From 57a308e8e61dd1dd435b149ec01a66059f10adfb Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 22 Apr 2015 13:28:59 +0200 Subject: add unique session ID for logging --- id/server/data/deploy/conf/moa-id/log4j.properties | 6 +- .../moa/id/advancedlogging/TransactionIDUtils.java | 26 ++++++- .../moa/id/auth/MOAIDAuthConstants.java | 1 + .../auth/data/AuthenticationSessionExtensions.java | 52 +++++++++++++ .../internal/tasks/CreateIdentityLinkFormTask.java | 3 + .../auth/servlet/ProcessEngineSignalServlet.java | 7 +- .../moa/id/entrypoints/DispatcherServlet.java | 33 ++++++-- .../moa/id/moduls/AuthenticationManager.java | 2 +- .../at/gv/egovernment/moa/id/moduls/IRequest.java | 2 + .../gv/egovernment/moa/id/moduls/RequestImpl.java | 9 +++ .../egovernment/moa/id/moduls/RequestStorage.java | 8 +- .../gv/egovernment/moa/id/moduls/SSOManager.java | 25 +++++-- .../moa/id/protocols/pvp2x/PVP2XProtocol.java | 10 ++- .../id/storage/AuthenticationSessionStoreage.java | 87 ++++++++++++++++++---- id/server/moa-id-commons/pom.xml | 7 ++ .../db/dao/session/AuthenticatedSessionStore.java | 23 ++++-- .../moa/id/commons/utils/JsonMapper.java | 73 ++++++++++++++++++ pom.xml | 21 ++++++ 18 files changed, 345 insertions(+), 50 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionExtensions.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/JsonMapper.java diff --git a/id/server/data/deploy/conf/moa-id/log4j.properties b/id/server/data/deploy/conf/moa-id/log4j.properties index c7dece5c5..7ad5aefde 100644 --- a/id/server/data/deploy/conf/moa-id/log4j.properties +++ b/id/server/data/deploy/conf/moa-id/log4j.properties @@ -14,8 +14,8 @@ log4j.logger.org.hibernate=warn # configure the stdout appender log4j.appender.stdout=org.apache.log4j.ConsoleAppender log4j.appender.stdout.layout=org.apache.log4j.PatternLayout -#log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %20c | %10t | %m%n -log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %20.20c | %10t | %m%n +#log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %X{transactionId} | %20c | %10t | %m%n +log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %X{transactionId} |%20.20c | %10t | %m%n # configure the rolling file appender (R) log4j.appender.R=org.apache.log4j.RollingFileAppender @@ -23,5 +23,5 @@ log4j.appender.R.File=${catalina.base}/logs/moa-id.log log4j.appender.R.MaxFileSize=10000KB log4j.appender.R.MaxBackupIndex=1 log4j.appender.R.layout=org.apache.log4j.PatternLayout -log4j.appender.R.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n +log4j.appender.R.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %X{transactionId} | %t | %m%n diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/TransactionIDUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/TransactionIDUtils.java index d428cddd1..7f6f2c6b3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/TransactionIDUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/TransactionIDUtils.java @@ -22,9 +22,11 @@ */ package at.gv.egovernment.moa.id.advancedlogging; -import org.slf4j.MDC; + +import java.util.Date; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.util.MiscUtil; /** * @author tlenz @@ -33,14 +35,32 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; public class TransactionIDUtils { public static void setTransactionId(String pendingRequestID) { - MDC.put(MOAIDAuthConstants.MDC_TRANSACTION_ID, + org.apache.log4j.MDC.put(MOAIDAuthConstants.MDC_TRANSACTION_ID, + "TID-" + pendingRequestID); + org.slf4j.MDC.put(MOAIDAuthConstants.MDC_TRANSACTION_ID, "TID-" + pendingRequestID); } public static void removeTransactionId() { - MDC.remove(MOAIDAuthConstants.MDC_TRANSACTION_ID); + org.apache.log4j.MDC.remove(MOAIDAuthConstants.MDC_TRANSACTION_ID); + org.slf4j.MDC.remove(MOAIDAuthConstants.MDC_TRANSACTION_ID); + + } + + public static void setSessionId(String uniqueSessionId) { + org.apache.log4j.MDC.put(MOAIDAuthConstants.MDC_SESSION_ID, + "TID-" + uniqueSessionId); + org.slf4j.MDC.put(MOAIDAuthConstants.MDC_SESSION_ID, + "TID-" + uniqueSessionId); + + } + + public static void removeSessionId() { + org.apache.log4j.MDC.remove(MOAIDAuthConstants.MDC_SESSION_ID); + org.slf4j.MDC.remove(MOAIDAuthConstants.MDC_SESSION_ID); } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java index ac8d00ac8..fe09e743d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java @@ -169,4 +169,5 @@ public interface MOAIDAuthConstants { public static final String REGEX_PATTERN_TARGET = "^[A-Za-z]{2}(-.