From 1f46df486fbab558fb3e935dfed160f26e698ac0 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Fri, 24 Jan 2014 08:04:12 +0100
Subject: -- Solve merge problems (AuthnRequestHandler.java &
mandateReferenceValueAttributeBuilder) -- Change sessionmanagement betweem
AuthAction and TokenAction to AssertionStorage class -- add class definieten
to HTML config element
---
.../moa/id/auth/data/AuthenticationSession.java | 28 +++++++-------
.../id/protocols/oauth20/OAuth20SessionObject.java | 6 +--
.../oauth20/protocol/OAuth20AuthAction.java | 30 +++++++--------
.../oauth20/protocol/OAuth20TokenAction.java | 45 ++++++++++++++--------
.../MandateReferenceValueAttributeBuilder.java | 44 +--------------------
.../pvp2x/requestHandler/AuthnRequestHandler.java | 1 +
6 files changed, 65 insertions(+), 89 deletions(-)
(limited to 'id/server/idserverlib/src')
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index 1061a2802..9aecefd43 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -207,7 +207,7 @@ public class AuthenticationSession implements Serializable {
private boolean ssoRequested = false;
- private OAuth20SessionObject oAuth20SessionObject;
+// private OAuth20SessionObject oAuth20SessionObject;
// /**
// * Indicates if target from configuration is used or not
@@ -963,18 +963,18 @@ public class AuthenticationSession implements Serializable {
}
/**
- * @return the oAuth20SessionObject
- */
- public OAuth20SessionObject getoAuth20SessionObject() {
- return oAuth20SessionObject;
- }
-
- /**
- * @param oAuth20SessionObject
- * the oAuth20SessionObject to set
- */
- public void setoAuth20SessionObject(OAuth20SessionObject oAuth20SessionObject) {
- this.oAuth20SessionObject = oAuth20SessionObject;
- }
+// * @return the oAuth20SessionObject
+// */
+// public OAuth20SessionObject getoAuth20SessionObject() {
+// return oAuth20SessionObject;
+// }
+//
+// /**
+// * @param oAuth20SessionObject
+// * the oAuth20SessionObject to set
+// */
+// public void setoAuth20SessionObject(OAuth20SessionObject oAuth20SessionObject) {
+// this.oAuth20SessionObject = oAuth20SessionObject;
+// }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20SessionObject.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20SessionObject.java
index 20711373e..4c7d1a37b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20SessionObject.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20SessionObject.java
@@ -15,7 +15,7 @@ public class OAuth20SessionObject implements Serializable {
private String code;
- private AuthenticationSession authDataSession;
+ private String authDataSession;
public String getScope() {
return scope;
@@ -40,11 +40,11 @@ public class OAuth20SessionObject implements Serializable {
this.code = code;
}
- public AuthenticationSession getAuthDataSession() {
+ public String getAuthDataSession() {
return authDataSession;
}
- public void setAuthDataSession(AuthenticationSession authDataSession) {
+ public void setAuthDataSession(String authDataSession) {
this.authDataSession = authDataSession;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
index 68f508103..17649487a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
@@ -13,7 +13,9 @@ import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ResponseTypeException;
import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ServerErrorException;
+import at.gv.egovernment.moa.id.storage.AssertionStorage;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.logging.Logger;
class OAuth20AuthAction implements IAction {
@@ -32,25 +34,25 @@ class OAuth20AuthAction implements IAction {
String responseType = oAuthRequest.getResponseType();
AuthenticationSession session = null;
+ String code = Random.nextRandom();
+
try {
- session = AuthenticationSessionStoreage.createSession();
-
- String code = session.getSessionID();// AuthenticationSessionStoreage.changeSessionID(moasession);
+
Logger.debug("Stored session with id: " + code);
OAuth20SessionObject o = new OAuth20SessionObject();
if (responseType.equals(OAuth20Constants.RESPONSE_CODE)) {
o.setScope(oAuthRequest.getScope());
o.setCode(code);
- o.setAuthDataSession(moasession);
+ o.setAuthDataSession(moasession.getSessionID());
} else if (responseType.equals(OAuth20Constants.RESPONSE_TOKEN)) {
throw new OAuth20ResponseTypeException();
}
- // store data in oath session
- session.setoAuth20SessionObject(o);
- AuthenticationSessionStoreage.storeSession(session);
- Logger.debug("Saved OAuth20SessionObject in session with id: " + session.getSessionID());
+ // store data in oath session
+ AssertionStorage.getInstance().put(code, o);
+
+ Logger.debug("Saved OAuth20SessionObject in session with id: " + code);
// add code and state to redirect url
httpResp.setStatus(HttpServletResponse.SC_FOUND);
@@ -65,14 +67,12 @@ class OAuth20AuthAction implements IAction {
Logger.debug("REDIRECT TO: " + finalUrl.toString());
}
catch (Exception e) {
- try {
- if (session != null) {
- Logger.debug("Going to destroy session: " + session.getSessionID());
- AuthenticationSessionStoreage.destroySession(session.getSessionID());
- }
- }
- catch (MOADatabaseException e1) {
+
+ //remove OAuthSessionObject if it already exists
+ if (AssertionStorage.getInstance().containsKey(code)) {
+ AssertionStorage.getInstance().remove(code);
}
+
if (e instanceof OAuth20Exception) {
throw (OAuth20Exception) e;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java
index 3dceaecdf..b975b5594 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java
@@ -28,6 +28,7 @@ import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Unauthorized
