use of org.olat.core.util.UserSession in project OpenOLAT by OpenOLAT.
the class WebDAVManagerImpl method doAuthentication.
private UserSession doAuthentication(HttpServletRequest request, HttpServletResponse response) {
// Get the Authorization header, if one was supplied
String authHeader = request.getHeader("Authorization");
if (authHeader != null) {
// fetch user session from a previous authentication
String cacheKey = null;
UserSession usess = null;
String remoteAddr = request.getRemoteAddr();
StringTokenizer st = new StringTokenizer(authHeader);
if (st.hasMoreTokens()) {
String basic = st.nextToken();
// We only handle HTTP Basic authentication
if (basic.equalsIgnoreCase("Basic")) {
cacheKey = authHeader;
usess = timedSessionCache.get(new CacheKey(remoteAddr, authHeader));
if (usess == null || !usess.isAuthenticated()) {
String credentials = st.nextToken();
usess = handleBasicAuthentication(credentials, request);
}
} else if (basic.equalsIgnoreCase("Digest")) {
DigestAuthentication digestAuth = DigestAuthentication.parse(authHeader);
cacheKey = digestAuth.getUsername();
usess = timedSessionCache.get(new CacheKey(remoteAddr, digestAuth.getUsername()));
if (usess == null || !usess.isAuthenticated()) {
usess = handleDigestAuthentication(digestAuth, request);
}
}
}
if (usess != null && cacheKey != null) {
timedSessionCache.put(new CacheKey(remoteAddr, cacheKey), usess);
return usess;
}
}
if (request.isSecure() || Settings.isJUnitTest()) {
response.addHeader("WWW-Authenticate", "Basic realm=\"" + BASIC_AUTH_REALM + "\"");
}
if (webdavModule.isDigestAuthenticationEnabled()) {
String nonce = UUID.randomUUID().toString().replace("-", "");
response.addHeader("WWW-Authenticate", "Digest realm=\"" + BASIC_AUTH_REALM + "\", qop=\"auth\", nonce=\"" + nonce + "\"");
}
response.setStatus(401);
return null;
}
use of org.olat.core.util.UserSession in project OpenOLAT by OpenOLAT.
the class WebdavStatus method isLocked.
// -------------------------------------------------------- Private Methods
/**
* Check to see if a resource is currently write locked. The method
* will look at the "If" header to make sure the client
* has give the appropriate lock tokens.
*
* @param req Servlet request
* @return boolean true if the resource is locked (and no appropriate
* lock token has been found for at least one of the non-shared locks which
* are present on the resource).
*/
private boolean isLocked(HttpServletRequest req) {
final String path = getRelativePath(req);
final WebResourceRoot resources = getResources(req);
final WebResource resource = resources.getResource(path);
String ifHeader = req.getHeader("If");
if (ifHeader == null)
ifHeader = "";
String lockTokenHeader = req.getHeader("Lock-Token");
if (lockTokenHeader == null) {
lockTokenHeader = "";
} else if (lockTokenHeader != null && lockTokenHeader.startsWith("<opaquelocktoken") && !lockTokenHeader.endsWith(">")) {
lockTokenHeader += ">";
}
UserSession usess = webDAVManager.getUserSession(req);
boolean locked = lockManager.isLocked(resource, ifHeader + lockTokenHeader, usess.getIdentity());
if (locked && log.isDebug()) {
log.debug("Ressource is locked: " + req.getPathInfo());
}
return locked;
}
use of org.olat.core.util.UserSession in project OpenOLAT by OpenOLAT.
the class WebdavStatus method deleteCollection.
/**
* Deletes a collection.
