From f0ce9aa935c948693bfabf2bdb598ec9df40471d Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 12 Jul 2013 11:07:48 +0200 Subject: SSO Nachtrag --- .../gv/egovernment/moa/id/moduls/SSOManager.java | 182 +++++++++++++++++++++ 1 file changed, 182 insertions(+) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java (limited to 'id/server') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java new file mode 100644 index 000000000..d55482e95 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java @@ -0,0 +1,182 @@ +package at.gv.egovernment.moa.id.moduls; + +import java.util.List; +import java.util.Set; + +import iaik.util.logging.Log; + +import javax.servlet.http.Cookie; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.hibernate.Query; +import org.hibernate.Session; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.commons.db.HibernateUtil; +import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.util.HTTPSessionUtils; +import at.gv.egovernment.moa.id.util.Random; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +public class SSOManager { + + private static final String SSOCOOKIE = "MOA_ID_SSO"; + + private static final int DEFAULTSSOTIMEOUT = 15*60; //sec + + private static SSOManager instance = null; + private static int sso_timeout; + + + public static SSOManager getInstance() { + if (instance == null) { + instance = new SSOManager(); + + //TODO: move to config based timeout! + sso_timeout = DEFAULTSSOTIMEOUT; + } + + return instance; + } + + public boolean isValidSSOSession(String ssoSessionID, HttpServletRequest httpReq) { + + //search SSO Session + if (ssoSessionID == null) { + Logger.info("No SSO Session cookie found."); + return false; + } + + String moaSessionId =HTTPSessionUtils.getHTTPSessionString(httpReq.getSession(), + AuthenticationManager.MOA_SESSION, null); + return AuthenticationSessionStoreage.isValidSessionWithSSOID(ssoSessionID, moaSessionId); + + } + + public String existsOldSSOSession(String ssoId) { + + Logger.trace("Check that the SSOID has already been used"); + Session session = HibernateUtil.getCurrentSession(); + + List result; + + synchronized (session) { + session.beginTransaction(); + Query query = session.getNamedQuery("getSSOSessionWithOldSessionID"); + query.setString("sessionid", ssoId); + result = query.list(); + + //send transaction + + } + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() == 0) { + session.getTransaction().commit(); + return null; + } + + OldSSOSessionIDStore oldSSOSession = result.get(0); + + AuthenticatedSessionStore correspondingMoaSession = oldSSOSession.getMoasession(); + + if (correspondingMoaSession == null) { + Logger.info("Get request with old SSO SessionID but no corresponding SSO Session is found."); + //TODO: ist der OldSSOSessionStore zum Aufräumen? + return null; + } + + + String moasessionid = correspondingMoaSession.getSessionid(); + + session.getTransaction().commit(); + + return moasessionid; + + } + + public String storeSSOSessionInformations(String moaSessionID, String OAUrl) { + + //TODO: use secure random number generation!!!!! + String newSSOId = Random.nextRandom(); + + + System.out.println("generate new SSO Tokken (" + newSSOId + ")"); + + if (MiscUtil.isEmpty(moaSessionID) || MiscUtil.isEmpty(OAUrl)) { + Logger.warn("MoaSessionID or OAUrl are empty -> SSO is not enabled!"); + return null; + } + + try { + AuthenticationSessionStoreage.addSSOInformation(moaSessionID, newSSOId, OAUrl); + + return newSSOId; + + } catch (AuthenticationException e) { + Logger.warn("SSO Session information can not be stored -> SSO is not enabled!"); + return null; + } + } + + + public void setSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp, String ssoId) { + Cookie[] cookies = httpReq.getCookies(); + + if (cookies != null) { + for (Cookie cookie : cookies) { + if (cookie.getName().equals(SSOCOOKIE)) { + cookie.setValue(ssoId); + cookie.setMaxAge(sso_timeout); + cookie.setSecure(true); + httpResp.addCookie(cookie); + return; + } + } + + } + Cookie cookie = new Cookie(SSOCOOKIE, ssoId); + cookie.setMaxAge(sso_timeout); + cookie.setSecure(true); + httpResp.addCookie(cookie); + return; + + } + + + + public String getSSOSessionID(HttpServletRequest httpReq) { + Cookie[] cookies = httpReq.getCookies(); + + if (cookies != null) { + for (Cookie cookie : cookies) { + + //TODO: funktioniert nicht, da Cookie seltsamerweise immer unsecure übertragen wird (firefox) + //if (cookie.getName().equals(SSOCOOKIE) && cookie.getSecure()) { + + if (cookie.getName().equals(SSOCOOKIE)) { + return cookie.getValue(); + } + } + } + return null; + } + + public void deleteSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp) { + Cookie[] cookies = httpReq.getCookies(); + + if (cookies != null) { + for (Cookie cookie : cookies) { + if (!cookie.getName().equals(SSOCOOKIE)) + httpResp.addCookie(cookie); + } + } + } +} + -- cgit v1.2.3