aboutsummaryrefslogtreecommitdiff
path: root/id
diff options
context:
space:
mode:
Diffstat (limited to 'id')
-rw-r--r--id/server/auth/src/main/webapp/WEB-INF/web.xml18
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java)111
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java57
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java70
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java170
-rw-r--r--id/server/moa-id-commons/.classpath5
-rw-r--r--id/server/moa-id-commons/pom.xml39
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java77
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java54
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OldSSOSessionIDStore.java40
17 files changed, 455 insertions, 219 deletions
diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml
index 68fb1c6c6..dbef0c675 100644
--- a/id/server/auth/src/main/webapp/WEB-INF/web.xml
+++ b/id/server/auth/src/main/webapp/WEB-INF/web.xml
@@ -16,11 +16,11 @@
<servlet-class>at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet</servlet-class>
</servlet>
<servlet>
- <servlet-name>StartAuthentication</servlet-name>
- <display-name>StartAuthentication</display-name>
- <description>Start authentication process</description>
- <servlet-class>at.gv.egovernment.moa.id.auth.servlet.StartAuthenticationServlet</servlet-class>
- <load-on-startup>0</load-on-startup>
+ <servlet-name>LogOut</servlet-name>
+ <display-name>LogOut</display-name>
+ <description>SSO LogOut</description>
+ <servlet-class>at.gv.egovernment.moa.id.auth.servlet.LogOutServlet</servlet-class>
+ <load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>VerifyIdentityLink</servlet-name>
@@ -139,10 +139,10 @@
<servlet-name>GenerateIframeTemplate</servlet-name>
<url-pattern>/GenerateIframeTemplate</url-pattern>
</servlet-mapping>GenerateIframeTemplate
-<!-- <servlet-mapping>
- <servlet-name>StartAuthentication</servlet-name>
- <url-pattern>/StartBKUAuthentication</url-pattern>
- </servlet-mapping> -->
+ <servlet-mapping>
+ <servlet-name>LogOut</servlet-name>
+ <url-pattern>/LogOut</url-pattern>
+ </servlet-mapping>
<servlet-mapping>
<servlet-name>VerifyIdentityLink</servlet-name>
<url-pattern>/VerifyIdentityLink</url-pattern>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 19af66150..f7c0ff812 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -1850,7 +1850,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
// TODO See Bug #144
// Compare AuthBlock Data with information stored in session, especially
// date and time
-
+ CreateXMLSignatureResponseValidator.getInstance().validateSigningDateTime(csresp);
+
// compares the public keys from the identityLink with the AuthBlock
VerifyXMLSignatureResponseValidator.getInstance().validateCertificate(
vsresp, session.getIdentityLink());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java
index c41de1904..ed54683ca 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java
@@ -25,6 +25,7 @@
package at.gv.egovernment.moa.id.auth.data;
import java.io.Serializable;
+import java.util.Date;
import iaik.x509.X509Certificate;
@@ -64,6 +65,8 @@ public class VerifyXMLSignatureResponse implements Serializable{
*/
private int signatureManifestCheckCode = -1;
+ private Date signingDateTime;
+
/**
* Returns the certificateCheckCode.
* @return int
@@ -226,4 +229,13 @@ public class VerifyXMLSignatureResponse implements Serializable{
this.signatureManifestCheckCode = signatureManifestCheckCode;
}
+ public Date getSigningDateTime() {
+ return signingDateTime;
+ }
+
+ public void setSigningDateTime(Date signingDateTime) {
+ this.signingDateTime = signingDateTime;
+ }
+
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
index 16ff65477..571d4e738 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
@@ -50,8 +50,10 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.config.stork.CPEPS;
import at.gv.egovernment.moa.id.config.stork.STORKConfig;
+import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.moduls.RequestStorage;
+import at.gv.egovernment.moa.id.moduls.SSOManager;
import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.HTTPUtils;
@@ -66,103 +68,48 @@ import eu.stork.vidp.messages.exception.SAMLValidationException;
import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
import eu.stork.vidp.messages.stork.RequestedAttributes;
-/**
- * Servlet requested for starting a MOA ID authentication session.
- * Utilizes the {@link AuthenticationServer}.
- *
- * @author Paul Ivancsics
- * @version $Id$
- * @see AuthenticationServer#startAuthentication
- */
-public class StartAuthenticationServlet extends AuthServlet {
+public class LogOutServlet extends AuthServlet {
- /**
- *
- */
private static final long serialVersionUID = 3908001651893673395L;
-
-/**
- * Responds with an HTML form which upon submit requests the identity link
- * from the security layer implementation.
