.storage.IExceptionStore;
+//import at.gv.egovernment.moa.id.util.ServletUtils;
+//import at.gv.egovernment.moa.logging.Logger;
+//import at.gv.egovernment.moa.util.MiscUtil;
+//
+///**
+// * Base class for MOA-ID Auth Servlets, providing standard error handling and
+// * constant names.
+// *
+// * @author Paul Ivancsics
+// * @version $Id$
+// */
+//public class AuthServlet extends HttpServlet {
+//
+// /**
+// *
+// */
+// private static final long serialVersionUID = -6929905344382283738L;
+//
+// protected static final String ERROR_CODE_PARAM = "errorid";
+//
+// /**
+// * The process engine.
+// */
+// private ProcessEngine processEngine;
+//
+// @Override
+// protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+// throws ServletException, IOException {
+// Logger.debug("GET " + this.getServletName());
+//
+// this.setNoCachingHeadersInHttpRespone(req, resp);
// }
-
- /**
- * Set response headers to avoid caching
- *
- * @param request
- * HttpServletRequest
- * @param response
- * HttpServletResponse
- */
- protected void setNoCachingHeadersInHttpRespone(HttpServletRequest request,
- HttpServletResponse response) {
- response.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,
- MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
- response.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,
- MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
- response.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
- MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
- response.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
- MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
-
- }
-
- /**
- * Adds a parameter to a URL.
- *
- * @param url
- * the URL
- * @param paramname
- * parameter name
- * @param paramvalue
- * parameter value
- * @return the URL with parameter added
- */
- protected static String addURLParameter(String url, String paramname,
- String paramvalue) {
- String param = paramname + "=" + paramvalue;
- if (url.indexOf("?") < 0)
- return url + "?" + param;
- else
- return url + "&" + param;
- }
-
- /**
- * Checks if HTTP requests are allowed
- *
- * @param authURL
- * requestURL
- * @throws AuthenticationException
- * if HTTP requests are not allowed
- * @throws ConfigurationException
- */
- protected void checkIfHTTPisAllowed(String authURL)
- throws AuthenticationException, ConfigurationException {
- // check if HTTP Connection may be allowed (through
- // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY)
-
- //Removed from MOA-ID 2.0 config
-// String boolStr = AuthConfigurationProvider
-// .getInstance()
-// .getGenericConfigurationParameter(
-// AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY);
- if ((!authURL.startsWith("https:"))
- //&& (false == BoolUtils.valueOf(boolStr))
- )
- throw new AuthenticationException("auth.07", new Object[] { authURL
- + "*" });
-
- }
-
-
- /**
- * Returns the underlying process engine instance.
- *
- * @return The process engine (never {@code null}).
- * @throws NoSuchBeanDefinitionException
- * if no {@link ProcessEngine} bean was found.
- * @throws NoUniqueBeanDefinitionException
- * if more than one {@link ProcessEngine} bean was found.
- * @throws BeansException
- * if a problem getting the {@link ProcessEngine} bean occurred.
- * @throws IllegalStateException
- * if the Spring WebApplicationContext was not found, which means that the servlet is used outside a
- * Spring web environment.
- */
- public synchronized ProcessEngine getProcessEngine() {
- if (processEngine == null) {
- WebApplicationContext ctx = WebApplicationContextUtils.getWebApplicationContext(getServletContext());
- if (ctx == null) {
- throw new IllegalStateException(
- "Unable to find Spring WebApplicationContext. Servlet needs to be executed within a Spring web environment.");
- }
- processEngine = ctx.getBean(ProcessEngine.class);
- }
- return processEngine;
- }
-
-}
+//
+// protected void handleErrorNoRedirect(String errorMessage, Throwable exceptionThrown,
+// HttpServletRequest req, HttpServletResponse resp) {
+//
+// if (null != errorMessage) {
+// Logger.error(errorMessage);
+// req.setAttribute("ErrorMessage", errorMessage);
+// }
+//
+// if (null != exceptionThrown) {
+// if (null == errorMessage)
+// errorMessage = exceptionThrown.getMessage();
+// Logger.error(errorMessage, exceptionThrown);
+// req.setAttribute("ExceptionThrown", exceptionThrown);
+// }
+//
+// if (Logger.isDebugEnabled()) {
+// req.setAttribute("LogLevel", "debug");
+// }
+//
+//
+// StatisticLogger logger = StatisticLogger.getInstance();
+// logger.logErrorOperation(exceptionThrown);
+//
+//
+// // forward this to errorpage-auth.jsp where the HTML error page is
+// // generated
+// ServletContext context = getServletContext();
+// RequestDispatcher dispatcher = context
+// .getRequestDispatcher("/errorpage-auth.jsp");
+// try {
+//
+// resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,
+// MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+// resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,
+// MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+// resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
+// MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+// resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
+// MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+//
+// dispatcher.forward(req, resp);
+// } catch (ServletException e) {
+// Logger.error(e);
+// } catch (IOException e) {
+// Logger.error(e);
+// }
+// }
+//
+// /**
+// * Handles an error. <br>>
+// * <ul>
+// * <li>Logs the error</li>
+// * <li>Places error message and exception thrown into the request as request
+// * attributes (to be used by <code>"/errorpage-auth.jsp"</code>)</li>
+// * <li>Sets HTTP status 500 (internal server error)</li>
+// * </ul>
+// *
+// * @param errorMessage
+// * error message
+// * @param exceptionThrown
+// * exception thrown
+// * @param req
+// * servlet request
+// * @param resp
+// * servlet response
+// */
+// protected void handleError(String errorMessage, Throwable exceptionThrown,
+// HttpServletRequest req, HttpServletResponse resp, String pendingRequestID) {
+//
+// Throwable loggedException = null;
+//
+// if (exceptionThrown != null
+// && exceptionThrown instanceof ProcessExecutionException) {
+// ProcessExecutionException procExc =
+// (ProcessExecutionException) exceptionThrown;
+// if (procExc.getCause() != null &&
+// procExc.getCause() instanceof TaskExecutionException) {
+// TaskExecutionException taskExc = (TaskExecutionException) procExc.getCause();
+// loggedException = taskExc.getOriginalException();
+//
+// }
+// }
+//
+// if (loggedException == null)
+// loggedException = exceptionThrown;
+//
+//
+// if (!(loggedException instanceof MOAIDException)) {
+// Logger.error("Receive an internal error: Message=" + loggedException.getMessage(), loggedException);
+//
+// } else {
+// if (Logger.isDebugEnabled() || Logger.isTraceEnabled()) {
+// Logger.error(loggedException.getMessage(), loggedException);
+//
+// } else {
+// Logger.error(loggedException.getMessage());
+//
+// }
+// }
+//
+// IExceptionStore store = DBExceptionStoreImpl.getStore();
+// String id = store.storeException(loggedException);
+//
+// if (id != null && MiscUtil.isNotEmpty(pendingRequestID)) {
+//
+// String redirectURL = null;
+//
+// redirectURL = ServletUtils.getBaseUrl(req);
+//
+// //TODO: DEVELOPMENT
+//// redirectURL += "/dispatcher?" + ERROR_CODE_PARAM + "=" + id
+//// + "&" + DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID;
+//
+// resp.setContentType("text/html");
+// resp.setStatus(302);
+//
+// resp.addHeader("Location", redirectURL);
+// Logger.debug("REDIRECT TO: " + redirectURL);
+//
+// return;
+//
+// } else {
+//
+// //Exception can not be stored in database
+// handleErrorNoRedirect(errorMessage, loggedException, req, resp);
+// }
+// }
+//
+// /**
+// * Handles a <code>WrongParametersException</code>.
+// *
+// * @param req
+// * servlet request
+// * @param resp
+// * servlet response
+// */
+// protected void handleWrongParameters(WrongParametersException ex,
+// HttpServletRequest req, HttpServletResponse resp) {
+// Logger.error(ex.toString());
+// req.setAttribute("WrongParameters", ex.getMessage());
+//
+// // forward this to errorpage-auth.jsp where the HTML error page is
+// // generated
+// ServletContext context = getServletContext();
+// RequestDispatcher dispatcher = context
+// .getRequestDispatcher("/errorpage-auth.jsp");
+// try {
+// resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,
+// MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+// resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,
+// MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+// resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
+// MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+// resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
+// MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+//
+// dispatcher.forward(req, resp);
+// } catch (ServletException e) {
+// Logger.error(e);
+// } catch (IOException e) {
+// Logger.error(e);
+// }
+// }
+//
+//
+// /**
+// * Calls the web application initializer.
+// *
+// * @see javax.servlet.Servlet#init(ServletConfig)
+// */
+// public void init(ServletConfig servletConfig) throws ServletException {
+// super.init(servletConfig);
+// }
+//
+//
+// /**
+// * Set response headers to avoid caching
+// *
+// * @param request
+// * HttpServletRequest
+// * @param response
+// * HttpServletResponse
+// */
+// protected void setNoCachingHeadersInHttpRespone(HttpServletRequest request,
+// HttpServletResponse response) {
+// response.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,
+// MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+// response.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,
+// MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+// response.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
+// MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+// response.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
+// MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+//
+// }
+//
+// /**
+// * Adds a parameter to a URL.
+// *
+// * @param url
+// * the URL
+// * @param paramname
+// * parameter name
+// * @param paramvalue
+// * parameter value
+// * @return the URL with parameter added
+// */
+// protected static String addURLParameter(String url, String paramname,
+// String paramvalue) {
+// String param = paramname + "=" + paramvalue;
+// if (url.indexOf("?") < 0)
+// return url + "?" + param;
+// else
+// return url + "&" + param;
+// }
+//
+// /**
+// * Checks if HTTP requests are allowed
+// *
+// * @param authURL
+// * requestURL
+// * @throws AuthenticationException
+// * if HTTP requests are not allowed
+// * @throws ConfigurationException
+// */
+// protected void checkIfHTTPisAllowed(String authURL)
+// throws AuthenticationException, ConfigurationException {
+// // check if HTTP Connection may be allowed (through
+// // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY)
+//
+// //Removed from MOA-ID 2.0 config
+//// String boolStr = AuthConfigurationProvider
+//// .getInstance()
+//// .getGenericConfigurationParameter(
+//// AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY);
+// if ((!authURL.startsWith("https:"))
+// //&& (false == BoolUtils.valueOf(boolStr))
+// )
+// throw new AuthenticationException("auth.07", new Object[] { authURL
+// + "*" });
+//
+// }
+//
+//
+// /**
+// * Returns the underlying process engine instance.
+// *
+// * @return The process engine (never {@code null}).
+// * @throws NoSuchBeanDefinitionException
+// * if no {@link ProcessEngine} bean was found.
+// * @throws NoUniqueBeanDefinitionException
+// * if more than one {@link ProcessEngine} bean was found.
+// * @throws BeansException
+// * if a problem getting the {@link ProcessEngine} bean occurred.
+// * @throws IllegalStateException
+// * if the Spring WebApplicationContext was not found, which means that the servlet is used outside a
+// * Spring web environment.
+// */
+// public synchronized ProcessEngine getProcessEngine() {
+// if (processEngine == null) {
+// WebApplicationContext ctx = WebApplicationContextUtils.getWebApplicationContext(getServletContext());
+// if (ctx == null) {
+// throw new IllegalStateException(
+// "Unable to find Spring WebApplicationContext. Servlet needs to be executed within a Spring web environment.");
+// }
+// processEngine = ctx.getBean(ProcessEngine.class);
+// }
+// return processEngine;
+// }
+//
+//}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ExceptionStoreImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java
index ce974c531..6bccd5b88 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ExceptionStoreImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java
@@ -1,4 +1,4 @@
-/*******************************************************************************
+/*
* Copyright 2014 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
* Chancellery Austria - ICT staff unit, and Graz University of Technology.
@@ -19,40 +19,33 @@
* file for details on the various modules and licenses.
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.storage;
+ */
+package at.gv.egovernment.moa.id.auth.servlet;
-import java.util.HashMap;
-import java.util.Map;
+import java.io.IOException;
-import at.gv.egovernment.moa.id.util.Random;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
-public class ExceptionStoreImpl implements IExceptionStore {
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
- // Just a quick implementation
- private static IExceptionStore store;
-
- public static IExceptionStore getStore() {
- if(store == null) {
- store = new ExceptionStoreImpl();
- }
- return store;
- }
-
- private Map<String, Throwable> exceptionStore = new HashMap<String, Throwable>();
-
- public String storeException(Throwable e) {
- String id = Random.nextRandom();
- exceptionStore.put(id, e);
- return id;
- }
-
- public Throwable fetchException(String id) {
- return exceptionStore.get(id);
- }
+/**
+ * @author tlenz
+ *
+ */
+@Controller
+public class GeneralProcessEngineSignalController extends AbstractProcessEngineSignalController {
- public void removeException(String id) {
- exceptionStore.remove(id);
+
+ @RequestMapping(value = {"/GenerateIframeTemplate",
+ "/SSOSendAssertionServlet",
+ "/signalProcess"
+ },
+ method = {RequestMethod.POST, RequestMethod.GET})
+ public void performGenericAuthenticationProcess(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+ signalProcessManagement(req, resp);
+
}
-
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
index 15d596049..663a14881 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
@@ -1,168 +1,168 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-package at.gv.egovernment.moa.id.auth.servlet;
-
-import java.io.IOException;
-import java.util.Enumeration;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.lang.StringEscapeUtils;
-
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-import at.gv.egovernment.moa.id.auth.modules.registration.ModuleRegistration;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.process.ExecutionContextImpl;
-import at.gv.egovernment.moa.id.process.ProcessExecutionException;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-public class GenerateIFrameTemplateServlet extends AuthServlet {
-
- private static final long serialVersionUID = 1L;
-
- protected void doGet(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
- Logger.debug("Receive " + GenerateIFrameTemplateServlet.class + " Request");
-
- String pendingRequestID = null;
-
- try {
- String moasessionid = req.getParameter(MOAIDAuthConstants.PARAM_SESSIONID);
- moasessionid = StringEscapeUtils.escapeHtml(moasessionid);
- AuthenticationSession moasession = null;
- try {
- pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moasessionid);
- moasession = AuthenticationSessionStoreage.getSession(moasessionid);
-
- } catch (MOADatabaseException e) {
- Logger.info("MOASession with SessionID="+ moasessionid + " is not found in Database");
- throw new MOAIDException("init.04", new Object[] {
- moasessionid});
-
- } catch (Throwable e) {
- Logger.info("No HTTP Session found!");
- throw new MOAIDException("auth.18", new Object[] {});
- }
-
-
-
- ExecutionContext ec = new ExecutionContextImpl();
- // set execution context
- Enumeration<String> reqParamNames = req.getParameterNames();
- while(reqParamNames.hasMoreElements()) {
- String paramName = reqParamNames.nextElement();
- if (MiscUtil.isNotEmpty(paramName))
- ec.put(paramName, req.getParameter(paramName));
-
- }
-
- ec.put("pendingRequestID", pendingRequestID);
- ec.put(MOAIDAuthConstants.PARAM_SESSIONID, moasessionid);
-
-// String bkuid = req.getParameter(MOAIDAuthConstants.PARAM_BKU);
-// String useMandate = req.getParameter(MOAIDAuthConstants.PARAM_USEMANDATE);
-// String ccc = req.getParameter(MOAIDAuthConstants.PARAM_CCC);
-// ec.put("ccc", moasession.getCcc());
-// ec.put("useMandate", moasession.getUseMandate());
-// ec.put("bkuURL", moasession.getBkuURL());
-
- // select and create process instance
- String processDefinitionId = ModuleRegistration.getInstance().selectProcess(ec);
- if (processDefinitionId == null) {
- Logger.warn("No suitable process found for SessionID " + moasession.getSessionID());
- throw new MOAIDException("process.02", new Object[] { moasession.getSessionID() });
- }
-
- String processInstanceId = getProcessEngine().createProcessInstance(processDefinitionId, ec);
-
- // keep process instance id in moa session
- moasession.setProcessInstanceId(processInstanceId);
-
- // make sure moa session has been persisted before running the process
- try {
- AuthenticationSessionStoreage.storeSession(moasession);
- } catch (MOADatabaseException e) {
- Logger.error("Database Error! MOASession is not stored!");
- throw new MOAIDException("init.04", new Object[] { moasession.getSessionID() });
- }
-
- Logger.info("BKU is selected -> Start BKU communication ...");
-
- // start process
- getProcessEngine().start(processInstanceId);
-
- }
- catch (WrongParametersException ex) {
- handleWrongParameters(ex, req, resp);
- }
-
- catch (MOAIDException ex) {
- handleError(null, ex, req, resp, pendingRequestID);
-
- } catch (ProcessExecutionException e) {
- Throwable cause = e.getCause();
- if (cause != null && cause instanceof TaskExecutionException) {
- Throwable taskCause = cause.getCause();
- if (taskCause != null && taskCause instanceof WrongParametersException) {
- WrongParametersException internalEx = (WrongParametersException) taskCause;
- handleWrongParameters(internalEx, req, resp);
- return;
-
- } else if (taskCause != null && taskCause instanceof MOAIDException) {
- MOAIDException moaTaskCause = (MOAIDException) taskCause;
- handleError(null, moaTaskCause, req, resp, pendingRequestID);
- return;
-
- }
- }
-
- Logger.error("BKUSelectionServlet has an interal Error.", e);
-
- } catch (Exception e) {
- Logger.error("BKUSelectionServlet has an interal Error.", e);
-
- }
-
- finally {
-
- }
- }
-
-
-
-
-
-
-
-
-
-}
+///*******************************************************************************
+// * Copyright 2014 Federal Chancellery Austria
+// * MOA-ID has been developed in a cooperation between BRZ, the Federal
+// * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+// *
+// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+// * the European Commission - subsequent versions of the EUPL (the "Licence");
+// * You may not use this work except in compliance with the Licence.
+// * You may obtain a copy of the Licence at:
+// * http://www.osor.eu/eupl/
+// *
+// * Unless required by applicable law or agreed to in writing, software
+// * distributed under the Licence is distributed on an "AS IS" basis,
+// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// * See the Licence for the specific language governing permissions and
+// * limitations under the Licence.
+// *
+// * This product combines work with different licenses. See the "NOTICE" text
+// * file for details on the various modules and licenses.
+// * The "NOTICE" text file is part of the distribution. Any derivative works
+// * that you distribute must include a readable copy of the "NOTICE" text file.
+// ******************************************************************************/
+//package at.gv.egovernment.moa.id.auth.servlet;
+//
+//import java.io.IOException;
+//import java.util.Enumeration;
+//
+//import javax.servlet.ServletException;
+//import javax.servlet.http.HttpServletRequest;
+//import javax.servlet.http.HttpServletResponse;
+//
+//import org.apache.commons.lang.StringEscapeUtils;
+//
+//import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+//import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+//import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+//import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+//import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+//import at.gv.egovernment.moa.id.auth.modules.registration.ModuleRegistration;
+//import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+//import at.gv.egovernment.moa.id.process.ExecutionContextImpl;
+//import at.gv.egovernment.moa.id.process.ProcessExecutionException;
+//import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+//import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+//import at.gv.egovernment.moa.logging.Logger;
+//import at.gv.egovernment.moa.util.MiscUtil;
+//
+//public class GenerateIFrameTemplateServlet extends AuthServlet {
+//
+// private static final long serialVersionUID = 1L;
+//
+// protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+// throws ServletException, IOException {
+// Logger.debug("Receive " + GenerateIFrameTemplateServlet.class + " Request");
+//
+// String pendingRequestID = null;
+//
+// try {
+// String moasessionid = req.getParameter(MOAIDAuthConstants.PARAM_SESSIONID);
+// moasessionid = StringEscapeUtils.escapeHtml(moasessionid);
+// AuthenticationSession moasession = null;
+// try {
+// pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moasessionid);
+// moasession = AuthenticationSessionStoreage.getSession(moasessionid);
+//
+// } catch (MOADatabaseException e) {
+// Logger.info("MOASession with SessionID="+ moasessionid + " is not found in Database");
+// throw new MOAIDException("init.04", new Object[] {
+// moasessionid});
+//
+// } catch (Throwable e) {
+// Logger.info("No HTTP Session found!");
+// throw new MOAIDException("auth.18", new Object[] {});
+// }
+//
+//
+//
+// ExecutionContext ec = new ExecutionContextImpl();
+// // set execution context
+// Enumeration<String> reqParamNames = req.getParameterNames();
+// while(reqParamNames.hasMoreElements()) {
+// String paramName = reqParamNames.nextElement();
+// if (MiscUtil.isNotEmpty(paramName))
+// ec.put(paramName, req.getParameter(paramName));
+//
+// }
+//
+// ec.put("pendingRequestID", pendingRequestID);
+// ec.put(MOAIDAuthConstants.PARAM_SESSIONID, moasessionid);
+//
+//// String bkuid = req.getParameter(MOAIDAuthConstants.PARAM_BKU);
+//// String useMandate = req.getParameter(MOAIDAuthConstants.PARAM_USEMANDATE);
+//// String ccc = req.getParameter(MOAIDAuthConstants.PARAM_CCC);
+//// ec.put("ccc", moasession.getCcc());
+//// ec.put("useMandate", moasession.getUseMandate());
+//// ec.put("bkuURL", moasession.getBkuURL());
+//
+// // select and create process instance
+// String processDefinitionId = ModuleRegistration.getInstance().selectProcess(ec);
+// if (processDefinitionId == null) {
+// Logger.warn("No suitable process found for SessionID " + moasession.getSessionID());
+// throw new MOAIDException("process.02", new Object[] { moasession.getSessionID() });
+// }
+//
+// String processInstanceId = getProcessEngine().createProcessInstance(processDefinitionId, ec);
+//
+// // keep process instance id in moa session
+// moasession.setProcessInstanceId(processInstanceId);
+//
+// // make sure moa session has been persisted before running the process
+// try {
+// AuthenticationSessionStoreage.storeSession(moasession);
+// } catch (MOADatabaseException e) {
+// Logger.error("Database Error! MOASession is not stored!");
+// throw new MOAIDException("init.04", new Object[] { moasession.getSessionID() });
+// }
+//
+// Logger.info("BKU is selected -> Start BKU communication ...");
+//
+// // start process
+// getProcessEngine().start(processInstanceId);
+//
+// }
+// catch (WrongParametersException ex) {
+// handleWrongParameters(ex, req, resp);
+// }
+//
+// catch (MOAIDException ex) {
+// handleError(null, ex, req, resp, pendingRequestID);
+//
+// } catch (ProcessExecutionException e) {
+// Throwable cause = e.getCause();
+// if (cause != null && cause instanceof TaskExecutionException) {
+// Throwable taskCause = cause.getCause();
+// if (taskCause != null && taskCause instanceof WrongParametersException) {
+// WrongParametersException internalEx = (WrongParametersException) taskCause;
+// handleWrongParameters(internalEx, req, resp);
+// return;
+//
+// } else if (taskCause != null && taskCause instanceof MOAIDException) {
+// MOAIDException moaTaskCause = (MOAIDException) taskCause;
+// handleError(null, moaTaskCause, req, resp, pendingRequestID);
+// return;
+//
+// }
+// }
+//
+// Logger.error("BKUSelectionServlet has an interal Error.", e);
+//
+// } catch (Exception e) {
+// Logger.error("BKUSelectionServlet has an interal Error.", e);
+//
+// }
+//
+// finally {
+//
+// }
+// }
+//
+//
+//
+//
+//
+//
+//
+//
+//
+//}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
index fe5cd1ac0..48292cee1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
@@ -31,6 +31,8 @@ import javax.servlet.http.HttpServletResponse;
import org.apache.velocity.VelocityContext;
import org.opensaml.saml2.core.LogoutResponse;
import org.opensaml.saml2.metadata.SingleLogoutService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Controller;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
@@ -43,8 +45,7 @@ import at.gv.egovernment.moa.id.moduls.SSOManager;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NOSLOServiceDescriptorException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
-import at.gv.egovernment.moa.id.storage.AssertionStorage;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.HTTPUtils;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.util.Random;
@@ -56,10 +57,13 @@ import at.gv.egovernment.moa.util.URLEncoder;
* @author tlenz
*
*/
-public class IDPSingleLogOutServlet extends AuthServlet {
+@Controller
+public class IDPSingleLogOutServlet extends AbstractController {
- private static final long serialVersionUID = -1301786072691577221L;
-
+ @Autowired SSOManager ssoManager;
+ @Autowired AuthenticationManager authManager;
+ @Autowired IAuthenticationSessionStoreage authenicationStorage;
+
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
Logger.debug("receive IDP SingleLogOut Request");
@@ -79,9 +83,8 @@ public class IDPSingleLogOutServlet extends AuthServlet {
return;
}
-
- SSOManager ssomanager = SSOManager.getInstance();
- String ssoid = ssomanager.getSSOSessionID(req);
+
+ String ssoid = ssoManager.getSSOSessionID(req);
Object restartProcessObj = req.getParameter(MOAIDAuthConstants.PARAM_SLORESTART);
@@ -91,9 +94,9 @@ public class IDPSingleLogOutServlet extends AuthServlet {
if (tokkenObj != null && tokkenObj instanceof String) {
tokken = (String) tokkenObj;
try {
- status = AssertionStorage.getInstance().get(tokken, String.class);
+ status = transactionStorage.get(tokken, String.class);
if (MiscUtil.isNotEmpty(status)) {
- AssertionStorage.getInstance().remove(tokken);
+ transactionStorage.remove(tokken);
}
VelocityContext context = new VelocityContext();
@@ -104,13 +107,13 @@ public class IDPSingleLogOutServlet extends AuthServlet {
context.put("errorMsg",
MOAIDMessageProvider.getInstance().getMessage("slo.01", null));
- ssomanager.printSingleLogOutInfo(context, resp);
+ ssoManager.printSingleLogOutInfo(context, resp);
} catch (MOAIDException e) {
- handleErrorNoRedirect(e.getMessage(), e, req, resp);
+ handleErrorNoRedirect(e, req, resp);
} catch (MOADatabaseException e) {
- handleErrorNoRedirect(e.getMessage(), e, req, resp);
+ handleErrorNoRedirect(e, req, resp);
}
@@ -118,16 +121,14 @@ public class IDPSingleLogOutServlet extends AuthServlet {
} else if (MiscUtil.isNotEmpty(ssoid)) {
try {
- if (ssomanager.isValidSSOSession(ssoid, null)) {
+ if (ssoManager.isValidSSOSession(ssoid, null)) {
- AuthenticationManager authmanager = AuthenticationManager.getInstance();
- String moaSessionID = AuthenticationSessionStoreage.getMOASessionSSOID(ssoid);
+ String moaSessionID = authenicationStorage.getMOASessionSSOID(ssoid);
if (MiscUtil.isNotEmpty(moaSessionID)) {
- AuthenticationSession authSession = AuthenticationSessionStoreage
- .getSession(moaSessionID);
+ AuthenticationSession authSession = authenicationStorage.getSession(moaSessionID);
if(authSession != null) {
- authmanager.performSingleLogOut(req, resp, authSession, authURL);
+ authManager.performSingleLogOut(req, resp, authSession, authURL);
return;
}
@@ -147,7 +148,7 @@ public class IDPSingleLogOutServlet extends AuthServlet {
if (MiscUtil.isNotEmpty(restartProcess)) {
Logger.info("Restart Single LogOut process after timeout ... ");
try {
- SLOInformationContainer sloContainer = AssertionStorage.getInstance().get(restartProcess, SLOInformationContainer.class);
+ SLOInformationContainer sloContainer = transactionStorage.get(restartProcess, SLOInformationContainer.class);
if (sloContainer.hasFrontChannelOA())
sloContainer.putFailedOA("differntent OAs");
@@ -171,13 +172,13 @@ public class IDPSingleLogOutServlet extends AuthServlet {
else
statusCode = MOAIDAuthConstants.SLOSTATUS_ERROR;
- AssertionStorage.getInstance().put(artifact, statusCode);
- redirectURL = addURLParameter(redirectURL, MOAIDAuthConstants.PARAM_SLOSTATUS, artifact);
+ transactionStorage.put(artifact, statusCode);
+ redirectURL = HTTPUtils.addURLParameter(redirectURL, MOAIDAuthConstants.PARAM_SLOSTATUS, artifact);
}
- //redirect to Redirect Servlet
- String url = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + "/RedirectServlet";
- url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(redirectURL, "UTF-8"));
+ //redirect to Redirect Servlet
+ String url = authURL + "/RedirectServlet";
+ url = HTTPUtils.addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(redirectURL, "UTF-8"));
url = resp.encodeRedirectURL(url);
resp.setContentType("text/html");
@@ -205,10 +206,11 @@ public class IDPSingleLogOutServlet extends AuthServlet {
MOAIDMessageProvider.getInstance().getMessage("slo.01", null));
try {
- ssomanager.printSingleLogOutInfo(context, resp);
+ ssoManager.printSingleLogOutInfo(context, resp);
} catch (MOAIDException e) {
e.printStackTrace();
+
}
return;
}
@@ -218,10 +220,11 @@ public class IDPSingleLogOutServlet extends AuthServlet {
context.put("successMsg",
MOAIDMessageProvider.getInstance().getMessage("slo.02", null));
try {
- ssomanager.printSingleLogOutInfo(context, resp);
+ ssoManager.printSingleLogOutInfo(context, resp);
} catch (MOAIDException e) {
e.printStackTrace();
+
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
index a5504ec4c..4ed276814 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
@@ -51,6 +51,7 @@ import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
@@ -58,9 +59,8 @@ import org.springframework.web.bind.annotation.RequestMethod;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
-import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.moduls.SSOManager;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.HTTPUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -70,14 +70,16 @@ import at.gv.egovernment.moa.util.MiscUtil;
public class LogOutServlet {
private static final String REDIRECT_URL = "redirect";
+ @Autowired private SSOManager ssomanager;
+ @Autowired private AuthenticationManager authmanager;
+ @Autowired private IAuthenticationSessionStoreage authenticatedSessionStorage;
+
@RequestMapping(value = "/LogOut", method = {RequestMethod.POST, RequestMethod.GET})
public void performLogOut(HttpServletRequest req, HttpServletResponse resp) throws IOException {
Logger.debug("receive LogOut Request");
String redirectUrl = (String) req.getParameter(REDIRECT_URL);
-
- SSOManager ssomanager = SSOManager.getInstance();
-
+
try {
//get SSO token from request
String ssoid = ssomanager.getSSOSessionID(req);
@@ -103,15 +105,13 @@ public class LogOutServlet {
//TODO: Single LogOut Implementation
//delete SSO session and MOA session
- AuthenticationManager authmanager = AuthenticationManager.getInstance();
- String moasessionid = AuthenticationSessionStoreage.getMOASessionSSOID(ssoid);
-
- RequestStorage.removePendingRequest(AuthenticationSessionStoreage.getPendingRequestID(moasessionid));
-
+ String moasessionid = authenticatedSessionStorage.getMOASessionSSOID(ssoid);
authmanager.performOnlyIDPLogOut(req, resp, moasessionid);
+
Logger.info("User with SSO Id " + ssoid + " is logged out and get redirect to "+ redirectUrl);
} else {
Logger.info("No active SSO session found. User is maybe logout already and get redirect to "+ redirectUrl);
+
}
//Remove SSO token
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java
deleted file mode 100644
index f3e3ae8a4..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java
+++ /dev/null
@@ -1,122 +0,0 @@
-package at.gv.egovernment.moa.id.auth.servlet;
-
-import java.io.IOException;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.lang.StringEscapeUtils;
-
-import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
-import at.gv.egovernment.moa.id.auth.BaseAuthenticationServer;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.moduls.RequestStorage;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * Servlet that resumes a suspended process (in case of asynchronous tasks).
- *
- * @author tknall
- *
- */
-public class ProcessEngineSignalServlet extends AuthServlet {
-
- private static final long serialVersionUID = 1L;
-
- /**
- * Sets response headers that prevent caching (code taken from {@link AuthServlet}).
- *
- * @param resp
- * The HttpServletResponse.
