From 59fd2c0ea0649c94340d67b735a2d53696065e4c Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 26 Jul 2013 07:47:08 +0200 Subject: Bugfixes: - handle Error if more then one authentication is started for one Online-Application - handle MultiThread error if more then one authentication process is active in one user session Add: - Add UserData database. (is required for the web-based configuration tool) - Add additional OA parameter in MOA-ID 2.x configuration scheme to set OAs active or not TODO: change 'searchOAWith....' to only get results with active=true --- .../moa/id/auth/builder/LoginFormBuilder.java | 4 +- .../id/auth/builder/SendAssertionFormBuilder.java | 4 +- .../StartAuthentificationParameterParser.java | 8 +- .../moa/id/auth/servlet/AuthServlet.java | 6 +- .../servlet/GenerateIFrameTemplateServlet.java | 63 +---- .../moa/id/auth/servlet/GetForeignIDServlet.java | 15 +- .../id/auth/servlet/GetMISSessionIDServlet.java | 19 +- .../moa/id/auth/servlet/LogOutServlet.java | 43 +-- .../moa/id/auth/servlet/PEPSConnectorServlet.java | 13 +- .../auth/servlet/ProcessValidatorInputServlet.java | 2 +- .../id/auth/servlet/SSOSendAssertionServlet.java | 50 +++- .../servlet/VerifyAuthenticationBlockServlet.java | 18 +- .../id/auth/servlet/VerifyCertificateServlet.java | 8 +- .../id/auth/servlet/VerifyIdentityLinkServlet.java | 10 +- .../moa/id/entrypoints/DispatcherServlet.java | 208 ++++++++++---- .../moa/id/moduls/AuthenticationManager.java | 12 +- .../at/gv/egovernment/moa/id/moduls/IRequest.java | 2 + .../gv/egovernment/moa/id/moduls/ModulUtils.java | 10 +- .../gv/egovernment/moa/id/moduls/RequestImpl.java | 10 + .../egovernment/moa/id/moduls/RequestStorage.java | 57 +++- .../id/storage/AuthenticationSessionStoreage.java | 71 ++++- .../resources/templates/loginFormFull.html | 315 --------------------- .../resources/templates/loginFormIFrame.html | 260 ----------------- .../resources/templates/sendAssertionFormFull.html | 2 + .../templates/sendAssertionFormIFrame.html | 2 + id/server/moa-id-commons/pom.xml | 4 +- .../moa/id/commons/db/ConfigurationDBUtils.java | 10 +- .../moa/id/commons/db/dao/config/UserDatabase.java | 263 +++++++++++++++++ .../db/dao/session/AuthenticatedSessionStore.java | 20 +- .../src/main/resources/config/moaid_config_2.0.xsd | 1 + .../main/resources/config/persistence_template.xml | 5 +- 31 files changed, 736 insertions(+), 779 deletions(-) delete mode 100644 id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html delete mode 100644 id/server/idserverlib/src/main/resources/resources/templates/loginFormIFrame.html create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/UserDatabase.java diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java index 9ba11bebd..a80fcfa25 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java @@ -30,6 +30,7 @@ public class LoginFormBuilder { private static String BKU_HANDY = "#HANDY#"; private static String BKU_LOCAL = "#LOCAL#"; private static String CONTEXTPATH = "#CONTEXTPATH#"; + private static String MOASESSIONID = "#SESSIONID#"; private static String SERVLET = CONTEXTPATH+"/GenerateIframeTemplate"; @@ -84,7 +85,7 @@ public class LoginFormBuilder { return template; } - public static String buildLoginForm(String modul, String action, String oaname, String contextpath, boolean isIFrame) { + public static String buildLoginForm(String modul, String action, String oaname, String contextpath, boolean isIFrame, String moaSessionID) { String value = getTemplate(isIFrame); if(value != null) { @@ -98,6 +99,7 @@ public class LoginFormBuilder { value = value.replace(ACTION, action); value = value.replace(OANAME, oaname); value = value.replace(CONTEXTPATH, contextpath); + value = value.replace(MOASESSIONID, moaSessionID); } return value; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java index a72848832..956593237 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java @@ -25,6 +25,7 @@ public class SendAssertionFormBuilder { private static String URL = "#URL#"; private static String MODUL = "#MODUL#"; private static String ACTION = "#ACTION#"; + private static String ID = "#ID#"; private static String OANAME = "#OAName#"; private static String CONTEXTPATH = "#CONTEXTPATH#"; @@ -75,7 +76,7 @@ public class SendAssertionFormBuilder { return template; } - public static String buildForm(String modul, String action, String oaname, String contextpath, boolean isIFrame) { + public static String buildForm(String modul, String action, String id, String oaname, String contextpath, boolean isIFrame) { String value = getTemplate(isIFrame); if(value != null) { @@ -87,6 +88,7 @@ public class SendAssertionFormBuilder { } value = value.replace(MODUL, modul); value = value.replace(ACTION, action); + value = value.replace(ID, id); value = value.replace(OANAME, oaname); value = value.replace(CONTEXTPATH, contextpath); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java index c9a10b812..58cea2926 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java @@ -221,11 +221,11 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ } public static void parse(HttpServletRequest req, HttpServletResponse resp, - AuthenticationSession moasession) throws WrongParametersException, MOAIDException { + AuthenticationSession moasession, IRequest request) throws WrongParametersException, MOAIDException { - //check Module and Action - HttpSession httpSession = req.getSession(); - IRequest request = RequestStorage.getPendingRequest(httpSession); +// //check Module and Action +// HttpSession httpSession = req.getSession(); +// IRequest request = RequestStorage.getPendingRequest(httpSession); String modul = request.requestedModule();//req.getParameter(PARAM_MODUL); String action = request.requestedAction();//req.getParameter(PARAM_ACTION); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java index 4b15d80b4..022f21491 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java @@ -50,6 +50,7 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.entrypoints.DispatcherServlet; import at.gv.egovernment.moa.id.storage.ExceptionStoreImpl; import at.gv.egovernment.moa.id.storage.IExceptionStore; import at.gv.egovernment.moa.id.util.ServletUtils; @@ -143,7 +144,7 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants { * servlet response */ protected void handleError(String errorMessage, Throwable exceptionThrown, - HttpServletRequest req, HttpServletResponse resp) { + HttpServletRequest req, HttpServletResponse resp, String pendingRequestID) { if (null != errorMessage) { Logger.error(errorMessage); @@ -167,7 +168,8 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants { String redirectURL = null; redirectURL = ServletUtils.getBaseUrl(req); - redirectURL += "/dispatcher?" + ERROR_CODE_PARAM + "=" + id; + redirectURL += "/dispatcher?" + ERROR_CODE_PARAM + "=" + id + + "&" + DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID; resp.setContentType("text/html"); resp.setStatus(302); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java