From 121e70662f53fe0820823a23784794021fbc7920 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Fri, 21 Oct 2016 10:26:15 +0200
Subject: fix possible multi-threading problem with database connections

---
 .../gv/egovernment/moa/id/moduls/SSOManager.java   | 44 ++++++----------------
 1 file changed, 12 insertions(+), 32 deletions(-)

(limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
index 0799760ce..c27012ba9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
@@ -23,14 +23,11 @@
 package at.gv.egovernment.moa.id.moduls;
 
 import java.util.Date;
-import java.util.List;
 
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.hibernate.Query;
-import org.hibernate.Session;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
@@ -40,7 +37,6 @@ import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
-import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
 import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
@@ -63,7 +59,7 @@ public class SSOManager {
 
 	@Autowired private IAuthenticationSessionStoreage authenticatedSessionStore;
 	@Autowired protected AuthConfiguration authConfig;
-	@Autowired private MOASessionDBUtils moaSessionDBUtils;
+	//@Autowired private MOASessionDBUtils moaSessionDBUtils;
 	
 	/**
 	 * Check if interfederation IDP is requested via HTTP GET parameter or if interfederation cookie exists.
@@ -160,7 +156,12 @@ public class SSOManager {
 						
 					} else {
 						Logger.warn("MOASession is marked as interfederated SSO session but no interfederated IDP is found. Switch to local authentication ...");
-						moaSessionDBUtils.delete(storedSession);
+						try {
+							authenticatedSessionStore.destroySession(storedSession.getSessionid());
+							
+						} catch (MOADatabaseException e) {
+							Logger.error("Delete MOASession with ID:" + storedSession.getSessionid() + " FAILED!" , e);
+						}
 					
 					}
 				}
@@ -201,31 +202,14 @@ public class SSOManager {
 	public String existsOldSSOSession(String ssoId) {
 		
 		Logger.trace("Check that the SSOID has already been used");
-		Session session = moaSessionDBUtils.getCurrentSession();
 		
-		List<OldSSOSessionIDStore> result;
+		OldSSOSessionIDStore oldSSOSession = authenticatedSessionStore.checkSSOTokenAlreadyUsed(ssoId);
 		
-		synchronized (session) {
-						
-			session.beginTransaction();
-			Query query = session.getNamedQuery("getSSOSessionWithOldSessionID");
-			query.setParameter("sessionid", ssoId);
-			result = query.list();
-			
-			// send transaction
-			
-		}
-		
-		Logger.trace("Found entries: " + result.size());
-		
-		// Assertion requires an unique artifact
-		if (result.size() == 0) {
-			session.getTransaction().commit();
+		if (oldSSOSession == null) {
+			Logger.debug("SSO session-cookie was not used in parst");
 			return null;
 		}
 		
-		OldSSOSessionIDStore oldSSOSession = result.get(0);
-		
 		AuthenticatedSessionStore correspondingMoaSession = oldSSOSession.getMoasession();
 		
 		if (correspondingMoaSession == null) {
@@ -233,11 +217,7 @@ public class SSOManager {
 			return null;
 		}
 		
-		String moasessionid = correspondingMoaSession.getSessionid();
-		
-		session.getTransaction().commit();
-		
-		return moasessionid;
+		return correspondingMoaSession.getSessionid();
 		
 	}
 	
@@ -290,7 +270,7 @@ public class SSOManager {
 				//no local SSO session exist -> request interfederated IDP
 				Logger.info("Delete interfederated IDP " + selectedIDP.getIdpurlprefix() 
 						+ " from MOASession " + storedSession.getSessionid());
-				moaSessionDBUtils.delete(selectedIDP);
+				authenticatedSessionStore.deleteIdpInformation(selectedIDP);
 				
 			} else {
 				Logger.warn("MOASession is marked as interfederated SSO session but no interfederated IDP is found. Switch to local authentication ...");
-- 
cgit v1.2.3