- */
- private void setNoCachingHeaders(HttpServletResponse resp) {
- resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES, MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
- resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA, MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
- resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
- resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
- }
-
- /**
- * Processes a GET request, delegating the call to {@link #doPost(HttpServletRequest, HttpServletResponse)}.
- */
- @Override
- protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
- this.doPost(req, resp);
- }
-
- /**
- * Resumes the current process instance that has been suspended due to an asynchronous task. The process instance is
- * retrieved from the MOA session referred to by the request parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}.
- */
- @Override
- protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
- String sessionID = StringEscapeUtils.escapeHtml(getMoaSessionId(req));
-
- setNoCachingHeaders(resp);
- String pendingRequestID = null;
- try {
-
- if (sessionID == null) {
- throw new IllegalStateException("Unable to determine MOA session id.");
- }
-
- // retrieve moa session
- pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
-
- IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID);
- if (pendingReq == null) {
- Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");
- throw new MOAIDException("auth.28", new Object[]{pendingRequestID});
-
- }
-
- AuthenticationSessionExtensions extendedSessionInformation = AuthenticationSessionStoreage.getAuthenticationSessionExtensions(sessionID);
- AuthenticationSession session = BaseAuthenticationServer.getSession(sessionID);
-
- //add transactionID and unique sessionID to Logger
- if (extendedSessionInformation != null)
- TransactionIDUtils.setSessionId(extendedSessionInformation.getUniqueSessionId());
- TransactionIDUtils.setTransactionId(pendingRequestID);
-
- // process instance is mandatory
- if (session.getProcessInstanceId() == null) {
- throw new IllegalStateException("MOA session does not provide process instance id.");
- }
-
- // wake up next task
- getProcessEngine().signal(session.getProcessInstanceId());
-
- } catch (Exception ex) {
- handleError(null, ex, req, resp, pendingRequestID);
-
- } finally {
- //MOASessionDBUtils.closeSession();
- TransactionIDUtils.removeTransactionId();
- TransactionIDUtils.removeSessionId();
-
- }
-
- }
-
- /**
- * Retrieves the current MOA session id from the HttpServletRequest parameter
- * {@link MOAIDAuthConstants#PARAM_SESSIONID}.
- * <p/>
- * Note that this class/method can be overwritten by modules providing their own strategy of retrieving the
- * respective MOA session id.
- *
- * @param request
- * The unterlying HttpServletRequest.
- * @return The current MOA session id.
- */
- public String getMoaSessionId(HttpServletRequest request) {
- return StringEscapeUtils.escapeHtml(request.getParameter(MOAIDAuthConstants.PARAM_SESSIONID));
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
index a914659b0..ba8ace6c9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
@@ -25,13 +25,16 @@ package at.gv.egovernment.moa.id.auth.servlet;
import java.io.IOException;
import java.io.PrintWriter;
-import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.builder.RedirectFormBuilder;
-
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.moduls.SSOManager;
@@ -42,18 +45,16 @@ import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.URLEncoder;
-
-public class RedirectServlet extends AuthServlet{
-
- private static final long serialVersionUID = 1L;
+@Controller
+public class RedirectServlet {
public static final String REDIRCT_PARAM_URL = "redirecturl";
-
private static final String DEFAULT_REDIRECTTARGET = "_parent";
+ @Autowired SSOManager ssoManager;
- protected void doGet(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
+ @RequestMapping(value = "/RedirectServlet", method = RequestMethod.GET)
+ public void performLogOut(HttpServletRequest req, HttpServletResponse resp) throws IOException {
Logger.debug("Receive " + RedirectServlet.class + " Request");
String url = req.getParameter(REDIRCT_PARAM_URL);
@@ -89,12 +90,12 @@ public class RedirectServlet extends AuthServlet{
if (MiscUtil.isNotEmpty(target)) {
// redirectURL = addURLParameter(redirectURL, PARAM_TARGET,
// URLEncoder.encode(session.getTarget(), "UTF-8"));
- url = addURLParameter(url, MOAIDAuthConstants.PARAM_TARGET,
+ url = HTTPUtils.addURLParameter(url, MOAIDAuthConstants.PARAM_TARGET,
URLEncoder.encode(target, "UTF-8"));
}
- url = addURLParameter(url, MOAIDAuthConstants.PARAM_SAMLARTIFACT,
+ url = HTTPUtils.addURLParameter(url, MOAIDAuthConstants.PARAM_SAMLARTIFACT,
URLEncoder.encode(artifact, "UTF-8"));
url = resp.encodeRedirectURL(url);
@@ -109,8 +110,7 @@ public class RedirectServlet extends AuthServlet{
} else if (MiscUtil.isNotEmpty(interIDP)) {
//store IDP identifier and redirect to generate AuthRequst service
Logger.info("Receive an interfederation redirect request for IDP " + interIDP);
- SSOManager sso = SSOManager.getInstance();
- sso.setInterfederationIDPCookie(req, resp, interIDP);
+ ssoManager.setInterfederationIDPCookie(req, resp, interIDP);
Logger.debug("Redirect to " + url);
url = resp.encodeRedirectURL(url);
@@ -141,7 +141,7 @@ public class RedirectServlet extends AuthServlet{
}
+
}
-
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SAML2InterfederationSignalServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SAML2InterfederationSignalServlet.java
index 62ee1ed85..1d18ccb2c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SAML2InterfederationSignalServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SAML2InterfederationSignalServlet.java
@@ -28,9 +28,7 @@ package at.gv.egovernment.moa.id.auth.servlet;
*/
public class SAML2InterfederationSignalServlet extends
- ProcessEngineSignalServlet {
-
- private static final long serialVersionUID = 8208970012249149156L;
+ AbstractProcessEngineSignalController {
//TODO: getMOASessionID from SAML2 relayState
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java
index 064431a6b..4c895e387 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java
@@ -1,176 +1,177 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-package at.gv.egovernment.moa.id.auth.servlet;
-
-import java.io.IOException;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.lang.StringEscapeUtils;
-
-import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
-import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.moduls.ModulUtils;
-import at.gv.egovernment.moa.id.moduls.RequestStorage;
-import at.gv.egovernment.moa.id.moduls.SSOManager;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-public class SSOSendAssertionServlet extends AuthServlet{
-
- private static final long serialVersionUID = 1L;
-
- private static final String PARAM = "value";
- private static final String MODULE = "mod";
- private static final String ACTION = "action";
- private static final String ID = "identifier";
-
- protected void doPost(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
-
- String id = null;
- Logger.debug("Receive " + SSOSendAssertionServlet.class + " Request");
- try {
-
- Object idObject = req.getParameter(ID);
-
- if (idObject != null && (idObject instanceof String)) {
- id = (String) idObject;
- }
-
- String value = req.getParameter(PARAM);
- value = StringEscapeUtils.escapeHtml(value);
- if (!ParamValidatorUtils.isValidUseMandate(value))
- throw new WrongParametersException("SSOSendAssertionServlet", PARAM, null);
-
- //get module and action
- Object moduleObject = req.getParameter(MODULE);
- String module = null;
- if (moduleObject != null && (moduleObject instanceof String)) {
- module = (String) moduleObject;
- }
-
-
- Object actionObject = req.getParameter(ACTION);
- String action = null;
- if (actionObject != null && (actionObject instanceof String)) {
- action = (String) actionObject;
- }
-
- if (MiscUtil.isEmpty(module) || MiscUtil.isEmpty(action) || MiscUtil.isEmpty(id)) {
- Logger.warn("No Moduel or Action parameter received!");
- throw new WrongParametersException("Module or Action is empty", "", "auth.10");
- }
-
-
- SSOManager ssomanager = SSOManager.getInstance();
- //get SSO Cookie for Request
- String ssoId = ssomanager.getSSOSessionID(req);
-
- //check SSO session
- if (ssoId != null) {
- String correspondingMOASession = ssomanager.existsOldSSOSession(ssoId);
-
- if (correspondingMOASession != null) {
- Logger.warn("Request sends an old SSO Session ID("+ssoId+")! " +
- "Invalidate the corresponding MOASession with ID="+ correspondingMOASession);
-
-
- AuthenticationSessionStoreage.destroySession(correspondingMOASession);
-
- ssomanager.deleteSSOSessionID(req, resp);
- }
- }
-
- boolean isValidSSOSession = ssomanager.isValidSSOSession(ssoId, null);
-
- String moaSessionID = null;
-
- if (isValidSSOSession) {
-
-
- //check UseMandate flag
- String valueString = null;;
- if ((value != null) && (value.compareTo("") != 0)) {
- valueString = value;
- } else {
- valueString = "false";
- }
-
- if (valueString.compareToIgnoreCase("true") == 0) {
- moaSessionID = AuthenticationSessionStoreage.getMOASessionSSOID(ssoId);
- AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moaSessionID);
- AuthenticationSessionStoreage.setAuthenticated(moaSessionID, true);
-
- //log event
- //String pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID);
- IRequest pendingReq = RequestStorage.getPendingRequest(id);
- MOAReversionLogger.getInstance().logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_FINISHED);
-
- String redirectURL = new DataURLBuilder().buildDataURL(moasession.getAuthURL(),
- ModulUtils.buildAuthURL(module, action, id), "");
-
- resp.setContentType("text/html");
- resp.setStatus(302);
-
-
- resp.addHeader("Location", redirectURL);
- Logger.debug("REDIRECT TO: " + redirectURL);
-
- }
-
- else {
- throw new AuthenticationException("auth.21", new Object[] {});
- }
-
- } else {
- handleError("SSO Session is not valid", null, req, resp, id);
- }
-
-
- } catch (MOADatabaseException e) {
- handleError("SSO Session is not found", e, req, resp, id);
-
- } catch (WrongParametersException e) {
- handleError("Parameter is not valid", e, req, resp, id);
-
- } catch (AuthenticationException e) {
- handleError(e.getMessage(), e, req, resp, id);
-
- } catch (Exception e) {
- Logger.error("SSOSendAssertion has an interal Error.", e);
- }
-
- }
-
-}
+///*******************************************************************************
+// * Copyright 2014 Federal Chancellery Austria
+// * MOA-ID has been developed in a cooperation between BRZ, the Federal
+// * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+// *
+// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+// * the European Commission - subsequent versions of the EUPL (the "Licence");
+// * You may not use this work except in compliance with the Licence.
+// * You may obtain a copy of the Licence at:
+// * http://www.osor.eu/eupl/
+// *
+// * Unless required by applicable law or agreed to in writing, software
+// * distributed under the Licence is distributed on an "AS IS" basis,
+// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// * See the Licence for the specific language governing permissions and
+// * limitations under the Licence.
+// *
+// * This product combines work with different licenses. See the "NOTICE" text
+// * file for details on the various modules and licenses.
+// * The "NOTICE" text file is part of the distribution. Any derivative works
+// * that you distribute must include a readable copy of the "NOTICE" text file.
+// ******************************************************************************/
+//package at.gv.egovernment.moa.id.auth.servlet;
+//
+//import java.io.IOException;
+//
+//import javax.servlet.ServletException;
+//import javax.servlet.http.HttpServletRequest;
+//import javax.servlet.http.HttpServletResponse;
+//
+//import org.apache.commons.lang.StringEscapeUtils;
+//
+//import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+//import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
+//import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+//import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+//import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+//import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+//import at.gv.egovernment.moa.id.moduls.IRequest;
+//import at.gv.egovernment.moa.id.moduls.RequestStorage;
+//import at.gv.egovernment.moa.id.moduls.SSOManager;
+//import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+//import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+//import at.gv.egovernment.moa.logging.Logger;
+//import at.gv.egovernment.moa.util.MiscUtil;
+//
+//public class SSOSendAssertionServlet extends AuthServlet{
+//
+// private static final long serialVersionUID = 1L;
+//
+// private static final String PARAM = "value";
+// private static final String MODULE = "mod";
+// private static final String ACTION = "action";
+// private static final String ID = "identifier";
+//
+// protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+// throws ServletException, IOException {
+//
+// String id = null;
+// Logger.debug("Receive " + SSOSendAssertionServlet.class + " Request");
+// try {
+//
+// Object idObject = req.getParameter(ID);
+//
+// if (idObject != null && (idObject instanceof String)) {
+// id = (String) idObject;
+// }
+//
+// String value = req.getParameter(PARAM);
+// value = StringEscapeUtils.escapeHtml(value);
+// if (!ParamValidatorUtils.isValidUseMandate(value))
+// throw new WrongParametersException("SSOSendAssertionServlet", PARAM, null);
+//
+// //get module and action
+// Object moduleObject = req.getParameter(MODULE);
+// String module = null;
+// if (moduleObject != null && (moduleObject instanceof String)) {
+// module = (String) moduleObject;
+// }
+//
+//
+// Object actionObject = req.getParameter(ACTION);
+// String action = null;
+// if (actionObject != null && (actionObject instanceof String)) {
+// action = (String) actionObject;
+// }
+//
+// if (MiscUtil.isEmpty(module) || MiscUtil.isEmpty(action) || MiscUtil.isEmpty(id)) {
+// Logger.warn("No Moduel or Action parameter received!");
+// throw new WrongParametersException("Module or Action is empty", "", "auth.10");
+// }
+//
+//
+// SSOManager ssomanager = SSOManager.getInstance();
+// //get SSO Cookie for Request
+// String ssoId = ssomanager.getSSOSessionID(req);
+//
+// //check SSO session
+// if (ssoId != null) {
+// String correspondingMOASession = ssomanager.existsOldSSOSession(ssoId);
+//
+// if (correspondingMOASession != null) {
+// Logger.warn("Request sends an old SSO Session ID("+ssoId+")! " +
+// "Invalidate the corresponding MOASession with ID="+ correspondingMOASession);
+//
+//
+// AuthenticationSessionStoreage.destroySession(correspondingMOASession);
+//
+// ssomanager.deleteSSOSessionID(req, resp);
+// }
+// }
+//
+// boolean isValidSSOSession = ssomanager.isValidSSOSession(ssoId, null);
+//
+// String moaSessionID = null;
+//
+// if (isValidSSOSession) {
+//
+//
+// //check UseMandate flag
+// String valueString = null;;
+// if ((value != null) && (value.compareTo("") != 0)) {
+// valueString = value;
+// } else {
+// valueString = "false";
+// }
+//
+// if (valueString.compareToIgnoreCase("true") == 0) {
+// moaSessionID = AuthenticationSessionStoreage.getMOASessionSSOID(ssoId);
+// AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moaSessionID);
+// AuthenticationSessionStoreage.setAuthenticated(moaSessionID, true);
+//
+// //log event
+// //String pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID);
+// IRequest pendingReq = RequestStorage.getPendingRequest(id);
+// MOAReversionLogger.getInstance().logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_FINISHED);
+//
+// //TODO: only for development!!!!!!!
+//// String redirectURL = new DataURLBuilder().buildDataURL(moasession.getAuthURL(),
+//// ModulUtils.buildAuthURL(module, action, id), "");
+//
+// String redirectURL = "Remove commants in Class:SSOSendAssertionServlet Line:141";
+//
+// resp.setContentType("text/html");
+// resp.setStatus(302);
+//
+//
+// resp.addHeader("Location", redirectURL);
+// Logger.debug("REDIRECT TO: " + redirectURL);
+//
+// }
+//
+// else {
+// throw new AuthenticationException("auth.21", new Object[] {});
+// }
+//
+// } else {
+// handleError("SSO Session is not valid", null, req, resp, id);
+// }
+//
+//
+// } catch (MOADatabaseException e) {
+// handleError("SSO Session is not found", e, req, resp, id);
+//
+// } catch (WrongParametersException e) {
+// handleError("Parameter is not valid", e, req, resp, id);
+//
+// } catch (AuthenticationException e) {
+// handleError(e.getMessage(), e, req, resp, id);
+//
+// } catch (Exception e) {
+// Logger.error("SSOSendAssertion has an interal Error.", e);
+// }
+//
+// }
+//
+//}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java
index b68f42086..7f0a1c157 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java
@@ -74,6 +74,8 @@ public interface IOAAuthParameters {
public boolean isSTORKPVPGateway();
+ public boolean isRemovePBKFromAuthBlock();
+
/**
* @return the identityLinkDomainIdentifier
*/
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
index 386e04f45..171940063 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
@@ -486,4 +486,13 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{
// TODO Auto-generated method stub
return false;
}
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isRemovePBKFromAuthBlock()
+ */
+ @Override
+ public boolean isRemovePBKFromAuthBlock() {
+ // TODO Auto-generated method stub
+ return false;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index d1c3401a1..c7f86c167 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -1,624 +1,624 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.entrypoints;
-
-import java.io.IOException;
-import java.util.Iterator;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
-import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger;
-import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException;
-import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
-import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.data.SLOInformationInterface;
-import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
-import at.gv.egovernment.moa.id.moduls.IAction;
-import at.gv.egovernment.moa.id.moduls.IModulInfo;
-import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.moduls.ModulStorage;
-import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException;
-import at.gv.egovernment.moa.id.moduls.RequestStorage;
-import at.gv.egovernment.moa.id.moduls.SSOManager;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestValidatorException;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl;
-import at.gv.egovernment.moa.id.util.ErrorResponseUtils;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.id.util.Random;
-import at.gv.egovernment.moa.id.util.legacy.LegacyHelper;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-public class DispatcherServlet extends AuthServlet{
-
- /**
- *
- */
- private static final long serialVersionUID = 1L;
-
- public static final String PARAM_TARGET_MODULE = "mod";
- public static final String PARAM_TARGET_ACTION = "action";
- public static final String PARAM_TARGET_PENDINGREQUESTID = "pendingid";
-
-// @Override
-// public void init(ServletConfig config) throws ServletException {
-// try {
-// super.init(config);
-// MOAIDAuthInitializer.initialize();
-// Logger.info(MOAIDMessageProvider.getInstance().getMessage(
-// "init.00", null));
+///*******************************************************************************
+// * Copyright 2014 Federal Chancellery Austria
+// * MOA-ID has been developed in a cooperation between BRZ, the Federal
+// * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+// *
+// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+// * the European Commission - subsequent versions of the EUPL (the "Licence");
+// * You may not use this work except in compliance with the Licence.
+// * You may obtain a copy of the Licence at:
+// * http://www.osor.eu/eupl/
+// *
+// * Unless required by applicable law or agreed to in writing, software
+// * distributed under the Licence is distributed on an "AS IS" basis,
+// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// * See the Licence for the specific language governing permissions and
+// * limitations under the Licence.
+// *
+// * This product combines work with different licenses. See the "NOTICE" text
+// * file for details on the various modules and licenses.
+// * The "NOTICE" text file is part of the distribution. Any derivative works
+// * that you distribute must include a readable copy of the "NOTICE" text file.
+// *******************************************************************************/
+//package at.gv.egovernment.moa.id.entrypoints;
+//
+//import java.io.IOException;
+//import java.util.Iterator;
+//
+//import javax.servlet.ServletException;
+//import javax.servlet.http.HttpServletRequest;
+//import javax.servlet.http.HttpServletResponse;
+//
+//import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+//import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
+//import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger;
+//import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
+//import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+//import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder;
+//import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+//import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+//import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
+//import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+//import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException;
+//import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+//import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
+//import at.gv.egovernment.moa.id.config.ConfigurationException;
+//import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+//import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+//import at.gv.egovernment.moa.id.data.IAuthData;
+//import at.gv.egovernment.moa.id.data.SLOInformationInterface;
+//import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
+//import at.gv.egovernment.moa.id.moduls.IAction;
+//import at.gv.egovernment.moa.id.moduls.IModulInfo;
+//import at.gv.egovernment.moa.id.moduls.IRequest;
+//import at.gv.egovernment.moa.id.moduls.ModulStorage;
+//import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException;
+//import at.gv.egovernment.moa.id.moduls.RequestStorage;
+//import at.gv.egovernment.moa.id.moduls.SSOManager;
+//import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestValidatorException;
+//import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+//import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl;
+//import at.gv.egovernment.moa.id.util.ErrorResponseUtils;
+//import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+//import at.gv.egovernment.moa.id.util.Random;
+//import at.gv.egovernment.moa.id.util.legacy.LegacyHelper;
+//import at.gv.egovernment.moa.logging.Logger;
+//import at.gv.egovernment.moa.util.MiscUtil;
+//
+//public class DispatcherServlet extends AuthServlet{
+//
+// /**
+// *
+// */
+// private static final long serialVersionUID = 1L;
+//
+// public static final String PARAM_TARGET_MODULE = "mod";
+// public static final String PARAM_TARGET_ACTION = "action";
+// public static final String PARAM_TARGET_PENDINGREQUESTID = "pendingid";
+//
+//// @Override
+//// public void init(ServletConfig config) throws ServletException {
+//// try {
+//// super.init(config);
+//// MOAIDAuthInitializer.initialize();
+//// Logger.info(MOAIDMessageProvider.getInstance().getMessage(
+//// "init.00", null));
+////
+//// Logger.info("Dispatcher Servlet initialization finished.");
+////
+//// } catch (Exception ex) {
+//// Logger.fatal(
+//// MOAIDMessageProvider.getInstance().getMessage("init.02",
+//// null), ex);
+////
+//// //throw new ServletException(ex);
+////
+//// }
+////
+//// }
+//
+// protected void processRequest(HttpServletRequest req,
+// HttpServletResponse resp) throws ServletException, IOException {
+// boolean isValidSSOSession = false;
+// boolean useSSOOA = false;
+// String protocolRequestID = null;
//
-// Logger.info("Dispatcher Servlet initialization finished.");
+// try {
+// Logger.debug("REQUEST: " + req.getRequestURI());
+// Logger.debug("QUERY : " + req.getQueryString());
+//
+//
+//// *** start of error handling ***
+//
+// String errorid = req.getParameter(ERROR_CODE_PARAM);
+// if (errorid != null) {
+//
+// Throwable throwable = DBExceptionStoreImpl.getStore()
+// .fetchException(errorid);
+// DBExceptionStoreImpl.getStore().removeException(errorid);
+//
+// Object idObject = req.getParameter(PARAM_TARGET_PENDINGREQUESTID);
+//
+// //Map<String, IRequest> errorRequests = RequestStorage.getPendingRequest(req.getSession());
+//
+// String pendingRequestID = null;
+// if (idObject != null && (idObject instanceof String)) {
+// pendingRequestID = (String) idObject;
+// }
+//
+// if (throwable != null) {
+//
+// IRequest errorRequest = null;
+// if (pendingRequestID != null) {
+// errorRequest = RequestStorage.getPendingRequest(pendingRequestID);
+//
+// }
+//
+// if (errorRequest != null) {
+// RequestStorage.removePendingRequest(pendingRequestID);
+// MOAReversionLogger.getInstance().logEvent(errorRequest, MOAIDEventConstants.TRANSACTION_ERROR);
+//
+// try {
+// IModulInfo handlingModule = ModulStorage
+// .getModuleByPath(errorRequest
+// .requestedModule());
+// if (handlingModule != null) {
+//
+// if (handlingModule.generateErrorMessage(
+// throwable, req, resp, errorRequest)) {
+//
+// //log Error Message
+// StatisticLogger logger = StatisticLogger.getInstance();
+// logger.logErrorOperation(throwable, errorRequest);
+//
+// //remove MOASession
+// AuthenticationSession moaSession = AuthenticationSessionStoreage.getSessionWithPendingRequestID(pendingRequestID);
+// if (moaSession != null)
+// AuthenticationManager.getInstance().performOnlyIDPLogOut(req, resp, moaSession.getSessionID());
+//
+// return;
+//
+// } else {
+// handleErrorNoRedirect(throwable.getMessage(), throwable,
+// req, resp);
+//
+// }
+// }
+//
+// } catch (Throwable e) {
+// Logger.error(e);
+// handleErrorNoRedirect(throwable.getMessage(),
+// throwable, req, resp);
+// }
+//
+// } else {
+// handleErrorNoRedirect(throwable.getMessage(), throwable,
+// req, resp);
+// }
+//
+// } else
+// handleErrorNoRedirect(MOAIDMessageProvider.getInstance().getMessage("auth.26", null),
+// null, req, resp);
+//
+// return;
+// }
+//
+//// *** end of error handling ***
+//
+//
+//// *** start of protocol specific stuff ***
+//
+// Object moduleObject = req.getParameter(PARAM_TARGET_MODULE);
+// String module = null;
+// if (moduleObject != null && (moduleObject instanceof String)) {
+// module = (String) moduleObject;
+// }
+//
+// if (module == null) {
+// module = (String) req.getAttribute(PARAM_TARGET_MODULE);
+// }
+//
+// Object actionObject = req.getParameter(PARAM_TARGET_ACTION);
+// String action = null;
+// if (actionObject != null && (actionObject instanceof String)) {
+// action = (String) actionObject;
+// }
+//
+// if (action == null) {
+// action = req.getParameter(PARAM_TARGET_ACTION);
+// }
+//
+// Logger.debug("dispatching to " + module + " protocol " + action);
+//
+// IModulInfo info = ModulStorage.getModuleByPath(module);
+//
+// IAction moduleAction = null;
+//
+// if (info == null) {
+//
+// Iterator<IModulInfo> modules = ModulStorage.getAllModules()
+// .iterator();
+// while (modules.hasNext()) {
+// info = modules.next();
+// moduleAction = info.canHandleRequest(req, resp);
+// if (moduleAction != null) {
+// action = moduleAction.getDefaultActionName();
+// module = info.getPath();
+// break;
+// }
+// info = null;
+// }
+//
+// if (moduleAction == null) {
+// resp.sendError(HttpServletResponse.SC_NOT_FOUND);
+// Logger.error("Protocol " + module
+// + " has no module registered");
+// return;
+// }
+// }
+//
+// if (moduleAction == null) {
+// moduleAction = info.getAction(action);
+//
+// if (moduleAction == null) {
+// resp.sendError(HttpServletResponse.SC_NOT_FOUND);
+// Logger.error("Action " + action + " is not available!");
+// return;
+// }
+// }
+//
+// //get SSO Cookie for Request
+// SSOManager ssomanager = SSOManager.getInstance();
+// String ssoId = ssomanager.getSSOSessionID(req);
//
-// } catch (Exception ex) {
-// Logger.fatal(
-// MOAIDMessageProvider.getInstance().getMessage("init.02",
-// null), ex);
+// IRequest protocolRequest = null;
+// String uniqueSessionIdentifier = null;
//
-// //throw new ServletException(ex);
+// try {
+// Object idObject = req.getParameter(PARAM_TARGET_PENDINGREQUESTID);
+//
+// if (idObject != null && (idObject instanceof String)) {
+//
+// protocolRequestID = (String) idObject;
+// protocolRequest = RequestStorage.getPendingRequest(protocolRequestID);
+//
+// //get IRequest if it exits
+// if (protocolRequest != null) {
+// Logger.debug(DispatcherServlet.class.getName()+": Found PendingRequest with ID " + protocolRequestID);
+//
+// } else {
+// Logger.error("No PendingRequest with ID " + protocolRequestID + " found.!");
+// handleErrorNoRedirect("Während des Anmeldevorgangs ist ein Fehler aufgetreten. Bitte versuchen Sie es noch einmal.",
+// null, req, resp);
+// return;
+// }
+// } else {
+// try {
+//
+// //load unique session identifier with SSO-sessionID
+// uniqueSessionIdentifier = ssomanager.getUniqueSessionIdentifier(ssoId);
+// if (MiscUtil.isEmpty(uniqueSessionIdentifier))
+// uniqueSessionIdentifier = Random.nextRandom();
+// TransactionIDUtils.setSessionId(uniqueSessionIdentifier);
+//
+// //set transactionID to Logger
+// protocolRequestID = Random.nextRandom();
+// TransactionIDUtils.setTransactionId(protocolRequestID);
+//
+// //log information for security and process reversion
+// MOAReversionLogger.getInstance().logEvent(MOAIDEventConstants.SESSION_CREATED, uniqueSessionIdentifier);
+// MOAReversionLogger.getInstance().logEvent(MOAIDEventConstants.TRANSACTION_CREATED, protocolRequestID);
+// MOAReversionLogger.getInstance().logEvent(uniqueSessionIdentifier, protocolRequestID, MOAIDEventConstants.TRANSACTION_IP, req.getRemoteAddr());
+//
+// protocolRequest = info.preProcess(req, resp, action, uniqueSessionIdentifier, protocolRequestID);
+//
+// //request is a valid interfederation response
+// if (protocolRequest != null &&
+// protocolRequest.getInterfederationResponse() != null ) {
+// Logger.debug("Create new interfederated MOA-Session and add to HTTPRequest");
+//
+// //reload SP protocol implementation
+// info = ModulStorage.getModuleByPath(protocolRequest.requestedModule());
+// moduleAction = info.getAction(protocolRequest.requestedAction());
+//
+// //create interfederated MOASession
+// String sessionID =
+// AuthenticationSessionStoreage.createInterfederatedSession(protocolRequest, true, ssoId);
+// req.getParameterMap().put(MOAIDAuthConstants.PARAM_SESSIONID, new String[]{ sessionID });
+//
+// Logger.info("PreProcessing of SSO interfederation response complete. ");
+//
+// //request is a not valid interfederation response
+// } else if (protocolRequest != null &&
+// MiscUtil.isNotEmpty(protocolRequest.getRequestID())) {
+//
+// OAAuthParameter oaParams = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(protocolRequest.getOAURL());
+// if (!oaParams.isPerformLocalAuthenticationOnInterfederationError()) {
+// // -> send end error to service provider
+// Logger.info("Federated authentication for entity " + protocolRequest.getOAURL()
+// + " FAILED. Sending error message to service provider.");
+// MOAIDException e = new MOAIDException("auth.27", new Object[]{});
+// IModulInfo requestedModul = ModulStorage.getModuleByPath(protocolRequest.requestedModule());
+// if (!requestedModul.generateErrorMessage(e, req, resp, protocolRequest))
+// handleErrorNoRedirect(e.getMessage(), e, req,
+// resp);
+//
+// return;
+//
+// } else
+// //-> Restart local authentication
+// Logger.info("Restart authentication with stored " + protocolRequest.requestedModule()
+// + " AuthnRequest for OnlineApplication " + protocolRequest.getOAURL());
+//
+// //request is a new authentication request
+// } else if (protocolRequest != null &&
+// MiscUtil.isEmpty(protocolRequest.getRequestID())) {
+// //Start new Authentication
+// protocolRequest.setModule(module);
+//
+// //if preProcessing has not set a specific action from decoded request
+// // then set the default action
+// if (MiscUtil.isEmpty(protocolRequest.requestedAction()))
+// protocolRequest.setAction(action);
+// else
+// moduleAction = info.getAction(protocolRequest.requestedAction());
+//
+// protocolRequest.setRequestID(protocolRequestID);
+// protocolRequest.setSessionIdentifier(uniqueSessionIdentifier);
+// RequestStorage.setPendingRequest(protocolRequest);
+// Logger.debug(DispatcherServlet.class.getName()+": Create PendingRequest with ID " + protocolRequestID + ".");
+//
+//
+// } else {
+// Logger.error("Failed to generate a valid protocol request!");
+// resp.setContentType("text/html;charset=UTF-8");
+// resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "NO valid protocol request received!");
+// return;
+//
+// }
+//
+// } catch (ProtocolNotActiveException e) {
+// resp.getWriter().write(e.getMessage());
+// resp.setContentType("text/html;charset=UTF-8");
+// resp.sendError(HttpServletResponse.SC_FORBIDDEN, e.getMessage());
+// return;
+//
+// } catch (AuthnRequestValidatorException e) {
+// //log Error Message
+// StatisticLogger logger = StatisticLogger.getInstance();
+// logger.logErrorOperation(e, e.getErrorRequest());
+//
+// //TODO: maybe add some error message handling???
