From cc2e2e4ecf5bd8c4bbe16edba5a7d63fa808adcb Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Fri, 26 Jul 2013 17:06:11 +0200
Subject: Bugfix: Database Session management

---
 .../id/config/auth/AuthConfigurationProvider.java  |   3 +-
 .../moa/id/entrypoints/DispatcherServlet.java      |  41 +++++---
 .../moa/id/moduls/AuthenticationManager.java       |  32 +++---
 .../gv/egovernment/moa/id/moduls/RequestImpl.java  |   6 +-
 .../egovernment/moa/id/moduls/RequestStorage.java  |   5 +-
 .../gv/egovernment/moa/id/moduls/SSOManager.java   |   6 +-
 .../id/storage/AuthenticationSessionStoreage.java  |   2 +-
 .../egovernment/moa/id/util/HTTPSessionUtils.java  | 116 ++++++++++-----------
 8 files changed, 116 insertions(+), 95 deletions(-)

(limited to 'id/server/idserverlib/src/main/java/at')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
index ffcb85044..c71b6f8c7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -387,8 +387,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
     	
     	//set TrustManagerRevocationChecking
     	setTrustManagerRevocationChecking();
-    	    		
-		    	
+    	    		    	
     } catch (Throwable t) {
       throw new ConfigurationException("config.02", null, t);
   	}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index e7b41e3c9..f70596949 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -123,8 +123,6 @@ public class DispatcherServlet extends AuthServlet{
 							
 						}
 						
-
-						
 						if (errorRequest != null) {
 						
 							try {
@@ -240,11 +238,22 @@ public class DispatcherServlet extends AuthServlet{
 						if (protocolRequests.containsKey(protocolRequestID)) {
 							protocolRequest = protocolRequests.get(protocolRequestID);
 							
+							
+							
+							Logger.debug(DispatcherServlet.class.getName()+": Found PendingRequest with ID " + protocolRequestID);
+							
 							//RequestStorage.setPendingRequest(httpSession, protocolRequests);
 						
 						} else {
-							resp.sendError(HttpServletResponse.SC_CONFLICT);
-							Logger.error("No PendingRequest with ID " + protocolRequestID + " found for this session!");
+							Logger.error("No PendingRequest with ID " + protocolRequestID + " found.!");
+
+							Set<String> mapkeys = protocolRequests.keySet();
+							for (String el : mapkeys)
+								Logger.debug("PendingRequest| ID=" + el + "  OAIdentifier=" + protocolRequests.get(el));
+						
+							handleErrorNoRedirect("Während des Anmeldevorgangs ist ein Fehler aufgetreten. Bitte versuchen Sie es noch einmal.",
+									null, req, resp);							
+							//resp.sendError(HttpServletResponse.SC_CONFLICT);
 							return;
 						}
 //					}
@@ -265,12 +274,10 @@ public class DispatcherServlet extends AuthServlet{
 											if (value.getOAURL().equals(protocolRequest.getOAURL())) {
 										
 												if(!AuthenticationSessionStoreage.deleteSessionWithPendingRequestID(el)) {
-													Logger.warn("NO MOASession with PendingRequestID " + el + " found. Delete all user sessions!");
+													Logger.warn(DispatcherServlet.class.getName()+": NO MOASession with PendingRequestID " + el + " found. Delete all user sessions!");
 													RequestStorage.removeAllPendingRequests(req.getSession());
 											
 												} else {
-													
-													
 													RequestStorage.removePendingRequest(protocolRequests, el);
 												}
 											}
@@ -291,6 +298,7 @@ public class DispatcherServlet extends AuthServlet{
 									protocolRequestID = Random.nextRandom();
 									protocolRequest.setRequestID(protocolRequestID);
 									protocolRequests.put(protocolRequestID, protocolRequest);
+									Logger.debug(DispatcherServlet.class.getName()+": Create PendingRequest with ID " + protocolRequestID + ".");
 								}
 							}
 						}
@@ -312,7 +320,8 @@ public class DispatcherServlet extends AuthServlet{
 				
 				//load Parameters from OnlineApplicationConfiguration
 				OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
-						.getOnlineApplicationParameter(protocolRequest.getOAURL());	
+						.getOnlineApplicationParameter(protocolRequest.getOAURL());
+				
 				if (oaParam == null) {
 					throw new AuthenticationException("auth.00", new Object[] { protocolRequest.getOAURL() });
 				}
@@ -402,8 +411,11 @@ public class DispatcherServlet extends AuthServlet{
 					else {
 						
