Example 6 with UserRequestImpl
use of org.olat.core.gui.UserRequestImpl in project OpenOLAT by OpenOLAT.
the class RestApiLoginFilter method followWithoutAuthentication.
private void followWithoutAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
UserSession uress = CoreSpringFactory.getImpl(UserSessionManager.class).getUserSessionIfAlreadySet(request);
if (uress != null && uress.isAuthenticated()) {
// is authenticated by session cookie, follow its current session
followSession(request, response, chain);
return;
}
String token = request.getHeader(RestSecurityHelper.SEC_TOKEN);
RestSecurityBean securityBean = (RestSecurityBean) CoreSpringFactory.getBean(RestSecurityBean.class);
if (StringHelper.containsNonWhitespace(token) && securityBean.isTokenRegistrated(token, request.getSession(true))) {
// is authenticated by token, follow its current token
followToken(token, request, response, chain);
return;
}
// fxdiff FXOLAT-113: business path in DMZ
UserRequest ureq = null;
try {
// upon creation URL is checked for
String requestURI = request.getRequestURI();
ureq = new UserRequestImpl(requestURI, request, response);
} catch (NumberFormatException nfe) {
response.sendError(401);
return;
}
request.setAttribute(RestSecurityHelper.SEC_USER_REQUEST, ureq);
// no authentication, but no authentication needed, go further
chain.doFilter(request, response);
}
Also used :
UserSessionManager(org.olat.core.util.session.UserSessionManager)
UserSession(org.olat.core.util.UserSession)
UserRequest(org.olat.core.gui.UserRequest)
UserRequestImpl(org.olat.core.gui.UserRequestImpl)
Example 7 with UserRequestImpl
use of org.olat.core.gui.UserRequestImpl in project OpenOLAT by OpenOLAT.
the class AuthenticatedDispatcher method execute.
/**
* Main method called by OpenOLATServlet. This processess all requests for
* authenticated users.
*
* @param request
* @param response
* @param uriPrefix
*/
@Override
public void execute(HttpServletRequest request, HttpServletResponse response) {
String uriPrefix = DispatcherModule.getLegacyUriPrefix(request);
UserSession usess = CoreSpringFactory.getImpl(UserSessionManager.class).getUserSession(request);
UserRequest ureq = null;
try {
// upon creation URL is checked for
ureq = new UserRequestImpl(uriPrefix, request, response);
} catch (NumberFormatException nfe) {
// a 404 message must be shown -> e.g. robots correct their links.
if (log.isDebug()) {
log.debug("Bad Request " + request.getPathInfo());
}
}
boolean auth = usess.isAuthenticated();
if (!auth) {
String guestAccess = ureq.getParameter(GUEST);
if (guestAccess == null || !CoreSpringFactory.getImpl(LoginModule.class).isGuestLoginEnabled()) {
String businessPath = extractBusinessPath(ureq, request, uriPrefix);
if (businessPath != null) {
usess.putEntryInNonClearedStore(AUTHDISPATCHER_BUSINESSPATH, businessPath);
}
redirectToDefaultDispatcher(request, response);
return;
} else if (guestAccess.equals(TRUE)) {
// try to log in as anonymous
// use the language from the lang parameter if available, otherwise use the system default locale
String guestLang = ureq.getParameter("language");
if (guestLang == null) {
// support for legacy lang parameter
guestLang = ureq.getParameter("lang");
}
Locale guestLoc;
if (guestLang == null) {
guestLoc = I18nModule.getDefaultLocale();
} else {
guestLoc = I18nManager.getInstance().getLocaleOrDefault(guestLang);
}
int loginStatus = AuthHelper.doAnonymousLogin(ureq, guestLoc);
if (loginStatus != AuthHelper.LOGIN_OK) {
if (loginStatus == AuthHelper.LOGIN_NOTAVAILABLE) {
DispatcherModule.redirectToServiceNotAvailable(response);
}
// error, redirect to login screen
redirectToDefaultDispatcher(request, response);
return;
}
// else now logged in as anonymous user, continue
}
}
// authenticated!
try {
// kill session if not secured via SSL
if (forceSecureAccessOnly && !request.isSecure()) {
SessionInfo sessionInfo = usess.getSessionInfo();
if (sessionInfo != null) {
HttpSession session = sessionInfo.getSession();
if (session != null) {
try {
session.invalidate();
} catch (IllegalStateException ise) {
// thrown when session already invalidated. fine. ignore.
