Examples with UserRequestImpl org.olat.core.gui.UserRequestImpl used on opensource projects

Example 1 with UserRequestImpl

use of org.olat.core.gui.UserRequestImpl in project OpenOLAT by OpenOLAT.

the class ShibbolethDispatcher method handleException.

/**
 * It first tries to catch the frequent SAMLExceptions and to ask the user to login again.
 * It basically lets the user to login again without getting a RedScreen if one of the most
 * frequent shibboleth error occurs. Else a RedScreen is the last option.
 * @param e
 * @param req
 * @param resp
 */
private void handleException(Throwable e, HttpServletRequest req, HttpServletResponse resp, Translator transl) {
    UserRequest ureq = new UserRequestImpl(ShibbolethDispatcher.PATH_SHIBBOLETH, req, resp);
    if (e instanceof ShibbolethException) {
        String userMsg = "";
        int errorCode = ((ShibbolethException) e).getErrorCode();
        switch(errorCode) {
            case ShibbolethException.GENERAL_SAML_ERROR:
                userMsg = transl.translate("error.shibboleth.generic");
                break;
            case ShibbolethException.UNIQUE_ID_NOT_FOUND:
                userMsg = transl.translate("error.unqueid.notfound");
                break;
            default:
                userMsg = transl.translate("error.shibboleth.generic");
                break;
        }
        showMessage(ureq, "org.opensaml.SAMLException: " + e.getMessage(), e, userMsg, ((ShibbolethException) e).getContactPersonEmail());
        return;
    } else {
        try {
            ChiefController msgcc = MsgFactory.createMessageChiefController(ureq, new OLATRuntimeException("Error processing Shibboleth request: " + e.getMessage(), e), false);
            msgcc.getWindow().dispatchRequest(ureq, true);
        } catch (Throwable t) {
            log.error("We're fucked up....", t);
        }
    }
}

Example 2 with UserRequestImpl

use of org.olat.core.gui.UserRequestImpl in project OpenOLAT by OpenOLAT.

the class ShibbolethDispatcher method authorization.

private boolean authorization(HttpServletRequest req, HttpServletResponse resp, ShibbolethAttributes shibbolethAttibutes) {
    boolean authorized = false;
    if (shibbolethModule.isAccessControlByAttributes()) {
        if (StringHelper.containsNonWhitespace(shibbolethModule.getAttribute1()) && StringHelper.containsNonWhitespace(shibbolethModule.getAttribute1Values())) {
            authorized |= authorization(shibbolethModule.getAttribute1(), shibbolethModule.getAttribute1Values(), shibbolethAttibutes);
        }
        if (StringHelper.containsNonWhitespace(shibbolethModule.getAttribute2()) && StringHelper.containsNonWhitespace(shibbolethModule.getAttribute2Values())) {
            authorized |= authorization(shibbolethModule.getAttribute2(), shibbolethModule.getAttribute2Values(), shibbolethAttibutes);
        }
    } else {
        authorized = true;
    }
    if (!authorized) {
        UserRequest ureq = new UserRequestImpl(ShibbolethDispatcher.PATH_SHIBBOLETH, req, resp);
        String userMsg = translator.translate("error.shibboleth.not.authorized");
        ChiefController msgcc = MessageWindowController.createMessageChiefController(ureq, null, userMsg, null);
        msgcc.getWindow().dispatchRequest(ureq, true);
    }
    return authorized;
}

Example 3 with UserRequestImpl

use of org.olat.core.gui.UserRequestImpl in project OpenOLAT by OpenOLAT.

the class RestApiLoginFilter method isBasicAuthenticated.

private boolean isBasicAuthenticated(HttpServletRequest request, HttpServletResponse response, String requestURI) {
    String authHeader = request.getHeader("Authorization");
    if (authHeader != null) {
        StringTokenizer st = new StringTokenizer(authHeader);
        if (st.hasMoreTokens()) {
            String basic = st.nextToken();
            // We only handle HTTP Basic authentication
            if (basic.equalsIgnoreCase("Basic")) {
                String credentials = st.nextToken();
                String userPass = StringHelper.decodeBase64(credentials);
                // The decoded string is in the form "userID:password".
                int p = userPass.indexOf(":");
                if (p != -1) {
                    String username = userPass.substring(0, p);
                    String password = userPass.substring(p + 1);
                    OLATAuthManager olatAuthenticationSpi = CoreSpringFactory.getImpl(OLATAuthManager.class);
                    Identity identity = olatAuthenticationSpi.authenticate(null, username, password);
                    if (identity == null) {
                        return false;
                    }
                    UserRequest ureq = null;
                    try {
                        // upon creation URL is checked for
                        ureq = new UserRequestImpl(requestURI, request, response);
                    } catch (NumberFormatException nfe) {
                        return false;
                    }
                    request.setAttribute(RestSecurityHelper.SEC_USER_REQUEST, ureq);
                    int loginStatus = AuthHelper.doHeadlessLogin(identity, BaseSecurityModule.getDefaultAuthProviderIdentifier(), ureq, true);
                    if (loginStatus == AuthHelper.LOGIN_OK) {
                        UserDeletionManager.getInstance().setIdentityAsActiv(identity);
                        // Forge a new security token
                        RestSecurityBean securityBean = CoreSpringFactory.getImpl(RestSecurityBean.class);
                        String token = securityBean.generateToken(identity, request.getSession());
                        response.setHeader(RestSecurityHelper.SEC_TOKEN, token);
                    }
                    return true;
                }
            }
        }
    }
    return false;
}

Example 4 with UserRequestImpl

use of org.olat.core.gui.UserRequestImpl in project OpenOLAT by OpenOLAT.

the class RestApiLoginFilter method followSession.

private void followSession(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
    UserSession uress = CoreSpringFactory.getImpl(UserSessionManager.class).getUserSessionIfAlreadySet(request);
    if (uress != null && uress.isAuthenticated()) {
        UserRequest ureq = null;
        try {
            // upon creation URL is checked for
            String requestURI = request.getRequestURI();
            ureq = new UserRequestImpl(requestURI, request, response);
        } catch (NumberFormatException nfe) {
            response.sendError(401);
            return;
        }
        request.setAttribute(RestSecurityHelper.SEC_USER_REQUEST, ureq);
        synchronized (uress) {
            chain.doFilter(request, response);
        }
    } else {
        response.sendError(401);
    }
}

Example 5 with UserRequestImpl

use of org.olat.core.gui.UserRequestImpl in project OpenOLAT by OpenOLAT.

the class RestApiLoginFilter method followForAuthentication.

private void followForAuthentication(String requestURI, UserSession uress, HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
    // create a session for login without security check
    if (uress == null) {
        uress = CoreSpringFactory.getImpl(UserSessionManager.class).getUserSession(request);
    }
    UserRequest ureq = null;
    try {
        // upon creation URL is checked for
        ureq = new UserRequestImpl(requestURI, request, response);
    } catch (NumberFormatException nfe) {
        response.sendError(401);
        return;
    }
    request.setAttribute(RestSecurityHelper.SEC_USER_REQUEST, ureq);
    chain.doFilter(request, response);
}