import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuth20SignatureUtil;
import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuthJsonToken;
import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuthSigner;
+import at.gv.egovernment.moa.id.storage.AssertionStorage;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.logging.Logger;
@@ -38,25 +39,41 @@ class OAuth20TokenAction implements IAction {
public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp,
AuthenticationSession moasession) throws MOAIDException {
- AuthenticationSession session = null;
+
+ OAuth20SessionObject auth20SessionObject = null;
try {
OAuth20TokenRequest oAuthRequest = (OAuth20TokenRequest) req;
+
+ try {
+ Logger.debug("Loaded OAuth20SessionObject from session: " + oAuthRequest.getCode());
+
+ auth20SessionObject =
+ AssertionStorage.getInstance().get(oAuthRequest.getCode(), OAuth20SessionObject.class);
- session = AuthenticationSessionStoreage.getSession(oAuthRequest.getCode());
- if (session == null) {
+ } catch (MOADatabaseException e) {
throw new OAuth20UnauthorizedClientException();
+
}
-
- OAuth20SessionObject auth20SessionObject = session.getoAuth20SessionObject();
- Logger.debug("Loaded OAuth20SessionObject from session: " + session.getSessionID());
-
+
// do checking for different grant types and code
if (auth20SessionObject == null || !auth20SessionObject.getCode().equals(oAuthRequest.getCode())) {
throw new OAuth20UnauthorizedClientException();
} else {
Logger.debug("Loaded of OAuth20SessionObject was successful");
}
+
+ Logger.debug("Load MOASession from database");
+ AuthenticationSession session = AuthenticationSessionStoreage.getSession(auth20SessionObject.getAuthDataSession());
+ if (session == null) {
+ Logger.warn("NO MOASession found with SessionID " + auth20SessionObject.getAuthDataSession());
+ throw new OAuth20UnauthorizedClientException();
+
+ } else {
+ Logger.debug("Loading of MOASession was successful.");
+
+ }
+
final String accessToken = UUID.randomUUID().toString();
// create response
@@ -67,7 +84,7 @@ class OAuth20TokenAction implements IAction {
// build id token and scope
Pair<String, String> pair = buildIdToken(auth20SessionObject.getScope(), oAuthRequest,
- auth20SessionObject.getAuthDataSession());
+ session);
Logger.debug("RESPONSE ID_TOKEN: " + pair.getFirst());
params.put(OAuth20Constants.RESPONSE_ID_TOKEN, pair.getFirst());
Logger.debug("RESPONSE SCOPE: " + pair.getSecond());
@@ -93,14 +110,12 @@ class OAuth20TokenAction implements IAction {
}
finally {
- if (session != null) {
+ if (auth20SessionObject != null) {
// destroy session for clean up
- try {
- Logger.debug("Going to destroy session: " + session.getSessionID());
- AuthenticationSessionStoreage.destroySession(session.getSessionID());
- }
- catch (MOADatabaseException e) {
- }
+
+ Logger.debug("Going to destroy session: " + auth20SessionObject.getCode());
+ AssertionStorage.getInstance().remove(auth20SessionObject.getCode());
+
}
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java
index 2c4eb15de..dc1a4f04b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java
@@ -1,36 +1,22 @@
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import org.w3c.dom.Element;
-
-import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
-import at.gv.egovernment.moa.id.util.MandateBuilder;
public class MandateReferenceValueAttributeBuilder implements IPVPAttributeBuilder {
public String getName() {
return MANDATE_REFERENCE_VALUE_NAME;
}
- public Attribute build(AuthenticationSession authSession,
public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
if (authSession.getUseMandate()) {
- Element mandate = authSession.getMandate();
- if (mandate == null) {
- throw new NoMandateDataAttributeException();
- }
- Mandate mandateObject = MandateBuilder.buildMandate(mandate);
- if (mandateObject == null) {
- throw new NoMandateDataAttributeException();
- }
-
+
return g.buildStringAttribute(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, MANDATE_REFERENCE_VALUE_NAME,
- mandateObject.getMandateID());
+ authSession.getMandateReferenceValue());
}
return null;
@@ -40,29 +26,3 @@ public class MandateReferenceValueAttributeBuilder implements IPVPAttributeBuild
return g.buildEmptyAttribute(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, MANDATE_REFERENCE_VALUE_NAME);
}
}
-
- public Attribute build(AuthenticationSession authSession,
- OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception {
- if(authSession.getUseMandate()) {
-
-// Element mandate = authSession.getMandate();
-// if(mandate == null) {
-// throw new NoMandateDataAvailableException();
-// }
-// Mandate mandateObject = MandateBuilder.buildMandate(mandate);
-// if(mandateObject == null) {
-// throw new NoMandateDataAvailableException();
-// }
-
- return buildStringAttribute(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME,
- MANDATE_REFERENCE_VALUE_NAME, authSession.getMandateReferenceValue());
- }
- return null;
-
- }
-
- public Attribute buildEmpty() {
- return buildemptyAttribute(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME,
- MANDATE_REFERENCE_VALUE_NAME);
- }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
index 0c7dea3c8..9de385307 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
@@ -9,6 +9,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.transform.TransformerException;
+import org.joda.time.DateTime;
import org.opensaml.Configuration;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.core.Assertion;
--
cgit v1.2.3