+//
+// return;
+//
+// }catch (InvalidProtocolRequestException e) {
+// ErrorResponseUtils utils = ErrorResponseUtils.getInstance();
+// String code = utils.mapInternalErrorToExternalError(e.getMessageId());
+// String descr = e.getMessage();
+// Logger.error("Protocol validation FAILED!");
+// resp.setContentType("text/html;charset=UTF-8");
+// resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "Protocol validation FAILED!" +
+// "(Errorcode=" + code +
+// " | Description=" + descr + ")");
+// return;
+// } catch (ConfigurationException e) {
+// resp.setContentType("text/html;charset=UTF-8");
+// resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "NO valid protocol request received!" +
+// "(Errorcode=9199"
+// +" | Description="+ e.getMessage() + ")");
+// return;
+//
+// } catch (MOAIDException e) {
+// Logger.error("Failed to generate a valid protocol request!");
+// resp.setContentType("text/html;charset=UTF-8");
+// resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "NO valid protocol request received!" +
+// "(Errorcode=6000"
+// +" | Description=Das Authentifizierungsprotokoll wurde nicht erkannt oder wird nicht unterst\u00FCzt" + ")");
+// return;
+//
+// }
+// }
+//
+//// *** end of protocol specific stuff ***
+//
+// if (protocolRequest != null)
+// MOAReversionLogger.getInstance().logEvent(protocolRequest.getOnlineApplicationConfiguration(),
+// protocolRequest, MOAIDEventConstants.AUTHPROTOCOL_TYPE, protocolRequest.requestedModule());
+//
+//// *** start handling authentication ***
+//
+// AuthenticationManager authmanager = AuthenticationManager.getInstance();
+//
+// String moasessionID = null;
+// String newSSOSessionId = null;
+// AuthenticationSession moasession = null;
+// IAuthData authData = null;
+//
+// boolean needAuthentication = moduleAction.needAuthentication(protocolRequest, req, resp);
+//
+// if (needAuthentication) {
+//
+// //check if interfederation IDP is requested
+// ssomanager.checkInterfederationIsRequested(req, resp, protocolRequest);
+//
+// //check SSO session
+// if (ssoId != null) {
+// String correspondingMOASession = ssomanager.existsOldSSOSession(ssoId);
+//
+// if (correspondingMOASession != null) {
+// Logger.warn("Request sends an old SSO Session ID("+ssoId+")! " +
+// "Invalidate the corresponding MOASession with ID="+ correspondingMOASession);
+//
+// MOAReversionLogger.getInstance().logEvent(protocolRequest.getOnlineApplicationConfiguration(),
+// protocolRequest, MOAIDEventConstants.AUTHPROCESS_SSO_INVALID);
+//
+// AuthenticationSessionStoreage.destroySession(correspondingMOASession);
+// ssomanager.deleteSSOSessionID(req, resp);
+// }
+// }
+//
+// //load Parameters from OnlineApplicationConfiguration
+// OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance()
+// .getOnlineApplicationParameter(protocolRequest.getOAURL());
+//
+// if (oaParam == null) {
+// throw new AuthenticationException("auth.00", new Object[] { protocolRequest.getOAURL() });
+// }
+//
+//
+// isValidSSOSession = ssomanager.isValidSSOSession(ssoId, protocolRequest);
+// useSSOOA = oaParam.useSSO() || oaParam.isInderfederationIDP();
+//
+//
+// //if a legacy request is used SSO should not be allowed, actually
+// boolean isUseMandateRequested = LegacyHelper.isUseMandateRequested(req);
+//
+// if (protocolRequest.isPassiv()
+// && protocolRequest.forceAuth()) {
+// // conflict!
+// throw new NoPassivAuthenticationException();
+// }
+//
+// boolean tryperform = authmanager.tryPerformAuthentication(
+// req, resp);
+//
+// if (tryperform)
+// MOAReversionLogger.getInstance().logEvent(protocolRequest.getOnlineApplicationConfiguration(),
+// protocolRequest, MOAIDEventConstants.AUTHPROCESS_FINISHED);
+// else
+// MOAReversionLogger.getInstance().logEvent(protocolRequest.getOnlineApplicationConfiguration(),
+// protocolRequest, MOAIDEventConstants.AUTHPROCESS_SERVICEPROVIDER, protocolRequest.getOAURL());
+//
+// if (protocolRequest.forceAuth()) {
+// if (!tryperform) {
+// authmanager.doAuthentication(req, resp,
+// protocolRequest);
+// return;
+// }
+// } else if (protocolRequest.isPassiv()) {
+// if (tryperform || (isValidSSOSession && useSSOOA && !isUseMandateRequested) ) {
+// // Passive authentication ok!
+// } else {
+// throw new NoPassivAuthenticationException();
+// }
+// } else {
+// if (tryperform || (isValidSSOSession && useSSOOA && !isUseMandateRequested) ) {
+// // Is authenticated .. proceed
+// } else {
+// // Start authentication!
+// authmanager.doAuthentication(req, resp,
+// protocolRequest);
+// return;
+// }
+// }
+//
+// if ((useSSOOA || isValidSSOSession)) //TODO: SSO with mandates requires an OVS extension
+// {
+//
+// if (useSSOOA && isValidSSOSession) {
+//
+// MOAReversionLogger.getInstance().logEvent(protocolRequest.getOnlineApplicationConfiguration(),
+// protocolRequest, MOAIDEventConstants.AUTHPROCESS_SSO);
+//
+// moasessionID = ssomanager.getMOASession(ssoId);
+// moasession = AuthenticationSessionStoreage.getSession(moasessionID);
+//
+// //use new OAParameter
+// if (oaParam.useSSOQuestion() && !AuthenticationSessionStoreage.isAuthenticated(moasessionID)) {
+// authmanager.sendTransmitAssertionQuestion(req, resp, protocolRequest, oaParam);
+// return;
+// }
+//
+// } else {
+// moasessionID = (String) req.getParameter(MOAIDAuthConstants.PARAM_SESSIONID);
+// moasession = AuthenticationSessionStoreage.getSession(moasessionID);
+//
+// }
+// //save SSO session usage in Database
+// if (useSSOOA) {
+// newSSOSessionId = ssomanager.createSSOSessionInformations(moasessionID, protocolRequest.getOAURL());
+//
+// if (MiscUtil.isNotEmpty(newSSOSessionId)) {
+// ssomanager.setSSOSessionID(req, resp, newSSOSessionId);
+//
+// } else {
+// ssomanager.deleteSSOSessionID(req, resp);
+//
+// }
+// }
+//
+// } else {
+// moasessionID = (String) req.getParameter(MOAIDAuthConstants.PARAM_SESSIONID);
+// moasession = AuthenticationSessionStoreage.getSession(moasessionID);
+// moasessionID = AuthenticationSessionStoreage.changeSessionID(moasession);
+//
+// }
+//
+// //build authenticationdata from session information and OA configuration
+// authData = AuthenticationDataBuilder.buildAuthenticationData(protocolRequest, moasession);
+// }
+//
+//// *** end handling authentication ***
+//
+//// *** start finalizing authentication (SSO, final redirects, statistic logging etc) ***
+//
+// SLOInformationInterface assertionID = moduleAction.processRequest(protocolRequest, req, resp, authData);
+//
+// RequestStorage.removePendingRequest(protocolRequestID);
+//
+// if (needAuthentication) {
+// boolean isSSOSession = MiscUtil.isNotEmpty(newSSOSessionId) && useSSOOA;
+//
+// if ((useSSOOA || isSSOSession) //TODO: SSO with mandates requires an OVS extension
+// && !moasession.getUseMandate()) {
+//
+// try {
+// //Store OA specific SSO session information
+// AuthenticationSessionStoreage.addSSOInformation(moasessionID,
+// newSSOSessionId, assertionID, protocolRequest);
+//
+// } catch (AuthenticationException e) {
+// Logger.warn("SSO Session information can not be stored -> SSO is not enabled!");
+//
+// authmanager.performOnlyIDPLogOut(req, resp, moasessionID);
+// isSSOSession = false;
+// }
+//
+// } else {
+// authmanager.performOnlyIDPLogOut(req, resp, moasessionID);
+// }
+//
+// //Advanced statistic logging
+// StatisticLogger logger = StatisticLogger.getInstance();
+// logger.logSuccessOperation(protocolRequest, authData, isSSOSession);
+//
+// }
+//
+//// *** end finalizing authentication ***
+//
+// } catch (Throwable e) {
+// Logger.warn("An authentication error occured: ", e);;
+// // Try handle module specific, if not possible rethrow
+// if (!info.generateErrorMessage(e, req, resp, protocolRequest))
+// handleErrorNoRedirect(e.getMessage(), e, req,
+// resp);
+//
+// }
//
+// //log transaction_destroy to reversionslog
+// MOAReversionLogger.getInstance().logEvent(MOAIDEventConstants.TRANSACTION_DESTROYED, protocolRequestID);
+//
+// } catch (WrongParametersException ex) {
+// handleWrongParameters(ex, req, resp);
+//
+// } catch (MOAIDException ex) {
+// handleError(null, ex, req, resp, protocolRequestID);
+//
+// } catch (Throwable e) {
+// handleErrorNoRedirect(e.getMessage(), e, req,
+// resp);
// }
//
+// finally {
+//
+//
+// TransactionIDUtils.removeTransactionId();
+// TransactionIDUtils.removeSessionId();
+// }
+//
+// Logger.debug("Clossing Dispatcher processing loop");
+// }
+//
+// @Override
+// protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+// throws ServletException, IOException {
+// processRequest(req, resp);
+// }
+//
+// @Override
+// protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+// throws ServletException, IOException {
+// processRequest(req, resp);
// }
-
- protected void processRequest(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException, IOException {
- boolean isValidSSOSession = false;
- boolean useSSOOA = false;
- String protocolRequestID = null;
-
- try {
- Logger.debug("REQUEST: " + req.getRequestURI());
- Logger.debug("QUERY : " + req.getQueryString());
-
-
-// *** start of error handling ***
-
- String errorid = req.getParameter(ERROR_CODE_PARAM);
- if (errorid != null) {
-
- Throwable throwable = DBExceptionStoreImpl.getStore()
- .fetchException(errorid);
- DBExceptionStoreImpl.getStore().removeException(errorid);
-
- Object idObject = req.getParameter(PARAM_TARGET_PENDINGREQUESTID);
-
- //Map<String, IRequest> errorRequests = RequestStorage.getPendingRequest(req.getSession());
-
- String pendingRequestID = null;
- if (idObject != null && (idObject instanceof String)) {
- pendingRequestID = (String) idObject;
- }
-
- if (throwable != null) {
-
- IRequest errorRequest = null;
- if (pendingRequestID != null) {
- errorRequest = RequestStorage.getPendingRequest(pendingRequestID);
-
- }
-
- if (errorRequest != null) {
- RequestStorage.removePendingRequest(pendingRequestID);
- MOAReversionLogger.getInstance().logEvent(errorRequest, MOAIDEventConstants.TRANSACTION_ERROR);
-
- try {
- IModulInfo handlingModule = ModulStorage
- .getModuleByPath(errorRequest
- .requestedModule());
- if (handlingModule != null) {
-
- if (handlingModule.generateErrorMessage(
- throwable, req, resp, errorRequest)) {
-
- //log Error Message
- StatisticLogger logger = StatisticLogger.getInstance();
- logger.logErrorOperation(throwable, errorRequest);
-
- //remove MOASession
- AuthenticationSession moaSession = AuthenticationSessionStoreage.getSessionWithPendingRequestID(pendingRequestID);
- if (moaSession != null)
- AuthenticationManager.getInstance().performOnlyIDPLogOut(req, resp, moaSession.getSessionID());
-
- return;
-
- } else {
- handleErrorNoRedirect(throwable.getMessage(), throwable,
- req, resp);
-
- }
- }
-
- } catch (Throwable e) {
- Logger.error(e);
- handleErrorNoRedirect(throwable.getMessage(),
- throwable, req, resp);
- }
-
- } else {
- handleErrorNoRedirect(throwable.getMessage(), throwable,
- req, resp);
- }
-
- } else
- handleErrorNoRedirect(MOAIDMessageProvider.getInstance().getMessage("auth.26", null),
- null, req, resp);
-
- return;
- }
-
-// *** end of error handling ***
-
-
-// *** start of protocol specific stuff ***
-
- Object moduleObject = req.getParameter(PARAM_TARGET_MODULE);
- String module = null;
- if (moduleObject != null && (moduleObject instanceof String)) {
- module = (String) moduleObject;
- }
-
- if (module == null) {
- module = (String) req.getAttribute(PARAM_TARGET_MODULE);
- }
-
- Object actionObject = req.getParameter(PARAM_TARGET_ACTION);
- String action = null;
- if (actionObject != null && (actionObject instanceof String)) {
- action = (String) actionObject;
- }
-
- if (action == null) {
- action = req.getParameter(PARAM_TARGET_ACTION);
- }
-
- Logger.debug("dispatching to " + module + " protocol " + action);
-
- IModulInfo info = ModulStorage.getModuleByPath(module);
-
- IAction moduleAction = null;
-
- if (info == null) {
-
- Iterator<IModulInfo> modules = ModulStorage.getAllModules()
- .iterator();
- while (modules.hasNext()) {
- info = modules.next();
- moduleAction = info.canHandleRequest(req, resp);
- if (moduleAction != null) {
- action = moduleAction.getDefaultActionName();
- module = info.getPath();
- break;
- }
- info = null;
- }
-
- if (moduleAction == null) {
- resp.sendError(HttpServletResponse.SC_NOT_FOUND);
- Logger.error("Protocol " + module
- + " has no module registered");
- return;
- }
- }
-
- if (moduleAction == null) {
- moduleAction = info.getAction(action);
-
- if (moduleAction == null) {
- resp.sendError(HttpServletResponse.SC_NOT_FOUND);
- Logger.error("Action " + action + " is not available!");
- return;
- }
- }
-
- //get SSO Cookie for Request
- SSOManager ssomanager = SSOManager.getInstance();
- String ssoId = ssomanager.getSSOSessionID(req);
-
- IRequest protocolRequest = null;
- String uniqueSessionIdentifier = null;
-
- try {
- Object idObject = req.getParameter(PARAM_TARGET_PENDINGREQUESTID);
-
- if (idObject != null && (idObject instanceof String)) {
-
- protocolRequestID = (String) idObject;
- protocolRequest = RequestStorage.getPendingRequest(protocolRequestID);
-
- //get IRequest if it exits
- if (protocolRequest != null) {
- Logger.debug(DispatcherServlet.class.getName()+": Found PendingRequest with ID " + protocolRequestID);
-
- } else {
- Logger.error("No PendingRequest with ID " + protocolRequestID + " found.!");
- handleErrorNoRedirect("Während des Anmeldevorgangs ist ein Fehler aufgetreten. Bitte versuchen Sie es noch einmal.",
- null, req, resp);
- return;
- }
- } else {
- try {
-
- //load unique session identifier with SSO-sessionID
- uniqueSessionIdentifier = ssomanager.getUniqueSessionIdentifier(ssoId);
- if (MiscUtil.isEmpty(uniqueSessionIdentifier))
- uniqueSessionIdentifier = Random.nextRandom();
- TransactionIDUtils.setSessionId(uniqueSessionIdentifier);
-
- //set transactionID to Logger
- protocolRequestID = Random.nextRandom();
- TransactionIDUtils.setTransactionId(protocolRequestID);
-
- //log information for security and process reversion
- MOAReversionLogger.getInstance().logEvent(MOAIDEventConstants.SESSION_CREATED, uniqueSessionIdentifier);
- MOAReversionLogger.getInstance().logEvent(MOAIDEventConstants.TRANSACTION_CREATED, protocolRequestID);
- MOAReversionLogger.getInstance().logEvent(uniqueSessionIdentifier, protocolRequestID, MOAIDEventConstants.TRANSACTION_IP, req.getRemoteAddr());
-
- protocolRequest = info.preProcess(req, resp, action, uniqueSessionIdentifier, protocolRequestID);
-
- //request is a valid interfederation response
- if (protocolRequest != null &&
- protocolRequest.getInterfederationResponse() != null ) {
- Logger.debug("Create new interfederated MOA-Session and add to HTTPRequest");
-
- //reload SP protocol implementation
- info = ModulStorage.getModuleByPath(protocolRequest.requestedModule());
- moduleAction = info.getAction(protocolRequest.requestedAction());
-
- //create interfederated MOASession
- String sessionID =
- AuthenticationSessionStoreage.createInterfederatedSession(protocolRequest, true, ssoId);
- req.getParameterMap().put(MOAIDAuthConstants.PARAM_SESSIONID, new String[]{ sessionID });
-
- Logger.info("PreProcessing of SSO interfederation response complete. ");
-
- //request is a not valid interfederation response
- } else if (protocolRequest != null &&
- MiscUtil.isNotEmpty(protocolRequest.getRequestID())) {
-
- OAAuthParameter oaParams = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(protocolRequest.getOAURL());
- if (!oaParams.isPerformLocalAuthenticationOnInterfederationError()) {
- // -> send end error to service provider
- Logger.info("Federated authentication for entity " + protocolRequest.getOAURL()
- + " FAILED. Sending error message to service provider.");
- MOAIDException e = new MOAIDException("auth.27", new Object[]{});
- IModulInfo requestedModul = ModulStorage.getModuleByPath(protocolRequest.requestedModule());
- if (!requestedModul.generateErrorMessage(e, req, resp, protocolRequest))
- handleErrorNoRedirect(e.getMessage(), e, req,
- resp);
-
- return;
-
- } else
- //-> Restart local authentication
- Logger.info("Restart authentication with stored " + protocolRequest.requestedModule()
- + " AuthnRequest for OnlineApplication " + protocolRequest.getOAURL());
-
- //request is a new authentication request
- } else if (protocolRequest != null &&
- MiscUtil.isEmpty(protocolRequest.getRequestID())) {
- //Start new Authentication
- protocolRequest.setModule(module);
-
- //if preProcessing has not set a specific action from decoded request
- // then set the default action
- if (MiscUtil.isEmpty(protocolRequest.requestedAction()))
- protocolRequest.setAction(action);
- else
- moduleAction = info.getAction(protocolRequest.requestedAction());
-
- protocolRequest.setRequestID(protocolRequestID);
- protocolRequest.setSessionIdentifier(uniqueSessionIdentifier);
- RequestStorage.setPendingRequest(protocolRequest);
- Logger.debug(DispatcherServlet.class.getName()+": Create PendingRequest with ID " + protocolRequestID + ".");
-
-
- } else {
- Logger.error("Failed to generate a valid protocol request!");
- resp.setContentType("text/html;charset=UTF-8");
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "NO valid protocol request received!");
- return;
-
- }
-
- } catch (ProtocolNotActiveException e) {
- resp.getWriter().write(e.getMessage());
- resp.setContentType("text/html;charset=UTF-8");
- resp.sendError(HttpServletResponse.SC_FORBIDDEN, e.getMessage());
- return;
-
- } catch (AuthnRequestValidatorException e) {
- //log Error Message
- StatisticLogger logger = StatisticLogger.getInstance();
- logger.logErrorOperation(e, e.getErrorRequest());
-
- //TODO: maybe add some error message handling???
-
- return;
-
- }catch (InvalidProtocolRequestException e) {
- ErrorResponseUtils utils = ErrorResponseUtils.getInstance();
- String code = utils.mapInternalErrorToExternalError(e.getMessageId());
- String descr = e.getMessage();
- Logger.error("Protocol validation FAILED!");
- resp.setContentType("text/html;charset=UTF-8");
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "Protocol validation FAILED!" +
- "(Errorcode=" + code +
- " | Description=" + descr + ")");
- return;
- } catch (ConfigurationException e) {
- resp.setContentType("text/html;charset=UTF-8");
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "NO valid protocol request received!" +
- "(Errorcode=9199"
- +" | Description="+ e.getMessage() + ")");
- return;
-
- } catch (MOAIDException e) {
- Logger.error("Failed to generate a valid protocol request!");
- resp.setContentType("text/html;charset=UTF-8");
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "NO valid protocol request received!" +
- "(Errorcode=6000"
- +" | Description=Das Authentifizierungsprotokoll wurde nicht erkannt oder wird nicht unterst\u00FCzt" + ")");
- return;
-
- }
- }
-
-// *** end of protocol specific stuff ***
-
- if (protocolRequest != null)
- MOAReversionLogger.getInstance().logEvent(protocolRequest.getOnlineApplicationConfiguration(),
- protocolRequest, MOAIDEventConstants.AUTHPROTOCOL_TYPE, protocolRequest.requestedModule());
-
-// *** start handling authentication ***
-
- AuthenticationManager authmanager = AuthenticationManager.getInstance();
-
- String moasessionID = null;
- String newSSOSessionId = null;
- AuthenticationSession moasession = null;
- IAuthData authData = null;
-
- boolean needAuthentication = moduleAction.needAuthentication(protocolRequest, req, resp);
-
- if (needAuthentication) {
-
- //check if interfederation IDP is requested
- ssomanager.checkInterfederationIsRequested(req, resp, protocolRequest);
-
- //check SSO session
- if (ssoId != null) {
- String correspondingMOASession = ssomanager.existsOldSSOSession(ssoId);
-
- if (correspondingMOASession != null) {
- Logger.warn("Request sends an old SSO Session ID("+ssoId+")! " +
- "Invalidate the corresponding MOASession with ID="+ correspondingMOASession);
-
- MOAReversionLogger.getInstance().logEvent(protocolRequest.getOnlineApplicationConfiguration(),
- protocolRequest, MOAIDEventConstants.AUTHPROCESS_SSO_INVALID);
-
- AuthenticationSessionStoreage.destroySession(correspondingMOASession);
- ssomanager.deleteSSOSessionID(req, resp);
- }
- }
-
- //load Parameters from OnlineApplicationConfiguration
- OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance()
- .getOnlineApplicationParameter(protocolRequest.getOAURL());
-
- if (oaParam == null) {
- throw new AuthenticationException("auth.00", new Object[] { protocolRequest.getOAURL() });
- }
-
-
- isValidSSOSession = ssomanager.isValidSSOSession(ssoId, protocolRequest);
- useSSOOA = oaParam.useSSO() || oaParam.isInderfederationIDP();
-
-
- //if a legacy request is used SSO should not be allowed, actually
- boolean isUseMandateRequested = LegacyHelper.isUseMandateRequested(req);
-
- if (protocolRequest.isPassiv()
- && protocolRequest.forceAuth()) {
- // conflict!
- throw new NoPassivAuthenticationException();
- }
-
- boolean tryperform = authmanager.tryPerformAuthentication(
- req, resp);
-
- if (tryperform)
- MOAReversionLogger.getInstance().logEvent(protocolRequest.getOnlineApplicationConfiguration(),
- protocolRequest, MOAIDEventConstants.AUTHPROCESS_FINISHED);
- else
- MOAReversionLogger.getInstance().logEvent(protocolRequest.getOnlineApplicationConfiguration(),
- protocolRequest, MOAIDEventConstants.AUTHPROCESS_SERVICEPROVIDER, protocolRequest.getOAURL());
-
- if (protocolRequest.forceAuth()) {
- if (!tryperform) {
- authmanager.doAuthentication(req, resp,
- protocolRequest);
- return;
- }
- } else if (protocolRequest.isPassiv()) {
- if (tryperform || (isValidSSOSession && useSSOOA && !isUseMandateRequested) ) {
- // Passive authentication ok!
- } else {
- throw new NoPassivAuthenticationException();
- }
- } else {
- if (tryperform || (isValidSSOSession && useSSOOA && !isUseMandateRequested) ) {
- // Is authenticated .. proceed
- } else {
- // Start authentication!
- authmanager.doAuthentication(req, resp,
- protocolRequest);
- return;
- }
- }
-
- if ((useSSOOA || isValidSSOSession)) //TODO: SSO with mandates requires an OVS extension
- {
-
- if (useSSOOA && isValidSSOSession) {
-
- MOAReversionLogger.getInstance().logEvent(protocolRequest.getOnlineApplicationConfiguration(),
- protocolRequest, MOAIDEventConstants.AUTHPROCESS_SSO);
-
- moasessionID = ssomanager.getMOASession(ssoId);
- moasession = AuthenticationSessionStoreage.getSession(moasessionID);
-
- //use new OAParameter
- if (oaParam.useSSOQuestion() && !AuthenticationSessionStoreage.isAuthenticated(moasessionID)) {
- authmanager.sendTransmitAssertionQuestion(req, resp, protocolRequest, oaParam);
- return;
- }
-
- } else {
- moasessionID = (String) req.getParameter(MOAIDAuthConstants.PARAM_SESSIONID);
- moasession = AuthenticationSessionStoreage.getSession(moasessionID);
-
- }
- //save SSO session usage in Database
- if (useSSOOA) {
- newSSOSessionId = ssomanager.createSSOSessionInformations(moasessionID, protocolRequest.getOAURL());
-
- if (MiscUtil.isNotEmpty(newSSOSessionId)) {
- ssomanager.setSSOSessionID(req, resp, newSSOSessionId);
-
- } else {
- ssomanager.deleteSSOSessionID(req, resp);
-
- }
- }
-
- } else {
- moasessionID = (String) req.getParameter(MOAIDAuthConstants.PARAM_SESSIONID);
- moasession = AuthenticationSessionStoreage.getSession(moasessionID);
- moasessionID = AuthenticationSessionStoreage.changeSessionID(moasession);
-
- }
-
- //build authenticationdata from session information and OA configuration
- authData = AuthenticationDataBuilder.buildAuthenticationData(protocolRequest, moasession);
- }
-
-// *** end handling authentication ***
-
-// *** start finalizing authentication (SSO, final redirects, statistic logging etc) ***
-
- SLOInformationInterface assertionID = moduleAction.processRequest(protocolRequest, req, resp, authData);
-
- RequestStorage.removePendingRequest(protocolRequestID);
-
- if (needAuthentication) {
- boolean isSSOSession = MiscUtil.isNotEmpty(newSSOSessionId) && useSSOOA;
-
- if ((useSSOOA || isSSOSession) //TODO: SSO with mandates requires an OVS extension
- && !moasession.getUseMandate()) {
-
- try {
- //Store OA specific SSO session information
- AuthenticationSessionStoreage.addSSOInformation(moasessionID,
- newSSOSessionId, assertionID, protocolRequest);
-
- } catch (AuthenticationException e) {
- Logger.warn("SSO Session information can not be stored -> SSO is not enabled!");
-
- authmanager.performOnlyIDPLogOut(req, resp, moasessionID);
- isSSOSession = false;
- }
-
- } else {
- authmanager.performOnlyIDPLogOut(req, resp, moasessionID);
- }
-
- //Advanced statistic logging
- StatisticLogger logger = StatisticLogger.getInstance();
- logger.logSuccessOperation(protocolRequest, authData, isSSOSession);
-
- }
-
-// *** end finalizing authentication ***
-
- } catch (Throwable e) {
- Logger.warn("An authentication error occured: ", e);;
- // Try handle module specific, if not possible rethrow
- if (!info.generateErrorMessage(e, req, resp, protocolRequest))
- handleErrorNoRedirect(e.getMessage(), e, req,
- resp);
-
- }
-
- //log transaction_destroy to reversionslog
- MOAReversionLogger.getInstance().logEvent(MOAIDEventConstants.TRANSACTION_DESTROYED, protocolRequestID);
-
- } catch (WrongParametersException ex) {
- handleWrongParameters(ex, req, resp);
-
- } catch (MOAIDException ex) {
- handleError(null, ex, req, resp, protocolRequestID);
-
- } catch (Throwable e) {
- handleErrorNoRedirect(e.getMessage(), e, req,
- resp);
- }
-
- finally {
-
-
- TransactionIDUtils.removeTransactionId();
- TransactionIDUtils.removeSessionId();
- }
-
- Logger.debug("Clossing Dispatcher processing loop");
- }
-
- @Override
- protected void doGet(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
- processRequest(req, resp);
- }
-
- @Override
- protected void doPost(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
- processRequest(req, resp);
- }
-}
+//}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index c38bbc68f..b6df5e5c6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -24,8 +24,6 @@ package at.gv.egovernment.moa.id.moduls;
import java.io.IOException;
import java.io.PrintWriter;
-import java.lang.reflect.InvocationTargetException;
-import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Enumeration;
@@ -38,39 +36,21 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.velocity.VelocityContext;
-import org.joda.time.DateTime;
-import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.core.AuthnContextClassRef;
-import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
-import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.core.Issuer;
import org.opensaml.saml2.core.LogoutRequest;
import org.opensaml.saml2.core.LogoutResponse;
-import org.opensaml.saml2.core.NameID;
-import org.opensaml.saml2.core.NameIDPolicy;
-import org.opensaml.saml2.core.NameIDType;
-import org.opensaml.saml2.core.RequestedAuthnContext;
import org.opensaml.saml2.core.StatusCode;
-import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.SingleLogoutService;
-import org.opensaml.saml2.metadata.SingleSignOnService;
-import org.opensaml.saml2.metadata.provider.MetadataProviderException;
-import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.opensaml.ws.soap.common.SOAPException;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.security.SecurityException;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder;
-import at.gv.egovernment.moa.id.auth.builder.SendAssertionFormBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
@@ -78,93 +58,93 @@ import at.gv.egovernment.moa.id.auth.modules.registration.ModuleRegistration;
import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
import at.gv.egovernment.moa.id.data.SLOInformationContainer;
import at.gv.egovernment.moa.id.data.SLOInformationImpl;
import at.gv.egovernment.moa.id.process.ExecutionContextImpl;
import at.gv.egovernment.moa.id.process.ProcessEngine;
import at.gv.egovernment.moa.id.process.ProcessExecutionException;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
-import at.gv.egovernment.moa.id.storage.AssertionStorage;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.storage.ITransactionStorage;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.id.util.Random;
+import at.gv.egovernment.moa.id.util.legacy.LegacyHelper;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
+@Service("MOAID_AuthenticationManager")
public class AuthenticationManager extends MOAIDAuthConstants {
- private static final AuthenticationManager INSTANCE = new AuthenticationManager();
public static final String MOA_SESSION = "MoaAuthenticationSession";
public static final String MOA_AUTHENTICATED = "MoaAuthenticated";
public static final int SLOTIMEOUT = 30 * 1000; //30 sec
- @Autowired
- private ProcessEngine processEngine;
+ @Autowired private ProcessEngine processEngine;
+ @Autowired private SSOManager ssoManager;
+ @Autowired private IRequestStorage requestStoreage;
+ @Autowired private ITransactionStorage transactionStorage;
+ @Autowired private IAuthenticationSessionStoreage authenticatedSessionStore;
+ @Autowired private MOAReversionLogger revisionsLogger;
+ @Autowired protected AuthConfiguration authConfig;
- private AuthenticationManager() {
- }
-
- public static AuthenticationManager getInstance() {
- return INSTANCE;
+ public AuthenticationManager() {
+
}
-
+
/**
- * Checks if this request can authenticate a MOA Session
+ * Checks if a authenticated MOASession already exists and if {protocolRequest} is authenticated
+ *
+ * @param protocolRequest Authentication request which is actually in process
+ * @param moaSession MOASession with authentication information or null if no MOASession exists
*
- * @param request
- * @param response
- * @return
+ * @return true if session is already authenticated, otherwise false
+ * @throws MOAIDException
*/
- public boolean tryPerformAuthentication(HttpServletRequest request,
- HttpServletResponse response) {
-
- String sessionID = (String) request.getParameter(PARAM_SESSIONID);
- if (sessionID != null) {
- Logger.debug("Find MOASession: " + sessionID);
- AuthenticationSession authSession;
- try {
- authSession = AuthenticationSessionStoreage.getSession(sessionID);
-
- if (authSession != null) {
- Logger.info("MOASession found! A: "
- + authSession.isAuthenticated() + ", AU "
- + authSession.isAuthenticatedUsed());
- if (authSession.isAuthenticated()
- && !authSession.isAuthenticatedUsed()) {
- authSession.setAuthenticatedUsed(true);
-
- AuthenticationSessionStoreage.storeSession(authSession);
-
- return true; // got authenticated
- }
- }
+ private boolean tryPerformAuthentication(RequestImpl protocolRequest, AuthenticationSession moaSession) {
+
+ //if no MOASession exist -> authentication is required
+ if (moaSession == null) {
+ return false;
- } catch (MOADatabaseException e) {
- return false;
- } catch (BuildException e) {
+ } else {
+ //if MOASession is Found but not authenticated --> authentication is required
+ if (!moaSession.isAuthenticated()) {
return false;
}
+
+ //if MOASession is already authenticated and protocol-request is authenticated
+ // --> no authentication is required any more
+ else if (moaSession.isAuthenticated() && protocolRequest.isAuthenticated()) {
+ return true;
+
+ // if MOASession is authenticated and SSO is allowed --> authenticate pendingRequest
+ } else if (!protocolRequest.isAuthenticated()
+ && moaSession.isAuthenticated() && protocolRequest.needSingleSignOnFunctionality()) {
+ Logger.debug("Found active MOASession and SSO is allowed --> pendingRequest is authenticted");
+ protocolRequest.setAuthenticated(true);
+ protocolRequest.setMOASessionIdentifier(moaSession.getSessionID());
+ return true;
+
+ }
+
+ // force authentication as backup solution
+ else {
+ Logger.warn("Authentication-required check find an unsuspected state --> force authentication");
+ return false;
+
+ }
}
- return false;
}
public void performSingleLogOut(HttpServletRequest httpReq,
@@ -193,11 +173,9 @@ public class AuthenticationManager extends MOAIDAuthConstants {
}
- SSOManager ssomanager = SSOManager.getInstance();
-
//store active OAs to SLOContaine
- List<OASessionStore> dbOAs = AuthenticationSessionStoreage.getAllActiveOAFromMOASession(session);
- List<InterfederationSessionStore> dbIDPs = AuthenticationSessionStoreage.getAllActiveIDPsFromMOASession(session);
+ List<OASessionStore> dbOAs = authenticatedSessionStore.getAllActiveOAFromMOASession(session);
+ List<InterfederationSessionStore> dbIDPs = authenticatedSessionStore.getAllActiveIDPsFromMOASession(session);
SLOInformationContainer sloContainer = new SLOInformationContainer();
sloContainer.setSloRequest(pvpReq);
sloContainer.parseActiveIDPs(dbIDPs, pvpSLOIssuer);
@@ -205,8 +183,8 @@ public class AuthenticationManager extends MOAIDAuthConstants {
//terminate MOASession
try {
- AuthenticationSessionStoreage.destroySession(session.getSessionID());
- ssomanager.deleteSSOSessionID(httpReq, httpResp);
+ authenticatedSessionStore.destroySession(session.getSessionID());
+ ssoManager.deleteSSOSessionID(httpReq, httpResp);
} catch (MOADatabaseException e) {
Logger.warn("Delete MOASession FAILED.");
@@ -276,7 +254,8 @@ public class AuthenticationManager extends MOAIDAuthConstants {
}
}
- AssertionStorage.getInstance().put(relayState, sloContainer);
+ //put SLO process-information into transaction storage
+ transactionStorage.put(relayState, sloContainer);
if (MiscUtil.isEmpty(authURL))
authURL = pvpReq.getAuthURL();
@@ -289,7 +268,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
context.put("redirectURLs", sloReqList);
context.put("timeoutURL", timeOutURL);
context.put("timeout", SLOTIMEOUT);
- ssomanager.printSingleLogOutInfo(context, httpResp);
+ ssoManager.printSingleLogOutInfo(context, httpResp);
} else {
@@ -309,7 +288,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
else
context.put("errorMsg",
MOAIDMessageProvider.getInstance().getMessage("slo.01", null));
- ssomanager.printSingleLogOutInfo(context, httpResp);
+ ssoManager.printSingleLogOutInfo(context, httpResp);
}
@@ -327,7 +306,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
VelocityContext context = new VelocityContext();
context.put("errorMsg",
MOAIDMessageProvider.getInstance().getMessage("slo.01", null));
- ssomanager.printSingleLogOutInfo(context, httpResp);
+ ssoManager.printSingleLogOutInfo(context, httpResp);
}
@@ -352,8 +331,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
AuthenticationSession authSession;
try {
- authSession = AuthenticationSessionStoreage
- .getSession(moaSessionID);
+ authSession = authenticatedSessionStore.getSession(moaSessionID);
if(authSession == null) {
Logger.info("NO MOA Authentication data for ID " + moaSessionID);
@@ -364,10 +342,10 @@ public class AuthenticationManager extends MOAIDAuthConstants {
//HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session
//log Session_Destroy to reversionslog
- AuthenticationSessionExtensions sessionExtensions = AuthenticationSessionStoreage.getAuthenticationSessionExtensions(moaSessionID);
- MOAReversionLogger.getInstance().logEvent(MOAIDEventConstants.SESSION_DESTROYED, sessionExtensions.getUniqueSessionId());
+ AuthenticationSessionExtensions sessionExtensions = authenticatedSessionStore.getAuthenticationSessionExtensions(moaSessionID);
+ revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, sessionExtensions.getUniqueSessionId());
- AuthenticationSessionStoreage.destroySession(moaSessionID);
+ authenticatedSessionStore.destroySession(moaSessionID);
//session.invalidate();
@@ -378,366 +356,209 @@ public class AuthenticationManager extends MOAIDAuthConstants {
}
- public void doAuthentication(HttpServletRequest request,
- HttpServletResponse response, IRequest target)
- throws ServletException, IOException, MOAIDException {
-
- Logger.info("Starting authentication ...");
- MOAReversionLogger.getInstance().logEvent(target.getOnlineApplicationConfiguration(),
- target, MOAIDEventConstants.AUTHPROCESS_START);
-
- if (MiscUtil.isEmpty(target.getRequestedIDP())) {
- perfomLocalAuthentication(request, response, target);
-
- } else {
- Logger.info("Use IDP " + target.getRequestedIDP() + " for authentication ...");
- MOAReversionLogger.getInstance().logEvent(target.getOnlineApplicationConfiguration(),
- target, MOAIDEventConstants.AUTHPROCESS_INTERFEDERATION);
- buildPVP21AuthenticationRequest(request, response, target);
-
- }
- }
-
- public void sendTransmitAssertionQuestion(HttpServletRequest request,
- HttpServletResponse response, IRequest target, OAAuthParameter oaParam)
- throws ServletException, IOException, MOAIDException {
-
- String form = SendAssertionFormBuilder.buildForm(target.requestedModule(),
- target.requestedAction(), target.getRequestID(), oaParam,
- target.getAuthURL());
- MOAReversionLogger.getInstance().logEvent(target.getOnlineApplicationConfiguration(),
- target, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_START);
-
- response.setContentType("text/html;charset=UTF-8");
- PrintWriter out = new PrintWriter(response.getOutputStream());
- out.print(form);
- out.flush();
- }
+ /**
+ * Authenticates the authentication request {pendingReq}, which is actually processed
+ *
+ * @param httpReq HttpServletRequest
+ * @param httpResp HttpServletResponse
+ * @param protocolRequest Authentication request which is actually in process
+ *
+ * @return Return already authenticated MOASession if exists, otherwise return null
+ * @throws MOADatabaseException
+ * @throws MOAIDException
+ * @throws IOException
+ * @throws ServletException
+ *
+ */
+ public AuthenticationSession doAuthentication(HttpServletRequest httpReq,
+ HttpServletResponse httpResp, RequestImpl pendingReq) throws MOADatabaseException, ServletException, IOException, MOAIDException {
- private void buildPVP21AuthenticationRequest(HttpServletRequest request,
- HttpServletResponse response, IRequest target)
- throws ServletException, IOException, MOAIDException {
-
- boolean requiredLocalAuthentication = true;
+ //generic authentication request validation
+ if (pendingReq.isPassiv()
+ && pendingReq.forceAuth()) {
+ // conflict!
