use of org.olat.core.gui.UserRequestImpl in project OpenOLAT by OpenOLAT.
the class RestApiLoginFilter method followWithoutAuthentication.
private void followWithoutAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
UserSession uress = CoreSpringFactory.getImpl(UserSessionManager.class).getUserSessionIfAlreadySet(request);
if (uress != null && uress.isAuthenticated()) {
// is authenticated by session cookie, follow its current session
followSession(request, response, chain);
return;
}
String token = request.getHeader(RestSecurityHelper.SEC_TOKEN);
RestSecurityBean securityBean = (RestSecurityBean) CoreSpringFactory.getBean(RestSecurityBean.class);
if (StringHelper.containsNonWhitespace(token) && securityBean.isTokenRegistrated(token, request.getSession(true))) {
// is authenticated by token, follow its current token
followToken(token, request, response, chain);
return;
}
// fxdiff FXOLAT-113: business path in DMZ
UserRequest ureq = null;
try {
// upon creation URL is checked for
String requestURI = request.getRequestURI();
ureq = new UserRequestImpl(requestURI, request, response);
} catch (NumberFormatException nfe) {
response.sendError(401);
return;
}
request.setAttribute(RestSecurityHelper.SEC_USER_REQUEST, ureq);
// no authentication, but no authentication needed, go further
chain.doFilter(request, response);
}
use of org.olat.core.gui.UserRequestImpl in project OpenOLAT by OpenOLAT.
the class AuthenticatedDispatcher method execute.
/**
* Main method called by OpenOLATServlet. This processess all requests for
* authenticated users.
*
* @param request
* @param response
* @param uriPrefix
*/
@Override
public void execute(HttpServletRequest request, HttpServletResponse response) {
String uriPrefix = DispatcherModule.getLegacyUriPrefix(request);
UserSession usess = CoreSpringFactory.getImpl(UserSessionManager.class).getUserSession(request);
UserRequest ureq = null;
try {
// upon creation URL is checked for
ureq = new UserRequestImpl(uriPrefix, request, response);
} catch (NumberFormatException nfe) {
// a 404 message must be shown -> e.g. robots correct their links.
if (log.isDebug()) {
log.debug("Bad Request " + request.getPathInfo());
}
}
boolean auth = usess.isAuthenticated();
if (!auth) {
String guestAccess = ureq.getParameter(GUEST);
if (guestAccess == null || !CoreSpringFactory.getImpl(LoginModule.class).isGuestLoginEnabled()) {
String businessPath = extractBusinessPath(ureq, request, uriPrefix);
if (businessPath != null) {
usess.putEntryInNonClearedStore(AUTHDISPATCHER_BUSINESSPATH, businessPath);
}
redirectToDefaultDispatcher(request, response);
return;
} else if (guestAccess.equals(TRUE)) {
// try to log in as anonymous
// use the language from the lang parameter if available, otherwise use the system default locale
String guestLang = ureq.getParameter("language");
if (guestLang == null) {
// support for legacy lang parameter
guestLang = ureq.getParameter("lang");
}
Locale guestLoc;
if (guestLang == null) {
guestLoc = I18nModule.getDefaultLocale();
} else {
guestLoc = I18nManager.getInstance().getLocaleOrDefault(guestLang);
}
int loginStatus = AuthHelper.doAnonymousLogin(ureq, guestLoc);
if (loginStatus != AuthHelper.LOGIN_OK) {
if (loginStatus == AuthHelper.LOGIN_NOTAVAILABLE) {
DispatcherModule.redirectToServiceNotAvailable(response);
}
// error, redirect to login screen
redirectToDefaultDispatcher(request, response);
return;
}
// else now logged in as anonymous user, continue
}
}
// authenticated!
try {
// kill session if not secured via SSL
if (forceSecureAccessOnly && !request.isSecure()) {
SessionInfo sessionInfo = usess.getSessionInfo();
if (sessionInfo != null) {
HttpSession session = sessionInfo.getSession();
if (session != null) {
try {
session.invalidate();
} catch (IllegalStateException ise) {
// thrown when session already invalidated. fine. ignore.