 						//TODO: maybe transmit moasessionID with http GET to handle more then one PendingRequest!
-						moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(),
-											AuthenticationManager.MOA_SESSION, null);
+						moasessionID = (String) req.getParameter(PARAM_SESSIONID);
+						
+//						moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(),
+//											AuthenticationManager.MOA_SESSION, null);
+						
 						moasession = AuthenticationSessionStoreage.getSession(moasessionID);
 					}
 					
@@ -418,8 +430,11 @@ public class DispatcherServlet extends AuthServlet{
 					}
 					
 				} else {
-					moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(),
-								AuthenticationManager.MOA_SESSION, null);
+//					moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(),
+//								AuthenticationManager.MOA_SESSION, null);
+					
+					moasessionID = (String) req.getParameter(PARAM_SESSIONID);
+					
 					moasession = AuthenticationSessionStoreage.getSession(moasessionID);
 				}
 						
@@ -437,7 +452,7 @@ public class DispatcherServlet extends AuthServlet{
 					authmanager.logout(req, resp, moasessionID);
 				}
 				
-//				ConfigurationDBUtils.closeSession();
+				ConfigurationDBUtils.closeSession();
 				
 				//authmanager.logout(req, resp);
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index b9f0b2144..be0132c14 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -48,20 +48,20 @@ public class AuthenticationManager extends AuthServlet {
 	}
 	
 	
-	public AuthenticationSession getAuthenticationSession(
-			HttpSession session) {
-		String sessionID = HTTPSessionUtils.getHTTPSessionString(session,
-				MOA_SESSION, null);
-		if (sessionID != null) {
-			try {
-				return AuthenticationSessionStoreage.getSession(sessionID);
-				
-			} catch (MOADatabaseException e) {
-				return null;
-			}
-		}
-		return null;
-	}
+//	public AuthenticationSession getAuthenticationSession(
+//			HttpSession session) {
+//		String sessionID = HTTPSessionUtils.getHTTPSessionString(session,
+//				MOA_SESSION, null);
+//		if (sessionID != null) {
+//			try {
+//				return AuthenticationSessionStoreage.getSession(sessionID);
+//				
+//			} catch (MOADatabaseException e) {
+//				return null;
+//			}
+//		}
+//		return null;
+//	}
 
 //	/**
 //	 * Checks if the session is authenticated
@@ -134,8 +134,8 @@ public class AuthenticationManager extends AuthServlet {
 					
 						AuthenticationSessionStoreage.storeSession(authSession);
 					
-						HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION,
-								sessionID);
+//						HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION,
+//								sessionID);
 						return true; // got authenticated
 					}
 				}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
index 420f11622..d47e8df05 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
@@ -1,7 +1,11 @@
 package at.gv.egovernment.moa.id.moduls;
 
-public class RequestImpl implements IRequest {
+import java.io.Serializable;
 
+public class RequestImpl implements IRequest, Serializable{
+
+	private static final long serialVersionUID = 1L;
+	
 	private String oaURL;
 	private boolean passiv = false;
 	private boolean force = false;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java
index 35481a0a1..d33d4693d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java
@@ -41,6 +41,9 @@ public class RequestStorage {
 	}
 
 	public static void removeAllPendingRequests(HttpSession session) {
+		
+		Logger.debug(RequestStorage.class.getName()+": Remove all PendingRequests");
+		
 		session.setAttribute(PENDING_REQUEST, null);
 	}
 	
@@ -54,7 +57,7 @@ public class RequestStorage {
 			
 				if (requestmap.containsKey(requestID)) {
 					requestmap.remove(requestID);
-					Logger.debug("Remove PendingRequest with ID " + requestID);
+					Logger.debug(RequestStorage.class.getName()+": Remove PendingRequest with ID " + requestID);
 				
 				}
 			
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
index 82273da83..18eeae58e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
@@ -59,10 +59,10 @@ public class SSOManager {
 			return false;		
 		}
 		
-		String moaSessionId =HTTPSessionUtils.getHTTPSessionString(httpReq.getSession(),
-				AuthenticationManager.MOA_SESSION, null);
+//		String moaSessionId =HTTPSessionUtils.getHTTPSessionString(httpReq.getSession(),
+//				AuthenticationManager.MOA_SESSION, null);
 		
-		return AuthenticationSessionStoreage.isValidSessionWithSSOID(ssoSessionID, moaSessionId);	
+		return AuthenticationSessionStoreage.isValidSessionWithSSOID(ssoSessionID, null);	
 		
 	}
 	
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
index 1f71bf8bf..498188ffe 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
@@ -346,7 +346,7 @@ public class AuthenticationSessionStoreage {
 	
 	public static boolean isValidSessionWithSSOID(String SSOId, String moaSessionId) {
 		