- * <br>
- * Response:
- * <ul>
- * <li>Content type: <code>"text/html"</code></li>
- * <li>Content: see return value of {@link AuthenticationServer#startAuthentication}</li>
- * <li>Error status: <code>500</code>
- * </ul>
- * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
- */
+ private static final String REDIRECT_URL = "redirect";
+
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
- Logger.debug("GET StartAuthentication");
-
- String sessionID = req.getParameter(PARAM_SESSIONID);
- sessionID = (String) req.getAttribute(PARAM_SESSIONID);
-
+ Logger.debug("receive LogOut Request");
+ String redirectUrl = (String) req.getParameter(REDIRECT_URL);
- try {
-
- if (StringUtils.isEmpty(sessionID))
- throw new MOAIDException("auth.18", null);
-
- sessionID = StringEscapeUtils.escapeHtml(sessionID);
-
- if (!ParamValidatorUtils.isValidSessionID(sessionID))
- throw new WrongParametersException("StartAuthentication", PARAM_SESSIONID, "auth.12");
-
- setNoCachingHeadersInHttpRespone(req, resp);
-
-
- //TODO: Load MOASession
- AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(sessionID);
+ SSOManager ssomanager = SSOManager.getInstance();
+
+ //get SSO token from request
+ String ssoid = ssomanager.getSSOSessionID(req);
- STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig();
-
- Logger.info("Starting authentication for a citizen of country: " + (StringUtils.isEmpty(moasession.getCcc()) ? "AT" : moasession.getCcc()));
- // STORK or normal authentication
- if (storkConfig.isSTORKAuthentication(moasession.getCcc())) {
- //STORK authentication
- Logger.trace("Found C-PEPS configuration for citizen of country: " + moasession.getCcc());
- Logger.debug("Starting STORK authentication");
-
- //TODO: insert sessionID to STORK!!
- AuthenticationServer.startSTORKAuthentication(req, resp, moasession);
-
- } else {
- //normal MOA-ID authentication
- Logger.debug("Starting normal MOA-ID authentication");
-
- String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(moasession, req.getScheme());
-
- resp.setContentType("text/html;charset=UTF-8");
- PrintWriter out = new PrintWriter(resp.getOutputStream());
- out.print(getIdentityLinkForm);
- out.flush();
- }
- Logger.debug("Finished GET StartAuthentication");
+ if (ssomanager.isValidSSOSession(ssoid, req)) {
+
+ //TODO: Single LogOut Implementation
+ //delete SSO session and MOA session
+ AuthenticationManager authmanager = AuthenticationManager.getInstance();
+ authmanager.logout(req, resp);
+ Logger.info("User with SSO Id " + ssoid + " is logged out and get redirect to "+ redirectUrl);
+ } else {
+ Logger.info("No active SSO session found. User is maybe logout already and get redirect to "+ redirectUrl);
}
- catch (WrongParametersException ex) {
- handleWrongParameters(ex, req, resp);
- }
-
- catch (MOAIDException ex) {
- handleError(null, ex, req, resp);
-
- } catch (MOADatabaseException e) {
- handleError(null, e, req, resp);
- }
+ //Remove SSO token
+ ssomanager.deleteSSOSessionID(req, resp);
+
+ //invalidate Session
+ req.getSession().invalidate();
+
+ //Redirect to Application
+ resp.setStatus(301);
+ resp.addHeader("Location", redirectUrl);
}
- /**
- * @see javax.servlet.http.HttpServlet#doPost(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
- */
protected void doPost(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
index e77dd30d0..115c52688 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
@@ -55,6 +55,7 @@ public class CreateXMLSignatureResponseValidator {
/** Xpath expression to the dsig:Signature element */
private static final String SIGNATURE_XPATH = Constants.DSIG_PREFIX + ":Signature";
+ private static final String XADES_SIGNINGTIME_PATH = Constants.XADES_1_1_1_NS_PREFIX + ":SigningTime";
/** Singleton instance. <code>null</code>, if none has been created. */
private static CreateXMLSignatureResponseValidator instance;
@@ -331,4 +332,11 @@ public class CreateXMLSignatureResponseValidator {
throw new ValidateException("validator.05", new Object[] {"im AUTHBlock"}) ;
}
}
+
+ public void validateSigningDateTime( CreateXMLSignatureResponse csresp) throws ValidateException {
+
+ //TODO: insert Time validation!!!!