+ throw new NoPassivAuthenticationException();
+ }
+
+ //get SSO cookie from http request
+ String ssoId = ssoManager.getSSOSessionID(httpReq);
- Logger.debug("Build PVP 2.1 authentication request");
-
- //get IDP metadata
+ //check if interfederation IDP is requested
+ ssoManager.checkInterfederationIsRequested(httpReq, httpResp, pendingReq);
- OAAuthParameter idp = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(target.getRequestedIDP());
- OAAuthParameter sp = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(target.getOAURL());
-
- if (!idp.isInderfederationIDP() || !idp.isInboundSSOInterfederationAllowed()) {
- Logger.info("Requested interfederation IDP " + target.getRequestedIDP() + " is not valid for interfederation.");
- Logger.debug("isInderfederationIDP:" + String.valueOf(idp.isInderfederationIDP())
- + " isInboundSSOAllowed:" + String.valueOf(idp.isInboundSSOInterfederationAllowed()));
- Logger.info("Switch to local authentication on this IDP ... ");
-
- perfomLocalAuthentication(request, response, target);
- return;
-
- }
+ //check SSO session
+ if (ssoId != null) {
+ String correspondingMOASession = ssoManager.existsOldSSOSession(ssoId);
- try {
- EntityDescriptor idpEntity = MOAMetadataProvider.getInstance().
- getEntityDescriptor(target.getRequestedIDP());
-
- if (idpEntity != null ) {
+ if (correspondingMOASession != null) {
+ Logger.warn("Request sends an old SSO Session ID("+ssoId+")! " +
+ "Invalidate the corresponding MOASession with ID="+ correspondingMOASession);
- //fetch endpoint from IDP metadata
- SingleSignOnService redirectEndpoint = null;
- for (SingleSignOnService sss :
- idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleSignOnServices()) {
-
- // use POST binding as default if it exists
- //TODO: maybe use RedirectBinding as default
- if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) {
- redirectEndpoint = sss;
-
- } else if ( sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI) &&
- redirectEndpoint == null )
- redirectEndpoint = sss;
- }
-
- if (redirectEndpoint != null) {
-
- AuthnRequest authReq = SAML2Utils
- .createSAMLObject(AuthnRequest.class);
- SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator();
- authReq.setID(gen.generateIdentifier());
-
- //send passive AuthnRequest
- authReq.setIsPassive(idp.isPassivRequestUsedForInterfederation());
-
- authReq.setAssertionConsumerServiceIndex(0);
- authReq.setIssueInstant(new DateTime());
- Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
- String serviceURL = PVPConfiguration.getInstance().getIDPPublicPath().get(0);
- issuer.setValue(serviceURL);
-
- issuer.setFormat(NameIDType.ENTITY);
- authReq.setIssuer(issuer);
- NameIDPolicy policy = SAML2Utils
- .createSAMLObject(NameIDPolicy.class);
- policy.setAllowCreate(true);
- policy.setFormat(NameID.TRANSIENT);
- authReq.setNameIDPolicy(policy);
-
- authReq.setDestination(redirectEndpoint.getLocation());
-
- RequestedAuthnContext reqAuthContext =
- SAML2Utils.createSAMLObject(RequestedAuthnContext.class);
-
- AuthnContextClassRef authnClassRef =
- SAML2Utils.createSAMLObject(AuthnContextClassRef.class);
-
- //check if STORK protocol module is in ClassPath
- Class<?> storkRequstTemplate = null;
- Integer storkSecClass = null;
- try {
- storkRequstTemplate = Class.forName("at.gv.egovernment.moa.id.protocols.stork2.MOASTORKRequest");
- if (storkRequstTemplate != null &&
- storkRequstTemplate.isInstance(target)) {
- Object storkAuthnRequest = target.getClass().getMethod("getStorkAuthnRequest", null).invoke(target, null);
- storkSecClass = (Integer) storkAuthnRequest.getClass().getMethod("getQaa", null).invoke(storkAuthnRequest, null);
-
- }
-
- } catch (ClassNotFoundException | IllegalAccessException | IllegalArgumentException | InvocationTargetException | NoSuchMethodException | java.lang.SecurityException ex) {
-
-
- }
-
- if (sp != null && sp.isSTORKPVPGateway()) {
- //use PVP SecClass instead of STORK QAA level
- String secClass = null;
- if (storkRequstTemplate != null &&
- storkRequstTemplate.isInstance(target)) {
-
- try {
- secClass = PVPtoSTORKMapper.getInstance().mapToSecClass(
- PVPConstants.STORK_QAA_PREFIX + String.valueOf(storkSecClass));
-
- } catch (Exception e) {
- Logger.warn("STORK-QAA level can not read from STORK request. Use default QAA 4", e);
-
- }
- }
-
- if (MiscUtil.isNotEmpty(secClass))
- authnClassRef.setAuthnContextClassRef(secClass);
- else
- authnClassRef.setAuthnContextClassRef("http://www.ref.gv.at/ns/names/agiz/pvp/secclass/0-3");
-
- } else {
- if (storkRequstTemplate != null &&
- storkRequstTemplate.isInstance(target)) {
- //use requested QAA level from STORK request
- try {
- authnClassRef.setAuthnContextClassRef(
- PVPConstants.STORK_QAA_PREFIX + String.valueOf(storkSecClass));
- Logger.debug("Use STORK-QAA level " + authnClassRef.getAuthnContextClassRef()
- + " from STORK request");
-
- } catch (Exception e) {
- Logger.warn("STORK-QAA level can not read from STORK request. Use default QAA 4", e);
-
- }
-
- }
-
- if (MiscUtil.isEmpty(authnClassRef.getAuthnContextClassRef()))
- //TODO: switch to eIDAS QAA-levels
- authnClassRef.setAuthnContextClassRef("http://www.stork.gov.eu/1.0/citizenQAALevel/4");
-
- }
-
- reqAuthContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM);
- reqAuthContext.getAuthnContextClassRefs().add(authnClassRef);
- authReq.setRequestedAuthnContext(reqAuthContext);
-
- IEncoder binding = null;
- if (redirectEndpoint.getBinding().equals(
- SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
- binding = new RedirectBinding();
-
- } else if (redirectEndpoint.getBinding().equals(
- SAMLConstants.SAML2_POST_BINDING_URI)) {
- binding = new PostBinding();
-
- }
-
- binding.encodeRequest(request, response, authReq,
- redirectEndpoint.getLocation(), target.getRequestID());
-
- //build and send request without an error
- requiredLocalAuthentication = false;
-
- MOAReversionLogger.getInstance().logEvent(target.getOnlineApplicationConfiguration(),
- target, MOAIDEventConstants.AUTHPROCESS_INTERFEDERATION_IDP, idpEntity.getEntityID());
-
-
- } else {
- Logger.warn("Requested IDP " + target.getRequestedIDP()
- + " does not support POST or Redirect Binding.");
-
- }
-
- } else {
- Logger.warn("Requested IDP " + target.getRequestedIDP()
- + " is not found in InterFederation configuration");
+ revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO_INVALID);
+ authenticatedSessionStore.destroySession(correspondingMOASession);
+ ssoManager.deleteSSOSessionID(httpReq, httpResp);
}
+ }
+
+ // check if Service-Provider allows SSO sessions
+ IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
+ boolean useSSOOA = oaParam.useSSO() || oaParam.isInderfederationIDP();
+
+ revisionsLogger.logEvent(oaParam,
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_SERVICEPROVIDER, pendingReq.getOAURL());
+
+ //if a legacy request is used SSO should not be allowed in case of mandate authentication
+ boolean isUseMandateRequested = LegacyHelper.isUseMandateRequested(httpReq);
+
+ //check if SSO Session is valid
+ boolean isValidSSOSession = ssoManager.isValidSSOSession(ssoId, pendingReq);
+
+ //check if SSO is allowed for the actually executed request
+ boolean isSSOAllowed = (useSSOOA && !isUseMandateRequested);
+ pendingReq.setNeedSingleSignOnFunctionality(isSSOAllowed);
- } catch (MetadataProviderException e) {
- Logger.error("IDP metadata error." , e);
-
- } catch (NoSuchAlgorithmException e) {
- Logger.error("Build IDP authentication request FAILED.", e);
-
- } catch (MessageEncodingException e) {
- Logger.error("Build IDP authentication request FAILED.", e);
-
- } catch (SecurityException e) {
- Logger.error("Build IDP authentication request FAILED.", e);
+ //get MOASession from SSO-Cookie if SSO is allowed
+ AuthenticationSession moaSession = null;
+ if (isValidSSOSession && isSSOAllowed) {
+ String moasessionID = ssoManager.getMOASession(ssoId);
+ moaSession = authenticatedSessionStore.getSession(moasessionID);
+ if (moaSession == null)
+ Logger.info("No MOASession FOUND with provided SSO-Cookie.");
+ else {
+ Logger.debug("Found authenticated MOASession with provided SSO-Cookie.");
+ revisionsLogger.logEvent(oaParam, pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO);
+
+ }
}
+
+ //check if session is already authenticated
+ boolean tryperform = tryPerformAuthentication((RequestImpl) pendingReq, moaSession);
- if (requiredLocalAuthentication) {
- Logger.info("Switch to local authentication on this IDP ... ");
- if (idp.isPerformLocalAuthenticationOnInterfederationError())
- perfomLocalAuthentication(request, response, target);
+ //perfom SSO-Consents question if it it required
+ if (tryperform && isSSOAllowed && oaParam.useSSOQuestion()) {
+ sendTransmitAssertionQuestion(httpReq, httpResp, pendingReq, oaParam);
+ return null;
- else
- throw new AuthenticationException("auth.29", new String[]{target.getRequestedIDP()});
}
+
+ //force new authentication authentication process
+ if (pendingReq.forceAuth()) {
+ startAuthenticationProcess(httpReq, httpResp, pendingReq);
+ return null;
+
+ } else if (pendingReq.isPassiv()) {
+ if (tryperform) {
+ // Passive authentication ok!
+ revisionsLogger.logEvent(oaParam,
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_FINISHED);
+ return moaSession;
+
+ } else {
+ throw new NoPassivAuthenticationException();
+
+ }
+ } else {
+ if (tryperform) {
+ // Is authenticated .. proceed
+ revisionsLogger.logEvent(oaParam,
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_FINISHED);
+ return moaSession;
+
+ } else {
+ // Start authentication!
+ startAuthenticationProcess(httpReq, httpResp, pendingReq);
+ return null;
+ }
+ }
}
- private void perfomLocalAuthentication(HttpServletRequest request,
- HttpServletResponse response, IRequest target)
+ private void startAuthenticationProcess(HttpServletRequest httpReq,
+ HttpServletResponse httpResp, RequestImpl pendingReq)
throws ServletException, IOException, MOAIDException {
- Logger.debug("Starting authentication on this IDP ...");
-
- response.setHeader(MOAIDAuthConstants.HEADER_EXPIRES, MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
- response.setHeader(MOAIDAuthConstants.HEADER_PRAGMA, MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
- response.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
- response.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+
+ Logger.info("Starting authentication ...");
+ revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROCESS_START);
- List<String> legacyallowed_prot = AuthConfigurationProviderFactory.getInstance().getLegacyAllowedProtocols();
-
- //is legacy allowed
- boolean legacyallowed = legacyallowed_prot.contains(target.requestedModule());
+ //is legacy allowed
+ List<String> legacyallowed_prot = authConfig.getLegacyAllowedProtocols();
+ boolean legacyallowed = legacyallowed_prot.contains(pendingReq.requestedModule());
//check legacy request parameter
- boolean legacyparamavail = ParamValidatorUtils.areAllLegacyParametersAvailable(request);
+ boolean legacyparamavail = ParamValidatorUtils.areAllLegacyParametersAvailable(httpReq);
+ //create MOASession object
AuthenticationSession moasession;
try {
- //check if an MOASession exists and if not create an new MOASession
- //moasession = getORCreateMOASession(request);
- moasession = AuthenticationSessionStoreage.createSession(target);
+ moasession = authenticatedSessionStore.createSession(pendingReq);
} catch (MOADatabaseException e1) {
Logger.error("Database Error! MOASession can not be created!");
throw new MOAIDException("init.04", new Object[] {});
+
}
+ //create authentication process execution context
try {
+ // create execution context
+ ExecutionContext executionContext = new ExecutionContextImpl();
+ executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, pendingReq.getRequestID());
+ executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_INTERFEDERATION_ENTITYID,
+ MiscUtil.isNotEmpty(
+ pendingReq.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class)));
- if (legacyallowed && legacyparamavail) {
-
- // create execution context
- ExecutionContext executionContext = new ExecutionContextImpl();
- executionContext.put(MOAIDAuthConstants.PARAM_SESSIONID, moasession.getSessionID());
- executionContext.put("pendingRequestID", target.getRequestID());
-
- executionContext.put("isLegacyRequest", true);
-
- Enumeration<String> reqParamNames = request.getParameterNames();
+ boolean leagacyMode = (legacyallowed && legacyparamavail);
+ executionContext.put("isLegacyRequest", leagacyMode);
+ executionContext.put("performBKUSelection", leagacyMode
+ && MiscUtil.isEmpty(pendingReq.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class)));
+
+ //add leagcy parameters to context
+ if (leagacyMode) {
+ Enumeration<String> reqParamNames = httpReq.getParameterNames();
while(reqParamNames.hasMoreElements()) {
String paramName = reqParamNames.nextElement();
- if (MiscUtil.isNotEmpty(paramName))
- executionContext.put(paramName, request.getParameter(paramName));
+ if (MiscUtil.isNotEmpty(paramName) &&
+ MOAIDAuthConstants.LEGACYPARAMETERWHITELIST.contains(paramName))
+ executionContext.put(paramName, httpReq.getParameter(paramName));
}
-
- // create process instance
- String processDefinitionId = ModuleRegistration.getInstance().selectProcess(executionContext);
+ }
+ // create process instance
+ String processDefinitionId = ModuleRegistration.getInstance().selectProcess(executionContext);
- if (processDefinitionId == null) {
- Logger.warn("No suitable process found for SessionID " + moasession.getSessionID() );
- throw new MOAIDException("process.02",new Object[] {
- moasession.getSessionID()});
- }
+ if (processDefinitionId == null) {
+ Logger.warn("No suitable process found for SessionID " + moasession.getSessionID() );
+ throw new MOAIDException("process.02",new Object[] {
+ moasession.getSessionID()});
+ }
- String processInstanceId = processEngine.createProcessInstance(processDefinitionId, executionContext);
+ String processInstanceId = processEngine.createProcessInstance(processDefinitionId, executionContext);
- // keep process instance id in moa session
- moasession.setProcessInstanceId(processInstanceId);
+ // keep process instance id in protocol pending-request
+ pendingReq.setProcessInstanceId(processInstanceId);
- // make sure moa session has been persisted before running the process
- try {
- AuthenticationSessionStoreage.storeSession(moasession);
- } catch (MOADatabaseException e) {
- Logger.error("Database Error! MOASession is not stored!");
- throw new MOAIDException("init.04", new Object[] {
- moasession.getSessionID()});
- }
-
- // start process
- processEngine.start(processInstanceId);
-
- } else {
- MOAReversionLogger.getInstance().logEvent(target.getOnlineApplicationConfiguration(),
- target, MOAIDEventConstants.AUTHPROCESS_BKUSELECTION_INIT);
-
- //load Parameters from OnlineApplicationConfiguration
- OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance()
- .getOnlineApplicationParameter(target.getOAURL());
-
- if (oaParam == null) {
- throw new AuthenticationException("auth.00", new Object[] { target.getOAURL() });
- }
-
- else {
-
- //check if an MOASession exists and if not create an new MOASession
- //moasession = getORCreateMOASession(request);
-
- //set OnlineApplication configuration in Session
- moasession.setOAURLRequested(target.getOAURL());
- moasession.setAction(target.requestedAction());
- moasession.setModul(target.requestedModule());
- }
-
- //Build authentication form
-
-
- String publicURLPreFix = target.getAuthURL();
- if (publicURLPreFix.endsWith("/"))
- publicURLPreFix = publicURLPreFix.substring(0, publicURLPreFix.length() - 1);
- String loginForm = LoginFormBuilder.buildLoginForm(target.requestedModule(),
- target.requestedAction(), oaParam, publicURLPreFix, moasession.getSessionID());
-
- //store MOASession
- try {
- AuthenticationSessionStoreage.storeSession(moasession, target.getRequestID());
- } catch (MOADatabaseException e) {
- Logger.error("Database Error! MOASession is not stored!");
- throw new MOAIDException("init.04", new Object[] {
- moasession.getSessionID()});
- }
-
- //set MOAIDSession
- //request.getSession().setAttribute(MOA_SESSION, moasession.getSessionID());
+ //store pending-request
+ requestStoreage.storePendingRequest(pendingReq);
+
+
+ // make sure moa session has been persisted before running the process
+ try {
+ authenticatedSessionStore.storeSession(moasession);
- response.setContentType("text/html;charset=UTF-8");
- PrintWriter out = new PrintWriter(response.getOutputStream());
- out.print(loginForm);
- out.flush();
+ } catch (MOADatabaseException e) {
+ Logger.error("Database Error! MOASession is not stored!");
+ throw new MOAIDException("init.04", new Object[] {
+ moasession.getSessionID()});
}
+
+ // start process
+ processEngine.start(processInstanceId);
+
} catch (ProcessExecutionException e) {
Throwable cause = e.getCause();
if (cause != null && cause instanceof TaskExecutionException) {
@@ -746,11 +567,36 @@ public class AuthenticationManager extends MOAIDAuthConstants {
MOAIDException moaTaskCause = (MOAIDException) taskCause;
Logger.warn(taskCause);
throw moaTaskCause;
-
+
}
- }
-
- throw new MOAIDException("process.01", new Object[] { moasession.getProcessInstanceId(), moasession }, e);
- }
+ }
+
+ throw new MOAIDException("process.01", new Object[] { pendingReq.getProcessInstanceId(), moasession }, e);
+ }
+ }
+
+ private void sendTransmitAssertionQuestion(HttpServletRequest request,
+ HttpServletResponse response, IRequest target, IOAAuthParameters oaParam)
+ throws ServletException, IOException, MOAIDException {
+
+ //TODO: change to process management version!!!!
+
+ //set authenticated flag to false, because user consents is required
+ target.setAuthenticated(false);
+
+
+// String form = SendAssertionFormBuilder.buildForm(target.requestedModule(),
+// target.requestedAction(), target.getRequestID(), oaParam,
+// target.getAuthURL());
+
+ String form =null;
+
+ revisionsLogger.logEvent(target.getOnlineApplicationConfiguration(),
+ target, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_START);
+
+ response.setContentType("text/html;charset=UTF-8");
+ PrintWriter out = new PrintWriter(response.getOutputStream());
+ out.print(form);
+ out.flush();
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java
index fda92d71a..7833e795e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java
@@ -25,9 +25,7 @@ package at.gv.egovernment.moa.id.moduls;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.data.SLOInformationInterface;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java
index bdbb1b458..79e52f6e1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java
@@ -25,22 +25,12 @@ package at.gv.egovernment.moa.id.moduls;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
public interface IModulInfo {
//public List<ServletInfo> getServlets();
public String getName();
public String getPath();
-
- public IAction getAction(String action);
-
- public IRequest preProcess(HttpServletRequest request,
- HttpServletResponse response, String action, String sessionID, String transactionID)
- throws MOAIDException;
-
- public IAction canHandleRequest(HttpServletRequest request,
- HttpServletResponse response);
-
+
public boolean generateErrorMessage(Throwable e,
HttpServletRequest request, HttpServletResponse response,
IRequest protocolRequest) throws Throwable;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
index 4ae271bbc..f5d381e42 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
@@ -22,32 +22,121 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.moduls;
-import java.util.Date;
-import java.util.List;
-
-import org.opensaml.saml2.core.Attribute;
-
+import at.gv.egovernment.moa.id.auth.exception.SessionDataStorageException;
import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
public interface IRequest {
+
+ /**
+ * Indicates the module, which implements this authentication protocol.
+ * The class, which is referenced, had to implement the 'IModulInfo' interface.
+ *
+ * @return Full-qualified name of the class which implements this protocol
+ */
+ public String requestedModule();
+
+ /**
+ * Indicates the protocol specific action, which should executed if the request is processed.
+ * The class, which is referenced, had to implement the 'IAction' interface.
+ *
+ * @return Full-qualified name of the class which implements the action
+ */
+ public String requestedAction();
+
+ /**
+ * Unique identifier, which indicates the service provider.
+ * In case of SAML1 protocol, it is the OA http-GET parameter
+ *
+ * @return Unique identifier for the service provider
+ */
public String getOAURL();
+
+ /**
+ * Indicates the passive flag in authentication requests.
+ * If the passive flag is set, the identification and authentication process
+ * failed if no active SSO session is found.
+ *
+ * @return true, if the is passive flag is set in authentication request, otherwise false
+ */
public boolean isPassiv();
+
+ /**
+ * Indicates the force authentication flag in authentication request
+ * If this flag is set, a new identification and authentication process
+ * is carried out in any case.
+ *
+ * @return true, if the force authentication flag is set, otherwise false
+ */
public boolean forceAuth();
- public boolean isSSOSupported();
- public String requestedModule();
- public String requestedAction();
- public void setModule(String module);
- public void setAction(String action);
- public String getTarget();
- public void setRequestID(String id);
- public String getRequestID();
- public String getSessionIdentifier();
- public void setSessionIdentifier(String sessionIdentifier);
- public String getRequestedIDP();
- public MOAResponse getInterfederationResponse();
- public List<Attribute> getRequestedAttributes();
- public IOAAuthParameters getOnlineApplicationConfiguration();
+
+
+ /**
+ * Returns a generic request-data object with is stored with a specific identifier
+ *
+ * @param key The specific identifier of the request-data object
+ * @return The request-data object or null if no data is found with this key
+ */
+ public Object getGenericData(String key);
+
+ /**
+ * Returns a generic request-data object with is stored with a specific identifier
+ *
+ * @param key The specific identifier of the request-data object
+ * @param clazz The class type which is stored with this key
+ * @return The request-data object or null if no data is found with this key
+ */
+ public <T> T getGenericData(String key, final Class<T> clazz);
+
+ /**
+ * Store a generic data-object to request with a specific identifier
+ *
+ * @param key Identifier for this data-object
+ * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface
+ * @throws SessionDataStorageException Error message if the data-object can not stored to generic request-data storage
+ */
+ public void setGenericDataToSession(String key, Object object) throws SessionDataStorageException;
+
+ /**
+ * Hold the identifier of this request object.
+ * This identifier can be used to load the request from request storage
+ *
+ * @return Request identifier
+ */
+ public String getRequestID();
+
+
+ /**
+ * Hold the identifier of the MOASession which is associated with this request
+ *
+ * @return MOASession identifier if a associated session exists, otherwise null
+ */
+ public String getMOASessionIdentifier();
+
+
+ /**
+ * Holds a unique transaction identifier, which could be used for looging
+ * This transaction identifier is unique for a single identification and authentication process
+ *
+ * @return Unique transaction identifier.
+ */
+ public String getUniqueTransactionIdentifier();
+
+ /**
+ * Holds a unique session identifier, which could be used for logging
+ * This session identifier is unique for the full Single Sign-On session time
+ *
+ * @return Unique session identifier
+ */
+ public String getUniqueSessionIdentifier();
+
+
+ /**
+ * Hold the identifier if the process instance, which is associated with this request
+ *
+ * @return ProcessInstanceID if this request is associated with a authentication process, otherwise null
+ */
+ public String getProcessInstanceId();
+
/**
* get the IDP URL PreFix, which was used for authentication request
@@ -57,5 +146,33 @@ public interface IRequest {
public String getAuthURL();
public String getAuthURLWithOutSlash();
- //public void setTarget();
+ /**
+ * Indicates if this pending request needs authentication
+ *
+ * @return true if this request needs authentication, otherwise false
+ */
+ public boolean isNeedAuthentication();
+
+ /**
+ * Indicates, if this pending request needs Single Sign-On (SSO) functionality
+ *
+ * @return true if this request needs SSO, otherwise false
+ */
+ public boolean needSingleSignOnFunctionality();
+ public void setNeedSingleSignOnFunctionality(boolean needSSO);
+
+ /**
+ * Indicates, if this pending request is already authenticated
+ *
+ * @return true if this request is already authenticated, otherwise false
+ */
+ public boolean isAuthenticated();
+ public void setAuthenticated(boolean isAuthenticated);
+
+ /**
+ * Get get Service-Provider configuration which is associated with this request.
+ *
+ * @return Service-Provider configuration
+ */
+ public IOAAuthParameters getOnlineApplicationConfiguration();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IExceptionStore.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequestStorage.java
index 4c76a49a4..6f46edce3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IExceptionStore.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequestStorage.java
@@ -1,4 +1,4 @@
-/*******************************************************************************
+/*
* Copyright 2014 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
* Chancellery Austria - ICT staff unit, and Graz University of Technology.
