Examples with UserSession org.olat.core.util.UserSession used on opensource projects

Example 41 with UserSession

use of org.olat.core.util.UserSession in project OpenOLAT by OpenOLAT.

the class AuthHelper method doLogout.

/**
 * This is a convenience method to log out. IMPORTANT: This method initiates a
 * redirect and RETURN. Make sure you return the call hierarchy gracefully.
 * Most of all, don't touch HttpServletRequest or the Session after you call
 * this method.
 *
 * @param ureq
 */
public static void doLogout(UserRequest ureq) {
    if (ureq == null)
        return;
    boolean wasGuest = false;
    UserSession usess = ureq.getUserSession();
    if (usess != null && usess.getRoles() != null) {
        wasGuest = usess.getRoles().isGuestOnly();
    }
    String lang = CoreSpringFactory.getImpl(I18nModule.class).getLocaleKey(ureq.getLocale());
    HttpSession session = ureq.getHttpReq().getSession(false);
    // stuff on logout
    if (session != null) {
        try {
            session.invalidate();
            deleteShibsessionCookie(ureq);
        } catch (IllegalStateException ise) {
        // thrown when session already invalidated. fine. ignore.
        }
    }
    // redirect to logout page in dmz realm, set info that DMZ is shown because of logout
    // if it was a guest user, do not set logout=true. The parameter must be evaluated
    // by the implementation of the AuthenticationProvider.
    String setWarning = wasGuest ? "" : "&logout=true";
    ureq.getDispatchResult().setResultingMediaResource(new RedirectMediaResource(WebappHelper.getServletContextPath() + "/dmz/?lang=" + lang + setWarning));
}

Example 42 with UserSession

use of org.olat.core.util.UserSession in project OpenOLAT by OpenOLAT.

the class AuthHelper method initializeLogin.

/**
 * ONLY for authentication provider OLAT Authenticate Identity and do the
 * necessary work. Returns true if successfull, false otherwise.
 *
 * @param identity
 * @param authProvider
 * @param ureq
 * @return boolean
 */
private static int initializeLogin(Identity identity, String authProvider, UserRequest ureq, boolean rest) {
    // continue only if user has login permission.
    if (identity == null)
        return LOGIN_FAILED;
    // test if a user may not logon, since he/she is in the PERMISSION_LOGON
    if (!BaseSecurityManager.getInstance().isIdentityVisible(identity)) {
        log.audit("was denied login");
        return LOGIN_DENIED;
    }
    UserSessionManager sessionManager = CoreSpringFactory.getImpl(UserSessionManager.class);
    // if the user sending the cookie did not log out and we are logging in
    // again, then we need to make sure everything is cleaned up. we cleanup in all cases.
    UserSession usess = ureq.getUserSession();
    // prepare for a new user: clear all the instance vars of the userSession
    // note: does not invalidate the session, since it is reused
    sessionManager.signOffAndClear(usess);
    // init the UserSession for the new User
    // we can set the identity and finish the log in process
    usess.setIdentity(identity);
    setRolesFor(identity, usess);
    // check if loginDenied or maxSession (only for non-admin)
    if ((loginBlocked && !usess.getRoles().isOLATAdmin()) || (((maxSessions != MAX_SESSION_NO_LIMIT) && (sessionManager.getUserSessionsCnt() >= maxSessions)) && !usess.getRoles().isOLATAdmin())) {
        log.audit("Login was blocked for username=" + usess.getIdentity().getName() + ", loginBlocked=" + loginBlocked + " NbrOfSessions=" + sessionManager.getUserSessionsCnt());
        sessionManager.signOffAndClear(usess);
        return LOGIN_NOTAVAILABLE;
    }
    // need to block the all things for assessment?
    if (usess.getRoles() != null && usess.getRoles().isOLATAdmin()) {
        usess.setAssessmentModes(Collections.<TransientAssessmentMode>emptyList());
    } else {
        AssessmentModule assessmentModule = CoreSpringFactory.getImpl(AssessmentModule.class);
        if (assessmentModule.isAssessmentModeEnabled()) {
            AssessmentModeManager assessmentManager = CoreSpringFactory.getImpl(AssessmentModeManager.class);
            List<AssessmentMode> modes = assessmentManager.getAssessmentModeFor(identity);
            if (modes.isEmpty()) {
                usess.setAssessmentModes(Collections.<TransientAssessmentMode>emptyList());
            } else {
                usess.setAssessmentModes(TransientAssessmentMode.create(modes));
            }
        }
    }
    // set the language
    usess.setLocale(I18nManager.getInstance().getLocaleOrDefault(identity.getUser().getPreferences().getLanguage()));
    // update fontsize in users session globalsettings
    Windows.getWindows(ureq).getWindowManager().setFontSize(Integer.parseInt(identity.getUser().getPreferences().getFontsize()));
    // calculate session info and attach it to the user session
    setSessionInfoFor(identity, authProvider, ureq, rest);
    // confirm signedOn
    sessionManager.signOn(usess);
    // set users web delivery mode
    Windows.getWindows(ureq).getWindowManager().setAjaxWanted(ureq);
    // update web delivery mode in session info
    usess.getSessionInfo().setWebModeFromUreq(ureq);
    return LOGIN_OK;
}