index 2ea34ee12..8d23f1a3b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java @@ -52,19 +52,26 @@ public class GenerateIFrameTemplateServlet extends AuthServlet { protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { Logger.info("Receive " + GenerateIFrameTemplateServlet.class + " Request"); - + + String pendingRequestID = null; + try { String bkuid = req.getParameter(PARAM_BKU); String useMandate = req.getParameter(PARAM_USEMANDATE); String ccc = req.getParameter(PARAM_CCC); - - String moasessionid = null; + String moasessionid = req.getParameter(PARAM_SESSIONID); + AuthenticationSession moasession = null; - + try { - moasessionid = (String) req.getSession().getAttribute(AuthenticationManager.MOA_SESSION); - moasession = AuthenticationSessionStoreage.getSession(moasessionid); - + //moasessionid = (String) req.getSession().getAttribute(AuthenticationManager.MOA_SESSION); + + pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moasessionid); + + moasession = AuthenticationSessionStoreage.getSession(moasessionid); + + String newmoasessionid = AuthenticationSessionStoreage.changeSessionID(moasession); + } catch (MOADatabaseException e) { Logger.info("MOASession with SessionID="+ moasessionid + " is not found in Database"); throw new MOAIDException("init.04", new Object[] { @@ -131,49 +138,9 @@ public class GenerateIFrameTemplateServlet extends AuthServlet { } catch (MOAIDException ex) { - handleError(null, ex, req, resp); + handleError(null, ex, req, resp, pendingRequestID); } } - -// private String getTemplateURIFromConfig(int bkuID, OAAuthParameter oaParam) throws WrongParametersException { -// //TODO: CHANGE to real OA config -// -// List bkuURIs = Arrays.asList( -// "http://localhost:8080/moa-id-auth/template_onlineBKU.html", -// "http://localhost:8080/moa-id-auth/template_handyBKU.html", -// "http://127.0.0.1:8080/moa-id-auth/template_localBKU.html"); -// -//// List bkuURIs = Arrays.asList( -//// "http://demo.egiz.gv.at/demoportal_moaid-2.0/template_onlineBKU.html", -//// "http://demo.egiz.gv.at/demoportal_moaid-2.0/template_handyBKU.html", -//// "http://demo.egiz.gv.at/demoportal_moaid-2.0/template_localBKU.html"); -// -// if (bkuID < bkuURIs.size()) -// return bkuURIs.get(bkuID); -// else -// throw new WrongParametersException("GenerateIFrameTemplate", PARAM_TEMPLATE, -// "auth.12"); -// } -// -// private String getBKUURIFromConfig(int bkuID, OAAuthParameter oaParam) throws WrongParametersException { -// //TODO: CHANGE to real OA config -// -// List bkuURIs = Arrays.asList( -// "https://labda.iaik.tugraz.at:8843/bkuonline/https-security-layer-request", -// "https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx", -// "https://127.0.0.1:3496/https-security-layer-request"); -// -//// List bkuURIs = Arrays.asList( -//// "https://demo.egiz.gv.at/demoportal_bkuonline/https-security-layer-request", -//// "https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx", -//// "https://127.0.0.1:3496/https-security-layer-request"); -// -// if (bkuID < bkuURIs.size()) -// return bkuURIs.get(bkuID); -// else -// throw new WrongParametersException("GenerateIFrameTemplate", PARAM_BKU, -// "auth.12"); -// } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java index d49f4e215..02c751a0a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java @@ -114,7 +114,10 @@ public class GetForeignIDServlet extends AuthServlet { resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); - Map parameters; + Map parameters; + + String pendingRequestID = null; + try { parameters = getParameters(req); @@ -123,7 +126,8 @@ public class GetForeignIDServlet extends AuthServlet { Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); throw new IOException(e.getMessage()); } - String sessionID = req.getParameter(PARAM_SESSIONID); + String sessionID = req.getParameter(PARAM_SESSIONID); + pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID); // escape parameter strings sessionID = StringEscapeUtils.escapeHtml(sessionID); @@ -195,8 +199,9 @@ public class GetForeignIDServlet extends AuthServlet { } redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); redirectURL = resp.encodeRedirectURL(redirectURL);*/ + redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), - ModulUtils.buildAuthURL(session.getModul(), session.getAction()), newMOASessionID); + ModulUtils.buildAuthURL(session.getModul(), session.getAction(), pendingRequestID), newMOASessionID); redirectURL = resp.encodeRedirectURL(redirectURL); } else { @@ -219,10 +224,10 @@ public class GetForeignIDServlet extends AuthServlet { } catch (MOAIDException ex) { - handleError(null, ex, req, resp); + handleError(null, ex, req, resp, pendingRequestID); } catch (SZRGWClientException ex) { - handleError(null, ex, req, resp); + handleError(null, ex, req, resp, pendingRequestID); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java index 7d825da17..8e5fccfef 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java @@ -143,12 +143,15 @@ public class GetMISSessionIDServlet extends AuthServlet { sessionID = StringEscapeUtils.escapeHtml(sessionID); AuthenticationSession session = null; + String pendingRequestID = null; try { // check parameter if (!ParamValidatorUtils.isValidSessionID(sessionID)) throw new WrongParametersException("VerifyCertificate", PARAM_SESSIONID, "auth.12"); + pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID); + session = AuthenticationServer.getSession(sessionID); String misSessionID = session.getMISSessionID(); @@ -209,11 +212,11 @@ public class GetMISSessionIDServlet extends AuthServlet { Logger.info("Changed MOASession " + oldsessionID + " to Session " + newMOASessionID); Logger.info("Daten angelegt zu MOASession " + newMOASessionID); - + String redirectURL = new DataURLBuilder().buildDataURL( session.getAuthURL(), ModulUtils.buildAuthURL(session.getModul(), - session.getAction()), newMOASessionID); + session.getAction(), pendingRequestID), newMOASessionID); redirectURL = resp.encodeRedirectURL(redirectURL); @@ -252,17 +255,17 @@ public class GetMISSessionIDServlet extends AuthServlet { Logger.debug("REDIRECT TO: " + redirectURL); } catch (MOAIDException ex) { - handleError(null, ex, req, resp); + handleError(null, ex, req, resp, pendingRequestID); } catch (GeneralSecurityException ex) { - handleError(null, ex, req, resp); + handleError(null, ex, req, resp, pendingRequestID); } catch (PKIException e) { - handleError(null, e, req, resp); + handleError(null, e, req, resp, pendingRequestID); } catch (MISSimpleClientException e) { - handleError(null, e, req, resp); + handleError(null, e, req, resp, pendingRequestID); } catch (SAXException e) { - handleError(null, e, req, resp); + handleError(null, e, req, resp, pendingRequestID); } catch (ParserConfigurationException e) { - handleError(null, e, req, resp); + handleError(null, e, req, resp, pendingRequestID); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java