From 1f88acc4f47eb8b9e01ff3c9d8262871fe314b42 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 25 Feb 2016 10:26:41 +0100
Subject: add 'isAbortedByUser' flag to pending-request to indicate that this
 request is aborted, but the auth. process is not broken

---
 .../tasks/EvaluateSSOConsentsTaskImpl.java         | 22 +++++++------
 .../at/gv/egovernment/moa/id/moduls/IRequest.java  | 14 +++++++++
 .../gv/egovernment/moa/id/moduls/RequestImpl.java  | 19 ++++++++++--
 .../protocols/ProtocolFinalizationController.java  | 36 ++++++++++++----------
 4 files changed, 62 insertions(+), 29 deletions(-)

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java
index d52b76ebd..5b53a43bd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java
@@ -90,19 +90,21 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask {
 			if (ssoConsents) {
 				//authenticate pending-request
 				pendingReq.setAuthenticated(true);
-				
-				//store pending-request
-				requestStoreage.storePendingRequest(pendingReq);
-				
-				//redirect to auth. protocol finalization
-				performRedirectToProtocolFinialization(pendingReq, response);
-				
+				pendingReq.setAbortedByUser(false);
+								
 			} else {
 				//user deny single sign-on authentication
-				throw new AuthenticationException("auth.21", new Object[] {});
-				
+				Logger.debug("User deny the Single Sign-On authentication for SP: " + pendingReq.getOAURL());
+				pendingReq.setAbortedByUser(true);
+			
 			}
-						
+			
+			//store pending-request			
+			requestStoreage.storePendingRequest(pendingReq);
+
+			//redirect to auth. protocol finalization
+			performRedirectToProtocolFinialization(pendingReq, response);
+			
 		} catch (MOAIDException e) {
 			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
 			
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
index f5d381e42..e1edb6b77 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
@@ -175,4 +175,18 @@ public interface IRequest {
 	 * @return Service-Provider configuration
 	 */
 	public IOAAuthParameters getOnlineApplicationConfiguration();
+
+	/**
+	 * Indicates, if this pending-request is aborted by the user
+	 * 
+	 * @return true, if it is aborted, otherwise false
+	 */
+	public boolean isAbortedByUser();
+
+	/**
+	 * Set the 'isAboredByUser' flag of this pending-request
+	 * 
+	 * @param b true, if the user has abort the authentication process, otherwise false
+	 */
+	public void setAbortedByUser(boolean isAborted);
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
index 961700651..4dade61fa 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
@@ -69,13 +69,17 @@ public abstract class RequestImpl implements IRequest, Serializable{
 	
 	private boolean passiv = false;
 	private boolean force = false;
-	
-	private boolean needAuthentication = true;
-	private boolean isAuthenticated = false;
 	private boolean needSSO = false;
+	private boolean isAbortedByUser = false;
 	
+	//every request needs authentication by default
+	private boolean needAuthentication = true;
 	
+	//every request is not authenticated by default
+	private boolean isAuthenticated = false;
+		
 	private Map<String, Object> genericDataStorage = new HashMap<String, Object>();
+	
 	 	
 	/**
 	 * @throws ConfigurationException 
@@ -324,6 +328,15 @@ public abstract class RequestImpl implements IRequest, Serializable{
 		
 	}
 	
+	public boolean isAbortedByUser() {
+		return this.isAbortedByUser;
+	}
+
+	public void setAbortedByUser(boolean isAborted) {
+		this.isAbortedByUser = isAborted;
+		
+	}
+	
 	public Object getGenericData(String key) {
 		if (MiscUtil.isNotEmpty(key)) {
 			return genericDataStorage.get(key);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java
index 8c3f2c946..009ef4b6d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java
@@ -33,6 +33,7 @@ import org.springframework.web.bind.annotation.RequestMethod;
 
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.moduls.IRequest;
@@ -74,10 +75,7 @@ public class ProtocolFinalizationController extends AbstractAuthProtocolModulCon
 	
 						//build protocol-specific error message if possible
 						buildProtocolSpecificErrorResponse(throwable, req, resp, pendingReq);
-						
-						//log Error Message
-						statisticLogger.logErrorOperation(throwable, pendingReq);
-						
+																		
 						//get MOASession for this pendingRequest
 						AuthenticationSession moaSession = 
 								authenticatedSessionStorage.getSession(
@@ -132,19 +130,25 @@ public class ProtocolFinalizationController extends AbstractAuthProtocolModulCon
 				if (moaSession == null) {
 					Logger.error("No MOASession with ID " + sessionID + " found.!");		
 					handleErrorNoRedirect(new MOAIDException("auth.02", new Object[]{sessionID}), req, resp, true);							
-					return;
 					
-				}
-								
-				//check if MOASession and pending-request are authenticated
-				if (moaSession.isAuthenticated() && pendingReq.isAuthenticated()) {				
-					finalizeAuthenticationProcess(req, resp, pendingReq, moaSession);
-									
 				} else {
-					Logger.error("MOASession oder Pending-Request are not authenticated --> Abort authentication process!");		
-					handleErrorNoRedirect(new MOAIDException("auth.20", null), req, resp, true);							
-					return;
-									
+					
+						//check if pending-request has 'abortedByUser' flag set
+					if (pendingReq.isAbortedByUser()) {
+						buildProtocolSpecificErrorResponse(
+								new AuthenticationException("auth.21", new Object[] {}), 
+								req, resp, pendingReq);
+	
+						//check if MOASession and pending-request are authenticated					
+					} else if (moaSession.isAuthenticated() && pendingReq.isAuthenticated()) {				
+						finalizeAuthenticationProcess(req, resp, pendingReq, moaSession);
+	
+					} else {
+						//suspect state: pending-request is not aborted but also are not authenticated 
+						Logger.error("MOASession oder Pending-Request are not authenticated --> Abort authentication process!");		
+						handleErrorNoRedirect(new MOAIDException("auth.20", null), req, resp, true);							
+										
+					}
 				}
 							
 			} catch (Exception e) {
@@ -156,7 +160,7 @@ public class ProtocolFinalizationController extends AbstractAuthProtocolModulCon
 		
 		//remove pending-request
 		if (pendingReq != null)
-		requestStorage.removePendingRequest(pendingReq.getRequestID());
+			requestStorage.removePendingRequest(pendingReq.getRequestID());
 		
 	}
 
-- 
cgit v1.2.3