+
+ }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
index 90282a28c..892607c16 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
@@ -35,6 +35,7 @@ import java.security.interfaces.RSAPublicKey;
import java.util.List;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
@@ -154,7 +155,7 @@ public class VerifyXMLSignatureResponseValidator {
}
}
-
+
/**
* Method validateCertificate.
* @param verifyXMLSignatureResponse The VerifyXMLSignatureResponse
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index 244197379..4c5b82db8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -1,5 +1,7 @@
package at.gv.egovernment.moa.id.entrypoints;
+import iaik.util.logging.Log;
+
import java.io.IOException;
import java.util.Iterator;
@@ -12,6 +14,7 @@ import javax.servlet.http.HttpSession;
import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
import at.gv.egovernment.moa.id.moduls.IAction;
@@ -20,11 +23,14 @@ import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.moduls.ModulStorage;
import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException;
import at.gv.egovernment.moa.id.moduls.RequestStorage;
+import at.gv.egovernment.moa.id.moduls.SSOManager;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.storage.ExceptionStoreImpl;
+import at.gv.egovernment.moa.id.util.HTTPSessionUtils;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.logging.Logger;
-public class DispatcherServlet extends AuthServlet {
+public class DispatcherServlet extends AuthServlet{
/**
*
@@ -189,7 +195,31 @@ public class DispatcherServlet extends AuthServlet {
AuthenticationManager authmanager = AuthenticationManager.getInstance();
+ SSOManager ssomanager = SSOManager.getInstance();
+
+ //get SSO Cookie for Request
+ String ssoId = ssomanager.getSSOSessionID(req);
+
if (moduleAction.needAuthentication(protocolRequest, req, resp)) {
+
+ //check SSO session
+ if (ssoId != null) {
+ String correspondingMOASession = ssomanager.existsOldSSOSession(ssoId);
+
+ if (correspondingMOASession != null) {
+ Log.warn("Request sends an old SSO Session ID("+ssoId+")! " +
+ "Invalidate the corresponding MOASession with ID="+ correspondingMOASession);
+
+ AuthenticationSessionStoreage.destroySession(correspondingMOASession);
+ ssomanager.deleteSSOSessionID(req, resp);
+ }
+ }
+
+ boolean isValidSSOSession = ssomanager.isValidSSOSession(ssoId, req);
+
+ //TODO: load useSSO from config!
+ boolean useSSOOA = true;
+
if (protocolRequest.isPassiv()
&& protocolRequest.forceAuth()) {
// conflict!
@@ -206,8 +236,7 @@ public class DispatcherServlet extends AuthServlet {
} else if (protocolRequest.isPassiv()) {
if (authmanager.tryPerformAuthentication(req,
resp)
- || authmanager.isAuthenticated(req,
- resp)) {
+ || (isValidSSOSession && useSSOOA) ) {
// Passive authentication ok!
} else {
throw new NoPassivAuthenticationException();
@@ -215,8 +244,7 @@ public class DispatcherServlet extends AuthServlet {
} else {
if (authmanager.tryPerformAuthentication(req,
resp)
- || authmanager.isAuthenticated(req,
- resp)) {
+ || (isValidSSOSession && useSSOOA) ) {
// Is authenticated .. proceed
} else {
// Start authentication!