*)?$"; public static final String MDC_TRANSACTION_ID = "transactionId"; + public static final String MDC_SESSION_ID = "sessionId"; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionExtensions.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionExtensions.java new file mode 100644 index 000000000..61b8f7bd3 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionExtensions.java @@ -0,0 +1,52 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.data; + +import java.io.Serializable; + +/** + * @author tlenz + * + */ +public class AuthenticationSessionExtensions implements Serializable{ + + private static final long serialVersionUID = 1L; + + private String uniqueSessionId = null; + + /** + * @return the uniqueSessionId + */ + public String getUniqueSessionId() { + return uniqueSessionId; + } + + /** + * @param uniqueSessionId the uniqueSessionId to set + */ + public void setUniqueSessionId(String uniqueSessionId) { + this.uniqueSessionId = uniqueSessionId; + } + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java index ee6f0d5a4..77f2cabc4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java @@ -10,6 +10,7 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils; import org.apache.commons.lang3.ObjectUtils; +import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; @@ -114,6 +115,8 @@ public class CreateIdentityLinkFormTask extends AbstractAuthServletTask { finally { ConfigurationDBUtils.closeSession(); + TransactionIDUtils.removeTransactionId(); + TransactionIDUtils.removeSessionId(); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java index 49aa1c0f5..40e9fc819 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java @@ -13,6 +13,7 @@ import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; @@ -67,9 +68,12 @@ public class ProcessEngineSignalServlet extends AuthServlet { // retrieve moa session pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID); + AuthenticationSessionExtensions extendedSessionInformation = AuthenticationSessionStoreage.getAuthenticationSessionExtensions(sessionID); AuthenticationSession session = AuthenticationServer.getSession(sessionID); - //add transactionID to Logger + //add transactionID and unique sessionID to Logger + if (extendedSessionInformation != null) + TransactionIDUtils.setSessionId(extendedSessionInformation.getUniqueSessionId()); TransactionIDUtils.setTransactionId(pendingRequestID); // process instance is mandatory @@ -86,6 +90,7 @@ public class ProcessEngineSignalServlet extends AuthServlet { } finally { MOASessionDBUtils.closeSession(); TransactionIDUtils.removeTransactionId(); + TransactionIDUtils.removeSessionId(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index cce260d04..b287eb014 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -52,6 +52,7 @@ import at.gv.egovernment.moa.id.moduls.IModulInfo; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.moduls.ModulStorage; import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException; +import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.moduls.SSOManager; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestValidatorException; @@ -240,12 +241,16 @@ public class DispatcherServlet extends AuthServlet{ } } + IRequest protocolRequest = null; + String uniqueSessionIdentifier = null; + //get SSO Cookie for Request SSOManager ssomanager = SSOManager.getInstance(); String ssoId = ssomanager.getSSOSessionID(req); - IRequest protocolRequest = null; - + //load unique session identifier with SSO-sessionID + uniqueSessionIdentifier = ssomanager.getUniqueSessionIdentifier(ssoId); + try { Object idObject = req.getParameter(PARAM_TARGET_PENDINGREQUESTID); @@ -256,6 +261,10 @@ public class DispatcherServlet extends AuthServlet{ //get IRequest if it exits if (protocolRequest != null) { + + //set session and transaction IDs + TransactionIDUtils.setTransactionId(protocolRequestID); + TransactionIDUtils.setSessionId(protocolRequest.getSessionIdentifier()); Logger.debug(DispatcherServlet.class.getName()+": Found PendingRequest with ID " + protocolRequestID); } else { @@ -266,6 +275,15 @@ public class DispatcherServlet extends AuthServlet{ } } else { try { + //set transactionID to Logger + protocolRequestID = Random.nextRandom(); + + if (MiscUtil.isEmpty(uniqueSessionIdentifier)) + uniqueSessionIdentifier = Random.nextRandom(); + + TransactionIDUtils.setTransactionId(protocolRequestID); + TransactionIDUtils.setSessionId(uniqueSessionIdentifier); + protocolRequest = info.preProcess(req, resp, action); //request is a valid interfederation response @@ -319,8 +337,8 @@ public class DispatcherServlet extends AuthServlet{ else moduleAction = info.getAction(protocolRequest.requestedAction()); - protocolRequestID = Random.nextRandom(); - protocolRequest.setRequestID(protocolRequestID); + protocolRequest.setRequestID(protocolRequestID); + ((RequestImpl)protocolRequest).setSessionIdentifier(uniqueSessionIdentifier); RequestStorage.setPendingRequest(protocolRequest); Logger.debug(DispatcherServlet.class.getName()+": Create PendingRequest with ID " + protocolRequestID + "."); @@ -546,12 +564,11 @@ public class DispatcherServlet extends AuthServlet{ finally { ConfigurationDBUtils.closeSession(); + Logger.trace("Clossing Dispatcher processing loop"); + TransactionIDUtils.removeTransactionId(); - + TransactionIDUtils.removeSessionId(); } - - Logger.info("Clossing Dispatcher processing loop"); - Logger.info("Http response prepared sent: " + resp.toString()); } @Override diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index 49f3df25c..cbfdfc36b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -569,7 +569,7 @@ public class AuthenticationManager implements MOAIDAuthConstants { try { //check if an MOASession exists and if not create an new MOASession //moasession = getORCreateMOASession(request); - moasession = AuthenticationSessionStoreage.createSession(target.getRequestID()); + moasession = AuthenticationSessionStoreage.createSession(target); } catch (MOADatabaseException e1) { Logger.error("Database Error! MOASession can not be created!"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java index aaeb84f92..7fe933695 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java @@ -22,6 +22,7 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.moduls; +import java.util.Date; import java.util.List; import org.opensaml.saml2.core.Attribute; @@ -40,6 +41,7 @@ public interface IRequest { public String getTarget(); public void setRequestID(String id); public String getRequestID(); + public String getSessionIdentifier(); public String getRequestedIDP(); public MOAResponse getInterfederationResponse(); public List getRequestedAttributes(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java index 4a54a516b..77256c897 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java @@ -41,6 +41,7 @@ public abstract class RequestImpl implements IRequest, Serializable{ private String action = null; private String target = null; private String requestID; + private String sessionIdentifier; //MOA-ID interfederation private String requestedIDP = null; @@ -147,6 +148,14 @@ public abstract class RequestImpl implements IRequest, Serializable{ this.response = response; } + public String getSessionIdentifier() { + return this.sessionIdentifier; + + } + public void setSessionIdentifier(String sessionIdentifier) { + this.sessionIdentifier = sessionIdentifier; + + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java index be8e2dc2a..f0b12431a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java @@ -36,8 +36,9 @@ public class RequestStorage { AssertionStorage storage = AssertionStorage.getInstance(); IRequest pendingRequest = storage.get(pendingReqID, IRequest.class); - //set transactionID to Logger + //set transactionID and sessionID to Logger TransactionIDUtils.setTransactionId(((IRequest)pendingRequest).getRequestID()); + TransactionIDUtils.setSessionId(((IRequest)pendingRequest).getSessionIdentifier()); return pendingRequest; @@ -54,10 +55,7 @@ public class RequestStorage { if (pendingRequest instanceof IRequest) { storage.put(((IRequest)pendingRequest).getRequestID(), pendingRequest); - - //set transactionID to Logger - TransactionIDUtils.setTransactionId(((IRequest)pendingRequest).getRequestID()); - + } else { throw new MOAIDException("auth.20", null); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java index 68545e1c2..04af8cea9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java @@ -25,10 +25,8 @@ package at.gv.egovernment.moa.id.moduls; import java.io.BufferedReader; import java.io.File; import java.io.FileInputStream; -import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; -import java.io.Reader; import java.io.StringWriter; import java.net.URI; import java.util.Date; @@ -38,23 +36,21 @@ import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.apache.velocity.Template; import org.apache.velocity.VelocityContext; -import org.apache.velocity.app.Velocity; import org.apache.velocity.app.VelocityEngine; import org.hibernate.Query; import org.hibernate.Session; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.id.util.VelocityProvider; @@ -192,6 +188,23 @@ public class SSOManager { } + public String getUniqueSessionIdentifier(String ssoSessionID) { + try { + if (MiscUtil.isNotEmpty(ssoSessionID)) { + String moaSessionID = AuthenticationSessionStoreage.getMOASessionSSOID(ssoSessionID); + if (MiscUtil.isNotEmpty(moaSessionID)) { + AuthenticationSessionExtensions extSessionInformation = AuthenticationSessionStoreage.getAuthenticationSessionExtensions(moaSessionID); + return extSessionInformation.getUniqueSessionId(); + + } + } + } catch (MOADatabaseException e) { + Logger.debug("No SSO Session with SSO sessionID: " + ssoSessionID); + } + + return null; + } + public String existsOldSSOSession(String ssoId) { Logger.trace("Check that the SSOID has already been used"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index cf20db7d9..045db3f45 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -57,6 +57,7 @@ import org.opensaml.xml.signature.SignableXMLObject; import java.util.Arrays; +import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; @@ -252,11 +253,16 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { IRequest obj = RequestStorage.getPendingRequest(msg.getRelayState()); if (obj instanceof RequestImpl) { RequestImpl iReqSP = (RequestImpl) obj; - + MOAResponse processedMsg = preProcessAuthResponse((MOAResponse) msg); if ( processedMsg != null ) { - iReqSP.setInterfederationResponse(processedMsg); + iReqSP.setInterfederationResponse(processedMsg); + + Logger.info("Receive a valid assertion from IDP " + msg.getEntityID() + + ". Switch to original transaction with ID " + iReqSP.getRequestID()); + TransactionIDUtils.setTransactionId(iReqSP.getRequestID()); + TransactionIDUtils.setSessionId(iReqSP.getSessionIdentifier()); } else { Logger.info("Interfederated IDP " + msg.getEntityID() + " has NO valid SSO session." diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java index 4288f48ad..541dc23b6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java @@ -33,7 +33,10 @@ import org.hibernate.Query; import org.hibernate.Session; import org.hibernate.Transaction; +import com.fasterxml.jackson.core.JsonProcessingException; + import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; @@ -42,6 +45,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionSto import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.commons.utils.JsonMapper; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; @@ -60,6 +64,8 @@ public class AuthenticationSessionStoreage { //private static HashMap sessionStore = new HashMap(); + private static JsonMapper mapper = new JsonMapper(); + public static boolean isAuthenticated(String moaSessionID) { AuthenticatedSessionStore session; @@ -73,34 +79,44 @@ public class AuthenticationSessionStoreage { } } - public static AuthenticationSession createSession(String pendingRequestID) throws MOADatabaseException, BuildException { + public static AuthenticationSession createSession(IRequest target) throws MOADatabaseException, BuildException { String id = Random.nextRandom(); - - AuthenticatedSessionStore dbsession = new