From 2e67bfacc4c1827bcdc37eac04a2a8d870ee20cd Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 23 Jul 2015 13:07:22 +0200 Subject: update revisions-log functionality --- .../task/impl/GeneralRevisionLogTask.java | 152 +++++++++++++++++++++ .../src/main/resources/gui/types/general.json | 16 +++ .../src/main/resources/gui/types/oa.json | 4 +- .../id/advancedlogging/MOAIDEventConstants.java | 4 +- .../moa/id/advancedlogging/MOAReversionLogger.java | 18 ++- .../id/auth/servlet/SSOSendAssertionServlet.java | 11 +- .../moa/id/config/auth/AuthConfiguration.java | 7 + .../PropertyBasedAuthConfigurationProvider.java | 33 ++++- .../moa/id/entrypoints/DispatcherServlet.java | 5 +- .../moa/id/moduls/AuthenticationManager.java | 4 + .../config/MOAIDConfigurationConstants.java | 5 + .../tasks/CreateStorkAuthRequestFormTask.java | 16 ++- .../PepsConnectorHandleLocalSignResponseTask.java | 9 ++ .../modules/stork/tasks/PepsConnectorTask.java | 11 +- 14 files changed, 281 insertions(+), 14 deletions(-) create mode 100644 id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralRevisionLogTask.java (limited to 'id') diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralRevisionLogTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralRevisionLogTask.java new file mode 100644 index 000000000..35f1e5228 --- /dev/null +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralRevisionLogTask.java @@ -0,0 +1,152 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.webgui.validation.task.impl; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.UUID; +import java.util.regex.Pattern; + +import org.apache.commons.lang.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.components.configuration.api.Configuration; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException; +import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier; +import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper; +import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator; +import at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class GeneralRevisionLogTask extends AbstractTaskValidator implements IDynamicLoadableTaskValidator { + private static final Logger log = LoggerFactory.getLogger(GeneralRevisionLogTask.class); + private static final List KEYWHITELIST; + + static { + ArrayList temp = new ArrayList(); + KEYWHITELIST = Collections.unmodifiableList(temp); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getKeyPrefix() + */ + @Override + public String getKeyPrefix() { + return MOAIDConfigurationConstants.SERVICE_REVERSION; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#getName() + */ + @Override + public String getName() { + return "General - Reversion Logging Task"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.ITaskValidator#postProcessing(java.util.Map, java.util.List, at.gv.egiz.components.configuration.api.Configuration) + */ + @Override + public Map postProcessing(Map input, + List keysToDelete, Configuration dbconfig) { + Map newConfigValues = new HashMap(); + + String eventCodes = input.get(MOAIDConfigurationConstants.GENERAL_REVERSION_LOGS_EVENTCODES); + if (MiscUtil.isNotEmpty(eventCodes)) { + newConfigValues.put(MOAIDConfigurationConstants.GENERAL_REVERSION_LOGS_EVENTCODES, + KeyValueUtils.normalizeCSVValueString(eventCodes)); + + } + + if (newConfigValues.isEmpty()) + return null; + else + return newConfigValues; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#tastValidate(java.util.Map) + */ + @Override + protected void taskValidate(Map input) + throws ConfigurationTaskValidationException { + List errors = new ArrayList(); + + String eventCodes = input.get(MOAIDConfigurationConstants.GENERAL_REVERSION_LOGS_EVENTCODES); + if (MiscUtil.isNotEmpty(eventCodes)) { + String[] codes = eventCodes.split(","); + for (String el: codes) { + try { + Integer.parseInt(el.trim()); + + } catch (NumberFormatException e) { + log.info("Revisions-Log eventcode(s) are not valid", e); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.GENERAL_REVERSION_LOGS_EVENTCODES, + "Reversion - Logger Enabled", + LanguageHelper.getErrorString("error.oa.reversion.log.eventcodes"))); + break; + + } + + } + + } + + + if (!errors.isEmpty()) + throw new