@@ -226,11 +254,26 @@ public class DispatcherServlet extends AuthServlet {
}
}
}
-
+
moduleAction.processRequest(protocolRequest, req, resp);
+ //save SSO session usage in Database
+ String moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(),
+ AuthenticationManager.MOA_SESSION, null);
+
+ String newSSOSessionId = ssomanager.storeSSOSessionInformations(moasessionID, protocolRequest.getOAURL());
+
+ if (newSSOSessionId != null) {
+ ssomanager.setSSOSessionID(req, resp, newSSOSessionId);
+
+ } else {
+ ssomanager.deleteSSOSessionID(req, resp);
+ }
+
RequestStorage.removePendingRequest(httpSession);
- authmanager.logout(req, resp);
+
+
+ //authmanager.logout(req, resp);
} catch (Throwable e) {
e.printStackTrace();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 58fec9790..d04c0b3d5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -66,45 +66,45 @@ public class AuthenticationManager extends AuthServlet {
return null;
}
- /**
- * Checks if the session is authenticated
- *
- * @param request
- * @param response
- * @return
- */
- public boolean isAuthenticated(HttpServletRequest request,
- HttpServletResponse response) {
- Logger.info("Checking authentication");
-
- HttpSession session = request.getSession();
-
- String moaSessionID = HTTPSessionUtils.getHTTPSessionString(session, MOA_SESSION, null);
-
- if(moaSessionID == null) {
- Logger.info("NO MOA Session to logout");
- return false;
- }
-
-// AuthenticationSession authSession;
-// try {
-// authSession = AuthenticationSessionStoreage
-// .getSession(moaSessionID);
-//
-// } catch (MOADatabaseException e) {
-// Logger.info("NO MOA Authentication data for ID " + moaSessionID);
-// return false;
-// }
+// /**
+// * Checks if the session is authenticated
+// *
+// * @param request
+// * @param response
+// * @return
+// */
+// public boolean isAuthenticated(HttpServletRequest request,
+// HttpServletResponse response) {
+// Logger.info("Checking authentication");
+//
+// HttpSession session = request.getSession();
+//
+// String moaSessionID = HTTPSessionUtils.getHTTPSessionString(session, MOA_SESSION, null);
//
-// if(authSession == null) {
-// Logger.info("NO MOA Authentication data for ID " + moaSessionID);
+// if(moaSessionID == null) {
+// Logger.info("NO MOA Session to logout");
// return false;
// }
//
-// return authSession.isAuthenticated();
-
- return AuthenticationSessionStoreage.isAuthenticated(moaSessionID);
- }
+//// AuthenticationSession authSession;
+//// try {
+//// authSession = AuthenticationSessionStoreage
+//// .getSession(moaSessionID);
+////
+//// } catch (MOADatabaseException e) {
+//// Logger.info("NO MOA Authentication data for ID " + moaSessionID);
+//// return false;
+//// }
+////
+//// if(authSession == null) {
+//// Logger.info("NO MOA Authentication data for ID " + moaSessionID);
+//// return false;
+//// }
+////
+//// return authSession.isAuthenticated();
+//
+// return AuthenticationSessionStoreage.isAuthenticated(moaSessionID);
+// }
/**
* Checks if this request can authenticate a MOA Session
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index 9dcef5778..3bbb3bd2a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -174,6 +174,8 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
SPSSODescriptor spSSODescriptor = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
AssertionConsumerService consumerService = spSSODescriptor.getAssertionConsumerServices().get(assertionidx);
AttributeConsumingService attributeConsumer = spSSODescriptor.getAttributeConsumingServices().get(attributeIdx);
+
+ //TODO: maybe change to getEntityID()
String oaURL = consumerService.getLocation();
String binding = consumerService.getBinding();
String entityID = moaRequest.getEntityMetadata().getEntityID();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
index 3634c9983..2c4b7c4c5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
@@ -32,9 +32,6 @@ public class GetArtifactAction implements IAction {
AuthenticationManager authmanager = AuthenticationManager.getInstance();
AuthenticationSession session = authmanager.getAuthenticationSession(httpSession);
-
-// String oaURL = (String) httpReq.getAttribute(PARAM_OA);
-// oaURL = StringEscapeUtils.escapeHtml(oaURL);
String oaURL = (String) req.getOAURL();
String target = (String) req.getTarget();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