@@ -19,11 +19,23 @@
* file for details on the various modules and licenses.
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.storage;
+ */
+package at.gv.egovernment.moa.id.moduls;
-public interface IExceptionStore {
- public String storeException(Throwable e);
- public Throwable fetchException(String id);
- public void removeException(String id);
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+
+/**
+ * @author tlenz
+ *
+ */
+public interface IRequestStorage {
+
+ public IRequest getPendingRequest(String pendingReqID);
+
+ public void storePendingRequest(IRequest pendingRequest) throws MOAIDException;
+
+ public void removePendingRequest(String requestID);
+
+ public String changePendingRequestID(IRequest pendingRequest) throws MOAIDException;
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java
index 99b7f4217..13768a343 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java
@@ -1,46 +1,46 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.moduls;
-
-import at.gv.egovernment.moa.id.entrypoints.DispatcherServlet;
-
-
-public class ModulUtils {
-
- public static final String UNAUTHDISPATCHER = "dispatcher";
- public static final String AUTHDISPATCHER = "dispatcher";
-
- public static String buildUnauthURL(String modul, String action, String pendingRequestID) {
- return UNAUTHDISPATCHER + "?" +
- DispatcherServlet.PARAM_TARGET_MODULE + "=" + modul + "&" +
- DispatcherServlet.PARAM_TARGET_ACTION + "=" + action + "&" +
- DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID;
- }
-
- public static String buildAuthURL(String modul, String action, String pendingRequestID) {
- return AUTHDISPATCHER +
- "?" + DispatcherServlet.PARAM_TARGET_MODULE + "=" + modul + "&" +
- DispatcherServlet.PARAM_TARGET_ACTION + "=" + action + "&" +
- DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID;
- }
-}
+///*******************************************************************************
+// * Copyright 2014 Federal Chancellery Austria
+// * MOA-ID has been developed in a cooperation between BRZ, the Federal
+// * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+// *
+// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+// * the European Commission - subsequent versions of the EUPL (the "Licence");
+// * You may not use this work except in compliance with the Licence.
+// * You may obtain a copy of the Licence at:
+// * http://www.osor.eu/eupl/
+// *
+// * Unless required by applicable law or agreed to in writing, software
+// * distributed under the Licence is distributed on an "AS IS" basis,
+// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// * See the Licence for the specific language governing permissions and
+// * limitations under the Licence.
+// *
+// * This product combines work with different licenses. See the "NOTICE" text
+// * file for details on the various modules and licenses.
+// * The "NOTICE" text file is part of the distribution. Any derivative works
+// * that you distribute must include a readable copy of the "NOTICE" text file.
+// *******************************************************************************/
+//package at.gv.egovernment.moa.id.moduls;
+//
+//import at.gv.egovernment.moa.id.entrypoints.DispatcherServlet;
+//
+//
+//public class ModulUtils {
+//
+// public static final String UNAUTHDISPATCHER = "dispatcher";
+// public static final String AUTHDISPATCHER = "dispatcher";
+//
+// public static String buildUnauthURL(String modul, String action, String pendingRequestID) {
+// return UNAUTHDISPATCHER + "?" +
+// DispatcherServlet.PARAM_TARGET_MODULE + "=" + modul + "&" +
+// DispatcherServlet.PARAM_TARGET_ACTION + "=" + action + "&" +
+// DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID;
+// }
+//
+// public static String buildAuthURL(String modul, String action, String pendingRequestID) {
+// return AUTHDISPATCHER +
+// "?" + DispatcherServlet.PARAM_TARGET_MODULE + "=" + modul + "&" +
+// DispatcherServlet.PARAM_TARGET_ACTION + "=" + action + "&" +
+// DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID;
+// }
+//}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
index cdaade1bb..bba9f66ae 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
@@ -25,45 +25,73 @@ package at.gv.egovernment.moa.id.moduls;
import java.io.Serializable;
import java.net.MalformedURLException;
import java.net.URL;
+import java.util.HashMap;
import java.util.List;
+import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import org.opensaml.saml2.core.Attribute;
+import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
+import at.gv.egovernment.moa.id.auth.exception.SessionDataStorageException;
+import at.gv.egovernment.moa.id.commons.MOAIDConstants;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
import at.gv.egovernment.moa.id.util.HTTPUtils;
+import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
public abstract class RequestImpl implements IRequest, Serializable{
- private static final long serialVersionUID = 1L;
+ public static final String DATAID_INTERFEDERATIOIDP_URL = "interIDPURL";
+ public static final String DATAID_INTERFEDERATIOIDP_RESPONSE = "interIDPResponse";
+ public static final String DATAID_REQUESTED_ATTRIBUTES = "requestedAttributes";
- private String oaURL;
- private boolean passiv = false;
- private boolean force = false;
- private boolean ssosupport = false;
+ private static final long serialVersionUID = 1L;
+
private String module = null;
private String action = null;
- private String target = null;
+
private String requestID;
- private String sessionIdentifier;
- private IOAAuthParameters OAConfiguration = null;
+ private String moaSessionIdentifier;
+ private String processInstanceId;
+
+ private String uniqueTransactionIdentifer;
+ private String uniqueSessionIdentifer;
+
+ private String oaURL;
private String authURL = null;
+
+ private IOAAuthParameters OAConfiguration = null;
+
+ private boolean passiv = false;
+ private boolean force = false;
- //MOA-ID interfederation
- private String requestedIDP = null;
- private MOAResponse response = null;
+ private boolean needAuthentication = true;
+ private boolean isAuthenticated = false;
+ private boolean needSSO = false;
+
+
+ private Map<String, Object> genericDataStorage = new HashMap<String, Object>();
/**
* @throws ConfigurationException
*
*/
- public RequestImpl(HttpServletRequest req) throws ConfigurationException {
+ public RequestImpl(HttpServletRequest req) throws ConfigurationException {
+ //set requestID
+ requestID = Random.nextRandom();
+
+ //set unique transaction identifier for logging
+ uniqueTransactionIdentifer = Random.nextRandom();
+ TransactionIDUtils.setTransactionId(uniqueTransactionIdentifer);
+
+
+ //check if End-Point is valid
String authURLString = HTTPUtils.extractAuthURLFromRequest(req);
URL authURL;
try {
@@ -122,7 +150,16 @@ public abstract class RequestImpl implements IRequest, Serializable{
this.authURL = resultURL.toExternalForm();
}
- }
+ }
+
+ //set unique session identifier
+ String uniqueID = (String) req.getAttribute(MOAIDConstants.UNIQUESESSIONIDENTIFIER);
+ if (MiscUtil.isNotEmpty(uniqueID))
+ uniqueSessionIdentifer = uniqueID;
+
+ else
+ Logger.warn("No unique session-identifier FOUND, but it should be allready set into request!?!");
+
}
/**
@@ -156,83 +193,44 @@ public abstract class RequestImpl implements IRequest, Serializable{
this.force = force;
}
- public boolean isSSOSupported() {
- return ssosupport;
- }
-
- public String requestedModule() {
- return module;
- }
-
public String requestedAction() {
return action;
}
- public void setSsosupport(boolean ssosupport) {
- this.ssosupport = ssosupport;
- }
-
- public void setModule(String module) {
- this.module = module;
- }
-
public void setAction(String action) {
this.action = action;
}
-
- public String getTarget() {
- return target;
- }
- public void setTarget(String target) {
- this.target = target;
- }
-
- public void setRequestID(String id) {
- this.requestID = id;
-
- }
-
- public String getRequestID() {
- return requestID;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.moduls.IRequest#getRequestedIDP()
+ /**
+ * @return the module
*/
- @Override
- public String getRequestedIDP() {
- return requestedIDP;
+ public String requestedModule() {
+ return module;
}
/**
- * @param requestedIDP the requestedIDP to set
+ * @param module the module to set
*/
- public void setRequestedIDP(String requestedIDP) {
- this.requestedIDP = requestedIDP;
+ public void setModule(String module) {
+ this.module = module;
}
- /**
- * @return the response
- */
- public MOAResponse getInterfederationResponse() {
- return response;
+ public void setRequestID(String id) {
+ this.requestID = id;
+
}
- /**
- * @param response the response to set
- */
- public void setInterfederationResponse(MOAResponse response) {
- this.response = response;
+ public String getRequestID() {
+ return requestID;
}
- public String getSessionIdentifier() {
- return this.sessionIdentifier;
+ public String getMOASessionIdentifier() {
+ return this.moaSessionIdentifier;
}
- public void setSessionIdentifier(String sessionIdentifier) {
- this.sessionIdentifier = sessionIdentifier;
+ public void setMOASessionIdentifier(String moaSessionIdentifier) {
+ this.moaSessionIdentifier = moaSessionIdentifier;
}
@@ -246,6 +244,36 @@ public abstract class RequestImpl implements IRequest, Serializable{
}
+ public String getUniqueTransactionIdentifier() {
+ return this.uniqueTransactionIdentifer;
+
+ }
+
+ public String getUniqueSessionIdentifier() {
+ return this.uniqueSessionIdentifer;
+
+ }
+
+ public String getProcessInstanceId() {
+ return this.processInstanceId;
+
+ }
+
+ public void setUniqueTransactionIdentifier(String id) {
+ this.uniqueTransactionIdentifer = id;
+
+ }
+
+ public void setUniqueSessionIdentifier(String id) {
+ this.uniqueSessionIdentifer = id;
+
+ }
+
+ public void setProcessInstanceId(String id) {
+ this.processInstanceId = id;
+
+ }
+
/**
* @return the authURL
*/
@@ -261,11 +289,99 @@ public abstract class RequestImpl implements IRequest, Serializable{
}
-// /**
-// * @param authURL the authURL to set
-// */
-// public void setAuthURL(String authURL) {
-// this.authURL = authURL;
-// }
+ /**
+ * @return the needAuthentication
+ */
+ public boolean isNeedAuthentication() {
+ return needAuthentication;
+ }
+
+ /**
+ * @param needAuthentication the needAuthentication to set
+ */
+ public void setNeedAuthentication(boolean needAuthentication) {
+ this.needAuthentication = needAuthentication;
+ }
+
+ /**
+ * @return the isAuthenticated
+ */
+ public boolean isAuthenticated() {
+ return isAuthenticated;
+ }
+
+ /**
+ * @param isAuthenticated the isAuthenticated to set
+ */
+ public void setAuthenticated(boolean isAuthenticated) {
+ this.isAuthenticated = isAuthenticated;
+ }
+
+ public boolean needSingleSignOnFunctionality() {
+ return needSSO;
+ }
+ public void setNeedSingleSignOnFunctionality(boolean needSSO) {
+ this.needSSO = needSSO;
+
+ }
+
+ public Object getGenericData(String key) {
+ if (MiscUtil.isNotEmpty(key)) {
+ return genericDataStorage.get(key);
+
+ }
+
+ Logger.warn("Can not load generic request-data with key='null'");
+ return null;
+ }
+
+ public <T> T getGenericData(String key, final Class<T> clazz) {
+ if (MiscUtil.isNotEmpty(key)) {
+ Object data = genericDataStorage.get(key);
+
+ if (data == null)
+ return null;
+
+ try {
+ @SuppressWarnings("unchecked")
+ T test = (T) data;
+ return test;
+
+ } catch (Exception e) {
+ Logger.warn("Generic request-data object can not be casted to requested type", e);
+ return null;
+
+ }
+
+ }
+
+ Logger.warn("Can not load generic request-data with key='null'");
+ return null;
+
+ }
+
+ public void setGenericDataToSession(String key, Object object) throws SessionDataStorageException {
+ if (MiscUtil.isEmpty(key)) {
+ Logger.warn("Generic request-data can not be stored with a 'null' key");
+ throw new SessionDataStorageException("Generic request-data can not be stored with a 'null' key", null);
+
+ }
+
+ if (object != null) {
+ if (!Serializable.class.isInstance(object)) {
+ Logger.warn("Generic request-data can only store objects which implements the 'Seralizable' interface");
+ throw new SessionDataStorageException("Generic request-data can only store objects which implements the 'Seralizable' interface", null);
+
+ }
+ }
+
+ if (genericDataStorage.containsKey(key))
+ Logger.debug("Overwrite generic request-data with key:" + key);
+ else
+ Logger.trace("Add generic request-data with key:" + key + " to session.");
+
+ genericDataStorage.put(key, object);
+
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java
index f0b12431a..66ca42398 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java
@@ -22,23 +22,32 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.moduls;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.storage.AssertionStorage;
+import at.gv.egovernment.moa.id.process.dao.ProcessInstanceStoreDAO;
+import at.gv.egovernment.moa.id.storage.ITransactionStorage;
+import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.logging.Logger;
-public class RequestStorage {
+@Service("RequestStorage")
+public class RequestStorage implements IRequestStorage{
- public static IRequest getPendingRequest(String pendingReqID) {
+ @Autowired ITransactionStorage transactionStorage;
+ @Autowired ProcessInstanceStoreDAO processInstanceStore;
+
+ @Override
+ public IRequest getPendingRequest(String pendingReqID) {
try {
- AssertionStorage storage = AssertionStorage.getInstance();
- IRequest pendingRequest = storage.get(pendingReqID, IRequest.class);
+ IRequest pendingRequest = transactionStorage.get(pendingReqID, IRequest.class);
//set transactionID and sessionID to Logger
- TransactionIDUtils.setTransactionId(((IRequest)pendingRequest).getRequestID());
- TransactionIDUtils.setSessionId(((IRequest)pendingRequest).getSessionIdentifier());
+ TransactionIDUtils.setTransactionId(pendingRequest.getUniqueTransactionIdentifier());
+ TransactionIDUtils.setSessionId(pendingRequest.getUniqueSessionIdentifier());
return pendingRequest;
@@ -49,12 +58,11 @@ public class RequestStorage {
}
}
- public static void setPendingRequest(Object pendingRequest) throws MOAIDException {
- try {
- AssertionStorage storage = AssertionStorage.getInstance();
-
+ @Override
+ public void storePendingRequest(IRequest pendingRequest) throws MOAIDException {
+ try {
if (pendingRequest instanceof IRequest) {
- storage.put(((IRequest)pendingRequest).getRequestID(), pendingRequest);
+ transactionStorage.put(((IRequest)pendingRequest).getRequestID(), pendingRequest);
} else {
throw new MOAIDException("auth.20", null);
@@ -69,12 +77,52 @@ public class RequestStorage {
}
- public static void removePendingRequest(String requestID) {
+ @Override
+ public void removePendingRequest(String requestID) {
if (requestID != null) {
- AssertionStorage storage = AssertionStorage.getInstance();
- storage.remove(requestID);
+
+ //remove process-management execution instance
+ try {
+ IRequest pendingReq = getPendingRequest(requestID);
+
+ if (pendingReq != null &&
+ pendingReq.getProcessInstanceId() != null) {
+ processInstanceStore.remove(pendingReq.getProcessInstanceId());
+
+ }
+
+ } catch (MOADatabaseException e) {
+ Logger.warn("Removing process associated with pending-request:" + requestID + " FAILED.", e);
+
+ }
+
+ transactionStorage.remove(requestID);
}
}
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.storage.IRequestStorage#changePendingRequestID(at.gv.egovernment.moa.id.moduls.IRequest)
+ */
+ @Override
+ public String changePendingRequestID(IRequest pendingRequest) throws MOAIDException {
+
+ if (pendingRequest instanceof RequestImpl) {
+ String newRequestID = Random.nextRandom();
+
+ Logger.debug("Change pendingRequestID from " + pendingRequest.getRequestID()
+ + " to " + newRequestID);
+
+ ((RequestImpl)pendingRequest).setRequestID(newRequestID);
+ storePendingRequest(pendingRequest);
+
+ return newRequestID;
+
+ } else {
+ Logger.error("PendingRequest object is not of type 'RequestImpl.class'");
+ throw new MOAIDException("internal.00", null);
+ }
+
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
index 2a618272f..89d50425b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
@@ -40,23 +40,27 @@ import org.apache.velocity.VelocityContext;
import org.apache.velocity.app.VelocityEngine;
import org.hibernate.Query;
import org.hibernate.Session;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.SessionDataStorageException;
import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.id.util.VelocityProvider;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
+@Service("MOAID_SSOManager")
public class SSOManager {
private static final String HTMLTEMPLATESDIR = "htmlTemplates/";
@@ -65,27 +69,29 @@ public class SSOManager {
private static final String SSOCOOKIE = "MOA_ID_SSO";
private static final String SSOINTERFEDERATION = "MOA_INTERFEDERATION_SSO";
- private static final int DEFAULTSSOTIMEOUT = 15 * 60; // sec
-
private static final int INTERFEDERATIONCOOKIEMAXAGE = 5 * 60;// sec
+
+ @Autowired private IAuthenticationSessionStoreage authenticatedSessionStore;
+ @Autowired protected AuthConfiguration authConfig;
- private static SSOManager instance = null;
-
- public static SSOManager getInstance() {
- if (instance == null) {
- instance = new SSOManager();
-
- }
-
- return instance;
- }
-
+ /**
+ * Check if interfederation IDP is requested via HTTP GET parameter or if interfederation cookie exists.
+ * Set the requested interfederation IDP as attribte of the {protocolRequest}
+ *
+ * @param httpReq HttpServletRequest
+ * @param httpResp HttpServletResponse
+ * @param protocolRequest Authentication request which is actually in process
+ * @throws SessionDataStorageException
+ *
+ **/
public void checkInterfederationIsRequested(HttpServletRequest httpReq, HttpServletResponse httpResp,
- IRequest protocolRequest) {
+ IRequest protocolRequest) throws SessionDataStorageException {
String interIDP = httpReq.getParameter(MOAIDAuthConstants.INTERFEDERATION_IDP);
- if (MiscUtil.isNotEmpty(protocolRequest.getRequestedIDP())) {
- Logger.debug("Protocolspecific preprocessing already set interfederation IDP " + protocolRequest.getRequestedIDP());
+ String interfederationIDP =
+ protocolRequest.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class);
+ if (MiscUtil.isNotEmpty(interfederationIDP)) {
+ Logger.debug("Protocolspecific preprocessing already set interfederation IDP " + interfederationIDP);
return;
}
@@ -95,14 +101,14 @@ public class SSOManager {
RequestImpl moaReq = (RequestImpl) protocolRequest;
if (MiscUtil.isNotEmpty(interIDP)) {
Logger.info("Receive SSO request for interfederation IDP " + interIDP);
- moaReq.setRequestedIDP(interIDP);
+ moaReq.setGenericDataToSession(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, interIDP);
} else {
//check if IDP cookie is set
String cookie = getValueFromCookie(httpReq, SSOINTERFEDERATION);
if (MiscUtil.isNotEmpty(cookie)) {
Logger.info("Receive SSO request for interfederated IDP from Cookie " + cookie);
- moaReq.setRequestedIDP(cookie);
+ moaReq.setGenericDataToSession(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, cookie);
deleteCookie(httpReq, httpResp, SSOINTERFEDERATION);
}
@@ -120,7 +126,7 @@ public class SSOManager {
}
- public boolean isValidSSOSession(String ssoSessionID, IRequest protocolRequest) throws ConfigurationException {
+ public boolean isValidSSOSession(String ssoSessionID, IRequest protocolRequest) throws ConfigurationException, SessionDataStorageException {
// search SSO Session
if (ssoSessionID == null) {
@@ -128,7 +134,7 @@ public class SSOManager {
return false;
}
- AuthenticatedSessionStore storedSession = AuthenticationSessionStoreage.isValidSessionWithSSOID(ssoSessionID, null);
+ AuthenticatedSessionStore storedSession = authenticatedSessionStore.isValidSessionWithSSOID(ssoSessionID);
if (storedSession == null)
return false;
@@ -137,7 +143,7 @@ public class SSOManager {
//check if session is out of lifetime
Date now = new Date();
- long maxSSOSessionTime = AuthConfigurationProviderFactory.getInstance().getSSOCreatedTimeOut() * 1000;
+ long maxSSOSessionTime = authConfig.getSSOCreatedTimeOut() * 1000;
Date ssoSessionValidTo = new Date(storedSession.getCreated().getTime() + maxSSOSessionTime);
if (now.after(ssoSessionValidTo)) {
Logger.info("Found outdated SSO session information. Start reauthentication process ... ");
@@ -150,12 +156,16 @@ public class SSOManager {
storedSession.isInterfederatedSSOSession() &&
!storedSession.isAuthenticated()) {
- if (MiscUtil.isEmpty(((RequestImpl) protocolRequest).getRequestedIDP())) {
- InterfederationSessionStore selectedIDP = AuthenticationSessionStoreage.searchInterfederatedIDPFORSSOWithMOASession(storedSession.getSessionid());
+ String interfederationIDP =
+ protocolRequest.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class);
+
+ if (MiscUtil.isEmpty(interfederationIDP)) {
+ InterfederationSessionStore selectedIDP = authenticatedSessionStore.searchInterfederatedIDPFORSSOWithMOASession(storedSession.getSessionid());
if (selectedIDP != null) {
//no local SSO session exist -> request interfederated IDP
- ((RequestImpl) protocolRequest).setRequestedIDP(selectedIDP.getIdpurlprefix());
+ protocolRequest.setGenericDataToSession(
+ RequestImpl.DATAID_INTERFEDERATIOIDP_URL, selectedIDP.getIdpurlprefix());
} else {
Logger.warn("MOASession is marked as interfederated SSO session but no interfederated IDP is found. Switch to local authentication ...");
@@ -174,16 +184,17 @@ public class SSOManager {
}
public String getMOASession(String ssoSessionID) {
- return AuthenticationSessionStoreage.getMOASessionSSOID(ssoSessionID);
+ return authenticatedSessionStore.getMOASessionSSOID(ssoSessionID);
}
+ //TODO: refactor for faster DB access
public String getUniqueSessionIdentifier(String ssoSessionID) {
try {
if (MiscUtil.isNotEmpty(ssoSessionID)) {
- String moaSessionID = AuthenticationSessionStoreage.getMOASessionSSOID(ssoSessionID);
+ String moaSessionID = authenticatedSessionStore.getMOASessionSSOID(ssoSessionID);
if (MiscUtil.isNotEmpty(moaSessionID)) {
- AuthenticationSessionExtensions extSessionInformation = AuthenticationSessionStoreage.getAuthenticationSessionExtensions(moaSessionID);
+ AuthenticationSessionExtensions extSessionInformation = authenticatedSessionStore.getAuthenticationSessionExtensions(moaSessionID);
return extSessionInformation.getUniqueSessionId();
}
@@ -253,14 +264,6 @@ public class SSOManager {
}
public void setSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp, String ssoId) {
- int ssoTimeOut;
- try {
- ssoTimeOut = (int) AuthConfigurationProviderFactory.getInstance().getSSOCreatedTimeOut();
-
- } catch (ConfigurationException e) {
- Logger.info("SSO Timeout can not be loaded from MOA-ID configuration. Use default Timeout with " + DEFAULTSSOTIMEOUT);
- ssoTimeOut = DEFAULTSSOTIMEOUT;
- }
setCookie(httpReq, httpResp, SSOCOOKIE, ssoId, -1);
}
@@ -285,12 +288,12 @@ public class SSOManager {
if (MiscUtil.isNotEmpty(ssoSessionID)) {
- AuthenticatedSessionStore storedSession = AuthenticationSessionStoreage.isValidSessionWithSSOID(ssoSessionID, null);
+ AuthenticatedSessionStore storedSession = authenticatedSessionStore.isValidSessionWithSSOID(ssoSessionID);
if (storedSession == null)
return false;
- InterfederationSessionStore selectedIDP = AuthenticationSessionStoreage.searchInterfederatedIDPFORSSOWithMOASessionIDPID(storedSession.getSessionid(), entityID);
+ InterfederationSessionStore selectedIDP = authenticatedSessionStore.searchInterfederatedIDPFORSSOWithMOASessionIDPID(storedSession.getSessionid(), entityID);
if (selectedIDP != null) {
//no local SSO session exist -> request interfederated IDP
@@ -317,7 +320,7 @@ public class SSOManager {
InputStream is = null;
String pathLocation = null;
try {
- String rootconfigdir = AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir();
+ String rootconfigdir = authConfig.getRootConfigFileDir();
pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEFULL;
File file = new File(new URI(pathLocation));
is = new FileInputStream(file);
@@ -359,7 +362,7 @@ public class SSOManager {
BufferedReader reader = new BufferedReader(new InputStreamReader(is ));
//set default elements to velocity context
- context.put("contextpath", AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix());
+ context.put("contextpath", authConfig.getPublicURLPrefix());
StringWriter writer = new StringWriter();
//velocityEngine.evaluate(context, writer, "SLO_Template", reader);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngine.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngine.java
index 5cf84abed..26301d664 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngine.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngine.java
@@ -61,6 +61,17 @@ public interface ProcessEngine {
*/
String createProcessInstance(String processDefinitionId) throws ProcessExecutionException;
+
+ /**
+ * Delete a process instance
+ *
+ * @param processInstanceId
+ * The identifier of the respective process.
+ * @throws ProcessExecutionException
+ * Thrown in case of error, e.g. when a {@code processInstanceId} is referenced that does not exist.
+ */
+ void deleteProcessInstance(String processInstanceId) throws ProcessExecutionException;
+
/**
* Returns the process instance with a given {@code processInstanceId}.
*
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java
index 096e5ee9e..6da695d75 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java
@@ -12,8 +12,9 @@ import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.MDC;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.process.api.ExpressionEvaluationContext;
@@ -21,13 +22,13 @@ import at.gv.egovernment.moa.id.process.api.ExpressionEvaluator;
import at.gv.egovernment.moa.id.process.api.Task;
import at.gv.egovernment.moa.id.process.dao.ProcessInstanceStore;
import at.gv.egovernment.moa.id.process.dao.ProcessInstanceStoreDAO;
-import at.gv.egovernment.moa.id.process.dao.ProcessInstanceStoreDAOImpl;
import at.gv.egovernment.moa.id.process.model.EndEvent;
import at.gv.egovernment.moa.id.process.model.ProcessDefinition;
import at.gv.egovernment.moa.id.process.model.ProcessNode;
import at.gv.egovernment.moa.id.process.model.StartEvent;
import at.gv.egovernment.moa.id.process.model.TaskInfo;
import at.gv.egovernment.moa.id.process.model.Transition;
+import at.gv.egovernment.moa.util.MiscUtil;
/**
* Process engine implementation allowing starting and continuing processes as well as providing means for cleanup actions.
@@ -36,10 +37,11 @@ public class ProcessEngineImpl implements ProcessEngine {
private Logger log = LoggerFactory.getLogger(getClass());
+ @Autowired ProcessInstanceStoreDAO piStoreDao;
+ @Autowired ApplicationContext context;
+
private ProcessDefinitionParser pdp = new ProcessDefinitionParser();
- ProcessInstanceStoreDAO piStoreDao = ProcessInstanceStoreDAOImpl.getInstance();
-
private Map<String, ProcessDefinition> processDefinitions = new ConcurrentHashMap<String, ProcessDefinition>();
private final static String MDC_CTX_PI_NAME = "processInstanceId";
@@ -176,17 +178,21 @@ public class ProcessEngineImpl implements ProcessEngine {
if (clazz != null) {
log.debug("Instantiating task implementing class '{}'.", clazz);
- Class<?> instanceClass = null;
+ Object instanceClass = null;
try {
- instanceClass = Class.forName(clazz, true, Thread.currentThread().getContextClassLoader());
+ instanceClass = context.getBean(clazz);
+
} catch (Exception e) {
throw new ProcessExecutionException("Unable to get class '" + clazz + "' associated with task '" + ti.getId() + "' .", e);
+
}
- if (!Task.class.isAssignableFrom(instanceClass)) {
+ if (instanceClass == null || !(instanceClass instanceof Task)) {
throw new ProcessExecutionException("Class '" + clazz + "' associated with task '" + ti.getId() + "' is not assignable to " + Task.class.getName() + ".");
+
}
try {
- task = (Task) instanceClass.newInstance();
+ task = (Task) instanceClass;
+
} catch (Exception e) {
throw new ProcessExecutionException("Unable to instantiate class '" + clazz + "' associated with task '" + ti.getId() + "' .", e);
}
@@ -352,5 +358,25 @@ public class ProcessEngineImpl implements ProcessEngine {
return pi;
}
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.process.ProcessEngine#deleteProcessInstance(java.lang.String)
+ */
+ @Override
+ public void deleteProcessInstance(String processInstanceId) throws ProcessExecutionException {
+ if (MiscUtil.isEmpty(processInstanceId)) {
+ throw new ProcessExecutionException("Unable to remove process instance: ProcessInstanceId is empty");
+
+ }
+
+ try {
+ piStoreDao.remove(processInstanceId);
+
+ } catch (MOADatabaseException e) {
+ throw new ProcessExecutionException("Unable to remove process instance.", e);
+
+ }
+
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAOImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAOImpl.java
index a75a5de8c..577e971db 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAOImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAOImpl.java
@@ -6,6 +6,7 @@ import org.hibernate.Transaction;
import org.hibernate.criterion.Restrictions;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Service;
import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
@@ -14,16 +15,11 @@ import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
* Database backed implementation of the {@link ProcessInstanceStoreDAO}
* interface.
*/
+@Service("ProcessInstanceStoreage")
public class ProcessInstanceStoreDAOImpl implements ProcessInstanceStoreDAO {
private Logger log = LoggerFactory.getLogger(getClass());
- private static ProcessInstanceStoreDAO instance = new ProcessInstanceStoreDAOImpl();
-
- public static ProcessInstanceStoreDAO getInstance() {
- return instance;
- }
-
@Override
public void saveOrUpdate(ProcessInstanceStore pIStore) throws MOADatabaseException {
try {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractProtocolModulController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractProtocolModulController.java
new file mode 100644
index 000000000..cc1886324
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractProtocolModulController.java
@@ -0,0 +1,268 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols;
+
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
+
+import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.servlet.AbstractController;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
+import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
+import at.gv.egovernment.moa.id.moduls.IAction;
+import at.gv.egovernment.moa.id.moduls.IModulInfo;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.RequestImpl;
+import at.gv.egovernment.moa.id.moduls.SSOManager;
+import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+
+public abstract class AbstractProtocolModulController extends AbstractController implements IModulInfo {
+
+ public static final String FINALIZEPROTOCOL_ENDPOINT = "finalizeAuthProtocol";
+
+ @Autowired protected ApplicationContext applicationContext;
+ @Autowired private SSOManager ssomanager;
+ @Autowired protected AuthenticationManager authmanager;
+ @Autowired protected IAuthenticationSessionStoreage authenticatedSessionStorage;
+ @Autowired private AuthenticationDataBuilder authDataBuilder;
+
+ /**
+ * Initialize an authentication process for this protocol request
+ *
+ * @param httpReq HttpServletRequest
+ * @param httpResp HttpServletResponse
+ * @param protocolRequest Authentication request which is actually in process
+ * @throws IOException
+ */
+ protected void performAuthentication(HttpServletRequest req, HttpServletResponse resp,
+ RequestImpl pendingReq) throws IOException {
+ try {
+ if (pendingReq.isNeedAuthentication()) {
+ //request needs authentication --> start authentication process ...
