From f75314c2a1f8eb09f54a5ca912e67a4b1a932f6f Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 24 Feb 2016 17:25:47 +0100 Subject: update SSO session-transfer modul --- .../ssotransfer/servlet/SSOTransferGUIServlet.java | 148 --------------------- .../servlet/SSOTransferSignalServlet.java | 45 +++++++ .../servlet/TransferToSmartPhoneServlet.java | 100 -------------- .../ssotransfer/task/RestoreSSOSessionTask.java | 1 + 4 files changed, 46 insertions(+), 248 deletions(-) delete mode 100644 id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferGUIServlet.java delete mode 100644 id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/TransferToSmartPhoneServlet.java diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferGUIServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferGUIServlet.java deleted file mode 100644 index 0bc4a4839..000000000 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferGUIServlet.java +++ /dev/null @@ -1,148 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.auth.modules.ssotransfer.servlet; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.util.Date; - -import javax.servlet.ServletException; -import javax.servlet.annotation.WebServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.velocity.VelocityContext; - -import com.google.gson.JsonObject; - -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; -import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils; -import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils; -import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.moduls.SSOManager; -import at.gv.egovernment.moa.id.storage.AssertionStorage; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; -import at.gv.egovernment.moa.id.util.HTTPUtils; -import at.gv.egovernment.moa.id.util.Random; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.Base64Utils; -import at.gv.egovernment.moa.util.MiscUtil; -import net.glxn.qrgen.QRCode; -import net.glxn.qrgen.image.ImageType; - - - -/** - * @author tlenz - * - */ -@WebServlet(name = "SSOTransferGUI", value = "/TransferSSOSession") -public class SSOTransferGUIServlet extends AuthServlet { - - private static final long serialVersionUID = 3974201828186450839L; - - public SSOTransferGUIServlet() { - super(); - Logger.debug("Registering servlet " + getClass().getName() + " with mapping '/TransferSSOSession'."); - } - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { - super.doGet(req, resp); - - //search SSO session - SSOManager ssomanager = SSOManager.getInstance(); - String ssoid = ssomanager.getSSOSessionID(req); - - VelocityContext context = new VelocityContext(); - - try { - if (ssomanager.isValidSSOSession(ssoid, null)) { - Object createQRObj = req.getParameter(SSOTransferConstants.REQ_PARAM_GENERATE_QR); - if (createQRObj != null && createQRObj instanceof Integer) { - - - - } else { - //create first step of SSO Transfer GUI - String authURL = HTTPUtils.extractAuthURLFromRequest(req); - if (!AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(). - contains(authURL)) { - Logger.warn("Requested URL is not allowed.");; - resp.sendError(500, "Requested URL is not allowed."); - - } - - String moaSessionID = AuthenticationSessionStoreage.getMOASessionSSOID(ssoid); - if (MiscUtil.isNotEmpty(moaSessionID)) { - AuthenticationSession authSession = AuthenticationSessionStoreage - .getSession(moaSessionID); - if(authSession != null) { - Date now = new Date(); - String encodedSSOContainer = SSOContainerUtils.generateSignedAndEncryptedSSOContainer(authURL, authSession, now); - - String token = Random.nextRandom(); - AssertionStorage.getInstance().put(token, encodedSSOContainer); - - String containerURL = authURL - + SSOTransferConstants.SERVLET_SSOTRANSFER_TO_SMARTPHONE - + "?"+ SSOTransferConstants.REQ_PARAM_TOKEN + "=" + token; - - JsonObject qrResult = new JsonObject(); - qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_TYPE, - SSOTransferConstants.SSOCONTAINER_VALUE_TYPE_PERSIST); - qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_URL, containerURL); - - ByteArrayOutputStream qrStream = - QRCode.from(qrResult.toString()).to(ImageType.GIF).withSize(300, 300).stream(); - String base64EncodedImage = Base64Utils.encode(qrStream.toByteArray()); - context.put("QRImage", base64EncodedImage); - - context.put("successMsg", "Scan the QR-Code with your SSO-Transfer App to start the transfer operation."); - - GUIUtils.printSSOTransferGUI(context, resp); - - } - } - } - - } else { - context.put("errorMsg", - "No active Single Sign-On session found! SSO Session transfer is not possible."); - GUIUtils.printSSOTransferGUI(context, resp); - } - - } catch (MOAIDException | MOADatabaseException e) { - e.printStackTrace(); - resp.sendError(500, e.getMessage()); - - } - - } - - -} diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java index b53916338..0b3bd892a 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java @@ -27,11 +27,15 @@ import java.io.IOException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.commons.lang.StringEscapeUtils; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.servlet.AbstractProcessEngineSignalController; +import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.logging.Logger; /** @@ -53,4 +57,45 @@ public class SSOTransferSignalServlet extends AbstractProcessEngineSignalControl signalProcessManagement(req, resp); } + + @Override + protected void signalProcessManagement(HttpServletRequest req, HttpServletResponse resp) throws IOException { + String pendingRequestID = StringEscapeUtils.escapeHtml(getPendingRequestId(req)); + + try { + if (pendingRequestID == null) { + throw new IllegalStateException("Unable to determine MOA pending-request id."); + } + + IRequest pendingReq = requestStorage.getPendingRequest(pendingRequestID); + if (pendingReq == null) { + Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure."); + throw new MOAIDException("auth.28", new Object[]{pendingRequestID}); + + } + + //add transactionID and unique sessionID to Logger + TransactionIDUtils.setSessionId(pendingReq.getUniqueSessionIdentifier()); + TransactionIDUtils.setTransactionId(pendingReq.getUniqueTransactionIdentifier()); + + // process instance is mandatory + if (pendingReq.getProcessInstanceId() == null) { + throw new IllegalStateException("MOA session does not provide process instance id."); + } + + // wake up next task + processEngine.signal(pendingReq); + + } catch (Exception ex) { + handleError(null, ex, req, resp, pendingRequestID); + + } finally { + //MOASessionDBUtils.closeSession(); + TransactionIDUtils.removeTransactionId(); + TransactionIDUtils.removeSessionId(); + + } + + + } } diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/TransferToSmartPhoneServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/TransferToSmartPhoneServlet.java deleted file mode 100644 index 8ea15f985..000000000 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/TransferToSmartPhoneServlet.java +++ /dev/null @@ -1,100 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.auth.modules.ssotransfer.servlet; - -import java.io.IOException; -import java.io.PrintWriter; - -import javax.servlet.ServletException; -import javax.servlet.annotation.WebServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; -import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.storage.AssertionStorage; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; - -/** - * @author tlenz - * - */ -@WebServlet(name = "SendSSOSessionEndpoint", value = "/TransmitSSOSession") -public class TransferToSmartPhoneServlet extends AuthServlet { - - private static final long serialVersionUID = 4323605569040872262L; - - private static final long transmisionTimeOut = 90 * 1000; // default 90 secundes - - public TransferToSmartPhoneServlet() { - super(); - Logger.debug("Registering servlet " + getClass().getName() + " with mapping '/TransmitSSOSession'."); - } - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { - super.doGet(req, resp); - - Object tokenObj = req.getParameter(SSOTransferConstants.REQ_PARAM_TOKEN); - if (tokenObj != null && tokenObj instanceof String) { - String token = (String)tokenObj; - try { - String signedEncSession = AssertionStorage.getInstance().get(token, String.class, transmisionTimeOut); - if (MiscUtil.isNotEmpty(signedEncSession)) { - resp.setContentType("text/html;charset=UTF-8"); - PrintWriter out = new PrintWriter(resp.getOutputStream()); - out.print(signedEncSession); - out.flush(); - - } else { - Logger.info("Servlet " + getClass().getName() + " receive a token:" + - token + ", which references an empty data object."); - resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Empty data object."); - - } - - } catch (MOADatabaseException e) { - Logger.info("Servlet " + getClass().getName() + " receive a token:" + - token + ", which is UNKNOWN."); - resp.sendError(HttpServletResponse.SC_NOT_FOUND, "Transfer token is UNKOWN:"); - - - } catch (AuthenticationException e) { - Logger.info("Servlet " + getClass().getName() + " receive a token:" + - token + ", which has a timeout."); - resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Single Sign-On session transfer token is not valid any more."); - - } - - } else { - Logger.info("Servlet " + getClass().getName() + " receive a NOT valid request."); - resp.sendError(HttpServletResponse.SC_NOT_FOUND, "Request not valid."); - - } - - } - -} diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java index 6ba29fe3a..1d37b916c 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java @@ -131,6 +131,7 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { } executionContext.put(SSOTransferConstants.FLAG_SSO_SESSION_RESTORED, true); + executionContext.put("sessionRestoreFinished", false); } else { Logger.info("Received SSO session-data is from IDP: " + entityID -- cgit v1.2.3