use of org.olat.core.util.SessionInfo in project openolat by klemens.
the class AuthHelper method setSessionInfoFor.
/**
* Build session info
* @param identity
* @param authProvider
* @param ureq
*/
public static void setSessionInfoFor(Identity identity, String authProvider, UserRequest ureq, boolean rest) {
HttpSession session = ureq.getHttpReq().getSession();
SessionInfo sinfo = new SessionInfo(identity.getKey(), identity.getName(), session);
sinfo.setFirstname(identity.getUser().getProperty(UserConstants.FIRSTNAME, ureq.getLocale()));
sinfo.setLastname(identity.getUser().getProperty(UserConstants.LASTNAME, ureq.getLocale()));
sinfo.setFromIP(ureq.getHttpReq().getRemoteAddr());
sinfo.setFromFQN(ureq.getHttpReq().getRemoteAddr());
try {
InetAddress[] iaddr = InetAddress.getAllByName(ureq.getHttpReq().getRemoteAddr());
if (iaddr.length > 0)
sinfo.setFromFQN(iaddr[0].getHostName());
} catch (UnknownHostException e) {
// ok, already set IP as FQDN
}
sinfo.setAuthProvider(authProvider);
sinfo.setUserAgent(ureq.getHttpReq().getHeader("User-Agent"));
sinfo.setSecure(ureq.getHttpReq().isSecure());
sinfo.setLastClickTime();
sinfo.setREST(rest);
// set session info for this session
UserSession usess = ureq.getUserSession();
usess.setSessionInfo(sinfo);
// For Usertracking, let the User object know about some desired/specified infos from the sessioninfo
Map<String, String> sessionInfoForUsertracking = new HashMap<String, String>();
sessionInfoForUsertracking.put(ATTRIBUTE_LANGUAGE, usess.getLocale().toString());
sessionInfoForUsertracking.put(ATTRIBUTE_AUTHPROVIDER, authProvider);
sessionInfoForUsertracking.put(ATTRIBUTE_IS_WEBDAV, String.valueOf(sinfo.isWebDAV()));
sessionInfoForUsertracking.put(ATTRIBUTE_IS_REST, String.valueOf(sinfo.isREST()));
usess.getIdentityEnvironment().setAttributes(sessionInfoForUsertracking);
}
use of org.olat.core.util.SessionInfo in project openolat by klemens.
the class WebDAVManagerImpl method afterAuthorization.
private UserSession afterAuthorization(Identity identity, HttpServletRequest request) {
UserSession usess = sessionManager.getUserSession(request);
synchronized (usess) {
// double check to prevent severals concurrent login
if (usess.isAuthenticated()) {
return usess;
}
sessionManager.signOffAndClear(usess);
usess.setIdentity(identity);
UserDeletionManager.getInstance().setIdentityAsActiv(identity);
// set the roles (admin, author, guest)
Roles roles = BaseSecurityManager.getInstance().getRoles(identity);
usess.setRoles(roles);
// set session info
SessionInfo sinfo = new SessionInfo(identity.getKey(), identity.getName(), request.getSession());
User usr = identity.getUser();
sinfo.setFirstname(usr.getProperty(UserConstants.FIRSTNAME, null));
sinfo.setLastname(usr.getProperty(UserConstants.LASTNAME, null));
String remoteAddr = request.getRemoteAddr();
sinfo.setFromIP(remoteAddr);
sinfo.setFromFQN(remoteAddr);
try {
InetAddress[] iaddr = InetAddress.getAllByName(request.getRemoteAddr());
if (iaddr.length > 0)
sinfo.setFromFQN(iaddr[0].getHostName());
} catch (UnknownHostException e) {
// ok, already set IP as FQDN
}
sinfo.setAuthProvider(BaseSecurityModule.getDefaultAuthProviderIdentifier());
sinfo.setUserAgent(request.getHeader("User-Agent"));
sinfo.setSecure(request.isSecure());
sinfo.setWebDAV(true);
sinfo.setWebModeFromUreq(null);
// set session info for this session
usess.setSessionInfo(sinfo);
//
sessionManager.signOn(usess);
return usess;
}
}
use of org.olat.core.util.SessionInfo in project openolat by klemens.
the class UserSessionManager method signOn.
/**
* prior to calling this method, all instance vars must be set.
*/
public void signOn(UserSession usess) {
boolean isDebug = log.isDebug();
// fix a possible dead-lock see also OLAT-3390
synchronized (usess) {
if (isDebug)
log.debug("signOn() START");
if (usess.isAuthenticated()) {
throw new AssertException("sign on: already signed on!");
}
IdentityEnvironment identityEnvironment = usess.getIdentityEnvironment();
Identity identity = identityEnvironment.getIdentity();
if (identity == null) {
throw new AssertException("identity is null in identityEnvironment!");
}
SessionInfo sessionInfo = usess.getSessionInfo();
if (sessionInfo == null) {
throw new AssertException("sessionInfo was null for identity " + identity);
}
usess.setAuthenticated(true);
if (sessionInfo.isWebDAV()) {
// load user prefs
usess.reloadPreferences();
// we're only adding this webdav session to the authUserSessions - not to the userNameToIdentity.