+
+ //load Parameters from OnlineApplicationConfiguration
+ IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
+
+ if (oaParam == null) {
+ throw new AuthenticationException("auth.00", new Object[] { pendingReq.getOAURL() });
+ }
+
+
+ AuthenticationSession moaSession = authmanager.doAuthentication(req, resp, pendingReq);
+ if (moaSession != null) {
+ //authenticated MOASession already exists --> protocol-specific postProcessing can start directly
+ finalizeAuthenticationProcess(req, resp, pendingReq, moaSession);
+
+ }
+
+ } else {
+ executeProtocolSpecificAction(req, resp, pendingReq, null);
+
+ }
+
+ } catch (Exception e) {
+ buildProtocolSpecificErrorResponse(e, req, resp, pendingReq);
+
+ }
+ }
+
+ /**
+ * Finalize the requested protocol operation
+ *
+ * @param httpReq HttpServletRequest
+ * @param httpResp HttpServletResponse
+ * @param protocolRequest Authentication request which is actually in process
+ * @param moaSession MOASession object, which is used to generate the protocol specific authentication information
+ * @throws Exception
+ */
+ protected void finalizeAuthenticationProcess(HttpServletRequest req, HttpServletResponse resp,
+ IRequest pendingReq, AuthenticationSession moaSession) throws Exception {
+
+ String newSSOSessionId = null;
+
+ //if Single Sign-On functionality is enabled for this request
+ if (pendingReq.needSingleSignOnFunctionality()) {
+
+ //Store SSO information into database
+ newSSOSessionId = ssomanager.createSSOSessionInformations(moaSession.getSessionID(),
+ pendingReq.getOAURL());
+
+ //set SSO cookie to response
+ if (MiscUtil.isNotEmpty(newSSOSessionId)) {
+ ssomanager.setSSOSessionID(req, resp, newSSOSessionId);
+
+ } else {
+ ssomanager.deleteSSOSessionID(req, resp);
+
+ }
+
+ }
+
+ //build authenticationdata from session information and OA configuration
+ IAuthData authData = authDataBuilder.buildAuthenticationData(pendingReq, moaSession);
+
+ //execute the protocol-specific action
+ SLOInformationInterface sloInformation = executeProtocolSpecificAction(req, resp, pendingReq, authData);
+
+ //check if SSO
+ boolean isSSOCookieSetted = MiscUtil.isNotEmpty(newSSOSessionId);
+
+ //Store OA specific SSO session information if an SSO cookie is set
+ if (isSSOCookieSetted) {
+ try {
+ authenticatedSessionStorage.addSSOInformation(moaSession.getSessionID(),
+ newSSOSessionId, sloInformation, pendingReq);
+
+ } catch (AuthenticationException e) {
+ Logger.warn("SSO Session information can not be stored -> SSO is not enabled!");
+ authmanager.performOnlyIDPLogOut(req, resp, moaSession.getSessionID());
+
+ }
+
+ } else {
+ //remove MOASession from database
+ authmanager.performOnlyIDPLogOut(req, resp, moaSession.getSessionID());
+
+ }
+
+ //Advanced statistic logging
+ statisticLogger.logSuccessOperation(pendingReq, authData, isSSOCookieSetted);
+
+ }
+
+ /**
+ * Executes the requested protocol action
+ *
+ * @param httpReq HttpServletRequest
+ * @param httpResp HttpServletResponse
+ * @param protocolRequest Authentication request which is actually in process
+ * @param authData Service-provider specific authentication data
+ *
+ * @return Return Single LogOut information or null if protocol supports no SSO
+ *
+ * @throws Exception
+ */
+ private SLOInformationInterface executeProtocolSpecificAction(HttpServletRequest httpReq, HttpServletResponse httpResp,
+ IRequest pendingReq, IAuthData authData) throws Exception {
+ try {
+ // request needs no authentication --> start request processing
+ Class<?> clazz = Class.forName(pendingReq.requestedAction());
+ if (clazz == null ||
+ !clazz.isInstance(IAction.class)) {
+ Logger.fatal("Requested protocol-action processing Class is NULL or does not implement the IAction interface.");
+ throw new Exception("Requested protocol-action processing Class is NULL or does not implement the IAction interface.");
+
+ }
+
+ IAction protocolAction = (IAction) applicationContext.getBean(clazz);
+ return protocolAction.processRequest(pendingReq, httpReq, httpResp, authData);
+
+ } catch (ClassNotFoundException e) {
+ Logger.fatal("Requested Auth. protocol processing Class is NULL or does not implement the IAction interface.");
+ throw new Exception("Requested Auth. protocol processing Class is NULL or does not implement the IAction interface.");
+ }
+
+ }
+
+ protected void buildProtocolSpecificErrorResponse(Throwable throwable, HttpServletRequest req,
+ HttpServletResponse resp, IRequest protocolRequest) throws IOException {
+ try {
+
+ Class<?> clazz = Class.forName(protocolRequest.requestedModule());
+ if (clazz == null ||
+ !clazz.isInstance(IModulInfo.class)) {
+ Logger.fatal("Requested protocol module Class is NULL or does not implement the IModulInfo interface.");
+ throw new Exception("Requested protocol module Class is NULL or does not implement the IModulInfo interface.");
+
+ }
+
+ IModulInfo handlingModule = (IModulInfo) applicationContext.getBean(clazz);
+
+ if (handlingModule.generateErrorMessage(
+ throwable, req, resp, protocolRequest)) {
+
+ //log Error Message
+ statisticLogger.logErrorOperation(throwable, protocolRequest);
+
+ //remove MOASession
+ AuthenticationSession moaSession = authenticatedSessionStorage.getSession(
+ protocolRequest.getMOASessionIdentifier());
+ if (moaSession != null)
+ authmanager.performOnlyIDPLogOut(req, resp, moaSession.getSessionID());
+
+ return;
+
+ } else {
+ handleErrorNoRedirect(throwable, req, resp);
+
+ }
+
+ } catch (Throwable e) {
+ Logger.error(e);
+ handleErrorNoRedirect(throwable, req, resp);
+ }
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IModulInfo#getName()
+ */
+ @Override
+ public abstract String getName();
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IModulInfo#getPath()
+ */
+ @Override
+ public abstract String getPath();
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IModulInfo#generateErrorMessage(java.lang.Throwable, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.moduls.IRequest)
+ */
+ @Override
+ public abstract boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response,
+ IRequest protocolRequest) throws Throwable;
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IModulInfo#validate(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.moduls.IRequest)
+ */
+ @Override
+ public abstract boolean validate(HttpServletRequest request, HttpServletResponse response, IRequest pending);
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java
new file mode 100644
index 000000000..ed53d1a20
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java
@@ -0,0 +1,199 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols;
+
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+@Controller
+public class ProtocolFinalizationController extends AbstractProtocolModulController {
+
+ @RequestMapping(value = "/finalizeAuthProtocol", method = {RequestMethod.GET})
+ public void finalizeAuthProtocol(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException {
+
+ //read pendingRequest from http request
+ Object idObject = req.getParameter(PARAM_TARGET_PENDINGREQUESTID);
+ IRequest pendingReq = null;
+ String pendingRequestID = null;
+ if (idObject != null && (idObject instanceof String)) {
+ pendingRequestID = (String) idObject;
+ pendingReq = requestStorage.getPendingRequest(pendingRequestID);
+
+ }
+
+ //receive an authentication error
+ String errorid = req.getParameter(ERROR_CODE_PARAM);
+ if (errorid != null) {
+ try {
+ //load stored exception from database
+ Throwable throwable = transactionStorage.get(errorid, Throwable.class);
+ transactionStorage.remove(errorid);
+
+ if (throwable != null) {
+ if (pendingReq != null) {
+ revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR);
+
+ //build protocol-specific error message if possible
+ buildProtocolSpecificErrorResponse(throwable, req, resp, pendingReq);
+
+ //log Error Message
+ statisticLogger.logErrorOperation(throwable, pendingReq);
+
+ //get MOASession for this pendingRequest
+ AuthenticationSession moaSession =
+ authenticatedSessionStorage.getSession(
+ pendingReq.getMOASessionIdentifier());
+
+ //remove MOASession if someone is found
+ if (moaSession != null)
+ authmanager.performOnlyIDPLogOut(req, resp, moaSession.getSessionID());
+
+ return;
+
+ } else {
+ handleErrorNoRedirect(throwable, req, resp);
+
+ }
+ } else {
+ handleErrorNoRedirect(new Exception(
+ MOAIDMessageProvider.getInstance().getMessage("auth.26", null)),
+ req, resp);
+
+ }
+
+ } catch (Throwable e) {
+ Logger.error(e);
+ handleErrorNoRedirect(e, req, resp);
+
+ }
+
+ // receive a pending request
+ } else {
+ if (pendingReq == null) {
+ Logger.error("No PendingRequest with ID " + pendingRequestID + " found.!");
+ handleErrorNoRedirect(new MOAIDException("auth.28", new Object[]{pendingRequestID}), req, resp);
+ return;
+
+ }
+ try {
+ Logger.debug("Finalize PendingRequest with ID " + pendingRequestID);
+
+ //get MOASession from database
+ String sessionID = pendingReq.getMOASessionIdentifier();
+
+ // check parameter
+ if (!ParamValidatorUtils.isValidSessionID(sessionID)) {
+ throw new WrongParametersException("FinalizeAuthProtocol", PARAM_SESSIONID, "auth.12");
+
+ }
+
+ //load MOASession from database
+ AuthenticationSession moaSession = authenticatedSessionStorage.getSession(sessionID);
+ if (moaSession == null) {
+ Logger.error("No MOASession with ID " + sessionID + " found.!");
+ handleErrorNoRedirect(new MOAIDException("auth.02", new Object[]{sessionID}), req, resp);
+ return;
+
+ }
+
+ //check if MOASession and pending-request are authenticated
+ if (moaSession.isAuthenticated() && pendingReq.isAuthenticated()) {
+ finalizeAuthenticationProcess(req, resp, pendingReq, moaSession);
+
+ } else {
+ Logger.error("MOASession oder Pending-Request are not authenticated --> Abort authentication process!");
+ handleErrorNoRedirect(new MOAIDException("auth.20", null), req, resp);
+ return;
+
+ }
+
+ } catch (Exception e) {
+ Logger.error("Finalize authentication protocol FAILED." , e);
+ buildProtocolSpecificErrorResponse(e, req, resp, pendingReq);
+
+ }
+ }
+
+ //remove pending-request
+ requestStorage.removePendingRequest(pendingRequestID);
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController#getName()
+ */
+ @Override
+ public String getName() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController#getPath()
+ */
+ @Override
+ public String getPath() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController#generateErrorMessage(java.lang.Throwable, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.moduls.IRequest)
+ */
+ @Override
+ public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response,
+ IRequest protocolRequest) throws Throwable {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController#validate(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.moduls.IRequest)
+ */
+ @Override
+ public boolean validate(HttpServletRequest request, HttpServletResponse response, IRequest pending) {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/UniqueSessionIdentifierInterceptor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/UniqueSessionIdentifierInterceptor.java
new file mode 100644
index 000000000..e8b8022c4
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/UniqueSessionIdentifierInterceptor.java
@@ -0,0 +1,93 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.servlet.HandlerInterceptor;
+import org.springframework.web.servlet.ModelAndView;
+
+import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.MOAIDConstants;
+import at.gv.egovernment.moa.id.moduls.SSOManager;
+import at.gv.egovernment.moa.id.util.Random;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public class UniqueSessionIdentifierInterceptor implements HandlerInterceptor {
+
+ @Autowired private SSOManager ssomanager;
+
+ /* (non-Javadoc)
+ * @see org.springframework.web.servlet.HandlerInterceptor#preHandle(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.Object)
+ */
+ @Override
+ public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
+ throws Exception {
+
+ //get SSO Cookie for Request
+ String ssoId = ssomanager.getSSOSessionID(request);
+
+ //search for unique session identifier
+ String uniqueSessionIdentifier = ssomanager.getUniqueSessionIdentifier(ssoId);
+ if (MiscUtil.isEmpty(uniqueSessionIdentifier))
+ uniqueSessionIdentifier = Random.nextRandom();
+ TransactionIDUtils.setSessionId(uniqueSessionIdentifier);
+
+ request.setAttribute(MOAIDConstants.UNIQUESESSIONIDENTIFIER, uniqueSessionIdentifier);
+
+ return true;
+ }
+
+ /* (non-Javadoc)
+ * @see org.springframework.web.servlet.HandlerInterceptor#postHandle(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.Object, org.springframework.web.servlet.ModelAndView)
+ */
+ @Override
+ public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
+ ModelAndView modelAndView) throws Exception {
+
+ //set security headers
+ response.setHeader(MOAIDAuthConstants.HEADER_EXPIRES, MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+ response.setHeader(MOAIDAuthConstants.HEADER_PRAGMA, MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+ response.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+ response.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+
+ }
+
+ /* (non-Javadoc)
+ * @see org.springframework.web.servlet.HandlerInterceptor#afterCompletion(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.Object, java.lang.Exception)
+ */
+ @Override
+ public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
+ throws Exception {
+ // TODO Auto-generated method stub
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
index 9327cabd7..c9a34496a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
@@ -24,6 +24,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x;
import java.util.ArrayList;
+import java.util.Arrays;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
@@ -36,8 +37,8 @@ import org.opensaml.saml2.core.AttributeQuery;
import org.opensaml.saml2.core.Response;
import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.opensaml.xml.security.SecurityException;
-
-import java.util.Arrays;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
@@ -51,15 +52,19 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AuthResponseBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
import at.gv.egovernment.moa.logging.Logger;
/**
* @author tlenz
*
*/
+@Service("AttributQueryAction")
public class AttributQueryAction implements IAction {
+ @Autowired IAuthenticationSessionStoreage authenticationSessionStorage;
+ @Autowired private AuthenticationDataBuilder authDataBuilder;
+
private final static List<String> DEFAULTSTORKATTRIBUTES = Arrays.asList(
new String[]{PVPConstants.EID_STORK_TOKEN_NAME});
@@ -86,7 +91,7 @@ public class AttributQueryAction implements IAction {
//load moaSession
String nameID = attrQuery.getSubject().getNameID().getValue();
- AuthenticationSession session = AuthenticationSessionStoreage.getSessionWithUserNameID(nameID);
+ AuthenticationSession session = authenticationSessionStorage.getSessionWithUserNameID(nameID);
if (session == null) {
Logger.warn("AttributeQuery nameID does not match to an active single sign-on session.");
throw new AttributQueryException("AttributeQuery nameID does not match to an active single sign-on session.", null);
@@ -96,7 +101,7 @@ public class AttributQueryAction implements IAction {
DateTime date = new DateTime();
//generate authData
- authData = AuthenticationDataBuilder.buildAuthenticationData(req, session, attrQuery.getAttributes());
+ authData = authDataBuilder.buildAuthenticationData(req, session, attrQuery.getAttributes());
//add default attributes in case of mandates or STORK is in use
List<String> attrList = addDefaultAttributes(attrQuery, authData);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
index 04b7854b1..eb4cb8a18 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
@@ -25,6 +25,8 @@ package at.gv.egovernment.moa.id.protocols.pvp2x;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.springframework.stereotype.Service;
+
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.data.SLOInformationImpl;
@@ -33,6 +35,7 @@ import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler.RequestManager;
+@Service("PVPAuthenticationRequestAction")
public class AuthenticationAction implements IAction {
public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq,
@@ -54,7 +57,8 @@ public class AuthenticationAction implements IAction {
}
public String getDefaultActionName() {
- return (PVP2XProtocol.REDIRECT);
+ return "PVPAuthenticationRequestAction";
+
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
index 50f91df44..5c1c60dc8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
@@ -62,6 +62,8 @@ import org.opensaml.xml.security.x509.X509Credential;
import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory;
import org.opensaml.xml.signature.Signature;
import org.opensaml.xml.signature.Signer;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
import org.w3c.dom.Document;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
@@ -79,15 +81,18 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableEx
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.logging.Logger;
+@Service("pvpMetadataService")
public class MetadataAction implements IAction {
private static final int VALIDUNTIL_IN_HOURS = 24;
-
+
+ @Autowired private MOAReversionLogger revisionsLogger;
+
public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq,
HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
try {
- MOAReversionLogger.getInstance().logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_PVP_METADATA);
+ revisionsLogger.logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_PVP_METADATA);
EntitiesDescriptor idpEntitiesDescriptor =
SAML2Utils.createSAMLObject(EntitiesDescriptor.class);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index c0ec086ed..fc4928366 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -23,10 +23,7 @@
package at.gv.egovernment.moa.id.protocols.pvp2x;
import java.io.IOException;
-import java.util.ArrayList;
import java.util.Arrays;
-import java.util.HashMap;
-import java.util.Iterator;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
@@ -55,10 +52,11 @@ import org.opensaml.ws.security.SecurityPolicyException;
import org.opensaml.xml.io.MarshallingException;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.signature.SignableXMLObject;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
-import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
@@ -66,14 +64,9 @@ import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.moduls.IAction;
-import at.gv.egovernment.moa.id.moduls.IModulInfo;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException;
-import at.gv.egovernment.moa.id.moduls.RequestImpl;
-import at.gv.egovernment.moa.id.moduls.RequestStorage;
-import at.gv.egovernment.moa.id.moduls.SSOManager;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IDecoder;
+import at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
@@ -103,7 +96,8 @@ import at.gv.egovernment.moa.id.util.VelocityLogAdapter;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
-public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo {
+@Controller
+public class PVP2XProtocol extends AbstractProtocolModulController {
public static final String NAME = PVP2XProtocol.class.getName();
public static final String PATH = "id_pvp2x";
@@ -119,41 +113,15 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo {
public static final String ENDPOINT_SP = "sp";
public static final String PARAMETER_ENDPOINT = "endpointtype";
-
- private static List<IDecoder> decoder = new ArrayList<IDecoder>();
-
- private static HashMap<String, IAction> actions = new HashMap<String, IAction>();
-
+
public static final List<String> DEFAULTREQUESTEDATTRFORINTERFEDERATION = Arrays.asList(
new String[] {
PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME
});
- static {
- decoder.add(new PostBinding());
- decoder.add(new RedirectBinding());
- decoder.add(new SoapBinding());
-
- actions.put(REDIRECT, new AuthenticationAction());
- actions.put(POST, new AuthenticationAction());
- actions.put(METADATA, new MetadataAction());
- actions.put(ATTRIBUTEQUERY, new AttributQueryAction());
- actions.put(SINGLELOGOUT, new SingleLogOutAction());
-
- //TODO: insert getArtifact action
-
- instance = new PVP2XProtocol();
-
+ static {
new VelocityLogAdapter();
- }
-
- private static PVP2XProtocol instance = null;
-
- public static PVP2XProtocol getInstance() {
- if (instance == null) {
- instance = new PVP2XProtocol();
- }
- return instance;
+
}
public String getName() {
@@ -163,65 +131,139 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo {
public String getPath() {
return PATH;
}
-
- private IDecoder findDecoder(String action, HttpServletRequest req) {
- Iterator<IDecoder> decoderIT = decoder.iterator();
- while (decoderIT.hasNext()) {
- IDecoder decoder = decoderIT.next();
- if (decoder.handleDecode(action, req)) {
- return decoder;
- }
- }
-
- return null;
- }
-
- private boolean isServiceProviderEndPointUsed(HttpServletRequest req) throws InvalidProtocolRequestException {
- Object obj = req.getParameter(PARAMETER_ENDPOINT);
- if (obj instanceof String) {
- String param = (String) obj;
- if (MiscUtil.isNotEmpty(param)) {
- if (ENDPOINT_IDP.equals(param))
- return false;
-
- else if (ENDPOINT_SP.equals(param))
- return true;
- }
- }
-
- Logger.error("No valid PVP 2.1 entpoint descriptor");
- throw new InvalidProtocolRequestException("pvp2.20", new Object[] {});
- }
public PVP2XProtocol() {
super();
}
-
- public IRequest preProcess(HttpServletRequest request,
- HttpServletResponse response, String action,
- String sessionId, String transactionId) throws MOAIDException {
-
- if (!AuthConfigurationProviderFactory.getInstance().getAllowedProtocols().isPVP21Active()) {
+ //PVP2.x metadata end-point
+ @RequestMapping(value = "/pvp2/metadata", method = {RequestMethod.POST, RequestMethod.GET})
+ public void PVPMetadataRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException {
+ if (!authConfig.getAllowedProtocols().isPVP21Active()) {
Logger.info("PVP2.1 is deaktivated!");
throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
}
+ //create pendingRequest object
+ PVPTargetConfiguration pendingReq = new PVPTargetConfiguration(req);
+ pendingReq.setModule(NAME);
+
+ revisionsLogger.logEvent(
+ pendingReq.getUniqueSessionIdentifier(),
+ pendingReq.getUniqueTransactionIdentifier(),
+ MOAIDEventConstants.TRANSACTION_IP,
+ req.getRemoteAddr());
+
+ MetadataAction metadataAction = applicationContext.getBean(MetadataAction.class);
+ metadataAction.processRequest(new PVPTargetConfiguration(req),
+ req, resp, null);
-
- if(METADATA.equals(action)) {
- return new PVPTargetConfiguration(request);
+ }
+
+ //PVP2.x IDP POST-Binding end-point
+ @RequestMapping(value = "/pvp2/post", method = {RequestMethod.POST})
+ public void PVPIDPPostRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException {
+ if (!authConfig.getAllowedProtocols().isPVP21Active()) {
+ Logger.info("PVP2.1 is deaktivated!");
+ throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
}
- IDecoder decoder = findDecoder(action, request);
- if (decoder == null) {
- return null;
+ try {
+ //create pendingRequest object
+ PVPTargetConfiguration pendingReq = new PVPTargetConfiguration(req);
+ pendingReq.setModule(NAME);
+
+ revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier());
+ revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_CREATED, pendingReq.getUniqueTransactionIdentifier());
+ revisionsLogger.logEvent(
+ pendingReq.getUniqueSessionIdentifier(),
+ pendingReq.getUniqueTransactionIdentifier(),
+ MOAIDEventConstants.TRANSACTION_IP,
+ req.getRemoteAddr());
+
+ //get POST-Binding decoder implementation
+ PostBinding coder = applicationContext.getBean(PostBinding.class);
+ InboundMessage msg = (InboundMessage) coder.decode(req, resp, false);
+ pendingReq.setRequest(msg);
+
+ //preProcess Message
+ preProcess(req, resp, pendingReq);
+
+ } catch (SecurityPolicyException e) {
+ String samlRequest = req.getParameter("SAMLRequest");
+ Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
+ throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+
+ } catch (SecurityException e) {
+ String samlRequest = req.getParameter("SAMLRequest");
+ Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
+ throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()});
+
+ } catch (Throwable e) {
+ String samlRequest = req.getParameter("SAMLRequest");
+ Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
+
+ throw new MOAIDException(e.getMessage(), new Object[] {});
+ }
+ }
+
+ //PVP2.x IDP Redirect-Binding end-point
+ @RequestMapping(value = "/pvp2/redirect", method = {RequestMethod.GET})
+ public void PVPIDPRedirecttRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException {
+ if (!AuthConfigurationProviderFactory.getInstance().getAllowedProtocols().isPVP21Active()) {
+ Logger.info("PVP2.1 is deaktivated!");
+ throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
+
}
+
try {
+ //create pendingRequest object
+ PVPTargetConfiguration pendingReq = new PVPTargetConfiguration(req);
+ pendingReq.setModule(NAME);
+
+ revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier());
+ revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_CREATED, pendingReq.getUniqueTransactionIdentifier());
+ revisionsLogger.logEvent(
+ pendingReq.getUniqueSessionIdentifier(),
+ pendingReq.getUniqueTransactionIdentifier(),
+ MOAIDEventConstants.TRANSACTION_IP,
+ req.getRemoteAddr());
+
+ //get POST-Binding decoder implementation
+ RedirectBinding coder = applicationContext.getBean(RedirectBinding.class);
+ InboundMessage msg = (InboundMessage) coder.decode(req, resp, false);
+ pendingReq.setRequest(msg);
+
+ //preProcess Message
+ preProcess(req, resp, pendingReq);
+
+ } catch (SecurityPolicyException e) {
+ String samlRequest = req.getParameter("SAMLRequest");
+ Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
+ throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+
+ } catch (SecurityException e) {
+ String samlRequest = req.getParameter("SAMLRequest");
+ Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
+ throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()});
+
+ } catch (Throwable e) {
+ String samlRequest = req.getParameter("SAMLRequest");
+ Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
- InboundMessage msg = (InboundMessage) decoder.decode(request, response, isServiceProviderEndPointUsed(request));
+ throw new MOAIDException(e.getMessage(), new Object[] {});
+ }
+ }
+
+
+
+
+ public void preProcess(HttpServletRequest request,
+ HttpServletResponse response, PVPTargetConfiguration pendingReq) throws Throwable {
+ InboundMessage msg = pendingReq.getRequest();
+
if (MiscUtil.isEmpty(msg.getEntityID())) {
throw new InvalidProtocolRequestException("pvp2.20", new Object[] {});
@@ -236,91 +278,76 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo {
if (msg instanceof MOARequest &&
((MOARequest)msg).getSamlRequest() instanceof AuthnRequest)
- return preProcessAuthRequest(request, response, (MOARequest) msg, sessionId, transactionId);
+ preProcessAuthRequest(request, response, pendingReq);
else if (msg instanceof MOARequest &&
((MOARequest)msg).getSamlRequest() instanceof AttributeQuery)
- return preProcessAttributQueryRequest(request, response, (MOARequest) msg, sessionId, transactionId);
+ preProcessAttributQueryRequest(request, response, pendingReq);
else if (msg instanceof MOARequest &&
((MOARequest)msg).getSamlRequest() instanceof LogoutRequest)
- return preProcessLogOut(request, response, msg, sessionId, transactionId);
+ preProcessLogOut(request, response, pendingReq);
else if (msg instanceof MOAResponse &&
((MOAResponse)msg).getResponse() instanceof LogoutResponse)
- return preProcessLogOut(request, response, msg, sessionId, transactionId);
-
- else if (msg instanceof MOAResponse &&
- ((MOAResponse)msg).getResponse() instanceof Response) {
- //load service provider AuthRequest from session
-
- IRequest obj = RequestStorage.getPendingRequest(msg.getRelayState());
- if (obj instanceof RequestImpl) {
- RequestImpl iReqSP = (RequestImpl) obj;
-
- MOAReversionLogger.getInstance().logEvent(iReqSP, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_AUTHRESPONSE);
-
- MOAResponse processedMsg = preProcessAuthResponse((MOAResponse) msg);
-
- if ( processedMsg != null ) {
- iReqSP.setInterfederationResponse(processedMsg);
-
- MOAReversionLogger.getInstance().logEvent(iReqSP, MOAIDEventConstants.AUTHPROCESS_INTERFEDERATION_REVEIVED);
-
- Logger.info("Receive a valid assertion from IDP " + msg.getEntityID()
- + ". Switch to original transaction with ID " + iReqSP.getRequestID());
- TransactionIDUtils.setTransactionId(iReqSP.getRequestID());
- TransactionIDUtils.setSessionId(iReqSP.getSessionIdentifier());
-
- } else {
- Logger.info("Interfederated IDP " + msg.getEntityID() + " has NO valid SSO session."
- +". Switch back local authentication process ...");
-
- SSOManager ssomanager = SSOManager.getInstance();
- ssomanager.removeInterfederatedSSOIDP(msg.getEntityID(), request);
-
- iReqSP.setRequestedIDP(null);
-
- }
-
- return iReqSP;
-
- }
-
- Logger.error("Stored PVP21 authrequest from service provider has an unsuppored type.");
- return null;
-
- } else {
+ preProcessLogOut(request, response, pendingReq);
+
+ else {
Logger.error("Receive unsupported PVP21 message");
throw new MOAIDException("Unsupported PVP21 message", new Object[] {});
}
- } catch (PVP2Exception e) {
- String samlRequest = request.getParameter("SAMLRequest");
- Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
- throw e;
-
- } catch (SecurityPolicyException e) {
- String samlRequest = request.getParameter("SAMLRequest");
- Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
- throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+ revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(),
+ pendingReq, MOAIDEventConstants.AUTHPROTOCOL_TYPE, PATH);
- } catch (SecurityException e) {
- String samlRequest = request.getParameter("SAMLRequest");
- Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
- throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()});
+ //switch to session authentication
+ performAuthentication(request, response, pendingReq);
+
+// else if (msg instanceof MOAResponse &&
+// ((MOAResponse)msg).getResponse() instanceof Response) {
+// //load service provider AuthRequest from session
+//
+// IRequest obj = RequestStorage.getPendingRequest(msg.getRelayState());
+// if (obj instanceof RequestImpl) {
+// RequestImpl iReqSP = (RequestImpl) obj;
+//
+// MOAReversionLogger.getInstance().logEvent(iReqSP, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_AUTHRESPONSE);
+//
+// MOAResponse processedMsg = preProcessAuthResponse((MOAResponse) msg);
+//
+// if ( processedMsg != null ) {
+// iReqSP.setInterfederationResponse(processedMsg);
+//
+// MOAReversionLogger.getInstance().logEvent(iReqSP, MOAIDEventConstants.AUTHPROCESS_INTERFEDERATION_REVEIVED);
+//
+// Logger.info("Receive a valid assertion from IDP " + msg.getEntityID()
+// + ". Switch to original transaction with ID " + iReqSP.getRequestID());
+// TransactionIDUtils.setTransactionId(iReqSP.getRequestID());
+// TransactionIDUtils.setSessionId(iReqSP.getSessionIdentifier());
+//
+// } else {
+// Logger.info("Interfederated IDP " + msg.getEntityID() + " has NO valid SSO session."
