use of org.olat.core.util.SessionInfo in project OpenOLAT by OpenOLAT.
the class AuthHelper method setSessionInfoFor.
/**
* Build session info
* @param identity
* @param authProvider
* @param ureq
*/
public static void setSessionInfoFor(Identity identity, String authProvider, UserRequest ureq, boolean rest) {
HttpSession session = ureq.getHttpReq().getSession();
SessionInfo sinfo = new SessionInfo(identity.getKey(), identity.getName(), session);
sinfo.setFirstname(identity.getUser().getProperty(UserConstants.FIRSTNAME, ureq.getLocale()));
sinfo.setLastname(identity.getUser().getProperty(UserConstants.LASTNAME, ureq.getLocale()));
sinfo.setFromIP(ureq.getHttpReq().getRemoteAddr());
sinfo.setFromFQN(ureq.getHttpReq().getRemoteAddr());
try {
InetAddress[] iaddr = InetAddress.getAllByName(ureq.getHttpReq().getRemoteAddr());
if (iaddr.length > 0)
sinfo.setFromFQN(iaddr[0].getHostName());
} catch (UnknownHostException e) {
// ok, already set IP as FQDN
}
sinfo.setAuthProvider(authProvider);
sinfo.setUserAgent(ureq.getHttpReq().getHeader("User-Agent"));
sinfo.setSecure(ureq.getHttpReq().isSecure());
sinfo.setLastClickTime();
sinfo.setREST(rest);
// set session info for this session
UserSession usess = ureq.getUserSession();
usess.setSessionInfo(sinfo);
// For Usertracking, let the User object know about some desired/specified infos from the sessioninfo
Map<String, String> sessionInfoForUsertracking = new HashMap<String, String>();
sessionInfoForUsertracking.put(ATTRIBUTE_LANGUAGE, usess.getLocale().toString());
sessionInfoForUsertracking.put(ATTRIBUTE_AUTHPROVIDER, authProvider);
sessionInfoForUsertracking.put(ATTRIBUTE_IS_WEBDAV, String.valueOf(sinfo.isWebDAV()));
sessionInfoForUsertracking.put(ATTRIBUTE_IS_REST, String.valueOf(sinfo.isREST()));
usess.getIdentityEnvironment().setAttributes(sessionInfoForUsertracking);
}
use of org.olat.core.util.SessionInfo in project OpenOLAT by OpenOLAT.
the class UserSessionManager method signOffAndClearWithout.
/**
* called from signOffAndClear()
* called from event -> MUEvent
* the real work to do during sign off but without sending the multiuserevent
* this is used in case the user logs in to node1 and was logged in on node2 =>
* node2 catches the sign on event and invalidates the user on node2 "silently", e.g.
* without firing an event.
*/
private void signOffAndClearWithout(final UserSession usess) {
boolean isDebug = log.isDebug();
if (isDebug)
log.debug("signOffAndClearWithout() START");
final IdentityEnvironment identityEnvironment = usess.getIdentityEnvironment();
final SessionInfo sessionInfo = usess.getSessionInfo();
final Identity ident = identityEnvironment.getIdentity();
if (isDebug)
log.debug("UserSession:::logging off: " + sessionInfo);
if (usess.isAuthenticated() && usess.getLastHistoryPoint() != null && !usess.getRoles().isGuestOnly()) {
historyManager.persistHistoryPoint(ident, usess.getLastHistoryPoint());
}
/**
* use not RunnableWithException, as exceptionHandlng is inside the run
*/
Runnable run = new Runnable() {
@Override
public void run() {
Object obj = null;
try {
// do logging
if (ident != null) {
ThreadLocalUserActivityLogger.log(OlatLoggingAction.OLAT_LOGOUT, UserSession.class, CoreLoggingResourceable.wrap(ident));
}
// notify all variables in the store (the values) about the disposal
// if
// Disposable
List<Object> storeList = usess.getStoreValues();
for (Iterator<Object> it_storevals = storeList.iterator(); it_storevals.hasNext(); ) {
obj = it_storevals.next();
if (obj instanceof Disposable) {
// synchronous, since triggered by tomcat session timeout or user
// click and
// asynchronous, if kicked out by administrator.