// userNameToIdentity is only needed for IM which can't do anything with a webdav session
authUserSessions.add(usess);
log.audit("Logged on [via webdav]: " + sessionInfo.toString());
} else {
UserSession invalidatedSession = null;
if (isDebug) {
log.debug("signOn() authUsersNamesOtherNodes.contains " + identity.getName() + ": " + authUsersNamesOtherNodes.contains(identity.getKey()));
}
// check if already a session exist for this user
if ((userNameToIdentity.contains(identity.getKey()) || userSessionCache.containsKey(identity.getKey())) && !sessionInfo.isWebDAV() && !sessionInfo.isREST() && !usess.getRoles().isGuestOnly()) {
log.info("Loggin-process II: User has already a session => signOffAndClear existing session");
invalidatedSession = getUserSessionForGui(identity.getKey());
// signOffAndClear does not remove the identity.getName().toLowerCase() from the userNameToIdentity
if (invalidatedSession != null) {
authUserSessions.remove(invalidatedSession);
}
}
authUserSessions.add(usess);
// characters -> map stores values as such
if (isDebug)
log.debug("signOn() adding to userNameToIdentity: " + identity.getName().toLowerCase());
userNameToIdentity.add(identity.getKey());
userSessionCache.put(identity.getKey(), new Integer(Settings.getNodeId()));
// reload user prefs
usess.reloadPreferences();
log.audit("Logged on: " + sessionInfo.toString());
CoordinatorManager.getInstance().getCoordinator().getEventBus().fireEventToListenersOf(new SignOnOffEvent(identity, true), ORES_USERSESSION);
// check if a session from any browser was invalidated (IE has a cookie set per Browserinstance!!)
if (invalidatedSession != null || authUsersNamesOtherNodes.contains(identity.getKey())) {
// put flag killed-existing-session into session-store to show info-message 'only one session for each user' on user-home screen
usess.putEntry(STORE_KEY_KILLED_EXISTING_SESSION, Boolean.TRUE);
if (isDebug)
log.debug("signOn() removing from authUsersNamesOtherNodes: " + identity.getName());
authUsersNamesOtherNodes.remove(identity.getKey());
// OLAT-3381 & OLAT-3382
if (invalidatedSession != null) {
signOffAndClear(invalidatedSession);
}
}
if (isDebug)
log.debug("signOn() END");
}
// update logged in users counters
if (sessionInfo.isREST()) {
sessionCountRest.incrementAndGet();
} else if (sessionInfo.isWebDAV()) {
sessionCountDav.incrementAndGet();
} else {
sessionCountWeb.incrementAndGet();
}
}
}
use of org.olat.core.util.SessionInfo in project openolat by klemens.
the class UserSessionManager method signOffAndClearWithout.
/**
* called from signOffAndClear()
* called from event -> MUEvent
* the real work to do during sign off but without sending the multiuserevent
* this is used in case the user logs in to node1 and was logged in on node2 =>
* node2 catches the sign on event and invalidates the user on node2 "silently", e.g.
* without firing an event.
*/
private void signOffAndClearWithout(final UserSession usess) {
boolean isDebug = log.isDebug();
if (isDebug)
log.debug("signOffAndClearWithout() START");
final IdentityEnvironment identityEnvironment = usess.getIdentityEnvironment();
final SessionInfo sessionInfo = usess.getSessionInfo();
final Identity ident = identityEnvironment.getIdentity();
if (isDebug)
log.debug("UserSession:::logging off: " + sessionInfo);
if (usess.isAuthenticated() && usess.getLastHistoryPoint() != null && !usess.getRoles().isGuestOnly()) {
historyManager.persistHistoryPoint(ident, usess.getLastHistoryPoint());
}
/**
* use not RunnableWithException, as exceptionHandlng is inside the run
*/
Runnable run = new Runnable() {
@Override
public void run() {
Object obj = null;
try {
// do logging
if (ident != null) {
ThreadLocalUserActivityLogger.log(OlatLoggingAction.OLAT_LOGOUT, UserSession.class, CoreLoggingResourceable.wrap(ident));
}
// notify all variables in the store (the values) about the disposal
// if
// Disposable
List<Object> storeList = usess.getStoreValues();
for (Iterator<Object> it_storevals = storeList.iterator(); it_storevals.hasNext(); ) {
obj = it_storevals.next();
if (obj instanceof Disposable) {
// synchronous, since triggered by tomcat session timeout or user
// click and
// asynchronous, if kicked out by administrator.
// we assume synchronous
// !!!!
// As a reminder, this .dispose() calls dispose on
// DefaultController which is synchronized.
// (Windows/WindowManagerImpl/WindowBackOfficeImpl/BaseChiefController/../
// dispose()
// !!!! was important for bug OLAT-3390
((Disposable) obj).dispose();
}
}
} catch (Exception e) {
String objtostr = "n/a";
try {
objtostr = obj.toString();
} catch (Exception ee) {
// ignore
}
log.error("exception in signOffAndClear: while disposing object:" + objtostr, e);
}
}
};
ThreadLocalUserActivityLoggerInstaller.runWithUserActivityLogger(run, UserActivityLoggerImpl.newLoggerForValueUnbound(usess));
if (authUserSessions.remove(usess)) {
// remove only from identityEnvironment if found in sessions.
// see also SIDEEFFECT!! line in signOn(..)
Identity previousSignedOn = identityEnvironment.getIdentity();
if (previousSignedOn != null && previousSignedOn.getKey() != null) {
if (isDebug)
log.debug("signOffAndClearWithout() removing from userNameToIdentity: " + previousSignedOn.getName().toLowerCase());
userNameToIdentity.remove(previousSignedOn.getKey());
userSessionCache.remove(previousSignedOn.getKey());
}
} else if (isDebug) {
log.info("UserSession already removed! for [" + ident + "]");
}
// update logged in users counters
if (sessionInfo != null) {
if (sessionInfo.isREST()) {
sessionCountRest.decrementAndGet();
} else if (sessionInfo.isWebDAV()) {
sessionCountDav.decrementAndGet();
} else {
sessionCountWeb.decrementAndGet();
}
}
if (isDebug)
log.debug("signOffAndClearWithout() END");
}
Aggregations