From cc2e2e4ecf5bd8c4bbe16edba5a7d63fa808adcb Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 26 Jul 2013 17:06:11 +0200 Subject: Bugfix: Database Session management --- .../id/config/auth/AuthConfigurationProvider.java | 3 +- .../moa/id/entrypoints/DispatcherServlet.java | 41 +++++--- .../moa/id/moduls/AuthenticationManager.java | 32 +++--- .../gv/egovernment/moa/id/moduls/RequestImpl.java | 6 +- .../egovernment/moa/id/moduls/RequestStorage.java | 5 +- .../gv/egovernment/moa/id/moduls/SSOManager.java | 6 +- .../id/storage/AuthenticationSessionStoreage.java | 2 +- .../egovernment/moa/id/util/HTTPSessionUtils.java | 116 ++++++++++----------- 8 files changed, 116 insertions(+), 95 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at/gv') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index ffcb85044..c71b6f8c7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -387,8 +387,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider { //set TrustManagerRevocationChecking setTrustManagerRevocationChecking(); - - + } catch (Throwable t) { throw new ConfigurationException("config.02", null, t); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index e7b41e3c9..f70596949 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -123,8 +123,6 @@ public class DispatcherServlet extends AuthServlet{ } - - if (errorRequest != null) { try { @@ -240,11 +238,22 @@ public class DispatcherServlet extends AuthServlet{ if (protocolRequests.containsKey(protocolRequestID)) { protocolRequest = protocolRequests.get(protocolRequestID); + + + Logger.debug(DispatcherServlet.class.getName()+": Found PendingRequest with ID " + protocolRequestID); + //RequestStorage.setPendingRequest(httpSession, protocolRequests); } else { - resp.sendError(HttpServletResponse.SC_CONFLICT); - Logger.error("No PendingRequest with ID " + protocolRequestID + " found for this session!"); + Logger.error("No PendingRequest with ID " + protocolRequestID + " found.!"); + + Set mapkeys = protocolRequests.keySet(); + for (String el : mapkeys) + Logger.debug("PendingRequest| ID=" + el + " OAIdentifier=" + protocolRequests.get(el)); + + handleErrorNoRedirect("Während des Anmeldevorgangs ist ein Fehler aufgetreten. Bitte versuchen Sie es noch einmal.", + null, req, resp); + //resp.sendError(HttpServletResponse.SC_CONFLICT); return; } // } @@ -265,12 +274,10 @@ public class DispatcherServlet extends AuthServlet{ if (value.getOAURL().equals(protocolRequest.getOAURL())) { if(!AuthenticationSessionStoreage.deleteSessionWithPendingRequestID(el)) { - Logger.warn("NO MOASession with PendingRequestID " + el + " found. Delete all user sessions!"); + Logger.warn(DispatcherServlet.class.getName()+": NO MOASession with PendingRequestID " + el + " found. Delete all user sessions!"); RequestStorage.removeAllPendingRequests(req.getSession()); } else { - - RequestStorage.removePendingRequest(protocolRequests, el); } } @@ -291,6 +298,7 @@ public class DispatcherServlet extends AuthServlet{ protocolRequestID = Random.nextRandom(); protocolRequest.setRequestID(protocolRequestID); protocolRequests.put(protocolRequestID, protocolRequest); + Logger.debug(DispatcherServlet.class.getName()+": Create PendingRequest with ID " + protocolRequestID + "."); } } } @@ -312,7 +320,8 @@ public class DispatcherServlet extends AuthServlet{ //load Parameters from OnlineApplicationConfiguration OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter(protocolRequest.getOAURL()); + .getOnlineApplicationParameter(protocolRequest.getOAURL()); + if (oaParam == null) { throw new AuthenticationException("auth.00", new Object[] { protocolRequest.getOAURL() }); } @@ -402,8 +411,11 @@ public class DispatcherServlet extends AuthServlet{ else { //TODO: maybe transmit moasessionID with http GET to handle more then one PendingRequest! - moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(), - AuthenticationManager.MOA_SESSION, null); + moasessionID = (String) req.getParameter(PARAM_SESSIONID); + +// moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(), +// AuthenticationManager.MOA_SESSION, null); + moasession = AuthenticationSessionStoreage.getSession(moasessionID); } @@ -418,8 +430,11 @@ public class DispatcherServlet extends AuthServlet{ } } else { - moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(), - AuthenticationManager.MOA_SESSION, null); +// moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(), +// AuthenticationManager.MOA_SESSION, null); + + moasessionID = (String) req.getParameter(PARAM_SESSIONID); + moasession = AuthenticationSessionStoreage.getSession(moasessionID); } @@ -437,7 +452,7 @@ public class DispatcherServlet extends AuthServlet{ authmanager.logout(req, resp, moasessionID); } -// ConfigurationDBUtils.closeSession(); + ConfigurationDBUtils.closeSession(); //authmanager.logout(req, resp); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index b9f0b2144..be0132c14 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -48,20 +48,20 @@ public class AuthenticationManager extends AuthServlet { } - public AuthenticationSession getAuthenticationSession( - HttpSession session) { - String sessionID = HTTPSessionUtils.getHTTPSessionString(session, - MOA_SESSION, null); - if (sessionID != null) { - try { - return AuthenticationSessionStoreage.getSession(sessionID); - - } catch (MOADatabaseException e) { - return null; - } - } - return null; - } +// public AuthenticationSession getAuthenticationSession( +// HttpSession session) { +// String sessionID = HTTPSessionUtils.getHTTPSessionString(session, +// MOA_SESSION, null); +// if (sessionID != null) { +// try { +// return AuthenticationSessionStoreage.getSession(sessionID); +// +// } catch (MOADatabaseException e) { +// return null; +// } +// } +// return null; +// } // /** // * Checks if the session is authenticated @@ -134,8 +134,8 @@ public class AuthenticationManager extends AuthServlet { AuthenticationSessionStoreage.storeSession(authSession); - HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, - sessionID); +// HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, +// sessionID); return true; // got authenticated } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java index 420f11622..d47e8df05 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java @@ -1,7 +1,11 @@ package at.gv.egovernment.moa.id.moduls; -public class RequestImpl implements IRequest { +import java.io.Serializable; +public class RequestImpl implements IRequest, Serializable{ + + private static final long serialVersionUID = 1L; + private String oaURL; private boolean passiv = false; private boolean force = false; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java index 35481a0a1..d33d4693d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java @@ -41,6 +41,9 @@ public class RequestStorage { } public static void removeAllPendingRequests(HttpSession session) { + + Logger.debug(RequestStorage.class.getName()+": Remove all PendingRequests"); + session.setAttribute(PENDING_REQUEST, null); } @@ -54,7 +57,7 @@ public class RequestStorage { if (requestmap.containsKey(requestID)) { requestmap.remove(requestID); - Logger.debug("Remove PendingRequest with ID " + requestID); + Logger.debug(RequestStorage.class.getName()+": Remove PendingRequest with ID " + requestID); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java index 82273da83..18eeae58e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java @@ -59,10 +59,10 @@ public class SSOManager { return false; } - String moaSessionId =HTTPSessionUtils.getHTTPSessionString(httpReq.getSession(), - AuthenticationManager.MOA_SESSION, null); +// String moaSessionId =HTTPSessionUtils.getHTTPSessionString(httpReq.getSession(), +// AuthenticationManager.MOA_SESSION, null); - return AuthenticationSessionStoreage.isValidSessionWithSSOID(ssoSessionID, moaSessionId); + return AuthenticationSessionStoreage.isValidSessionWithSSOID(ssoSessionID, null); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java index 1f71bf8bf..498188ffe 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java @@ -346,7 +346,7 @@ public class