ConfigurationTaskValidationException(errors); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator#getAllAllowedKeys() + */ + @Override + public List getAllAllowedPatterns() { + return generatePatternsFromKeys(KEYWHITELIST); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.webgui.validation.task.IDynamicLoadableTaskValidator#getModulValidatorPrefix() + */ + @Override + public List getModulValidatorPrefix() { + return Arrays.asList( + MOAIDConfigurationConstants.PREFIX_MOAID_GENERAL + ); + } + +} diff --git a/id/moa-id-webgui/src/main/resources/gui/types/general.json b/id/moa-id-webgui/src/main/resources/gui/types/general.json index f7861332d..f10fac06c 100644 --- a/id/moa-id-webgui/src/main/resources/gui/types/general.json +++ b/id/moa-id-webgui/src/main/resources/gui/types/general.json @@ -442,6 +442,22 @@ } } } + }, + "reversion.log": { + "id": "http://www.egiz.gv.at/dynUI/general/reversion/log", + "type": "object", + "title": "Revision Logging", + "description": "Default Revisions-Logging", + "options": { + "collapsed": true + }, + "properties": { + "eventcodes": { + "id": "http://www.egiz.gv.at/dynUI/general/reversion/log/eventcodes", + "type": "string", + "title": "EventCodes (CSV)" + } + } } }, "required": ["publicURLPrefix"] diff --git a/id/moa-id-webgui/src/main/resources/gui/types/oa.json b/id/moa-id-webgui/src/main/resources/gui/types/oa.json index 517327626..deba5d610 100644 --- a/id/moa-id-webgui/src/main/resources/gui/types/oa.json +++ b/id/moa-id-webgui/src/main/resources/gui/types/oa.json @@ -541,8 +541,8 @@ "reversion.log": { "id": "http://www.egiz.gv.at/dynUI/oa/reversion/log", "type": "object", - "title": "Reversion Logging", - "description": "Service specific reversion logging", + "title": "Revisions-Logging", + "description": "Service specific Revision-Logging", "options": { "collapsed": true }, diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java index 9e9fd2bff..da3608caa 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java @@ -59,6 +59,7 @@ public interface MOAIDEventConstants extends EventConstants { public static final int AUTHPROCESS_SSO_ASK_USER_FINISHED = 4007; public static final int AUTHPROCESS_INTERFEDERATION = 4008; public static final int AUTHPROCESS_INTERFEDERATION_REVEIVED = 4009; + public static final int AUTHPROCESS_INTERFEDERATION_IDP = 4010; public static final int AUTHPROCESS_BKUSELECTION_INIT = 4110; public static final int AUTHPROCESS_BKUTYPE_SELECTED = 4111; @@ -72,12 +73,13 @@ public interface MOAIDEventConstants extends EventConstants { public static final int AUTHPROCESS_FOREIGN_SZRGW_CONNECTED = 4224; public static final int AUTHPROCESS_FOREIGN_SZRGW_RECEIVED = 4225; - public static final int AUTHPROCESS_MANDATE_SERVICE_REQUESTED = 4330; + public static final int AUTHPROCESS_MANDATE_SERVICE_REQUESTED = 4300; public static final int AUTHPROCESS_MANDATE_REDIRECT = 4301; public static final int AUTHPROCESS_MANDATE_RECEIVED = 4302; public static final int AUTHPROCESS_PEPS_REQUESTED = 4400; public static final int AUTHPROCESS_PEPS_RECEIVED = 4401; + public static final int AUTHPROCESS_PEPS_IDL_RECEIVED = 4402; //person information public static final int PERSONAL_INFORMATION_PROF_REPRESENTATIVE_BPK = 5000; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java index e73aa8df1..b2eda4d78 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java @@ -30,6 +30,8 @@ import com.google.common.primitives.Ints; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; @@ -49,7 +51,6 @@ public class MOAReversionLogger { MOAIDEventConstants.SESSION_CREATED, MOAIDEventConstants.SESSION_DESTROYED, MOAIDEventConstants.SESSION_ERROR, - MOAIDEventConstants.SESSION_IP, MOAIDEventConstants.TRANSACTION_CREATED, MOAIDEventConstants.TRANSACTION_DESTROYED, MOAIDEventConstants.TRANSACTION_ERROR, @@ -64,8 +65,9 @@ public class MOAReversionLogger { MOAIDEventConstants.AUTHPROCESS_IDL_VALIDATED, MOAIDEventConstants.AUTHPROCESS_CERTIFICATE_VALIDATED, MOAIDEventConstants.AUTHPROCESS_AUTHBLOCK_VALIDATED, - MOAIDEventConstants.PERSONAL_INFORMATION_USERNAME_HASH - + MOAIDEventConstants.AUTHPROCESS_SSO, + MOAIDEventConstants.AUTHPROCESS_INTERFEDERATION, + MOAIDEventConstants.AUTHPROCESS_STORK_REQUESTED ); public static synchronized MOAReversionLogger getInstance() { @@ -246,6 +248,16 @@ public class MOAReversionLogger { } public List getDefaulttReversionsLoggingEventCodes() { + try { + List configuredDefaultEventCodes = AuthConfigurationProviderFactory.getInstance().getDefaultRevisionsLogEventCodes(); + if (configuredDefaultEventCodes != null) + return configuredDefaultEventCodes; + + } catch (ConfigurationException e) { + Logger.error("Access to configuration FAILED.", e); + + } + return defaultEventCodes; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java index 495c4ca5b..d116f473c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java @@ -30,12 +30,16 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.moduls.ModulUtils; +import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.moduls.SSOManager; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; @@ -127,7 +131,12 @@ public class SSOSendAssertionServlet extends AuthServlet{ moaSessionID = AuthenticationSessionStoreage.getMOASessionSSOID(ssoId); AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moaSessionID); AuthenticationSessionStoreage.setAuthenticated(moaSessionID, true); - + + //log event + String pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID); + IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID); + MOAReversionLogger.getInstance().logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_FINISHED); + String redirectURL = new DataURLBuilder().buildDataURL(moasession.getAuthURL(), ModulUtils.buildAuthURL(module, action, id), ""); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java index ebe08b615..d8f1a28c5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java @@ -137,6 +137,13 @@ public interface AuthConfiguration extends ConfigurationProvider{ */ Map getConfigurationWithWildCard(String key); + /** + * Get configured default revisions-log event codes which should be logged + * + * @return {List} if event codes or null + */ + List getDefaultRevisionsLogEventCodes(); + @Deprecated public boolean isHTTPAuthAllowed(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java index a151d6dbe..7418f2e35 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java @@ -4,7 +4,6 @@ import java.io.File; import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.IOException; -import java.math.BigInteger; import java.net.MalformedURLException; import java.net.URI; import java.util.ArrayList; @@ -1029,4 +1028,36 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide return Boolean.valueOf(prop); } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getDefaultRevisionsLogEventCodes() + */ + @Override + public List getDefaultRevisionsLogEventCodes() { + try { + String eventcodes = configuration.getStringValue(MOAIDConfigurationConstants.GENERAL_REVERSION_LOGS_EVENTCODES); + if (MiscUtil.isNotEmpty(eventcodes)) { + String[] codes = eventcodes.split(","); + List result = new ArrayList(); + for (String el : codes) { + try { + result.add(Integer.parseInt(el)); + + } catch (NumberFormatException e) { + Logger.warn("EventCode: " + el + " is not a valid Integer."); + + } + } + + if (!result.isEmpty()) + return result; + + } + + } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { + Logger.error("Error during revisions-code load operationen." , e); + } + + return null; + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index 45eecec84..217efe927 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -286,7 +286,7 @@ public class DispatcherServlet extends AuthServlet{ //log information for security and process reversion MOAReversionLogger.getInstance().logEvent(MOAIDEventConstants.SESSION_CREATED, uniqueSessionIdentifier); MOAReversionLogger.getInstance().logEvent(MOAIDEventConstants.TRANSACTION_CREATED, protocolRequestID); - MOAReversionLogger.getInstance().logEvent(uniqueSessionIdentifier, protocolRequestID, MOAIDEventConstants.SESSION_IP, req.getRemoteAddr()); + MOAReversionLogger.getInstance().logEvent(uniqueSessionIdentifier, protocolRequestID, MOAIDEventConstants.TRANSACTION_IP, req.getRemoteAddr()); protocolRequest = info.preProcess(req, resp, action, uniqueSessionIdentifier, protocolRequestID); @@ -450,6 +450,9 @@ public class DispatcherServlet extends AuthServlet{ if (tryperform) MOAReversionLogger.getInstance().logEvent(protocolRequest.getOnlineApplicationConfiguration(), protocolRequest, MOAIDEventConstants.AUTHPROCESS_FINISHED); + else + MOAReversionLogger.getInstance().logEvent(protocolRequest.getOnlineApplicationConfiguration(), + protocolRequest, MOAIDEventConstants.AUTHPROTOCOL_TYPE, protocolRequest.requestedModule()); if (protocolRequest.forceAuth()) { if (!tryperform) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index f3c40707e..afc0d8451 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -532,6 +532,10 @@ public class AuthenticationManager extends MOAIDAuthConstants { //build and send request without an error requiredLocalAuthentication = false; + MOAReversionLogger.getInstance().logEvent(target.getOnlineApplicationConfiguration(), + target, MOAIDEventConstants.AUTHPROCESS_INTERFEDERATION_IDP, idpEntity.getEntityID()); + + } else { Logger.warn("Requested IDP " + target.getRequestedIDP() + " does not support POST or Redirect Binding."); diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java index ad34360d8..c798a525e 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java @@ -258,4 +258,9 @@ public final class MOAIDConfigurationConstants extends MOAIDConstants { public static final String GENERAL_AUTH_STORK_ATTRIBUTES_LIST = GENERAL_AUTH_STORK + ".attributes"; public static final String GENERAL_AUTH_STORK_ATTRIBUTES_LIST_NAME = "friendlyname"; public static final String GENERAL_AUTH_STORK_ATTRIBUTES_LIST_MANDATORY = "mandatory"; + + public static final String GENERAL_REVERSION = PREFIX_MOAID_GENERAL + ".reversion"; + public static final String GENERAL_REVERSION_LOGS_EVENTCODES = GENERAL_REVERSION + ".log.eventcodes"; + } + diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java index 32915f5e6..06dfc95d3 100644 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java +++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java @@ -62,7 +62,9 @@ import at.gv.egovernment.moa.id.config.stork.STORKConfig; import at.gv.egovernment.moa.id.config.stork.StorkAttribute; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventLog; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; +import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; @@ -123,11 +125,15 @@ public class CreateStorkAuthRequestFormTask extends AbstractAuthServletTask { } AuthenticationSession moasession = AuthenticationServer.getSession(sessionID); pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID); - + IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID); + if (StringUtils.isEmpty(moasession.getCcc())) { // illegal state; task should not have been executed without a selected country throw new AuthenticationException("stork.22", new Object[] { sessionID }); + } + MOAReversionLogger.getInstance().logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_STORK_REQUESTED); + STORKConfig storkConfig = AuthConfigurationProviderFactory.getInstance().getStorkConfig(); if (!storkConfig.isSTORKAuthentication(moasession.getCcc())) { throw new AuthenticationException("stork.23", new Object[] { moasession.getCcc(), sessionID }); @@ -140,7 +146,7 @@ public class CreateStorkAuthRequestFormTask extends AbstractAuthServletTask { executionContext.put(PROCESS_CTX_KEY_CPEPS_ISXMLSIGSUPPORTED, cpeps.isXMLSignatureSupported()); Logger.info("Starting STORK authentication for a citizen of country: " + moasession.getCcc()); - startSTORKAuthentication(req, resp, moasession); + startSTORKAuthentication(req, resp, moasession, pendingReq); } catch (MOAIDException ex) { throw new TaskExecutionException(ex.getMessage(), ex); @@ -161,6 +167,7 @@ public class CreateStorkAuthRequestFormTask extends AbstractAuthServletTask { * * @param req HttpServletRequest * @param resp HttpServletResponse + * @param pendingReq * @param ccc Citizen country code * @param oaURL URL of the online application * @param target Target parameter @@ -175,7 +182,7 @@ public class CreateStorkAuthRequestFormTask extends AbstractAuthServletTask { public void startSTORKAuthentication( HttpServletRequest req, HttpServletResponse resp, - AuthenticationSession moasession) throws MOAIDException, AuthenticationException, WrongParametersException, ConfigurationException { + AuthenticationSession moasession, IRequest pendingReq) throws MOAIDException, AuthenticationException, WrongParametersException, ConfigurationException { if (moasession == null) { throw