Search in sources :

Example 26 with UserSession

use of org.olat.core.util.UserSession in project OpenOLAT by OpenOLAT.

the class WebDAVManagerImpl method doAuthentication.

private UserSession doAuthentication(HttpServletRequest request, HttpServletResponse response) {
    // Get the Authorization header, if one was supplied
    String authHeader = request.getHeader("Authorization");
    if (authHeader != null) {
        // fetch user session from a previous authentication
        String cacheKey = null;
        UserSession usess = null;
        String remoteAddr = request.getRemoteAddr();
        StringTokenizer st = new StringTokenizer(authHeader);
        if (st.hasMoreTokens()) {
            String basic = st.nextToken();
            // We only handle HTTP Basic authentication
            if (basic.equalsIgnoreCase("Basic")) {
                cacheKey = authHeader;
                usess = timedSessionCache.get(new CacheKey(remoteAddr, authHeader));
                if (usess == null || !usess.isAuthenticated()) {
                    String credentials = st.nextToken();
                    usess = handleBasicAuthentication(credentials, request);
                }
            } else if (basic.equalsIgnoreCase("Digest")) {
                DigestAuthentication digestAuth = DigestAuthentication.parse(authHeader);
                cacheKey = digestAuth.getUsername();
                usess = timedSessionCache.get(new CacheKey(remoteAddr, digestAuth.getUsername()));
                if (usess == null || !usess.isAuthenticated()) {
                    usess = handleDigestAuthentication(digestAuth, request);
                }
            }
        }
        if (usess != null && cacheKey != null) {
            timedSessionCache.put(new CacheKey(remoteAddr, cacheKey), usess);
            return usess;
        }
    }
    if (request.isSecure() || Settings.isJUnitTest()) {
        response.addHeader("WWW-Authenticate", "Basic realm=\"" + BASIC_AUTH_REALM + "\"");
    }
    if (webdavModule.isDigestAuthenticationEnabled()) {
        String nonce = UUID.randomUUID().toString().replace("-", "");
        response.addHeader("WWW-Authenticate", "Digest realm=\"" + BASIC_AUTH_REALM + "\", qop=\"auth\", nonce=\"" + nonce + "\"");
    }
    response.setStatus(401);
    return null;
}
Also used : StringTokenizer(java.util.StringTokenizer) UserSession(org.olat.core.util.UserSession)

Example 27 with UserSession

use of org.olat.core.util.UserSession in project OpenOLAT by OpenOLAT.

the class WebdavStatus method isLocked.

// -------------------------------------------------------- Private Methods
/**
 * Check to see if a resource is currently write locked. The method
 * will look at the "If" header to make sure the client
 * has give the appropriate lock tokens.
 *
 * @param req Servlet request
 * @return boolean true if the resource is locked (and no appropriate
 * lock token has been found for at least one of the non-shared locks which
 * are present on the resource).
 */
private boolean isLocked(HttpServletRequest req) {
    final String path = getRelativePath(req);
    final WebResourceRoot resources = getResources(req);
    final WebResource resource = resources.getResource(path);
    String ifHeader = req.getHeader("If");
    if (ifHeader == null)
        ifHeader = "";
    String lockTokenHeader = req.getHeader("Lock-Token");
    if (lockTokenHeader == null) {
        lockTokenHeader = "";
    } else if (lockTokenHeader != null && lockTokenHeader.startsWith("<opaquelocktoken") && !lockTokenHeader.endsWith(">")) {
        lockTokenHeader += ">";
    }
    UserSession usess = webDAVManager.getUserSession(req);
    boolean locked = lockManager.isLocked(resource, ifHeader + lockTokenHeader, usess.getIdentity());
    if (locked && log.isDebug()) {
        log.debug("Ressource is locked: " + req.getPathInfo());
    }
    return locked;
}
Also used : UserSession(org.olat.core.util.UserSession)

Example 28 with UserSession

use of org.olat.core.util.UserSession in project OpenOLAT by OpenOLAT.

the class WebdavStatus method deleteCollection.

/**
 * Deletes a collection.
 *
 * @param path Path to the collection to be deleted
 * @param errorList Contains the list of the errors which occurred
 */
private void deleteCollection(HttpServletRequest req, String path, Map<String, Integer> errorList) {
    if (log.isDebug())
        log.debug("Delete:" + path);
    // Prevent deletion of special subdirectories
    if (isSpecialPath(path)) {
        errorList.put(path, new Integer(WebdavStatus.SC_FORBIDDEN));
        return;
    }
    String ifHeader = req.getHeader("If");
    if (ifHeader == null)
        ifHeader = "";
    String lockTokenHeader = req.getHeader("Lock-Token");
    if (lockTokenHeader == null)
        lockTokenHeader = "";
    final WebResourceRoot resources = getResources(req);
    Collection<VFSItem> entries = resources.list(path);
    UserSession usess = webDAVManager.getUserSession(req);
    for (VFSItem entry : entries) {
        String childName = path;
        if (!childName.equals("/")) {
            childName += "/";
        }
        childName += entry.getName();
        WebResource childResource = resources.getResource(childName);
        if (lockManager.isLocked(childResource, ifHeader + lockTokenHeader, usess.getIdentity())) {
            errorList.put(childName, new Integer(WebdavStatus.SC_LOCKED));
        } else {
            if (childResource.isDirectory()) {
                deleteCollection(req, childName, errorList);
            }
            if (!resources.delete(childResource)) {
                if (!childResource.isDirectory()) {
                    // If it's not a collection, then it's an unknown error
                    errorList.put(childName, new Integer(WebdavStatus.SC_INTERNAL_SERVER_ERROR));
                }
            }
        }
    }
}
Also used : UserSession(org.olat.core.util.UserSession) VFSItem(org.olat.core.util.vfs.VFSItem)