}
}
}
redirectToDefaultDispatcher(request, response);
return;
}
SessionInfo sessionInfo = usess.getSessionInfo();
if (sessionInfo == null) {
redirectToDefaultDispatcher(request, response);
return;
}
if (userBasedLogLevelManager != null) {
userBasedLogLevelManager.activateUsernameBasedLogLevel(sessionInfo.getLogin());
}
sessionInfo.setLastClickTime();
String businessPath = (String) usess.removeEntryFromNonClearedStore(AUTHDISPATCHER_BUSINESSPATH);
if (businessPath != null) {
processBusinessPath(businessPath, ureq, usess);
} else if (ureq.isValidDispatchURI()) {
// valid uri for dispatching (has timestamp, componentid and windowid)
processValidDispatchURI(ureq, usess, request, response);
} else {
businessPath = extractBusinessPath(ureq, request, uriPrefix);
if (businessPath == null) {
processBusinessPath("", ureq, usess);
} else {
processBusinessPath(businessPath, ureq, usess);
}
}
} catch (InvalidRequestParameterException e) {
try {
response.sendError(HttpServletResponse.SC_BAD_REQUEST);
} catch (IOException e1) {
log.error("An exception occured while handling the invalid request parameter exception...", e1);
}
} catch (Throwable th) {
// Do not log as Warn or Error here, log as ERROR in MsgFactory => ExceptionWindowController throws an OLATRuntimeException
log.debug("handleError in AuthenticatedDispatcher throwable=" + th);
DispatcherModule.handleError();
ChiefController msgcc = MsgFactory.createMessageChiefController(ureq, th);
// the controller's window must be failsafe also
msgcc.getWindow().dispatchRequest(ureq, true);
// do not dispatch (render only), since this is a new Window created as
// a result of another window's click.
} finally {
if (userBasedLogLevelManager != null) {
userBasedLogLevelManager.deactivateUsernameBasedLogLevel();
}
}
}
Also used :
Locale(java.util.Locale)
HttpSession(javax.servlet.http.HttpSession)
SessionInfo(org.olat.core.util.SessionInfo)
LoginModule(org.olat.login.LoginModule)
IOException(java.io.IOException)
ChiefController(org.olat.core.gui.control.ChiefController)
UserSessionManager(org.olat.core.util.session.UserSessionManager)
InvalidRequestParameterException(org.olat.core.gui.components.form.flexible.impl.InvalidRequestParameterException)
UserSession(org.olat.core.util.UserSession)
UserRequest(org.olat.core.gui.UserRequest)
UserRequestImpl(org.olat.core.gui.UserRequestImpl)
Example 8 with UserRequestImpl
use of org.olat.core.gui.UserRequestImpl in project OpenOLAT by OpenOLAT.
the class OAuthDispatcher method execute.
@Override
public void execute(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String uri = request.getRequestURI();
try {
uri = URLDecoder.decode(uri, "UTF-8");
} catch (UnsupportedEncodingException e) {
throw new AssertException("UTF-8 encoding not supported!!!!");
}
String uriPrefix = DispatcherModule.getLegacyUriPrefix(request);
uri = uri.substring(uriPrefix.length());
UserRequest ureq = null;
try {
// upon creation URL is checked for
ureq = new UserRequestImpl(uriPrefix, request, response);
} catch (NumberFormatException nfe) {
if (log.isDebug()) {
log.debug("Bad Request " + request.getPathInfo());
}
DispatcherModule.sendBadRequest(request.getPathInfo(), response);
return;
}
String error = request.getParameter("error");
if (null != error) {
error(ureq, translateOauthError(ureq, error));
return;
}
String problem = request.getParameter("oauth_problem");
if (problem != null && "token_rejected".equals(problem.trim())) {
error(ureq, translateOauthError(ureq, error));
return;
}
try {
HttpSession sess = request.getSession();
// OAuth 2.0 hasn't any request token
Token requestToken = (Token) sess.getAttribute(OAuthConstants.REQUEST_TOKEN);
OAuthService service = (OAuthService) sess.getAttribute(OAuthConstants.OAUTH_SERVICE);
OAuthSPI provider = (OAuthSPI) sess.getAttribute(OAuthConstants.OAUTH_SPI);
Token accessToken;
if (provider == null) {