AuthenticationSessionStoreage { public static boolean isValidSessionWithSSOID(String SSOId, String moaSessionId) { - MiscUtil.assertNotNull(SSOId, "moasessionID"); + MiscUtil.assertNotNull(SSOId, "SSOSessionID"); Logger.trace("Get authenticated session with SSOID " + SSOId + " from database."); Session session = MOASessionDBUtils.getCurrentSession(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPSessionUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPSessionUtils.java index 896fc6d5d..1e9cb9024 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPSessionUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPSessionUtils.java @@ -9,62 +9,62 @@ import javax.servlet.http.HttpSession; public class HTTPSessionUtils { - public static HashMap extractAllProperties(HttpSession session) { - @SuppressWarnings("unchecked") - Enumeration keys = (Enumeration)session.getAttributeNames(); - HashMap properties = new HashMap(); - - while(keys.hasMoreElements()) { - Object keyObject = keys.nextElement(); - String key = keyObject.toString(); - Object value = session.getAttribute(key); - properties.put(key, value); - } - - return properties; - } - - public static void pushAllProperties(HttpSession session, HashMap properties) { - Set keys = properties.keySet(); - Iterator keysIterator = keys.iterator(); - while(keysIterator.hasNext()) { - String key = keysIterator.next(); - session.setAttribute(key, properties.get(key)); - } - } - - public static boolean getHTTPSessionBoolean(HttpSession session, String name, boolean fallback) { - Object obj = session.getAttribute(name); - if(obj == null) { - return fallback; - } - - if(obj instanceof Boolean) { - Boolean b = (Boolean)obj; - if(b != null) { - return b.booleanValue(); - } - } - return fallback; - } - - public static void setHTTPSessionBoolean(HttpSession session, String name, boolean value) { - session.setAttribute(name, new Boolean(value)); - } - - public static String getHTTPSessionString(HttpSession session, String name, String fallback) { - Object obj = session.getAttribute(name); - if(obj == null) { - return fallback; - } - - if(obj instanceof String) { - return (String)obj; - } - return fallback; - } - - public static void setHTTPSessionString(HttpSession session, String name, String value) { - session.setAttribute(name, value); - } +// public static HashMap extractAllProperties(HttpSession session) { +// @SuppressWarnings("unchecked") +// Enumeration keys = (Enumeration)session.getAttributeNames(); +// HashMap properties = new HashMap(); +// +// while(keys.hasMoreElements()) { +// Object keyObject = keys.nextElement(); +// String key = keyObject.toString(); +// Object value = session.getAttribute(key); +// properties.put(key, value); +// } +// +// return properties; +// } +// +// public static void pushAllProperties(HttpSession session, HashMap properties) { +// Set keys = properties.keySet(); +// Iterator keysIterator = keys.iterator(); +// while(keysIterator.hasNext()) { +// String key = keysIterator.next(); +// session.setAttribute(key, properties.get(key)); +// } +// } +// +// public static boolean getHTTPSessionBoolean(HttpSession session, String name, boolean fallback) { +// Object obj = session.getAttribute(name); +// if(obj == null) { +// return fallback; +// } +// +// if(obj instanceof Boolean) { +// Boolean b = (Boolean)obj; +// if(b != null) { +// return b.booleanValue(); +// } +// } +// return fallback; +// } +// +// public static void setHTTPSessionBoolean(HttpSession session, String name, boolean value) { +// session.setAttribute(name, new Boolean(value)); +// } +// +// public static String getHTTPSessionString(HttpSession session, String name, String fallback) { +// Object obj = session.getAttribute(name); +// if(obj == null) { +// return fallback; +// } +// +// if(obj instanceof String) { +// return (String)obj; +// } +// return fallback; +// } +// +// public static void setHTTPSessionString(HttpSession session, String name, String value) { +// session.setAttribute(name, value); +// } } -- cgit v1.2.3