index caf2e4490..8dc5d7469 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java @@ -83,29 +83,34 @@ public class LogOutServlet extends AuthServlet { SSOManager ssomanager = SSOManager.getInstance(); - //get SSO token from request - String ssoid = ssomanager.getSSOSessionID(req); - - if (ssomanager.isValidSSOSession(ssoid, req)) { - - //TODO: Single LogOut Implementation + try { + //get SSO token from request + String ssoid = ssomanager.getSSOSessionID(req); - //delete SSO session and MOA session - AuthenticationManager authmanager = AuthenticationManager.getInstance(); - String moasessionid = AuthenticationSessionStoreage.getMOASessionID(ssoid); - - authmanager.logout(req, resp, moasessionid); - Logger.info("User with SSO Id " + ssoid + " is logged out and get redirect to "+ redirectUrl); - } else { - Logger.info("No active SSO session found. User is maybe logout already and get redirect to "+ redirectUrl); - } + if (ssomanager.isValidSSOSession(ssoid, req)) { - //Remove SSO token - ssomanager.deleteSSOSessionID(req, resp); + //TODO: Single LogOut Implementation - //invalidate Session - req.getSession().invalidate(); + //delete SSO session and MOA session + AuthenticationManager authmanager = AuthenticationManager.getInstance(); + String moasessionid = AuthenticationSessionStoreage.getMOASessionID(ssoid); + RequestStorage.removePendingRequest(RequestStorage.getPendingRequest(req.getSession()), + AuthenticationSessionStoreage.getPendingRequestID(moasessionid)); + + authmanager.logout(req, resp, moasessionid); + Logger.info("User with SSO Id " + ssoid + " is logged out and get redirect to "+ redirectUrl); + } else { + Logger.info("No active SSO session found. User is maybe logout already and get redirect to "+ redirectUrl); + } + + //Remove SSO token + ssomanager.deleteSSOSessionID(req, resp); + + } catch (Exception e) { + Logger.warn(LogOutServlet.class.getName() + " has an LogOut Error. Redirect to Applikation " + redirectUrl, e); + } + //Redirect to Application resp.setStatus(301); resp.addHeader("Location", redirectUrl); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index 63bc2a8cc..f6412f897 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -56,6 +56,8 @@ public class PEPSConnectorServlet extends AuthServlet { */ protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + String pendingRequestID = null; + try { Logger.info("PEPSConnector Servlet invoked, expecting C-PEPS message."); @@ -80,6 +82,8 @@ public class PEPSConnectorServlet extends AuthServlet { httpSession.invalidate(); } + pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID); + Logger.info("Found MOA sessionID: " + moaSessionID); Logger.debug("Beginning to extract SAMLResponse out of HTTP Request"); @@ -199,7 +203,7 @@ public class PEPSConnectorServlet extends AuthServlet { AuthenticationServer.getInstance().getForeignAuthenticationData(moaSession); Logger.info("MOA assertion assembled and SAML Artifact generated."); - //session is implicit stored in changeSessionID!!!! + //session is implicit stored in changeSessionID!!!! String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession); Logger.info("Changed MOASession " + moaSessionID + " to Session " + newMOASessionID); @@ -214,8 +218,9 @@ public class PEPSConnectorServlet extends AuthServlet { } redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); redirectURL = response.encodeRedirectURL(redirectURL);*/ + redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(), - ModulUtils.buildAuthURL(moaSession.getModul(), moaSession.getAction()), newMOASessionID); + ModulUtils.buildAuthURL(moaSession.getModul(), moaSession.getAction(), pendingRequestID), newMOASessionID); redirectURL = response.encodeRedirectURL(redirectURL); } else { @@ -236,9 +241,9 @@ public class PEPSConnectorServlet extends AuthServlet { } catch (AuthenticationException e) { - handleError(null, e, request, response); + handleError(null, e, request, response, pendingRequestID); } catch (MOAIDException e) { - handleError(null, e, request, response); + handleError(null, e, request, response, pendingRequestID); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java index 200d25fbe..ba8698934 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java @@ -135,7 +135,7 @@ public class ProcessValidatorInputServlet extends AuthServlet { handleWrongParameters(ex, req, resp); } catch (MOAIDException ex) { - handleError(null, ex, req, resp); + handleError(null, ex, req, resp, null); //TODO: is this Class required? } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java index ecbd87498..9b559770f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java @@ -36,18 +36,48 @@ public class SSOSendAssertionServlet extends AuthServlet{ private static final long serialVersionUID = 1L; private static final String PARAM = "value"; + private static final String MODULE = "mod"; + private static final String ACTION = "action"; + private static final String ID = "identifier"; protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { + + String id = null; Logger.info("Receive " + SSOSendAssertionServlet.class + " Request"); try { + Object idObject = req.getParameter(ID); + + if (idObject != null && (idObject instanceof String)) { + id = (String) idObject; + } + String value = req.getParameter(PARAM); value = StringEscapeUtils.escapeHtml(value); if (!ParamValidatorUtils.isValidUseMandate(value)) throw new WrongParametersException("SSOSendAssertionServlet", PARAM, null); - + //get module and action + Object moduleObject = req.getParameter(MODULE); + String module = null; + if (moduleObject != null && (moduleObject instanceof String)) { + module = (String) moduleObject; + } + + + Object actionObject = req.getParameter(ACTION); + String action = null; + if (actionObject != null && (actionObject instanceof String)) { + action = (String) actionObject; + } + + if (MiscUtil.isEmpty(module) || MiscUtil.isEmpty(action) || MiscUtil.isEmpty(id)) { + Logger.warn("No Moduel or Action parameter received!"); + throw new WrongParametersException("Module or Action is empty", "", "auth.10"); + } + + SSOManager ssomanager = SSOManager.getInstance(); //get SSO Cookie for Request String ssoId = ssomanager.getSSOSessionID(req); @@ -86,15 +116,9 @@ public class SSOSendAssertionServlet extends AuthServlet{ moaSessionID = AuthenticationSessionStoreage.getMOASessionID(ssoId); AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moaSessionID); AuthenticationSessionStoreage.setAuthenticated(moaSessionID, true); - - HttpSession httpSession = req.getSession(); - IRequest protocolRequest = RequestStorage.getPendingRequest(httpSession); - - if (protocolRequest == null) - throw new AuthenticationException("auth.21", new Object[] {}); - + String redirectURL = new DataURLBuilder().buildDataURL(moasession.getAuthURL(), - ModulUtils.buildAuthURL(protocolRequest.requestedModule(), protocolRequest.requestedAction()), ""); + ModulUtils.buildAuthURL(module, action, id), ""); resp.setContentType("text/html"); resp.setStatus(302); @@ -109,16 +133,16 @@ public class SSOSendAssertionServlet extends AuthServlet{ } } else { - handleError("SSO Session is not valid", null, req, resp); + handleError("SSO Session is not valid", null, req, resp, id); } } catch (MOADatabaseException e) { - handleError("SSO Session is not found", e, req, resp); + handleError("SSO Session is not found", e, req, resp, id); } catch (WrongParametersException e) { - handleError("Parameter is not valid", e, req, resp); + handleError("Parameter is not valid", e, req, resp, id); } catch (AuthenticationException e) { - handleError(e.getMessage(), e, req, resp); + handleError(e.getMessage(), e, req, resp, id); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java index adef74370..96914647e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java @@ -136,6 +136,7 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + String pendingRequestID = null; Map parameters; try @@ -152,6 +153,8 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { // escape parameter strings sessionID = StringEscapeUtils.escapeHtml(sessionID); + pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID); + String redirectURL = null; try { // check parameter @@ -161,7 +164,7 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_XMLRESPONSE, "auth.12"); AuthenticationSession session = AuthenticationServer.getSession(sessionID); - + String samlArtifactBase64 = AuthenticationServer.getInstance().verifyAuthenticationBlock(session, createXMLSignatureResponse); @@ -252,8 +255,9 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); redirectURL = resp.encodeRedirectURL(redirectURL);*/ + redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), - ModulUtils.buildAuthURL(session.getModul(), session.getAction()), samlArtifactBase64); + ModulUtils.buildAuthURL(session.getModul(), session.getAction(), pendingRequestID), samlArtifactBase64); } else { redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID()); @@ -270,15 +274,15 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { } catch (MOAIDException ex) { - handleError(null, ex, req, resp); + handleError(null, ex, req, resp, pendingRequestID); } catch (GeneralSecurityException e) { - handleError(null, e, req, resp); + handleError(null, e, req, resp, pendingRequestID); } catch (PKIException e) { - handleError(null, e, req, resp); + handleError(null, e, req, resp, pendingRequestID); } catch (MISSimpleClientException e) { - handleError(null, e, req, resp); + handleError(null, e, req, resp, pendingRequestID); } catch (TransformerException e) { - handleError(null, e, req, resp); + handleError(null, e, req, resp, pendingRequestID); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java index e07be8420..896bd0864 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java @@ -106,6 +106,8 @@ public class VerifyCertificateServlet extends AuthServlet { resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + + String pendingRequestID = null; Map parameters; try @@ -120,7 +122,9 @@ public class VerifyCertificateServlet extends AuthServlet { // escape parameter strings sessionID = StringEscapeUtils.escapeHtml(sessionID); - + + pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID); + AuthenticationSession session = null; try { // check parameter @@ -177,7 +181,7 @@ public class VerifyCertificateServlet extends AuthServlet { } catch (MOAIDException ex) { - handleError(null, ex, req, resp); + handleError(null, ex, req, resp, pendingRequestID); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java index 2f12c7ae6..c6310d8c0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java @@ -113,6 +113,8 @@ public class VerifyIdentityLinkServlet extends AuthServlet { Logger.debug("POST VerifyIdentityLink"); Map parameters; + String pendingRequestID = null; + try { parameters = getParameters(req); @@ -127,6 +129,8 @@ public class VerifyIdentityLinkServlet extends AuthServlet { // escape parameter strings sessionID = StringEscapeUtils.escapeHtml(sessionID); + pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID); + resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); @@ -175,7 +179,7 @@ public class VerifyIdentityLinkServlet extends AuthServlet { } catch(Exception e) { - handleError(null, e, req, resp); + handleError(null, e, req, resp, pendingRequestID); } } @@ -234,11 +238,11 @@ public class VerifyIdentityLinkServlet extends AuthServlet { } } catch (ParseException ex) { - handleError(null, ex, req, resp); + handleError(null, ex, req, resp, pendingRequestID); } catch (MOAIDException ex) { - handleError(null, ex, req, resp); + handleError(null, ex, req, resp, pendingRequestID); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index e995a1c2e..e7b41e3c9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -3,13 +3,20 @@ package at.gv.egovernment.moa.id.entrypoints; import iaik.util.logging.Log; import java.io.IOException; +import java.util.ConcurrentModificationException; +import java.util.HashMap; import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Set; +import java.util.concurrent.ConcurrentHashMap; import javax.servlet.ServletConfig; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; +import javax.swing.ListModel; import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.MOAIDException; @@ -32,6 +39,7 @@ import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.storage.ExceptionStoreImpl; import at.gv.egovernment.moa.id.util.HTTPSessionUtils; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.id.util.legacy.LegacyHelper; import at.gv.egovernment.moa.logging.Logger; @@ -44,6 +52,7 @@ public class DispatcherServlet extends AuthServlet{ public static final String PARAM_TARGET_MODULE = "mod"; public static final String PARAM_TARGET_ACTION = "action"; + public static final String PARAM_TARGET_PENDINGREQUESTID = "pendingid"; @Override public void init(ServletConfig config) throws ServletException { @@ -66,6 +75,8 @@ public class DispatcherServlet extends AuthServlet{ boolean isValidSSOSession = false; boolean useSSOOA = false; + String protocolRequestID = null; + try { Logger.info("REQUEST: " + req.getRequestURI()); @@ -76,30 +87,65 @@ public class DispatcherServlet extends AuthServlet{ Throwable throwable = ExceptionStoreImpl.getStore() .fetchException(errorid); ExceptionStoreImpl.getStore().removeException(errorid); + + Object idObject = req.getParameter(PARAM_TARGET_PENDINGREQUESTID); - if (throwable != null) { + Map errorRequests = RequestStorage.getPendingRequest(req.getSession()); + + String pendingRequestID = null; + if (idObject != null && (idObject instanceof String)) { + if (errorRequests.containsKey((String)idObject)) + pendingRequestID = (String) idObject; + } + + if (throwable != null) { + if (errorRequests != null) { + + synchronized (errorRequests) { + + IRequest errorRequest = null; + if (pendingRequestID != null) { + errorRequest = errorRequests.get(pendingRequestID); + + //remove