index 09314ba37..d6cf84d86 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -95,6 +95,8 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants {
config.setTarget(oaParam.getTarget());
+ //TODO: set reauthenticate if OA.useSSO=false
+
request.getSession().setAttribute(PARAM_OA, oaURL);
request.getSession().setAttribute(PARAM_TARGET, oaParam.getTarget());
return config;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
index 44f0563b1..8ea6a6633 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
@@ -13,6 +13,7 @@ import org.apache.commons.lang.SerializationUtils;
import org.hibernate.HibernateException;
import org.hibernate.Query;
import org.hibernate.Session;
+import org.hibernate.Transaction;
import at.gv.egovernment.moa.id.AuthenticationException;
import at.gv.egovernment.moa.id.MOAIDException;
@@ -20,6 +21,8 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.commons.db.HibernateUtil;
import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.logging.Logger;
@@ -93,16 +96,48 @@ public class AuthenticationSessionStoreage {
public static void destroySession(String moaSessionID) throws MOADatabaseException {
- try {
- AuthenticatedSessionStore dbsession = searchInDatabase(moaSessionID);
- HibernateUtil.delete(dbsession);
+ Session session = HibernateUtil.getCurrentSession();
+
+ List result;
+
+ synchronized (session) {
+
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getSessionWithID");
+ query.setString("sessionid", moaSessionID);
+ result = query.list();
+
+
+ Logger.trace("Found entries: " + result.size());
+
+ //Assertion requires an unique artifact
+ if (result.size() != 1) {
+ Logger.trace("No entries found.");
+ throw new MOADatabaseException("No session found with this sessionID");
+ }
+
+ AuthenticatedSessionStore dbsession = (AuthenticatedSessionStore) result.get(0);
- } catch (MOADatabaseException e) {
- Logger.warn("MOASession could not be destroyed.");
- throw new MOADatabaseException(e);
- }
+// //delete old SSO Session Ids
+// List<OldSSOSessionIDStore> oldssosessionids = dbsession.getOldssosessionids();
+//
+// for (OldSSOSessionIDStore oldsssid : oldssosessionids) {
+// session.delete(oldsssid);
+// }
+//
+// //delete active OA
+// List<OASessionStore> activeOAs = dbsession.getActiveOAsessions();
+//
+// for (OASessionStore activeOA : activeOAs) {
+// session.delete(activeOA);
+//
+// }
+
+ //delete MOA Session
+ session.delete(dbsession);
+ session.getTransaction().commit();
+ }
-
}
// public static void dumpSessionStore() {
@@ -141,10 +176,7 @@ public class AuthenticationSessionStoreage {
throw new AuthenticationException("TODO!", null);
}
-
-
-
-
+
// synchronized (sessionStore) {
// if (sessionStore.containsKey(session.getSessionID())) {
// AuthenticationSession theSession = sessionStore.get(session
@@ -163,6 +195,77 @@ public class AuthenticationSessionStoreage {
// throw new AuthenticationException("TODO!", null);
}
+ public static void addSSOInformation(String moaSessionID, String SSOSessionID,
+ String OAUrl) throws AuthenticationException {
+
+ AuthenticatedSessionStore dbsession;
+ Transaction tx = null;
+
+ try {
+
+ Session session = HibernateUtil.getCurrentSession();
+ List result;
+
+ synchronized (session) {
+
+ tx = session.beginTransaction();
+ Query query = session.getNamedQuery("getSessionWithID");
+ query.setString("sessionid", moaSessionID);
+ result = query.list();
+
+
+ Logger.trace("Found entries: " + result.size());
+
+ //Assertion requires an unique artifact
+ if (result.size() != 1) {
+ Logger.trace("No entries found.");
+ throw new MOADatabaseException("No session found with this sessionID");
+ }
+
+ dbsession = (AuthenticatedSessionStore) result.get(0);
+
+ //set active OA applications
+ OASessionStore activeOA = new OASessionStore();
+ activeOA.setOaurlprefix(OAUrl);
+ activeOA.setMoasession(dbsession);
+ activeOA.setCreated(new Date());
+
+ List<OASessionStore> activeOAs = dbsession.getActiveOAsessions();
+ activeOAs.add(activeOA);
+ dbsession.setActiveOAsessions(activeOAs);
+
+
+ //Store used SSOId
+ if (dbsession.getSSOsessionid() != null) {
+ OldSSOSessionIDStore oldSSOId = new OldSSOSessionIDStore();
+ oldSSOId.setOldsessionid(dbsession.getSSOsessionid());
+ oldSSOId.setMoasession(dbsession);
+
+ List<OldSSOSessionIDStore> oldSSOIds = dbsession.getOldssosessionids();
+ oldSSOIds.add(oldSSOId);
+ }
+
+ dbsession.setSSOSession(true);
+ dbsession.setSSOsessionid(SSOSessionID);
+
+ //Store MOASession
+ session.saveOrUpdate(dbsession);