// we assume synchronous
// !!!!
// As a reminder, this .dispose() calls dispose on
// DefaultController which is synchronized.
// (Windows/WindowManagerImpl/WindowBackOfficeImpl/BaseChiefController/../
// dispose()
// !!!! was important for bug OLAT-3390
((Disposable) obj).dispose();
}
}
} catch (Exception e) {
String objtostr = "n/a";
try {
objtostr = obj.toString();
} catch (Exception ee) {
// ignore
}
log.error("exception in signOffAndClear: while disposing object:" + objtostr, e);
}
}
};
ThreadLocalUserActivityLoggerInstaller.runWithUserActivityLogger(run, UserActivityLoggerImpl.newLoggerForValueUnbound(usess));
if (authUserSessions.remove(usess)) {
// remove only from identityEnvironment if found in sessions.
// see also SIDEEFFECT!! line in signOn(..)
Identity previousSignedOn = identityEnvironment.getIdentity();
if (previousSignedOn != null && previousSignedOn.getKey() != null) {
if (isDebug)
log.debug("signOffAndClearWithout() removing from userNameToIdentity: " + previousSignedOn.getName().toLowerCase());
userNameToIdentity.remove(previousSignedOn.getKey());
userSessionCache.remove(previousSignedOn.getKey());
}
} else if (isDebug) {
log.info("UserSession already removed! for [" + ident + "]");
}
// update logged in users counters
if (sessionInfo != null) {
if (sessionInfo.isREST()) {
sessionCountRest.decrementAndGet();
} else if (sessionInfo.isWebDAV()) {
sessionCountDav.decrementAndGet();
} else {
sessionCountWeb.decrementAndGet();
}
}
if (isDebug)
log.debug("signOffAndClearWithout() END");
}
use of org.olat.core.util.SessionInfo in project OpenOLAT by OpenOLAT.
the class UserSessionManager method signOn.
/**
* prior to calling this method, all instance vars must be set.
*/
public void signOn(UserSession usess) {
boolean isDebug = log.isDebug();
// fix a possible dead-lock see also OLAT-3390
synchronized (usess) {
if (isDebug)
log.debug("signOn() START");
if (usess.isAuthenticated()) {
throw new AssertException("sign on: already signed on!");
}
IdentityEnvironment identityEnvironment = usess.getIdentityEnvironment();
Identity identity = identityEnvironment.getIdentity();
if (identity == null) {
throw new AssertException("identity is null in identityEnvironment!");
}
SessionInfo sessionInfo = usess.getSessionInfo();
if (sessionInfo == null) {
throw new AssertException("sessionInfo was null for identity " + identity);
}
usess.setAuthenticated(true);
if (sessionInfo.isWebDAV()) {
// load user prefs
usess.reloadPreferences();
// we're only adding this webdav session to the authUserSessions - not to the userNameToIdentity.
// userNameToIdentity is only needed for IM which can't do anything with a webdav session
authUserSessions.add(usess);
log.audit("Logged on [via webdav]: " + sessionInfo.toString());
} else {
UserSession invalidatedSession = null;
if (isDebug) {
log.debug("signOn() authUsersNamesOtherNodes.contains " + identity.getName() + ": " + authUsersNamesOtherNodes.contains(identity.getKey()));
}
// check if already a session exist for this user
if ((userNameToIdentity.contains(identity.getKey()) || userSessionCache.containsKey(identity.getKey())) && !sessionInfo.isWebDAV() && !sessionInfo.isREST() && !usess.getRoles().isGuestOnly()) {
log.info("Loggin-process II: User has already a session => signOffAndClear existing session");
invalidatedSession = getUserSessionForGui(identity.getKey());
// signOffAndClear does not remove the identity.getName().toLowerCase() from the userNameToIdentity
if (invalidatedSession != null) {
authUserSessions.remove(invalidatedSession);
}
}
authUserSessions.add(usess);
// characters -> map stores values as such
if (isDebug)
log.debug("signOn() adding to userNameToIdentity: " + identity.getName().toLowerCase());
userNameToIdentity.add(identity.getKey());
userSessionCache.put(identity.getKey(), new Integer(Settings.getNodeId()));
// reload user prefs
usess.reloadPreferences();
log.audit("Logged on: " + sessionInfo.toString());
CoordinatorManager.getInstance().getCoordinator().getEventBus().fireEventToListenersOf(new SignOnOffEvent(identity, true), ORES_USERSESSION);
// check if a session from any browser was invalidated (IE has a cookie set per Browserinstance!!)