the + RequestStorage.removePendingRequest(errorRequests, pendingRequestID); + } + else { + if (errorRequests.size() > 1) { + handleErrorNoRedirect(throwable.getMessage(), throwable, + req, resp); + + } else { + Set keys = errorRequests.keySet(); + errorRequest = errorRequests.get(keys.toArray()[0]); + RequestStorage.removeAllPendingRequests(req.getSession()); + } + + } + - IRequest errorRequest = RequestStorage - .getPendingRequest(req.getSession()); - - //remove the - RequestStorage.removePendingRequest(req.getSession()); - - if (errorRequest != null) { - try { - IModulInfo handlingModule = ModulStorage - .getModuleByPath(errorRequest - .requestedModule()); - if (handlingModule != null) { - if (handlingModule.generateErrorMessage( - throwable, req, resp, errorRequest)) { - return; + + if (errorRequest != null) { + + try { + IModulInfo handlingModule = ModulStorage + .getModuleByPath(errorRequest + .requestedModule()); + if (handlingModule != null) { + if (handlingModule.generateErrorMessage( + throwable, req, resp, errorRequest)) { + return; + } } + } catch (Throwable e) { + Logger.error(e); + handleErrorNoRedirect(throwable.getMessage(), + throwable, req, resp); } - } catch (Throwable e) { - Logger.error(e); - handleErrorNoRedirect(throwable.getMessage(), - throwable, req, resp); + } + else { + handleErrorNoRedirect(throwable.getMessage(), throwable, + req, resp); } } handleErrorNoRedirect(throwable.getMessage(), throwable, @@ -113,6 +159,7 @@ public class DispatcherServlet extends AuthServlet{ return; } + } Object moduleObject = req.getParameter(PARAM_TARGET_MODULE); String module = null; @@ -133,7 +180,7 @@ public class DispatcherServlet extends AuthServlet{ if (action == null) { action = req.getParameter(PARAM_TARGET_ACTION); } - + Logger.debug("dispatching to " + module + " protocol " + action); IModulInfo info = ModulStorage.getModuleByPath(module); @@ -174,46 +221,103 @@ public class DispatcherServlet extends AuthServlet{ } HttpSession httpSession = req.getSession(); + Map protocolRequests = null; IRequest protocolRequest = null; + try { - protocolRequest = RequestStorage.getPendingRequest(httpSession); - - if (protocolRequest != null) { - // check if pending request is same protocol and action - if (!protocolRequest.requestedModule().equals(module) - || !protocolRequest.requestedAction() - .equals(action) - || !info.validate(req, resp, protocolRequest)) { - resp.sendError(HttpServletResponse.SC_CONFLICT); - Logger.error("Different Request is pending in this session!"); + protocolRequests = RequestStorage.getPendingRequest(httpSession); + + Object idObject = req.getParameter(PARAM_TARGET_PENDINGREQUESTID); + + if (protocolRequests != null && + idObject != null && (idObject instanceof String)) { + +// synchronized (protocolRequests) { + + protocolRequestID = (String) idObject; + + //get IRequest if it exits + if (protocolRequests.containsKey(protocolRequestID)) { + protocolRequest = protocolRequests.get(protocolRequestID); + + //RequestStorage.setPendingRequest(httpSession, protocolRequests); + + } else { + resp.sendError(HttpServletResponse.SC_CONFLICT); + Logger.error("No PendingRequest with ID " + protocolRequestID + " found for this session!"); + return; + } +// } + } else { + try { + protocolRequest = info.preProcess(req, resp, action); + + if (protocolRequest != null) { + + if(protocolRequests != null) { + +// synchronized (protocolRequests) { +// synchronized (protocolRequest) { + Set mapkeys = protocolRequests.keySet(); + for (String el : mapkeys) { + IRequest value = protocolRequests.get(el); + + if (value.getOAURL().equals(protocolRequest.getOAURL())) { + + if(!AuthenticationSessionStoreage.deleteSessionWithPendingRequestID(el)) { + Logger.warn("NO MOASession with PendingRequestID " + el + " found. Delete all user sessions!"); + RequestStorage.removeAllPendingRequests(req.getSession()); + + } else { + + + RequestStorage.removePendingRequest(protocolRequests, el); + } + } + } +// } +// } + + } else { + protocolRequests = new ConcurrentHashMap(); + } + + synchronized (protocolRequest) { + synchronized (protocolRequests) { + + //Start new Authentication + protocolRequest.setAction(action); + protocolRequest.setModule(module); + protocolRequestID = Random.nextRandom(); + protocolRequest.setRequestID(protocolRequestID); + protocolRequests.put(protocolRequestID, protocolRequest); + } + } + } + } catch (MOAIDException e) { + resp.sendError(HttpServletResponse.SC_BAD_REQUEST); + Logger.error("Failed to generate a valid protocol request!"); return; } - } - - if (protocolRequest == null) { - protocolRequest = info.preProcess(req, resp, action); - if (protocolRequest != null) { - protocolRequest.setAction(action); - protocolRequest.setModule(module); + + if (protocolRequest == null) { + resp.sendError(HttpServletResponse.SC_BAD_REQUEST); + Logger.error("Failed to generate a valid protocol request!"); + return; } } + + - if (protocolRequest == null) { - resp.sendError(HttpServletResponse.SC_BAD_REQUEST); - Logger.error("Failed to generate a valid protocol request!"); - return; - } - + //load Parameters from OnlineApplicationConfiguration OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() .getOnlineApplicationParameter(protocolRequest.getOAURL()); if (oaParam == null) { - //TODO: Find a better place for this!! - //req.getSession().invalidate(); throw new AuthenticationException("auth.00", new Object[] { protocolRequest.getOAURL() }); } - - RequestStorage.setPendingRequest(httpSession, protocolRequest); + + RequestStorage.setPendingRequest(httpSession, protocolRequests); AuthenticationManager authmanager = AuthenticationManager.getInstance(); @@ -296,6 +400,8 @@ public class DispatcherServlet extends AuthServlet{ } } else { + + //TODO: maybe transmit moasessionID with http GET to handle more then one PendingRequest! moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(), AuthenticationManager.MOA_SESSION, null); moasession = AuthenticationSessionStoreage.getSession(moasessionID); @@ -319,7 +425,7 @@ public class DispatcherServlet extends AuthServlet{ moduleAction.processRequest(protocolRequest, req, resp, moasession); - RequestStorage.removePendingRequest(httpSession); + RequestStorage.removePendingRequest(protocolRequests, protocolRequestID); boolean isSSOSession = AuthenticationSessionStoreage.isSSOSession(moasessionID); @@ -331,7 +437,7 @@ public class DispatcherServlet extends AuthServlet{ authmanager.logout(req, resp, moasessionID); } - ConfigurationDBUtils.closeSession(); +// ConfigurationDBUtils.closeSession(); //authmanager.logout(req, resp); @@ -345,7 +451,7 @@ public class DispatcherServlet extends AuthServlet{ } catch (WrongParametersException ex) { handleWrongParameters(ex, req, resp); } catch (MOAIDException ex) { - handleError(null, ex, req, resp); + handleError(null, ex, req, resp, protocolRequestID); } catch (Throwable e) { e.printStackTrace(); resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index