-		  MiscUtil.assertNotNull(SSOId, "moasessionID");	  
+		  MiscUtil.assertNotNull(SSOId, "SSOSessionID");	  
 		  Logger.trace("Get authenticated session with SSOID " + SSOId + " from database.");
 		  Session session = MOASessionDBUtils.getCurrentSession();
 		  
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPSessionUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPSessionUtils.java
index 896fc6d5d..1e9cb9024 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPSessionUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPSessionUtils.java
@@ -9,62 +9,62 @@ import javax.servlet.http.HttpSession;
 
 public class HTTPSessionUtils {
 
-	public static HashMap<String, Object> extractAllProperties(HttpSession session) {
-		@SuppressWarnings("unchecked")
-		Enumeration<String> keys = (Enumeration<String>)session.getAttributeNames();
-		HashMap<String, Object> properties = new HashMap<String, Object>();
-		
-		while(keys.hasMoreElements()) {
-			Object keyObject = keys.nextElement();
-			String key = keyObject.toString();
-			Object value = session.getAttribute(key);
-			properties.put(key, value);
-		}
-		
-		return properties;
-	}
-	
-	public static void pushAllProperties(HttpSession session, HashMap<String, Object> properties) {
-		Set<String> keys = properties.keySet();
-		Iterator<String> keysIterator = keys.iterator();
-		while(keysIterator.hasNext()) {
-			String key = keysIterator.next();
-			session.setAttribute(key, properties.get(key));
-		}
-	}
-	
-	public static boolean getHTTPSessionBoolean(HttpSession session, String name, boolean fallback) {
-		Object obj = session.getAttribute(name);
-		if(obj == null) {
-			return fallback;
-		}
-		
-		if(obj instanceof Boolean) {
-			Boolean b = (Boolean)obj;
-			if(b != null) {
-				return b.booleanValue();
-			}
-		}
-		return fallback;
-	}
-	
-	public static void setHTTPSessionBoolean(HttpSession session, String name, boolean value) {
-		session.setAttribute(name, new Boolean(value));
-	}
-	
-	public static String getHTTPSessionString(HttpSession session, String name, String fallback) {
-		Object obj = session.getAttribute(name);
-		if(obj == null) {
-			return fallback;
-		}
-		
-		if(obj instanceof String) {
-			return (String)obj;
-		}
-		return fallback;
-	}
-	
-	public static void setHTTPSessionString(HttpSession session, String name, String value) {
-		session.setAttribute(name, value);
-	}	
+//	public static HashMap<String, Object> extractAllProperties(HttpSession session) {
+//		@SuppressWarnings("unchecked")
+//		Enumeration<String> keys = (Enumeration<String>)session.getAttributeNames();
+//		HashMap<String, Object> properties = new HashMap<String, Object>();
+//		
+//		while(keys.hasMoreElements()) {
+//			Object keyObject = keys.nextElement();
+//			String key = keyObject.toString();
+//			Object value = session.getAttribute(key);
+//			properties.put(key, value);
+//		}
+//		
+//		return properties;
+//	}
+//	
+//	public static void pushAllProperties(HttpSession session, HashMap<String, Object> properties) {
+//		Set<String> keys = properties.keySet();
+//		Iterator<String> keysIterator = keys.iterator();
+//		while(keysIterator.hasNext()) {
+//			String key = keysIterator.next();
+//			session.setAttribute(key, properties.get(key));
+//		}
+//	}
+//	
+//	public static boolean getHTTPSessionBoolean(HttpSession session, String name, boolean fallback) {
+//		Object obj = session.getAttribute(name);
+//		if(obj == null) {
+//			return fallback;
+//		}
+//		
+//		if(obj instanceof Boolean) {
+//			Boolean b = (Boolean)obj;
+//			if(b != null) {
+//				return b.booleanValue();
+//			}
+//		}
+//		return fallback;
+//	}
+//	
+//	public static void setHTTPSessionBoolean(HttpSession session, String name, boolean value) {
+//		session.setAttribute(name, new Boolean(value));
+//	}
+//	
+//	public static String getHTTPSessionString(HttpSession session, String name, String fallback) {
+//		Object obj = session.getAttribute(name);
+//		if(obj == null) {
+//			return fallback;
+//		}
+//		
+//		if(obj instanceof String) {
+//			return (String)obj;
+//		}
+//		return fallback;
+//	}
+//	
+//	public static void setHTTPSessionString(HttpSession session, String name, String value) {
+//		session.setAttribute(name, value);
+//	}	
 }
-- 
cgit v1.2.3