+// +". Switch back local authentication process ...");
+//
+// SSOManager ssomanager = SSOManager.getInstance();
+// ssomanager.removeInterfederatedSSOIDP(msg.getEntityID(), request);
+//
+// iReqSP.setRequestedIDP(null);
+//
+// }
+//
+// return iReqSP;
+//
+// }
+//
+// Logger.error("Stored PVP21 authrequest from service provider has an unsuppored type.");
+// return null;
+
+// }
- } catch (InvalidProtocolRequestException e) {
- String samlRequest = request.getParameter("SAMLRequest");
- Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
- throw e;
- } catch (Throwable e) {
- String samlRequest = request.getParameter("SAMLRequest");
- Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
-
- throw new MOAIDException(e.getMessage(), new Object[] {});
- }
+
+
}
public boolean generateErrorMessage(Throwable e,
@@ -423,26 +450,6 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo {
return true;
}
- public IAction getAction(String action) {
- return actions.get(action);
- }
-
- public IAction canHandleRequest(HttpServletRequest request,
- HttpServletResponse response) {
- if(request.getParameter("SAMLRequest") != null && request.getMethod().equals("GET")) {
- return getAction(REDIRECT);
-
- } else if(request.getParameter("SAMLRequest") != null && request.getMethod().equals("POST")) {
- return getAction(POST);
-
- }
-
- if(METADATA.equals(request.getParameter("action"))) {
- return getAction(METADATA);
- }
- return null;
- }
-
public boolean validate(HttpServletRequest request,
HttpServletResponse response, IRequest pending) {
@@ -458,12 +465,10 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo {
* @return
* @throws MOAIDException
*/
- private IRequest preProcessLogOut(HttpServletRequest request,
- HttpServletResponse response, InboundMessage inMsg,
- String sessionId, String transactionId) throws MOAIDException {
+ private void preProcessLogOut(HttpServletRequest request,
+ HttpServletResponse response, PVPTargetConfiguration pendingReq) throws MOAIDException {
- PVPTargetConfiguration config = new PVPTargetConfiguration(request);
-
+ InboundMessage inMsg = pendingReq.getRequest();
MOARequest msg;
if (inMsg instanceof MOARequest &&
((MOARequest)inMsg).getSamlRequest() instanceof LogoutRequest) {
@@ -482,11 +487,11 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo {
Logger.info("Dispatch PVP2 SingleLogOut: OAURL=" + oaURL + " Binding=" + msg.getRequestBinding());
- config.setOAURL(oaURL);
- config.setOnlineApplicationConfiguration(oa);
- config.setBinding(msg.getRequestBinding());
+ pendingReq.setOAURL(oaURL);
+ pendingReq.setOnlineApplicationConfiguration(oa);
+ pendingReq.setBinding(msg.getRequestBinding());
- MOAReversionLogger.getInstance().logEvent(sessionId, transactionId, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_SLO);
+ revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_SLO);
@@ -524,23 +529,26 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo {
throw new MOAIDException("Unsupported request", new Object[] {});
- config.setRequest(inMsg);
- config.setAction(SINGLELOGOUT);
- return config;
+ pendingReq.setRequest(inMsg);
+ pendingReq.setAction(SINGLELOGOUT);
+
+ //Single LogOut Request needs no authentication
+ pendingReq.setNeedAuthentication(false);
+
+ //set protocol action, which should be executed
+ pendingReq.setAction(SingleLogOutAction.class.getName());
}
/**
* PreProcess AttributeQuery request
* @param request
* @param response
- * @param moaRequest
- * @return
+ * @param pendingReq
* @throws Throwable
*/
- private IRequest preProcessAttributQueryRequest(HttpServletRequest request,
- HttpServletResponse response, MOARequest moaRequest,
- String sessionId, String transactionId) throws Throwable {
-
+ private void preProcessAttributQueryRequest(HttpServletRequest request,
+ HttpServletResponse response, PVPTargetConfiguration pendingReq) throws Throwable {
+ MOARequest moaRequest = ((MOARequest)pendingReq.getRequest());
AttributeQuery attrQuery = (AttributeQuery) moaRequest.getSamlRequest();
moaRequest.setEntityID(attrQuery.getIssuer().getValue());
@@ -571,29 +579,34 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo {
}
- PVPTargetConfiguration config = new PVPTargetConfiguration(request);
- config.setRequest(moaRequest);
- config.setOAURL(moaRequest.getEntityID());
- config.setOnlineApplicationConfiguration(oa);
- config.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI);
+ pendingReq.setRequest(moaRequest);
+ pendingReq.setOAURL(moaRequest.getEntityID());
+ pendingReq.setOnlineApplicationConfiguration(oa);
+ pendingReq.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI);
+
+ //Attribute-Query Request needs authentication
+ pendingReq.setNeedAuthentication(true);
+
+ //set protocol action, which should be executed after authentication
+ pendingReq.setAction(AttributQueryAction.class.getName());
+
+ //write revisionslog entry
+ revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_ATTRIBUTQUERY);
- MOAReversionLogger.getInstance().logEvent(sessionId, transactionId, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_ATTRIBUTQUERY);
- return config;
}
/**
* PreProcess Authn request
* @param request
* @param response
- * @param moaRequest
- * @return
+ * @param pendingReq
* @throws Throwable
*/
- private IRequest preProcessAuthRequest(HttpServletRequest request,
- HttpServletResponse response, MOARequest moaRequest,
- String sessionId, String transactionId) throws Throwable {
-
+ private void preProcessAuthRequest(HttpServletRequest request,
+ HttpServletResponse response, PVPTargetConfiguration pendingReq) throws Throwable {
+
+ MOARequest moaRequest = ((MOARequest)pendingReq.getRequest());
SignableXMLObject samlReq = moaRequest.getSamlRequest();
if(!(samlReq instanceof AuthnRequest)) {
@@ -620,7 +633,6 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo {
}
-
//parse AssertionConsumerService
AssertionConsumerService consumerService = null;
if (MiscUtil.isNotEmpty(authnRequest.getAssertionConsumerServiceURL()) &&
@@ -699,21 +711,25 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo {
Logger.info("Dispatch PVP2 AuthnRequest: OAURL=" + oaURL + " Binding=" + consumerService.getBinding());
- PVPTargetConfiguration config = new PVPTargetConfiguration(request);
- config.setOAURL(oaURL);
- config.setOnlineApplicationConfiguration(oa);
- config.setBinding(consumerService.getBinding());
- config.setRequest(moaRequest);
- config.setConsumerURL(consumerService.getLocation());
+ pendingReq.setOAURL(oaURL);
+ pendingReq.setOnlineApplicationConfiguration(oa);
+ pendingReq.setBinding(consumerService.getBinding());
+ pendingReq.setRequest(moaRequest);
+ pendingReq.setConsumerURL(consumerService.getLocation());
//parse AuthRequest
- config.setPassiv(authReq.isPassive());
- config.setForce(authReq.isForceAuthn());
+ pendingReq.setPassiv(authReq.isPassive());
+ pendingReq.setForce(authReq.isForceAuthn());
+ //AuthnRequest needs authentication
+ pendingReq.setNeedAuthentication(true);
- MOAReversionLogger.getInstance().logEvent(sessionId, transactionId, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_AUTHREQUEST);
+ //set protocol action, which should be executed after authentication
+ pendingReq.setAction(AuthenticationAction.class.getName());
+
+ //write revisionslog entry
+ revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_AUTHREQUEST);
- return config;
}
/**
@@ -753,5 +769,5 @@ public class PVP2XProtocol extends MOAIDAuthConstants implements IModulInfo {
}
return null;
- }
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java
index 5062646b6..0dd309154 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java
@@ -25,27 +25,20 @@ package at.gv.egovernment.moa.id.protocols.pvp2x;
import org.opensaml.common.SAMLObject;
import org.opensaml.common.binding.artifact.SAMLArtifactMap;
import org.opensaml.xml.io.MarshallingException;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.StoredAssertion;
-import at.gv.egovernment.moa.id.storage.AssertionStorage;
+import at.gv.egovernment.moa.id.storage.ITransactionStorage;
+@Service("PVPAssertionStorage")
public class PVPAssertionStorage implements SAMLArtifactMap {
-
- private static PVPAssertionStorage instance = null;
-
- public static PVPAssertionStorage getInstance() {
- if(instance == null) {
- instance = new PVPAssertionStorage();
- }
- return instance;
- }
-
- //private Map<String, SAMLArtifactMapEntry> assertions = new HashMap<String, SAMLArtifactMapEntry>();
- private AssertionStorage assertions = AssertionStorage.getInstance();
+ @Autowired private ITransactionStorage transactionStorage;
+
public boolean contains(String artifact) {
- return assertions.containsKey(artifact);
+ return transactionStorage.containsKey(artifact);
}
public void put(String artifact, String relyingPartyId, String issuerId,
@@ -56,7 +49,7 @@ public class PVPAssertionStorage implements SAMLArtifactMap {
samlMessage);
try {
- assertions.put(artifact, assertion);
+ transactionStorage.put(artifact, assertion);
} catch (MOADatabaseException e) {
// TODO Insert Error Handling, if Assertion could not be stored
@@ -66,7 +59,7 @@ public class PVPAssertionStorage implements SAMLArtifactMap {
public SAMLArtifactMapEntry get(String artifact) {
try {
- return assertions.get(artifact, SAMLArtifactMapEntry.class);
+ return transactionStorage.get(artifact, SAMLArtifactMapEntry.class);
} catch (MOADatabaseException e) {
// TODO Insert Error Handling, if Assertion could not be read
@@ -76,7 +69,7 @@ public class PVPAssertionStorage implements SAMLArtifactMap {
}
public void remove(String artifact) {
- assertions.remove(artifact);
+ transactionStorage.remove(artifact);
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
index 0b402a0fd..07367e1d0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
@@ -43,7 +43,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
import at.gv.egovernment.moa.logging.Logger;
public class PVPTargetConfiguration extends RequestImpl {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
index 582f5939d..8928aaeca 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
@@ -37,6 +37,8 @@ import org.hibernate.Transaction;
import org.opensaml.saml2.core.LogoutRequest;
import org.opensaml.saml2.core.LogoutResponse;
import org.opensaml.saml2.metadata.SingleLogoutService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
@@ -57,8 +59,8 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SLOException;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
-import at.gv.egovernment.moa.id.storage.AssertionStorage;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.storage.ITransactionStorage;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -68,8 +70,14 @@ import at.gv.egovernment.moa.util.URLEncoder;
* @author tlenz
*
*/
+@Service("pvpSingleLogOutService")
public class SingleLogOutAction implements IAction {
+ @Autowired private SSOManager ssomanager;
+ @Autowired private AuthenticationManager authManager;
+ @Autowired private IAuthenticationSessionStoreage authenticationSessionStorage;
+ @Autowired private ITransactionStorage transactionStorage;
+
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.data.IAuthData)
*/
@@ -87,7 +95,7 @@ public class SingleLogOutAction implements IAction {
LogoutRequest logOutReq = (LogoutRequest) samlReq.getSamlRequest();
AuthenticationSession session =
- AuthenticationSessionStoreage.searchMOASessionWithNameIDandOAID(
+ authenticationSessionStorage.searchMOASessionWithNameIDandOAID(
logOutReq.getIssuer().getValue(),
logOutReq.getNameID().getValue());
@@ -96,7 +104,6 @@ public class SingleLogOutAction implements IAction {
+ logOutReq.getNameID().getValue() + " and OA "
+ logOutReq.getIssuer().getValue());
Logger.info("Search active SSO session with SSO session cookie");
- SSOManager ssomanager = SSOManager.getInstance();
String ssoID = ssomanager.getSSOSessionID(httpReq);
if (MiscUtil.isEmpty(ssoID)) {
Logger.info("Can not find active Session. Single LogOut not possible!");
@@ -110,7 +117,7 @@ public class SingleLogOutAction implements IAction {
} else {
String moasession = ssomanager.getMOASession(ssoID);
try {
- session = AuthenticationSessionStoreage.getSession(moasession);
+ session = authenticationSessionStorage.getSession(moasession);
} catch (MOADatabaseException e) {
Logger.info("Can not find active Session. Single LogOut not possible!");
@@ -124,8 +131,7 @@ public class SingleLogOutAction implements IAction {
}
}
}
-
- AuthenticationManager authManager = AuthenticationManager.getInstance();
+
authManager.performSingleLogOut(httpReq, httpResp, session, pvpReq);
} else if (pvpReq.getRequest() instanceof MOAResponse &&
@@ -235,7 +241,7 @@ public class SingleLogOutAction implements IAction {
else
statusCode = MOAIDAuthConstants.SLOSTATUS_ERROR;
- AssertionStorage.getInstance().put(artifact, statusCode);
+ transactionStorage.put(artifact, statusCode);
redirectURL = addURLParameter(redirectURL, MOAIDAuthConstants.PARAM_SLOSTATUS, artifact);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java
deleted file mode 100644
index 4d353ffcd..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java
+++ /dev/null
@@ -1,121 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.velocity.app.VelocityEngine;
-import org.apache.velocity.runtime.RuntimeConstants;
-import org.opensaml.common.SAMLObject;
-import org.opensaml.common.binding.BasicSAMLMessageContext;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.binding.encoding.HTTPArtifactEncoder;
-import org.opensaml.saml2.core.RequestAbstractType;
-import org.opensaml.saml2.core.StatusResponseType;
-import org.opensaml.saml2.metadata.SingleSignOnService;
-import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder;
-import org.opensaml.ws.message.decoder.MessageDecodingException;
-import org.opensaml.ws.message.encoder.MessageEncodingException;
-import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
-import org.opensaml.xml.security.SecurityException;
-import org.opensaml.xml.security.credential.Credential;
-import org.opensaml.xml.signature.Signature;
-
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPAssertionStorage;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
-
-public class ArtifactBinding implements IDecoder, IEncoder {
-
- public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
- RequestAbstractType request, String targetLocation, String relayState)
- throws MessageEncodingException, SecurityException {
-
- }
-
- public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
- StatusResponseType response, String targetLocation, String relayState)
- throws MessageEncodingException, SecurityException {
- try {
- Credential credentials = CredentialProvider
- .getIDPAssertionSigningCredential();
-
- Signature signer = CredentialProvider.getIDPSignature(credentials);
- response.setSignature(signer);
-
- VelocityEngine engine = new VelocityEngine();
- engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8");
- engine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8");
- engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8");
- engine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath");
- engine.setProperty("classpath.resource.loader.class",
- "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader");
- engine.init();
-
- HTTPArtifactEncoder encoder = new HTTPArtifactEncoder(engine,
- "resources/templates/pvp_postbinding_template.html",
- PVPAssertionStorage.getInstance());
-
- encoder.setPostEncoding(false);
- HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
- resp, true);
- BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
- SingleSignOnService service = new SingleSignOnServiceBuilder()
- .buildObject();
- service.setBinding(SAMLConstants.SAML2_ARTIFACT_BINDING_URI);
- service.setLocation(targetLocation);
- context.setOutboundSAMLMessageSigningCredential(credentials);
- context.setPeerEntityEndpoint(service);
- context.setOutboundSAMLMessage(response);
- context.setOutboundMessageTransport(responseAdapter);
-
- encoder.encode(context);
- } catch (CredentialsNotAvailableException e) {
- e.printStackTrace();
- throw new SecurityException(e);
-
- } catch (Exception e) {
- throw new SecurityException(e);
- }
- }
-
- public InboundMessageInterface decode(HttpServletRequest req,
- HttpServletResponse resp, boolean isSPEndPoint) throws MessageDecodingException,
- SecurityException {
-
- return null;
- }
-
-
- public boolean handleDecode(String action, HttpServletRequest req) {
-
- return false;
- }
-
- public String getSAML2BindingName() {
- return SAMLConstants.SAML2_ARTIFACT_BINDING_URI;
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
index b8f7e6d80..9e176f724 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
@@ -28,7 +28,6 @@ import javax.servlet.http.HttpServletResponse;
import org.apache.velocity.app.VelocityEngine;
import org.opensaml.common.SAMLObject;
import org.opensaml.common.binding.BasicSAMLMessageContext;
-import org.opensaml.common.binding.SAMLMessageContext;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.binding.decoding.HTTPPostDecoder;
import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;
@@ -48,6 +47,7 @@ import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
import org.opensaml.xml.parse.BasicParserPool;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.x509.X509Credential;
+import org.springframework.stereotype.Service;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
@@ -67,6 +67,7 @@ import at.gv.egovernment.moa.id.util.VelocityProvider;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
+@Service("PVPPostBindingCoder")
public class PostBinding implements IDecoder, IEncoder {
public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java
deleted file mode 100644
index 7f6054f2d..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java
+++ /dev/null
@@ -1,82 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.joda.time.DateTime;
-import org.opensaml.common.binding.artifact.SAMLArtifactMap.SAMLArtifactMapEntry;
-import org.opensaml.saml2.core.ArtifactResolve;
-import org.opensaml.saml2.core.ArtifactResponse;
-
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.data.SLOInformationInterface;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPAssertionStorage;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.RequestDeniedException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-import at.gv.egovernment.moa.logging.Logger;
-
-public class ArtifactResolution implements IRequestHandler {
-
- public boolean handleObject(InboundMessage obj) {
- return (obj instanceof MOARequest &&
- ((MOARequest)obj).getSamlRequest() instanceof ArtifactResolve);
- }
-
- public SLOInformationInterface process(PVPTargetConfiguration obj, HttpServletRequest req,
- HttpServletResponse resp, IAuthData authData) throws MOAIDException {
- if (!handleObject(obj.getRequest())) {
- throw new MOAIDException("pvp2.13", null);
- }
-
- ArtifactResolve artifactResolve = (ArtifactResolve) ((MOARequest)obj.getRequest()).getSamlRequest();
- String artifactID = artifactResolve.getArtifact().getArtifact();
-
- PVPAssertionStorage pvpAssertion = PVPAssertionStorage.getInstance();
-
- if (!pvpAssertion.contains(artifactID)) {
- throw new RequestDeniedException();
- } else {
- try {
- SAMLArtifactMapEntry assertion = pvpAssertion.get(artifactID);
- ArtifactResponse response = SAML2Utils
- .createSAMLObject(ArtifactResponse.class);
- response.setMessage(assertion.getSamlMessage());
- response.setIssueInstant(new DateTime());
- SoapBinding encoder = new SoapBinding();
- encoder.encodeRespone(req, resp, response, null, null);
- } catch (Exception e) {
- Logger.error("Failed to resolve artifact", e);
- }
- }
-
- return null;
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
index 059e68865..974d90e11 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
@@ -41,15 +41,14 @@ import at.gv.egovernment.moa.id.data.SLOInformationImpl;
import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.ArtifactBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AuthResponseBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.logging.Logger;
@@ -92,12 +91,7 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
if (consumerService.getBinding().equals(
SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
binding = new RedirectBinding();
-
- } else if (consumerService.getBinding().equals(
- SAMLConstants.SAML2_ARTIFACT_BINDING_URI)) {
- // TODO: not supported YET!!
- binding = new ArtifactBinding();
-
+
} else if (consumerService.getBinding().equals(
SAMLConstants.SAML2_POST_BINDING_URI)) {
binding = new PostBinding();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
index b58b09f12..f26b2a735 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
@@ -30,12 +30,9 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSupported;
public class RequestManager {
@@ -54,7 +51,7 @@ public class RequestManager {
private RequestManager() {
handler = new ArrayList<IRequestHandler>();
handler.add(new AuthnRequestHandler());
- handler.add(new ArtifactResolution());
+
}
public SLOInformationInterface handle(PVPTargetConfiguration pvpRequest, HttpServletRequest req, HttpServletResponse resp, IAuthData authData)
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
index 9dee39fe8..743caec55 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
@@ -32,6 +32,7 @@ import org.hibernate.HibernateException;
import org.hibernate.Query;
import org.hibernate.Session;
import org.hibernate.Transaction;
+import org.springframework.stereotype.Service;
import com.fasterxml.jackson.core.JsonProcessingException;
@@ -52,21 +53,22 @@ import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.EncryptedData;
import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.process.dao.ProcessInstanceStoreDAOImpl;
+import at.gv.egovernment.moa.id.moduls.RequestImpl;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
+import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.id.util.SessionEncrytionUtil;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
-public class AuthenticationSessionStoreage {
-
- //private static HashMap<String, AuthenticationSession> sessionStore = new HashMap<String, AuthenticationSession>();
+@Service("AuthenticationSessionStoreage")
+public class DBAuthenticationSessionStoreage implements IAuthenticationSessionStoreage{
private static JsonMapper mapper = new JsonMapper();
- public static boolean isAuthenticated(String moaSessionID) {
+ @Override
+ public boolean isAuthenticated(String moaSessionID) {
AuthenticatedSessionStore session;
@@ -79,7 +81,8 @@ public class AuthenticationSessionStoreage {
}
}
- public static AuthenticationSession createSession(IRequest target) throws MOADatabaseException, BuildException {
+ @Override
+ public AuthenticationSession createSession(IRequest target) throws MOADatabaseException, BuildException {
String id = Random.nextRandom();
try {
AuthenticatedSessionStore dbsession = new AuthenticatedSessionStore();
@@ -95,7 +98,7 @@ public class AuthenticationSessionStoreage {
//set additional session informations
AuthenticationSessionExtensions sessionExt = new AuthenticationSessionExtensions();
- sessionExt.setUniqueSessionId(target.getSessionIdentifier());
+ sessionExt.setUniqueSessionId(target.getUniqueSessionIdentifier());
dbsession.setAdditionalInformation(mapper.serialize(sessionExt));
AuthenticationSession session = new AuthenticationSession(id, now);
@@ -119,7 +122,11 @@ public class AuthenticationSessionStoreage {
}
- public static AuthenticationSession getSession(String sessionID) throws MOADatabaseException {
+ @Override
+ public AuthenticationSession getSession(String sessionID) throws MOADatabaseException {
+
+ if (MiscUtil.isEmpty(sessionID))
+ return null;
try {
AuthenticatedSessionStore dbsession = searchInDatabase(sessionID, true);
@@ -127,7 +134,7 @@ public class AuthenticationSessionStoreage {
} catch (MOADatabaseException e) {
Logger.info("No MOA Session with id: " + sessionID);
- throw new MOADatabaseException("No MOA Session with id: " + sessionID);
+ return null;
} catch (Throwable e) {
Logger.warn("MOASession deserialization-exception by using MOASessionID=" + sessionID, e);
@@ -135,7 +142,8 @@ public class AuthenticationSessionStoreage {
}
}
- public static AuthenticationSessionExtensions getAuthenticationSessionExtensions(String sessionID) throws MOADatabaseException {
+ @Override
+ public AuthenticationSessionExtensions getAuthenticationSessionExtensions(String sessionID) throws MOADatabaseException {
AuthenticatedSessionStore dbsession = searchInDatabase(sessionID, true);
if (MiscUtil.isNotEmpty(dbsession.getAdditionalInformation())) {
@@ -151,7 +159,8 @@ public class AuthenticationSessionStoreage {
}
- public static void setAuthenticationSessionExtensions(String sessionID, AuthenticationSessionExtensions sessionExtensions) throws MOADatabaseException {
+ @Override
+ public void setAuthenticationSessionExtensions(String sessionID, AuthenticationSessionExtensions sessionExtensions) throws MOADatabaseException {
try {
AuthenticatedSessionStore dbsession = searchInDatabase(sessionID, true);
@@ -174,18 +183,11 @@ public class AuthenticationSessionStoreage {
}
- public static void storeSession(AuthenticationSession session) throws MOADatabaseException, BuildException {
- storeSession(session, null);
- }
-
- public static void storeSession(AuthenticationSession session, String pendingRequestID) throws MOADatabaseException, BuildException {
-
+ @Override
+ public void storeSession(AuthenticationSession session) throws MOADatabaseException, BuildException {
try {
AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID(), true);
-
- if (MiscUtil.isNotEmpty(pendingRequestID))
- dbsession.setPendingRequestID(pendingRequestID);
-
+
encryptSession(session, dbsession);
//set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
@@ -198,10 +200,11 @@ public class AuthenticationSessionStoreage {
} catch (MOADatabaseException e) {
Logger.warn("MOASession could not be stored.");
throw new MOADatabaseException(e);
- }
+ }
}
- public static void destroySession(String moaSessionID) throws MOADatabaseException {
+ @Override
+ public void destroySession(String moaSessionID) throws MOADatabaseException {
Session session = MOASessionDBUtils.getCurrentSession();
@@ -238,52 +241,47 @@ public class AuthenticationSessionStoreage {
}
- public static String changeSessionID(AuthenticationSession session, String newSessionID) throws BuildException, AuthenticationException {
- try {
- AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID(), true);
-
-
-
- Logger.debug("Change SessionID from " + session.getSessionID()
- + "to " + newSessionID);
+ @Override
+ public String changeSessionID(AuthenticationSession session, String newSessionID) throws BuildException, MOADatabaseException {
- session.setSessionID(newSessionID);
- encryptSession(session, dbsession);
-
- dbsession.setSessionid(newSessionID);
- dbsession.setAuthenticated(session.isAuthenticated());
-
- //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
- dbsession.setUpdated(new Date());
-
- MOASessionDBUtils.saveOrUpdate(dbsession);
-
- Logger.trace("Change SessionID complete.");
-
- return newSessionID;
-
- } catch (MOADatabaseException e) {
- throw new AuthenticationException("TODO!", null);
- }
+ AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID(), true);
+
+ Logger.debug("Change SessionID from " + session.getSessionID()
+ + "to " + newSessionID);
+
+ session.setSessionID(newSessionID);
+ encryptSession(session, dbsession);
+
+ dbsession.setSessionid(newSessionID);
+ dbsession.setAuthenticated(session.isAuthenticated());
+
+ //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1
+ dbsession.setUpdated(new Date());
+ MOASessionDBUtils.saveOrUpdate(dbsession);
+ Logger.trace("Change SessionID complete.");
+ return newSessionID;
+
}
- public static String changeSessionID(AuthenticationSession session)
- throws AuthenticationException, BuildException {
+ @Override
+ public String changeSessionID(AuthenticationSession session)
+ throws BuildException, MOADatabaseException {
String id = Random.nextRandom();
return changeSessionID(session, id);
}
-
- public static void setAuthenticated(String moaSessionID, boolean value) {
+
+ @Override
+ public void setAuthenticated(String moaSessionID, boolean isAuthenticated) {
AuthenticatedSessionStore session;
try {
session = searchInDatabase(moaSessionID, true);
- session.setAuthenticated(value);
+ session.setAuthenticated(isAuthenticated);
MOASessionDBUtils.saveOrUpdate(session);
@@ -292,7 +290,8 @@ public class AuthenticationSessionStoreage {
}
}
- public static String getMOASessionSSOID(String SSOSessionID) {
+ @Override
+ public String getMOASessionSSOID(String SSOSessionID) {
MiscUtil.assertNotNull(SSOSessionID, "SSOsessionID");
Logger.trace("Get authenticated session with SSOID " + SSOSessionID + " from database.");
Session session = MOASessionDBUtils.getCurrentSession();
@@ -330,7 +329,8 @@ public class AuthenticationSessionStoreage {
}
}
- public static boolean isSSOSession(String sessionID) throws MOADatabaseException {
+ @Override
+ public boolean isSSOSession(String sessionID) throws MOADatabaseException {
try {
AuthenticatedSessionStore dbsession = searchInDatabase(sessionID, true);
return dbsession.isSSOSession();
@@ -341,7 +341,10 @@ public class AuthenticationSessionStoreage {
}
}
- public static AuthenticatedSessionStore isValidSessionWithSSOID(String SSOId, String moaSessionId) {
+ @Override
+ public AuthenticatedSessionStore isValidSessionWithSSOID(String SSOId) {
+
+ //TODO: is this method really needed??
