From 1f88acc4f47eb8b9e01ff3c9d8262871fe314b42 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 25 Feb 2016 10:26:41 +0100 Subject: add 'isAbortedByUser' flag to pending-request to indicate that this request is aborted, but the auth. process is not broken --- .../tasks/EvaluateSSOConsentsTaskImpl.java | 22 +++++++------ .../at/gv/egovernment/moa/id/moduls/IRequest.java | 14 +++++++++ .../gv/egovernment/moa/id/moduls/RequestImpl.java | 19 ++++++++++-- .../protocols/ProtocolFinalizationController.java | 36 ++++++++++++---------- 4 files changed, 62 insertions(+), 29 deletions(-) (limited to 'id/server/idserverlib/src') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java index d52b76ebd..5b53a43bd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java @@ -90,19 +90,21 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask { if (ssoConsents) { //authenticate pending-request pendingReq.setAuthenticated(true); - - //store pending-request - requestStoreage.storePendingRequest(pendingReq); - - //redirect to auth. protocol finalization - performRedirectToProtocolFinialization(pendingReq, response); - + pendingReq.setAbortedByUser(false); + } else { //user deny single sign-on authentication - throw new AuthenticationException("auth.21", new Object[] {}); - + Logger.debug("User deny the Single Sign-On authentication for SP: " + pendingReq.getOAURL()); + pendingReq.setAbortedByUser(true); + } - + + //store pending-request + requestStoreage.storePendingRequest(pendingReq); + + //redirect to auth. protocol finalization + performRedirectToProtocolFinialization(pendingReq, response); + } catch (MOAIDException e) { throw new TaskExecutionException(pendingReq, e.getMessage(), e); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java index f5d381e42..e1edb6b77 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java @@ -175,4 +175,18 @@ public interface IRequest { * @return Service-Provider configuration */ public IOAAuthParameters getOnlineApplicationConfiguration(); + + /** + * Indicates, if this pending-request is aborted by the user + * + * @return true, if it is aborted, otherwise false + */ + public boolean isAbortedByUser(); + + /** + * Set the 'isAboredByUser' flag of this pending-request + * + * @param b true, if the user has abort the authentication process, otherwise false + */ + public void setAbortedByUser(boolean isAborted); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java index 961700651..4dade61fa 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java @@ -69,13 +69,17 @@ public abstract class RequestImpl implements IRequest, Serializable{ private boolean passiv = false; private boolean force = false; - - private boolean needAuthentication = true; - private boolean isAuthenticated = false; private boolean needSSO = false; + private boolean isAbortedByUser = false; + //every request needs authentication by default + private boolean needAuthentication = true; + //every request is not authenticated by default + private boolean isAuthenticated = false; + private Map genericDataStorage = new HashMap(); + /** * @throws ConfigurationException @@ -324,6 +328,15 @@ public abstract class RequestImpl implements IRequest, Serializable{ } + public boolean isAbortedByUser() { + return this.isAbortedByUser; + } + + public void setAbortedByUser(boolean isAborted) { + this.isAbortedByUser = isAborted; + + } + public Object getGenericData(String key) { if (MiscUtil.isNotEmpty(key)) { return genericDataStorage.get(key); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java index 8c3f2c946..009ef4b6d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java @@ -33,6 +33,7 @@ import org.springframework.web.bind.annotation.RequestMethod; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.moduls.IRequest; @@ -74,10 +75,7 @@ public class ProtocolFinalizationController extends AbstractAuthProtocolModulCon //build protocol-specific error message if possible buildProtocolSpecificErrorResponse(throwable, req, resp, pendingReq); - - //log Error Message - statisticLogger.logErrorOperation(throwable, pendingReq); - + //get MOASession for this pendingRequest AuthenticationSession moaSession = authenticatedSessionStorage.getSession( @@ -132,19 +130,25 @@ public class ProtocolFinalizationController extends AbstractAuthProtocolModulCon if (moaSession == null) { Logger.error("No MOASession with ID " + sessionID + " found.!"); handleErrorNoRedirect(new MOAIDException("auth.02", new Object[]{sessionID}), req, resp, true); - return; - } - - //check if MOASession and pending-request are authenticated - if (moaSession.isAuthenticated() && pendingReq.isAuthenticated()) { - finalizeAuthenticationProcess(req, resp, pendingReq, moaSession); - } else { - Logger.error("MOASession oder Pending-Request are not authenticated --> Abort authentication process!"); - handleErrorNoRedirect(new MOAIDException("auth.20", null), req, resp, true); - return; - + + //check if pending-request has 'abortedByUser' flag set + if (pendingReq.isAbortedByUser()) { + buildProtocolSpecificErrorResponse( + new AuthenticationException("auth.21", new Object[] {}), + req, resp, pendingReq); + + //check if MOASession and pending-request are authenticated + } else if (moaSession.isAuthenticated() && pendingReq.isAuthenticated()) { + finalizeAuthenticationProcess(req, resp, pendingReq, moaSession); + + } else { + //suspect state: pending-request is not aborted but also are not authenticated + Logger.error("MOASession oder Pending-Request are not authenticated --> Abort authentication process!"); + handleErrorNoRedirect(new MOAIDException("auth.20", null), req, resp, true); + + } } } catch (Exception e) { @@ -156,7 +160,7 @@ public class ProtocolFinalizationController extends AbstractAuthProtocolModulCon //remove pending-request if (pendingReq != null) - requestStorage.removePendingRequest(pendingReq.getRequestID()); + requestStorage.removePendingRequest(pendingReq.getRequestID()); } -- cgit v1.2.3