*
* @param path Path to the collection to be deleted
* @param errorList Contains the list of the errors which occurred
*/
private void deleteCollection(HttpServletRequest req, String path, Map<String, Integer> errorList) {
if (log.isDebug())
log.debug("Delete:" + path);
// Prevent deletion of special subdirectories
if (isSpecialPath(path)) {
errorList.put(path, new Integer(WebdavStatus.SC_FORBIDDEN));
return;
}
String ifHeader = req.getHeader("If");
if (ifHeader == null)
ifHeader = "";
String lockTokenHeader = req.getHeader("Lock-Token");
if (lockTokenHeader == null)
lockTokenHeader = "";
final WebResourceRoot resources = getResources(req);
Collection<VFSItem> entries = resources.list(path);
UserSession usess = webDAVManager.getUserSession(req);
for (VFSItem entry : entries) {
String childName = path;
if (!childName.equals("/")) {
childName += "/";
}
childName += entry.getName();
WebResource childResource = resources.getResource(childName);
if (lockManager.isLocked(childResource, ifHeader + lockTokenHeader, usess.getIdentity())) {
errorList.put(childName, new Integer(WebdavStatus.SC_LOCKED));
} else {
if (childResource.isDirectory()) {
deleteCollection(req, childName, errorList);
}
if (!resources.delete(childResource)) {
if (!childResource.isDirectory()) {
// If it's not a collection, then it's an unknown error
errorList.put(childName, new Integer(WebdavStatus.SC_INTERNAL_SERVER_ERROR));
}
}
}
}
}
use of org.olat.core.util.UserSession in project OpenOLAT by OpenOLAT.
the class Tracing method assembleMsg.
private static String assembleMsg(String category, char prefix, long refNum, Class<?> callingClass, String userObj, String logMsg) {
HttpServletRequest ureq = null;
if (tld != null) {
// thread local data is not initialized so far if Tracing is called from
// e.g. a worker thread like in Search or UpdateEfficiency worker
// TODO:pb:check if this was also a problem with IM threads.
ureq = tld.getHttpServletRequest();
}
UserSession usess = null;
Identity identity = null;
String remoteIp = null;
String userAgent = null;
String referer = null;
if (ureq != null) {
usess = CoreSpringFactory.getImpl(UserSessionManager.class).getUserSessionIfAlreadySet(ureq);
if (usess != null) {
identity = usess.getIdentity();
remoteIp = ureq.getRemoteAddr();
userAgent = ureq.getHeader("User-Agent");
referer = ureq.getHeader("Referer");
}
}
StringBuilder sb = new StringBuilder(256);
if (Settings.isDebuging()) {
// Short version for console output during debugging
if (userObj != null) {
sb.append(userObj).append(" ");
}
} else {
sb.append(PREFIX);
sb.append(category);
sb.append(SEPARATOR);
try {
// Node-Id + Error number e.g. N1-E17
sb.append("N");
sb.append(WebappHelper.getNodeId());
sb.append("-");
} catch (Throwable th) {
// ok
sb.append(N_A);
}
sb.append(prefix);
sb.append(refNum);
sb.append(SEPARATOR);
sb.append(callingClass == null ? N_A : callingClass.getPackage().getName());
sb.append(SEPARATOR);
sb.append(identity == null ? N_A : identity.getName());
sb.append(SEPARATOR);
sb.append(remoteIp == null ? N_A : remoteIp);
sb.append(SEPARATOR);
sb.append(referer == null ? N_A : referer);
sb.append(SEPARATOR);
sb.append(userAgent == null ? N_A : userAgent);
sb.append(SEPARATOR);
sb.append(userObj == null ? N_A : userObj);
sb.append(SEPARATOR);
}
sb.append(logMsg == null ? N_A : logMsg.replaceAll("[\\r\\f]", "").replaceAll("[/^]M", "").replaceAll("[\\r\\n]", ""));
return sb.toString();
}
use of org.olat.core.util.UserSession in project OpenOLAT by OpenOLAT.
the class UserSessionManager method getUserSession.
/**
* @param hreq
* @return associated user session
*/
public UserSession getUserSession(HttpServletRequest hreq) {
// get existing or create new session
HttpSession httpSession = hreq.getSession(true);
UserSession usess = getUserSession(httpSession);
return usess;
}
Aggregations