MiscUtil.assertNotNull(SSOId, "SSOSessionID");
Logger.trace("Get authenticated session with SSOID " + SSOId + " from database.");
Session session = MOASessionDBUtils.getCurrentSession();
@@ -376,7 +379,8 @@ public class AuthenticationSessionStoreage {
}
}
- public static void addSSOInformation(String moaSessionID, String SSOSessionID,
+ @Override
+ public void addSSOInformation(String moaSessionID, String SSOSessionID,
SLOInformationInterface SLOInfo, IRequest protocolRequest) throws AuthenticationException {
AuthenticatedSessionStore dbsession;
@@ -482,7 +486,8 @@ public class AuthenticationSessionStoreage {
}
}
- public static List<OASessionStore> getAllActiveOAFromMOASession(AuthenticationSession moaSession) {
+ @Override
+ public List<OASessionStore> getAllActiveOAFromMOASession(AuthenticationSession moaSession) {
MiscUtil.assertNotNull(moaSession, "MOASession");
Session session = null;
@@ -513,7 +518,8 @@ public class AuthenticationSessionStoreage {
return null;
}
- public static List<InterfederationSessionStore> getAllActiveIDPsFromMOASession(AuthenticationSession moaSession) {
+ @Override
+ public List<InterfederationSessionStore> getAllActiveIDPsFromMOASession(AuthenticationSession moaSession) {
MiscUtil.assertNotNull(moaSession, "MOASession");
Session session = null;
try {
@@ -542,7 +548,8 @@ public class AuthenticationSessionStoreage {
return null;
}
- public static AuthenticationSession searchMOASessionWithNameIDandOAID(String oaID, String userNameID) {
+ @Override
+ public AuthenticationSession searchMOASessionWithNameIDandOAID(String oaID, String userNameID) {
MiscUtil.assertNotNull(oaID, "OnlineApplicationIdentifier");
MiscUtil.assertNotNull(userNameID, "userNameID");
Logger.trace("Get moaSession for userNameID " + userNameID + " and OA "
@@ -586,7 +593,8 @@ public class AuthenticationSessionStoreage {
}
- public static OASessionStore searchActiveOASSOSession(AuthenticationSession moaSession, String oaID, String protocolType) {
+ @Override
+ public OASessionStore searchActiveOASSOSession(AuthenticationSession moaSession, String oaID, String protocolType) {
MiscUtil.assertNotNull(moaSession, "MOASession");
MiscUtil.assertNotNull(oaID, "OnlineApplicationIdentifier");
MiscUtil.assertNotNull(protocolType, "usedProtocol");
@@ -627,95 +635,8 @@ public class AuthenticationSessionStoreage {
}
}
- public static String getPendingRequestID(String sessionID) {
- try {
- AuthenticatedSessionStore dbsession = searchInDatabase(sessionID, true);
- return dbsession.getPendingRequestID();
-
- } catch (MOADatabaseException e) {
- Logger.warn("MOASession with ID " + sessionID + " not found");
- return "";
- }
- }
-
- public static AuthenticationSession getSessionWithPendingRequestID(String pedingRequestID) {
- Transaction tx = null;
- try {
- MiscUtil.assertNotNull(pedingRequestID, "pedingRequestID");
- Logger.trace("Get authenticated session with pedingRequestID " + pedingRequestID + " from database.");
- Session session = MOASessionDBUtils.getCurrentSession();
-
- List<AuthenticatedSessionStore> result;
-
- synchronized (session) {
- tx = session.beginTransaction();
- Query query = session.getNamedQuery("getSessionWithPendingRequestID");
- query.setParameter("sessionid", pedingRequestID);
- result = query.list();
-
- //send transaction
- tx.commit();
- }
-
- Logger.trace("Found entries: " + result.size());
-
- //Assertion requires an unique artifact
- if (result.size() != 1) {
- Logger.trace("No entries found.");
- return null;
- }
-
- return decryptSession(result.get(0));
-
- } catch (Throwable e) {
- Logger.warn("MOASession deserialization-exception by using MOASessionID=" + pedingRequestID);
-
- if (tx != null && !tx.wasCommitted())
- tx.rollback();
-
- return null;
-
- }
- }
-
- public static boolean deleteSessionWithPendingRequestID(String id) {
- MiscUtil.assertNotNull(id, "PendingRequestID");
- Logger.trace("Delete MOAsession with PendingRequestID " + id + " from database.");
- Session session = MOASessionDBUtils.getCurrentSession();
-
- List<AuthenticatedSessionStore> result;
- Transaction tx = null;
- try {
- synchronized (session) {
- tx = session.beginTransaction();
- Query query = session.getNamedQuery("getSessionWithPendingRequestID");
- query.setParameter("sessionid", id);
- result = query.list();
-
- //send transaction
- tx.commit();
-
- Logger.trace("Found entries: " + result.size());
-
- //Assertion requires an unique artifact
- if (result.size() != 1) {
- Logger.trace("No entries found.");
- return false;
-
- } else {
- cleanDelete(result.get(0));
- return true;
- }
- }
-
- } catch (Exception e) {
- if (tx != null && !tx.wasCommitted())
- tx.rollback();
- throw e;
- }
- }
-
- public static AuthenticationSession getSessionWithUserNameID(String nameID) {
+ @Override
+ public AuthenticationSession getSessionWithUserNameID(String nameID) {
Transaction tx = null;
try {
@@ -753,8 +674,9 @@ public class AuthenticationSessionStoreage {
}
}
-
- public static InterfederationSessionStore searchInterfederatedIDPFORSSOWithMOASession(String sessionID) {
+
+ @Override
+ public InterfederationSessionStore searchInterfederatedIDPFORSSOWithMOASession(String sessionID) {
MiscUtil.assertNotNull(sessionID, "MOASession");
Logger.trace("Get interfederated IDP for SSO with sessionID " + sessionID + " from database.");
Session session = MOASessionDBUtils.getCurrentSession();
@@ -789,7 +711,8 @@ public class AuthenticationSessionStoreage {
}
}
- public static InterfederationSessionStore searchInterfederatedIDPFORSSOWithMOASessionIDPID(String sessionID, String idpID) {
+ @Override
+ public InterfederationSessionStore searchInterfederatedIDPFORSSOWithMOASessionIDPID(String sessionID, String idpID) {
MiscUtil.assertNotNull(sessionID, "MOASession");
MiscUtil.assertNotNull(idpID, "Interfederated IDP ID");
Logger.trace("Get interfederated IDP "+ idpID + " for SSO with sessionID " + sessionID + " from database.");
@@ -826,7 +749,7 @@ public class AuthenticationSessionStoreage {
}
}
- public static String createInterfederatedSession(IRequest req, boolean isAuthenticated, String ssoID) throws MOADatabaseException, AssertionAttributeExtractorExeption, BuildException {
+ public String createInterfederatedSession(IRequest req, boolean isAuthenticated, String ssoID) throws MOADatabaseException, AssertionAttributeExtractorExeption, BuildException {
AuthenticatedSessionStore dbsession = null;
//search for active SSO session
@@ -863,12 +786,15 @@ public class AuthenticationSessionStoreage {
dbsession.setInterfederatedSSOSession(true);
dbsession.setAuthenticated(isAuthenticated);
dbsession.setUpdated(now);
- session.setAuthenticated(true);
- session.setAuthenticatedUsed(false);
+ session.setAuthenticated(true);
encryptSession(session, dbsession);
//add interfederation information
List<InterfederationSessionStore> idpList = dbsession.getInderfederation();
+
+ MOAResponse interfederationResp = req.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_RESPONSE, MOAResponse.class);
+ String interFedEntityID = interfederationResp.getEntityID();
+
InterfederationSessionStore idp = null;
if (idpList == null) {
idpList = new ArrayList<InterfederationSessionStore>();
@@ -877,7 +803,7 @@ public class AuthenticationSessionStoreage {
} else {
for (InterfederationSessionStore el : idpList) {
//resue old entry if interfederation IDP is reused for authentication
- if (el.getIdpurlprefix().equals(req.getInterfederationResponse().getEntityID()))
+ if (el.getIdpurlprefix().equals(interFedEntityID))
idp = el;
}
@@ -887,7 +813,7 @@ public class AuthenticationSessionStoreage {
if (idp == null) {
idp = new InterfederationSessionStore();
idp.setCreated(now);
- idp.setIdpurlprefix(req.getInterfederationResponse().getEntityID());
+ idp.setIdpurlprefix(interFedEntityID);
idp.setAuthURL(req.getAuthURL());
try {
@@ -904,7 +830,7 @@ public class AuthenticationSessionStoreage {
idpList.add(idp);
}
- AssertionAttributeExtractor extract = new AssertionAttributeExtractor(req.getInterfederationResponse().getResponse());
+ AssertionAttributeExtractor extract = new AssertionAttributeExtractor(interfederationResp.getResponse());
idp.setSessionIndex(extract.getSessionIndex());
idp.setUserNameID(extract.getNameID());
idp.setAttributesRequested(false);
@@ -923,7 +849,8 @@ public class AuthenticationSessionStoreage {
return id;
}
- public static InterfederationSessionStore searchInterfederatedIDPFORAttributeQueryWithSessionID(AuthenticationSession moaSession) {
+ @Override
+ public InterfederationSessionStore searchInterfederatedIDPFORAttributeQueryWithSessionID(AuthenticationSession moaSession) {
MiscUtil.assertNotNull(moaSession, "MOASession");
Logger.trace("Get interfederated IDP for AttributeQuery with sessionID " + moaSession.getSessionID() + " from database.");
Session session = MOASessionDBUtils.getCurrentSession();
@@ -958,11 +885,8 @@ public class AuthenticationSessionStoreage {
}
}
- /**
- * @param entityID
- * @param requestID
- */
- public static boolean removeInterfederetedSession(String entityID,
+ @Override
+ public boolean removeInterfederetedSession(String entityID,
String pedingRequestID) {
try {
@@ -974,6 +898,8 @@ public class AuthenticationSessionStoreage {
List<AuthenticatedSessionStore> result;
+ //TODO: !!!!!!!!!!! PendingRequestID does not work
+
synchronized (session) {
session.beginTransaction();
Query query = session.getNamedQuery("getSessionWithPendingRequestID");
@@ -1012,9 +938,10 @@ public class AuthenticationSessionStoreage {
}
}
- public static void clean(long now, long authDataTimeOutCreated, long authDataTimeOutUpdated) {
- Date expioredatecreate = new Date(now - authDataTimeOutCreated);
- Date expioredateupdate = new Date(now - authDataTimeOutUpdated);
+ @Override
+ public void clean(Date now, long authDataTimeOutCreated, long authDataTimeOutUpdated) {
+ Date expioredatecreate = new Date(now.getTime() - authDataTimeOutCreated);
+ Date expioredateupdate = new Date(now.getTime() - authDataTimeOutUpdated);
List<AuthenticatedSessionStore> results;
Session session = MOASessionDBUtils.getCurrentSession();
@@ -1070,16 +997,6 @@ public class AuthenticationSessionStoreage {
private static void cleanDelete(AuthenticatedSessionStore result) {
try {
- AuthenticationSession session = getSession(result.getSessionid());
- if (session.getProcessInstanceId() != null) {
- ProcessInstanceStoreDAOImpl.getInstance().remove(session.getProcessInstanceId());
- }
-
- } catch (MOADatabaseException e) {
- Logger.warn("Removing process associated with moa session " + result.getSessionid() + " FAILED.", e);
- }
-
- try {
result.setSession("blank".getBytes());
MOASessionDBUtils.saveOrUpdate(result);
@@ -1117,10 +1034,12 @@ public class AuthenticationSessionStoreage {
//Assertion requires an unique artifact
if (result.size() != 1) {
Logger.trace("No entries found.");
- throw new MOADatabaseException("No session found with this sessionID");
+ throw new MOADatabaseException("No session found with this sessionID");
+
}
return (AuthenticatedSessionStore) result.get(0);
+
} catch (Exception e) {
if (tx != null && !tx.wasCommitted() && commit)
tx.rollback();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBExceptionStoreImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBExceptionStoreImpl.java
deleted file mode 100644
index 4cddd141b..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBExceptionStoreImpl.java
+++ /dev/null
@@ -1,175 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.storage;
-
-import java.util.Date;
-import java.util.List;
-
-import org.apache.commons.lang.SerializationUtils;
-import org.hibernate.HibernateException;
-import org.hibernate.Query;
-import org.hibernate.Session;
-
-import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
-import at.gv.egovernment.moa.id.commons.db.dao.session.ExceptionStore;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.util.Random;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-public class DBExceptionStoreImpl implements IExceptionStore {
-
- private static DBExceptionStoreImpl store;
-
- public static DBExceptionStoreImpl getStore() {
- if(store == null) {
- store = new DBExceptionStoreImpl();
- }
- return store;
- }
-
- public String storeException(Throwable e) {
- String id = Random.nextRandom();
-
- Logger.debug("Store Exception with ID " + id);
-
- ExceptionStore dbexception = new ExceptionStore();
- dbexception.setExid(id);
-
- byte[] data = SerializationUtils.serialize(e);
- dbexception.setException(data);
-
- dbexception.setTimestamp(new Date());
-
- try {
- MOASessionDBUtils.saveOrUpdate(dbexception);
-
- } catch (MOADatabaseException e1) {
- Logger.warn("Exception can not be stored in Database.", e);
- return null;
- }
-
- return id;
- }
-
- public Throwable fetchException(String id) {
-
- try {
- Logger.debug("Fetch Exception with ID " + id);
-
- ExceptionStore ex = searchInDatabase(id);
-
- Object data = SerializationUtils.deserialize(ex.getException());
- if (data instanceof Throwable)
- return (Throwable) data;
-
- else {
- Logger.warn("Exeption is not of classtype Throwable");
- return null;
- }
-
-
- } catch (MOADatabaseException e) {
- Logger.info("No Exception found with ID=" + id);
- return null;
-
- } catch (Exception e) {
- Logger.warn("Exception can not deserialized from Database.",e);
- return null;
- }
-
- }
-
- public void removeException(String id) {
- try {
- ExceptionStore ex = searchInDatabase(id);
- MOASessionDBUtils.delete(ex);
-
- Logger.debug("Delete Execption with ID " + id);
-
- } catch (MOADatabaseException e) {
- Logger.info("No Exception found with ID=" + id);
- }
-
-
- }
-
- public void clean(long now, long exceptionTimeOut) {
- Date expioredate = new Date(now - exceptionTimeOut);
-
- List<ExceptionStore> results;
- Session session = MOASessionDBUtils.getCurrentSession();
-
- synchronized (session) {
- session.beginTransaction();
- Query query = session.getNamedQuery("getExceptionWithTimeOut");
- query.setTimestamp("timeout", expioredate);
- results = query.list();
- session.getTransaction().commit();
-
- if (results.size() != 0) {
- for(ExceptionStore result : results) {
- try {
- MOASessionDBUtils.delete(result);
- Logger.info("Remove Exception with ID=" + result.getExid()
- + " after timeout.");
-
- } catch (HibernateException e){
- Logger.warn("Exception with ID=" + result.getExid()
- + " not removed after timeout! (Error during Database communication)", e);
- }
-
- }
- }
- }
- }
-
- @SuppressWarnings("rawtypes")
- private ExceptionStore searchInDatabase(String id) throws MOADatabaseException {
- MiscUtil.assertNotNull(id, "exceptionID");
- Logger.trace("Getting Exception with ID " + id + " from database.");
- Session session = MOASessionDBUtils.getCurrentSession();
- List result;
-
- synchronized (session) {
- session.beginTransaction();
- Query query = session.getNamedQuery("getExceptionWithID");
- query.setParameter("id", id);
- result = query.list();
-
- //send transaction
- session.getTransaction().commit();
- }
-
- Logger.trace("Found entries: " + result.size());
-
- //Assertion requires an unique artifact
- if (result.size() != 1) {
- Logger.trace("No entries found.");
- throw new MOADatabaseException("No Exception found with ID " + id);
- }
-
- return (ExceptionStore) result.get(0);
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java
index 3b97f3b08..f33a7549c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java
@@ -30,29 +30,21 @@ import org.apache.commons.lang.SerializationUtils;
import org.hibernate.HibernateException;
import org.hibernate.Query;
import org.hibernate.Session;
+import org.springframework.stereotype.Service;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
-public class AssertionStorage {
-
- private static AssertionStorage instance = null;
-
- public static AssertionStorage getInstance() {
- if(instance == null) {
- instance = new AssertionStorage();
- }
- return instance;
- }
-
- public boolean containsKey(String artifact) {
+@Service("TransactionStorage")
+public class DBTransactionStorage implements ITransactionStorage {
+
+ public boolean containsKey(String key) {
try {
- searchInDatabase(artifact);
+ searchInDatabase(key);
return true;
} catch (MOADatabaseException e) {
@@ -61,21 +53,21 @@ public class AssertionStorage {
}
- public void put(String artifact, Object assertion) throws MOADatabaseException {
+ public void put(String key, Object value) throws MOADatabaseException {
//setup AssertionStore element
AssertionStore element = new AssertionStore();
- element.setArtifact(artifact);
- element.setType(assertion.getClass().getName());
+ element.setArtifact(key);
+ element.setType(value.getClass().getName());
element.setDatatime(new Date());
//serialize the Assertion for Database storage
- byte[] data = SerializationUtils.serialize((Serializable) assertion);
+ byte[] data = SerializationUtils.serialize((Serializable) value);
element.setAssertion(data);
//store AssertionStore element to Database
try {
MOASessionDBUtils.saveOrUpdate(element);
- Logger.info(assertion.getClass().getName() + " with ID: " + artifact + " is stored in Database");
+ Logger.info(value.getClass().getName() + " with ID: " + key + " is stored in Database");
} catch (MOADatabaseException e) {
Logger.warn("Sessioninformation could not be stored.");
throw new MOADatabaseException(e);
@@ -83,38 +75,33 @@ public class AssertionStorage {
}
-
- /**
- * @param samlArtifact
- * @param class1
- * @param authdatatimeout
- * @return
- * @throws MOADatabaseException
- * @throws AuthenticationException
- */
- public <T> T get(String samlArtifact,
+ public <T> T get(String key,
final Class<T> clazz) throws MOADatabaseException {
try {
- return get(samlArtifact, clazz, -1);
+ return get(key, clazz, -1);
} catch (AuthenticationException e) {
//this execption only occurs if an additional timeOut is used
Logger.error("This exeption should not occur!!!!", e);
return null;
+
}
}
- public <T> T get(String artifact, final Class<T> clazz, long authdatatimeout) throws MOADatabaseException, AuthenticationException {
+ public <T> T get(String key, final Class<T> clazz, long dataTimeOut) throws MOADatabaseException, AuthenticationException {
- AssertionStore element = searchInDatabase(artifact);
+ AssertionStore element = searchInDatabase(key);
- if (authdatatimeout > -1) {
+ if (dataTimeOut > -1) {
//check timeout
long now = new Date().getTime();
- if (now - element.getDatatime().getTime() > authdatatimeout)
- throw new AuthenticationException("1207", new Object[] { artifact });
+ if (now - element.getDatatime().getTime() > dataTimeOut) {
+ Logger.info("Transaction-Data with key: " + key + " is out of time.");
+ throw new AuthenticationException("1207", new Object[] { key });
+
+ }
}
@@ -128,13 +115,14 @@ public class AssertionStorage {
return test;
} catch (Exception e) {
- Logger.warn("Sessioninformation Cast-Exception by using Artifact=" + artifact);
+ Logger.warn("Sessioninformation Cast-Exception by using Artifact=" + key);
throw new MOADatabaseException("Sessioninformation Cast-Exception");
+
}
}
- public void clean(long now, long authDataTimeOut) {
- Date expioredate = new Date(now - authDataTimeOut);
+ public void clean(Date now, long dataTimeOut) {
+ Date expioredate = new Date(now.getTime() - dataTimeOut);
List<AssertionStore> results;
Session session = MOASessionDBUtils.getCurrentSession();
@@ -163,16 +151,16 @@ public class AssertionStorage {
}
}
- public void remove(String artifact) {
+ public void remove(String key) {
try {
- AssertionStore element = searchInDatabase(artifact);
+ AssertionStore element = searchInDatabase(key);
cleanDelete(element);
- Logger.info("Remove stored information with ID: " + artifact);
+ Logger.info("Remove stored information with ID: " + key);
} catch (MOADatabaseException e) {
- Logger.info("Sessioninformation not removed! (Sessioninformation with ID=" + artifact
+ Logger.info("Sessioninformation not removed! (Sessioninformation with ID=" + key
+ "not found)");
} catch (HibernateException e) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java
new file mode 100644
index 000000000..e89713b2e
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java
@@ -0,0 +1,281 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.storage;
+
+import java.util.Date;
+import java.util.List;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
+import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
+
+/**
+ * @author tlenz
+ *
+ */
+public interface IAuthenticationSessionStoreage {
+
+ /**
+ * Check if the stored MOASession is already authenticated
+ *
+ * @param moaSessionID MOASession identifier
+ * @return true if the MOASession is authenticated, otherwise false
+ */
+ public boolean isAuthenticated(String moaSessionID);
+
+ /**
+ * Create a new MOASession
+ *
+ * @param target Pending Request which is associated with this MOASession
+ * @return MOASession object
+ * @throws MOADatabaseException MOASession storage operation FAILED
+ * @throws BuildException MOASession encryption FAILED
+ */
+ public AuthenticationSession createSession(IRequest target) throws MOADatabaseException, BuildException;
+
+ /**
+ * Get a MOASession with sessionID
+ *
+ * @param sessionID SessionID which corresponds to a MOASession
+ * @return MOASession, or null if no session exists with this ID
+ * @throws MOADatabaseException MOASession load operation FAILED
+ */
+ public AuthenticationSession getSession(String sessionID) throws MOADatabaseException;
+
+ /**
+ * Get the session-data extension-object for a MOASession
+ *
+ * @param sessionID SessionID which corresponds to a MOASession
+ * @return AuthenticationSessionExtensions, or null if no session exists with this ID or extensionobject is null
+ * @throws MOADatabaseException MOASession load operation FAILED
+ */
+ public AuthenticationSessionExtensions getAuthenticationSessionExtensions(String sessionID) throws MOADatabaseException;
+
+ /**
+ * Store a session-data extension-object to MOASession
+ *
+ * @param sessionID SessionID which corresponds to a MOASession
+ * @param sessionExtensions AuthenticationSessionExtensions object
+ * @throws MOADatabaseException MOASession storage operation FAILED
+ */
+ public void setAuthenticationSessionExtensions(String sessionID, AuthenticationSessionExtensions sessionExtensions) throws MOADatabaseException;
+
+
+ /**
+ * Store a MOASession
+ *
+ * @param session MOASession which should be stored
+ * @throws MOADatabaseException MOASession storage operation FAILED
+ * @throws BuildException MOASession encryption FAILED
+ */
+ public void storeSession(AuthenticationSession session) throws MOADatabaseException, BuildException;
+
+ /**
+ * Delete a MOASession
+ *
+ * @param moaSessionID SessionID which corresponds to a MOASession
+ * @throws MOADatabaseException MOASession delete operation FAILED
+ */
+ public void destroySession(String moaSessionID) throws MOADatabaseException;
+
+
+ /**
+ * Change the sessionID of a MOASession
+ *
+ * @param session MOASession for which the sessionID should be changed
+ * @param newSessionID new MOASessionID which should be used
+ * @return new MOASessionID
+ * @throws MOADatabaseException MOASession storage operation FAILED
+ * @throws BuildException MOASession encryption/decryption FAILED
+ */
+ public String changeSessionID(AuthenticationSession session, String newSessionID) throws BuildException, MOADatabaseException;
+
+ /**
+ * Change the sessionID of a MOASession
+ *
+ * @param session MOASession for which the sessionID should be changed
+ * @return new MOASessionID
+ * @throws MOADatabaseException MOASession storage operation FAILED
+ * @throws BuildException MOASession encryption/decryption FAILED
+ */
+ public String changeSessionID(AuthenticationSession session) throws BuildException, MOADatabaseException;
+
+ /**
+ * Set the isAuthenticated flag to MOASession
+ *
+ * @param moaSessionID SessionID which corresponds to a MOASession
+ * @param isAuthenticated Is authenticated flag (true/false)
+ */
+ public void setAuthenticated(String moaSessionID, boolean isAuthenticated);
+
+ /**
+ * Find the MOASessionId of an active Single Sign-On session
+ *
+ * @param SSOSessionID Single Sign-On sessionID
+ * @return MOASessionID of the associated MOASession
+ */
+ public String getMOASessionSSOID(String SSOSessionID);
+
+ /**
+ * Check if a MOASession is an active Single Sign-On session
+ *
+ * @param sessionID SessionID which corresponds to a MOASession
+ * @return true, if the MOASession is a SSO session, otherwise false
+ * @throws MOADatabaseException MOASession load operation FAILED
+ */
+ public boolean isSSOSession(String sessionID) throws MOADatabaseException;
+
+
+ /**
+ * @param SSOId
+ * @return
+ */
+ public AuthenticatedSessionStore isValidSessionWithSSOID(String SSOId);
+
+ /**
+ * Add Single Sign-On processing information to a MOASession.
+ * This processing information is required to execute a Single Log-Out process
+ *
+ * @param moaSessionID SessionID which corresponds to a MOASession
+ * @param SSOSessionID Single Sign-On sessionID
+ * @param SLOInfo Data object with Single LogOut information
+ * @param protocolRequest Protocol-request object of the authentication request
+ * @throws AuthenticationException Single Sign-On information store operation FAILED
+ */
+ public void addSSOInformation(String moaSessionID, String SSOSessionID,
+ SLOInformationInterface SLOInfo, IRequest protocolRequest) throws AuthenticationException;
+
+
+ /**
+ * Get all Single Sign-On authenticated Service-Provider of a MOASession
+ *
+ * @param moaSession MOASession data object
+ * @return List of Service-Provider information
+ */
+ public List<OASessionStore> getAllActiveOAFromMOASession(AuthenticationSession moaSession);
+
+
+ /**
+ * Get all active interfederation connections for a MOASession
+ *
+ * @param moaSession MOASession data object
+ * @return List of Interfederation-IDP information
+ */
+ public List<InterfederationSessionStore> getAllActiveIDPsFromMOASession(AuthenticationSession moaSession);
+
+ /**
+ * Search a MOASession by using already transfered authentication information
+ *
+ * @param oaID Service-Provider identifier, which has received the authentication information
+ * @param userNameID UserId (bPK), which was send to this Service-Provider
+ * @return MOASession, or null if no corresponding MOASession is found
+ */
+ public AuthenticationSession searchMOASessionWithNameIDandOAID(String oaID, String userNameID);
+
+ /**
+ * Search a active Single Sign-On session for a specific Service-Provider
+ *
+ * @param moaSession MOASession data object
+ * @param oaID Service-Provider identifier, which has received the authentication information
+ * @param protocolType Authentication protocol, which was used for SSO from this Service-Provider
+ * @return Internal Single Sign-On information for this Service-Provider
+ */
+ public OASessionStore searchActiveOASSOSession(AuthenticationSession moaSession, String oaID, String protocolType);
+
+
+ /**
+ * Search a active MOASession with a userID
+ *
+ * @param nameID UserID (bPK)
+ * @return MOASession, or null if no corresponding MOASession is found
+ */
+ public AuthenticationSession getSessionWithUserNameID(String nameID);
+
+ /**
+ * Search an active federation IDP which could be used for federated Single Sign-On
+ *
+ * @param sessionID SessionID which corresponds to a MOASession
+ * @return Information of the federated IDP, or null if no active federated IDP is found
+ */
+ public InterfederationSessionStore searchInterfederatedIDPFORSSOWithMOASession(String sessionID);
+
+ /**
+ * Get information to an active federated IDP of MOASession
+ *
+ * @param sessionID SessionID which corresponds to a MOASession
+ * @param idpID Unique identifier of the federated IDP
+ * @return Information of the federated IDP, or null if no active federated IDP is found
+ */
+ public InterfederationSessionStore searchInterfederatedIDPFORSSOWithMOASessionIDPID(String sessionID, String idpID);
+
+
+ /**
+ * Create a MOASession from interfederation information
+ *
+ * @param req Pending request
+ * @param isAuthenticated true if the session should be marked as authenticated, otherwise false
+ * @param ssoID Single Sign-On session identifer
+ * @return MOASessionID of new created MOASession
+ * @throws MOADatabaseException
+ * @throws AssertionAttributeExtractorExeption
+ * @throws BuildException
+ */
+ @Deprecated
+ public String createInterfederatedSession(IRequest req, boolean isAuthenticated, String ssoID) throws MOADatabaseException, AssertionAttributeExtractorExeption, BuildException;
+
+ /**
+ * Search an active federation IDP which could be used for federated Single Sign-On by using an AttributeQuery
+ *
+ * @param moaSession MOASession data object
+ * @return Information of the federated IDP, or null if no active federated IDP is found
+ */
+ public InterfederationSessionStore searchInterfederatedIDPFORAttributeQueryWithSessionID(AuthenticationSession moaSession);
+
+ /**
+ * Remove an active federation IDP from MOASession
+ *
+ * @param entityID Unique identifier of the federated IDP
+ * @param pedingRequestID
+ * @return true if the federated IDP could be remove, otherwise false
+ */
+ @Deprecated
+ public boolean removeInterfederetedSession(String entityID, String pedingRequestID);
+
+ /**
+ * Clean all MOASessions which has a timeOut
+ *
+ * @param now Current Time
+ * @param authDataTimeOutCreated timeOut after MOASession is created [ms]
+ * @param authDataTimeOutUpdated timeOut after MOASession is updated last time [ms]
+ */
+ public void clean(Date now, long authDataTimeOutCreated, long authDataTimeOutUpdated);
+}
+
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java
new file mode 100644
index 000000000..d05689e68
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java
@@ -0,0 +1,90 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.storage;
+
+import java.util.Date;
+
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+
+/**
+ * @author tlenz
+ *
+ */
+public interface ITransactionStorage {
+
+ /**
+ * Check if transaction storage contains a data object with a specific key
+ *
+ * @param key Key, which identifies a data object
+ * @return true if key is found, otherwise false
+ */
+ public boolean containsKey(String key);
+
+ /**
+ * Store a data object with a key to transaction storage
+ *
+ * @param key Id which identifiers the data object
+ * @param value Data object which should be stored
+ * @throws MOADatabaseException In case of store operation failed
+ */
+ public void put(String key, Object value) throws MOADatabaseException;
+
+ /**
+ * Get a data object from transaction storage
+ *
+ * @param key Id which identifiers the data object
+ * @param clazz The class type which is stored with this key
+ * @return The transaction-data object from type class
+ * @throws MOADatabaseException In case of load operation failed
+ */
+ public <T> T get(String key, final Class<T> clazz) throws MOADatabaseException;
+
+ /**
+ * Get a data object from transaction storage
+ *
+ * @param key Id which identifiers the data object
+ * @param clazz The class type which is stored with this key
+ * @param Data-object timeout in [ms]
+ * @return The transaction-data object from type class
+ * @throws MOADatabaseException In case of load operation failed
+ * @throws AuthenticationException In case of data-object timeout occurs
+ */
+ public <T> T get(String key, final Class<T> clazz, long dataTimeOut) throws MOADatabaseException, AuthenticationException;
+
+ /**
+ * Remove a data object from transaction storage
+ *
+ * @param key Id which identifiers the data object
+ */
+ public void remove(String key);
+
+ /**
+ * Clean-up the transaction storage
+ *
+ * @param now Current time
+ * @param dataTimeOut Data-object timeout in [ms]
+ */
+ public void clean(Date now, long dataTimeOut);
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java
index 2aceb833c..d2499af9d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java
@@ -172,5 +172,14 @@ public class HTTPUtils {
return authURL;
}
+
+ public static String addURLParameter(String url, String paramname,
+ String paramvalue) {
+ String param = paramname + "=" + paramvalue;
+ if (url.indexOf("?") < 0)
+ return url + "?" + param;
+ else
+ return url + "&" + param;
+ }
}
diff --git a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule
new file mode 100644
index 000000000..7e2315fd7
--- /dev/null
+++ b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule
@@ -0,0 +1,2 @@
+# The default moaid process
+at.gv.egovernment.moa.id.auth.modules.BKUSelectionModuleImpl
diff --git a/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/BKUSelection.process.xml b/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/BKUSelection.process.xml
new file mode 100644
index 000000000..b61ee5f2d
--- /dev/null
+++ b/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/BKUSelection.process.xml
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<pd:ProcessDefinition id="BKUSelectionProcess" xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1">
+
+<!--
+ - National authentication with Austrian Citizen Card and mobile signature with our without mandate.
+ - Legacy authentication for foreign citizens using MOCCA supported signature cards.
+-->
+ <pd:Task id="initializeBKUSelection" class="GenerateBKUSelectionFrameTask" async="true"/>
+ <pd:Task id="parseBKUSelection" class="EvaluateBKUSelectionTask" />
+ <pd:Task id="restartAuthProzessManagement" class="RestartAuthnProcessManagment"/>
+
+ <!-- Process is triggered either by GenerateIFrameTemplateServlet (upon bku selection) or by AuthenticationManager (upon legacy authentication start using legacy parameters. -->
+ <pd:StartEvent id="start" />
+
+ <pd:Transition from="start" to="initializeBKUSelection" />
+
+ <pd:Transition from="initializeBKUSelection" to="parseBKUSelection" />
+
+
+ <!--
+ BKU selection process MUST always end with 'restartAuthProzessManagement'!
+ Last synchron steps before 'restartAuthProzessManagement' MUST NOT write to httpServletResponse object!
+ -->
+ <pd:Transition from="parseBKUSelection" to="restartAuthProzessManagement" />
+
+ <pd:Transition from="restartAuthProzessManagement" to="end" />
+
+ <pd:EndEvent id="end" />
+
+</pd:ProcessDefinition>
diff --git a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
new file mode 100644
index 000000000..05ceb65f4
--- /dev/null
+++ b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:tx="http://www.springframework.org/schema/tx"
+ xmlns:aop="http://www.springframework.org/schema/aop"
+ xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+ http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+
+ <bean id="MOAID_AuthenticationManager"
+ class="at.gv.egovernment.moa.id.moduls.AuthenticationManager"/>
+
+ <bean id="AuthenticationDataBuilder"
+ class="at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder"/>
+
+ <bean id="MOAID_SSOManager"
+ class="at.gv.egovernment.moa.id.moduls.SSOManager"/>
+
+ <bean id="TransactionStorage"
+ class="at.gv.egovernment.moa.id.storage.DBTransactionStorage"/>
+
+ <bean id="AuthenticationSessionStoreage"
+ class="at.gv.egovernment.moa.id.storage.DBAuthenticationSessionStoreage"/>
+
+ <bean id="RequestStorage"
+ class="at.gv.egovernment.moa.id.moduls.RequestStorage"/>
+
+ <bean id="ProcessInstanceStoreage"
+ class="at.gv.egovernment.moa.id.process.dao.ProcessInstanceStoreDAOImpl"/>
+
+ <bean id="StatisticLogger"
+ class="at.gv.egovernment.moa.id.advancedlogging.StatisticLogger"/>
+
+ <bean id="MOAReversionLogger"
+ class="at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger"/>
+
+ <bean id="AuthenticationSessionCleaner"
+ class="at.gv.egovernment.moa.id.auth.AuthenticationSessionCleaner"/>
+
+<!-- Authentication Process Tasks -->
+ <bean id="GenerateBKUSelectionFrameTask"
+ class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.GenerateBKUSelectionFrameTask"/>
+
+ <bean id="EvaluateBKUSelectionTask"
+ class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.EvaluateBKUSelectionTask"/>
+
+ <bean id="RestartAuthProzessManagement"
+ class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.RestartAuthProzessManagement"/>
+
+ <bean id="FinalizeAuthenticationTask"
+ class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.FinalizeAuthenticationTask"/>
+
+ <bean id="CreateInterfedeartionRequestTask"
+ class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.CreateInterfedeartionRequestTask"/>
+
+ <bean id="ReceiveInterfederationResponseTask"
+ class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.ReceiveInterfederationResponseTask"/>
+
+</beans> \ No newline at end of file
diff --git a/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml b/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml
deleted file mode 100644
index 5855fc766..000000000
--- a/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml
+++ /dev/null
@@ -1,44 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:context="http://www.springframework.org/schema/context"
- xmlns:tx="http://www.springframework.org/schema/tx"
- xmlns:aop="http://www.springframework.org/schema/aop"
- xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
- http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
- http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
- http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
-
- <context:property-placeholder location="${moa.id.configuration}"/>
-
- <bean id="moaidauthconfig" class="at.gv.egovernment.moa.id.config.auth.PropertyBasedAuthConfigurationProvider">
- <constructor-arg value="#{systemProperties['moa.id.configuration']}"/>
- </bean>
-
- <bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource" lazy-init="true" destroy-method="close">
- <aop:scoped-proxy/>
- <property name="driverClassName" value="${configuration.hibernate.connection.driver_class}" />
- <property name="url" value="${configuration.hibernate.connection.url}"/>
- <property name="username" value="${configuration.hibernate.connection.username}" />
- <property name="password" value="${configuration.hibernate.connection.password}" />
-
- <property name="connectionProperties" value="${configuration.dbcp.connectionProperties}" />
- <property name="initialSize" value="${configuration.dbcp.initialSize}" />
- <property name="maxActive" value="${configuration.dbcp.maxActive}" />
- <property name="maxIdle" value="${configuration.dbcp.maxIdle}" />
- <property name="minIdle" value="${configuration.dbcp.minIdle}" />
- <property name="maxWait" value="${configuration.dbcp.maxWaitMillis}" />
- <property name="testOnBorrow" value="${configuration.dbcp.testOnBorrow}" />
- <property name="testOnReturn" value="${configuration.dbcp.testOnReturn}" />
- <property name="testWhileIdle" value="${configuration.dbcp.testWhileIdle}" />
- <property name="validationQuery" value="${configuration.dbcp.validationQuery}" />
- </bean>
-
- <bean id="jpaVendorAdapter" class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter">
- <property name="showSql" value="${configuration.hibernate.show_sql}" />
- <property name="generateDdl" value="${configuration.jpaVendorAdapter.generateDdl}" />
- <property name="databasePlatform" value="${configuration.hibernate.dialect}" />
- </bean>
-
-
-</beans> \ No newline at end of file
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index cabf1557e..8329db941 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -52,7 +52,8 @@ init.00=MOA ID Authentisierung wurde erfolgreich gestartet
init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround\: SSL ist m\u00F6glicherweise nicht verf\u00FCgbar
init.02=Fehler beim Starten des Service MOA-ID-Auth
init.04=Fehler beim Datenbankzugriff mit der SessionID {0}
-
+
+internal.00=W\u00e4hrend des Anmeldevorgangs wurde ein nicht erlaubter Prozesszustand erreicht wodurch der Anmeldeprozess aus sicherheitsgr\u00FCnden abgebrochen wurde.
config.00=MOA ID Konfiguration erfolgreich geladen: {0}
config.01=Umgebungsvariable "moa.id.configuration" nicht gesetzt
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
index abd5d15f3..a8583d945 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
@@ -32,6 +32,8 @@ init.00=9199
init.01=9199
init.02=9199
init.04=9101
+
+internal.00=9199
config.00=9199
config.01=9199