Example 29 with UserSession

use of org.olat.core.util.UserSession in project OpenOLAT by OpenOLAT.

the class Tracing method assembleMsg.

private static String assembleMsg(String category, char prefix, long refNum, Class<?> callingClass, String userObj, String logMsg) {
    HttpServletRequest ureq = null;
    if (tld != null) {
        // thread local data is not initialized so far if Tracing is called from
        // e.g. a worker thread like in Search or UpdateEfficiency worker
        // TODO:pb:check if this was also a problem with IM threads.
        ureq = tld.getHttpServletRequest();
    }
    UserSession usess = null;
    Identity identity = null;
    String remoteIp = null;
    String userAgent = null;
    String referer = null;
    if (ureq != null) {
        usess = CoreSpringFactory.getImpl(UserSessionManager.class).getUserSessionIfAlreadySet(ureq);
        if (usess != null) {
            identity = usess.getIdentity();
            remoteIp = ureq.getRemoteAddr();
            userAgent = ureq.getHeader("User-Agent");
            referer = ureq.getHeader("Referer");
        }
    }
    StringBuilder sb = new StringBuilder(256);
    if (Settings.isDebuging()) {
        // Short version for console output during debugging
        if (userObj != null) {
            sb.append(userObj).append(" ");
        }
    } else {
        sb.append(PREFIX);
        sb.append(category);
        sb.append(SEPARATOR);
        try {
            // Node-Id + Error number e.g. N1-E17
            sb.append("N");
            sb.append(WebappHelper.getNodeId());
            sb.append("-");
        } catch (Throwable th) {
            // ok
            sb.append(N_A);
        }
        sb.append(prefix);
        sb.append(refNum);
        sb.append(SEPARATOR);
        sb.append(callingClass == null ? N_A : callingClass.getPackage().getName());
        sb.append(SEPARATOR);
        sb.append(identity == null ? N_A : identity.getName());
        sb.append(SEPARATOR);
        sb.append(remoteIp == null ? N_A : remoteIp);
        sb.append(SEPARATOR);
        sb.append(referer == null ? N_A : referer);
        sb.append(SEPARATOR);
        sb.append(userAgent == null ? N_A : userAgent);
        sb.append(SEPARATOR);
        sb.append(userObj == null ? N_A : userObj);
        sb.append(SEPARATOR);
    }
    sb.append(logMsg == null ? N_A : logMsg.replaceAll("[\\r\\f]", "").replaceAll("[/^]M", "").replaceAll("[\\r\\n]", ""));
    return sb.toString();
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) UserSession(org.olat.core.util.UserSession) Identity(org.olat.core.id.Identity)

Example 30 with UserSession

use of org.olat.core.util.UserSession in project OpenOLAT by OpenOLAT.

the class UserSessionManager method getUserSession.

/**
 * @param hreq
 * @return associated user session
 */
public UserSession getUserSession(HttpServletRequest hreq) {
    // get existing or create new session
    HttpSession httpSession = hreq.getSession(true);
    UserSession usess = getUserSession(httpSession);
    return usess;
}
Also used : HttpSession(javax.servlet.http.HttpSession) UserSession(org.olat.core.util.UserSession)

Aggregations

UserSession (org.olat.core.util.UserSession)146 UserSessionManager (org.olat.core.util.session.UserSessionManager)26 Identity (org.olat.core.id.Identity)22 Roles (org.olat.core.id.Roles)20 SessionInfo (org.olat.core.util.SessionInfo)20 HttpSession (javax.servlet.http.HttpSession)18 UserRequest (org.olat.core.gui.UserRequest)18 Test (org.junit.Test)16 MapperKey (org.olat.core.dispatcher.mapper.manager.MapperKey)16 UserRequestImpl (org.olat.core.gui.UserRequestImpl)16 ContextEntry (org.olat.core.id.context.ContextEntry)14 IOException (java.io.IOException)12 AssertException (org.olat.core.logging.AssertException)12 HttpServletRequest (javax.servlet.http.HttpServletRequest)10 Window (org.olat.core.gui.components.Window)10 UnknownHostException (java.net.UnknownHostException)8 ArrayList (java.util.ArrayList)8 ChiefController (org.olat.core.gui.control.ChiefController)8 Preferences (org.olat.core.util.prefs.Preferences)8 InetAddress (java.net.InetAddress)6