Example 43 with UserSession

use of org.olat.core.util.UserSession in project OpenOLAT by OpenOLAT.

the class SystemRolesAndRightsController method saveFormData.

/**
 * Persist form data in database. User needs to logout / login to activate changes. A bit tricky here
 * is that only form elements should be gettet that the user is allowed to manipulate. See also the
 * comments in SystemRolesAndRightsForm.
 * @param myIdentity
 * @param form
 */
private void saveFormData(UserRequest ureq, Identity myIdentity, SystemRolesAndRightsForm form) {
    UserSession usess = ureq.getUserSession();
    boolean iAmOlatAdmin = usess.getRoles().isOLATAdmin();
    boolean iAmUserManager = usess.getRoles().isUserManager();
    // 1) general user type - anonymous or user
    // anonymous users
    boolean isAnonymous = false;
    Boolean canGuestsByConfig = BaseSecurityModule.USERMANAGER_CAN_MANAGE_GUESTS;
    if (canGuestsByConfig.booleanValue() || iAmOlatAdmin) {
        SecurityGroup anonymousGroup = securityManager.findSecurityGroupByName(Constants.GROUP_ANONYMOUS);
        boolean hasBeenAnonymous = securityManager.isIdentityInSecurityGroup(myIdentity, anonymousGroup);
        isAnonymous = form.isAnonymous();
        updateSecurityGroup(myIdentity, securityManager, anonymousGroup, hasBeenAnonymous, isAnonymous, Constants.GROUP_ANONYMOUS);
        // system users - oposite of anonymous users
        SecurityGroup usersGroup = securityManager.findSecurityGroupByName(Constants.GROUP_OLATUSERS);
        boolean hasBeenUser = securityManager.isIdentityInSecurityGroup(myIdentity, usersGroup);
        boolean isUser = !form.isAnonymous();
        updateSecurityGroup(myIdentity, securityManager, usersGroup, hasBeenUser, isUser, Constants.GROUP_OLATUSERS);
    }
    // 2) system roles
    // group manager
    Boolean canGroupmanagerByConfig = BaseSecurityModule.USERMANAGER_CAN_MANAGE_GROUPMANAGERS;
    if (canGroupmanagerByConfig.booleanValue() || iAmOlatAdmin) {
        SecurityGroup groupManagerGroup = securityManager.findSecurityGroupByName(Constants.GROUP_GROUPMANAGERS);
        boolean hasBeenGroupManager = securityManager.isIdentityInSecurityGroup(myIdentity, groupManagerGroup);
        boolean isGroupManager = form.isGroupmanager();
        updateSecurityGroup(myIdentity, securityManager, groupManagerGroup, hasBeenGroupManager, isGroupManager, Constants.GROUP_GROUPMANAGERS);
    }
    // pool manager
    Boolean canPoolmanagerByConfig = BaseSecurityModule.USERMANAGER_CAN_MANAGE_POOLMANAGERS;
    if (canPoolmanagerByConfig.booleanValue() || iAmOlatAdmin) {
        SecurityGroup poolManagerGroup = securityManager.findSecurityGroupByName(Constants.GROUP_POOL_MANAGER);
        boolean hasBeenPoolManager = securityManager.isIdentityInSecurityGroup(myIdentity, poolManagerGroup);
        boolean isPoolManager = form.isPoolmanager();
        updateSecurityGroup(myIdentity, securityManager, poolManagerGroup, hasBeenPoolManager, isPoolManager, Constants.GROUP_AUTHORS);
    }
    // author
    Boolean canAuthorByConfig = BaseSecurityModule.USERMANAGER_CAN_MANAGE_AUTHORS;
    if (canAuthorByConfig.booleanValue() || iAmOlatAdmin) {
        SecurityGroup authorGroup = securityManager.findSecurityGroupByName(Constants.GROUP_AUTHORS);
        boolean hasBeenAuthor = securityManager.isIdentityInSecurityGroup(myIdentity, authorGroup);
        boolean isAuthor = form.isAuthor() || form.isInstitutionalResourceManager();
        updateSecurityGroup(myIdentity, securityManager, authorGroup, hasBeenAuthor, isAuthor, Constants.GROUP_AUTHORS);
