Examples with UserRequest org.olat.core.gui.UserRequest used on opensource projects

Example 21 with UserRequest

use of org.olat.core.gui.UserRequest in project OpenOLAT by OpenOLAT.

the class Authentication method loginWithPassword.

private Response loginWithPassword(String username, String password, HttpServletRequest httpRequest) {
    UserRequest ureq = RestSecurityHelper.getUserRequest(httpRequest);
    OLATAuthManager olatAuthenticationSpi = CoreSpringFactory.getImpl(OLATAuthManager.class);
    Identity identity = olatAuthenticationSpi.authenticate(null, username, password);
    if (identity == null) {
        return Response.serverError().status(Status.UNAUTHORIZED).build();
    }
    int loginStatus = AuthHelper.doHeadlessLogin(identity, BaseSecurityModule.getDefaultAuthProviderIdentifier(), ureq, true);
    if (loginStatus == AuthHelper.LOGIN_OK) {
        // fxdiff: FXOLAT-268 update last login date and register active user
        UserDeletionManager.getInstance().setIdentityAsActiv(identity);
        // Forge a new security token
        RestSecurityBean securityBean = CoreSpringFactory.getImpl(RestSecurityBean.class);
        String token = securityBean.generateToken(identity, httpRequest.getSession(true));
        return Response.ok("<hello identityKey=\"" + identity.getKey() + "\">Hello " + username + "</hello>", MediaType.APPLICATION_XML).header(RestSecurityHelper.SEC_TOKEN, token).build();
    }
    return Response.serverError().status(Status.UNAUTHORIZED).build();
}

Example 22 with UserRequest

use of org.olat.core.gui.UserRequest in project OpenOLAT by OpenOLAT.

the class RestApiLoginFilter method isBasicAuthenticated.

private boolean isBasicAuthenticated(HttpServletRequest request, HttpServletResponse response, String requestURI) {
    String authHeader = request.getHeader("Authorization");
    if (authHeader != null) {
        StringTokenizer st = new StringTokenizer(authHeader);
        if (st.hasMoreTokens()) {
            String basic = st.nextToken();
            // We only handle HTTP Basic authentication
            if (basic.equalsIgnoreCase("Basic")) {
                String credentials = st.nextToken();
                String userPass = StringHelper.decodeBase64(credentials);
                // The decoded string is in the form "userID:password".
                int p = userPass.indexOf(":");
                if (p != -1) {
                    String username = userPass.substring(0, p);
                    String password = userPass.substring(p + 1);
                    OLATAuthManager olatAuthenticationSpi = CoreSpringFactory.getImpl(OLATAuthManager.class);
                    Identity identity = olatAuthenticationSpi.authenticate(null, username, password);
                    if (identity == null) {
                        return false;
                    }
                    UserRequest ureq = null;
                    try {
                        // upon creation URL is checked for
                        ureq = new UserRequestImpl(requestURI, request, response);
                    } catch (NumberFormatException nfe) {
                        return false;
                    }
                    request.setAttribute(RestSecurityHelper.SEC_USER_REQUEST, ureq);
                    int loginStatus = AuthHelper.doHeadlessLogin(identity, BaseSecurityModule.getDefaultAuthProviderIdentifier(), ureq, true);
                    if (loginStatus == AuthHelper.LOGIN_OK) {
                        UserDeletionManager.getInstance().setIdentityAsActiv(identity);
                        // Forge a new security token
                        RestSecurityBean securityBean = CoreSpringFactory.getImpl(RestSecurityBean.class);
                        String token = securityBean.generateToken(identity, request.getSession());
                        response.setHeader(RestSecurityHelper.SEC_TOKEN, token);
                    }
                    return true;
                }
            }
        }
    }
    return false;
}

Example 23 with UserRequest

use of org.olat.core.gui.UserRequest in project OpenOLAT by OpenOLAT.

the class RestApiLoginFilter method followSession.

private void followSession(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
    UserSession uress = CoreSpringFactory.getImpl(UserSessionManager.class).getUserSessionIfAlreadySet(request);
    if (uress != null && uress.isAuthenticated()) {
        UserRequest ureq = null;
        try {
            // upon creation URL is checked for
            String requestURI = request.getRequestURI();
            ureq = new UserRequestImpl(requestURI, request, response);
        } catch (NumberFormatException nfe) {
            response.sendError(401);
            return;
        }
        request.setAttribute(RestSecurityHelper.SEC_USER_REQUEST, ureq);
        synchronized (uress) {
            chain.doFilter(request, response);
        }
    } else {
        response.sendError(401);
    }
}

Example 24 with UserRequest

use of org.olat.core.gui.UserRequest in project OpenOLAT by OpenOLAT.

the class RestApiLoginFilter method followForAuthentication.

private void followForAuthentication(String requestURI, UserSession uress, HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
    // create a session for login without security check
    if (uress == null) {
        uress = CoreSpringFactory.getImpl(UserSessionManager.class).getUserSession(request);
    }
    UserRequest ureq = null;
    try {
        // upon creation URL is checked for
        ureq = new UserRequestImpl(requestURI, request, response);
    } catch (NumberFormatException nfe) {
        response.sendError(401);
        return;
    }
    request.setAttribute(RestSecurityHelper.SEC_USER_REQUEST, ureq);
    chain.doFilter(request, response);
}

Example 25 with UserRequest

use of org.olat.core.gui.UserRequest in project OpenOLAT by OpenOLAT.

the class RestApiLoginFilter method followWithoutAuthentication.

private void followWithoutAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
    UserSession uress = CoreSpringFactory.getImpl(UserSessionManager.class).getUserSessionIfAlreadySet(request);
    if (uress != null && uress.isAuthenticated()) {
        // is authenticated by session cookie, follow its current session
        followSession(request, response, chain);
        return;
    }
    String token = request.getHeader(RestSecurityHelper.SEC_TOKEN);
    RestSecurityBean securityBean = (RestSecurityBean) CoreSpringFactory.getBean(RestSecurityBean.class);
    if (StringHelper.containsNonWhitespace(token) && securityBean.isTokenRegistrated(token, request.getSession(true))) {
        // is authenticated by token, follow its current token
        followToken(token, request, response, chain);
        return;
    }
    // fxdiff FXOLAT-113: business path in DMZ
    UserRequest ureq = null;
    try {
        // upon creation URL is checked for
        String requestURI = request.getRequestURI();
        ureq = new UserRequestImpl(requestURI, request, response);
    } catch (NumberFormatException nfe) {
        response.sendError(401);
        return;
    }
    request.setAttribute(RestSecurityHelper.SEC_USER_REQUEST, ureq);
    // no authentication, but no authentication needed, go further
    chain.doFilter(request, response);
}