aboutsummaryrefslogtreecommitdiff
path: root/id
diff options
context:
space:
mode:
Diffstat (limited to 'id')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java182
1 files changed, 182 insertions, 0 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
new file mode 100644
index 000000000..d55482e95
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
@@ -0,0 +1,182 @@
+package at.gv.egovernment.moa.id.moduls;
+
+import java.util.List;
+import java.util.Set;
+
+import iaik.util.logging.Log;
+
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.hibernate.Query;
+import org.hibernate.Session;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.commons.db.HibernateUtil;
+import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.HTTPSessionUtils;
+import at.gv.egovernment.moa.id.util.Random;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+public class SSOManager {
+
+ private static final String SSOCOOKIE = "MOA_ID_SSO";
+
+ private static final int DEFAULTSSOTIMEOUT = 15*60; //sec
+
+ private static SSOManager instance = null;
+ private static int sso_timeout;
+
+
+ public static SSOManager getInstance() {
+ if (instance == null) {
+ instance = new SSOManager();
+
+ //TODO: move to config based timeout!
+ sso_timeout = DEFAULTSSOTIMEOUT;
+ }
+
+ return instance;
+ }
+
+ public boolean isValidSSOSession(String ssoSessionID, HttpServletRequest httpReq) {
+
+ //search SSO Session
+ if (ssoSessionID == null) {
+ Logger.info("No SSO Session cookie found.");
+ return false;
+ }
+
+ String moaSessionId =HTTPSessionUtils.getHTTPSessionString(httpReq.getSession(),
+ AuthenticationManager.MOA_SESSION, null);
+ return AuthenticationSessionStoreage.isValidSessionWithSSOID(ssoSessionID, moaSessionId);
+
+ }
+
+ public String existsOldSSOSession(String ssoId) {
+
+ Logger.trace("Check that the SSOID has already been used");
+ Session session = HibernateUtil.getCurrentSession();
+
+ List<OldSSOSessionIDStore> result;
+
+ synchronized (session) {
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getSSOSessionWithOldSessionID");
+ query.setString("sessionid", ssoId);
+ result = query.list();
+
+ //send transaction
+
+ }
+
+ Logger.trace("Found entries: " + result.size());
+
+ //Assertion requires an unique artifact
+ if (result.size() == 0) {
+ session.getTransaction().commit();
+ return null;
+ }
+
+ OldSSOSessionIDStore oldSSOSession = result.get(0);
+
+ AuthenticatedSessionStore correspondingMoaSession = oldSSOSession.getMoasession();
+
+ if (correspondingMoaSession == null) {
+ Logger.info("Get request with old SSO SessionID but no corresponding SSO Session is found.");
+ //TODO: ist der OldSSOSessionStore zum Aufräumen?
+ return null;
+ }
+
+
+ String moasessionid = correspondingMoaSession.getSessionid();
+
+ session.getTransaction().commit();
+
+ return moasessionid;
+
+ }
+
+ public String storeSSOSessionInformations(String moaSessionID, String OAUrl) {
+
+ //TODO: use secure random number generation!!!!!
+ String newSSOId = Random.nextRandom();
+
+
+ System.out.println("generate new SSO Tokken (" + newSSOId + ")");
+
+ if (MiscUtil.isEmpty(moaSessionID) || MiscUtil.isEmpty(OAUrl)) {
+ Logger.warn("MoaSessionID or OAUrl are empty -> SSO is not enabled!");
+ return null;
+ }
+
+ try {
+ AuthenticationSessionStoreage.addSSOInformation(moaSessionID, newSSOId, OAUrl);
+
+ return newSSOId;
+
+ } catch (AuthenticationException e) {
+ Logger.warn("SSO Session information can not be stored -> SSO is not enabled!");
+ return null;
+ }
+ }
+
+
+ public void setSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp, String ssoId) {
+ Cookie[] cookies = httpReq.getCookies();
+
+ if (cookies != null) {
+ for (Cookie cookie : cookies) {
+ if (cookie.getName().equals(SSOCOOKIE)) {
+ cookie.setValue(ssoId);
+ cookie.setMaxAge(sso_timeout);
+ cookie.setSecure(true);
+ httpResp.addCookie(cookie);
+ return;
+ }
+ }
+
+ }
+ Cookie cookie = new Cookie(SSOCOOKIE, ssoId);
+ cookie.setMaxAge(sso_timeout);
+ cookie.setSecure(true);
+ httpResp.addCookie(cookie);
+ return;
+
+ }
+
+
+
+ public String getSSOSessionID(HttpServletRequest httpReq) {
+ Cookie[] cookies = httpReq.getCookies();
+
+ if (cookies != null) {
+ for (Cookie cookie : cookies) {
+
+ //TODO: funktioniert nicht, da Cookie seltsamerweise immer unsecure übertragen wird (firefox)
+ //if (cookie.getName().equals(SSOCOOKIE) && cookie.getSecure()) {
+
+ if (cookie.getName().equals(SSOCOOKIE)) {
+ return cookie.getValue();
+ }
+ }
+ }
+ return null;
+ }
+
+ public void deleteSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp) {
+ Cookie[] cookies = httpReq.getCookies();
+
+ if (cookies != null) {
+ for (Cookie cookie : cookies) {
+ if (!cookie.getName().equals(SSOCOOKIE))
+ httpResp.addCookie(cookie);
+ }
+ }
+ }
+}
+