b6742fb9e..b9f0b2144 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -177,7 +177,7 @@ public class AuthenticationManager extends AuthServlet { } authSession.setAuthenticated(false); - HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session + //HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session AuthenticationSessionStoreage.destroySession(moaSessionID); @@ -230,7 +230,7 @@ public class AuthenticationManager extends AuthServlet { //parse request parameter into MOASession - StartAuthentificationParameterParser.parse(request, response, moasession); + StartAuthentificationParameterParser.parse(request, response, moasession, target); Logger.info("Start Authentication Module: " + moasession.getModul() + " Action: " + moasession.getAction()); @@ -245,7 +245,7 @@ public class AuthenticationManager extends AuthServlet { //store MOASession try { - AuthenticationSessionStoreage.storeSession(moasession); + AuthenticationSessionStoreage.storeSession(moasession, target.getRequestID()); } catch (MOADatabaseException e) { Logger.error("Database Error! MOASession is not stored!"); throw new MOAIDException("init.04", new Object[] { @@ -284,11 +284,11 @@ public class AuthenticationManager extends AuthServlet { String loginForm = LoginFormBuilder.buildLoginForm(target.requestedModule(), - target.requestedAction(), oaParam.getFriendlyName(), request.getContextPath(), oaParam.useIFrame()); + target.requestedAction(), oaParam.getFriendlyName(), request.getContextPath(), oaParam.useIFrame(), moasession.getSessionID()); //store MOASession try { - AuthenticationSessionStoreage.storeSession(moasession); + AuthenticationSessionStoreage.storeSession(moasession, target.getRequestID()); } catch (MOADatabaseException e) { Logger.error("Database Error! MOASession is not stored!"); throw new MOAIDException("init.04", new Object[] { @@ -310,7 +310,7 @@ public class AuthenticationManager extends AuthServlet { throws ServletException, IOException, MOAIDException { String form = SendAssertionFormBuilder.buildForm(target.requestedModule(), - target.requestedAction(), oaParam.getFriendlyName(), request.getContextPath(), oaParam.useIFrame()); + target.requestedAction(), target.getRequestID(), oaParam.getFriendlyName(), request.getContextPath(), oaParam.useIFrame()); response.setContentType("text/html;charset=UTF-8"); PrintWriter out = new PrintWriter(response.getOutputStream()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java index f63b0049f..824b210cf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java @@ -10,6 +10,8 @@ public interface IRequest { public void setModule(String module); public void setAction(String action); public String getTarget(); + public void setRequestID(String id); + public String getRequestID(); //public void setTarget(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java index 9ce835c7e..b07695938 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java @@ -8,15 +8,17 @@ public class ModulUtils { public static final String UNAUTHDISPATCHER = "dispatcher"; public static final String AUTHDISPATCHER = "dispatcher"; - public static String buildUnauthURL(String modul, String action) { + public static String buildUnauthURL(String modul, String action, String pendingRequestID) { return UNAUTHDISPATCHER + "?" + DispatcherServlet.PARAM_TARGET_MODULE + "=" + modul + "&" + - DispatcherServlet.PARAM_TARGET_ACTION + "=" + action; + DispatcherServlet.PARAM_TARGET_ACTION + "=" + action + "&" + + DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID; } - public static String buildAuthURL(String modul, String action) { + public static String buildAuthURL(String modul, String action, String pendingRequestID) { return AUTHDISPATCHER + "?" + DispatcherServlet.PARAM_TARGET_MODULE + "=" + modul + "&" + - DispatcherServlet.PARAM_TARGET_ACTION + "=" + action; + DispatcherServlet.PARAM_TARGET_ACTION + "=" + action + "&" + + DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID; } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java index 29f9ff69b..420f11622 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java @@ -9,6 +9,7 @@ public class RequestImpl implements IRequest { private String module = null; private String action = null; private String target = null; + private String requestID; public void setOAURL(String value) { @@ -66,4 +67,13 @@ public class RequestImpl implements IRequest { public void setTarget(String target) { this.target = target; } + + public void setRequestID(String id) { + this.requestID = id; + + } + + public String getRequestID() { + return requestID; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java index 4e7d8d2ed..35481a0a1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java @@ -1,28 +1,65 @@ package at.gv.egovernment.moa.id.moduls; +import java.util.List; +import java.util.Map; + import javax.servlet.http.HttpSession; +import at.gv.egovernment.moa.logging.Logger; + public class RequestStorage { private static final String PENDING_REQUEST = "PENDING_REQUEST"; - public static IRequest getPendingRequest(HttpSession session) { - Object obj = session.getAttribute(PENDING_REQUEST); - if (obj != null) { - if (obj instanceof IRequest) { - return (IRequest) obj; - } else { + public static Map getPendingRequest(HttpSession session) { + + + Object obj = session.getAttribute(PENDING_REQUEST); + if (obj != null) { + synchronized (obj) { + if (obj instanceof Map) { + if (((Map) obj).size() > 0) { + if ( ((Map) obj).keySet().toArray()[0] instanceof String) { + if (((Map) obj).get(((Map) obj).keySet().toArray()[0]) + instanceof IRequest) { + return (Map) obj; + + + + } + } + } + } + } session.setAttribute(PENDING_REQUEST, null); } - } - return null; + return null; } - public static void setPendingRequest(HttpSession session, IRequest request) { + public static void setPendingRequest(HttpSession session, Map request) { session.setAttribute(PENDING_REQUEST, request); } - public static void removePendingRequest(HttpSession session) { + public static void removeAllPendingRequests(HttpSession session) { session.setAttribute(PENDING_REQUEST, null); } + + public static void removePendingRequest(Map requestmap, String requestID) { + + if (requestmap != null && requestID != null) { + + synchronized (requestmap) { + + //Map requestmap = getPendingRequest(session); + + if (requestmap.containsKey(requestID)) { + requestmap.remove(requestID); + Logger.debug("Remove PendingRequest with ID " + requestID); + + } + + //setPendingRequest(session, requestmap); + } + } + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java index da5556b30..1f71bf8bf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java @@ -107,11 +107,33 @@ public class AuthenticationSessionStoreage { } catch (MOADatabaseException e) { Logger.warn("MOASession could not be stored."); throw new MOADatabaseException(e); - } - + } + } + + public static void storeSession(AuthenticationSession session, String pendingRequestID) throws