+
+ //send transaction
+ tx.commit();
+ }
+
+ } catch (MOADatabaseException e) {
+ throw new AuthenticationException("No MOASession found with Id="+moaSessionID, null);
+
+ } catch(HibernateException e) {
+ Logger.warn("Error during database saveOrUpdate. Rollback.", e);
+ tx.rollback();
+ throw new AuthenticationException("SSO Session information can not be stored! --> SSO is deactivated", null);
+ }
+ }
+
+
public static AuthenticationSession getSession(String sessionID) throws MOADatabaseException {
try {
@@ -181,6 +284,49 @@ public class AuthenticationSessionStoreage {
}
}
+ public static boolean isValidSessionWithSSOID(String SSOId, String moaSessionId) {
+
+ MiscUtil.assertNotNull(SSOId, "moasessionID");
+ Logger.trace("Get authenticated session with SSOID " + SSOId + " from database.");
+ Session session = HibernateUtil.getCurrentSession();
+
+ List<AuthenticatedSessionStore> result;
+
+ synchronized (session) {
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getSessionWithSSOID");
+ query.setString("sessionid", SSOId);
+ result = query.list();
+
+ //send transaction
+ session.getTransaction().commit();
+ }
+
+ Logger.trace("Found entries: " + result.size());
+
+ //Assertion requires an unique artifact
+ if (result.size() != 1) {
+ Logger.trace("No entries found.");
+ return false;
+
+ } else {
+ AuthenticatedSessionStore dbsession = result.get(0);
+
+
+ if (dbsession.getSessionid().equals(moaSessionId) && dbsession.isAuthenticated()) {
+ Log.info("Found SSO Session Cookie for MOA Session =" + moaSessionId);
+ return true;
+
+ } else {
+ Log.warn("Found SSO Session with ID="+ dbsession.getSessionid()
+ + " but this Session does not match to MOA Sesson ID=" + moaSessionId);
+ }
+
+ return false;
+ }
+
+ }
+
public static void clean(long now, long authDataTimeOut) {
Date expioredate = new Date(now - authDataTimeOut);
diff --git a/id/server/moa-id-commons/.classpath b/id/server/moa-id-commons/.classpath
index 8b5a9fa96..f903134e9 100644
--- a/id/server/moa-id-commons/.classpath
+++ b/id/server/moa-id-commons/.classpath
@@ -28,5 +28,10 @@
<attribute name="org.eclipse.jst.component.nondependency" value=""/>
</attributes>
</classpathentry>
+ <classpathentry excluding="**" kind="src" output="target/test-classes" path="src/test/resources">
+ <attributes>
+ <attribute name="maven.pomderived" value="true"/>
+ </attributes>
+ </classpathentry>
<classpathentry kind="output" path="target/classes"/>
</classpath>
diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml
index 0abd80602..e2189372b 100644
--- a/id/server/moa-id-commons/pom.xml
+++ b/id/server/moa-id-commons/pom.xml
@@ -32,6 +32,17 @@
</dependency>
<dependency>
+ <groupId>org.hibernate.javax.persistence</groupId>
+ <artifactId>hibernate-jpa-2.0-api</artifactId>
+ <version>1.0.0.Final</version>
+ </dependency>
+ <dependency>
+ <groupId>org.jvnet.hyperjaxb3</groupId>
+ <artifactId>hyperjaxb3-ejb-runtime</artifactId>
+ <version>0.5.6</version>
+ </dependency>
+
+ <dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>5.1.25</version>
@@ -65,6 +76,34 @@
</execution>
</executions>
</plugin>
+
+ <plugin>
+ <groupId>org.jvnet.hyperjaxb3</groupId>
+ <artifactId>maven-hyperjaxb3-plugin</artifactId>
+ <version>0.5.6</version>
+ <executions>
+ <execution>
+ <phase>generate-sources</phase>
+ <goals>
+ <goal>generate</goal>
+ </goals>
+ </execution>
+ </executions>
+ <configuration>
+ <extension>true</extension>
+ <roundtripTestClassName>RoundtripTest</roundtripTestClassName>
+ </configuration>
+ </plugin>
+ <plugin>
+ <inherited>true</inherited>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <version>2.0.2</version>
+ <configuration>
+ <source>1.5</source>
+ <target>1.5</target>
+ </configuration>
+ </plugin>
+
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java
index 01c18062c..4ed42175e 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java
@@ -1,14 +1,18 @@
package at.gv.egovernment.moa.id.commons.db.dao.session;
import java.io.Serializable;
+import java.util.ArrayList;
import java.util.Date;
+import java.util.List;
import java.util.Set;
+import javax.persistence.CascadeType;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
+import javax.persistence.JoinColumn;
import javax.persistence.Lob;
import javax.persistence.OneToMany;
import javax.persistence.PrePersist;
@@ -18,6 +22,7 @@ import javax.persistence.Temporal;
import javax.persistence.TemporalType;