    }
    // user manager, only allowed by admin
    if (iAmOlatAdmin) {
        SecurityGroup userManagerGroup = securityManager.findSecurityGroupByName(Constants.GROUP_USERMANAGERS);
        boolean hasBeenUserManager = securityManager.isIdentityInSecurityGroup(myIdentity, userManagerGroup);
        boolean isUserManager = form.isUsermanager();
        updateSecurityGroup(myIdentity, securityManager, userManagerGroup, hasBeenUserManager, isUserManager, Constants.GROUP_USERMANAGERS);
    }
    // institutional resource manager, only allowed by admin
    if (iAmUserManager || iAmOlatAdmin) {
        SecurityGroup institutionalResourceManagerGroup = securityManager.findSecurityGroupByName(Constants.GROUP_INST_ORES_MANAGER);
        boolean hasBeenInstitutionalResourceManager = securityManager.isIdentityInSecurityGroup(myIdentity, institutionalResourceManagerGroup);
        boolean isInstitutionalResourceManager = form.isInstitutionalResourceManager();
        updateSecurityGroup(myIdentity, securityManager, institutionalResourceManagerGroup, hasBeenInstitutionalResourceManager, isInstitutionalResourceManager, Constants.GROUP_INST_ORES_MANAGER);
    }
    // system administrator, only allowed by admin
    if (iAmOlatAdmin) {
        SecurityGroup adminGroup = securityManager.findSecurityGroupByName(Constants.GROUP_ADMIN);
        boolean hasBeenAdmin = securityManager.isIdentityInSecurityGroup(myIdentity, adminGroup);
        boolean isAdmin = form.isAdmin();
        updateSecurityGroup(myIdentity, securityManager, adminGroup, hasBeenAdmin, isAdmin, Constants.GROUP_ADMIN);
    }
    Boolean canManageStatus = BaseSecurityModule.USERMANAGER_CAN_MANAGE_STATUS;
    if ((iAmOlatAdmin || canManageStatus.booleanValue()) && !myIdentity.getStatus().equals(form.getStatus())) {
        int oldStatus = myIdentity.getStatus();
        String oldStatusText = (oldStatus == Identity.STATUS_PERMANENT ? "permanent" : (oldStatus == Identity.STATUS_ACTIV ? "active" : (oldStatus == Identity.STATUS_LOGIN_DENIED ? "login_denied" : (oldStatus == Identity.STATUS_DELETED ? "deleted" : "unknown"))));
        int newStatus = form.getStatus();
        String newStatusText = (newStatus == Identity.STATUS_PERMANENT ? "permanent" : (newStatus == Identity.STATUS_ACTIV ? "active" : (newStatus == Identity.STATUS_LOGIN_DENIED ? "login_denied" : (newStatus == Identity.STATUS_DELETED ? "deleted" : "unknown"))));
        if (oldStatus != newStatus && newStatus == Identity.STATUS_LOGIN_DENIED && form.getSendLoginDeniedEmail()) {
            userBulkChangeManager.sendLoginDeniedEmail(myIdentity);
        }
        identity = securityManager.saveIdentityStatus(myIdentity, newStatus);
        logAudit("User::" + getIdentity().getName() + " changed accout status for user::" + myIdentity.getName() + " from::" + oldStatusText + " to::" + newStatusText, null);
    }
}

Example 44 with UserSession

use of org.olat.core.util.UserSession in project OpenOLAT by OpenOLAT.

the class ResumeSessionController method getRESTRedirectURL.

private String getRESTRedirectURL(UserRequest ureq) {
    UserSession usess = ureq.getUserSession();
    String url = (String) usess.getEntry("AuthDispatcher:businessPath");
    List<ContextEntry> ces = BusinessControlFactory.getInstance().createCEListFromString(url);
    return BusinessControlFactory.getInstance().getAsRestPart(ces, true);
}

Example 45 with UserSession

use of org.olat.core.util.UserSession in project OpenOLAT by OpenOLAT.

the class BaseFullWebappController method initializeBase.