MOADatabaseException, BuildException { + try { + AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID()); + dbsession.setPendingRequestID(pendingRequestID); + + dbsession.setAuthenticated(session.isAuthenticated()); + byte[] serialized = SerializationUtils.serialize(session); + + dbsession.setSession(SessionEncrytionUtil.encrypt(serialized)); + + //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 + dbsession.setUpdated(new Date()); + + MOASessionDBUtils.saveOrUpdate(dbsession); + Log.info("MOASession with sessionID=" + session.getSessionID() + " is stored in Database"); + + } catch (MOADatabaseException e) { + Logger.warn("MOASession could not be stored."); + throw new MOADatabaseException(e); + } } + public static void destroySession(String moaSessionID) throws MOADatabaseException { Session session = MOASessionDBUtils.getCurrentSession(); @@ -236,6 +258,7 @@ public class AuthenticationSessionStoreage { dbsession.setSSOSession(true); dbsession.setSSOsessionid(SSOSessionID); dbsession.setAuthenticated(false); + dbsession.setPendingRequestID(""); //Store MOASession session.saveOrUpdate(dbsession); @@ -365,7 +388,51 @@ public class AuthenticationSessionStoreage { } } + + public static boolean deleteSessionWithPendingRequestID(String id) { + MiscUtil.assertNotNull(id, "PendingRequestID"); + Logger.trace("Delete MOAsession with PendingRequestID " + id + " from database."); + Session session = MOASessionDBUtils.getCurrentSession(); + + List result; + + synchronized (session) { + session.beginTransaction(); + Query query = session.getNamedQuery("getSessionWithPendingRequestID"); + query.setString("sessionid", id); + result = query.list(); + + //send transaction + session.getTransaction().commit(); + } + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() != 1) { + Logger.trace("No entries found."); + return false; + + } else { + MOASessionDBUtils.delete(result.get(0)); + return true; + } + + } + + public static String getPendingRequestID(String sessionID) { + try { + AuthenticatedSessionStore dbsession = searchInDatabase(sessionID); + return dbsession.getPendingRequestID(); + + } catch (MOADatabaseException e) { + Logger.warn("MOASession with ID " + sessionID + " not found"); + return ""; + } + + } + public static void clean(long now, long authDataTimeOutCreated, long authDataTimeOutUpdated) { Date expioredatecreate = new Date(now - authDataTimeOutCreated); Date expioredateupdate = new Date(now - authDataTimeOutUpdated); diff --git a/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html b/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html deleted file mode 100644 index 1228ba90e..000000000 --- a/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html +++ /dev/null @@ -1,315 +0,0 @@ - - - - - - - - - - - - - - -
- -
-
- - - - -
- -
-
-
- -

Anmeldung an: #OAName#

- -
-
-

- Login mit Bürgerkarte -

-
- -
- - - - - - - -
i
-
- -
- -
- -
- -
- - - -
-
-

- Home Country Selection -

-
-

- - - i -

-
-
- - - - -
-
-
-
-
- -
- - - -
-
-
- - diff --git a/id/server/idserverlib/src/main/resources/resources/templates/loginFormIFrame.html b/id/server/idserverlib/src/main/resources/resources/templates/loginFormIFrame.html deleted file mode 100644 index 3d39f9233..000000000 --- a/id/server/idserverlib/src/main/resources/resources/templates/loginFormIFrame.html +++ /dev/null @@ -1,260 +0,0 @@ - - - - - - - - - - - -
-

- Login mit Bürgerkarte -

-
- -
- - - - - - - -
i
-
- -
- -
- -
- -
- - - -
-
-

- Home Country Selection -

-
-

- - - i -

-
-
- - - -
- - diff --git a/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html b/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html index c4b7196b1..f4377ace4 100644 --- a/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html +++ b/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html @@ -65,6 +65,7 @@ + @@ -73,6 +74,7 @@ + diff --git a/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormIFrame.html b/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormIFrame.html index 46e8f46d8..a30bbfa9a 100644 --- a/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormIFrame.html +++ b/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormIFrame.html @@ -24,6 +24,7 @@ + @@ -32,6 +33,7 @@ + diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml index 540bd7b89..f04de3ad8 100644 --- a/id/server/moa-id-commons/pom.xml +++ b/id/server/moa-id-commons/pom.xml @@ -122,10 +122,8 @@ true src/main/resources/config src/main/resources/config - + src/main/resources/config/persistence_template.xml at.gv.egovernment.moa.id.commons.db.dao.config - - diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBUtils.java index dc0e493d1..4bb0a08ea 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBUtils.java @@ -23,7 +23,7 @@ public final class ConfigurationDBUtils { protected ConfigurationDBUtils() { } - public static void initHibernate(Properties props) { + public static void initHibernate(Properties props) throws MOADatabaseException { try { @@ -44,13 +44,15 @@ public final class ConfigurationDBUtils { entitymanagerfactory = Persistence.createEntityManagerFactory("at.gv.egovernment.moa.id.commons.db.dao.config", props); + + Logger.debug("Initial session factory successfully created."); } catch (Throwable ex) { Logger.error("Initial session factory creation failed: " + ex.getMessage()); - throw new ExceptionInInitializerError(ex); + throw new MOADatabaseException("Initialization of Configuration Hibernate session factory failed.",ex); } } @@ -71,7 +73,7 @@ public final class ConfigurationDBUtils { EntityManager session = (EntityManager) THREAD_LOCAL_CONFIG.get(); // Open a new Session, if this Thread has none yet - if (session == null) { + if (session == null || !session.isOpen()) { session = getNewSession(); } return session; @@ -85,7 +87,7 @@ public final class ConfigurationDBUtils { return entitymanagerfactory.createEntityManager(); } EntityManager session = (EntityManager) THREAD_LOCAL_CONFIG.get(); - if (session != null) { + if (session != null ) { Logger.warn("Previous session has not been closed; closing session now."); closeSession(); } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/UserDatabase.