From 1dbab6b07a8996a7f291e0ddc4b02c0d3e15a64d Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 26 Sep 2013 11:32:21 +0200 Subject: -- add AssertionID to Single LogOut session information -- split hibernate configuration into two files (moasession and statistic) --- .../moa/id/entrypoints/DispatcherServlet.java | 33 ++++++++++++++-------- .../at/gv/egovernment/moa/id/moduls/IAction.java | 2 +- .../gv/egovernment/moa/id/moduls/SSOManager.java | 13 ++------- .../id/protocols/pvp2x/AuthenticationAction.java | 4 +-- .../moa/id/protocols/pvp2x/MetadataAction.java | 4 ++- .../moa/id/protocols/pvp2x/binding/MOARequest.java | 7 ++++- .../pvp2x/requestHandler/ArtifactResolution.java | 5 ++-- .../pvp2x/requestHandler/AuthnRequestHandler.java | 4 ++- .../pvp2x/requestHandler/IRequestHandler.java | 2 +- .../pvp2x/requestHandler/RequestManager.java | 5 ++-- .../moa/id/protocols/saml1/GetArtifactAction.java | 29 ++++--------------- .../id/storage/AuthenticationSessionStoreage.java | 6 +++- 12 files changed, 55 insertions(+), 59 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index 75695d2db..f39fde6be 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -43,6 +43,7 @@ import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.id.util.legacy.LegacyHelper; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; public class DispatcherServlet extends AuthServlet{ @@ -329,6 +330,7 @@ public class DispatcherServlet extends AuthServlet{ SSOManager ssomanager = SSOManager.getInstance(); String moasessionID = null; + String newSSOSessionId = null; AuthenticationSession moasession = null; //get SSO Cookie for Request @@ -398,7 +400,6 @@ public class DispatcherServlet extends AuthServlet{ } } - if ((useSSOOA || isValidSSOSession)) //TODO: SSO with mandates requires an OVS extension { @@ -416,17 +417,13 @@ public class DispatcherServlet extends AuthServlet{ } else { - //TODO: maybe transmit moasessionID with http GET to handle more then one PendingRequest! moasessionID = (String) req.getParameter(PARAM_SESSIONID); - -// moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(), -// AuthenticationManager.MOA_SESSION, null); - + moasession = AuthenticationSessionStoreage.getSession(moasessionID); } //save SSO session usage in Database - String newSSOSessionId = ssomanager.storeSSOSessionInformations(moasessionID, protocolRequest.getOAURL()); + newSSOSessionId = ssomanager.createSSOSessionInformations(moasessionID, protocolRequest.getOAURL()); if (newSSOSessionId != null) { ssomanager.setSSOSessionID(req, resp, newSSOSessionId); @@ -449,16 +446,28 @@ public class DispatcherServlet extends AuthServlet{ } - moduleAction.processRequest(protocolRequest, req, resp, moasession); + String assertionID = moduleAction.processRequest(protocolRequest, req, resp, moasession); RequestStorage.removePendingRequest(protocolRequests, protocolRequestID); if (needAuthentication) { - boolean isSSOSession = AuthenticationSessionStoreage.isSSOSession(moasessionID); - + //boolean isSSOSession = AuthenticationSessionStoreage.isSSOSession(moasessionID); + boolean isSSOSession = MiscUtil.isNotEmpty(newSSOSessionId); + if ((useSSOOA || isSSOSession) //TODO: SSO with mandates requires an OVS extension - && !moasession.getUseMandate()) - { + && !moasession.getUseMandate()) { + + try { + //Store OA specific SSO session information + AuthenticationSessionStoreage.addSSOInformation(moasessionID, + newSSOSessionId, assertionID, protocolRequest.getOAURL()); + + } catch (AuthenticationException e) { + Logger.warn("SSO Session information can not be stored -> SSO is not enabled!"); + + authmanager.logout(req, resp, moasessionID); + isSSOSession = false; + } } else { authmanager.logout(req, resp, moasessionID); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java index aa8a8d9a9..8a5462cc9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java @@ -8,7 +8,7 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; public interface IAction extends MOAIDAuthConstants { - public void processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) + public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException; public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java index e8639a162..78140afc4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java @@ -112,7 +112,7 @@ public class SSOManager { } - public String storeSSOSessionInformations(String moaSessionID, String OAUrl) { + public String createSSOSessionInformations(String moaSessionID, String OAUrl) { String newSSOId = Random.nextRandom(); @@ -123,15 +123,8 @@ public class SSOManager { return null; } - try { - AuthenticationSessionStoreage.addSSOInformation(moaSessionID, newSSOId, OAUrl); - - return newSSOId; - - } catch (AuthenticationException e) { - Logger.warn("SSO Session information can not be stored -> SSO is not enabled!"); - return null; - } + return newSSOId; + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java index 59a5158bd..0fa5e3e8d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java @@ -11,12 +11,12 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler.RequestManager; public class AuthenticationAction implements IAction { - public void processRequest(IRequest req, HttpServletRequest httpReq, + public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { System.out.println("Process PVP2 auth request!"); PVPTargetConfiguration pvpRequest = (PVPTargetConfiguration) req; - RequestManager.getInstance().handle(pvpRequest.request, httpReq, httpResp, moasession); + return RequestManager.getInstance().handle(pvpRequest.request, httpReq, httpResp, moasession); } public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java index 3d0fd80bd..beae42992 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java @@ -44,7 +44,7 @@ import at.gv.egovernment.moa.logging.Logger; public class MetadataAction implements IAction { - public void processRequest(IRequest req, HttpServletRequest httpReq, + public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { try { @@ -191,6 +191,8 @@ public class MetadataAction implements IAction { httpResp.getOutputStream().close(); + return null; + } catch (Exception e) { Logger.error("Failed to generate metadata", e); throw new