import org.hibernate.annotations.DynamicUpdate;
+import org.hibernate.annotations.IndexColumn;
import org.hibernate.annotations.NamedQueries;
import org.hibernate.annotations.NamedQuery;
@@ -26,6 +31,7 @@ import org.hibernate.annotations.NamedQuery;
@Table(name = "authenticatedsessionstore")
@NamedQueries({
@NamedQuery(name="getSessionWithID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore where authenticatedsessionstore.sessionid = :sessionid"),
+ @NamedQuery(name="getSessionWithSSOID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore where authenticatedsessionstore.SSOsessionid = :sessionid"),
@NamedQuery(name="getMOAISessionsWithTimeOut", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore where authenticatedsessionstore.created < :timeout")
})
@@ -34,13 +40,16 @@ public class AuthenticatedSessionStore implements Serializable{
private static final long serialVersionUID = 1L;
@Id
- @GeneratedValue(strategy=GenerationType.AUTO)
+ @GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id", unique=true, nullable=false)
- private int id = 0;
+ private long id;
@Column(name = "sessionid", unique=true, nullable=false)
private String sessionid;
+ @Column(name = "SSOsessionid")
+ private String SSOsessionid;
+
@Column(name = "session", nullable=false)
@Lob private byte [] session;
@@ -49,12 +58,6 @@ public class AuthenticatedSessionStore implements Serializable{
@Column(name = "isSSOSession", nullable=false)
private boolean isSSOSession = false;
-
- @OneToMany(mappedBy="ssoidentifier")
- private Set<OASessionStore> activeOAsessions;
-
- @OneToMany(mappedBy="ssoidentifier")
- private Set<OldSSOSessionIDStore> oldssosessionids;
@Column(name = "created", updatable=false, nullable=false)
@Temporal(TemporalType.TIMESTAMP)
@@ -63,7 +66,13 @@ public class AuthenticatedSessionStore implements Serializable{
@Column(name = "updated")
@Temporal(TemporalType.TIMESTAMP)
private Date updated;
-
+
+ @OneToMany(mappedBy="moasession", cascade=CascadeType.ALL)
+ private List<OASessionStore> activeOAsessions = null;
+
+ @OneToMany(mappedBy="moasession", cascade=CascadeType.ALL)
+ private List<OldSSOSessionIDStore> oldssosessionids = null;
+
@PrePersist
protected void created() {
this.updated = this.created = new Date();
@@ -74,12 +83,11 @@ public class AuthenticatedSessionStore implements Serializable{
this.updated = new Date();
}
-
- public int getId() {
+ public long getId() {
return id;
}
- public void setId(int id) {
+ public void setId(long id) {
this.id = id;
}
@@ -91,6 +99,14 @@ public class AuthenticatedSessionStore implements Serializable{
this.sessionid = sessionid;
}
+ public String getSSOsessionid() {
+ return SSOsessionid;
+ }
+
+ public void setSSOsessionid(String sSOsessionid) {
+ SSOsessionid = sSOsessionid;
+ }
+
public byte[] getSession() {
return session;
}
@@ -107,30 +123,51 @@ public class AuthenticatedSessionStore implements Serializable{
this.isAuthenticated = isAuthenticated;
}
- public Date getCreated() {
- return created;
+ public boolean isSSOSession() {
+ return isSSOSession;
}
- public Date getUpdated() {
- return updated;
+ public void setSSOSession(boolean isSSOSession) {
+ this.isSSOSession = isSSOSession;
+ }
+
+ public Date getCreated() {
+ return created;
}
public void setCreated(Date created) {
this.created = created;
}
+ public Date getUpdated() {
+ return updated;
+ }
+
public void setUpdated(Date updated) {
this.updated = updated;
}
- public boolean isSSOSession() {
- return isSSOSession;
+ public List<OASessionStore> getActiveOAsessions() {
+ return activeOAsessions;
}
- public void setSSOSession(boolean isSSOSession) {
- this.isSSOSession = isSSOSession;
+ public void setActiveOAsessions(List<OASessionStore> activeOAsessions) {
+ if (activeOAsessions == null) {
+ this.activeOAsessions = new ArrayList<OASessionStore>();
+ }
+
+ this.activeOAsessions = activeOAsessions;
}
+ public List<OldSSOSessionIDStore> getOldssosessionids() {
+ return oldssosessionids;
+ }
+ public void setOldssosessionids(List<OldSSOSessionIDStore> oldssosessionids) {
+ this.oldssosessionids = oldssosessionids;
+ }
+
+
+
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java
index 597c275b7..c7672f9ba 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java
@@ -5,6 +5,7 @@ import java.util.Date;
import javax.persistence.Column;
import javax.persistence.Entity;
+import javax.persistence.FetchType;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