if (invalidatedSession != null || authUsersNamesOtherNodes.contains(identity.getKey())) {
// put flag killed-existing-session into session-store to show info-message 'only one session for each user' on user-home screen
usess.putEntry(STORE_KEY_KILLED_EXISTING_SESSION, Boolean.TRUE);
if (isDebug)
log.debug("signOn() removing from authUsersNamesOtherNodes: " + identity.getName());
authUsersNamesOtherNodes.remove(identity.getKey());
// OLAT-3381 & OLAT-3382
if (invalidatedSession != null) {
signOffAndClear(invalidatedSession);
}
}
if (isDebug)
log.debug("signOn() END");
}
// update logged in users counters
if (sessionInfo.isREST()) {
sessionCountRest.incrementAndGet();
} else if (sessionInfo.isWebDAV()) {
sessionCountDav.incrementAndGet();
} else {
sessionCountWeb.incrementAndGet();
}
}
}
use of org.olat.core.util.SessionInfo in project openolat by klemens.
the class RestApiLoginFilter method upgradeIpAuthentication.
private void upgradeIpAuthentication(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
UserSessionManager sessionManager = CoreSpringFactory.getImpl(UserSessionManager.class);
UserSession usess = sessionManager.getUserSessionIfAlreadySet(request);
if (usess == null) {
usess = sessionManager.getUserSession(request.getSession(true));
}
if (usess.getIdentity() == null) {
usess.setRoles(new Roles(false, false, false, false, false, false, false));
String remoteAddr = request.getRemoteAddr();
SessionInfo sinfo = new SessionInfo(new Long(-1), "REST", request.getSession());
sinfo.setFirstname("REST");
sinfo.setLastname(remoteAddr);
sinfo.setFromIP(remoteAddr);
sinfo.setFromFQN(remoteAddr);
try {
InetAddress[] iaddr = InetAddress.getAllByName(request.getRemoteAddr());
if (iaddr.length > 0)
sinfo.setFromFQN(iaddr[0].getHostName());
} catch (UnknownHostException e) {
// ok, already set IP as FQDN
}
sinfo.setAuthProvider("IP");
sinfo.setUserAgent(request.getHeader("User-Agent"));
sinfo.setSecure(request.isSecure());
sinfo.setREST(true);
sinfo.setWebModeFromUreq(null);
// set session info for this session
usess.setSessionInfo(sinfo);
}
UserRequest ureq = null;
try {
// upon creation URL is checked for
String requestURI = request.getRequestURI();
ureq = new UserRequestImpl(requestURI, request, response);
ureq.getUserSession().putEntryInNonClearedStore(RestSecurityHelper.SYSTEM_MARKER, Boolean.TRUE);
} catch (NumberFormatException nfe) {
response.sendError(401);
return;
}
request.setAttribute(RestSecurityHelper.SEC_USER_REQUEST, ureq);
}
use of org.olat.core.util.SessionInfo in project openolat by klemens.
the class MapperServiceTest method createUserSession.
private UserSession createUserSession() {
HttpSession httpSession = new MockHttpSession();
UserSession userSession = sessionManager.getUserSession(httpSession);
SessionInfo infos = new SessionInfo(CodeHelper.getRAMUniqueID(), UUID.randomUUID().toString(), httpSession);
userSession.setSessionInfo(infos);
// check if our mocked HTTP session makes what we want
Assert.assertNotNull(userSession.getSessionInfo());
Assert.assertNotNull(userSession.getSessionInfo().getSession());
Assert.assertNotNull(userSession.getSessionInfo().getSession().getId());
return userSession;
}
Aggregations