}
}
}
redirectToDefaultDispatcher(request, response);
return;
}
SessionInfo sessionInfo = usess.getSessionInfo();
if (sessionInfo == null) {
redirectToDefaultDispatcher(request, response);
return;
}
if (userBasedLogLevelManager != null) {
userBasedLogLevelManager.activateUsernameBasedLogLevel(sessionInfo.getLogin());
}
sessionInfo.setLastClickTime();
String businessPath = (String) usess.removeEntryFromNonClearedStore(AUTHDISPATCHER_BUSINESSPATH);
if (businessPath != null) {
processBusinessPath(businessPath, ureq, usess);
} else if (ureq.isValidDispatchURI()) {
// valid uri for dispatching (has timestamp, componentid and windowid)
processValidDispatchURI(ureq, usess, request, response);
} else {
businessPath = extractBusinessPath(ureq, request, uriPrefix);
if (businessPath == null) {
processBusinessPath("", ureq, usess);
} else {
processBusinessPath(businessPath, ureq, usess);
}
}
} catch (InvalidRequestParameterException e) {
try {
response.sendError(HttpServletResponse.SC_BAD_REQUEST);
} catch (IOException e1) {
log.error("An exception occured while handling the invalid request parameter exception...", e1);
}
} catch (Throwable th) {
// Do not log as Warn or Error here, log as ERROR in MsgFactory => ExceptionWindowController throws an OLATRuntimeException
log.debug("handleError in AuthenticatedDispatcher throwable=" + th);
DispatcherModule.handleError();
ChiefController msgcc = MsgFactory.createMessageChiefController(ureq, th);
// the controller's window must be failsafe also
msgcc.getWindow().dispatchRequest(ureq, true);
// do not dispatch (render only), since this is a new Window created as
// a result of another window's click.
} finally {
if (userBasedLogLevelManager != null) {
userBasedLogLevelManager.deactivateUsernameBasedLogLevel();
}
}
}
use of org.olat.core.gui.UserRequestImpl in project OpenOLAT by OpenOLAT.
the class OAuthDispatcher method execute.
@Override
public void execute(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String uri = request.getRequestURI();
try {
uri = URLDecoder.decode(uri, "UTF-8");
} catch (UnsupportedEncodingException e) {
throw new AssertException("UTF-8 encoding not supported!!!!");
}
String uriPrefix = DispatcherModule.getLegacyUriPrefix(request);
uri = uri.substring(uriPrefix.length());
UserRequest ureq = null;
try {
// upon creation URL is checked for
ureq = new UserRequestImpl(uriPrefix, request, response);
} catch (NumberFormatException nfe) {
if (log.isDebug()) {
log.debug("Bad Request " + request.getPathInfo());
}
DispatcherModule.sendBadRequest(request.getPathInfo(), response);
return;
}
String error = request.getParameter("error");
if (null != error) {
error(ureq, translateOauthError(ureq, error));
return;
}
String problem = request.getParameter("oauth_problem");
if (problem != null && "token_rejected".equals(problem.trim())) {
error(ureq, translateOauthError(ureq, error));
return;
}
try {
HttpSession sess = request.getSession();
// OAuth 2.0 hasn't any request token
Token requestToken = (Token) sess.getAttribute(OAuthConstants.REQUEST_TOKEN);
OAuthService service = (OAuthService) sess.getAttribute(OAuthConstants.OAUTH_SERVICE);
OAuthSPI provider = (OAuthSPI) sess.getAttribute(OAuthConstants.OAUTH_SPI);
Token accessToken;
if (provider == null) {
log.audit("OAuth Login failed, no provider in request");
DispatcherModule.redirectToDefaultDispatcher(response);
return;
} else if (provider.isImplicitWorkflow()) {
String idToken = ureq.getParameter("id_token");
if (idToken == null) {
redirectImplicitWorkflow(ureq);
return;
} else {
Verifier verifier = OpenIDVerifier.create(ureq, sess);
accessToken = service.getAccessToken(requestToken, verifier);
}
} else {
String requestVerifier = request.getParameter("oauth_verifier");
if (requestVerifier == null) {
// OAuth 2.0 as a code
requestVerifier = request.getParameter("code");
}
accessToken = service.getAccessToken(requestToken, new Verifier(requestVerifier));
}
OAuthUser infos = provider.getUser(service, accessToken);
if (infos == null || !StringHelper.containsNonWhitespace(infos.getId())) {
error(ureq, translate(ureq, "error.no.id"));
log.error("OAuth Login failed, no infos extracted from access token: " + accessToken);
return;
}
OAuthRegistration registration = new OAuthRegistration(provider.getProviderName(), infos);