log.audit("OAuth Login failed, no provider in request");
DispatcherModule.redirectToDefaultDispatcher(response);
return;
} else if (provider.isImplicitWorkflow()) {
String idToken = ureq.getParameter("id_token");
if (idToken == null) {
redirectImplicitWorkflow(ureq);
return;
} else {
Verifier verifier = OpenIDVerifier.create(ureq, sess);
accessToken = service.getAccessToken(requestToken, verifier);
}
} else {
String requestVerifier = request.getParameter("oauth_verifier");
if (requestVerifier == null) {
// OAuth 2.0 as a code
requestVerifier = request.getParameter("code");
}
accessToken = service.getAccessToken(requestToken, new Verifier(requestVerifier));
}
OAuthUser infos = provider.getUser(service, accessToken);
if (infos == null || !StringHelper.containsNonWhitespace(infos.getId())) {
error(ureq, translate(ureq, "error.no.id"));
log.error("OAuth Login failed, no infos extracted from access token: " + accessToken);
return;
}
OAuthRegistration registration = new OAuthRegistration(provider.getProviderName(), infos);
login(infos, registration);
if (provider instanceof OAuthUserCreator) {
Identity newIdentity;
OAuthUserCreator userCreator = (OAuthUserCreator) provider;
if (registration.getIdentity() == null) {
newIdentity = userCreator.createUser(infos);
} else {
newIdentity = userCreator.updateUser(infos, registration.getIdentity());
}
if (newIdentity != null) {
registration.setIdentity(newIdentity);
}
}
if (registration.getIdentity() == null) {
if (CoreSpringFactory.getImpl(OAuthLoginModule.class).isAllowUserCreation()) {
register(request, response, registration);
} else {
error(ureq, translate(ureq, "error.account.creation"));
log.error("OAuth Login ok but the user has not an account on OpenOLAT: " + infos);
}
} else {
if (ureq.getUserSession() != null) {
// re-init the activity logger
ThreadLocalUserActivityLoggerInstaller.initUserActivityLogger(request);
}
Identity identity = registration.getIdentity();
int loginStatus = AuthHelper.doLogin(identity, provider.getProviderName(), ureq);
if (loginStatus != AuthHelper.LOGIN_OK) {
if (loginStatus == AuthHelper.LOGIN_NOTAVAILABLE) {
DispatcherModule.redirectToServiceNotAvailable(response);
} else {
// error, redirect to login screen
DispatcherModule.redirectToDefaultDispatcher(response);
}
} else {
// update last login date and register active user
UserDeletionManager.getInstance().setIdentityAsActiv(identity);
MediaResource mr = ureq.getDispatchResult().getResultingMediaResource();
if (mr instanceof RedirectMediaResource) {
RedirectMediaResource rmr = (RedirectMediaResource) mr;
rmr.prepare(response);
} else {
// error, redirect to login screen
DispatcherModule.redirectToDefaultDispatcher(response);
}
}
}
} catch (Exception e) {
log.error("Unexpected error", e);
error(ureq, translate(ureq, "error.generic"));
}
}
Also used :
AssertException(org.olat.core.logging.AssertException)
HttpSession(javax.servlet.http.HttpSession)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
Token(org.scribe.model.Token)
OpenIDVerifier(org.olat.login.oauth.spi.OpenIDVerifier)
Verifier(org.scribe.model.Verifier)
AssertException(org.olat.core.logging.AssertException)
ServletException(javax.servlet.ServletException)
IOException(java.io.IOException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
OAuthService(org.scribe.oauth.OAuthService)
OAuthUser(org.olat.login.oauth.model.OAuthUser)
OAuthRegistration(org.olat.login.oauth.model.OAuthRegistration)
RedirectMediaResource(org.olat.core.gui.media.RedirectMediaResource)
MediaResource(org.olat.core.gui.media.MediaResource)
RedirectMediaResource(org.olat.core.gui.media.RedirectMediaResource)
Identity(org.olat.core.id.Identity)
UserRequest(org.olat.core.gui.UserRequest)
UserRequestImpl(org.olat.core.gui.UserRequestImpl)
Example 9 with UserRequestImpl
use of org.olat.core.gui.UserRequestImpl in project OpenOLAT by OpenOLAT.
the class MathWebDispatcher method execute.
