From 1f46df486fbab558fb3e935dfed160f26e698ac0 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 24 Jan 2014 08:04:12 +0100 Subject: -- Solve merge problems (AuthnRequestHandler.java & mandateReferenceValueAttributeBuilder) -- Change sessionmanagement betweem AuthAction and TokenAction to AssertionStorage class -- add class definieten to HTML config element --- .../moa/id/auth/data/AuthenticationSession.java | 28 +++++++------- .../id/protocols/oauth20/OAuth20SessionObject.java | 6 +-- .../oauth20/protocol/OAuth20AuthAction.java | 30 +++++++-------- .../oauth20/protocol/OAuth20TokenAction.java | 45 ++++++++++++++-------- .../MandateReferenceValueAttributeBuilder.java | 44 +-------------------- .../pvp2x/requestHandler/AuthnRequestHandler.java | 1 + 6 files changed, 65 insertions(+), 89 deletions(-) (limited to 'id/server/idserverlib/src/main/java') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index 1061a2802..9aecefd43 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -207,7 +207,7 @@ public class AuthenticationSession implements Serializable { private boolean ssoRequested = false; - private OAuth20SessionObject oAuth20SessionObject; +// private OAuth20SessionObject oAuth20SessionObject; // /** // * Indicates if target from configuration is used or not @@ -963,18 +963,18 @@ public class AuthenticationSession implements Serializable { } /** - * @return the oAuth20SessionObject - */ - public OAuth20SessionObject getoAuth20SessionObject() { - return oAuth20SessionObject; - } - - /** - * @param oAuth20SessionObject - * the oAuth20SessionObject to set - */ - public void setoAuth20SessionObject(OAuth20SessionObject oAuth20SessionObject) { - this.oAuth20SessionObject = oAuth20SessionObject; - } +// * @return the oAuth20SessionObject +// */ +// public OAuth20SessionObject getoAuth20SessionObject() { +// return oAuth20SessionObject; +// } +// +// /** +// * @param oAuth20SessionObject +// * the oAuth20SessionObject to set +// */ +// public void setoAuth20SessionObject(OAuth20SessionObject oAuth20SessionObject) { +// this.oAuth20SessionObject = oAuth20SessionObject; +// } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20SessionObject.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20SessionObject.java index 20711373e..4c7d1a37b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20SessionObject.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20SessionObject.java @@ -15,7 +15,7 @@ public class OAuth20SessionObject implements Serializable { private String code; - private AuthenticationSession authDataSession; + private String authDataSession; public String getScope() { return scope; @@ -40,11 +40,11 @@ public class OAuth20SessionObject implements Serializable { this.code = code; } - public AuthenticationSession getAuthDataSession() { + public String getAuthDataSession() { return authDataSession; } - public void setAuthDataSession(AuthenticationSession authDataSession) { + public void setAuthDataSession(String authDataSession) { this.authDataSession = authDataSession; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java index 68f508103..17649487a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java @@ -13,7 +13,9 @@ import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ResponseTypeException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ServerErrorException; +import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; class OAuth20AuthAction implements IAction { @@ -32,25 +34,25 @@ class OAuth20AuthAction implements IAction { String responseType = oAuthRequest.getResponseType(); AuthenticationSession session = null; + String code = Random.nextRandom(); + try { - session = AuthenticationSessionStoreage.createSession(); - - String code = session.getSessionID();// AuthenticationSessionStoreage.changeSessionID(moasession); + Logger.debug("Stored session with id: " + code); OAuth20SessionObject o = new OAuth20SessionObject(); if (responseType.equals(OAuth20Constants.RESPONSE_CODE)) { o.setScope(oAuthRequest.getScope()); o.setCode(code); - o.setAuthDataSession(moasession); + o.setAuthDataSession(moasession.getSessionID()); } else if (responseType.equals(OAuth20Constants.RESPONSE_TOKEN)) { throw new OAuth20ResponseTypeException(); } - // store data in oath session - session.setoAuth20SessionObject(o); - AuthenticationSessionStoreage.storeSession(session); - Logger.debug("Saved OAuth20SessionObject in session with id: " + session.getSessionID()); + // store data in oath session + AssertionStorage.getInstance().put(code, o); + + Logger.debug("Saved OAuth20SessionObject in session with id: " + code); // add code and state to redirect url httpResp.setStatus(HttpServletResponse.SC_FOUND); @@ -65,14 +67,12 @@ class OAuth20AuthAction implements IAction { Logger.debug("REDIRECT TO: " + finalUrl.toString()); } catch (Exception e) { - try { - if (session != null) { - Logger.debug("Going to destroy session: " + session.getSessionID()); - AuthenticationSessionStoreage.destroySession(session.getSessionID()); - } - } - catch (MOADatabaseException e1) { + + //remove OAuthSessionObject if it already exists + if (AssertionStorage.getInstance().containsKey(code)) { + AssertionStorage.getInstance().remove(code); } + if (e instanceof OAuth20Exception) { throw (OAuth20Exception) e; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java index 3dceaecdf..b975b5594 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java @@ -28,6 +28,7 @@ import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Unauthorized