MOAIDException("pvp2.13", null); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java index 946f62066..313d323a3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java @@ -1,9 +1,14 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.binding; +import java.io.Serializable; + import org.opensaml.saml2.core.RequestAbstractType; import org.opensaml.saml2.metadata.EntityDescriptor; -public class MOARequest { +public class MOARequest implements Serializable{ + + private static final long serialVersionUID = 2395131650841669663L; + private RequestAbstractType samlRequest; private EntityDescriptor entityMetadata; private boolean verified = false; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java index d479de2d7..89c273da6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java @@ -23,7 +23,7 @@ public class ArtifactResolution implements IRequestHandler { return (obj.getSamlRequest() instanceof ArtifactResolve); } - public void process(MOARequest obj, HttpServletRequest req, + public String process(MOARequest obj, HttpServletRequest req, HttpServletResponse resp, AuthenticationSession moasession) throws MOAIDException { if (!handleObject(obj)) { throw new MOAIDException("pvp2.13", null); @@ -50,7 +50,8 @@ public class ArtifactResolution implements IRequestHandler { Logger.error("Failed to resolve artifact", e); } } - + + return null; } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java index 1444cdecf..ed56dbaaa 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java @@ -39,7 +39,7 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants { return (obj.getSamlRequest() instanceof AuthnRequest); } - public void process(MOARequest obj, HttpServletRequest req, + public String process(MOARequest obj, HttpServletRequest req, HttpServletResponse resp, AuthenticationSession authSession) throws MOAIDException { if (!handleObject(obj)) { throw new MOAIDException("pvp2.13", null); @@ -113,6 +113,8 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants { binding.encodeRespone(req, resp, authResponse, oaURL); // TODO add remoteSessionID to AuthSession ExternalPVPSessionStore + return assertion.getID(); + } catch (MessageEncodingException e) { Logger.error("Message Encoding exception", e); throw new MOAIDException("pvp2.01", null, e); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java index 458316c6d..c8a56e537 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java @@ -10,6 +10,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest; public interface IRequestHandler { public boolean handleObject(MOARequest obj); - public void process(MOARequest obj, HttpServletRequest req, + public String process(MOARequest obj, HttpServletRequest req, HttpServletResponse resp, AuthenticationSession moasession) throws MOAIDException; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java index a043bfde5..50176b6dd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java @@ -31,14 +31,13 @@ public class RequestManager { handler.add(new ArtifactResolution()); } - public void handle(MOARequest obj, HttpServletRequest req, HttpServletResponse resp, AuthenticationSession moasession) + public String handle(MOARequest obj, HttpServletRequest req, HttpServletResponse resp, AuthenticationSession moasession) throws SAMLRequestNotSupported, MOAIDException { Iterator it = handler.iterator(); while(it.hasNext()) { IRequestHandler handler = it.next(); if(handler.handleObject(obj)) { - handler.process(obj, req, resp, moasession); - return; + return handler.process(obj, req, resp, moasession); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java index 75825d92d..8dac55922 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java @@ -32,7 +32,7 @@ import at.gv.egovernment.moa.util.URLEncoder; public class GetArtifactAction implements IAction { - public void processRequest(IRequest req, HttpServletRequest httpReq, + public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession session) throws AuthenticationException { // HttpSession httpSession = httpReq.getSession(); @@ -117,30 +117,9 @@ public class GetArtifactAction implements IAction { httpResp.addHeader("Location", redirectURL); Logger.debug("REDIRECT TO: " + redirectURL); } - // CONFIRMATION FOR SSO! - /* - * OAAuthParameter oaParam = - * AuthConfigurationProvider.getInstance(). - * getOnlineApplicationParameter(oaURL); - * - * String friendlyName = oaParam.getFriendlyName(); if(friendlyName - * == null) { friendlyName = oaURL; } - * - * - * LoginConfirmationBuilder builder = new - * LoginConfirmationBuilder(); - * builder.addParameter(PARAM_SAMLARTIFACT, samlArtifactBase64); - * String form = builder.finish(oaURL, session.getIdentityLink() - * .getName(), friendlyName); - */ - - /* - * resp.setContentType("text/html"); - * - * OutputStream out = resp.getOutputStream(); - * out.write(form.getBytes("UTF-8")); out.flush(); out.close(); - */ + return authData.getAssertionID(); + } catch (WrongParametersException ex) { // handleWrongParameters(ex, req, httpResp); ex.printStackTrace(); @@ -163,6 +142,8 @@ public class GetArtifactAction implements IAction { // TODO Auto-generated catch block e.printStackTrace(); } + + return null; } protected static String addURLParameter(String url, String paramname, diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java index 89ed369f8..1089113b1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java @@ -204,7 +204,7 @@ public class AuthenticationSessionStoreage { } public static void addSSOInformation(String moaSessionID, String SSOSessionID, - String OAUrl) throws AuthenticationException { + String assertionID, String OAUrl) throws AuthenticationException { AuthenticatedSessionStore dbsession; Transaction tx = null; @@ -237,6 +237,7 @@ public class AuthenticationSessionStoreage { activeOA.setOaurlprefix(OAUrl); activeOA.setMoasession(dbsession); activeOA.setCreated(new Date()); + activeOA.setAssertionSessionID(assertionID); List activeOAs = dbsession.getActiveOAsessions(); activeOAs.add(activeOA); @@ -263,6 +264,9 @@ public class AuthenticationSessionStoreage { //send transaction tx.commit(); + + Logger.debug("Add SSO-Session login information for OA: " + OAUrl + + " and AssertionID: " + assertionID); } } catch (MOADatabaseException e) { -- cgit v1.2.3