From 8d0c3d8aa27084b4c1e195cf06601d0d920d176f Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 7 Mar 2014 11:45:58 +0100 Subject: if an error occurs remove MOASession --- .../gv/egovernment/moa/id/entrypoints/DispatcherServlet.java | 4 ++++ .../gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java | 12 +++++++----- .../pvp2x/builder/assertion/PVP2AssertionBuilder.java | 2 +- .../protocols/pvp2x/requestHandler/AuthnRequestHandler.java | 7 ++++++- 4 files changed, 18 insertions(+), 7 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index d58b7b267..31c6f43c5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -157,6 +157,10 @@ public class DispatcherServlet extends AuthServlet{ StatisticLogger logger = StatisticLogger.getInstance(); logger.logErrorOperation(throwable, errorRequest); + //remove MOASession + AuthenticationSession moaSession = AuthenticationSessionStoreage.getSessionWithPendingRequestID(pendingRequestID); + AuthenticationManager.getInstance().logout(req, resp, moaSession.getSessionID()); + return; } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index 804688de5..1d85f29bf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -278,23 +278,23 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { StatusMessage statusMessage = SAML2Utils.createSAMLObject(StatusMessage.class); if(e instanceof NoPassivAuthenticationException) { statusCode.setValue(StatusCode.NO_PASSIVE_URI); - statusMessage.setMessage(e.getLocalizedMessage()); + statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage())); } else if (e instanceof NameIDFormatNotSupportedException) { statusCode.setValue(StatusCode.INVALID_NAMEID_POLICY_URI); - statusMessage.setMessage(e.getLocalizedMessage()); + statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage())); } else if(e instanceof PVP2Exception) { PVP2Exception ex = (PVP2Exception) e; statusCode.setValue(ex.getStatusCodeValue()); String statusMessageValue = ex.getStatusMessageValue(); if(statusMessageValue != null) { - statusMessage.setMessage(statusMessageValue); + statusMessage.setMessage(StringEscapeUtils.escapeXml(statusMessageValue)); } } else { statusCode.setValue(StatusCode.RESPONDER_URI); - statusMessage.setMessage(e.getLocalizedMessage()); + statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage())); } status.setStatusCode(statusCode); @@ -302,7 +302,9 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { status.setStatusMessage(statusMessage); } samlResponse.setStatus(status); - + String remoteSessionID = SAML2Utils.getSecureIdentifier(); + samlResponse.setID(remoteSessionID); + IEncoder encoder = null; if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java index 7f5e2420e..51f3cf4a7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java @@ -324,7 +324,7 @@ public class PVP2AssertionBuilder implements PVPConstants { } else if (NameID.TRANSIENT.equals(el.getFormat()) || NameID.UNSPECIFIED.equals(el.getFormat())) break; - + } } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java index 229158778..4d143058b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java @@ -102,6 +102,10 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants { authResponse.setIssuer(nissuer); authResponse.setInResponseTo(authnRequest.getID()); + //set responseID + String remoteSessionID = SAML2Utils.getSecureIdentifier(); + authResponse.setID(remoteSessionID); + //SAML2 response required IssueInstant authResponse.setIssueInstant(date); @@ -150,7 +154,8 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants { } - if (encryptionCredentials != null) { + //TODO: insert!!!!!! + if (encryptionCredentials != null && false) { //encrypt SAML2 assertion try { -- cgit v1.2.3