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/UserDatabase.java new file mode 100644 index 000000000..d1887bfa6 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/UserDatabase.java @@ -0,0 +1,263 @@ +package at.gv.egovernment.moa.id.commons.db.dao.config; + +import java.io.Serializable; +import java.util.Date; +import java.util.List; + +import javax.persistence.CascadeType; +import javax.persistence.Column; +import javax.persistence.Entity; +import javax.persistence.GeneratedValue; +import javax.persistence.GenerationType; +import javax.persistence.Id; +import javax.persistence.OneToMany; +import javax.persistence.PreUpdate; +import javax.persistence.Table; +import javax.persistence.Temporal; +import javax.persistence.TemporalType; + +import org.hibernate.annotations.DynamicUpdate; + +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; + + +@Entity +@DynamicUpdate(value=true) +@Table(name = "userdatabase") +public class UserDatabase implements Serializable{ + + private static final long serialVersionUID = 1L; + + @Id + @GeneratedValue(strategy = GenerationType.IDENTITY) + @Column(name = "id", unique=true, nullable=false) + private long id; + + @Column(name = "givenname", nullable=false) + private String givenname; + + @Column(name = "familyname", nullable=false) + private String familyname; + + @Column(name = "institut", nullable=false) + private String institut; + + @Column(name = "mail", nullable=false) + private String mail; + + @Column(name = "phone", nullable=false) + private String phone; + + @Column(name = "username", unique=true, nullable=false) + private String username; + + @Column(name = "password", nullable=false) + private String password; + + @Column(name = "bpk", unique=true, nullable=false) + private String bpk; + + @Column(name = "isadmin", nullable=false) + private boolean isadmin; + + @Column(name = "isactive", nullable=false) + private boolean isactive; + + @OneToMany(mappedBy="hjid", cascade=CascadeType.REFRESH) + private List registratedOAs = null; + + @Column(name = "lastlogin") + @Temporal(TemporalType.TIMESTAMP) + private Date lastlogin; + + @PreUpdate + protected void lastUpdate() { + this.lastlogin = new Date(); + } + + /** + * @return the id + */ + public long getId() { + return id; + } + + /** + * @param id the id to set + */ + public void setId(long id) { + this.id = id; + } + + /** + * @return the givenname + */ + public String getGivenname() { + return givenname; + } + + /** + * @param givenname the givenname to set + */ + public void setGivenname(String givenname) { + this.givenname = givenname; + } + + /** + * @return the familyname + */ + public String getFamilyname() { + return familyname; + } + + /** + * @param familyname the familyname to set + */ + public void setFamilyname(String familyname) { + this.familyname = familyname; + } + + /** + * @return the institut + */ + public String getInstitut() { + return institut; + } + + /** + * @param institut the institut to set + */ + public void setInstitut(String institut) { + this.institut = institut; + } + + /** + * @return the mail + */ + public String getMail() { + return mail; + } + + /** + * @param mail the mail to set + */ + public void setMail(String mail) { + this.mail = mail; + } + + /** + * @return the phone + */ + public String getPhone() { + return phone; + } + + /** + * @param phone the phone to set + */ + public void setPhone(String phone) { + this.phone = phone; + } + + /** + * @return the username + */ + public String getUsername() { + return username; + } + + /** + * @param username the username to set + */ + public void setUsername(String username) { + this.username = username; + } + + /** + * @return the password + */ + public String getPassword() { + return password; + } + + /** + * @param password the password to set + */ + public void setPassword(String password) { + this.password = password; + } + + /** + * @return the bpk + */ + public String getBpk() { + return bpk; + } + + /** + * @param bpk the bpk to set + */ + public void setBpk(String bpk) { + this.bpk = bpk; + } + + /** + * @return the isadmin + */ + public boolean isIsadmin() { + return isadmin; + } + + /** + * @param isadmin the isadmin to set + */ + public void setIsadmin(boolean isadmin) { + this.isadmin = isadmin; + } + + /** + * @return the isactive + */ + public boolean isIsactive() { + return isactive; + } + + /** + * @param isactive the isactive to set + */ + public void setIsactive(boolean isactive) { + this.isactive = isactive; + } + + /** + * @return the registratedOAs + */ + public List getRegistratedOAs() { + return registratedOAs; + } + + /** + * @param registratedOAs the registratedOAs to set + */ + public void setRegistratedOAs(List registratedOAs) { + this.registratedOAs = registratedOAs; + } + + /** + * @return the lastlogin + */ + public Date getLastlogin() { + return lastlogin; + } + + /** + * @param lastlogin the lastlogin to set + */ + public void setLastlogin(Date lastlogin) { + this.lastlogin = lastlogin; + } + + +} + + diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java index c08fe1bb2..ed865d70f 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java @@ -30,6 +30,7 @@ import org.hibernate.annotations.DynamicUpdate; @NamedQueries({ @NamedQuery(name="getSessionWithID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore where authenticatedsessionstore.sessionid = :sessionid"), @NamedQuery(name="getSessionWithSSOID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore where authenticatedsessionstore.SSOsessionid = :sessionid"), + @NamedQuery(name="getSessionWithPendingRequestID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore where authenticatedsessionstore.pendingRequestID = :sessionid"), @NamedQuery(name="getMOAISessionsWithTimeOut", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore where authenticatedsessionstore.created < :timeoutcreate or authenticatedsessionstore.updated < :timeoutupdate") }) @@ -57,6 +58,9 @@ public class AuthenticatedSessionStore implements Serializable{ @Column(name = "isSSOSession", nullable=false) private boolean isSSOSession = false; + @Column(name = "pendingRequestID", nullable=false) + private String pendingRequestID = ""; + @Column(name = "created", updatable=false, nullable=false) @Temporal(TemporalType.TIMESTAMP) private Date created; @@ -165,7 +169,19 @@ public class AuthenticatedSessionStore implements Serializable{ this.oldssosessionids = oldssosessionids; } - + /** + * @return the pendingRequestID + */ + public String getPendingRequestID() { + return pendingRequestID; + } + + /** + * @param pendingRequestID the pendingRequestID to set + */ + public void setPendingRequestID(String pendingRequestID) { + this.pendingRequestID = pendingRequestID; + } + - } diff --git a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd index 9f4e54212..a90205260 100644 --- a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd +++ b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd @@ -504,6 +504,7 @@ + enthält Parameter über die OA, die die diff --git a/id/server/moa-id-commons/src/main/resources/config/persistence_template.xml b/id/server/moa-id-commons/src/main/resources/config/persistence_template.xml index d7ec8c625..727be25ec 100644 --- a/id/server/moa-id-commons/src/main/resources/config/persistence_template.xml +++ b/id/server/moa-id-commons/src/main/resources/config/persistence_template.xml @@ -2,9 +2,6 @@ - at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore - at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore - at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore - at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore + at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase -- cgit v1.2.3