@@ -23,49 +24,38 @@ import org.hibernate.annotations.NamedQuery;
@DynamicUpdate(value=true)
@Table(name = "oasessionstore")
-@NamedQueries({
- @NamedQuery(name="getOAsWithSSOID", query = "select oasessionstore from OASessionStore oasessionstore where oasessionstore.ssoidentifier = :ssoidentifier")
-})
-
public class OASessionStore implements Serializable{
private static final long serialVersionUID = 1L;
@Id
- @GeneratedValue(strategy=GenerationType.AUTO)
+ @GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "idOASession", unique=true, nullable=false)
- private int idOASession = 0;
-
- @ManyToOne
- @JoinColumn(name = "id")
- private AuthenticatedSessionStore ssoidentifier;
-
+ private long idOASession;
+
@Column(name = "oaurlprefix", unique=false, nullable=false)
private String oaurlprefix;
@Column(name = "created", updatable=false, nullable=false)
- @Temporal(TemporalType.TIMESTAMP)
+// @Temporal(TemporalType.TIMESTAMP)
private Date created;
- @PrePersist
- protected void created() {
- this.created = new Date();
- }
+// @PrePersist
+// protected void created() {
+// this.created = new Date();
+// }
- public int getId() {
- return idOASession;
- }
-
- public void setId(int id) {
- this.idOASession = id;
- }
+ //@ManyToOne(fetch=FetchType.LAZY)
+ @ManyToOne(fetch=FetchType.LAZY)
+ @JoinColumn(name = "moasession")
+ private AuthenticatedSessionStore moasession;
- public AuthenticatedSessionStore getSsoidentifier() {
- return ssoidentifier;
+ public long getIdOASession() {
+ return idOASession;
}
- public void setSsoidentifier(AuthenticatedSessionStore ssoidentifier) {
- this.ssoidentifier = ssoidentifier;
+ public void setIdOASession(long idOASession) {
+ this.idOASession = idOASession;
}
public String getOaurlprefix() {
@@ -76,6 +66,14 @@ public class OASessionStore implements Serializable{
this.oaurlprefix = oaurlprefix;
}
+ public AuthenticatedSessionStore getMoasession() {
+ return moasession;
+ }
+
+ public void setMoasession(AuthenticatedSessionStore moasession) {
+ this.moasession = moasession;
+ }
+
public Date getCreated() {
return created;
}
@@ -83,6 +81,8 @@ public class OASessionStore implements Serializable{
public void setCreated(Date created) {
this.created = created;
}
+
+
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OldSSOSessionIDStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OldSSOSessionIDStore.java
index 571acd094..3ec2babad 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OldSSOSessionIDStore.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OldSSOSessionIDStore.java
@@ -4,6 +4,7 @@ import java.io.Serializable;
import javax.persistence.Column;
import javax.persistence.Entity;
+import javax.persistence.FetchType;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
@@ -28,31 +29,24 @@ public class OldSSOSessionIDStore implements Serializable{
private static final long serialVersionUID = 1L;
@Id
- @GeneratedValue(strategy=GenerationType.AUTO)
+ @GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "idOldSSOSession", unique=true, nullable=false)
- private int idOldSSOSession = 0;
-
- @ManyToOne
- @JoinColumn(name = "id")
- private AuthenticatedSessionStore ssoidentifier;
-
+ private long idOldSSOSession;
+
@Column(name = "oldsessionid", unique=true, nullable=false)
private String oldsessionid;
+
+ //@ManyToOne(fetch=FetchType.LAZY)
+ @ManyToOne(fetch=FetchType.LAZY)
+ @JoinColumn(name = "moasession")
+ private AuthenticatedSessionStore moasession;
- public int getId() {
+ public long getIdOldSSOSession() {
return idOldSSOSession;
}
- public void setId(int id) {
- this.idOldSSOSession = id;
- }
-
- public AuthenticatedSessionStore getSsoidentifier() {
- return ssoidentifier;
- }
-
- public void setSsoidentifier(AuthenticatedSessionStore ssoidentifier) {
- this.ssoidentifier = ssoidentifier;
+ public void setIdOldSSOSession(long idOldSSOSession) {
+ this.idOldSSOSession = idOldSSOSession;
}
public String getOldsessionid() {
@@ -63,11 +57,13 @@ public class OldSSOSessionIDStore implements Serializable{
this.oldsessionid = oldsessionid;
}
- public String getSessionid() {
- return oldsessionid;
+ public AuthenticatedSessionStore getMoasession() {
+ return moasession;
}
- public void setSessionid(String oldsessionid) {
- this.oldsessionid = oldsessionid;
+ public void setMoasession(AuthenticatedSessionStore moasession) {
+ this.moasession = moasession;
}
+
+
}