private void initializeBase(UserRequest ureq, WindowManager winman, ComponentCollection mainPanel) {
    // component-id of mainPanel for the window id
    mainVc.contextPut("o_winid", mainPanel.getDispatchID());
    BaseSecurityModule securityModule = CoreSpringFactory.getImpl(BaseSecurityModule.class);
    mainVc.contextPut("enforceTopFrame", securityModule.isForceTopFrame());
    // add optional css classes
    mainVc.contextPut("bodyCssClasses", bodyCssClasses);
    Window w = wbo.getWindow();
    mainVc.put("jsCssRawHtmlHeader", w.getJsCssRawHtmlHeader());
    // control part for ajax-communication. returns an empty panel if ajax
    // is not enabled, so that ajax can be turned on on the fly for
    // development mode
    jsServerC = wbo.createAJAXController(ureq);
    mainVc.put("jsServer", jsServerC.getInitialComponent());
    // init with no bookmark (=empty bc)
    mainVc.contextPut("o_bc", "");
    mainVc.contextPut("o_serverUri", Settings.createServerURI());
    // the current language; used e.g. by screenreaders
    mainVc.contextPut("lang", ureq.getLocale().toString());
    // some user properties
    if (ureq.getUserSession().isAuthenticated()) {
        Identity ident = ureq.getIdentity();
        StringBuilder sb = new StringBuilder();
        sb.append("{ identity : ").append(ident.getKey());
        User user = ident.getUser();
        List<UserPropertyHandler> userPropertyHandlers = userManager.getUserPropertyHandlersFor(USER_PROPS_ID, ureq.getUserSession().getRoles().isOLATAdmin());
        for (UserPropertyHandler userPropertyHandler : userPropertyHandlers) {
            String escapedValue = StringHelper.escapeJavaScript(userPropertyHandler.getUserProperty(user, getLocale()));
            sb.append(", ").append(userPropertyHandler.getName()).append(" : \"").append(escapedValue).append("\"");
        }
        sb.append("}");
        mainVc.contextPut("userJSON", sb);
    }
    // the current GUI theme and the global settings that contains the
    // font-size. both are pushed as objects so that window.dirty always reads
    // out the correct value
    mainVc.contextPut("theme", w.getGuiTheme());
    mainVc.contextPut("globalSettings", winman.getGlobalSettings());
    // also add the optional theme javascript
    addThemeJS();
    // Add JS analytics code, e.g. for google analytics
    if (analyticsModule.isAnalyticsEnabled()) {
        AnalyticsSPI analyticsSPI = analyticsModule.getAnalyticsProvider();
        mainVc.contextPut("analytics", analyticsSPI.analyticsInitPageJavaScript());
    }
    // content panel
    contentPanel = new Panel("olatContentPanel");
    mainVc.put("olatContentPanel", contentPanel);
    mainVc.contextPut("o_winid", w.getDispatchID());
    mainVc.contextPut("buildversion", Settings.getVersion());
    if (wbo.isDebuging()) {
        debugC = wbo.createDebugDispatcherController(ureq, getWindowControl());
        mainVc.put("guidebug", debugC.getInitialComponent());
    }
    // Inline translation interceptor. when the translation tool is enabled it
    // will start the translation tool in translation mode, if the overlay
    // feature is enabled it will start in customizing mode
    // fxdiff: allow user-managers to use the inline translation also.
    UserSession usess = ureq.getUserSession();
    if (usess.isAuthenticated() && (usess.getRoles().isOLATAdmin() || usess.getRoles().isUserManager()) && (i18nModule.isTransToolEnabled() || i18nModule.isOverlayEnabled())) {
        inlineTranslationC = wbo.createInlineTranslationDispatcherController(ureq, getWindowControl());
        Preferences guiPrefs = usess.getGuiPreferences();
        Boolean isInlineTranslationEnabled = (Boolean) guiPrefs.get(I18nModule.class, I18nModule.GUI_PREFS_INLINE_TRANSLATION_ENABLED, Boolean.FALSE);
        i18nManager.setMarkLocalizedStringsEnabled(usess, isInlineTranslationEnabled);
        mainVc.put("inlineTranslation", inlineTranslationC.getInitialComponent());
    }
    // debug info if debugging
    if (wbo.isDebuging()) {
        developmentC = wbo.createDevelopmentController(ureq, getWindowControl());
        mainVc.put("development", developmentC.getInitialComponent());
    }
    // put the global js translator mapper path into the main window
    mainVc.contextPut("jsTranslationMapperPath", BaseChiefController.jsTranslationMapperPath);
    // master window
    // w.addListener(this); // to be able to report "browser reload" to the user
    w.setContentPane(mainPanel);
}