import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuth20SignatureUtil; import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuthJsonToken; import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuthSigner; +import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.logging.Logger; @@ -38,25 +39,41 @@ class OAuth20TokenAction implements IAction { public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { - AuthenticationSession session = null; + + OAuth20SessionObject auth20SessionObject = null; try { OAuth20TokenRequest oAuthRequest = (OAuth20TokenRequest) req; + + try { + Logger.debug("Loaded OAuth20SessionObject from session: " + oAuthRequest.getCode()); + + auth20SessionObject = + AssertionStorage.getInstance().get(oAuthRequest.getCode(), OAuth20SessionObject.class); - session = AuthenticationSessionStoreage.getSession(oAuthRequest.getCode()); - if (session == null) { + } catch (MOADatabaseException e) { throw new OAuth20UnauthorizedClientException(); + } - - OAuth20SessionObject auth20SessionObject = session.getoAuth20SessionObject(); - Logger.debug("Loaded OAuth20SessionObject from session: " + session.getSessionID()); - + // do checking for different grant types and code if (auth20SessionObject == null || !auth20SessionObject.getCode().equals(oAuthRequest.getCode())) { throw new OAuth20UnauthorizedClientException(); } else { Logger.debug("Loaded of OAuth20SessionObject was successful"); } + + Logger.debug("Load MOASession from database"); + AuthenticationSession session = AuthenticationSessionStoreage.getSession(auth20SessionObject.getAuthDataSession()); + if (session == null) { + Logger.warn("NO MOASession found with SessionID " + auth20SessionObject.getAuthDataSession()); + throw new OAuth20UnauthorizedClientException(); + + } else { + Logger.debug("Loading of MOASession was successful."); + + } + final String accessToken = UUID.randomUUID().toString(); // create response @@ -67,7 +84,7 @@ class OAuth20TokenAction implements IAction { // build id token and scope Pair pair = buildIdToken(auth20SessionObject.getScope(), oAuthRequest, - auth20SessionObject.getAuthDataSession()); + session); Logger.debug("RESPONSE ID_TOKEN: " + pair.getFirst()); params.put(OAuth20Constants.RESPONSE_ID_TOKEN, pair.getFirst()); Logger.debug("RESPONSE SCOPE: " + pair.getSecond()); @@ -93,14 +110,12 @@ class OAuth20TokenAction implements IAction { } finally { - if (session != null) { + if (auth20SessionObject != null) { // destroy session for clean up - try { - Logger.debug("Going to destroy session: " + session.getSessionID()); - AuthenticationSessionStoreage.destroySession(session.getSessionID()); - } - catch (MOADatabaseException e) { - } + + Logger.debug("Going to destroy session: " + auth20SessionObject.getCode()); + AssertionStorage.getInstance().remove(auth20SessionObject.getCode()); + } } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java index 2c4eb15de..dc1a4f04b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java @@ -1,36 +1,22 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import org.w3c.dom.Element; - -import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; -import at.gv.egovernment.moa.id.util.MandateBuilder; public class MandateReferenceValueAttributeBuilder implements IPVPAttributeBuilder { public String getName() { return MANDATE_REFERENCE_VALUE_NAME; } - public Attribute build(AuthenticationSession authSession, public ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, IAttributeGenerator g) throws AttributeException { if (authSession.getUseMandate()) { - Element mandate = authSession.getMandate(); - if (mandate == null) { - throw new NoMandateDataAttributeException(); - } - Mandate mandateObject = MandateBuilder.buildMandate(mandate); - if (mandateObject == null) { - throw new NoMandateDataAttributeException(); - } - + return g.buildStringAttribute(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, MANDATE_REFERENCE_VALUE_NAME, - mandateObject.getMandateID()); + authSession.getMandateReferenceValue()); } return null; @@ -40,29 +26,3 @@ public class MandateReferenceValueAttributeBuilder implements IPVPAttributeBuild return g.buildEmptyAttribute(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, MANDATE_REFERENCE_VALUE_NAME); } } - - public Attribute build(AuthenticationSession authSession, - OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception { - if(authSession.getUseMandate()) { - -// Element mandate = authSession.getMandate(); -// if(mandate == null) { -// throw new NoMandateDataAvailableException(); -// } -// Mandate mandateObject = MandateBuilder.buildMandate(mandate); -// if(mandateObject == null) { -// throw new NoMandateDataAvailableException(); -// } - - return buildStringAttribute(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, - MANDATE_REFERENCE_VALUE_NAME, authSession.getMandateReferenceValue()); - } - return null; - - } - - public Attribute buildEmpty() { - return buildemptyAttribute(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, - MANDATE_REFERENCE_VALUE_NAME); - } -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java index 0c7dea3c8..9de385307 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java @@ -9,6 +9,7 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.xml.transform.TransformerException; +import org.joda.time.DateTime; import org.opensaml.Configuration; import org.opensaml.common.xml.SAMLConstants; import org.opensaml.saml2.core.Assertion; -- cgit v1.2.3