@Override
public void execute(HttpServletRequest request, HttpServletResponse response) {
UserRequest ureq = null;
try {
// upon creation URL is checked for
ureq = new UserRequestImpl("math", request, response);
} catch (NumberFormatException nfe) {
DispatcherModule.sendBadRequest(request.getPathInfo(), response);
return;
}
String asciiMathInput = ureq.getParameter("input");
Map<String, String> upConvertedAsciiMathInput;
if (StringHelper.containsNonWhitespace(asciiMathInput)) {
XsltStylesheetCache stylesheetCache = CoreSpringFactory.getImpl(QTI21Service.class).getXsltStylesheetCache();
AsciiMathHelper asciiMathHelper = new AsciiMathHelper(new XsltStylesheetCacheAdapter(stylesheetCache));
upConvertedAsciiMathInput = asciiMathHelper.upConvertAsciiMathInput(asciiMathInput);
} else {
upConvertedAsciiMathInput = Collections.emptyMap();
}
try {
JSONObject object = new JSONObject();
for (Map.Entry<String, String> entry : upConvertedAsciiMathInput.entrySet()) {
object.append(entry.getKey(), entry.getValue());
}
object.write(response.getWriter());
} catch (JSONException | IOException e) {
log.error("", e);
}
}
Also used :
AsciiMathHelper(uk.ac.ed.ph.qtiworks.mathassess.glue.AsciiMathHelper)
XsltStylesheetCacheAdapter(uk.ac.ed.ph.qtiworks.mathassess.XsltStylesheetCacheAdapter)
JSONException(org.json.JSONException)
IOException(java.io.IOException)
XsltStylesheetCache(uk.ac.ed.ph.jqtiplus.xmlutils.xslt.XsltStylesheetCache)
QTI21Service(org.olat.ims.qti21.QTI21Service)
JSONObject(org.json.JSONObject)
Map(java.util.Map)
UserRequest(org.olat.core.gui.UserRequest)
UserRequestImpl(org.olat.core.gui.UserRequestImpl)
Example 10 with UserRequestImpl
use of org.olat.core.gui.UserRequestImpl in project openolat by klemens.
the class MathWebDispatcher method execute.
@Override
public void execute(HttpServletRequest request, HttpServletResponse response) {
UserRequest ureq = null;
try {
// upon creation URL is checked for
ureq = new UserRequestImpl("math", request, response);
} catch (NumberFormatException nfe) {
DispatcherModule.sendBadRequest(request.getPathInfo(), response);
return;
}
String asciiMathInput = ureq.getParameter("input");
Map<String, String> upConvertedAsciiMathInput;
if (StringHelper.containsNonWhitespace(asciiMathInput)) {
XsltStylesheetCache stylesheetCache = CoreSpringFactory.getImpl(QTI21Service.class).getXsltStylesheetCache();
AsciiMathHelper asciiMathHelper = new AsciiMathHelper(new XsltStylesheetCacheAdapter(stylesheetCache));
upConvertedAsciiMathInput = asciiMathHelper.upConvertAsciiMathInput(asciiMathInput);
} else {
upConvertedAsciiMathInput = Collections.emptyMap();
}
try {
JSONObject object = new JSONObject();
for (Map.Entry<String, String> entry : upConvertedAsciiMathInput.entrySet()) {
object.append(entry.getKey(), entry.getValue());
}
object.write(response.getWriter());
} catch (JSONException | IOException e) {
log.error("", e);
}
}
Also used :
AsciiMathHelper(uk.ac.ed.ph.qtiworks.mathassess.glue.AsciiMathHelper)
XsltStylesheetCacheAdapter(uk.ac.ed.ph.qtiworks.mathassess.XsltStylesheetCacheAdapter)
JSONException(org.json.JSONException)
IOException(java.io.IOException)
XsltStylesheetCache(uk.ac.ed.ph.jqtiplus.xmlutils.xslt.XsltStylesheetCache)
QTI21Service(org.olat.ims.qti21.QTI21Service)
JSONObject(org.json.JSONObject)
Map(java.util.Map)
UserRequest(org.olat.core.gui.UserRequest)
UserRequestImpl(org.olat.core.gui.UserRequestImpl)
Aggregations
UserRequest (org.olat.core.gui.UserRequest)30
UserRequestImpl (org.olat.core.gui.UserRequestImpl)30
UserSession (org.olat.core.util.UserSession)16
UserSessionManager (org.olat.core.util.session.UserSessionManager)14
Identity (org.olat.core.id.Identity)12
IOException (java.io.IOException)10
ChiefController (org.olat.core.gui.control.ChiefController)10
HttpSession (javax.servlet.http.HttpSession)8
UnsupportedEncodingException (java.io.UnsupportedEncodingException)6
UnknownHostException (java.net.UnknownHostException)4
Locale (java.util.Locale)4
ServletException (javax.servlet.ServletException)4
Windows (org.olat.core.gui.Windows)4
Window (org.olat.core.gui.components.Window)4
InvalidRequestParameterException (org.olat.core.gui.components.form.flexible.impl.InvalidRequestParameterException)4
MediaResource (org.olat.core.gui.media.MediaResource)4
RedirectMediaResource (org.olat.core.gui.media.RedirectMediaResource)4
SessionInfo (org.olat.core.util.SessionInfo)4
LoginModule (org.olat.login.LoginModule)4
OLATAuthManager (org.olat.login.auth.OLATAuthManager)4
