/* * Copyright 2014 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. * * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by * the European Commission - subsequent versions of the EUPL (the "Licence"); * You may not use this work except in compliance with the Licence. * You may obtain a copy of the Licence at: * http://www.osor.eu/eupl/ * * Unless required by applicable law or agreed to in writing, software * distributed under the Licence is distributed on an "AS IS" basis, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Licence for the specific language governing permissions and * limitations under the Licence. * * This product combines work with different licenses. See the "NOTICE" text * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. */ package at.gv.egovernment.moa.id.auth.servlet.interceptor; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang3.StringUtils; import org.apache.commons.text.StringEscapeUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.servlet.HandlerInterceptor; import org.springframework.web.servlet.ModelAndView; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.IRequestStorage; import at.gv.egiz.eaaf.core.api.data.EAAFConstants; import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils; import at.gv.egovernment.moa.id.moduls.SSOManager; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moaspss.logging.Logger; /** * @author tlenz * */ public class UniqueSessionIdentifierInterceptor implements HandlerInterceptor { @Autowired private IRequestStorage requestStorage; @Autowired(required=false) private SSOManager ssomanager; /* (non-Javadoc) * @see org.springframework.web.servlet.HandlerInterceptor#preHandle(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.Object) */ @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { String uniqueSessionIdentifier = null; Logger.trace("PreProcess req. in " + UniqueSessionIdentifierInterceptor.class.getName()); //if SSOManager is available, search SessionIdentifier in SSO session if (ssomanager != null) { String ssoId = ssomanager.getSSOSessionID(request); uniqueSessionIdentifier = ssomanager.getUniqueSessionIdentifier(ssoId); } // search SessionIdentifier in PendingRequest if available if (MiscUtil.isEmpty(uniqueSessionIdentifier)) { String pendingReqId = StringEscapeUtils.escapeHtml4( request.getParameter(EAAFConstants.PARAM_HTTP_TARGET_PENDINGREQUESTID)); if (StringUtils.isNotEmpty(pendingReqId)) { IRequest pendingReq = requestStorage.getPendingRequest(pendingReqId); if (pendingReq != null) uniqueSessionIdentifier = pendingReq.getUniqueSessionIdentifier(); } } //if NO SSOSession and no PendingRequest create new SessionIdentifier if (StringUtils.isEmpty(uniqueSessionIdentifier)) { uniqueSessionIdentifier = Random.nextHexRandom16(); Logger.debug("Set new UniqueSessionIdentifier: " + uniqueSessionIdentifier); } TransactionIDUtils.setSessionId(uniqueSessionIdentifier); request.setAttribute(EAAFConstants.UNIQUESESSIONIDENTIFIER, uniqueSessionIdentifier); return true; } /* (non-Javadoc) * @see org.springframework.web.servlet.HandlerInterceptor#postHandle(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.Object, org.springframework.web.servlet.ModelAndView) */ @Override public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception { } /* (non-Javadoc) * @see org.springframework.web.servlet.HandlerInterceptor#afterCompletion(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.Object, java.lang.Exception) */ @Override public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception { TransactionIDUtils.removeAllLoggingVariables(); } }