AuthenticatedSessionStore(); - dbsession.setSessionid(id); - dbsession.setAuthenticated(false); + try { + AuthenticatedSessionStore dbsession = new AuthenticatedSessionStore(); + dbsession.setSessionid(id); + dbsession.setAuthenticated(false); - //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 - Date now = new Date(); - dbsession.setCreated(now); - dbsession.setUpdated(now); + //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 + Date now = new Date(); + dbsession.setCreated(now); + dbsession.setUpdated(now); - dbsession.setPendingRequestID(pendingRequestID); + dbsession.setPendingRequestID(target.getRequestID()); - AuthenticationSession session = new AuthenticationSession(id, now); - encryptSession(session, dbsession); + //set additional session informations + AuthenticationSessionExtensions sessionExt = new AuthenticationSessionExtensions(); + sessionExt.setUniqueSessionId(target.getSessionIdentifier()); + dbsession.setAdditionalInformation(mapper.serialize(sessionExt)); - //store AssertionStore element to Database - try { + AuthenticationSession session = new AuthenticationSession(id, now); + encryptSession(session, dbsession); + + //store AssertionStore element to Database MOASessionDBUtils.saveOrUpdate(dbsession); Logger.info("MOASession with sessionID=" + id + " is stored in Database"); + return session; + } catch (MOADatabaseException e) { Logger.warn("MOASession could not be created."); throw new MOADatabaseException(e); + + } catch (JsonProcessingException e) { + Logger.warn("Extended session information can not be stored.", e); + throw new MOADatabaseException(e); + } - - return session; + } public static AuthenticationSession getSession(String sessionID) throws MOADatabaseException { @@ -118,6 +134,45 @@ public class AuthenticationSessionStoreage { throw new MOADatabaseException("MOASession deserialization-exception"); } } + + public static AuthenticationSessionExtensions getAuthenticationSessionExtensions(String sessionID) throws MOADatabaseException { + AuthenticatedSessionStore dbsession = searchInDatabase(sessionID, true); + + if (MiscUtil.isNotEmpty(dbsession.getAdditionalInformation())) { + try { + return (AuthenticationSessionExtensions)mapper.deserialize(dbsession.getAdditionalInformation(), + AuthenticationSessionExtensions.class); + + } catch (Exception e) { + Logger.warn("Extended session information extraction FAILED!", e); + } + } + return null; + + } + + public static void setAuthenticationSessionExtensions(String sessionID, AuthenticationSessionExtensions sessionExtensions) throws MOADatabaseException { + try { + AuthenticatedSessionStore dbsession = searchInDatabase(sessionID, true); + + dbsession.setAdditionalInformation( + mapper.serialize(sessionExtensions)); + + MOASessionDBUtils.saveOrUpdate(dbsession); + Logger.debug("MOASession with sessionID=" + sessionID + " is stored in Database"); + + + } catch (MOADatabaseException e) { + Logger.warn("MOASession could not be stored."); + throw new MOADatabaseException(e); + + } catch (JsonProcessingException e) { + Logger.warn("Extended session information can not be stored.", e); + throw new MOADatabaseException("Extended session information can not be stored.", e); + + } + + } public static void storeSession(AuthenticationSession session) throws MOADatabaseException, BuildException { storeSession(session, null); diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml index 27beeaaf3..a8653509b 100644 --- a/id/server/moa-id-commons/pom.xml +++ b/id/server/moa-id-commons/pom.xml @@ -123,6 +123,13 @@ mysql-connector-java ${mysql-connector.java} + + + com.fasterxml.jackson.core + jackson-databind + + + diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java index e27bd6cd7..af5950c98 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java @@ -96,6 +96,10 @@ public class AuthenticatedSessionStore implements Serializable{ @Column(name = "pendingRequestID", nullable=true) private String pendingRequestID = ""; + @Column(name = "additionalInformation", nullable=true) + @Lob + private String additionalInformation; + @Column(name = "created", updatable=false, nullable=false) @Temporal(TemporalType.TIMESTAMP) private