new AuthenticationException("auth.18", new Object[]{}); @@ -378,7 +385,8 @@ public class CreateStorkAuthRequestFormTask extends AbstractAuthServletTask { } Logger.info("STORK AuthnRequest successfully successfully prepared for client with target location: " + authnRequest.getDestination()); - + MOAReversionLogger.getInstance().logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_REQUESTED, authnRequest.getDestination()); + // do PEPS-conform logging for easier evaluation try { // 2015-03-12 16:44:27.144#S-PEPS generates request to C-PEPS#spepsurl#cpepsurl#spapp#spdomain#citizen country#qaa#msghash#msg_id id1#id2# diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java index 10eeea97a..a631489be 100644 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java +++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java @@ -17,6 +17,8 @@ import org.apache.velocity.Template; import org.apache.velocity.VelocityContext; import org.apache.velocity.app.VelocityEngine; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; @@ -25,7 +27,9 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.stork.STORKException; +import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.moduls.ModulUtils; +import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.VelocityProvider; @@ -113,6 +117,8 @@ public class PepsConnectorHandleLocalSignResponseTask extends AbstractPepsConnec moaSessionID = AuthenticationSessionStoreage.changeSessionID(moaSession); pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID); + IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID); + Logger.info("pendingRequestID:" + pendingRequestID); String signResponseString = new String(Base64Utils.decode(signResponse, false), "UTF8"); Logger.info("RECEIVED signresponse:" + signResponseString); @@ -183,6 +189,9 @@ public class PepsConnectorHandleLocalSignResponseTask extends AbstractPepsConnec Logger.debug("Add full STORK AuthnResponse to MOA session"); moaSession.setStorkAuthnResponse(request.getParameter("SAMLResponse"));// TODO ask Florian/Thomas // authnResponse? + + MOAReversionLogger.getInstance().logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED); + moaSession.setForeigner(true); // session is implicit stored in changeSessionID!!!! diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java index fa1b0472c..01dad4ebb 100644 --- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java +++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java @@ -33,6 +33,8 @@ import org.opensaml.saml2.core.StatusCode; import org.w3c.dom.Element; import org.w3c.dom.Node; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; @@ -48,7 +50,9 @@ import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor; import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.moduls.ModulUtils; +import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; @@ -218,7 +222,8 @@ public class PepsConnectorTask extends AbstractAuthServletTask { // throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID, "auth.12"); pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID); - + IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID); + // load MOASession from database AuthenticationSession moaSession = AuthenticationServer.getSession(moaSessionID); // change MOASessionID @@ -340,6 +345,8 @@ public class PepsConnectorTask extends AbstractAuthServletTask { // //////////////////////////////////////////////////////////////////////// + MOAReversionLogger.getInstance().logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED); + AuthConfiguration config = AuthConfigurationProviderFactory.getInstance(); String citizenSignature = null; if(config.isStorkFakeIdLActive() && config.getStorkNoSignatureCountries().contains(storkAuthnRequest.getCitizenCountryCode()) && config.getStorkFakeIdLCountries().contains(storkAuthnRequest.getCitizenCountryCode())) { @@ -558,6 +565,8 @@ public class PepsConnectorTask extends AbstractAuthServletTask { Logger.error("SZR Gateway did not return an identity link."); throw new MOAIDException("stork.10", null); } + + MOAReversionLogger.getInstance().logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_IDL_RECEIVED); moaSession.setForeigner(true); Logger.info("Received Identity Link from SZR Gateway"); -- cgit v1.2.3