login(infos, registration);
if (provider instanceof OAuthUserCreator) {
Identity newIdentity;
OAuthUserCreator userCreator = (OAuthUserCreator) provider;
if (registration.getIdentity() == null) {
newIdentity = userCreator.createUser(infos);
} else {
newIdentity = userCreator.updateUser(infos, registration.getIdentity());
}
if (newIdentity != null) {
registration.setIdentity(newIdentity);
}
}
if (registration.getIdentity() == null) {
if (CoreSpringFactory.getImpl(OAuthLoginModule.class).isAllowUserCreation()) {
register(request, response, registration);
} else {
error(ureq, translate(ureq, "error.account.creation"));
log.error("OAuth Login ok but the user has not an account on OpenOLAT: " + infos);
}
} else {
if (ureq.getUserSession() != null) {
// re-init the activity logger
ThreadLocalUserActivityLoggerInstaller.initUserActivityLogger(request);
}
Identity identity = registration.getIdentity();
int loginStatus = AuthHelper.doLogin(identity, provider.getProviderName(), ureq);
if (loginStatus != AuthHelper.LOGIN_OK) {
if (loginStatus == AuthHelper.LOGIN_NOTAVAILABLE) {
DispatcherModule.redirectToServiceNotAvailable(response);
} else {
// error, redirect to login screen
DispatcherModule.redirectToDefaultDispatcher(response);
}
} else {
// update last login date and register active user
UserDeletionManager.getInstance().setIdentityAsActiv(identity);
MediaResource mr = ureq.getDispatchResult().getResultingMediaResource();
if (mr instanceof RedirectMediaResource) {
RedirectMediaResource rmr = (RedirectMediaResource) mr;
rmr.prepare(response);
} else {
// error, redirect to login screen
DispatcherModule.redirectToDefaultDispatcher(response);
}
}
}
} catch (Exception e) {
log.error("Unexpected error", e);
error(ureq, translate(ureq, "error.generic"));
}
}
use of org.olat.core.gui.UserRequestImpl in project OpenOLAT by OpenOLAT.
the class MathWebDispatcher method execute.
@Override
public void execute(HttpServletRequest request, HttpServletResponse response) {
UserRequest ureq = null;
try {
// upon creation URL is checked for
ureq = new UserRequestImpl("math", request, response);
} catch (NumberFormatException nfe) {
DispatcherModule.sendBadRequest(request.getPathInfo(), response);
return;
}
String asciiMathInput = ureq.getParameter("input");
Map<String, String> upConvertedAsciiMathInput;
if (StringHelper.containsNonWhitespace(asciiMathInput)) {
XsltStylesheetCache stylesheetCache = CoreSpringFactory.getImpl(QTI21Service.class).getXsltStylesheetCache();
AsciiMathHelper asciiMathHelper = new AsciiMathHelper(new XsltStylesheetCacheAdapter(stylesheetCache));
upConvertedAsciiMathInput = asciiMathHelper.upConvertAsciiMathInput(asciiMathInput);
} else {
upConvertedAsciiMathInput = Collections.emptyMap();
}
try {
JSONObject object = new JSONObject();
for (Map.Entry<String, String> entry : upConvertedAsciiMathInput.entrySet()) {
object.append(entry.getKey(), entry.getValue());
}
object.write(response.getWriter());
} catch (JSONException | IOException e) {
log.error("", e);
}
}
use of org.olat.core.gui.UserRequestImpl in project openolat by klemens.
the class MathWebDispatcher method execute.
@Override
public void execute(HttpServletRequest request, HttpServletResponse response) {
UserRequest ureq = null;
try {
// upon creation URL is checked for
ureq = new UserRequestImpl("math", request, response);
} catch (NumberFormatException nfe) {
DispatcherModule.sendBadRequest(request.getPathInfo(), response);
return;
}
String asciiMathInput = ureq.getParameter("input");
Map<String, String> upConvertedAsciiMathInput;
if (StringHelper.containsNonWhitespace(asciiMathInput)) {
XsltStylesheetCache stylesheetCache = CoreSpringFactory.getImpl(QTI21Service.class).getXsltStylesheetCache();
AsciiMathHelper asciiMathHelper = new AsciiMathHelper(new XsltStylesheetCacheAdapter(stylesheetCache));
upConvertedAsciiMathInput = asciiMathHelper.upConvertAsciiMathInput(asciiMathInput);
} else {
upConvertedAsciiMathInput = Collections.emptyMap();
}
try {
JSONObject object = new JSONObject();
for (Map.Entry<String, String> entry : upConvertedAsciiMathInput.entrySet()) {
object.append(entry.getKey(), entry.getValue());
}
object.write(response.getWriter());
} catch (JSONException | IOException e) {
log.error("", e);
}
}
Aggregations