Date created; @@ -113,11 +117,6 @@ public class AuthenticatedSessionStore implements Serializable{ @OneToMany(mappedBy="moasession", cascade=CascadeType.ALL, fetch=FetchType.EAGER) private List inderfederation = null; - @PrePersist - protected void created() { - this.updated = this.created = new Date(); - } - @PreUpdate protected void lastUpdate() { this.updated = new Date(); @@ -262,6 +261,20 @@ public class AuthenticatedSessionStore implements Serializable{ public void setInterfederatedSSOSession(boolean isInterfederatedSSOSession) { this.isInterfederatedSSOSession = isInterfederatedSSOSession; } + + /** + * @return the additionalInformation + */ + public String getAdditionalInformation() { + return additionalInformation; + } + + /** + * @param additionalInformation the additionalInformation to set + */ + public void setAdditionalInformation(String additionalInformation) { + this.additionalInformation = additionalInformation; + } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/JsonMapper.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/JsonMapper.java new file mode 100644 index 000000000..7940955e2 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/JsonMapper.java @@ -0,0 +1,73 @@ +package at.gv.egovernment.moa.id.commons.utils; + +import java.io.IOException; + +import com.fasterxml.jackson.annotation.JsonAutoDetect.Visibility; +import com.fasterxml.jackson.annotation.PropertyAccessor; +import com.fasterxml.jackson.core.JsonParseException; +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.JavaType; +import com.fasterxml.jackson.databind.JsonMappingException; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.SerializationFeature; +import com.fasterxml.jackson.databind.type.TypeFactory; + +/** + * Helper class to handle the JSON (de-)serialization. + * + */ +public class JsonMapper { + + private ObjectMapper mapper = new ObjectMapper(); + + /** + * The default constructor where the default pretty printer is disabled. + */ + public JsonMapper() { + this(false); + } + + /** + * The constructor. + * @param prettyPrint enables or disables the default pretty printer + */ + public JsonMapper(boolean prettyPrint) { + mapper.setVisibility(PropertyAccessor.ALL, Visibility.NONE); + mapper.setVisibility(PropertyAccessor.GETTER, Visibility.PUBLIC_ONLY); + mapper.setVisibility(PropertyAccessor.IS_GETTER, Visibility.PUBLIC_ONLY); + if (prettyPrint) { + mapper.enable(SerializationFeature.INDENT_OUTPUT); + } + } + + /** + * Serialize an object to a JSON string. + * @param value the object to serialize + * @return a JSON string + * @throws JsonProcessingException thrown when an error occurs during serialization + */ + public String serialize(Object value) throws JsonProcessingException { + return mapper.writeValueAsString(value); + } + + /** + * Deserialize a JSON string. + * + * @param value the JSON string to deserialize + * @param clazz optional parameter that determines the type of the returned object. If not set, an {@link Object} is returned. + * @return the deserialized JSON string as an object of type {@code clazz} or {@link Object} + * @throws JsonParseException if the JSON string contains invalid content. + * @throws JsonMappingException if the input JSON structure does not match structure expected for result type + * @throws IOException if an I/O problem occurs (e.g. unexpected end-of-input) + */ + public Object deserialize(String value, Class clazz) throws JsonParseException, JsonMappingException, IOException{ + + ObjectMapper mapper = new ObjectMapper(); + if (clazz != null) { + JavaType javaType = TypeFactory.defaultInstance().constructType(clazz); + return mapper.readValue(value, javaType); + } else { + return mapper.readValue(value, Object.class); + } + } +} diff --git a/pom.xml b/pom.xml index 2ecc43a21..fcf249349 100644 --- a/pom.xml +++ b/pom.xml @@ -45,6 +45,7 @@ 3.4 4.0 2.7 + 2.5.0 @@ -658,6 +659,26 @@ ${org.springframework.version} + + + + com.fasterxml.jackson.core + jackson-core + ${jackson-version} + + + + com.fasterxml.jackson.core + jackson-databind + ${jackson-version} + + + com.fasterxml.jackson.core + jackson-annotations + ${jackson-version} + + + -- cgit v1.2.3